secure debug moduke

Discretix Secure Debug Module (DxSDM)

Embedded in the SoC the Discretix Secure Debug Module (DxSDM) is used to authenticate the entity trying to initiate a debug session.

Threat posed by unprotected debugging ports

Typically, debugging interfaces such as JTAG are disabled as a device leaves the factory to ensure that no option exists for abuse by hackers or other unauthorized parties. Left unprotected the debugging interface exposes the platform to alteration as well as leakage of sensitive information.

Product Highlights

  • Flexible authentication scheme with key benefits for all stakeholders

  • Discretix SDM enables the debug interface to remain active, yet protected offering significant value to platform manufacturers, OEMs and service providers.

  • The SDM can control multiple debug interfaces on the SoC (e.g. JTAG access, UART etc), so different access policies can be formed allowing access to certain regions/sub-systems of the SoC and preventing access to others

  • Debug Policy generator can be defined by the integrated circuit (IC) manufacturer (e.g. defining access policies for different OEMs) or an OEM (e.g. defining access policies for different ISVs or MNOs)

  • The authentication scheme allows tying devices to specific debugging entities assuring that a device belonging to OEM A can't be debugged by OEM B (both containing the Discreitx SDM)

  • The SDM provides an additional layer of protection for sensitive data  

Core Components

Secure Debug Module (SDM)

Embedded in the SoC the SDM is used to authenticate the entity trying to initiate a debug session. Once debugging entity has been authenticated, the SDM enforces a predefined debug policy, based on the user's authorization. The policy is enforced through general purpose HW signals, capable of controlling different functions (e.g. the dedicated Debug ports existing in an ARM Cortex-A processor)

This hardware and firmware module is provided by Discretix to the IC manufacturer

Authentication Server

 Stores the sensitive data needed for authentication process, and can be either local (i.e. mounted on the same PC hosting the debugger application) or remote (connected via a web connection)

This software module is provided as product level or reference code, for different debug systems manufacturers (Lauterbach, ARM).Discretix provides the code for the local Authentication Server option.

Debugger Application

Operates as a relay between the SDM and Authentication Server

 Local Authentication Server module is integrated into some of today's leading Debuggers.

 

Solution Architecture

 

Fill in the form to request additional information
  1. Full Name(*)
    Please type your full name.
  2. E-mail(*)
    Invalid email address.
  3. Company(*)
    Please type your full name.
  4. Phone Number
    Invalid Input
  5. Please enter the numbers displayed
    Please enter the numbers displayed
    Invalid Input

Contact us for more information