This section details a high-level understanding of the execution flow and an abstracted memory map showing how the two banks of flash are used. The execution of the device is divided into two distinct phases. A Privileged and Unprivileged flow. The following flow shows this distinction with the line separating the upper (privileged) and lower (unprivileged) phases.

• The issuing of INITDONE is the official transition from the privileged state to the unprivileged, enabling security.
• The Customer Secure Code is run both times, thus the same body of code contains two execution paths, depending on the state.
• The privileged state must happen before the unprivileged state, and this is not possible to transition back to the privileged state without a BOOTRST.
• This satisfies a one-time Trusted Execution Environment (TEE) as described by some Secure Boot documentation.
• Unprivileged mode has additional activated features, such as firewalls and the Read or Execute bank policy.
• The application is only ever run in the unprivileged mode.
• The state can be determined by the Customer Secure Code by reading whether INITDONE has been issued.
• A SYSRST does not enter the privileged state, and security policies are retained.