The notion of security for a device for which someone has JTAG access is a joke, and I'm not being sarcastic. This article is purely trolling by putting "China" in the title. There is no chip of meaningful complexity made anywhere in the world that is safe from complete pwnage if JTAG access is available. Even if/when someone took the trouble to try and make sure there is no direct access to the key registers via JTAG, I guarantee that there are indirect means to read them. The fact that JTAG access to state elements is often added at synthesis from RTL means the functional designers often have no idea what can or can't be done via the JTAG for a particular chip. Absolutely no subterfuge needs to be imagined for manufacturer-generated JTAG elements to do arbitrary things besides the tiny subset they actually use which is testing. But back to my original point. If you've got JTAG access then there are any number of timing and/or RFI means that can be combined to read (and potentially write) any bit anywhere on the chip. There is no such thing as electronic security without physical security first.