TrustZone Profile

Versal Adaptive SoC Technical Reference Manual (AM011)

Document ID

AM011

Release Date

2023-10-05

Revision

1.6 English

The security profile for transaction sources and destinations are listed in the following table.

Table 1. TrustZone Profile
Entity	Destination Port	Source Port	Notes
APU
APU MPCore/L2	~	Both
GIC	Both	~	Global interrupt controller (GIC)
APU system counter	Secure	~	System counter uses two APB ports (secure and non-secure)
APU system counter	Non-secure	~	System counter uses two APB ports (secure and non-secure)
SMMU and CCI
CCI control registers	Both (internal)	~	Cache coherent interconnect (CCI) control registers can be configured to be secure or non-secure
TCU APB	Both	~	SMMU_REG
TBU AXI	Both	Both	Programmable
XPPU and XMPU
APB interface	Secure	~
AXI interface	Both	Both	Programmable
PS DMA Unit
DMA channel	XPPU configurable	SLCR configurable	Programmable on a per channel basis
PS-PL Interconnect Channels
LPD_AXI_PL FPD_AXI_PL	Defined by transaction host (can be forced non-secure by PL logic)	~	Transaction originating in PS
PL_AXI_LPD PL_AXI_FPD	~	SLCR configurable: * Non-secure * Pass NS bit from PL transaction host	Transaction originating in PL
RPU
RPU cores	~	SLCR configurable
RPU TCMs	XPPU configurable	~	External AXI destinations port
LPD Peripherals and other Destinations
LPD_SLCR_SECURE registers	Secure	~
PSM	Secure	Secure
eFUSE/BPD/SYSMON	Secure	~	eFUSEs, battery power domain, system monitor
CoreSight	Secure	Secure
Debug Packet Controller	XPPU configurable	~
IOP peripherals	XPPU configurable	~	I2C, GPIO, SPI, GEM Ethernet, SD_eMMC, CAN, USB, UART, QSPI, OSPI
IOP peripherals	XPPU configurable	LPD_SLCR_SECURE	GEM Ethernet, SD_eMMC
LPD interfaces on APB	XPPU configurable	~	Potential secure destinations: reset-controller
TTC 0 to 3		~
LPD_SWDT, FPD_SWDT		~	Watchdog timers
FPD Peripherals and Other Destinations
Secure SLCR	Secure	~
FPD destinations on APB	XPPU configurable	~	Potential secure destinations: reset-controller and PCIe
PMC Units
eFUSE	XPPU configurable	~
PMC SYSMON	XPPU configurable	~
PPU processor	XPPU configurable	Secure
JTAG controller	~	Both	Select secure/non-secure via DAP controller
QSPI	XPPU configurable	Secure	Transaction initiated by QSPI during boot
SD_eMMC	XPPU configurable	SLCR programmable
OSPI	XPPU configurable	~
SelectMap	~	~
PMC_DMA	XPPU configurable	Secure
DDR Memory, OCM, and XRAM
DDR memory controller	XMPU configurable	~	Secure/non-secure per region with 1 MB granularity
OCM	XMPU configurable	~	Secure/non-secure per region with 4 KB granularity
Accelerator RAM (XRAM)	XMPU configurable	~	An XMPU on each of the four ports
Secure: peripheral or memory device is always secure, independent of the condition. Non-secure: peripheral or memory device is always non-secure, independent of the condition. Configurable: peripheral or memory device could be configured as secure or non-secure but only one mode is allowed at any given time. For configurable sources and destinations, the default registers setting is NS (non-secure). There is one exception: the PSM interconnect has an SLCR control and this defaults to S (Secure). Both: part of the peripheral or memory device is secure while the other part is non-secure.