Memory Protection Device Survey

ARM

Nordic NRF51

  • MPU
    • NVM protection blocks. 64 sectors can be protected. Protection cleared on soft reset
    • 2 basic regions. Code region 0 and code region 1.
      • Code region 0 has full access to all memory.
      • Code region 1 can be configured to have full or partial access to code region 0 or RAM.
      • Access is granted based on source, target, and configuration.
      • Full access means R/W. Limited access means Read only.
      • Faults can result in reads returning 0 and writes not occurring, or can result in hard faults.
    • Code region 0 configured by CLENR0 in FICR.
  • See Ch. 9: http://infocenter.nordicsemi.com/pdf/nRF51_RM_v3.0.1.pdf

Nordic NRF52

TI CC3200

  • No MMU
  • No MPU

STM

STM32XXXX Series w/ MPU

  • MPU
    • 8 regions, each of which can be subdivided into 8 subregions
    • Region size is 32 bytes to 4GB

NXP

Kinetis K64F

  • No MMU
  • MPU
    • 12 regions.
    • Flexible alignment. Anywhere in memory.
    • Access control settings per master (ARM code bus, system bus, dma/ezport, usb, sdhc, etc
    • Priority mechanism for overlapping regions

See http://www.nxp.com/assets/documents/data/en/reference-manuals/K64P144M120SF5RM.pdf

Kinetis KW41Z

  • No MMU
  • No MPU

X86

Quark

NIOS2

* MMU

  • 4KB page and frame size
  • TLBs for instruction and data. RWX per page.
  • TLB tag uses PID from process for lookup

* MPU

  • 32 instruction and 32 data regions
  • variable sized regions
  • supports overlapping regions
  • RW for data regions, RWX for instruction regions
  • Support attributes
    • base address
    • type: instruction or data
    • index 0 to 31
    • 256 bytes (w/ power of 2 increments) or address limit (max address + 1)
    • access permissions RWX or RW
    • cached or uncached
    • lowest index has highest priority

Xtensa

LX??

  • Region protection w/ or w/o translation
    • 512MB regions
    • No privileged access modes
    • Split instruction/data
  • MMU
    • 4 KB page size
    • Split instruction and data TLBs
    • Privileged modes (4) and memory attributes (4)
    • Access control per page table entry
  • MPU
    • 8 regions. Maybe more based on configuration
    • 4KB - 1GB region size
    • user/kernel access mode
    • Memory attributes (9 types) and access control (12 types)
    • Unified instruction/data

ARC

standard ARC MMU

  • Programmable execute permission bits to enable or disable execution of code from specific regions of memory.
  • Programmable data read and write permission bits to enable or disable data access to specific regions of memory.
  • Separate kernel and user mode read, write, and execute permissions.
  • 1, 2, 4, 8 or 16 configurable memory regions.
  • Regions can be programmed individually and independently (restriction: power of two size, start address aligned to size).
  • Overlapping regions are supported by a priority scheme.
  • Ability to set default permissions that apply to accesses outside all programmed protection regions.
  • Uses EV_ProtV exception to indicate access violations. Protection exceptions are precise and can be restarted.
  • Can be used in conjunction with the Stack Checking and/or Code Protection mechanisms in the ARCv2-based processors.
  • Non-cacheable regions can be specified using the orthogonal features provided by the Non-cached Memory Region, AUX_CACHE_LIMIT register in the ARCv2-processor.

Main differences for the ARC SecureShield Secure MPU with additional Secure/Normal privilege levels next to kernel/user

  • Arbitrary region sizes, not just powers of two
  • Overlapping regions not allowed
  • Secure memory regions: Secure memory regions can only be accessed in the secure operating modes. Normal memory regions can be accessed from the both normal and secure operating modes.
  • SID protection: You can assign secure ID for regions. Whenever data has to be fetched, the secure MPU matches the SID of the instruction fetch with the SID of the data fetch. Only if the SIDs match and the secure modes and access privileges of the instruction fetch and data fetch match, only then the data is fetched.

RISCV

In general, the RISCV leaves the memory protection to be implemented by the designer of the chip. There appears to be MMU support (paging) and memory protection schemes similar to a MPU.

PULPino

  • No MMU
  • No MPU

Memory Protection Device Survey (last modified 2017-03-29 21:45:09)