## About this document

This document will cover the creation and implementation of a simple "ATM Simulator" Trusted System using ARM's TrustZone Security Extensions for the Cortex A9 MPCore Processor Subsystem on the Digilent ZedBoard SoC. The toolchain used will be the Xilinx EDK v14.4 toolchain with CodeSourcery ARM Cross-Compiler that comes on the DVD currently pre-packed with the ZedBoard. While Linux drivers do exist as part of the Linux kernel, in practice these drivers proved problematic or difficult to configure, and a Microsoft Windows 7 development environment was used.

All content within is owned by <u>Sean McClain</u> and <u>Assured Information Security</u> and is (c) 2013 AIS, all rights reserved. From here on out, the following instruction format will be used:

- ullet means proceed to the next instruction, expand a checkbox, or hover until another menu appears, where appropriate
- RC Label means to right-click Label and make your selections from the right-click menu
- DC Label means to double-click Label
- TM means top menu
- Tab Label (Location) means an on-screen tab located near Location that matches Label
- Label: contents means to populate the text entry box next to the label with the provided contents
- Label: (un)checked means to (un)check the checkbox next to the label
- Label: selected means to select the radio button choice matching Label
- Label1: Label2: contents means to place the contents at the row Label1, column Label2.
- Label means to click the button with the matching label
- if any values are not specified, you can safely assume the default values are safe to use

For example, in the screen matching figure 1, you might see the following instructions:

• Project name: project\_1  $\rightarrow$  Create Project Subdirectory: checked  $\rightarrow$  Next



Figure 1: New Project Screen

In this particular example, C:/Users/sean/Work is the "working directory". For the rest of this tutorial, it will be assumed that the working directory is C: . This should be a directory you can locate easily that you have write permissions for.

# 1 Hardware Design

#### PlanAhead

To begin, open up the PlanAhead tool (in MS Win7, Xilinx Design Tools  $\rightarrow$  ISE Design Suite 14.4  $\rightarrow$  PlanAhead  $\rightarrow$  PlanAhead under All Programs in the Start menu).

On the screens that follow, we will create a new PlanAhead project.

- Create New Project
- Next
- Project name: TrustZone  $\rightarrow$  Create project subdirectory: checked  $\rightarrow$  Next
- RTL Project: selected  $\rightarrow$  Do not specify sources at this time: unchecked  $\rightarrow$  Next
- Target language:  $VHDL \rightarrow Next$
- Next
- Next
- Tab specify (Left)  $\rightarrow$  Boards  $\rightarrow$  Tab Filter (Top)  $\rightarrow$  Package: clg484  $\rightarrow$  Tab (Bottom)  $\rightarrow$  ZedBoard Zynq Evaluation and Development Kit  $\rightarrow$  Next
- Finish

After a moment, the PlanAhead main window will appear. We will start off by adding a Processor Subsystem (PS). The ZedBoard has two regions: the PS, and the Programmable Logic (PL). The PS comprises everything "built-in" on the board, and the PL consists entirely out of transistor gates you can turn into other electric components.

- Tab Sources (Top Center)  $\rightarrow$  RC Design Sources  $\rightarrow$  Add Sources
- Add or Create Embedded Sources: selected  $\rightarrow$  Next
- Create Sub-Design
- Module name: processor\_subsystem  $\rightarrow$  OK
- Finish

#### **XPS**

After a moment, Xilinx Platform Studio (XPS) should open. A dialog saying "This project appears to be a blank zynq project. do you want to create a Base System using the BSB Wizard?" will appear. PlanAhead has already been configured, so we can accept all the default options within this wizard. Once the Wizard's completed, we'll add a device in the PL fabric which will act as our "monitor world" for TrustZone. We'll also add in a TrustZone Interrupt Controller.

- If XPS offers to let you use the Base System Builder wizard
  - Yes
  - OK
  - Next
  - Finish
- otherwise
  - If you are prompted to add a processing system, Yes, otherwise, add one manually with Tab IP Catalog (Left)
     → Processor → DC Processing System (highest IP version) → Yes
  - I/O Peripherals
  - Tab System Assembly View (Bottom)  $\rightarrow$  Tab Zyng (Top)  $\rightarrow$  I/O Peripherals
  - Quad SPI Flash: Enable, MIO 1 .. 6  $\rightarrow$  Quad SPI Flash: Feedback Clk: Enable, MIO 8
  - − Enet 0 : Enable, MIO 16 .. 27 → Enet 0 : MDIO : Enable, MIO 52 .. 53
  - USB 0 : Enable, MIO 28 .. 39
  - SD 0 : Enable, MIO 40 .. 45  $\rightarrow$  SD 0 : CD : Enable, MIO 47  $\rightarrow$  SD 0 : WP : Enable, MIO 46
  - UART 1 : Enable, MIO 48 .. 49
  - Timer 0: Enable, EMIO

- GPIO : Enable  $\rightarrow$  GPIO : MIO GPIO : Enable, MIO  $\rightarrow$  GPIO : EMIO GPIO (Width) : Enable, 60
- Close
- Add Buttons, LEDs, and Switches
- Tab IP Catalog (Left) → General Purpose IO → DC AXI General Purpose IO → Yes → OK → OK
- Tab System Assembly View (Bottom) → Tab Bus Interfaces (Top) → single click axi\_gpio\_0, wait a second, rename to BTNS\_5Bits
- Tab IP Catalog (Left)  $\rightarrow$  General Purpose IO  $\rightarrow$  DC AXI General Purpose IO  $\rightarrow$  Yes  $\rightarrow$  OK  $\rightarrow$  OK
- Tab System Assembly View (Bottom) → Tab Bus Interfaces (Top) → single click axi\_gpio\_0, wait a second, rename to LEDs\_8Bits
- Tab IP Catalog (Left)  $\rightarrow$  General Purpose IO  $\rightarrow$  DC AXI General Purpose IO  $\rightarrow$  Yes  $\rightarrow$  OK  $\rightarrow$  OK
- Tab System Assembly View (Bottom) → Tab Bus Interfaces (Top) → single click axi\_gpio\_0, wait a second, rename to SWs\_8Bits
- Configure Buttons, LEDs, and Switches
- Tab System Assembly View (Bottom) → Tab Bus Interfaces (Top) → RC BTNs\_5Bits → Configure IP ...
- Tab User (Right)  $\rightarrow$  Channel 1  $\rightarrow$  GPIO Data Channel Width: 5  $\rightarrow$  Channel 1 is Input Only: Checked  $\rightarrow$  OK
- Tab System Assembly View (Bottom)  $\rightarrow$  Tab Bus Interfaces (Top)  $\rightarrow$  RC LEDs\_8Bits  $\rightarrow$  Configure IP ...
- Tab User (Right)  $\rightarrow$  Channel 1  $\rightarrow$  GPIO Data Channel Width: 8  $\rightarrow$  OK
- Tab System Assembly View (Bottom)  $\rightarrow$  Tab Bus Interfaces (Top)  $\rightarrow$  RC SWs\_8Bits  $\rightarrow$  Configure IP ...
- Tab User (Right) → Channel 1 → GPIO Data Channel Width: 8 → Channel 1 is Input Only: Checked → OK
- Connect Buttons, LEDs, and Switches
- − Tab System Assembly View (Bottom) → Tab Ports (Top) → BTNs\_5Bits → (IO\_IF) gpio\_0 : Connected Port : Disconnect from External Ports
- − Tab System Assembly View (Bottom) → Tab Ports (Top) → BTNs\_5Bits → (IO\_IF) gpio\_0 : Connected Port : Make Ports External
- − Tab System Assembly View (Bottom) → Tab Ports (Top) → LEDs\_8Bits → (IO\_IF) gpio\_0 : Connected Port : Disconnect from External Ports
- − Tab System Assembly View (Bottom) → Tab Ports (Top) → LEDs\_8Bits → (IO\_IF) gpio\_0 → GPIO\_IO\_0 : Connected Port : RC → Make External
- − Tab System Assembly View (Bottom) → Tab Ports (Top) → SWs\_8Bits → (IO\_IF) gpio\_0 : Connected Port : Disconnect from External Ports
- − Tab System Assembly View (Bottom) → Tab Ports (Top) → SWs\_8Bits → (IO\_IF) gpio\_0 : Connected Port : Make Ports External
- Design Rule Check (Ctrl + Shift + D)
- Tab Console (Bottom)  $\rightarrow$  RC anywhere in the window  $\rightarrow$  Clear Transcript Tabs
- TM Project → Design Rule Check → Tab Console (Bottom) → Tab Errors (Bottom) → You should have no errors, review these instructions and resolve any that came up.
- Note: If PlanAhead ever informs you that there was an XPS or XST error, but does not specify what the error is, you will want to open XPS, repeat the final two steps in the previous section ("otherwise/Design Rule Check (Ctrl + Shift + D)"), and then TM Hardware → Generate Netlist.
- TM Hardware  $\rightarrow$  Create or Import Peripheral...
- Next
- Create templates for a new peripheral: selected  $\rightarrow$  Next
- Next
- Name:  $tzac \rightarrow Description$ : TrustZone Access Controller  $\rightarrow$  Next
- AXI4-Lite: Selected  $\rightarrow$  Next
- User logic master support: unchecked  $\rightarrow$  Software reset: checked  $\rightarrow$  User logic software register: checked  $\rightarrow$  Include data phase timer: unchecked  $\rightarrow$  Next
- Number of software accessible registers:  $3 \to \text{Next}$
- Next

