You copied the Doc URL to your clipboard.

The Memory Protection Unit

The Memory Protection Unit (MPU) in ARMv8-M series processors is a programmable unit inside the processor that allows privileged software, typically an OS kernel, to define memory access permissions to regions within the 4GB memory space. All memory access is monitored by the MPU, including instruction fetches and data accesses from the processor, which can trigger a fault exception when an access violation is detected.

The MPU can:

  • Prevent stack overflows in one task from corrupting memory belonging to another task.
  • Define regions of memory where access is never allowed by instruction fetches, so preventing any potential malicious code from being executed from those regions.
  • Secure regions of RAM and SRAM from accidental corruption by defining those regions as read-only.
  • Define regions of memory as ‘shareable’ when multiple masters in the system have access to that region. By being shareable, the system is required to ensure coherency for that region among its masters.

The ARMv8-M MPU supports a configurable number of programmable regions with a typical implementation supporting between zero and eight regions per security state.

The MPU can define 0, 4, 8, 12, or 16 regions for any implementation of the Cortex-M23 or Cortex-M33 processors. Previously, the number of regions allowed on a Cortex-M0+, Cortex-M3, or Cortex-M4 was either 0 or 8.

  • The smallest size that can be programmed for an MPU region is 32 bytes.
  • The maximum size of any MPU region is 4GB, but the size must be a multiple of 32 bytes.
  • All regions must begin on a 32 byte aligned address.
  • Regions have independent read/write access permissions for privileged and unprivileged code.
  • The eXecute Never (XN) attribute enables separation of code and data regions.

If the ARMv8-M Security Extension is included, the Secure and Normal worlds can each have their own MPU. The number of regions in the Secure and Non-secure MPU can be configured independently and each can be programmed to protect memory for the associated Security state.

With ARMv8-M architecture with Security Extension, it is possible to have one set of MPU configuration registers for the Secure world and another set of MPU configuration registers for the Normal world. It is also possible to have the MPU feature available in just one of the security states, or have no MPU at all. Secure software can access a Non-secure MPU using an alias address (address 0xE002ED90).

As the ARMv8-M architecture with Security Extension was not previously available, legacy configuration code must also be updated to reflect the new features.

The default memory map

ARMv8-M is a memory-mapped architecture with shared address space for physical memory and processor control and status registers. At reset, and before the MPU is configured or initialized, the memory is divided into 8 x 512MB segments.


The definitions of these regions are as follows:



Memory to hold instructions

Typically ROM or flash memory

Code execution allowed



Fast SRAM memory, on-chip RAM



Typically RAM memory, usually off-chip RAM



Peripheral memory space, on-chip

Code execution not allowed

eXecute Never (XN)



Peripheral memory space, off-chip



Contains memory mapped registers

You can use the MPU to redefine all of these regions. As the MPU is an optional component, in a system with the ARMv8-M Security Extensions, you can have, for example, a Non-secure MPU defining regions in the Non-secure memory space, while the Secure memory space is left in the default configuration.