2.3.2. Security determination

The MMU-500 determines the Secure ownership of a transaction in one of the following ways:

After the SSD index is determined, the SSD table contains bits from 0 to 2SSD index signal width-1. You must determine the status of the bits as follows:

List of non-programmable indices

For these indices, the security state of the master is defined, and does not change.

You must specify the indices of the masters whose security states are always Secure.

List of programmable indices

You can program the security state of the programmable indices.

You must determine the default state of each master whose security state is programmable.

An SSD index can be programmable or non-programmable, and can be in the Secure or Non-secure state. By default, an SSD index is in the non-programmable Non-secure state.

Note

An entry must not be duplicated in more than one list.

You must specify at least one programmable or fixed Non-secure entry for every configuration.

The number of indices is determined by the configured SSD index signal width. For example, if the SSD index signal width is six bits, there are 64 indices in the range 0-63. You must program the indices to be one of:

The unprogrammed indices default to non-programmable Non-secure.

The MMU-500 supports debug TLB accesses whose Secure accesses can access Secure and Non-secure TLBs.

The SSD table has a maximum of 32Kb bit space that is divided into 32 parts, with 1Kb assigned to each TBU. The TBU0 space is from 0-1Kb, TBU1 space is from 1-2Kb, and so on. The SSD index that is generated at each TBU, and is a maximum of 10 bits, is indexed into the 1Kb space allocated to the TBU. You must program the SSD table using this information.

Note

The security determination descriptions are valid when the tie-off integ_sec_override is set to zero.

When the tie-off integ_sec_override is set to one, the following conditions are true:

  • All implementation and integration registers can be accessed with a non-secure access. This include the following global space 0 registers:

    • Auxiliary Configuration Register (ACR).

    • Debug registers.

  • You cannot access any secure registers.

  • All transactions are treated as originated from a Non-secure master.

See the ARM® System Memory Management Unit Architecture Specification for more information on security determination and extensions.

Copyright © 2013 ARM. All rights reserved.ARM DDI 0517A
Non-ConfidentialID090313