hw/ip/otbn/data/otbn_sec_cm_testplan.hjson - 3p/lowrisc/opentitan - Git at Google

 // Copyright lowRISC contributors.
 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
 // SPDX-License-Identifier: Apache-2.0

 // Security countermeasures testplan extracted from the IP Hjson using reggen.
 //
 // This testplan is auto-generated only the first time it is created. This is
 // because this testplan needs to be hand-editable. It is possible that these
 // testpoints can go out of date if the spec is updated with new
 // countermeasures. When `reggen` is invoked when this testplan already exists,
 // It checks if the list of testpoints is up-to-date and enforces the user to
 // make further manual updates.
 //
 // These countermeasures and their descriptions can be found here:
 // .../otbn/data/otbn.hjson
 //
 // It is possible that the testing of some of these countermeasures may already
 // be covered as a testpoint in a different testplan. This duplication is ok -
 // the test would have likely already been developed. We simply map those tests
 // to the testpoints below using the `tests` key.
 //
 // Please ensure that this testplan is imported in:
 // .../otbn/data/otbn_testplan.hjson
 {
   testpoints: [
     {
       name: sec_cm_mem_scramble
       desc: "Verify the countermeasure(s) MEM.SCRAMBLE."
       stage: V2S
       tests: ["otbn_smoke"]
     }
     {
       name: sec_cm_data_mem_integrity
       desc: "Verify the countermeasure(s) DATA.MEM.INTEGRITY."
       stage: V2S
       tests: ["otbn_imem_err", "otbn_dmem_err"]
     }
     {
       name: sec_cm_instruction_mem_integrity
       desc: "Verify the countermeasure(s) INSTRUCTION.MEM.INTEGRITY."
       stage: V2S
       tests: ["otbn_imem_err", "otbn_dmem_err"]
     }
     {
       name: sec_cm_bus_integrity
       desc: "Verify the countermeasure(s) BUS.INTEGRITY."
       stage: V2S
       tests: ["otbn_tl_intg_err"]
     }
     {
       name: sec_cm_controller_fsm_global_esc
       desc: "Verify the countermeasure(s) CONTROLLER.FSM.GLOBAL_ESC."
       stage: V2S
       tests: ["otbn_escalate"]
     }
     {
       name: sec_cm_controller_fsm_local_esc
       desc: "Verify the countermeasure(s) CONTROLLER.FSM.LOCAL_ESC."
       stage: V2S
       tests: ["otbn_imem_err", "otbn_dmem_err", "otbn_zero_state_err_urnd", "otbn_illegal_mem_acc"]
     }
     {
       name: sec_cm_controller_fsm_sparse
       desc: "Verify the countermeasure(s) CONTROLLER.FSM.SPARSE."
       stage: V2S
       tests: ["otbn_sec_cm"]
     }
     {
       name: sec_cm_scramble_key_sideload
       desc: "Verify the countermeasure(s) SCRAMBLE.KEY.SIDELOAD."
       stage: V2S
       tests: ["otbn_single"]
     }
     {
       name: sec_cm_scramble_ctrl_fsm_local_esc
       desc: "Verify the countermeasure(s) SCRAMBLE_CTRL.FSM.LOCAL_ESC."
       stage: V2S
       tests: ["otbn_imem_err", "otbn_dmem_err", "otbn_zero_state_err_urnd", "otbn_illegal_mem_acc"]
     }
     {
       name: sec_cm_scramble_ctrl_fsm_sparse
       desc: "Verify the countermeasure(s) SCRAMBLE_CTRL.FSM.SPARSE."
       stage: V2S
       tests: ["otbn_sec_cm"]
     }
     {
       name: sec_cm_start_stop_ctrl_fsm_global_esc
       desc: "Verify the countermeasure(s) START_STOP_CTRL.FSM.GLOBAL_ESC."
       stage: V2S
       tests: ["otbn_escalate"]
     }
     {
       name: sec_cm_start_stop_ctrl_fsm_local_esc
       desc: "Verify the countermeasure(s) START_STOP_CTRL.FSM.LOCAL_ESC."
