The ARM system debug solution is the ARM CoreSight™ on-chip debug and trace technology.
It provides a debug and trace solution for the entire SoC, enabling
debug of multiple processors and other system components. The CoreSight
debug infrastructure can be accessed both from off-device tools
and from on-device components.
The parts of the CoreSight infrastructure that are accessible from on-SoC hardware and software are implemented as APB peripherals. To reduce the number of components needed the CoreSight peripherals are designed not to use the standard per-peripheral protection mechanisms provided by an AXI-to-APB bridge; CoreSight components should be accessible to Non-secure memory transactions.
As an alternative to the protection provided by the AXI-to-APB bridge, the CoreSight components include a number of control signals which are used to enable or disable Secure debug. These signals are known as the CoreSight authentication interface, and include SPIDEN, SPNIDEN and DBGEN signals, which perform a similar role to the signals of the same name described for the processor core.
If external debug hardware, or on-target Normal world software, attempts to set a system breakpoint on a secure address when SPIDEN is deasserted, the CoreSight hardware will fail to create a breakpoint. For instrumentation solutions, Secure trace information will simply be discarded by the peripheral if SPNIDEN is not asserted.
A consequence of the debug security architecture is that Normal world software may be able to directly affect or monitor the Secure world execution in a system when SPIDEN or SPNIDEN are asserted.
Secure debug should therefore only be enabled when the device is located in a trusted environment.