diff --git a/qemu/target-arm/cpu-qom.h b/qemu/target-arm/cpu-qom.h
index 3cadc915..2f2f57d4 100644
--- a/qemu/target-arm/cpu-qom.h
+++ b/qemu/target-arm/cpu-qom.h
@@ -86,6 +86,9 @@ typedef struct ARMCPU {
     /* GPIO outputs for generic timer */
     //qemu_irq gt_timer_outputs[NUM_GTIMERS];
 
+    /* MemoryRegion to use for secure physical accesses */
+    MemoryRegion *secure_memory;
+
     /* 'compatible' string for this CPU for Linux device trees */
     const char *dtb_compatible;
 
diff --git a/qemu/target-arm/cpu.c b/qemu/target-arm/cpu.c
index 13ed4127..5742f46d 100644
--- a/qemu/target-arm/cpu.c
+++ b/qemu/target-arm/cpu.c
@@ -420,6 +420,24 @@ static void arm_cpu_post_init(struct uc_struct *uc, Object *obj)
         //qdev_property_add_static(DEVICE(obj), &arm_cpu_rvbar_property,
         //                         &error_abort);
     }
+
+    if (arm_feature(&cpu->env, ARM_FEATURE_EL3)) {
+        /* Add the has_el3 state CPU property only if EL3 is allowed.  This will
+         * prevent "has_el3" from existing on CPUs which cannot support EL3.
+         */
+        //qdev_property_add_static(DEVICE(obj), &arm_cpu_has_el3_property,
+        //                         &error_abort);
+
+#ifndef CONFIG_USER_ONLY
+        /* Unicorn: commented out
+        object_property_add_link(obj, "secure-memory",
+                                 TYPE_MEMORY_REGION,
+                                 (Object **)&cpu->secure_memory,
+                                 qdev_prop_allow_set_link_before_realize,
+                                 OBJ_PROP_LINK_UNREF_ON_RELEASE,
+                                 &error_abort);*/
+#endif
+    }
 }
 
 static void arm_cpu_finalizefn(struct uc_struct *uc, Object *obj, void *opaque)
@@ -539,6 +557,31 @@ static int arm_cpu_realizefn(struct uc_struct *uc, DeviceState *dev, Error **err
     register_cp_regs_for_features(cpu);
     arm_cpu_register_gdb_regs_for_features(cpu);
 
+#ifndef CONFIG_USER_ONLY
+    if (cpu->has_el3) {
+        cs->num_ases = 2;
+    } else {
+        cs->num_ases = 1;
+    }
+
+    if (cpu->has_el3) {
+        AddressSpace *as;
+
+        if (!cpu->secure_memory) {
+            cpu->secure_memory = cs->memory;
+        }
+        as = address_space_init_shareable(uc,
+                                          cpu->secure_memory,
+                                          "cpu-secure-memory");
+        cpu_address_space_init(cs, as, ARMASIdx_S);
+    }
+    cpu_address_space_init(cs,
+                           address_space_init_shareable(uc,
+                                                        cs->memory,
+                                                        "cpu-memory"),
+                           ARMASIdx_NS);
+#endif
+
     init_cpreg_list(cpu);
 
     qemu_init_vcpu(cs);
diff --git a/qemu/target-arm/cpu.h b/qemu/target-arm/cpu.h
index 52a22ede..5e340080 100644
--- a/qemu/target-arm/cpu.h
+++ b/qemu/target-arm/cpu.h
@@ -1723,6 +1723,12 @@ typedef enum ARMMMUIdx {
 
 #define MMU_USER_IDX 0
 
+/* Indexes used when registering address spaces with cpu_address_space_init */
+typedef enum ARMASIdx {
+    ARMASIdx_NS = 0,
+    ARMASIdx_S = 1,
+} ARMASIdx;
+
 /* Return the exception level we're running at if this is our mmu_idx */
 static inline int arm_mmu_idx_to_el(ARMMMUIdx mmu_idx)
 {