Memory and Peripheral Protection Unit for PL Isolation in Zynq UltraScale+ Devices (XAPP1353)

Document ID
Release Date
1.1 English

Each XMPU_PL provides up to sixteen (16) regions, numbered from zero (0) to fifteen (15). Each region is defined by a start address and an end address. Regions are 256B address aligned. The start and ending address registers hold the upper 32 bits of a 40 bit address[39:8].

When a memory space is included in more than one XMPU_PL region configuration, if any of the corresponding regions trigger a violation, then the transaction is poisoned in accordance with the REGION CONFIG register option settings. Refer to Functional Description for a detailed description.

Each region can be independently enabled or disabled. If a region is disabled, it is not used for protection checking. Each region is assigned a list of masters that are authorized to access the region and has an independent security and check type selection.

  • Secure: Secure transactions from authorized masters.
  • Non-Secure: Secure and non-secure transactions from authorized masters.
  • Non-Secure Strict Check Type: Non-secure transactions from authorized masters.
    Note: Non-secure transactions from unauthorized masters will be poisoned.

If the address requested does not match any of the regions, then the XMPU_PL takes the default action (allow or poison) as specified in the control register options. There are three ways to poison a request:

  • Poison by address - internally

    Divert the transaction to a sink that resides inside the core.

  • Poison by address - externally

    Forward the transaction replacing the address with the value in the poison register.

  • Poison by attribute

    Forward the transaction with a poison attribute (AxProt[1]=1)