L3 firewall

From MILEDROPEDIA
Jump to: navigation, search

An InitiatorID is assigned to every thread on every initiator socket. The ID uniquely identifies the initiator and thread for an interconnect transfer see Table. The interconnect uses InitiatorIDs for a number of purposes, including the following:

  • Initiator source identification for the protection mechanism
  • Response route generation (performed internally to the TAs)
  • Firewall error logging
  • L3 interconnect error logging


Protection in the device relies heavily on L3 firewalls and their configuration. Nine targets are protected through the use of firewalls. The number of protected regions varies on the target, with a maximum of eight regions. Table lists the protection type and the number of protected regions for each target.


To summarize, firewalls accept or reject a request depending on the following:

  • Initiator originating the request
  • Command (read or write) requested
  • MReqInfo bus state
  • Region access in the target memory space

Software must configure the L3 firewalls properly to allow the right initiators, with the right MReqInfo access, on the well-defined size region. All the registers relative to the L3 firewalls are grouped in the protection mechanism (PM) register block.

The firewall comparison mechanism enables access to a protected target only when a correct combination of four MReqInfo in-band parameters is transmitted. MReqInfo is a combination of a fixed 3-bit pattern that corresponds to a combination of the parameters MReqDebug, MReqType, and MReqSupervisor.

Different valid MReqInfo combinations can be defined for each L3 firewall region based on the L3_PM_REQ_INFO_PERMISSION_i value, which is programmed by software. For each region, L3_PM_REQ_INFO_PERMISSION_i lists the possible MReqInfo combinations. Setting a Reqbit in this register determines the type of access authorised to the initiator.

When a protection violation occurs, an interrupt is sent to the MPU and IVA2.2 interrupt controller (if enabled). An in-band error is sent back, and an out-band error is logged in the CONTROL.CONTROL_PROT_ERR_STATUS register. Two logging registers are used, depending on the functional mode.

In application mode:

  • CONTROL.CONTROL_PROT_ERR_STATUS [00]: OCM-ROM protection violation
  • CONTROL.CONTROL_PROT_ERR_STATUS [01]: OCM-RAM protection violation
  • CONTROL.CONTROL_PROT_ERR_STATUS [02]: GPMC protection violation
  • CONTROL.CONTROL_PROT_ERR_STATUS [04]: SMS protection violation
  • CONTROL.CONTROL_PROT_ERR_STATUS [05]: MAD2D protection violation
  • CONTROL.CONTROL_PROT_ERR_STATUS [06]: IVA2.2 protection violation
  • CONTROL.CONTROL_PROT_ERR_STATUS [07]: L4-Core protection violation
  • CONTROL.CONTROL_PROT_ERR_STATUS [12]: L3 RT protection violation
  • CONTROL.CONTROL_PROT_ERR_STATUS [15]: SAD2D protection violation
  • CONTROL.CONTROL_PROT_ERR_STATUS [16]: L4-Per protection violation
  • CONTROL.CONTROL_PROT_ERR_STATUS [17]: L4-Emu protection violation

In debug mode:

  • CONTROL.CONTROL_PROT_ERR_STATUS_DEBUG [00]: OCM-ROM protection violation
  • CONTROL.CONTROL_PROT_ERR_STATUS_DEBUG [01]: OCM-RAM protection violation
  • CONTROL.CONTROL_PROT_ERR_STATUS_DEBUG [02]: GPMC protection violation
  • CONTROL.CONTROL_PROT_ERR_STATUS_DEBUG [03]: SMS protection violation
  • CONTROL.CONTROL_PROT_ERR_STATUS_DEBUG [05]: MAD2D protection violation
  • CONTROL.CONTROL_PROT_ERR_STATUS_DEBUG [06]: IVA2.2 protection violation
  • CONTROL.CONTROL_PROT_ERR_STATUS_DEBUG [12]: L3 RT protection violation
  • CONTROL.CONTROL_PROT_ERR_STATUS_DEBUG[16]: L4-Per protection violation
  • CONTROL.CONTROL_PROT_ERR_STATUS_DEBUG[17]: L4-Emu protection violation

When a violation occurs, these bits are cleared when the L3 or L4 firewall embedded error log registers are cleared.

