 Hello, and welcome to this presentation of the STM32MP1 Trust Zone Address Space Counter. The Enhanced Trust Zone Protection Controller, or ETZPC, is used to, one, configure the trust zone security for secureable IPs. Peripheral security mode can be secure. Read and write access allowed only to the secure world. Read and write secure. Write access allowed only to the secure world. Read allowed to any. Or non-secure. Read and write access allowed to any. Two, configure the sysRAM and ROM secure region size. The secure region is defined in multiples of four kilobytes and at the bottom address. And three, configure the MCU isolation domain with a set of isolable IPs allocated to this MCU domain. The key features of the Trust Zone Address Space Controller are 32-bit APB4 interface. ETZPC is only write secure. Register set to control SOC security and isolation settings for sysRAM and ROM secure region size, TZMA0, TZMA1, access rights for secureable AHB and APB peripherals, and resource isolation to the Cortex-M4 domain for AHB and APB peripherals. Security configuration locking for each memory region and each peripheral. Secure resources. No control from ETZPC. ETZPC writes secure only. TZC always secure. AXEM-GPC always secure. Non-secure resources. Many peripherals are not controlled by security. They are not controlled by ETZPC from the security viewpoint. And MCU isolation is applicable to non-secure resources and controlled from ETZPC. Securable resources. Peripheral security can be either secure, write secure, or non-secure according to DECPROT bits. SysRAM and boot ROM memories have programmable secure region size according to TZMA0 and 1 settings. Note, SRAM 1, 2, 3, and 4 and Retram cannot be made secure or write secure according to DECPROT bits. MPU and MCU domains definition. The MCU domain includes Cortex-M4 and DMA busmasters assigned to the Cortex-M4 core. The MPU domain is complementary to the MCU domain with Cortex-A7 and Cortex-M4 shared control with the exception of peripherals with TZ security enforcement. The DMA busmaster inherits the MCU isolation property assigned to this IP slave bus. Peripherals can be one of three types. Type 1, Securable. Type 2, Non-Securable and MCU Isolable. Type 3, Securable and MCU Isolable. ETZPC controls MPU and MCU domain access according to DECPROT 1 to 0 bits as shown in this table. Type 1 can be secure, write secure, or non-secure shared, but never be MCU isolated. Type 2 can be shared or MCU isolated, but never be secure or write secure. Type 3 can be secure, write secure, or non-secure MCU isolated or non-secure shared. Type 1 Securable IPs are located on the AHB5 APB5 bus. They are secured by default after reset. The security properties can be changed to write secure or non-secure by ETZPC. They cannot be made MCU-isolable. Most peripherals are of type 2 non-secure IPs. They are shared between the MPU and the MCU by default after reset. The security property can be changed to MCU-isolable by ETZPC. They cannot be made secure or write secure. Peripherals with a bus master change their bus master attribute according to the MCU isolation. Type 3 Securable IPs are only internal RAMs, SRAM 1, 2, 3, and 4, and RETRAM memories. They are non-secure shared between the MPU and the MCU by default after reset. The security property can be changed by ETZPC to secure, write secure, or non-secure and MCU-isolable. DMA master IPs, which may be allocated to the MCU domain, are DMA1, DMA2, ETH, SDMMC3, and OTG. A DMA master is set to the MCU when its slave interface is allocated to the MCU by deprot bits. A DMA master allocated to the MCU ignores all read-write access by the MPU, secure or non-secure.