8.4.7.2 Encryption Behavior
| ID_TZAESB_S Security Bit Setting in TZPM | ID_TZAESB_NS Security Bit Setting in TZPM | Non-Secure Access to TZAESB_S User Interface | Non-Secure Access to TZAESB_NS User Interface | Non-Secure Memory Access through TZAESB | Secure Memory Access through TZAESB | Encryption Behavior |
|---|---|---|---|---|---|---|
| Secure | Non-secure | Denied | Accepted | Accepted; taking non-secure path; accesses to secure regions will be denied by TZC-400 | Accepted; only the accesses to secure regions take secure path | Secure regions encrypted with TZAESB_S key; non-secure regions encrypted with TZAESB_NS key |
| Secure world can decrypt regions encrypted by Non-secure world even if keys differ. | ||||||
| Secure | Secure | Denied | Denied | Denied (response error) | Accepted only when targeting secure region(1) | Secure regions encrypted with improved bandwidth (TZAESB_S and TZAESB_NS keys must match) |
| Non-secure | Non-secure | Accepted | Accepted | Accepted | Accepted | All regions encrypted with improved bandwidth (TZAESB_S and TZAESB_NS keys must match); Secure world can decrypt regions encrypted by Non-secure world as keys match. |
| Non-secure | Secure | NA | NA | NA | NA | Forbidden mode (not programmable) |
Note:
- Because the TZAESBASC converts secure accesses to non-secure accesses when the target address is in a non-secure region, the TZAESB denies the access if both security bits are secure.