To debug a SoC, the debugger needs low level access to the SoC. This can be a security risk under the right circumstances, as it allows third parties access to system registers, secure and normal memory, and in some cases, the disassembled code. Some manufactures will have a secure device in the scanchain to block debug access. To start a debug connection, you will need to unlock the secure device first. For secure debug, the Arm CoreSight SDC-600 provides a dedicated path to a SoC for authenticating debug accesses.
There is also two SecurCore processors for security critical applications, where there is a need to protect from physical tampering as well as a software attack. These require special consideration when debugging.
When Platform Configuration Editor (PCE) runs and detects an unknown device, it is possible that the device is a secure device. If the board does contain a secure locked device consult the board designer, manufacturer, or documentation to learn how to unlock the secure device. You might need to add an unlock sequence to the platform configuration's .sdf file. The KBA How do I add pre-connect JTAG scans to enable target connection? to learn how to unlock the device.
Arm CoreSight SDC-600 Secure Debug Channel
SDC-600 uses robust secure Arm IP to give you a standardized communication protocol for debug access. SDC-600 allows secure certificates to be used for authentication.
SecurCore processors are for secure applications such as smart cards where there is a need to secure the SoC from physical and software attack. Arm has two SecurCore processors: