cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Contributor
Contributor
395 Views
Registered: ‎05-31-2016

TrustZone violation on PL-PS interfaces ?

Hi, as far I understood the TrustZone configuration for the PL-PS interface is defined on a per transaction basis. Let us now consider a unsecure Master in the PL which modifies the AWPROT[1]/ARPROT[1] signals to generate a secure memory transaction through one of the FPD interfaces. What are the current possibilities  to prevent this privilege escalation ? For me one solution would be to define the isolation correctly with the Isolation Configuration flow. Is it also possible to prevent this at the FPD interface itself ?

Best regards,

Mathieu

0 Kudos
1 Reply
Highlighted
Xilinx Employee
Xilinx Employee
301 Views
Registered: ‎10-11-2011

Firts of all I suggest to authenticate the PL bitstream so you are only loading "authorized cores".

Now if your core has a bug with those signals, some Isolation in the PS could definetly help since the transaction can be blocked or allowed depending on the MASTER ID.

-------------------------------------------------------------------------
Don’t forget to reply, kudo, and accept as solution.
-------------------------------------------------------------------------
0 Kudos