AR# 52017


Zynq-7000 SoC, Security - Register Initialization During BootROM Handover Does Not Error on Illegal Addresses


The boot image can contain address-data pairs that initialize control registers during the BootROM handover to user code. Unintended access to illegal addresses is enabled.


When a boot image address-data pair writes outside of its subset of addresses, the system generates a lockdown situation and a BootROM error code to generated.

The registers that are accessible during the handover depends on the boot mode (secure versus non-secure) and the device revision as shown in the table.

Boot ModeAllowed Addresses:
7z020 CES

7z045 CES
Allowed Addresses:
Design intention
Non-SecureE000_0000 to F800_6FFF

E000_1000 to E000_1FFF
E000_D000 to E000_EFFF  

E010_0004 to E010_0FFF  
(except not E010_0058)  

F800_0100 to F800_01B0
F800_01B4 to F800_01FF
F800_0204 to F800_0234
F800_0304 to F800_0834
F800_0A00 to F800_0A8C
F800_0AB0 to F800_0B74

F800_8000 to FFEF_FFFFF800_6000 to F800_6FFF
SecureF800_0100 to F800_01B4F800_0100 to F800_01AF
AR# 52017
Date 06/13/2018
Status Active
Type Design Advisory
People Also Viewed