TrustZone on-chip memory
- TrustZone Boot ROM, 8-16KB for signature check code
- On-chip memory (e.g. TCM) – 2KB instruction and 100 bytes data for Secure Monitor
- On-chip RAM for secure code and data. TrustZone Internal Memory Wrapper (PL141) can partition a single larger on-chip RAM into Secure and Non-Secure) Worlds
TrustZone off-chip memory
- TrustZone RAM - in DDR memory, typically 256K-1M for decrypted/checked code.
- Off-chip memory cheaper per bit
- Partitioning a single off-chip memory in up to 16 secure regions by TrustZone Address Space Controller (TZC-380). Resistant to software attack.
| Code | Product | Main Function | Key Features | Size |
|---|---|---|---|---|
| TZC-400 | TrustZone Address Space Controller | Partition external memory in to secure and non-secure regions. | Adds support for AMBA 4 ACE-Lite and AXI4. Zero latency fast path. | 10-100k gates |
| TZC-380 | Configurable up to 16 regions of size 32K-4G with 8 sub-regions down to 4K. Optional register slices to meet timing constrains. | 10-100k gates | ||
| BP141 | TrustZone Internal Memory Wrapper | Protects internal SRAM. | Manages a single secure region within the SRAM, | <1k gates |
| BP147 | TrustZone Protection Controller | Prevents non-secure accesses to peripherals. | Allows peripherals to be safely shared by the secure and non-secure worlds. APB interface. | <1k gates |
