27.10.1.1 Principles

The MATRIX supports five different protection types of clients: two fixed types and three configurable types. The protection type of a client is set at hardware design among the following:

  • Always User
  • Always Privileged
  • Internal Protected
  • External Protected
  • Scalable Protected

The protection type is set at hardware design on a per-host and a per-client basis. Always User and Always Privilege protection types are not software-configurable.

The different protection types have the following characteristics:

  • Always User clients have no access right restriction. Their address space is precisely set by design. Any out-of-address range access is denied and reported.
  • Always Privilege clients can only be accessed by a Privileged host request. Their address space is precisely set by design. Any User access or out-of-address range access is denied and reported.
  • Internal Protected type is intended for internal memories such as RAM, ROM or embedded Flash. The Internal Protected client has one or several client regions, and each has a hardware-fixed base address and Protected Region Top. Each client region may be split through software configuration into one User area plus one Privilege-eligible area. Inside each client-protected region, the split boundary is programmable in powers of 2 from 4 Kbytes up to the full client-protected region address space. The protected area located below the split boundary may be configured as the User or the Privilege-eligible one. The Privilege-eligible area may be independently configured as Read User and/or Write Privileged. Any access with access right or address range violation is denied and reported.
  • External Protected type is intended for external memories on the EBI, such as DDR, SDRAM, external ROM or NAND Flash. The External Protected client has identical features as the Internal Protected client, plus the ability to configure each of its client-protected region address space sizes according to the external memory parts used. This avoids mirroring Privileged areas into User areas, and further restricts the overall accessible address range. Any access with access right violation or configured address range violation is denied and reported.
  • Scalable Protected type is intended for external memories with a dedicated client, such as DDR. The Scalable Protected client is divided into a fixed number of scalable, equally sized, and contiguous protected regions. Each of them can be split in the same way as for Internal or External Protected clients. The protected region size must be configured by software, so that the equally-sized regions fill the actual available memory. This avoids mirroring Privileged areas into User areas, and further restricts the overall accessible address range. Any access with access right violation or configured address range violation is denied and reported.

As the protection type is set at hardware design on a per-host and per-client basis, it is possible to set some client access protection as configurable from one or some particular hosts, and to set the access as Always Privileged from all the other hosts.

As the protection type is set by design at the client region level, different protected region types can be mixed inside a single client.

Likewise, the mapping base address and the accessible address range of each client or client region may have been hardware-restricted on a per-host basis from no access to full client address space.