The SEE extends from the processing system into the programmable logic (PL). As shown in the following figure, the iDirect Government SEE is leveraging features of the Zynq UltraScale+ MPSoC programmable logic to isolate non-secure application logic from secure cryptographic logic in the PL. A soft version of the XMPU is implemented in the secure region of the PL to ensure that any transaction from the processing system to secure logic in the PL only responds to transactions originating from the secure domain (RPU). The logic contained in the secure PL region remains fixed and FIPS 140-3 certified regardless of any changes made to logic contained in the non-secure PL region. The non-secure PL region includes application logic such as iDirect Government’s satellite waveform modulators and demodulators, which can be updated independently of the secure PL region.
Figure 1. Programmable Logic Isolation