hw/ip/lc_ctrl/data/lc_ctrl_testplan.hjson - 3p/lowrisc/opentitan - Git at Google

 // Copyright lowRISC contributors.
 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
 // SPDX-License-Identifier: Apache-2.0
 {
   name: "lc_ctrl"
   import_testplans: ["hw/dv/tools/dvsim/testplans/csr_testplan.hjson",
                      "hw/dv/tools/dvsim/testplans/alert_test_testplan.hjson",
                      "hw/dv/tools/dvsim/testplans/tl_device_access_types_testplan.hjson"]
   entries: [
     {
       name: smoke
       desc: '''
             Smoke test accessing lc_ctrl state transition datapath.

             **Stimulus**:
             - Initialize lc_ctrl by sending pwrmgr req and otp_ctrl valid random data
             - Request a valid next LC state by writing CSRs: `transition_target`,
               `transition_token*`, and `transition_cmd`

             **Checks**:
             - After lc_ctrl initialization finishes, check lc_ctrl broadcast outputs, check
               the value of lc_state and lc_transition_cnt CSRs, and check device_id and id_state
               CSRs
             - After lc_ctrl state transition request, check status to ensure the transition is
               valid and successful
             - Check token matching for both conditional and unconditional requests
             - Once the transition is successful, check lc_ctrl broadcast outputs are all turned off
             '''
       milestone: V1
       tests: ["lc_ctrl_smoke"]
     }
     {
       name: state_post_trans
       desc: '''
             This test is based on smoke test.
             After smoke sequence, this test adds additional lc_state transition request before
             issuing reset. This should happen regardless if the transition is successful.
             Use scoreboard to ensure lc_ctrl ignores this additional lc_state transition request
             and check state count.
             '''
       milestone: V2
       tests: []
     }
     {
       name: regwen_during_op
       desc: '''
             `Transition_regwen` is RO register and it gates bunch of write access of other
             registers.

             **Checks**:
             - Check `transition_regwen` register is set to 1 during lc_state transition request
             - Check that accessing its locked CSRs is gated during the transition operation
             '''
       milestone: V2
       tests: []
     }
     {
       name: lc_prog_failure
       desc: '''
             This test checks lc_program failure by setting the error bit after otp program request.

             **Checks**:
             - Check if status register reflects the correct error bit
             - Check if lc_program_failure alert is triggered
             - Check if lc_state moves to escalation state
             '''
       milestone: V2
       tests: []
     }
     {
       name: lc_state_failure
       desc: '''
             This test checks lc_state failure by:
             - Driving invalid data to lc_ctrl input `otp_lc_data_i` fields `lc_state` and `lc_cnt`
             - Backdoor changing lc_ctrl FSM's to invalid value
             For invalid value, the testbench will test using random value and valid `A/B/C/D`
             values with different orders.

             **Checks**:
             - Check if status register reflects the correct error bit
             - Check if lc_state_failure alert is triggered
             - Check if lc_state moves to escalation state
             '''
       milestone: V2
       tests: []
     }
     {
       name: lc_errors
       desc: '''
             This test randomly executes the error senarios:
             - Otp_ctrl input lc_trans_cnt reaches 16
             - Lc_ctrl state transition request is invalid
             - Input LC token does not match the output from otp_ctrl
             - Flash rma responses to lc_ctrl request with error
             - LC clock bypass responses with error
             - Input otp_lc_data's error bit is set to 1
             Note that all the above scenarios except the last one requires a reset to recover.

             **Checks**:
             - Check if status register reflects the correct error bit
             - Check if lc_state moves to correct exit state
             - Check if lc_trans_cnt is incremented
             '''
       milestone: V2
       tests: []
     }
     {
       name: security_escalation
       desc: '''
             This test checks two security escalation responses:
             1. Wipe secrets: permanently asserts lc_escalate_en signal
             2. Scrap state: lc_ctrl moves to escalation state, check the state will be cleared up
                upon next power cycle
             '''
       milestone: V2
       tests: []
     }
     {
       name: jtag_access
       desc: '''
             This test checks jtag debug interface in lc_ctrl.
             This test will use both JTAG TAP and TLUL to access the CSR space.
             All above CSR sequences should be accessible via both interfaces.
             '''
       milestone: V2
       tests: []
     }
     {
       name: jtag_priority
       desc: '''
             This test covers a corner case in JTAG and TLUL interfaces.

