Protecting your software investment

After years of work, way too little sleep and way too much coffee, you’ve developed an innovative new product that will disrupt the market and change the world. How do you protect the code that you’ve poured your blood, sweat and tears into developing?

While there is no perfect solution to protect against unauthorized access or reverse engineering, there are some precautions you can take to make your code more difficult to access. Using layers of security with different methodologies to control code access is typically your best bet.

TI’s MSP430™ microcontroller (MCU) families provide a number of features that you can use together to increase layered protection of your code, enabling software IP protection, debugging security and secure storage. In this blog post, I’ll explain these features.

IP encapsulation for software IP protection and secure storage

MSP430FR5xx/6xx ferroelectric random access memory (FRAM) MCUs include an IP encapsulation (IPE) feature that you can use to encapsulate and protect a configurable area of FRAM memory from read or write access anywhere outside the IPE area by JTAG port, bootloader (BSL) or other code within the device.

This can be desirable when working with a third party; you can program code with your critical IP in the IPE area of a device, and even a third party partner who is later loading code into that same device can’t read it out– they can only tell their code to execute functions from within the area. You can also store your encryption keys and encryption routines in the IPE area for added security. The application note “MSP430 Code Protection Features” includes many more details on enabling IPE in your system, including best practices and an example IPE project.

JTAG locking features for debugging security

All MSP430 microcontrollers contain some form of JTAG lock. The implementation varies across families, but the general idea is that in any MSP430 device, you can disable JTAG access to prevent someone from reading out the code. MSP430FR5xx/6xx FRAM MCUs, like the MSP430FR5994 device, also allow you to set a password on JTAG instead, so that authorized users can still access the device but other methods lock out all users. Again, the application note “MSP430 Code Protection Features” includes more details on different JTAG lock implementations across families and includes an example project using JTAG lock with a password.

BSL security features

Most applications need to have a way for authorized users to access the device but still prevent device readout. Most MSP430 devices include a BSL and a number of features to help prevent unauthorized readout. Commands that allow readout of the device are password-protected, usually with a 32-byte password. By default, an incorrect BSL password results in a mass erase of the device – this helps prevent someone from doing a brute-force attack on the password by trying every possible combination, because on the first attempt when the password is wrong, the device will erase itself and your IP will no longer be there to be read out. Alternately, you can totally disable the BSL if firmware updates aren’t going to be necessary.

With MSP430 MCUs, you can use layers of code-protection features to help secure your software investment. Now you can focus on what groundbreaking IP you’ll create next.

Additional resources