- Generate BFM Simulation Platform: checked  $\rightarrow$  Next
- Generate template driver files to help you implement software interface: checked  $\rightarrow$  Next
- Finish
- Tab IP Catalog (Left)  $\rightarrow$  Project Local PCores  $\rightarrow$  User  $\rightarrow$  DC TZAC
- Yes
- OK
- OK
- Tab System Assembly View (Bottom)  $\rightarrow$  Tab Bus Interfaces (Top)  $\rightarrow$  RC tzac\_0  $\rightarrow$  View MPD
- Replace the contents of tzac\_v2\_1\_0.mpd with the following:

```
## Name : trac  
## Deac : trac  
## Common : trac  
## Common : trac  
## Common : trac  
## Common : trac  
## Deac : trac  
## Second : trac  
## Peripheral Options  
OPTION INPER : Trac  

## Bus Interfaces

## Bus Interfaces

## Generics for VEDL or Parameters for Verilog

## AMAMETER C. S.A.MI_OMIA_MUTH = 32, DT = INTEGER, BUS = S.A.MI, ASSIGNMENT = CONSTANT  
PARAMETER C. S.A.MI_OMIA_MUTH = 33, DT = INTEGER, BUS = S.A.MI, ASSIGNMENT = CONSTANT  
PARAMETER C. S.A.MI_OMIA_MUTH = 33, DT = INTEGER, BUS = S.A.MI, ASSIGNMENT = CONSTANT  
PARAMETER C. S.A.MI_MIN SIZE = commonder | trac  

PARAMETER C. S.A.MI_MIN SIZE = commonder | trac  

PARAMETER C. S.A.MI_MIN SIZE = commonder | trac  

PARAMETER C. S.A.MI_MIN SIZE = commonder | trac  

PARAMETER C. S.A.MI_MIN SIZE = commonder | trac  

PARAMETER C. S.A.MI_MIN SIZE = commonder | trac  

## POTES | trac  

##
```

Explanation: We added the 3 lines at the bottom. AWPROT and AXPROT are the TrustZone AXI signals. And the last line will allow our device to trigger interrupts.

