To support the robust management of Secure and Non-secure interrupts, the underlying interrupt controller must prevent the Normal world modifying the configuration of Secure world interrupt sources. This means that a single interrupt controller must support TrustZone technology using internal partitioning, or two interrupt controllers must be placed in the system.
The Generic Interrupt Controller (GIC) is a single hardware device that supports both Secure and Non-secure prioritized interrupt sources. Attempts by Normal world software to modify the configuration of an interrupt line configured as a Secure source will be prevented by the GIC hardware. Additionally, Non-secure software can only configure interrupts in the lower half of the priority range, preventing denial-of-service attacks.
The ARM Cortex-A9 MPCore incorporates its own interrupt controller with the same programmer’s model as the GIC, and therefore does not require an external interrupt controller. More details about the integrated interrupt controller can be found in the section called Interrupt handling.