



# Is Your Memory Protected?

## Uncovering Hidden Vulnerabilities in Automotive MPUs

Nimrod Stoler & David Lazar

PLAXIDITYX  
GO EVERYWHERE

# Who we are

---



## Nimrod Stoler

Security Researcher @ PlaxidityX



## David Lazar

Embedded Research Team Lead @ PlaxidityX

## PlaxidityX

### Cybersecurity Solutions for the Automotive Industry:

- Comprehensive cybersecurity products and services
- Automotive intrusion detection systems
- Anti-vehicle theft solutions
- Vulnerability management
- DevSecOps

### Embedded Research Team

#### Specializations:

- Automotive vulnerability research & Penetration testing
- Embedded systems & Hardware research
- Reverse engineering
- Fuzzing

#### Highlights:

- Over 250,000 hours of combined experience in automotive cybersecurity
- In-depth knowledge of the vehicle cybersecurity lifecycle
- Expertise in automotive architectures, protocols, and standards
- Proficient in UNR 155 & 156, ISO 21434, and related incident and vulnerability management and treatment



ECU – Electronic Control Unit



ECU – Electronic Control Unit



**X** Execute code from stack

**X** Send messages to ECUs

**X** Read sensitive data

ECU – Electronic Control Unit

# MPU

## Memory Protection Unit

# Agenda

- MPU Introduction & Functionality
- Analysis of the vulnerabilities & Demo
- Disclosure Processes with vendors
- Mitigations and Concluding remarks



# What's an MPU?

- Memory Protection Unit
- Programmable hardware unit that acts as a gatekeeper of memory
- **Divides** memory into **regions**
- For each region, MPUs set:
  - Memory **access permissions** and
  - Memory **attributes**
- MPUs oversee access control to shared memory resources.  
Goal is to **reduce attack surface**











# Types of MPUs

---

# Core Memory Protection Unit

- Also called CMPU or CPU MPU
- **Integrated** into each of the cores
- Controls memory transactions **originating** from each of the cores
- Important attribute is the **“execute” flag**, critical to mitigate buffer overflows



# System Memory Protection Unit

- Positioned between memory transaction sources and common memories
- It is **source aware**
- Offers **system wide protection**
- Manages a list of allowed sources, or bus-masters with their attributes



# How to configure PowerPC MPUs?

---



Source: Google's Gemini

**452 PAGES**

## Table of Contents

|                                                       |   |
|-------------------------------------------------------|---|
| <b>Chapter 1. Introduction</b> .....                  | 1 |
| 1.1 Overview .....                                    | 1 |
| 1.2 Compatibility with the PowerPC Architecture ..... | 1 |
| 1.3 32-bit Book E Implementations .....               | 1 |
| 1.4 Instruction Mnemonics and Operands .....          | 2 |
| 1.5 Document Conventions .....                        | 2 |
| 1.5.1 Notes .....                                     |   |
| 1.5.2 Notation .....                                  |   |
| 1.5.3 Definitions .....                               |   |
| 1.5.4 Reserved Fields .....                           |   |
| 1.5.5 Preserved Fields .....                          |   |
| 1.5.6 Allocated Fields .....                          |   |
| 1.5.7 Description of Instruction Operat               |   |
| 1.6 Book E Overview .....                             |   |
| 1.7 Instruction Formats .....                         |   |
| 1.7.1 Instruction Fields .....                        |   |
| 1.8 Classes of Instructions .....                     |   |
| 1.8.1 Defined Instruction Class .....                 |   |
| 1.8.2 Allocated Instruction Class .....               |   |
| 1.8.3 Preserved Instruction Class .....               |   |
| 1.8.4 Reserved Instruction Class .....                |   |
| 1.9 Forms of Defined Instructions .....               |   |
| 1.9.1 Preferred Instruction Forms .....               |   |
| 1.9.2 Invalid Instruction Forms .....                 |   |
| 1.10 Optionality .....                                |   |
| 1.11 Storage Addressing .....                         |   |
| 1.11.1 Storage Operands .....                         |   |
| 1.11.2 Effective Address Calculation .....            |   |
| 1.11.2.1 Data Storage Addressing Mod                  |   |
| 1.11.2.2 Instruction Storage Addressir                |   |
| 1.11.3 Byte Ordering .....                            |   |
| 1.11.3.1 Structure Mapping Examples .....             |   |
| 1.11.3.2 Instructions Byte Ordering .....             |   |
| 1.11.3.3 Data Byte Ordering .....                     |   |
| 1.11.3.4 Integer Load and Store Byte-I                |   |
| 1.11.3.5 Origin of Endian .....                       |   |
| 1.12 Synchronization .....                            |   |
| 1.12.1 Context Synchronization .....                  |   |
| 1.12.2 Execution Synchronization .....                |   |

