P3041 QorIQ Communications Processor Product Brief, Rev. 0
P3041 Features
Freescale Semiconductor24
3.12.2 e500mc MMU and Embedded Hypervisor
The P3041’s first line of defense against unintended interactions amongst the multiple CPUs/OSes is each
e500mc core’s MMU, which are configured to determine which addresses in the global address map the
CPU is able to read or write. If a particular resource (such as a portion of memory or a peripheral device)
is dedicated to a single CPU, that CPU’s MMU is configured to allow access to those addresses (on
4-Kbyte granularity); other CPU MMUs are not configured for access to the other CPU’s private memory
range. When two CPUs need to share resources, both of their MMUs are configured to have access to the
shared address range.
This level of hardware support for partitioning is common today; however, it is not sufficient for many
core systems running diverse software. When the functions of multiple discrete CPUs are consolidated
onto a single multicore SoC, achieving strong partitioning shouldn’t require the developer to map
functions onto cores that are the exclusive owners of specific platform resources. The alternative, a fully
open system with no private resources, is also unacceptable. For this reason, the e500mc MMU also
includes embedded Hypervisor extensions.
Each e500mc MMU supports three levels of instructions:
•User
• Supervisor (OS)
• Hypervisor: An embedded Hypervisor micro-kernel (provided by Freescale as source code) runs
unobtrusively beneath the various OSes running on the CPUs, consuming CPU cycles only when
an access attempt is made to an embedded Hypervisor-managed shared resource.The embedded
Hypervisor determines whether the access should be allowed, and if so, proxies the access on
behalf of the original requestor. If malicious or poorly tested software on any core attempts to
overwrite important device configuration registers (including CPU MMUs), the embedded
Hypervisor blocks the write. Other examples of embedded Hypervisor managed resources are
high- and low-speed peripheral interfaces (PCIe, UART) if those resources are not dedicated to a
single CPU/partition.
3.12.3 Peripheral Access Management Unit (PAMU)
The P3041 includes a distributed function collectively referred to as the peripheral access management
unit (PAMU), which provides address translation and access control for all bus masters in the system
(PME, SEC, FMan, and so on). The PAMU access control can be one of the following:
• Absolute—The FMan, PME, SEC, and other bus masters can never access memory range XYZ.
• Conditional—Based on the Partition ID of the CPU that programmed the bus master
Being MMU-based, the embedded Hypervisor is only able to stop unauthorized software access attempts.
Internal components with bus mastering capability also need to be prevented from reading and writing to
specific memory regions. These devices do not spontaneously generate access attempts, but, if
programmed to do so by buggy or malicious software, any of them could overwrite sensitive configuration
registers and crash the system.