Browse Prior Art Database

Method to prevent unauthorized access to system debug ports

IP.com Disclosure Number: IPCOM000099016D
Original Publication Date: 2005-Mar-09
Included in the Prior Art Database: 2005-Mar-09
Document File: 3 page(s) / 40K

Publishing Venue

IBM

Abstract

System debug ports(ITP and JTAG) provide a powerful method to control the operation of the system. These ports are used during the development cycle to help debug the software and hardware of the system. They are also used to help debug problems found in the field after the product has GA'd. These ports can also be used by third parties to disassemble or otherwise reverse engineer system software or hardware. Although the task is difficult, processor ITP's can also be used to read encryption keys from software based routines. The simplest method to defeat improper usage is to remove the connectors/pads from the system board. This, however, impairs the ability of system developers to debug field problems. This article describes a mechanism to control access to a system's debug ports.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 53% of the total text.

Page 1 of 3

Method to prevent unauthorized access to system debug ports

     System debug ports(ITP and JTAG) provide a powerful method to control the operation of the system. These ports are used during the development cycle to help debug the software and hardware of the system. They are also used to help debug problems found in the field after the product has GA'd. These ports can also be used by third parties to disassemble or otherwise reverse engineer system software or hardware. Although the task is difficult, processor ITP's can also be used to read encryption keys from software based routines.

     The simplest method to defeat improper usage is to remove the connectors/pads from the system board. This, however, impairs the ability of system developers to debug field problems.

     This system allows a developer to access the debug ports only after a correct pass key has been entered. With this solution, access to the debug ports is granted only to approved developers thus potentially increasing reliability of the system by decreasing the chance of user induced failure. Also, the debug port connectors stay installed so field debug and serviceability is not impacted.

The system consists of the following:
1) a system containing debug ports and connectors.
2) a switch that sits between the debug port and the debug port connector. This switch blocks or passes debug port signals.

     -optionally the switch is not required if a critical component of the debug port(such as a clock generator) is accessible/configurable via an I2C bus connected to the BMC.
3) a BMC(or other comparable logic) with nonvolatile storage used to compare pass keys and control the state of the switch.
4) a secure channel/protocol to communicate with the BMC.
5) an led or other indicator to show that the port is enabled.

     The BMC, switch, debug port connector, and Device Under Test are connected as in figure 1. An optional arrangement is shown in figure 2.

Figure 1

1

Pa...