A TrustZone-enabled processor starts in the Secure world when it is powered on. This enables any sensitive security checks to run before the Normal world software has an opportunity to modify any aspect of the system.
After power-on most SoC designs will start executing a ROM-based bootloader which is responsible for initializing critical peripherals such as memory controllers, before switching to a device bootloader located in external non-volatile storage such as flash memory. The boot sequence will then progress through the Secure world operating environment initialization stages, before passing control to the Normal world bootloader. This will progress to starting the Normal world operating system, at which point the system can be considered running.
Systems that want an additional level of protection can use a signal input into the processor core to lock-down some of the critical Secure world configuration options in CP15. Asserting the CP15SDISABLE processor input signal will cause some of the Secure world CP15 settings to become unmodifiable, even if the modification is attempted by Secure world privileged software.
It is expected that designs using CP15SDISABLE will configure the sensitive settings during the boot process and assert the signal before passing control to the Normal world software.
Note that a system must boot with CP15SDISABLE set low to enable Secure world boot code to configure the CP15 registers will appropriate settings. The method used to to change the signal should only be available to the Secure world, and other protections may be suitable, such as using a latching signal generator which can only be reset to a low state by resetting the device.