TrustZone Controllers

(View Larger TrustZone Controllers Image)

Secure system IP blocks to support the ARM TrustZone™ system-wide approach to security in preventing access by malicious software to selected memory regions and peripherals such as screens and keypads.

The TrustZone Address Space Controller (TZC-380) extends on-chip security to protect multiple regions of external memory from software attack.

TrustZone on-chip memory

TrustZone Boot ROM, 8-16KB for signature check code
On-chip memory (e.g. TCM) – 2KB instruction and 100 bytes data for Secure Monitor
On-chip RAM for secure code and data. TrustZone Internal Memory Wrapper (PL141) can partition a single larger on-chip RAM into Secure and Non-Secure) Worlds

TrustZone off-chip memory

TrustZone RAM - in DDR memory - typically 256K-1M for decrypted/checked code.
Off-chip memory cheaper per bit
Partitioning a single off-chip memory in upto 16 secure regions by TrustZone Address Space Controller (TZC-380). Resistant to software attack.

Code	Product	Main Function	Key Features	Size
TZC-380	TrustZone Address Space Controller	Partition external memory in to secure and non-secure regions.	Configurable up to 16 regions of size 32K-4G with 8 sub-regions down to 4K. Optional register slices to meet timing constrains.	10-100k gates
BP141	TrustZone Internal Memory Wrapper	Protects internal SRAM.	Manages a single secure region within the SRAM,	<1k gates
BP147	TrustZone Protection Controller	Prevents non-secure accesses to peripherals.	Allows peripherals to be safely shared by the secure and non-secure worlds. APB interface.	<1k gates

Code

Product

Main Function

Key Features

Size

TZC-380

TrustZone Address Space Controller

Partition external memory in to secure and non-secure regions.

Configurable up to 16 regions of size 32K-4G with 8 sub-regions down to 4K.

Optional register slices to meet timing constrains.

10-100k gates

BP141