Module Definition
dashboard | hierarchy | modlist | groups | tests | asserts

Module : keymgr_ctrl
SCORELINECONDTOGGLEFSMBRANCHASSERT
99.62 100.00 98.11 100.00 100.00 100.00

Source File(s) :
/workspaces/repo/scratch/os_regression_2024_09_10/keymgr-sim-vcs/default/sim-vcs/../src/lowrisc_ip_keymgr_0.1/rtl/keymgr_ctrl.sv

Module self-instances :
NAMESCORELINECONDTOGGLEFSMBRANCHASSERT
tb.dut.u_ctrl 99.62 100.00 98.11 100.00 100.00 100.00



Module Instance : tb.dut.u_ctrl

Instance :
SCORELINECONDTOGGLEFSMBRANCHASSERT
99.62 100.00 98.11 100.00 100.00 100.00


Instance's subtree :
SCORELINECONDTOGGLEFSMBRANCHASSERT
98.00 99.71 95.29 94.33 100.00 98.65 100.00


Parent :
SCORELINECONDTOGGLEFSMBRANCHASSERTNAME
98.05 96.00 98.36 99.96 95.92 100.00 dut


Subtrees :
NAMESCORELINECONDTOGGLEFSMBRANCHASSERT
gen_ecc_loop_cdi[0].gen_ecc_loop_shares[0].gen_ecc_loop_words[0].u_dec 93.15 93.15
gen_ecc_loop_cdi[0].gen_ecc_loop_shares[0].gen_ecc_loop_words[1].u_dec 93.15 93.15
gen_ecc_loop_cdi[0].gen_ecc_loop_shares[0].gen_ecc_loop_words[2].u_dec 93.15 93.15
gen_ecc_loop_cdi[0].gen_ecc_loop_shares[0].gen_ecc_loop_words[3].u_dec 97.26 97.26
gen_ecc_loop_cdi[0].gen_ecc_loop_shares[1].gen_ecc_loop_words[0].u_dec 95.89 95.89
gen_ecc_loop_cdi[0].gen_ecc_loop_shares[1].gen_ecc_loop_words[1].u_dec 93.15 93.15
gen_ecc_loop_cdi[0].gen_ecc_loop_shares[1].gen_ecc_loop_words[2].u_dec 95.89 95.89
gen_ecc_loop_cdi[0].gen_ecc_loop_shares[1].gen_ecc_loop_words[3].u_dec 93.15 93.15
gen_ecc_loop_cdi[1].gen_ecc_loop_shares[0].gen_ecc_loop_words[0].u_dec 93.15 93.15
gen_ecc_loop_cdi[1].gen_ecc_loop_shares[0].gen_ecc_loop_words[1].u_dec 93.15 93.15
gen_ecc_loop_cdi[1].gen_ecc_loop_shares[0].gen_ecc_loop_words[2].u_dec 93.15 93.15
gen_ecc_loop_cdi[1].gen_ecc_loop_shares[0].gen_ecc_loop_words[3].u_dec 93.15 93.15
gen_ecc_loop_cdi[1].gen_ecc_loop_shares[1].gen_ecc_loop_words[0].u_dec 97.26 97.26
gen_ecc_loop_cdi[1].gen_ecc_loop_shares[1].gen_ecc_loop_words[1].u_dec 97.95 97.95
gen_ecc_loop_cdi[1].gen_ecc_loop_shares[1].gen_ecc_loop_words[2].u_dec 93.15 93.15
gen_ecc_loop_cdi[1].gen_ecc_loop_shares[1].gen_ecc_loop_words[3].u_dec 93.15 93.15
u_cnt 100.00 100.00
u_data_en 84.15 97.44 33.33 100.00 90.00 100.00
u_err 94.81 100.00 84.44 100.00
u_hw_sel 100.00 100.00 100.00 100.00
u_key_valid_sync 100.00 100.00 100.00
u_op_state 100.00 100.00 100.00 100.00 100.00 100.00
u_state_regs 100.00 100.00 100.00 100.00


Since this is the module's only instance, the coverage report is the same as for the module.
