Security Features

Zynq UltraScale+ Device Technical Reference Manual (UG1085)

Document ID
UG1085
Release Date
2022-09-15
Revision
2.3 English

The AXI master is capable of generating transactions with TrustZone secure and non-secure classification. The TrustZone classification of each address translation, as well as each DMA channel, is configurable from the FPD SLCR SECURE register block.

The AXI master provides security ports, namely awprot[1] and arprot[1], are driven differently depending on the transaction source. The DMA transaction source is assigned a security level by the FPD_SLCR_SECURE.slcr_pcie[24:21] bits. Each bit corresponds to one DMA channel. The integrated block for PCIe on ingress translation hit, takes the security level provided by FPD_SLCR_SECURE.slcr_pcie[20:13].

Security levels are defined for other translation apertures in FPD_SLCR_SECURE.slcr_pcie register.

Note:   The AXI-PCIe bridge does not implement a store and forward FIFO to drop a memory write packet that has an ECRC error in it. This type of memory write is eventually executed by the PS—either as a PCIe write to the bridge registers or as an AXI write transaction to an AXI slave internal to the PS, depending on the address in the header of the packet. ECRC errors are captured in AER capability. Xilinx recommends managing these packets in software on an individual basis.

 

TIP:   The default values represented on the Zynq UltraScale+ MPSoC Register Reference (UG1087) [Ref 4] for PCIE_ATTRIB registers are preset defaults. These values can be different depending upon the configuration used by the Processing System Configuration Wizard (PCW) in the zynq_ultra_ps_e. For configuration options, refer to the Zynq UltraScale+ MPSoC Processing System Product Guide (PG201) [Ref 5].