You copied the Doc URL to your clipboard.

The Memory Protection Unit

The Memory Protection Unit (MPU) in ARMv8-M series processors is a programmable unit inside the processor that allows privileged software, typically an OS kernel, to define memory access permissions to regions within the 4GB memory space. All memory access is monitored by the MPU, including instruction fetches and data accesses from the processor, which can trigger a fault exception when an access violation is detected.

The MPU can:

  • Prevent stack overflows in one task from corrupting memory belonging to another task.
  • Define regions of memory where access is never allowed by instruction fetches, so preventing any potential malicious code from being executed from those regions.
  • Secure regions of RAM and SRAM from accidental corruption by defining those regions as read-only.
  • Define regions of memory as ‘shareable’ when multiple masters in the system have access to that region. By being shareable, the system is required to ensure coherency for that region among its masters.

The ARMv8-M MPU supports a configurable number of programmable regions with a typical implementation supporting between zero and eight regions per security state.

The MPC can define 0, 4, 8, 12, or 16 regions for any implementation of the Cortex-M23 or Cortex-M33 processors. Previously, the number of regions allowed on a Cortex-M0+, Cortex-M3, or Cortex-M4 was either 0 or 8.

  • The smallest size that can be programmed for an MPU region is 32 bytes.
  • The maximum size of any MPU region is 4GB, but the size must be a multiple of 32 bytes.
  • All regions must begin on a 32 byte aligned address.
  • Regions have independent read/write access permissions for privileged and unprivileged code.
  • The eXecute Never (XN) attribute enables separation of code and data regions.

If the ARMv8-M Security Extension is included, the Secure and Normal worlds can each have their own MPU. The number of regions in the Secure and Non-secure MPU can be configured independently and each can be programmed to protect memory for the associated Security state.

With ARMv8-M architecture with Security Extension, it is possible to have one set of MPU configuration registers for the Secure world and another set of MPU configuration registers for the Normal world. It is also possible to have the MPU feature available in just one of the security states, or have no MPU at all. Secure software can access a Non-secure MPU using an alias address (address 0xE002ED90).

As the ARMv8-M architecture with Security Extension was not previously available, legacy configuration code must also be updated to reflect the new features.

The default memory map

ARMv8-M is a memory-mapped architecture with shared address space for physical memory and processor control and status registers. At reset, and before the MPU is configured or initialized, the memory is divided into 8 x 512MB segments.

memory_map.png

The definitions of these regions are as follows:

Code

0x00000000-0x1FFFFFFFF

Memory to hold instructions

Typically ROM or flash memory

Code execution allowed

SRAM

0x20000000-0x3FFFFFFFF

Fast SRAM memory, on-chip RAM

2xRAM

0x60000000-0x9FFFFFFFF

Typically RAM memory, usually off-chip RAM

Peripheral

0x40000000-0x5FFFFFFFF

Peripheral memory space, on-chip

Code execution not allowed

eXecute Never (XN)

2xDevice

0xA0000000-0xDFFFFFFFF

Peripheral memory space, off-chip

System

0xE0000000-0xFFFFFFFFF

Contains memory mapped registers

You can use the MPU to redefine all of these regions. As the MPU is an optional component, in a system with the ARMv8-M Security Extensions, you can have, for example, a Non-secure MPU defining regions in the Non-secure memory space, while the Secure memory space is left in the default configuration.

Was this page helpful? Yes No