Why does N1SDP have two ROM: Secure BootROM @ 0x00_0000_0000, Non-trusted ROM @ 0x00_0500_0000

But from TF-A System Design https://trustedfirmware-a.readthedocs.io/en/latest/design/reset-design.html#general-reset-code-flow seems the Non-trusted ROM is not necessary, because it can handle the case that all CPUs start at the same address(typically address 0), so, my question is, why there are two ROM in N1SDP SoC? Can you give us a full picture of boot flow on N1SDP?

Thanks a lot!