3.4.4 AHB5 TrustZone Memory Protection Controller

The base element implements a memory protection controller for each SRAM block. Each MPC APB configuration interface is mapped to the following base addresses.

  • 0x5008_3000 for SRAM Bank 0.
  • 0x5008_4000 for SRAM Bank 1.
  • 0x5008_5000 for SRAM Bank 2.
  • 0x5008_6000 for SRAM Bank 3.

See Arm® CoreLink™ SIE-200 System IP for Embedded Technical Reference Manual for more information on the AHB5 TrustZone Memory Protection Controller.

The configuration registers are listed in the following table:

Table 3-23 Summary of MPC registers

Offset Name Access Reset value Description
0x000 CTRL RW 0x0

Bit[0]: Reserved.

Bit[2:1]: Reserved

Bit[4]: Security error response configuration

(CFG_SEC_RESP) -> 0:RAZ-WI, 1: Bus Error.

Bit[5]: Reserved.

Bit[6]: Data interface gating request.

Bit[7]: Data interface gating acknowledge (RO).

Bit[8]: Auto-increment.

Bits[30:9]: Reserved.

Bit[31]: Security lockdown.

0x0040x00C RSVD RO 0x0 Reserved.
0x010 BLK_MAX RO - Maximum value of block-based index register.
0x014 BLK_CFG RO -

Bit[3:0] Block size:

0: 32 Bytes

1: 64 Bytes

Block size = 1 << (BLK_CFG+5)

Bit[30:4]: Reserved.

Bit[31]: Initialization in progress.

0x018 BLK_IDX RW 0x0 Index value for accessing block-based lookup table.

Block based gating Look Up Table (LUT): Access to block based lookup configuration space pointed to by BLK_IDX.

Bit[31:0]: each bit indicate one block:

If BLK_IDX is 0, bit[0] is block #0, bit[31] is block #31.

If BLK_IDX is 1, bit[0] is block #32, bit[31] is block #63.

For each configuration bit, 0 indicates Secure, 1 indicates Non-secure.

A full word write or read to this register automatically increments the BLK_IDX by one.

0x020 INT_STAT RO 0x0

Bit[0]: mpc_irq triggered.

Bit[31:1]: Reserved.

0x024 INT_CLEAR WO 0x0

Bit[0]: mpc_irq clear (cleared automatically).

Bit[31:1]: Reserved.

0x028 INT_EN RW 0x0

Bit[0]: mpc_irq enable.

Bits are valid when mpc_irq triggered is set.

0x02C INT_INFO1 RO 0x0

haddr[31:0] when the first mpc_irq triggered.

Bits are valid when mpc_irq triggered is set.

0x030 INT_INFO2 RO 0x0

Various debug bits when the first mpc_irq triggered;

Bit [15:0]: hmaster.

Bit [16]: hnonsec.

Bit [17]: cfg_ns.

Bit [31:18]: Reserved.

Bits are valid when mpc_irq triggered is set.

0x034 INT_SET WO 0x0

Bit[0]: mpc_irq set. Debug purpose only.

Bit[31:1]: Reserved.

0x0380xFCC RSVD RO 0x0 Reserved.
0xFD0 PIDR4 RO 0x04

Peripheral ID 4

[7:4]: block count.

[3:0]: jep106_c_code.

0xFD4 PIDR5 RO 0x0 Peripheral ID 5 (not used).
0xFD8 PIDR6 RO 0x0 Peripheral ID 6 (not used).
0xFDC PIDR7 RO 0x0 Peripheral ID 7 (not used).
0xFE0 PIDR0 RO 0x60 Peripheral ID 0 (Part number [7:0].)
0xFE4 PIDR1 RO 0xB8

Peripheral ID 1

[7:4]: jep106_id_3_0.

[3:0]: Part number.

0xFE8 PIDR2 RO 0x0B

Peripheral ID 2

[7:4]: revision,

[3]: jedec_used,

[2:0]: jep106_id_6_4.

0xFEC PIDR3 RO 0x0

Peripheral ID 3

[7:4]: ECO revision number,

[3:0]: Customer modification number.

0xFF0 CIDR0 RO 0x0D Component ID 0.
0xFF4 CIDR1 RO 0xF0 Component ID 1 (PrimeCell class).
0xFF8 CIDR2 RO 0x05 Component ID 2.
0xFFC CIDR3 RO 0xB1 Component ID 3.

Look Up Table (LUT) examples

The contents of the LUT can be accessed in several ways that might require different configurations of the autoincrement function of the BLK_IDX register.

To dump the full contents of the LUT:
  1. Set the autoincrement enable bit, CTRL[8], to 0b1.
  2. Read the BLK_MAX register. This has a value 0xN which represents the last address in the LUT.
  3. Write 0x0 to the BLK_IDX register.
  4. Read the BLK_LUT register to 0xN times to read the complete LUT.
To rewrite the full contents of the LUT:
  1. Set autoincrement enable bit, CTRL[8], to 0b1.
  2. Read the BLK_MAX register. This has a value 0xN which represents the last address in the LUT.
  3. Write 0x0 to the BLK_IDX register.
  4. Write the new values to the BLK_LUT register 0xN times to fill the complete LUT.
To read-modify-write:
  1. Set autoincrement enable bit, CTRL[8], to 0b0.
  2. Write the required address to the BLK_IDX.
  3. Read the current contents of the LUT.
  4. Write the new contents to the LUT.


    Byte accesses can be used to update only the required byte of the register without reading the full contents:

Configuration lockdown

The AHB5 TrustZone® MPC provides a configuration lockdown feature that prevents malicious software from changing the security configuration. Writing 0x1 to the security lockdown bit, CTRL[31], enables the configuration lockdown feature.

After the configuration lockdown feature is enabled:

  • It can only be disabled by a component reset which resets CTRL[31] to 0.
  • The following registers are read-only:

    • CTRL.

    • BLK_LUT.
    • INT_EN.


Arm recommends that you write 0b1 to the LUT auto-increment bit, CTRL[8] before enabling the configuration lockdown feature.

When the feature is enabled, only LUT dumping is available which is simpler when BLK_IDX increments automatically during the dump.

Non-ConfidentialPDF file icon PDF version101104_0200_00_en
Copyright © 2016–2018 Arm Limited or its affiliates. All rights reserved.