The boot chain is the sequence of boot stages the SoC performs until it can run a rich operating system. The following diagram represents the boot chain on the i.MX95 SoC:

Boot chain

ROM loader

This is the first code that the SoC executes. The code lives in embedded read-only memory of the SoC. It performs minimal initialization of clocks, reads the boot strap information, and accesses the boot media to read the Cortex-M33 firmware. When security is enabled, the ROM loader is also responsible for authenticating the firmware before starting it.

In ARM TrustZone architecture, the ROM loader is known as Boot Loader stage 1 (BL1: Trusted ROM).

Optional Executable Image (OEI)

The OEI configures some aspects of the hardware such as DDR config, init TCM ECC, etc.

Load Cortex-A55 and Cortex-M7 firmware

The Cortex-M33 then loads the firmware images for the other cores.

System Manager (SM)

The System Manager (SM) is a low-level system function which runs on the Cortex-M33 and provides isolation and management of power domains, clocks, resets, sensors, pins, etc. The SM has exclusive access to critical resources such as those controlling power, clocks, reset, PMIC, etc. and then provides SCMI access control to clients for those shared critical resources.

See System Manager (SM) for more information.

Secondary Program Loader (SPL)

The SPL (Secondary Program Loader) is a minimal, size-constrained U-Boot component that performs early hardware initialization and loads Arm Trusted Firmware-A (TF-A), which then continues the boot flow toward U-Boot proper.

In ARM TrustZone architecture, the SPL is known as Boot Loader stage 2 (BL2: Trusted Boot Firmware).

Trusted Firmware-A (TF-A)

The Trusted Firmware-A (TF-A), sometimes called ARM Trusted Firmware (ATF), is an open source reference implementation of secure-world software for Armv7-A and Armv8-A class processors.

In ARM TrustZone architecture, the TF-A is known as Boot Loader stage 3.1 (BL31: EL3 Runtime Software).

See Trusted Firmware-A for more information.

Secure Monitor

The Secure Monitor is a minimal operating system that has privilege access to secure hardware, such as cryptographic engines, e-fuses, and security keys. On the ConnectCore 95, the Secure Monitor is OP-TEE.

In ARM TrustZone architecture, the Secure Monitor is known as Boot Loader stage 3.2 (BL32: Secure-EL1 Payload).

See OP-TEE for more information.