[go: up one dir, main page]
Scribd
Upload
49 views15 pages

INF2004 WK4PREP Debugging JTAG

The document discusses JTAG (Joint Test Action Group), a standard used for programming and debugging embedded systems, highlighting its significance in the development process. It contrasts the challenges faced before JTAG with the capabilities it provides, such as downloading software, controlling peripherals, and forensic analysis. Additionally, it emphasizes JTAG's role in checking for manufacturing faults and reverse engineering systems.

Uploaded by

Andrew Koh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
49 views15 pages

INF2004 WK4PREP Debugging JTAG

The document discusses JTAG (Joint Test Action Group), a standard used for programming and debugging embedded systems, highlighting its significance in the development process. It contrasts the challenges faced before JTAG with the capabilities it provides, such as downloading software, controlling peripherals, and forensic analysis. Additionally, it emphasizes JTAG's role in checking for manufacturing faults and reverse engineering systems.

Uploaded by

Andrew Koh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

Title: JTAG

e s s or I an M cL oughlin
Lecturer: Prof
Date: 2020-07
SINGAPORE
INSTITUTE OF
TECHNOLOGY

JTAG
Joint test action group

Professor Ian McLoughlin


ICT Cluster
Singapore Institute of Technology
SINGAPORE
INSTITUTE OF
TECHNOLOGY

Contents

● Development of embedded systems


● Life before and after JTAG
● What is JTAG?
● What can it do?
● Extending beyond just debugging
SINGAPORE
INSTITUTE OF
TECHNOLOGY

Development of embedded systems


Embedded systems are NOT like
desktop devices. In the fgure see:
● Newly made PCB (on the right)
● Does it work?
● Use JTAG (on the left) to fnd
out
● Flash code into the PCB
SINGAPORE
INSTITUTE OF
TECHNOLOGY

Phases in the development process


● “Running up” new hardware – to get it working / fnd out why it doesn't work
● “Running up” new software – new hardware / old hardware
● Debugging hardware / software
JTAG, in particular, can do all this plus more (see later)
● “Flashing” blank hardware
● Forensic use / hackreverse engineer
SINGAPORE
INSTITUTE OF
TECHNOLOGY

First we need to remember how a microprocessor system in an embedded


device generally works;
Think about:

External
External Micro- ● Booting the device
peripheral
peripheral controller
Internal
● Running normal code
Flash RAM
Internal
Internal
Internal
● Getting code into fash
blocks
blocks
peripheral
Program ● Analysing the system / hacking
Storage Data
(external) Address
Control
Boot code Internal
Internal
Internal
blocks
blocks CPU
0x00000000 units
SINGAPORE
INSTITUTE OF
TECHNOLOGY

Life before JTAG


Flash/EPROM
programmer How to run-up new hardware?
● Program some debug code into
Micro-
controller fash memory, to light an LED
Flash RAM ● Pray it works
Data ● If not – check the obvious things,
Address
Boot Control and if they seem OK, wire up a
GPIO CPU
logic analyser

Logic analyser
SINGAPORE
INSTITUTE OF
TECHNOLOGY

Life after JTAG


How to run-up new hardware?
● Plug in JTAG hardware
Micro-
controller ● Load code, single step, control
Flash RAM
peripherals, debug hardware and
Data software
Address
Boot Control ● It works? Use JTAG to program your
CPU
boot code into fash memory

JTAG
controller
SINGAPORE
INSTITUTE OF
TECHNOLOGY

What is JTAG?
● JTAG (joint test action group), now a standard (IEEE 1149)
● It defnes a boundary scan path controller
● Used in almost all modern CPUs (including all ARM/Cortex devices).

● Originally - used to test for CPU manufacturing faults


● Now - an indispensable tool to program and debug embedded systems.
SINGAPORE
INSTITUTE OF
TECHNOLOGY

● Built-in test hardware that can read


Device the input data going into a unit
Input logic under
test the output data coming out of a unit

Boundary scan
It can also overwrite data!!

going into a unit


Boundary
Unit scan Test coming out of a unit
under test controller I/O
Boundary scan ● It can connect several units (see next page)

Output logic
SINGAPORE
INSTITUTE OF
TECHNOLOGY

serial/parallel serial/parallel

Boundary
serial port driver external driver internal unit scan test I/O
controller

serial/parallel serial/parallel serial/parallel

Here is an example showing a long scan path wired to several internal units.
The scan path:
● is a serial bus connecting serial/parallel multiplexers
● sends data in one direction
● has control signals and a clock
● can read from/write to different multiplexers
SINGAPORE
INSTITUTE OF
TECHNOLOGY

This is the JTAG arrangement found in most ARM-based microcontrollers

Micro- The JTAG interface


controller I/O
Internal ● TDI test data input
in block
● TDO test data output
in Internal O/P
block ● TCK test clock (input)
in enable I/O ● TMS test mode select (input)
in
CPU ● nTRST reset (input, active low)
O/P
TDI
TMS ID register
TCK bypass
nTRST instruction TDO
register
JTAG
control
SINGAPORE
INSTITUTE OF
TECHNOLOGY

What can it do JTAG


USB

JTAG
Target Board
controller
Host/ Target/
Development System Embedded Board
JTAG can allow the host to:
● Download and run software on the board,
single-step, watchpoints, breakpoints, view registers
● Erase, program, check on-board fash memory
● Control on-board peripherals directly from the host
● Read every input to the microcontroller, overwrite
every output
SINGAPORE
INSTITUTE OF
TECHNOLOGY

Extending beyond debugging


● Check for manufacturing faults (e.g. solder, pin shorts)
● Forensic use – examine contents of a computer while holding the CPU in reset
(including external memory, e.g. fash)
● HackReverse engineer a system – as long as a system has JTAG pins, you
can get hold of almost everything inside... boot code, running software, I/O,
design details, operation sequences
● Man-in-the-middle monitoring/changes
SINGAPORE
INSTITUTE OF
TECHNOLOGY

What we have covered in this segment

● Development of embedded systems


● Life before and after JTAG
● What is JTAG?
● What can it do?
● Extending beyond just debugging

You might also like