Disable Communication/Serial/JTAG ports

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Disable Communication/Serial/JTAG ports

Jump to solution
2,663 Views
Nikhil_Dhameliya
Contributor II

Hi Team,

I am using NXP MIMXRT1064xx controller and I need to use protect/disable JTAG/Serial/Communication ports for security purpose.

So can you please guide me or suggest any way/s to do the same?

Regards,

Nikhil Dhameliya

0 Kudos
1 Solution
2,644 Views
kerryzhou
NXP TechSupport
NXP TechSupport

Hi @Nikhil_Dhameliya ,

  Thank you for your updated information.

  You may misunderstand the fuse function, fuse, just can modify from 0 to 1, if you burn it, it can't be back any more to this chip.

  Answer your questions:

  • SJC_DISABLE Fuse : 0 - JTAG is enabled, 1 - JTAG is disabled
    • Can we DISABLE JTAG by burning this eFuse using NXP MCU Boot Utility and again ENABLE?

=>Answer: After it is 1, no longer modify it back to 0 anymore. It is the fuse bit feature.

  • What is the purpose of JTAG_HEO eFuse? Can it re-enable JTAG after disabled previously?

=>Answer:  If you don't use the secure, don't need to care about it when you just want to use the JTAG enable or not. as it is used for the HAB.

kerryzhou_0-1656389857075.png

 

  • I am using NXP MIMXRT1064xxxxA processor so same document and script is valid for this processor as well?

=>Answer: yes, RT1064 is the same, you can use it. But please make sure you need to use the secure JTAG or not, if just the JTAG/SWD switch or disable, you don't need to totally follow the AN with secure.

 

Wish it helps you!

Best Regards,

Kerry

View solution in original post

0 Kudos
12 Replies
2,557 Views
Nikhil_Dhameliya
Contributor II

Hi @kerryzhou ,

Is it possible to disable debug access from application code and then it can be enable when flash is fully erased from programming device(PEMICRO's external utility) as client don't want to opt for Secure JTAG/Permanently disable JTAG access?

Please suggest a way if any.

Thanks and Regards,

Nikhil Dhameliya

0 Kudos
2,510 Views
kerryzhou
NXP TechSupport
NXP TechSupport

Hi @Nikhil_Dhameliya ,

   Debug interface disable need to use the fuse to disable it, but as you know, the fuse just can modify from 0 to 1, and can't back.

  So, if you use the fuse to disable the debug interface, then you can't open it.

 

Best Regards,

Kerry

0 Kudos
2,652 Views
kerryzhou
NXP TechSupport
NXP TechSupport

Hi @Nikhil_Dhameliya ,

   Please check the following application note, it will help you understand the JTAG interface:

    https://www.nxp.com/docs/en/application-note/AN12419.pdf

https://www.nxp.com/docs/en/application-note-software/AN12419SW.zip

  You need to modify the fuse bit, the application note already list, please note, when you operate it, do it carefully, as the fuse bit just can be modified from 0 to 1, can't be back.

Wish it helps you!

Best Regards,

Kerry

0 Kudos
2,648 Views
Nikhil_Dhameliya
Contributor II

Hi @kerryzhou ,

Thanks for a quick response and providing AN and Scripts.

I have below queries still so can you please answer those as my purpose is to ENABLE and DISABLE JTAG as per need(Not permanently enable or disable).

  1. SJC_DISABLE Fuse : 0 - JTAG is enabled, 1 - JTAG is disabled
    • Can we DISABLE JTAG by burning this eFuse using NXP MCU Boot Utility and again ENABLE?
  2. What is the purpose of JTAG_HEO eFuse? Can it re-enable JTAG after disabled previously?
  3. I am using NXP MIMXRT1064xxxxA processor so same document and script is valid for this processor as well?

Regards,

Nikhil Dhameliya

0 Kudos
2,645 Views
kerryzhou
NXP TechSupport
NXP TechSupport

Hi @Nikhil_Dhameliya ,

  Thank you for your updated information.

