1 Introduction

This document describes how the Secure JTAG on the i.MX RT10xx MCU family can be used.

The i.MX RT series System JTAG Controller (SJC) provides a possibility to regulate the JTAG access. The three JTAG security modes are available in the i.MX RT series:

- No Debug mode—Maximum security is provided in this mode. All security-sensitive JTAG features are permanently blocked, preventing any debug.
- Secure JTAG mode—High security is provided in this mode. Secret key-based challenge/response authentication mechanism is used for JTAG access.
- JTAG Enabled mode—Low security is provided in this mode. It is the default mode of operation for the SJC.

Moreover, you can also fully disable the SJC functionality. For configuration of these JTAG modes, One Time Programmable (OTP) eFuses are used and burned after packaging. The fuse burning process is irreversible. It is impossible to revert the fuse back to the unburned state. To explain, Secure JTAG mode is used in this document. The aim is to allow return/field testing. Authorized reactivation of the JTAG port is allowed in this mode. On the HW side, JTAG signals must be routed out and accessible in the application.

2 i.MX RT10xx Secure JTAG support

JTAG access is limited in the Secure JTAG mode by using a challenge/response-based authentication. Any access to JTAG port is internally checked. Only the devices authorized for debugging (with the right response) can access the JTAG port, otherwise JTAG access is denied. The external debugger tools (such as SEGGER J-Link, Lauterbach Trace32, Arm RVDS/DS5, etc.) supporting the challenge/response-based authentication mechanism can be used. The secure JTAG mode is typically enabled in the factory manufacturing and not used during the development.

2.1 How to put the chip in Secure JTAG mode

The Secure JTAG feature is only available in the SJC mode, and can be selected by JTAG_Mod input pin (GPIO_AD_B0_08). To enable the SJC mode, the pin must be connected to log.1, which means that the Secure JTAG is unavailable in the CM7 DAP mode.
Table 1. JTAG_MOD pin settings

<table>
<thead>
<tr>
<th>Signal</th>
<th>Description</th>
<th>Pad</th>
<th>Mode</th>
<th>Direction</th>
</tr>
</thead>
<tbody>
<tr>
<td>JTAG_MOD</td>
<td>SJC mode selection. This pin is sampled at TRST reset to determine two possible modes for the TAP connection configuration.</td>
<td>GPIO_AD_B0_08</td>
<td>ALT0</td>
<td>IO</td>
</tr>
</tbody>
</table>

Figure 1. JTAG_MODE pin configuration

2.2 i.MX RT SJC Security Modes

The i.MX RT10xx System JTAG Controller (SJC) supports three different security modes. JTAG enabled is the default mode of operation for SJC. The user can select the Secure JTAG mode by programming a value 0x1 to the eFuse labeled JTAG_SMODE, described in Table 2. eFuses associated with the Secure JTAG feature on page 3. The eFuse has the default value 0x0, which means that the JTAG controller is unsecured by default. Further details on eFuses are available in the Fusemap and On-Chip OTP Controller (OCOTP_CTRL) chapters in the appropriate SRM_RT10xx Security Reference Manual for the i.MX RT1050 available at www.nxp.com upon a request.

To lock and prevent further modification to the JTAG_SMODE eFuse, the user should program the BOOT_CFG_LOCK eFuses in addition to programming the JTAG_SMODE eFuse.

