Various aspects of the disclosed technology relate to techniques of using control test points to enhance hardware security. The design-for-security circuitry reuses control test points, a part of design-for-test circuitry. The design-for-security circuitry comprises: identity verification circuitry; scrambler circuitry coupled; and test point circuitry. The test point circuitry comprises scan cells and logic gates The identify verification circuitry outputs an identity verification result to the scrambler circuitry to enable/disable control test points of the test point circuitry through the logic gates, and the scrambler circuitry outputs logic bits for loading the scan cells to activate/inactivate the control test points through the logic gates.

A network of storage units has a data path, which is at least a portion of the network. The network also has a dynamic time-varying or cycle-varying code generation unit and a code comparator unit that together make up an unlock signal generation unit; and a gateway storage unit. If the gateway storage unit does not store an unlock signal or the unlock signal generation unit does not generate and transmit an unlock signal, the gateway storage unit does not insert a data path segment in the data path. If the unlock signal generation unit is operated such that it generates an unlock signal, and it transmits that unlock signal to a gateway storage unit, and the gateway storage unit stores the unlock signal value, then the gateway storage unit inserts a data path segment into the data path.

An electronic system, a system diagnostic circuit, and an operation method thereof are provided. The system diagnostic circuit includes a data register circuit, an instruction register circuit, a diagnostic controller circuit, a control register circuit, and a detect circuit. The diagnostic controller circuit determines to transmit test data to the instruction register circuit or the data register circuit according to an operating state. The detect circuit update the control register circuit when the first test data transmitted to the data register circuit meets a predefined pattern.

A method of debugging a device which includes a plurality of processors is provided. The method includes verifying a request to initiate authentication that is provided to the device to a user; performing a challenge-response authentication operation between the user and the device in response to the request to initiate authentication being a request from a non-malicious user; activating or deactivating an access to a Joint Test Action Group (JTAG) port of each of the processors, based on access control information from the user; and permitting a debugging operation via an access that is activated.

In certain embodiments, an integrated circuit has scan-test circuitry that performs scan testing on circuitry under scan test (CUST) within the IC, where the scan-test circuitry is susceptible to a defect. In order to enable the defect to be corrected after it occurs, the scan-test circuitry includes a set of programmable circuitry connected to provide a signal to other circuitry (e.g., a scan chain) within the scan-test circuitry, where the set of programmable circuitry includes one or more configurable memory cells connected to control the programming of the set of programmable circuitry. The memory cell(s) can be configured to program the set of programmable circuitry to enable the scan testing to be performed without modification. The memory cell(s) can also be configured to program the set of programmable circuitry to modify the scan testing to correct the defect in the scan-test circuitry.

Secured debug of an integrated circuit having a test operation mode and a secure mission operation mode. The integrated circuit has a processing unit, a test interface through which the test operation mode is controllable, an on-chip memory which is accessible in the test operation mode and in the secure mission operation mode, and one or more protected resources inaccessible in the test operation mode. The processing unit is configured, in the test operation mode, to receive an authenticated object through the test interface, and store the received authenticated object in the on-chip memory. The processing unit is moreover configured, upon reset into the secure mission operation mode, to execute a boot procedure to determine that the authenticated object is available in the on-chip memory, authenticate the authenticated object, andupon successful authenticationrender the more protected resources accessible to a debug host external to the integrated circuit.

An integrated circuit senses attempts to access security-related data stored in registers connectable into a scan chain when the attempt includes locally and selectively asserting a scan-enable signal at a corresponding branch of the scan-enable tree when the integrated circuit is in a secure functional mode. When such an attempt is detected, the integrated circuit (i) generates a security warning that causes a reset of the security-related data and/or (ii) engages a bypass switch to disconnect the scan chain from the respective output terminal to preclude the security-related data from being shifted out of the IC via the scan chain.

A device includes a scan chain including a plurality of storage elements and an output buffer; a shadow shift register having a shadow shift input coupled to a scan output of one of the storage elements of the scan chain; a signature register; and a comparator having a first input, a second input, and an output. The comparator first input is to receive a value of the shadow shift register, and the comparator second input is to receive a value of the signature register. The output buffer has a control input coupled to the comparator output, and the output buffer provides a high-impedance output responsive to the value of the shadow shift register being unequal to the value of the signature register.

A secure chip capable of generating secure data by itself. The secure chip can generate secure data of uniqueness without using a circuit having a physically unclonable function (PUF) that is based on process variations. The secure chip includes a true random number generator (TRNG), a control circuit, and a secure storage circuit. The TRNG is configured to output random number data to the control circuit completely via an internal path in a production verification test phase of the secure chip, wherein all the internal path is located in the secure chip. The control circuit is configured to output secure data to the secure storage circuit according to the random number data to have the secure storage circuit store the secure data.

Aspects of the present disclosure configure a system component, such as a memory sub-system controller, to debug a memory sub-system. The controller receives, from a host over a first bus, authentication information associated with unlocking the debugging component and, in response to successfully authenticating the host based on the authentication information, unlocks a debugging component. The debugging component receives one or more debug commands from the host via a second bus and transmits, to the host via the second bus, debugging information in response to receiving the one or more debug commands.