Feasibility of MPU use in FreeRTOS

Hi guys,

I’ve been developing on an ARM Cortex M33 (nRF9160) with the MPU enabled. I am trying to move all my tasks to unprivileged mode. I keep running into what I call the “MPU wall” in this attempt. On my platform, I’ve decided to place all state variables used by drivers that service multiple tasks and are static within the driver module (not visible globally), in a shared memory pool that is setup to be shared and allowed by the MPU. I seem to be putting more and more of these state variables into this shared pool. Now, I’ve hit another obstacle where I’m calling a library function (Nordic library) and the MPU is running interference again. I’m wondering how to resolve this when I try to use other 3rd party libraries (I don’t necessarily have access to the source code either).

I’ve been bypassing this up until now by making the task a privileged task. However, this makes almost all my tasks privileged defeating the purpose of the MPU in the first place. So, I’m beginning to wonder about the feasibility of using the MPU at all.

Any suggestions?


Drivers/Libraries used (directly called) by multiple task that need static memory do not work well in restricted tasks due to the sharing issue you are describing.

The key thing is to ask yourself, what is the “threat” model that you are looking at. In most cases, the “restricted” parts of the program aren’t “untrusted”, but are being restricted for a safety/security reason that if something does go wrong with that code, the unrestricted code can bring the system to a “safe” state.

A key point is tasks are NOT really like a “process” in a bigger system where we have an expectation of real isolation between them, but are much more like threads, so you shouldn’t expect that level of isolation between them.