To call a function of the “secure world” you must perform a call to a intermediate function. This kind of function is known as “Veneer Function” and in arm implementation it must be marked with a SG instruction.
_______________________
| SG (INSTRUCTION) |
|---------------------|
|SECURE WORLD| <------> | NON-SECURE CALLABLE | <------> |NON-SECURE WORLD|
| (NSC) |
-----------------------NSC is a special type of Secure location. This type of memory is the only type which an ARMv8-M processor permits to hold an SG(secure gateway) instruction that enables software to transition from Non-secure to Secure state. The inclusion of NSC memory locations removes the need for Secure software creators to allow for the accidental inclusion of SG instructions, or data sharing encoding values, in normal Secure memory by restricting the functionality of the SG instruction to NSC memory only.
Memory regions and their security state are defined either by a Secure Attribution Unit (SAU) or an implementation Defined Attribution Unit (IDAU). The SAU allows to adjust the memory layout at runtime. The IDAU is defined by the hardware manufacturer and enables the definition of upto 255 memory regions. Regions defined by multiple units take the highest attribution. Therefore if an address is defined to be non-secure by the SAU and secure by the IDAU, the address is considered to be secure. To note secure is considered higher than non-secure callable.