The TrustZone technology allows and maintains isolation between secure and non-secure processes within the same system. A secure mode can access both secure and non-secure worlds, but a non-secure mode can only access a non-secure world. The Arm technical reference manual contains further implementation details. This Figure shows the Arm v8 modes.
Notes relevant to This Figure.
•AArch64 is permitted only if EL1 is using AArch64.
•AArch64 is permitted only if EL2 is using AArch64.
•EL3 is the most secure exception level.
•SVC instruction generates a supervisor call. It is normally used to request privileged operations.
•HVC instruction causes a hypervisor call exception and processor mode changes to the hypervisor.
•Secure monitor call (SMC) is used to enter the secure monitor mode.