Most architectures in Zephyr use MMU/MPU to isolate the thread memory regions so that the system is protected from buggy or malicious code. However, MMU/MPU can only limit memory accesses from CPUs. Memory accesses such as those from DMA are not protected by MMU/MPU, which may cause critical security issues. This issue should be brought to attention because Zephyr has been adding more DMA devices to the code, while many DMA devices might be buggy or even malicious. Therefore, without taking actions, Zephyr would be under increasing security risk. RichOSes use IOMMU/SMMU to protect the device memory accesses in general, and likewise, Zephyr can mitigate the above-mentioned security issue by introducing the IOMMU/SMMU technology. Additionally, the introduction of IOMMU/SMMU makes Zephyr possible to support more PCI and DMA devices or even features such as virtualization. Because of the variety of hardware-level solutions provided by different architectures, it is necessary to add a new IOMMU/SMMU Subsys framework for Zephyr so it can be easily extended in the future. This talk will cover the Zephyr Arm SMMUv3 support based on the Subsys framework. A live demo will be presented to showcase using SMMUv3 to protect memory access from a PCI AHCI device on the Arm FVP platform.