- ullet Tab System Assembly View (Bottom)  $\to$  Tab Bus Interfaces (Top)  $\to$  RC tzac\_0  $\to$  Browse HDL Sources
- Hold down shift and select both files  $\rightarrow$  Open
- Replace the contents of user\_logic.vhd with the following, to ensure registers can only be written to from secure world, and only register 3 can be read from normal world:

```
-- user_logic.vhd - entity/architecture pair

-- ** Copyright (c) 1995-2012 Xilinx, Inc. All rights reserved.

-- ** Xilinx, Inc.

-- ** Xilinx, Inc.

-- ** Xilinx Is PROVIDING THIS DESIGN, CODE, OR INFORMATION "AS IS"

-- ** AS A COURTESY TO YOU, SOLELY FOR USE IN DEVELOPING PROGRAMS AND

-- ** SOLUTIONS FOR XILINX DEVICES. BY PROVIDING THIS DESIGN, CODE,

-- ** OR INFORMATION AS ONE POSSIBLE IMPLEMENTATION OF THIS FEATURE,

-- ** APPLICATION OR STANDARD, XILINX IS MAKING NO REPRESENTATION

-- ** THAT THIS IMPLEMENTATION IS FREE FROM ANY CLAIMS OF INFRINGEMENT,

-- ** AND YOU ARE RESPONSIBLE FOR OBTAINING ANY RICHTS YOU MAY REQUIRE

-- ** FOR YOUR IMPLEMENTATION XILINX EXPRESSLY DISCLAIMS ANY

-- ** WARRANTY WHATSDEVER WITH RESPECT TO THE ADEQUACY OF THE
```

```
-- ** IMPLEMENTATION, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OR
-- ** REPRESENTATIONS THAT THIS IMPLEMENTATION IS FREE FROM CLAIMS OF
-- ** INFRINGEMENT, IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
-- ** FOR A PARTICULAR PURPOSE.
  user_logic.vhd
1.00.a
User logic.
  -- Filename:
       Version:
Description:
 -- Version:
-- Description:
User logic.
-- Date:
Mon Sep 23 16:22:31 2013 (by Create and Import Peripheral Wizard)
-- VHDL Standard:
VHDL'93
               e TrustZone Access Controller peripheral has 3 registers. They are des:

RO[31:16]: Normal World Data 1
RO[15:0]: Normal World Data 2
R1[31:21]: Not used
R1[20:14]: Correspond to bits in NSACR
R1[20]: NS_SMP
R1[19]: TL
R1[18]: PLE
R1[17]: NSASEDIS
R1[16]: PLE
R1[17]: NSASEDIS
R1[16]: CP11
R1[14]: CP10
R1[31:22]: Correspond to bits in SDER
R1[15]: SUIDEN
R1[1:0]: Correspond to APROT(1) bits coming into the peripheral
R[11]: APROT
R[10]: AVAPROT
R[10]: Correspond to bits in SCR
R[9]: SIF
R[8]: HCE
R[7]: SCD
R[6]: NET
R[8]: HCE
R[7]: SCD
R[6]: NET
R[1]: R[8]: HCE
R[7]: RCD
R[1]: R[1]: RCD
R[1]: R[1]: RCD
R[1]: R[2]: RCD
R[1]: RCD
R[2]: RCD
R[2]: RCD
R[3]: RCD
R[4]: RCD
R[4]: RCD
R[5]: RCD
R[5]: RCD
R[6]: RCD
R
  -- The TrustZone Access Controller peripheral has 3 registers. They are designed so that there is at least 1 bit which can port functionality to or from each of the TrustZone registers. Normal world may
--
--
--
--
--
--
--
---
  --
                 R2[31:16] : Secure World Data
R2[15:12] : SAC bits [3:0]
                  R2[11:0] correspond directly to bits in the SNSAC
 -- Naming Conventions:
-- active low signal
-- clock signals:
           active low signals:

clock signals:

"st", "clk_div#", "clk_#x"

reset signals:

generics:

user defined types:

state machine next state:

state machine current state:

combinatorial signals:

pipelined or register delay signals:

clock enable signals:

"*ce"

"*ce"
            active low signals:
             counter signals:
clock enable signals:
                                                                                                           "*_ce"
            internal version of output port:
device pins:
ports:
                                                                                                          "*_pin"
"- Names begin with Uppercase"
"*_PROCESS"
"<ENTITY_>I_<#|FUNC>"
             processes:
             component instantiations:
   -- DO NOT EDIT BELOW THIS LINE -----
library ieee;
use ieee.std_logic_1164.all;
use ieee.std_logic_arith.all;
  use ieee.std_logic_unsigned.all;
library proc_common_v3_00_a;
                    c_common_v3_00_a.proc_common_pkg.all;
 -- DO NOT EDIT ABOVE THIS LINE -----
  -- Entity section
 -- Definition of Generics:
            C_NUM_REG
C_SLV_DWIDTH
                                                                                -- Number of software accessible registers
-- Slave interface data bus width
  -- Definition of Ports:
                                                                                 -- Bus to IP clock
            Bus2IP_Clk
                                                                                -- Bus to IP CLOCK
-- Bus to IP reset
-- Bus to IP reset
-- Bus to IP data bus
-- Bus to IP byte enables
-- Bus to IP read chip enable
-- Bus to IP write chip enable
-- IP to Bus data bus
-- IP to Bus arta bus
-- IP to Bus write transfer acknowledgement
            Bus2IP Resetn
             Bus2IP_Data
            Bus2IP_BE
Bus2IP_RdCE
Bus2IP_WrCE
 ---
---
---
             IP2Bus_Data
             IP2Bus_RdAck
             IP2Bus_WrAck
                                                                                   -- IP to Bus write transfer acknowledgement -- IP to Bus error response
             IP2Bus_Error
  entity user_logic is
generic
(
-- ADD USER GENERICS BELOW THIS LINE -------
           --USER generics added here
          -- ADD USER GENERICS ABOVE THIS LINE -----
          ):
     port
           -- ADD USER PORTS BELOW THIS LINE -----
                                              : in std_logic_vector(2 downto 0);

: in std_logic_vector(2 downto 0);

: out std_logic_vector(2 downto 0);
          S_AXI_AWPROT
S_AXI_ARPROT
           -- ADD USER PORTS ABOVE THIS LINE -----
           -- DO NOT EDIT BELOW THIS LINE -----
```

```
: in std_logic_vector(C_NUM_REG-1 downto 0);
: in std_logic_vector(C_NUM_REG-1 downto 0);
: out std_logic_vector(C_SLV_DWIDTH-1 downto 0);
: out std_logic;
          Bus2IP_RdCE
Bus2IP_WrCE
IP2Bus_Data
IP2Bus_RdAck
           IP2Bus_WrAck
                                                                                                : out std_logic;
          IP2Bus_Error
                                                                                                : out std_logic
           -- DO NOT EDIT ABOVE THIS LINE -----
     attribute MAX_FANOUT : string; attribute SIGIS : string;
     attribute SIGIS of Bus2IP_Clk : signal is "CLK"; attribute SIGIS of Bus2IP_Resetn : signal is "RST";
end entity user_logic;
   - Architecture section
architecture IMP of user_logic is
     --USER signal declarations added here, as needed for user logic
      -- Signals for user logic slave model s/w accessible register example
                                                                                                             : std_logic_vector(C_SLV_DWIDTH-1 downto 0);
      signal slv_reg0
    signal slv_reg0
signal slv_reg1
signal slv_reg2
signal slv_reg_write_se1
signal slv_reg_read_se1
signal slv_ip2bus_data
signal slv_read_ack
signal slv_write_ack
                                                                                   : std_logic_vector(C_SLV_DWIDTH-1 downto 0);
: std_logic_vector(C_SLV_DWIDTH-1 downto 0);
: std_logic_vector(C_SLV_DWIDTH-1 downto 0);
: std_logic_vector(2 downto 0);
: std_logic_vector(2 downto 0);
: std_logic_vector(C_SLV_DWIDTH-1 downto 0);
: std_logic;
: std_logic;
begin
     --USER logic implementation added here
       -- Example code to read/write user logic slave model s/w accessible registers
    -- Note:

- The example code presented here is to show you one way of reading/writing

- software accessible registers implemented in the user logic slave model.

- Each bit of the Bus2IP_WrCE/Bus2IP_RdCE signals is configured to correspond

- to one software accessible register by the top level template. For example,

- if you have four 32 bit software accessible registers in the user logic,

- you are basically operating on the following memory mapped registers:

- Bus2IP_WrCE/Bus2IP_RdCE_Manage_Managed_Busiters.
                slv_reg_write_sel <= Bus2IP_WrCE(2 downto 0);
slv_reg_read_sel <= Bus2IP_McE(2 downto 0);
slv_write_ack <= Bus2IP_McE(0) or Bus2IP_WrCE(1) or Bus2IP_WrCE(2);
slv_read_ack <= Bus2IP_RdCE(0) or Bus2IP_RdCE(1) or Bus2IP_RdCE(2);
    -- implement slave model software accessible register(s)
SLAVE_REG_WRITE_PROC : process( BusZIP_Clk ) is
    variable slv_reg_write_sel_secure : std_logic_vector(C_NUM_REG downto 0);
          slv_reg_write_sel_secure(C_NUM_REG) := S_AXI_AWPROT(1);
slv_reg_write_sel_secure(C_NUM_REG - 1 downto 0) := slv_reg_write_sel;
           check_high_edge: if Bus2IP_Clk'event and Bus2IP_Clk = '1' then
                -- reset

check_reset: if Bus2IP_Resetn = '0' then

slv_reg0 <= (others => '0');

slv_reg1 <= (others => '0');

slv_reg2 <= (others => '0');
               -- IRQ clear
elsif Bus2IP_Data(1) = '0' and slv_reg_write_sel_secure = "1010" then
                  slv_reg1(1) <= '0';
-- uncomment for non-secure access
                elsif Bus2IP_Data(1) = '0' and slv_reg_write_sel_secure = "0010" then slv_reg1(1) <= '0';
                     -- RO: Normal World Data

check_write_reg: if slv_reg_write_sel_secure = "1100" then

slv_reg0(31 downto 16) <= Bus2IP_Data(31 downto 16); -- normal world data 1

slv_reg0(15 downto 0) <= Bus2IP_Data(31 downto 0); -- normal world data 2

slv_reg(10) <= '1'; -- flag IRQ any time there is a write

slv_reg(10) <= S_AXI_AWPROT(1); -- mark whether this write was secure

elsif slv_reg_write_sel_secure = "0100" then

slv_reg0(31 downto 16) <= Bus2IP_Data(31 downto 16); -- normal world data 1

slv_reg0(31 downto 0) <= Bus2IP_Data(15 downto 0); -- normal world data 2

slv_reg1(1) <= '1'; -- flag IRQ any time there is a write

slv_reg1(10) <= S_AXI_AWPROT(1); -- mark whether this write was secure
                      -- RO: Normal World Data
  -- uncomment to allow unrestricted access to R1 and R2
elsif slv_reg_write_sel_secure = "0010" then
slv_reg1(0) <= Sus2IP_Data(0);
slv_reg1(1) <= '1'; -- flag IRQ any time there is a write
slv_reg1(9 downto 2) <= Bus2IP_Data(9 downto 2);
slv_reg1(10) <= S_AXI_AWPROT(1); -- mark whether this write was secure
slv_reg1(3 downto 11) <= Bus2IP_Data(31 downto 11);
elsif slv_reg_write_sel_secure = "0001" then
slv_reg2 <= Bus2IP_Data;
slv_reg1(1) <= '1'; -- flag IRQ any time there is a write
slv_reg1(1) <= S_AXI_AWPROT(1); -- mark whether this write was secure
                     -- R1: TrustZone config bits
elsif slv_reg_write_sel_secure = "1010" then
                          -- SCR
slv_reg1(0) <= Bus2IP_Data(0); -- NS
slv_reg1(2) <= Bus2IP_Data(2); -- FIQ
slv_reg1(3) <= Bus2IP_Data(3); -- EA
slv_reg1(4) <= Bus2IP_Data(3); -- EA
slv_reg1(6) <= Bus2IP_Data(6); -- AW
slv_reg1(6) <= Bus2IP_Data(6); -- mET
slv_reg1(7) <= Bus2IP_Data(7); -- SCD
slv_reg1(8) <= Bus2IP_Data(8); -- HGE
slv_reg1(9) <= Bus2IP_Data(9); -- HGE
slv_reg1(9) <= Bus2IP_Data(9); -- SIF
                            slv_reg1(12) <= Bus2IP_Data(12); -- SUIDEN
```

```
slv_reg1(13) <= Bus2IP_Data(13); -- SUNIDEN
                        -- NSACR
slv_reg1(14) <= Bus2IP_Data(14); -- CP10
                        slv_reg1(15) <= Bus2IP_Data(15); -- CP11
slv_reg1(16) <= Bus2IP_Data(16); -- NSD32DIS
slv_reg1(7) <= Bus2IP_Data(7); -- NSASEDIS
slv_reg1(18) <= Bus2IP_Data(18); -- PLE</pre>
                        slv_reg1(10) <= Bus2IP_Data(18); -- PLE
slv_reg1(19) <= Bus2IP_Data(19); -- TL
slv_reg1(20) <= Bus2IP_Data(20); -- NS_SMP
                        slv_reg1(31 downto 21) <= (others => '0');
                        slv_reg1(1) <= '1'; -- flag IRQ any time there is a write
slv_reg1(10) <= S_AXI_AWPROT(1); -- mark whether this write was secure</pre>
                   -- R2: SCU config bits and Secure Data
elsif slv_reg_write_sel_secure = "1001" then
slv_reg2(31 downto 16) <= Bus2IP_Data(31 downto 16); -- Secure Data
slv_reg2(16 downto 12) <= Bus2IP_Data(15 downto 12); -- SAC[3:0]
slv_reg2(11 downto 0) <= Bus2IP_Data(11 downto 0); -- SNSAC[11:0]
                        slv_reg1(1) \le '1'; -- flag IRQ any time there is a write slv_reg1(10) \le S_AXI_AWPROT(1); -- mark whether this write was secure
                  -- mark whether there is a secure read or not elsif slv_reg_read_sel = "100" then slv_reg1(11) <= S_AXI_ARPROT(1); elsif slv_reg_read_sel = "010" then slv_reg1(11) <= S_AXI_ARPROT(1); elsif slv_reg_read_sel = "001" then slv_reg1(11) <= S_AXI_ARPROT(1);
                   end if check_write_reg;
              end if check_reset;
-- On every cycle
IRQ <= slv_reg1(1); -- Copy out the stored IRQ value
         end if check_high_edge;
     end process SLAVE_REG_WRITE_PROC;
    -- implement slave model software accessible register(s) read mux SLAVE_REG_READ_PROC : process( slv_reg_read_sel, slv_reg0, slv_reg1, slv_reg2 ) is variable slv_reg_read_sel_secure : std_logic_vector(C_NUM_REG downto 0); begin
         slv_reg_read_sel_secure(C_NUM_REG) := S_AXI_ARPROT(1);
slv_reg_read_sel_secure(C_NUM_REG - 1 downto 0) := slv_reg_read_sel;
         case slv_reg_read_sel_secure is
  when "0100" => slv_ip2bus_data <= slv_reg0;
  when "0010" => slv_ip2bus_data <= slv_reg1;
  when "0011" => slv_ip2bus_data <= slv_reg2;
  when "1100" => slv_ip2bus_data <= slv_reg0;
  when "1100" => slv_ip2bus_data <= slv_reg1;
  when "1001" => slv_ip2bus_data <= slv_reg2;
  when "1001" => slv_ip2bus_data <= slv_reg2;
  when others => slv_ip2bus_data <= (others => '0');
  end case;
     end process SLAVE_REG_READ_PROC;
      -- Example code to drive IP to Bus signals
     IP2Bus_WrAck <= slv_write_ack;
IP2Bus_RdAck <= slv_read_ack;
IP2Bus_Error <= '0';</pre>
```

