[dv] Split sec_cm_testplan into multiple testplans
Addressed Sri's comment in #8481
Signed-off-by: Weicai Yang <weicai@google.com>
diff --git a/hw/dv/tools/dvsim/testplans/sec_cm_count_testplan.hjson b/hw/dv/tools/dvsim/testplans/sec_cm_count_testplan.hjson
new file mode 100644
index 0000000..71cdfb1
--- /dev/null
+++ b/hw/dv/tools/dvsim/testplans/sec_cm_count_testplan.hjson
@@ -0,0 +1,29 @@
+// Copyright lowRISC contributors.
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+{
+ testpoints: [
+ {
+ name: prim_count_check
+ desc: ''' Verify that violating prim_count counter properties generate a fatal alert.
+
+ Stimulus:
+ - At the falling edge (non-active edge), force the counter to a different value than
+ expected.
+ - Randomly force the counter back to a normal value to ensure the error is latched and
+ won't go away until reset.
+ - Within the next few cycles, the violation of hardened counter property should
+ generate a fatal alert.
+ - Repeat for ALL prim_count instances in the DUT.
+
+ Checks:
+ - Check that fatal alert is triggered.
+ - Check that err_code/fault_status is updated correctly and preserved until reset.
+ - Verify any operations that follow fail (as applicable).
+ '''
+ milestone: V2S
+ tests: ["{name}_sec_cm"]
+ }
+ ]
+}
+
diff --git a/hw/dv/tools/dvsim/testplans/sec_cm_fsm_testplan.hjson b/hw/dv/tools/dvsim/testplans/sec_cm_fsm_testplan.hjson
new file mode 100644
index 0000000..1772619
--- /dev/null
+++ b/hw/dv/tools/dvsim/testplans/sec_cm_fsm_testplan.hjson
@@ -0,0 +1,28 @@
+// Copyright lowRISC contributors.
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+{
+ testpoints: [
+ {
+ name: prim_fsm_check
+ desc: ''' Verify that entering to an undefined state generates a fatal alert.
+
+ Stimulus:
+ - Backdoor force the FSM to any of the undefined values.
+ - Randomly force the FSM back to a defined state to ensure the error is latched and
+ won't go away until reset.
+ - Within the next few cycles, the FSM landing in an invalid state should trigger a
+ fatal alert.
+ - Repeat for ALL prim_fsm instances in the DUT.
+
+ Checks:
+ - Check that fatal alert is triggered.
+ - Check that err_code/fault_status is updated correctly and preserved until reset.
+ - Verify any operations that follow fail (as applicable).
+ '''
+ milestone: V2S
+ tests: ["{name}_sec_cm"]
+ }
+ ]
+}
+
diff --git a/hw/dv/tools/dvsim/testplans/sec_cm_one_hot_testplan.hjson b/hw/dv/tools/dvsim/testplans/sec_cm_one_hot_testplan.hjson
new file mode 100644
index 0000000..037c3f1
--- /dev/null
+++ b/hw/dv/tools/dvsim/testplans/sec_cm_one_hot_testplan.hjson
@@ -0,0 +1,29 @@
+// Copyright lowRISC contributors.
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+{
+ testpoints: [
+ {
+ name: prim_one_hot_check
+ desc: ''' Verify that violating one-hot property generates a fatal alert.
+
+ One-hot encoded signals are captured in `prim_one_hot` module.
+ Stimulus:
+ - Backdoor force the one-hot coding signals with multiple bits set.
+ - Randomly force the value to one-hot to ensure the error is latched and won't go away
+ until reset.
+ - Within the next few cycles, the violation of one-hot property should generate a fatal
+ alert.
+ - Repeat for ALL prim_one_hot instances in the DUT.
+
+ Checks:
+ - Check that fatal alert is triggered.
+ - Check that err_code/fault_status is updated correctly and preserved until reset.
+ - Verify any operations that follow fail (as applicable).
+ '''
+ milestone: V2S
+ tests: ["{name}_sec_cm"]
+ }
+ ]
+}
+
diff --git a/hw/dv/tools/dvsim/testplans/sec_cm_testplan.hjson b/hw/dv/tools/dvsim/testplans/sec_cm_testplan.hjson
deleted file mode 100644
index 351420f..0000000
--- a/hw/dv/tools/dvsim/testplans/sec_cm_testplan.hjson
+++ /dev/null
@@ -1,52 +0,0 @@
-// Copyright lowRISC contributors.
