11.12.3 Boot and Secure Segment Allocation

The linker will collect input sections designated as boot or secure and allocate them according to the security model. Diagnostics will be issued for errors such as overflow of a secure segment, or requests for a type of protected memory that does not match the security model.

The linker reserves memory for boot and secure segments by adjusting boundaries of the following memory regions: program, data, and eedata. Therefore the name, origin, and length of these regions expressed in the linker script should reflect the original values, not values adjusted for boot and secure segments.

If access entry points have been defined, the linker will construct branch tables as needed for the boot or secure segment. Branch tables fill the entire access area (32 instruction words), regardless of how many access entry slots are actually used. This ensures that secure segment object code can be reached only by access entry point. Unused slots in the branch table will be filled with the default entry if one has been specified.

Execution flow may reach access entry points in several different ways, using a combination of machine instructions and data directives. Each access entry consists of a single, unconditional branch instruction, which targets the actual object code for a secure function.