Each system master provides a security setting with each AXI transaction. The AXI transactions pass through a protection unit to help maintain system integrity for security and safety applications. Profiles types include secure, non-secure (NS), programmable, and dynamic.
- Secure slaves prevent unauthorized access by non-secure masters
- Slave security profiles for most peripherals are implemented by the XPPU and XMPUs
- Access to several system control register sets must always be done by a secure master
- DDR memory controllers, OCM, and XRAM can include secure and non-secure
- Programmable on a per region basis (1 MB for DDRMC, 4 KB for OCM and XRAM)
- Configurable using the respective XMPU protection units
- Several types of masters
- Fixed type: secure or non-secure
- Programmable: a register selects between secure and non-secure
- Dynamic: master can change security levels on a per transaction basis, e.g., PS-PL AXI interfaces
- System boot assumes secure mode until the RCU reads the boot header.
- RPU MPCore does not use TrustZone technology. The transactions from the RPU into the APU TrustZone environment can be configured as secure or non-secure; the default is to issue secure transactions