Using STM32's MPU (Memory Protection Unit) to implement code isolation and access control

nmg

Using STM32's MPU (Memory Protection Unit) to implement code isolation and access control [Copy link]

Problem/Goal and Solution

Objective: Only allow "high-level functions" to access data in OTP, other applications cannot directly read OTP content
Example @ F413-Nucleo, F401-Nucleo

Target environment

• The MCU used in the application is STM32F4

Analysis (taking F413 as an example)

• F413 has a 528-byte OTP, which can meet the requirement that data cannot be modified after being written once.

• In order to achieve the requirement of allowing only part of the code to access OTP, it is necessary to partition the code and set different access rights

• F413 has MPU (Memory Protection Unit) function. Access control can be achieved by properly configuring MPU and the running level of different codes.

• First, the code can be divided into code running at the privileged level (critical functions) and code running at the user level (ordinary applications)

Set different MPU regions and their access rights so that the region where the OTP is located can only be read by code running at the privileged level

Ideas for using MPU to implement access control

Building a sample program - Implementing access control through the MPU

Code structure changes

• Main function

Call the MPU configuration function to downgrade to user mode before entering the application

• MPU configuration source file

Configure the MPU region and enable the MPU

• Key code source files

Code and operations to actually access the OTP area

• Key code wrapper source file

API functions for user-level applications to call

Trigger SVC interrupt to enter privileged level

Call key code to actually operate the function

Return to user level and return to application

• SVC Interrupt Handler

Process SVC call interrupt and determine PC range

Enter the privileged level to execute the application

Linker file coordination

• Two RAM areas are defined in the linker file to store the stack used by privileged level and user level code respectively.

• The linker file defines the block where the key code wrapper target file is placed, and its corresponding address in Flash

The SVC interrupt handler will use this address to do a PC range check

MPU region considerations

• OTP area, privileged read-only access

• SRAM area used by user-level code, full read-write access, non-executable

• General peripherals, full read and write access, non-executable

• DMA (assuming the application does not use it) is completely inaccessible (prevent the application from accessing the OTP area via DMA)

• Flash code area, read-only access, executable

• Others: Default mode, only privileged mode access is allowed

[attach ]491597[/attach]

Sample Program Description

NUCLEO-F413ZH_MPU_PRIV_Protection.7z

• Contains sample programs based on NUCLEO-F413ZH to implement access control via MPU

• The MPU region definition and file structure are as described above.

• Support IAR engineering projects

NUCLEO-F401RE_MPU_PRIV_Protection.zip

• Contains sample programs based on NUCLEO-F401RE to implement access control via MPU

• The MPU region definition has been partially adjusted according to the address space mapping of the F401RE chip, and the general idea is the same.

• Support IAR and KEIL engineering projects

NUCLEO-F401RE_MPU_PRIV_Protection.zip (continued)

• The application section contains a test menu

• Used to experience the effects of trying to access data in protected areas in different ways

  

• Slightly adjust the source file name and function name