Securing Jtag on LS1021 in any mode does not secure the JTAG port.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Securing Jtag on LS1021 in any mode does not secure the JTAG port.

Jump to solution
1,478 Views
lucroy
Contributor III

We are trying to secure or block jtag access for security purpose. However, we have tested the following security modes sequentially in the order listed and none of them seems to block our jtag port:

001 Conditionally open via challenge response, without notification.
01x 01x: Conditionally open via challenge response, with notification.
1xx 1xx: Closed. All debug portals are disabled.

Using our lauterbach debugger, we can flash new code and step through the code. The state of the secure monitor is secure once we have completed booting into VxWorks. 

Is there anything missing in the following procedure?

Anything I can check to understand what is happening?

Is programming CSU_SA0 required when not accessing the unit via jtag (Closed. All debug portals are disabled)?

PS. please note the DCVR & DRVR were programed and no hamming errors were reported.

Thank you for your any help you can provide.

==================================================================

In uboot, the following commands are entered to secure the Jtag port.

#write the value in the SPF_OSPR1[DBLEV] to "Closed. All debug portals are disabled."  

mw.b 01e80204 04

# confirm the written value
md.b 01e80204 01

# burn the value
mw.l 01e80020 02000000;

# confirm the value again, clear it, load the fused value for reading, and read it. 
md.b 01e80204 01
mw.b 01e80204 00
mw.l 01e80020 01000000;
md.b 01e80204 01

Here is the output.

=>
=> mw.b 01e80204 04
=>
=> md.b 01e80204 01
01e80204: 04 .
=> mw.l 01e80020 02000000;
=> md.b 01e80204 01
01e80204: 04 .
=> mw.b 01e80204 00
=> mw.l 01e80020 01000000;
=> md.b 01e80204 01
01e80204: 07 .
=> reset
resetting ...

 

0 Kudos
Reply
1 Solution
1,465 Views
ufedor
NXP Employee
NXP Employee

Try byte swapping - i.e.:

mw.b 01e80204 04 -> mw.l 01e80204 04000000

md.b 01e80204 01 -> md.l 01e80204 1

View solution in original post

0 Kudos
Reply
2 Replies
1,466 Views
ufedor
NXP Employee
NXP Employee

Try byte swapping - i.e.:

mw.b 01e80204 04 -> mw.l 01e80204 04000000

md.b 01e80204 01 -> md.l 01e80204 1

0 Kudos
Reply
1,443 Views
lucroy
Contributor III

Thank you for you correct reply.

It implies we have been programming/burning 01e80200 with bits 1 and 2 in our manufacturing process. Which we taught were ITS and CSFF. Can burning these bits be a problem for security or otherwise?

Thank you in advance for a much appreciated and anticipated answer.

 

 

 

 

0 Kudos
Reply