Security Profiles

Versal ACAP Technical Reference Manual (AM011)

Document ID
Release Date
1.4 English

Each system master provides a security setting with each AXI transaction. The AXI transactions pass through a protection unit to help maintain system integrity for security and safety applications. Profiles types include secure, non-secure (NS), programmable, and dynamic.

  • Secure slaves prevent unauthorized access by non-secure masters
    • Slave security profiles for most peripherals are implemented by the XPPU and XMPUs
    • Access to several system control register sets must always be done by a secure master
  • DDR memory controllers, OCM, and XRAM can include secure and non-secure regions
    • Programmable on a per region basis (1 MB for DDRMC, 4 KB for OCM and XRAM)
    • Configurable using the respective XMPU protection units
  • Several types of masters
    • Fixed type: secure or non-secure
    • Programmable: a register selects between secure and non-secure
    • Dynamic: master can change security levels on a per transaction basis, e.g., PS-PL AXI interfaces
  • System boot assumes secure mode until the RCU reads the boot header.
  • RPU MPCore does not use TrustZone technology. The transactions from the RPU into the APU TrustZone environment can be configured as secure or non-secure; the default is to issue secure transactions