M23/TrustZone - failing to write SAU and SCB_NS

Hi,

I am using CortexM23 with TrustZone enabled I wanted to write a secure program, but I failed. These are what I did:

By the way, I am using uvision Keil 5.

1. Enable TZ
   1. I add "-mcmse" under  Options for Target ->C/C++(AC6)->Misc Controls.
   2. I include <arm_cmse.h> in my source code.
2. Memory partition using SAU
   1. I configured 4 regions. One is NSC, two are NS, and the last one is disabled.
3. In order to jump to nonsecure wolrd after bootup, I write nonsecure vector table address to SCB_NS->VTOR.
4. I also wrote some NSC APIs.

But things were not working as expected.

NSC APIs are fine, there are NSC entries in Veneer region defined by me.

Writing to SCB_NS->VTOR failed. I did not see any changes in that memory location from Keil. I cannot change the the the memory content of that location with debugger, either. 

Then I checked the address of non-secure vector table with TT instruction, to see if it is really non-secure. And this is what I got:

I realize that memory partition also failed. So I checked my partition function. I found out that SAU registers are not changed, just like SCB_NS.

After this line of code " SAU->RLAR = (SAU_INIT_END1 & SAU_RLAR_LADDR_Msk);" SAU->RLAR should contain SAU_INIT_END1, but I did not see anything in that location.

I checked the disassembly code, and I did not find any error. it is just STR, the value and destination are also correct.

It seems that the CPU is not aware of the existence of TZ, and refuses all access to "unknown" address. But no Hardfault or any other exceptions are generated.

I have some confusions:

1. What causes this? Is there any protection on those memory locations by ARM?
2. How do I know if TZ is enabled or not? And how do I know in which state the CPU is (secure/non-secure)?
3. How to check if a memory location is non-secure or secure?

Thanks!

Hilda