diff --git a/firmware/trezor.c b/firmware/trezor.c
index e7e011f..8c5d55a 100644
--- a/firmware/trezor.c
+++ b/firmware/trezor.c
@@ -102,13 +102,13 @@ int main(void)
 	}
 #endif
 
+	timer_init();
+
 #ifdef APPVER
 	// enable MPU (Memory Protection Unit)
 	mpu_config();
 #endif
 
-	timer_init();
-
 #if DEBUG_LINK
 	oledSetDebugLink(1);
 	storage_wipe();
diff --git a/setup.c b/setup.c
index 8329b42..0cd7f43 100644
--- a/setup.c
+++ b/setup.c
@@ -193,4 +193,7 @@ void mpu_config(void)
 
 	__asm__ volatile("dsb");
 	__asm__ volatile("isb");
+
+	// Switch to unprivileged software execution to prevent access to MPU
+	set_mode_unprivileged();
 }
diff --git a/util.h b/util.h
index 05d9c9a..de3f9d5 100644
--- a/util.h
+++ b/util.h
@@ -66,6 +66,12 @@ static inline void __attribute__((noreturn)) load_vector_table(const vector_tabl
 	// Prevent compiler from generating stack protector code (which causes CPU fault because the stack is moved)
 	for (;;);
 }
+
+static inline void set_mode_unprivileged(void)
+{
+	// http://infocenter.arm.com/help/topic/com.arm.doc.dui0552a/CHDBIBGJ.html
+	__asm__ volatile("msr control, %0" :: "r" (0x1));
+}
 #endif
 
 #endif