FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

RT117x: secure JTAG and reset command in JLink console

cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 

RT117x: secure JTAG and reset command in JLink console

‎10-28-2024 02:46 AM
615 Views
mastupristi
Senior Contributor I

Hi,

I followed AN13133, and I can connect to my board RT1170 EVK successfully.

However, when I try to reset something doesn't work.

mastupristi_0-1730107997858.png

I assumed that the reset also resets the secure session, in fact trying to reconnect immediately afterwards the session restarts.

so I tried to modify the script like this:

void challengResponse(void)
{
	int v;
	int Key0;
	int Key1;
	int Key2;
	int Key3;
	// Secure response stored @ [0xcb0-0xce0] in eFUSE region (OTP memory)
	Key0 = 0x12345678;
	Key1 = 0xabcdef21;
	Key2 = 0x11223344;
	Key3 = 0xa1b2c3d4;
	JLINK_CORESIGHT_Configure("IRPre=0;DRPre=0;IRPost=0;DRPost=0;IRLenDevice=4");
	CPU = CORTEX_M7;
	JLINK_SYS_Sleep(100);
	JLINK_JTAG_WriteIR(0x9); // Output Challenge instruction
	// Readback Challenge, Shift 64 dummy bits on TDI
	JLINK_JTAG_StartDR();
	JLINK_SYS_Report("Reading Challenge ID....");
	// 32-bit dummy write on TDI / read 32 bits on TDO
	JLINK_JTAG_WriteDRCont(0xffffffff, 32);
	v = JLINK_JTAG_GetU32(0);
	JLINK_SYS_Report1("Challenge UUID0:", v);
	JLINK_JTAG_WriteDREnd(0xffffffff, 32);
	v = JLINK_JTAG_GetU32(0);
	JLINK_SYS_Report1("Challenge UUID1:", v);
	JLINK_JTAG_WriteIR(0x1); // Output Response instruction
	JLINK_JTAG_StartDR();
	JLINK_JTAG_WriteDRCont(Key0, 32);
	JLINK_JTAG_WriteDRCont(Key1, 32);
	JLINK_JTAG_WriteDRCont(Key2, 32);
	JLINK_JTAG_WriteDREnd(Key3, 32);
}

int InitTarget(void)
{
	challengResponse();
	return 0;
}

int AfterResetTarget (void)
{
	challengResponse();
	return 0;
}

I used the `AfterResetTarget()` function because I did not imagine having to reconnect with Challeng/Response after reset. I considered using the `ResetTarget()` function instead, but I don't know exactly what steps I need to take.

mastupristi_1-1730108583925.png

at the end it reconnects, but I always have a lot of error messages.

I would like to know from you what is the correct way to do it in the JLink script. How should it be modified to be reliably used in a “real” debugging session?

 

best regards

Max

 

0 Kudos
Reply
3 Replies

‎11-21-2024 07:39 AM
508 Views
mastupristi
Senior Contributor I

Hi,

using the following script seems to work

void challengResponse(void)
{
	int v;
	int Key0;
	int Key1;
	int Key2;
	int Key3;
	// Secure response stored @ [0xcb0-0xce0] in eFUSE region (OTP memory)
	Key0 = 0x12345678;
	Key1 = 0xabcdef21;
	Key2 = 0x11223344;
	Key3 = 0xa1b2c3d4;
	JLINK_CORESIGHT_Configure("IRPre=0;DRPre=0;IRPost=0;DRPost=0;IRLenDevice=4");
	CPU = CORTEX_M7;
	JLINK_SYS_Sleep(100);
	JLINK_JTAG_WriteIR(0x9); // Output Challenge instruction
	// Readback Challenge, Shift 64 dummy bits on TDI
	JLINK_JTAG_StartDR();
	JLINK_SYS_Report("Reading Challenge ID....");
	// 32-bit dummy write on TDI / read 32 bits on TDO
	JLINK_JTAG_WriteDRCont(0xffffffff, 32);
	v = JLINK_JTAG_GetU32(0);
	JLINK_SYS_Report1("Challenge UUID0:", v);
	JLINK_JTAG_WriteDREnd(0xffffffff, 32);
	v = JLINK_JTAG_GetU32(0);
	JLINK_SYS_Report1("Challenge UUID1:", v);
	JLINK_JTAG_WriteIR(0x1); // Output Response instruction
	JLINK_JTAG_StartDR();
	JLINK_JTAG_WriteDRCont(Key0, 32);
	JLINK_JTAG_WriteDRCont(Key1, 32);
	JLINK_JTAG_WriteDRCont(Key2, 32);
	JLINK_JTAG_WriteDREnd(Key3, 32);
}

int InitTarget(void)
{
	challengResponse();
	return 0;
}

int ResetTarget(void)
{
    JLINK_SYS_Report("Resetting target...");
    JLINK_JTAG_Reset();
    JLINK_SYS_Sleep(200);
    challengResponse();
    return 0;
}

can you confirm that this is correct and has no drawbacks?

Also in the application note I read this:

mastupristi_0-1732199563705.png

  • Can you clarify this sentence for me?
  • Meanwhile, I would need a clear definition of factory manufacturing and development in relation to secure JTAG.
  • What operations are expected to be performed normally with standard JTAG in the two scenarios?
  • What are the disadvantages of using SJTAG in development?

best regards

Max

0 Kudos
Reply

‎01-10-2025 11:34 AM
327 Views
diego_charles
NXP TechSupport
NXP TechSupport

Hi @mastupristi 

I hope to find you well.

I do apologize for the delayed response, I am currently checking internally, along the application note author, regarding your inquiries. 

Thank you

Diego

0 Kudos
Reply

a month ago
187 Views
diego_charles
NXP TechSupport
NXP TechSupport

Hi @mastupristi 

Thank you very much for your patience. 

Regarding - The sentence highligthed in yellow. 

diego_charles_0-1739383298662.png

The goal of this statement it is simply say that  is not recommended to enable secure JTAG during development,  and instead can be carried on during final device production stage. This is the same recommendation to other security features like HAB. As closing the device makes debug and development more complicated.

Regarding - a clear definition of factory manufacturing and development in relation to secure JTAG

According to the answer from above, secure JTAG is not considered/recommended during development by us. So we do not have a definition involving the three terms.

Regarding What operations are expected to be performed normally with standard JTAG in the two scenarios?

The jtag functionality does not change, what changes is the access. With secure jtag you have to go through debug authentication. 

 What are the disadvantages of using SJTAG in development?

Having to deal with debug authentication, is the disadvantage we foresee for customers. Do you have any further input from your development stage?

We do not have further comments on the script that you developed. Let me know if you are still facing issues or if you are still having commets regarding this topic. 

Thank you very much.

Diego

0 Kudos
Reply