NOTE

Programming these fuses disables access to functions and JTAG Security Mode fuse bits. Users should ensure that it is programmed last, once the final fuse configuration has been decided. At a minimum, setting the fuse to Override Protect (OP) mode is recommended.
<table>
<thead>
<tr>
<th>Addr[bits]</th>
<th>Fuse Name</th>
<th>Fuse Function</th>
<th>Settings</th>
<th>Locked By</th>
</tr>
</thead>
<tbody>
<tr>
<td>0x460[26]</td>
<td>KTE</td>
<td>Kill Trace Enable. Enables tracing capability on ETM, and other modules</td>
<td>0 - Bus tracing is allowed</td>
<td>BOOT_CFG_LOCK</td>
</tr>
<tr>
<td></td>
<td></td>
<td></td>
<td>1 - Bus tracing is allowed in case security state as defined by Secure JTAG allows it (for example, JTAG_ENABLE or NO_DEBUG)</td>
<td></td>
</tr>
<tr>
<td>0x460[23:22]</td>
<td>JTAG_SMODE_E[1:0]</td>
<td>JTAG Security Mode. Controls the security mode of the JTAG debug interface</td>
<td>00 - JTAG enable mode (Default)</td>
<td>BOOT_CFG_LOCK</td>
</tr>
<tr>
<td></td>
<td></td>
<td></td>
<td>01 - Secure JTAG mode</td>
<td></td>
</tr>
<tr>
<td></td>
<td></td>
<td></td>
<td>11 - No debug mode</td>
<td></td>
</tr>
<tr>
<td>0x460[20]</td>
<td>SJC_DISABLE</td>
<td>Additional JTAG mode with the highest level of JTAG protection, thereby overriding the JTAG_SMODE eFuses. In this mode all JTAG features are disabled including Secure JTAG and Boundary Scan</td>
<td>0 - JTAG is enabled</td>
<td>BOOT_CFG_LOCK</td>
</tr>
<tr>
<td></td>
<td></td>
<td></td>
<td>1 - JTAG is disabled</td>
<td></td>
</tr>
<tr>
<td>0x460[19]</td>
<td>DAP_SJC_SW_D_SEL</td>
<td>Control DAP works in JTAG or SWD mode</td>
<td>0 - DAP works in SWD mode</td>
<td>BOOT_CFG_LOCK</td>
</tr>
<tr>
<td></td>
<td></td>
<td></td>
<td>1 - DAP works in JTAG mode</td>
<td></td>
</tr>
<tr>
<td>0x400[3:2]</td>
<td>BOOT_CFG_L OCK[1:0]</td>
<td>Perform lock protection on BOOT-related fuses. This fuse locks numerous functions including JTAG_SMODE</td>
<td>00 - Unlock</td>
<td>N/A</td>
</tr>
<tr>
<td></td>
<td></td>
<td></td>
<td>1x - Override Protect (OP)</td>
<td></td>
</tr>
<tr>
<td></td>
<td></td>
<td></td>
<td>x1 - Write Protect (WP)</td>
<td></td>
</tr>
<tr>
<td></td>
<td></td>
<td></td>
<td>11 - Both OP and WP</td>
<td></td>
</tr>
<tr>
<td>0x400[6]</td>
<td>SJC_RESP_LOCK</td>
<td>SJC response lock</td>
<td>0 - Unlock</td>
<td></td>
</tr>
<tr>
<td></td>
<td></td>
<td></td>
<td>1 - Lock (WP,OP,RP, sense)</td>
<td></td>
</tr>
<tr>
<td>0x600</td>
<td>SJC_RESP[55:0]</td>
<td>Response reference value for the secure JTAG controller</td>
<td></td>
<td></td>
</tr>
</tbody>
</table>
The level of security cannot be reduced but only increased. Since debug modes are controlled by OTP (Hardware fuses), bits can only be blown once.

For example, following mode changes are possible:

- “JTAG Enabled” to “Secure JTAG”
- “Secure JTAG” to “No debug”

### 2.2.1 Secure JTAG eFuses

The challenge/response mechanism used to authenticate the JTAG accesses uses a challenge value and the associated secret response key. The keys are stored in eFuses inside the IC. The i.MX RT1050 series eFuses used to store the challenge value and the secret response key are listed below:

- The challenge value is the “Device Unique ID” which is programmed into the eFuses. This Device ID is unique for each IC and can be read from the OCOTP registers HW_OCOTP_CFG0 and HW_OCOTP_CFG1. The eFuses are programmed during manufacturing.

