• State TI Thinks Resolved
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 78 subscribers
  • Views 1071 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

MSP430FR5994: JTAG and SBW Lock with Password with IAR IDE

Jim Patten
Expert 1060 points
Part Number: MSP430FR5994

Dear TI Customer support.

I'm able to lock the JTAG with password using the JTAG Signature1 and JTAG Signature 2 address areas as described in the Usermanual SLAU367N (Section 1.13.2 JTAG and SBW Lock With Password) .  I'm using IAR Embedded Workbench and can enter the password under Options-->FET Debugger-->JTAG password and gain full access to the debugger/firmware.  If the password is incorrect, the firmware is not erased. 

That said, could someone through brute force enter passwords until the IAR JTAG is unlocked?  I know via the BSL if the password is incorrect, it does a MASS ERASE.  Should the mass erase occur in this instance too?

Please help me understand this possible security flaw.

Thanks,

-Jim P.

  • 0
    TI__Expert 5490 points
    Hello Jim,

    I think you are right that on the BSL if the password is incorrect it will erase the device and you can enable or disable this feature.
    But I do no think an incorrect password via JTAG will erases the device.

    You can change the length of the JTAG password . If you do something like 64 bits, it would be really difficult to unlock the device without knowing the password.

    Thanks,
    Yiding
  • 0 in reply to Yiding Luo
    Expert 1060 points

    Hi Yiding,

    Where I work, 64-bits is of course not enough.  If someone could, through brute force attack, hit the password over and over again, the JTAG would be unlocked.  This is unsatisfactory.  It should work like the BSL...wrong password - erase device.

    Are you saying the JTAG is really allowed to be opened for viewing by an adversary/competitor by repeated JTAG password attempts?  Crazy!

    In the IAR screen below, I can keep entering in passwords (manually) but an automated program could do this via the JTAG mailbox, a DLL, etc.

    Thanks,

    -Jim

  • 0 in reply to Jim Patten
    TI__Expert 5490 points
    Hello Jim,

    There are two ways to lock the JTAG:
    1. Lock without password:
    A device can be locked by writing 05555h to both JTAG Signature 1 and JTAG Signature 2. In this case, the JTAG and SBW interfaces grant access to a limited JTAG command set that restricts accessibility into the device. The only way to unlock the device in this case is to use the BSL to overwrite the JTAG signatures with anything other than 05555h or 0AAAAh.

    2.Lock with Password:
    You can get access to device with the correct password signatures but the wrong password will not erase the part. Signatures that have been entered do not take effect until the next BOR event has occurred.

    So if you need better security protection you can lock the JTAG without password and add the password to BSL. In this case the only way to access your device is to enter the correct BSL password.

    Thanks,
    Yiding

**Attention** This is a public forum