             **Stimulus**:
             - Issue mux_claim operation from TLUL and JTAG interfaces at the same time

             **Checks**:
             - Ensure TAP interface has the priority
             - Ensure right after the mux_claim operation, the non-prioritized interface returns 0
               from the CSR readings. This checking ensures there is no token leakage between
               interfaces
             '''
       milestone: V2
       tests: []
     }
   ]
 }
	// Copyright lowRISC contributors.
	// Licensed under the Apache License, Version 2.0, see LICENSE for details.
	// SPDX-License-Identifier: Apache-2.0
	{
	name: "lc_ctrl"
	import_testplans: ["hw/dv/tools/dvsim/testplans/csr_testplan.hjson",
	"hw/dv/tools/dvsim/testplans/alert_test_testplan.hjson",
	"hw/dv/tools/dvsim/testplans/tl_device_access_types_testplan.hjson"]
	entries: [
	{
	name: smoke
	desc: '''
	Smoke test accessing lc_ctrl state transition datapath.

	Stimulus:
	- Initialize lc_ctrl by sending pwrmgr req and otp_ctrl valid random data
	- Request a valid next LC state by writing CSRs: `transition_target`,
	`transition_token*`, and `transition_cmd`

	Checks:
	- After lc_ctrl initialization finishes, check lc_ctrl broadcast outputs, check
	the value of lc_state and lc_transition_cnt CSRs, and check device_id and id_state
	CSRs
	- After lc_ctrl state transition request, check status to ensure the transition is
	valid and successful
	- Check token matching for both conditional and unconditional requests
	- Once the transition is successful, check lc_ctrl broadcast outputs are all turned off
	'''
	milestone: V1
	tests: ["lc_ctrl_smoke"]
	}
	{
	name: state_post_trans
	desc: '''
	This test is based on smoke test.
	After smoke sequence, this test adds additional lc_state transition request before
	issuing reset. This should happen regardless if the transition is successful.
	Use scoreboard to ensure lc_ctrl ignores this additional lc_state transition request
	and check state count.
	'''
	milestone: V2
	tests: []
	}
	{
	name: regwen_during_op
	desc: '''
	`Transition_regwen` is RO register and it gates bunch of write access of other
	registers.

	Checks:
	- Check `transition_regwen` register is set to 1 during lc_state transition request
	- Check that accessing its locked CSRs is gated during the transition operation
	'''
	milestone: V2
	tests: []
	}
	{
	name: lc_prog_failure
	desc: '''
	This test checks lc_program failure by setting the error bit after otp program request.

	Checks:
	- Check if status register reflects the correct error bit
	- Check if lc_program_failure alert is triggered
	- Check if lc_state moves to escalation state
	'''
	milestone: V2
	tests: []
	}
	{
	name: lc_state_failure
	desc: '''
	This test checks lc_state failure by:
	- Driving invalid data to lc_ctrl input `otp_lc_data_i` fields `lc_state` and `lc_cnt`
	- Backdoor changing lc_ctrl FSM's to invalid value
	For invalid value, the testbench will test using random value and valid `A/B/C/D`
	values with different orders.

	Checks:
	- Check if status register reflects the correct error bit
	- Check if lc_state_failure alert is triggered
	- Check if lc_state moves to escalation state
	'''
	milestone: V2
	tests: []
	}
	{
	name: lc_errors
	desc: '''
	This test randomly executes the error senarios:
	- Otp_ctrl input lc_trans_cnt reaches 16
	- Lc_ctrl state transition request is invalid
	- Input LC token does not match the output from otp_ctrl
	- Flash rma responses to lc_ctrl request with error
	- LC clock bypass responses with error
	- Input otp_lc_data's error bit is set to 1
	Note that all the above scenarios except the last one requires a reset to recover.

	Checks:
	- Check if status register reflects the correct error bit
	- Check if lc_state moves to correct exit state
	- Check if lc_trans_cnt is incremented
	'''
	milestone: V2
	tests: []
	}
	{
	name: security_escalation
	desc: '''
	This test checks two security escalation responses:
	1. Wipe secrets: permanently asserts lc_escalate_en signal
	2. Scrap state: lc_ctrl moves to escalation state, check the state will be cleared up
	upon next power cycle
	'''
	milestone: V2
	tests: []
	}
	{
	name: jtag_access
	desc: '''
	This test checks jtag debug interface in lc_ctrl.
	This test will use both JTAG TAP and TLUL to access the CSR space.
	All above CSR sequences should be accessible via both interfaces.
	'''
	milestone: V2
	tests: []
	}
	{
	name: jtag_priority
	desc: '''
	This test covers a corner case in JTAG and TLUL interfaces.

	Stimulus:
	- Issue mux_claim operation from TLUL and JTAG interfaces at the same time

	Checks:
	- Ensure TAP interface has the priority
	- Ensure right after the mux_claim operation, the non-prioritized interface returns 0
	from the CSR readings. This checking ensures there is no token leakage between
	interfaces
	'''
	milestone: V2
	tests: []
	}
	]
	}