• State TI Thinks Resolved
  • Replies 14 replies
  • Answers 1 answer
  • Subscribers 31 subscribers
  • Views 203 views
  • Users 0 members are here
Support feedback
Options
Options
Related

MSPM0L1106: How to input the passwords in UniFlash.

Alan Chan
Prodigy 210 points
Part Number: MSPM0L1106
Other Parts Discussed in Thread: UNIFLASH, MSPM0L1306, , SYSCONFIG

Tool/software:

Hi Teams,

My UniFlash version is 9.0.0.5086.

After debug lock, factory reset and mass erase were enabled with password, how to set the passwords so that UniFlash can perform the firmware update, factory reset and mass erase?

Besides, please help to suggest how to enter the password in Code Composer Studio so as to do the debugging.

  • 0
    TI__Intellectual 2201 points

    Hi Alan,

    In Uniflash, reference section 5 in Program Bootloader of MSP430, MSP432, CC13xx, CC26xx, CC32xx MCUs Using UniFlash:

    What version of CCS are you using?

    Have you tried connecting to the device to debug?

    Best,

    Owen

  • 0
    Prodigy 210 points

    Hi Owen,

    Thank you for your support and information.

    I am able to do the BSL upgrade with password enabled by using UniFlash.

    My problem is about password enabled on the following :

    • Debug Lock
    • Factory Reset
    • Mass Erase

    My Code Composer Studio version is 20.1.1.8_1.7.1.

    I was testing with MSPM0L1306 Launchpad. After Debug Lock password enabled, it cannot be debug.

  • 0 in reply to Alan Chan
    TI__Intellectual 2201 points

    Hi Alan,

    Depending on how you set up your security level, you will not be able to access specific features. Please reference the Technical Reference Manual below:

    To debug the device using a password:

    1. Navigate to the .ccxml file and open it
    2. In the bottom left of the window that opens, click on Advanced
    3. Click on the device, in this case: MSPM0L1106
    4. On the right you should see this:
    5. Fill in the password
    6. Save the file
    7. You should be able to debug the device now, but if not try the steps below
    8. Right-click on the .ccxml file and click on Start Project-less Debug
    9. In the top menu bar, click on Scripts
    10. Expand MSPM0L1106_Commands
    11. Click on MSPM0_Mailbox_DebugAccessPasswordAuthentication_Auto

    These steps will only work if you had correctly configured the security settings to allow for debug access via password.

    Best,

    Owen

  • 0 in reply to Owen Li
    Prodigy 210 points

    Hi Owen,

    Thank you for your info and support.

    According to the info provided about SWD security level 1, it is just an example. According to the Table 1-4. Generic Security Levels :

    From the table both mass erase and factory reset can be enable with password. So I think it should be somewhere to enter the password to do the action accordingly.

    For the debug using password, I tried both methods provided, they are not work on my side.

    The following is the first few bytes of by BCR config data in my device :

    In CCS, I tried both the order of the password as below, and they are not work. Could you provide me more advice on it?

  • 0 in reply to Alan Chan
    TI__Intellectual 2201 points

    Hi Alan, 

    Sorry for the oversight, I had referenced the incorrect table. How did you configure the password? Did you set it in the Configuration NVM section in SysConfig? Can you show me what you configured the settings to be?

    Alan Chan said:
    So I think it should be somewhere to enter the password to do the action accordingly.

    The password should be entered in the .ccxml file.

    As for the other actions, such as Mass Erase and Factory Reset, they are also in the same section as the password authentication command under Scripts:

    On another note, if you were able to read the BCRConfig data in memory and see the password, then that indicates you successfully connected to the device.

    Here's what I see:

    When you perform the password authentication, do you see this:

    Best,

    Owen

  • 0 in reply to Owen Li
    Prodigy 210 points

    Hi Owen,

    For myself, I wrote a routine to update NVM NONMAIN memory myself on system bootup. And the BCRConfig bytes are dumped in my previous comment above. Let's to focus on the method that you provided and my test below. We go back to my problem afterward.

    I follow your method to make change in SYSCFG file below:

    1. From the memory, the SWD password was set to memory, but when my software dump the memory from device, it is still not modified.

