• State Resolved
  • Locked Locked
  • Replies 15 replies
  • Subscribers 81 subscribers
  • Views 4076 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

SBW write BSL Password --> Blow Security Fuse

MAC Engineering
Expert 1460 points
Other Parts Discussed in Thread: MSP-GANG

MSP430G2x53 Processor

I am new to the BSL,

(1) is it posable to change the default BSL password with the SBY while loading the firmware, then blow the security fuse? 

(2) we assume that the MSP-GANG ( http://www.ti.com/tool/msp-gang ) can use either SBY or BSL for writing the MSP firmware?

Our motivation, use SBY to preform the initial programing of the MSP430G2x53.  If down the road an update of firmware is needed, we can do so with password protected BSL method.

  • 0
    Guru 34773 points

    BSL password will be vector table, and without knowing password it will not be able for BSL to read stored firmware. However, it should be able to execute BSL mass erase and store new firmware on chip (that will have again new BSL password).

    BSL is note related to 4 wire JTAG or SBW, and security fuse. Blowing security fuse (not supported by TI SBW tools, supported by MSP-GANG), will disable JTAG/SBW interface forever, and it will not be possible to do any JTAG/SBW  action on target chip.

  • 0 in reply to zrno soli
    Expert 1460 points

    zrno soli said:

    No, this did not answer my questions:

    BSL password will be vector table, and without knowing password it will not be able for BSL to read stored firmware . However, it should be able to execute BSL mass erase and store new firmware on chip (that will have again new BSL password)(this is all good and true)

    BSL is note related to 4 wire JTAG or SBW, and security fuse (Is the answer to my question:  ?NO/YES, one can/can not write [change default BSL password] the BSL password vector table with the 2-wire JTAG?).  Blowing security fuse (not supported by TI SBW tools, supported by MSP-GANG (Yes, but does MSP-GANG support BSL?)  (Sorry, I'm calling the 14-pin JTAG, and the 4-pin JTAG "SBY"), will disable JTAG/SBW interface forever, and it will not be possible to do any JTAG/SBW  action on target chip (yep).

  • 0 in reply to MAC Engineering
    Guru 34773 points

    AFAIK, MSP-GANG support JTAG, SBW and BSL. On each target 14-pin connector are JTAG / SBW / BSL lines (slau358).

    If security fuse is blown, there is no possibility to make any changes (read/erase/write) on target flash by JTAG and SBW.

  • 0 in reply to zrno soli
    Expert 1460 points

    This may be a question for a TI employee?

    No this did not answer my question, see original post:

    (1) is it posable to change the default BSL password with the SBY (2-wire JTAG) while loading the firmware, then blow the security fuse?

  • 0 in reply to MAC Engineering
    Guru 34773 points

    Yes, it is possible to change BSL password by JTAG (during flashing process) and than blow security fuse after firmware was updated.

  • 0 in reply to zrno soli
    Expert 1460 points

    Thank you for your response, could you give a reference to where you found the above information?

  • 0 in reply to MAC Engineering
    Guru 34773 points

    I think that you are confused with something in relation between BSL and blowing JTAG fuse. BSL password is not related to JTAG fuse.

    BSL password is part of firmware (vector table, and added info by user). BSL is located in ROM of MSP430F2xx, and it can't be blocked / removed /deleted. When programer put target device in BSL programming mode, target device will not enable firmware reading if programmer don't send right password. Mass erase and any operation after is without restriction. So main code protection for BSL is password.

    When programmer put target device in SBW / JTAG programming mode, target firmware is not protected, and any operation can be executed on it. SBW / JTAG connection can't be possible if JTAG fuse is blown. Blowing JTAG fuse can be done by user anytime and it is not related to moment of upgrading firmware.

    MAC Engineering said:

    Thank you for your response, could you give a reference to where you found the above information?

    I don't have MSP-GANG or any other TI tool. AFAIK, SBW TI tools (for example launchpad) are not able to blow JTAG fuse. MSP-FET430UIF can blow JTAG fuse, but it is not support BSL. Anyway, details about TI products knows TI team.

    I am working on world fastest MSP430 multi-programming tool so I know something related to this stuff.

    http://forum.43oh.com/topic/2972-sbw-msp430f550x-based-programmer

  • 0 in reply to zrno soli
    TI__Mastermind 21285 points

    Hello MAC,

    is it posable to change the default BSL password with the SBY while loading the firmware, then blow the security fuse?

    Section 2.7 (SLAU319) - The password itself consists of the 16 interrupt vectors located at addresses FFE0h to FFFFh (256 bits), starting with the first byte at address FFE0h. After mass erase and with unprogrammed devices, all password bits are logical high (1). 

