3.10.63 TZC_400

TrustZone Address Space Controller. This model is written in C++.

TZC_400 contains the following CADI targets:

  • TZC_400

TZC_400 contains the following MTI components:

TZC_400 - about

The TZC-400 determines, under software control, whether a particular bus master is permitted to issue Non-secure accesses to a particular physical address.

The component has:

  • Eight address regions in addition to the base region, region 0.
  • A programmable control block for security-access permissions configuration through the Advanced Peripheral Bus (APB).
  • Up to four address filters that share common set region set-up registers.
  • Software configurable permission check failure reporting and interrupt signaling.
  • Filtering with a Non-Secure Access ID (NSAID).
  • A gate keeper, to allow or block accesses to the filter unit.
  • Configurable reset values of region configuration registers and other key configuration registers.

Unlike the hardware, it does not have:

  • Asynchronous clocks. The model does not need clocks for data transfer, or clock signals.
  • QoS Virtual Network (QVN) support. Specifically, it does not implement the vnet bits[27:24] in FAIL_ID_<x> registers.
  • Fast Path and Fast Path ID. In the model, transactions occur at similar speeds.
  • 256 outstanding accesses globally for each read or write Normal Paths and configurable 8, 16, or 32 outstanding accesses on Fast Path read access. The model does not support QVN, and this concept is meaningless for a PV level model.
  • Configurable address bus width, data bus width, transaction ID tag, and USER bus width. A single bus implementation, PVBus, covers these AXI bus hardware implementation details.

This component contains the following subcomponents:

The TZC-400 has four TZFilterUnits. The BUILD_CONFIG register sets the configuration. The rst_build_config parameter controls the register.
An internal dummy device that mimics RAZ/WI for TZFilterUnits. The system uses it when there is a permission violation and a bus returns Transaction OK.


This component provides the registers that the Technical Reference Manual (TRM) specifies. However, it does not implement:

  • The vnet bits[27:24] in FAIL_ID_<x> registers.
  • Any background logic for the speculation control register. This does not affect model behavior.

Additional parameter information

id_mapping, master_id_from_label, rst_build_config, rst_region_attributes_0

Configure master_id_from_label or id_mapping, rst_build_config, and rst_region_attributes_0 before running the model to set the desired behaviors. Otherwise, the system resets all region configuration registers, rst_action, and rst_gate_keeper to 0, and resets rst_build_config and rst_region_attributes_0 to sensible default values. Configure either id_mapping or master_id_from_label at model init, or a warning message appears.

The syntax of id_mapping is:


Separate the mapping pairs by a comma. The masterid is the ID of the bus master, such as the parameter CLUSTER_ID on Cortex-A15/7, cluster_id port of Cortex-A15/7, or master_id parameter for Cortex-M3.

The reset values vary with the system. See the system design documentation or system integration documentation. (0x3003F08 for AEMv8-A.)

Table 3-400 Ports

Name Protocol Type Description
apbslave_s PVBus Slave Bus access for control register.
filter_pvbus_m[4] PVBus Master Outgoing bus traffic from filter units.
filter_pvbus_s[4] PVBus Slave Incoming bus traffic to filter units.
tzc_reset Signal Slave Reset signal from external master.
tzcint Signal Master TrustZone interrupt signal, controlled by ACTION register.
Non-ConfidentialPDF file icon PDF version100964_1180_00_en
Copyright © 2014–2019 Arm Limited or its affiliates. All rights reserved.