## Book E: Enhanced PowerPC™ Architecture

**Version 1.0**

May 7, 2002

**390 PAGES****UM0434****e200z3 PowerPC core  
Reference manual****Introduction**

The primary objective of this user's manual is to describe the functionality of the e200z3 embedded microprocessor core for software and hardware developers. This book is intended as a companion to the *EREF: A Programmer's Reference Manual for Freescale Book E Processors* (hereafter referred to as *EREF*).

Book E is a PowerPC™ architecture definition for embedded processors that ensures binary compatibility with the user-instruction set architecture (UISA) portion of the PowerPC architecture as it was jointly developed by Apple, IBM, and Motorola (referred to as the AIM architecture).

This document distinguishes among the three levels of the architectural and implementation definition, as follows:

- The Book E architecture—Book E defines a set of user-level instructions and registers that are drawn from the user instruction set architecture (UISA) portion of the AIM definition PowerPC architecture. Book E also includes numerous supervisor-level registers and instructions as they were defined in the AIM version of the PowerPC architecture for the virtual environment architecture (VEA) and the operating environment architecture (OEA). Because the operating system resources (such as the MMU and interrupts) defined by Book E differ greatly from those defined by the AIM architecture, Book E introduces many new registers and instructions.
- Freescale Book E implementation standards (EIS)—In many cases, the Book E architecture definition provides a general framework, leaving specific details up to the implementation. To ensure consistency among its Book E implementations, Freescale has defined implementation standards that provide an additional layer of architecture between Book E and the actual devices.

**Table of contents****UM0434****Table of contents**

|          |                                           |           |
|----------|-------------------------------------------|-----------|
| <b>1</b> | <b>Organization</b> .....                 | <b>20</b> |
| 1.1      | Bibliography .....                        | 20        |
| 1.2      | Related documentation .....               | 21        |
| 1.3      | Audience .....                            | 21        |
| <b>2</b> | <b>Conventions</b> .....                  | <b>22</b> |
| 2.1      | Terminology conventions .....             | 22        |
| 2.2      | Acronyms and abbreviations .....          | 23        |
| <b>3</b> | <b>e200z3 core complex overview</b> ..... | <b>24</b> |
| 3.1      | Overview of the e200z3 .....              | 24        |
| 3.1.1    | Features .....                            | 25        |
| 3.2      | Programming model .....                   | 26        |
| 3.2.1    | Register set .....                        | 26        |
| 3.3      | Instruction set .....                     | 27        |
| 3.4      | VLE APU .....                             | 29        |
| 3.5      | Interrupts and exception handling .....   | 29        |
| 3.5.1    | Interrupt handling .....                  | 29        |
| 3.5.2    | Interrupt classes .....                   | 30        |
| 3.5.3    | Interrupt types .....                     | 30        |
| 3.5.4    | Interrupt registers .....                 | 31        |
| 3.6      | Microarchitecture summary .....           | 32        |

**147 PAGES**

## SPC58EHx, SPC58NHx

SPC58 H Line - 32 bit Power Architecture automotive MCU  
Triple z4 cores 200 MHz, 10 MBytes Flash, HSM, ASIL-D

Datasheet - production data



### Features

- AEC-Q100 qualified
- High performance e200z4 triple core:
  - 32-bit Power Architecture technology CPU
  - Core frequency as high as 200 MHz
  - Variable Length Encoding (VLE)
  - Floating Point, End-to-End Error Correction
- 10496 KB (10240 KB code Flash + 256 KB data Flash) on-chip Flash memory:
  - Supports read during program and erase operations, and multiple blocks allowing EEPROM emulation



