MSPM0L1227: Lock SWD with unique password in Production Line - API programming access

Hi Jayakumar,

This could get complicated as you would need to store the password for every unique device you program. SWD access is lockable with a password and this can be configured when you program the device so this part is normal. However another caveat is that you'd also need to regenerate the binary for every unique device as well, which would slow your production programming process quite a bit. 

If this is ok with your application, what you could do is:

On the production line, read out the TRACEID, which is a value that is unique per device manufactured and programmed by TI. Then you could create an algorithm that takes the TRACEID as an input to generate a password. That way you do not need to store each password, rather you just need to keep your hashing algorithm secret. 

Then when you need to access a device via SWD, all you need to do is read out the TRACEID and hash it again to get the password and supply it. You may wonder how you will get the TRACEID if SWD is locked - you can set up a SEC_AP interrupt do help with this. SEC_AP is always accessible, even when SWD is locked. You can set up an interrupt so that when you write a certain value to the SEC_AP RX buffer, it fetches the TRACEID and places it in its TX buffer. Then you can just read the TX buffer in the SEC_AP, re-hash the TRACEID to get the password, then supply the password to the SWD interface to unlock it.

Again, this would extend your production time by quite a bit, but would allow you to have a unique device SWD password without having to store it per device. 

I am unclear on what you mean by programming in production line with API programming access, do you mean you are looking for a debugger that you can control via command line? If you could please elaborate here I am happy to help.