- NXP Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- Wireless Connectivity
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- Vigiles
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Home
- :
- i.MX Forums
- :
- i.MX Processors
- :
- for i.MX 6, are the "no debug" JTAG features available in Secure JTAG mode without need for the secret key authentication?
for i.MX 6, are the "no debug" JTAG features available in Secure JTAG mode without need for the secret key authentication?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
for i.MX 6, are the "no debug" JTAG features available in Secure JTAG mode without need for the secret key authentication?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've read the SJC chapter in one or more of the Reference Manuals for i.MX6 series processors, but have not seen this question directly addressed.
It would seem logical that the features described as accessible for "Mode 1: No Debug - Maximum Security" would also be available to "Mode 2: Secure JTAG - High Security", but this is not expressly stated.
In fact, I would just assume that to be the case except the text for Mode 2 states "Any access to JTAG port is being checked."
So,
for i.MX 6, are the "no debug" JTAG features available in Secure JTAG mode without need for the secret key authentication?
Or,
as the cited text for Mode 2 implies, is it true that access to all JTAG features, even those permitted for Mode 1 - No Debug (particularly boundary scan), are required to be enabled using challenge/response based authentication mechanism?
Thanks.
igorpadykov
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Adam
for using secure jtag one can look at AN4686 Configuring Secure JTAG for the i.MX6 Series
https://www.nxp.com/docs/en/application-note/AN4686.pdf
Best regards
igor
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello again, Igor.
Can you confirm that the AN4686 Configuring Secure JTAG for the i.MX6 Series applies to all variants in i.MX 6 Series?
(including those based on Cortex-A7 versus Cortex-A9 and those that include +Cortex-M4)
Is there a similar document for i.MX 7 Series (I could not find one)?
What about i.MX 8 Series?
Thanks,
Adam
igorpadykov
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Adam
yes it is the same for i.MX6,7.
For i.MX8M seems it is also the same, based on
Table 6-47. JTAG Security Level Control Bits i.MX8MDQ Reference Manual
https://www.nxp.com/docs/en/reference-manual/IMX8MDQLQRM.pdf
For other i.MX8 documentation is not yet final and full, suggest to wait for new
Reference Manual revisions, in particular QX,QM use other jtag module: JTAGC
Best regards
igor
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Igor. That reference is quite helpful and much appreciated.
Unfortunately, I find that it remains somewhat vague as to the specific question that I posed.
At any rate, using it as a basis for discussion, it seems to me that it supports the idea that Boundary Scan (as top of the list of "No Debug" JTAG features) is always available on the chip *unless* the SJC_DISABLE fuse is burned.
I consider this-
At the highest level of SJC function, there is the SJC_DISABLE fuse
= if SJC_DISABLE is intact (0), the SJC is enabled == JTAG features are available according to JTAG_SMODE
At the next level of SJC function, there is the JTAG_SMODE fuse pair, of which the MSB appears to be superior
= if both JTAG_SMODE fuses are intact (00), all JTAG features are enabled
= if JTAG_SMODE MSB|LSB fuses are intact|burnt (01), secret key is required to access security-sensitive JTAG features
= if JTAG_SMODE MSB|LSB fuses are burnt (11), only those JTAG features that are *not* security-sensitive are accessible
Since there is no definition for the case where only MSB is burnt, I view it as superior. Begging the question, however, what behavior should I expect for that case:
= if JTAG_SMODE MSB|LSB fuses are burnt|intact (10), ???
And/or, is it even possible to burn the fuses in that way?
Given the understanding that I have described, would it be fair to view the JTAG_SMODE fuses as follows?
MSB = disable access to security-sensitive JTAG features
LSB = require use of secret key for security-sensitive JTAG features
in either event, JTAG features that are *not* security-sensitive are always accessible (unless SJC_DISABLE fuse is burnt)
Thanks,
Adam
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can anyone affirm (or debunk) the any of assertions I've made above??
AND, in particular, can anyone definitively answer these questions:
1. Is Boundary Scan available for all valid JTAG_SMODE settings? [ Yes | No ]
(presuming SJC_DISABLE is intact, of course)
(note: the '10' setting is documented as "Reserved", so need not be considered)
2. Presuming that Boundary Scan is available for JTAG_SMODE=='01' (Mode #2, Secure JTAG), is it required that the challenge/response mechanism be satisfied in order to operate Boundary Scan, or is it always available? [ Yes | No ]
(which questions, though with slightly different phrasing, were also put in the original posting, but remain unanswered)
Thanks,
Adam
