S32K3 JTAG password

kjy106906 · ‎10-07-2024

I want to use the JTAG Password function of S32K312.
Is the following method possible?

S32K312 Secure debug setting (JTAG access not possible)
-> Password sent to MCU via CAN communication
-> MCU escapes Secure debug via Password (JTAG access possible)

Also, is it possible to set S32K312 Secure debug via CAN communication?
(When receiving a specific CAN message, MCU proceeds with setting Secure debug related registers)

If the above method is not possible, should I only enter the Password directly via JTAG to escape Secure debug?

victory · ‎10-10-2024

you can do it on mcu as PEMicro script does, set SDAAP registers to unlock debug.

ovidiubriscan · ‎10-08-2024

Hi, please check steps inside manual RM758221-HSE-B Firmware Reference Manual, chapter Host debug.

Step 1) Provision the ADKP using the HSE_APP_DEBUG_KEY_ATTR_ID attribute.

Step 2) Set authorization method: password-based or challenge-response based, using the HSE_DEBUG_AUTH_MODE_ATTR_ID system attribute.

Step 3) Set the life cycle to OEM_PROD or IN_FIELD using the HSE_SECURE_LIFECYCLE_ATTR_ID system attribute.

All the above steps can be implemented in a DID/UDS routine no issue with that. After the 3rd step you ECU will be JTAG locked. You will need to provide the same password to debug tooling (Lauterbach Trace32 for ex, .

kjy106906 · ‎10-09-2024

Thank you.
After Step 3, if JTAG is locked, can I unlock JTAG by entering the password through UDS.?
Or is JTAG unlock only possible through Debug Tool?
We are using T32. Do you know the relevant guide?

ovidiubriscan · ‎10-09-2024

Hi, morning, this depends on your project strategy, both ways are possible, UDS adviceable to be behind a security access mechanism. But be aware Jtag unlock is only effective up to the next reset, any kind (which is a pain .., normally you want to unlock to debug stuff, hot attach or sleep/wakeup imposible to debug, reflash SW almost impossible). Permanent unlock of Jtag is not possible (like in older NXP architectures or in Tricore).
regards,

kjy106906 · ‎10-09-2024

Thank you very much.

1. Please briefly explain how to unlock the Lock by JTAG PASSWORD with an external UDS message.

2. Should I input the JTAG PASSWORD with a tool like T32 through JTAG? Or is it possible to input it with a UDS message?

3. Is the reason why reprogramming is impossible because reprogramming requires a reset?

ovidiubriscan · ‎10-10-2024

1. You can do it with a $31 service , 31 01 <16bytes jtag_passwd>, or even with a $22 (RDBI), at the end you just need a trigger to your custom C API which will do the unlock procedure.
2. T32 is another easier option (and there are examples on how to do it, check S32_JTAG_WRITE.cmm inside HSE_DEMOAPP_S32K3XX_0_2_1_0) , this may be preferred method.
3. Normally when you do an attach o system up in T32 depends on the scripts behind but normally a reset happens, also when flashing process the scripts behind \demo\arm\flash\s32k3.cmm do some resets which will brake your "unlock" situation.