Semiwiki on LinkedIn Semiwiki on Facebook Semiwiki on Twitter Register / Log in 
Array
(
    [content] => 
    [params] => Array
        (
            [0] => /forum/threads/debug-through-usb-rather-than-jtag-any-comments.8188/
        )

    [addOns] => Array
        (
            [DL6/MLTP] => 13
            [Hampel/TimeZoneDebug] => 1000070
            [SV/ChangePostDate] => 2010200
            [SemiWiki/Newsletter] => 1000010
            [SemiWiki/WPMenu] => 1000010
            [SemiWiki/XPressExtend] => 1000010
            [ThemeHouse/XLink] => 1000970
            [ThemeHouse/XPress] => 1010570
            [XF] => 2021770
            [XFI] => 1050270
        )

    [wordpress] => /var/www/html
)

Debug through USB rather than JTAG - any comments?

It's all a matter of what stage of development you're at. We thought about this long and hard for single-board computers - users of course have USB everywhere but not a lot have JTAG probes lying around. At the time, we were using IBM RISCWatch to do PowerPC bringup of board firmware. There was a whole lot of stuff that had to be working exactly right for USB to come up (like PCI enumeration), where JTAG could probe just about everything before it was properly initialized. I was one of the guys fighting for USB to be integrated into the processor to cut some of the complexity out of the problem, so for SoCs it might be a simpler proposition. If we're talking "kernel" space for firmware and OS versus "user" space for applications, USB is probably a better fit for the latter.
 
There is a lot of hardware out there where the only security they have is that it is hard to open up the box and solder in a connector for the JTAG port. Giving anyone who can plug a USB cable into your box full debug access and the ability to reflash your code would be a security nightmare. How often have you stood at a counter being served where you had physical access to the back of the clerks computer? A couple of minutes is all it takes.

You also do not save any pins by not porting out the JTAG ports. Debug is only one out of about a dozen different users of JTAG and everyone else still needs it.
 
jt_eaton said:
There is a lot of hardware out there where the only security they have is that it is hard to open up the box and solder in a connector for the JTAG port. Giving anyone who can plug a USB cable into your box full debug access and the ability to reflash your code would be a security nightmare. How often have you stood at a counter being served where you had physical access to the back of the clerks computer? A couple of minutes is all it takes.

You also do not save any pins by not porting out the JTAG ports. Debug is only one out of about a dozen different users of JTAG and everyone else still needs it.
Click to expand...
I was wondering about that too. USB is famously insecure.
 
We wrote the blog so to comment :)

One big reason for this is that JTAG is slow, so if you want a lot of debug information then using USB is very much more efficient & saves a lot of time.
As we all know, time = money, and accelerating development has big attractions on time to market, commercial traction etc.

It would be unusual this would *replace* JTAG: you still want to use JTAG for lowlevel bring-up, connectivity, scan chain etc, especially in manufacturing environment for production test. So "saving pins" isn't the main benefit.

But for more complicated tasks: debugging software, or beta testing / field testing of a consumer system where the only access to the device is USB, then this has value.
And that enables a whole new use case: in-life or in-field debugging and optimization.
Suppose you were debugging a mobile phone or an ADAS system on a car: where is the JTAG port you can see?
But for complicated systems like those you would often sensibly want to get access in order to see how things are going

Several people mention security. The type of connector doesn't change security. JTAG is famously nasty for this - which is why best practice is to disable it.

For USB it is equally possible to disable debug access (fuse and turn off that mode) and that is then very secure. No more risky than disabled JTAG.

But if you want in-life '/ in-field debugging can use proper security techniques, with authentication, encryption, handshake etc.

For this to work properly it must be completely non-intrisive on target system.
That means there is an integrated USB hub and a hardware based USB controller - so no load on main CPU from USB traffic and no interference with system USB traffic.

If you want more details: Still debugging the JTAG way? Time to try the USB way... • UltraSoC
 
I think also a challenge for USB is the "social" problem, not so much a system problem, at least on PCs of various flavors. People use USB to transfer information on sticks and people generally have poor security awareness, which is how malware has got into the NSA, Iran uranium enrichment centers etc. Of course if the USB is disabled from being used by anyone except for experts, that might alleviate the problem. But that itself might not be so easy. We all know what A USB port looks like. If a device has one, why can't I use it? Is this a conspiracy/government overreach, ...?
 
jt_eaton said:
There is a lot of hardware out there where the only security they have is that it is hard to open up the box and solder in a connector for the JTAG port. Giving anyone who can plug a USB cable into your box full debug access and the ability to reflash your code would be a security nightmare. How often have you stood at a counter being served where you had physical access to the back of the clerks computer? A couple of minutes is all it takes.

You also do not save any pins by not porting out the JTAG ports. Debug is only one out of about a dozen different users of JTAG and everyone else still needs it.
Click to expand...

Agree on saving pins: you probably still need JTAG for all those other reasons as you say.

But if you rely on "is hard to open up the box and solder in a connector for the JTAG port" for security then you are riding for trouble. That is a very dangerous approach. Disable the JTAG after manufacturing test is far wiser.

But using USB does need security, I agree. But that is not impossible. It does need to be thought through.
 
Bernard Murphy said:
I think also a challenge for USB is the "social" problem, not so much a system problem, at least on PCs of various flavors. People use USB to transfer information on sticks and people generally have poor security awareness, which is how malware has got into the NSA, Iran uranium enrichment centers etc. Of course if the USB is disabled from being used by anyone except for experts, that might alleviate the problem. But that itself might not be so easy. We all know what A USB port looks like. If a device has one, why can't I use it? Is this a conspiracy/government overreach, ...?
Click to expand...

USB is indeed a security issue as a general point: it is possible to embed malware into a USB chip in a very nasty way. eg BadUSB Why the Security of USB Is Fundamentally Broken | WIRED

But this debug mode is not making that situation worse: the debug architecture has its own security approach with authentication etc
 
You must log in or register to reply here.
Back
Top