• State Resolved
  • Locked Locked
  • Replies 4 replies
  • Subscribers 97 subscribers
  • Views 1501 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

To implement Memory Protection feature on TDA3x as proposed by AUTOSAR

Hyonchol
Prodigy 30 points


We are currently doing for the SC3 workaround for memory protection to meet AUTOSAR OS standard with TI TDA3x processor and we are trying to use the firewall features in the Interconnect module and we have a couple of questions for clarification. We have two questions at the end of this description. (more detail is in the attached document)

1. Feasibility study: Autosar Memory protection for TDA3x

2. Objective/Requirement: To implement memory protection feature on TDA3x as
proposed by Autosar

3. Problem Statement:
A range based memory protection(Dividing the physical memory into sections and and
assigning the attributes(READ, WRITE, EXECUTE etc) to the individual sections) is to be
implemented.
A dedicated ARM core Memory Protection Unit (MPU) provided this feature where in the
sections can be defined and attributes can be assigned to individual memory sections.But, the
ARM Cortex M4 core for TDA3x does not include the Memory Protection Unit (MPU).
So an alternate way has to be found out and implemented which will confirm to the
Autosar Memory protection feature.

4. Assessment of options: Using Interconnect module.
The Interconnect module within the TDA3X provided Firewall feature.
Firewall: A programmable feature integrated in a target agent or L4 interconnect to
prevent unauthorized access to or from a module. A firewall can be configured using three
criteria:
– Initiator requesting access
– Address space access
– Type of access

5. Implementation Summary:
We have implemented L3 firewall based memory protection with IPU as Initiator agent and
EMIF (which is part of L3 main)as target agent and with some initial level of testing we can say
that Autosar Memory Protection feature can be implemented using Firewall.

6. Concerns & Questions:

1) Our Observation was that when IPU Cache is enabled the Firewall protection fails as some
of instructions and data are already cached.
Is it possible that L3 firewall can be made to work with Cache enabled ?
The IPU cache is part of L1 and L2 level memory so is L3 firewall handling sufficient ?

2) We have implemented the memory protection using L3 level firewall and thus memory
protection for EMIF, OCMC and GPMC etc can be supported. But, the IPU’s Internal memory
is not part of L3 level memory hence if IPU’s Internal memory is used then memory protection
is not possible with current implementation.
How can we implement memory protection for L1 and L2 level of memory ?
The Memory protection should be region based memory protection(We should be able
to define start and end address along with access attributes for a region)

Memory_Protection_Tda3x_QuestionsforTI.pdf

  • 0
    TI__Guru 55685 points

    Hi Hyonchol,

    You can enable L3 firewall with IPU cache enabled. You need to make sure that you invalidate/flush cache while switching the firewall permissions. Another point you should consider is that the cache is shared between both IPU cores.
    You cannot protect L1 and L2 memory using firewall. You need to implement AMMU/MMU based protection.

    Can you please let me know what is the use case and what is the objective so that we can have the best possible solution.
    Thanks.

    Regards,
    Rishabh

  • 0 in reply to Rishabh Garg
    Prodigy 30 points

    Hello Righabh,

    The use case is as explained below,

    The operating system should restirct the nontrusted tasks (tasks which run in non-priviledged mode) from accessing the code,data of OS or other tasks.

    i.e the nontrusted task can only access/execute from the memory which is assigned to it. Currently we are using EMIF memory space and the access restictions are provided using L3 Firewall.

    Whenever a nontrusted task is switched in the firewall regions are configured to give/restrict access to the memory.

    So if nontrusted task tries to execute an instruction or access data outside its allowed memory region then there should be a firewall error.

    But, when cache is enabled(which is part of L2 memory) there is no error for the instruction/data which is already cached.

    Now, from your previous reply what i understand is we can use cache only for trusted tasks(which run in preveleged mode and no memory restriction) and before switching to nontrusted tasks we need to invalidate/flush cache, also disable cache, configure the firewall regions and execute nontrusted task.

    And again while switching to trusted task enable the cache use.

    Is my understanding correct ?

    Also you mentioned about using memory protection for L1,L2 using AMMU or MMU, Whether AMMU or MMU provide range based memory protection as provided by firewall ? We do not want to use page based memory protection.

    Regards,

    Yuvraj

  • 0 in reply to Hyonchol
    TI__Guru 55685 points
    Hi Yuvraj,

    AMMU or MMU does not provide range based memory protection as provided by firewall.

    Cortex M4 does not have privilege or non-privilege mode.
    You can define tasks as trusted and non trusted tasks as per your convention.
    You can use cache with both trusted and non trusted tasks.
    Sequence: Trusted task execution complete -> Writeback cache -> invalidate cache -> disable cache -> configure firewall -> Enable cache -> Enable non trusted task
    You should also make sure that this change is atomic so that the scheduler is not corrupted.

    regards,
    Rishabh
  • 0 in reply to Rishabh Garg
    TI__Mastermind 42515 points
    Hi,

    There was a suggested answer and since there has been no activity on this thread for more than a week,
    the suggested answer was marked as verify. Please feel free to select the "Reject Answer" button and reply with more details.

    Regards,
    Yordan