 ; enum L3_Protection Configuration
L3_PM_ERROR_LOG_OCM_RAM  EQU 0x68012820
L3_PM_CONTROL_OCM_RAM  EQU 0x68012828
L3_PM_ERROR_CLEAR_SINGLE_OCM_RAM  EQU 0x68012830
L3_PM_ERROR_CLEAR_MULTI_OCM_RAM  EQU 0x68012838
L3_PM_REQ_INFO_PERMISSION_0_OCM_RAM  EQU 0x68012848
L3_PM_READ_PERMISSION_0_OCM_RAM  EQU 0x68012850
L3_PM_WRITE_PERMISSION_0_OCM_RAM  EQU 0x68012858
L3_PM_ADDR_MATCH_0_OCM_RAM  EQU 0x68012860
L3_PM_REQ_INFO_PERMISSION_1_OCM_RAM  EQU 0x68012868
L3_PM_READ_PERMISSION_1_OCM_RAM  EQU 0x68012870
L3_PM_WRITE_PERMISSION_1_OCM_RAM  EQU 0x68012878
L3_PM_ADDR_MATCH_1_OCM_RAM  EQU 0x68012880
L3_PM_REQ_INFO_PERMISSION_2_OCM_RAM  EQU 0x68012888
L3_PM_READ_PERMISSION_2_OCM_RAM  EQU 0x68012890
L3_PM_WRITE_PERMISSION_2_OCM_RAM  EQU 0x68012898
L3_PM_ADDR_MATCH_2_OCM_RAM  EQU 0x680128A0
L3_PM_REQ_INFO_PERMISSION_3_OCM_RAM  EQU 0x680128A8
L3_PM_READ_PERMISSION_3_OCM_RAM  EQU 0x680128B0
L3_PM_WRITE_PERMISSION_3_OCM_RAM  EQU 0x680128B8
L3_PM_ADDR_MATCH_3_OCM_RAM  EQU 0x680128C0
L3_PM_REQ_INFO_PERMISSION_4_OCM_RAM  EQU 0x680128C8
L3_PM_READ_PERMISSION_4_OCM_RAM  EQU 0x680128D0
L3_PM_WRITE_PERMISSION_4_OCM_RAM  EQU 0x680128D8
L3_PM_ADDR_MATCH_4_OCM_RAM  EQU 0x680128E0
L3_PM_REQ_INFO_PERMISSION_5_OCM_RAM  EQU 0x680128E8
L3_PM_READ_PERMISSION_5_OCM_RAM  EQU 0x680128F0
L3_PM_WRITE_PERMISSION_5_OCM_RAM  EQU 0x680128F8
L3_PM_ADDR_MATCH_5_OCM_RAM  EQU 0x68012900
L3_PM_REQ_INFO_PERMISSION_6_OCM_RAM  EQU 0x68012908
L3_PM_READ_PERMISSION_6_OCM_RAM  EQU 0x68012910
L3_PM_WRITE_PERMISSION_6_OCM_RAM  EQU 0x68012918
L3_PM_ADDR_MATCH_6_OCM_RAM  EQU 0x68012920
L3_PM_REQ_INFO_PERMISSION_7_OCM_RAM  EQU 0x68012928
L3_PM_READ_PERMISSION_7_OCM_RAM  EQU 0x68012930
L3_PM_WRITE_PERMISSION_7_OCM_RAM  EQU 0x68012938
L3_PM_ADDR_MATCH_7_OCM_RAM  EQU 0x68012940
L3_PM_ERROR_LOG_OCM_ROM  EQU 0x68012C20
L3_PM_CONTROL_OCM_ROM  EQU 0x68012C28
L3_PM_ERROR_CLEAR_SINGLE_OCM_ROM  EQU 0x68012C30
L3_PM_ERROR_CLEAR_MULTI_OCM_ROM  EQU 0x68012C38
L3_PM_REQ_INFO_PERMISSION_0_OCM_ROM  EQU 0x68012C48
L3_PM_READ_PERMISSION_0_OCM_ROM  EQU 0x68012C50
L3_PM_WRITE_PERMISSION_0_OCM_ROM  EQU 0x68012C58
L3_PM_ADDR_MATCH_0_OCM_ROM  EQU 0x68012C60
L3_PM_REQ_INFO_PERMISSION_1_OCM_ROM  EQU 0x68012C68
L3_PM_READ_PERMISSION_1_OCM_ROM  EQU 0x68012C70
L3_PM_WRITE_PERMISSION_1_OCM_ROM  EQU 0x68012C78
L3_PM_ADDR_MATCH_1_OCM_ROM  EQU 0x68012C80