13.10.1.1 Principles

The MATRIX supports five different security types of clients: two fixed types and three configurable types. The security type of a client is set at hardware design among the following:

  • Never Secure
  • Always Secure
  • Internal Securable
  • External Securable
  • Scalable Securable

The security type is set at hardware design on a per-host and a per-client basis. Never Secure and Always Secure security types are not software configurable.

The different security types have the following characteristics:

  • Never Secure clients have no security mode access restriction. Their address space is precisely set by design. Any out-of-address range access is denied and reported.
  • Always Secure clients can only be accessed by a secure host request. Their address space is precisely set by design. Any non-secure or out-of-address range access is denied and reported.
  • Internal Securable is intended for internal RAM. The Internal Securable client has one client region which has a hardware fixed base address and Security Region Top. This client region may be split through software configuration into one Non-secure area plus one Secure area. Inside the client security region, the split boundary is programmable in powers of 2 from 4 Kbytes up to the full client security region address space. The security area located below the split boundary may be configured as the Non-secure or the Secure one. The Securable area may be independently configured as Read Secured and/or Write Secured. Any access with security or address range violation is denied and reported.
  • External Securable is intended for external memories on the EBI, such as DDR, SDRAM, external ROM or NAND Flash. The External Securable client has identical features as the Internal Securable client, plus the ability to configure each of its client security region address space sizes according to the external memory parts used. This avoids mirroring Secure areas into Non-secure areas, and further restricts the overall accessible address range. Any access with security or configured address range violation is denied and reported.
  • Scalable Securable is intended for external memories with a dedicated client, such as DDR. The Scalable Securable client is divided into a fixed number of scalable, equally sized, and contiguous security regions. Each of them can be split in the same way as for Internal or External Securable clients. The security region size must be configured by software, so that the equally-sized regions fill the actual available memory. This avoids mirroring Secure areas into Non-secure areas, and further restricts the overall accessible address range. Any access with security or configured address range violation is denied and reported.

As the security type is set at hardware design on a per-host and per-client basis, it is possible to set some client access security as configurable from one or some particular hosts, and to set the access as Always Secure from all the other hosts.

As the security type is set by design at the client region level, different security region types can be mixed inside a single client.

Likewise, the mapping base address and the accessible address range of each client or client region may have been hardware-restricted on a per-host basis from no access to full client address space.