8.4.3.4 Bus Hosts

The security bits set in the TZPM control the security of bus accesses generated by the hosts. For example, if the security bit of ID_GMAC0 is set to secure, GMAC0 will perform secure host accesses on the bus. It is not possible to have different permission levels on the user (client) interface and on the host interface. Peripherals are either only accessible by the Secure world and generate secure host accesses, or are accessible by all worlds and generate Non-secure host accesses.

Note:
  1. As any peripheral, TZPM has a dedicated peripheral ID with a corresponding security bit controlled in TZPM_PIDR registers. However, TZPM is Always Secure, so this bit is read 0, read-only.
  2. Some “interrupt only” type peripheral IDs may be greater than 127 (which is the maximum ID TZPM can control). All peripherals with a user interface have an ID number below 127 in order to be controllable by TZPM.
  3. The security bit value of peripheral IDs can conflict with the security level of interrupt IDs. In this case, the security level of the peripheral prevails. Remember that the security bit value information is not very important for interrupts since there is no hardware mechanism using the security bit to route the interrupts to Secure or Non-secure worlds. Interrupt security is entirely controlled by GIC programming.
Peripheral ID Type Security
ID_TZPM User interface Always Secure