SPRUJ52C june 2022 – july 2023 AM69 , AM69A , TDA4AH-Q1 , TDA4AP-Q1 , TDA4VH-Q1 , TDA4VP-Q1
Functional safety is an important aspect of the device. In general, the intrusive nature of debug operations is in conflict with many of the requirements associated with the safety function (for example: error detection, graceful recovery to known states, etc). As such, the SoC debug framework relies on the assumption that debug logic will be disabled during operation of a safety function. See system assumption SA_23 in device Safety Manual for reference.
The SoC debug modules will not be powered by default in fielded systems. The isolation signals on the boundaries of these components will be configured such that debug intrusion on system functionality is not possible. These modules will be powered during an active debug connection, but at this point, safety requirements are secondary as the user has consciously decided to interact with the system. Even then, it is possible for the device security manager to provide an operating mode that only supports non-invasive debug.
Application threads can also obtain control of the DEBUGSS and the debug components in the system but functional firewalls should only allow this from trusted/secure threads.