Unlock JTAG on an HS-SE device#
For security reasons, JTAG port is locked on secure devices by default. For debugging during development on secure devices, JTAG needs to be unlocked.
Steps for JTAG unlock:#
If not already done so in previous tutorials, download and install CCS from this link
Open CCS and create a target configuration for AM62Ax
In CCS-
View > Target Configurations
File > New > Target Configuration File
Create Configuration file Choose connection as “XDS110” and Board or Device as “AM62” and click save. This will be used for launching the target configuration later.
Make sure that ccBoard0.dat can be found at ~/.ti/<ccs_version>/0/0/BrdDat/ccBoard0.dat
Create signing_config.txt in any directory.
Copy the following text into signing_config.txt-
[ req ]
distinguished_name = req_distinguished_name
x509_extensions = v3_ca
prompt = no
dirstring_type = nobmp
# This information will be filled by the end user.
# System firmware does not make decisions based
[ req_distinguished_name ]
C = oR
ST = rx
L = gQE843yQV0sag
O = dqhGYAQ2Y4gFfCq0t1yABCYxex9eAxt71f
OU = a87RB35W
CN = x0FSqGTPWbGpuiV
emailAddress = kFp5uGcgWXxcfxi@vsHs9C9qQWGrBs.com
[ v3_ca ]
basicConstraints = CA:true
1.3.6.1.4.1.294.1.3=ASN1:SEQUENCE:swrv
1.3.6.1.4.1.294.1.8=ASN1:SEQUENCE:debug
[ swrv ]
swrv = INTEGER:1
[ debug ]
debugUID = FORMAT:HEX,OCT:0000000000000000000000000000000000000000000000000000000000000000
debugType = INTEGER:0x00000005
coreDbgEn = INTEGER:0x01
coreDbgSecEn = INTEGER:0x2021222380
Move the smpk.pem file from the keywriter directory in MCU+ SDK to the directory where you created signing_config.txt
Run the following command to get the debug certificate
openssl req -new -x509 -key custMpk.pem -nodes -outform der -out debug_unlock_cert.der -config signing_config.txt -sha512
Run the command to unlock JTAG
./dbgauth -c ~/.ti/<ccs_version>/0/0/BrdDat/ccBoard0.dat -x xds110 -s cs_dap_0 -o unlock -m 3 -f ~ debug_unlock_cert.der
You should now be able to connect to the R5 and A53 cores on your device through CCS!