Theatre

Partitioning for Security

Watch Now

34:07

EOC 2022

Login to Watch

David Moore

David Moore is the Director of Engineering at Micro Digital. He has focused the past few years on developing SecureSMX®, as well as managing the developers and codebase, working with customers and partners, and making ongoing contributions to product quality. For many years, he maintained and extended the SMX® RTOS kernel and middleware components. Initially focused on x86 product development, he implemented the ARM and ARM-M (Cortex-M) ports of SMX and supported many new processors. He holds a degree in Information and Computer Science from the University of California, Irvine and is a member of the Phi Beta Kappa honor society.

View full profile

Topics Covered

Microcontroller RTOS Security Software Design

Theatre

Partitioning for Security

David Moore

34:07 EOC 2022

David Moore

34:07

A typical embedded system has no security structure. If a hacker breaks in anywhere he has access everywhere — to the keys, critical data, and everything. Secure coding is a great thing to do, but it only takes a single flaw to compromise the whole system, and on a system with thousands of lines of code, it could take a long time to find and fix all problems. It’s a never ending battle because new exploits are conceived continually. Partitioning greatly limits the scope of an intrusion and allows focusing secure coding efforts on the most critical partitions. This talk focuses on use of the Cortex-M Memory Protection Unit to partition the application and RTOS for security. After introducing the MPU and partitioning briefly, it discusses novel techniques at a fairly detailed level. It shows the mechanics with code and build file snippets.

1 / 5

Please log in or create an account to test your knowledge and see the answers.

What is the primary security benefit of partitioning an embedded system with the MPU, according to the talk?

A It eliminates the need for secure coding because the MPU will block all exploits.

B It centralizes all keys and critical data into one privileged partition so developers can ignore other code.

C It limits the scope of an intrusion to the breached partition so secure-coding effort can be focused on the most critical partitions.

D It improves real-time performance by removing memory checks from most tasks.

E It makes it unnecessary to use an RTOS because hardware protection is sufficient.

How does the speaker describe the relationship between tasks and MPU images (MPAs) in an RTOS-based system?

A A single global MPU configuration is shared by all tasks at all times.

B Each task has its own MPA which is loaded from a template and copied into the MPU on a context switch.

C MPA regions are fixed at boot and cannot be changed without rebooting the device.

D Unprivileged tasks can create or modify MPU regions directly as needed.

E The MPU automatically infers regions from the task stack and code without templates.

What mechanism does the speaker recommend for unprivileged (U-mode) code to invoke privileged system services?

A Unprivileged code should call privileged functions directly; the MPU will allow or block as needed.

B Use the Cortex-M SVC instruction (supervisor call) so the call runs in privileged mode and returns to unprivileged mode.

C Have the unprivileged task temporarily set the nPRIV bit to become privileged while calling the service.

D Use PRIMASK or BASEPRI masking to raise privilege before calling the service.

E Replace all system services with portals so SVC is unnecessary.

Why did the presenter use 'tunnel' portals between clients and middleware like the filesystem?

A To provide a message-based API that gives true separation so client tasks have no direct access to middleware code, data, or I/O.

B To eliminate the need for MPU regions entirely by placing middleware into every client's address space.

C To allow unprivileged code to create MPU regions on the middleware's behalf.

D To speed up calls by avoiding any context switches between tasks.

E To encrypt all API parameters so middleware internals are hidden cryptographically.

What technique does the speaker recommend to reduce SRAM waste caused by the ARMv7-M MPU power-of-two region sizing?

A Use MPU regions sized to the next power-of-two and accept the wasted SRAM as unavoidable.

B Disable the MPU so arbitrary-sized regions can be used in software.

C Use subregions (one-eighth disable bits) and careful linker packing/fractional sizes to pack smaller regions into the wasted space.

D Always place all data in one huge region to avoid fragmentation.

E Switch to unprivileged tasks for all middleware so region sizes no longer matter.

Formatting help

italics	surround text with asterisks
bold	surround text with two asterisks
hyperlink	[hyperlink](https://example.com) or just a bare URL
code	surround text with `backticks`
~~strikethrough~~	surround text with ~~two tilde characters~~
quote	prefix with >

Upvotes Newest Oldest

kwadrat

Score: 0 | 4 years ago | 1 reply

Thank you for your talk - I am programming ARM Cortex-M3 and Cortex-M4 and earlier I was skipping MPU part of the hardware in PDF chip documentation because it was relatively short.

DavidMoore

Score: 0 | 4 years ago | 1 reply

Thanks for watching. The chip manuals usually don't cover the MPU because it is defined by ARM in their docs. You can find them easily with Google and download the PDFs:
v7: "arm 0403e" and see section B3.5 Protected Memory System Architecture, PMSAv7
v8: "arm 100699"
Even better is to get Joseph Yiu's book The Definitive Guide to the ARM Cortex-M3 and Cortex-M4. It's the reference standard for the Cortex-M processors.

kwadrat

Score: 0 | 4 years ago | no reply

Thank you! Quick search and I found "ARM DDI 0403E.b" document with B3.5 section.

Davide.Ferrari

Score: 1 | 4 years ago | 1 reply

A mouse pointer would have helped to understand what you are talking about.

DavidMoore

Score: 0 | 4 years ago | no reply

I agree, especially for the code snippets and tool output that would have been helpful. Thanks for your suggestion!

Partners & Sponsors

Percepio

Edge Impulse

STMicroelectronics

Renesas

Amazon AWS

The Qt Company

NXP

TUXERA

XMOS

Timesys

Saleae

Become a Sponsor