Various device and circuit board designs are used in the struggle to continually miniaturize consumer electronics. Integrated circuits (IC's) used in circuit boards have migrated from through-hole packages to leaded surface mount packages, and then to leadless surface mount packages. Leadless surface mount packages, such as Ball Grid Array (BGA) packages, do not allow a bed of nails tester to directly access the package connections. In some cases, circuit board designers implement conductive pads or lands that allow a connection to a bed of nails tester. However, these test pads or lands consume valuable circuit board real estate and impede a designer's ability to effectively miniaturize a circuit board. In high speed electronic circuits, the test pads or lands may adversely affect the performance of the circuit. Moreover, as IC's incorporate increased functionality, the ability to physically probe logical blocks becomes infeasible.
A variety of circuit board test techniques have been developed to allow for testing of assembled printed circuit boards and complex IC's without the need for physical test pads at each connection. One such technique developed by the Joint Test Action Group (JTAG) has evolved into an Institute of Electrical and Electronics Engineers (IEEE) standard. IEEE standard 1149 entitled TEST ACCESS PORT AND BOUNDARY-SCAN ARCHITECTURE specifies the hardware and software used to perform boundary-scan testing. Devices, such as printed wiring assemblies, programmable logic devices, and Application Specific Integrated Circuits (ASIC) can incorporate an IEEE 1149 compliant port, commonly referred to as a JTAG port or JTAG interface, to allow boundary scan verification and test of logic, registers, and connections within the device.
Because the JTAG interface can be configured to provide access to all logical structures and registers within a device, secure devices can be compromised via an attack executed using the JTAG interface. For example, a system may use a secure hardware key stored in an ASIC to allow encrypted data to be decrypted at the device. Additionally, the ASIC may use the hardware key to encrypt or encode data that is to be stored in external memory, such as in non-volatile memory that is external to the ASIC.
One common application of a secure environment is electronic commerce conducted using digital rights management performed in a cellular phone. Cellular phones typically allow a user to download various ring tones, songs, games, applications, and screen displays, and may even allow a user to remotely enable features on the phone. The various ring tones, screen displays, and other phone features and applications may be offered on a per unit cost basis. Thus, a user may request and download one or more ring tones at a given cost. Data files, such as those that represent a ring tone, are typically stored in non-volatile memory that is external to an ASIC that performs the data recovery. Additionally, because a service provider can charge for downloaded files, the downloaded files are typically encrypted before being transmitted and are also typically encrypted when stored in the non-volatile memory to reduce the possibility of a user redistributing the downloaded file. A hardware key stored in the ASIC may be used to perform data decryption. The hardware key may be unique to a particular phone to further limit use of the encrypted data.
Thus, in order to secure the encrypted data, the hardware key must be maintained in a secure environment. Access to the hardware key via external interfaces must be limited to ensure the security of the hardware key. Unfortunately, boundary scan testing, such as JTAG testing, allows access to internal logic within a device, such as an ASIC. Eliminating boundary scan access to the logic containing the hardware key can greatly limit the scope of testing and verification that may be performed on the ASIC. However, providing unlimited access to the internal logic of the ASIC can severely compromise the integrity of the secure hardware key.