Line Coverage for Module : keymgr_ctrl
Line No.TotalCoveredPercent
TOTAL194194100.00
CONT_ASSIGN15011100.00
CONT_ASSIGN15111100.00
CONT_ASSIGN15211100.00
CONT_ASSIGN15311100.00
CONT_ASSIGN15511100.00
CONT_ASSIGN16511100.00
CONT_ASSIGN16611100.00
CONT_ASSIGN16911100.00
CONT_ASSIGN18511100.00
CONT_ASSIGN18611100.00
CONT_ASSIGN18711100.00
CONT_ASSIGN18811100.00
CONT_ASSIGN20211100.00
CONT_ASSIGN20711100.00
CONT_ASSIGN21311100.00
CONT_ASSIGN21511100.00
CONT_ASSIGN23011100.00
CONT_ASSIGN24311100.00
ALWAYS24833100.00
CONT_ASSIGN25511100.00
ALWAYS26133100.00
ALWAYS26433100.00
CONT_ASSIGN27511100.00
CONT_ASSIGN27711100.00
CONT_ASSIGN28111100.00
CONT_ASSIGN28111100.00
CONT_ASSIGN28811100.00
ALWAYS29077100.00
CONT_ASSIGN31611100.00
CONT_ASSIGN31611100.00
CONT_ASSIGN31611100.00
CONT_ASSIGN31611100.00
CONT_ASSIGN31611100.00
CONT_ASSIGN31611100.00
CONT_ASSIGN31611100.00
CONT_ASSIGN31611100.00
CONT_ASSIGN31611100.00
CONT_ASSIGN31611100.00
CONT_ASSIGN31611100.00
CONT_ASSIGN31611100.00
CONT_ASSIGN31611100.00
CONT_ASSIGN31611100.00
CONT_ASSIGN31611100.00
CONT_ASSIGN31611100.00
CONT_ASSIGN32311100.00
CONT_ASSIGN34611100.00
ALWAYS3492121100.00
CONT_ASSIGN43311100.00
CONT_ASSIGN44411100.00
CONT_ASSIGN44511100.00
CONT_ASSIGN45111100.00
ALWAYS4557979100.00
ALWAYS68144100.00
ALWAYS6891212100.00
ALWAYS72555100.00
CONT_ASSIGN76311100.00
CONT_ASSIGN76911100.00
CONT_ASSIGN80011100.00
ALWAYS80833100.00
CONT_ASSIGN81811100.00
ROUTINE86511100.00
ALWAYS90733100.00

149 logic adv_op, dis_op, gen_id_op, gen_sw_op, gen_hw_op, gen_op; 150 1/1 assign adv_op = (op_i == OpAdvance); Tests: T1 T2 T3  151 1/1 assign gen_id_op = (op_i == OpGenId); Tests: T1 T2 T3  152 1/1 assign gen_sw_op = (op_i == OpGenSwOut); Tests: T1 T2 T3  153 1/1 assign gen_hw_op = (op_i == OpGenHwOut); Tests: T1 T2 T3  154 assign dis_op = ~(op_i inside {OpAdvance, OpGenId, OpGenSwOut, OpGenHwOut}); 155 1/1 assign gen_op = (gen_id_op | gen_sw_op | gen_hw_op); Tests: T1 T2 T3  156 157 /////////////////////////// 158 // interaction between software and main fsm 159 /////////////////////////// 160 // disable is treated like an advanced call 161 logic advance_sel; 162 logic disable_sel; 163 logic gen_out_hw_sel; 164 165 1/1 assign advance_sel = op_start_i & adv_op & en_i; Tests: T1 T2 T3  166 1/1 assign gen_out_hw_sel = op_start_i & gen_hw_op & en_i; Tests: T1 T2 T3  167 168 // disable is selected whenever a normal operation is not set 169 1/1 assign disable_sel = (op_start_i & dis_op) | !en_i; Tests: T1 T2 T3  170 171 172 /////////////////////////// 173 // interaction between main control fsm and operation fsm 174 /////////////////////////// 175 176 // req/ack interface with op handling fsm 177 logic op_req; 178 logic op_ack; 179 logic op_update; 180 logic op_busy; 181 logic disabled; 182 logic invalid; 183 184 logic adv_req, dis_req, id_req, gen_req; 185 1/1 assign adv_req = op_req & adv_op; Tests: T1 T2 T3  186 1/1 assign dis_req = op_req & dis_op; Tests: T1 T2 T3  187 1/1 assign id_req = op_req & gen_id_op; Tests: T1 T2 T3  188 1/1 assign gen_req = op_req & (gen_sw_op | gen_hw_op); Tests: T1 T2 T3  189 190 /////////////////////////// 191 // interaction between operation fsm and software 192 /////////////////////////// 193 // categories of keymgr errors 194 logic [SyncErrLastIdx-1:0] sync_err; 195 logic [SyncFaultLastIdx-1:0] sync_fault; 196 logic [AsyncFaultLastIdx-1:0] async_fault; 197 198 logic op_err; 199 logic op_fault_err; 200 201 // unlock sw binding configuration whenever an advance call is made without errors 202 1/1 assign sw_binding_unlock_o = adv_req & op_ack & ~(op_err | op_fault_err); Tests: T1 T2 T3  203 204 // error definition 205 // check incoming kmac data validity 206 // Only check during the periods when there is actual kmac output 207 1/1 assign invalid_kmac_out = (op_update | op_ack) & Tests: T1 T2 T3  208 (~valid_data_chk(kmac_data_i[0]) | 209 (~valid_data_chk(kmac_data_i[1]) & KmacEnMasking)); 210 211 // async errors have nothing to do with the operation and thus should not 212 // impact operation results. 