4.5.4. Booting a secure system

A TrustZone-enabled processor starts in the Secure state when you power on the system. This enables any sensitive security checks to run before the Non-secure state software has an opportunity to modify any aspect of the system.

Figure 4.3. A typical boot sequence of a TrustZone-enabled processor

To view this graphic, your browser must support the SVG format. Either install a browser with native support, or install an appropriate plugin such as Adobe SVG Viewer.


After power-on, most SoC designs start executing a ROM-based bootloader before switching to a device bootloader located in external non-volatile storage, such as flash memory. A ROM-based bootloader initializes critical peripherals, such as memory controllers. The boot sequence then progresses through the Secure state operating environment initialization stages, before passing control to the Non-secure state bootloader. This starts the Non-secure state operating system, at which point the system can be considered running.

Copyright © 2014 ARM. All rights reserved.ARM DAI0425
Non-ConfidentialID080414