You copied the Doc URL to your clipboard.

Building Secure and Non-secure images

ACLE provides tools allow you to build images that run in the Secure state of the ARMv8-M Security Extensions. You can also create an import library package that developers of Non-secure images must have for those images to call the Secure image.

For example, using amclang:

To build an image that runs in the Secure state you must include the <arm_cmse.h> header in your code, and compile using the -mcmse armclang command-line option. Doing this makes the following available:

  • The Test Target, TT, instruction.
  • TT instruction intrinsics.
  • Non-secure function pointer intrinsics.
  • The __attribute__((cmse_nonsecure_call)) and __attribute__((cmse_nonsecure_entry)) function attributes.

At startup, your Secure code must set up the Secure Attribution Unit (SAU) and call the Non-secure startup code.

Calling a Secure image from a Non-secure image using veneers

Calling a Secure image from a Non-secure image requires a transition from Non-secure to Secure state. A transition is initiated through Secure gateway veneers. Secure gateway veneers decouple the addresses from the rest of the Secure code.

An entry point in the Secure image, entryname, is identified with:


The calling sequence is as follows:

  1. The Non-secure image uses the branch BL instruction to call the Secure gateway veneer for the required entry function in the Secure image:

  bl    entryname

  1. The Secure gateway veneer consists of the SG instruction and a call to the entry function in the Secure image using the B instruction:
        B.W        __acle_se_entryname
  1. The Secure image returns from the entry function using the BXNS instruction:

    bxns  lr

The following figure is a graphical representation of the calling sequence, but for clarity, the return from the entry function is not shown:


Import library package

An import library package identifies the entry functions available in a Secure image. The import library package contains:

  • An interface header file, for example h. You manually create this file using any text editor.
  • An import library, for example o. armlink generates this library during the link stage for a Secure image.


You must have separate compile and link stages:

  • To create an import library when building a Secure image.
  • To use an import library when building a Non-secure image.
Was this page helpful? Yes No