Achieving MPU security

Ralph Moore, Micro Digital
embedded.com (January 16, 2018)

Encryption, authentication, and other security methods work fine to protect data and program updates passing through the Internet. That is, unless one end can easily be hacked to steal secret keys and possibly implant malware for future activation. Then, unbeknownst to the system operators, confidential information is being stolen daily and possible major service disruptions lie ahead.

A large number of Cortex-M MCU-based products have been shipped since the Cortex-M architecture was introduced in 2005. Many of these products are connected to the Internet. Many new products are currently under development using Cortex-M MCUs, and due to the financial incentives of the IoT, an even a larger percentage of them will be connected to the Internet. In the vast majority of cases, these embedded devices have little or no protection against hacking.

Most Cortex-M MCUs, both in the field and in development, have Memory Protection Units (MPUs). However, because of a combination of tight schedules to deliver products and difficulty using the Cortex-M MPU, these MPUs are either under-used or not used at all. The apparent large waste of memory due to the MPU requirements that MPU regions be powers-of-two in size and that they be aligned on size boundaries has been an additional impediment for adoption by systems with limited memories.

Yet for these MCUs, the MPU and the SVC instruction are the only means of achieving acceptable security. Therefore, I set out a year and a half ago to determine if the problems with the MPU could be overcome and if it were possible to devise a practical way to upgrade post- and late-development projects, as well as new projects to use MPU security. I have found that it is practical to do this and MPU-Plus has been developed to ease this process.

To read the full article, click here