• State Resolved
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 80 subscribers
  • Views 2708 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

MSP432: Information memory security and BSL

keepcoding
Intellectual 480 points
Other Parts Discussed in Thread: MSPBSL

Hi

Can an application running on the msp432p401r program the flash information memory? (address range 0x 0020 0000 to 0x 0020 3fff )

It can be erased, but I wasn't able to overwrite the info memory yet.

According to slaa659a.pdf it is possible:

"Because the flash mailbox is just a flash sector accessible by the application or by the debugger (JTAG/SWD), boot-override operations can be configured as part of the firmware (firmware binary containing data for the flash mailbox sector), as the final step after programming the application firmware (using JTAG), or by the application during runtime."

This would mean that the application can disable the BSL. Is there a way to prevent the application from disabling the BSL?

Regards,

R

  • 0
    TI__Guru**** 218157 points
    Hi R,

    Table 6-4 of the MSP432 Datasheet describes the Flash Information Memory Regions, which consist of the Flash Boot-override Mailbox, TLV, and TI BSL. The flash boot-override mailbox and TI BSL are not write and erase protected but the TLV is. The mailbox defines a series of boot-code commands and parameters which have to be setup by the user and will be executed when a re-boot is initiated. BSL enable/disable is one of the boot-override commands that can be initialized by the flash mailbox (offset 0x1E0), but if boot override is disabled then it will not affect the BSL. The BSL is invoked by three approaches: bootcode when the application memory is erased, application software, or device bootcode by applying a hardware entry sequence (boot-override). More information can be found in the MSP432P401R Bootstrap Loader (BSL) User's Guide (SLAU622): www.ti.com/.../slau622.pdf

    You can also refer to the MSPBSL tool: http://www.ti.com/tool/mspbsl

    Regards,
    Ryan
  • 0 in reply to Ryan Brown1
    Intellectual 480 points

    So there is no way to prevent a malicious application from disabling the BSL?

  • 0 in reply to keepcoding
    TI__Guru**** 218157 points

    Of course there are security measures to prevent malicious operation. I highly suggest you read the BSL User's Guide and MSP432 Technical Reference Manual.

    Regards,
    Ryan

  • 0
    TI__Mastermind 40260 points
    keep coding,

    I think in this situation slau622 would greatly help: www.ti.com/.../slau622.pdf

    his covers the MSP432 BSL. The application needs to provide a password to the BSL to unlock it to write to other segments of memory. To protect data within the device, most core commands are protected. A protected command is successfully complete only after the device has been unlocked by sending the RX Password command with the correct password. In addition, commands specific to the peripheral interface are not protected.

    To use the bootstrap loader, a user-selectable BSL entry sequence must be applied. An added sequence of commands initiates the desired function. A boot-loading session can be exited by continuing operation at a defined user program address or by the reset condition.
    If the device is secured by disabling JTAG, it is still possible to use the BSL. Access to the MSP432 memory through the BSL is protected against misuse by a user-defined password.
  • 0 in reply to Evan W
    Intellectual 480 points
    Maybe you misunderstood my question.
    I am not talking about protecting the access to the BSL, I am talking about preventing that the application running on the MSP432 deactivates the BSL!
  • 0 in reply to Ryan Brown1
    Intellectual 480 points
    I've read the documents, but I'm not sure whether I missed something or not. Can the info memory be protected from the application that runs on the MSP432? The IP protection can only be used for the main memory, not the info memory as far as I understood.
  • 0 in reply to keepcoding
    TI__Guru**** 218157 points
    Hello keepcoding,

    IP protection can be used to protect unauthorized accesses to the entire device memory map, including the information memory that is a part of the flash memory map. IP protected secure zones can cover all code flash, whether it is main or information.

    Regards,
    Ryan
  • 0 in reply to Ryan Brown1
    Intellectual 480 points

    Hi Ryan

    Thanks for your answer. 

    Ok, that sounds good. However, when I enable IP Zone 0 protection as follows, the device locks up (does not execute code after I hit the reset button, i.e. seems to be stuck in the bootcode):

    @0x00200004: COMMAND_SEC_ZONE0_EN

@0x00200060: 0x00000000  /* enable Zone 0 IP protection */

@0x00200064: 0x00202000  /* start address */

@0x00200068: 0x00002000  /* length */

    I then need to do a factory reset in order to restore the device. Any ideas why this happens?

    Regards,

    keepcoding

  • 0 in reply to keepcoding
    TI__Guru**** 218157 points
    Hi keepcoding,

    I'm starting to understand the basis for your previous questions. Does this only happen when you try to protect the information memory instead of main memory or for all instances? Have you reviewed the IP protection app report?
    www.ti.com/.../slaa660.pdf

    Perhaps utilizing the MPU would be better for your application, there is a TI-provided code example (C and driverlib) on how to initialize this peripheral for protection of a memory segment.

    Regards,
    Ryan

**Attention** This is a public forum