       stage: V2S
       tests: ["otbn_imem_err", "otbn_dmem_err", "otbn_zero_state_err_urnd", "otbn_illegal_mem_acc"]
     }
     {
       name: sec_cm_start_stop_ctrl_fsm_sparse
       desc: "Verify the countermeasure(s) START_STOP_CTRL.FSM.SPARSE."
       stage: V2S
       tests: ["otbn_sec_cm"]
     }
     {
       name: sec_cm_data_reg_sw_sca
       desc: "Verify the countermeasure(s) DATA_REG_SW.SCA."
       stage: V2S
       tests: ["otbn_single"]
     }
     {
       name: sec_cm_ctrl_redun
       desc: "Verify the countermeasure(s) CTRL.REDUN."
       stage: V2S
       tests: ["otbn_ctrl_redun"]
     }
     {
       name: sec_cm_pc_ctrl_flow_redun
       desc: ''' Verify the countermeasure(s) PC.CTRL_FLOW.REDUN.
                 Wait for a read request and istrn fetch request valid.
                 Corrupt the insn_prefetch_addr.
             '''
       stage: V2S
       tests: ["otbn_pc_ctrl_flow_redun"]
     }
     {
       name: sec_cm_rnd_bus_consistency
       desc: '''
       RND.BUS.CONSISTENCY:
       Expect to trigger RND_FIPS_CHK_FAIL recoverable error for FIPS bit being low in any word of the received RND data.
       '''
       stage: V2S
       tests: ["otbn_rnd_sec_cm"]
     }
     {
       name: sec_cm_rnd_rng_digest
       desc: '''
       RND.RNG.DIGEST:
       Randomly send the same EDN word for incoming RND data.
       Expect to trigger RND_REP_CHK_FAIL recoverable error for repeated EDN words.
       '''
       stage: V2S
       tests: ["otbn_rnd_sec_cm"]
     }
     {
       name: sec_cm_rf_base_data_reg_sw_integrity
       desc: "Verify the countermeasure(s) RF_BASE.DATA_REG_SW.INTEGRITY."
       stage: V2S
       tests: ["otbn_csr_rw"]
     }
     {
       name: sec_cm_rf_base_data_reg_sw_glitch_detect
       desc: "Verify the countermeasure(s) RF_BASE.DATA_REG_SW.GLITCH_DETECT."
       stage: V2S
       tests: ["otbn_sec_cm"]
     }
     {
       name: sec_cm_stack_wr_ptr_ctr_redun
       desc: "Verify the countermeasure(s) STACK_WR_PTR.CTR.REDUN."
       stage: V2S
       tests: ["otbn_sec_cm"]
     }
     {
       name: sec_cm_rf_bignum_data_reg_sw_integrity
       desc: "Verify the countermeasure(s) RF_BIGNUM.DATA_REG_SW.INTEGRITY."
       stage: V2S
       tests: ["otbn_csr_rw"]
     }
     {
       name: sec_cm_rf_bignum_data_reg_sw_glitch_detect
       desc: "Verify the countermeasure(s) RF_BIGNUM.DATA_REG_SW.GLITCH_DETECT."
       stage: V2S
       tests: ["otbn_sec_cm"]
     }
     {
       name: sec_cm_loop_stack_ctr_redun
       desc: "Verify the countermeasure(s) LOOP_STACK.CTR.REDUN."
       stage: V2S
       tests: ["otbn_sec_cm"]
     }
     {
       name: sec_cm_loop_stack_addr_integrity
       desc: "Verify the countermeasure(s) LOOP_STACK.ADDR.INTEGRITY."
       stage: V2S
       tests: ["otbn_stack_addr_integ_chk"]
     }
     {
       name: sec_cm_call_stack_addr_integrity
       desc: "Verify the countermeasure(s) CALL_STACK.ADDR.INTEGRITY."
       stage: V2S
       tests: ["otbn_stack_addr_integ_chk"]
     }
     {
       name: sec_cm_start_stop_ctrl_state_consistency
       desc: "Verify the countermeasure(s) START_STOP_CTRL.STATE.CONSISTENCY."
