hello,我们现在用的pdk软件是7.3版本的,现在项目上有功能安全需求,需要jtag能够加锁和解锁,请问ti有没有现成的方案。
This thread has been locked.
If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.
您好,
以下是工程的回复:
In this doc, https://www.ti.com/lit/an/spracs4/spracs4.pdf ----> Please check page no :4, 5 and so on.
---
For external debuggers, there seems to be options in CCS version 10.
The TI recommended external emulator seems to be this one - TMDSEMU560V2STM-U — XDS560 software v2 system trace USB debug probe
I doubt anybody in "TI" would have lauterbach to check and tell you... as the tda4VM has onboard emulator, that too XDS110.
--
So, let me ask you to connect lauterbach, launch target configuration and check the above said options in CCS..
--
In general, for TDA4VM device, this is the only TRM for emulation and debuggers:- https://www.ti.com/lit/ug/spru655i/spru655i.pdf
--
As far I know, no option available in PDK to lock external emulators.
--
Some suggestions here :-
1. one of the TIers suggested this way: - https://e2e.ti.com/support/microcontrollers/arm-based-microcontrollers-group/arm-based-microcontrollers/f/arm-based-microcontrollers-forum/343078/how-to-permanently-lock-jtag/1198984#1198984
The only sure shot method is to use the BOOTCFG register to lock the JTAG interface and on the board ensure that the JTAG Pins are connected to GND.
我从文档里找到一章内容,似乎有软件方法可以控制jtag解锁。https://downloads.ti.com/tisci/esd/latest/6_topic_user_guides/secure_debug.html
我更倾向于能够用TISCI API的方式实现功能,
The debug unlock certificate can be supplied to System Firmware via the TISCI_MSG_OPEN_DEBUG_FWLS - Open Debug Firewalls message. The debug unlock certificate must first be placed in memory. The physical address of the certificate is passed as a part of the TISCI message. System Firmware validates the certificate and its contents. If the checks pass, System Firmware performs debug unlock.
This procedure can be used when if JTAG debugger is unable to supply the unlock certificate over the JTAG interface.
这个有demo吗?
您好,
以下是工程师的回复:
I have forwarded your query to the right expert on high security devices.
To try this API and test, I do not have any high security devices in hand.
Delay may be due to thanks giving holidays..
Thanks for your patience,
您好,
以下是工程师的回复:
OK, Which HS device ? HS-FS or HS-SE
Read about the difference here: Developing with High Security Devices
As you noted in the above developer note: On HS-FS device, when the customer burns the customer keys into the device eFuses using the OTP keywriter (separate overlay package)., This action will transition the device to an HS-SE device.
On HS-SE device, the JTAGs are fully locked.
There is provision to lock- unlock JTAG from software, please refer software-dl.ti.com/.../secure_debug.html