Memory Protection
Introduction
To ensure system reliability and security, and prevent software defects or malicious code from making illegal access to critical memory areas, the chip provides targeted hardware memory protection mechanisms for different types of CPU cores. Users can achieve flexible hardware protection through software configuration.
The memory protection module types and region numbers for each CPU are shown in the following table.
Processor |
Memory Protection Module |
Region Number |
|---|---|---|
KM4 |
8 |
|
4 |
||
KM0 |
4 |
Note
CPUs that support TrustZone each have an independent Secure MPU and Non-Secure MPU.
The Secure MPU is only active in Secure World, protecting secure memory regions from being accessed by Non-Secure code. The Non-Secure MPU is active in Non-Secure World for memory protection of general application code. The two are independent of each other, and their region configurations do not interfere with one another.
Processor |
Memory Protection Module |
Region Number |
|---|---|---|
KM4 |
8 |
|
4 |
||
KR4 |
16 |
Note
CPUs that support TrustZone each have an independent Secure MPU and Non-Secure MPU.
The Secure MPU is only active in Secure World, protecting secure memory regions from being accessed by Non-Secure code. The Non-Secure MPU is active in Non-Secure World for memory protection of general application code. The two are independent of each other, and their region configurations do not interfere with one another.
Processor |
Memory Protection Module |
Region Number |
|---|---|---|
KM4 |
8 |
|
4 |
||
KR4 |
16 |
|
DSP |
16 |
Note
CPUs that support TrustZone each have an independent Secure MPU and Non-Secure MPU.
The Secure MPU is only active in Secure World, protecting secure memory regions from being accessed by Non-Secure code. The Non-Secure MPU is active in Non-Secure World for memory protection of general application code. The two are independent of each other, and their region configurations do not interfere with one another.
Processor |
Memory Protection Module |
Region Number |
|---|---|---|
CA32 |
Uses MMU for memory protection |
- |
KM4 |
8 |
|
4 |
||
KM0 |
4 |
Note
CPUs that support TrustZone each have an independent Secure MPU and Non-Secure MPU.
The Secure MPU is only active in Secure World, protecting secure memory regions from being accessed by Non-Secure code. The Non-Secure MPU is active in Non-Secure World for memory protection of general application code. The two are independent of each other, and their region configurations do not interfere with one another.
Processor |
Memory Protection Module |
Region Number |
|---|---|---|
KM4TZ |
8 |
|
8 |
||
KM4NS |
8 |
Note
CPUs that support TrustZone each have an independent Secure MPU and Non-Secure MPU.
The Secure MPU is only active in Secure World, protecting secure memory regions from being accessed by Non-Secure code. The Non-Secure MPU is active in Non-Secure World for memory protection of general application code. The two are independent of each other, and their region configurations do not interfere with one another.
Memory Protection Unit (Arm®v8-M)
The Arm®v8-M Memory Protection Unit (MPU) is a hardware component used in ARM Cortex-M processors to manage memory access permissions. It allows privileged software to define memory regions and assign specific access permissions and memory attributes to each region, providing fine-grained hardware control for the memory system.
The MPU can improve system security and reliability in the following ways:
Access Control: Memory regions can be set as read-only (Read-Only) or non-executable (No-Execute, XN), preventing code sections from being accidentally overwritten and data sections from being illegally executed.
Attribute Management: Controls cache policies (Cacheable, Bufferable) and device memory sharing attributes, ensuring predictable memory access behavior.
Fault Detection: Triggers a MemManage exception when an access violates the MPU configuration, helping quickly locate out-of-bounds accesses or permission errors.
MPU regions with larger numbers have higher priority. If two regions overlap in address range, the attributes of the overlapping area are determined by the region with the larger number.
Note
For regions not configured by the MPU, or when the MPU is globally disabled, the processor accesses those regions using the memory attributes of the default system address map.
The start address and size of an MPU region must be aligned to a multiple of 32 bytes.
Note
For more information about ARM Cortex-M MPU, refer to Arm®v8-M Architecture Reference Manual.
Memory Protection Unit (HiFi 5 DSP)
HiFi 5 DSP integrates a Memory Protection Unit (MPU) based on Xtensa architecture. This module provides memory access control and attribute management mechanisms for DSP programs, allowing privileged software to define multiple independent memory regions and assign specific access permissions and memory types to each region.
The main functions of the DSP MPU include:
Memory Isolation: Distinguishes access permissions between kernel mode (Kernel/Privileged) and user mode (User/Non-privileged), preventing user-mode code from accessing privileged memory regions.
Access Control: Memory regions can be configured as read-only (Read-Only) or non-executable (No-Execute, XN) for fine-grained permission management.
Cache Policy: Defines whether specific memory regions are cacheable (Cacheable, Write-Back/Write-Through) or non-cacheable (Uncached/Device), affecting DSP access latency and coherency behavior.
Access Detection: Intercepts unauthorized read, write, or execute operations and triggers exceptions to help locate runtime memory errors.
When the MPU is disabled, the processor uses a default background mapping. At this time, the entire 4 GB physical address space has uniform default attributes. The attributes of the background mapping are configured as follows:
Field |
Value |
Description |
|---|---|---|
AccessRights [3:0] |
0x7 |
Kernel full permissions, User no permissions
|
MemoryType [8:0] |
0x6 |
Device Memory (Device / Strong Ordered)
|
Physical Memory Protection Unit (RISC-V PMP)
RISC-V processors integrate a Physical Memory Protection (PMP) unit. PMP operates directly on the physical address space, allowing machine mode (M-Mode) software to independently configure read (Read), write (Write), and execute (Execute) permissions for each defined memory region, thereby achieving hardware-level access isolation without relying on an MMU.
RISC-V processors integrate a Physical Memory Protection (PMP) unit. PMP allows privileged software to define multiple independent memory regions and assign specific access permissions to each region.
The main functions of PMP include:
Machine Mode (M-Mode) Exclusive Configuration: PMP control registers (CSRs) can only be configured in machine mode (M-Mode), ensuring that the security controls of the highest privilege level cannot be tampered with by lower-privilege code.
Fine-Grained Permission Management: Read, write, and execute permissions can be independently specified for each physical memory region, supporting flexible access control policies.
Parallel Check with PMA: PMP permission checks are executed in parallel with Physical Memory Attribute (PMA) checks. An access request is granted only when both PMP and PMA allow it.
Note
PMP only controls R/W/X access permissions and cannot control cache attributes (cache policies are determined by PMA).
The minimum granularity for PMP memory protection is 1 KB. The start address and size of a configured region must satisfy alignment requirements.
Note
For more information about PMP, refer to RISC-V Privileged Architecture Specification.
