| // Copyright lowRISC contributors. |
| // Licensed under the Apache License, Version 2.0, see LICENSE for details. |
| // SPDX-License-Identifier: Apache-2.0 |
| { |
| name: "chip" |
| |
| // TODO: remove the common testplans if not applicable |
| import_testplans: ["hw/dv/tools/dvsim/testplans/csr_testplan.hjson", |
| "hw/dv/tools/dvsim/testplans/enable_reg_testplan.hjson", |
| // TODO #5484, comment these 2 lines out because spi host memory is dummy |
| // "hw/dv/tools/dvsim/testplans/mem_testplan.hjson", |
| "hw/dv/tools/dvsim/testplans/tl_device_access_types_testplan.hjson", |
| "hw/ip/tlul/data/tlul_testplan.hjson"] |
| |
| testpoints: [ |
| /////////////////////////////////////////////////////////////////////////// |
| // IO Peripherals // |
| // UART, GPIO, I2C, SPIDEV, SPIHOST, USB, PINMUX & PADCTRL, PATTGEN, PWM // |
| /////////////////////////////////////////////////////////////////////////// |
| |
| // UART (pre-verified IP) integration tests: |
| { |
| name: chip_uart_tx_rx |
| desc: '''Verify transmission of data over the TX and RX port. |
| |
| SW test sends a known payload over the TX port. The testbench, at the same time |
| sends a known payload over RX. On reception, both payloads are checked for integrity. |
| SW validates the reception of TX watermark, RX watermark, and the TX empty interrupts. |
| Choosing the max supported baud rate for the UART is sufficient. |
| |
| Verify each UART instance at the chip level independently. Verify there is no aliasing |
| on all UART ports across the instances. |
| ''' |
| milestone: V1 |
| tests: ["chip_sw_uart_tx_rx"] |
| } |
| { |
| name: chip_uart_rx_overflow |
| desc: '''Verify the RX overflow interrupt. |
| |
| The testbench sends a random payload of size greater than the RX fifo size (32). The SW |
| ignores the received the data to allow the RX overflow interrupt to assert. |
| |
| Verify each UART instance at the chip level independently. Verify there is no aliasing |
| on all UART ports across the instances. |
| ''' |
| milestone: V1 |
| tests: ["chip_sw_uart_tx_rx"] |
| } |
| { |
| name: chip_uart_tx_rx_alt_clk_freq |
| desc: '''Verify the transmission of UART while randomizing the core clock frequency. |
| |
| Run the chip_uart_tx_rx test with the core clock frequency randomized between known |
| bounds. |
| |
| TODO: Find out what the range is for the core clock frequency randomization. |
| ''' |
| milestone: V1 |
| tests: [] |
| } |
| |
| // GPIO (pre-verified IP) integration tests: |
| { |
| name: chip_gpio_out |
| desc: '''Verify GPIO outputs. |
| |
| SW test configures the GPIOs to be in the output mode. The test walks a 1 through the |
| pins. The testbench checks the value for correctness and verifies that there is no |
| aliasing between the pins. |
| ''' |
| milestone: V1 |
| tests: ["chip_sw_gpio"] |
| } |
| { |
| name: chip_gpio_in |
| desc: '''Verify GPIO inputs. |
| |
| The SW test configures the GPIOs to be in input mode. The testbench walks a 1 through |
| the pins. SW test ensures that the GPIO values read from the CSR is correct. |
| ''' |
| milestone: V1 |
| tests: ["chip_sw_gpio"] |
| } |
| { |
| name: chip_gpio_irq |
| desc: '''Verify GPIO interrupts. |
| |
| The SW test configures the GPIOs to be in input mode and enables all of them to generate |
| an interrupt. The testbench walks a 1 through the pins. SW test ensures that the |
| interrupt corresponding to the right pin is seen. |
| ''' |
| milestone: V1 |
| tests: ["chip_sw_gpio"] |
| } |
| |
| // SPI_DEVICE (pre-verified IP) integration tests: |
| { |
| name: chip_spi_device_tx_rx |
| desc: '''Verify the transmission of data on the chip's SPI device port. |
| |
| The testbench sends a known payload over the chip's SPI device input port. The SW test, |
| at the same time sends a known payload out over the chip's SPI device output port. On |
| reception, both payloads are checked for integrity. SW validates the reception of RX |
| fifo full, RX fifo over level, TX fifo under level, RX overflow and TX underflow |
| interrupts. Run with min and max SPI clk frequencies. Also, run with single, dual and |
| quad SPI modes. Also, ensure that the spi_device does not recieve transactions when the |
| csb is high. |
| ''' |
| milestone: V2 |
| tests: ["chip_sw_spi_device_tx_rx"] |
| } |
| { |
| name: chip_spi_device_eeprom |
| desc: '''Verify the SPI device in EEPROM mode. |
| |
| SW puts the SPI device in EEPROM mode and allows a firmware image (a.k.a. a known |
| payload) to be downloaded into the in-built EEPROM. SW verifies the integrity of the |
| payload upon reception by reading the EEPROM. Details TBD since the feature is NA yet. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_spi_device_pass_through |
| desc: '''Verifies the pass through mode from an end-to-end perspective. |
| |
| - Configure the SPI device and host in pass through mode. |
| - Send a random payload over the SPI device interface (chip IOs) from the testbench. |
| - Verify the integrity of the payload received on the SPI host interface, also at chip |
| IOs. |
| - Run with min and max SPI clk frequencies. Run with single, dual and quad SPI modes. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_spi_device_pass_through_filter |
| desc: '''Verifies the command filtering mechanism in passthrough mode. |
| |
| - Extend the chip_spi_device_pass_through test. |
| - Program the cmd_filter_* CSRs to filter out certain commands. |
| - Verify that only the payloads that are not filtered show up on the SPI host interface |
| at chip IOs. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // SPI_HOST (pre-verified IP) integration tests: |
| { |
| name: chip_spi_host_tx_rx |
| desc: '''Verify the transmission of data on the chip's SPI host port. |
| |
| - Program the SPI host to send a known payload out of the chip on the SPI host ports. |
| - At the same time, the testbench transfers a known payload from device to host on the |
| SPI host interface. |
| - The SPI device monitor in the testbench grabs the host payload and verifies its |
| integrity. |
| - The SW verifies the device payload for integrity and services the SPI event interrupt. |
| - Run with min and max SPI clk frequencies and with single, dual and quad SPI modes. |
| |
| Verify all SPI host instances in the chip. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // I2C (pre-verified IP) integration tests: |
| { |
| name: chip_i2c_host_tx_rx |
| desc: '''Verify the transmission of data over the chip's I2C host interface. |
| |
| - Program the I2C to be in host mode. |
| - The SW test writes a known payload over the chip's I2C host interface, which is |
| received and verified by the testbench for correctness. |
| - SW validates the reception of FMT watermark and trans complete interrupts. |
| - Verify the virtual / true open drain capability. |
| |
| Verify all instances of I2C in the chip. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_i2c_device_tx_rx |
| desc: '''Verify the transmission of data over the chip's I2C device interface. |
| |
| - Program the I2C to be in device mode. |
| - The testbench writes a known payload over the chip's I2C device interface, which is |
| received and verified by the SW test for correctness. |
| - SW validates the reception of RX watermark and trans complete interrupts. |
| - Verify the virtual / true open drain capability. |
| |
| Verify all instances of I2C in the chip. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // USB (pre-verified IP) integration tests: |
| { |
| name: chip_usb_fs_se_tx_rx |
| desc: '''Verify the transmission of single-ended data over the USB at full speed. As a part of |
| this test, the enablement of USB pullup is also expected to be verified. |
| |
| Details TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_usb_fs_df_tx_rx |
| desc: '''Verify the transmission of data over the USB at full speed. As a part of this test, |
| the enablement of USB pullup is also expected to be verified. In this test, the USB is |
| configured in differential mode. |
| |
| Details TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_usb_vbus |
| desc: '''Verify that the USB device can detect the presence of VBUS from the USB host. |
| |
| TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_usb_suspend |
| desc: '''Verify that the USB device can detect the presence of VBUS from the USB host. |
| |
| TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_sleep_usb_suspend |
