# Architecture

Overview

## Details ### MMU / TLB / Cache Controllers 2 separate, virtual MMUs. * Indexed by NS. **Single TLB.** * But entries keep the value of NS that created them. * No need to invalidate them when switching between worlds. The **Secure World can** still **access non-secure memory**. * Extra bit on each entry in the secure translation table. **Single cache.** * Cache lines keep the NS address bit. ### AXI (Advanced eXtensible Interface)

SoC internal bus

Extra NS line for secure **read/write operations**. * **Non-secure master cannot access a resource marked as secure.** ### TZASC (TZ Address Space Controller) Allows a **dynamic classification** of **AXI slave memory-mapped devices** as secure or non-secure. * Partitioning of single memory units. **Controlled by the Secure world.** ### TZMA (TZ Memory Adapter) Keeps a classification of **in-SoC memory areas** as secure and non-secure. * ROM or SRAM. **Non-secure accesses cannot access secured memory areas.** Controlled by the Secure World. ### TZPC (TZ Protection Controller) Allows to **dynamically set the security** of a **peripheral connected to the APB** (Advanced Peripheral Bus). * **Protects non-secure access requests to reach peripherals marked as secure.** Controlled by the Secure World. ### GIC (Generic Interrupt Controller) Classifies **interrupts** as secure or non-secure**.** * **Once set, cannot be changed.** Interrupts can be normal or fast (high-priority). * **Secure interrupts usually have higher priority.** Interrupts with a security classification different from the current world force the switching to Monitor (EL3). Controlled by the Secure World.