Memory Protection Unit (Mpu); Table 13. Attributes And Access Permission Managed By Mpu - ST STM32C0 Series Application Note

When to use the firewall
The firewall protects both code and data. The protected code can always be called as long as a call gate
mechanism is respected.
Note: A firewall is available on STM32L0 and STM32L4 devices only. Refer to the application note AN4730 for more
details.
6.10

Memory protection unit (MPU)

The MPU is a memory protection mechanism that allows specific access rights to be defined for
any memory‑mapped resource of the device: flash memory, SRAM, and peripheral registers. This protection
is dynamically managed at runtime.
Note: MPU attributes are only set for CPU access. Other bus master requests (such as DMA) are not filtered
by the MPU, and must be deactivated if they are not needed.
Region access attributes
The MPU splits the memory map into several regions, each having its own access attribute. Access right can be
set as executable, not executable(XN), read-write (RW), read only (RO), or no access.
Note: There are other attributes set by the MPU for each region: shareable, cacheable, and bufferable. This
application note does not cover the whole complexity of the MPU. This section provides only an introduction
‑ level overview. Refer to applicable programming manual, or to the document [5].
and high
Privileged and unprivileged modes
On top of the access attribute, the Arm Cortex-M architecture defines two execution modes, allowing a process
to run in either privileged or unprivileged mode. For each region, the access attribute can be set independently
for each mode.
The table below shows the different cases supported by mixing modes and access attributes.
Privileged mode attribute Unprivileged mode attribute
No access
RW
RW
RW
RO
RO
1. XN attribute is set by region, and is valid for both modes. It can be used to avoid SRAM code injection for example.
The code executed in privileged mode can access additional specific instructions (MRS), and can also access
Arm® core peripheral registers (such as NVIC, DWT, or SBC). This is useful for OS kernels or pieces of secure
code requiring access to sensitive resources that are otherwise inaccessible to unprivileged firmware.
AN5156 - Rev 8
Table 13. Attributes and access permission managed by MPU
Execute never (XN) (1)
No access
No access
RO
RW
No access
RO
Description
Code execution attribute
All accesses generate a permission fault.
Access from a privileged software only
Written by an unprivileged software generate a permission fault.
Full access
Read by a privileged software only
Read only, by privileged or unprivileged software
AN5156
Memory protection unit (MPU)
page 37/56