SLAU550AB January   2014  – September 2022 MSP430FR2032 , MSP430FR2033 , MSP430FR2110 , MSP430FR2111 , MSP430FR2153 , MSP430FR2155 , MSP430FR2310 , MSP430FR2311 , MSP430FR2353 , MSP430FR2355 , MSP430FR2433 , MSP430FR2532 , MSP430FR2533 , MSP430FR2632 , MSP430FR2633 , MSP430FR4131 , MSP430FR4132 , MSP430FR4133 , MSP430FR5041 , MSP430FR5043 , MSP430FR50431 , MSP430FR5847 , MSP430FR58471 , MSP430FR5848 , MSP430FR5849 , MSP430FR5857 , MSP430FR5858 , MSP430FR5859 , MSP430FR5867 , MSP430FR58671 , MSP430FR5868 , MSP430FR5869 , MSP430FR5887 , MSP430FR5888 , MSP430FR5889 , MSP430FR58891 , MSP430FR5947 , MSP430FR59471 , MSP430FR5948 , MSP430FR5949 , MSP430FR5957 , MSP430FR5958 , MSP430FR5959 , MSP430FR5967 , MSP430FR5968 , MSP430FR5969 , MSP430FR5969-SP , MSP430FR59691 , MSP430FR5986 , MSP430FR5987 , MSP430FR5988 , MSP430FR5989 , MSP430FR5989-EP , MSP430FR59891 , MSP430FR6041 , MSP430FR6043 , MSP430FR60431 , MSP430FR6877 , MSP430FR6879 , MSP430FR68791 , MSP430FR6887 , MSP430FR6888 , MSP430FR6889 , MSP430FR68891 , MSP430FR6927 , MSP430FR69271 , MSP430FR6928 , MSP430FR6972 , MSP430FR6977 , MSP430FR6979 , MSP430FR69791 , MSP430FR6987 , MSP430FR6988 , MSP430FR6989 , MSP430FR69891

 

  1.   Abstract
  2.   Trademarks
  3. 1Introduction
    1. 1.1 BSL Limitations
    2. 1.2 Other Useful Documentation
  4. 2Overview of BSL Features
  5. 3BSL Architecture
    1. 3.1 Communication Interface
      1. 3.1.1 UART BSL
      2. 3.1.2 I2C BSL
    2. 3.2 BSL Memory
      1. 3.2.1 BSL Memory Layout
      2. 3.2.2 BSL Z-Area
      3. 3.2.3 BSL Memory Consideration
    3. 3.3 BSL Invocation
      1. 3.3.1 Software BSL Invocation
        1. 3.3.1.1 Starting the BSL From an External Software Application
        2. 3.3.1.2 BSL Action
          1. 3.3.1.2.1 BSL Action Function 2
      2. 3.3.2 Hardware BSL Invocation
        1. 3.3.2.1 Factors That Prevent Hardware BSL Invocation
      3. 3.3.3 Blank Device Detection
    4. 3.4 BSL Time-out Feature
    5. 3.5 BSL Version Number
    6. 3.6 BSL (User) Configuration
      1. 3.6.1 Configuring the BSL
        1. 3.6.1.1 Example of BSL User Configuration
        2. 3.6.1.2 Implement BSL Configuration in Application Code
  6. 4BSL Protocol
    1. 4.1 BSL Data Packet
      1. 4.1.1 UART Peripheral Interface Wrapper
      2. 4.1.2 I2C Peripheral Interface Wrapper
      3. 4.1.3 BSL Acknowledgment
      4. 4.1.4 BSL Core Response and BSL Core Message
      5. 4.1.5 BSL Core Commands
        1. 4.1.5.1 RX Data Block
        2. 4.1.5.2 RX Password
        3. 4.1.5.3 Mass Erase
        4. 4.1.5.4 CRC Check
        5. 4.1.5.5 Load PC
        6. 4.1.5.6 TX Data Block
        7. 4.1.5.7 TX BSL Version
        8. 4.1.5.8 RX Data Block Fast
        9. 4.1.5.9 Change Baud Rate
    2. 4.2 BSL Security
      1. 4.2.1 Protected Commands
      2. 4.2.2 RAM Erase
      3. 4.2.3 BSL Entry
  7. 5Common BSL Use Cases
    1. 5.1 Overview and Flow Chart
    2. 5.2 Establish a Connection
    3. 5.3 Erase the Device
    4. 5.4 Download the Application
    5. 5.5 Verify the Application
    6. 5.6 Run the Application
  8. 6Customize the BSL
  9. 7Bootloader Versions
    1. 7.1 FR2xx BSL Versions
    2. 7.2 FR4xx BSL Versions
    3. 7.3 FR57xx BSL Versions
    4. 7.4 FR58xx and FR59xx BSL Versions
    5. 7.5 FR6xx BSL Versions
  10. 8Revision History

4.1.5.2 RX Password

Structure BSL Core Command

BSL Command Protected CMD AL AM AH Data BSL Core Response
RX Password No 0x11 D1…D32 Device dependent

Description

The BSL core receives the password contained in the packet and unlocks the BSL protected commands if the password matches the top 16 words in the BSL interrupt vector table (located between addresses 0xFFE0 and 0xFFFF).

When an incorrect password is given, a mass erase is initiated. For MSP430FR5xx and MSP430FR6xx devices, this means all code FRAM is erased but not information memory. For MSP430FR2xx and MSP430FR4xx devices, this means all code FRAM including the information memory is erased.

After a mass erase is performed, the password is always 0xFF for all bytes. This is commonly used to gain access to an empty device or to load a new application to a locked device without password. The mass erase security feature can be disabled by setting the BSL signatures as described in the corresponding family user's guide (see Section 1.2).

Protection

This command is not password protected.

Command

0x11

Command Address

N/A

Command Data

The command data is 32 bytes long and contains the device password.

Command Returns

The MSP430FR5xx and MSP430FR6xx bootloader does not send the BSL core response for the incorrect password. Ignore any acknowledgment from the device and initialize the communication with BSL again.

The MSP430FR2xx and MSP430FR4xx bootloader sends the BSL acknowledgment and BSL core response with the status of operation. See Section 4.1.4 for more information on BSL core responses.

Example for UART PI

Unlock a blank device:

Header Length Length CMD D1 D2 D3 D4 D5 D6
0x80 0x21 0x00 0x11 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
D7 D8 D9 D10 D11 D12 D13 D14 D15 D16
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
D17 D18 D19 D20 D21 D22 D23 D24 D25 D26
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
D27 D28 D29 D30 D31 D32 CKL CKH
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0x9E 0xE6

BSL response for a successful password:

ACK Header Length Length CMD MSG CKL CKH
0x00 0x80 0x02 0x00 0x3B 0x00 0x60 0xC4

Example for I2C PI

Unlock a blank device:

I2C Header Length Length CMD D1 D2 D3 D4 D5
S/A/W 0x80 0x21 0x00 0x11 0xFF 0xFF 0xFF 0xFF 0xFF
D6 D7 D8 D9 D10 D11 D12 D13 D14 D15
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
D16 D17 D18 D19 D20 D21 D22 D23 D24 D25
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF
D26 D27 D28 D29 D30 D31 D32 CKL CKH
0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0xFF 0x9E 0xE6

BSL response for a successful password:

I2C ACK Header Length Length CMD MSG CKL CKH I2C
S/A/R 0x00 0x80 0x02 0x00 0x3B 0x00 0x60 0xC4 STOP