8.4 TrustZone Security Management

The device architecture embeds several mechanisms for system TrustZone configuration:

Core security extensions
TrustZone Peripheral Manager (TZPM) for peripheral configuration
TrustZone registers in the AHB matrix (MATRIX) for host configuration and memory configuration (except for DDR)
TrustZone Address Space Controller (TZC) based on Arm TZC-400 modules for DDR access configuration
TrustZone AESB Address Space Controller (TZAESBASC) for on-the-fly encrypted memory zone access

Important: The above TrustZone management mechanisms use separate configuration interfaces. Some memories or IPs may be configured by many of those mechanisms. In such case, consistency must be ensured between configurations.

Table 8-9. Security Management
Security Location
CA7	Host	Supervisor mode or CP15
OTPC	Host	AS
XDMAC0	Host	XDMAC0
XDMAC1	Host	XDMAC1
XDMAC2	Host	XDMAC2
GMAC0	Host	TZPM
GMAC1	Host	TZPM
SDMMC0	Host	TZPM
SDMMC1	Host	TZPM
SDMMC2	Host	TZPM
MCAN0	Host	TZPM
MCAN1	Host	TZPM
MCAN2	Host	TZPM
MCAN3	Host	TZPM
MCAN4	Host	TZPM
ICM	Host	TZPM
UDPHSA_DMA	Host	TZPM
UDPHSB_DMA	Host	TZPM
OHCI_DMA	Host	TZPM
EHCI_DMA	Host	TZPM
TZAESB	Host	TZAESBASC
GPU2DC	Host	TZPM
LCDC	Host	TZPM
UDDRC_P0	Client	TZC
UDDRC_P1	Client	TZC
UDDRC_P2	Client	TZC
UDDRC_P3	Client	TZC
UDDRC_P4	Client	TZC
OTPC	Client	AS
CPKCC	Client	AS
APB_PSSMUX	Client	TZPM
APB_PSS1	Client	TZPM
APB_PSS2	Client	TZPM
APB_PSS3	Client	TZPM
APB_SYS	Client	AS
APB_HSS	Client	TZPM
QSPI0	Client	MATRIX
QSPI1	Client	MATRIX
TZAESB	Client	TZAESBASC - TZPM
SRAM_P0	Client	MATRIX
SRAM_P1	Client	MATRIX
EBI	Client	MATRIX
NFC_CMD	Client	MATRIX
NFC_RAM	Client	MATRIX
OHCI_EHCI_REGS	Client	MATRIX
USB_RAM	Client	MATRIX