seilda TPMCNTLsta ticks+3lda TPMCNTHsta ticks+2lda TPM_overflow+1sta ticks+1lda TPM_overflowsta tickscli
The problem is between the 'sei' and the 'lda TPMCNTL'. It's conceivable that TPMCNT could overflow between those two instructions. TPM_overflow will then need to be incremented, but it won't because of the 'sei', making the lower 16 bits incoherent with the upper 16 bits. Swapping the instructions doesn't fix it; it just changes the "polarity" of the vulnerability.
Anyone know how to do long timers reliably?