- Comprehensive new generation ASIL-D safety concept:
  - ASIL-D of ISO 26262
  - One CPU channel in lockstep
  - Logic BIST
  - FCCU for collection and reaction to failure notifications
  - Memory BIST
  - Cyclic redundancy check (CRC) unit
  - Memory Error Management Unit (MEMU) for collection and reporting of error events in memories
- Crossbar switch architecture for concurrent access to peripherals, Flash, or RAM from multiple bus masters with end-to-end ECC
- Body cross triggering unit (BCTU):
  - Triggers ADC conversions from any eMIOS channel
  - Triggers ADC conversions from up to 2 dedicated PIT\_RTIs
- Enhanced modular IO subsystem (eMIOS):
  - up to 96 timed IO channels with 16-bit

### SPC58EHx, SPC58NHx

### Contents

|          |                                                |           |
|----------|------------------------------------------------|-----------|
| <b>1</b> | <b>Introduction</b>                            | <b>6</b>  |
| <b>2</b> | <b>Description</b>                             | <b>7</b>  |
| 2.1      | Device feature summary                         | 7         |
| 2.2      | Block Diagram                                  | 10        |
| 2.3      | Features                                       | 12        |
| <b>3</b> | <b>Package pinouts and signal descriptions</b> | <b>17</b> |
| <b>4</b> | <b>Electrical characteristics</b>              | <b>18</b> |
| 4.1      | Introduction                                   | 18        |
| 4.2      | Absolute maximum ratings                       | 19        |
| 4.3      | Operating conditions                           | 22        |
| 4.3.1    | Power domains and power up/down sequencing     | 24        |
| 4.4      | Electrostatic discharge (ESD)                  | 25        |

**1,439 PAGES****RM0070****Reference manual****SPC564Bxx, SPC56ECxx****32-bit MCU family built on the embedded Power Architecture<sup>®</sup>****Introduction**

The SPC564Bxx and SPC56ECxx is a family of Power Architecture<sup>®</sup> based microcontrollers that target automotive vehicle body and gateway applications such as:

- Central body controller
- Smart junction boxes
- Front modules
- High end gateway
- Combined Body controller and gateway

The SPC564Bxx and SPC56ECxx family expands the range of the SPC560B/C microcontroller family. It provides the scalability needed to implement platform approaches and delivers the performance required by increasingly sophisticated software architectures.

**Contents****RM0070****Contents**

|          |                                                          |           |
|----------|----------------------------------------------------------|-----------|
| <b>1</b> | <b>Preface</b> .....                                     | <b>61</b> |
| 1.1      | Overview .....                                           | 61        |
| 1.2      | Audience .....                                           | 61        |
| 1.3      | Guide to this reference manual .....                     | 61        |
| 1.4      | Register description conventions .....                   | 65        |
| 1.5      | References .....                                         | 66        |
| 1.6      | How to use the SPC564Bxx and SPC56ECxx documents .....   | 66        |
| 1.6.1    | The SPC564Bxx and SPC56ECxx document set .....           | 66        |
| 1.6.2    | Reference manual content .....                           | 67        |
| 1.7      | Using the SPC564Bxx and SPC56ECxx .....                  | 68        |
| 1.7.1    | Hardware design .....                                    | 69        |
| 1.7.2    | Input/output pins .....                                  | 69        |
| 1.7.3    | Software design .....                                    | 70        |
| 1.7.4    | Other features .....                                     | 70        |
| <b>2</b> | <b>Introduction</b> .....                                | <b>72</b> |
| 2.1      | The SPC564Bxx and SPC56ECxx microcontroller family ..... | 72        |
| 2.2      | SPC564Bxx and SPC56ECxx device comparison .....          | 72        |
| 2.3      | Device block diagram .....                               | 75        |
| 2.4      | Feature summary .....                                    | 76        |
| 2.4.1    | High-performance e200z4d core processor .....            | 76        |
| 2.4.2    | e200z0h core processor .....                             | 77        |
| 2.4.3    | Memory Built-In Self Test (MBIST) .....                  | 77        |
| 2.4.4    | Enhanced Direct Memory Access Controller (eDMA) .....    | 77        |

