Category: Embedded Diagnostics

There have been numerous investigations into the use of the Performance Monitoring Counters (PMCs) for malware detection. Below is a quick survey of what Iโ€™ve read so far, as well as an investigation into using JTAG as an alternative access mechanism to traditional ring 0 or restricted OS mechanisms.
In this installment of the Coding to the SED API series, weโ€™ll look at the SED functions that access the OOBMSM, and use it for super-fast retrieval of hardware telemetry data.
For each of the months of January, February and March, I did a webinar on JTAG-based debugging. Since each of the video recordings are about 45 minutes long, I thought it would be helpful to point out the highlights of each, if you donโ€™t have time to sit through the full durations. At the risk of sounding immodest, there are some real gems of information within the demos of each webinar.
Beginning with Microsoft Azure's Project Olympus, and now a standard within the Open Compute Project, many datacenter servers are now optionally equipped with hardware connectivity between the platform BMC and CPU scan chain. The BMC can thus act as an autonomous JTAG-based embedded out-of-band debug agent, provide low-level triage of system events, such as crashes and hangs. Other use cases, such as hardware validation, manufacturing test, and forensics telemetry are also enabled by this technology.
In Part 3 of this series, we did a code review of โ€œltloopโ€, a utility firmware application that uses the BMC to do out-of-band stress tests of PCI Express ports. In this article, we begin to examine a more general-purpose application that uses JTAG to extract register, memory and IO contents of the target. This On-Target Diagnostic (OTD), called โ€œlibtestโ€, is used by ASSET to test the functionality of run-control on new targets.
In the last article on this topic, we did a dive into the main routine of the lt_loop JTAG-based On-Target Diagnostic, seeing the overall flow of the program. In this article, weโ€™ll look at the routine that does the heavy lifting for retraining the PCI Express link and checking for errors.
In my previousย blog, I did a walkthrough of the source code for main() within the ltloop JTAG-based on-target diagnostic. This article covers main() in more detail, and provides insight into some of the operations of the utility functions and data structures.
In my UEFI Forum webinar, I demonstrated a utility function for stressing PCI Express ports at-scale using JTAG. Letโ€™s walk through the source code and see how it works under the hood.
Archives