Testpoints
Stage | Name | Tests | Description |
---|---|---|---|
V1 | smoke | lc_ctrl_smoke | Smoke test accessing lc_ctrl state transition datapath. Stimulus:
Checks:
|
V1 | csr_hw_reset | lc_ctrl_csr_hw_reset | Verify the reset values as indicated in the RAL specification.
|
V1 | csr_rw | lc_ctrl_csr_rw | Verify accessibility of CSRs as indicated in the RAL specification.
|
V1 | csr_bit_bash | lc_ctrl_csr_bit_bash | Verify no aliasing within individual bits of a CSR.
|
V1 | csr_aliasing | lc_ctrl_csr_aliasing | Verify no aliasing within the CSR address space.
|
V1 | csr_mem_rw_with_rand_reset | lc_ctrl_csr_mem_rw_with_rand_reset | Verify random reset during CSR/memory access.
|
V1 | regwen_csr_and_corresponding_lockable_csr | lc_ctrl_csr_rw lc_ctrl_csr_aliasing | Verify regwen CSR and its corresponding lockable CSRs.
Note:
This is only applicable if the block contains regwen and locakable CSRs. |
V2 | state_post_trans | lc_ctrl_state_post_trans | This test is based on smoke test. After smoke sequence, this test adds additional lc_state transition request before issuing reset. This should happen regardless if the transition is successful. Use scoreboard to ensure lc_ctrl ignores this additional lc_state transition request and check state count. |
V2 | regwen_during_op | lc_ctrl_regwen_during_op |
Checks:
|
V2 | lc_prog_failure | lc_ctrl_prog_failure | This test checks lc_program failure by setting the error bit after otp program request. Checks:
|
V2 | lc_state_failure | lc_ctrl_state_failure | This test checks lc_state failure by:
Checks:
|
V2 | lc_errors | lc_ctrl_errors | This test randomly executes the error senarios:
Checks:
|
V2 | security_escalation | lc_ctrl_security_escalation lc_ctrl_errors lc_ctrl_state_failure lc_ctrl_prog_failure lc_ctrl_jtag_errors lc_ctrl_jtag_state_failure lc_ctrl_jtag_prog_failure | This test checks two security escalation responses:
|
V2 | jtag_access | lc_ctrl_jtag_access lc_ctrl_jtag_smoke lc_ctrl_jtag_state_post_trans lc_ctrl_jtag_errors lc_ctrl_jtag_prog_failure lc_ctrl_jtag_errors lc_ctrl_jtag_regwen_during_op lc_ctrl_jtag_csr_hw_reset lc_ctrl_jtag_csr_rw lc_ctrl_jtag_csr_bit_bash lc_ctrl_jtag_csr_aliasing lc_ctrl_jtag_same_csr_outstanding lc_ctrl_jtag_csr_mem_rw_with_rand_reset lc_ctrl_jtag_alert_test | This test checks jtag debug interface in lc_ctrl. This test will use both JTAG TAP and TLUL to access the CSR space. All above CSR sequences should be accessible via both interfaces. |
V2 | jtag_priority | lc_ctrl_jtag_priority | This test covers a corner case in JTAG and TLUL interfaces. Stimulus:
Checks:
|
V2 | stress_all | lc_ctrl_stress_all |
|
V2 | alert_test | lc_ctrl_alert_test | Verify common
|
V2 | tl_d_oob_addr_access | lc_ctrl_tl_errors | Access out of bounds address and verify correctness of response / behavior |
V2 | tl_d_illegal_access | lc_ctrl_tl_errors | Drive unsupported requests via TL interface and verify correctness of response / behavior. Below error cases are tested bases on the TLUL spec
|
V2 | tl_d_outstanding_access | lc_ctrl_csr_hw_reset lc_ctrl_csr_rw lc_ctrl_csr_aliasing lc_ctrl_same_csr_outstanding | Drive back-to-back requests without waiting for response to ensure there is one transaction outstanding within the TL device. Also, verify one outstanding when back- to-back accesses are made to the same address. |
V2 | tl_d_partial_access | lc_ctrl_csr_hw_reset lc_ctrl_csr_rw lc_ctrl_csr_aliasing lc_ctrl_same_csr_outstanding | Access CSR with one or more bytes of data. For read, expect to return all word value of the CSR. For write, enabling bytes should cover all CSR valid fields. |
V2S | tl_intg_err | lc_ctrl_tl_intg_err lc_ctrl_sec_cm | Verify that the data integrity check violation generates an alert.
