Autosar memory protection

Question

I'm confused about autosar memory protection mechanism

I have two applications, one trusted one non trusted

I configured a memory protection region range from 0x70000000 to 0x7100000 for the trusted application, and I configured an init task for the trusted application

In init task, if I try to directly write to the memory address inside the configured range it works fine.

If however, I try to write outside the configured range (still correct memory address) I go into an exception

If it happened to a non trusted application I can understand but this is a trusted one

I thought the trusted application can write to whole memory?, what I'm missing here

Answer 1

AUTOSAR_SWS_OS (R19-11) has a Configuration-parameter called OsTrustedApplicationWithProtection

Parameter to specify if a trusted OS-Application is executed with memory protection or not. true: OS-Application runs within a protected environment. This means that write access is limited. false: OS-Application has full write access (default)

Sounds a bit like, your trusted OSApplication is configured here like with true instead of false and therefore also write restricted.

On the other side, ch. 14 "Outlook on Memory Protection Configuration" it states:

As stated before, memory protection configuration is not standardized yet. Nevertheless it seems helpful to contribute a recommendation in this chapter, how the configuration might work

Ch. 14.1 also gives hints, how the MPU config should be handled (SWCD/BSWMD specifying the (CODE/VAR/CONST/..) memory sections and linker-input-sections), so you should not just use arbitrary memory definitions and accessing it directly, but using the AUTOSAR memory mapping way.

And what I do not understand in your case, why do you actually restrict the trusted application by giving the MPU config just this range, instead of restricting your non-trusted application's access?