       stage: V2S
       tests: ["otbn_sec_wipe_err"]
     }
     {
       name: sec_cm_data_mem_sec_wipe
       desc: "Verify the countermeasure(s) DATA.MEM.SEC_WIPE."
       stage: V2S
       tests: ["otbn_single"]
     }
     {
       name: sec_cm_instruction_mem_sec_wipe
       desc: "Verify the countermeasure(s) INSTRUCTION.MEM.SEC_WIPE."
       stage: V2S
       tests: ["otbn_single"]
     }
     {
       name: sec_cm_data_reg_sw_sec_wipe
       desc: "Verify the countermeasure(s) DATA_REG_SW.SEC_WIPE."
       stage: V2S
       tests: ["otbn_single"]
     }
     {
       name: sec_cm_write_mem_integrity
       desc: "Verify the countermeasure(s) WRITE.MEM.INTEGRITY."
       stage: V2S
       tests: ["otbn_multi"]
     }
     {
       name: sec_cm_ctrl_flow_count
       desc: "Verify the countermeasure(s) CTRL_FLOW.COUNT."
       stage: V2S
       tests: ["otbn_single"]
     }
     {
       name: sec_cm_ctrl_flow_sca
       desc: "Verify the countermeasure(s) CTRL_FLOW.SCA."
       stage: V2S
       tests: ["otbn_single"]
     }
     {
       name: sec_cm_data_mem_sw_noaccess
       desc: "Verify the countermeasure(s) DATA.MEM.SW_NOACCESS."
       stage: V2S
       tests: ["otbn_sw_no_acc"]
     }
     {
       name: sec_cm_key_sideload
       desc: '''Verify the countermeasure(s) SCRAMBLE.KEY.SIDELOAD.

             Simulation can't really prove that the sideload key is unreachable by SW.
             However, from defined CSRs and memory returned data, there is no way to read
             scramble key by SW.
             '''
       stage: V2S
       tests: ["{name}_smoke"]
     }
     {
       name: sec_cm_tlul_fifo_ctr_redun
       desc: "Verify the countermeasure(s) TLUL_FIFO.CTR.REDUN."
       stage: V2S
       tests: ["{name}_sec_cm"]
     }
   ]
 }
	// Copyright lowRISC contributors.
	// Licensed under the Apache License, Version 2.0, see LICENSE for details.
	// SPDX-License-Identifier: Apache-2.0

	// Security countermeasures testplan extracted from the IP Hjson using reggen.
	//
	// This testplan is auto-generated only the first time it is created. This is
	// because this testplan needs to be hand-editable. It is possible that these
	// testpoints can go out of date if the spec is updated with new
	// countermeasures. When `reggen` is invoked when this testplan already exists,
	// It checks if the list of testpoints is up-to-date and enforces the user to
	// make further manual updates.
	//
	// These countermeasures and their descriptions can be found here:
	// .../otbn/data/otbn.hjson
	//
	// It is possible that the testing of some of these countermeasures may already
	// be covered as a testpoint in a different testplan. This duplication is ok -
	// the test would have likely already been developed. We simply map those tests
	// to the testpoints below using the `tests` key.
	//
	// Please ensure that this testplan is imported in:
	// .../otbn/data/otbn_testplan.hjson
	{
	testpoints: [
	{
	name: sec_cm_mem_scramble
	desc: "Verify the countermeasure(s) MEM.SCRAMBLE."
	stage: V2S
	tests: ["otbn_smoke"]
	}
	{
	name: sec_cm_data_mem_integrity
	desc: "Verify the countermeasure(s) DATA.MEM.INTEGRITY."
	stage: V2S
	tests: ["otbn_imem_err", "otbn_dmem_err"]
	}
	{
	name: sec_cm_instruction_mem_integrity
	desc: "Verify the countermeasure(s) INSTRUCTION.MEM.INTEGRITY."
	stage: V2S
	tests: ["otbn_imem_err", "otbn_dmem_err"]
	}
	{
	name: sec_cm_bus_integrity
	desc: "Verify the countermeasure(s) BUS.INTEGRITY."
	stage: V2S
	tests: ["otbn_tl_intg_err"]
	}
	{
	name: sec_cm_controller_fsm_global_esc
	desc: "Verify the countermeasure(s) CONTROLLER.FSM.GLOBAL_ESC."
