Lpc2000

>    Date: Mon, 6 Feb 2006 08:32:31 +0100
>    From: Dominic Rath <Dominic.Rath@...>
>Subject: Re: re: CRP exploits using JTAG
>
>...
>
>http://www.arm.com/support/faqip/3732.html
>The LPCs are ARM7TDMI-S cores, requiring the synchronization logic shown in
>the above faq entry. That means they can't run TCK above 1/6th of the core
>frequency.

Thanks for the reference.  I admit I had not see this.  In TDMI-S Technical 
Reference Manual (Revision 4), it says in Section 6.4 under heading "Clocks 
and Resets", that "you must connect processor clock to both CLK and TCK on 
the ETM".  [Sorry ARM documents do not allow cut and paste ...]

In any case this appears to be a requirement to access the ETM and not the 
processor scan chain itself.

 From past experience (on another ARM variants), I know that the TCK runs 
independent of CPU clock, and that TAP comes out of reset is independent or 
what state the processor is in.

I doubt we will ever see "here is how reducing startup code by one branch 
stops JTAG exploits" type of poster in this forum.

Jaya 

Send instant messages to your online friends http://au.messenger.yahoo.com