8.4.3.1 Function

The TrustZone Peripheral Manager (TZPM) controls the access permissions to peripherals (in other words, whether or not the Non-secure world is allowed to access the peripherals). For peripherals with a bus host interface, the TZPM controls at the same time the security of host accesses transmitted by these peripherals.

The permission for each peripheral access is controlled by a dedicated security bit, the index of which is equal to the peripheral ID (unless Exceptions apply) with:

• 1: Peripheral is not secure
• 0: Peripheral is secure (cannot be accessed by Non-secure world)

128 security bits, controlling up to 128 peripherals, are organized in four registers (TZPM_PIDR0 to 3). Each register can be written if TZPM_KEY is written previously with the correct key.

• For Always Secure (AS) peripherals, the corresponding bit value is 0 and read-only.
• For Never Secure (NS) peripherals, the corresponding bit value is 1 and read-only.
• For Programmable Secure (PS) peripherals, the corresponding bit value is 0 (Secure) after reset and can be modified.

For details, see TZPM registers, Peripheral Clocks and Security and the table Peripheral Identifiers.