2.2.4 TrustZone Security Management
The device architecture embeds several mechanisms for system TrustZone configuration:
- Core security extensions,
- TrustZone Peripheral Manager (TZPM) for peripheral configuration,
- TrustZone registers in the AHB matrix (MATRIX) for host configuration and memory configuration (except for DDR),
- TrustZone Address Space Controller (TZC) based on Arm TZC-400 modules for DDR access configuration,
- TrustZone AESB Address Space Controller (TZAESBASC) for on-the-fly encrypted memory zone access,
Important: The above TrustZone management mechanisms use separate configuration
interfaces. Some memories or IPs may be configured by many of those mechanisms. In such
case, consistency must be ensured between configurations.
| Security Location | ||
|---|---|---|
| CA7 | Host | Supervisor mode or CP15 |
| OTPC | Host | AS |
| XDMAC0 | Host | XDMAC0 |
| XDMAC1 | Host | XDMAC1 |
| XDMAC2 | Host | XDMAC2 |
| GMAC0 | Host | TZPM |
| GMAC1 | Host | TZPM |
| SDMMC0 | Host | TZPM |
| SDMMC1 | Host | TZPM |
| SDMMC2 | Host | TZPM |
| MCAN0 | Host | TZPM |
| MCAN1 | Host | TZPM |
| MCAN2 | Host | TZPM |
| MCAN3 | Host | TZPM |
| MCAN4 | Host | TZPM |
| ICM | Host | TZPM |
| UDPHSA_DMA | Host | TZPM |
| UDPHSB_DMA | Host | TZPM |
| OHCI_DMA | Host | TZPM |
| EHCI_DMA | Host | TZPM |
| TZAESB | Host | TZAESBASC |
| GPU2DC | Host | TZPM |
| LCDC | Host | TZPM |
| UDDRC_P0 | Client | TZC |
| UDDRC_P1 | Client | TZC |
| UDDRC_P2 | Client | TZC |
| UDDRC_P3 | Client | TZC |
| UDDRC_P4 | Client | TZC |
| OTPC | Client | AS |
| CPKCC | Client | AS |
| APB1 | Client | TZPM |
| APB2 | Client | TZPM |
| APB3 | Client | TZPM |
| APB4 | Client | TZPM |
| APB[10:7], APB5 | Client | AS |
| APB6 | Client | TZPM |
| QSPI0 | Client | MATRIX |
| QSPI1 | Client | MATRIX |
| TZAESB | Client | TZAESBASC - TZPM |
| SRAM_P0 | Client | MATRIX |
| SRAM_P1 | Client | MATRIX |
| EBI | Client | MATRIX |
| NFC_CMD | Client | MATRIX |
| NFC_RAM | Client | MATRIX |
| OHCI_EHCI_REGS | Client | MATRIX |
| USB_RAM | Client | MATRIX |