Trying to get my head around the JTAG world I looked at how the Test Access Port (TAP) works and although I get why we need it, the diagram seemed to me (as a software developer) introducing some kind of backdoor to the architecture.
In the software world such mechanisms can be used in testing some parts of the software, however they get removed (hopefully) before the software is ready for release.
So the questions are:
- Doesn't TAP introduce security risks to the hardware?
- Are there standers to mitigate such risks if they exist?
Best Answer
Yes, TAP introduces hardware security risks. If you have access to the JTAG port you may be able to introduce false input/output. However many chips provide a JTAG disable configuration that disables the JTAG after programming.
As far as risk mitigation, if you need such low level physical security you might consider choosing an IC that doesn't have this feature, or allows you to disable it. Some disable signals are only a flash bit, and a full chip erase can restore JTAG access, others permanently alter the IC so JTAG will not be available after disabling it.
There are also implementations of encrypted JTAG, where you cannot use JTAG without the proper encryption and keys.
The 2009 paper, "Attacks and Defenses for JTAG" provides significantly greater detail in the various means and ways that JTAG can be attacked, and defenses available.