A USB-HID BSL Programmer for
TI MSP430FG4618

This project is a follow-up to the USB-HID on a USBASP Board project, combined it with the TI MSP430 Launchpad base BLS loader project. I eliminated the Launchpad and replaced it with the re-programmed USBASP board.

Here how the USBASP board and the MSP430 board connector match up

Using the BSL User’s Guide found here: https://www.ti.com/lit/pdf/SLAU319AD

First step was to determine which version of the BSL is used with the MSP430FG4618

Table 5-8 on page 40 indicates this to be V2.12. This table also verified the RX & TX signal connections.

On page 8 we discovered details about password requirements. Only a very few commands are not password protected.

2.2.1 Unprotected Commands
• Receive password
• Mass erase (erase entire flash memory, main as well as information memory)
• Transmit BSL version (V1.50 or higher or in loadable BL_150S_14x.txt but not V2.x BSLs)
• Change baud rate (V1.60 or V1.61 or V2.0x or in loadable BL_150S_14x.txt)

2.2.2 Password Protected Commands
• Receive data block to program flash memory, RAM, or peripherals
• Transmit data block
• Erase segment
• Erase check (present in V1.60 or higher or in loadable BL_150S_14x.txt)
• Set Memory Offset (present in V2.12 or higher)
• Load program counter and start user program
• Change baud rate (BSL versions lower than V1.60 and higher than V2.10)

One of the unprotected commands is the Mass Erase command and a further note in the description of that command mentions: Mass erase initializes the password area to 32 times 0FFh

Erasing the chip seemed to be the best command to try first since then we would be sure that the password is now set to the default value and will be able to try/test other commands

The sequence of events should be
1. Enter BSL Mode
2. Start BSL (send 0x80 and wait for ACK (0x90) from target.
3. Send a BSL command packet (each one starting with 0x80)
4. Wait for ACK (0x90) , NAK (0xA0) or the requested block of data in the case of read commands.

On page 6 section 1.3.1.2 of the specification indicates:
The BSL program execution starts whenever the TCK pin has received a minimum of two falling edges and TCK
is low while RST/NMI rises from low to high

steps 1 & 2 are implemented in the startBSL() and bsl_enter() function in mspbslHID.c

I’ve pre-defined a number of arrays containing commonly used commands such as
Set mem offset, Mass Erase, Erase Segment, RX data Block, TX data block and RX password.
So now to send a command I’ll use one of the predefined blocks to build a command message then
calculate the necessary checksum values and add them to the command buffer, tell the system how long to wait for a response and what kind of response to expect (simple ACK/NAK or data) and finally send the command buffer over the USART to the target device. Then wait for a response while making sure the USB system or the watchdog timer doesn’t time out. See the function bsl_WaitByte () and mspbslHID.c

I tried this with the Mass Erase command and after a few false starts was able to successfully erase the chip.
I then moved on to implementing the RX Password command, sending the default password.

This command MUST be successfully executed before any of the other BSL commands will work.

Once successful with the password command I could begin to develop and test other commands to write and read memory from the device.

Of course only the very basic BSL commands are handled by the re-programmed USBASP device.

The bulk of the work is done on the PC end since ultimately that where the data is we need to send to the chip.

The USBASP device communicates with the target MSP430 device via it’s USART pins and it communicates with the PC via the USP HID protocol. You’ll find most of the USP HID details in these other projects. USB-HID on a USBASP Board and USB HID Programmer for the CC2510

In this case we have defined a handful of messages that the PC can send to the USBASP device to control the programming of the target.

The PC Program MSPpgmrHID.exe is a command line program and would typically be invoked via a .cmd or batch file.

One must simply invoke the MSPpgmrHID.exe followed by the MSP430 binary file created by CCS and it will take all the necessary steps to send the data to the target device appropriately.

If MSPpgmrHID.exe is invoked without supplying that filename, it produces a menu that I used extensively to debug the system during development. It will send basic USB commands to the USBASP device and display the resulting response data.

Another useful feature added to the PC utility is the Terminal Mode. Since we are already using the USART on the on the USBASP device I’ve added the ability to communicate directly to the target’s serial pins and relay that data back to the PC to display on he screen. This allows one to use the BSL programmer as sort of a USB-Serial adapter (with a very limited data rate) and communicate with the program running on the target MSP430 device.

At this point we’ve been using the default password to program our target device but if you should wish to password protect your device with something other than the default password the PC utility allows you to do so.

Simply define your 32 byte password and enter it into a text file named bsl_pwd.txt in the same format as the one supplied in the package. Then use the menu function to read and apply that password file before programming the device with your new program. Be sure to save the password file as you will need it if you plan on modifying the code in place. Otherwise you’ll have to mass erase the chip (thus resetting it to the default password) before a new program can be entered or any data can be read from the device.

Description of download links:

mspbslHID.zip project source and binaries (for both AVR and PC side )

Schematic001.pdf Interface connector schematic