The hidden JTAG in a Qualcomm/Snapdragon device’s USB port

This is a much better experience than the previous Qualcomm debug experience, which was a hand-rolled set of read/write/execute primitives exposed over USB. It was hilariously undersecured, allowing a few of us to continually get root on various Qualcomm models.

In seriousness, these debug ports are seriously lacking in most mobile chipsets. MediaTek still has the old-style approach in many of their devices, requiring some incantations which expose serial over USB, but not in the way you think -- it's serial over USB pins!

I've done tonnes of work with mobile chipsets and security and this seems like they've finally started down the road to making this functionality accessible. Don't be surprised if you don't see this supported out of the box in most places, though. Most OEMs will certainly disable this once they've adapted their bootloaders to it. The big G doesn't like debuggability in end user devices.

Most of those boards have a separate physical JTAG connector (at least in development kits, this article indicates JTAG over USB is disabled in production systems anyways so no difference there) which is what they are expecting you to use for low-level debugging. It only costs like 1,000 $ for a JTAG probe which is like 1 fully-burdened engineer-day of cost. Even fully featured probes enabling hardware trace and time-travel debugging only cost like 1 engineer-week.

The probes cost enough to exceed individual purchasing limits at hardware companies, which means you need to go through the requisition process. That takes long enough that you have to plan ahead and you don't order more as your needs increase. Then everyone's fighting for the limited probes right before a ship date and they get jealously guarded like priceless jewels.

JTAG also isn't usually exposed through enclosures, so using the probe on a field unit might require destructive entry depending on the application.

Well the problem there is companies who are too stupid to invest in cheap tooling with massive ROI for their developers. A pretty constant problem in software development.

And I am not knocking JTAG over USB. It is certainly convenient and beneficial since you can enable it in production or deployed units. I was commenting on how the GP (and even article) was making it out to be missing capability. They just do not have the cheap tools that are the intended way to access that capability.

edit: The article even mentions how the "Qualcomm Landing Team at Linaro", which seems to be the team that works with pre-production hardware to get them working on launch day, has a development process where "debuggers have never been a staple of our work for all the typical reasons you'd expect (cost and complexity being the main ones)". That is literally the team that should have pre-production units in the lab which will have debug connectors and where JTAG probes should be par for the course, yet they are apparently hardly using them partly because of "cost".