TrustZone technology is a software-controlled, hardware-enforced system for separating secure and non-secure AXI transactions. Devices and peripherals are assigned a security profile that is either statically controlled (always secure or always non-secure), or dynamically controlled using a configuration register. Similarly, software processes are assigned a secure or non-secure state. All AXI transactions are tagged to indicate their security level, and the tags are propagated throughout the interconnect using the ARPROT and AWPROT AXI sideband signals.
Since TrustZone defines the security level of each AXI transaction, the system protection units can be used to allow or disallow a transaction based on its security level. Secure transactions can optionally access non-secure slaves, if allowed. Non-secure transactions cannot access secure locations.