Other Parts Discussed in Thread: UNIFLASH, MSP-FET
Tool/software:
We are having some problems with password CRC verification when programming the MSP430F67791A using UniFlash in BSL (Bootloader) mode.
This is very similar to the following ticket:
MSP430FR2433: Trouble programming memory through BSL using Uniflash
Tools/Equipment Used
- UniFlash version(s): 8.1.1.4146 and 9.0.0.5086 (older and the also the latest version show the same issue)
- MSP-FET debugger/programmer
- MSP430F67791A
Description
Hopefully the following example highlights the issue:
- Program the device using UniFlash, with a JTAG interface (password is not required).
- The hex data of the program is known.
- The password data at 0xFFE0 is known.
- The software we loaded is V1.0
- Disconnect UniFlash and the MSP-FET programmer and check the program runs
- No problems and the program runs as expected.
- Connect the MSP-FET programmer and program the device again using UniFlash, but this time using BSL (Bootloader) mode (password is required).
- The hex data of the program is known and different to V1.0
- The password data at 0xFFE0 is known and is different to V1.0
- The software we loaded is V1.1
- The verification fails when the BSL checks address 0xFE00, which is the location of the password data.
Passwords
V1.0 password data is as follows:
@FFE0
E0 C0 DE C0 FF FF FF FF DC C2 7E C2 DC C0 B0 C1
84 C0 38 C0 FF FF 20 C2 FF FF FF FF FF FF 00 C0
q
V1.1 password data is as follows:
@FFE0
E0 C0 DE C0 FF FF FF FF E0 C2 82 C2 DC C0 B0 C1
84 C0 38 C0 FF FF 24 C2 FF FF FF FF FF FF 00 C0
q
As expected, some bytes are different between the 2 passwords.
UniFlash Settings
"test_V1.0.txt" was already loaded at this point and we select the password file for V1.0 software.
"test_V1.1.txt" is selected to be loaded into the device, which will overwrite V1.0 software.
My understanding is that the selected Password file must match the password data currently programmed into the device - so in this case the password data for V1.0 software.
CRC Failure
When the device is programmed with V1.1 software and verified, there is a failure at address 0xFFE0, which is the password address:
UniFlash expects the password CRC to be 0xA366, but the device's Bootloader calculates and returns 0xFB55.
I decoded the transfer to/from the device using the MSP430 Flash Devices Bootloader (BSL) document, which shows the command and response as follows:
- Command from UniFlash: [80] [06] [00] [16] [E0] [FF] [00] [20] [00] [3C] [EF]
- 80 = Header
- 60 00 = 0x0006 (bytes in packet)
- 16 = "CRC Check"
- E0 FF 00 = 0x00FFE0 (address)
- 20 00 = 0x0020 (length i.e., 32 bytes which is the password length).
- 3C EF = 0xEF3C (packet checksum)
- Response from MSP430: {00} {80} {03} {00} {3A} {55} {FB} {C6} {61}
- 00 = ACK from MSP430 indicating command packet is valid
- 80 = Header
- 03 00 = 0x0003 (bytes in packet)
- 3A = "CRC Value"
- 55 FB = 0xFB55 (CRC calculated by MSP430 Bootloader)
- C6 61 = 0x61C6 (packet checksum).
So, UniFlash uses the password file for "test_V1.0.txt" software (which is currently loaded into the MSP430) and verifies that the password matches the currently loaded software (PASS).
Then the new software "test_V1.1.txt" is programmed into the MSP430 (PASS).
Then the verification (memory check) stage happens (FAIL), where the password check fails.
CRC Calculation
I used the the online crccalc tool to calculate the expected CCITT CRC for the old and new passwords.
V1.0 (old) password = 0xA366
V1.1 (new) password = 0xFB55
Conclusion
I think that the UniFlash tool uses the provided password file data to check against the currently loaded software (OK), but also uses it to check against the new software being loaded (not OK).
This is partly based on the console output from UniFlash when in "verbose" mode:
