Testpoints
Stage | Name | Tests | Description |
---|---|---|---|
V1 | smoke | sram_ctrl_smoke | This test performs basic SRAM initialization procedure and tests basic memory function:
|
V1 | csr_hw_reset | sram_ctrl_csr_hw_reset | Verify the reset values as indicated in the RAL specification.
|
V1 | csr_rw | sram_ctrl_csr_rw | Verify accessibility of CSRs as indicated in the RAL specification.
|
V1 | csr_bit_bash | sram_ctrl_csr_bit_bash | Verify no aliasing within individual bits of a CSR.
|
V1 | csr_aliasing | sram_ctrl_csr_aliasing | Verify no aliasing within the CSR address space.
|
V1 | csr_mem_rw_with_rand_reset | sram_ctrl_csr_mem_rw_with_rand_reset | Verify random reset during CSR/memory access.
|
V1 | regwen_csr_and_corresponding_lockable_csr | sram_ctrl_csr_rw sram_ctrl_csr_aliasing | Verify regwen CSR and its corresponding lockable CSRs.
Note:
This is only applicable if the block contains regwen and locakable CSRs. |
V1 | mem_walk | sram_ctrl_mem_walk | Verify accessibility of all memories in the design.
|
V1 | mem_partial_access | sram_ctrl_mem_partial_access | Verify partial-accessibility of all memories in the design.
|
V2 | multiple_keys | sram_ctrl_multiple_keys | In this test we request multiple scrambling keys from OTP and verify that the memory scrambling is performed correctly even with multiple seeds. Perform the following steps:
|
V2 | stress_pipeline | sram_ctrl_stress_pipeline | This test is the same as the multiple_keys_test but we now do a series of back-to-back memory accesses at each random address in order to create read/write conflicts and stress the encryption pipeline. |
V2 | bijection | sram_ctrl_bijection | In this test we iterate through each address in the SRAM memory. For each address write the current address to the SRAM. After this is done, read every address and check that the stored data is equivalent to the current address. This will verify that the SRAM encryption mechanism is actually bijective, and will not cause any address collisions. e.g. if the encryption scheme causes addresses 0x1 and 0x2 to collide and we write 0x1 and 0x2 respectively, we will see a return value of 0x2 when we read from 0x1, instead of the expected 0x1. This process will be repeated for a number of new key seeds. |
V2 | access_during_key_req | sram_ctrl_access_during_key_req | This test is the same as the multiple_keys test, except we make sure to sequence some memory transactions while a key request to OTP is still pending. Verify that these transactions are completely ignored by the memory. TODO: Behavior might change in future to throw an error instead of ignore, should be reflected in TB. |
V2 | lc_escalation | sram_ctrl_lc_escalation | This test is the same as the multiple_keys test, except we now randomly assert the lifecycle escalation signal. Upon sending an escalation request, we verify that the DUT has properly latched it, and all scrambling state has been reset. In this state, we perform some memory accesses, they should all be blocked and not go through. We then issue a reset to the SRAM to get it out of the terminal state, and issue a couple of memory accesses just to make sure everything is still in working order. |
V2 | executable | sram_ctrl_executable | This test is intended to test the "execute from SRAM" feature, in which TLUL memory
transactions tagged with the This behavior is enabled by either setting the If this functionality is disabled, any memory transaction NOT tagged as |
V2 | partial_access | sram_ctrl_partial_access sram_ctrl_partial_access_b2b | This test is intended to test a lot of partial accesses with random addresses or back-to-back accesses. Reuse the |
V2 | max_throughput | sram_ctrl_max_throughput sram_ctrl_throughput_w_partial_write | This test is intended to test the max throughput of the SRAM. Without partial write, if driver doesn't introduce any delay, it takes N+1 cycles to finish N SRAM read/write accesses. With partial write, it needs 2 extra cycles per partial write. |
V2 | regwen | sram_ctrl_regwen | This test is intended to test
Both |
V2 | ram_cfg | sram_ctrl_ram_cfg | Test Randomly set |
V2 | stress_all | sram_ctrl_stress_all |
|
V2 | alert_test | sram_ctrl_alert_test | Verify common
|
V2 | tl_d_oob_addr_access | sram_ctrl_tl_errors | Access out of bounds address and verify correctness of response / behavior |
V2 | tl_d_illegal_access | sram_ctrl_tl_errors | Drive unsupported requests via TL interface and verify correctness of response / behavior. Below error cases are tested bases on the TLUL spec
|
V2 | tl_d_outstanding_access | sram_ctrl_csr_hw_reset sram_ctrl_csr_rw sram_ctrl_csr_aliasing sram_ctrl_same_csr_outstanding | Drive back-to-back requests without waiting for response to ensure there is one transaction outstanding within the TL device. Also, verify one outstanding when back- to-back accesses are made to the same address. |
V2 | tl_d_partial_access | sram_ctrl_csr_hw_reset sram_ctrl_csr_rw sram_ctrl_csr_aliasing sram_ctrl_same_csr_outstanding | Access CSR with one or more bytes of data. For read, expect to return all word value of the CSR. For write, enabling bytes should cover all CSR valid fields. |
V2S | passthru_mem_tl_intg_err | sram_ctrl_passthru_mem_tl_intg_err | Verify data integrity is stored in the passthru memory rather than generated after a read.
