B3.1 About security attribution and memory protection

Security attribution and memory protection in the processor is provided by the optional Security Attribution Unit (SAU) and the optional Memory Protection Units (MPUs).

The SAU is a programmable unit that determines the security of an address. The SAU is only implemented if the Armv8‑M Security Extension is included in the processor. The number of regions that are included in the SAU can be configured in the Cortex®‑M33 implementation to be 0, 4 or 8.

For instructions and data, the SAU returns the security attribute that is associated with the address.

For instructions, the attribute determines the allowable Security state of the processor when the instruction is executed. It can also identify whether code at a Secure address can be called from Non-secure state.

For data, the attribute determines whether a memory address can be accessed from Non-secure state, and also whether the external memory request is marked as Secure or Non-secure.

If a data access is made from Non-secure state to an address marked as Secure, then a SecureFault exception is taken by the processor. If a data access is made from Secure state to an address marked as Non-secure, then the associated memory access is marked as Non-secure.

The security level returned by the SAU is a combination of the region type defined in the internal SAU, if configured, and the type that is returned on the associated Implementation Defined Attribution Unit (IDAU). If an address maps to regions defined by both internal and external attribution units, the region of the highest security level is selected.

Table B3-1 Examples of Highest Security Level Region

IDAU SAU Region Final Security
S X S
X S S
NS S-NSC S-NSC
NS NS NS
S-NSC NS S-NSC

The register fields SAU_CTRL.EN and SAU_CTRL.ALLNS control the enable state of the SAU and the default security level when the SAU is disabled. Both SAU_CTRL.EN and SAU_CTRL.ALLNS reset to zero disabling the SAU and setting all memory, apart from some specific regions in the PPB space to Secure level. If the SAU is not enabled, and SAU_CTRL.ALLNS is zero, then the IDAU cannot set any regions of memory to a security level lower than Secure, for example Secure NSC or NS. If the SAU is enabled, then SAU_CTRL.ALLNS does not affect the Security level of memory.

The Cortex‑M33 processor supports the Armv8‑M Protected Memory System Architecture (PMSA). The MPU is an optional component and, when implemented, provides full support for:

  • Protection regions.
  • Access permissions.
  • Exporting memory attributes to the system.

MPU mismatches and permission violations invoke the MemManage handler.

See the Armv8‑M Architecture Reference Manual for more information.

You can use the MPU to:

  • Enforce privilege rules.
  • Separate processes.
  • Manage memory attributes.

The MPU can be configured to support 0, 4, 8, 12 or 16 memory regions.

If the Armv8‑M Security Extension is included in the Cortex‑M33 processor, the MPU is banked between Secure and Non-secure states. The number of regions in the Secure and Non-secure MPU can be configured independently and each can be programmed to protect memory for the associated Security state.

Non-ConfidentialPDF file icon PDF version100230_0004_00_en
Copyright © 2016–2018 Arm Limited or its affiliates. All rights reserved.