Not applicable
Feb 02, 2015
07:23 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Feb 02, 2015
07:23 AM
I have an safety application where safety critical code (and data) and
no-safety functional code(and data) are located on one XMC4500 Microcontroller.
I want to divide safety areas and no-safety areas, so that no-safety-code
cannot access safety code and data - this can be done with the MPU of the core? Is it right?
In reference manual is documented, that when MPU is active, the memory map
is divided into 8 regions and may be 1 background region. In Table 2-18 of Reference Manual
it is shown, that each region has an access permission.
It is useful to assign my regions with
safety critical memory
001 rw No access Access from privileged software
only
and regions with no-safety functional memory with
011 rw rw Full access
?
When entering (no-safety) functional code I would set in CONTROL register
nPRIV = Unprivileged and when entering safety critical code, then
I would set nPRIV = privileged (via SVC). It is that a possible solution?
How can I implement SVC to go into privilege mode?
But which privilege level is active, when interrupt occurs - for example
UART receive interrupt? This interrupt can occur at any time - indifferent if safety code
or no-safety code is executed. Can code in interrupt handler access safety critical memory?
How can I proceed, when interrupt occurs?
Is there an example for using MPU?
A lot of thanks for your help!
Best,
Torben
no-safety functional code(and data) are located on one XMC4500 Microcontroller.
I want to divide safety areas and no-safety areas, so that no-safety-code
cannot access safety code and data - this can be done with the MPU of the core? Is it right?
In reference manual is documented, that when MPU is active, the memory map
is divided into 8 regions and may be 1 background region. In Table 2-18 of Reference Manual
it is shown, that each region has an access permission.
It is useful to assign my regions with
safety critical memory
001 rw No access Access from privileged software
only
and regions with no-safety functional memory with
011 rw rw Full access
?
When entering (no-safety) functional code I would set in CONTROL register
nPRIV = Unprivileged and when entering safety critical code, then
I would set nPRIV = privileged (via SVC). It is that a possible solution?
How can I implement SVC to go into privilege mode?
But which privilege level is active, when interrupt occurs - for example
UART receive interrupt? This interrupt can occur at any time - indifferent if safety code
or no-safety code is executed. Can code in interrupt handler access safety critical memory?
How can I proceed, when interrupt occurs?
Is there an example for using MPU?
A lot of thanks for your help!
Best,
Torben
- Tags:
- IFX
6 Replies
Not applicable
Apr 16, 2015
02:35 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Apr 16, 2015
02:35 AM
Hello Torben,
I have the same problem to use the MPU with dividing memory into safety critical code and non safety code.
I also searching for MPU examples. Have you done some ?
best,
Rico
I have the same problem to use the MPU with dividing memory into safety critical code and non safety code.
I also searching for MPU examples. Have you done some ?
best,
Rico
Apr 19, 2015
07:31 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Apr 19, 2015
07:31 PM
Hi all,
I don't know how you guys are going to use it for safety, but MPU is used for OS platform, such that each OS task is allocated with a protected memory region. To access this memory region the task manager has to unlock the memory region with a password for a particular task. In this way other tasks are not allow to access this memory region.
At this moment I do not have any example for this MPU application.
BR
Travis
I don't know how you guys are going to use it for safety, but MPU is used for OS platform, such that each OS task is allocated with a protected memory region. To access this memory region the task manager has to unlock the memory region with a password for a particular task. In this way other tasks are not allow to access this memory region.
At this moment I do not have any example for this MPU application.
BR
Travis
Not applicable
Mar 28, 2017
12:00 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mar 28, 2017
12:00 AM
it is interesting topic. any news since that?
Mar 28, 2017
04:06 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mar 28, 2017
04:06 AM
The MPU has little thing to do with safety. It is designed for separating multi processes from illegally accessing each others' memory space.
The FreeRTOS port for XMC4 has an option to use the MPU.
The FreeRTOS port for XMC4 has an option to use the MPU.
Mar 28, 2017
04:47 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Mar 28, 2017
04:47 AM
Hi,
The CPU_CTRL_XMC4 has a tab to configure the MPU.
Regards,
Jesus
The CPU_CTRL_XMC4 has a tab to configure the MPU.
Regards,
Jesus
Apr 03, 2017
11:47 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Apr 03, 2017
11:47 AM
Hi,
here is example to use MPU for protecting vector table against write access after it has been relocated to ram
extern int __vectortableram_start;
void SetupMpu(void)
{
#define MPU_RGN_NUMBER_VT 3 // region number and priority
#define MPU_RGN_SIZE_VT 8 // 512B =2^(8+1)
#define AP_VT 6 // access parameters r/r
#define MPU_RBAR_VALUE_VT ((uint32_t)__vectortableram_start)
#define MPU_RASR_VALUE_VT ((((uint32_t)MPU_RGN_SIZE_VT << PPB_MPU_RASR_SIZE_Pos) & PPB_MPU_RASR_SIZE_Msk) | \
((uint32_t)PPB_MPU_RASR_S_Msk) | \
((uint32_t)PPB_MPU_RASR_C_Msk) | \
(((uint32_t)AP_VT << PPB_MPU_RASR_AP_Pos) & PPB_MPU_RASR_AP_Msk) | \
((uint32_t)PPB_MPU_RASR_ENABLE_Msk))
// setup region address and region access parameters for VT
PPB->MPU_RNR = MPU_RGN_NUMBER_VT;
PPB->MPU_RBAR = MPU_RBAR_VALUE_VT;
PPB->MPU_RASR = MPU_RASR_VALUE_VT;
// enable MPU
PPB->MPU_CTRL = (uint32_t)(PPB_MPU_CTRL_ENABLE_Msk | PPB_MPU_CTRL_PRIVDEFENA_Msk);
__DSB();
__ISB();
}
write access will trigger exception memfault if installed.
rum
here is example to use MPU for protecting vector table against write access after it has been relocated to ram
extern int __vectortableram_start;
void SetupMpu(void)
{
#define MPU_RGN_NUMBER_VT 3 // region number and priority
#define MPU_RGN_SIZE_VT 8 // 512B =2^(8+1)
#define AP_VT 6 // access parameters r/r
#define MPU_RBAR_VALUE_VT ((uint32_t)__vectortableram_start)
#define MPU_RASR_VALUE_VT ((((uint32_t)MPU_RGN_SIZE_VT << PPB_MPU_RASR_SIZE_Pos) & PPB_MPU_RASR_SIZE_Msk) | \
((uint32_t)PPB_MPU_RASR_S_Msk) | \
((uint32_t)PPB_MPU_RASR_C_Msk) | \
(((uint32_t)AP_VT << PPB_MPU_RASR_AP_Pos) & PPB_MPU_RASR_AP_Msk) | \
((uint32_t)PPB_MPU_RASR_ENABLE_Msk))
// setup region address and region access parameters for VT
PPB->MPU_RNR = MPU_RGN_NUMBER_VT;
PPB->MPU_RBAR = MPU_RBAR_VALUE_VT;
PPB->MPU_RASR = MPU_RASR_VALUE_VT;
// enable MPU
PPB->MPU_CTRL = (uint32_t)(PPB_MPU_CTRL_ENABLE_Msk | PPB_MPU_CTRL_PRIVDEFENA_Msk);
__DSB();
__ISB();
}
write access will trigger exception memfault if installed.
rum