Thanks old_cow_yellow,
TI's JTAG programming guide said that
1.4.4 Unlocking a Password-Protected Device
Devices that support protection by user password can be unlocked by providing the correct password. To
unlock the device, the JTAG mailbox is used in combination with the device BootCode.
To activate the password unlock mechanism, the password exchange request (0x1E1E) must be applied
to the device (see the detailed sequence diagram below)
So it seems doable to regain JTAG access by using JTAG to exchange password.
In addition, if "device Bootcode" here means BSL, then how can BSL
trigger JTAG password exchange request?