Skip to main content
I
Istillaga
Associate III
May 9, 2024
Solved

Detecting JTAG Access on the Board

  • May 9, 2024
  • 5 replies
  • 2137 views

Hi,

 

I am using the B-U585I-IOT20A Board and I want the board to notify me in some way if someone is attempting to access and modify its content via JTAG. Is there a way to do this?

Best answer by Uwe Bonnes

Your intention gets less clearer with any new posting. What part should detect the intrusion? The MCU or the debugger? And you do not want detection of another kind of debugger "intusion"?

 

Did you check https://community.st.com/t5/stm32-mcus-products/how-to-check-at-runtime-if-a-debugger-is-connected/td-p/458687?

 

5 replies

Tesla DeLorean
Tesla DeLorean
Guru
May 9, 2024

No, its not going to alert you to intrusion attempts.

You can disable the SWD/JTAG via Option Bytes / RDP Settings, in a permanent sense. Just be aware you'll not be able to use a debugger to program/debug the chip/board ever again.

Tips, Buy me a coffee, or three.. PayPal VenmoUp vote any posts that you find helpful, it shows what's working..
    Tesla DeLorean
    Tesla DeLorean
    Guru
    May 9, 2024

    You could perhaps not use, and associate PA13/PA14 with an EXTI, that interrupts if these signals are toggled/modulated. Use your imagination..

    Tips, Buy me a coffee, or three.. PayPal VenmoUp vote any posts that you find helpful, it shows what's working..
    Andrew Neil
    Andrew Neil
    Super User
    May 9, 2024

    Does the Cortex-M33 have a register which tells you when a debugger is attached?

    If it does, you could poll that.

    If not, maybe something like this:

    https://community.st.com/t5/stm32-mcus-products/stlink-emulator-with-stop-mode-condition/m-p/671060/highlight/true#M243267

     

    A complex system that works is invariably found to have evolved from a simple system that worked.A complex system designed from scratch never works and cannot be patched up to make it work.
      Tesla DeLorean
      Tesla DeLorean
      Guru
      May 9, 2024

      ITM_SendChar() etc should check flagging in assorted debug units

      Tips, Buy me a coffee, or three.. PayPal VenmoUp vote any posts that you find helpful, it shows what's working..
        Andrew Neil
        Andrew Neil
        Super User
        May 9, 2024

        The thread title says, "Protection Against Unauthorized Access via JTAG", but the opening post just asks about detecting an attached debugger - so which one do you actually want to do?

        A complex system that works is invariably found to have evolved from a simple system that worked.A complex system designed from scratch never works and cannot be patched up to make it work.
        I
        IstillagaAuthor
        Associate III
        May 9, 2024

        I want to dettect an attached debugger

        Uwe Bonnes
        Uwe Bonnes
        Chief
        May 9, 2024

        U5 has system security. Read rm0456 chapter 75, especially 75.2.6 Security and 75.12. about  debug authentication register. In the cube context, there should be examples and there are also presentations/tutorials about the subject,

          I
          IstillagaAuthor
          Associate III
          May 9, 2024

          And it is posible to detect any access via ST-Link?

          Uwe Bonnes
          Uwe BonnesBest answer
          Chief
          May 10, 2024

          Your intention gets less clearer with any new posting. What part should detect the intrusion? The MCU or the debugger? And you do not want detection of another kind of debugger "intusion"?

           

          Did you check https://community.st.com/t5/stm32-mcus-products/how-to-check-at-runtime-if-a-debugger-is-connected/td-p/458687?

           

          Terms & ConditionsAccessibility statement