On 10 Jul 2018, at 18:06, piotr@skrzypek.eu wrote:
Dear Anna,
Thank you very much for quick reply.
I was curious specifically about seL4. eChronos, in my view is much different - it doesn't have the concept of Capabilities or temporal partitioning. These 2 features make seL4 extremely attractive for safety critical applications. This is why I was interested if Cortex-R was in the roadmap.
As Anna said, seL4 targets systems with a full MMU, and trying to bend it to fit an MPU wouldn’t make sense. The advantage of caps is that they give you fine-grained access control. But without a full MMU, you don’t get fine-grained protection from the hardware, the model doesn’t make sense there. Similarly, the temporal isolation model only makes sense if you have relatively complex systems comprised of components with different levels of trustworthiness. An MPU-based microcontroller is just not the right platform for such a system (which almost inevitably uses virtualisation for supporting legacy components). Gernot