Features
P5020 QorIQ Communications Processor Product Brief, Rev. 1
Freescale Semiconductor 25
4-Kbyte granularity); other CPU MMUs are not configured for access to the other CPU’s private memory
range. When two CPUs need to share resources, their MMUs are both configured so that they have access
to the shared address range.
This level of hardware support for partitioning is common today, however, it is not sufficient for many core
systems running diverse software. When the functions of multiple discrete CPUs are consolidated onto a
single, multicore SoC, achieving strong partitioning should not require the developer to map functions onto
cores that are the exclusive owners of specific platform resources. The alternative, a fully open system with
no private resources, is also unacceptable. For this reason, the core MMU also includes embedded
Hypervisor extensions.
Each core MMU supports three levels of instructions:
• User
• Supervisor (OS)
• Hypervisor: An embedded Hypervisor micro-kernel (provided by Freescale as source code) runs
unobtrusively beneath the various OSes running on the CPUs, consuming CPU cycles only when
an access attempt is made to an embedded Hypervisor-managed shared resource.The embedded
Hypervisor determines whether the access should be allowed, and if so, proxies the access on
behalf of the original requestor. If malicious or poorly tested software on any core attempts to
overwrite important P5020 configuration registers (including CPU MMUs), the embedded
Hypervisor blocks the write. Other examples of embedded Hypervisor managed resources are
high- and low-speed peripheral interfaces (PCIe, UART) if those resources are not dedicated to a
single CPU/partition.
3.10.3 Peripheral Access Management Unit (PAMU)
The P5020 includes a distributed function collectively referred to as the peripheral access management unit
(PAMU), which provides address translation and access control for all bus masters in the system (PME,
SEC, FMan, and so on). The PAMU access control can be one of the following:
• Absolute—The FMan, PME, SEC, and other bus masters can never access memory range XYZ.
• Conditional—Based on the Partition ID of the CPU that programmed the bus master
Being MMU-based, the embedded Hypervisor is only able to stop unauthorized software access attempts.
Internal components with bus mastering capability also need to be prevented from reading and writing to
specific memory regions. These devices do not spontaneously generate access attempts, but, if
programmed to do so by buggy or malicious software, any of them could overwrite sensitive configuration
registers and crash the system.
3.10.4 Secure Boot and Sensitive Data Protection
The core MMUs and PAMU allow the device to enforce a consistent set of memory access permissions on
a per-partition basis. When combined with embedded Hypervisor for safe sharing of resources, the P5020
becomes highly resilient when poorly tested or malicious code is run. For system developers building high
reliability/high security platforms, rigorous testing of code of known origin is the norm.