• State Resolved
  • Locked Locked
  • Replies 6 replies
  • Subscribers 80 subscribers
  • Views 1140 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

BSL - user code invoking on FR5969

Jim Patten
Expert 1060 points
Other Parts Discussed in Thread: MSP430FR5969

I'm looking at the BSL manuals and see the call to 0x1000, the start of BSL code. 
What I want to do on the FRAM FR5969 is have user code erase everything when asked. 
I was wondering if it is possible to call the BSL with an ERASE parameter.
I know I can jump to the BSL with this command, is it possible to pass in the
ERASE parameter similar to what is used with the BSL_Scripter program.

__disable_interrupt();
((void (*)())0x1000)();

Thanks,
Jim

  • 0
    Expert 1060 points
    Let me try to be more clear. If I get a signal/command, I want to MASS ERASE the device - for security reasons. But running code and erasing device is, hmm, non-starter. Either I have to somehow put code into RAM and execute it there, or (hopefully) jump to BSL and execute a MASS ERASE. Since the BSL has a MASS ERASE feature, I was hoping to leaverage that.

    So looking a the manual, I see the text:

    Memory location 0x1002 contains a jump to the "BSL Action" function.
    To invoke the action function, three parameters are needed.
    The first parameter is a number describing which function, the second two are
    simply known values to indicate that the function was called intentionally.
    R12: The function number
    R13: 0xDEAD
    R14: 0xBEEF

    Can anyone explain the functions availiable to call in R12?
    Can I call the Mass Erase Function? I'm using the FR5969

    Is there a way to execute a jump into the BSL from user-code and do a MASS ERASE? Is there a R12: function number I could pass that would call the MASS ERASE feature of the BSL? If not BSL address 0x1002, is there another?

    Thanks,
    -Jim
  • 0 in reply to Jim Patten
    TI__Guru* 79801 points
    Hi Jim,

    Looking in the FR59xx BSL user's guide www.ti.com/.../slau550 section 2.3.1.2 BSL Action, you can see that it says this "family BSL always executes BSL Action function 2 regardless of the function number or argument". And BSL Action function 2 is "Return to BSL" and won't be able to give you the mass erase you are looking for unfortunately.

    I'm not sure about your purpose in having your code erase itself - if it is for security reasons to protect the code from readout, you may want to look into the IP Encapsulation feature of MSP430FR5969 instead. You can use the IPE tool built into CCS (under Project > Properties > General on the MSP430 IPE tab) you can enable IPE. Using the pragma CODE_SECTION you can place your functions that you are trying to keep from readout in the ".ipe" section of the linker file (this is the section that will be protected). With IPE enabled, that section cannot be accessed by JTAG, BSL, or code outside the IPE area.

    So you could either protect your care-about code by putting it in the IPE area. Or, you could put your "erase code" in the IPE area that you use to wipe out all the rest of your memory. Since you are using FRAM, the beauty is there is no "erase" really - you just overwrite the data - no worrying about segment erases, or that kind of thing - you can specifically down to the bit level write-over what you want to get rid of. You could even have it write for example DEADBEEF at all addresses, so that if you go read the part out later you know that it did this. Your IPE-protected code that does the wipe-out would remain, but it would be inside the IPE encapsulated area so it couldn't be read out either. Even without IPE, you could do the same thing - have it wipeout all other addresses in the part, just don't erase the function that is doing the wiping - since it's FRAM this is easy to do.

    I hope this gives you some ideas - I think since this is FRAM you really have a lot more options than you would with flash.

    Regards,
    Katie
  • 0 in reply to Katie Pier
    Expert 1060 points

    Hi Katie,

    Yea, I see that and didn't quite comprehend its meaning, but I do see it states in Black/White Wolverine family always executes BSL Action Function 2.  IMHO, the Decription section of 2.3.1.2.1 BSL Action Function 2 is cryptic and of no use - maybe an example would be helpful.  Why would a User's code call 0x1002 to do this?  What would this accomplish... "... if BSL has written a program into FRAM or RAM, started that program by "Set PC", ..." but I digress.  I was hoping the BSL could be called from the User's code to do something useful, like do one of the BSL Commands than an external GUI connected via the BSL Uart would accomplish.  I wrote a custom BSL on another MSP430 part and did this, but with the FR5969 being a ROM only BSL, I'm stuck doing IPE or something else. Oh well, I was hoping...

    Thanks for your help.

    Best regards,

    -Jim

  • 0 in reply to Jim Patten
    TI__Guru* 79801 points

    Hi Jim,

    If you don't like the IPE options etc, there's also MSP-BOOT www.ti.com/lit/pdf/slaa600  that provides an example of a main-memory area (or INFO memory area) custom bootloader. That lets you have a custom bootloader even on a part with ROM BSL (though it takes up part of main memory or INFO memory). As I mentioned, having it in main memory shouldn't be a big issue because you aren't limited to segment erases with FRAM - you can erase down to the byte level.

    Regards,
    Katie

  • 0 in reply to Jim Patten
    Guru 227245 points
    On FR devices, you don't have to deal with the flash controller to write to non-volatile memory.
    What you need to do for a simple but complete erase:
    write an erase function that is located in ram. How this is done depends on the IDE. Basically, the function is copied to ram like the initial values of your variables are after a reset.
    This function will first disable the memory protection for code memory, then run a simple loop that writes 0xff 0r 0x00 or whatever to the whole FRAM area. Then doing are set or jumping into the BSL or enter an endless loop/LPM4. And there you are.
  • 0 in reply to Katie Pier
    TI__Guru* 79801 points
    I wanted to share for anyone finding this thread in the future - we just released the app note with code and detailed examples of enabling IP Encapsulation using the tools built into CCS and IAR. www.ti.com/.../slaa685 www.ti.com/.../slaa685

**Attention** This is a public forum