I have been working on an application using LPC43S20 for several years. The application uses the secure boot functionality. It is a flashless part so the JTAG is disabled by writting our board unique random AES key to OTP1. This all works fine and is well established.
There are a number of builds that can be issued to our manufacturing facility, not all of which disable the JTAG. The special builds are used when manufacuring hardware that is going to be used by myself and the rest of the sotware developers.
We would like to add some functionality to our application so that it can double check that the JTAG has been disabled.
UM10503 states "On flashless parts, JTAG access is disabled automatically once the key is
programmed in OTP memory bank 1." which is what we are doing.
Is there a way of confirming if this has actually happened?
I could call aes_ProgramKey1() and see if I get /*0x00030003*/ ERR_SEC_AES_KEY_ALREADY_PROGRAMMED, but If I do this, and the AES key is not written, then it will get written. I don't want this to happen so this is not a good solution.
OTP memory bank 3, word 0 but 31 is the JTAG_DISABLE bit. If I Disable the JTAG by calling aes_ProgramKey1() goes the JTAG_DISABLE bit get set? Or do I also need to explicitly call otp_ProgJTAGDis()? The user manual is not clear and for me to test out my assumptions I would need to start start disabling JTAG on my dev PCBs which seems wasteful.
On a related note, I've always been curious about this - what happens if you write all zeros into OTP1, is it the act of writting to OPT1 that disables the JTAG, or is it the setting of bits in OTP1 that disables the JTAG?
Thanks in Advance.
