2.17.1. System boot sequence

Caution

Security Extensions computing enable a secure software environment. The technology does not protect the processor from hardware attacks, and you must make sure that the hardware containing the boot code is appropriately secure.

The processor always boots in the privileged Supervisor mode in the Secure state, that is the NS bit is 0. This means that code not written for Security Extensions always run in the Secure state, but has no way to switch to the Nonsecure state. Because the Secure and Nonsecure states mirror each other, this secure operation does not affect the functionality of code not written for Security Extensions. Peripherals boot in the Secure state.

The secure OS code at the reset vector must:

  1. Initialize the secure OS. This includes normal boot actions such as:

    1. Generate translation tables and switch on the MMU if the design uses caches or memory protection.

    2. Switch on the stack.

    3. Set up the run time environment and program stacks for each processor mode.

  2. Initialize the Secure Monitor. This includes such actions as:

    1. Allocate scratch work space.

    2. Set up the Secure Monitor stack pointer and initialize its state block.

  3. Program the partition checker to allocate physical memory available to the nonsecure OS.

  4. Yield control to the nonsecure OS with an SMC instruction. The nonsecure OS boots after this.

The overall security of the software relies on the security of the boot code along with the code for the Secure Monitor.

Copyright © 2006-2009 ARM Limited. All rights reserved.ARM DDI 0344I
Non-Confidential