2.2.5. Region security permissions

The TZASC enables you to program the security access permissions for any region that it is configured. A region is assigned a security permissions field, sp<n>, in its region_attributes_<n> Register that enables you to have complete control of the permissions for that region. See Chapter 4 Programmers Model for Test.

Security inversion

There are two modes of operation for the region security permissions, with or without security inversion.

By default, if you program a region to support non-secure accesses, the TZASC ensures that region must also support secure accesses. For example, if you program the region permissions for region 3 to be non-secure read only, the TZASC permits access to region 3 for secure reads and non-secure reads.

If you require that some regions are not accessible to masters in Secure state, but are accessible in Non-secure state, then you must enable security inversion.

See Region security permissions and Security Inversion Enable Register for more information.

Programming security permissions when security inversion is disabled

By default, security inversion is disabled and therefore the TZASC only permits you to program certain combinations of security permissions. These combinations ensure that a master in Secure state is not denied access to a region that is programmed to only accept non-secure accesses. Table 2.3 shows the possible security permissions when security inversion is disabled.

Table 2.3. Region security permissions when security inversion is disabled

 sp<n> field controls if the TZASC permits access for the following AXI transactions
sp<n> field [a]Secure readSecure writeNon-secure readNon-secure write
b0000    No   No    No    No
b0100No    Yes    No  No
b0001, b0101    No    Yes   No    Yes
b1000    Yes    No   No    No
b0010, b1010    Yes    No    Yes    No
b1100    Yes    Yes    No    No
b1001, b1101    Yes    Yes    No    Yes
b0110, b1110    Yes    Yes    Yes    No
b0011, b0111, b1011, b1111    Yes    Yes    Yes    Yes

[a] See Region Attributes <n> Register for programming information.


Programming security permissions when security inversion is enabled

If you enable security inversion, the TZASC permits you to program any combination of security permissions as Table 2.4 shows.

Table 2.4. Region security permissions when security inversion is enabled

 sp<n> field controls if the TZASC permits access for the following AXI transactions
sp<n> field [a]Secure readSecure writeNon-secure readNon-secure write
b0000    No  No    No   No
b0001   No    No    No    Yes
b0010    No    No    Yes   No
b0011    No    No    Yes    Yes
b0100  No    Yes   No    No
b0101  No    Yes  No    Yes
b0110   No    Yes    Yes   No
b0111   No    Yes    Yes    Yes
b1000    Yes    No   No    No
b1001    Yes    No    No    Yes
b1010    Yes   No    Yes    No
b1011    Yes    No    Yes    Yes
b1100    Yes    Yes    No    No
b1101    Yes    Yes   No    Yes
b1110    Yes    Yes    Yes    No
b1111    Yes    Yes    Yes    Yes

[a] See Region Attributes <n> Register for programming information.


Table 2.5 shows a typical example of memory map along with the register programming. The TZASC is configured to have 16 regions.

Table 2.5. Typical example of memory map along with the register programming

RegionRegion[a] LockStarting addressRegion sizeSize fieldsp[b]Description
Region_0 (Default)EnableNo0x0max-1100Secure Read Write access (RW).
Region_1EnableNo0x064MBb0110011111Non-secure Read or Write access (R/W), Secure R/W.
Region_2EnableNo0x016MBb0101111110Non-secure Read Only access (RO), Secure RW for the normal world OS kernel.
Region_3EnableNo0x3D00000512KBb0100101111Regularly switched Non-secure, or Secure RW for a more complex shared memory buffers.
Region_4EnableNo0x3D80000512KBb0100101100Non-secure No Access (NA), Secure RW, a dedicated area for secure LCD Controller frame buffer.
Region_5[c]EnableNo0x8000000032KBb0011101111Non-secure RW, Secure RW for address range of general peripherals such as screen control, and keyboard hardware.
Region_6EnableYes0x3C00000512KBb0100101011Non-secure RW, Secure RO for streaming from the normal world to the secure world.
Region_7EnableYes0x3C80000512KBb0100101110Non-secure RO, Secure RW for streaming from the secure world to the normal world.
Region_8EnableYes0x3E00000512KBb0100101000Non-secure NA, Secure RO for the secure world OS kernel.
Region_9EnableYes0x3E80000512KBb0100101100Non-secure NA, Secure RW for the secure world OS applications, heap, and stacks.
Region_10EnableYes0x3F000001MBb0100111100Non-secure NA, Secure RW for Secure world OS applications, heap, and stacks.
Region_11[c]EnableYes0x8000800032KBb0011101100Non-secure NA, Secure RW for address range of secure peripherals such as Random Number Generator (RNG), and cryptography support hardware.
Region_12EnableYes0xF0000000256MBb0110110011Non-secure RW, Secure NA for FLASH holding normal world OS plus disk.
Region_13EnableYes0xF00000001MBb0100111100Non-secure NA, Secure RW for FLASH for secure boot, secure world OS, secure configuration details.
Region_14Disable------
Region_15Disable------

[a] Region can be either Enable or Disable.

[b] Security Permission (sp).

[c] In a more typical system, these devices would be protected by a TrustZone Protection Controller (BP147), and associated TrustZone aware AXI to APB Bridges (BP135).


Note

The implementers system design, and security requirements are taken into account for this example. And any actual software programming must depend on the system where TZASC is plugged.

Copyright © 2008, 2010 ARM Limited. All rights reserved.ARM DDI 0431B
Non-Confidential