SPRACS4 June   2020 TMS320F2800132 , TMS320F2800133 , TMS320F2800135 , TMS320F2800137 , TMS320F2800152-Q1 , TMS320F2800153-Q1 , TMS320F2800154-Q1 , TMS320F2800155 , TMS320F2800155-Q1 , TMS320F2800156-Q1 , TMS320F2800157 , TMS320F2800157-Q1 , TMS320F28384D , TMS320F28384D-Q1 , TMS320F28384S , TMS320F28384S-Q1 , TMS320F28386D , TMS320F28386D-Q1 , TMS320F28386S , TMS320F28386S-Q1 , TMS320F28388D , TMS320F28388S , TMS320F28P650DH , TMS320F28P650DK , TMS320F28P650SH , TMS320F28P650SK , TMS320F28P659DK-Q1

 

  1.   Enhancing Device Security by Using JTAGLOCK Feature
    1.     Trademarks
    2. 1 Security Feature on C2000 Device
    3. 2 JTAGLOCK Feature
      1. 2.1 Z1OTP_JLM_ENABLE
      2. 2.2 JTAG Password
        1. 2.2.1 Z1OTP_JTAGPSWDHx
        2. 2.2.2 Z1OTP_JTAGPSWDLx
    4. 3 Enabling JTAGLOCK
      1. 3.1 CCS Flash Plug-in GUI
      2. 3.2 Security Configuration Embedded in .out File
    5. 4 Disabling JTAGLOCK
      1. 4.1 Target Configuration (.ccxml) File
    6. 5 Permanent JTAGLOCK
    7. 6 References

2 JTAGLOCK Feature

All C2000 devices have a JTAG interface, which is used for debugging the device via debug tools like Code Composer Studio (CCS). The Dual Code Security Module (DCSM) on C2000 device provides a clean method to debug one secure zone while maintaining the security barrier around the other zone, as well as allowing a slight lowering of the barrier to debug the two zones together. However, there are times where the flexibility of debugging is not as important as strengthening the barrier around firmware. Hence user may want to disable any debug access to the device. In the security world, strengthening comes in the form of layering. The JTAGLOCK feature provides this additional layer by blocking JTAG (debugger) access to the device entirely. User can enable the JTAGLOCK feature by programming the USER OTP appropriately. In addition to 128-bit CSM password, another 128-bit JTAG password has been added to security configuration to enable/disable the JTAGLOCK feature. Thus, JTAGLOCK essentially puts another hedge around the device firmware, overlaying on top of the base DCSM architecture.

Table 1. JTAGLOCK Mode

JTAGLOCK Mode Description
JTAGLOCK Enable JTAG access to all the CPU is blocked. Debug tool like CCS cannot connect to device.
JTAGLOCK Disable JTAG access to all the CPU is allowed. Debug tool like CCS can connect to any CPU based on other security configuration.

NOTE

Although JTAGLOCK is available without using the base DCSM security, for highest security it is recommended that both be enabled. To enable the base DCSM security and lock the zones, you must program a 128-bit CSM password along with other security configuration into the USER OTP as per the device-specific Technical Reference Manual.