|
V2S | sec_cm_bus_integrity | lc_ctrl_tl_intg_err | BUS.INTEGRITY: Verify this countermeasure with a standardized test. |
V2S | sec_cm_transition_config_regwen | lc_ctrl_regwen_during_op | TRANSITION.CONFIG.REGWEN: Verify that the transition interface registers cannot be modified anymore once a transition has been initiated (either via TL-UL or the JTAG interface, depending on which interface is being used to claim the mutex). |
V2S | sec_cm_manuf_state_sparse | lc_ctrl_sec_cm lc_ctrl_state_failure | MANUF.STATE.SPARSE: Verify this countermeasure with a standardized test. |
V2S | sec_cm_transition_ctr_sparse | lc_ctrl_sec_cm lc_ctrl_state_failure | TRANSITION.CTR.SPARSE: Verify this countermeasure with a standardized test. |
V2S | sec_cm_manuf_state_bkgn_chk | lc_ctrl_sec_cm lc_ctrl_state_failure | MANUF.STATE.BKGN_CHK: Verify this countermeasure with a standardized test. |
V2S | sec_cm_transition_ctr_bkgn_chk | lc_ctrl_sec_cm lc_ctrl_state_failure | TRANSITION.CTR.BKGN_CHK: Verify this countermeasure with a standardized test. |
V2S | sec_cm_state_config_sparse | lc_ctrl_sec_cm lc_ctrl_state_failure | STATE.CONFIG.SPARSE: Verify this countermeasure with a standardized test. |
V2S | sec_cm_main_fsm_sparse | lc_ctrl_sec_cm lc_ctrl_state_failure | MAIN.FSM.SPARSE: Verify this countermeasure with a standardized test. |
V2S | sec_cm_kmac_fsm_sparse | lc_ctrl_sec_cm lc_ctrl_state_failure | KMAC.FSM.SPARSE: Verify this countermeasure with a standardized test. |
V2S | sec_cm_main_fsm_local_esc | lc_ctrl_sec_cm lc_ctrl_state_failure | MAIN.FSM.LOCAL_ESC: Verify that the main FSM goes into the
|
V2S | sec_cm_main_fsm_global_esc | lc_ctrl_security_escalation | MAIN.FSM.GLOBAL_ESC: Verify that the main FSM goes into the |
V2S | sec_cm_main_ctrl_flow_consistency | lc_ctrl_state_post_trans lc_ctrl_jtag_state_post_trans | MAIN.CTRL_FLOW.CONSISTENCY: Verify that the control flow of the main FSM only ever progresses in one
direction - i.e. that there are no transitions that move backwards into
a state where the FSM has previously been (e.g. from Note: This is expected to be formally proven by FPV test lc_ctrl_sec_cm_fsm but there is currently no mechanism to include this in the testplan. |
V2S | sec_cm_intersig_mubi | lc_ctrl_sec_mubi | INTERSIG.MUBI: Verify the behavior of MUBI inputs as follows:
There are two ways this condition can be triggered: either no external
clock is requested, and then setting
There are two ways this condition can be triggered: either no RMA
transition is requested, and then setting The main life cycle FSM should not progress through the |
V2S | sec_cm_token_valid_ctrl_mubi | lc_ctrl_sec_mubi | TOKEN_VALID.CTRL.MUBI: Verify that any value other than 'ON' will lead to a TOKEN_ERROR in life
cycle transitions where the associated token is being used. The main
life cycle FSM should not progress through the |
V2S | sec_cm_token_digest | lc_ctrl_sec_token_digest | TOKEN.DIGEST: Life cycle tokens are hashed using an external SHA3 block, and checked multiple times internally. In order to verify this countermeasure, the following aspects should be tested:
|
V2S | sec_cm_token_mux_ctrl_redun | lc_ctrl_sec_token_mux | TOKEN_MUX.CTRL.REDUN: The token mux is split into two halves that are indexed separately.
Verify that any inconsistency between the two indexes leads to a
TRANSITION_ERROR, without the main FSM going through the Note: the same test as for TOKEN_VALID.MUX.REDUN can be used. |
V2S | sec_cm_token_valid_mux_redun | lc_ctrl_sec_token_mux | TOKEN_VALID.MUX.REDUN: The token mux is split into two halves that are indexed separately.
Verify that any inconsistency between the two indexes leads to a
TRANSITION_ERROR, without the main FSM going through the Note: the same test as for TOKEN_MUX.CTRL.REDUN can be used. |
V3 | stress_all_with_rand_reset | lc_ctrl_stress_all_with_rand_reset | This test runs 3 parallel threads - stress_all, tl_errors and random reset. After reset is asserted, the test will read and check all valid CSR registers. |
Covergroups
Name | Description |
---|---|
err_inj_cg | Indicates what error conditions have been injected. |
lc_ctrl_fsm_cg | lc_ctrl_fsm states and arcs |
regwen_val_when_new_value_written_cg | Cover each lockable reg field with these 2 cases:
This is only applicable if the block contains regwen and locakable CSRs. |
sec_token_digest_error_cg | Indicates FSM states that a token digest error is detected |
sec_token_mux_idx_error_cg | Indicates FSM states that a token mux index error is detected |
tl_errors_cg | Cover the following error cases on TL-UL bus:
|
tl_intg_err_cg | Cover all kinds of integrity errors (command, data or both) and cover number of error bits on each integrity check. Cover the kinds of integrity errors with byte enabled write on memory if applicable: Some memories store the integrity values. When there is a subword write, design re-calculate the integrity with full word data and update integrity in the memory. This coverage ensures that memory byte write has been issued and the related design logic has been verfied. |