# 2428 pages

1 bit



# **Analysis of HW vulnerabilities**

**CVE-2023-48010**

**CVE-2024-33882**

---

- STMicroelectronic PowerPC Automotive & Industrial MCU

**SPC58 C-line**  
automotive MCUs for car body  
and security applications



Source: <https://www.st.com/resource/en/brochure/brspc58c.pdf>

- STMicroelectronic PowerPC Automotive & Industrial MCU
- Used in different automotive applications



Source: <https://www.st.com/resource/en/brochure/brspc58c.pdf>

- STMicroelectronic PowerPC Automotive & Industrial MCU
- Used in different automotive applications
- **Affected STM Parts:**
  - All SPC58 devices
  - SR5E1
  - SPC574K (K2)
  - SPC572L (Lavaredo)
  - SPC574Sx (Sphaero)

**APPLICATIONS**

- Body Control Module
- Smart Junction Box
- Gateway
- Comfort Module
- Door Module
- Seat Module
- Lighting
- Battery Management
- Control Panel



Source: <https://www.st.com/resource/en/brochure/brspc58c.pdf>

# STMicroelectronics SPC58xx Power PC

Figure 1. Block diagram



Source: SPC584C Datasheet, DS11620 Rev 8, p. 9

# STMicroelectronics SPC58xx Power PC

Figure 1. Block diagram



# STMicroelectronics SPC58xx Power PC



Source: SPC584C Datasheet, DS11620 Rev 8, p. 9

STMicroelectronics SPC58xx Power PC



- Start address
- End address
- List of allowed Sources and their attributes

**Figure 1.** Block diagram



Source: SPC584C Datasheet, DS11620 Rev 8, p. 9

# SMPU Bus-Masters

## 7.3.3.5 AHB Master ID Assignments

Table 34. AHB Master ID Assignments

| SMPU logical bus master number | Bus master         |
|--------------------------------|--------------------|
| 0                              | Core0 (z42560n3_0) |
| 1                              | Core1 (z4256n3_1)  |
| 2                              | Core2 (z4256n3_2)  |
| 3                              | eDMA_0             |
| 4                              | Ethernet_0         |
| 5                              | FlexRay_0          |
| 6                              | SDMMC              |
| 8                              | Core0 Debug        |
| 9                              | Core1 Debug        |
| 10                             | Core2 Debug        |
| 11                             | eDMA_1             |
| 12                             | —                  |
| 13                             | Ethernet_1         |
| 14                             | HSM                |
| 15                             | —                  |

Source: RM0452-spc58-line Rev.4 p. 136

# Configuration Steps

1. Define the region descriptors:
  - Set start address & end address for each region
  - List allowed bus masters and their access attributes
2. Lock the RGDs using RO field
3. Enable the SMPU by setting the GVLD bit
4. SMPU is now enabled and locked



# Configuration Steps

1. Define the region descriptors:
  - Set start address & end address for each region
  - List allowed bus masters and their access attributes
2. Lock the RGDs using RO field
3. Enable the SMPU by setting the GVLD bit
4. SMPU is now enabled and locked

## SMPU Region 1

[0x40000000-0x4000FFFF]

Bus masters: CPU Core 2 – No access

## SMPU Region 2

[0x40010000-0x4001FFFF]

Bus masters: CPU Core 2 – R/W



# Configuration Steps

1. Define the region descriptors:
  - Set start address & end address for each region
  - List allowed bus masters and their access attributes
2. Lock the RGDs using RO field
3. Enable the SMPU by setting the GVLD bit
4. SMPU is now enabled and locked

## SMPU Region 1

[0x40000000-0x4000FFFF]

Bus masters: CPU Core 2 – No access

## SMPU Region 2

[0x40010000-0x4001FFFF]

