Suppose I have several MSP430FR devices on a single PCB, call them UP1, UP2, UP3. They all will have to be programmed and their IP protected from external access.
Both JTAG and BSL interfaces have memory access locking mechanisms and the MPU IPE (IP encapsulation) functionality can lock access to a user defined memory segment.
The documentation claims, Section 7.2.2. under IPE :"The MPU can protect an address range in the main memory from unconditional external access." 7.2.2
But this is not the case if after a BOR, IPE registers become unlocked. Yet this is what the documentation is saying a few pages later : "MPUIPLOCK allows to separately lock the MPUIPC0 and MPUIPSEGBx registers. Write access is not possible on these registers until a BOR occurs."
Furthermore, JTAG e-fuse locking with password can be unlocked by clearing the password activation signature with the BSL interface.
JTAG e-fuse locking without password can also be unlocked with the BSL interface.
The BSL interface can be locked by writing a certain lock signature, but that too can be unlocked by overwriting the lock signature using the JTAG interface.
Finally, the BSL can be password protected with the interrupt vector table content being the password (with no JTAG remedy to gain access)
So then :
1) would protecting all devices require routing separate BSL + JTAG interfacing signals to all devices ? That would consume a lot of PCB space + connectors.
2) Is it correct or incorrect that routing only JTAG gives no IP access protection since an externally added BSL interface can unlock JTAG ?
3) Would routing only BSL to all devices and using BSL passwords be enough ?
4) Lastly would it be possible to only route a JTAG interface to one main MSP430FRxx device and from that device program all other devices through a BSL I2C interface and password lock all BSL
interfaces. Would that protect all devices from externally added JTAG interfaces trying to extract code on each devices ? Does the main device also need a BSL interface to password lock it ?