JTAG and SBW Lock Mechanism Using the Electronic Fuse
65
SLAU367P – October 2012 – Revised April 2020
Copyright © 2012–2020, Texas Instruments Incorporated
System Resets, Interrupts, and Operating Modes, System Control Module
(SYS)
1.13.1 JTAG and SBW Lock Without Password
A device can be locked by writing 05555h to both JTAG Signature 1 and JTAG Signature 2. In this case,
the JTAG and SBW interfaces grant access to a limited JTAG command set that restricts accessibility into
the device. The only way to unlock the device in this case is to use the BSL to overwrite the JTAG
signatures with anything other than 05555h or 0AAAAh. Some JTAG commands are still possible after the
device is secured, including the BYPASS command (see IEEE1149-2001 Standard) and the
JMB_EXCHANGE command, which allows access to the JTAG Mailbox System (see
for
details).
NOTE:
Signatures that have been entered do not take effect until the next BOR event has occurred,
at which time the signatures are checked.
1.13.2 JTAG and SBW Lock With Password
A device can also be locked by writing 0AAAAh to JTAG Signature 1 and writing JTAG Signature 2 with
any value except 05555h. In this case, JTAG and SBW interfaces grant access to a limited JTAG
command set that restricts accessibility into the device as in
, but an additional mechanism
is available that can unlock the device with a user-defined password. In this case, JTAG Signature 2
represents a user-defined length in words of the user defined password. For example, a password length
of four words would require writing 0004h to JTAG Signature 2. The starting location of the password is
fixed at location 0FF88h. As an example, for a password of length 4, the password memory locations
would reside at 0FF88h, 0FF8Ah, 0FF8Ch, and 0FF8Eh.
The password is not checked after each BOR; it is checked only if a specific signature is present in the
JTAG incoming mailbox. If the JTAG incoming mailbox contains 0A55Ah and 01E1Eh in JMBIN0 and
JMBIN1, respectively, the device is expecting a password to be applied. The entered password is
compared to the password that is stored in the device password memory locations. If they match, the
device unlocks the JTAG and SBW to the complete JTAG command set until the next BOR event occurs.
NOTE:
Memory locations 0FF80h through 0FFFFh may also be used for interrupt vector address
locations (see the device-specific data sheet). Therefore, if using the password mechanism
for JTAG and SBW lock, which uses address locations 0FF88h and higher, these locations
may also have interrupt vector addresses assigned to them. Therefore, the same values
assigned for any interrupt vector addresses must also be used as password values.
NOTE:
Signatures that have been entered do not take effect until the next BOR event has occurred,
at which time the signatures are checked. For example, entering a correct password that
grants entry into the device followed by an incorrect password without a BOR sequence may
still grant access to the device.
1.14 Device Descriptor Table
Each device provides a data structure in memory that allows an unambiguous identification of the device.
The validity of the device descriptor can be verified by cyclic redundancy check (CRC).
shows
the logical order and structure of the device descriptor table. The complete device descriptor table and its
contents can be found in the device-specific data sheet.