doc: Add warnings about using JTAG debugging with hardware security features

This is related to the following issues but is not a fix, just documentation of a workaround until we can improve the support: https://github.com/espressif/esp-idf/issues/4878 https://github.com/espressif/esp-idf/issues/4734
2025-10-04 02:50:58 +02:00 · 2020-03-24 13:47:51 +11:00
parent c9f29e0b59
commit 4358f3b573
5 changed files with 68 additions and 4 deletions
--- a/docs/en/security/secure-boot-v2.rst
+++ b/docs/en/security/secure-boot-v2.rst
@@ -253,3 +253,13 @@ Secure Boot & Flash Encryption
 ------------------------------

 If secure boot is used without :doc:`Flash Encryption <flash-encryption>`, it is possible to launch "time-of-check to time-of-use" attack, where flash contents are swapped after the image is verified and running. Therefore, it is recommended to use both the features together.
+
+Advanced Features
+-----------------
+
+JTAG Debugging
+~~~~~~~~~~~~~~
+
+By default, when Secure Boot is enabled then JTAG debugging is disabled via eFuse. The bootloader does this on first boot, at the same time it enables Secure Boot.
+
+See :ref:`jtag-debugging-security-features` for more information about using JTAG Debugging with either Secure Boot or signed app verification enabled.