Lesson 18 Memory Protection Unit (MPU)

Similar documents
Migrating Application Code from ARM Cortex-M4 to Cortex-M7 Processors

Lesson 16 Analog-to-Digital Converter (ADC)

AN LPC1700 timer triggered memory to GPIO data transfer. Document information. LPC1700, GPIO, DMA, Timer0, Sleep Mode

Overview of the Cortex-M3

Application Note 195. ARM11 performance monitor unit. Document number: ARM DAI 195B Issued: 15th February, 2008 Copyright ARM Limited 2007

Cortex -M0 Devices. Generic User Guide. Copyright 2009 ARM Limited. All rights reserved. ARM DUI 0497A (ID112109)

The ARM Architecture. With a focus on v7a and Cortex-A8

AN10866 LPC1700 secondary USB bootloader

An introduction to nxpusblib. March 2012

Adding WiFi to Your Embedded System. WPG Americas & Gainspan Titus Wandinger (WPG) & Su Li (Gainspan) April 23, 2013

ADVANCED PROCESSOR ARCHITECTURES AND MEMORY ORGANISATION Lesson-17: Memory organisation, and types of memory

Lab Experiment 1: The LPC 2148 Education Board

AN10935 Using SDR/DDR SDRAM memories with LPC32xx

Application Note: AN00141 xcore-xa - Application Development

ES_LPC4357/53/37/33. Errata sheet LPC4357/53/37/33. Document information

ARM Cortex-M3 Introduction. ARM University Relations

Open1788 User Manual. Features

Architectures, Processors, and Devices

Designing a System-on-Chip (SoC) with an ARM Cortex -M Processor

Hello and welcome to this presentation of the STM32L4 Firewall. It covers the main features of this system IP used to secure sensitive code and data.

Using the CoreSight ITM for debug and testing in RTX applications

Bootloader with AES Encryption

AN10860_1. Contact information. NXP Semiconductors. LPC313x NAND flash data and bad block management

Pen Drive to Pen Drive and Mobile Data Transfer Using ARM

Lecture N -1- PHYS Microcontrollers

How To Add A Usb Secondary Ipo Bootloader To An Lpc23Xx Flash Device To A Flash Device

USER GUIDE EDBG. Description

AN AES encryption and decryption software on LPC microcontrollers. Document information

AN LPC24XX external memory bus example. Document information

Keep your tentacles off my bus: Introducing Die Datenkrake. REcon 2013, Montréal Dmitry Nedospasov, Thorsten Schröder

How to design and implement firmware for embedded systems

LPC4330-Xplorer. Quick Start Guide: LPC4330-Xplorer. User Manuals for Xplorer:

World-wide University Program

Printed Exception strings - what do all

The new 32-bit MSP432 MCU platform from Texas

The Quest for Speed - Memory. Cache Memory. A Solution: Memory Hierarchy. Memory Hierarchy

Embedded Software development Process and Tools:

ARM Processors and the Internet of Things. Joseph Yiu Senior Embedded Technology Specialist, ARM

On Demand Loading of Code in MMUless Embedded System

Motor Control using NXP s LPC2900

Assistant Professor, Dept of E.C.E, Aurora s Technological & Research Institute,

Network connectivity controllers

Pre-tested System-on-Chip Design. Accelerates PLD Development

Software based Finite State Machine (FSM) with general purpose processors

CHAPTER 7: The CPU and Memory

SoC IP Interfaces and Infrastructure A Hybrid Approach

UM LPC2210/2220 User manual. Document information

DESIGN AND IMPLEMENTATION OF ONLINE PATIENT MONITORING SYSTEM

Smartphone Quick-Jack Solution FASTER TO PRODUCT FASTER TO MARKET

How To Design A Single Chip System Bus (Amba) For A Single Threaded Microprocessor (Mma) (I386) (Mmb) (Microprocessor) (Ai) (Bower) (Dmi) (Dual

Design of Self-service Car Washing Machine Control System Based on ARM Zhengmin Cui a, Peng Sun b

UM LPC2131/2/4/6/8 User manual. Document information

A Method for Image Processing and Distance Measuring Based on Laser Distance Triangulation

Cortex -M3 Devices. Generic User Guide. Copyright 2010 ARM. All rights reserved. ARM DUI 0552A (ID121610)

ARM Cortex-R Architecture

CVE Adobe Flash Player Integer Overflow Vulnerability Analysis

Application Note 179. Cortex -M3 Embedded Software Development. Released on: March Copyright All rights reserved.

