A computer system with a secure bootloading function is disclosed. Security logic (20) is implemented on-chip with a central processing unit (CPU) (10), and performs security functions following a system reset, such as upon power-up or a hardware or software reset. A security key value from a security key store (36), which is read-protected from subsequent read accesses, is used to authenticate each code block associated with secure applications. Write-protect registers (34) store the memory addresses of authenticated code blocks, so that these code blocks cannot be altered. A shadow memory (32) is provided on-chip with the CPU (10), to which access is granted for program instructions having a physical memory address within the memory address ranges stored in the write-protect registers (34), and thus usable by the secure applications. Successful authentication of the user code block ensures that the bootloaded code is not corrupt, prior to passing control to the operating system.