The Cortex-M CPU is designed to run code with two different levels of privilege. Privilege separation is important whenever untrusted application code is running on the system, allowing the kernel to keep control of the execution at all times, and prevent system failures due to a misbehaving user thread. The default execution level at boot is privileged, to allow the kernel to boot. Applications can be configured to execute in the user level and use a different stack-pointer register during the context switch operations.
Changing privilege levels is possible only during an exception handler, and it is done using the special exception return value, stored in LR before returning from an exception handler that performed a context ...