6.1. About Security Attribution and Memory Protection

Security attribution and memory protection in the processor is provided by the optional SAU and the optional MPUs.

The SAU is an optional component that determines the security of an address. If the Security Extension is not implemented, the SAU is also not implemented. Otherwise, it can optionally be implemented and supports zero, four, or eight regions.

For instructions, the SAU returns the security attribute (Secure or Non-secure) and identifies whether the instruction address is in a Non-secure callable region.

For data, the SAU returns the security attribute and checks whether the core is running in Non-secure state and tries to access a Secure region. If this happens, a HardFault is generated.

The security level returned by the SAU is a combination of the region type defined in the internal SAU, if configured, and the type that is returned on the associated Implementation Defined Attribution Unit (IDAU). If an address maps to regions defined by both internal and external attribution units, the region of the highest security level is selected.

Table 6.1. Examples of Highest Security Level Region

IDAUSAU RegionFinal Security
SXS
XSS
S-NSC or NSS-NSCS-NSC
NSNSNS

At reset, before any SAU regions are programmed, the SAU_CTRL.ALLNS register bit selects the default internal security level. On reset the SAU_CTRL.ALLNS register is always reset to zero, setting all memory, apart from some specific regions in the PPB space, to Secure state. Setting SAU_CTRL.ALLNS bit to zero prevents an external SAU overriding any security level.

The MPU is an optional component for memory protection. When implemented, the processor supports the ARMv8-M Protected Memory System Architecture (PMSA) model. The MPU provides full support for:

MPU mismatches and permission violations invoke the HardFault handler. See the ARM®v8-M Architecture Reference Manual for more information.

You can use the MPU to:

The Cortex-M23 processor includes up to two MPUs depending on whether it implements the Security Extension or not:

See the ARM®v8-M Architecture Reference Manual for more information on SAU and MPUs.

Copyright © 2016 ARM. All rights reserved.ARM DDI 0550C
Non-ConfidentialID112116