Debug Authentication

Zynq UltraScale+ Device Technical Reference Manual (UG1085)

Document ID
UG1085
Release Date
2022-09-15
Revision
2.3 English

Arm CoreSight components use four control signals, DBGEN, NIDEN, SPIDEN, and SPNIDEN to authenticate invasive and non-invasive debug based on a TrustZone secure or non-secure status. An invasive debug is any debug operation that can cause the behavior of the system to be modified. A non-invasive debug, such as trace, is unaffected.

Note:   References to secure and non-secure state in this section refer to the TrustZone state and have nothing to do with boot security.

The authentication rules are as follows.

If DBGEN is Low, then no invasive debug must be permitted.

If NIDEN is Low and DBGEN is Low, then no debug is permitted.

If NIDEN is Low and DBGEN is High, then invasive and non-invasive debug are permitted.

If SPIDEN is Low, then no secure invasive debug must be permitted.

If SPNIDEN is Low and SPIDEN is Low, then no secure debug is permitted.

If SPNIDEN is Low and SPIDEN is High, then invasive and non-invasive secure debug is permitted.

Table: Debug Authentication shows the debug authentication logic.

Table 39-7:      Debug Authentication

SPIDEN

DBGEN

SPNIDEN

NIDEN

Invasive

Non-invasive

Secure

Non-secure

Secure

Non-secure

X

0

X

0

No

No

No

No

0

0

0

1

No

No

No

Yes

0

0

1

1

No

No

Yes

Yes

0

1

0

X

No

Yes

No

Yes

0

1

1

X

No

Yes

Yes

Yes

1

0

X

1

No

No

Yes

Yes

1

1

X

X

Yes

Yes

Yes

Yes