The boot chain is the sequence of boot stages the SoC performs until it can run a rich operating system. The following diagram represents the boot chain on the STM32MP25 SoC:

Boot chain

ROM loader

This is the first code that the SoC executes. The code lives in embedded read-only memory of the SoC. It performs minimal initialization of clocks, reads the boot strap information, and accesses the boot media to read the First Stage Boot Loader (FSBL). When security is enabled, the ROM loader is also responsible for authenticating the FSBL before starting it.

In ARM TrustZone architecture, the ROM loader is known as Boot Loader stage 1 (BL1: Trusted ROM).

First Stage Boot Loader (FSBL)

The main responsibility of the FSBL is to initialize the external RAM controller and load the Second Stage Boot Loader (SSBL) into memory. When security is enabled, the FSBL authenticates the SSBL, continuing the chain of trust. On the STM32MP25, the FSBL is the Trusted Firmware-A.

In ARM TrustZone architecture, the FSBL is known as Boot Loader stage 2 (BL2: Trusted Boot Firmware).

Secure monitor

The Secure Monitor is a minimal operating system that has privilege access to secure hardware, such as cryptographic engines, e-fuses, and security keys. The Secure Monitor is also loaded by the FSBL. On the ConnectCore MP25, the Secure Monitor is OP-TEE.

In ARM TrustZone architecture, the Secure Monitor is known as Boot Loader stage 3.1 (BL31: Secure Payload).

Second Stage Boot Loader (SSBL)

The SSBL runs in external RAM and can implement complex protocols and features, such as USB or Ethernet, that facilitate the loading of the operating system. On the ConnectCore MP25, the SSBL is U-Boot.

In ARM TrustZone architecture, the SSBL is known as Boot Loader stage 3.2 (BL32: Non-trusted Firmware).