MICROPROCESSOR BCA IV Sem MULTIPLE CHOICE QUESTIONS

NXP & Security Innovation Encryption for ARM MCUs

SmartFusion csoc: Basic Bootloader and Field Upgrade envm Through IAP Interface

Am186ER/Am188ER AMD Continues 16-bit Innovation

Where s the FEEB? The Effectiveness of Instruction Set Randomization

ARM Cortex STM series

Return-oriented programming without returns

M85 OpenCPU Solution Presentation

Reconfigurable System-on-Chip Design

Microcontrollers Deserve Protection Too

M A S S A C H U S E T T S I N S T I T U T E O F T E C H N O L O G Y DEPARTMENT OF ELECTRICAL ENGINEERING AND COMPUTER SCIENCE

MICROPROCESSOR. Exclusive for IACE Students iacehyd.blogspot.in Ph: /422 Page 1

Complete Integrated Development Platform Copyright Atmel Corporation

Application Report AN01286 May 2012

An Introduction to the ARM 7 Architecture

Using the Kinetis Security and Flash Protection Features

STM32 F-2 series High-performance Cortex-M3 MCUs

Lesson-16: Real time clock DEVICES AND COMMUNICATION BUSES FOR DEVICES NETWORK

Performance Investigations. Hannes Tschofenig, Manuel Pégourié-Gonnard 25 th March 2015

Microprocessor & Assembly Language

Implementation Details

USB 3.0 Connectivity using the Cypress EZ-USB FX3 Controller

BEAGLEBONE BLACK ARCHITECTURE MADELEINE DAIGNEAU MICHELLE ADVENA

AN Boot mode jumper settings for LPC1800 and LPC4300. Document information

Software development and debugging for NXP ARM7 MCUs

Applications Development on the ARM Cortex -M0+ Free On-line Development Tools Presented by William Antunes

Slide Set 8. for ENCM 369 Winter 2015 Lecture Section 01. Steve Norman, PhD, PEng

LPC2300/LPC2400 TCP/IP Overview. TCP/IP and LPC2300/LPC2400 Family October 2007

Full Power Domain SLCR (FPD_SLCR)

Programmazione Microcontrollori

Off-by-One exploitation tutorial

SECURITY SYSTEM IN INDUSTRIES USING ZIGBEE TECHNOLOGY

An Overview of Stack Architecture and the PSC 1000 Microprocessor

Bus Data Acquisition and Remote Monitoring System Using Gsm & Can

M2M For industrial and automotive

Serial Communications

DALI Control Gear Software Stack

SEC2410/SEC4410 HS Endpoint Processor with USB 2.0, Smart Card, & FMC for Secure Token & Storage

DEPARTMENT OF COMPUTER SCIENCE & ENGINEERING Question Bank Subject Name: EC Microprocessor & Microcontroller Year/Sem : II/IV

Figure 1. STM32F429 Discovery board: STM32F429I-DISCO

HY345 Operating Systems

Raghavendra Reddy D 1, G Kumara Swamy 2

Transcription:

Lesson 18 Memory Protection Unit (MPU) 1. Overview In this lesson, the Memory Protection Unit (MPU) of the LPC1768 microcontroller is introduced. For detailed description of the features and all controlling options for the UART, read section 34.4.5 of the LPC17xx User Manual and chapter 11 of the Definitive Guide to ARM Cortex-M3 and Cortex-M4 Processors. 2. Background The Cortex-M3 processor supports an added level of protection for the system memory through the implementation of the MPU. Undesired accesses to the system memory can occur unintentionally (a programmer/user mistake) or intentionally (malicious purpose). For example, an unbalanced combination of push/pop operations in a function may cause a stack overflow which may overwrite useful data in memory. An exploit to the system (attack) can also be carried out through different level of memory access. An example of such attack is the stuxnet computer worm (60 mintues report). Before we examine how access to the system memory can cause problem for any applications, let s first review the memory layout of our microcontroller (LPC1768). From Fig. 3 in the LPC17xx User manual, NXP Semiconductors, 2010. 1

The flash memory section of the microcontroller contains instructions (code) for the application. Access to this part of the memory system is generally limited to read-only (RO). The data memory portion (SRAM) of the microcontroller allows read and write access from user application. The potential problem is that malicious software code can be embedded into data memory and once activated can take control of the application. For example, let s consider a simple program shown below. Whenever function f1 is called, the first thing it will do is to push the returning address (PUSH LR) to the memory stack because it calls function f2. Once returned from f2, the address from the stack is then popped into the PC to return the main function. Assume that the functions are allocated in memory as shown below. Address Code memory Address Data memory 0x00000166 0x00000168 0x0000016A 0x0000016E 0x00000172 0x00000176 0x0000017A F2 -- BX LR F1 PUSH {LR} -- BL F2 POP {PC} MAIN BL F1 B main 0x10000268 0x10000264 0x10000260 0x10000178 0x1000017C Loop B Loop SP 2

