Zynq System-on-Chip DMA Messaging for Processor Monitoring

Xilinx Zynq-7000 System-on-Chip architectures combine an ARM Cortex-A9 core with an FPGA fabric. One benefit of this hybrid architecture is that it allows fast prototyping of designs where the security of either the processing system (PS) is monitored by the programmable logic (PL) or vice versa. The choice of implementing a design in the PS or PL is driven by cost-to-benefit analysis across many factors. This effort examines the design process required to construct security monitoring designs that use both the PS and PL. For background, this effort reviews similar security monitoring projects. For the effort, a PL peripheral was implemented to handle data transfer. This peripheral implements the AXI-Stream protocol and allows FIFO behavior but can be modified to allow processing on incoming and outgoing data. The design passes testing in simulation but does not always pass testing when implemented on physical hardware and monitored with the System ILA. Failure was attributed to unknown aspects of the synthesis and implementation process, coupled with the interaction of the System ILA. Two avenues of further research are 1) the monitoring of a softcore processor using software on the Zynq ARM Cortex-A9 core; or, 2) alternately, utilizing the FPGA fabric to monitor CoreSight trace output from the ARM Cortez-A9 core with the goal of coupling either trace system to a machine-learning based malware detection system. If further research is successful, it would enable dynamic analysis of processor execution for the purpose of malware detection and be suitable for embedded system use. One barrier to a dynamic analysis system of this type is the bandwidth of the AXI system, trace information size, and the relative clock rates of the PS and PL. To handle this barrier, dynamic monitoring systems will use only a subset of the real-time data and adjust clock rates of the system design.