The hypervisor (virtual machine monitor, VMM) forms an important basic concept of virtualization. From the point of view of software, the VMM ensures that different independent software units can be completely separated from one another. This so-called freedom from interference is useful in particular insecurity-critical use cases. Larger software units, for example applications including operating systems, are in the following referred to as virtual machines (VMs). Smaller software units (software entities, SWEs) are for example operating system tasks, software threads, or parts of the user software inside a VM. The hierarchical subdivision of VMs and SWEs can be realized in actual hierarchical fashion in the execution, or through a flat partitioning of a large number of SWEs having only a logical allocation to VMs. For an efficient virtualization, a microcontroller or microprocessor according to the existing art has specific hardware capabilities in order to be able to separate the VMs from one another.
A core module of the virtualization within a microcontroller or microprocessor (μP)—in the following referred to for short as μC—is the memory protection unit (MPU). In general, the MPU can be freestanding, or can be integrated within a memory management unit (MMU). The main computing core MPU checks the memory accesses of the main computing cores of a μC for possible access infringements. The IO-MMU checks the memory accesses of the DMA-capable or master-capable peripheral units of a μC for possible access infringements. The main computing core MPU and the IO-MPU are referred to in the following simply as MPU. The DMA-capable or master-capable peripheral units are in the following designated, together with the main computing cores, as computing cores. An access infringement is for example a write access by a VM to a memory address that is assigned to a different VM. For this purpose, on the basis of address tables it is checked whether the addresses connected with the individual accesses are within the allowed regions. Typically, different address regions are defined for different VMs. For example, for 5 VMs and, respectively, 10 address regions, a total of 5×10=50 address regions are to be defined. A typical computing system is made up of one or more computing cores and for example flash memories or RAMs, connected among one another via a bus or crossbar switch. An MPU is a hardware unit that is situated for example between a computing core and a bus or crossbar switch. The MPU stores the address regions and contains comparator units that check each access of the computing core to the memory, via the bus or the crossbar switch, for permissibility before its execution. If the access is permitted, it takes place. If an access is not permitted, it is prevented and therefore does not reach the bus, and the computing core is suitably informed, for example through an interrupt.
German Patent Application No. DE19828056 A1 relates to a system for monitoring memory regions of a memory during a write process of the memory within a program sequence. It is provided that an auxiliary memory is assigned to the memory, which auxiliary memory is structured during the application of memory regions of the memory in such a way that memory regions of the memory that are to be protected are each assigned identified memory regions of the auxiliary memory, and when the program is executed the memory regions of the memory and the identified memory regions of the auxiliary memory can be addressed at the same time, and when there is unauthorized addressing of an identified memory region of the auxiliary memory the program sequence is influenced.