Secure devices on my scanchain

Overview SDC-600 SecurCore Related information


To debug a SoC, the debugger needs low level access to the SoC. This can be a security risk under the right circumstances, as it allows third parties access to system registers, secure and normal memory, and in some cases, the disassembled code. Some manufactures will have a secure device in the scanchain to block debug access. To start a debug connection, you will need to unlock the secure device first. For secure debug, the Arm CoreSight SDC-600 provides a dedicated path to a SoC for authenticating debug accesses.  

There is also two SecurCore processors for security critical applications, where there is a need to protect from physical tampering as well as a software attack. These require special consideration when debugging. 

When Platform Configuration Editor (PCE) runs and detects an unknown device, it is possible that the device is a secure device. If the board does contain a secure locked device consult the board designer, manufacturer, or documentation to learn how to unlock the secure device. You might need to add an unlock sequence to the platform configuration's .sdf file.  The KBA How do I add pre-connect JTAG scans to enable target connection? to learn how to unlock the device. 


SecurCore processors are for secure applications such as smart cards where there is a need to secure the SoC from physical and software attack. Arm has two SecurCore processors:

  • SC000 is based on the Cortex-M0 processor. For more information, see SC000 Processor.
  • SC300 is based on the Cortex-M3 processor. For more information see  SC300 Processor.