TL;DR
Attaching a JTAG device to a running system can be done, but it’s risky. It might cause crashes or unexpected behaviour. If you need to debug a live system, use in-circuit emulation (ICE) if possible. Otherwise, proceed with caution and understand the potential consequences.
Understanding the Risks
JTAG (Joint Test Action Group) is primarily designed for testing and programming devices before they’re fully operational. Connecting a JTAG debugger while the system is running can:
- Interrupt normal operation: The JTAG signals could interfere with the CPU’s execution, leading to crashes or unpredictable results.
- Damage hardware: Incorrect voltage levels or timing conflicts can potentially harm the target device.
- Cause data corruption: Debugging operations might overwrite memory or registers.
However, many modern debuggers and development boards are designed to handle hot-plugging JTAG probes, but this is not guaranteed.
Methods for Attaching JTAG
- Check Documentation: The most important step! Consult the documentation for your target device (CPU/microcontroller) and development board. It will specify if hot-plugging JTAG is supported and any specific requirements or precautions.
- Power Cycling: This is the safest method, but not always practical.
- Turn off the power to the target system completely.
- Connect the JTAG debugger.
- Power on the system.
- Using a Debug Port: Some systems have dedicated debug ports that allow JTAG access without interrupting normal operation.
- These ports often include isolation circuitry to prevent conflicts.
- Refer to your board’s schematic and documentation for details.
- Hot-Plugging (with Caution): If the documentation allows, you can attempt hot-plugging.
- Ground First: Connect the JTAG debugger’s ground pin to the target system’s ground before connecting any other pins. This helps equalize voltage levels and reduce the risk of static discharge.
- Connect Signals Last: After grounding, connect the TMS (Test Mode Select), TCK (Test Clock), TDI (Test Data In), and TDO (Test Data Out) signals. Avoid connecting TRST (Test Reset) initially unless specifically instructed by documentation.
- Monitor Carefully: Observe the system’s behaviour closely after connecting JTAG. Look for any signs of instability or crashes.
Software Considerations
Even if you can physically connect the JTAG debugger, the software might not work correctly on a running system.
- Debugger Settings: Configure your debugger to handle potential conflicts.
- Speed: Reduce the JTAG clock speed (TCK frequency) significantly. A slower speed reduces the likelihood of timing issues.
- Reset Mode: Experiment with different reset modes in your debugger settings. Some systems require a specific reset sequence before debugging can begin.
- ICE vs. JTAG: Consider using In-Circuit Emulation (ICE) if available. ICE typically provides more robust support for debugging live systems and offers better isolation from the target device.
Example Command (OpenOCD)
If you’re using OpenOCD, you might need to specify a lower clock speed in your configuration file:
source [find interface/ftdi_swd.cfg]
transport select hla_swd
source [find target/your_target.cfg]
# Reduce JTAG clock speed
jtag_speed 100k # Example: Set to 100 kHz
Replace ‘your_target.cfg’ with the appropriate configuration file for your device.
Final Thoughts
Attaching a JTAG device to a running system is generally not recommended unless absolutely necessary and supported by the hardware documentation. Always prioritize safety and proceed with caution. If you encounter problems, consult the manufacturer’s documentation or seek expert assistance from cyber security professionals.