213 1/1 assign op_err = |sync_err; Tests: T1 T2 T3  214 215 1/1 assign op_fault_err = |{sync_fault, async_fault}; Tests: T1 T2 T3  216 217 /////////////////////////// 218 // key update controls 219 /////////////////////////// 220 221 // update select can come from both main and operation fsm's 222 keymgr_key_update_e update_sel, op_update_sel; 223 224 // req from main control fsm to key update controls 225 logic wipe_req; 226 logic random_req; 227 logic random_ack; 228 229 // wipe and initialize take precedence 230 1/1 assign update_sel = wipe_req ? KeyUpdateWipe : Tests: T1 T2 T3  231 random_req ? KeyUpdateRandom : 232 init_o ? KeyUpdateRoot : op_update_sel; 233 234 /////////////////////////// 235 // interaction between main fsm and prng 236 /////////////////////////// 237 238 // Upon entering StCtrlDisabled or StCtrlInvalid, the PRNG is kept advancing until it has been 239 // reseeded twice (through the reseeding mechansism inside keymgr_reseed_ctrl.sv). 240 logic [1:0] prng_en_dis_inv_d, prng_en_dis_inv_q; 241 logic prng_en_dis_inv_set; 242 243 1/1 assign prng_en_dis_inv_d = Tests: T1 T2 T3  244 prng_en_dis_inv_set ? 2'b11 : 245 prng_reseed_done_i ? {1'b0, prng_en_dis_inv_q[1]} : prng_en_dis_inv_q; 246 247 always_ff @(posedge clk_i or negedge rst_ni) begin 248 1/1 if (!rst_ni) begin Tests: T1 T2 T3  249 1/1 prng_en_dis_inv_q <= '0; Tests: T1 T2 T3  250 end else begin 251 1/1 prng_en_dis_inv_q <= prng_en_dis_inv_d; Tests: T1 T2 T3  252 end 253 end 254 255 1/1 assign prng_en_o = random_req | wipe_req | prng_en_dis_inv_q[0]; Tests: T1 T2 T3  256 257 ////////////////////////// 258 // Main Control FSM 259 ////////////////////////// 260 // SEC_CM: CTRL.FSM.SPARSE 261 3/3 `PRIM_FLOP_SPARSE_FSM(u_state_regs, state_d, state_q, state_e, StCtrlReset) Tests: T1 T2 T3  | T1 T2 T3  | T1 T2 T3 
PRIM_FLOP_SPARSE_FSM(u_state_regs, state_d, state_q, state_e, StCtrlReset): 261.1 `ifdef SIMULATION 261.2 prim_sparse_fsm_flop #( 261.3 .StateEnumT(state_e), 261.4 .Width($bits(state_e)), 261.5 .ResetValue($bits(state_e)'(StCtrlReset)), 261.6 .EnableAlertTriggerSVA(1), 261.7 .CustomForceName("state_q") 261.8 ) u_state_regs ( 261.9 .clk_i ( clk_i ), 261.10 .rst_ni ( rst_ni ), 261.11 .state_i ( state_d ), 261.12 .state_o ( ) 261.13 ); 261.14 always_ff @(posedge clk_i or negedge rst_ni) begin 261.15 1/1 if (!rst_ni) begin Tests: T1 T2 T3  261.16 1/1 state_q <= StCtrlReset; Tests: T1 T2 T3  261.17 end else begin 261.18 1/1 state_q <= state_d; Tests: T1 T2 T3  261.19 end 261.20 end 261.21 u_state_regs_A: assert property (@(posedge clk_i) disable iff ((!rst_ni) !== '0) (state_q === u_state_regs.state_o)) 261.22 else begin 261.23 `ifdef UVM 261.24 uvm_pkg::uvm_report_error("ASSERT FAILED", "u_state_regs_A", uvm_pkg::UVM_NONE, 261.25 "../src/lowrisc_ip_keymgr_0.1/rtl/keymgr_ctrl.sv", 261, "", 1); 261.26 `else 261.27 $error("%0t: (%0s:%0d) [%m] [ASSERT FAILED] %0s", $time, `__FILE__, `__LINE__, 261.28 `PRIM_STRINGIFY(u_state_regs_A)); 261.29 `endif 261.30 end 261.31 `else 261.32 prim_sparse_fsm_flop #( 261.33 .StateEnumT(state_e), 261.34 .Width($bits(state_e)), 261.35 .ResetValue($bits(state_e)'(StCtrlReset)), 261.36 .EnableAlertTriggerSVA(1) 261.37 ) u_state_regs ( 261.38 .clk_i ( `PRIM_FLOP_CLK ), 261.39 .rst_ni ( `PRIM_FLOP_RST ), 261.40 .state_i ( state_d ), 261.41 .state_o ( state_q ) 261.42 ); 261.43 `endif262 263 always_ff @(posedge clk_i or negedge rst_ni) begin 264 1/1 if (!rst_ni) begin Tests: T1 T2 T3  265 1/1 state_intg_err_q <= '0; Tests: T1 T2 T3  266 end else begin 267 1/1 state_intg_err_q <= state_intg_err_d; Tests: T1 T2 T3  268 end 269 end 270 271 // prevents unknowns from reaching the outside world. 272 // - whatever operation causes the input data select to be disabled should not expose the key 273 // state. 274 // - when there are no operations, the key state also should be exposed. 