Other Parts Discussed in Thread: UNIFLASH
I'm reviewing code security issues for a MSP430FR2xxx device, do I understand correctly?
- Initial firmware load must be done via the JTAG SBW port or via "blank device detection" and the BSL.
- After initial firmware load the "electronic fuse" can be set to disable JTAG/SBW. This however leaves the BSL enabled.
- The initial firmware load can set a 32 byte secret code for the BSL bootloader.
- An incorrect BSL password starts a mass erase.
---------------------------------------------------------------------------------
I'm mostly interested in protecting the firmware from binary theft by a competitor. Do I understand correctly that with the above any factory worker can readily obtain the 32 byte BSL bootloader password, and with that knowledge leaked, any device in the field can have the firmware stripped using the "TX Data Block command." ?
It also means that to reprogram the part requires two physical connectors (six pins for JTAG/SBW with TagConnect and four pins for BSL).
Is it possible to achieve:
- Initial firmware load via JTAG/SBW
- One time write a serial number into the part
- Disable the BSL (and any other method of reading FRAM)
- Disable JTAG/SWB (and any other method of reading FRAM)
- Re-enable JTAG/SBW via a bulk erase of the part.
That way nobody can read out the code, but a factory process can still reprogram or update firmware on the part.
References
- slau550z - msp430 BSL
- slaa685 - msp code protection features
- swpb018 - security features
- https://www.tag-connect.com/
