BIP AbstractJTAGProtocol

  BIP: ?  Title: Abstract JTAG Protocol  Author: Luke Dashjr <[email protected]>  Status: Draft  Type: Standards Track  Created: 14-07-2012 




This protocol is designed to be spoken only over a reliable (including error correction) lower-level protocol, such as USB-Serial or USB-CDC, to a local device.

Packet Format

  • 4 bytes: magic: always fd414a50
  • 1 byte: packet length/type
  • N bytes: packet data
  • 2 bytes: packet data BSD “sum1” checksum

Packet length/types:

  • 00 — Abort
  • 01 to ef — Data packet length (1 to 239 bytes)
  • f0 to fc — Reserved
  • fd — Bad packet (command aborted)
  • fe — ACK
  • ff — End of command

ACK should be sent in response to each 239-byte packet. Bulk data transfers, such as bitstream uploads, should wait until ACK is received before sending more packets.

Checksum must include the complete packet up until the checksum itself; this is not used to prevent corruption (USB already guarantees that), but rather to avoid acting when something foreign sends stuff (possibly intermixed with a real AJP packet). If the checksum does not match, the device should send a “fd” packet back and ignore the content.

Note that while Abort packets abort the entire command, but do not guarantee it had no effect.

Anything up to the initial magic is ignored.

Command Format

  • 1 byte: request id
  • 1 byte: command id
    • Cx — JTAG interface commands
    • Dx — Replies to JTAG interface commands
    • Ex — JAP Controller commands
    • Fx — Replies to JAP Controller commands
  • 1 byte: device number (ignored for some commands)
    • 00 is the controller
    • 01 to fe are JTAG devices
    • ff for “all JTAG devices”
  • 1 byte: status (should always be 00 for requests)
    • 00 — success
    • 80 — failure
  • N bytes: data

Commands less than 4 bytes should be ignored. Additional data beyond what is expected should be ignored.


c0 — clock

Request Data:

  • 1 byte: bit field (bitwise OR’d)
    • 10 — return TDI status
    • 01 to 03 — number of clocks to ignore at the end
  • N bytes: two bits per clock
    • 1 bit: TMS high
    • 1 bit: TDO high

Reply Data (only if reading):

  • N bytes: one bit per clock
    • 1 bit: TDI high

c1 — read/write register

Note that data is written/read in big endian bit order. This means that the first bit written/read is 80, then 40, and so on. If you are not using a multiple of 8 bits, this is still the case; for example, if you read 7 bits all high, you will get fe, not 7f.

Request Data:

  • 1 byte: bit values (bitwise or’d)
    • Mode:
      • 00 — Continue already-started r/w
      • 80 — Start r/w of DR register
      • 40 — Start r/w of IR register
    • 20 — Finish r/w
    • 10 — Read+Write (default is Write only)
    • 01 to 07 — Don’t do last N bits of data
  • N bytes: data to write

Reply Data (may be parallel with request):

  • N bytes: data read (only if Read+Write set in request)

c2 — reset

(No Request or Reply Data)

c3 — run

Request Data:

  • 1 byte: number of iterations to run

e0 — ping

Device number ignored. Replies with same data as request

e1 — get device count

Device number ignored. May be required before device access.

Reply Data:

  • 1 byte: number of devices
  • N bytes:
    • 1 byte: device id number

e2 — hardware version

Note: Only expected to work for controller

Reply Data:

  • 4 bytes: hardware version (big endian)
  • 2 bytes: hardware vendor id authority
    • 0000 — USB
    • ffff — Ad-hoc
  • 1 byte: length of hardware vendor id
  • N bytes: hardware vendor id (binary)
  • 1 byte: length of hardware device id
  • N bytes: hardware device id (binary)
  • 1 byte: length of hardware serial number
  • N bytes: hardware serial number (UTF-8)
  • 1 byte: length of human-readable hardware model
  • N bytes: human-readable hardware model/version string (UTF-8)

e3 — software version

Note: Only expected to work for controller

Reply Data:

  • 4 bytes: software version (big endian)
    • ffffffff — Unknown
  • 1 byte: length of software-specific unique identifier (git commit?)
  • N bytes: software-specific unique identifier
  • 1 byte: length of human-readable software name
  • N bytes: human-readable hardware model/version string (UTF-8)
  • 2 byte: number of AJP features supported

e4 — device capabilities

Reply Data:

  • 2*N bytes: supported capabilities
    • c000 — JTAG protocol commands
    • e50x — watch/poll command, with up to X concurrent watches

e5 — watch/poll

Request Data:

  • 1 byte: how long to watch, in 1/0x10000th of a day (about 1.32 seconds)
    • 00 — cancel watch
    • ff — never expire
  • 2 bytes: how often to poll, in 1/0x1000000th of a day (about 0.005 seconds)
    • 0000 — constantly poll
    • 2d83 — about once a minute
  • N bytes: packets to send

Reply (immediately for all, and whenever results change individually):

  • Same as if the packets were received directly


Reset the command queue

To reset the command queue, send 243 zero bytes followed by the Abort packet (fd414a50 00 7052); this will pad-out any “open” packet, and abort any open command.

It is also advisable to cancel any watch active: fd414a50 05 00e50000 00 5b9f

See Also on BitcoinWiki