275 1/1 assign key_o.valid = op_req; Tests: T1 T2 T3  276 277 1/1 assign cdi_sel_o = advance_sel ? cdi_cnt : op_cdi_sel_i; Tests: T1 T2 T3  278 279 assign invalid_stage_sel_o = ~(stage_sel_o inside {Creator, OwnerInt, Owner}); 280 for (genvar i = 0; i < Shares; i++) begin : gen_key_out_assign 281 2/2 assign key_o.key[i] = invalid_stage_sel_o ? Tests: T1 T2 T3  | T1 T2 T3  282 {EntropyRounds{entropy_i[i]}} : 283 key_state_q[cdi_sel_o][i]; 284 end 285 286 287 //SEC_CM: CTRL.KEY.INTEGRITY 288 1/1 assign key_state_ecc_words_d = key_state_d; Tests: T1 T2 T3  289 always_ff @(posedge clk_i or negedge rst_ni) begin 290 1/1 if (!rst_ni) begin Tests: T1 T2 T3  291 1/1 key_state_q <= '0; Tests: T1 T2 T3  292 1/1 key_state_ecc_q <= {TotalEccWords{prim_secded_pkg::SecdedInv7264ZeroEcc}}; Tests: T1 T2 T3  293 end else begin 294 1/1 for (int i = 0; i < CDIs; i++) begin Tests: T1 T2 T3  295 1/1 for (int j = 0; j < Shares; j++) begin Tests: T1 T2 T3  296 1/1 for (int k = 0; k < EccWords; k++) begin Tests: T1 T2 T3  297 1/1 {key_state_ecc_q[i][j][k], key_state_q[i][j][k]} <= Tests: T1 T2 T3  298 prim_secded_pkg::prim_secded_inv_72_64_enc(key_state_ecc_words_d[i][j][k]); 299 end 300 end 301 end 302 end 303 end 304 305 logic [CDIs-1:0][Shares-1:0][EccWords-1:0] ecc_errs; 306 for (genvar i = 0; i < CDIs; i++) begin : gen_ecc_loop_cdi 307 for (genvar j = 0; j < Shares; j++) begin : gen_ecc_loop_shares 308 for (genvar k = 0; k < EccWords; k++) begin : gen_ecc_loop_words 309 logic [1:0] errs; 310 prim_secded_inv_72_64_dec u_dec ( 311 .data_i({key_state_ecc_q[i][j][k], key_state_q[i][j][k]}), 312 .data_o(), 313 .syndrome_o(), 314 .err_o(errs) 315 ); 316 16/16 assign ecc_errs[i][j][k] = |errs; Tests: T1 T2 T3  | T1 T2 T3  | T1 T2 T3  | T1 T2 T3  | T1 T2 T3  | T1 T2 T3  | T1 T2 T3  | T1 T2 T3  | T1 T2 T3  | T1 T2 T3  | T1 T2 T3  | T1 T2 T3  | T1 T2 T3  | T1 T2 T3  | T1 T2 T3  | T1 T2 T3  317 end 318 end 319 end 320 321 // These are consumed one level above in keymgr.sv 322 logic unused_otp_sigs; 323 1/1 assign unused_otp_sigs = ^{root_key_i.creator_seed, Tests: T1 T2 T3  324 root_key_i.creator_seed_valid, 325 root_key_i.owner_seed, 326 root_key_i.owner_seed_valid}; 327 328 // root key valid sync 329 logic root_key_valid_q; 330 331 prim_flop_2sync # ( 332 .Width(1) 333 ) u_key_valid_sync ( 334 .clk_i, 335 .rst_ni, 336 // Both valid signals are flopped in OTP_CTRL, and they only ever transition from 0 -> 1. 337 // It is hence ok to AND them here before the synchronizer, since we don't expect this 338 // to create glitches. 339 .d_i(root_key_i.creator_root_key_share0_valid && 340 root_key_i.creator_root_key_share1_valid), 341 .q_o(root_key_valid_q) 342 ); 343 344 // Do not let the count toggle unless an advance operation is 345 // selected 346 1/1 assign cdi_cnt = op_req ? cnt[CdiWidth-1:0] : '0; Tests: T1 T2 T3  347 348 always_comb begin 349 1/1 key_state_d = key_state_q; Tests: T1 T2 T3  350 1/1 data_valid_o = 1'b0; Tests: T1 T2 T3  351 1/1 wipe_key_o = 1'b0; Tests: T1 T2 T3  352 353 // if a wipe request arrives, immediately destroy the 354 // keys regardless of current state 355 1/1 unique case (update_sel) Tests: T1 T2 T3  356 KeyUpdateRandom: begin 357 1/1 for (int i = 0; i < CDIs; i++) begin Tests: T1 T2 T3  358 1/1 for (int j = 0; j < Shares; j++) begin Tests: T1 T2 T3  359 // Load each share with the same randomness so we can 360 // later simply XOR root key on them 361 1/1 key_state_d[i][j][cnt[EntropyRndWidth-1:0]] = entropy_i[i]; Tests: T1 T2 T3  362 end 363 end 364 end 365 366 KeyUpdateRoot: begin 367 1/1 if (root_key_valid_q) begin Tests: T1 T2 T3  368 1/1 for (int i = 0; i < CDIs; i++) begin Tests: T1 T2 T3  369 1/1 if (KmacEnMasking) begin : gen_two_share_key Tests: T1 T2 T3  370 1/1 key_state_d[i][0] ^= root_key_i.creator_root_key_share0; Tests: T1 T2 T3  371 1/1 key_state_d[i][1] ^= root_key_i.creator_root_key_share1; Tests: T1 T2 T3  372 end else begin : gen_one_share_key 373 unreachable key_state_d[i][0] = root_key_i.creator_root_key_share0 ^ 374 root_key_i.creator_root_key_share1; 375 unreachable key_state_d[i][1] = '0; 376 end 377 end 378 end else begin 379 // if root key is not valid, load and invalid value 380 1/1 for (int