|
V2S | tl_intg_err | sram_ctrl_tl_intg_err sram_ctrl_sec_cm | Verify that the data integrity check violation generates an alert.
|
V2S | prim_count_check | sram_ctrl_sec_cm | Verify that violating prim_count counter properties generate a fatal alert. Stimulus:
Checks:
|
V2S | sec_cm_bus_integrity | sram_ctrl_tl_intg_err | Verify the countermeasure(s) BUS.INTEGRITY. |
V2S | sec_cm_ctrl_config_regwen | sram_ctrl_regwen | Verify the countermeasure(s) CTRL.CONFIG.REGWEN. The
|
V2S | sec_cm_exec_config_regwen | sram_ctrl_csr_rw | Verify the countermeasure(s) EXEC.CONFIG.REGWEN. |
V2S | sec_cm_exec_config_mubi | sram_ctrl_executable | Verify the countermeasure(s) EXEC.CONFIG.MUBI. Refer to the testpoint |
V2S | sec_cm_exec_intersig_mubi | sram_ctrl_executable | Verify the countermeasure(s) EXEC.INTERSIG.MUBI. Refer to the testpoint |
V2S | sec_cm_lc_hw_debug_en_intersig_mubi | sram_ctrl_executable | Verify the countermeasure(s) LC_HW_DEBUG_EN.INTERSIG.MUBI. Refer to the testpoint |
V2S | sec_cm_lc_escalate_en_intersig_mubi | sram_ctrl_lc_escalation | Verify the countermeasure(s) LC_ESCALATE_EN.INTERSIG.MUBI. Refer to the testpoint |
V2S | sec_cm_mem_integrity | sram_ctrl_passthru_mem_tl_intg_err | Verify the countermeasure(s) MEM.INTEGRITY. |
V2S | sec_cm_mem_scramble | sram_ctrl_smoke | Verify the countermeasure(s) MEM.SCRAMBLE. This is verified in all non-CSR tests. |
V2S | sec_cm_addr_scramble | sram_ctrl_smoke | Verify the countermeasure(s) ADDR.SCRAMBLE. This is verified in all non-CSR tests. |
V2S | sec_cm_instr_bus_lc_gated | sram_ctrl_executable | Verify the countermeasure(s) INSTR.BUS.LC_GATED." Refer to the testpoint |
V2S | sec_cm_ram_tl_lc_gate_fsm_sparse | sram_ctrl_sec_cm | Verify the countermeasure(s) RAM_TL_LC_GATE.FSM.SPARSE. |
V2S | sec_cm_key_global_esc | sram_ctrl_lc_escalation | Verify the countermeasure(s) KEY.GLOBAL_ESC. |
V2S | sec_cm_key_local_esc | sram_ctrl_sec_cm | Verify the countermeasure(s) KEY.LOCAL_ESC. Besides the stimulus and checks mentioned in `prim_count_check``, also have following checks:
|
V2S | sec_cm_init_ctr_redun | sram_ctrl_sec_cm | Verify the countermeasure(s) INIT.CTR.REDUN. Besides the stimulus and checks mentioned in
|
V2S | sec_cm_scramble_key_sideload | sram_ctrl_smoke | Verify the countermeasure(s) SCRAMBLE.KEY.SIDELOAD. Simulation can't really prove that the sideload key is unreachable by SW. However, from defined CSRs and memory returned data, there is no way to read scramble key by SW. |
V2S | sec_cm_tlul_fifo_ctr_redun | sram_ctrl_sec_cm | Verify the countermeasure(s) TLUL_FIFO.CTR.REDUN. |
V3 | stress_all_with_rand_reset | sram_ctrl_stress_all_with_rand_reset | This test runs 3 parallel threads - stress_all, tl_errors and random reset. After reset is asserted, the test will read and check all valid CSR registers. |
Covergroups
Name | Description |
---|---|
access_during_key_req_cg | Covers that SRAM handles memory accesses during key requests. |
b2b_access_types_cg |
|
executable_cg | Covers the various important scenarios that can enable SRAM executability.
Crosses CSR |
key_seed_valid_cg | Covers SRAM receiving a key from OTP in Off/On states, with both valid and invalid key seeds. |
lc_escalation_idle_cg | Covers the assertion of LC escalation occurs during idle or SRAM memory access. |
regwen_val_when_new_value_written_cg | Cover each lockable reg field with these 2 cases:
This is only applicable if the block contains regwen and locakable CSRs. |
subword_access_cg | Covers that all possible types of subword accesses (both reads and writes) have been performed. |
tl_errors_cg | Cover the following error cases on TL-UL bus:
|
tl_intg_err_cg | Cover all kinds of integrity errors (command, data or both) and cover number of error bits on each integrity check. Cover the kinds of integrity errors with byte enabled write on memory if applicable: Some memories store the integrity values. When there is a subword write, design re-calculate the integrity with full word data and update integrity in the memory. This coverage ensures that memory byte write has been issued and the related design logic has been verfied. |