Bus masters: CPU Core 2 – R/W

NO ACCESS 0x40000000

NO ACCESS 0x4000FFFF

READ/WRITE 0x40010000

READ/WRITE 0x4001FFFF



# The Control/Error Status Register 0

Table 277. CESR0 field descriptions

| Field        | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|--------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 0:15<br>MERR | Master <i>n</i> error, where the bus master number matches the bit number<br>Indicates a captured error in EAR <i>n</i> and EDR <i>n</i> . A bit is set when the hardware detects an error and records the faulting address and attributes. It is cleared by writing '1' to it. If another error is captured at the exact same cycle as the write, the flag remains set. A find-first-one instruction (or equivalent) can detect the presence of a captured error.<br>0 No error has occurred for bus master <i>n</i> .<br>1 An error has occurred for bus master <i>n</i> . |
| 16           | Reserved<br>This read-only bit is reserved and always has the value '1'.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
| 28:30<br>HRL | Hardware revision level<br>Specifies the SMPU's hardware and definition revision level. It can be read by software to determine the functional definition of the module.                                                                                                                                                                                                                                                                                                                                                                                                     |
| 31<br>GVLD   | Global Valid (global enable/disable for the SMPU)<br>0 SMPU is disabled. All accesses from all bus masters are allowed.<br>1 SMPU is enabled.                                                                                                                                                                                                                                                                                                                                                                                                                                |

Source: RM0452-spc58-line Rev.4 p. 557

|                          |                                                                                                                                                                    |
|--------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| <b>31</b><br><b>GVLD</b> | <b>Global Valid (global enable/disable for the SMPU)</b><br>0 <b>SMPU is disabled. All accesses from all bus masters are allowed.</b><br>1 <b>SMPU is enabled.</b> |
|--------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|

**Table 284. RGD<sub>n</sub>\_WORD3 field descriptions**

| Field     | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
|-----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 27<br>FMT | <p>Region Descriptor Format</p> <p>This bit selects the configuration format (FMT0 or FMT1) for this region descriptor.</p> <p><b>Note:</b> A specific module instance of the SMPU may support only the FMT0 format. If so, the FMT field is read-only with a fixed value of 0 and only RGD_WORD2_FMT0 applies.</p> <ul style="list-style-type: none"> <li>0 Use format 0 (RGD_WORD2_FMT0)</li> <li>1 Use format 1 (RGD_WORD2_FMT1)</li> </ul>                                                            |
| 28<br>RO  | <p>Read-Only</p> <p>This bit is intended to prevent accidental writes of an SMPU region descriptor.</p> <p><b>Note:</b> Setting RO in an RGD locks all four words of the RGD until a system reset; the valid bit of the RGD and the global valid bit have no effect.</p> <ul style="list-style-type: none"> <li>0 The region descriptor can be read or written.</li> <li>1 Attempted writes to any location in the region descriptor are ignored with an error-free data transfer termination.</li> </ul> |

Source: RM0452-spc58-line Rev.4 p. 563

**Table 284. RGD<sub>n</sub>\_WORD3 field descriptions**

| Field     | Description                                                                                                                                                                                                                                                                                                                                                                       |
|-----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 27<br>FMT | <p>Region Descriptor Format<br/>           This bit selects the configuration format (FMT0 or FMT1) for this region descriptor.</p> <p><b>Note:</b> A specific module instance of the SMPU may support only the FMT0 format.<br/>           If so, the FMT field is read-only with a fixed value of 0 and only RGD_WORD2_FMT0 applies.</p> <p>0 Use format 0 (RGD_WORD2_FMT0)</p> |

**Note: Setting RO in an RGD locks all four words of the RGD until a system reset; the valid bit of the RGD and the global valid bit have no effect.**

|          |                                                                                                                                                                                                                                                                                                                                                                                                    |
|----------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 28<br>RO | <small>Note: Setting RO in an RGD locks all four words of the RGD until a system reset; the valid bit of the RGD and the global valid bit have no effect.</small> <ul style="list-style-type: none"> <li>0 The region descriptor can be read or written.</li> <li>1 Attempted writes to any location in the region descriptor are ignored with an error-free data transfer termination.</li> </ul> |
|----------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|