i = 0; i < CDIs; i++) begin Tests: T17 T35 T134  381 1/1 key_state_d[i][0] = '0; Tests: T17 T35 T134  382 1/1 key_state_d[i][1] = '{default: '1}; Tests: T17 T35 T134  383 end 384 end 385 end 386 387 KeyUpdateKmac: begin 388 1/1 data_valid_o = gen_op; Tests: T1 T2 T3  389 1/1 key_state_d[cdi_sel_o] = (adv_op || dis_op) ? kmac_data_i : key_state_q[cdi_sel_o]; Tests: T1 T2 T3  390 end 391 392 KeyUpdateWipe: begin 393 1/1 wipe_key_o = 1'b1; Tests: T15 T17 T35  394 1/1 for (int i = 0; i < CDIs; i++) begin Tests: T15 T17 T35  395 1/1 for (int j = 0; j < Shares; j++) begin Tests: T15 T17 T35  396 1/1 key_state_d[i][j] = {EntropyRounds{entropy_i[j]}}; Tests: T15 T17 T35  397 end 398 end 399 end 400 401 default:; 402 endcase // unique case (update_sel) 403 end 404 405 // SEC_CM: CTRL.CTR.REDUN 406 prim_count #( 407 .Width(CntWidth) 408 ) u_cnt ( 409 .clk_i, 410 .rst_ni, 411 .clr_i(op_ack | random_ack), 412 .set_i('0), 413 .set_cnt_i('0), 414 .incr_en_i(op_update | random_req), 415 .decr_en_i(1'b0), 416 .step_i(CntWidth'(1'b1)), 417 .commit_i(1'b1), 418 .cnt_o(cnt), 419 .cnt_after_commit_o(), 420 .err_o(cnt_err) 421 ); 422 423 424 prim_mubi4_sender u_hw_sel ( 425 .clk_i, 426 .rst_ni, 427 .mubi_i (prim_mubi_pkg::mubi4_bool_to_mubi(gen_out_hw_sel)), 428 .mubi_o (hw_sel_o) 429 ); 430 431 // when in a state that accepts commands, look at op_ack for completion 432 // when in a state that does not accept commands, wait for other triggers. 433 1/1 assign op_done_o = op_req ? op_ack : Tests: T1 T2 T3  434 (init_o | invalid_op); 435 436 437 // There are 3 possibilities 438 // advance to next state (software command) 439 // advance to disabled state (software command) 440 // advance to invalid state (detected fault) 441 logic adv_state; 442 logic dis_state; 443 logic inv_state; 444 1/1 assign adv_state = op_ack & adv_req & ~op_err; Tests: T1 T2 T3  445 1/1 assign dis_state = op_ack & dis_req; Tests: T1 T2 T3  446 447 // SEC_CM: CTRL.FSM.LOCAL_ESC 448 // begin invalidation when faults are observed. 449 // sync faults only invalidate on transaction boudaries 450 // async faults begin invalidating immediately 451 1/1 assign inv_state = |fault_o; Tests: T1 T2 T3  452 453 always_comb begin 454 // persistent data 455 1/1 state_d = state_q; Tests: T1 T2 T3  456 457 // request to op handling 458 1/1 op_req = 1'b0; Tests: T1 T2 T3  459 1/1 random_req = 1'b0; Tests: T1 T2 T3  460 1/1 random_ack = 1'b0; Tests: T1 T2 T3  461 462 // request to key updates 463 1/1 wipe_req = 1'b0; Tests: T1 T2 T3  464 465 // invalid operation issued 466 1/1 invalid_op = '0; Tests: T1 T2 T3  467 468 // data update and select signals 469 1/1 stage_sel_o = Disable; Tests: T1 T2 T3  470 471 // indication that state is disabled 472 1/1 disabled = 1'b0; Tests: T1 T2 T3  473 474 // indication that state is invalid 475 1/1 invalid = 1'b0; Tests: T1 T2 T3  476 477 // Don't request final PRNG updating and reseeding. 478 1/1 prng_en_dis_inv_set = 1'b0; Tests: T1 T2 T3  479 480 // Request PRNG reseeding. 481 1/1 prng_reseed_req_o = 1'b0; Tests: T1 T2 T3  482 483 // initialization complete 484 1/1 init_o = 1'b0; Tests: T1 T2 T3  485 486 // Most states are initialized, mark the exceptions 487 1/1 initialized = 1'b1; Tests: T1 T2 T3  488 489 // if state is ever faulted, hold on to this indication 490 // until reset. 491 1/1 state_intg_err_d = state_intg_err_q; Tests: T1 T2 T3  492 493 1/1 unique case (state_q) Tests: T1 T2 T3  494 // Only advance can be called from reset state 495 StCtrlReset: begin 496 1/1 initialized = 1'b0; Tests: T1 T2 T3  497 498 // always use random data for advance, since out of reset state 499 // the key state will be randomized. 