The TrustZone Address Space Controller (TZASC) is an AXI component which partitions its slave address range into a number of memory regions. The TZASC can be programmed by Secure software to configure these regions as Secure or Non-secure, and will reject Non-secure transactions to a region that is configured as Secure.
The number of memory regions, and the bus widths of the TZASC AXI interfaces, are configurable when the design is synthesized.
The main reason to use a TZASC is to partition a single AXI slave, such as an off-SoC DRAM, into multiple security domains. Off-SoC RAM is a good example as memory devices have significant cost associated with them due to extra pin-out, printed circuit board area, and the cost of the memory itself. It is therefore desirable for a system to partition a single external memory so that it can contain both Secure and Non-secure regions; this is typically less expensive than placing two smaller memory devices.
The ARM AXI Dynamic Memory Controller (DMC) family is a range of high performance controllers which do not internally support the creation of Secure and Non-secure partitions. To enable security partitions to be created a TZASC can be placed between the DMC and the on-SoC masters that need to access it. The TZASC is designed to work with dynamic memory and allows burst accesses to travel through it with minimal impact on memory latencies.
The TZASC can only be used for partitioning memory mapped devices; in particular it cannot be used for partitioning block-based devices, such as NAND flash.