3.6.1. System boot sequence

Caution

The Security Extensions enable the construction of an isolated software environment for more secure execution, depending on a suitable system design around the processor. The technology does not protect the processor from hardware attacks, and you must make sure that the hardware containing the reset handling code is appropriately secure.

The processor always boots in the privileged Supervisor mode in the Secure state, with the NS bit set to 0. This means that code that does not attempt to use the Security Extensions always runs in the Secure state. If the software uses both Secure and Non-secure states, the less trusted software, such as a complex operating system, executes in Non-secure state, and the more trusted software executes in the Secure state.

The following sequence is expected to be typical use of the security extensions:

  1. Exit from reset in Secure state.

  2. Configure the security state of memory and peripherals. Some memory and peripherals are accessible only to the software running in Secure state.

  3. Initialize the secure operating system. The required operations depend on the operating system, and typically include initialization of caches, MMU, exception vectors, and stacks.

  4. Initialize Secure Monitor software to handle exceptions that switch execution between the Secure and Non-Secure operating systems.

  5. Optionally lock aspects of the secure state environment against further configuration.

  6. Pass control through the Secure Monitor software to the non-secure OS with an SMC instruction to enable the Non-secure operating system to initialize. The required operations depend on the operating system, and typically include initialization of caches, MMU, exception vectors, and stacks.

The overall security of the secure software depends on the system design, and on the secure software itself.

Copyright © 2008-2009 ARM. All rights reserved.ARM DDI 0388E
Non-Confidential