8.4.1 Description
The TrustZone Address Space Controller (TZC) performs security checks on transactions to DDR memory and filters bus accesses from the system bus hosts to the DDR memory controller.
A filter relates to a DDR memory controller port and a system bus port, while a region is part of the memory space.
| TZC Controller | TZC Filter Index | DDR Memory Controller Port Index | Connected Hosts |
|---|---|---|---|
| TZC_SYS | 0 | 1 | TZAESB, USB, ICM |
| TZC_SYS | 1 | 2 | DMA0, DMA1 |
| TZC_SYS | 2 | 3 | LCDC, GPU2DC |
| TZC_SYS | 3 | 4 | GMAC0–1, SDMMC0–2, DMA2 |
| TZC_CPU | 0 | 0 | CPU |
The TZC is divided into two independent controllers, TZC_SYS and TZC_CPU. TZC_CPU is placed between the processor and the DDR memory controller and includes only one filter. TZC_SYS is placed between the other hosts of the system and the DDR memory controller and includes four filters.
Each TZC includes a control unit and one or more filter units.
The control unit stores the configuration while filter units perform security checks. All filters operate from one set of shared region configuration registers. This ensures consistency across all filter units.
In addition to the default base region (Region 0), the TZC creates up to eight fully programmable regions (Regions 1..8) in the DDR memory address space, each with an individual security level setting. System bus host accesses must meet the security requirements to gain access to the DDR memory. The base address, top address, enable, and security parameters for each region are configurable.
All control registers are Secure access only. The TZC returns error responses for all Non-secure accesses.