Key-point to remember:
Security is defined by address i.e. memory security attributes are really what define security states of the processor.
MPU
The MPU provides a way to divide memory into separate regions, each with its own set of attributes. For example, you could configure one memory region with the read-only and the XN (eXecute Never) attributes, and another region with the read-write attribute.
SAU
Secure Attribution Unit (SAU), which is a programmable unit integrated in the processor core used to define the security status of up to eight memory regions. Note — SAU’s registers can be set to configure non-secure memory, peripheral and interrupt access.
Systems that include the ARMv8-M Security Extension (known as TrustZone for ARMv8-M) provides a separate unit called the Secure Attribution Unit (SAU). This is similar to the MPU in that it can be used to configure different memory regions. However, the SAU focuses on security and allows system designers to create secure memory regions, which are more suitable for trusted secure software
IDAU
Implementation Defined Attribution Unit (IDAU), which is a fixed hardware unit external to the processor core that provides a fixed security status of the memory map as defined by the manufacturer. (i.e. an immutable background attribution map implemented by the vendor in hardware for their specific chip.)