    2. When I input the wrong password in ccxml, the debug process still can be started.

    3. During the start of debug process, I cannot get your output below.

    I just got the last sentence, "Memory Map Initialization Complete".

    4. This is the most important point. After enabled the BCR config, the hex generated has error on UniFlash when it was downloading to DUT through bootloader.

    It seems that the new BCR config is not really write to DUT during my test above. Please help to provide more info and step by step of your test.

  • 0 in reply to Alan Chan
    TI__Mastermind 29105 points

    Hey Alan,

    Are you testing on a factory reset device?  Need to make sure there are no security settings in play when you are doing this testing.  

    Next, when you are updating the BCR in Sysconfig you need to go into the Project -> Debug -> Flash Memory settings and update it to "Erase Main and Nonmain."   There will be a warning next to this setting and what it is saying is this:  If you erase Nonmain and don't successfully reprogram it with correct settings, it will default to the highest security settings which can permanently brick the device.  It's very common to brick a device or two when first working with the Nonmain settings, so I would have some back-ups handy. 

    Non-main settings only get applied at a reset or power cycle.  So, after you program/debug your device as long as you stay connected to it you can continue to view the memory, ect. 

    As for your first question, I believe CCS and Uniflash only support password debug.  I'll have to check.   We have a web tool that can be used for password based Mass Erase and Factory Reset.  https://dev.ti.com/gallery/view/TIMSPGC/MSPM0_Factory_Reset_Tool/ver/1.0.2/ 

    Thanks,

    JD 

  • 0 in reply to JD Crutchfield
    Prodigy 210 points

    Hi JD,

    Thank you for your detail info on this ticket and your support.

    Yes, I was started on a device without any security settings at the beginning. I was updating the BCR and BSL config from firmware itself and not going through the Sysconfig in CCS. In another ticket, I am working with Owen on this and I found that enabled the sysconfig in CCS will not update the NONMAIN memory physically, but CCS can display the updated memory content in debug session.

    From your info, is that mean there is no tool to support password for mass erase and factory reset, am I correct?

    If it is the case, can you confirm me that the mass erase and factory reset are only available when SWD session established?

    FYI, I am still not able to established the SWD session when Debug Lock enabled with password set in BCR config.

  • 0 in reply to Alan Chan
    Prodigy 210 points

    Hi JD,

    Furthermore, I just tried the tool, https://dev.ti.com/gallery/view/TIMSPGC/MSPM0_Factory_Reset_Tool/ver/1.0.2/

    I am not able to use it to attach my device. I am using browser Chrome and JLink for the connection. There is no any password enabled and I verified the JLink connection with CCS and it is ok.

    What will be the problem?

  • 0 in reply to Alan Chan
    TI__Intellectual 2201 points

    Hi Alan,

    When you changed the password, were you able to successfully flash the device? After flashing, did you power cycle the board?

    How are you dumping memory? Are you doing this directly from CCS or Uniflash?

    Alan Chan said:
    When I input the wrong password in ccxml, the debug process still can be started.

    After updating the .ccxml file, did you perform the password authentication? In CCS you can do it by right-clicking on the .ccxml file under TargetConfigs > Scripts > MSPM0L1106_Commands > MSPM0_Mailbox_DebugAccessPasswordAuthentication_Auto. This should update the password that is getting sent to the device and you won't be able to gain debug access with an incorrect password.

    Alan Chan said:
    During the start of debug process, I cannot get your output below.

    The screenshot I sent was not from attempting to debug the device. The screenshot was the result of performing the password authentication script.

    Alan Chan said:
    This is the most important point. After enabled the BCR config, the hex generated has error on UniFlash when it was downloading to DUT through bootloader.

    Are you allowing for NONMAIN to be erased?

    Best,

    Owen

  • 0 in reply to Alan Chan
    TI__Intellectual 2201 points

    Hi Alan,

    I believe you can use Uniflash and CCS to perform Mass Erase with Password and Factory Reset with Password. See screenshots below:

    In the screenshot of Uniflash, ensure that the option to erase NONMAIN memory is selected. This can also be configured within the project properties in CCS. If you are not seeing changes to memory, this could be the explanation.

