Can anyone give the brief description on the Protection unit
when to use this type of protection
1. privileged
2. secure/ non secure protection.
»
Quick Links
Page 1 of 1
Protection unit support in AXI
Rate Topic:
1 Votes
#2
JD 
- Regular Contributor
-
- Group: Members.
- Posts: 260
- Joined: 17-November 06
Posted 02 March 2012 - 02:29 PM
The differences between privileged/non-privileged and secure/non-secure are just degrees of severity for protection.
Most systems might just use AxPROT[0] to allow masters operating in a privileged "supervisor" mode to access more of the system, maybe writing to the instruction code, and protecting those important areas from non-privileged modes (i.e. users).
However some systems might require more clarity that it is a security protection being implemented (AxPROT[1]), so you can define some physical masters are being trusted/secure and able to access anything in the system, and non-secure/untrusted masters see less of the system. Masters can also function in both modes under some OS control, so changing what that master can see of the system.
Perhaps trying to think of an example, you might have areas of instruction code for secure masters, and areas for non-secure masters. For each of these master groups you might want to restrict write access to the instruction code for unprivileged modes, so both AxPROT[1] and AxPROT[0] are being used.
There aren't any fixed rules on what you protect for each bit, so you have 2 bits to give you a bit of flexibility I guess.
Someone else might have stronger thoughts on what these bits must be used for, but that is probably application specific requirements, rather than just generic comments.
JD
Most systems might just use AxPROT[0] to allow masters operating in a privileged "supervisor" mode to access more of the system, maybe writing to the instruction code, and protecting those important areas from non-privileged modes (i.e. users).
However some systems might require more clarity that it is a security protection being implemented (AxPROT[1]), so you can define some physical masters are being trusted/secure and able to access anything in the system, and non-secure/untrusted masters see less of the system. Masters can also function in both modes under some OS control, so changing what that master can see of the system.
Perhaps trying to think of an example, you might have areas of instruction code for secure masters, and areas for non-secure masters. For each of these master groups you might want to restrict write access to the instruction code for unprivileged modes, so both AxPROT[1] and AxPROT[0] are being used.
There aren't any fixed rules on what you protect for each bit, so you have 2 bits to give you a bit of flexibility I guess.
Someone else might have stronger thoughts on what these bits must be used for, but that is probably application specific requirements, rather than just generic comments.
JD
Share this topic:
Page 1 of 1