- The user program the secret response key (56 bits) into the eFuses marked SJC_RESP.

- KTE fuse need to be programmed to have JTAG secure mode work. Each POR only allows one-time response code input. If the response code is incorrect, the chip must have a POR reset before user can try another response code. POR clears sensitive data except SNVS domain.

After programming the secret response key, the user must disable the ability of software running on the Arm core to read or overwrite the response key. This is done by programming a 0x1 to the associated lock eFuse HW_OCOTP_LOCK_SJC_RESP. The definition of the response value is left to the user. The Arm core cannot read the value once the response fuse field is provisioned and locked.

### 2.2.2 Secure JTAG debug authentication protocol

When the SJC is in Secure Debug mode, the authentication process is as follows:

1. JTAG shifts the challenge key through the Test Data Output (TDO) chain.
2. On the host side, the debug tool takes the challenge key as an input and generates the expected response key.
3. The associated response key is shifted back through the Test Data Input (TDI) chain.
4. The SJC compares the expected internal fused response key with the one shifted in and enables the JTAG access only if it matches.

#### NOTE

Any device reset after JTAG access authorization shifts the JTAG controller back to its locked state.

Figure 2, on page 5 shows how the challenge/response mechanism works with the JTAG tools.
The JTAG debug tool passes the retrieved challenge key to the user’s application and gets the associated response key in return. The management of the challenge/response pairs is user-dependent and not handled by NXP or the debug tool vendors. Key management is discussed further in Secret response key approaches on page 5.

### 2.3 SJC disable fuse

In addition to the various JTAG security modes implemented internally in the SJC, there is an option to disable the SJC functionality with the SJC_DISABLE eFuse. This eFuse creates an additional JTAG mode, JTAG Disabled with the highest level of JTAG protection, overriding the JTAG_SMODE eFuses. In this mode all JTAG features are disabled, including Secure JTAG and Boundary Scan; users must ensure that this fuse is not blown if they wish to use the Secure JTAG functionality.

### 3 Secret response key approaches

For every challenge value (“Device Unique ID” in i.MX RT10xx) that is retrieved with a JTAG instruction, there is an associated secret response key known only by the user. The JTAG tool vendor only handles the JTAG mechanism used by this authentication.
process, and does not know the secret response key value programmed into the eFuses. It is left to the user to determine the level of protection that is put in place.

The following are policies for secret response key management by the user application.

1. Identical Response Keys — The same response key is used for each chip. The user can choose a response key that is fused in all chips. This is the simplest, but least sophisticated usage from a security point of view. If an unauthorized user gains access to the fused response key, all the products fused with this response key can be accessed through the JTAG port.

2. Database of Unique Response Keys — The user maintains a database of all generated response keys. The user application can look up the table based on the challenge value. It is possible to implement a secure server holding the challenge/response pairs authenticating the user but this requires an independent implementation effort. The challenge values for all ICs must be read and a database of matching challenge response pairs must be built. Storing and managing numerous response keys is not trivial, but advantageous from a security standpoint, as it does not rely on any breakable algorithms.

3. Algorithmically Generated Response Keys — Response keys are generated based on an algorithm. With this method, there is no large database to manage. For instance, the challenge value can be used by the algorithm to generate a response key. This response key is programmed into SJC_RESP eFuses. Then, every time the challenge value is retrieved through JTAG, it can be processed by the user application and used to generate the expected response key for the JTAG debug tools. Once the algorithm is exposed or reverse engineered, this method is no longer secure.

NXP does not provide secure response key management or key generation services; these topics are not within the scope of this document.

### 3.1 Programming Secure JTAG eFuses using the NXP tool

To program the relevant eFuses needed for Secure JTAG on the chip, the user should first follow the steps below. Information on the On-Chip OTP Controller (OCOTP_CTRL) and the Fusemap can be found in the appropriate i.MX RT10xx series reference manual available at www.nxp.com. The NXP MCU Boot Utility is used in the following steps to program eFuses.

