SPRUJ28E November 2021 – September 2024 AM68 , AM68A , TDA4AL-Q1 , TDA4VE-Q1 , TDA4VL-Q1
Peripheral firewall modules are placed in front of peripherals like UART, SPI and so forth. They protect access to the peripheral registers/memory and typically have firewall regions as number of regions supported by module that is being protected.
All Peripheral firewalls support 3 Priv-ID slots that allow multiple masters/initiators to access protected peripherals.
The peripheral firewall is configured using dedicated VBUSP port to CBASS that connects to DMSC private VBUSP interconnect.
Figure 3-3 presents Peripheral Firewall.
Each region is defined by start and end physical address and associated permission/control register as shown in Figure 3-4.
A Peripheral's Firewall module can have one or more regions. In case there is more than 1 region, the registers are duplicated for each region.
If multiple regions are supported, a firewall configuration can be defined as either a Background or Foreground region depending on the setting of the Background (B) bit. Foreground regions can overlap background regions and their Firewall settings take precedence over the Background settings when there is overlap. However, background regions cannot overlap each other and foreground regions cannot overlap each other. A firewall error will result in case a memory transaction is made to the improper overlap regions.
Figure 3-5 presents peripherals firewall regions.
In the above case, Region 0 and Region 2 are background regions (background bit set in control register). Region 1, Region 3 and Region 4 are not background (foreground) regions. In case the incoming transaction hits in address in Region 1, the permissions of Region 1 are applied to filter incoming transaction, thereby completely ignoring the permission of the background Region 0.
The following tables show the initiator and target firewalls, firewall IDs, physical base address of the corresponding firewall, number of firewall regions, and areas covered by the firewall. The firewall ID uniquely identifies each firewall. In case of firewall violation this ID is logged and can be read through the CBASS_EXCEPTION_LOGGING_HEADER0[23-8] SRC_ID field.
See Appendix Spreadsheet for Target Firewalls details.