• State Resolved
  • Locked Locked
  • Replies 3 replies
  • Subscribers 79 subscribers
  • Views 764 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

MSP430FR2355: Boot and Code Security Options on MSP430FR2xxx devices - Force mass erase/Prevent extracting firmware?

Bryce Nesbitt
Intellectual 450 points
Part Number: MSP430FR2355
Other Parts Discussed in Thread: UNIFLASH

I'm reviewing code security issues for a MSP430FR2xxx device, do I understand correctly?

  • Initial firmware load must be done via the JTAG SBW port or via "blank device detection" and the BSL.
  • After initial firmware load the "electronic fuse" can be set to disable JTAG/SBW.  This however leaves the BSL enabled.
  • The initial firmware load can set a 32 byte secret code for the BSL bootloader.
  • An incorrect BSL password starts a mass erase.

---------------------------------------------------------------------------------
I'm mostly interested in protecting the firmware from binary theft by a competitor.  Do I understand correctly that with the above any factory worker can readily obtain the 32 byte BSL bootloader password, and with that knowledge leaked, any device in the field can have the firmware stripped using the "TX Data Block command." ?
It also means that to reprogram the part requires two physical connectors (six pins for JTAG/SBW with TagConnect and four pins for BSL). 

Is it possible to achieve:

  • Initial firmware load via JTAG/SBW
  • One time write a serial number into the part
  • Disable the BSL (and any other method of reading FRAM)
  • Disable JTAG/SWB (and any other method of reading FRAM)
  • Re-enable JTAG/SBW via a bulk erase of the part.

That way nobody can read out the code, but a factory process can still reprogram or update firmware on the part.

References

  • 0
    TI__Genius 12315 points

    Hello,

    Your understanding is correct.

    Writing 5555h to BSL Signature 1 and BSL Signature 2 disables the BSL function.

    • Re-enable JTAG/SBW via a bulk erase of the part.

    This can implemented by enabling below option in CCS/Uniflash

  • 0
    Guru 34453 points

    Just to add to Winter answer, that mass erase (back to factory state) for FR2xx can be done with both interfaces, SBW and / or BSL. BSL can be disabled, but SBW mass erase stay enabled (even with locked JTAG), so it is impossible to brick device. 

  • 0 in reply to zrno soli
    Intellectual 450 points

    zrno soli said:
    Just to add to Winter answer, that mass erase (back to factory state) for FR2xx can be done with both interfaces, SBW and / or BSL. BSL can be disabled, but SBW mass erase stay enabled (even with locked JTAG), so it is impossible to brick device.

    Thank you, that's very helpful.  And would be a great addition to the TI documentation.

    --
    Because our serial ports have other functions, the prospect of arranging pins to support BSL was unpleasant.

**Attention** This is a public forum