基于权限管理的SoC安全芯片调试系统设计

Design of SoC security chip debug system based on permission management

针对SoC安全芯片的JTAG/cJTAG接口在产品化阶段没有关闭存在恶意被攻击风险,或通过OTP/eFuse简单的永久关闭JTAG/cJTAG接口导致量产阶段客户问题定位困难,或CPU指针跑飞后调试手段受限而很难定位等问题,本文设计了一种基于权限管理的SoC安全芯片调试系统,相比传统调试方式,本文做了两方面修改:针对JTAG/cJTAG调试方式,在传统调试方法上增加了权限控制位设计、校验密码设计、权限比对设计;针对UART调试方式,在保留传统调试方法的基础上增加了UART访问寄存器总线设计,并可以通过OTP/eFuse关闭UART访问寄存器功能。此调试系统既为SoC芯片CPU挂起、指针跑飞等提供问题分析手段,又为SoC芯片量产阶段提供安全又方便的JTAG/cJTAG调试手段。

There are risks of malicious attacks on SoC chips with JTAG/cJTAG interfaces that are not disabled during the mass productization stage,or the JTAG/cJTAG interfaces are simply and permanently disabled by OTP/eFuse,which makes it difficult to locate problems during mass production or limits debugging means when the CPU pointer runs away,making it difficult to locate the problem.This article designs a SoC security chip debug system based on permission management.Compared to traditional debugging methods,this article has made two modifications.For JTAG/cJTAG debugging,permission control bit design,verification password design,and permission comparison design have been added while retaining traditional debugging methods.Regarding the UART debugging method,a UART access register bus design has been added on the basis of retaining traditional debugging methods,and the UART access register function can be disabled through OTP/eFuse.It not only provides problem analysis methods for SoC chip CPU hanging and pointer running away,but also provides secure and convenient JTAG/cJTAG/UART debugging for SoC chip mass production stage.