FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

i.MX8m nano Fuse command to Lock/Disable Jtag

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

i.MX8m nano Fuse command to Lock/Disable Jtag

‎09-09-2024 04:55 AM
292 Views
jeslinpauljoseph
Contributor II

Hi,

We are doing a project based on i.MX8m Nano processor.

We enabled secure boot and locked few of the devices and want to lock Jtag too. Can you help answering below quires,

1. In few devices we already programmed the keys and ran the below command to lock the efuse

fuse prog 1 3 0x02000000

In this case can we disable the Jtag in these boards? If so can you share the steps or the fuse command to do so?

fuse prog 1 3 0xE00000 Will this work here?

2. In the new manufacture board, we need to lock the efuse and also disable the Jtag, for that can we use the below command?

fuse prog 1 3 0x02E00000

3. We tried to figure out the documentation explaining about the fuse registers, bank but we couldn't get proper details, we refer the below documents and links, but couldn't find how exactly the bank, word are mapped. Eg: in the security manual it is mentioned "0x470[21] SJC_DISABLE " But we are doing "fuse prog 1 3" and 32bit value. How these are mapped "470" address is mapped to bank 1 and word 3?

 

"Security Reference Manual for i.MX8M Nano Applications Processor"

Steps to enable secure boot in i.MX8M Nano - NXP Community

"AN4581"

uboot-imx/doc/imx/habv4/guides/mx8m_secure_boot.txt at lf_v2022.04 · nxp-imx/uboot-imx · GitHub

 

0 Kudos
Reply
4 Replies

‎09-11-2024 10:28 PM
230 Views
jeslinpauljoseph
Contributor II

Hi  Alejandro_Salas,

Thanks for the detailed reply. Now I got the answer point #2 and #3. 

Can you help in point #1,

1. In few devices we already programmed the keys and ran the below command to lock the efuse

fuse prog 1 3 0x02000000

In this case can we disable the Jtag in these boards? If so, can you share the steps or the fuse command to do so?

fuse prog 1 3 0xE00000 Will this work here? or since we already lock, it wont be modify? need your inputs.

 

Thanks and Regards,

Jeslin Paul

Tags (2)
0 Kudos
Reply

‎09-17-2024 01:01 PM
200 Views
Alejandro_Salas
NXP TechSupport
NXP TechSupport

Hello, 

 

Following the bit position:

111000000000000000000000  -> 0xE00000

so, the correct command is fuse prog 1 3 0xE00000

 

Remember this operation is not reversible, so, be careful.

 

Best regards,

Salas.

0 Kudos
Reply

‎09-11-2024 01:39 AM
262 Views
jeslinpauljoseph
Contributor II

Can anyone help here?

0 Kudos
Reply

‎09-11-2024 07:59 AM
254 Views
Alejandro_Salas
NXP TechSupport
NXP TechSupport

Hello @jeslinpauljoseph 

 

I hope you are doing well.

 

To identify a fuse on I.MX8MN, you can look at the Fuse address on the table for example Table 5-4 of the security reference Manual(I can not attach it), there is a column called Fuse address, and you are looking for the JTAG_SMODE, that is 0x470.

You can see on Reference manual the OCOTP memory map and all tje addresses are 3035_xxxx, where xxxx is the offset of the Fuse address.

In this case, the fuse you need is 0x470, so:

Alejandro_Salas_0-1726066536859.png

 

You can see the Bank 1 and word 3 are correct.

 

Now you need to modify the 0x470[23:22] (JTAG_MODE) and disable the 0x470[21] (SJC_DISABLE).

Please refer to reference manual to get details of that fuses.

 

Best regards,

Salas.

 

0 Kudos
Reply