CCA in Armv9 - Making Peripherals Only Accessible from a Realm VM

Hi everyone!

I have a question about how the peripheral controller interacts with CCA Realms. Would it be possible to make individual peripherals (MMIO regions, specifically) only accessible from a Realm VM?

In Arm TrustZone, apparently it is possible to configure MMIO regions of individual peripheral to make it only accessible from the secure world, using the Secure Peripherals Controller. I wonder if similar things can be done for Realm VMs.

Thank you.