• Next to user\_logic.vhd, replace the contents of tzac.vhd with the following to enable TrustZone Security Extensions and our IRQ signal:

```
- tzac.vhd - entity/architecture pair

- IMPORTANT:
DO NOT MODIFY THIS FILE EXCEPT IN THE DESIGNATED SECTIONS.

- SEARCH FOR --USER TO DETERMINE WHERE CHANGES ARE ALLOWED.

- TYPICALLY, THE ONLY ACCEPTABLE CHANGES INVOLVE ADDING NEW
- PORTS AND GENERICS THAT GET PASSED THROUGH TO THE INSTANTIATION
- OF THE USER_LOGIC ENTITY.

- ***COPYTIGHT (c) 1995-2012 Xilinx, Inc. All rights reserved.

* ***Xilinx, Inc.

* ***Xilinx, Inc.

* ***XILINX IS PROVIDING THIS DESIGN, CODE, OR INFORMATION "AS IS"

* ***AS A COURTESY TO YOU, SOLELY FOR USE IN DEVELOPING PROGRAMS AND

* ***SOLUTIONS FOR XILINX DEVICES. BY PROVIDING THIS DESIGN, CODE,

* ***OR INFORMATION AS ONE POSSIBLE MPLEMENTATION OF THIS FEATURE,

* ***APPLICATION OR STANDARD, XILINX IS MAKING NO REPRESENTATION

* ***THAT THIS IMPLEMENTATION IS FREE FROM ANY CLAIMS OF INFRINGEMENT,

* ***ANA YOU ARE RESPONSIBLE FOR OSTAINING ANY RIGHTS YOU MAY REQUIRE

* ***HARMANY WHATSDEEVER WITH RESPECT TO THE ADEQUACY OF THE

* ***HARMANY WHATSDEEVER WITH RESPECT TO THE ADEQUACY OF THE

* ***HARMANY WHATSDEEVER WITH RESPECT TO THE ADEQUACY OF THE

* ***IMPLEMENTATION, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OR

* ***REPRESENTATIONS THAT THIS IMPLEMENTATION IS FREE FROM CLAIMS OF

* ***IMPLEMENTATION, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OR

* ***REPRESENTATIONS THAT THIS IMPLEMENTATION IS FREE FROM CLAIMS OF

* ***IMPLEMENTATION, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OR

* ***REPRESENTATIONS THAT THIS IMPLEMENTATION IS FREE FROM CLAIMS OF

* ***IMPLEMENTATION, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF

* ***REPRESENTATIONS THAT THIS IMPLEMENTATION IS FREE FROM CLAIMS OF

* ***IMPLEMENTATION, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF

* ***REPRESENTATIONS THAT THIS IMPLEMENTATION IS FREE FROM CLAIMS OF

* ***NEADLE CONTRACTOR OF THE CONTRA
```

```
user defined types:
state machine next state:
state machine current state:
combinatorial signals:
pipelined or register delay signals:
                                                                                                                    "*_TYPE"
"*_ns"
"*_cs"
"*_com"
"*_d#"
"*cnt*"
               counter signals:
              counter signais:
clock enable signals:
internal version of output port:
                                                                                                                     "*_ce"
"* i"
             internal version of output
device pins:
ports:
processes:
component instantiations:
                                                                                                                    "*_1"

"*_pin"

"- Names begin with Up

"*_PROCESS"

"<ENTITY_>I_<#|FUNC>"
                                                                                                                                           begin with Uppercase"
library ieee;
use ieee.std_logic_1164.all;
use ieee.std_logic_arith.all;
use ieee.std_logic_unsigned.all;
library proc_common_v3_00_a;
use proc_common_v3_00_a.proc_common_pkg.all;
use proc_common_v3_00_a.pif_pkg.all;
use proc_common_v3_00_a.soft_reset;
library axi_lite_ipif_v1_01_a;
use axi_lite_ipif_v1_01_a.axi_lite_ipif;
library tzac_v1_00_a;
use tzac_v1_00_a.user_logic;
      Definition of Generics:
C_S_AXI_DATA_WIDTH
C_S_AXI_ADDR_WIDTH
                                                                                         -- AXI4LITE slave: Data width
                                                                                        -- AXI4LITE slave: Data width
-- AXI4LITE slave: Address Width
-- AXI4LITE slave: Min Size
-- AXI4LITE slave: Write Strobe
-- AXI4LITE slave: bate Phase Timeout
-- AXI4LITE slave: base address
-- AXI4LITE slave: high address
-- AXI4LITE slave: high address
-- FPGA Family
-- Number of software accessible registers
-- Number of address-ranges
-- Slave interface address bus width
-- Slave interface data bus width
              C_S_AXI_MIN_SIZE
              C USE WSTRB
            C_USE_WSTRB
C_DPHASE_TIMEOUT
C_BASEADDR
C_HIGHADDR
C_FAMILY
C_NUM_REG
              C_NUM_MEM
              C SLV AWIDTH
              C_SLV_DWIDTH
                                                                                        -- AXI4LITE slave: Clock
-- AXI4LITE slave: Reset
-- AXI4LITE slave: Write address
-- AXI4LITE slave: Write address valid
-- AXI4LITE slave: Write address valid
-- AXI4LITE slave: Write strobe
-- AXI4LITE slave: Write strobe
-- AXI4LITE slave: Response ready
-- AXI4LITE slave: Response ready
-- AXI4LITE slave: Read address
-- AXI4LITE slave: Read address valid
-- AXI4LITE slave: Read address valid
-- AXI4LITE slave: Read data ready
-- AXI4LITE slave: Read data
-- AXI4LITE slave: Read data response
-- AXI4LITE slave: Read data valid
-- AXI4LITE slave: Read data valid
-- AXI4LITE slave: Response
        Definition of Ports:
             S_AXI_ACLK
S_AXI_ARESETN
              S_AXI_AWADDR
              S AXI AWVALID
              S_AXI_WDATA
             S_AXI_WDATA
S_AXI_WSTRB
S_AXI_WVALID
S_AXI_BREADY
S_AXI_ARADDR
              S_AXI_ARVALID
              S_AXI_RREADY
              S_AXI_ARREADY
              S AXT RDATA
            S_AXI_RDATA
S_AXI_RRESP
S_AXI_RVALID
S_AXI_WREADY
S_AXI_BRESP
S_AXI_BVALID
              S_AXI_AWREADY
 entity tzac is
generic
(
           -- ADD USER GENERICS BELOW THIS LINE -----
           --USER generics added here
-- ADD USER GENERICS ABOVE THIS LINE -----
           -- DO NOT EDIT BELOW THIS LINE -----
           -- Dus protocol parameters, do not add to or delete
C_S_AXI_DATA_WIDTH
: integer := 32;
C_S_AXI_DATA_WIDTH : integer := 32;
C_S_AXI_MIN_SIZE : std_logic_vector := X"000001FF";
           C_USE_WSTRB
C_DPHASE_TIMEOUT
                                                                                              : integer
                                                                                                                                                          := 0;
:= 8;
                                                                                              : integer
: integer
: std_logic_vector
: std_logic_vector
: string
: integer
: integer
                                                                                                                                                         := 8;
:= X"FFFFFFF";
:= X"00000000";
:= "virtex6";
:= 1;
:= 1;
:= 32;
:= 32
           C BASEADDR
           C_HIGHADDR
C_FAMILY
C_NUM_REG
C_NUM_MEM
           C_SLV_AWIDTH
                                                                                                 integer
           C_SLV_DWIDTH
                                                                                              : integer
            -- DO NOT EDIT ABOVE THIS LINE -----
           -- DO NOT EDIT BELOW THIS LINE -----
           -- Bus protocol ports, do not add to or delete
S_AXI_ARCLK : in std_logic;
S_AXI_ARESETN : in std_logic;
                                                                                             : in std_logic_vector(C_S_AXI_ADDR_WIDTH-1 downto 0);
           S_AXI_AWADDR
                                                                                            : in std_logic_vector(C_S_AXI_ADDR_WIDTH-1 downto 0);
in std_logic;
in std_logic_vector(C_S_AXI_DATA_WIDTH-1 downto 0);
in std_logic_vector((C_S_AXI_DATA_WIDTH/8)-1 downto 0);
in std_logic;
in std_logic;
in std_logic_vector(C_S_AXI_ADDR_WIDTH-1 downto 0);
in std_logic;
in std_logic;
in std_logic;
in std_logic;
in std_logic;
in std_logic;
           S_AXI_AWVALID
           S AXT WDATA
           S_AXI_WDATA
S_AXI_WSTRB
S_AXI_WVALID
S_AXI_BREADY
S_AXI_ARADDR
           S_AXI_ARVALID
           S_AXI_RREADY
                                                                                              : in std_logic;
                                                                                               in std_logic;
out std_logic;
out std_logic,vector(C_S_AXI_DATA_WIDTH-1 downto 0);
out std_logic,vector(1 downto 0);
out std_logic;
out std_logic;
out std_logic;
out std_logic,vector(1 downto 0);
out std_logic,vector(1 downto 0);
           S AXT ARREADY
           S_AXI_RDATA
           S_AXI_RDATA
S_AXI_RRESP
S_AXI_RVALID
S_AXI_WREADY
S_AXI_BRESP
           S_AXI_BVALID
                                                                                                 out std_logic;
           S_AXI_AWREADY
                                                                                              : out std_logic
              - DO NOT EDIT ABOVE THIS LINE ----
     attribute MAX_FANOUT : string;
attribute SIGIS : string;
attribute MAX_FANOUT of S_AXI_ACLK
attribute MAX_FANOUT of S_AXI_ARESETN
                                                                                                                 : signal is "10000";
                                                                                                                         : signal is "10000";
```

```
attribute SIGIS of S_AXI_ACLK attribute SIGIS of S_AXI_ARESETN end entity tzac;
                                                                                          : signal is "Clk";
: signal is "Rst";
 -- Architecture section
architecture IMP of tzac is
    constant USER_SLV_DWIDTH
                                                                                                    : integer
                                                                                                                                                          := C_S_AXI_DATA_WIDTH;
    constant IPIF_SLV_DWIDTH
                                                                                                : integer
                                                                                                                                                           := C_S_AXI_DATA_WIDTH;
                                                                                                  : std_logic_vector(0 to 31) := (others => '0');

: std_logic_vector := C_BASEADDR or X"00000100";

: std_logic_vector := C_BASEADDR or X"0000016";

: std_logic_vector := C_BASEADDR or X"00000000";

: std_logic_vector := C_BASEADDR or X"000000FF";
    constant ZERO ADDR PAD
    constant RST_BASEADDR
constant RST_HIGHADDR
constant USER_SLV_BASEADDR
constant USER_SLV_HIGHADDR
    constant IPIF ARD ADDR RANGE ARRAY
                                                                                                    : SLV64 ARRAY TYPE
