 Hello and welcome to this presentation of the STM32MP1 Trust Zone address space counter. The Enhanced Trust Zone Protection Controller, or ETZPC, is used to 1. Configure the Trust Zone security for secureable IPs. Peripheral security mode can be secure. Read and write access allowed only to the secure world. Write secure. Write access allowed only to the secure world. Read allowed to any. Or non-secure. Read and write access allowed to any. 2. Configure the SysRAM and ROM secure region size. The secure region is defined in multiples of 4 kilobytes and at the bottom address. And 3. Configure the MCU isolation domain with a set of isolable IPs allocated to this MCU domain. The key features of the Trust Zone address space controller are 32-bit APB4 interface. ETZPC is only write secure. Register set to control SOC security and isolation settings for SysRAM and ROM secure region size, TZMA0, TZMA1, access rights for secureable AHB and APB peripherals, and resource isolation to the Cortex-M4 domain for AHB and APB peripherals. Security configuration locking for each memory region and each peripheral. Secure resources. No control from ETZPC. ETZPC writes secure only. TZC always secure. AXEM-GPC always secure. Non-secure resources. Many peripherals are not controlled by security. They are not controlled by ETPZ from the security viewpoint. And MCU isolation is applicable to non-secure resources and controlled from ETZPC. Securable resources. Peripheral security can be either secure, write secure, or non-secure according to DECPROT bits. SysRAM and boot ROM memories have programmable secure region size according to TZMA0 and 1 settings. Note, SRAM123 and 4 and Retram cannot be made secure or write secure according to DECPROT bits. MPU and MCU domains definition. The MCU domain includes Cortex-M4 and DMA busmasters assigned to the Cortex-M4 core. The MPU domain is complementary to the MCU domain with Cortex-A7 and Cortex-M4 shared control, with the exception of peripherals with TZ security enforcement. The DMA busmaster inherits the MCU isolation property assigned to this IP slave bus. Secure resources. No control from ETZPC. ETZPC writes secure only. TZC always secure. AXEM-GPC always secure. Non-secure resources. Many peripherals are not concerned with security. They are not controlled by ETPZ from a security viewpoint. And MCU isolation is applicable to non-secure resources and controlled from ETZPC. Securable resources. Peripheral security can be either secure, write secure, or non-secure according to DECPROT bits. SysRAM and BootRAM memories have programmable secure region size according to TZMA 0 and 1 settings. Note, SRAM 1, 2, 3, and 4 and Retram cannot be made secure or write secure according to DECPROT bits. Type 1 Securable IPs are located on the AHB5 APB5 bus. They are secured by default after reset. The security properties can be changed to write secure or non-secure by ETZPC. They cannot be made MCU-isolable. Most peripherals are of type 2 non-secure IPs. They are shared between the MPU and the MCU by default after reset. The security property can be changed to MCU-isolable by ETZPC. They cannot be made secure or write secure. Peripherals with a busmaster change their busmaster attribute according to the MCU isolation. Type 3 Securable IPs are only internal RAMs. SRAM 1, 2, 3, and 4 and Retram memories. They are non-secure, shared between the MPU and the MCU by default after reset. The security property can be changed by ETZPC to secure, write secure or non-secure and MCU-isolable. DMA Master IPs which may be allocated to the MCU domain are DMA1, DMA2, ETH, SDMMC3, and OTG. A DMA Master is set to the MCU when its slave interface is allocated to the MCU by DECPROT bits. A DMA Master allocated to the MCU ignores all read-write access by the MPU, secure or non-secure.