SPRUIU1C July 2020 – February 2024 DRA821U , DRA821U-Q1
The channelized firewall protects an address space that consists of multiple channels where each channel needs its own permissions. This is in contrast to the region based firewall which implements a number of regions that can protect a programmed address range. The channelized firewall extends this to a larger number of ranges that can be protected, but each range is no longer programmable and is instead fixed to a particular channel address range. This allows each channel to be owned and protected individually. The channels within same memory region have same size. The system can allocate each channel to a particular owner or owner groups with certain permissions and guarantee that others cannot access that channel. This protection is useful for either accessing data resources, or control for each resource. The channelized firewall provides an efficient way to implement access protection and isolation requiring finer granularity than the region based firewall.
Same as the region based firewall, the channelized firewall may also support multiple regions. Each region contains a number of channels that need to be protected individually and has size in bytes equal to the channel's data to protect. This allows multiple regions so that the firewall can protect a module containing multiple sets of registers that are each channelized and need separate protections, such as data access as well as control setup.
The transaction addresses are compared against region addresses to identify which region is being accessed. Then the offset within the region is used to identify the particular channel being accessed. If a valid channelized region is not decoded during the firewall check, then the transaction is passed through unmodified because the module may have other regions which are not channelized, but accesses to them are already protected by a region based firewall so the channelized one should not block them.
The permission check is performed just like for a region based firewall. The channelized firewall checks for user or supervisor priviledge levels. It also checks for transactions that cross important boundaries and gives errors if violated. The first check is for a transaction crossing a 4KB address boundary. This is illegal on the bus, so the firewall checks for compliance. The second check is if the transaction crosses a channel boundary. The channelized firewall blocks a transaction accessing multiple channels in the same burst, as it cannot check the permission for the entire range of channels. The channelized firewall also supports error logging when a transaction fails the checks. It sends information about the type of error and the transaction that caused it.
The channelized firewall is associated with the following registers: