# SmartFusion2 MSS

Security Configuration User Guide

**Microsemi** 

## **Table of Contents**

|   | Introduction                                                                                                         | 3                        |
|---|----------------------------------------------------------------------------------------------------------------------|--------------------------|
| 1 | Configuration Options.<br>AHB Bus Matrix Master/Slave Access Configuration<br>Fabric Master MSS Access Configuration | . 4                      |
| A | Product Support                                                                                                      | . 6<br>. 6<br>. 6<br>. 6 |
|   | ITAR Technical Support                                                                                               |                          |



## Introduction

The SmartFusion2 devices offer extensive configurable access controls to the MSS memory map. These controls can be split in to two major categories:

- AHB Bus Matrix Master/Slave Access
- Fabric Master MSS Access

This configurator provides two different tabs, one for each category, to configure the MSS access policies.

Reads or writes to areas not allowed cause the AHB bus matrix to complete the transaction with an HRESP error indication. An error bit is set in the SW\_ERRORSTATUS field of the MSS\_EXTERNAL\_SR register. The following types of errors can occur:

- Write by an enabled master to a slave that is not RW
- Write by an enabled master to addresses not corresponding to a slave
- Write by the fabric master to the protected region
- Write by a disabled master to any location
- Read by an enabled master to any slave that is not R or RW
- · Read by an enabled master to addresses not corresponding to a slave
- Read by the fabric master to the protected region
- Read by a disabled master to any location

The values entered in the configurator will be exported into the programming files for programming of the flash bits that control this functionality. The flash bits are loaded in the system registers at power up (or when the DEVRST\_N external pad is asserted/de-asserted).

For details, refer to the SmartFusion2 SoC and IGLOO2 FPGA Fabric User Guide.



# 1 – Configuration Options

### **AHB Bus Matrix Master/Slave Access Configuration**

Note that the master/slave access controls are restricted to those devices offering the Advanced Security Features. For devices offering baseline security only, all programmable accesses are granted and cannot be changed. The controls are grayed out.

The Master/Slave configuration tab defines how masters and slaves communicate and whether it also has write access when a master has read access. The AHB Bus Matrix can be configured to restrict those accesses.

When all the read/write programmable controls are checked in the configurator, you have the default access matrix.

The master/slave access is defined in the matrix as follows:

- -: No access is granted
- R: Only read access is available
- RW: Both read and write access are available

Whenever you restrict a master/slave access by un-checking the Read or Write access for a particular group of masters (masters are organized in three groups with respect to access configuration) the actual access is shown in the matrix.

eNVM blocks have special sectors (the upper and lower 4KB sectors) that can be write protected. Check the Use as ROM option to write protect these eNVM regions. Note that the eNVM special sectors are hidden in the matrix when you open the configurator and that you need to click the '+' sign to show these configuration options (Figure 1-1).

| Master/Slave MS     | S to Fi         | abric Memory Ma                | P                     |              |                                          |                                                 |                           |                                                     |                                    |                                              |        |                      |  |
|---------------------|-----------------|--------------------------------|-----------------------|--------------|------------------------------------------|-------------------------------------------------|---------------------------|-----------------------------------------------------|------------------------------------|----------------------------------------------|--------|----------------------|--|
| Master to Slaves Re | ead/W           | rite Access                    |                       |              |                                          |                                                 |                           |                                                     |                                    |                                              |        |                      |  |
|                     | eSRAMO<br>[MS0] |                                | eSRAM1<br>[MS1]       |              | + Show Special<br>Sectors<br>eNVM0 [MS2] |                                                 | * Sectors<br>etviM1 (MS3) |                                                     | + AHB2AHB<br>[MS5]                 |                                              |        |                      |  |
|                     |                 |                                |                       |              |                                          |                                                 |                           |                                                     | FIC_0<br>[MS4]                     |                                              |        | DDR. Bridge<br>[MS6] |  |
| IC Bus [MM0]        | R               | -                              | R                     |              | R                                        |                                                 | R                         | -                                                   | -                                  |                                              |        |                      |  |
| D-BUS [MM1]         | RW              | Read                           | RW                    | Read         | RW                                       | Read                                            | RW                        | Read                                                |                                    |                                              |        | Read                 |  |
| S-BUS [MM2]         | RW              | V Write                        | RW                    | Write        | RW                                       | Write                                           | RW                        | V Write                                             | RW                                 |                                              |        | Vite Write           |  |
| FIC_0 [MM4]         | RW              | Read                           | RW                    | Read         | RW                                       | Read                                            | RW                        | Read                                                | RW                                 |                                              | RW     | Read                 |  |
| FIC_1 [MM5]         | RW              | Vite                           | RW                    | Vite         | RW                                       | Vrite                                           | RW                        | Vite                                                | RW                                 |                                              | RW     | Write                |  |
| HPDMA [MM3]         | RW              |                                | RW                    |              | R                                        |                                                 | R                         |                                                     | RW                                 |                                              |        |                      |  |
| MAC_M [MM6]         | RW              | Read                           | RW                    | Read         |                                          | Read                                            | -                         | Read                                                | RW                                 |                                              |        | Read                 |  |
| PDMA [MM7]          | RW              | Write                          | RW                    | Write        | RW                                       | Vinite                                          | RW                        | Write                                               | RW                                 |                                              | RW     | Vrite                |  |
| USB [MM8]           | RW              |                                | RW                    |              | -                                        |                                                 | -                         |                                                     | RW                                 |                                              | RW     |                      |  |
|                     |                 |                                |                       |              |                                          |                                                 |                           |                                                     |                                    |                                              |        |                      |  |
| To protect thes     | e "Da           | ta Security" l<br>amming featu | its with<br>re is ena | user pass ke | y 1, you<br>rammin                       | must configure the Se<br>g, then you must repro | curity Polic              | cy Manager, specify use<br>security features if you | r key set 1, and<br>modify the "Da | program the security fe<br>ta Security" bits | ature. |                      |  |

Figure 1-1 • AHB Bus Matrix Master/Slave Access Configuration



## **Fabric Master MSS Access Configuration**

You can restrict the access to the MSS memory region for any FPGA fabric master attempting to access the MSS through one of the two Fabric Interface Controllers (FIC\_0 and FIC\_1). To restrict the FPGA master to a particular memory map region, you must:

- 1. Check the Restrict Memory Access check box
- 2. Define the size of the restricted region
- 3. Define the base address of that region; the base address should be a multiple of the restricted region size selected in the configurator (Figure 1-2).

| Master/Sla | ave MSS to Fabric M  | lemory Map | E |
|------------|----------------------|------------|---|
| Fabric Ma  | aster MSS Memory Map | Access     |   |
| Restrict   | Memory Access        |            |   |
| Restrict   | Memory Region Size   | 8MB 👻      |   |
| Restrict   | Memory Base Address  | 0x0000000  |   |
|            |                      |            |   |
|            |                      |            |   |

Figure 1-2 • Fabric Master MSS Access Configuration



## A – Product Support

Microsemi SoC Products Group backs its products with various support services, including Customer Service, Customer Technical Support Center, a website, electronic mail, and worldwide sales offices. This appendix contains information about contacting Microsemi SoC Products Group and using these support services.

#### **Customer Service**

Contact Customer Service for non-technical product support, such as product pricing, product upgrades, update information, order status, and authorization.

From North America, call **800.262.1060** From the rest of the world, call **650.318.4460** Fax, from anywhere in the world, **650.318.8044** 

### **Customer Technical Support Center**

Microsemi SoC Products Group staffs its Customer Technical Support Center with highly skilled engineers who can help answer your hardware, software, and design questions about Microsemi SoC Products. The Customer Technical Support Center spends a great deal of time creating application notes, answers to common design cycle questions, documentation of known issues, and various FAQs. So, before you contact us, please visit our online resources. It is very likely we have already answered your questions.

