Hard Processor System Technical Reference Manual: Agilex™ 5 SoCs

ID 814346
Date 11/27/2024
Public
Document Table of Contents

13.4.2.2. Target Firewall and Security

The system interconnect enforces security through the target settings. The target settings are controlled by the Interconnect Security Control (SCR) register in the service network.

Firewalls protect certain L3 and L4 targets. Each of these targets has its own security check and programmable security settings. After reset, every target of the system interconnect is in a secure state. This feature is called boot secure. Only secure initiators can access secure targets.

The system interconnect implements seven firewalls to check the security state of each target, as listed in the following table.

Table 380.  Peripheral Target Firewall
Target Name Security (Secure/Non-Secure) Configuration Bus Configuration Registers
NAND Controller Module Registers S/NS FW PER SCR L4 MP L4_NOC_FW.L4_per_scr.nand_register
USB2.x Controller Module Registers L4 AHB L4_NOC_FW.L4_per_scr.usb0_register
USB3.x Controller Module Registers L4 AHB L4_NOC_FW.L4_per_scr.usb1_register
SPI 0 Module initiator L4 main L4_NOC_FW.L4_per_scr.spi_master0
SPI 1 Module initiator L4 main L4_NOC_FW.L4_per_scr.spi_master1
SPI 0 Module target L4 main L4_NOC_FW.L4_per_scr.spi_slave0
SPI 1 Module target L4 main L4_NOC_FW.L4_per_scr.spi_slave1
EMAC0 (TSN0) Module L4 MP L4_NOC_FW.L4_per_scr.emac0
EMAC1 (TSN1) Module L4 MP L4_NOC_FW.L4_per_scr.emac1
EMAC2 (TSN2) Module L4 MP L4_NOC_FW.L4_per_scr.emac2
SDMMC Module L4 MP L4_NOC_FW.L4_per_scr.sdmmc
GPIO0 Module L4 SP L4_NOC_FW.L4_per_scr.gpio0
GPIO1 Module L4 SP L4_NOC_FW.L4_per_scr.gpio1
I2C0 Module L4 SP L4_NOC_FW.L4_per_scr.i2c0
I2C1 Module L4 SP L4_NOC_FW.L4_per_scr.i2c1
I2C2 Module L4 SP L4_NOC_FW.L4_per_scr.i2c2
I2C3 Module L4 SP L4_NOC_FW.L4_per_scr.i2c3
I2C4 Module L4 SP L4_NOC_FW.L4_per_scr.i2c4
SP Timer0 Module L4 SP L4_NOC_FW.L4_per_scr.sp_timer0
SP Timer1 Module L4 SP L4_NOC_FW.L4_per_scr.sp_timer1
UART0 Module L4 SP L4_NOC_FW.L4_per_scr.uart0
UART1 Module L4 SP L4_NOC_FW.L4_per_scr.uart1
I3C0 Module L4 SP L4_NOC_FW.L4_per_scr.i3c0
I3C1 Module L4 SP L4_NOC_FW.L4_per_scr.i3c1
DMA0 Module L4 SP L4_NOC_FW.L4_per_scr.dma0
DMA1 Module L4 SP L4_NOC_FW.L4_per_scr.dma1
Combo PHY Target L4 MP L4_NOC_FW.L4_per_scr.combo_phy
NAND Controller Module Data L4 MP L4_NOC_FW.L4_per_scr.nand_sdma

The following table shows the details for the system firewall.

Table 381.  System Target Firewall
Target Name Security Configuration Bus Configuration Register
EMAC0 (TSN0) RX ECC S/NS FW SYS SCR L4 ECC L4_NOC_FW.L4_sys_scr.emac0rx_ecc
EMAC0 (TSN0) TX ECC L4 ECC L4_NOC_FW.L4_sys_scr.emac0tx_ecc
EMAC1 (TSN1) RX ECC L4 ECC L4_NOC_FW.L4_sys_scr.emac1rx_ecc
EMAC1 (TSN1) TX ECC L4 ECC L4_NOC_FW.L4_sys_scr.emac1tx_ecc
EMAC2 (TSN2) RX ECC L4 ECC L4_NOC_FW.L4_sys_scr.emac2rx_ecc
EMAC2 (TSN2) TX ECC L4 ECC L4_NOC_FW.L4_sys_scr.emac2tx_ecc
OCRAM L4 ECC L4_NOC_FW.L4_sys_scr.ocram_ecc
USB2.0 ECC (USB0 ECC) L4 ECC L4_NOC_FW.L4_sys_scr.usb0_ecc
USB3.1_CACHE_ECC (USB1_CACHE_ECC) L4 ECC L4_NOC_FW.L4_sys_scr.usb1_cacheecc
Clock Manager Module L4 sys L4_NOC_FW.L4_sys_scr.clock_manager
IO Manager Module L4 sys L4_NOC_FW.L4_sys_scr.io_manager
Reset Manager Module L4 sys L4_NOC_FW.L4_sys_scr.reset_manager
System Manager Module L4 sys L4_NOC_FW.L4_sys_scr.system_manager
OSC Timer0 Module L4 sys L4_NOC_FW.L4_sys_scr.osc0_timer
OSC Timer1 Module L4 sys L4_NOC_FW.L4_sys_scr.osc1_timer
Watchdog0 Module L4 sys L4_NOC_FW.L4_sys_scr.watchdog0
Watchdog1 Module L4 sys L4_NOC_FW.L4_sys_scr.watchdog1
Watchdog2 Module L4 sys L4_NOC_FW.L4_sys_scr.watchdog2
Watchdog3 Module L4 sys L4_NOC_FW.L4_sys_scr.watchdog3
DAP L4 sys L4_NOC_FW.L4_sys_scr.dap
Watchdog4 Module L4 sys L4_NOC_FW.L4_sys_scr.watchdog4
Power Manager Module L4 sys L4_NOC_FW.L4_sys_scr.power_manager
USB3.1_TX_ECC (USB1_TX_ECC) L4 ECC L4_NOC_FW.L4_sys_scr.usb1_rxecc
USB3.1_RX_ECC (USB1_RX_ECC) L4 ECC L4_NOC_FW.L4_sys_scr.usb1_txecc
L4 NOC probes L4 sys L4_NOC_FW.L4_sys_scr.noc_probes
L4 NOC QOS L4 sys L4_NOC_FW.L4_sys_scr.noc_qos
Generic Timestamp Secure S FW SCR L4 sys Fixed always Secure
Generic Timestamp Non-Secure NS FW SCR L4 sys Fixed always Non-Secure

The following table shows the details for the L3 Bus firewall.

Table 382.  L3 Bus Firewall
Target Name Security Configuration Bus Comment
H2F Bridge S/NS FW SCR L3 L4_NOC_FW.hps2fpga_scr.soc2fpga
LWH2F Bridge S/NS FW SCR L3 L4_NOC_FW.lwhps2fpga_scr.lwsoc2fpga
TCU S/NS FW SCR L3 L4_NOC_FW.tcu_scr.tcu

The following table shows the details for the DAP firewall.

Table 383.  DAP Firewall
Target Name Security Configuration Bus Comment
DAP S/NS FW SCR L4

The following table shows the details for the CCU Bus firewall.

Table 384.  CCU Bus Firewalls
Target Name Security Configuration Bus Comment
OCRAM S/NS FW OCRAM CCU Firewall is the CCU
CCU Regbus S/NS CCU_SCR CCU Only accessible by Privilege and Secure Transaction
SDRAM and MPFE Configuration Register S/NS MPFE_SCR CCU Firewall in MPFE NoC