	stage: V2S
	tests: ["otbn_escalate"]
	}
	{
	name: sec_cm_controller_fsm_local_esc
	desc: "Verify the countermeasure(s) CONTROLLER.FSM.LOCAL_ESC."
	stage: V2S
	tests: ["otbn_imem_err", "otbn_dmem_err", "otbn_zero_state_err_urnd", "otbn_illegal_mem_acc"]
	}
	{
	name: sec_cm_controller_fsm_sparse
	desc: "Verify the countermeasure(s) CONTROLLER.FSM.SPARSE."
	stage: V2S
	tests: ["otbn_sec_cm"]
	}
	{
	name: sec_cm_scramble_key_sideload
	desc: "Verify the countermeasure(s) SCRAMBLE.KEY.SIDELOAD."
	stage: V2S
	tests: ["otbn_single"]
	}
	{
	name: sec_cm_scramble_ctrl_fsm_local_esc
	desc: "Verify the countermeasure(s) SCRAMBLE_CTRL.FSM.LOCAL_ESC."
	stage: V2S
	tests: ["otbn_imem_err", "otbn_dmem_err", "otbn_zero_state_err_urnd", "otbn_illegal_mem_acc"]
	}
	{
	name: sec_cm_scramble_ctrl_fsm_sparse
	desc: "Verify the countermeasure(s) SCRAMBLE_CTRL.FSM.SPARSE."
	stage: V2S
	tests: ["otbn_sec_cm"]
	}
	{
	name: sec_cm_start_stop_ctrl_fsm_global_esc
	desc: "Verify the countermeasure(s) START_STOP_CTRL.FSM.GLOBAL_ESC."
	stage: V2S
	tests: ["otbn_escalate"]
	}
	{
	name: sec_cm_start_stop_ctrl_fsm_local_esc
	desc: "Verify the countermeasure(s) START_STOP_CTRL.FSM.LOCAL_ESC."
	stage: V2S
	tests: ["otbn_imem_err", "otbn_dmem_err", "otbn_zero_state_err_urnd", "otbn_illegal_mem_acc"]
	}
	{
	name: sec_cm_start_stop_ctrl_fsm_sparse
	desc: "Verify the countermeasure(s) START_STOP_CTRL.FSM.SPARSE."
	stage: V2S
	tests: ["otbn_sec_cm"]
	}
	{
	name: sec_cm_data_reg_sw_sca
	desc: "Verify the countermeasure(s) DATA_REG_SW.SCA."
	stage: V2S
	tests: ["otbn_single"]
	}
	{
	name: sec_cm_ctrl_redun
	desc: "Verify the countermeasure(s) CTRL.REDUN."
	stage: V2S
	tests: ["otbn_ctrl_redun"]
	}
	{
	name: sec_cm_pc_ctrl_flow_redun
	desc: ''' Verify the countermeasure(s) PC.CTRL_FLOW.REDUN.
	Wait for a read request and istrn fetch request valid.
	Corrupt the insn_prefetch_addr.
	'''
	stage: V2S
	tests: ["otbn_pc_ctrl_flow_redun"]
	}
	{
	name: sec_cm_rnd_bus_consistency
	desc: '''
	RND.BUS.CONSISTENCY:
	Expect to trigger RND_FIPS_CHK_FAIL recoverable error for FIPS bit being low in any word of the received RND data.
	'''
	stage: V2S
	tests: ["otbn_rnd_sec_cm"]
	}
	{
	name: sec_cm_rnd_rng_digest
	desc: '''
	RND.RNG.DIGEST:
	Randomly send the same EDN word for incoming RND data.
	Expect to trigger RND_REP_CHK_FAIL recoverable error for repeated EDN words.
