Calling secure functions after boot load

Processor is  STM32U585CIU6Q. I have a trust zone project (STM32IDE) that runs just fine without the boot loader. At reset the secure project runs, transfers control to the non-secure and I can make calls to functions on the secure side just fine. All is good.

This is boot loader development effort. I don’t have code to actually receive images yet. I place the secure and non-secure projects in place with the IDE and run the boot loader. When the boot loader transfers control to the secure application it seems to initially work OK.  I get to the secure application OK, The secure application transfers control to the non-secure project OK. However, as soon as i try to make a call to a secure function the system hangs.

To transfer out of the boot loader I save a flag in protected memory and do a SW reset. I have used this technique on other ST parts as a way to get the processor in a known state. When I come out of reset the boot loader immediately (before any initialization except C init) tests the flag. If set it does (what I thought was) a pretty standard jump to the app via the vector table. As I said this works and I get to the secure app OK then to the non-secure app. As long as I stay in the non-secure code all is well. However, something is obviously not completely initialized because the linkage from non-secure to secure is broken.

I know a SW reset does not completely set everything back to default like a HW reset does. I assume the app code is assuming TrustZode things are in a 100% default state and the secure app does not do a 100% initialization of something -- and I am caring over bad state from the boot loader.

 Thoughts and ideas on what junk I might be carrying over from boot loader to app appreciated -- or a reference to info on how to make the transition properly would be appreciated

Thanks in advance