14.5.6.1 System Boot Sequence

CAUTION: The Security Extensions enable the construction of an isolated software environment for more secure execution, depending on a suitable system design around the processor. The technology does not protect the processor from hardware attacks, and care must be taken to be sure that the hardware containing the reset handling code is appropriately secure.

The processor always boots in the privileged Supervisor mode in the Secure state, with the NS bit set to 0. This means that code that does not attempt to use the Security Extensions always runs in the Secure state. If the software uses both Secure and Non-secure states, the less trusted software, such as a complex operating system and application code running under that operating system, executes in Non-secure state, and the most trusted software executes in the Secure state.

The following sequence is expected to be typical use of the Security Extensions:

  1. Exit from reset in Secure state.
  2. Configure the security state of memory and peripherals. Some memory and peripherals are accessible only to the software running in Secure state.
  3. Initialize the secure operating system. The required operations depend on the operating system, and include initialization of caches, MMU, exception vectors, and stacks.
  4. Initialize Secure Monitor software to handle exceptions that switch execution between the Secure and Non-secure operating systems.
  5. Optionally lock aspects of the secure state environment against further configuration.
  6. Pass control through the Secure Monitor software to the non-secure OS with an SMC instruction.
  7. Enable the Non-secure operating system to initialize. The required operations depend on the operating system, and typically include initialization of caches, MMU, exception vectors, and stacks.

The overall security of the secure software depends on the system design, and on the secure software itself.