Jump to content
43oh

Prevent reading code

MSPLife

By MSPLife,
in General

 Share Followers 0

Recommended Posts

enl

enl 227

Posted
Posted

For information about the MSP430, see SLAU319, "Programming via the bootstrap loader", SLAU320, "Programming via the JTAG interface", and SLAU265, "MSP430 Memory programming" (outdated and superseded by the other two, but still useful)

 

A summary: disable JTAG and password protect BSL access.

 

If future access will be required for in circuit reprogramming, there are a variety of options, but the essence is that you set a password that prevents protected commands, like reading the program memory, via JTAG or BSL

Link to post
Share on other sites
MSPLife

MSPLife 2

Posted
  • Author
Posted

If I implement programing with BSL, is it protect my code in all situation? I have read some docs about BSL and I realized that it only a method as well as JTAG, why it can protect my code?

I only not understand about fuse of JTAG- could I find any doc to get this knownledge ?

Thanks in advanced!

Link to post
Share on other sites
enl

enl 227

Posted
Posted

docs are the references above from TI. Google for SLAU319 and 320. This is really not a 30 second, one paragraph thing to answer. The protection is provided via a number of options using the same interfaces that are used for programming.

 

The option with BSL is to set the password (32 bytes, which is a 256bit password) that will be required for the read command to be used to read the code memory, either via JTAG or BSL. Disabling JTAG reduces the risk of several possible exploits that can get information without an explicit read (see the docs on the CCC website for more info).

 

NOTHING can provide absolute security. I could decap the IC an use several methods to directly read the code memory if I wanted it bad enough (well, I personally couldn't at this time, but some of my former students could, and I could have when I was still in university, and, now that I think about it, maybe I could now, but I would need several samples to work with, and I wouldn't bet my house on it). More work than in the old days of mask programmed ROM, where you could pretty much read the data with an optical microscope, but still not a major challenge with appropriate gear. ANY security you use can be broken, and the issue is whether it is some guy in his basement, or if it requires equipment that only someone with enough money to reproduce you work from the ground up anyway will have.

 

Edit: 32*8 is 256 bit password, not 512. I have become too used to working with 16bit words over the last few years....

Link to post
Share on other sites
enl

enl 227

Posted
Posted

Cutting the pin off is effective against casual tampering, but it isn't usually that hard to get contact to even a below surface stub. Then again, anyone that is going to go that far is likely to be able to dig far enough to get by most of the built in security, as well, if they have the incentive.

Link to post
Share on other sites
KatiePier

KatiePier 73

Posted
Posted

Hi @@MSPLife,

 

@@enl's summary above is spot on.

 

One or two more additions about BSL - with the BSL password protection, as @@enl mentioned you cannot read out the part unless you provide the correct 32-byte BSL password. Now, if you provide an incorrect password, the part will do a mass erase which should get rid of the code in the part - that is to try to help against someone brute-forcing your password. After your code is erased, there's not anything for them to read anymore of value. This should all be described in www.ti.com/lit/pdf/slau319

 

The other point I wanted to make was, that only some parts in the G2xx family have a BSL in hardware - G2xx3/4/5 do, but the earlier G2xx1/2 don't I believe. Make sure to check your device datasheet if you want to use BSL. If you still need to do firmware updates, but also want to blow the JTAG fuse on a G2xx1/2 that does not have BSL, you could look into doing a main/info memory bootloader like discussed in the MSP-BOOT app note SLAA600, or potentially the tiny G2xx loader mentioned at the end of SLAA450.

 

But as @@enl and others have mentioned, there's not one way to make sure you are 100% safe if someone really has the resources time and motivation trying to break in with some fancy tools - this is true of any IC. But you do what you can to make it harder for someone to do it - it's like locking the door on your car.

 

Regards,

Katie

Link to post
Share on other sites
MSPLife

MSPLife 2

Posted
  • Author
Posted

I think the MSP430G2xxx (and F2xxx's they're derived from) require the use of TI's professional MSP-FET or older MSP-FET430UIF tools with the high-voltage JTAG fuse blow feature.  Be sure to read the TI documents VERY carefully since high voltages are involved (12V or so I believe).

I do not quite understand your suggest, I have a MSP-FET, if I use it for flasing my code to msp430, is it protected?

I'm also not know about JTAG fuse, could you make me clear in 'JTAG fuse' ? is fuse will break after flash code so someone else can not read my code?

Link to post
Share on other sites
enl

enl 227

Posted
Posted

You need to explicitly request the fuse be blown (or the flash equivalent on those without the physical fuse). I don't have a MSP-FET, and have never done it on these processors, but I have seen it in the documentation, and done it with other families.

 

Blowing the fuse is like blowing a fuse in your electrical box: blown is blown. Once the fuse is blown, the JTAG interface is disabled on the device. Forever. It can never be re-enabled, even by reflashing the device via BSL.There is no going back. (see, for example, SLAS722g, page 36, `JTAG Fuse', note (1)-- this is for MSP430g2X12/2X52, but others with the fuse are similar)

 

In the devices with no fuse (that use an enable code in flash instead), the status is checked at powerup, and the JTAG hardware not enabled unless the status (in flash) is correct. On reprogram  (via BSL), this can be reset.

 

Again, the device can still be accessed via BSL, so you need to SET THE PASSWORD (32 bytes) to prevent the device memory from unauthorized reads. See SLAU319I, sec 2.7 for details (password is interrupt vector space; any that are not in use can be set freely) This also explains how to enable/disable the automatic memory wipe on incorrect password and/or disable BSL entirely.

 

Edit: add ref to SLAS722

Edit 2: ref SLAU319

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Followers 0
Go to topic listing
×
×
  • Create New...