3.4.1. System boot sequence

Caution

Security Extensions computing enable a secure software environment. The technology does not protect the processor from hardware attacks, and you must make sure that the hardware containing the boot code is appropriately secure.

The processor always boots in the privileged Supervisor mode in the Secure state, with the NS bit set to 0. See Secure Configuration Register. This means that code that does not attempt to use the Security Extensions always runs in the Secure state. If the software uses both Secure and Non-secure states, the less trusted software, such as a complex operating system and application code running under that operating system, executes in Non-secure state, and the most trusted software executes in the Secure state.

The following sequence is expected to be typical use of the Security Extensions:

  1. Exit from reset in Secure state.

  2. Configure the security state of memory and peripherals. Some memory and peripherals are accessible only to the software running in Secure state.

  3. Initialize the secure operating system. The required operations depend on the operating system, and include initialization of caches, MMU, exception vectors, and stacks.

  4. Initialize Secure Monitor software to handle exceptions that switch execution between the Secure and Non-secure operating systems.

  5. Optionally lock aspects of the secure state environment against further configuration.

  6. Pass control through the Secure Monitor software to the Non-secure OS with an SMC instruction.

  7. Enable the Non-secure operating system to initialize. The required operations depend on the operating system, and typically include initialization of caches, MMU, exception vectors, and stacks.

The overall security of the software depends on the system design, and on the secure software itself.

Copyright © 2011, 2012 ARM. All rights reserved.ARM DDI 0464E
Non-ConfidentialID112412