1.3 Test On-Chip Debug Interface Security
Requirement Description
Verify that all on-chip debugging interfaces such as JTAG (Joint Test Action Group) or SWD (Serial Wire Debug) are either:
Disabled in production devices, or
Protected with a hardware/software access control mechanism that is enabled and configured appropriately to prevent unauthorized use.
DUT Confirmation Details
OEM Statement: (Insert vendor confirmation regarding JTAG/SWD availability and configuration in production units.)
Observed State: (Insert tester’s findings after inspection and testing.)
DUT Software Details
Software Name/Version: ___________________
Build Date: ___________________
Build Number: ___________________
Hash Checksum Verification for DUT’s Software Image
Algorithm Used: SHA-256 (or other approved hashing algorithm)
Expected Hash: ___________________
Calculated Hash: ___________________
Result: Pass / Fail
DUT Configuration
(Insert configuration commands or steps used to verify JTAG/SWD status and protection settings.) Example:
show hardware debug status
show system securityPre-Conditions
The vendor shall provide the following:
Datasheet of the SoC being used in the device.
Documentation listing all ports/interfaces enabled in production devices, including access control mechanisms for JTAG/SWD.
Manufacturing/Provisioning process flow describing how debug interfaces are managed and secured.
Test Plan
Total Number of Test Cases: 4
Planned Test Cases:
Document Review – Identify JTAG/SWD presence from SoC datasheet and OEM documents.
Interface State Verification – Check if JTAG/SWD is enabled/disabled in production units.
Protection Mechanism Validation – If enabled, test authentication or access control features.
Process Audit – Validate OEM manufacturing process to ensure secure handling of JTAG/SWD interfaces.
Test-bed Diagram with Interfaces and IPs
(Attach diagram showing DUT, test system, debug connectors, and any hardware probes used for testing.)
Last updated
Was this helpful?