US Patent 10592671 Preventing code modification after boot

The subject disclosure is directed towards protecting code in memory from being modified after boot, such as code used in a dedicated microprocessor or microcontroller. Hardware, such as in logic or in a memory protection unit, allows a range of memory to be made non-writeable after being loaded, e.g., via a secure boot load operation. Further, startup code that is used to configure the hardware/memory may be made non-executable after having run once, so that no further execution may occur in that space, e.g., as a result of an attack. A function in the runtime code may allow for a limited, attack-protected reconfiguration of sub-regions of memory regions during the runtime execution.