RF430FRL153H: Security feature.

Hello Naser,

The locking of memory blocks is prevent over-the-air access of the FRAM data that is accessible through RF, but any block that is locked can still be overwritten with JTAG. Furthermore, there is no method to lock the blocks with RF in a manner that only a developer can access it. Lock block is all or nothing in that regard. Note that Lock Block also does not prevent reads from over-the-air commands.

The device is very lacking in terms of the security they are after, such safeguards were not a priority in it's development.

There was the intention to use the FRAMLCK0-2 feature through the SYS Configuration Register (SYSCNF) to be able to help guard FRAM for both read and write protection, but there is an issue in that the RF stack will override the FRAMLCK bits, rendering that feature fairly useless. Furthermore, there is also the issue that SYSCNF would be able to be overwritten as well, if JTAG access was achieved - as it is not password protected.

Additionally, there is no tamper protection offered for these devices unlike some MSP430 FRAM parts, so there is no method to really guard JTAG from being accessed though road blocks like limiting physical access could be used.

What can be protected however, are certain registers which have the ability to be password protected via JTAG Mailbox, these registers are:

• RF Power Management Module
• Compact Clock System
• FRAM Controller
• Watchdog Timer

So that can help guard the application running somewhat, but the FRAM Controller does not include FRAM protection within it, so the FRAM will still be vulnerable if JTAG is accessed.

Their best method to prevent the protect from being altered would be to lock all the blocks to prevent over-the-air writes, and then try to physically secure JTAG the best they can, but any truly determined hacker would ultimately be able to gain access to the device to overwrite the memory contents. That is about the only option on the table.