cancel
Showing results for 
Search instead for 
Did you mean: 

STM32F407, PcROP, MPU, Interrupt routines and protection levels

stmicro1
Associate
Posted on July 22, 2014 at 18:28

I have a boot loader and main app.  I am trying to use the MPU to restrict access to parts of the boot loader Flash and to DMA registers so that the app code can't use DMA to read the boot loader Flash (as is done the sample of PcROP app note AN3416 that I received from  the local ST engineer, alas not available on st.com that I can find).  My question is this: the MPU is set to only allow privileged access to the DMA registers.  However, I must allow some interrupt routines through to the application (timers, uarts, etc.).  As far as I can tell, there is no way to make the interrupt handler be ''not privileged''.  The nPRIV bit in the CONTROL register only affects ''thread mode'' code, not ''handler mode'' (i.e. interrupt code).  Without being able to set the CPU to a non-privileged mode, the applications interrupt code can go write over anything it wants to, INCLUDING the MPU registers, thereby defeating the protection I am trying to implement.

For example, the sample code with the app note allows the application code to run the SysTick interrupt.  The vector table points to a boot loader SysTick routine that simply jumps to the address in the application's vector table for the SysTick interrupt, thereby giving the application privileged access to... everything.

Any ideas on how to prevent this?

#mpu-stm32f4-pcrop
3 REPLIES 3
Posted on July 22, 2014 at 19:40

Code running in FLASH can see the entire memory space.

Tips, buy me a coffee, or three.. PayPal Venmo Up vote any posts that you find helpful, it shows what's working..
stmicro1
Associate
Posted on July 22, 2014 at 20:27

> Code running in FLASH can see the entire memory space.

I thought that the MPU could disallow this.  The app note has sample boot loader code that contains something like this:

 /* Protected IP code Flash area */

  MPU->RNR  = some_region_number;

  MPU->RBAR = starting_address_of_bootloader_flash;

  MPU->RASR = PROTECTED_FLASH_SIZE| MPU_PRIVRW_UNPRIVNONE;

And similar lines to protect the DMA registers.  I thought that these settings would cause any access from non-privileged (i.e. application) code to generate a mempry management (i.e. permission) fault, yet allow access from privileged (i.e. interrupt) code.  If that is not the case, I guess I need to go back and re-read the CortexM4 docs, specifically section 4.2.1 in PM0214 ''STM32F4xxx Cortex M4 programming Manual''.

My question is that, *if* the above code really does prevent un-privileged code from accessing that portion of FLASH (or the DMA registers), how can I have an interrupt routine in the boot loader (which is privileged by virtue of the interrupt) change the privilege level before jumping to the application's interrupt routine.  Changing the CONTROL bit 0 value has no effect when interrupt code is running.
Posted on August 11, 2015 at 16:27

Hi shaver.bob,

Now, you may refer to the new

http://www.st.com/st-web-ui/static/active/en/resource/technical/document/application_note/DM00186528.pdf

that provides a description of flash memory protection techniques, focusing on the PCROP. More informations are also available under

http://www.st.com/web/catalog/tools/FM147/CL1794/SC961/SS1743/LN1920/PF262417

.

-Shahrzad-