### **Technical Support**

For Microsemi SoC Products Support, visit http://www.microsemi.com/products/fpga-soc/design-support/ fpga-soc-support.

#### Website

You can browse a variety of technical and non-technical information on the Microsemi SoC Products Group home page, at www.microsemi.com/soc.

### **Contacting the Customer Technical Support Center**

Highly skilled engineers staff the Technical Support Center. The Technical Support Center can be contacted by email or through the Microsemi SoC Products Group website.

#### Email

You can communicate your technical questions to our email address and receive answers back by email, fax, or phone. Also, if you have design problems, you can email your design files to receive assistance. We constantly monitor the email account throughout the day. When sending your request to us, please be sure to include your full name, company name, and your contact information for efficient processing of your request.

The technical support email address is soc\_tech@microsemi.com.

#### **My Cases**

Microsemi SoC Products Group customers may submit and track technical cases online by going to My Cases.

#### Outside the U.S.

Customers needing assistance outside the US time zones can either contact technical support via email (soc\_tech@microsemi.com) or contact a local sales office.

Visit About Us for sales office listings and corporate contacts.

Sales office listings can be found at www.microsemi.com/soc/company/contact/default.aspx.

#### **ITAR Technical Support**

For technical support on RH and RT FPGAs that are regulated by International Traffic in Arms Regulations (ITAR), contact us via soc\_tech\_itar@microsemi.com. Alternatively, within My Cases, select **Yes** in the ITAR drop-down list. For a complete list of ITAR-regulated Microsemi FPGAs, visit the ITAR web page.



**Microsemi Corporate Headquarters** One Enterprise, Aliso Viejo, CA 92656 USA

Within the USA: +1 (800) 713-4113 Outside the USA: +1 (949) 380-6100 Sales: +1 (949) 380-6136 Fax: +1 (949) 215-4996

E-mail: sales.support@microsemi.com

©2016 Microsemi Corporation. All rights reserved. Microsemi and the Microsemi logo are trademarks of Microsemi Corporation. All other trademarks and service marks are the property of their respective owners.

#### About Microsemi

Microsemi Corporation (Nasdaq: MSCC) offers a comprehensive portfolio of semiconductor and system solutions for communications, defense & security, aerospace and industrial markets. Products include high-performance and radiation-hardened analog mixed-signal integrated circuits, FPGAs, SoCs and ASICs; power management products; timing and synchronization devices and precise time solutions, setting the world's standard for time; voice processing devices; RF solutions; discrete components; Enterprise Storage and Communication solutions, security technologies and scalable anti-tamper products; Ethernet solutions; Power-over-Ethernet ICs and midspans; as well as custom design capabilities and services. Microsemi is headquartered in Aliso Viejo, Calif. and has approximately 4,800 employees globally. Learn more at **www.microsemi.com**.

Microsemi makes no warranty, representation, or guarantee regarding the information contained herein or the suitability of its products and services for any particular purpose, nor does Microsemi assume any liability whatsoever arising out of the application or use of any product or circuit. The products sold hereunder and any other products sold by Microsemi have been subject to limited testing and should not be used in conjunction with mission-critical equipment or applications. Any performance specifications are believed to be reliable but are not verified, and Buyer must conduct and complete all performance and other testing of the products, alone and together with, or installed in, any end-products. Buyer shall not rely on any data and performance specifications or parameters provided by Microsemi. It is the Buyer's responsibility to independently determine suitability of any products and verify the same. The information provided by Microsemi hereunder is provided "as is, where is" and with all faults, and the entire risk associated with such information is entirely with the Buyer. Microsemi does not grant, explicitly or implicitly, to any party any patent rights, licenses, or any other IP rights, whether with regard to such information itself or anything described by such information. Information provided in this document is proprietary to Microsemi, and Microsemi reserves the right to make any changes to the information in this document or to any products and services at any time without notice.