Let s say that someone with malicious intent was able to place a program code in the data memory at location 0x10000178 (just a loop operation for illustration). If this person can also modify the return address from the stack to point to his program (ie. replace 0x0000017B with 0x10000179 at location 0x10000264 of the stack,) then he will have control of the application. An illustration of this example is shown below. Normal operation: Data memory holds executable code: This program will never return to the original functions (main, f1, or f2). 3

The MPU can be employed to block executable code (memory fault) to prevent the problem discussed above. 3. LP1768 MPU Control of the MPU is done via the four main registers: MPU Control Register (CTRL) Bit 0: 0 = MPU disabled, 1 = MPU enabled. MPU Region Number Register (RNR) From Table 680 in the LPC17xx User manual, NXP Semiconductors, 2010. From Table 683 in the LPC17xx User manual, NXP Semiconductors, 2010. The MPU supports 8 different user-defined regions and each can be configured differently. Generally, a program will write the region number to the RNR register before configuring the region via the RBAR and RASR registers. MPU Region Base Address Register (RBAR) From Table 684 in the LPC17xx User manual, NXP Semiconductors, 2010. Note: NN = llllll 2 (rrrrrrrrrrrr ssssssss iiii bbbbbbbbbb) 4

MPU Region Attribute and Size Register (RASR) Region size: From Table 685 in the LPC17xx User manual, NXP Semiconductors, 2010. From Table 686 in the LPC17xx User manual, NXP Semiconductors, 2010. Region attributes: 5

From Table 687 in the LPC17xx User manual, NXP Semiconductors, 2010. From Table 689 in the LPC17xx User manual, NXP Semiconductors, 2010. Typical configuration for the MPU of a LPC1768 microcontroller: Regions No Memory Size Base Address Type Access Permission 0 Flash 512 KB 0x00000000 Normal Full RO 1 SRAM 32 KB 0x10000000 Normal Full RW 2 AHB SRAM 32 KB 0x2007C000 Normal Full RW 3 GPIO 16 KB 0x2009C000 Device Full RW 4 APB 512 KB 0x40000000 Device Full RW Peripherals 5 AHB Peripherals 2MB 0x40000000 Device Full RW Based on Setting Up the Cortex-M3/M4 (ARMv7-M) Memory Protection Unit (MPU), Feabhas, 2013. 6

Exercise: Configure region1 from the table above (SRAM: 0x10000000 0x10007FFF) with the following attributes: No executable code allowed(instruction fetches disabled) Normal memory type, nonsharable (can only be accessed by one bus), and noncacheable (or bufferable) Full access permissions No sub-regions Setup steps: Step 1: disable MPU first CNTRL register = 0x0 Step 2: Select region 1 RNR register = 0x1 Step 3: Set base address for region 1 RBAR register = 0x10000000 Step 4: Set region attributes and size XN = 0b1 (instruction fetches disabled) AP = 0b011 (full access) TEX = 0b001, S = 0b0, C = 0b0, B = 0b0 (Normal memory type, nonshareable, noncacheable) SRD = 0b00000000 (no sub-region) Size = 0b01110 (32 KB) Enable= 0b1 So, RASR register = 0b00010011000010000000000000011101 = 0x1308001D XN AP TEX,S,C,B SRD SIZE ENABLE Step 5: Enable MPU CNTRL register = 0x1 4. References [1]. Joseph Yiu, The Definitive Guide to ARM Cortex-M3 and Cortex-M4 Processors, Elsevier, 3 rd ed, 2014. [2]. [3]. Jonathan Valvano, Introduction to ARM Cortex-M Microcontroller, 4 nd ed, 2013. ARMv7-M Architecture Reference Manual, ARM Limited, 2010. [4]. LPC17xx User manual, NXP Semiconductors, 2010. [5]. Cortex-M3 Technical Reference Manual, ARM Limited, 2010. [6]. Patrick Vincent and Agur Adams, EC310 Notes, USNA, 2014. [7]. Setting Up the Cortex-M3/M4 (ARMv7-M) Memory Protection Unit (MPU), Feabhas, 2013. 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information