Source: RM0452-spc58-line Rev.4 p. 563

**Table 284. RGD<sub>n</sub>\_WORD3 field descriptions**

| Field     | Description                                                                                                                                                                                                                                                                                                                                                                       |
|-----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 27<br>FMT | <p>Region Descriptor Format<br/>           This bit selects the configuration format (FMT0 or FMT1) for this region descriptor.</p> <p><b>Note:</b> A specific module instance of the SMPU may support only the FMT0 format.<br/>           If so, the FMT field is read-only with a fixed value of 0 and only RGD_WORD2_FMT0 applies.</p> <p>0 Use format 0 (RGD_WORD2_FMT0)</p> |

**Note:** Setting RO in an RGD locks all four words of the RGD until a system reset; the valid bit of the RGD and the global valid bit have no effect.

|          |                                                                                                                                                                                                                                                                                                                                                  |
|----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 28<br>RO | <small>Note: Setting RO in an RGD locks all four words of the RGD until a system reset;</small><br>the valid bit of the RGD and the global valid bit have no effect.<br>0 The region descriptor can be read or written.<br>1 Attempted writes to any location in the region descriptor are ignored with an error-free data transfer termination. |
|----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|

Source: RM0452-spc58-line Rev.4 p. 563

**Table 284. RGD<sub>n</sub>\_WORD3 field descriptions**

| Field     | Description                                                                                                                                                                                                                                                                                                                                                                       |
|-----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 27<br>FMT | <p>Region Descriptor Format<br/>           This bit selects the configuration format (FMT0 or FMT1) for this region descriptor.</p> <p><b>Note:</b> A specific module instance of the SMPU may support only the FMT0 format.<br/>           If so, the FMT field is read-only with a fixed value of 0 and only RGD_WORD2_FMT0 applies.</p> <p>0 Use format 0 (RGD_WORD2_FMT0)</p> |

**Note: Setting RO in an RGD locks all four words of the RGD until a system reset; the valid bit of the RGD and the global valid bit have no effect.**

|          |                                                                                                                                                                                                                                                                                                                                                  |
|----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 28<br>RO | <small>Note: Setting RO in an RGD locks all four words of the RGD until a system reset;</small><br>the valid bit of the RGD and the global valid bit have no effect.<br>0 The region descriptor can be read or written.<br>1 Attempted writes to any location in the region descriptor are ignored with an error-free data transfer termination. |
|----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|

Source: RM0452-spc58-line Rev.4 p. 563

# Configuration Steps

1. Define the region descriptors:
  - Set start address & end address for each region
  - List allowed bus masters and their access attributes
2. Lock the RGDs using RO field
3. Enable the SMPU by setting the GVLD bit
4. SMPU is now enabled and locked



# Configuration Steps

1. Define the region descriptors:
  - Set start address & end address for each region
  - List allowed bus masters and their access attributes
2. **Lock the RGDs using RO field**
3. Enable the SMPU by setting the GVLD bit
4. SMPU is now enabled and locked



# Configuration Steps

1. Define the region descriptors:
  - Set start address & end address for each region
  - List allowed bus masters and their access attributes
2. Lock the RGDs using RO field
- 3. Enable the SMPU by setting the GVLD bit**
4. SMPU is now enabled and locked



# Configuration Steps

1. Define the region descriptors:
  - Set start address & end address for each region
  - List allowed bus masters and their access attributes
2. Lock the RGDs using RO field
3. Enable the SMPU by setting the GVLD bit
- 4. SMPU is now enabled and locked**



# SMPU is now enabled and locked



**SMPU is now  
enabled and locked  
Or is it?**



**SMPU is now  
enabled and locked  
Or is it?**



# CVE-2023-48010

After the SMPU is **configured, enabled** and regions are **locked**, a privileged attacker can flip the GVLD bit, **disabling** the SMPU

Providing **read and write** access to protected areas

# Seeking for similar targets

---

- NXP MPC5xx PowerPC family
- For our test we chose the MPC5748
- Automotive and Industrial Control MCU
- Does NXP MPC5748 share the SMPU issue?



