title: “AES DV document”

Goals

  • DV
    • Verify all AES IP features by running dynamic simulations with a SV/UVM based testbench
    • Develop and run all tests based on the testplan below towards closing code and functional coverage on the IP.
  • FPV
    • Verify TileLink device protocol compliance with an SVA based testbench

Current status

  • [Design & verification stage]({{< relref “hw” >}})
    • [HW development stages]({{< relref “doc/project/development_stages.md” >}})
  • Simulation results

Design features

For detailed information on AES design features, please see the [AES HWIP Technical Specification]({{< relref “..” >}}).

Testbench architecture

AES testbench has been constructed based on the [CIP testbench architecture]({{< relref “hw/dv/sv/cip_lib/doc” >}}).

Block diagram

Block diagram

Top level testbench

Top level testbench is located at hw/ip/aes/dv/tb/tb.sv. It instantiates the AES DUT module hw/ip/aes/rtl/aes.sv. In addition, it instantiates the following interfaces, connects them to the DUT and sets their handle into uvm_config_db:

  • [Clock and reset interface]({{< relref “hw/dv/sv/common_ifs” >}})
  • [TileLink host interface]({{< relref “hw/dv/sv/tl_agent/README.md” >}})

Common DV utility components

The following utilities provide generic helper tasks and functions to perform activities that are common across the project:

  • [common_ifs]({{< relref “hw/dv/sv/common_ifs” >}})
  • [dv_utils_pkg]({{< relref “hw/dv/sv/dv_utils/README.md” >}})
  • [csr_utils_pkg]({{< relref “hw/dv/sv/csr_utils/README.md” >}})

Global types & methods

All common types and methods defined at the package level can be found in aes_env_pkg. Some of them in use are:

parameter uint NUM_ALERTS = 2;

TL_agent

AES instantiates (already handled in CIP base env) [tl_agent]({{< relref “hw/dv/sv/tl_agent/README.md” >}}) which provides the ability to drive and independently monitor random traffic via TL host interface into AES device.

EDN agent

AES instantiates (already handles in the CIP base env) [edn_agent]({{< relref “hw/ip/edn/doc/dv/index.md” >}}) which provides the ability to drive and monitor edn traffic via the edn interface.

UVM RAL model

The AES RAL model is created with the [ralgen]({{< relref “hw/dv/tools/ralgen/README.md” >}}) FuseSoC generator script automatically when the simulation is at the build stage.

It can be created manually by invoking [regtool]({{< relref “util/reggen/README.md” >}}):

Stimulus strategy

Test sequences

All test sequences reside in hw/ip/aes/dv/env/seq_lib. The aes_base_vseq virtual sequence is extended from cip_base_vseq and serves as a starting point. All test sequences are extended from aes_base_vseq. aes_base_vseq provides commonly used handles, variables, functions and tasks that the test sequences can simply use / call. The tasks can be split into two groups and those that provide more complex functionality. Simple tasks include:

  • aes_init: Initialize the AES module from the randomized environment variables in the config.
  • set_op: Set AES operation to encrypt or decrypt.
  • write_key: Write initial key to AES init key registers.
  • add_data: Add the next 128 block to the input registers.
  • read_output: Poll the status register for data ready bit and read the result from AES output registers.
  • clear_reg: Based on the input this function clears data input-, data output- or key-registers or any combination of these.
  • set_manual_trigger: Chooses between AES auto start and manual start.
  • trigger_start: Set the start bit to trigger a new encryption/decryption.