	'''
	stage: V2S
	tests: ["otbn_rnd_sec_cm"]
	}
	{
	name: sec_cm_rf_base_data_reg_sw_integrity
	desc: "Verify the countermeasure(s) RF_BASE.DATA_REG_SW.INTEGRITY."
	stage: V2S
	tests: ["otbn_csr_rw"]
	}
	{
	name: sec_cm_rf_base_data_reg_sw_glitch_detect
	desc: "Verify the countermeasure(s) RF_BASE.DATA_REG_SW.GLITCH_DETECT."
	stage: V2S
	tests: ["otbn_sec_cm"]
	}
	{
	name: sec_cm_stack_wr_ptr_ctr_redun
	desc: "Verify the countermeasure(s) STACK_WR_PTR.CTR.REDUN."
	stage: V2S
	tests: ["otbn_sec_cm"]
	}
	{
	name: sec_cm_rf_bignum_data_reg_sw_integrity
	desc: "Verify the countermeasure(s) RF_BIGNUM.DATA_REG_SW.INTEGRITY."
	stage: V2S
	tests: ["otbn_csr_rw"]
	}
	{
	name: sec_cm_rf_bignum_data_reg_sw_glitch_detect
	desc: "Verify the countermeasure(s) RF_BIGNUM.DATA_REG_SW.GLITCH_DETECT."
	stage: V2S
	tests: ["otbn_sec_cm"]
	}
	{
	name: sec_cm_loop_stack_ctr_redun
	desc: "Verify the countermeasure(s) LOOP_STACK.CTR.REDUN."
	stage: V2S
	tests: ["otbn_sec_cm"]
	}
	{
	name: sec_cm_loop_stack_addr_integrity
	desc: "Verify the countermeasure(s) LOOP_STACK.ADDR.INTEGRITY."
	stage: V2S
	tests: ["otbn_stack_addr_integ_chk"]
	}
	{
	name: sec_cm_call_stack_addr_integrity
	desc: "Verify the countermeasure(s) CALL_STACK.ADDR.INTEGRITY."
	stage: V2S
	tests: ["otbn_stack_addr_integ_chk"]
	}
	{
	name: sec_cm_start_stop_ctrl_state_consistency
	desc: "Verify the countermeasure(s) START_STOP_CTRL.STATE.CONSISTENCY."
	stage: V2S
	tests: ["otbn_sec_wipe_err"]
	}
	{
	name: sec_cm_data_mem_sec_wipe
	desc: "Verify the countermeasure(s) DATA.MEM.SEC_WIPE."
	stage: V2S
	tests: ["otbn_single"]
	}
	{
	name: sec_cm_instruction_mem_sec_wipe
	desc: "Verify the countermeasure(s) INSTRUCTION.MEM.SEC_WIPE."
	stage: V2S
	tests: ["otbn_single"]
	}
	{
	name: sec_cm_data_reg_sw_sec_wipe
	desc: "Verify the countermeasure(s) DATA_REG_SW.SEC_WIPE."
	stage: V2S
	tests: ["otbn_single"]
	}
	{
	name: sec_cm_write_mem_integrity
	desc: "Verify the countermeasure(s) WRITE.MEM.INTEGRITY."
	stage: V2S
	tests: ["otbn_multi"]
	}
	{
	name: sec_cm_ctrl_flow_count
	desc: "Verify the countermeasure(s) CTRL_FLOW.COUNT."
	stage: V2S
	tests: ["otbn_single"]
	}
	{
	name: sec_cm_ctrl_flow_sca
	desc: "Verify the countermeasure(s) CTRL_FLOW.SCA."
	stage: V2S
	tests: ["otbn_single"]
	}
	{
	name: sec_cm_data_mem_sw_noaccess
	desc: "Verify the countermeasure(s) DATA.MEM.SW_NOACCESS."
	stage: V2S
	tests: ["otbn_sw_no_acc"]
	}
	{
	name: sec_cm_key_sideload
	desc: '''Verify the countermeasure(s) SCRAMBLE.KEY.SIDELOAD.

	Simulation can't really prove that the sideload key is unreachable by SW.
	However, from defined CSRs and memory returned data, there is no way to read
	scramble key by SW.
	'''
	stage: V2S
	tests: ["{name}_smoke"]
	}
	{
	name: sec_cm_tlul_fifo_ctr_redun
	desc: "Verify the countermeasure(s) TLUL_FIFO.CTR.REDUN."
	stage: V2S
	tests: ["{name}_sec_cm"]
	}
	]
	}