• State Resolved
  • Locked Locked
  • Replies 15 replies
  • Answers 2 answers
  • Subscribers 78 subscribers
  • Views 1707 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Original question:

How to blow the F5xx security fuse..??

CCS/MSP430F6723: How to unlock the security fuse

Snehal Yendhe
Prodigy 200 points
Part Number: MSP430F6723
Other Parts Discussed in Thread: MSP-FET

Tool/software: Code Composer Studio

Hi,

I am currently programming MSP430F6723 using MSP-FET through JTAG.

I am having trouble in unblown the security fuse, please anyone tell me the solution for this.

I am using different set of tools MSPFlasher_1.3.18 , Lite FET-Pro430

JTAG Signature we have dump the 0xC35A value in 0x17FCH location, for JTAG interface locked.

  • 0
    TI__Genius 17960 points
    Hello Snehal,
    I am sorry, but as stated in our F5xx / F6xx User's Guide SLAU208Q chapter "7.3.8.1 Programming Flash Memory Through JTAG" locking the JTAG of F5xx and F6xx devices is not reversible.
    Please see further details in www.ti.com/.../slau320ae.pdf

    Best regards
    Peter
  • 0 in reply to Peter Spevak
    Prodigy 200 points

    Thanks for reply.

    It means, MSP430F6723 controller is one time locking system, we can not unlock it.

    But I referred in MSP code protection features chapter "2.2.1 F5xx/F6xx Electronic Fuse Implementation"  To clear JTAG/SBW lock protection, the BSL can be used to clear the JTAG signatures to 00000000h.

    This is worked or not can you tell me.

     

  • 0 in reply to Snehal Yendhe
    TI__Genius 17960 points
    Hello Snehal,
    your comment is correct. If you know the BSL password you could access the device, but only by BSL.
    Please keep in mind, there is only one attempt, trying to access a device by BSL, with locked JTAG. Providing the wrong password by BSL with immediately trigger a mass erase of the FLASH. Thus also the password will be set to a known value. This way, you may get access to the device without knowing the password, but without having the possibility to read anything customer specific out of the device afterwards.
    The mass erase would also be an option gaining access to JTAG.
    Just for information, there is also a possibility, before locking JTAG, to erase the BSL. This way, one could deactivate BSL in the F5xx/f6xx devices.

    Best regards
    Peter
  • 0 in reply to Peter Spevak
    Prodigy 200 points

    But how to access the BSL & get the password.

    If you know the steps, please give me the steps for accessing the BSL.  

  • 0 in reply to Snehal Yendhe
    Prodigy 200 points
    BSL memory location is 0xFFE0 - 0xFFFE
    I just check this memory location data in Lite FET-Pro430 Elprotronic , data like this
    0xFFE0: 36 42 36 42 36 42 36 42 36 42 36 42 36 42 1A 42
    0xFFF0: 00 40 28 41 2C 42 36 42 36 42 36 42 36 42 00 42
  • 0 in reply to Snehal Yendhe
    TI__Genius 17960 points
    Hi Snehal,
    to use the BSL communication with an MSP, you need a special additional HW tool supporting the BSL interface, supporting the BSL communication.
    This differs between the different MSP430 sub-families.
    For the MSP430F6xx devices, please see on one hand respective chapters in the F5xx/F6xx User's Guide slau208q.pdf and MSP430™ Flash Device Bootloader (BSL) slau319u.pdf, which can be also found on the primary landing page for MSP430 BSL related topics http://www.ti.com/tool/mspbsl

    Best regards
    Peter
  • 0 in reply to Peter Spevak
    Prodigy 200 points

    Thank for reply.

    I will try to mass erase of a device using bsl_scripter.exe 

     

    Steps as follows:

    1) mass erase

    2) RX password

    3) RX_PASSWORD PASS.txt

    Host : 80 01 00 15 64 a3 

    resp: fail (ee)

    I don't know why the response is fail and ack is also not proper.

    In place of ACK its respond ee 

    Any idea about resolving this issue.

    Connection is like this 

    1. BSL_TX (P3.0) --> JTAG pin no 12

    2. BSL_RX (P3.1) --> JTAG pin no 14

    3. GND --> JTAG pin no 9

    4. VCC ---> JTAG pin no 4

    5. TEST/SBWTCK --> JTAG pin no 7

    6. RST/NMI/SBWTDIO --> JTAG pin no 1

  • 0 in reply to Snehal Yendhe
    Prodigy 200 points
    I will refer www.ti.com/.../slau319u.pdf for BSL commands
    & www.ti.com/.../msp430f6723.pdf in this pdf chapter 6.6 Bootloader (BSL) referring for connections
  • 0 in reply to Snehal Yendhe
    TI__Genius 17960 points
    Hi Snehal,
    how does the HW setup you're using look like?

    Best regards
  • 0 in reply to Peter Spevak
    TI__Genius 17960 points
    I mean, what kind of tool are you using for the connection between PC and MSP?
  • 0 in reply to Peter Spevak
    Prodigy 200 points
    MSP- FET430UIF is used for PC to device communication.
    MSP FET is communicate with SBW & BSL also, they not required any other device.
  • 0 in reply to Peter Spevak
    Prodigy 200 points

    Hi,

    We are using MSP-FET430UIF for communication between PC & MSP with JTAG as well as SBW.

    We want to check the BSL memory using bsl_scripter.exe

     

    In MSP P3.0 (pin no 40) & P3.1 (pin no 50), we initialize alternate function i.e. BSL_TX & BSL_RX like this,

    P3SEL |= BIT0 | BIT1; 

    but MSP not respond proper ack.

    Can you help me out to this problem.

  • 0 in reply to Snehal Yendhe
    Prodigy 200 points
    P3.0 (Pin no 49) by mistake it print (pin no 40)
  • 0 in reply to Snehal Yendhe
    TI__Genius 17960 points
    Hi Snehal,
    I am a bit confused. Previously you stated you're using the MSP430-FET. In the recent posts you're saying you use the MSP-FET430UIF, and trying to use it with the BSL-Scripter and utilize BSL functionality.
    Please clarify the real situation on your side, as the MSP-FET430UIF does not support BSL communication and features, only the MSP430-FET does, or the BSL Rocket from OLIMEX.
    Many thanks in advance.

    Best regards
    Peter
  • 0 in reply to Peter Spevak
    TI__Genius 17960 points
    Hello Snehal,
    please let us know whether you still need support on this.

    I have tested unlocking of a locked JTAG with a F5xx device, using the BSL-Scripter and the MSP-FET. The procedure worked as expected. The unlock attempt with incorrect password caused an erase of the device. This way the password is all FFFFs. Then in another cycle one can use this password for unlocking the JTAG.

    Under the assumption, you don't need further support, I am closing this thread. If this is not the case, you can still reopen it, by posting to it.

    Best regards
    Peter

**Attention** This is a public forum