JTAG Security Gates

Zynq UltraScale+ Device Technical Reference Manual (UG1085)

Document ID
UG1085
Release Date
2022-09-15
Revision
2.3 English

The secure JTAG interconnect routes the JTAG signals between the three controllers and controls three security gates (PMU MDM, PL TAP controller, and Arm DAP controller).

Access to the full JTAG chain, including the PS TAP and Arm DAP, can be granted by the following.

The CSU bootROM code, if the device is booted non-secure.

Secure software running on the PS.

The security gates are controlled by individual 3-bit fields in the CSU.jtag_sec register. Disabling the security gate does not automatically connect the PS TAP and Arm DAP to the JTAG chain. After access has been granted, the rest of the JTAG chain can be connected using the PS TAP. After adding or removing a controller from the JTAG chain, you must return to test-logic reset (TLR) by holding TMS High for five TCK cycles. This ensures that all TAP controller state machines on the chain are synchronized. The JTAG status can be determined by reading the JTAG_STATUS instruction on the PS TAP.

Arm CoreSight components use four control signals, DBGEN, NIDEN, SPIDEN, and SPNIDEN to authenticate invasive and non-invasive debug based on a TrustZone secure or non-secure status. The debug authentication functionality is described in section Debug Authentication.