When you are securing a firmware or an application code , it boils down to protecting the portion of memory with MPU. When and why would I use TrustZone-M for securing the firmware when I can actually get it done by an MPU. Any insights are appreciated!
So can I still use an MPU and have read-only attributes to the secure firmware APIs while totally protecting the rest of the secure firmware and achieve what I could with a TrustZone-M? I am trying to understand what an MPU can't that a TrustZone-M can do when it comes to protecting a firmware in the memory.
One example of an extra thing the SAU can do is to protect the firmware from other *privileged* code. Any privileged code could reporgram the MPU and bypass your protection, Non-secure privileged code cannot reprogram the SAU.
thank! thats interesting to know