Isolating Secure Slaves

Memory and Peripheral Protection Unit for PL Isolation in Zynq UltraScale+ Devices (XAPP1353)

Document ID
Release Date
v1.1 English

Enabling the Advanced Configuration Options in the AXI-Interconnect IPI customization window reveals Master Interface Options to select AXI Master output ports as being connected to Secure Slaves. The AXI-Interconnect customization window is shown in the following figure.

Figure 1. AXI-Interconnect Secure Slaves

Applying this setting causes the AXI-Interconnect to poison any transaction targeting a secure slave with an unsecure protection level (AxProt[1]=1).

This feature can be used in conjunction with the XMPU_PL Poison-by-Attribute setting. By disabling Poison-by-Address setting in the XMPU_PL, a poisoned transaction gets forwarded with non-secure protection level (AxProt[1]=1) causing the AXI-Interconnect to block the transaction.

Note: The SmartConnect does not have this feature.
Tip: The AXI-Interconnect Secure Slave feature may also be used to isolate secure slaves from Non-secure PL masters without the use of an XMPU_PL.