             ZERO_ADDR_PAD & RST_BASEADDR,
ZERO_ADDR_PAD & RST_HIGHADDR,
ZERO_ADDR_PAD & USER_SLV_BASEADDR,
ZERO_ADDR_PAD & USER_SLV_HIGHADDR
                                                                                                    -- soft reset space base address
-- soft reset space high address
-- user logic slave space base address
-- user logic slave space high address
                                                                                                                                                               := 1;
:= 3;
:= USER_SLV_NUM_REG;
:= USER_NUM_REG + RST_NUM_CE;
    constant RST_NUM_CE
                                                                                                      : integer
     constant USER_SLV_NUM_REG
constant USER_NUM_REG
constant TOTAL_IPIF_CE
                                                                                                      : integer
: integer
: integer
                                                                                               : INTEGER_ARRAY_TYPE :=
     constant IPIF_ARD_NUM_CE_ARRAY
                                                                                                    -- number of ce for soft reset space
-- number of ce for user logic slave space
             0 => (RST_NUM_CE),
1 => (USER_SLV_NUM_
                   => (USER_SLV_NUM_REG)
         );
      -- Width of triggered reset in bus clocks
    constant RESET_WIDTH
                                                                                                                                                              := 8;
                                                                                                    : integer
     -- Index for CS/CE
                                                                                                                                                               := 0;
:= USER_NUM_REG;
:= 1;
      constant RST_CS_INDEX
                                                                           : integer
: integer
: integer
: integer
    constant RSI_CS_INDEX
constant RST_CE_INDEX
constant USER_SLV_CS_INDEX
constant USER_SLV_CE_INDEX
                                                                                                                                                               := calc_start_ce_index(IPIF_ARD_NUM_CE_ARRAY, USER_SLV_CS_INDEX);
    constant USER CE INDEX
                                                                                                    : integer
                                                                                                                                                              := USER SLV CE INDEX:
      -- IP Interconnect (IPIC) signal declarations
   signal ipif_Bus2IP_Clk
signal ipif_Bus2IP_Resetn
signal ipif_Bus2IP_Addr
signal ipif_Bus2IP_Resetn
signal ipif_Bus2IP_RW
signal ipif_Bus2IP_BE
signal ipif_Bus2IP_BE
signal ipif_Bus2IP_WrCE
signal ipif_Bus2IP_WrCE
signal ipif_Bus2IP_Data
signal ipif_IPus2IP_Data
signal ipif_IPusUs_RAGCE
signal ipif_IPusUs_RAGCE
signal ipif_IPusUs_RAGCE
signal ipif_IPusUs_RAGCE
signal ipif_IPusUs_RAGCE
signal ipif_IPusUs_RAGCE
signal ipif_IPusUs_Data
     signal ipif_Bus2IP_Clk
                                                                                                  : std_logic;
                                                                                                      std_logic_vector(C_S_AXI_ADDR_WIDTH-1 downto 0);
                                                                                                  : std_logic_vector(C_S_AXI_ADDR_wIDTH-1 downto 0);
: std_logic;
: std_logic_vector(IPIF_SLV_DWIDTH/8-1 downto 0);
: std_logic_vector((IPIF_ARD_ADDR_RANGE_ARRAY'\LENGTH)/2-1 downto 0);
: std_logic_vector(calc_num_ce(IPIF_ARD_NUM_CE_ARRAY)-1 downto 0);
: std_logic_vector(calc_num_ce(IPIF_ARD_NUM_CE_ARRAY)-1 downto 0);
: std_logic_vector(IPIF_SLV_DWIDTH-1 downto 0);
                                                                                                      std_logic;
                                                                                                      std_logic;
                                                                                                      std_logic;
std_logic;
std_logic;
std_logic;
std_logic;
                                                                                                      std_logic;
     signal rst_IP2Bus_Error
                                                                                                      std_logic;
     signal rst_Bus2IP_Reset_tmp
                                                                                                      std_logic;
    signal user_Bus2IP_Meset_F
signal user_Bus2IP_WrCE
signal user_FBus2IP_WrCE
signal user_IP2Bus_Data
signal user_IP2Bus_WrAck
signal user_IP2Bus_WrAck
signal user_IP2Bus_Error
                                                                                                 : std_logic;
: std_logic_vector(USER_NUM_REG-1 downto 0);
: std_logic_vector(USER_NUM_REG-1 downto 0);
: std_logic_vector(USER_SLV_DWIDTH-1 downto 0);
: std_logic;
: std_logic;
: std_logic;
: std_logic;
begin
     -- instantiate axi_lite_ipif
     AXI_LITE_IPIF_I : entity axi_lite_ipif_v1_01_a.axi_lite_ipif
         generic map
              C_S_AXI_DATA_WIDTH
                                                                                           => IPIF SLV DWIDTH.
             C.S_AXI_DATA_WIDTH
C.S_AXI_ADDR_WIDTH
C.S_AXI_MIN_SIZE
C.USE_WSTRB
C_DPHASE_TIMEOUT
C_ARD_ADDR_RANGE_ARRAY
C_ARD_NUM_CE_ARRAY
C_FAMILY
                                                                                         => IPIF_SLV_DWIDTH,
=> C.S.AI, ADDR, WIDTH,
=> C.S.AI, MIN_SIZE,
=> C_USE_WSTRB,
=> C_UPHASE_TIMEDUT,
=> IPIF_ARD_ADDR_RANGE_ARRAY,
=> C_FAMILY
=> C_FAMILY
         port map
              S_AXI_ACLK
S_AXI_ARESETN
S_AXI_AWADDR
S_AXI_AWVALID
                                                                                          => S_AXI_ACLK,
=> S_AXI_ARESETN,
=> S_AXI_AWADDR,
=> S_AXI_AWVALID,
               S_AXI_WDATA
                                                                                           => S_AXI_WDATA,
                                                                                          => S_AXI_wDATA,

=> S_AXI_wSTRB,

=> S_AXI_WVALID,

=> S_AXI_BREADY,

=> S_AXI_ARADDR,

=> S_AXI_AREADY,

=> S_AXI_READY,
               S_AXI_WSTRB
              S_AXI_WSTRB
S_AXI_WVALID
S_AXI_BREADY
S_AXI_ARADDR
S_AXI_ARVALID
S_AXI_RREADY
S_AXI_ARREADY
S_AXI_ARREADY
                                                                                           => S_AXI_ARREADY,
               S AXT RDATA
                                                                                           => S AXT RDATA.
                                                                                          => S_AXI_RDATA,

=> S_AXI_RRESP,

=> S_AXI_RVALID,

=> S_AXI_WREADY,

=> S_AXI_BUBLID,

=> S_AXI_BUBLID,

=> S_AXI_BUBLID,

=> ipif_Bus2IP_C1k,
               S AXT RRESP
              S_AXI_RRESP
S_AXI_RVALID
S_AXI_WREADY
S_AXI_BRESP
S_AXI_BVALID
S_AXI_AWREADY
               Bus2IP_Clk
                                                                                          => ipif_Bus2IP_CiR,

=> ipif_Bus2IP_Addr,

=> ipif_Bus2IP_RNW,

=> ipif_Bus2IP_BE,

=> ipif_Bus2IP_BC,

=> ipif_Bus2IP_CS,

=> ipif_Bus2IP_WrCE,
               Bus2IP Resetn
               Bus2IP Addr
               Bus2IP_RNW
Bus2IP_BE
Bus2IP_CS
               Bus2IP_RdCE
               Bus2IP_WrCE
```

```
Bus2IP_Data
IP2Bus_WrAck
IP2Bus_RdAck
IP2Bus_Error
                                                        => ipif_Bus2IP_Data,
=> ipif_IP2Bus_WrAck,
=> ipif_IP2Bus_RdAck,
=> ipif_IP2Bus_Error,
      IP2Bus_Data
                                                        => ipif_IP2Bus_Data
-- instantiate soft_reset
SOFT_RESET_I : entity proc_common_v3_00_a.soft_reset
      C SIPIF DWIDTH
                                                        => IPIF SLV DWIDTH.
      Bus2IP_Reset
                                                        => ipif_Bus2IP_Reset,
      Bus2IP_Clk
                                                        => ipif_Bus2IP_Clk,
      Bus2IP WrCE
                                                        => ipif Bus2IP WrCE(RST CE INDEX).
                                                        => ipif_Bus2IP_WrCE()
=> ipif_Bus2IP_Data,
=> ipif_Bus2IP_BE,
=> rst_Bus2IP_Reset,
=> rst_IP2Bus_WrAck,
=> rst_IP2Bus_Error,
      Bus2IP Data
      Bus2TP BE
      Reset2IP_Reset
Reset2Bus_WrAck
Reset2Bus_Error
                                                        => open
      Reset2Bus_ToutSup
-- instantiate User Logic
USER_LOGIC_I : entity tzac_v1_00_a.user_logic
   generic map
       -- MAP USER GENERICS BELOW THIS LINE -----
     --USER generics mapped here
-- MAP USER GENERICS ABOVE THIS LINE -----
                                                       => USER_NUM_REG,
=> USER_SLV_DWIDTH
   port map
       -- MAP USER PORTS BELOW THIS LINE -----
                                                       => S_AXI_AWPROT,
=> S_AXI_ARPROT,
      Bus2IP_Clk
                                                        => ipif_Bus2IP_Clk,
      Bus2IP Resetn
                                                        => rst Bus2IP Reset tmp.
                                                       => rst_Bus2IP_Reset_

=> ipif_Bus2IP_Data,

=> ipif_Bus2IP_BE,

=> user_Bus2IP_RdCE,

=> user_Bus2IP_WrCE,

=> user_IP2Bus_Data,
      Bus2IP Data
      Bus2IP_BE
Bus2IP_RdCE
Bus2IP_WrCE
IP2Bus_Data
      IP2Bus_RdAck
                                                        => user_IP2Bus_RdAck
      IP2Bus_WrAck
      IP2Bus_Error
                                                        => user_IP2Bus_Error
-- connect internal signals
IP2BUS_DATA_MUX_PROC : process( ipif_Bus2IP_CS, user_IP2Bus_Data ) is
   case ipif_Bus2IP_CS (1 downto 0) is
      when "01" => ipif_IP2Bus_Data <= (others => '0');
when others => ipif_IP2Bus_Data <= (others => '0');
when others => ipif_IP2Bus_Data <= (others => '0');
   end case;
end process IP2BUS_DATA_MUX_PROC;
ipif_IP2Bus_WrAck <= user_IP2Bus_WrAck or rst_IP2Bus_WrAck;
ipif_IP2Bus_RdAck <= user_IP2Bus_RdAck;
ipif_IP2Bus_Error <= user_IP2Bus_Error or rst_IP2Bus_Error;</pre>
user_Bus2IP_RdCE <= ipif_Bus2IP_RdCE(USER_NUM_REG-1 downto 0);
user_Bus2IP_WrCE <= ipif_Bus2IP_WrCE(USER_NUM_REG-1 downto 0);
ipif_Bus2IP_Reset <= not ipif_Bus2IP_Resetn;
rst_Bus2IP_Reset_tmp <= not rst_Bus2IP_Reset;</pre>
```