| desc: '''Same as the above, but tested with low power entry/exit. |
| |
| TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // PINMUX (pre-verified IP) integration tests: |
| { |
| name: chip_pin_mux |
| desc: '''Verify the MIO muxing at input and output sides. |
| |
| SW programs MIO INSEL and OUTSEL CSRs to connect and verify each muxed source. At the |
| moment, GPIOs are the only mux inputs. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_sleep_pin_mio_dio_val |
| desc: '''Verify the MIO output values in deep sleep state. |
| |
| SW programs the MIO OUTSEL CSRs to to ensure that in deep sleep it randomly picks |
| between tie-0, tie-1 or hi-Z for all muxed outputs coming from non-AON IPs. If an AON |
| peripheral output is muxed, then that peripheral's output is selected to ensure in deep |
| sleep the peripheral can continue its signaling even in deep sleep. The testbench |
| verifies the correctness of the reflected values once the chip goes into deep sleep. |
| This is replicated for DIO pins as well. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_sleep_pin_wake |
| desc: '''Verify pin wake up from deep sleep state. |
| |
| Verify one of the 8 possible MIO or DIO pad inputs (randomly configured) can cause the |
| chip to wake up from sleep state. Verifying wake on posedge is sufficient for the chip |
| level integration testing. Upon wake up, SW reads the wake cause CSR to verify |
| correctness. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // PADCTRL tests: |
| { |
| name: chip_padctrl_attributes |
| desc: '''Verify pad attribute settings for all MIO and DIO pads. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // PATTGEN (pre-verified IP) integration tests: |
| { |
| name: chip_pattgen_ios |
| desc: '''Verify pattern generation to chip output pads. |
| |
| - Program the pattgen to generate a known pattern in each lane. |
| - Program the pinmux to route the chosen output to the chip IOs. |
| - Verify that the correct pattern is seen on the IOs by hooking up the pattgen monitor. |
| - Validate the reception of the done interrupt. |
| - Verify both pattgen channels independently. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // PWM (pre-verified IP) integration tests: |
| { |
| name: chip_sleep_pwm_pulses |
| desc: '''Verify PWM signaling to chip output pads during deep sleep. |
| |
| - Program each PWM output to pulse in a known pattern. |
| - Program the pinmux to route the chosen PWM output to the chip IOs. |
| - Program the pwrmgr to go to deep sleep state, with AON timer wakeup. |
| - Initiate the sleep state by issuing a WFI. |
| - Verify that in the sleep state, the PWM signals are active and pulsing correctly, by |
| hooking up the PWM monitor. |
| - Repeat the steps for all 6 PWM signals. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| ////////////////////////////////////////////////////////////////////////////////////// |
| // System Peripherals // |
| // XBAR, RV_DM, RV_TIMER, AON_TIMER, PLIC, CLK/RST/PWR MGR, ALERT_HANDLER, LC_CTRL, // |
| // ADC_CTRL, SYSRST_CTRL // |
| ////////////////////////////////////////////////////////////////////////////////////// |
| |
| // XBAR (pre-verified IP) tests: |
| { |
| name: chip_data_integrity |
| desc: ''' |
| Verify the alert signaling mechanism due to data integrity violation. |
| |
| An automated SW test which performs the following for each IP: |
| - Pick a CSR to write. |
| - Corrupt a random control / data / integrity bit at the CPU source using SV force. |
| - Verify that the device detects the integrity violation causing an alert. |
| - Verify the alert upto the NMI stage. |
| - Now pick a CSR to read. |
| - Corrupt a random control / data / integrity bit at the device using SV force. |
| - Verify that the CPU detects the integrity violation causing an alert. |
| - Verify the alert upto the NMI stage. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // RV_DM (JTAG) tests: |
| { |
| name: chip_jtag_csr_rw |
| desc: ''' |
| Verify accessibility of CSRs as indicated in the RAL specification. |
| |
| - Shuffle the list of CSRs first to remove the effect of ordering. |
| - Write all CSRs via JTAG interface with a random value. |
| - Shuffle the list of CSRs yet again. |
| - Read all CSRs back and check their values for correctness while adhering to the CSR's |
| access policies. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_rv_dm_cpu_debug_mem |
| desc: '''Verify access to the debug mem from the CPU. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_rv_dm_jtag_debug_mem |
| desc: '''Verify access to the debug mem from the external JTAG interface. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_rv_dm_cpu_debug_req |
| desc: '''Verify debug request to Ibex while it is actively executing. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_rv_dm_ndm_reset_req |
| desc: '''Verify non-debug reset req initiated from RV_DM when the chip is awake. |
| |
| Read CSRs / mem within all IPs in the chip to ensure that they are reset to the original |
| values. Read CSRs / mem in the debug domain to ensure that the values survive the reset. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_sleep_rv_dm_ndm_reset_req |
| desc: '''Verify non-debug reset req initiated from RV_DM when the chip is in deep sleep. |
| |
| Read CSRs / mem within all IPs in the chip to ensure that they are reset to the original |
| values. Read CSRs / mem in the debug domain to ensure that the values survive the reset. |
| There are also other modules such as clk, pwr, rstmgr which survive this reset. Verify |
| those as well. |
| |
| TODO: `rv_dm` currently is not on the AON domain, so this feature does not exist ATM. |
| Need discussion with SW/Nuvoton. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_rv_dm_jtag_tap_sel |
| desc: '''Verify ability to select all available TAPs. |
| |
| Details TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_rv_dm_lc_disabled |
| desc: '''Verify that the debug capabilities are disabled in certain life cycle stages. |
| |
| Verify that the debug mem is inaccessible from the CPU as well as external JTAG. |
| Details TBD. X-ref'ed with the LC tests. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // RV_TIMER (pre-verified IP) integration tests: |
| { |
| name: chip_timer |
| desc: '''Verify the timeout interrupt assertion. |
| |
| - Configure the RV_TIMER to generate interrupt after a set timeout. |
| - Issue a WFI to wait for the interrupt to trigger. |
| - Service the interrupt when it triggers; verify that it came from rv_timer. |
| - Verify that the interrupt triggered only after the timeout elapsed. |
| ''' |
| milestone: V2 |
| tests: ["chip_sw_rv_timer_irq"] |
| } |
| |
| // AON_TIMER (pre-verified IP) integration tests: |
| { |
| name: chip_aon_timer_wakeup_irq |
| desc: '''Verify the AON timer wake up interrupt in normal operating state. |
| |
| - Program the PLIC to let the AON time wake up interrupt the CPU. |
| - Program the AON timer to generate the wake up timeout interrupt after some time. |
| - Issue a WFI to wait for the interrupt to trigger. |
| - Service the interrupt when it triggers; verify that it came from AON timer. |
| - Verify that the interrupt triggered only after the timeout elapsed. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_aon_timer_sleep_wakeup |
| desc: '''Verify that AON timer can wake up the chip from a deep sleep state. |
| |
| - Read the reset cause register in rstmgr to confirm that the SW is in the POR reset |
| phase. |
| - Program the pwrmgr to go to deep sleep state (clocks off, power off). |
| - Program the AON timer to wake up the chip in a reasonable amount of time. |
| - Have the CPU issue WFI to signal the pwrmgr to go into sleep state. |
| - Verify via assertion checks, the wake up request occurs after the timeout has elapsed. |
| - After reset followed by AON timer wake up, read the reset cause register to confirm |
| the AON timer wake up phase. |
| - After the test sequence is complete, read the wake up threshold register - it should |
| not be reset. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_aon_timer_clks_resets |
| desc: '''Verify that the correct clocks and resets are connected to the AON timer. |
| |
| - The chip_aon_timer_deep_sleep_wakeup achieves this goal. |
| - Verify via connectivity assertion checks, the right clocks and resets from clkmgr and |
| rstmgr are connected to AON timer. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_aon_timer_wdog_bark_irq |
| desc: '''Verify the watchdog bark reception in normal state. |
| |
| - Program the PLIC to let the wdog bark signal interrupt the CPU. |
| - Program the AON timer wdog to 'bark' after some time and enable the bark interrupt. |
| - Service the bark interrupt upon reception. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_aon_timer_wdog_lc_escalate |
| desc: '''Verify that the LC escalation signal disables the AON timer wdog. |
| |
| - Program the AON timer wdog to 'bark' after some time and enable the bark interrupt. |
| - Program the alert handler to escalate on alerts upto phase 1 (i.e. stop after wipe |
| secrets). |
| - Trigger an alert to cause an escalation condition before the wakeup signal asserts. |
| - Wait for sufficiently long time to ensure that the bark interrupt does not trigger, |
| to prove that the wdog was disabled. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_aon_timer_wdog_bite_reset |
| desc: '''Verify the watchdog bite causing reset in the normal state. |
| |
| - Read the reset cause register in rstmgr to confirm that the SW is in the POR reset |
| phase. |
| - Program the AON timer wdog to 'bark' after some time. |
| - Let the bark escalate to bite, which should result in a reset request. |
| - After reset, read the reset cause register in rstmgr to confirm that the SW is now in |
| the wdog reset phase. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_aon_timer_sleep_wdog_bite_reset |
| desc: '''Verify the watchdog bite causing reset in sleep state. |
| |
| - Repeat the steps in chip_aon_timer_wdog_bite_reset test, but with following changes: |
| - Program the pwrmgr to go to deep sleep state (clocks off, power off). |
| - Issue a WFI after programming the wdog, so that the reset request due to bite occurs |
| during deep sleep state. |
| - After reset, read the reset cause register in rstmgr to confirm that the SW is now in |
| the wdog reset phase. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_aon_timer_sleep_wdog_sleep_pause |
| desc: '''Verify that the wdog can be paused in sleep state. |
| |
| - Repeat the steps in chip_aon_timer_sleep_wakeup test, but with following changes: |
| - Program the wdog to 'bite' a little sooner than the AON timer wake up. |
| - Also, program the wdog to pause during sleep. |
| - Issue a WFI after programming the wdog, so that the reset request occurs during deep |
| sleep state. |
| - After reset followed by AON timer wake up, read the reset cause register to confirm |
| that the AON timer woke up the chip, not the wdog reset. |
| - Un-pause the wdog and service the bark interrupt. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // PLIC (pre-verified IP) integration tests: |
| { |
| name: chip_plic_all_irqs |
| desc: '''Verify all interrupts from all peripherals aggregated at the PLIC. |
| |
| The automated SW test enables all interrupts at the PLIC to interrupt the core. It uses |
| the `intr_test` CSR in each peripheral to mock assert an interrupt, looping through all |
| available interrupts in that peripheral. The ISR verifies that the right interrupt |
| occurred. This is used as a catch-all interrupt test for all peripheral integration |
| testing within which functionally asserting an interrupt is hard to achieve or not of |
| high value. |
| ''' |
| milestone: V2 |
| tests: [""] |
| } |
| { |
| name: chip_plic_sw_irq |
| desc: '''Verify the SW interrupt to the CPU. |
| |
| Enable all peripheral interrupts at PLIC. Enable all types of interrupt at the CPU core. |
| Write to the MSIP CSR to generate a SW interrupt to the CPU. Verify that the only |
| interrupt that is seen is the SW interrupt. |
| ''' |
| milestone: V2 |
| tests: [""] |
| } |
| { |
| name: chip_plic_nmi_irq |
| desc: '''Verify the NMI interrupt to the CPU and correctness of the cause. |
| |
| TBD if multiple NMI irqs are OR-ed into the CPU (example - NMI from alert handler and |
| the watchdog bark), then map each test to this testpoint. |
| ''' |
| milestone: V2 |
| tests: [""] |
| } |
| |
| // CLKMGR tests: |
| { |
| name: chip_sw_clk_off_trans |
| desc: '''Verify the ability to turn off the transactional clock via SW. |
| |
| Ensure that activity in any of the IPs running on this clock prevents the clock from |
| actually being turned off. Verify that turning off this clock does not affect the other |
| derived clocks. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_sw_clk_off_peri |
| desc: '''Verify the ability to turn off the peripheral clock via SW. |
| |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_clk_div |
| desc: '''Verify clk division logic is working correctly. |
| |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_clkmgr_external_clk_src |
| desc: '''Verify the clkmgr switches to the correct clk src during certain LC states. |
| |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // PWRMGR tests: |
| { |
| name: chip_pwrmgr_cold_boot |
| desc: '''Verify the cold boot sequence through the wiggling of `por_rst_n`. |
| |
| This mainly ensures that both FSMs are properly reset on the POR signal. Details TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_pwrmgr_sleep_all_wake_ups |
| desc: '''Verify that the chip can go into normal sleep state and be woken up by ALL wake up |
| sources. |
| |
| This verifies ALL wake up sources. This also verifies that the pwrmgr sequencing is |
| working correctly as expected. X-ref'ed with all individual IP tests. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_pwrmgr_sleep_all_reset_reqs |
| desc: '''Verify that the chip can go into normal sleep state and be reset by ALL reset req |
| sources. |
| |
| This verifies ALL reset sources. This also verifies that the pwrmgr sequencing is |
| working correctly as expected. X-ref'ed with all individual IP tests. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_pwrmgr_deep_sleep_all_wake_ups |
| desc: '''Verify that the chip can go into deep sleep state and be woken up by ALL wake up |
| sources. |
| |
| This verifies ALL wake up sources. This also verifies that the pwrmgr sequencing is |
| working correctly as expected. X-ref'ed with all individual IP tests. |
| ''' |
| milestone: V2 |
| tests: ["chip_dif_pwrmgr_smoketest", |
| "chip_sw_pwrmgr_usbdev_smoketest"] |
| } |
| { |
| name: chip_pwrmgr_deep_sleep_all_reset_reqs |
| desc: '''Verify that the chip can go into deep sleep state and be reset up by ALL reset req |
| sources. |
| |
| This verifies ALL reset sources. This also verifies that the pwrmgr sequencing is |
| working correctly as expected. X-ref'ed with all individual IP tests. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_pwrmgr_all_reset_reqs |
| desc: '''Verify that the chip can be reset by ALL available reset sources. |
| |
| This verifies ALL reset sources. This also verifies that the pwrmgr sequencing is |
| working correctly as expected. X-ref'ed with all individual IP tests. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_pwrmgr_bad_main_pok |
| desc: '''Verify the effect of main_pok de-assertion in the middle of low power entry / exit |
| FSM transition. |
| |
| The main_pok from AST is randomly forced to flip while in the middle of a FSM |
| transition. This is done on all normal / deep sleep / reset request tests. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_pwrmgr_b2b_sleep_reset_req |
| desc: '''Verify that the pwrmge sequences sleep_req and reset req coming in almost at the same |
| time, one after the other. |
| |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_pwrmgr_debug_sleep |
| desc: '''Verify that when the chip being in "debuggable" state prevent the low power entry. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_pwrmgr_sleep_wake_req_disabled |
| desc: '''Verify that the chip cannot be woken up from sleep from a wake up source that is |
| disabled. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_pwrmgr_reset_req_disabled |
| desc: '''Verify that the chip cannot be reset from a reset source that is disabled. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_pwrmgr_sleep_reset_req_disabled |
| desc: '''Verify that the chip cannot be woken up from sleep from a reset source that is |
| disabled. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_pwrmgr_sleep_disabled |
| desc: '''Verify that the chip does not go to sleep on WFI when low power hint is 0. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_pwrmgr_sleep_wake_up_fall_through |
| desc: '''Verify that the chip sleep falls through when an interrupt arrives just in time |
