SLAA721E October   2016  – March 2020 MSP430FR5969 , MSP430FR5969-SP , MSP430FR5994 , MSP430FR6989

 

  1.   Trademarks
  2. 1Introduction
    1. 1.1 Glossary
    2. 1.2 Conventions
  3. 2Implementation
    1. 2.1 Main
    2. 2.2 Application Manager
      1. 2.2.1 Bootloader and Application Detection
        1. 2.2.1.1 Forcing Bootloader Mode
        2. 2.2.1.2 Application Validation
        3. 2.2.1.3 Jumping to Application
      2. 2.2.2 Memory Assignment
      3. 2.2.3 Interrupt Vectors in FRAM Devices
    3. 2.3 Memory Interface (MI)
      1. 2.3.1 Dual Image Support
    4. 2.4 Communication Interface (CI)
      1. 2.4.1 Physical-DataLink (PHY-DL)
        1. 2.4.1.1 UART
        2. 2.4.1.2 SPI
        3. 2.4.1.3 CC110x
        4. 2.4.1.4 Comm Sharing
      2. 2.4.2 NWK-APP
        1. 2.4.2.1 BSL-Based Protocol
          1. 2.4.2.1.1 Security
          2. 2.4.2.1.2 BSL-Based Protocol Using CC110x
          3. 2.4.2.1.3 Examples Using UART or CC110x
  4. 3Customization of MSP430FRBoot
    1. 3.1 Predefined Customizations
  5. 4Building MSPBoot
    1. 4.1 LaunchPad™ Development Kit Hardware
    2. 4.2 CC110x Hardware
    3. 4.3 Software
      1. 4.3.1 Building the Target Software
      2. 4.3.2 Convert Application Output Images
      3. 4.3.3 Generating Linker Files
  6. 5Demo Using FRAM LaunchPad Development Kit as Host
    1. 5.1 Hardware
    2. 5.2 Building the Host Project
    3. 5.3 Running the Demo
  7. 6Porting the target side example projects to other MSP430FR devices
  8. 7References
  9. 8Revision History

2.2.1.2 Application Validation

The application validation mechanism allows the bootloader to validate the application before executing it. Three methods are implemented to allow for different levels of code footprint and security:

  • Single image mode (new application will download directly into the application area)

    • Two options can be used in this mode (Defined in TI_MSPBoot_Config.h):

      • Level_1: Checks if the reset vector is empty (0xFFFF)

      • Level_2: Does CRC in the application area and uses the CRC result to compare with the CRC signature that is located at the start of the application memory

  • Dual image mode (new application will download into a dedicated area and copy into the application area after the CRC check)

Figure 2-4 shows the implementation of the validation process in dual image mode.

GUID-758C33FE-85D0-4920-A016-594738C69165-low.gif Figure 2-4 Dual Image Application Validation

The validation methods can prevent executing corrupted applications but they do not ensure the integrity and functionality of the application, which is the user’s responsibility. If the application does not have the intended functionality, the MSP430 can still be recovered using a hardware entry sequence.

When an application download process is completed, MSPBoot performs the following steps before jumping to the new application:

  1. Validate the new image in the Download area.

    1. If invalid, exit. A reset forces the bootloader again and executes the application only if the original image is valid.

    2. Continue otherwise.

  2. Replace Application area with Download area.

  3. Validate image in Application area.

    1. If valid, erase Download area. A reset will execute the application, because the image in the Application area is valid.

    2. Exit otherwise. This is an unexpected state, but a reset will validate both images again.