Zephyr OS Memory Protection

Explore MPU-based memory protection features in the Zephyr RTOS through this 35-minute conference talk. Learn about novel techniques for overcoming MPU hardware limitations, implementing security domains in physical memory maps, and maintaining API compatibility across platforms. Discover the permission management system for controlling access to kernel objects and device driver instances, as well as the handling of static and dynamically allocated kernel objects. Gain insights into routing global objects to application memory domains, managing size/alignment constraints of MPU hardware, and defining system calls. Examine the implementation of futex-like capabilities for IPC mechanisms and uncover ongoing areas of development in Zephyr OS memory protection.

Intro
Zephyr vs. Linux
So What's the Problem?
High Level Security Objectives
User Mode Threads
Build Generation
Object Metadata
Futex-like objects
Dynamic Kernel Objects
System Calls Flowchart
MPU Hardware - SAM E70 Example
Memory Domains / Kernel Object Permissions
Automatic Memory Domain Setup
Automatic Memory Partitioning
Resource Allocation
Wrap-Up