53.4.1 Operating Modes
To define a region in the address memory space which will be accessed through the TrustZone AES Bridge, the user must write the base address in the Region Base Address register and the top address in the Region Top Address register (see TZAESBASC_RBARx and TZAESBASC_RTARx). Bits [11:0] of these registers are discarded and always read at 0 because the size granularity of a region is 4 Kbytes.
Then, the user must define the security attribute of the region by writing the Region Security register (see TZAESBASC_RSECR). If the region is “non-secure” and is accessible by both the “secure world” and the “normal world”, then the corresponding SEC bit must be written to 1. If the region is “secure” and is accessible by the “secure-world” only, then the SEC bit must be written to 0. The programmed security attribute must match the one programmed in the MMU (Memory Management Unit) of the CPU.
Once the Region Address and Region Security registers are written, the region can be enabled by writing 1 in the corresponding bit of the Region Enable register (see TZAESBASC_RER). To ensure address consistency, only one region can be enabled at a time. Writing more than one bit at 1 in TZAESBASC_RER has no effect.
The region is disabled by writing 1 in the corresponding bit of the Region Disable register (see TZAESBASC_RDR). Disabling a region resets all related information of this region. The corresponding memory areas are automatically cleared.
Because the synchronization of the TZAESBASC Address Managers can take time, the enable/disable of the region may not be immediate. The corresponding Enable Status (ES) bit in the Region Status register (see TZAESBASC_RSR) must be polled to wait for the effective enable/disable of the region. The configuration status can also be checked by reading the Region Synchronization Status register (see TZAESBASC_RSSR).
If a region base address and top address are not consistent (i.e., if the top address is lower than or equal to the base address), if a region memory space overlaps another enabled region, or if the region memory space is not reachable by the TrustZone AES bridge, the corresponding AER error bit in the Region Error Status register is set to 1 (see TZAESBASC_RESR). Bit AER is cleared after the read of TZAESBASC_RESR.