Zynq UltraScale+ MPSoC JTAG Enable in U-Boot
- bkarsten (Unlicensed)
- William Cassells (Unlicensed)
This design note is to document the necessary modifications to a PetaLinux project to support the ability to enable JTAG in the U-Boot console after a secure boot. This allows for a selective enablement of JTAG.
The ZCU102 and 2022.1 tools are used in this demonstration
Securing the boot image is not detailed in this demonstration
No form of security is applied to the JTAG enabling process
This mechanism will not work if the JTAG_DIS eFUSE has been burned.
Table of Contents
Introduction
This demonstration leverages AR68391 which details the sequence of register writes required to enable JTAG after a secure boot. For U-Boot to modify those registers it utilizes the PMU FW. In PMU FW (in pm_mmio_access.c) there is a filtering process that determines which registers can be accessed. The status of the filtering for the registers of interest is listed below. Modifications are required to enable access to the full set.
Operation | Reg Name | Symbol | Note |
|---|---|---|---|
| jtag_sec |
| Access enabled if |
| jtag_dap_cfg |
| Access enabled if |
| jtag_chain_cfg |
| Access enabled if |
| DBG_LPD_CTRL |
| Patch required to enable access |
| RST_LPD_DBG |
| Patch required to enable access |
| Pcap_prog |
| Access enabled if |
General Steps
It is assumed that you have a PetaLinux 2022.1 Project for the ZCU102 board
Configure the PMU FW to support modification of the registers of interest
Define the symbol
Apply the provided patch
Build the PetaLinux Project
Create the Boot Image
Deploy and Test on the ZCU102 board
Workflow
PetaLinux Project : It is assumed that this has been created.
Configure & Build : Incorporate changes to the PMU FW using build settings along with a patch.
Create Boot Image : Use of bootgen to create BOOT. BIN. Authentication uses boot header mode, encryption uses a BBRAM key. For other use cases, the example BIF will need to be modified accordingly.
Deploy & Test on the ZCU102 : Configure a terminal for the U-Boot shell, boot the board from an SD card with the created BOOT.BIN, verify that JTAG is disabled, issue the provided commands, verify that JTAG has been enabled.
Configure for Secure Access Symbol
Define the SECURE_ACCESS_VAL symbol in the PMU FW to enable 4 of the 6 registers needed to enable JTAG.
In the PetaLinux project:
Edit <plnx-proj-root>/project-spec/meta-user/recipes-bsp/embeddedsw/pmu-firmware_%.bbappend to add the following. If this file does not yet exist you will need to create it.
YAML_COMPILER_FLAGS:append = "-DSECURE_ACCESS_VAL=1"Configure for Patch; Build
Incorporate the patch to enable the remaining 2 registers.
Create the directory for the patch.
$ mkdir -p <plnx-proj-root>/project-spec/meta-user/recipes-bsp/embeddedsw/filesCopy the patch file into the directory (see Appendix for content).
Edit the bbappend file to include the patch.
Include the following into the bbappend.
# Patch for PMU FW
SRC_URI:append += "//file:0001-Added-2-regs-for-access.patch"
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"Build the PMU FW.
$ petalinux-build -c pmufwCreate Boot Image
Use bootgen to create BOOT.BIN.
$ bootgen -arch zynqmp -image ZCU102_uboot_bhauthenc.bif -p zu9eg -o BOOT.BINThe content of ZCU102_uboot_bhauthenc.bif assumes that the needed components are in a local directory, copied from <plnx-proj-root>/images/linux. It also assumes that keys are in the keys subfolder and named as noted.
//arch = zynqmp ; split = false; format = BIN; key_part_name = zu9eg
the_ROM_image
{
[pskfile] keys/psk0.pem
[sskfile] keys/ssk0.pem
[auth_params] spk_id = 0; ppk_select = 0
[keysrc_encryption] bbram_red_key
[fsbl_config] bh_auth_enable
[bootloader, destination_cpu = a53-0, encryption = aes , aeskeyfile = keys/fsbl_a53.nky, authentication = rsa] zynqmp_fsbl.elf
[destination_cpu = pmu , authentication = rsa] pmufw.elf
[encryption = aes , aeskeyfile = keys/design_1_wrapper.nky, authentication = rsa, destination_device = pl] design_1_wrapper.bit
[destination_cpu = a53-0, exception_level =el-3, trustzone, authentication = rsa] bl31.elf
[destination_cpu = a53-0, load=0x00100000, encryption = aes, aeskeyfile = devtree.nky, authentication = rsa] system.dtb
[destination_cpu = a53-0, exception_level = el-2, encryption = aes, aeskeyfile = keys/u-boot.nky, authentication = rsa] u-boot.elf
}Deploy & Test
Copy BOOT.BIN onto the SD card, insert it into the ZCU102, set boot mode to SD; power up.
Issue the following at the U-Boot prompt.
u-boot> zynqmp mmio_write 0xffca0038 0xffffffff 0x3f
u-boot> zynqmp mmio_write 0xffca003c 0xffffffff 0xff
u-boot> zynqmp mmio_write 0xffca0030 0xffffffff 0x3
u-boot> zynqmp mmio_write 0xff5e00b0 0xffffffff 0x01002002
u-boot> zynqmp mmio_write 0xff5e0240 0xffffffff 0x0
u-boot> zynqmp mmio_write 0xffca3000 0xffffffff 0x1Verify JTAG access to the Zynq UltraScale+ device.
One method to verify the enablement of JTAG is to connect in an XSCT shell and execute xsct$ targets. The expected output when JTAG is disabled / enabled is shown below.
Appendix
PMU FW Patch
Patch Creation Process
In a directory outside of the PetaLinux project clone the embeddedsw repository.
$ mkdir pmufw_patch ; cd pmufw_patch
$ git clone https://github.com/Xilinx/embeddedsw
$ cd embeddedsw
$ git checkout xilinx_v2022.1 (can use git tag -l to get a list of tags)Edit the pm_mmio_access.c source file in embeddedsw/lib/sw_apps/zynqmp_pmufw/src to add R/W access for DBG_LPD_CTRL and RST_LPD_DBG and change CSU_JTAG_CHAIN_CFG to R/W.
CSU_JTAG_CHAIN_CFG needs to be changed to R/W from WO because the zynqmp mmio_write command performs a read-modify-write. When this register is in WO mode the read fails and the write does not occur.
Create a patch from the modified source file.
$ git add pm_mmio_access.coptional : $ git status to see the file is staged.
$ git commit -signoffoptional : $ git status to see the file is no longer staged.
optional : $ git show to see the changes just added.
$ git diff xilinx_v2022.1 > 0001-Added-2-regs-for-access.patchReview the patch to verify that expected changes are represented.
Related content
© Copyright 2019 - 2022 Xilinx Inc. Privacy Policy