Hello Sudeep,
For TZC, I think we can control the secure/non-secure access behavior.
If we denied secure access for a region, we don't need to have NS attribute
in page tables, and TZC should deny the access.
We can confirm the asynchronous data abort raised by access violation.
But only for address 0x8000_0000 to 0xffff_ffff (which is external DRAM).
When we try to access GIC or TZDRAM (0x0600_0000 to 0x0800_0000),
the filter does no effect. (and I don't see the permission check reported by
fvp tzc400 diagnostic log)
Does GIC and TZDRAM not connected through TZC400 filter0 ? Or we missing
something?