Note that, for the time being, support for TrustZone exists, but is disabled. We'll modify this later when we're ready for Security Extensions.

- TM Project  $\rightarrow$  Rescan User Repositories
- Tab System Assembly View (Bottom)  $\rightarrow$  Tab Ports (Top)  $\rightarrow$  tzac\_0  $\rightarrow$  IRQ: Connected Port: Pencil Icon  $\rightarrow$  Blue Arrow  $\rightarrow$  Make a note of the number next to tzac\_0 in the table on the right  $\rightarrow$  OK

If everything was done correctly, after pressing ctrl + shift + d, your design should resemble figure 2.

# PlanAhead

We can now close XPS and return to PlanAhead. We will now create a Top Level HDL file so we can make some lower-level changes later, and then add some design constraints. These are mappings that ensure Xilinx representations of some components match their physical location on the ZedBoard. The constraints we will be adding cover the LEDs, switches, and buttons on the bottom edge of the board (oriented so that the Digilent logo is upright). The following port mappings are printed directly onto the ZedBoard, and can be found online in the schematics PDF in the Redmine wiki (also available from ZedBoard's support site).

- Tab Sources (Top Center)  $\rightarrow$  Design Sources  $\rightarrow$  RC processor\_subsystem  $\rightarrow$  Create Top Level HDL
- Tab Sources (Top Center)  $\rightarrow$  RC Constraints  $\rightarrow$  Add Sources



Figure 2: Successfully Configured XPS

- Add or Create Constraints: selected  $\rightarrow$  Next
- Create File
- File name: processing\_subsystem\_constrs  $\rightarrow$  OK
- Finish
- Tab Sources (Top Center)  $\rightarrow$  Constraints  $\rightarrow$  constrs\_1  $\rightarrow$  DC processing\_subsystem\_constrs.ucf

You can now edit the contents of processing\_subsystem\_constrs.ucf in the tab in the upper far right. Populate it with the following:

```
NET LEDs_8Bits_TRI_10[0] LOC = T22 | IOSTANDARD=LVCMOSS33; # "LDO"
NET LEDs_8Bits_TRI_10[1] LOC = T21 | IOSTANDARD=LVCMOSS33; # "LD1"
NET LEDs_8Bits_TRI_10[2] LOC = U22 | IOSTANDARD=LVCMOSS33; # "LD3"
NET LEDs_8Bits_TRI_10[3] LOC = U21 | IOSTANDARD=LVCMOSS33; # "LD3"
NET LEDs_8Bits_TRI_10[4] LOC = U22 | IOSTANDARD=LVCMOSS33; # "LD4"
NET LEDs_8Bits_TRI_10[6] LOC = U22 | IOSTANDARD=LVCMOSS33; # "LD6"
NET LEDs_8Bits_TRI_10[6] LOC = U19 | IOSTANDARD=LVCMOSS33; # "LD6"
NET LEDs_8Bits_TRI_10[6] LOC = U19 | IOSTANDARD=LVCMOSS33; # "LD6"
NET LEDs_8Bits_TRI_10[7] LOC = U14 | IOSTANDARD=LVCMOSS33; # "BTNC"
NET BTNs_5Bits_TRI_10[1] LOC = P16 | IOSTANDARD=LVCMOSS33; # "BTNC"
NET BTNs_5Bits_TRI_10[2] LOC = R16 | IOSTANDARD=LVCMOSS33; # "BTND"
NET BTNs_5Bits_TRI_10[3] LOC = R18 | IOSTANDARD=LVCMOSS33; # "BTND"
NET BTNs_5Bits_TRI_10[4] LOC = T18 | IOSTANDARD=LVCMOSS33; # "BTNN"
NET BTNS_5Bits_TRI_10[1] LOC = F22 | IOSTANDARD=LVCMOSS33; # "BTNN"
NET SWs_BBIts_TRI_10[1] LOC = F22 | IOSTANDARD=LVCMOSS33; # "SWO"
NET SWs_BBIts_TRI_10[3] LOC = H22 | IOSTANDARD=LVCMOSS33; # "SWO"
NET SWs_BBIts_TRI_10[3] LOC = H22 | IOSTANDARD=LVCMOSS33; # "SWO"
NET SWs_BBIts_TRI_10[3] LOC = F21 | IOSTANDARD=LVCMOSS33; # "SWO"
NET SWs_BBIts_TRI_10[3] LOC = F21 | IOSTANDARD=LVCMOSS33; # "SWO"
NET SWs_BBIts_TRI_10[3] LOC = H21 | IOSTANDARD=LVCMOSS33; # "SWO"
NET SWs_BBIts_TRI_10[5] LOC = H18 | IOSTANDARD=LVCMOSS3; # "SWO"
NET SWs_BBIts_TRI_10[6] LOC = H17 | IOSTANDARD=LVCMOSS3; # "SWS"
NET SWs_BBIts_TRI_10[6] LOC = H17 | IOSTANDARD=LVCMOSS3; # "SWS"
NET SWs_BBIts_TRI_10[6] LOC = H17 | IOSTANDARD=LVCMOSS3; # "SWS"
NET SWs_BBIts_TRI_10[6] LOC = H17 | IOSTANDARD=LVCMOSS3; # "SWS"
NET SWs_BBIts_TRI_10[6] LOC = H17 | IOSTANDARD=LVCMOSS3; # "SWS"
NET SWs_BBIts_TRI_10[6] LOC = H17 | IOSTANDARD=LVCMOSS3; # "SWS"
NET SWs_BBIts_TRI_10[6] LOC = H17 | IOSTANDARD=LVCMOSS3; # "SWS"
```

Note: On every line, if the Base System Builder wizard did not load, you will have to replace "\_TRI\_IO" with "\_GPIO\_IO\_pin" for all the switch and button lines, and "\_GPIO\_IO\_O\_pin" for all the LED lines.

