Hi, as far I understood the TrustZone configuration for the PL-PS interface is defined on a per transaction basis. Let us now consider a unsecure Master in the PL which modifies the AWPROT/ARPROT signals to generate a secure memory transaction through one of the FPD interfaces. What are the current possibilities to prevent this privilege escalation ? For me one solution would be to define the isolation correctly with the Isolation Configuration flow. Is it also possible to prevent this at the FPD interface itself ?