Architecture

Overview

Details

MMU / TLB / Cache Controllers

2 separate, virtual MMUs.

• Indexed by NS.

Single TLB.

• But entries keep the value of NS that created them.

• No need to invalidate them when switching between worlds.

The Secure World can still access non-secure memory.

• Extra bit on each entry in the secure translation table.

Single cache.

• Cache lines keep the NS address bit.

AXI (Advanced eXtensible Interface)

SoC internal bus

Extra NS line for secure read/write operations.

• Non-secure master cannot access a resource marked as secure.

TZASC (TZ Address Space Controller)

Allows a dynamic classification of AXI slave memory-mapped devices as secure or non-secure.

• Partitioning of single memory units.

Controlled by the Secure world.

TZMA (TZ Memory Adapter)

Keeps a classification of in-SoC memory areas as secure and non-secure.

• ROM or SRAM.

Non-secure accesses cannot access secured memory areas.

Controlled by the Secure World.

TZPC (TZ Protection Controller)

Allows to dynamically set the security of a peripheral connected to the APB (Advanced Peripheral Bus).

• Protects non-secure access requests to reach peripherals marked as secure.

Controlled by the Secure World.

GIC (Generic Interrupt Controller)

Classifies interrupts as secure or non-secure.

• Once set, cannot be changed.

Interrupts can be normal or fast (high-priority).

• Secure interrupts usually have higher priority.

Interrupts with a security classification different from the current world force the switching to Monitor (EL3).

Controlled by the Secure World.