    Can you please provide more detail into the exact steps you perform to replicate the inability to access the device through the SWD pins? Did you change the password? Are there any error messages?

    Best,

    Owen

  • 0 in reply to Owen Li
    Prodigy 210 points

    Hi Owen,

    After I changed the password (Debug Lock), I tried to flash the device from CCS and Uniflash bootloader. After that, device was reboot. When my software bootup, the memory will be read and output to UART and I verified that the contents of BCR and BSL config was correct.

    Yes, I did. After selected MSPM0_Mailbox_DebugAccessPasswordAuthentication_Auto, there is nothing happened. If there is no password, the debug session will be pause at the main().

    Yes, I understand about this, but I didn't get this authentication operation.

    Yes, I didn't modified this from default BCR config. Error prompted is from UniFlash when the code generated by CCS with modified BCR config through sysconfig.

  • 0 in reply to Owen Li
    Prodigy 210 points

    Hi Owen,

    Can you tell me where to input the Mass erase and Factory reset password? I tried the buttons that you highlighted, it will not prompt for the password.

    For my test steps :

    1. Pre-condition :

    • Firmware is built by CCS with hex file output. BCR config are default in syscfg.
    • The built output hex file can be download through bootloader and JLink through Uniflash. Mass erase and factory reset can be performed in Uniflash.
    • CCS can do debugging by JLink.

    2. Base on the above, I wrote an routine based on the gBCRConfig and gBSLConfig provided from sample code provided by CCS.

    3. I modified the BSL with password enabled, it works on UniFlash. Here I just want to show that the NONMAIN memory access is correct.

    4. With similar, I enabled mass erase and factory reset password, the operation failed. It is expected because I cannot find the way to input password in UniFlash. (Rmk: Debug Lock is enabled without password.)

    5. When I test with Debug Lock password enabled, both UniFlash and CCS cannot work already, even I modified the password in ccxml.

    For the modification from CCS through syscfg, I followed the steps you provided and the result is replied in this ticket.

  • 0 in reply to Alan Chan
    TI__Intellectual 2201 points

    Hi Alan,

    The password should be input in the .ccxml file that you load into Uniflash.

    Can you confirm that your NVM Configuration settings have Debug Access, Factory Reset, and Mass Erase all Enabled with password match?

    Alan Chan said:
    Yes, I did. After selected MSPM0_Mailbox_DebugAccessPasswordAuthentication_Auto, there is nothing happened. If there is no password, the debug session will be pause at the main().

    Try performing a Project-less Debug session in CCS. You can do this by right-clicking on the .ccxml file and clicking Start Project-less. Then follow the same steps to perform the command.

    Here is the screenshot you sent earlier:

    In this screenshot, it is important to note that your password is the reverse of the one I have been using as an example. Furthermore, the 4th double word is technically 0x00FFEEDD.

    If nothing above works, please try the following:

    1. Create a new empty project in CCS.
    2. In the SysConfig file, enable the NVM Configuration.
    3. Enable the Debug Access, Factory Reset, and/or Mass Erase with password match.
    4. Input the password for all of the options you selected. (Make them the same).
    5. Go to project properties> Debug > MSPM0 Flash Settings > select the Erase MAIN and NONMAIN memory (see warning above) option.
    6. Open the .ccxml file and input the password. (Advanced > click on the device name, i.e. MSPM0L1106 > under Device Properties input the password exactly the same as it was in SysConfig.
    7. Make sure everything is saved.
    8. Flash the device.

    If you want to continue using CCS:

    1. Right-click on the .ccxml file
    2. Click on Start Project-less Debug
    3. Click on Scripts > MSPM0L1106_Commands
    4. Now perform any of the commands that require a password. (I recommend using the manual options. These will prompt you to press the reset button on the device or pull the reset line low).

    If you want to continue using Uniflash:

    1. Open Uniflash
    2. Scroll down to the bottom to Create Session From Existing Target Configuration File and press Select
    3. Navigate to the file path that contains the .ccxml file that you updated earlier.
    4. Now attempt to perform the Factory reset/Mass erase with Password (I recommend the manual option).

    Best,

    Owen