[dv,csrng] Add more details to testplan
Signed-off-by: Marno van der Maas <mvdmaas+git@lowrisc.org>
diff --git a/hw/ip/csrng/data/csrng_testplan.hjson b/hw/ip/csrng/data/csrng_testplan.hjson
index 7e39fdf..b33e4e5 100644
--- a/hw/ip/csrng/data/csrng_testplan.hjson
+++ b/hw/ip/csrng/data/csrng_testplan.hjson
@@ -13,8 +13,9 @@
{
name: smoke
desc: '''
- Verify sending instantiate/generate cmds via SW path.
- Verify reading genbits via SW path.
+ Verify that sending an instantiate command via the SW path returns OK.
+ Instantiate the CSRNG with flag0 set to true and clen set to 12.
+ Verify that sending a generate command via the SW path returns glen=1 number of words followed by an OK.
'''
stage: V1
tests: ["csrng_smoke"]
@@ -22,21 +23,35 @@
{
name: interrupts
desc: '''
- Verify cs_cmd_req_done interrupt asserts/clears as predicted.
- Verify cs_entropy_req interrupt asserts/clears as predicted.
- Verify cs_hw_inst_exc interrupt asserts/clears as predicted.
- Verify cs_fifo_err interrupt asserts/clears as predicted.
- Verify fifo error status bits are set as predicted.
+ This test verifies the behavior of the Interrupt State Register.
+ Verify cs_cmd_req_done interrupt asserts when glen number of genbit words have been generated.
+ Verify cs_entropy_req interrupt asserts when instantiate or reseed is called with flag0
+ set to false.
+ Verify cs_hw_inst_exc interrupt asserts when any of the application interfaces responds with a CSRNG_ERROR response status signal.
+ Verify cs_fatal_err interrupt asserts when any bit of err_code register is set.
+ Verify that each interrupt clears back to 0 after writing the corresponding interrupt state bit.
'''
stage: V2
tests: ["csrng_intr"]
}
{
+ //TODO For the following untested features add it to the test or create explicit coverpoints in csrng_cmd_cg:
+ //TODO - Invalid MuBi values for flag0 are currently untested.
+ //TODO - Illegal commands are currently untested.
+ //TODO - Fatal alerts are currently untested.
name: alerts
desc: '''
- Verify recov_alert asserts as predicted.
- Verify all recov_alert_sts bits assert/clear as predicted.
- Verify fatal_alert asserts as predicted.
+ Verify recov_alert asserts when recov_alert_sts becomes non-zero.
+ Verify each respective bit of recov_alert_sts asserts when:
+ - Either of the 3 values in the control register are not valid kMultiBitBool values.
+ - When an initiate or reseed command is sent where flag0 is not a valid kMultiBitBool value.
+ - The genbits bus value is equal to the prior valid value.
+ - When an illegal command is used (0x0,0x6-0xf).
+ Verify that writing zeros to the recoverable alert status register resets all the status bits.
+ Verify fatal_alert asserts when:
+ - An illegal state is reached.
+ - The AES block raises a fatal alert.
+ - There is an integrity failure on the bus (this is covered by an automated test).
'''
stage: V2
tests: ["csrng_alert"]
@@ -44,25 +59,32 @@
{
name: err
desc: '''
- Verify err_code register bits assert/clear as predicted.
+ Verify err_code register bits assert when:
+ - An error has been detected in any of the internal fifos and the corresponding write/read/state bits.
+ - An illegal state is reached in any of the 6 state machines.
+ - An error is detected in the generate command counter.
+ Verify that the err_code register clears all bits after reset.
'''
stage: V2
tests: ["csrng_err"]
}
{
+ //TODO For the following untested features add it to the test or create explicit coverpoints in csrng_cmd_cg:
+ //TODO - Verification of otp_en_csrng_sw_app_read is currently untested.
+ //TODO - FIPS bit going low from entropy source is currently untested.
name: cmds
desc: '''
- Verify all SW app csrng commands req/status behave as predicted.
- Verify all HW app csrng commands req/status behave as predicted.
+ Verify all csrng commands req/status behave as predicted on all applications: HW0, HW1 and SW.
Verify above for all valid values of acmd, clen, flags, glen.
Verify for multiple hw app interfaces running in parallel.
Verify sw/hw app interfaces running in parallel.
- Verify internal state for sw/hw apps.
- Verify genbits generated as predicted.
- Verify fips bit is passed through properly.
- Verify ability to access registers based on otp, enables.
- Verify AES_HALT.
+ Verify main_sm_state for sw/hw apps.
+ Verify that genbits generates the amount specified by glen.
+ Verify fips bit is set to the inverse of flag0 that was used on the last initialize or reseed.
+ Verify that if otp_en_csrng_sw_app_read is set, genbits and int_state_value registers are readable, and unreadable otherwise.
+ Verify that when AES_HALT is set during a generate command that no request is sent to the AES block.
Verify commands with continuous/non-continuous valid.
+ Verify that if FIPS bit drops at input from entropy source that the generated block also has FIPS low.
'''
stage: V2
tests: ["csrng_cmds"]
@@ -71,6 +93,7 @@
name: life cycle
desc: '''
Verify lifecycle hardware debug mode.
+ When lc_hw_debug_en_i is set to on, the seed from the entropy source must be xor'ed with the diversification value.
'''
stage: V2
tests: ["csrng_cmds"]
@@ -78,8 +101,7 @@
{
name: stress_all
desc: '''
- Combine the other individual testpoints while injecting TL errors and running CSR tests
- in parallel.
+ Combine the other individual testpoints while injecting TL errors and running CSR tests in parallel.
'''
stage: V2
tests: ["csrng_stress_all"]
@@ -88,6 +110,7 @@
covergroups: [
{
+ //TODO Configuration for enable is currently not covered.
name: csrng_cfg_cg
desc: '''
Covers that all csrng configuration options have been tested.
@@ -95,6 +118,7 @@
- otp_en_cs_sw_app_read
- sw_app_enable
- read_int_state
+ - enable
'''
}
{
@@ -104,8 +128,28 @@
Individual commands and command options that will be covered include:
- app
- acmd, clen, flags, glen
- Crosses of app/acmd and acmd/clen, acmd/flags, acmd/glen
- continuous/non-continuous valid
+ Crosses of
+ - app/acmd
+ - acmd/clen
+ - acmd/flag0
+ - acmd/glen
+ - For the instantiate and reseed command:
+ - flag0 false and clen 0
+ - flag0 false and clen >0
+ - flag0 true and clen 0
+ - flag0 true and clen >0
+ '''
+ }
+ {
+ name: csrng_internal_cg
+ desc: '''
+ Covers that all csrng internal states have been hit:
+ - sw_cmd_sts has seen all 4 possibilities
+ - regwen has been true and false
+ - intr_state has had each bit set and unset at least once (handled in comportable ip coverage)
+ Cross:
+ - intr_enable and intr_state (handled in comportable ip coverage)
'''
}
{
