Master and Slave Security Profiles

Zynq UltraScale+ Device Technical Reference Manual (UG1085)

Document ID
Release Date
2.4 English

Each system master provides a security setting with each AXI transaction. The AXI transactions pass through a protection unit to help maintain system integrity for security and safety applications. Profiles types include: secure, non-secure (NS), programmable, and dynamic.

Secure slaves prevent unauthorized access by non-secure masters:

°Slave security profiles for most peripherals are implemented by the XPPU and XMPUs.

°Access to several system control register sets must always be done by a secure master.

DDR and OCM memory can include secure and non-secure regions:

°Programmable on a per region basis (1 MB for DDR, 4 KB for OCM).

°Configurable using the XMPU protection units.

Several types of masters:

°Fixed type: secure or non-secure.

°Programmable: a register selects between secure and non-secure.

°Dynamic: master can change security levels on a per transaction basis, e.g., PS-PL AXI interfaces.

System boot assumes secure mode until FSBL reads the BootROM header.

°The processor system boots in secure mode.

RPU does not use TrustZone technology. Transactions from the RPU to the TrustZone environment of the APU can be configured as secure or non-secure.

The boot-time security level of the RPU is configurable, the default is to issue secure transactions.