4.1 About the PPC

The Peripheral Protection Controller (PPC) provides security checks for AXI peripherals.

The PPC gates AXI transactions towards a peripheral when a security violation occurs. It can be instantiated in the system in connection to any non-security aware AXI5 peripheral. Security checking is performed against the state of the cfg_ap and cfg_nonsec signals, which indicate the privilege and Security state of the peripheral.

The following figure shows the PPC interfaces.

Figure 4-1 PPC interfaces
To view this graphic, your browser must support the SVG format. Either install a browser with native support, or install an appropriate plugin such as Adobe SVG Viewer.


The AXI slave and AXI master interfaces provide the AXI data path from the AXI master to the attached peripheral.

To support low-power quiescence, the PPC has two Q-Channel interfaces. One Q-Channel is for clock quiescence and the other Q-Channel is for power quiescence.

Configuration interface

The cfg_nonsec signal controls the security settings of the attached peripheral:

  • If HIGH, only Non-secure accesses to the peripheral are allowed.
  • If LOW, only Secure accesses to the peripheral are allowed.

The cfg_ap signal controls the privilege settings of the attached peripheral:

  • If HIGH, only privileged accesses to the peripheral are allowed.
  • If LOW, the privilege attribute is ignored for security checks.

When the PPC blocks a transaction, the cfg_sec_resp signal controls whether the PPC:

  • Responds with an AXI slave error (SLVERR).
  • Ignores a write transaction or returns zero for a read transaction.
Non-ConfidentialPDF file icon PDF version101526_0100_02_en
Copyright © 2019 Arm Limited or its affiliates. All rights reserved.