You copied the Doc URL to your clipboard.

Security wrappers

Transactions from legacy or non-security aware masters require appropriate attribution when connected into a system with TrustZone technology for ARM®v8‑M. The example system utilizes security-wrappers to perform this function.

For each security wrapper, a control bit exists to determine whether the master must behave as either a Secure or a Non-secure master. The wrapper uses the control bit to determine a secure-request type and then the Secure attribute:

  • If the request type is Secure, it uses the system address map to determine if the secure-attribute of the transaction must be Secure or Non-secure based on the address.
  • If the request type is Non-secure, the secure-attribute is Non-secure.

The example system assumes that rejection of non-permitted transactions is performed at ingress to the slave components. However, it is permitted, but not required, for the security wrapper to reject a Non-secure transaction that is targeting a Secure address. In such a case the example system records an event in the system security controller, which in turn generates a Secure interrupt to the ARMv8‑M processor.


The mechanism that is used to reject the transaction is entirely up to the implementer and includes generating an abort or ignoring-writes and returning zero-on-a-read. The mechanism that is used to record an event, and generation of an interrupt is also entirely within the freedom of the implementer.