| before the pwrmgr iniitates the low power entry. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_pwrmgr_sleep_abort |
| desc: '''Verify that the chip sleep transition aborts due to an active flash / lifecycle / OTP |
| transaction. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| |
| // RSTMGR tests: |
| |
| // ALERT_HANDLER (pre-verified IP) integration tests: |
| { |
| name: chip_alert_handler_alerts |
| desc: '''Verify all alerts coming into the alert_handler. |
| |
| An automated SW test, which does the following (applies to all alerts in all IPs): |
| - Program the alert_test CSR in each block to trigger each alert one by one. |
| - Ensure that all alerts are properly connected to the alert handler and cause the |
| escalation paths to trigger. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_alert_handler_escalations |
| desc: '''Verify all alert escalation paths. |
| |
| Verify all escalation paths triggered by an alert. |
| - Verify the first escalation results in NMI interrupt serviced by the CPU. |
| - Verify the second results in device secrets to be wiped - read via SW to confirm. |
| - Verify the third results in device being put in scrap state, via the LC JTAG TAP. |
| - Verify the fourth results in chip reset. |
| - Ensure that all escalation handshakes complete without errors. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_alert_handler_irqs |
| desc: '''Verify all classes of alert handler interrupts to the CPU. |
| |
| X-ref'ed with the automated PLIC test. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_alert_handler_entropy |
| desc: '''Verify the alert handler entropy input to ensure pseudo-random ping timer. |
| |
| - Force `alert_handler_ping_timer` input signal `wait_cyc_mask_i` to `4'bff` to shorten |
| the simulation time. |
| - Verify that the alert_handler can request EDN to provide entropy. |
| - Ensure that the alert ping handshake to all alert sources and escalation receivers |
| complete without errors. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_alert_handler_edn_reset |
| desc: '''Verify that the EDN clock / reset is connected to alert_handler. |
| |
| - Ensure that the ping timer LFSR resets when the EDN logic is held in reset. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_alert_handler_crashdump |
| desc: '''Verify the alert handler crashdump signal. |
| |
| When the chip resets due to alert escalating to cause the chip to reset, verify the |
| reset cause to verify the alert crashdump. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // LC_CTRL (pre-verified IP) integration tests: |
| { |
| name: chip_lc_ctrl_alert_handler_escalation |
| desc: '''Verify that the escalation signals from the alert handler are connected to LC ctrl. |
| |
| - Trigger an alert to initiate the escalations. |
| - Check that the escalation signals are connected to the LC ctrl: |
| - First escalation has no effect on the LC ctrl |
| - Second escalation should cause the `lc_escalation_en` output to be asserted. Read |
| the LC_STATE CSR to confirm that it is in the escalate state. |
| - Verify that the escalate_en and check_bypass_en signals are asserted. X-ref'ed |
| with the respective IP tests that consume these signals. |
| - Third escalation should cause the LC ctrl to transition to the virtual scrap state. |
| At this stage, the CPU is not operational. Read the LC_STATE CSR via backdoor and |
| confirm that it is is in the scrap state. |
| - Verify that all decoded outputs except for escalate_en and check_bypass_en are |
| disabled. X-ref'ed with the respective IP tests that consume these signals. |
| |
| X-ref'ed with chip_lc_ctrl_broadcast test, which verifies the connectivity of the LC |
| decoded outputs to other IPs. |
| X-ref'ed with alert_handler's escalation test. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_lc_ctrl_jtag_access |
| desc: '''Verify enable to access LC ctrl via JTAG. |
| |
| Using the JTAG agent, write and read LC ctrl CSRs, verify the read value for |
| correctness. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_lc_ctrl_jtag_trst |
| desc: '''Verify the JTAG test reset input connection to LC ctrl. |
| |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_lc_ctrl_otp_hw_cfg |
| desc: '''Verify the device_ID and ID_state CSRs |
| |
| - Preload the hw_cfg partition in OTP ctrl with random data. |
| - Read the device ID and the ID state CSRs to verify their correctness. |
| - Reset the chip and repeat the first 2 steps to verify a different set of values. |
| ''' |
| milestone: V2 |
| tests: ["chip_sw_lc_ctrl_otp_hw_cfg"] |
| } |
| { |
| name: chip_lc_ctrl_init |
| desc: '''Verify the LC ctrl initialization on power up. |
| |
| Verify that the chip powers up correctly on POR. |
| - The pwrmgr initiates a handshake with OTP ctrl and later, with LC ctrl in subsequent |
| FSM states. Ensure that the whole power up sequence does not hang. |
| - Verify with connectivity assertion checks, the handshake signals are connected. |
| - Ensure that no interrupts or alerts are triggered. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_lc_ctrl_transitions |
| desc: '''Verify the LC ctrl can transition from one state to another valid state. |
| |
| - Initiate an LC ctrl state transition. |
| - Ensure that the LC program request is received by the OTP ctrl. |
| - Verify the updated data output from OTP ctrl to LC ctrl is correct. |
| - Ensure that there is no background or otp_init error. |
| - Verify that the LC ctrl has transitioned to the programmed state after a reboot. |
| |
| X-ref'ed chip_otp_ctrl_program. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_lc_ctrl_kmac_req |
| desc: '''Verify the token requested from KMAC. |
| |
| - For conditional transition, the LC ctrl will send out a token request to KMAC. |
| - Verify that the KMAC returns a hashed token, which should match one of the |
| transition token CSRs. |
| |
| X-ref'ed with chip_kmac_lc_req. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_lc_ctrl_kmac_reset |
| desc: '''Verify the effect of putting the KMAC logic in reset. |
| |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_lc_ctrl_key_div |
| desc: '''Verify the keymgr div output to keymgr. |
| |
| - Verify in different LC states, LC ctrl outputs the correct `key_div_o` to keymgr. |
| - Verify that the keymgr uses the given `key_div_o` value to compute the keys. |
| |
| X-ref'ed with chip_keymgr_lc_key_div_o. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_lc_ctrl_broadcast |
| desc: '''Verify broadcast signals from lc_ctrl. |
| |
| - Preload the LC partition in the OTP ctrl with the following states: RMA, DEV, |
| TEST_LOCKED[N] & SCRAP (tested in chip_lc_ctrl_escalation). |
| - Verify that the following broadcast signals are having the right effect in the |
| respective IPs that consume them: |
| - lc_dft_en_o: impacts clkmgr, pinmux, OTP ctrl & AST |
| - lc_nvm_debug_en_o: impacts flash ctrl |
| - lc_hw_debug_en_o: impacts pinmux, SRAM ctrl (main and ret) & the debug module |
| - lc_cpu_en_o: impacts the CPU |
| - lc_keymgr_en: impacts keymgr |
| - lc_escalate_en_o: impacts SRAM ctrl, AES & OTP ctrl |
| - lc_clk_byp_req_o: impacts clkmgr (handshake with lc_clk_byp_ack_i) |
| - lc_flash_rma_req_o: impacts flash ctrl (handshake with lc_flash_ram_ack_i) |
| - lc_flash_rma_seed_o: impacts flash ctrl |
| - lc_check_byp_en_o: impacts OTP ctrl |
| - lc_creator_seed_sw_rw_en_o: impacts flash ctrl & OTP ctrl |
| - lc_owner_seed_sw_rw_en_o: impacts flash ctrl |
| - lc_iso_part_sw_rd_en_o: impacts flash ctrl |
| - lc_iso_part_sw_wr_en_o: impacts flash ctrl |
| - lc_seed_hw_rd_en_o: impacts flash ctrl & OTP ctrl |
| |
| X-ref'ed with the respective IP tests that consume these signals. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_lc_ctrl_scanmode |
| desc: '''Verify the connectivity of scanmode to LC ctrl. |
| |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_lc_ctrl_scanmode_reset |
| desc: '''Verify the connectivity of scanmode reset to LC ctrl. |
| |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // SYSRST_CTRL (pre-verified IP) integration tests: |
| { |
| name: chip_sysrst_ctrl_inputs |
| desc: '''Verify that the SYSRST ctrl input pin values can be read. |
| |
| - Drive a known value on ac_reset, ec_rst_l, pwrb and key* pins at the chip IOs. |
| - Read the pin_in_value CSR to check for correctness. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_sysrst_ctrl_outputs |
