- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- Advanced AnalogAdvanced Analog
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
- S32Z/E
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
- Generative AI & LLMs
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
- RFID / NFC
- Advanced Analog
-
- NXP Tech Blogs
- Home
- :
- Product Forums
- :
- S32K
- :
- Re: Secure JTAG instead of Secure Boot
Secure JTAG instead of Secure Boot
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Secure JTAG instead of Secure Boot
09-15-2025
04:47 AM
887 Views
moogambika
Contributor I
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can we consider the code protection feature (Secure JTAG) as an alternative for Secure Boot?
What additional attack points are eliminated with Secure Boot?
Need info on memory tampering other than through JTAG for Secure Boot.
8 Replies
09-15-2025
10:46 AM
850 Views
Julián_AragónM
NXP TechSupport
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @moogambika,
You can refer to both AN5401 and AN12130, for basic descriptions between secure boot vs secured JTAG:
From AN12130, secured part (JTAG):
"Secured part: The JTAG/SWD interface will be disabled when the part is secured. This means that a debug controller cannot read or write to SOC memory-mapped addresses when the part is in this state. The part is secure when the FTFC_FSEC byte is in a secure state in the flash configuration field. Once this happens, you can’t run any CMD_DBG_CHAL and CMD_DBG_AUTH commands via JTAG/SWD.
So, customer application code must have the flow shown in Mass Erase and CSEc considerations embedded in their application and trigger the routine from a different interface such as CAN or UART/Serial interfaces, for example."
From AN5401, secure boot:
"The CSEc has a mechanism which allows users to authenticate boot code in flash. The MCU can be configured so that on every boot, a section of code is authenticated, and the generated MAC is compared with a value previously stored in a secure memory slot"
In short, secured JTAG interface simply protects the debug port, while secure boot protects the code being ran.
For example, many S32K1 applications use a bootloader through serial/UART/CAN, etc. —without secure boot, a new firmware could be installed through these side-channels, even if JTAG is locked. Please refer to the application notes and reference manual for further information.
Best regards,
Julián
09-29-2025
12:32 AM
534 Views
moogambika
Contributor I
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
As per the Flash Security Register (FSEC),
If the FTFC module is unsecured using backdoor key access, the SEC bits are forced to 10b.
Mass Erase Enable Bits -- When the SEC field is set to unsecure, the MEEN setting does not matter.
Question:
- Even if MEEN = 0b10 (mass erase disabled), Once the device is unsecured via backdoor key, mass erase becomes possible?
Note: Production Settings : MEEN = 0b10 - What should be the FSLACC?
Pls mention on the Different settings of FSLACC when MEEN is enabled or disabled, FSEC Sec is Secured or Unsecured?
09-29-2025
03:06 PM
502 Views
Julián_AragónM
NXP TechSupport
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @moogambika,
1. Yes. If you unsecure the chip by backdoor key without resetting the chip, it may be mass erased.
2. The Factory Failure Analysis Access configuration (FSLACC) is only relevant when the part is secure (SEC: 00b or 01b or 11b) and it does not affect MEEN nor KEYEN. This depends on your policy, whether to allow or deny factory access if a return is requested.
Best regards,
Julián
10-07-2025
06:08 AM
378 Views
moogambika
Contributor I
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi @Julián_AragónM ,
Thanks for the response.
We currently have the Bootloader in DFlash and Csec disabled.
Q's:
1.Do we need to enable Csec if Backdoor Key need to be used ?
2.Where will it be stored?
3.How it is related to Security setting and Mass erase setting?
Regards
Moogambika.
10-08-2025
10:28 AM
344 Views
Julián_AragónM
NXP TechSupport
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @moogambika,
1. No. You can refer to this community example: Example S32K144 Verify Backdoor Access Key S32DS1.3 - NXP Community.
2. Inside the FTFC module:
3. I don't understand this question. When S32K144 MCU is secured (SEC bits != 0b10), it can be unsecure using either Mass Erase or Verify Backdoor Access Key command, if they are enabled.
FTFC module contains the flash protection and system security settings. Please refer to chapter 36 from the S32K1 reference manual, and related application notes: AN5401, AN12130, AN11983.
Best regards,
Julián
09-16-2025
05:11 AM
828 Views
moogambika
Contributor I
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thanks for the response.
got a question on the below point.
For example, many S32K1 applications use a bootloader through serial/UART/CAN, etc. —without secure boot, a new firmware could be installed through these side-channels, even if JTAG is locked
-- if the input received via UART is verified before reaching Bootloader, Can Secure boot be excluded ?
09-17-2025
08:29 AM
788 Views
Julián_AragónM
NXP TechSupport
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @moogambika,
Yes, verification through signature or MACs on incoming firmware is okay, as long as the verification code is never bypassed, of course. However, it does not completely replace secure boot.
Keep in mind that implementing secure boot is up to you and your application's requirements.
Best regards
Julián
09-15-2025
04:48 AM
885 Views
moogambika
Contributor I
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For S32K118
