8.5.3 Functional Description

The TrustZone Peripheral Manager (TZPM) controls whether the Non-secure world is allowed to access a peripheral or not. For peripherals with a system bus host interface, the TZPM also controls the security of host accesses emitted by these peripherals.

The peripheral access is controlled by a dedicated security bit. The index of this bit is equal to the peripheral ID, with bit values:

  • 0: Peripheral is secure (cannot be accessed by Non-secure world).
  • 1: Peripheral is not secure.

Some exceptions apply, see Exceptions.

128 security bits, controlling up to 128 peripherals, are organized in the Peripheral ID registers (TZPM_PIDRx). These registers can be written only if the Key register (TZPM_KEY) is written with the correct key.

  • For Always Secure (AS) peripherals, the corresponding bit value is 0 and read-only.
  • For Never Secure (NS) peripherals, the corresponding bit value is 1 and read-only.
  • For Programmable secure peripherals (PS), the corresponding bit value is 0 (Secure) after reset and can be modified.

For information on security management of peripherals, refer to the table “Peripheral Identifiers”.