On most modern micro-controllers you can disable JTAG/SWD in production or gate access behind key verification. You can't disable undocumented commands. The issue here might be allowing persistent malware, like how some malware can hide in hard drive firmware. Unlikely, but still not good or indicative of good security practice.
It'd never have been an issue if this was documented.
I feel like people that are concerned about this have never heard of a JTAG access port.
On most modern micro-controllers you can disable JTAG/SWD in production or gate access behind key verification. You can't disable undocumented commands. The issue here might be allowing persistent malware, like how some malware can hide in hard drive firmware. Unlikely, but still not good or indicative of good security practice.
1 reply →
Is JTAG undocumented?
because it was never supposed for user to use it. Do you document every private macro, every private function in your library to user ?