8.4.4.1 Region Access Filtering

A region is a contiguous area in the address space with a defined start and end. Each region has a security level setting. A bus access must meet this security level to be given access to the required resource.

The access permissions are configurable for each region.

The TZC supports nine regions:

• Region 0 is partially programmable
• Regions 1..8 are fully programmable

The filter units perform security checking when a system bus host tries to access the memory region of a system bus client. The filter units share the same control unit but operate independently from each other.

Region 0 is the default region. It covers any memory space that is not part of another region.

The region security check can be enabled or disabled by software. This may be done independently for each filter unit.