I have been looking into subsystems that make use of the ARM M33 TrustZone features and secure peripherals.
From what I have read the SAU and/or IDAU define the addresses in the system that are secure, non-secure callable and non-secure.
I have read from page 27 of an ST presentation
that: "Non-secure access towards secure area is automatically blocked at SAU/IDAU level."
I am confused then what the purpose of the AHB5 HNONSEC signal is?
If the M33 running in a non-secure state accesses a secure address in a peripheral it will be blocked automatically by the SAU/IDAU so HNONSEC is not required.
Is the HNONSEC only required in the case where the SAU could have been programmed incorrectly. So a peripheral that is intended to be secure but is marked as non-secure in the SAU still blocks non-secure accesses due to seeing HNONSEC=1?
Is there any other examples/senarios of how this HNONSEC signal increases security in a way that is not already done by the SAU/IDAU?
I expected the SAU/IDAU to just simply set the value of value of the HNONSEC signal and it would be a secure peripherals responsibility to block any non-secure accesses. However, it seems the SAU/IDAU does this blocking itself.