The debug and trace system offers a flexible and powerful mechanism for non-intrusive debugging.
An external debugger can access the device via the debug access port (DAP).
The DAP implements a standard Arm® CoreSight™ serial wire debug port (SW-DP). The SW-DP implements the serial wire debug (SWD) protocol that is a two-pin serial interface, see SWDCLK and SWDIO illustrated in figure Debug and trace overview.
In addition to the default access port in the application CPU (AHB-AP), the DAP includes a custom control access port (CTRL-AP), described in more detail in CTRL-AP - Control access port.
There are several access ports that connect to different parts of the system. An overview is given in the table below.
AP ID | Type | Description |
---|---|---|
0 | AHB-AP | Application subsystem access port |
3 | APB-AP | CoreSight™ subsystem access port |
4 | CTRL-AP | Application subsystem control access port |
The standard Arm® components are documented in Arm CoreSight SoC-400 Technical Reference Manual, revision r3p2. The control access port (CTRL-AP) is proprietary, and described in more detail in CTRL-AP - Control access port.
Access port protection blocks the debugger from read and write access to all CPU registers and memory-mapped addresses when enabled. If needed, a debugger can be restricted to debug non-secure code only and access non-secure memory regions and peripherals using register SECUREAPPROTECT. Register APPROTECT blocks all debugger access.
The following table gives an overview of the access port protection methods.
Debugging capability | Description |
---|---|
Non-secure code | The application core AHB-AP DBGEN signal controls all non-secure access through the application core AHB-AP. This can be used to provide readback protection of the flash contents. See Debugger access control for non-secure debug access. For more information about the DBGEN signal, see the Arm CoreSight SoC-400 Technical Reference Manual, Revision r3p2. |
Secure code | The application core AHB-AP SPIDEN signal controls all secure access through the application core AHB-AP. This means that only the non-secure code can be debugged and accessed when secure accesses are blocked. To enable access to the secure access port, non-secure code must be unprotected. See Debugger access control for secure debug access. For more information about the SPIDEN signal, see the Arm CoreSight SoC-400 Technical Reference Manual, Revision r3p2. |
If a RAM or flash region has its permission set to allow code execution, the content of this region is visible to the debugger even if the read permission is not set. This allows a debugger to display the content of the code being executed. For more information on configuring permissions, see SPU — System protection unit.
By default, access port protection is enabled.
Debugging capability | UICR.APPROTECT. PALL | APPROTECT. DISABLE | APPROTECT. FORCEPROTECT | Secure debug access |
---|---|---|---|---|
Non-secure code | HwUnprotected | SwUnprotected | Reset value | - |
No debugging possible | Protected | Reset value | Force | - |
Debugging capability | UICR. SECUREAPPROTECT. PALL | SECUREAPPROTECT. DISABLE | SECUREAPPROTECT. FORCEPROTECT | Non-secure debug access |
---|---|---|---|---|
Secure code | HwUnprotected | SwUnprotected | Reset value | Permitted |
No debugging possible | Protected | Reset value | Force | Permitted |
No debugging possible | - | - | - | Not permitted |
Access port protection is enabled when the hardware and software disabling conditions are not present. For additional security, it is recommended to write Protected
to UICR.SECUREAPPROTECT and UICR.APPROTECT, and have firmware write Force
to SECUREAPPROTECT.FORCEPROTECT and APPROTECT.FORCEPROTECT.
Access port protection is disabled by issuing an ERASEALL command through CTRL-AP. Read ERASEALLSTATUS until the ERASEALL sequence is ready. When ERASEALL is ready, trigger and then release soft reset from the RESET register. Read APPROTECT.STATUS to ensure that access port protection is disabled. If access port is not disabled, do a reset and repeat the ERASEALL command. This command erases the flash, UICR, and RAM, including UICR.SECUREAPPROTECT and UICR.APPROTECT. CTRL-AP is described in more detail in CTRL-AP - Control access port. Access port protection remains disabled until one of the following occurs:
To keep access port protection disabled, the following actions must be performed:
HwUnprotected
. This disables the hardware part of the access port protection scheme after the first reset of any type. The hardware part of the access port protection stays disabled as long as UICR.SECUREAPPROTECT and UICR.APPROTECT are not overwritten.SwUnprotected
. This disables the software part of the access port
protection scheme.Instance | Base address | TrustZone | Split access | Description | ||
---|---|---|---|---|---|---|
Map | Att | DMA | ||||
APPROTECT : S |
0x50039000 |
HF | NS | NA | Yes |
APPROTECT control |
Register | Offset | TZ | Description |
---|---|---|---|
SECUREAPPROTECT.DISABLE | 0xE00 | S |
Software disable SECUREAPPROTECT mechanism |
SECUREAPPROTECT.FORCEPROTECT | 0xE00 | S |
Software force SECUREAPPROTECT mechanism |
APPROTECT.DISABLE | 0xE10 | NS |
Software disable APPROTECT mechanism |
APPROTECT.FORCEPROTECT | 0xE10 | NS |
Software force APPROTECT mechanism |
Address offset: 0xE00
Software disable SECUREAPPROTECT mechanism
