Security Profiles

Versal Adaptive SoC Technical Reference Manual (AM011)

Document ID
AM011
Release Date
2023-10-05
Revision
1.6 English

Each transaction host provides a security setting with each AXI transaction. The AXI transactions pass through a protection unit to help maintain system integrity for security and safety applications. Profiles types include secure, non-secure (NS), programmable, and dynamic.

  • Secure destinations prevent unauthorized access by non-secure hosts.
    • Destinations security profiles for most peripherals are implemented by the XPPU and XMPUs.
    • Access to several system control register sets must always be done by a secure host.
  • DDR memory controllers, OCM, XRAM, and PMC RAM can include secure and non-secure regions.
    • Programmable on a per region basis (1 MB for DDRMC, 4 KB for OCM and XRAM).
    • Configurable using the respective XMPU protection units.
  • Several types of transaction hosts.
    • Fixed type: secure or non-secure.
    • Programmable: a register selects between secure and non-secure.
    • Dynamic: host can change security levels on a per transaction basis, e.g., PS-PL AXI interfaces.
  • System boot assumes secure mode until the RCU reads the boot header.
  • RPU MPCore does not use TrustZone technology. The transactions from the RPU into the APU TrustZone environment can be configured as secure or non-secure; the default is to issue secure transactions