cancel
Showing results for 
Search instead for 
Did you mean: 

Automatic Mode Effect on JTAG Close Command and ST-LINK Utility

DeveloperMan
Associate III

GPIO_PinRemapConfig (GPIO_Remap_SWJ_Disable, ENABLE); I closed the JTAG pins on the stm32f103 processor with the command. Then when I tried to connect via the ST-LINK Utility program with the Connect-to-Target button, it did not see the processor. So far, everything continued as we wanted.

In my settings it was as follows:

Connection settings: SWD

Mode: Normal

Reset Mode: Software System Reset

Enable debug in low power mode: Enabled

With these settings, when I tried to connect with the Target-> Automatic Mode option, I was able to pass code over the st-link utility again. However, I had thrown the software with the code to close the JTAG pins. No way I should be able to access the processor via JTAG. What is this situation caused by?

Thank you.

1 ACCEPTED SOLUTION

Accepted Solutions
TDK
Guru

If you disable the SWD/JTAG pins, you won't be able to connect until they are re-enabled, such as during a reset.

So either your code isn't disabling them, or the chip is getting reset somehow.

It's possible the software is toggling the NRST pin to connect.

If you feel a post has answered your question, please click "Accept as Solution".

View solution in original post

7 REPLIES 7
TDK
Guru

If you disable the SWD/JTAG pins, you won't be able to connect until they are re-enabled, such as during a reset.

So either your code isn't disabling them, or the chip is getting reset somehow.

It's possible the software is toggling the NRST pin to connect.

If you feel a post has answered your question, please click "Accept as Solution".

After enabling RCC settings and other peripherals: GPIO_PinRemapConfig (GPIO_Remap_SWJ_Disable, ENABLE);

Connecting Settings When JTAG is not connected. But I can connect when SWD is. I don't understand how it does the reset.

DeveloperMan
Associate III

I wonder if activating RDP (read protection) level 2 would be a solution? When this process is done, is it possible to return it with the boot processes of the ST?

TDK
Guru

Setting RDP level 2 is permanent. It cannot ever be changed after that.

You said it may be “a solution�?. What problem are you trying to solve?

If you feel a post has answered your question, please click "Accept as Solution".

The F1 is a very old design, newer designs have option level settings to lock out the JTAG​

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..
DeveloperMan
Associate III

Thank you for all your answers!

Let me clarify the situation here i have;

I want to disable JTAG and SWD interfaces in my device to avoid any Cyber security issues that may be occured in the field.

So I have added below code snipppet to my firmware;

GPIO_PinRemapConfig(GPIO_Remap_SWJ_Disable, ENABLE); 

After that, i started testing my device. It works well if i try to connect with ST-Link utility manually. ST-Link can not connect the MCU that is good news.

However, if i download the firmware to the device in "Automatic Mode", after power cycle ST-Link can connect the MCU which is bad news. This is my problem here.

I tried to connect with J-Link Plus and it is same. It can not connect in manual mode but automatic mode.

So if the attacker or anyone tries to connect my device in automatic mode with a programmer, they can reach my device.

We also thought that maybe ST-Link reaches the device before executing our disabling code snippet. We tried to add this in system_stm32f10x.c but not any change.

We have also tried to write directly to AFIO->MAPR register to disable JTAG and SWD as explained in Reference Manual Table 37:Debug Port mapping. We wrote 100 to register's 26 25 24 bits to disable JTAG and SWD as you can see from below picture.

0693W000003PpRyQAK.png

So we think that we tried everthing and it is not working well. Could it be errata for this MCU? Is there anything that we can do to workaround?

Please come in and share your ideas that could be very heplful for me! Deadline is coming and we are under pressure :)

TDK
Guru

An attacker will always be able to connect to the chip over SWD if they know how to connect the NRST pin to GND. So disabling SWD/JTAG pins within your program is a very shallow level of protection.

Doesn't look like the F1 family has RDP level 2.

Enabling RDP will prevent them from reading what's on the chip, but they could still erase and reprogram it.

If you feel a post has answered your question, please click "Accept as Solution".