The Memory Protection Unit (MPU) in ARM Cortex processors provides memory access control to ensure that software accesses only the memory regions it is permitted to. The MPU defines regions of memory and assigns access permissions to each region to control which software can access that region for read, write, or execute operations.
Overview of MPU in ARM Cortex
The key features of MPU in ARM Cortex include:
- Defines up to 16 memory regions with configurable base address, size, and access permissions
- Access permissions include no access, read-only, read/write, execute, and execute never
- Permissions can be assigned per region per master for flexible control
- Masters include processor core, DMA controllers, crypto units, etc.
- MPU checks every memory access and generates fault for unauthorized accesses
- MPU faults can generate exceptions for handling in software
- Optional support for overlapped regions and sub-regions for complex schemes
- Minimal performance impact as MPU runs in parallel with memory access
The MPU allows system designers to protect and isolate memory areas for code, stack, data, peripherals, and more. For example, application code can be marked execute-only to prevent data corruption. The MPU improves system robustness by preventing invalid memory accesses from locking up the processor or causing unintended behavior.
MPU Region Configuration
The MPU allows configuring up to 16 regions with a region number, start address, end address, access permissions, and other attributes. The regions can be overlapped to create complex schemes. Each region is defined by:
- Region Number – Unique 0-15 value to identify the region
- Start Address – Starting address of the region in memory map
- End Address – Ending address of the region in memory map
- Access Permissions – Read, write, execute permissions per master
- Sub-region Disable – Disable sub-regions for simpler schemes
- Size – Specifies the region size as 2^N bytes
- Enable – To enable or disable the region
The start and end addresses define the memory range for the region. The MPU works by comparing the address of each memory access to the configured regions to check if the access is permitted. If the access matches a configured region, the assigned permissions for that region are checked. Any mismatch causes an MPU fault.
MPU Access Permissions
The MPU allows setting access permissions for each region individually per master. Typical permissions include:
- No access – Disallows all accesses, generates fault on access
- Read-only – Allows read accesses only
- Read/Write – Allows read and write accesses only
- Execute – Allows instruction fetch accesses for execution
- Execute Never – Disallows instruction fetch, generates fault
Fine grained permissions can be assigned. For example, a master such as the processor core can be allowed read/write access while a DMA controller may only have read access to the same region. This flexibility allows designers to configure the MPU as per their security needs.
Overlapped and Sub-Regions
The MPU supports overlapped regions to enable complex memory schemes using multiple regions. Sub-region permissions can further refine overlapped regions. For example:
- Region 0: 0x0000 to 0xFFFF (64KB), Read/Write
- Region 1: 0x8000 to 0xDFFF (32KB), Execute Only
This defines a 64KB memory from 0x0000 to 0xFFFF with Read/Write access. But the sub-region from 0x8000 to 0xDFFF additionally has Execute permission. Accesses to this sub-region need to match both regions. Disabling sub-regions simplifies the schemes.
Using the MPU in ARM Cortex-M
In ARM Cortex-M processors, the MPU module is configured using registers in the System Control Block. Key steps include:
- Configure regions by setting start address, end address, access permissions, and other attributes
- Enable the MPU globally using the CTRL register
- Enable specific regions by setting the enable bit in that region’s registers
- Set up NVIC to handle MPU faults as exceptions
- On receiving fault, software can handle or terminate execution
MPU faults have the highest priority in Cortex-M so are handled before other faults. Software needs to carefully configure the regions and access permissions as per the system security requirements. The MPU improves system robustness by trapping unintended accesses early.
Using the MPU in ARM Cortex-A
In ARM Cortex-A processors, the MPU is configured using registers in the System Control Processor (SCP). Key steps include:
- Configure regions by programming the MPU base register for that region
- Assign masters to regions through the MPU access control registers
- Enable MPU globally by setting bits in main MPU control register
- Configure interrupts to trap MPU violations to software
- Software can terminate violating process or take other action
The Cortex-A MPU provides fine grained control with permissions per master per region. Software plays a key role in configuring the regions appropriately and handling MPU violations.
MPU vs MMU
The Memory Management Unit (MMU) is another memory access control mechanism available in some ARM processors such as Cortex-A5 and newer. Key differences between MPU and MMU include:
- MPU has fixed regions while MMU uses page tables for memory maps
- MPU controls access at system level while MMU works at process level
- MPU is software-based while MMU handles mapping dynamically in hardware
- MPU is simpler with lower overhead compared to MMU
- MPU cannot handle virtual memory like MMU
Due to its simplicity, the MPU is well suited for resource constrained microcontroller-type systems that need memory protection. The MMU provides more advanced capabilities but with higher complexity.
Use Cases
Some typical use cases for the ARM Cortex MPU include:
- Protecting code memory from unintended writes
- Preventing access to secure regions like cryptography keys
- Isolating multiple applications in shared memory
- Protecting and partitioning memory in real-time systems
- Allowing only privileged software to access restricted regions
- Safely executing untrusted code from external sources
Overall the MPU enables building more robust systems and applications on ARM Cortex processors.