1. Download the latest NXP MCU Boot Utility from: [http://www.nxp.com](http://www.nxp.com)

2. The user should program the values below to the eFuses needed for secure JTAG:
   - Read and back-up the 64-bit “Challenge” value stored in the eFuse UUID[1,0], location (0x420, 0x410). See Figure 3. on page 7.
   - Program a 56-bit (7 Bytes) secret response key in the eFuse SJC_RESP, location (0x610, 0x600). In the example below, value “0xedcba987654321” is programmed.

     In Figure 3. on page 7, MSB is stored on the higher address, while the most-left byte is 0x00 and it is ignored.

     The user should define their own response key and keep the key backup for further usage.

     • Program 0x1 in the eFuse DAP_SJC_SWD_SEL to switch the DAP to the JTAG mode.
     • Program 0x1 in the eFuse JTAG_SMODE to switch the SJC to Secure JTAG mode.
     • Program 0x1 in the eFuse KTE_FUSE
     • Finally, the user must program 0x1 in the eFuse SJC_RESP_LOCK to disable read/write access of the secret response key. After this operation, the secret response field “SJC_RESP” becomes “invisible” in the fuse map. See Figure 3. on page 7 and Figure 4. on page 8.
Following figures demonstrate how to use the NXP MCU Boot Utility to program the above eFuses. The eFuse operation utility is a part of the tool, which can read and write the eFuse map registers. Be careful when doing writing (Burn) operations, as it is irreversible and may lock some features or the device completely.

To have the Secure JTAG enabled, follow the steps mentioned above in Programming Secure JTAG eFuses using the NXP tool on page 6 and refer to Table 2. eFuses associated with the Secure JTAG feature on page 3, Figure 3. on page 7 and Figure 4. on page 8 for more details about the appropriate eFuse bits.

The example does not program the BOOT_CFG_LOCK[1:0] and eFuses to prevent further modifications of the JTAG_SMODE eFuse. As programming these lock eFuses, disables the access to functions in addition to the JTAG mode bits. Hence, it should be performed once the final configuration has been decided.

Figure 3. eFuse Operation Utility - Secure Response key configuration
4 Debugging with the Secure JTAG enabled

To use the Secure JTAG feature, the JTAG debugger must support it. The example provided in this section uses the SEGGER J-Link debug tool.

Although the procedures outlined in the example below use an i.MX RT1052 device on IMXRT1050-EVK board. They can be applied to other RT10xx devices too. The following steps assume that users have experience working with the debug tools and the NXP MCU Boot Utility.

4.1 Steps to connect J-Link debugger via Secure JTAG

The following steps connect the SEGGER J-Link debug tool to the i.MX RT10xx when using Secure JTAG:

1. Download the SEGGER J-Link Software and documentation pack:
   

   If you wish to navigate to these scripts from SEGGER main page for reference, they are located under “Downloads” - “J-Link / J-Trace” - “J-Link Software and Documentation Pack”.

2. Download and edit the file J-Link script file named “NXP_RT1052_SecureJTAG_JlinkScript”. The script file can be received from NXP upon request. In this file, add the secret response key which was programmed into the SJIC_RESP eFuse. In the following example, the secret response key is “0xedcba987654321”, and matches the response key programmed in the eFuses in Programming Secure JTAG eFuses using the NXP tool on page 6.
// Secure response stored @ 0x600, 0x610 in eFUSE region (OTP memory)
Key0 = 0x87654321;
Key1 = 0xedcba9;

3. Power-up or reset the board with the JTAG_MODE pin (GPIO_AD_B0_08) in log.1. The user must do it manually, since we do not have the signal connected to the debug connector on EVB.

4. Locate the SEGGER SW J-Link installation directory.

5. Run the “jlink.exe” with the mentioned script file as a parameter.
   For instance:
   
   jlink.exe -JLinkScriptFile NXP_RT1052_SecureJTAG.JlinkScript -device MCIMXRT1052 -if JTAG -speed 4000 -autoconnect 1 -JTAGConf -1, -1
   
   **NOTE**

   The external IDE tool can call “JLinkGDBServer.exe” application with the same script file to unsecure the target.

   The tool script should read the Challenge value from eFUSE UUID[1,0] location. And it provides the appropriate Response from for SJC for authentication match.

   The JTAG_MODE pin must be switched to log.0, see Figure 1. on page 2 and Figure 6. on page 10 for details. The user should do it manually by changing the pin polarity on board. If the pin is routed to the JTAG connector and the tool supports the control of this signal, the tool can do it automatically,

   **Figure 5. Running SEGGER J-Link script on the secured i.MX RT device**

   The debug tool should successfully attach to the i.MX RT10xx target over JTAG. The screen capture in Figure 7. on page 10 shows a successful attach over Secure JTAG:
Figure 6. SEGGER J-Link script reads Challenge ID

Figure 7. SEGGER J-Link successfully connected to Secured JTA

Users can now perform normal JTAG debugger operations, as the device has been authenticated using the Challenge-Response mechanism.

**NOTE**

Any reset after JTAG access authorization shifts the JTAG controller back to its lock state, requiring that this authentication process is repeated.
6. To ensure that i.MX RT series SJC is operating in secure mode, edit the "NXP_RT1052_SecureJTAG.JlinkScript" file, provide an incorrect response key, and rerun the script. The debug tool should fail to attach to the i.MX RT10xx series target over JTAG.

4.2 Example of SEGGER J-link Secure JTAG unlock script

```c
int InitTarget(void) {
    int v;
    int Key0;
    int Key1;

    JLINK_SYS_MessageBox("Set pin JTAG_MOD => 1 and press any key to continue...");

    // Secure response stored @ 0x600, 0x610 in eFUSE region (OTP memory)
    Key0 = 0x87654321;
    Key1 = 0xedcba9;

    JLINK_CORESIGHT_Configure("IRPre=0;DRPre=0;IRPost=0;DRPost=0;IRLenDevice=5");
    CPU = CORTEX_M7;
    JLINK_SYS_Sleep(100);
    JLINK_JTAG_WriteIR(0xC); // Output Challenge instruction

    // Readback Challenge, Shift 64 dummy bits on TDI
    JLINK_JTAG_StartDR();
    JLINK_SYS_Report("Reading Challenge ID...");

    // 32-bit dummy write on TDI / read 32 bits on TDO
    JLINK_JTAG_WriteDRCont(0xffffffff, 32);
    v = JLINK_JTAG_GetU32(0);
    JLINK_SYS_Report1("Challenge UUID0: ", v);

    JLINK_JTAG_WriteDREnd(0xffffffff, 32);
    v = JLINK_JTAG_GetU32(0);
    JLINK_SYS_Report1("Challenge UUID1: ", v);

    JLINK_JTAG_WriteIR(0xD); // Output Response instruction

    JLINK_JTAG_StartDR();
    JLINK_JTAG_WriteDRCont(Key0, 32);
    JLINK_JTAG_WriteDREnd(Key1, 24);

    JLINK_SYS_MessageBox("Change pin JTAG_MOD => 0, press any key to continue...");

    return 0;
}
```

5 Conclusion

This application note describes the eFuse configuration for Secure JTAG and the authentication process, which is validated and demonstrated using the SEGGER J-Link script. Support and examples for the other Debugging tools like Lauterbach Trace32 and Arm DS5 will be included in later versions.