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | ||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | A | A | A | A | A | A | A | A | ||||||||||||||||||||||||||||
Reset 0x00000001 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | ||||
ID | R/W | TZ | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A |
RW |
DISABLE |
Software disable SECUREAPPROTECT mechanism |
|||||||||||||||||||||||||||||||||
SwUnprotected |
0x5A |
Software disable SECUREAPPROTECT mechanism |
Address offset: 0xE00
Software force SECUREAPPROTECT mechanism
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | ||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | A | |||||||||||||||||||||||||||||||||||
Reset 0x00000001 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | ||||
ID | R/W | TZ | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A |
RW |
FORCEPROTECT |
Write 0x1 to force enable SECUREAPPROTECT mechanism |
|||||||||||||||||||||||||||||||||
Force |
0x1 |
Software force enable SECUREAPPROTECT mechanism |
Address offset: 0xE10
Software disable APPROTECT mechanism
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | ||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | A | A | A | A | A | A | A | A | ||||||||||||||||||||||||||||
Reset 0x00000001 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | ||||
ID | R/W | TZ | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A |
RW |
DISABLE |
Software disable APPROTECT mechanism |
|||||||||||||||||||||||||||||||||
SwUnprotected |
0x5A |
Software disable APPROTECT mechanism |
Address offset: 0xE10
Software force APPROTECT mechanism
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | ||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | A | |||||||||||||||||||||||||||||||||||
Reset 0x00000001 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | ||||
ID | R/W | TZ | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A |
RW |
FORCEPROTECT |
Write 0x1 to force enable APPROTECT mechanism |
|||||||||||||||||||||||||||||||||
Force |
0x1 |
Software force enable APPROTECT mechanism |
Before the external debugger can access the CPU's access port (AHB-AP) or the control access port (CTRL-AP), the debugger must first request the device to power up via CxxxPWRUPREQ in the SWJ-DP.
As long as the debugger is requesting power via CxxxPWRUPREQ, the device will be in debug interface mode. Otherwise, the device is in normal mode. When a debug session is over, the external debugger must make sure to put the device back into normal mode and then a pin reset should be performed. The reason is that the overall power consumption is higher in debug interface mode compared to normal mode.
Some peripherals behave differently in debug interface mode compared to normal mode. The differences are described in more detail in the chapters of the affected peripherals.
For details on how to use the debug capabilities, please read the debug documentation of your IDE.
If the device is in System OFF when power is requested via CxxxPWRUPREQ, the system will wake up and the DIF flag in RESETREAS will be set.
The device supports real-time debugging, which allows interrupts to execute to completion in real time when breakpoints are set in thread mode or lower priority interrupts.
Real-time debugging thus enables the developer to set a breakpoint and single-step through their code without a failure of the real-time event-driven threads running at higher priority. For example, this enables the device to continue to service the high-priority interrupts of an external controller or sensor without failure or loss of state synchronization while the developer steps through code in a low-priority thread.
Register | Offset | Description |
---|---|---|
TARGETID | 0x042 |
The TARGETID register provides information about the target when the host is connected to a single device. The TARGETID register is accessed by a read of DP register 0x4 when the DPBANKSEL bit in the SELECT register is set to 0x2. |
Address offset: 0x042
The TARGETID register provides information about the target when the host is connected to a single device.
The TARGETID register is accessed by a read of DP register 0x4 when the DPBANKSEL bit in the SELECT register is set to 0x2.
Bit number | 31 | 30 | 29 | 28 | 27 | 26 | 25 | 24 | 23 | 22 | 21 | 20 | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 | |||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ID | D | D | D | D | C | C | C | C | C | C | C | C | C | C | C | C | B | B | B | B | B | B | B | B | B | B | B | A | |||||||
Reset 0x10090289 | 0 | 0 | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 0 | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 0 | 1 | 0 | 0 | 0 | 1 | 0 | 0 | 1 | |||
ID | R/W | Field | Value ID | Value | Description | ||||||||||||||||||||||||||||||
A |
R |
UNUSED |
Reserved, read-as-one |
||||||||||||||||||||||||||||||||
B |
R |
TDESIGNER |
An 11-bit code: JEDEC JEP106 continuation code and identity code. The ID identifies the designer of the part. |
||||||||||||||||||||||||||||||||
NordicSemi |
0x144 |
Nordic Semiconductor ASA |
|||||||||||||||||||||||||||||||||
C |
R |
TPARTNO |
Part number |
||||||||||||||||||||||||||||||||
D |
R |
TREVISION |
Target revision |
Symbol | Description | Min. | Typ. | Max. | Units |
---|---|---|---|---|---|
Tcyc |
Clock period, as defined by ARM (See ARM Infocenter, Embedded Trace Macrocell Architecture Specification, Trace Port Physical Interface, Timing specifications) |
62.5 | ns |