Can Cortex M4 MPU protect itself

We are close to a product release, and our security team are dropping a number of requirements on us this late in the game. Somewhat schedule constrained about what can be realistically changed. It is unlikely we have time to entertain USER mode and the preference is to run with full PRIVILEGE.

Understandably our security team want to prevent MPU wr() access so that its config is protected.

Is there a way to use the MPU to wr() protect itself. I have tried to define a RO region on the MPU but this seems to have no impact.

Can someone confirm you cannot define an MPU region to prevent wr() access to its own register suite ?

Hmm, I would think that this is not possible. Do double check that your MPU region is aligned correctly (Fix Bugs and Secure Firmware with the MPU | Interrupt is a useful resource).

1 Like

I have since confirmed that because the MPU and others system type register (NVIC) reside on the internal private bus they are not MPU protected. As far as I know looks like a combination of SVC calls and privlege mode config are required to provide some security protection