Category: IJTAG

Today, February 15th, 2020, marks the official 30th Anniversary of JTAG. What a wild ride it has been – from its humble beginnings for detecting short and open circuits, it has evolved to be, in some ways, the most powerful and feared technology on the planet. How did we get here?
This past week, I attended the AUTOTESTCON 2019 conference, the premiere Defense Automated Test Equipment show, that has the theme of “increased mission effectiveness through advanced test and support technology”. As you may have seen, I was honored with the “Walter E. Peterson Best Paper on New Technology” award for Mitigating JTAG as an Attack Surface (note: it might take a little while for the paper to be posted on IEEE Xplore; you might have to check back later).
In two previous articles, I looked at the JTAG access port from a security perspective, and considered what exposure the choice of BMC operating system might have on a platform supporting At-Scale Debug. Now, let’s consider the root of all trust, the silicon itself, and see what options exist for locking it down.
Given that they are network-accessible, BMCs present an attack surface. Which operating systems are hardened enough to be secure against malicious actors?