500 1/1 stage_sel_o = Disable; Tests: T1 T2 T3  501 502 // key state is updated when it is an advance call 503 // all other operations are invalid, including disable 504 1/1 invalid_op = op_start_i & ~advance_sel; Tests: T1 T2 T3  505 506 // if there was a structural fault before anything began, wipe immediately 507 1/1 if (inv_state) begin Tests: T1 T2 T3  508 1/1 state_d = StCtrlWipe; Tests: T28 T10 T11  509 1/1 end else if (advance_sel) begin Tests: T1 T2 T3  510 1/1 state_d = StCtrlEntropyReseed; Tests: T1 T2 T3  511 end MISSING_ELSE 512 end 513 514 // reseed entropy 515 StCtrlEntropyReseed: begin 516 1/1 initialized = 1'b0; Tests: T1 T2 T3  517 1/1 prng_reseed_req_o = 1'b1; Tests: T1 T2 T3  518 519 1/1 if (prng_reseed_ack_i) begin Tests: T1 T2 T3  520 1/1 state_d = StCtrlRandom; Tests: T1 T2 T3  521 end MISSING_ELSE 522 end 523 524 // This state does not accept any command. 525 StCtrlRandom: begin 526 1/1 initialized = 1'b0; Tests: T1 T2 T3  527 1/1 random_req = 1'b1; Tests: T1 T2 T3  528 529 // when mask population is complete, xor the root_key into the zero share 530 // if in the future the root key is updated to 2 shares, it will direclty overwrite 531 // the values here 532 1/1 if (int'(cnt) == EntropyRounds-1) begin Tests: T1 T2 T3  533 unreachable random_ack = 1'b1; 534 unreachable state_d = StCtrlRootKey; 535 end MISSING_ELSE 536 end 537 538 // load the root key. 539 StCtrlRootKey: begin 540 1/1 init_o = 1'b1; Tests: T1 T2 T3  541 1/1 initialized = 1'b1; Tests: T1 T2 T3  542 1/1 state_d = (en_i && root_key_valid_q) ? StCtrlInit : StCtrlWipe; Tests: T1 T2 T3  543 end 544 545 // Beginning from the Init state, operations are accepted. 546 // Only valid operation is advance state. If invalid command received, 547 // random data is selected for operation and no persistent state is changed. 548 StCtrlInit: begin 549 1/1 op_req = op_start_i; Tests: T1 T2 T3  550 551 // when advancing select creator data, otherwise use random input 552 1/1 stage_sel_o = advance_sel ? Creator : Disable; Tests: T1 T2 T3  553 1/1 invalid_op = op_start_i & ~(advance_sel | disable_sel); Tests: T1 T2 T3  554 555 1/1 if (!en_i || inv_state) begin Tests: T1 T2 T3  556 1/1 state_d = StCtrlWipe; Tests: T34 T66 T6  557 1/1 end else if (dis_state) begin Tests: T1 T2 T3  558 1/1 state_d = StCtrlDisabled; Tests: T18 T78 T66  559 1/1 prng_en_dis_inv_set = 1'b1; Tests: T18 T78 T66  560 1/1 end else if (adv_state) begin Tests: T1 T2 T3  561 1/1 state_d = StCtrlCreatorRootKey; Tests: T1 T2 T3  562 end MISSING_ELSE 563 end 564 565 // all commands are valid during this stage 566 StCtrlCreatorRootKey: begin 567 1/1 op_req = op_start_i; Tests: T1 T2 T3  568 569 // when generating, select creator data input 570 // when advancing, select owner intermediate key as target 571 // when disabling, select random data input 572 1/1 stage_sel_o = disable_sel ? Disable : Tests: T1 T2 T3  573 advance_sel ? OwnerInt : Creator; 574 575 1/1 if (!en_i || inv_state) begin Tests: T1 T2 T3  576 1/1 state_d = StCtrlWipe; Tests: T15 T99 T135  577 1/1 end else if (dis_state) begin Tests: T1 T2 T3  578 1/1 state_d = StCtrlDisabled; Tests: T14 T136 T137  579 1/1 prng_en_dis_inv_set = 1'b1; Tests: T14 T136 T137  580 1/1 end else if (adv_state) begin Tests: T1 T2 T3  581 1/1 state_d = StCtrlOwnerIntKey; Tests: T1 T2 T3  582 end MISSING_ELSE 583 end 584 585 // all commands are valid during this stage 586 StCtrlOwnerIntKey: begin 587 1/1 op_req = op_start_i; Tests: T1 T2 T3  588 589 // when generating, select owner intermediate data input 590 // when advancing, select owner as target 591 // when disabling, select random data input 592 1/1 stage_sel_o = disable_sel ? Disable : Tests: T1 T2 T3  593 advance_sel ? Owner : OwnerInt; 594 595 1/1 if (!en_i || inv_state) begin Tests: T1 T2 T3  596 1/1 state_d = StCtrlWipe; Tests: T68 T79 T138  597 1/1 end else if (dis_state) begin Tests: T1 T2 T3  598 1/1 state_d = StCtrlDisabled; Tests: T18 T68 T80  599 1/1 prng_en_dis_inv_set = 1'b1; Tests: T18 T68 T80  600 1/1 end else if (adv_state) begin Tests: T1 T2 T3  601 1/1 state_d = StCtrlOwnerKey; Tests: T1 T2 T3  602 end MISSING_ELSE 603 end 604 605 // all commands are valid during this stage 606 // however advance goes directly to disabled state 607 StCtrlOwnerKey: begin 608 1/1 op_req = op_start_i; Tests: T1 T2 T3  609 610 // when generating, select owner data input 611 // when