Is there a simple way to record an SVF? I ran the mww with openocd in debug mode and also recorded it with the BitMagic, but the output was quite busy with many commands so I wasn’t sure if it was all necessary.
How would you go about boundary scanning on the router? Would I be able to set PORST_N low via JTAG and cause a reset for instance? I’m not sure where to find instruction code for the boundary register on the router.
While you should be able to take a logic analyzer capture, apply a JTAG decoder, and then build an SVF off of that, you’ll find there’s lots of extra ‘stuff’ happening. Openocd is constantly polling the target and doing other things, so just typing "mww’ turns into tons of IRs and DRs.
The most efficient way is likely to craft the JTAG commands yourself based on documentaiton in the EJTAG spec. For the demo in the course, we modified OpenOCD a bit, turned on verbose logging, and turned off polling, then parsed the debug log to generate the SVF file.
URJTAG is the tool i’ve used in the past for boundary scan work. Colin O’flynn just submitted some details about using other tools to the Tigard Readme. I haven’t used them yet, but they seem to be much easier to use than URJTAG: GitHub - tigard-tools/tigard: An FTDI FT2232H-based multi-protocol tool for hardware hacking
Boundary scan is essentially a completely separate operation mode for most pins - meaning that every pin has a multiplexer that lets it choose between different purposes - when it’s in boundary scan mode, it’s completely detached from the other internal workings of that pin’s normal purpose.
Special purpose pins are not always connected to boundary scan. Power and ground (unless they’re actually undocumented bootstrap pins) as well as clock pins are very rarely on the boundary scan chain, and reset is not commonly on it.
Thanks for answering my questions. 