This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

MSP430F2112: A wrong RX PASSWORD erases the information memory, what was the target application of the behavior?

Part Number: MSP430F2112
Other Parts Discussed in Thread: MSP430F2131

Hello,

MSP430F2112 erases the information memory when it receives a wrong RX PASSWORD.
Regarding this behavior, my customer asked me a couple of questions. Please advise:

Q1. Why TI decided to erase the information memory? Is it for a security improvement?  

Q2. A wrong RX PASSWORD erases the information memory, what was the target application of the behavior?

My customer thinks the behavior is troublesome and hesitate to try.
They have an on-board BSL host and it updates the MSP430F2112 flash memory in field.
They are afraid that the MSP receive a wrong RX PASSWORD command and erase the information memory. It would introduce a device return.

  • I will leave it to the TI people to attempt to justify this behavior.  But fortunately for your customer, for the F2112 and similar parts they added a control word that allows you to disable this mass erase on a bad password.  SLAU319r.pdf says:

    "BSL versions 2.00 and higher have enhanced security features. These features are controlled by the flash
    data word located beneath the interrupt vector table addresses (for example, for the MSP430F2131,
    address 0xFFDE). If this word contains:
    • 0x0000: The flash memory is not erased if an incorrect BSL password has been received by the target.
    • 0xAA55: The BSL is disabled. This means that the BSL is not started with the default initialization
    sequence shown in Section 1.3.
    • All other values: If an incorrect password is transmitted, the entire flash memory address space is
    erased automatically."

    So if you always write a 0x0000 word at location 0xFFDE, an incorrect password will produce an error, but will not result in a mass erase.

  • Hi Hideaki,
    The purpose of the feature is so that one cannot try to unlock the BSL by iteratively trying passwords. This would pose a major security threat otherwise.
  • Cameron LaFollette said:
    Hi Hideaki,
    The purpose of the feature is so that one cannot try to unlock the BSL by iteratively trying passwords. This would pose a major security threat otherwise.

    That might be a justification for erasing MAIN memory, but not for erasing INFO memory, which contains calibration data.  In any case, it becomes moot if you always remember to put that null word at 0xFFDE.  Always.

  • Also, there was an improvement (in G2 devices) that allows for Info A to be locked.
  • George and Cameron,
    I appreciate your inputs.
    Please let me remind that my customer question is specific to the background of the spec. and the targeted application. I don't know such kinds of history, I opened this thread.

    Anyway I appreciate your best practices. I'm talking to customer about it to ask the customer team to try the parts.