OS-Memory Protection

OS uses memory protection facilities of a processor to achieve freedom from interference between OS applications and cores. For this purpose it may use the memory protection units (MPU) which are responsible for monitoring all memory accesses made by CPU and/or peripheral devices and triggering an exception upon detection of an illegal memory access.

Illegal memory access by non-trusted OSAP is called a memory protection violation. When a memory protection violation is detected, the ProtectionHook is called with status code E_OS_PROTECTION_MEMORY. [SWS_Os_00044]

Note: Freedom from Interference (FFI) is one of the critical criteria to support coexistence of elements with different criticality in a mixed-criticality system (MCS). The principle of FFI is to ensure an element with lower criticality cannot influence an element with higher criticality.

Memory Protection Unit (MPU)

A Memory Protection Unit (MPU) enables memory partitioning with individual protection attributes. This is distinct from a Memory Management Unit (MMU) that provides a mapping between virtual addresses and physical memory locations at runtime. Note that some devices may realize the functionality of an MPU in an MMU.

Overview of protection for memory areas

The memory area to be accessed is first divided into sections in the object file by the compiler. This is the pre-link section. By defining the MPS to which the section before each link is to be placed in the configuration and inputting it to the OS generator, the OS generator generates an information file (linker script, etc.) used as the input of the linker. Then, the linker arranges each section that should be protected in the same way as a memory protection section based on the information in the linker script. Each memory protection section contains one or more post-link sections. The memory protection function uses the information in this memory protection section for control.

Classification of memory area