SPRUJC1 April   2024

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Introduction
    1. 1.1 Unlocking JTAG With Jacinto7 Security Enabled Devices
  5. 2Steps to Unlock JTAG for HSM Core With TRACE32
    1. 2.1 Modifying the SCI Client Default Security Board Configuration
      1. 2.1.1 PROCESSOR-SDK-RTOS
      2. 2.1.2 PROCESSOR-SDK-LINUX
    2. 2.2 Building the SCI Client Security Board Configuration
      1. 2.2.1 PROCESSOR-SDK-RTOS
      2. 2.2.2 PROCESSOR-SDK-LINUX
    3. 2.3 Modifying the Secondary Bootloader’s x509 Certificate
      1. 2.3.1 Windows Build Environment
      2. 2.3.2 Ubuntu Build Environment
    4. 2.4 Building the Secondary Bootloader
    5. 2.5 Verifying Secondary Bootloader and TIFS is Executing
    6. 2.6 Creating a Downloadable x509 Certificate With a Debug Extension
    7. 2.7 Execution of TRACE32 Unlock Script
    8. 2.8 Attaching to HSM Core With TRACE32

1.1 Unlocking JTAG With Jacinto7 Security Enabled Devices

Once Jacinto7 silicon transitions to a High Security – Security Enforced device (HS-SE) all security policies are enforced such as secure boot, firewalls engaged, and JTAG is locked. When JTAG access is locked on a HS-SE device there are three ways to unlock JTAG for debugging purposes:

Note: The Jacinto7 ROM Loader does not support the unlocking of JTAG access for the HSM core. This means that is not possible to unlock JTAG with an HS-SE device using the Secondary Bootloader x509 certificate’s debug extension as described in the first bullet listed above. This user guide explicitly describes how to unlock JTAG via JTAG certificate with Lauterbach TRACE32, third bullet listed above.