Permission checking is performed using the SMID and TZ security settings of the transaction. The SMID sets one or more of the 20 local MATCH bits that are compared against the address-selected aperture permission register, APERPERM_xxx. The XPPU also tests the AxPROT[1] and R/W signals with the APERPERM_xxx [TRUSTZONE] bit. The following equation is for read transactions.
Transaction_OK = (MATCH & PERMISSION != 0)
AND { (TRUSTZONE == 1) OR {(AxPROT[1] == 0) && (TRUSTZONE == 0) }}
- The first term means that the incoming AXI SMID, after the mask is applied, should be listed in the SMID list, and it should also be listed as an allowed AXI SMID in the aperture permission list, APERPERM_xxx registers.
- The second term means that the incoming AXI TrustZone (on AxPROT [1]) should meet the aperture TrustZone setting.
The result from this equation is further qualified with the parity check on the selected register from the aperture permission list if the parity check is enabled.
If all of these checks pass, the transaction is allowed.