Our hardware design is complete. Compile it and prepare for software design with:

- Tab Flow Navigator (Left) → Program and Debug → Generate Bitstream. This takes a while, and is done in 3 stages: Synthesis, Implementation, and Bitgen. If any stage succeeds, it does not need to be repeated on an error.
- Sources Tab (Top Center)  $\rightarrow$  Design Sources  $\rightarrow$  processor\_subsystem\_stub STRUCTURE  $\rightarrow$  RC processor\_subsystem\_i processor\_subsystem (processor\_subsystem.xmp)  $\rightarrow$  Export Hardware for SDK...  $\rightarrow$  Launch SDK: checked  $\rightarrow$  OK

Note: If you see any of the following error messages, they are safe to ignore:

```
[Constraints 18-5]
Cannot loc instance 'processing_system7_0_PS_PORB_IBUF' at site B5, Site location is not valid
["C:/TrustZone/TrustZone.srcs/sources_1/edk/processor_subsystem/implementation/processor_subsystem_processing_system7_0_wrapper.ncf":157]
[Constraints 18-5]
Cannot loc instance 'processing_system7_0_PS_SRSTB_IBUF' at site C9, Site location is not valid
["C:/TrustZone/TrustZone.srcs/sources_1/edk/processor_subsystem/implementation/processor_subsystem_processing_system7_0_wrapper.ncf":158]
[Constraints 18-5]
Cannot loc instance 'processing_system7_0_PS_CLK_IBUF' at site F7, Site location is not valid
["C:/TrustZone/TrustZone.srcs/sources_1/edk/processor_subsystem/implementation/processor_subsystem_processing_system7_0_wrapper.ncf":159]
```

If everything was done correctly, and you set up your Messages tab to only show critical warnings, your PlanAhead window should resemble figure 3.

# 2 Software Design

The remainder of the design will be done in the Xilinx Software Development Kit (XSDK).

## **XSDK**

We will first need to configure the ZedBoard so that we can program it. To make sure that it is properly configured, we will use a simple program which will access some of the ZedBoard's peripheral hardware:

- TM File  $\rightarrow$  New  $\rightarrow$  Application Project
- Project name: normal\_world  $\rightarrow$  finish
- Tab Project Explorer (left)  $\rightarrow$  normal\_world  $\rightarrow$  src  $\rightarrow$  DC helloworld.c
- $\bullet$  Tab helloworld.c (Top)  $\to$  Replace the contents of helloworld.c with the following:

```
#include <stdio.h>
#include "platform.h"
#include "xil_types.h"
#include "xil_types.h"
#include "xparameters.h"
#include "tzac.h"
#include "tzac.h"
#define LED_CHANNEL 1
#define CYCLE_RATE 76 /* calculated by hand, cycles/us */
#define LED_DELAY(x) (x * CYCLE_RATE) /* cycles in x us */
typedef enum_LED_DIR
{
    LED_DIR_UP.
```



Figure 3: Successfully Generated Bitstream

```
LED_DIR_DOWN
} LED_DIR;
XGpio Gpio; /* The Instance of the GPIO Driver */
XScuGic InterruptController; /* Instance of the Interrupt Controller */
static XScuGic_Config *GicConfig;/* The configuration parameters of the
controller */
volatile int irq_triggered = 0;
void irq_handler(void *callbackarg)
     static char *buff = "contents: 0x00000000 r\n"; static size_t len = 24;
     \label{lem:contents: 0xx08X} snprintf ( buff, len, "contents: 0xx08X\r\n", (unsigned) TZAC_mReadSlaveRegO() \\
     print(buff):
     TZAC_mWriteSlaveReg1("0x00000002");
     void *callbackarg = &InterruptController;
     init platform();
     /* AXI Led GPIO Initialization */
if(XST_SUCCESS != XGpio_Initialize(&Gpio, XPAR_LEDS_8BITS_DEVICE_ID))
          return XST FAILURE:
     /* Initialize the interrupt controller driver so that it is ready to use. */
     if ( NULL == (GicConfig = XScuGic_LookupConfig(XPAR_PS7_SCUGIC_0_DEVICE_ID)) )
         return XST_FAILURE;
     return XST_FAILURE;
    /* Enable interrupts in the ARM */
Xil_ExceptionEnable();
     /* Connect a device driver handler that will be called when an
interrupt for the device occurs, the device driver handler performs
```

```
the specific interrupt processing for the device */
if (XST_SUCCESS != XScuGic_Connect (
    &InterruptController, TZAC_INTERRUPT_ID, irq_handler, callbackarg
            return XST_FAILURE;
      /* Enable the interrupt for the device and then cause (simulate) an
interrupt so the handlers will be called */
XScuGic_Enable (&InterruptController, TZAC_INTERRUPT_ID);
     return 0;
/**
    * Cycles an LED once and waits the specified delay
int chase_leds()
      static LED_DIR dir = LED_DIR_UP;
static u32 pattern = 0x00000001;
u32 i = 0;
      XGpio_DiscreteWrite(&Gpio, (unsigned) LED_CHANNEL, pattern);
      pattern = dir == LED_DIR_UP ? pattern << 1 : pattern >> 1;
dir = pattern >= 0x00000080
  ? LED_DIR_DOWN
            : pattern <= 0x00000001
? LED_DIR_UP
      : dir;
if (pattern >= 0x00000080)
            TZAC_mWriteSlaveReg1(0x00000000);
            snprintf (
                       f (
buff, len, "contents: 0x%08X\r\n",
(unsigned) TZAC_mReadSlaveReg1()
           print(buff);
      while (++i < LED_DELAY(100000));
      return 0;
int main()
      if (init())
          return 1;
      while (! (irq_triggered || chase_leds()) );
     cleanup_platform();
return 0;
```

- Tab Project Explorer (left)  $\rightarrow$  normal\_world  $\rightarrow$  RC src  $\rightarrow$  Import...
- Tab (Center)  $\rightarrow$  General  $\rightarrow$  File System  $\rightarrow$  Next

/\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*

- Browse  $\rightarrow$  (your working directory)  $\rightarrow$  TrustZone  $\rightarrow$  TrustZone.srcs  $\rightarrow$  sources\_1  $\rightarrow$  edk  $\rightarrow$  drivers  $\rightarrow$  tzac\_v1\_00\_a  $\rightarrow$  src  $\rightarrow$  OK
- Tab (Right)  $\rightarrow$  tzac.h: checked  $\rightarrow$  Finish
- Tab Project Explorer (left)  $\rightarrow$  normal\_world  $\rightarrow$  src  $\rightarrow$  DC tzac.h
- Tab tzac.h (Center)  $\rightarrow$  replace the contents of tzac.h with the following:

```
/**

**Filename: C:\Users\sean\Work\TrustZone\TrustZone.srcs\sources_1\edk\processor_subsystem/drivers/tzac_v1_00_a/src/tzac.h

**Version: 1.00.a

**Description: tzac Driver Header File

**Date: Fri Sep 20 09:10:42 2013 (by Create and Import Peripheral Wizard)
#ifndef TZAC H
#include "xbasic_types.h"
#include "xstatus.h
#include "xil_io.h"
#define TZAC_BASE_OFFSET 0x6E800000
#define TZAC_INTERRUPT_ID 91
 * User Logic Slave Space Offsets

* - SLV_REG0 : user logic slave module register 0

* - SLV_REG1 : user logic slave module register 1

* - SLV_REG2 : user logic slave module register 2
#define TZAC_USER_SLV_SPACE_OFFSET (0x00000000)
#define TZAC_SLV_REGO_OFFSET (TZAC_USER_SLV_SPACE_OFFSET + 0x0000000)
#define TZAC_SLV_REGI_OFFSET (TZAC_USER_SLV_SPACE_OFFSET + 0x00000004)
#define TZAC_SLV_REG2_OFFSET (TZAC_USER_SLV_SPACE_OFFSET + 0x00000008)
/**
    * Software Reset Space Register Offsets
    * -- RST : software reset register
    */
#define TZAC_SOFT_RST_SPACE_OFFSET (0x00000100)
#define TZAC_RST_REG_OFFSET (TZAC_SOFT_RST_SPACE_OFFSET + 0x00000000)
 * Software Reset Masks

* -- SOFT_RESET : software reset
#define SOFT_RESET (0x0000000A)
```

```
/******** Macros (Inline Functions) Definitions *************
 * Write a value to a TZAC register. A 32 bit write is performed.
* If the component is implemented in a smaller width, only the least
* significant data is written.
   @param Reg is the register to write to.
@param Data is the data written to the register.
  * @return None.
 * WHOLE

* C-style signature:

* void TZAC_mWriteReg(Xuint32 BaseAddress, unsigned RegOffset, Xuint32 Data)
#define TZAC_mWriteReg(Reg, Data) \
Xi1_Out32((TZAC_BASE_OFFSET) + (Reg * 0x04), (Xuint32)(Data))
 *
Read a value from a TZAC register. A 32 bit read is performed.

* If the component is implemented in a smaller width, only the least

* significant data is read from the register. The most significant data
   @param Reg is the register to write to.
   Oreturn Data is the data from the register.
  * Xuint32 TZAC_mReadReg(Xuint32 BaseAddress, unsigned RegOffset)
#define TZAC_mReadReg(Reg) \
Xil_In32((TZAC_BASE_OFFSET) + (Reg * 0x04))
 *
* Write/Read 32 bit value to/from TZAC user logic slave registers.
  * @param Value is the data written to the register
   Oreturn Data is the data from the user logic slave register.
  * void TZAC_mWriteSlaveRegn(Xuint32 BaseAddress, unsigned RegOffset, Xuint32 Value)

* Xuint32 TZAC_mReadSlaveRegn(Xuint32 BaseAddress, unsigned RegOffset)
#define TZAC_mWriteSlaveRegO(Value) \
Xi1_Out32((TZAC_BASE_OFFSET) + (TZAC_SLV_REGO_OFFSET), (Xuint32)(Value))
#define TZAC_mWriteSlaveReg1(Value) \
   Xil_Out32((TZAC_BASE_OFFSET) + (TZAC_SLV_REG1_OFFSET), (Xuint32)(Value))
#define TZAC_mWriteSlaveReg2(Value) \
Xi1_Out32((TZAC_BASE_OFFSET) + (TZAC_SLV_REG2_OFFSET), (Xuint32)(Value))
#define TZAC_mReadSlaveRegO() \
  Xil_In32((TZAC_BASE_OFFSET) + (TZAC_SLV_REGO_OFFSET))
#define TZAC_mReadSlaveReg1() \
   Xil_In32((TZAC_BASE_OFFSET) + (TZAC_SLV_REG1_OFFSET))
  define TZAC_mReadSlaveReg2() \
Xil_In32((TZAC_BASE_OFFSET) + (TZAC_SLV_REG2_OFFSET))
 * Reset TZAC via software.
  * @return None.
  Xi1_Out32((TZAC_BASE_OFFSET)+(TZAC_RST_REG_OFFSET), SOFT_RESET)
\boldsymbol{*} * Run a self-test on the driver/device. Note this may be a destructive test if
  * resets of the device are performed.
  ^{*} If the hardware system is not built correctly, this function may never \ast return to the caller.
  * @param baseaddr_p is the base address of the TZAC instance to be worked on.
  * @return
     - XST_SUCCESS if all self-test code passed
- XST_FAILURE if any self-test code failed
             Caching must be turned off for this function to work.
Self test may fail if data memory and device are not on the same bus.
XStatus TZAC_SelfTest(void * baseaddr_p);
/**

* Defines the number of registers available for read and write*/
#define TEST_AXI_LITE_USER_NUM_REG 3
#endif /** TZAC H */
```

