Disable Communication/Serial/JTAG ports

Nikhil_Dhameliya · ‎06-24-2022

Hi Team,

I am using NXP MIMXRT1064xx controller and I need to use protect/disable JTAG/Serial/Communication ports for security purpose.

So can you please guide me or suggest any way/s to do the same?

Regards,

Nikhil Dhameliya

kerryzhou · ‎06-27-2022

Hi @Nikhil_Dhameliya ,

Thank you for your updated information.

You may misunderstand the fuse function, fuse, just can modify from 0 to 1, if you burn it, it can't be back any more to this chip.

Answer your questions:

SJC_DISABLE Fuse : 0 - JTAG is enabled, 1 - JTAG is disabled
- Can we DISABLE JTAG by burning this eFuse using NXP MCU Boot Utility and again ENABLE?

=>Answer: After it is 1, no longer modify it back to 0 anymore. It is the fuse bit feature.

What is the purpose of JTAG_HEO eFuse? Can it re-enable JTAG after disabled previously?

=>Answer: If you don't use the secure, don't need to care about it when you just want to use the JTAG enable or not. as it is used for the HAB.

I am using NXP MIMXRT1064xxxxA processor so same document and script is valid for this processor as well?

=>Answer: yes, RT1064 is the same, you can use it. But please make sure you need to use the secure JTAG or not, if just the JTAG/SWD switch or disable, you don't need to totally follow the AN with secure.

Wish it helps you!

Best Regards,

Kerry

View solution in original post

Nikhil_Dhameliya · ‎07-08-2022

Hi @kerryzhou ,

Is it possible to disable debug access from application code and then it can be enable when flash is fully erased from programming device(PEMICRO's external utility) as client don't want to opt for Secure JTAG/Permanently disable JTAG access?

Please suggest a way if any.

Thanks and Regards,

Nikhil Dhameliya

kerryzhou · ‎07-10-2022

Hi @Nikhil_Dhameliya ,

Debug interface disable need to use the fuse to disable it, but as you know, the fuse just can modify from 0 to 1, and can't back.

So, if you use the fuse to disable the debug interface, then you can't open it.

Best Regards,

Kerry

kerryzhou · ‎06-26-2022

Hi @Nikhil_Dhameliya ,

Please check the following application note, it will help you understand the JTAG interface:

https://www.nxp.com/docs/en/application-note/AN12419.pdf

https://www.nxp.com/docs/en/application-note-software/AN12419SW.zip

You need to modify the fuse bit, the application note already list, please note, when you operate it, do it carefully, as the fuse bit just can be modified from 0 to 1, can't be back.

Wish it helps you!

Best Regards,

Kerry

Nikhil_Dhameliya · ‎06-27-2022

Hi @kerryzhou ,

Thanks for a quick response and providing AN and Scripts.

I have below queries still so can you please answer those as my purpose is to ENABLE and DISABLE JTAG as per need(Not permanently enable or disable).

SJC_DISABLE Fuse : 0 - JTAG is enabled, 1 - JTAG is disabled
- Can we DISABLE JTAG by burning this eFuse using NXP MCU Boot Utility and again ENABLE?
What is the purpose of JTAG_HEO eFuse? Can it re-enable JTAG after disabled previously?
I am using NXP MIMXRT1064xxxxA processor so same document and script is valid for this processor as well?

Regards,

Nikhil Dhameliya

kerryzhou · ‎06-27-2022

Hi @Nikhil_Dhameliya ,

Thank you for your updated information.

You may misunderstand the fuse function, fuse, just can modify from 0 to 1, if you burn it, it can't be back any more to this chip.

Answer your questions:

SJC_DISABLE Fuse : 0 - JTAG is enabled, 1 - JTAG is disabled
- Can we DISABLE JTAG by burning this eFuse using NXP MCU Boot Utility and again ENABLE?

=>Answer: After it is 1, no longer modify it back to 0 anymore. It is the fuse bit feature.

What is the purpose of JTAG_HEO eFuse? Can it re-enable JTAG after disabled previously?

=>Answer: If you don't use the secure, don't need to care about it when you just want to use the JTAG enable or not. as it is used for the HAB.

I am using NXP MIMXRT1064xxxxA processor so same document and script is valid for this processor as well?

=>Answer: yes, RT1064 is the same, you can use it. But please make sure you need to use the secure JTAG or not, if just the JTAG/SWD switch or disable, you don't need to totally follow the AN with secure.

Wish it helps you!

Best Regards,

Kerry

Nikhil_Dhameliya · ‎06-28-2022

Hi @kerryzhou ,

Thanks a lot for answering all my queries.

From this I got to know that once JTAG is disabled, can't be enabled again (Fuse configuration Value can be modified from 0 to 1 only and 1 to 0 transition is not possible)

One more question:

Is there any way in NXP MIMXRT1064xxxxA MCU to secure the debug port, so that "any unwanted third party can not read the data from flash before they erase the whole flash"?

Best Regards,

Nikhil Dhameliya

kerryzhou · ‎06-28-2022

Hi @Nikhil_Dhameliya ,

Yes, you can use the secure JTAG(AN12419), as you know, it needs the key to access the JTAG, if you don't share it with others, then others can't access the chip through the JTAG.

Wish it helps you!
Best Regards,

Kerry

Nikhil_Dhameliya · ‎06-29-2022

Hi @kerryzhou ,

Thanks a lot for suggesting way to use SECURE JTAG feature.

I am using "PE micro cyclone " external Debugger device for debugging purpose.

So can you please share any reference note on how to use SECURE JTAG feature between NXP MIMXRT1064 MCU and "PE micro cyclone debugger " as AN12419 only specifies the functionality for "JLINK Debugger"?

Regards,

Nikhil Dhameliya