Testpoints
Stage | Name | Tests | Description |
---|---|---|---|
V1 | smoke | entropy_src_smoke | Enable entropy_src, wait for interrupt, verify entropy. |
V1 | csr_hw_reset | entropy_src_csr_hw_reset | Verify the reset values as indicated in the RAL specification.
|
V1 | csr_rw | entropy_src_csr_rw | Verify accessibility of CSRs as indicated in the RAL specification.
|
V1 | csr_bit_bash | entropy_src_csr_bit_bash | Verify no aliasing within individual bits of a CSR.
|
V1 | csr_aliasing | entropy_src_csr_aliasing | Verify no aliasing within the CSR address space.
|
V1 | csr_mem_rw_with_rand_reset | entropy_src_csr_mem_rw_with_rand_reset | Verify random reset during CSR/memory access.
|
V1 | regwen_csr_and_corresponding_lockable_csr | entropy_src_csr_rw entropy_src_csr_aliasing | Verify regwen CSR and its corresponding lockable CSRs.
Note:
This is only applicable if the block contains regwen and locakable CSRs. |
V2 | firmware | entropy_src_smoke entropy_src_fw_ov entropy_src_rng | Verify ability to access entropy register based on value of efuse input Verify sw_regupd, me_regwen bits enables/disables write access to control registers Verify control registers are read-only while DUT is enabled Verify registers at End-Of-Test |
V2 | firmware_mode | entropy_src_fw_ov | Verify health_checks aren't active Verify bypass active Verify read FIFO
|
V2 | rng_mode | entropy_src_rng | Verify rng entropy
|
V2 | health_checks | entropy_src_rng | Verify AdaptProp, RepCnt, RepCntSym, Bucket, Markov health check results match predicted.
|
V2 | conditioning | entropy_src_rng | Verify genbits seeds in bypass mode as predicted. Verify genbits seeds after sha3 conditioning as predicted. |
V2 | interrupts | entropy_src_rng | Verify es_entropy_valid interrupt asserts as predicted. Verify es_health_test_failed interrupt asserts as predicted. Verify es_fifo_err interrupt asserts as predicted. |
V2 | alerts | entropy_src_functional_alerts entropy_src_rng | Verify that all recoverable alerts are asserted as expected.
Any alerts not encountered as part of the usual entropy_src_rng test will be generated
by the |
V2 | stress_all | entropy_src_stress_all | Combine the individual test points while injecting TL errors and running CSR tests in parallel. |
V2 | functional_errors | entropy_src_functional_errors | Verify that all possible classes of fatal errors (FIFOs, Counters, state machine exceptions, etc.) have been generated. These errors typically violate assumptions made by the scoreboard, and thus cannot be managed by other tests. |
V2 | intr_test | entropy_src_intr_test | Verify common intr_test CSRs that allows SW to mock-inject interrupts.
|
V2 | alert_test | entropy_src_alert_test | Verify common
|
V2 | tl_d_oob_addr_access | entropy_src_tl_errors | Access out of bounds address and verify correctness of response / behavior |
V2 | tl_d_illegal_access | entropy_src_tl_errors | Drive unsupported requests via TL interface and verify correctness of response / behavior. Below error cases are tested bases on the TLUL spec
|
V2 | tl_d_outstanding_access | entropy_src_csr_hw_reset entropy_src_csr_rw entropy_src_csr_aliasing entropy_src_same_csr_outstanding | Drive back-to-back requests without waiting for response to ensure there is one transaction outstanding within the TL device. Also, verify one outstanding when back- to-back accesses are made to the same address. |
V2 | tl_d_partial_access | entropy_src_csr_hw_reset entropy_src_csr_rw entropy_src_csr_aliasing entropy_src_same_csr_outstanding | Access CSR with one or more bytes of data. For read, expect to return all word value of the CSR. For write, enabling bytes should cover all CSR valid fields. |
V2S | tl_intg_err | entropy_src_tl_intg_err entropy_src_sec_cm | Verify that the data integrity check violation generates an alert.
