Figure: Cold boot flow
- After a reset, the boot core exits the Reset state and executes the PBL. The PBL initializes the hardware clocks, CPU caches, memory management unit (MMU), and identifies the boot device based on the boot option settings.
- The PBL loads and authenticates the XBL from the boot device. The XBL runs the security setup in EL3 Secure state and performs the following tasks:
- Initializes the hardware, firmware images, CPU cache, MMU, boot device, PMIC, and DDR.
- Loads and authenticates the Qualcomm TEE image from the boot device.
- Loads and authenticates the Qualcomm Hypervisor image.
- Loads and authenticates the EDK II/U-Boot image.
- Makes a secure channel manager (SCM) call to jump to the Qualcomm TEE image. SCM is the driver that communicates with Qualcomm TEE using a secure monitor call (SMC).
- The Qualcomm TEE sets up the secure environment and runs the Qualcomm Hypervisor image.
- The Qualcomm Hypervisor hands over control to EDK II/U-Boot, which then loads and authenticates the systemd-boot EFI image using the UEFI secure boot.
- The systemd-boot image loads and authenticates the Qualcomm Linux kernel image, and passes control to the Qualcomm Linux kernel. If you enable kernel-based virtual machine (KVM) mode, the UEFI shuts down the Qualcomm Hypervisor, exits the UEFI boot services, and passes control to Linux KVM in EL2.
- In U-Boot KVM mode, the Qualcomm Hypervisor is shut down at the beginning of its execution, and it starts executing at EL2. To enable KVM mode in U-Boot, see Enabling Kernel-Based Virtual Machine (KVM).
- The Qualcomm Linux kernel launches the Linux application such as the bash shell.

