For SXP the source can be any L3 address on the 4500. Typically though, it would be highly recommended to use a loopback interface as the source. The SUP7/SUP8 will always make the enforcement decisions regardless of having receive tagged traffic or untagged traffic where SXP will be used to determine the SRC/DST SGT.
The Supervisor interfaces may also be configured and used for inline tagging. This is especially the case if there are no other TrustSec capable (for inline tagging) linecards in the chassis. Only the WS-X47XX linecards support inline tagging. They can be used in addition to the SUP interfaces or by themselves for inline tagging connectivity.
Note though that any other linecard may be used for host connectivity, and although they can't be used for inline tagging, intra-chassis SGACL enforcement is still possible between hosts connected to these ports.
The Platform Matrix can be found here:
http://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise-networks/trustsec/platform-capability-matrix.pdf
Mike