ABOUT US  |  PRODUCTS  |  LIBRARY  |  CUSTOMERS  |  SUPPORT  |  NEWS  |  DOWNLOADS  |  ORDER  |  CONTACT
 
  Home > Products > MPU-Plus
   
 

MPU-Plus®  ARM Cortex-M MPU Support



MPU-Plus adds support for the ARM Cortex‑M Memory Protection Unit to SMX®, making it a Secure RTOS.

The MPU is the main means of hardware memory protection available for most Cortex-M processors that exist today. These processors are in widespread use in small- to medium-size embedded systems. Therefore it is important to use the MPU effectively in order to achieve the reliability, security, and safety that modern embedded systems require.

The purpose of MPU-Plus is to enhance the security of multitasking systems based upon the SMX RTOS. Setting up an MPU for a bare metal application is easy — just initialize the MPU once on power up. The main things MPU-Plus does to achieve better security in a multitasking system are: to allow defining different MPU images for each task and to handle MPU switching during task switches; to provide a Supervisor Call (SVC) API to allow unprivileged code to call system services, as well as to limit which services can be called from such code; to allow allocation of protected blocks and messages; to run the SMX RTOS and system code in privileged mode and middleware and application code in unprivileged mode; to allow tasks to be privileged or unprivileged; and to individually protect task stacks. It helps with mapping multiple I/O regions for a task in addition to code and data regions on MPUs which commonly have only 8 slots. For the v7 MPU, it uses and shows how to use subregions to mitigate the memory waste caused by the region size and alignment requirements. MPU-Plus serves as a platform to build security on.

Use of an MPU adds another dimension to software development that is different than the thought process used to write functional, correct code, and it will feel foreign to even an experienced developer who has not used an MPU before. Also, the Cortex-M v7 MPU has limitations that make it difficult to use. The primary goal of MPU-Plus is to make using the MPU as easy as possible, while offering as much protection as possible.

A key idea of our approach is to allow progressively increasing the security of a system (see blog Part 5 below). This is important to ease the transition to using the MPU, using manageable steps. MPU-Plus and its documentation were designed with a focus on modifying existing products. Many systems in the field need to be made more secure, and even new projects are based on code from previous ones. A major goal has been to minimize the changes that need to be made to existing code. We have refined this, as we have modified our own middleware to use it.

Below are several technical papers we have written about using the MPU.

Features

  • Adds strong security to existing and new products.
  • Per-task or task group isolation.
  • Supports privileged ptasks and unprivileged utasks.
  • SVC RTOS API for utasks with restricted services.
  • Direct RTOS API for ptasks with unrestricted services.
  • Dynamic regions for blocks and messages.
  • Supports incrementally improving security.
  • Simple to use and effective protection.

Although some RTOSes offer MPU support, little is said about it, suggesting little was done. We have put a lot of thought into how to make the MPU usable, with its limitations. The following articles cover some of it, and new information will be published soon.


Articles

 
For more information, please register or email sales@smxrtos.com.
Indicate your interest in MPU-Plus. Full documentation will be supplied to qualified prospects.





SMX RTOS Products Page


     back to top
 
  Register for More Info
 
 

SMX Modules

 
HOME  |  SITEMAP  |  CONTACT