8.5.3 Functional Description
The TrustZone Peripheral Manager (TZPM) controls whether the Non-secure world is allowed to access a peripheral or not. For peripherals with a system bus host interface, the TZPM also controls the security of host accesses emitted by these peripherals.
The peripheral access is controlled by a dedicated security bit. The index of this bit is equal to the peripheral ID, with bit values:
- 0: Peripheral is secure (cannot be accessed by Non-secure world).
- 1: Peripheral is not secure.
Some exceptions apply, see Exceptions.
128 security bits, controlling up to 128 peripherals, are organized in the Peripheral ID registers (TZPM_PIDRx). These registers can be written only if the Key register (TZPM_KEY) is written with the correct key.
- For Always Secure (AS) peripherals, the corresponding bit value is 0 and read-only.
- For Never Secure (NS) peripherals, the corresponding bit value is 1 and read-only.
- For Programmable secure peripherals (PS), the corresponding bit value is 0 (Secure) after reset and can be modified.
For information on security management of peripherals, refer to the table “Peripheral Identifiers”.