  You may misunderstand the fuse function, fuse, just can modify from 0 to 1, if you burn it, it can't be back any more to this chip.

  Answer your questions:

  • SJC_DISABLE Fuse : 0 - JTAG is enabled, 1 - JTAG is disabled
    • Can we DISABLE JTAG by burning this eFuse using NXP MCU Boot Utility and again ENABLE?

=>Answer: After it is 1, no longer modify it back to 0 anymore. It is the fuse bit feature.

  • What is the purpose of JTAG_HEO eFuse? Can it re-enable JTAG after disabled previously?

=>Answer:  If you don't use the secure, don't need to care about it when you just want to use the JTAG enable or not. as it is used for the HAB.

kerryzhou_0-1656389857075.png

 

  • I am using NXP MIMXRT1064xxxxA processor so same document and script is valid for this processor as well?

=>Answer: yes, RT1064 is the same, you can use it. But please make sure you need to use the secure JTAG or not, if just the JTAG/SWD switch or disable, you don't need to totally follow the AN with secure.

 

Wish it helps you!

Best Regards,

Kerry

0 Kudos
2,640 Views
Nikhil_Dhameliya
Contributor II

Hi @kerryzhou ,

Thanks a lot for answering all my queries.

From this I got to know that once JTAG is disabled, can't be enabled again (Fuse configuration Value can be modified from 0 to 1 only and 1 to 0 transition is not possible)

One more question:

  • Is there any way in NXP MIMXRT1064xxxxA MCU to secure the debug port, so that "any unwanted third party can not read the data from flash before they erase the whole flash"?

 

Best Regards,

Nikhil Dhameliya

0 Kudos
2,630 Views
kerryzhou
NXP TechSupport
NXP TechSupport

Hi @Nikhil_Dhameliya ,

   Yes, you can use the secure JTAG(AN12419), as you know, it needs the key to access the JTAG, if you don't share it with others, then others can't access the chip through the JTAG.

  Wish it helps you!
Best Regards,

Kerry

0 Kudos
2,626 Views
Nikhil_Dhameliya
Contributor II

Hi @kerryzhou ,

Thanks a lot for suggesting way to use SECURE JTAG feature.

I am using "PE micro cyclone " external Debugger device for debugging purpose.

So can you please share any reference note on how to use SECURE JTAG feature between NXP MIMXRT1064 MCU and "PE micro cyclone debugger "  as AN12419 only specifies the functionality for "JLINK Debugger"?

Regards,

Nikhil Dhameliya

0 Kudos
2,621 Views
kerryzhou
NXP TechSupport
NXP TechSupport

Hi @Nikhil_Dhameliya ,

   Sorry, NXP still don't have the PE micro secure JTAG examples.

   It should modify the related debugger script, maybe you can contact with P&E micro side, they will be more familiar with their debugger script files.

   Thanks a lot for your understanding.

Best Regards,

kerry

0 Kudos
2,619 Views
Nikhil_Dhameliya
Contributor II

Hi @kerryzhou ,

I have checked on PE site and found below link:

Production Programming NXP i.MX RT10xx devices with Secure Boot (pemicro.com)

Can you please check and let me know that Secure JTAG feature is supported in NXP MCU using PE debugger or not?

Regards,

Nikhil Dhameliya

0 Kudos
2,612 Views
kerryzhou
NXP TechSupport
NXP TechSupport

Hi @Nikhil_Dhameliya ,

  From your link, chapter 3 Restricting JTAG Access with a Password is the secure JTAG.

  I think, for the details, eg, normal PEmicro debug Multilink, please check with the PE side:

  https://www.pemicro.com/support/index.cfm

  They will be more familiar with their tools and the script.

 

Best Regards,

Kerry

0 Kudos
2,607 Views
Nikhil_Dhameliya
Contributor II

Hi @kerryzhou ,

Thanks for a such great help.

I had got all information required for Securing JTAG of NXP MCU.

Regards,

Nikhil Dhameliya