What is an MPU in ARM?

An MPU, or Memory Protection Unit, is an optional hardware block that divides the address space into a small number of regions and enforces access permissions and memory attributes on each one. If software makes a disallowed access, such as writing to read-only memory or running code from a data region, the MPU raises a fault before the access completes.

What is the difference between an MPU and an MMU?

An MPU only enforces permissions and attributes on a few fixed regions of the existing physical address space; it does no address translation. An MMU does full virtual-to-physical address translation using page tables, giving each process its own virtual address space plus protection. MPUs suit real-time microcontrollers like Cortex-M, while MMUs are used in application processors like Cortex-A that run rich operating systems.

An MPU improves safety, security and reliability. It can mark code as read-only and execute, data as no-execute, and isolate one RTOS task from another so a bug in one task cannot corrupt another's memory. It catches stack overflows, null-pointer writes and stray accesses immediately as faults, which is invaluable in safety-critical and secure embedded systems.

What happens when the MPU detects a violation?

The MPU blocks the access and triggers a memory management fault, MemManage, which vectors to a fault handler. The handler can inspect fault status registers to see what went wrong and where, then recover, terminate the offending task, or reset the system, instead of letting corrupted memory cause unpredictable behaviour.

DAY 20 · SYSTEM & MEMORY

The MPU — Memory Protection

By EcrioniX · Updated Jun 6, 2026

A single stray pointer can corrupt memory and crash a system in ways that are agony to debug. The Memory Protection Unit stops that at the hardware level: it polices who may touch which memory and how, turning a silent corruption into an instant, catchable fault. It's the foundation of safe and secure embedded software.

1. The problem: nothing stops a bad access

By default, any code can write anywhere — over a constant table, into a peripheral, off the end of the stack, even through a null pointer at address 0. The bug doesn't crash where it happens; it corrupts something and the system fails mysteriously later. The MPU's job is to make illegal accesses fail immediately and visibly.

2. What the MPU does: regions + permissions

The MPU divides the address space into a small number of regions (typically 8 or 16). For each region you define a base address, a size, and a set of rules:

Attribute	Controls
Access permission	no-access / read-only / read-write, and whether unprivileged code may access it
Execute-never (XN)	whether instructions may be fetched from the region (data regions → XN)
Memory type	normal vs device/strongly-ordered (controls caching & reordering)
Shareability/cache	cache & coherency behaviour for the region

Classic safe setup: flash = read-only + executable, RAM = read-write + execute-never, peripherals = read-write + device + XN. Now a wild jump into data, or a write into code, is impossible.

3. The fault: caught, not corrupted

If software violates a region's rules, the MPU blocks the access and raises a MemManage fault, vectoring to a fault handler (an exception, per Day 17). The handler reads fault-status registers to learn what and where:

void MemManage_Handler(void) { uint32_t cfsr = SCB->CFSR; // what kind of fault uint32_t addr = SCB->MMFAR; // faulting address (if valid) // log it, kill the offending task, or reset — don't run on corrupted state }

💡 A smoke detector for memory

Without an MPU, a memory bug is a slow gas leak — you only notice when something explodes far away. The MPU is a smoke detector wired to each room: the instant something's wrong, it goes off at the source, so you know exactly which line and which address.

4. MPU vs MMU — don't confuse them

	MPU	MMU
Address translation	none — uses physical addresses	virtual → physical (page tables)
Granularity	a few fixed regions	fine-grained pages (e.g. 4 KB)
Per-process address space	no	yes
Typical core	Cortex-M / Cortex-R	Cortex-A
Runs	bare-metal / RTOS	Linux, rich OSes

An MPU only protects; an MMU also translates, giving every process its own virtual view of memory. That's a later lesson in the course — the MPU is the lightweight, deterministic cousin built for real-time systems.

5. Why it matters: isolation

RTOS task isolation — reconfigure MPU regions on each context switch so a bug in one task can't scribble on another's stack or data.
Privilege separation — run application tasks unprivileged with no access to system control, so they can't disable interrupts or reprogram peripherals they shouldn't.
Catch stack overflow — place a no-access "guard" region just past a stack so an overflow faults instead of silently corrupting.
Safety standards — IEC 61508 / ISO 26262 functional-safety designs lean on the MPU for freedom-from-interference between software components.

✅ The mental model

The MPU is a hardware access policy over a handful of memory regions: each gets read/write/execute permissions and attributes, and any violation becomes an instant MemManage fault instead of silent corruption. Unlike an MMU, it does no translation — it just protects — which makes it perfect for real-time isolation, privilege separation and safety.

🎯 Day 20 takeaways

The MPU splits memory into a few regions with permissions + attributes.
Mark code RO+exec, data RW+execute-never, peripherals device+XN.
A violation → MemManage fault, caught at the source (not silent corruption).
MPU protects only; MMU also translates (virtual memory + per-process spaces).
Key uses: RTOS task isolation, privilege separation, stack-overflow guards, safety.

Quick check

What three things do you define for each MPU region?
Name the one capability an MMU has that an MPU does not.
How would you use the MPU to catch a stack overflow?

FAQ

What is an MPU?

A hardware block that enforces access permissions and attributes on a few memory regions, faulting on any disallowed access.

MPU vs MMU?

An MPU only protects fixed physical regions; an MMU also translates virtual→physical addresses with page tables for per-process spaces.

Why use one?

Safety, security and reliability — task isolation, privilege separation, and catching stray accesses as faults.

← Back to the full course roadmap