Firewall is a module used to implement overall SoC security by providing a mechanism to assign and restrict device resources to a given main entity or Secure/Non-secure/Priv/User world. The Firewall driver provides API to perform initialization and configuration of regions.
Features Supported
- Support a multi number of regions, depending on the firewall.
- Two overlapping regions
- Lock Mode and Cache Mode
- Support up to 3 privilege and permission slots
SysConfig Features
- Note
- It is strongly recommend to use SysConfig where it is available instead of using direct SW API calls. This will help simplify the SW application and also catch common mistakes early in the development cycle.
SysConfig can be used to configure below parameters
- Firewall ID and Region Instances
- Number of Regions
- Region Index
- Lock, Cache, Background mode selection
- Start Address and End Address
- Transaction permission like Priv-ID, Read, Write, Debug, Cacheable Configuration
- Note
- Check enable manual address in SysConfig to enter manual region configuration.
Features NOT supported
- More than 1 overlap regions not supported.
- The minimum memory region size is 4KB.
- DMSC targets regions are not supported.
Important Usage Guidelines
- There can be only one background region per firewall. Foreground regions can have overlapping addresses only with the background region
- In case two regions overlap, foreground region takes precedence and its permissions are taken into effect.
- The regions must be 4KB aligned.
Example Usage
Include the below file to access the APIs
Instance open Example
Instance close Example
Config Firewall region Example
int32_t status;
uint32_t regionIndex = 1;
regionParams.
permissions[0] = (uint32_t) PRIVID_EVERYONE << 16 | \
regionParams.
endAddr = 0x7003FFFFU;
API
APIs for FIREWALL
1.8.20