You copied the Doc URL to your clipboard.

2.3.2. Security determination

The MMU-500 determines the Secure ownership of a transaction in one of the following ways:

  • Assigns the Non-secure state to an incoming sideband signal along with a transaction:

    • For write accesses, the Non-secure state is the write sideband signal for security.

    • For read accesses, the Non-secure state is the read sideband signal for security.

  • Determines the security state of a master by using the input signals, wsb_ssd_<tbuname>_s and rsb_ssd_<tbuname>_s, that index an SSD index into the SSD index table. The entry in the SSD index table determines whether the master that initiated the transaction is Secure or Non-secure. For more information about SSD signals, see Sideband signals.

    • You can configure the width of the SSD index in the range 0-10 bits. The MMU-500 uses a separate SSD index for each TBU.

    • You can configure the number of programmable entries in the SSD table in the range 1-32. The security state determination address space supports 15-bit wide SSD indices. This space is equally divided among 32 TBUs starting with TBU0 from the bottom of the address space. Each TBU contains 1024 entries.

    • You can program the security state of the SSD table entries at runtime, or specify the non-programmable and fixed SSD table entries at configuration time.

After the SSD index is determined, the SSD table contains bits from 0 to 2SSD index signal width-1. You must determine the status of the bits as follows:

List of non-programmable indices

For these indices, the security state of the master is defined, and does not change.

You must specify the indices of the masters whose security states are always Secure.

List of programmable indices

You can program the security state of the programmable indices.

You must determine the default state of each master whose security state is programmable.

An SSD index can be programmable or non-programmable, and can be in the Secure or Non-secure state. By default, an SSD index is in the non-programmable Non-secure state.


An entry must not be duplicated in more than one list.

You must specify at least one programmable or fixed Non-secure entry for every configuration.

The number of indices is determined by the configured SSD index signal width. For example, if the SSD index signal width is six bits, there are 64 indices in the range 0-63. You must program the indices to be one of:

  • Programmable Secure.

  • Programmable Non-secure.

  • Non-programmable Secure.

The unprogrammed indices default to non-programmable Non-secure.

The MMU-500 supports debug TLB accesses whose Secure accesses can access Secure and Non-secure TLBs.

The SSD table has a maximum of 32Kb bit space that is divided into 32 parts, with 1Kb assigned to each TBU. The TBU0 space is from 0-1Kb, TBU1 space is from 1-2Kb, and so on. The SSD index that is generated at each TBU, and is a maximum of 10 bits, is indexed into the 1Kb space allocated to the TBU. You must program the SSD table using this information.


The security determination descriptions are valid when the tie-off integ_sec_override is set to zero.

When the tie-off integ_sec_override is set to one, the following conditions are true:

  • All implementation and integration registers can be accessed with a non-secure access. This include the following global space 0 registers:

    • Auxiliary Configuration Register (ACR).

    • Debug registers.

  • You cannot access any secure registers.

  • All transactions are treated as originated from a Non-secure master.

See the ARM® System Memory Management Unit Architecture Specification for more information on security determination and extensions.

Was this page helpful? Yes No