    Any time that you alter the interrupt vectors, you alter the BSL password so yes, you change the BSL password via SBW programming.  You also can change it via BSL since the password is your application's interrupt vectors.  You can then, blow the fuse via the SBW interface.

    We assume that the MSP-GANG ( http://www.ti.com/tool/msp-gang ) can use either SBY or BSL for writing the MSP firmware?

    Correct.  However, the GUI provided doesn't support BSL.  You would need to write your own application for BSL support via the MSP-GANG.  APIs are provided in the MSP-GANG software download package.

    Our motivation, use SBY to preform the initial programing of the MSP430G2x53.  If down the road an update of firmware is needed, we can do so with password protected BSL method.

    A very reasonable approach.

    I hope this answers your questions.

    @Zrno - fuse blow via SBW is possible but not via the EZ-FET (Launchpad, EZ430-based kits).  MSP-GANG and MSP-FET430UIF can perform fuse blows over the SBW interface. (SLAU278)

  • 0 in reply to Michael S
    Expert 1460 points

    Thanks for the clear answer!

    "However, the GUI provided doesn't support BSL.  You would need to write your own application for BSL support via the MSP-GANG."

    Is there an application report or tutorial for writing an application to use with the MSP-GANG for the purpose of programming the MSP430 via BSL? 


    Thanks for TI's excellent customer service!

  • 0 in reply to Michael S
    Guru 34773 points

    Michael S said:

    Correct.  However, the GUI provided doesn't support BSL.  You would need to write your own application for BSL support via the MSP-GANG.  APIs are provided in the MSP-GANG software download package.

    In the slau358c (MSP Gang Programmer User's Guide) there is picture (Fig 2-1) on page 13 with Dialog GUI BSL example.

    Michael S said:

    @Zrno - fuse blow via SBW is possible but not via the EZ-FET (Launchpad, EZ430-based kits).  MSP-GANG and MSP-FET430UIF can perform fuse blows over the SBW interface. (SLAU278)

    Thanks for info, was thinkging that blowing fuse with TI tools is only possible under JTAG, not with SBW.

  • 0 in reply to zrno soli
    TI__Mastermind 21285 points

    Thank you zrno. Looks like I need to pull down the s/w package and update.

  • 0 in reply to Michael S
    Expert 1460 points

    Thanks to all, yes I was going off of the image of the MSP-GANG Interface on the TI web-page.

    I did not catch the Fig. 2-1 on page 13 of slau3558d.pdf.

    So now I am confused for sure, does the present MSP-GANG have a GUI that can be used with the BSL, or does one have to make their own?  It seems clear from the PDF that all one has to do is provide an image (code file), I assume CCS can work with the MSP-GANG to do this. 

  • 0 in reply to Michael S
    Guru 227245 points

    Michael S said:
    @Zrno - fuse blow via SBW is possible but not via the EZ-FET (Launchpad, EZ430-based kits).  MSP-GANG and MSP-FET430UIF can perform fuse blows over the SBW interface. (SLAU278)

    IIRC this is not exactly true.
    Right, the EZ-FETs cannot blow the fuse. A fues blow is a high-voltage high-current pulse that physically blows a fuse inaide the JTAG logic. (starting with 5x family, this is no longer true, here the fuse is a software fuse located in the BSL FLASH area).

    Teh EZ-FETs are unable to provide voltagte and current for the fuse blow. Also, IIRC, the fuse blow won't work with just the SBW signals of the FET. I remember a specific wiring on the target side required for the fuse blow if the 4-wire JTAG pins are not connected, as the blow voltage comes from TDI signal line but must be applied to SBWTCK/TEST (SLAU320e)

  • 0 in reply to Jens-Michael Gross
    TI__Mastermind 21285 points

    The 2 SBW signals alone will not blow a JTAG fuse, this is true.  You need to bring in the TEST/VPP signal as shown below.

  • 0 in reply to Michael S
    Expert 1460 points

    Here is a tidbit to be helpful for those that are interested:

    1) The MSP-FET430UIF will blow the security fuse by connection of TEST/Vpp in the JTAG header directly to the port as shown in last post.  Or, use the datasheet specified value on the correct pin of MSP.

    2) The MSP430-GANG does not have a GUI for a user defined password, must use code and be carful not to create a problem by messing up the ISR vectors (the grayed out values seen below).  But, the Lite FETPro430 software does have a GUI, as seen in attached screen shot.  Elprotronic stated that they "may" include this feature in a future software release of MSP-GANG.

**Attention** This is a public forum