You copied the Doc URL to your clipboard.

2.3.2. Security determination

The MMU-500 determines the Secure ownership of a transaction in one of the following ways:

  • Assigns the Non-secure state to an incoming sideband signal along with a transaction:

    • For write accesses, the Non-secure state is the write sideband signal for security.


      The security state is taken from wsb_ns. The value of the SSD index can be:


      Indicates Secure access.


      Indicates Non-secure access.

    • For read accesses, the Non-secure state is the read sideband signal for security.


      The security state is taken from rsb_ns. The value of the SSD index can be:


      Indicates Secure access.


      Indicates Non-secure access.

  • Determines the security state of a master by using the input signals, wsb_ssd_<tbuname>_s and rsb_ssd_<tbuname>_s. These signals guide an SSD index into the SSD table. The entry in the SSD table determines whether the master that initiated the transaction is Secure or Non-secure. For more information about SSD signals, see Sideband signals.

    • You can configure the width of the SSD index in the range 0-10 bits. The MMU-500 uses a separate SSD index for each TBU.

    • You can configure the number of programmable entries in the SSD table in the range 1-32. The security state determination address space supports 15-bit wide SSD indices. This space is equally divided among 32 TBUs starting with TBU0 from the address 0x0 of the address space. Each TBU contains 1024 entries.

    • You can program the security state of the SSD table entries at runtime, or specify the non-programmable and fixed SSD table entries at configuration time.

After the SSD index is determined, the SSD table contains bits from 0 to 2SSD index signal width-1. You must determine the status of the bits as follows:

An SSD index can be programmable or non-programmable, and can be in the Secure or Non-secure state. By default, an SSD index is in the non-programmable Non-secure state.

List of non-programmable indices

For these indices, the security state of the master is defined, and does not change.

You must specify the indices of the masters whose security states are always Secure.

List of programmable indices

You can program the security state of the programmable indices.

You must determine the default state of each master whose security state is programmable.


An entry must not be duplicated in more than one list.

You must specify at least one programmable or fixed Non-secure entry for every configuration.

The number of indices is determined by the configured SSD index signal width. For example, if the SSD index signal width is 6 bits, there are 64 indices in the range 0-63. You must program the indices to be one of:

  • Programmable Secure.

  • Programmable Non-secure.

  • Non-programmable Secure.

The unprogrammed indices default to non-programmable Non-secure.

The MMU-500 supports debug TLB accesses whose Secure accesses can access Secure and Non-secure TLBs.

The SSD table has a maximum of 32Kb space that is divided into 32 parts, with 1Kb assigned to each TBU. For example, the TBU0 space is from 0-1Kb, the TBU1 space is from 1-2Kb, and the TBU2 space is from 2-3Kb. The SSD index that is generated at each TBU, and is a maximum of 10 bits, is indexed into the 1Kb space allocated to the TBU. You must program the SSD table using this information.


The security determination descriptions are valid when the integ_sec_override signal is set to zero.

When the integ_sec_override signal is set to one, the following conditions are true:

  • All implementation and integration registers can be accessed with a Non-secure access. This includes the following global space 0 registers:

    • Auxiliary Configuration Register (ACR).

    • Debug registers.

  • You cannot access any Secure registers.

  • All transactions are treated as originating from a Non-secure master.

See the ARM® System Memory Management Unit Architecture Specification for more information on security determination and extensions.