## MPC574xB/C/G Microcontrollers

Power Architecture®-based MCU for Automotive  
and Industrial Applications

Source: <https://www.nxp.com/docs/en/fact-sheet/MPC5748GFS.pdf>

# NXP MPC5748 PowerPC



Figure 1. MPC5748G block diagram

Source: MPC5748G Microcontroller Data Sheet, Rev. 6, 11/2018, p. 4

# NXP SMPU Global Valid Flag

Memory map/register definition

## SMPUx\_CES0 field descriptions (continued)

| Field             | Description                                                                                                                                                                                                                            |
|-------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                   | same cycle as the write, the flag remains set. A find-first-one instruction (or equivalent) can detect the presence of a captured error.<br><br>0 No error has occurred for bus master n.<br>1 An error has occurred for bus master n. |
| 16–27<br>Reserved | This field is reserved.<br>This read-only field is reserved and always has the value 0.                                                                                                                                                |
| 28–30<br>HRL      | Hardware revision level<br><br>Specifies the SMPU's hardware and definition revision level. It can be read by software to determine the functional definition of the module.                                                           |
| 31<br>GVLD        | Global Valid (global enable/disable for the SMPU)<br><br>0 SMPU is disabled. All accesses from all bus masters are allowed.<br>1 SMPU is enabled.                                                                                      |

Source: MPC5748G Reference Manual, Rev. 7.1 p. 493-494

# NXP SMPU Lock Bit and note

## SMPUx\_RGDn\_WRD5 field descriptions

| Field            | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 0–7<br>MID       | <p>Master ID of RGDn owner</p> <p>If this RGDn is locked through the setting of SMPUx_RGDn_WORD5[LCK], the MID field will reflect the Master ID of the current RGDn owner.</p>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
| 8–27<br>Reserved | <p>This field is reserved.</p> <p>This read-only field is reserved and always has the value 0.</p>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
| 28–29<br>LCK     | <p>Region Descriptor Lock</p> <p>This bit allows a master to Lock a region descriptor. Once locked, only that master can modify the Region descriptor's contents. This includes all words of the RGD.</p> <p><b>NOTE:</b> Setting LCK to 1x in an RGD locks all words of the RGD until system reset, the Valid bit of the RGD and the Global Valid bit of the SMPU have no effect.</p> <ul style="list-style-type: none"> <li>00 Unlocked</li> <li>01 Locked by the master wrote this register and LCK bit. Attempted writes by other masters are ignored with an error-free data transfer termination</li> <li>10 This value is reserved for future enhancements and should not be used.</li> <li>11 Attempted writes to any location in the region descriptor are ignored with an error-free data transfer termination.</li> </ul> |
| 30<br>Reserved   | <p>This field is reserved.</p> <p>This read-only field is reserved and always has the value 0.</p>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
| 31<br>VLD        | <p>Valid</p> <p>Signals the region descriptor is valid. Any write to RGDn_WORD0–4 clears this bit.</p> <ul style="list-style-type: none"> <li>0 Region descriptor is invalid</li> <li>1 Region descriptor is valid</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |

# NXP SMPU Lock Bit and note

## SMPUx\_RGDn\_WRD5 field descriptions

| Field            | Description                                                                                                                                                                    |
|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 0–7<br>MID       | <p>Master ID of RGDn owner</p> <p>If this RGDn is locked through the setting of SMPUx_RGDn_WORD5[LCK], the MID field will reflect the Master ID of the current RGDn owner.</p> |
| 8–27<br>Reserved | <p>This field is reserved.</p> <p>This read-only field is reserved and always has the value 0.</p>                                                                             |
| 28–29<br>LCK     | Region Descriptor Lock                                                                                                                                                         |

**NOTE:** Setting LCK to 1x in an RGD locks all words of the RGD until system reset, the Valid bit of the RGD and the Global Valid bit of the SMPU have no effect.

