2.3.2. Security determination

The MMU-500 determines the Secure ownership of a transaction in one of the following ways:

After the SSD index is determined, the SSD table contains bits from 0 to 2SSD index signal width-1. You must determine the status of the bits as follows:

An SSD index can be programmable or non-programmable, and can be in the Secure or Non-secure state. By default, an SSD index is in the non-programmable Non-secure state.

List of non-programmable indices

For these indices, the security state of the master is defined, and does not change.

You must specify the indices of the masters whose security states are always Secure.

List of programmable indices

You can program the security state of the programmable indices.

You must determine the default state of each master whose security state is programmable.


An entry must not be duplicated in more than one list.

You must specify at least one programmable or fixed Non-secure entry for every configuration.

The number of indices is determined by the configured SSD index signal width. For example, if the SSD index signal width is 6 bits, there are 64 indices in the range 0-63. You must program the indices to be one of:

The unprogrammed indices default to non-programmable Non-secure.

The MMU-500 supports Secure debug TLB accesses that can access Secure and Non-secure TLBs.

The SSD table has a maximum of 32Kb space that is divided into 32 parts, with 1Kb assigned to each TBU. For example, the TBU0 space is from 0-1Kb, the TBU1 space is from 1-2Kb, and the TBU2 space is from 2-3Kb. The SSD index that is generated at each TBU, and is a maximum of 10 bits, is indexed into the 1Kb space allocated to the TBU. You must program the SSD table using this information.


The security determination descriptions are valid when the integ_sec_override signal is set to zero.

When the integ_sec_override signal is set to one, the following conditions are true:

  • All implementation and integration registers can be accessed with a Non-secure access. This includes the following global space 0 registers:

    • Auxiliary Configuration Register (ACR).

    • Debug registers.

  • You cannot access any Secure registers.

  • All transactions are treated as originating from a Non-secure master.

For more information on security determination and extensions, see the ARM® System Memory Management Unit Architecture Specification.

Copyright © 2013, 2014, 2016 ARM. All rights reserved.ARM DDI 0517F