An incoming read or write transaction is checked against the XMPU regions as described in this section. For the enabled regions, two checks are done first:
- The AXI_ADDR address is within the region: START_ADDR ≤ AXI_ADDR ≤ END_ADDR
- The incoming AXI_SMID is allowed by the SMID_xx registers: AXI_SMID & [MASK] == [SMID] & [MASK]
If these checks are true, the region configuration is checked as to:
- The security of the transaction and is allowed
- The read and write permissions are satisfied
The XMPU functional block diagram is shown in the following figure.
Memory Region Validation
Each XMPU has 16 regions, numbered from 0 to 15. Each region is defined by a start address and an end address. There are two region address alignment types. The 4 KB granularity is used for all XMPUs except the DDRMC unit.
When a memory space is included in more than one XMPU region configuration, the higher region number has higher priority (that is, region 0 has lowest priority). Each region can be independently enabled or disabled. If a region is disabled, it does not include protection checking.
Each XMPU uses the inbound SMID in each AXI transaction to validate the transfer. The SMID is masked by the [MASK] bit field and then compared against the [ID] bit field of the Rxx_SMID region registers.
AMD Versal™ adaptive SoC register example: R00_SMID .
If the following equation is satisfied (along with security and read/write checks), the transaction is allowed. In this equation, these are [10-bit parameters] in the Rxx_SMID register
[ID] & [MASK] == AXI_SMID & [MASK]
- If the region is configured as secure, then only the secure request can access this region.
- If the region is configured as secure, then the read and write permissions are independently checked to determine whether or not the transactions are allowed.
- If the transaction is non-secure and the region is configured as secure, then the check fails, and the transaction generates a system error.
- If the region is configured as non-secure and the transaction is non-secure, then read and write permissions are independently checked to determine whether or not the transaction is allowed. If the check fails, the transaction is handled by the error handler.