|
V2S | sec_cm_config_regwen | entropy_src_rng entropy_src_cfg_regwen | Verify the countermeasure(s) CONFIG.REGWEN. Verify that:
|
V2S | sec_cm_config_mubi | entropy_src_rng | Verify the countermeasure(s) CONFIG.MUBI. Verify that upon writing invalid MUBI values to configuration registers:
|
V2S | sec_cm_config_redun | entropy_src_rng | Verify the countermeasure(s) CONFIG.REDUN. Verify that upon improperly configuring the ALERT_TRESHOLD register:
|
V2S | sec_cm_intersig_mubi | entropy_src_rng entropy_src_fw_ov | Verify the countermeasure(s) INTERSIG.MUBI. Verify that unless the otp_en_entropy_src_fw_read or otp_en_entropy_src_fw_over input signals are equal to MuBi8True the DUT doesn't allow reading entropy from the ENTROPY_DATA register or from the FW_OV_RD_DATA register, respectively. |
V2S | sec_cm_main_sm_fsm_sparse | entropy_src_sec_cm entropy_src_functional_errors | Verify the countermeasure(s) MAIN_SM.FSM.SPARSE. The entropy_src_functional_errors test verifies that if the FSM state is forced to an illegal state encoding this is reported in the ERR_CODE register. It currently doesn't check whether the DUT actually triggers a fatal alert. Alert connection and triggering are verified through automated FPV. |
V2S | sec_cm_ack_sm_fsm_sparse | entropy_src_sec_cm entropy_src_functional_errors | Verify the countermeasure(s) ACK_SM.FSM.SPARSE. The entropy_src_functional_errors test verifies that if the FSM state is forced to an illegal state encoding this is reported in the ERR_CODE register. It currently doesn't check whether the DUT actually triggers a fatal alert. Alert connection and triggering are verified through automated FPV. |
V2S | sec_cm_rng_bkgn_chk | entropy_src_rng | Verify the countermeasure(s) RNG.BKGN_CHK. Verify the different background health checks with different, randomized threshold values. |
V2S | sec_cm_ctr_redun | entropy_src_sec_cm entropy_src_functional_errors | Verify the countermeasure(s) CTR.REDUN. The entropy_src_functional_errors test verifies that if there is any mismatch in the redundant counters this is reported in the ERR_CODE register. It currently doesn't check whether the DUT actually triggers a fatal alert. Alert connection and triggering are verified through automated FPV. |
V2S | sec_cm_ctr_local_esc | entropy_src_functional_errors | Verify the countermeasure(s) CTR.LOCAL_ESC. Verify that upon a mismatch in any of the redundant counters the main FSM enters a terminal error state and that the DUT signals a fatal alert. |
V2S | sec_cm_esfinal_rdata_bus_consistency | entropy_src_functional_alerts | Verify the countermeasure(s) ESFINAL_RDATA.BUS.CONSISTENCY. Verify that if two subsequents read requests to the esfinal FIFO obtain the same data, the DUT signals a recoverable alert and sets the correct bit in the RECOV_ALERT_STS register. |
V2S | sec_cm_tile_link_bus_integrity | entropy_src_tl_intg_err | Verify the countermeasure(s) TILE_LINK.BUS.INTEGRITY. |
V3 | stress_all_with_rand_reset | entropy_src_stress_all_with_rand_reset | This test runs 3 parallel threads - stress_all, tl_errors and random reset. After reset is asserted, the test will read and check all valid CSR registers. |
Covergroups
Name | Description |
---|---|
alert_cnt_cg | Covers a range of values (1, 2, 3-6, 6-10, plus > 10) for ALERT_THRESHOLD. To be sampled when a HT alert fires. |
cntr_err_cg | Covers that all counter-related fatal errors have been tested by forcing the respective redundant counters to be mismatched from each other.
