Enable/Disable JTAG connection programmatically

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
edansanker
Level 1
Level 1
First reply posted First question asked Welcome!

Hi,

We are using the PSOC 6 -  CY8C63x7 Architecture.

We found on it's technical reference manual an possible option to switch on and off the JTAG(DAP) connection.

It can be found on page 136 - 

 

edansanker_0-1634809371311.png

"The second bit, CPUSS_AP_CTL.xxx_ENABLE, is a regular
read/write bit. This bit also resets to zero and is set to ‘1’ by
either the ROM boot code or the flash boot code depending
on the life-cycle stage. This feature can be used to block
debug access during normal operation, but re-enable some
debug access after a successful authentication"

 

1. Is this feature really possible?

2. Is it enabled/disabled only from the bootloader?

3. Is there an option to enable/disable JTAG connection from the user application space?

 

edansanker_1-1634809621692.jpeg

 

 

Appreciate your help!

 

Edan Sanker

Medtronic

 

0 Likes
1 Solution
Rakshith
Moderator
Moderator
Moderator
250 likes received 1000 replies posted 750 replies posted

Hi @edansanker

The CPUSS_AP_CTL is set during the boot process based on the access restrictions. Once the value is read the DAP is either enabled or disabled based on the value before entering the main application. 

If the application edits the CPUSS_AP_CTL register value then the value of the register will be lost on reset and will be again set based on the access restrictions. Therefore the DAP will again be enabled.

I will check internally if we have an example project to modify the Normal Access Restrictions (NAR) through code and provide an update on this thread. However, the recommended method to disable the DAP access to PSoC 6 device is by using the one-time programmable eFuse memory which ensures the highest level of security. 

Thanks and Regards,
Rakshith M B

View solution in original post

0 Likes
4 Replies
Rakshith
Moderator
Moderator
Moderator
250 likes received 1000 replies posted 750 replies posted

Hi @edansanker

The CPUSS_AP_CTL is set during the boot process based on the access restrictions. Once the value is read the DAP is either enabled or disabled based on the value before entering the main application. 

If the application edits the CPUSS_AP_CTL register value then the value of the register will be lost on reset and will be again set based on the access restrictions. Therefore the DAP will again be enabled.

I will check internally if we have an example project to modify the Normal Access Restrictions (NAR) through code and provide an update on this thread. However, the recommended method to disable the DAP access to PSoC 6 device is by using the one-time programmable eFuse memory which ensures the highest level of security. 

Thanks and Regards,
Rakshith M B
0 Likes

Hi Rakshith , Thanks for your support and answer.

 Following your answer I want to make sure we are on the same page:=

1. Enable/Disable the DAP is possible only during the boot process. Do you mean ROM Boot or Flash Boot or both?

2. In case Flash Boot might also change the DAP state (Enabled / Disabled) Can the SW developer might develop his own implementation of the Flash Boot and control the DAP configuration dynamically (on the fly during  boot time)?

3. Do you recommend Enabling/Disabling the DAP connection dynamically based on a SW flag?

Thanks again for your support.

Edan Sanker,

Medtronic

0 Likes

@Rakshith  Can you please elaborate more what is the recommended method for manipulating the eFUSE bits?

Is it using the "Cypress Programmer"?

Is it using a dedicated applicative API to change its setting?

Thanks for your support!

Edan Sanker,

Medtronic

 

0 Likes
Rakshith
Moderator
Moderator
Moderator
250 likes received 1000 replies posted 750 replies posted

Hi Edan, 

DAP is enabled in the Flash Boot but Flash Boot cannot be changed to enable the functionality. Flash Boot is also included in the Factory Hash which is validated before Flash Boot code is executed. 

I checked with the internal team and they mentioned that it is not possible to update the Normal Access Restrictions using firmware. 

Thanks and Regards,
Rakshith M B
0 Likes