MPU-Plus enhances the security of multitasking systems based upon the SMX RTOS.
Setting up an MPU for a bare metal application is easy just initialize the MPU once on power up.
For a multitasking system, much more is needed. The main things MPU-Plus does to achieve better security are:
- Allow defining different MPU images for each task and to handle MPU switching during task switches.
- Provide a Supervisor Call (SVC) API to allow unprivileged code to call system services, as well as to limit which services can be called from such code.
- Allow allocation of protected blocks and messages.
- Run the SMX RTOS and system code in privileged mode and middleware and application code in unprivileged mode.
- Allow tasks to be privileged or unprivileged.
- Individually protect task stacks.
- Map multiple I/O regions for a task in addition to code and data regions on MPUs which commonly have only 8 slots.
- Use subregions on v7 MPU to mitigate memory waste caused by region size and alignment requirements.
- Enhance smxAware debugger plugin to show MPU regions for each task in very readable form and regions in memory map graph.
- Adds strong security to existing and new products.
- Per-task or task group isolation.
- Supports privileged ptasks and unprivileged utasks.
- SVC RTOS API for utasks with restricted services.
- Direct RTOS API for ptasks with unrestricted services.
- Dynamic regions for blocks and messages.