8.4.3.1 Function
The TrustZone Peripheral Manager (TZPM) controls the access permissions to peripherals (in other words, whether or not the Non-secure world is allowed to access the peripherals). For peripherals with a bus host interface, the TZPM controls at the same time the security of host accesses transmitted by these peripherals.
The permission for each peripheral access is controlled by a dedicated security bit, the index of which is equal to the peripheral ID (unless Exceptions apply) with:
- 1: Peripheral is not secure
- 0: Peripheral is secure (cannot be accessed by Non-secure world)
128 security bits, controlling up to 128 peripherals, are organized in four registers (TZPM_PIDR0 to 3). Each register can be written if TZPM_KEY is written previously with the correct key.
- For Always Secure (AS) peripherals, the corresponding bit value is 0 and read-only.
- For Never Secure (NS) peripherals, the corresponding bit value is 1 and read-only.
- For Programmable Secure (PS) peripherals, the corresponding bit value is 0 (Secure) after reset and can be modified.
For details, see TZPM registers, Peripheral Clocks and Security and the table Peripheral Identifiers.