SPMA083 January 2022 TM4C129CNCPDT , TM4C129CNCPDT , TM4C129CNCZAD , TM4C129CNCZAD , TM4C129DNCPDT , TM4C129DNCPDT , TM4C129DNCZAD , TM4C129DNCZAD , TM4C129EKCPDT , TM4C129EKCPDT , TM4C129ENCPDT , TM4C129ENCPDT , TM4C129ENCZAD , TM4C129ENCZAD , TM4C129LNCZAD , TM4C129LNCZAD , TM4C129XKCZAD , TM4C129XKCZAD , TM4C129XNCZAD , TM4C129XNCZAD
While the boot loader could be programmed in a non-secure environment, that would open up a risk that the initialization vectors could be exposed. Therefore, the best method is to program the boot loader and the keys simultaneously in a secure environment. When the boot loader is programmed in the first sector, and an image of the keys is programmed in the sector at APP_BASE, the boot loader copies the keys into EEPROM and then erase the sector at APP_BASE. If the “Release” configuration is used, the boot loader then write protects itself and disables JTAG.
The “Debug” configuration of the boot loader should not be released in the field. Without much difficulty someone can connect to the JTAG port with an emulator and write code that would expose the keys. Then they could make their own programs that would load using these keys.
The user should consider whether or not to expose the JTAG pins on their circuit board. It is possible to program the initial boot loader and the keys using the ROM boot loader. Therefore, JTAG access is not required. Using the “Release” configuration of the boot loader disables the JTAG interface, but someone could still use the method of recovering a locked microcontroller to completely reset the device. This would erase the boot loader, the application code, and the keys which were in EEPROM. Afterwards, they could then program their own code into that device. It would be the same effect as if they desoldered the TM4C device and replaced it with a new one. For ball grid array (BGA) devices, JTAG can be hidden by not adding traces to the JTAG balls. For quad flat pack (QFP) devices the pins are exposed even if there are no traces to the pins.
The main disadvantage of not having access to the JTAG pins is that the device cannot be recovered externally. Therefore, the user must ensure there is a validated process to re-enter the boot loader. Also, it would not be possible to do analysis of failing parts without removing them from the printed circuit board.