SLAA834B May   2018  – August 2021 MSP430FR2000 , MSP430FR2032 , MSP430FR2033 , MSP430FR2100 , MSP430FR2110 , MSP430FR2111 , MSP430FR2153 , MSP430FR2155 , MSP430FR2310 , MSP430FR2311 , MSP430FR2353 , MSP430FR2355 , MSP430FR2422 , MSP430FR2433 , MSP430FR2475 , MSP430FR2476 , MSP430FR2512 , MSP430FR2522 , MSP430FR2532 , MSP430FR2533 , MSP430FR2632 , MSP430FR2633 , MSP430FR2672 , MSP430FR2673 , MSP430FR2675 , MSP430FR2676 , MSP430FR4131 , MSP430FR4132 , MSP430FR4133 , MSP430FR5720 , MSP430FR5721 , MSP430FR5722 , MSP430FR5723 , MSP430FR5724 , MSP430FR5725 , MSP430FR5726 , MSP430FR5727 , MSP430FR5728 , MSP430FR5729 , MSP430FR5730 , MSP430FR5731 , MSP430FR5732 , MSP430FR5733 , MSP430FR5734 , MSP430FR5735 , MSP430FR5736 , MSP430FR5737 , MSP430FR5738 , MSP430FR5739 , MSP430FR5847 , MSP430FR58471 , MSP430FR5848 , MSP430FR5849 , MSP430FR5857 , MSP430FR5858 , MSP430FR5859 , MSP430FR5867 , MSP430FR58671 , MSP430FR5868 , MSP430FR5869 , MSP430FR5870 , MSP430FR5872 , MSP430FR58721 , MSP430FR5887 , MSP430FR5888 , MSP430FR5889 , MSP430FR58891 , MSP430FR5922 , MSP430FR59221 , MSP430FR5947 , MSP430FR59471 , MSP430FR5948 , MSP430FR5949 , MSP430FR5957 , MSP430FR5958 , MSP430FR5959 , MSP430FR5962 , MSP430FR5964 , MSP430FR5967 , MSP430FR5968 , MSP430FR5969 , MSP430FR59691 , MSP430FR5970 , MSP430FR5972 , MSP430FR59721 , MSP430FR5986 , MSP430FR5987 , MSP430FR5988 , MSP430FR5989 , MSP430FR59891 , MSP430FR5992 , MSP430FR5994 , MSP430FR59941

 

  1.   Trademarks
  2. Introduction
  3. Configuration of MSP430FR4xx and MSP430FR2xx Devices
  4. In-System Programming of Nonvolatile Memory
    1. 3.1 Ferroelectric RAM (FRAM) Overview
    2. 3.2 FRAM Cell
    3. 3.3 Protecting FRAM Using Write Protection Bits in FR4xx Family
    4. 3.4 FRAM Memory Wait States
    5. 3.5 Bootloader (BSL)
    6. 3.6 JTAG and Security
    7. 3.7 Production Programming
  5. Hardware Migration Considerations
  6. Device Calibration Information
  7. Important Device Specifications
  8. Core Architecture Considerations
    1. 7.1 Power Management Module (PMM)
      1. 7.1.1 Core LDO and LPM3.5 LDO
      2. 7.1.2 SVS
      3. 7.1.3 VREF
    2. 7.2 Clock System
      1. 7.2.1 DCO Frequencies
      2. 7.2.2 FLL, REFO, and DCO Tap
      3. 7.2.3 FRAM Access at 16 MHz and 24 MHz and Clocks-on-Demand
    3. 7.3 Operating Modes, Wakeup, and Reset
      1. 7.3.1 LPMx.5
      2. 7.3.2 Reset
    4. 7.4 Determining the Cause of Reset
    5. 7.5 Interrupt Vectors
    6. 7.6 FRAM and the FRAM Controller
    7. 7.7 RAM Controller (RAMCTL)
  9. Peripheral Considerations
    1. 8.1  Overview of the Peripherals on the FR4xx and FR59xx Families
    2. 8.2  Ports
      1. 8.2.1 Digital Input/Output
      2. 8.2.2 Capacitive Touch I/O
    3. 8.3  Communication Modules
    4. 8.4  Timer and IR Modulation Logic
    5. 8.5  Backup Memory
    6. 8.6  RTC Counter
    7. 8.7  LCD
    8. 8.8  Interrupt Compare Controller (ICC)
    9. 8.9  Analog-to-Digital Converters
      1. 8.9.1 ADC12_B to ADC
    10. 8.10 Enhanced Comparator (eCOMP)
    11. 8.11 Operational Amplifiers
    12. 8.12 Smart Analog Combo (SAC)
  10. ROM Libraries
  11. 10Conclusion
  12. 11References
  13. 12Revision History

3.6 JTAG and Security

On the FR4xx devices, the JTAG/SBW is locked by programming a specific signature into the device's FRAM memory at JTAG/SBW signature address of FF80h to FF83h.

When JTAG/SBW is locked by programming the JTAG/SBW signature, access to the device is only possible through the BSL (using the BSL password). However, when the BSL is not disabled and the BSL password is supplied, it is possible to clear the JTAG/SBW signature and make JTAG communication available again. Hence, on the FR4xx devices, locking the JTAG/SBW is reversible if the BSL password is known and BSL is not disabled.

Table 3-2 describes the FR4xx device password, BSL signature, and JTAG/SBW signature.

Table 3-2 FR4xx Device Password, BSL Signature, and JTAG/SBW Signature
NameAddressValueDevice SecurityBSL or SBW Behavior After Reset
Device passwordFFE0h to FFFFhDepending on vector table configurationThe value is used to protect BSL.
BSL signatureFF84h to FF87h5555_5555hSecured, password not requiredBSL is bypassed. User code starts immediately.
Any other valuesSecured, password required through the BSLBSL is invoked before user code starts if BSL is triggered.
JTAG/SBW signatureFF80h to FF83hFFFF_FFFFhNot securedJTAG/SBW is not locked.
0000_0000h
Any other valuesSecuredJTAG/SBW is locked.

On the FR59xx devices, a fuse is used. Securing the device involves writing a specific signature to the JTAG signature location. When the fuse is programmed, access to the device is possible only through the BSL (using the BSL password). However, when the BSL password is supplied, it is possible to clear the JTAG fuse and make JTAG communication available again. Hence, on the FR59xx devices, blowing the JTAG fuse is reversible if the BSL password is known. The FR59xx family also provides an addition feature: JTAG lock with password. The password is located at FRAM location 0xFF88 and can be one to four words in length. To be able to access JTAG, the tool chain needs to first provide the password, following which JTAG access is granted. Any access with an incorrect password prevents JTAG access. When a password is verified, complete JTAG access is possible until the next BOR event.