|                                |                                                                                                                                                                                                                                                                                                                                                                           |                                |                              |
|--------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------|------------------------------|
|                                | 00 Unlocked<br>01 Locked by the master wrote this register and LCK bit. Attempted writes by other masters are ignored with an error-free data transfer termination<br>10 This value is reserved for future enhancements and should not be used.<br>11 Attempted writes to any location in the region descriptor are ignored with an error-free data transfer termination. |                                |                              |
| 30<br>Reserved                 | <p>This field is reserved.</p> <p>This read-only field is reserved and always has the value 0.</p>                                                                                                                                                                                                                                                                        |                                |                              |
| 31<br>VLD                      | <p>Valid</p> <p>Signals the region descriptor is valid. Any write to RGDn_WORD0–4 clears this bit.</p> <table> <tr> <td>0 Region descriptor is invalid</td> </tr> <tr> <td>1 Region descriptor is valid</td> </tr> </table>                                                                                                                                               | 0 Region descriptor is invalid | 1 Region descriptor is valid |
| 0 Region descriptor is invalid |                                                                                                                                                                                                                                                                                                                                                                           |                                |                              |
| 1 Region descriptor is valid   |                                                                                                                                                                                                                                                                                                                                                                           |                                |                              |

# CVE-2024-33882

After the SMPU is **configured, enabled** and regions are **locked**, a privileged attacker can flip the GVLD bit, **disabling** the SMPU

Providing read, write and **execute** access to protected areas



# The Demo

---

# The Demo Setup



- A demo BCM is connected to the Airbag deployment mechanism and in charge of activating it

**ECU** – Electronic Control Unit

**BCM** – Body Control Module

# The Demo Setup



- Attacker is exploiting a stack buffer overflow on the BCM
- The Airbag mechanism is protected by the BCM SMPU
- Stack is non-executable, so only ROP is available

**ECU** – Electronic Control Unit

**BCM** – Body Control Module

# The Demo Setup



- Attacker's goal is to reach the airbag mechanism's memory and explode the airbags

**ECU** – Electronic Control Unit

**BCM** – Body Control Module

# Demo Attack Path



# The Demo BCM

---



# **DEMO 1: SMPU is ON**

**Attacker has stack buffer overflow over the target BCM  
Goal is to trigger Airbag Deployment**

# **DEMO 2: Exploit SMPU vulnerability**

- (1) Attacker disables SMPU by flipping GVLD**
- (2) Attacker attempts to trigger the Airbags**

**X**

# The Responsible Disclosures

---

# Responsible Disclosure with ST

---

- We contacted ST PSIRT with all information
- ST acknowledged the issue
- **Would release an errata**
- But claimed the SMPU is not a security mechanism



Source: <https://www.st.com/content/dam/st-crew/st-logo-blue.svg>

## **STMicroelectronics Response:**

---

“ The behavior deviation of SMPU you detected may affect non-secure device domains. However, this domain should not be used for storing security information.  
Secret/security-critical data shall be stored within the HSM sub-system memory, if stored outside,  
**they need to be encrypted.**

**The SMPU is not a security protection mechanism:** rather, for example, it helps to avoid interference. ”

[Emphasis added]

# Responsible Disclosure with NXP

- We contacted NXP PSIRT with all information
- NXP acknowledged the issue
- **Would release a Documentation Errata**
- Also claimed the SMPU is not a security feature



Source: <https://www.nxp.com/docs/en/fact-sheet/MPC5748GFS.pdf>

## NXP Response:

---

“ The product's Reference Manual is clear about the SMPU not being a security feature. The SMPU is **not mentioned in the chapter 'Security Overview'**, nor in the section 'Security Modules', **but rather in the section on 'System Modules'**. The SMPU is also not listed under 'Security' in the 'Feature List' table and the chapter that describes the SMPU does not mention 'security'. ”

[Emphasis added]

# Mitigations and conclusion

---

# Mitigations and Concluding Remarks

---

- Memory Protection Units are a crucial part of every microcontroller's defense
- MPUs are indispensable in the context of Automotive apps
- Fixing hardware issue is hard!

## Mitigations:

- Test important claims made in datasheet
- Use exploit mitigations, such as stack smashing defenses
- In the case of the ST chip, block as much as possible using the CMPUs





**Thank you!**

---

**P L A X I D I T Y X**  
**G O E V E R Y W H E R E**