| desc: '''Verify that the SYSRST ctrl output pin values can be set. |
| |
| - Drive a known value on ac_reset, ec_rst_l, pwrb and key* pins at the chip IO inputs. |
| - Verify that SYSRST ctrl correctly loops them back to the chip IO outputs. |
| - Write the pin_allowed_ctl register to allow some of the pins to be overridden with |
| either 0 or 1 or both. |
| - Write the pin_out_ctl register to enable the override on some of the pins. |
| - Write the pin_out_value register to set known values on those pins. |
| - Verify that at the chip IO outputs, pins on which override should be active is |
| reflecting the overridden values. All others should reflect the values driven on chip |
| inputs. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_sysrst_ctrl_in_irq |
| desc: '''Verify the SYSRST ctrl can detect an input combination to signal an interrupt. |
| |
| - Program a specific combination of transitions on pwrb, key*, ac_present and ec_reset_l |
| pins to trigger an interrupt by writing to key_intr_ctl register. |
| - Program the key_intr_debounce_ctl register to debounce an appropriate time. |
| - Enable the interrupt at SYSRST ctrl as well as at the PLIC. |
| - Glitch the inputs at the chip IOs before stabilizing on the programmed transitions. |
| - SW services the interrupt when triggered, verifies the pin input value and |
| key_intr_status for correctness and clears the interrupt status. |
| - Verify separately, eack key combination sufccessfully generates an interrupt. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_sysrst_ctrl_sleep_gsc_wakeup |
| desc: '''Verify the SYSRST ctrl can wake up the chip from deep sleep. |
| |
| - Read the reset cause register in rstmgr to confirm we are in POR reset phase. |
| - Program one of the com_sel_ctl_* CSRs to choose a set of inputs to be detected as |
| a low power wake up signal. |
| - Program the associated detection timer. |
| - Program the detection outcome CSR's (com_out_ctl) interrupt bit to 1. |
| - Program the pwrmgr to put the chip in deep sleep state and wake up on GSC wake up |
| event. |
| - Issue a WFI to bring the chip in low power state. |
| - After the chip has entered low power mode, set the SYSRST ctrl inputs at the chip IOs |
| to the programmed combination for the duration of the detection timer. |
| - Read the reset cause register to confirm wake up from low power exit phase. |
| - Read the pwrmgr wake up status register to confirm GSC wake up. |
| - Read the pin input value and the combo_intr_status CSRs to verify the correct |
| combination on inputs woke up the chip from sleep. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_sysrst_ctrl_gsc_reset |
| desc: '''Verify the SYSRST ctrl can reset the chip from normal state. |
| |
| - Read the reset cause register in rstmgr to confirm we are in POR reset phase. |
| - Program one of the com_sel_ctl_* CSRs to choose a set of inputs to be detected as |
| the GSC reset signal. |
| - Program the associated detection timer. |
| - Program the detection outcome CSR's (com_out_ctl) GSC reset bit to 1. |
| - After some time, set the SYSRST ctrl inputs at the chip IOs to the programmed |
| combination for the duration of the detection timer. |
| - The pwrmgr will power cycle the chip once it receives the GSC reset input. |
| - Read the reset cause register after boot up to confirm peripheral reset phase. |
| - Read the pwrmgr reset status register to confirm GSC reset. |
| - Read the com_sel_ctl_* CSR in SYSRST ctrl we programmed earlier - it should have been |
| reset. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_sysrst_ctrl_sleep_gsc_reset |
| desc: '''Verify the SYSRST ctrl can reset the chip from deep sleep. |
| |
| - Read the reset cause register in rstmgr to confirm we are in POR reset phase. |
| - Program one of the com_sel_ctl_* CSRs to choose a set of inputs to be detected as |
| the GSC reset signal. |
| - Program the associated detection timer. |
| - Program the detection outcome CSR's (com_out_ctl) GSC reset bit to 1. |
| - Program the pwrmgr to put the chip in deep sleep state and allow it to be reset by GSC |
| reset bit. |
| - Issue a WFI to bring the chip in low power state. |
| - After the chip has entered low power mode, set the SYSRST ctrl inputs at the chip IOs |
| to the programmed combination for the duration of the detection timer. |
| - The pwrmgr will power cycle the chip from the deep sleep state once it receives the |
| GSC reset input. |
| - Read the reset cause register after boot up to confirm peripheral reset phase. |
| - Read the pwrmgr reset status register to confirm GSC reset. |
| - Read the com_sel_ctl_* CSR in SYSRST ctrl we programmed earlier - it should have been |
| reset. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_sysrst_ctrl_z3_wakeup |
| desc: '''Placeholder for new z3 wakeup feature. |
| |
| Details TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // ADC_CTRL (pre-verified IP) integration tests: |
| { |
| name: chip_adc_ctrl_debug_cable_irq |
| desc: '''Verify that the ADC correctly detects the voltage level programmed for each channel. |
| |
| - Program both ADC channels to detect mutually exclusive range of voltages. Setting only |
| one filter CSR is sufficient. |
| - Program the ADC intr ctrl CSR to detect the selected filter on both channels. |
| Enable the debug cable interrupt at ADC ctrl as well as PLIC. |
| - Enable the ADC ctrl to run with defaults in normal mode (depending on simulation |
| runtime). |
| - Verify through assertion checks, the ADC with AST stays powered down periodically in |
| slow scan mode. |
| - After some time, force the ADC output of AST to be a value within the programmed range |
| for each channel. Glitch it out of range for some time before stabilizing to ensure |
| that debouce logic works. |
| - Service the debug cable irq. Read the intr status register to verify that the selected |
| filter caused the interrupt to fire. Read the ADC channel value register to verify the |
| correctness of the detected value that was forced in the AST for each channel. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_adc_ctrl_sleep_debug_cable_wakeup |
| desc: '''Verify that in deep sleep, ADC ctrl can signal the ADC within the AST to power down. |
| |
| - Read the reset cause register in rstmgr to confirm we are in POR reset phase. |
| - Follow the same steps as chip_adc_ctrl_debug_cable_irq, but instead of programming the |
| selected filter to interrupt, program it to wake up the chip from sleep. |
| - Program the pwrmgr to put the chip in deep sleep state and wake up on debug cable |
| detection. |
| - Issue a WFI to bring the chip in low power state. |
| - After some time, force the ADC output of AST to be a value within the programmed |
| filter range. That should cause the pwrmgr to wake up. |
| - Read the reset cause register to confirm wake up from low power exit phase. |
| - Read the pwrmgr wake up status register to confirm wake up was due to debug cable |
| detection. |
| - Read the ADC channel value register to verify the correctness of the detected value |
| that was forced in the AST. |
| - Repeat for both ADC channels. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| /////////////////////////////////////////////////////// |
| // Security Peripherals // |
| // AES, HMAC, KMAC, CSRNG, ENTROPY_SRC, KEYMGR, OTBN // |
| /////////////////////////////////////////////////////// |
| |
| // AES (pre-verified IP) integration tests: |
| { |
| name: chip_aes_enc |
| desc: '''Verify the AES operation. |
| |
| Write a 32-byte key and a 16-byte plain text to the AES registers and trigger the AES |
| computation to start. Wait for the AES operation to complete by polling the status |
| register. Check the digest registers for correctness against the expected digest value. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_aes_entropy |
| desc: '''Verify the AES entropy input used by the internal PRNGs. |
| |
| - Write the initial key share, IV and data in CSRs (known combinations). |
| - Configure the entropy_src to generate entropy in LFSR mode. |
| - Write the PRNG_RESEED bit to reseed the internal state of the PRNG. |
| - Poll the status idle bit to ensure reseed operation is complete. |
| - Trigger the AES operation to run and wait for it to complete. |
| - Check the digest against the expected value. |
| - Write the KEY_IV_DATA_IN_CLEAR and DATA_OUT_CLEAR trigger bits to 1 and wait for it to |
