When to use the firewall
The firewall protects both code and data. The protected code can always be called as long as a call gate
mechanism is respected.
Note: A firewall is available on STM32L0 and STM32L4 devices only. Refer to the application note AN4730 for more
details.
6.10 Memory protection unit (MPU)
The MPU is a memory protection mechanism that allows specific access rights to be defined for
any memory‑mapped resource of the device: flash memory, SRAM, and peripheral registers. This protection
is dynamically managed at runtime.
Note: MPU attributes are only set for CPU access. Other bus master requests (such as DMA) are not filtered
by the MPU, and must be deactivated if they are not needed.
Region access attributes
The MPU splits the memory map into several regions, each having its own access attribute. Access right can be
set as executable, not executable(XN), read-write (RW), read only (RO), or no access.
Note: There are other attributes set by the MPU for each region: shareable, cacheable, and bufferable. This
application note does not cover the whole complexity of the MPU. This section provides only an introduction
and high
‑
level overview. Refer to applicable programming manual, or to the document [5].
Privileged and unprivileged modes
On top of the access attribute, the Arm Cortex-M architecture defines two execution modes, allowing a process
to run in either privileged or unprivileged mode. For each region, the access attribute can be set independently
for each mode.
The table below shows the different cases supported by mixing modes and access attributes.
Table 13. Attributes and access permission managed by MPU
Privileged mode attribute
Unprivileged mode attribute Description
Execute never (XN)
(1)
Code execution attribute
No access No access All accesses generate a permission fault.
RW No access Access from a privileged software only
RW RO Written by an unprivileged software generate a permission fault.
RW RW Full access
RO No access Read by a privileged software only
RO RO Read only, by privileged or unprivileged software
1. XN attribute is set by region, and is valid for both modes. It can be used to avoid SRAM code injection for example.
The code executed in privileged mode can access additional specific instructions (MRS), and can also access
Arm® core peripheral registers (such as NVIC, DWT, or SBC). This is useful for OS kernels or pieces of secure
code requiring access to sensitive resources that are otherwise inaccessible to unprivileged firmware.
AN5156
Memory protection unit (MPU)
AN5156 - Rev 8
page 37/56
To Next Page
Loading...
Need help?
General
