Diving into JTAG
Free!
With Membership
$1.00
Suggested price

Diving into JTAG

A Comprehensive Guide to Debugging, Testing, and Securing Embedded Systems with JTAG Protocol

About the Book

WARNING: The main goal of this book is to test Leanpub functionality, and all the information in this book can be found in my articles for the Interrupt by Memfault and PlatformIO blogs.

So, there is no need to buy this book—you should only do so if you prefer reading information in book format or if you just want to buy me a coffee. :)

Diving into JTAG is your ultimate guide to understanding and mastering the JTAG protocol, a critical tool for embedded systems development. Whether you are an engineer, student, or enthusiast, this book provides a clear and comprehensive exploration of JTAG, from its fundamental principles to advanced applications.

Starting with the basics of the IEEE 1149.1 standard, the book delves into the architecture of JTAG, including Test Access Ports (TAPs), Instruction Registers (IR), Data Registers (DR), and the Boundary Scan Register (BSR). You’ll gain a solid understanding of how JTAG facilitates debugging, testing, and analysis in modern embedded systems.

Key topics include:

  • The principles of JTAG operation and its role in embedded systems.
  • The structure and functionality of key JTAG components.
  • The Boundary Scan method for PCB testing.
  • Security considerations for JTAG implementations.

This book is a valuable resource for anyone interested in understanding the core mechanisms behind this critical protocol, paving the way for more advanced studies or practical applications.

About the Author

Aliaksandr Kavalchuk
Aliaksandr Kavalchuk

Aliaksandr Kavalchuk is an experienced embedded systems engineer with over 10 years of professional experience. He specializes in developing software for microcontrollers and actively shares his knowledge through publications and books.

He lives in Poland with his wife. In his free time, he enjoys writing technical articles on embedded systems and working on books to share his expertise with a broader audience.

Table of Contents

Table of Contents

Table of Contents

Table of Contents

  1. Diving into JTAG
  2. Intro
    1. Who Is This Book For?
    2. How to read this book
    3. Feedback
    4. Support
  3. 1. Overview
    1. 1.1 Test Access Point (TAP)
    2. 1.2 Control signals
    3. 1.3 Registers
      1. 1.3.1 Shift register
    4. 1.4 JTAG Instruction
      1. 1.4.1 The IDCODE instruction
      2. 1.4.2 The Boundary Scan instructions
      3. 1.4.2 The BYPASS instruction
    5. 1.5 TAP State Machine
    6. 1.6 Example
  4. 2. Debugging
    1. 2.1 JTAG Access to the STM32F407VG Controller
      1. 2.1.1 Read of IDCODE
    2. 2.2 Interaction with memory
      1. 2.2.1 Writing a variable to memory
      2. 2.2.2 Reading a variable from memory
    3. 2.3 Interacting with the Processor Core
  5. 3. Boundary Scan
    1. 3.1 The Principle of Boundary-Scan
    2. 3.2 The Boundary Scan Cells
    3. 3.3 The Boundary Scan Register
    4. 3.4 The Boundary Scan Instructions
      1. 3.4.1 SAMPLE Instructions
      2. 3.4.2 PRELOAD Instructions
      3. 3.4.3 SAMPLE/PRELOAD Instructions
      4. 3.4.4 EXTEST Instructions
      5. 3.4.5 INTEST Instructions
    5. 3.5 Example of Testing
  6. 4. BSDL
    1. 4.1 Syntax
      1. 4.1.1 Entity Descriptions
      2. 4.1.2 Generic Parameter
      3. 4.1.3 Logical Port Description
      4. 4.1.4 Pin Mapping(s)
      5. 4.1.5 Scan Port Identification
      6. 4.1.6 IDCODE Register Description
      7. 4.1.7 Instruction Register Description
      8. 4.1.8 Register Access Description
      9. 4.1.9 Boundary Register Description
  7. 5. Usage Scenarios
    1. 5.1 Getting Started
    2. 5.2 Board Bring Up
      1. 5.2.1 GPIO Output Control
      2. 5.2.2 GPIO Input State View
    3. 5.3 Revers Enginnering
  8. 6. Security
    1. 6.1 Protection
      1. 6.1.1 Board-Level
      2. 6.1.2 Chip-Level
    2. 6.2 Attack
      1. 6.2.1 Detecting JTAG pins
        1. 6.2.1.1 IDCODE Scan
        2. 6.2.1.2 BYPASS Scan
      2. 6.2.2 Attack on JTAG
        1. 6.2.2.1 Determining the number of TAPs in a JTAG chain
        2. 6.2.2.2 Determining the size of IR and DR
        3. 6.2.2.3 Defining undocumented JTAG instructions
      3. 6.2.3 Debug Port (RDP) Attack
        1. 6.2.3.1 Firmware dumping technique for an ARM Cortex-M0 SoC
        2. 6.2.3.2 nRF52 Debug Resurrection (APPROTECT Bypass)
  9. Appendix A: ARM Debug Access Port
    1. A.1 The external interface, the Debug Port (DP)
      1. A.1.1 JTAG Debug Port (JTAG-DP)
        1. A.1.1.1 JTAG Registers
        2. A.1.1.2 Debug Port Registers
        3. A.1.1.3 Accessing the DP registers
    2. A.2 The resource interface, the Access Ports (AP)
      1. A.2.1 Memory Access Port Registers
      2. A.2.3 Addressing of AP Registers
      3. A.2.2 Accessing the AP registers
    3. A.3 Practical Part
      1. A.3.1 Writing a variable to memory
      2. A.3.2 Reading a variable from memory

Landmarks

  1. Begin Reading

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earnedover $14 millionwriting, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub