内存保护单元(MPU)
The hardware performs memory management every time that memory is accessed by either the OS or applications. Memory management is a way of dynamically allocating regions of memory to applications.
Both the KM4TZ processor and KM4NS processor have a memory protection unit (MPU) that provides fine-grained memory system control, enabling applications to implement security privilege levels, separating code, data and stack on a task-by-task basis.
The MPU sets up the protection by defining the memory map as a number of regions. As the following table shows, up to eight regions can be defined in the chip. For More information about how to use the MPU, refer to Arm®v8-M Architecture Reference Manual.
Processor |
Security |
Region number |
|---|---|---|
KM4TZ |
Non-Secure MPU |
8 |
Secure MPU |
4 |
|
KM4NS |
Non-Secure MPU |
4 |
The MPU can improve the reliability of an embedded system by:
preventing user applications from corrupting data used by the operating system
separating data between processing tasks by blocking tasks from accessing others’ data
allowing memory regions to be defined as read-only so that vital data can be protected
detecting unexpected memory accesses (e.g. stack corruption)
In addition, the MPU can also be used to define memory access characteristics such as caching and buffering behaviors for different regions. The MPU sets up the protection by defining the memory map as a number of regions, and it needs to be programmed and enabled before use. All MPU regions are aligned to a multiple of 32 bytes.
For KM4TZ, when the MPU is disabled, accesses will use memory attributes from the default system address map.