Boot chain

This is the first code that the SoC executes. The code lives in embedded read-only memory of the SoC. It performs minimal initialization of clocks, reads the boot strap information, and accesses the boot media to read the First Stage Boot Loader (FSBL). When security is enabled, the ROM loader is also responsible for authenticating the FSBL before starting it.

In ARM TrustZone architecture, the ROM loader is known as Boot Loader stage 1 (BL1: Trusted ROM).

The main responsibility of the FSBL is to initialize the external RAM controller and load the Second Stage Boot Loader (SSBL) into memory. When security is enabled, the FSBL authenticates the SSBL, continuing the chain of trust. On the STM32MP15, the FSBL is the Trusted Firmware-A.

In ARM TrustZone architecture, the FSBL is known as Boot Loader stage 2 (BL2: Trusted Boot Firmware).

The Secure Monitor is a minimal operating system that has privilege access to secure hardware, such as cryptographic engines, e-fuses, and security keys. The Secure Monitor is also loaded by the FSBL. On the ConnectCore MP15, the Secure Monitor is OP-TEE.

In ARM TrustZone architecture, the Secure Monitor is known as Boot Loader stage 3.1 (BL31: Secure Payload).

The SSBL runs in external RAM and can implement complex protocols and features, such as USB or Ethernet, that facilitate the loading of the operating system. On the ConnectCore MP15, the SSBL is U-Boot.

In ARM TrustZone architecture, the SSBL is known as Boot Loader stage 3.2 (BL32: Non-trusted Firmware).