Each transaction host provides a security setting with each AXI transaction. The AXI transactions pass through a protection unit to help maintain system integrity for security and safety applications. Profiles types include secure, non-secure (NS), programmable, and dynamic.
- Secure destinations prevent unauthorized access by non-secure hosts.
- Destinations security profiles for most peripherals are implemented by the XPPU and XMPUs.
- Access to several system control register sets must always be done by a secure host.
- DDR memory controllers, OCM, XRAM, and PMC RAM can
include secure and non-secure regions.
- Programmable on a per region basis (1 MB for DDRMC, 4 KB for OCM and XRAM).
- Configurable using the respective XMPU protection units.
- Several types of transaction hosts.
- Fixed type: secure or non-secure.
- Programmable: a register selects between secure and non-secure.
- Dynamic: host can change security levels on a per transaction basis, e.g., PS-PL AXI interfaces.
- System boot assumes secure mode until the RCU reads the boot header.
- RPU MPCore does not use TrustZone technology. The transactions from the RPU into the APU TrustZone environment can be configured as secure or non-secure; the default is to issue secure transactions