TrustZone on-chip memory
- TrustZone Boot ROM, 8-16KB for signature check code
- On-chip memory (e.g. TCM) – 2KB instruction and 100 bytes data for Secure Monitor
- On-chip RAM for secure code and data. TrustZone Internal Memory Wrapper (PL141) can partition a single larger on-chip RAM into Secure and Non-Secure) Worlds
TrustZone off-chip memory
- TrustZone RAM - in DDR memory, typically 256K-1M for decrypted/checked code.
- Off-chip memory cheaper per bit
- Partitioning a single off-chip memory in up to 16 secure regions by TrustZone Address Space Controller (TZC-380). Resistant to software attack.
|Code||Product||Main Function||Key Features||Size|
|TZC-400||TrustZone Address Space Controller||Partition external memory in to secure and non-secure regions.||
Adds support for AMBA 4 ACE-Lite and AXI4. Zero latency fast path.
Configurable up to 16 regions of size 32K-4G with 8 sub-regions down to 4K.
Optional register slices to meet timing constrains.
|BP141||TrustZone Internal Memory Wrapper||Protects internal SRAM.||Manages a single secure region within the SRAM,||<1k gates|
|BP147||TrustZone Protection Controller||Prevents non-secure accesses to peripherals.||
Allows peripherals to be safely shared by the secure and non-secure worlds.