• State TI Thinks Resolved
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 79 subscribers
  • Views 278 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

MSP430FR5959: What is the minimum # of programming interfaces (JTAG, BSL) required to program several MSP430FR5/6xxx devices on a single PCB for IP protection ?

Eric Walburger
Prodigy 205 points
Part Number: MSP430FR5959

Suppose I have several MSP430FR devices on a single PCB, call them UP1, UP2, UP3. They all will have to be programmed and their IP protected from external access.

Both JTAG and BSL interfaces have memory access locking mechanisms and the MPU IPE (IP encapsulation) functionality can lock access to a user defined memory segment.

The documentation claims, Section 7.2.2. under IPE  :"The MPU can protect an address range in the main memory from unconditional external access." 7.2.2 

But this is not the case if after a BOR, IPE registers become unlocked. Yet this is what the documentation is saying a few pages later : "MPUIPLOCK allows to separately lock the MPUIPC0 and MPUIPSEGBx registers. Write access is not possible on these registers until a BOR occurs."

Furthermore,  JTAG e-fuse locking with password  can be unlocked by clearing the password activation signature with the BSL interface.

JTAG e-fuse locking without password can also be unlocked with the BSL interface.

The BSL interface can be locked by writing a certain lock signature, but that too can be unlocked by overwriting the lock signature using the JTAG interface.

Finally, the BSL can be password protected with the interrupt vector table content being the password (with no JTAG remedy to gain access)

So then :

1) would protecting all devices require routing separate BSL + JTAG interfacing signals to all devices ?   That would consume a lot of PCB space + connectors. 

2) Is it correct or incorrect that routing only JTAG gives no IP access protection since an externally added BSL interface can unlock JTAG ?

3) Would routing only BSL to all devices and using BSL passwords be enough ?

4) Lastly would it be possible to only route a JTAG interface to one main MSP430FRxx device and from that device program all other devices through a BSL I2C interface and password lock all BSL 

interfaces. Would that protect all devices from externally added JTAG interfaces trying to extract code on each devices ? Does the main device also need a BSL interface to password lock it ?

 

  • 0
    Guru 33653 points

    SBW for FRAM devices is fine and except VCC / GND for interface are needed 2 lines (SBW_TCK, SBW_DIO), so 2 * (1 + N) pin connector in your case for N devices. Also if N is close to 8 and board space is not a issue, it is possible to add another (same) FRAM chip to update program on others, based on slau320 (open source example with FRAM master can be found on github).

    With blown fuse SBW / JTAG access is limited only to mailbox data exchange between master and slave, (per default) without possibility to dump device firmware. For some FRAM devices (for example FR4xx) JTAG fuse can be unlocked by SBW / JTAG mailbox by mass erase triggered by boot code. Other FRAM devices can be unlocked only by BSL, and for this 2 extra lines (TXD / RXD) are needed for unlocking device, total 2 * N. Some devices have SBW / JTAG password option for enabling SBW / JTAG.

    Don't know if your project is close to finish or it is in planing. For me the best option is to select FRAM devices with SBW / JTAG mailbox mass erase option, and one master on board that have SBW conection to all slaves.

  • 0 in reply to zrno soli
    Prodigy 205 points

    Thanks for your reply. An IP would not be protected at all if it can be externally read using either JTAG or BSL . Routing only the JTAG interface to a connector and using JTAG password is no protection if BSL remains open. It is not difficult for anyone to piggytail connect to the BSL UART/I2C interface even if it was not routed.  However, it seems that the BSL interface is password protected by default with no user steps required to activate it, and can not be neutralized by JTAG.  If that is absolutely true without loopholes then I would not have to worry about routing BSL to each device just to be able to password lock BSL.  On the other hand JTAG is not protected by default and therefore would always have to be PCB routed to be able to lock it permanently.

    Unanswered, what is the use of IPE at all if it can be neutralized with a BOR followed by a BSL,or JTAG access the code memory ?

    Regarding the problem of minimizing PCB space and connectors needed to program several MSP430FRs on a single PCB, Yes, PCB space is a  premium. You refer to a master JTAG device programming several slaves JTAG devices. I have theJTAG programming  document for FR devices, could you provide the section you are referring to ?

    Generating BSL commands from one main MSP430FR to others devices seems relatively simpler.  Do you mean the main master device would function as a JTAG repeater duplicating the host JTAG signals on its I/O port connected to other MSP430FR devices ? That would require accessing every slave RST_b and TEST pins from that master I/Os as well.  Do you mean the master would function as a sort of serial to parrallel JTAG multiplexer / repeater ?  

  • 0 in reply to Eric Walburger
    Guru 33653 points

    SBW / JTAG (program memory read / write) operation is protected by SBW / JTAG fuse. This is not a hardware fuse, it is just value written on fuse memory address. For example writing two 05555h words on 0FF80h address will "blow" FRAM SBW / JTAG fuse (check address for your device). This can be done by BSL, SBW / JTAG or device itself.

    Yes, system whit one BSL master and slaves is more simple, but than number of lines between master and targets is doubled (TEST, RESET, RXD, TXD) related to SBW (TEST, RESET).

    No, I was not thinking on JTAG multiplexer, but on standalone SBW master based on slau320 ( http://www.ti.com/tool/REP430F ), that can update firmware one by one, or all together in parallel on target devices. With FRAM targets it is simple, because there is no flash writing and related timing. Updating firmware can be done by Quick Read / Write functions. slau320 is written with MSP430F5xx as master, but I remeber that there is working modified open source example with MSP430FR as master, somewhere on github (there is related topic and link posted somewhere on e2e).

**Attention** This is a public forum