|
cont_ht_cg | Covers a range of thresholds and configurations for the continuous health tests: REPCNT (the repetition count test), and REPCNTS (the symbol based repetition count test). The primary cover points are the test_type (REPCNT vs. REPCNTS), the pass or fail value of the test, and the "score". The score is a generalization of the numerical value of the test output, which accounts for the fact it is far more likely to see high values from the REPCNT test than the REPCNTS test, and is computed by multiplying the numerical values of the REPCNTS test by RNG_BUS_WIDTH. Much like the windowed health tests which generalize the test thresholds in terms of "sigma" values, the "score" places the REPCNT and REPCNTS values on equal footing when generating cross bins. For an ideal noise distribution on each RNG bus line, the probablity of a given "score" should be the same for the two tests, under the observation that a coincidental repetition of all bus lines is as likely as RNG_BUS_WIDTH repetitions of a single line. The In addition to the score, pass-fail status and the test type, this covergroup also has coverpoints for other configurations such as the RNG bit select mode and the fips-mode selection status (True or False), as well as a large number of crosspoints. |
csrng_hw_cg | Covers that data output is observed at the CSRNG HW interface for all possible modes of operation, including:
Since the scoreboard permits data to be dropped or rejected by the entropy source we must explicitly confirm that the data is observed at the outputs for all possible configurations. |
err_test_cg | Covers that the ERR_CODE_TEST register has been tested for all 9 valid test values:
|
fifo_err_cg | Covers that all three fifos (the esrng fifo, the observe fifo, and the esfinal fifo) have all been forced into the three error states (write overflow, read underflow, and invalid state), and the error has sucessfully generated an alert and that the alert is successfully reported in the the ERR_CODE register. |
mubi_err_cg | Covers that all 11 register fields with built in redundancy (All multi-bit encoded except for ALERT_THRESHOLD) have been programmed with at least one one invalid mubi value, and that the corresponding recoverable alert has been registered. This includes the 10 boolean register fields which are MultiBit encoded as well as the ALERT_THRESHOLD register, which is a pair of numeric values which must be inverses of each other. |
observe_fifo_event_cg | Covers that data output is observed at the fw_ov_rd_data CSE interface for all possible modes of operation, including:
|
observe_fifo_threshold_cg | Covers a range of values (1-63) for OBSERVE_FIFO_THRESH. Coverage bins include the lowest value (1), the highest value (63) and four bins in between. Interrupts and data must be observed for all bins. Thus this covergroup should be sampled after an interrupt has fired and OBSERVE_FIFO_THRESH words have been read from the FIFO. Note: The value of 0 should never generate an interrupt, a constraint that must be checked in the scoreboard. |
one_way_ht_threshold_reg_cg | Checks that all of the health test registers have been exercised and that the one-way update feature (which prohibits thresholds being relaxed after reset) works for both the FIPS and Bypass thresholds. |
recov_alert_cg | This covergroup has a single coverpoint that ensures that every active bit in the "recov_alert_sts" register has been triggered. This coverpoint is thus complementary to the mubi_err_cg, fifo_err_cg, and sm_err_cg covergroups though it also covers a number of other recoverable errors, such as violations of the FW_OV usage model, or errors internal to the SHA conditioning unit. |
regwen_val_when_new_value_written_cg | Cover each lockable reg field with these 2 cases:
This is only applicable if the block contains regwen and locakable CSRs. |
seed_output_csr_cg | Covers that data output is observed at the entropy_data CSR interfaces for all possible modes of operation, including:
Since the scoreboard permits data to be dropped or rejected by the entropy source we must explicitly confirm that the data is observed at the outputs for all possible configurations. |
sm_err_cg | Covers that both the MAIN_SM and ACK_SM have been forced into an invalid state, and this state error has been successfully detected, the appropriate alerts have been signalled, and the error has been sucessfully reported in the error CSRs. |
sw_update_cg | Covers that the TB has attempted to update DUT configurations while the module is enabled, to ensure that the sw_regupd CSR is working |
tl_errors_cg | Cover the following error cases on TL-UL bus:
|
tl_intg_err_cg | Cover all kinds of integrity errors (command, data or both) and cover number of error bits on each integrity check. Cover the kinds of integrity errors with byte enabled write on memory if applicable: Some memories store the integrity values. When there is a subword write, design re-calculate the integrity with full word data and update integrity in the memory. This coverage ensures that memory byte write has been issued and the related design logic has been verfied. |
win_ht_cg | Covers a range of window sizes for each windowed health test. For each test we need:
|
win_ht_deep_threshold_cg | Covers a range of thresholds values for a focused set of window sizes. For each test we need:
|