The SDC-600-based architecture provides an interface through which secure debug certificates can be injected to the platform. This is done in a standard way through the Debug Access Port (DAP), which is normally used to debug the platform. It eliminates the need for OEM proprietary delivery mechanisms for such certificates.
SDC-600 performs the following tasks:
- Requests power and optionally reboots the servicing agent.
- Establishes and maintains a link between a port on the external side, which is serviced by the debugger, and a port on the internal side, which is serviced by an agent on the target system.
- Transports messages from an external debugger to a hardware or software agent on a target system through a point-to-point link.
The debugged target and the servicing agent are typically the same processor or processor subsystem, but they can be separate entities as well.
The authentication process can involve a hardware- or software-based cryptographic engine on the target. The cryptographic engine verifies the debug certificate that is passed to the servicing agent through the SDC-600. The debugger and the servicing agent run a protocol on top of the SDC-600, which:
- Identifies the SoC (SoC_ID).
- Injects the appropriate debug certificate to the debug target for processing
by the cryptographic engine.
The following is a high-level description of a sample authentication process:
- The debugger wants to access the target's debug resources.
- The debugger uses the CoreSight ID registers and discovery process to identify the SDC-600's external interface.
- The debugger accesses the SDC-600 to start the unlocking process.
- The SDC-600 requests the powerup of the rest of its functional blocks.
- The debugger asks for a SoC_ID from the servicing target to identify the target system.
- A certificate is generated by the debugger for the SoC_ID that is transmitted to the servicing target.
- The servicing agent decides whether the debugger has the rights to access the debug target based on the provided certificate.
- If access is granted, the target agent drives the authentication signals accordingly on the Access Ports so that the connected devices can be accessed by the debugger.
The following terminology is used throughout the document:
- The component or the end of the communication channel that is connected to the debugger through the Debug Port.
- The component or the end of the communication channel that is connected to the servicing agent.
- Servicing agent
- The agent on the internal side that implements authentication by checking the certificate and controls the authentication signals in the target system. It communicates through the SDC-600 and services the interrupts that are generated by the internal COM Port component. The servicing agent can be implemented as software executing on the target processor, or on a separate processor in a secure island or subsystem.
- The debug target that is requesting debug authentication. In some systems, the servicing agent can be implemented as code which runs on the target processor.