Features

1. it has protection bits to enable you to program up to 24 areas of memory as secure
   or non-secure (可以设置最多24个区域的内存为secure或non-secure)
2. it has secure region bits to enable you to split an area of internal RAM into both
   secure and non-secure regions（可以将内部的ram划分为secure和non-secure）
3. it has an AMBA APB system interface（拥有AMBA APB的系统接口）
4. it does not generate any APB wait states or a slave error response and is therefore
   compatible with the AMBA 2 APB protocol.（不会产生任何APB等待状态，或者外设的错误回应，因此兼容于AMBA 2 APB协议）

Block diagram

tzpc-block=diagram.PNG

功能介绍：

TZPC提供了将内存区域划分为secure和non-secure的软件接口，有两种办法可以做到。

1. Programmable protection bits that can be allocated to areas of memory as
   determined by an external decoder.
   设置地址解码器所指定的内存区域的保护位（通过TZPCDECPROT）
2. Programmable region size value for use by an AXI TrustZone Memory Adapter
   (TZMA). You can use this to split the RAM into two regions:
   — one secure
   — one non-secure.
   设置TZMA所使用的内存区大小，可以分割RAM为两个区域：一个secure，一个non-secure （通过TZPCR0SIZE）

TZPC typical configuration

tzpc-typical-configuration.PNG

从上图，TZPC是通过APB总线访问，设置好寄存器之后，有TZMA去阻止内存的访问操作。

程序员视图

1. tzpc寄存器应该放置于secure的内存区域
2. tzpc寄存器的基地址是可以配置的，但是寄存器的相对偏移不能改变
3. 不能访问保留，以及未使用的地址，如果访问，将会导致不可预料的结果。
4. 对于保留以及未使用的寄存器位，必须写成0，读取时需要忽略，除非在相关文档上有对应的说明
5. 所有的寄存器在上电时都会重置为0，除非在相关文档有说明
6. 所有的寄存器都是可以读写的。
7. 访问所有寄存器都不会出现等待状态。

寄存器

1. TZPCR0SIZE（Secure RAM Region Size Register RW default：0x00000200）

[31:10] - Read undefined. Write as zero.
[9:0] R0SIZE Secure RAM region size in 4KB steps:
0x00000000 = no secure region
0x00000001 = 4KB secure region
0x00000002 = 8KB secure region
…
0x000001FF = 2044KB secure region.
0x00000200 or above sets the entire RAM to secure regardless of size

2. TZPCDECPROT[0-2]Stat (Decode Protection 0-2 Status Registers RO default: 0x0)
3. TZPCDECPROT[0-2]Set (Decode Protection 0-2 Set Registers RO default: 0x0)
4. TZPCDECPROT[0-2]Clr (Decode Protection 0-2 Clear Registers RO default: 0x0)
   [31:8] - Read undefined.
   [7:0] DECPROTxStat Shows the status of the decode protection output:
   0 = decode region corresponding to the bit is secure
   1 = decode region corresponding to the bit is non-secure.
   There is one bit of the register for each protection output, eight outputs are implemented as standard.
   TZPCDECPROT寄存器用来设置内存区域为secure 或者non-secure，总共可以控制3*8 = 24个区域
5. TZPCPERIPHID[0-3] (Peripheral Identification Register 0-3)
6. TZPCPCELLID0[0-3] (TZPC Identification Register 0-3)
   TZPCPERIPHID和TZPCPCELLID0都是存放的只读ID

TZPC功能总结：

tzpc-typical-usage.png

1. TZPCDECPROT有三组寄存器[0-2]每组有8个bit来控制secure 或non secure，所以一共可以控制3*8 = 24个外设地址空间为secure 或non secure
2. TZPCR0SIZE可以通过TZMA来将内部RAM划分为secure 内存.

The TZMA allows a single static memory of up to 2MB to be partitioned into two regions where the lower part is Secure, and the upper part Non-secure.

Refs：
ARM Security Technology
PrimeCell® Infrastructure AMBA™ 3 TrustZone™Protection Controller
PrimeCell® Infrastructure AMBA™ 3 AXI™ TrustZone™Memory Adapter