6 References
1. Configuring Secure JTAG for the i.MX 6 Series Family of Application Processors (AN4686)
2. Security reference Manual for the i.MX RT1050 Processor (IMXRT1050SRM), available upon a request from: www.nxp.com

7 Revision history

Table 3. Revision history

<table>
<thead>
<tr>
<th>Rev. number</th>
<th>Date</th>
<th>Substantive change(s)</th>
</tr>
</thead>
<tbody>
<tr>
<td>Rev. 0</td>
<td>04/2019</td>
<td>Initial release with J-Link script example</td>
</tr>
</tbody>
</table>
Information in this document is provided solely to enable system and software implementers to use NXP products. There are no express or implied copyright licenses granted hereunder to design or fabricate any integrated circuits based on the information in this document. NXP reserves the right to make changes without further notice to any products herein.

NXP makes no warranty, representation, or guarantee regarding the suitability of its products for any particular purpose, nor does NXP assume any liability arising out of the application or use of any product or circuit, and specifically disclaims any and all liability, including without limitation consequential or incidental damages. "Typical" parameters that may be provided in NXP data sheets and/or specifications can and do vary in different applications, and actual performance may vary over time. All operating parameters, including "typicals," must be validated for each customer application by customer’s technical experts. NXP does not convey any license under its patent rights nor the rights of others. NXP sells products pursuant to standard terms and conditions of sale, which can be found at the following address: nxp.com/SalesTermsandConditions.

While NXP has implemented advanced security features, all products may be subject to unidentified vulnerabilities. Customers are responsible for the design and operation of their applications and products to reduce the effect of these vulnerabilities on their applications and products, and NXP accepts no liability for any vulnerability that is discovered. Customers should implement appropriate design and operating safeguards to minimize the risks associated with their applications and products.

NXP, the NXP logo, NXP SECURE CONNECTIONS FOR A SMARTER WORLD, COOLFLUX, EMBRACE, GREENCHIP, HITAG, I2C BUS, ICODE, JOCOP, LIFE VIBES, MIFARE, MIFARE CLASSIC, MIFARE DESFire, MIFARE PLUS, MIFARE FLEX, MANTIS, MIFARE ULTRALIGHT, MIFARE4MOBILE, MIGLO, NTAG, ROADLINK, SMARTLX, SMARTMX, STARPLUG, TOPFET, TRENCHMOS, UCODE, Freescale, the Freescale logo, Altiview, C-5, CodeTEST, CodeWarrior, ColdFire, ColdFire+, C-Ware, the Energy Efficient Solutions logo, Kinetis, Layerscape, MagniV, mobileGT, PEG, PowerQUICC, Processor Expert, QoriQ, QoriQ Converge, Ready Play, SafeAssure, the SafeAssure logo, StarCore, Symphony, VortiQa, Vybrid, Airfast, BeeKit, BeeStack, CoreNet, Flexis, MXC, Platform in a Package, QUICC Engine, SMARTMOS, Tower, TurboLink, and UMEMS are trademarks of NXP B.V. All other product or service names are the property of their respective owners. AMBA, Arm, Arm7, Arm7TDMI, Arm9, Arm11, Artisan, big.LITTLE, Cordio, CoreLink, CoreSight, Cortex, DesignStart, DynamIQ, Jazelle, Keil, Mali, Mbed, Mbed Enabled, NEON, POP, RealView, SecurCore, Socrates, Thumb, TrustZone, ULINK, ULINK2, ULINK-1ME, ULINK-PLUS, ULINKpro, µVision, Versatile are trademarks or registered trademarks of ARM Limited (or its subsidiaries) in the US and/or elsewhere. The related technology may be protected by any or all of patents, copyrights, designs and trade secrets. All rights reserved. Oracle and Java are registered trademarks of Oracle and/or its affiliates. The Power Architecture and Power.org word marks and the Power and Power.org logos and related marks are trademarks and service marks licensed by Power.org.

© NXP B.V. 2019. All rights reserved.

For more information, please visit: http://www.nxp.com
For sales office addresses, please send an email to: salesaddresses@nxp.com

Date of release: 15 April 2019
Document identifier: AN12419