This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CCS/MSP430F6723: How to unlock the security fuse

Part Number: MSP430F6723
Other Parts Discussed in Thread: MSP-FET

Tool/software: Code Composer Studio

Hi,

I am currently programming MSP430F6723 using MSP-FET through JTAG.

I am having trouble in unblown the security fuse, please anyone tell me the solution for this.

I am using different set of tools MSPFlasher_1.3.18 , Lite FET-Pro430

JTAG Signature we have dump the 0xC35A value in 0x17FCH location, for JTAG interface locked.

  • Hello Snehal,
    I am sorry, but as stated in our F5xx / F6xx User's Guide SLAU208Q chapter "7.3.8.1 Programming Flash Memory Through JTAG" locking the JTAG of F5xx and F6xx devices is not reversible.
    Please see further details in www.ti.com/.../slau320ae.pdf

    Best regards
    Peter
  • Thanks for reply.

    It means, MSP430F6723 controller is one time locking system, we can not unlock it.

    But I referred in MSP code protection features chapter "2.2.1 F5xx/F6xx Electronic Fuse Implementation"  To clear JTAG/SBW lock protection, the BSL can be used to clear the JTAG signatures to 00000000h.

    This is worked or not can you tell me.

     

  • Hello Snehal,
    your comment is correct. If you know the BSL password you could access the device, but only by BSL.
    Please keep in mind, there is only one attempt, trying to access a device by BSL, with locked JTAG. Providing the wrong password by BSL with immediately trigger a mass erase of the FLASH. Thus also the password will be set to a known value. This way, you may get access to the device without knowing the password, but without having the possibility to read anything customer specific out of the device afterwards.
    The mass erase would also be an option gaining access to JTAG.
    Just for information, there is also a possibility, before locking JTAG, to erase the BSL. This way, one could deactivate BSL in the F5xx/f6xx devices.

    Best regards
    Peter
  • But how to access the BSL & get the password.

    If you know the steps, please give me the steps for accessing the BSL.  

  • BSL memory location is 0xFFE0 - 0xFFFE
    I just check this memory location data in Lite FET-Pro430 Elprotronic , data like this
    0xFFE0: 36 42 36 42 36 42 36 42 36 42 36 42 36 42 1A 42
    0xFFF0: 00 40 28 41 2C 42 36 42 36 42 36 42 36 42 00 42
  • Hi Snehal,
    to use the BSL communication with an MSP, you need a special additional HW tool supporting the BSL interface, supporting the BSL communication.
    This differs between the different MSP430 sub-families.
    For the MSP430F6xx devices, please see on one hand respective chapters in the F5xx/F6xx User's Guide slau208q.pdf and MSP430™ Flash Device Bootloader (BSL) slau319u.pdf, which can be also found on the primary landing page for MSP430 BSL related topics http://www.ti.com/tool/mspbsl

    Best regards
    Peter
  • Thank for reply.

    I will try to mass erase of a device using bsl_scripter.exe 

     

    Steps as follows:

    1) mass erase

    2) RX password

    3) RX_PASSWORD PASS.txt

    Host : 80 01 00 15 64 a3 

    resp: fail (ee)

    I don't know why the response is fail and ack is also not proper.

    In place of ACK its respond ee 

    Any idea about resolving this issue.

    Connection is like this 

    1. BSL_TX (P3.0) --> JTAG pin no 12

    2. BSL_RX (P3.1) --> JTAG pin no 14

    3. GND --> JTAG pin no 9

    4. VCC ---> JTAG pin no 4

    5. TEST/SBWTCK --> JTAG pin no 7

    6. RST/NMI/SBWTDIO --> JTAG pin no 1

  • I will refer www.ti.com/.../slau319u.pdf for BSL commands
    & www.ti.com/.../msp430f6723.pdf in this pdf chapter 6.6 Bootloader (BSL) referring for connections
  • Hi Snehal,
    how does the HW setup you're using look like?

    Best regards
  • I mean, what kind of tool are you using for the connection between PC and MSP?
  • MSP- FET430UIF is used for PC to device communication.
    MSP FET is communicate with SBW & BSL also, they not required any other device.
  • Hi,

    We are using MSP-FET430UIF for communication between PC & MSP with JTAG as well as SBW.

    We want to check the BSL memory using bsl_scripter.exe

      

    In MSP P3.0 (pin no 40) & P3.1 (pin no 50), we initialize alternate function i.e. BSL_TX & BSL_RX like this,

    P3SEL |= BIT0 | BIT1; 

    but MSP not respond proper ack.

    Can you help me out to this problem.

  • P3.0 (Pin no 49) by mistake it print (pin no 40)
  • Hi Snehal,
    I am a bit confused. Previously you stated you're using the MSP430-FET. In the recent posts you're saying you use the MSP-FET430UIF, and trying to use it with the BSL-Scripter and utilize BSL functionality.
    Please clarify the real situation on your side, as the MSP-FET430UIF does not support BSL communication and features, only the MSP430-FET does, or the BSL Rocket from OLIMEX.
    Many thanks in advance.

    Best regards
    Peter
  • Hello Snehal,
    please let us know whether you still need support on this.

    I have tested unlocking of a locked JTAG with a F5xx device, using the BSL-Scripter and the MSP-FET. The procedure worked as expected. The unlock attempt with incorrect password caused an erase of the device. This way the password is all FFFFs. Then in another cycle one can use this password for unlocking the JTAG.

    Under the assumption, you don't need further support, I am closing this thread. If this is not the case, you can still reopen it, by posting to it.

    Best regards
    Peter