This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

[FAQ] AM3354 GP: JTAG port lock after production line

Part Number: AM3354

Hi there,

I am using the AM3354 CPU.

For cybersecurity, I want the JTAG port to be protected, to avoid others read out our binary code. The CPU can only be full ereased after this protection.

Please tell me how to achieve this. If it is not supported by AM3354, is there any similar way to have this protection?

An application note to show the detailed steps / configuration method will be more helpful.

 

BR,

Wenhai.

  • Remove the JTAG port on the PCB is not a solution, due to we need to have boundary scan for the CPU during PCBA manufacturing through JTAG interface. And other people is easy to get a connector and soldered on the board for debugging.

    If the JTAG protection can through code/register configuration, or through a configuration tool on our production line will be perfect.

  • Hello Wenhai,
    This is one option for your reference:
    - The CONTROL_SEC_TAP register @0x44E1:0180 is not typically used on GP device, but the register is accessible on GP device.
    - The register contains JTAG enable/disable settings for the various JTAG accessible module of the device.
    - At HW POR (Power-On-Reset), Bit 31 is cleared and register writes are enabled. Writing “1” to this bit will disable further writes to the register.
    => JTAG access can be disabled once writing 0x8000:0000 to CONTROL_SEC_TAP, and JTAG access is maintained disabled till next HW POR of the device.

    For example, adding the code snippet in early bootloader code:

    u32 *cmm_regsiter_ptr = (u32 *)0x44E10180;
    *cmm_regsiter_ptr = 0x80000000;

    You'll find discussions on this topic in the following e2e (including boundry scan...)
    e2e.ti.com/.../4014148

    Best,
    -Hong

  • Hi Hong,

    Thank you for the solution. Please help on following questions:

    1. It seems that if immediately connect the JTAG after POR(Power-On-Reset) before execute register writing command, the JTAG is still able to be connected, so somebody can read/write the JTAG port. Is there any way to avoid this?

    2. If in the field, there is something wrong with my device, and the device need to be sent back to our production line for repair, the CPU AM3354 was already implement the register writing command, how can I access to the CPU? Is there any method to full erease the CPU so I can use the JTAG port again?

    BR,

    Wenhai.

  • Hello Wenhai,
    A1.
    The option is setting the register to disable JTAG access @bootloader entry as discussed in the previously referenced e2e post.
    e2e.ti.com/.../4028386
    A2.

    => JTAG access can be disabled once writing 0x8000:0000 to CONTROL_SEC_TAP, and JTAG access is maintained disabled till next HW POR of the device.

    For exam

    => There's no internal SoC non-volatile setting for JTAG lock , instead JTAG lock is configured in your code, i.e. bootloader, for each POR (Power-On-Reset) of the SoC or your board. One option might be re-programming the flash to remove the JTAG lock setting code for RMR process as needed.
    Best,
    -Hong