Skip to main content
Visitor II
August 18, 2020
Solved

Automatic Mode Effect on JTAG Close Command and ST-LINK Utility

  • August 18, 2020
  • 6 replies
  • 2547 views

GPIO_PinRemapConfig (GPIO_Remap_SWJ_Disable, ENABLE); I closed the JTAG pins on the stm32f103 processor with the command. Then when I tried to connect via the ST-LINK Utility program with the Connect-to-Target button, it did not see the processor. So far, everything continued as we wanted.

In my settings it was as follows:

Connection settings: SWD

Mode: Normal

Reset Mode: Software System Reset

Enable debug in low power mode: Enabled

With these settings, when I tried to connect with the Target-> Automatic Mode option, I was able to pass code over the st-link utility again. However, I had thrown the software with the code to close the JTAG pins. No way I should be able to access the processor via JTAG. What is this situation caused by?

Thank you.

    This topic has been closed for replies.
    Best answer by TDK

    If you disable the SWD/JTAG pins, you won't be able to connect until they are re-enabled, such as during a reset.

    So either your code isn't disabling them, or the chip is getting reset somehow.

    It's possible the software is toggling the NRST pin to connect.

    6 replies

    TDKAnswer
    Super User
    August 18, 2020

    If you disable the SWD/JTAG pins, you won't be able to connect until they are re-enabled, such as during a reset.

    So either your code isn't disabling them, or the chip is getting reset somehow.

    It's possible the software is toggling the NRST pin to connect.

    Visitor II
    August 19, 2020

    After enabling RCC settings and other peripherals: GPIO_PinRemapConfig (GPIO_Remap_SWJ_Disable, ENABLE);

    Connecting Settings When JTAG is not connected. But I can connect when SWD is. I don't understand how it does the reset.

    Visitor II
    August 19, 2020

    I wonder if activating RDP (read protection) level 2 would be a solution? When this process is done, is it possible to return it with the boot processes of the ST?

    Super User
    August 19, 2020

    Setting RDP level 2 is permanent. It cannot ever be changed after that.

    You said it may be “a solution�?. What problem are you trying to solve?

    Graduate II
    August 19, 2020

    The F1 is a very old design, newer designs have option level settings to lock out the JTAG​

    Visitor II
    August 20, 2020

    Thank you for all your answers!

    Let me clarify the situation here i have;

    I want to disable JTAG and SWD interfaces in my device to avoid any Cyber security issues that may be occured in the field.

    So I have added below code snipppet to my firmware;

    GPIO_PinRemapConfig(GPIO_Remap_SWJ_Disable, ENABLE); 

    After that, i started testing my device. It works well if i try to connect with ST-Link utility manually. ST-Link can not connect the MCU that is good news.

    However, if i download the firmware to the device in "Automatic Mode", after power cycle ST-Link can connect the MCU which is bad news. This is my problem here.

    I tried to connect with J-Link Plus and it is same. It can not connect in manual mode but automatic mode.

    So if the attacker or anyone tries to connect my device in automatic mode with a programmer, they can reach my device.

    We also thought that maybe ST-Link reaches the device before executing our disabling code snippet. We tried to add this in system_stm32f10x.c but not any change.

    We have also tried to write directly to AFIO->MAPR register to disable JTAG and SWD as explained in Reference Manual Table 37:Debug Port mapping. We wrote 100 to register's 26 25 24 bits to disable JTAG and SWD as you can see from below picture.

    0693W000003PpRyQAK.png

    So we think that we tried everthing and it is not working well. Could it be errata for this MCU? Is there anything that we can do to workaround?

    Please come in and share your ideas that could be very heplful for me! Deadline is coming and we are under pressure :)

    Super User
    August 20, 2020

    An attacker will always be able to connect to the chip over SWD if they know how to connect the NRST pin to GND. So disabling SWD/JTAG pins within your program is a very shallow level of protection.

    Doesn't look like the F1 family has RDP level 2.

    Enabling RDP will prevent them from reading what's on the chip, but they could still erase and reprogram it.