VEE Port Safety Instrumentation Demos on NXP i.MX RT1170-EVK

Announcements
, , , ,
1

Hi everyone,

We are excited to share two new demonstrations showcasing how hardware modules integrated into the NXP i.MX RT1170-EVK can enhance the safety of the MICROEJ VEE Port against memory corruption.

Link to the GitHub demonstration repository:

Memory Protection Unit (MPU) demo on Zephyr VEE Port

The main goal of this demonstration is to show how the ARM Memory Protection Unit (MPU) can be used to secure the memory of a MICROEJ VEE Port running on Zephyr RTOS.

Link to the MPU demo documentation:

What is the MPU ?

The MPU is an optional component in Cortex-M processor systems. In systems that require high reliability, the MPU can protect memory regions by defining access permissions for different privilege states. Refer to this ARM MPU documentation for more information.

Features

  • Isolation of MICROEJ VEE memory from an untrusted native thread with the MPU.
  • Safe data sharing between MICROEJ VEE and the authorized thread.
  • Controlled corruption scenario to visualize the protection mechanism.
  • Integration with Zephyr RTOS memory partitions and domains.

System Architecture

upload_26191843e957c279553a510dd7ca41d8
upload_26191843e957c279553a510dd7ca41d8451×311 10.3 KB

The demonstration is based on three native threads:

  1. Authorized Native Thread (runs in user mode)

    • Has access to the vee_partition containing vee_data, a variable shared with the MICROEJ VEE.
    • Can intentionally corrupt vee_data.

  2. MICROEJ VEE Thread (runs in supervisor mode)

    • Has unrestricted memory access.
    • Executes the Java application.

  3. Unauthorized Native Thread (runs in user mode)

    • Does not have access to vee_data through the shared partition it belongs to.
    • Any attempt to modify vee_data triggers an MPU FAULT.

Demonstration Workflow

upload_7b5e0266718fe070982f6067ab4e965f
upload_7b5e0266718fe070982f6067ab4e965f671×442 24.3 KB

  1. The MICROEJ VEE thread starts and periodically prints while vee_data = 0 :
MICROEJ VEE : Hello World from Java
  1. The Authorized Thread starts and corrupts the vee_data variable by setting it to 1. The MICROEJ VEE detects the corruption and prints :
MICROEJ VEE : Data corrupted
  1. The vee_data variable is reset to its original value, the MICROEJ VEE thread restarts and periodically prints :
MICROEJ VEE : Hello World from Java
  1. The Unauthorized Thread starts and attempts to corrupt vee_data. This triggers an MPU FAULT, halting the system:
***** MPU FAULT *****
Data Access Violation

Result

The MPU enforces strict separation between native threads, preventing unauthorized native code from corrupting the MICROEJ VEE data.

NXP Extended Resource Domain Controller 2 (XRDC2) protection on FreeRTOS VEE Port

This demonstration showcases how the Extended Resource Domain Controller 2 (XRDC2) protects the memory of a MICROEJ VEE Port running on FreeRTOS against corruption caused by an Enhanced Direct Memory Access (eDMA) transfer.

Link to the XRDC2 demo documentation:

What is the XRDC2 ?

The XRDC2 provides an integrated, scalable architectural framework for access control, system memory protection, and peripheral isolation. It allows software to assign chip resources, including processor cores, non-core bus masters, memory regions, and slave peripherals to processing domains to support the enforcement of robust operational environments.

What is the eDMA ?

The eDMA controller is a second-generation module capable of performing complex data transfers with minimal intervention from a host processor.

Features

  • Isolation of MICROEJ VEE memory from untrusted DMA accesses.
  • Dynamic reconfiguration of XRDC2 access policies.
  • Controlled eDMA transfers to demonstrate both blocked and allowed memory corruption.
  • Detection of memory corruption at the Java application level.

System Architecture

This XRDC2 demonstration involves three main components :

  1. MICROEJ VEE Task

    • Runs on the Cortex-M7 core.
    • Executes the Java application.
    • Accesses a vee_data variable stored in a protected memory region.

  2. eDMA Controller

    • Acts as a second bus master.
    • Attempts to transfer data into the MICROEJ VEE memory region.
    • Its access is either blocked or allowed by XRDC2.

  3. XRDC2 Controller

    • Assigns domain IDs to CM7 and eDMA.
    • Defines access policies on memory regions.
    • Dynamically reconfigures memory permissions during the demo.

Demonstration Workflow

upload_77ced650244880246fcbf1399dfee882
upload_77ced650244880246fcbf1399dfee882661×404 22.3 KB

  1. Initialization

    • XRDC2 is initialized.
    • Domain IDs are assigned: CM7 (trusted), eDMA (restricted).
    • MICROEJ VEE memory region is initially accessible to CM7, inaccessible to eDMA.

  2. MICROEJ VEE starts execution

    • Java app periodically prints :
MICROEJ VEE : Hello World from Java
MICROEJ VEE : Data value = false

  1. First eDMA transfer (denied)

    • XRDC2 denies eDMA access according to the access policies.
    • Transfer fails, memory remains intact.
    • MICROEJ VEE continues running normally.

  2. Second eDMA transfer (allowed)

    • XRDC2 reconfigures policy to grant eDMA access.
    • eDMA successfully corrupts MICROEJ VEE data.
    • Application detects corruption and stops :
MICROEJ VEE : Data corrupted
MICROEJ VEE : Data value = true

Result

The XRDC prevents bus masters like eDMA from unauthorized access, ensuring runtime resilience even against peripheral-driven attacks.

Learn more with hardware HardFault debugging with Debug a HardFault — MicroEJ Documentation

Happy coding!
The MicroEJ Team.

1 Like