One mechanism for isolating the trusted world from the untrusted world is by leveraging Arm® trusted firmware for the Cortex® processors (TF-A) to create a trusted and untrusted environment on the same processor. The application processing unit (APU) on the Zynq UltraScale+ MPSoC is an Armv8 Cortex®-A53 and therefore fully supports unique exception levels (EL) to isolate secure and non-secure domains.
This isolation is reliant on TF-A software to act as the arbiter between trusted and untrusted domains by adding AXI4 protection bits to the transactions. As detailed in the following figure, you can see that an untrusted (colored in black) application must go through the TF-A to request access to trusted (colored in blue) memory or peripherals.
On the Zynq UltraScale+ MPSoC, TF-A is further enhanced by the Xilinx peripheral protection unit (XPPU) and memory protection unit (XMPU). The use of the XMPU and XPPU on the Zynq UltraScale+ MPSoC adds a hardware backed element to the functionality of the TF-A. As shown in the following figure, any transaction originating from a trusted application on the APU (master of the transaction in this case) is permitted to access a trusted peripheral. Any other master (RPU for example) is blocked from accessing this peripheral by the XMPU/XPPU.