• Tab tzac.h (Center)  $\rightarrow$  Toward the beginning after it says "Constant Definitions" (line 19), replace the value of TZAC\_BASE\_OFFSET with the address that was in XPS: Tab System Assembly View (Bottom): Tab Addresses (Top): tzac\_0: Base Address, when you were working in XPS earlier. If you did not make a note of this address, you can get into XPS from PlanAhead with Tab Sources (Top Center)  $\rightarrow$  Design Sources  $\rightarrow$  processor\_subsystem\_stub - STRUCTURE  $\rightarrow$  DC processor\_subsystem\_i - processor\_subsystem .

- Tab tzac.h (Center) → Toward the beginning after it says "Constant Definitions" (line 20), replace the value of TZAC\_INTERRUPT\_ID with the value you were asked to remember just after clicking the Blue arrow while hooking up the tzac's interrupt port in the XPS section earlier. 91 is a reasonable value. If you do not remember this value, you can find it in XPS → Tab System Assembly View (Bottom) → Tab Ports (Top) → tzac\_0 → IRQ : Connected Port → click the pencil.
- Tab Project Explorer (left)  $\rightarrow$  RC normal\_world  $\rightarrow$  Generate Linker Script
- Generate
- If a popup saying "Linker Script Already Exists!" appears, Yes
- Refer to the instructions at http://redmine.ais/projects/trustpwn/wiki/Wiki#Accessing-the-ZedBoard and put the ZedBoard in the JTAG configuration
- TM Xilinx Tools  $\rightarrow$  Program FPGA
- (assuming your working directory is C:), Bitstream:
  - C:\TrustZone\TrustZone.runs\impl\_1\processor\_subsystem\_stub.bit
  - $\rightarrow$  Program
- Tab Project Explorer (Left)  $\rightarrow$  RC normal\_world  $\rightarrow$  Run As  $\rightarrow$  Run Configurations...
- Tab (Left)  $\rightarrow$  DC Xilinx C/C++ ELF  $\rightarrow$  Run

After a little while, you should see "system start up" in your terminal emulator window, and LEDs 0-7 should start scanning back and forth, as shown in figure 4. If you change helloworld line 105 from "TZAC\_mWriteSlaveReg1(0x000000000);" to "TZAC\_mWriteSlaveReg1(0xFFFFFFFF);", you should see the LED make a half cycle and stop, and you should see "interrupt acknowledged" and "contents: 0xFFFFFFFF" in the terminal emulator. This lets you know that your hardware interrupt from your peripheral worked properly.



Figure 4: Successfully Configured Board

Next we will create the First-Stage Boot Loader (FSBL). This is the very first program that the ARM chip will run. We will for the time being configure this to run our LED test program.

- TM File  $\rightarrow$  New  $\rightarrow$  Application Project
- Project name:  $fsbl \rightarrow Tab Target Software (Bottom)$ 
  - $\rightarrow$  Board Support Package: Use existing: normal\_world\_bsp  $\rightarrow$  Next
- Tab Available Templates (Left)  $\rightarrow$  Zynq FSBL  $\rightarrow$  Finish
- Optional, since we will get rid of normal\_world later

- Tab Project Explorer (Left)  $\rightarrow$  RC normal\_world\_bsp  $\rightarrow$  Rename
- New name: trustzone\_bsp  $\rightarrow$  OK
- Tab Project Explorer (Left)  $\rightarrow$  RC fsbl  $\rightarrow$  Change Referenced BSP
- trustzone\_bsp  $\rightarrow$  OK
- Tab Project Explorer (Left)  $\rightarrow$  RC normal\_world  $\rightarrow$  Change Referenced BSP
- trustzone\_bsp  $\rightarrow$  OK
- Tab Project Explorer (Left)  $\rightarrow$  fsbl  $\rightarrow$  src  $\rightarrow$  DC lscript.ld
- Tab Project Explorer (Left)  $\rightarrow$  processor\_subsystem\_hw\_platform  $\rightarrow$  DC system.xml
- Tab Summary (Center Bottom) → Tab lscript.ld (Center Top) → Add Memory... (may have to scroll right to see this button)
- Tab Summary (Center Bottom)  $\rightarrow$  Tab system.xml (Center Top)  $\rightarrow$  Address Map for processor ps7\_cortexa9\_0 : ps7\_ddr\_0 : Copy these two hexadecimal addresses down. We will refer to them as DDR\_START\_ADDRESS and DDR\_END\_ADDRESS.
- Tab Summary (Center Bottom)  $\rightarrow$  Tab lscript.ld (Center Top)  $\rightarrow$  Available Memory Regions: newMemory2: change this to ps7\_ddr\_0\_S\_AXI\_BASEADDR
- Note: you can copy these next two values from the lscript.ld file for normal\_world. They are being pulled from system.xml to avoid name confusion, for instructive purposes, and so you will not need to compile a "hello world" package first in the future.
- Tab Summary (Center Bottom)  $\rightarrow$  Tab lscript.ld (Center Top)  $\rightarrow$  Available Memory Regions: ps7\_ddr\_0\_S\_AXI\_BASEADDR : Base Address : DDR\_START\_ADDRESS
- Tab Summary (Center Bottom) → Tab Iscript.ld (Center Top) → Available Memory Regions: ps7\_ddr\_0\_S\_AXI\_BASEADDR
   : Size: DDR\_END\_ADDRESS DDR\_START\_ADDRESS + 1. Example: if DDR\_END\_ADDRESS = 0x1FFFFFFF
   and DDR\_START\_ADDRESS = 0x00100000, then you would fill in 0x1FF0000.
- TM Xilinx Tools  $\rightarrow$  Create Zynq Boot Image
- Refer to the instructions at http://redmine.ais/projects/trustpwn/wiki/Wiki#Accessing-the-ZedBoard and put the ZedBoard in the Quad-SPI configuration
- $\bullet$  TM Xilinx Tools  $\to$  Program Flash
- Image File: C:/TrustZone/TrustZone.bootgen/normal\_world.mcs  $\rightarrow$  Offset:  $0x000000000 \rightarrow$  Verify after flash: checked  $\rightarrow$  Program (this takes a while)
- (Optional) Physically unplug your JTAG cable from the ZedBoard
- Physically power cycle the ZedBoard

If everything worked correctly, you should again get the output you received in figure 4. Now we will attempt to shift responsibility for the LED scanning back-and-forth to the second processor.