| complete by polling the status idle bit. |
| - Read back the data out CSRs - they should all read garbage values. |
| - Assertion check verifies that the internal states (data_in, key share and IV are also |
| garbage, i.e. different from the originally written values. |
| - Assertion checks proves that all interfaces are connected across AST RNG, ES, CSRNG, |
| EDN and AES. |
| - Predict the generated entropy bits and check against the observed for correctness. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_aes_edn_reset |
| desc: '''Verify that the EDN clock / reset is connected to AES. |
| |
| - Ensure that the PRNG within AES resets when the EDN logic is held in reset. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_aes_lc_escalate_en |
| desc: '''Verify the effect of LC escalate en signal on AES. |
| |
| - Trigger an LC escalatation signal by writing to alert_test CSR (in some other IP). |
| - Trigger an AES operation to run. |
| - When the escalation kicks in, verify that the AES is in the error state. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_aes_idle |
| desc: '''Verify AES idle signaling to clkmgr. |
| |
| - Write the AES clk hint to 1 within clkmgr to indicate AES clk is ready to be gated. |
| Verify that the AES clk hint status within clkmgr reads 0 (AES is idle). |
| - Initiate an AES operation with a known key, plain text and digest. |
| Verify that the AES clk hint status within clkmgr now reads 1 (AES is not idle), |
| before the AES operation is complete. |
| - After the AES operation is complete, verify the digest for correctness. |
| Verify that the AES clk hint status within clkmgr now reads 0 again (AES is idle), |
| after the AES operation is complete. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_aes_sideload |
| desc: '''Verify the AES sideload mechanism. |
| |
| Details TBD, design updates pending. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // HMAC (pre-verified IP) integration tests: |
| { |
| name: chip_hmac_enc |
| desc: '''Verify HMAC operation. |
| |
| SW test verifies an HMAC operation with a known key, plain text and digest (pick one of |
| the NIST vectors). SW test verifies the digest against the pre-computed value. Verify |
| the HMAC done and FIFO empty interrupts as a part of this test. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_hmac_idle |
| desc: '''Verify the HMAC clk idle signal to clkmgr. |
| |
| - Write the HMAC clk hint to 1 within clkmgr to indicate HMAC clk is ready to be gated. |
| Verify that the HMAC clk hint status within clkmgr reads 0 (HMAC is idle). |
| - Initiate an HMAC operation with a known key, plain text and digest. |
| Verify that the HMAC clk hint status within clkmgr now reads 1 (HMAC is not idle), |
| before the HMAC operation is complete. |
| - After the HMAC operation is complete, verify the digest for correctness. |
| Verify that the HMAC clk hint status within clkmgr now reads 0 again (HMAC is idle), |
| after the HMAC operation is complete. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // KMAC pre-verified IP) integration tests: |
| { |
| name: chip_kmac_enc |
| desc: '''Verify the SHA3 operation. |
| |
| SW test verifies SHA3 operation with a known key, plain text and digest (pick one of |
| the NIST vectors). SW validates the reception of kmac done and fifo empty interrupts. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_kmac_app_keymgr |
| desc: '''Verify the keymgr interface to KMAC. |
| |
| - Configure the keymgr to start sending known message data to the KMAC. |
| - Keymgr should transmit a sideloaded key to the KMAC as well. |
| - KMAC should finish hashing successfully (not visible to SW) and return digest to |
| keymgr. |
| - This digest is compared against the known digest value for correctness. |
| - Verify that the keymgr has received valid output from the KMAC. |
| |
| X-ref'ed with keymgr test. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_kmac_app_lc |
| desc: '''Verify the LC interface to KMAC. |
| |
| - Configure the LC_CTRL to start a token hash using KMAC interface. |
| - KMAC should finish hashing successfully (not visible to SW) and return digest to |
| LC_CTRL. |
| |
| X-ref'ed with LC_CTRL test/env. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_kmac_app_rom |
| desc: '''Verify the ROM interface to KMAC. |
| |
| - Backdoor initialize ROM memory immediately out of reset. |
| - ROM will send message to the KMAC containing its memory contents, |
| - KMAC will hash and return the digest to the ROM. |
| - ROM will compare received digest against its first 8 logical memory lines for |
| correctness. |
| |
| X-ref'ed with ROM_CTRL test/env. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_kmac_entropy |
| desc: '''Verify the EDN interface to KMAC. |
| |
| Requires `EnMasking` parameter to be enabled. |
| SW randomly configures the KMAC in any hashing mode/strength, and enable EDN mode. |
| Randomly enable/disable the `entropy_timer`. |
| // TODO - error handling is not complete, do not enable `wait_timer` yet. |
| KMAC should send request to EDN once `CmdStart` is written, and should send out another |
| request to EDN when either: |
| - `entropy_timer` runs down (assuming it is non-zero) |
| - a hash operation is completed, KMAC will refresh its internal entropy state |
| SW verifies that KMAC produces the correct digest value. |
| |
| TODO: This is pending security review discussion. It is unclear if this feature will be |
| implemented. |
| |
| X-ref'ed with EDN test/env. |
| ''' |
| milestone: V3 |
| tests: [] |
| } |
| { |
| name: chip_kmac_edn_reset |
| desc: '''Verify that the EDN clock / reset is connected to KMAC. |
| |
| - Ensure that the `entropy_timer` resets when the EDN logic is held in reset. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_kmac_idle |
| desc: '''Verify the KMAC idle signaling to clkmgr. |
| |
| - Write the KMAC clk hint to 1 within clkmgr to indicate KMAC clk is ready to be gated. |
| Verify that the KMAC clk hint status within clkmgr reads 0 (KMAC is idle). |
| - Initiate an KMAC operation with a known key, plain text and digest. |
| Verify that the KMAC clk hint status within clkmgr now reads 1 (KMAC is not idle), |
| before the KMAC operation is complete. |
| - After the KMAC operation is complete, verify the digest for correctness. |
| Verify that the KMAC clk hint status within clkmgr now reads 0 again (KMAC is idle), |
| after the KMAC operation is complete. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // ENTROPY_SRC (pre-verified IP) integration tests: |
| { |
| name: chip_entropy_src_ast_rng_req |
| desc: '''Verify the RNG req to ast. |
| |
| - Program the entropy src in normal RNG mode. |
| - Route the entropy data received from RNG to the FIFO. |
| - Verify that the FIFO depth is non-zero via SW - indicating the reception of data over |
| the AST RNG interface. |
| - Verify the correctness of the received data with assertion based connectivity checks. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_entropy_src_ast_fips |
| desc: '''Verify the connectivity of rng_fips_o feedback signal to RNG. |
| |
| Details TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_entropy_src_csrng |
| desc: '''Verify the transfer of entropy bits to CSRNG. |
| |
| Verify the entropy valid interrupt. |
| At the CSRNG, validate the reception of entropy req interrupt. |
| Details TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_entropy_src_cs_aes_halt |
| desc: '''Verify the aes halt handshake with CSRNG. |
| |
| Details TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_entropy_src_fuse_en_fw_read |
| desc: '''Verify the fuse input entropy_src. |
| |
| - Initialize the OTP with this fuse bit set to 1. |
| - Perform an entropy request operation. |
| - Read the entropy_data_fifo via SW; verify that it reads valid values. |
| - Reset the chip, but this time, initialize the OTP with this fuse bit set to 0. |
| - Perform an entropy request operation. |
| - Read the internal state via SW; verify that it reads all zeros this time. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // CSRNG tests: |
| { |
| name: chip_csrng_edn_cmd |
| desc: '''Verify incoming command interface from EDN. |
| |
| - Have each EDN instance issue an instantiate command to CSRNG. |
| - When done, verify the reception of cmd req done interrupt. |
| - Check the data returned to EDN via connectivity assertion checks. |
| - TODO: explore the ability to generate predictable data and verify the received value. |