-// Licensed under the Apache License, Version 2.0, see LICENSE for details.
-// SPDX-License-Identifier: Apache-2.0
-{
- // TODO, split this into several testplan for each CM
- testpoints: [
- {
- name: one_hot_check
- desc: ''' Verify design behavior is correct when one-hot coding is violated.
-
- Stimulus:
- - Backdoor force one-hot coding signals to not one-hot.
- - Randomly flip the value back to ensure the error is latched and won't go away until
- reset.
-
- Checks:
- - Check that fatal alert is triggered.
- - Check that err_code/fault_status is updated correctly and preserved until reset.
- - Check the following operation should be failed if applicable.'''
- milestone: V2S
- tests: ["{name}_sec_cm"]
- }
- {
- name: redundant_coding_fsm_check
- desc: ''' Verify design behavior is correct when the redundant FSM enters an invalid state.
-
- Stimulus:
- - Backdoor force the FSM to any of the undefined values.
- - Randomly flip the value back to a defined state to ensure the error is latched and
- won't go away until reset.
-
- Same checks as `one_hot_check`'''
- milestone: V2S
- tests: ["{name}_sec_cm"]
- }
- {
- name: hardened_counter_check
- desc: ''' Verify design behavior is correct when the harden counter is changed to an
- unexpected value.
-
- Stimulus:
- - At the falling edge (non-active edge), force the counter to a different value.
- - Randomly flip the value back to any other value to ensure the error is latched and
- won't go away until reset.
-
- Same checks as `one_hot_check`'''
- milestone: V2S
- tests: ["{name}_sec_cm"]
- }
- ]
-}
-
diff --git a/hw/ip/keymgr/data/keymgr_testplan.hjson b/hw/ip/keymgr/data/keymgr_testplan.hjson
index 577eb52..4d38968 100644
--- a/hw/ip/keymgr/data/keymgr_testplan.hjson
+++ b/hw/ip/keymgr/data/keymgr_testplan.hjson
@@ -8,7 +8,8 @@
"hw/dv/tools/dvsim/testplans/alert_test_testplan.hjson",
"hw/dv/tools/dvsim/testplans/tl_device_access_types_testplan.hjson",
"hw/dv/tools/dvsim/testplans/shadow_reg_errors_testplan.hjson",
- "hw/dv/tools/dvsim/testplans/sec_cm_testplan.hjson",
+ "hw/dv/tools/dvsim/testplans/sec_cm_count_testplan.hjson",
+ "hw/dv/tools/dvsim/testplans/sec_cm_fsm_testplan.hjson",
"hw/dv/tools/dvsim/testplans/stress_all_with_reset_testplan.hjson"]
testpoints: [
{
@@ -179,12 +180,22 @@
tests: ["keymgr_sync_async_fault_cross"]
}
{
- name: sec_cm_check
+ name: stress_all
desc: '''
- Verify the outcome after injecting faults into security countermeasures.
+ - Combine above sequences in one test to run sequentially, except csr sequence and
+ keymgr_cfg_regwen (requires zero_delays).
+ - Randomly add reset between each sequence.
+ '''
+ milestone: V2
+ tests: ["keymgr_stress_all"]
+ }
+ {
+ name: sec_cm_additional_check
+ desc: '''
+ Verify the outcome of injecting faults to security countermeasures.
Stimulus:
- As mentioned in `sec_cm_testplan`.
+ As mentioned in `prim_count_check`, `prim_one_hot_check` and `prim_fsm_check`.
Checks:
- Besides checking alert and `fault_status`, issue an operation after injecting faults,
@@ -193,15 +204,6 @@
milestone: V2S
tests: ["keymgr_sec_cm"]
}
- {
- name: stress_all
- desc: '''
- - Combine above sequences in one test to run sequentially, except csr sequence and
- keymgr_cfg_regwen (requires zero_delays).
- - Randomly add reset between each sequence.'''
- milestone: V2
- tests: ["keymgr_stress_all"]
- }
]
covergroups: [
{