More complex tasks include: These are the ones used by the higher level sequences and the ones that should be used to create new tests from:

  • generate_message_queue: Generate a queue of randomized message items. Each item will describe the parameters of a message but not hold any data, the data will be added later. This function does not call any sub-functions.
  • send_msg_queue: Take the queue of messages items and process them one by one. Send_msg_queue converts each message item into a queue of message transactions each called an aes_items by calling generate aes_item_queue(). Then each message now described by a queue of items is processed by calling send_msg().
  • generate_aes_item_queue: Expands a message into a queue of a configuration item and N Data items where N = Message_length/block size. Data is randomized based on the constraints.
  • send_msg: Take a queue of configuration and data items and pass them to the AES for processing. This task will handle configuration of the core based on the configuration item. Then based on the test configuration it will do either a balanced or unbalanced processing of the data items. A balanced processing implies that for each input the task will wait until the resulting output have been read before attempting to write the next input. The unbalanced version will write the next data item as soon as the AES status register indicates that a new input will be accepted. In unbalanced mode the send_msg task also handles reading the output register. Knobs are available to control the balance between reads and writes. In either case the status_fsm task is called.
  • status_fsm: Read the status of the AES IP and based on the inputs return the status. When the task is in control of reading the output register it will poll the status until it indicates that the output is valid. It will also track the progress of processing, detecting if something has gone differently than expected. If this happens it will try to recover.

Using these higher level functions and tasks one can build a highly customized constraint random test without low level knowledge of the test environment and the DUT.

Most tests use the aes_stress_vseq sequence as test sequence, and achieves different tests scenarios by using the constrained knobs to generate different behavior.

Functional coverage'

To ensure high quality constrained random stimulus, it is necessary to develop a functional coverage model. The following cover groups have been developed to prove that the test intent has been adequately met.

  • aes_ctrl_cg: this cover group checks that all parts of the control register have been exercised. A few crosses are also included to ensure that we have seen all both forward and inverse for all modes. Similarly that we have tried all possible key_sizes in all modes, and that all have been tried both in auto and manual mode. More importantly for AES which is a security critical IP it also verifies that all illegal states have been seen.
  • aes_status_cg: makes sure all possible states has been seen.
  • aes_trigger_cg: verify that all parts of the trigger register was exercised. A cross also checks that we tried to clear all fields possible at once.

(WIP) coverage points to come A temporary functional coverage plan can be found here [coverage_plan]({{< relref “hw/dv/tools/README.md”>}})

Self-checking strategy

Scoreboard

The aes_scoreboard is primarily used for end to end checking. It creates the following analysis FIFOs to retrieve the data monitored by corresponding interface agents:

  • tl_a_chan_fifo: tl address channel
  • tl_d_chan_fifo: tl data channel

These 2 FIFOs provide transaction items at the end of the address channel and data channel respectively. Each FIFO is monitored and incoming transactions are stored. Whenever a transaction is finished the sequence item is handed over to a reference model that will generate the expected response. At the same time the scoreboard is waiting for the result of the AES module to compute. Once complete the result is scored against the prediction made by the reference model.

The reference model is selected to be either a C-implementation or an SSL-library selected on a random basis with the default distribution of 80% OpenSSL/BoringSSL and 20% C-model.

The default behavior for the verification is that the scoreboard wait until the complete message has been encrypted/decrypted before checking the result against the reference model.

The scoreboard has a step through mode where the scoring is done after each 128bit block. This setting is only available when using the C-model as reference and is controlled with a knob.

Assertions

  • TLUL assertions: The tb/aes_bind.sv binds the tlul_assert [assertions]({{< relref “hw/ip/tlul/doc/TlulProtocolChecker.md” >}}) to the IP to ensure TileLink interface protocol compliance.
  • Unknown checks on DUT outputs: The RTL has assertions to ensure all outputs are initialized to known values after coming out of reset.

Building and running tests

We are using our in-house developed [regression tool]({{< relref “hw/dv/tools/README.md” >}}) for both building and running our tests and regressions. Please take a look at the link for detailed information on the usage, capabilities, features and known issues. Here's how to run a smoke test:

$ $REPO_TOP/util/dvsim/dvsim.py $REPO_TOP/hw/ip/aes/dv/aes_sim_cfg.hjson -i aes_smoke

Here's how to run a basic test without DPI calls:

$ $REPO_TOP/util/dvsim/dvsim.py $REPO_TOP/hw/ip/aes/dv/aes_sim_cfg.hjson -i aes_wakeup

Testplan

{{< incGenFromIpDesc “../../data/aes_testplan.hjson” “testplan” >}}