| Details TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_csrng_fuse_en_sw_app_read |
| desc: '''Verify the fuse input to CSRNG. |
| |
| - Initialize the OTP with this fuse bit set to 1. |
| - Issue an instantiate command to request entropy. |
| - Verify that SW can read the internal states. |
| - Reset the chip and repeat the steps above, but this time, with OTP fuse bit set to 0. |
| - Verify that the SW reads back all zeros when reading the internal states. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_csrng_lc_hw_debug_en |
| desc: '''Verify the effect of LC HW debug enable on CSRNG. |
| |
| TODO: This is pending SCA security review and might be removed. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // EDN (pre-verified IP) integration tests: |
| { |
| name: chip_edn_entropy_reqs |
| desc: '''Verify the entropy requests from all peripherals. |
| |
| Verify that there are no misconnects between each peripheral requesting entropy. |
| TODO: system level scenario: have all entropy sources request entropy in the same test |
| one after to show boot to post boot load, cycling all entropy blocks off and on again. |
| Ensure there are no deadlocks and everything works as expected. |
| X'ref'ed with each IP test that requsts entropy from EDN. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // KEYMGR (pre-verified IP) integration tests: |
| |
| // OTBN (pre-verified IP) integration tests: |
| { |
| name: chip_otbn_op |
| desc: '''Verify an OTBN operation. |
| |
| SW test directs the BIGNUM engine to perform an operation. The BIGNUM SW image is |
| backdoor loaded into OTBN IMEM. SW validates the reception of the otbn done interrupt. |
| SW also verifies the correctness of the OTBN operation using a reference model. Details |
| TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_otbn_imem_uncorrectable_alert |
| desc: '''Verify the imem uncorrectable alert from OTBN. |
| |
| Inject 2 bit errors within the IMEM SRAM inside OTBN via backdoor and ensure that this |
| alert propagates to an NMI. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_otbn_dmem_uncorrectable_alert |
| desc: '''Verify the dmem uncorrectable alert from OTBN. |
| |
| Inject 2 bit errors within the DMEM SRAM inside OTBN via backdoor and ensure that this |
| alert propagates to an NMI. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_otbn_reg_uncorrectable_alert |
| desc: '''Verify the reg uncorrectable alert from OTBN. |
| |
| Details TBD. Ensure that this alert propagates to an NMI. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_otbn_mem_encr |
| desc: '''Verify the encryption of the mem within OTBN using the key provided by the OTP. |
| |
| Details TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_otbn_idle |
| desc: '''Verify the OTBN idle signal to clkmgr. |
| |
| - Write the OTBN clk hint to 1 within clkmgr to indicate OTBN clk is ready to be gated. |
| Verify that the OTBN clk hint status within clkmgr reads 0 (OTBN is idle). |
| - Initiate an OTBN operation with a known key, plain text and digest. |
| Verify that the OTBN clk hint status within clkmgr now reads 1 (OTBN is not idle), |
| before the OTBN operation is complete. |
| - After the OTBN operation is complete, verify the digest for correctness. |
| Verify that the OTBN clk hint status within clkmgr now reads 0 again (OTBN is idle), |
| after the OTBN operation is complete. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| ///////////////////////////////////////////////////// |
| // Memory & Controllers // |
| // ROM_CTRL, RAM, FLASH, FLASH_CTRL, OTP, OTP_CTRL // |
| ///////////////////////////////////////////////////// |
| |
| // ROM_CTRL (pre-verified IP) integration tests: |
| { |
| name: chip_rom_access |
| desc: '''Verify that the CPU can access the rom contents. |
| |
| - Verify that the CPU can fetch instructions from the ROM. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_rom_ctrl_ast_cfg |
| desc: '''Verify the connectivity of AST cfg signals to the ROM ctrl. |
| |
| - In open source, this is verified by a simple connectivity assertion check. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_rom_ctrl_integrity_check |
| desc: '''Verify that the ROM ctrl performs the integrity check of the ROM on power up. |
| |
| - In non-PROD LC state, the computed digest does not have to match the top 8 words in |
| the ROM. Verify that we can successfully power up the chip in this case. |
| - In PROD LC state, verify that the pwrmgr does not fully power up if the computed |
| digest does not match the top 8 words of the ROM. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_rom_ctrl_reset_glitch |
| desc: '''Verify that a glitch on the ROM ctrl's reset input is triggered as a fatal alert. |
| |
| - In normal boot up from POR, the ROM contents are checked for validity using KMAC. |
| - After boot up, read the reset cause register in rstmgr to confirm POR reset phase. |
| - SW goes into idle state (nothing to do). |
| - The testbench randomly glitches the ROM ctrl's reset input, which causes ROM ctrl to |
| re-check the contents for validity. |
| - Verify that the KMAC detects the repeat presentation of data from ROM ctrl as a fatal |
| alert and the chip is rebooted via the alert escalation path. |
| - After boot up, read the reset cause register in rstmgr to confirm reset due to alert |
| phase. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // SRAM (pre-verified IP) integration tests: |
| { |
| name: chip_sram_scrambled_access |
| desc: '''Verify scrambled memory accesses to both main and retention SRAMs. |
| |
| - Trigger both SRAMs to fetch a new key and nonce from the OTP_CTRL |
| - Drive the CPU to perform random accesses to both RAMs and verify these operations |
| complete successfully by using the backdoor interface |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_sleep_sram_ret_contents |
| desc: '''Verify that the data within the retention SRAM survives low power entry-exit. |
| |
| Ensure that the data within the retention SRAM survives ALL low power entry-exit |
| variations. |
| |
| TODO: how to deal with the scramble keys on low power exit? |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_sram_execution |
| desc: '''Verify that CPU can fetch data from both SRAMs when in executable mode. |
| |
| - Load instruction data into the SRAMs. |
| - Configure main/ret SRAMs to allow instruction execution. |
| - Have the CPU fetch the instruction data from the SRAMs and verify that SW can finish |
| the test successfully. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_sram_lc_escalation |
| desc: '''Verify the LC escalation path to the SRAMs. |
| |
| - Configure the LC_CTRL to trigger an escalation request to the SRAMs. |
| - Verify that the SRAMs stop accepting and responding to new memory requests. |
| - Reset the system to exit the terminal escalation state. |
| - Re-initialize the SRAMs and verify that they can now respond correctly to |
| any further memory requests. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // OTP (pre-verified IP) integration tests: |
| { |
| name: chip_otp_ctrl_init |
| desc: '''Verify the OTP ctrl initialization on chip power up. |
| |
| Verify that the chip powers up correctly on POR. |
| - The pwrmgr initiates a handshake with OTP ctrl and later, with LC ctrl in subsequent |
| FSM states. Ensure that the whole power up sequence does not hang. |
| - Verify with connectivity assertion checks, the handshake signals are connected. |
| - Ensure that no interrupts or alerts are triggered. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_otp_ctrl_keys |
| desc: '''Verify the proliferation of keys to security peripherals. |
| |
| - Verify the correctness of keys provided to SRAM ctrl (main & ret), flash ctrl, keymgr, |
| (note that keymgr does not have handshake), and OTBN. |
| |
| X-ref'ed with IP tests that consume these signals. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_otp_ctrl_entropy |
| desc: '''Verify the entropy interface from OTP ctrl to EDN. |
| |
| This is X-ref'ed with the chip_otp_ctrl_keys test, which needs to handshake with the EDN |
| to receive some entropy bits before the keys for SRAM ctrl and OTBN are computed. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_otp_ctrl_edn_reset |
| desc: '''Verify the effect of putting the EDN domain in reset on OTP ctrl. |
| |
| Verify that the computed nonce for SRAM is reset? |
