AnsweredAssumed Answered

JTAG Debugging - Secure JTAG Mode Enabled and Close Configuration

Question asked by jeremyd on Mar 19, 2018
Latest reply on May 2, 2018 by jeremyd

Hello,

Configuration:
i.MX6DL processor - Close Configuration and Secure JTAG Mode enabled.
All burned fuses: TESTER_LOCK = 11 (OP + WP), BOOT_CFG_LOCK = 10 (OP), SJC_RESP_LOCK = 1, SRK_LOCK = 1, SEC_CONFIG = 1, DIR_BT_DIS = 1, JTAG_SMODE = 01 (Secure JTAG mode), SRK_HASH = production keys’ hash, SJC_RESP = xxx and JTAG_HEO = 1

In this configuration our software is running OK, however as soon as we attach our debugger during runtime (Lauterbach Power Debug) successfully according to AN4686 (using DO imx6_attach_secured.cmm ENRESET=OFF) our software stops to run.

The analysis of this issue on our side showed that the CAAM Job Ring 0 Interrupt is constantly triggered after successful attachment. Please note that our software uses the CAAM module and enable these interrupts during start-up. Moreover, clearing (w1c) the JRI bit (JRINTR register) during the execution of the ISR seems to not have effect as shown in the attached picture.

Last observation, the Security Reference manual mentions under "Scan protection":

"The chip includes further scan protection logic for SJC modes where JTAG use is
allowed. This ensures that access to critical security values is protected as follows.
...
Security modules-including CAAM, SNVS, CSU, and OCOTP_CTRL-have
additional scan protection logic to protect sensitive internal data and functionality.
..."

To summarize: 
 Board with i.MX6DL – Open Configuration and Secure JTAG mode Disabled => No issue to debug the board, the SW is still running OK 
 Board with i.MX6DL – Open Configuration and Secure JTAG mode Enabled => No issue to debug the board, the SW is still running OK 
 Board with i.MX6DL – Close Configuration and Secure JTAG mode Enabled => The SW is not running correctly as soon as the debugger

Thank you for support,
Jeremy

Attachments

Outcomes