This code example shows how to configure the Memory Protection Unit (MPU), which is part of the CPU, and describes its operation and initial settings.
The device used in this code example (CE) is:
The board used for testing is:
- TRAVEO™ T2G Cluster 6M Lite kit (KIT_T2G_C-2D-6M_LITE)
In this example, the memory is split in different regions and protected. When a protected region is tried to access, an exception is raised.
Memory Protection Unit
Protection units in the TRAVEO™ T2G series device enforce security based on different operations. A protection unit allows or restricts bus transfers on the bus infrastructure. The rules are enforced based on specific properties of a transfer.
- An address range that is accessed by the transfer
- Subregion: An address range is partitioned into eight equally-sized subregions and subregion can individual disables
- Access attributes such as:
- Read/write attribute
- Execute attribute to distinguish a code access from a data access
- User/privilege attribute to distinguish access; for example, OS/kernel access from a task/thread access
- Secure/non-secure attribute to distinguish a secure access from a non-secure access; the Arm Cortex-M CPUs do not natively support this attribute
- A protection context attribute to distinguish accesses from different protection contexts; for Peripheral-DMA (P-DMA) and Memory-DMA (M-DMA), this attribute is extended with a channel identifier, to distinguish accesses from different channels
- Memory protection
- Provided by memory protection units (MPUs) and shared memory protection units (SMPUs)
- MPUs distinguish user and privileged accesses from a single bus master
- SMPUs distinguish between different protection contexts and between secure and non-secure accesses
- Peripheral protection
- Provided by peripheral protection units (PPUs)
- The PPUs distinguish between different protection contexts; they also distinguish secure from non-secure accesses and user mode accesses from privileged mode accesses
- Protection pair structure
- Software Protection Unit (SWPU): SWPUs define flash write (or erase) permissions, and eFuse read and write
permissions. An SWPU comprises of the following:
- Flash Write Protection Unit (FWPU)
- eFuse Read Protection Unit (ERPU)
- eFuse Write Protection Unit (EWPU)
More details can be found in:
- TRAVEO™ T2G CYT4DN
This CE has been developed for:
- TRAVEO™ T2G Cluster 6M Lite Kit (KIT_T2G_C-2D-6M_LITE)
Figure 1. KIT_T2G_C-2D-6M_LITE (Top View)
No changes are required from the board's default settings.
In this example, the MPU is configured to split the address range into 6 regions with different protection properties:
-
Region 0 Base address: 0x00000000, Size: 4GB, Privileged: No access, User: No access, Execution is permitted
-
Region 1 Base address: 0x10000000, Size: 8 MB, Privileged: Read only, User: Read only, Execution is permitted
-
Region 2 Base address: 0x14000000, Size: 256 KB, Privileged: Read only, User: No access, Execution is not permitted
-
Region 3 Base address: 0x28000000, Size: 1 MB, Privileged: Read/write, User: Read/write, Execution is permitted
-
Region 4 Base address: 0x40000000, Size: 64 MB, Privileged: Read/write, User: Read/write, Execution is not permitted
-
Region 5 Base address: 0xE0000000, Size: 512 MB, Privileged: Read/write, User: Read/write, Execution is not permitted
During runtime, the UART protocol is used to start a read of address 0x10000000, 0x280C0000, which both lay in regions, that allow read access and address 0x28100000, which lays in a restricted address range. A read in that restricted address range causes an exception, which can only be recovered by a hardware reset.
STDOUT setting
Initialization of the GPIO for UART is done in the cy_retarget_io_init() function.
- Initialize the pin specified by CYBSP_DEBUG_UART_TX as UART TX, the pin specified by CYBSP_DEBUG_UART_RX as UART RX (these pins are connected to KitProg3 COM port)
- The serial port parameters become to 8N1 and 115200 baud
MPU setting
-
To setup the MPU, Cy_Prot_ConfigMpuStruct() is called with using structure cy_stc_mpu_cfg_t as argument
-
The MPU is enabled by Cy_Prot_EnableMpuStruct().
Fault handling
The fault handler Cy_SysLib_ProcessingFault() is overwritten to display MMFAR and MMFSR on read exception.
For this example, a terminal emulator is required for displaying outputs. Install a terminal emulator if you do not have one. Instructions in this document use Tera Term.
After code compilation, perform the following steps to flashing the device:
-
Connect the board to your PC using the provided USB cable through the KitProg3 USB connector.
-
Open a terminal program and select the KitProg3 COM port. Set the serial port parameters to 8N1 and 115200 baud.
-
Program the board using one of the following:
- Select the code example project in the Project Explorer.
- In the Quick Panel, scroll down, and click [Project Name] Program (KitProg3_MiniProg4).
-
After programming, the code example starts automatically. Confirm that the messages are displayed on the UART terminal.
- Terminal output on program startup
- Terminal output on program startup
-
Pressing 1 or 2 will return the data of the specified regions. By pressing 3, a read access to a protected region is created and causes the MPU to raise an exception.
- Terminal output on memory read
- Terminal output on memory read
-
You can debug the example to step through the code. In the IDE, use the [Project Name] Debug (KitProg3_MiniProg4) configuration in the Quick Panel. For details, see the "Program and debug" section in the Eclipse IDE for ModusToolbox™ software user guide.
Note: (Only while debugging) On the CM7 CPU, some code in main() may execute before the debugger halts at the beginning of main(). This means that some code executes twice: once before the debugger stops execution, and again after the debugger resets the program counter to the beginning of main(). See KBA231071 to learn about this and for the workaround.
Relevant Application notes are:
- AN235305 - Getting started with TRAVEO™ T2G family MCUs in ModusToolbox™
- AN219843 - Protection Configuration in TRAVEO™ T2G MCU
ModusToolbox™ is available online:
Associated TRAVEO™ T2G MCUs can be found on:
More code examples can be found on the GIT repository:
For additional trainings, visit our webpage:
For questions and support, use the TRAVEO™ T2G Forum: