SLUUDI6 December   2025 MSPM33C321A

 

  1.   1
  2.   Abstract
  3.   Trademarks
  4. 1Introduction
    1. 1.1 Overview of BSL Features
    2. 1.2 Terminology
    3. 1.3 Additional resources
  5. 2BSL Architecture
    1. 2.1 Design
      1. 2.1.1 Timeout Feature
        1. 2.1.1.1 Interface Autodetection
        2. 2.1.1.2 Command Reception
    2. 2.2 BSL Invocation
      1. 2.2.1 Application Request
      2. 2.2.2 GPIO Based Invocation
      3. 2.2.3 Debug Mailbox Command
      4. 2.2.4 Other BSL Invocation Methods
        1. 2.2.4.1 Pre-Boot Application Verification
        2. 2.2.4.2 Blank Device Handling
    3. 2.3 Memory
      1. 2.3.1 SRAM Memory Usage
    4. 2.4 BSL Non-Main Configuration
      1. 2.4.1  BSL Configuration ID
      2. 2.4.2  BSL Interface Pins (BLINTERFACE_PINS)
      3. 2.4.3  BSL Invoke Pin Configuration (BSLPIN_INVOKE)
      4. 2.4.4  Memory Readout Configuration
      5. 2.4.5  BSL Password
      6. 2.4.6  Application Revision Pointer
      7. 2.4.7  Security Alert Level
      8. 2.4.8  UART Baud Rate
      9. 2.4.9  I2C Slave Address
      10. 2.4.10 Configuration CRC
    5. 2.5 Changing BSL Configuration
      1. 2.5.1 Reference
      2. 2.5.2 Using SysConfig and Code Composer Studio (CCS)
      3. 2.5.3 Using Debug Interface
  6. 3Bootloader Protocol
    1. 3.1 Packet Format
    2. 3.2 BSL Protocol
      1. 3.2.1 BSL Acknowledgment
      2. 3.2.2 Peripheral Configuration
        1. 3.2.2.1 UART
        2. 3.2.2.2 I2C
        3. 3.2.2.3 CRC
    3. 3.3 Bootloader Core Commands
      1. 3.3.1  Connection
      2. 3.3.2  Get Device Info
      3. 3.3.3  Unlock Bootloader
      4. 3.3.4  Program Data
      5. 3.3.5  Program Data Fast
      6. 3.3.6  Readback Data
      7. 3.3.7  Flash Range Erase
      8. 3.3.8  Mass Erase
      9. 3.3.9  Factory Reset
      10. 3.3.10 Standalone Verification
      11. 3.3.11 Start Application
      12. 3.3.12 Change Baud Rate
    4. 3.4 Bootloader Core Response
      1. 3.4.1 BSL Core Message
      2. 3.4.2 Detailed Error
      3. 3.4.3 Memory Readback
      4. 3.4.4 Device Info
      5. 3.4.5 Standalone Verification
    5. 3.5 Bootloader Security
      1. 3.5.1 Password Protected Commands
        1. 3.5.1.1 Security Alert
      2. 3.5.2 BSL Entry
  7. 4Sample Program Flow with Bootloader
  8. 5Revision History

2.4.5 BSL Password

Memory Address: 0x80101C14 - 0x80101C30

The PASSWORD field stores the SHA-256 hash (32 bytes) of the password used for BSL authentication. This password is required to unlock the bootloader and access protected BSL commands.

Default Value: The hash of a string of all 0xFF bytes

  1. Word 0 (0x80101C14): 0x761396AF
  2. Word 1 (0x80101C18): 0x5F63720F
  3. Word 2 (0x80101C1C): 0x5A4AB4BD
  4. Word 3 (0x80101C20): 0x9FC3630A
  5. Word 4 (0x80101C24): 0xF930AF12
  6. Word 5 (0x80101C28): 0x5CEEA650
  7. Word 6 (0x80101C2C): 0x88E11B97
  8. Word 7 (0x80101C30): 0x51409CE8

Usage

The BSL password is used to protect access to critical BSL commands that can modify the device memory or read sensitive information. When the BSL is invoked, it starts in a locked state. To unlock the BSL and access protected commands, the host must send the Unlock Bootloader command (CMD_UNLOCK_BSL, 0x21) with the correct password.

The password authentication process works as follows:

  1. The host sends the Unlock Bootloader command with a 32-byte password.
  2. The BSL calculates the SHA-256 hash of the received password.
  3. The BSL compares the calculated hash with the stored password hash in the BSL configuration.
  4. If the hashes match, the BSL is unlocked and protected commands become available.
  5. If the hashes do not match, the BSL remains locked and returns a BSL_PASSWORD_ERROR.

The BSL includes several security features to protect against password attacks:

  1. Sleep Delay: If an incorrect password is sent, the device enters sleep mode for 2 seconds and does not accept any commands during this period. This makes brute force attacks more time-consuming.
  2. Security Alert: If an incorrect password is sent 3 times, a security alert action is taken based on the SECURITY_ALERT_LEVEL configuration. This can include:
    1. Factory Reset: Erases all flash memory
    2. Disable Bootloader: Permanently disables the bootloader
    3. Do Nothing: No action is taken
  3. Password Backup: Before performing a factory reset, the BSL backs up the password to SRAM. This allows the BSL to be unlocked after a factory reset, even if the password field in non-main flash is erased.

Changing the BSL Password

There are multiple methods to change the BSL password

  1. Using BSL Commands
    1. Unlock the BSL with the current password.
    2. Calculate the SHA-256 hash of the new password.
    3. Update the PASSWORD field in the BSL configuration with the new hash.
    4. Calculate the new CRC for the BSL configuration.
    5. Program the updated BSL configuration to non-main flash using the Program Data command.
  2. Using SysConfig and Code Composer Studio (CCS)The SysConfig tool provides a Non-Main Configurator that can generate a complete non-main configuration. If the non-main flash area is not protected, you can use the Flash Loader in Code Composer Studio to directly modify the BSL password.
    1. Open the SysConfig tool in CCS or as a standalone application.
    2. Navigate to the Non-Main Configurator section.
    3. Configure all the BSL settings, including the PASSWORD field with the hash of the new password.
    4. Generate the non-main configuration binary.
    5. Program the generated binary to the non-main flash area using CCS Flash Loader or BSL commands.

Note: If you forget the BSL password, you may need to perform a DSSM factory reset to restore the default password. However, this will erase all flash memory, including the application code and configuration data. Alternatively, if the non-main flash area is not protected, you can use CCS with Flash Loader to reprogram the BSL configuration with a new password.