Zynq UltraScale+ Device Technical Reference Manual (UG1085)

Document ID
Release Date
2.4 English

TrustZone technology is a software-controlled, hardware-enforced system for separating secure and non-secure AXI transactions. Devices and peripherals are assigned a security profile that is either statically controlled (always secure or always non-secure), or dynamically controlled using a configuration register. Similarly, software processes are assigned a secure or non-secure state. All AXI transactions are tagged to indicate their security level, and the tags are propagated throughout the interconnect using the ARPROT[1] and AWPROT[1] AXI sideband signals.

Since TrustZone defines the security level of each AXI transaction, the system protection units can be used to allow or disallow a transaction based on its security level. Secure transactions can optionally access non-secure slaves, if allowed. Non-secure transactions cannot access secure locations.