Why does hvc make Undefined instruction exception?

I'm writing a program with the ARMv7-A assembly language. I want to use Virtualization Extension and make the processor mode PL2 in the non secure world.

Therefore, I use hvc instruction as follow:

1. start in secure PL1(SVC) mode.
2. set MVBAR and VBAR.
3. use smc instruction and go to monitor mode.
4. In the monitor mode, set SCR.NS bit ,set HVBAR and excetpion return.
5. make the processor mode SVC.
6. call hvc

the code

    .text

    .section .eitbra , "ax"
    // non-secure vector table
    .org    0x00000000
    b   startup_entry       // 00 : reset
    b   default_entry       // 04 : undefined instruction exception
    b   default_entry       // 08 : supervisor call (SVC)
    b   default_entry       // 0C : prefetch abort
    b   default_entry       // 10 : data abort
    nop                     // 14 : (reserved)
    b   default_entry       // 18 : interrupt
    b   default_entry       // 1C : fast interrupt
    .org    0x00000020
    // secure vector table
secure_vector:
    b   startup_entry       // 00 : reset
    b   default_entry       // 04 : undefined instruction exception
    b   default_entry       // 08 : supurvisor call (SVC)
    b   default_entry       // 0C : prefetch abort
    b   default_entry       // 10 : data abort
    nop                     // 14 : (reserved)
    b   default_entry       // 18 : interrupt
    b   default_entry       // 1C : fast interrupt
    .org    0x00000040
hyper_vector:
    // hyper vector table
    nop                     // 00 : reset
    b   default_entry       // 04 : undefined instruction exception
    b   default_entry       // 08 : hyper call from hyper mode
    b   default_entry       // 0C : prefetch abort
    b   default_entry       // 10 : data abort
    b   hyper_entry         // 14 : hyper call from non-secure world (HVC)
    b   default_entry       // 18 : interrupt
    b   default_entry       // 1C : fast interrupt
    .org    0x00000060
monitor_vector:
    // monitor vector table
    nop                     // 00 : (reserved)
    nop                     // 04 : (reserved)
    b   hyper_init          // 08 : monitor call
    b   default_entry       // 0C : prefetch abort
    b   default_entry       // 10 : data abort
    nop                     // 14 : (reserved)
    b   default_entry       // 18 : interrupt
    b   default_entry       // 1C : fast interrupt
    .org    0x00000080

startup_entry:
    // set cpsr
    mov r0, #(PSM_SVC | CPSR_I | CPSR_F)
    msr cpsr, r0

    // set vector base address
    ldr r1, =secure_vector
    mcr p15, 0, r1, c12, c0, 0  // VBAR
    ldr r1, =monitor_vector
    mcr p15, 0, r1, c12, c0, 1  // MVBAR

    // move to monitor mode and restart as non-secure world
    smc #0

  nonsecure_init:
    ldr r1, =_start
    mcr p15, 0, r1, c12, c0, 0  // VBAR
    // set cpsr
    mrs r0, cpsr
    mov r0, #(PSM_SVC | CPSR_I | CPSR_F)
    msr cpsr, r0

    // hyper call test
    hvc #0

    b default_entry


hyper_init:
    mrc p15, 0, r0, c1, c1, 0   //read scr
    orr r0, r0, #1  // set NS bit
    mcr p15, 0, r0, c1, c1, 0   //set scr
    mrs r0, cpsr

    ldr r0, =hyper_vector
    mcr p15, 4, r0, c12, c0, 0  // HVBAR
    movs pc, lr

hyper_entry:
    ldr sp, =_stack_start+0x50
    eret
default_entry:
    nop
    mrs r0, cpsr
    nop
    wfi
    b default_entry

But, at the hvc instruction, undefined instruction exception occured. This code was called from U-Boot console(go command) on TWR-LS1021A board(Cortex-A7).

Anyone know what causes this/how to fix ?

I solve this myself. I didn't set SCR.HCE bit. If this bit is not set, hvc instruction is undefined even if in non-secure PL1 mode. After setting this bit, hyper exception occured.