cancel
Showing results for 
Search instead for 
Did you mean: 

STM32H7 Prevent MPU re-configuration

mwp
Senior

Hello all,


I wish to setup the MPU early in my firmware, then prevent changes to the MPU registers until next power-cycle/reboot.

Is this possible without having the root secure services? 

The MCU im using is the STM32H7A3.

 

Thanks in advance.

8 REPLIES 8
FBL
ST Employee

Hello @mwp 

You can configure MPU without RSS. To learn more about MPU, check this Introduction to memory protection unit management on STM32 MCUs - Application note

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.


I'm out of offce with limited access to my emails.
Happy New Year!
Pavel A.
Evangelist III

@mwp This is not really possible on STM32H7. You can divide your software to "privileged" and "non-privileged" modes and disable for the latter access to MPU.

 

Yes, but is there a way to prevent modifications to MPU registers after initial configuration?

mwp
Senior

@Pavel A. thanks for the reply. It looks like I have more studying to do.

I'm aiming to create a bootloader residing in internal flash that does not allow 3rd party firmware to have any kind of access to the bootloader's firmware. I need to protect keys in the bootloader.

Pavel A.
Evangelist III

With STM32H7A3 your only option is PCROP, if I understand correctly. PCROP is basically execute-only mode, it can be used to encrypt or sign some data with a private key, which cannot be read otherwise. More details in the reference manual.

 

FBL
ST Employee

 

It is possible to lock the MPU configuration and it should not be changed in privileged mode. 

void MPU_AccessPermConfig(void)
{
  /* Configure region for PrivilegedReadOnlyArray as REGION N°3, 32byte and R
     only in privileged mode */
  /* Disable MPU */
  LL_MPU_Disable();

  LL_MPU_ConfigRegion(REGION_NUMBER, 0x00, ARRAY_ADDRESS_START, 
         REGION_SIZE | portMPU_REGION_PRIVILEGED_READ_ONLY | LL_MPU_ACCESS_NOT_BUFFERABLE |
         LL_MPU_ACCESS_NOT_CACHEABLE | LL_MPU_ACCESS_NOT_SHAREABLE | LL_MPU_TEX_LEVEL0 |
         LL_MPU_INSTRUCTION_ACCESS_ENABLE);
  
  /* Enable MPU (any access not covered by any enabled region will cause a fault) */
  LL_MPU_Enable(LL_MPU_CTRL_PRIVILEGED_DEFAULT);

  /* Read from PrivilegedReadOnlyArray. This will not generate error */
  (void)PrivilegedReadOnlyArray[ARRAY_SIZE - 1];
}

 

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.


I'm out of offce with limited access to my emails.
Happy New Year!
Pavel A.
Evangelist III

Hi Firas, this will protect the MPU from non-privileged code - but then the bootloader must run the user's program in non-privileged mode. User won't be able to have their own interrupt handlers, as they are privileged...

 

Hi @Pavel A. 

You are right. With STM32H7B3, this would be possible since it has HW crypto.

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.


I'm out of offce with limited access to my emails.
Happy New Year!