In this specification, the support is capped at 63 memory domains. However, this chapter provides pertinent recommendations for situations that necessitate a larger number of memory domains.
A2.1 Parallel IOPMP
Multiple IOPMPs can be placed in parallel. A transaction should be directed to one of these IOPMPs for its check. The chosen IOPMP then determines its legality. There are two potential methods for routing the transaction: by address or by RRID. Address-based routing divides the address space into multiple disjoint sets, and a transaction is directed to the IOPMP based on its starting address. Similarly, RRID-based routing divides all possible RRIDs, and a transaction is directed to the IOPMP based on its RRID.
|
Note
|
Placing IOPMPs in parallel can seamlessly enhance the support for an increased number of memory domains since all the IOPMPs are located in the same position. This arrangement may also concurrently increase the checking throughput. |
A2.2 Cascading IOPMP
Cascading multiple IOPMPs allows a transaction to traverse through more than one IOPMP. Each time a transaction goes through an IOPMP, it is tagged a new RRID until it reaches the final IOPMP. This new RRID represents that the transaction has been checked by a specific IOPMP. Subsequent IOPMPs could deem the transaction trustworthy and forward it to their initiator port without further checks, or check it in a higher level view, e.g., a subsystem view. An IOPMP with the above feature of tagging a new RRID is referred to as an IOPMP gateway. Its HWCFG0.rrid_transl_en should be set to 1, and HWCFG2.rrid_transl is used to store the RRID. HWCFG0.rrid_transl_prog indicates whether HWCFG2.rrid_transl is programmable or not. To lock rrid_transl, write 1 to rrid_transl_prog, which clears rrid_transl_prog and is sticky to 0.
|
Note
|
The integration of several independently developed smaller Systems on a Chip (SoCs) to construct a larger SoC reduces the chip count in a device. This approach also decreases costs by enabling the use of larger and shared memory devices. In such a system, each subsystem upholds its governance through its own secure software, RRID assignment, and security configuration. The cascading approach facilitates this: the secure software manages the IOPMP in the boundary of the subsystem. The boundary IOPMP assigns a new RRID to each outgoing transaction, representing that it has been checked by the IOPMP. The outer IOPMPs are tasked with controlling the transactions from a subsystem perspective by the new subsystem-level RRID. That is, the IOPMP only considers the legality of the transactions initiated from a specific subsystem instead of individual transaction initiators. The boundary IOPMP hides some details of the subsystem good for protecting intellect properties. The development flow becomes more abstract, reusable, and modularized. |