How can one STM32 core verify the other core's Memory Protection Unit?

gw-commercial-engineering · ‎2023-08-30

I have an STM32H745xx dual-core microcontroller, and want to use the Memory Protection Units (MPU) in each core for functional safety. The goal is to prevent the M7 core from accessing GPIO, Flash, and RAM that is dedicated to the M4 core.

I can configure the MPU in the M7 core to restrict the memory regions the M7 accesses, but have to deal with the situation if the M7 alters its MPU settings.

I don't see any way for the M4 to read the M7's MPU registers.

How can I have the M4 core verify the settings in the M7's MPU?

TDK · ‎2023-08-30

The M4 can't read the MPU of the M7 core directly. You can create a message system where the M7 reports them to the M4, but at some point you have to trust the code is configured correctly. Any system you introduce can introduce errors.

If you feel a post has answered your question, please click "Accept as Solution".

gw-commercial-engineering · ‎2023-09-07

Yes, however our goal is to 3rd party functionally-safe certify the code running on the M4 and not the code on the M7. This part may not be capable of providing a way for a single core to verify that the MPU memory regions remain protected.