How JTAG take control of ARM core?

Note: This was originally posted on 29th July 2010 at http://forums.arm.com

Hello,

I have a question from customer regarding how to disable JTAG in their final product to prevent their application code from explosion from JTAG interface.

Since I am not familiar with JTAG debug module and ARM core interaction mechanism, I would like to know if there is any document talking about the JTAG debug detail procedure.

(1) We have a plan to disable the JTAG port during reset stage of the MCU, and enable it with the built-in ROM code in certain stage. I am not sure if it is workable, any attention needed?

(2) Is the system reset a must when entering JTAG debug mode? If not, please help explain the detail procedure on how JTAG take control of core.


Thanks a lot!
Parents
  • Note: This was originally posted on 5th August 2010 at http://forums.arm.com

    A few more things to check (assume you are doing a SoC design, and you asked this because you want to protect the firmware from being copied):

    First you need to check what is connected to the JTAG ports.  If the JTAG port is only used by the CPU for debug, that is technically possible to disable JTAG at reset and then enable it by some software. But, if the JTAG connection is also used by memory BIST or any chip production testing circuit, it would be a problem.  As Kedar Kulkarni mentioned, JTAG is a test port, it can also be used for boundary scan test or other usages.

    Secondly, you need to consider how to program up the chip in the first place. If the device is purely flash based and has no boot loader, the JTAG connection will not be enabled by software.

    Third, what happen if the boot loader or flash memory got corrupted? or if something gone wrong (e.g. clock) that the processor is not running any code? Will you still be able to reprogram the chip?

    By the way, if your chip has scan test ports, you also need to think about how to protect the firmware from being read out using scan tests.

    Most ARM processor cores allow debug functionality to be disabled by a configuration signal rather than disabling the JTAG connection.  For example, ARM7TDMI have a DBGEN (Debug Enable) pin wich might be more suitable for what you need.
Reply
  • Note: This was originally posted on 5th August 2010 at http://forums.arm.com

    A few more things to check (assume you are doing a SoC design, and you asked this because you want to protect the firmware from being copied):

    First you need to check what is connected to the JTAG ports.  If the JTAG port is only used by the CPU for debug, that is technically possible to disable JTAG at reset and then enable it by some software. But, if the JTAG connection is also used by memory BIST or any chip production testing circuit, it would be a problem.  As Kedar Kulkarni mentioned, JTAG is a test port, it can also be used for boundary scan test or other usages.

    Secondly, you need to consider how to program up the chip in the first place. If the device is purely flash based and has no boot loader, the JTAG connection will not be enabled by software.

    Third, what happen if the boot loader or flash memory got corrupted? or if something gone wrong (e.g. clock) that the processor is not running any code? Will you still be able to reprogram the chip?

    By the way, if your chip has scan test ports, you also need to think about how to protect the firmware from being read out using scan tests.

    Most ARM processor cores allow debug functionality to be disabled by a configuration signal rather than disabling the JTAG connection.  For example, ARM7TDMI have a DBGEN (Debug Enable) pin wich might be more suitable for what you need.
Children
No data
More questions in this forum