JTAG to TrustZone Cortex-M33

Hey evryone,

I have a question in component security context.

I program my MCU from a JTAG port. I also have a secure UART device in RX to display in hyper terminal.

Can an attacker get access to secure memory and device by connecting to JTAG or via UART ?

  • Assumed that the debug authentication control inputs of the Cortex-M33 is configured correctly, then a debug interface (JTAG or Serial Wire Debug) will not be able to access to Secure memory.

    For UART, it is highly dependent on the software implementation.  If the received data is stored in Secure memory in a received buffer, then it is worthwhile to use Secure MPU to set the memory region as XN (eXecute Never) to avoid code injection attacks. But even if you don't do that, if the Secure software is working correctly it shouldn't create vulnerability. The value of using MPU's XN attribute is as a second level of protection in case if there is a bug in your Secure firmware.

    So, to answer your question, if debug authentication and Secure firmware are working correctly, then it should be fine (attacker do not have access to Secure memory).

  • To add to Joseph's comments on debug authentication, Arm has developed the SDC-600 secure debug channel for this purpose.

    For a demonstration of how Arm debug tools use (or are locked out by) this channel, see here.

More questions in this forum