| Verify all entropy data used for various things are reset. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_otp_ctrl_program |
| desc: '''Verify the program request from lc_ctrl. |
| |
| - Verify that upon an LC state transition request, LC ctrl signals the OTP ctrl with a |
| program request. |
| - Verify that the OTP ctrl generates the LC data output correctly and is sent to the LC |
| ctrl before it is reset. |
| - Verify that the `lc_check_byp_en_i` from LC ctrl is set. |
| - Ensure that the whole operation does not raise any interrupts or alerts or errors. |
| - After reset, verify that the LC state transition completed successfully by reading the |
| LC state and LC count CSRs. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_otp_ctrl_program_error |
| desc: '''Verify the otp program error. |
| |
| - Initiate an illegal program request from LC ctrl to OTP ctrl (example: issue program |
| request when the lc_cnt is at max value). |
| - Verify that the LC ctrl triggers an alert when the OTP ctrl responds back with a |
| program error. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_otp_ctrl_hw_cfg |
| desc: '''Verify the correctness of otp_hw_cfg bus in all peripherals that receive it. |
| |
| Preload the OTP ctrl's `hw_cfg` partition with random data and verify that all |
| consumers of the hardware configuration bits are receiving the correct values. |
| |
| Xref'ed with corresponding IP tests that receive these bits. |
| ''' |
| milestone: V2 |
| tests: ["chip_sw_lc_ctrl_otp_hw_cfg"] |
| } |
| { |
| name: chip_otp_ctrl_lc_signals |
| desc: '''Verify the broadcast signals from LC ctrl. |
| |
| - `lc_escalate_en_i`: read the error code CSR and verify that it reflects an FSM error |
| state due to the escalation signal triggering. |
| - `lc_creator_seed_sw_rw_en_i`: verify that the secret2 partition is locked. |
| - `lc_seed_hw_rd_en_i`: verify that the keymgr outputs a default value when enabled. |
| - `lc_dft_en_i`: verify that the test interface within OTP ctrl is accessible. |
| - `lc_check_byp_en_i`: verify that the background check during LC ctrl state |
| programming passes when enabled. |
| |
| `X-ref'ed with chip_otp_ctrl_program. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_otp_ctrl_ast |
| desc: '''Verify the power sequencing signals to AST, as well as the alert. |
| |
| Details TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_otp_ctrl_external_voltage |
| desc: '''Verify the connectivity of the external voltage signal to OTP ctrl. |
| |
| Details TBD. |
| TODO; This signal is not connected in the design yet. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_otp_ctrl_scan |
| desc: '''Verify the connectivity of the scan signals to OTP ctrl. |
| |
| Details TBD. |
| TODO; This signal is not connected in the design yet. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // FLASH (pre-verified IP) integration tests: |
| { |
| name: chip_flash_host_access |
| desc: '''Verify access to the flash mem. |
| |
| Verify that the CPU can read the flash mem contents. |
| ''' |
| milestone: V2 |
| tests: ["chip_sw_flash_ctrl_access"] |
| } |
| { |
| name: chip_flash_ctrl_ops |
| desc: '''Verify flash ctrl ops. |
| |
| Verify that the CPU can read / program and erase the flash mem. Pick an operation on |
| both data and info partitions. Erase both, bank and page. SW validates the reception of |
| prog empty, prog level, rd full, rd level and op done interrupts. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_flash_ctrl_scramble |
| desc: '''Verify flash scrambling via the controller. |
| |
| Verify that the CPU can program and read back data via the flash ctrl with scrambling |
| enabled. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_flash_scramble |
| desc: '''Verify flash scrambling via the host interface. |
| |
| Verify that the CPU read data from the flash with scrambling enabled. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_flash_ast_pwr_dwn |
| desc: '''Verify that power down signaling from AST to flash. |
| |
| Details TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_flash_test_mode |
| desc: '''Verify that flash test mode and flash volt signaling from chip IOs. |
| |
| Details TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| //////////////////////// |
| // Analog Peripherals // |
| // AST, SENSOR_CTRL // |
| //////////////////////// |
| |
| // AST (pre-verified IP) integration tests: |
| { |
| name: chip_ast_clk_outputs |
| desc: '''Verify that the AST generates the 4 clocks when requested by the clkmgr. |
| |
| Verify the clock frequencies are reasonably accurate. Verify that when the clkmgr |
| deasserts the enable (on account of low power entry), the clocks are turned off. Verify |
| that when turned on (low power exit), the clocks are glitch free. |
| |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_ast_clk_rst_inputs |
| desc: '''Verify the clk and rst inputs to AST (from `clkmgr`). |
| |
| Details TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_ast_sys_clk_jitter |
| desc: '''Verify that the AST sys clk jitter control. |
| |
| Details TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_ast_usb_clk_calib |
| desc: '''Verify the USB clk calibration signaling. |
| |
| Details TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_ast_alerts |
| desc: '''Verify the alerts from AST aggregating into the sensor_ctrl. |
| |
| X-ref'ed with `chip_sensor_ctrl_ast_alerts`. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| // SENSOR_CTRL tests: |
| { |
| name: chip_sensor_ctrl_ast_alerts |
| desc: '''Verify the alerts from AST aggregating into the sensor_ctrl. |
| |
| Details TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_sensor_ctrl_ast_status |
| desc: '''Verify the io power ok status from AST. |
| |
| Details TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| |
| //////////////////////////// |
| // System level scenarios // |
| //////////////////////////// |
| |
| { |
| name: chip_sw_dif_smoketest |
| desc: '''Run smoke tests developed for each DIF. |
| |
| The DIF smoke tests are developed by the SW team to test each block's DIF |
| implementation. We need to ensure that they work in DV as well. |
| ''' |
| milestone: V2 |
| tests: ["chip_dif_aes_smoketest", |
| "chip_dif_aon_timer_smoketest", |
| "chip_dif_clkmgr_smoketest", |
| // TODO(lowrisc/opentitan#7505): Debug CSRNG generate bits mismatch. |
| // "chip_dif_csrng_smoketest", |
| "chip_dif_entropy_smoketest", |
| "chip_dif_gpio_smoketest", |
| "chip_dif_hmac_smoketest", |
| "chip_dif_kmac_smoketest", |
| "chip_dif_kmac_cshake_smoketest", |
| "chip_dif_otbn_smoketest", |
| "chip_dif_otp_ctrl_smoketest", |
| "chip_dif_plic_smoketest", |
| "chip_dif_pwrmgr_smoketest", |
| "chip_dif_rv_timer_smoketest", |
| "chip_dif_rstmgr_smoketest", |
| "chip_dif_uart_smoketest", |
| ] |
| } |
| { |
| name: chip_coremark |
| desc: '''Run the coremark benchmark on the full chip.''' |
| milestone: V2 |
| tests: ["chip_sw_coremark"] |
| } |
| { |
| name: chip_sw_boot |
| desc: '''Verify the full flash image download with bootstrap signal set. |
| |
| Details TBD. |
| ''' |
| milestone: V2 |
| tests: ["chip_sw_uart_tx_rx_bootstrap"] |
| } |
| { |
| name: chip_secure_boot |
| desc: '''Verify the secure boot flow. |
| |
| Details TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_prod_os |
| desc: '''Run the OpenTitan TockOS that will be deployed in production. |
| |
| Run the TockOS image in DV. The advantage of doing so is running Tock with the full |
| suite of design assertions and other checks in place in the DV environment. |
| ''' |
| milestone: V2 |
| tests: ["chip_sw_opentitan_tock"] |
| } |
| { |
| name: chip_lc_walkthrough |
| desc: '''Walk through the life cycle stages reseting the chip each time. |
| |
| Verify that the features that should indeed be disabled are indeed disabled. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_device_ownership |
| desc: '''Walk through device ownership stages and flows. |
| |
| Details TBD. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| { |
| name: chip_sram_nmi_wipe |
| desc: '''Verify SRAM behavior during an NMI escalation. |
| |
| - Trigger an NMI through the alert handler path to cause a system shutdown. |
| - SW should trigger a memory "initialization", fully randomizing RAM contents |
| and initiating another key request. |
| - Verify that the RAMs are "wiped" once this operation completes. |
| ''' |
| milestone: V2 |
| tests: [] |
| } |
| ] |
| } |