advancing, select disable as target 612 // when disabling, select random data input 613 1/1 stage_sel_o = disable_sel | advance_sel ? Disable : Owner; Tests: T1 T2 T3  614 615 1/1 if (!en_i || inv_state) begin Tests: T1 T2 T3  616 1/1 state_d = StCtrlWipe; Tests: T36 T69 T37  617 1/1 end else if (adv_state || dis_state) begin Tests: T1 T2 T3  618 1/1 state_d = StCtrlDisabled; Tests: T1 T2 T3  619 1/1 prng_en_dis_inv_set = 1'b1; Tests: T1 T2 T3  620 end MISSING_ELSE 621 end 622 623 // The wipe state immediately clears out the key state, but waits for any ongoing 624 // transaction to finish before going to disabled state. 625 // Unlike the random state, this is an immedaite shutdown request, so all parts of the 626 // key are wiped. 627 StCtrlWipe: begin 628 1/1 wipe_req = 1'b1; Tests: T15 T17 T35  629 // if there was already an operation ongoing, maintain the request until completion 630 1/1 op_req = op_busy; Tests: T15 T17 T35  631 1/1 invalid_op = op_start_i; Tests: T15 T17 T35  632 633 // If the enable is dropped during the middle of a transaction, we clear and wait for that 634 // transaction to gracefully complete (if it can). 635 // There are two scenarios: 636 // 1. the operation completed right when we started wiping, in which case the done would 637 // clear the start. 638 // 2. the operation completed before we started wiping, or there was never an operation to 639 // begin with (op_start_i == 0), in this case, don't wait and immediately transition 640 1/1 if (!op_start_i) begin Tests: T15 T17 T35  641 1/1 state_d = StCtrlInvalid; Tests: T15 T17 T35  642 1/1 prng_en_dis_inv_set = 1'b1; Tests: T15 T17 T35  643 end MISSING_ELSE 644 end 645 646 // StCtrlDisabled and StCtrlInvalid are almost functionally equivalent 647 // The only difference is that Disabled is entered through software invocation, 648 // while Invalid is entered through life cycle disable or operational fault. 649 // 650 // Both states continue to kick off random transactions 651 // All transactions are treated as invalid despite completing 652 StCtrlDisabled: begin 653 1/1 op_req = op_start_i; Tests: T1 T2 T3  654 1/1 disabled = 1'b1; Tests: T1 T2 T3  655 656 1/1 if (!en_i || inv_state) begin Tests: T1 T2 T3  657 1/1 state_d = StCtrlWipe; Tests: T38 T69 T109  658 end MISSING_ELSE 659 end 660 661 StCtrlInvalid: begin 662 1/1 invalid_op = op_start_i; Tests: T15 T17 T35  663 1/1 invalid = 1'b1; Tests: T15 T17 T35  664 end 665 666 // latch the fault indication and start to wipe the key manager 667 default: begin 668 state_intg_err_d = 1'b1; 669 state_d = StCtrlWipe; 670 end 671 672 endcase // unique case (state_q) 673 end // always_comb 674 675 // Current working state provided for software read 676 // Certain states are collapsed for simplicity 677 keymgr_working_state_e last_working_st; 678 logic update_en; 679 680 always_ff @(posedge clk_i or negedge rst_ni) begin 681 1/1 if (!rst_ni) begin Tests: T1 T2 T3  682 1/1 last_working_st <= StReset; Tests: T1 T2 T3  683 1/1 end else if (update_en) begin Tests: T1 T2 T3  684 1/1 last_working_st <= working_state_o; Tests: T1 T2 T3  685 end MISSING_ELSE 686 end 687 688 always_comb begin 689 1/1 update_en = 1'b1; Tests: T1 T2 T3  690 1/1 working_state_o = StInvalid; Tests: T1 T2 T3  691 692 1/1 unique case (state_q) Tests: T1 T2 T3  693 StCtrlReset, StCtrlEntropyReseed, StCtrlRandom: 694 1/1 working_state_o = StReset; Tests: T1 T2 T3  695 696 StCtrlRootKey, StCtrlInit: 697 1/1 working_state_o = StInit; Tests: T1 T2 T3  698 699 StCtrlCreatorRootKey: 700 1/1 working_state_o = StCreatorRootKey; Tests: T1 T2 T3  701 702 StCtrlOwnerIntKey: 703 1/1 working_state_o = StOwnerIntKey; Tests: T1 T2 T3  704 705 StCtrlOwnerKey: 706 1/1 working_state_o = StOwnerKey; Tests: T1 T2 T3  707 708 StCtrlDisabled: 709 1/1 working_state_o = StDisabled; Tests: T1 T2 T3  710 711 StCtrlWipe: begin 712 1/1 update_en = 1'b0; Tests: T15 T17 T35  713 1/1 working_state_o = last_working_st; Tests: T15 T17 T35  714 end 715 716 StCtrlInvalid: 717 1/1 working_state_o = StInvalid; Tests: T15 T17 T35  718 719 default: 720 working_state_o = StInvalid; 721 endcase // unique case (state_q) 722 end 723 724 always_comb begin 725 1/1 status_o = OpIdle; Tests: T1 T2 T3  726 1/1 if (op_done_o) begin Tests: T1 T2 T3  727 // It is possible for an operation to finish the same cycle en_i goes low. 728 // The main fsm handling is one cycle behind, but still report operation 729 // fail. 730 1/1 status_o = |{error_o, fault_o} ? OpDoneFail : OpDoneSuccess; Tests: T1 T2 T3  731 1/1 end else if (op_start_i) begin Tests: T1 T2 T3  732 1/1 status_o = OpWip; Tests: T1 T2 T3  733 end MISSING_ELSE 734 end 735 736 737 ///////////////////////// 738 // Operateion state, handle advance and generate 739 ///////////////////////// 740 741 logic op_fsm_err; 742 keymgr_op_state_ctrl u_op_state ( 743 .clk_i, 744 .rst_ni, 745 .adv_req_i(adv_req), 746 .dis_req_i(dis_req), 747 .id_req_i(id_req), 748 .gen_req_i(gen_req), 749 .cnt_i(cdi_cnt), 750 .op_ack_o(op_ack), 751 .op_busy_o(op_busy), 752 .op_update_o(op_update), 753 .kmac_done_i, 754 .adv_en_o, 755 .id_en_o, 756 .gen_en_o, 757 .op_fsm_err_o(op_fsm_err) 758 ); 759 760 // operational state cross check. The state value must be consistent with 761 // the input operations. 762 logic op_state_cmd_err; 763 1/1 assign op_state_cmd_err = (adv_en_o & ~(advance_sel | disable_sel)) | Tests: T1 T2 T3  764 (gen_en_o & ~gen_op); 765 766 // operations fsm update precedence 767 // when in invalid state, always update. 768 // when in disabled state, always update unless a fault is encountered. 769 1/1 assign op_update_sel = (op_ack | op_update) & invalid ? KeyUpdateKmac : Tests: T1 T2 T3  770 (op_ack | op_update) & op_fault_err ? KeyUpdateWipe : 771 (op_ack | op_update) & disabled ? KeyUpdateKmac : 772 (op_ack | op_update) & op_err ? KeyUpdateIdle : 773 (op_ack | op_update) ? KeyUpdateKmac : KeyUpdateIdle; 774 775 776 /////////////////////////////// 777 // Suppress kmac return data 778 /////////////////////////////// 779 780 logic data_fsm_err; 781 keymgr_data_en_state u_data_en ( 782 .clk_i, 783 .rst_ni, 784 .hw_sel_i(hw_sel_o), 785 .adv_en_i(adv_en_o), 786 .id_en_i(id_en_o), 787 .gen_en_i(gen_en_o), 788 .op_done_i(op_done_o), 789 .op_start_i, 790 .data_hw_en_o, 791 .data_sw_en_o, 792 .fsm_err_o(data_fsm_err) 793 ); 794 795 ///////////////////////// 796 // Cross-checks, errors and faults 797 ///////////////////////// 798 799 logic vld_state_change_d, vld_state_change_q; 800 1/1 assign vld_state_change_d = (state_d != state_q) & Tests: T1 T2 T3  801 (state_d inside {StCtrlRootKey, 802 StCtrlCreatorRootKey, 803 StCtrlOwnerIntKey, 804 StCtrlOwnerKey}); 805 806 // capture for cross check in following cycle 807 always_ff @(posedge clk_i or negedge rst_ni) begin 808 1/1 if (!rst_ni) begin Tests: T1 T2 T3  809 1/1 vld_state_change_q <= '0; Tests: T1 T2 T3  810 end else begin 811 1/1 vld_state_change_q <= vld_state_change_d; Tests: T1 T2 T3  812 end 813 end 814 815 // state cross check 816 // if the state advanced, ensure that it was due to an advanced operation 817 logic state_change_err; 818 1/1 assign state_change_err = vld_state_change_q & !adv_op; Tests: T1 T2 T3  819 820 keymgr_err u_err ( 821 .clk_i, 822 .rst_ni, 823 .invalid_op_i(invalid_op), 824 .disabled_i(disabled | (initialized & ~en_i)), 825 .invalid_i(invalid), 826 .kmac_input_invalid_i, 827 .shadowed_update_err_i, 828 .kmac_op_err_i, 829 .invalid_kmac_out_i(invalid_kmac_out), 830 .sideload_sel_err_i, 831 .kmac_cmd_err_i, 832 .kmac_fsm_err_i, 833 .kmac_done_err_i, 834 .regfile_intg_err_i, 835 .shadowed_storage_err_i, 836 .ctrl_fsm_err_i(state_intg_err_q | state_intg_err_d), 837 .data_fsm_err_i(data_fsm_err), 838 .op_fsm_err_i(op_fsm_err), 839 .ecc_err_i(|ecc_errs), 840 .state_change_err_i(state_change_err), 841 .op_state_cmd_err_i(op_state_cmd_err), 842 .cnt_err_i(cnt_err), 843 .reseed_cnt_err_i, 844 .sideload_fsm_err_i, 845 846 .op_update_i(op_update), 847 .op_done_i(op_done_o), 848 849 .sync_err_o(sync_err), 850 .async_err_o(), 851 .sync_fault_o(sync_fault), 852 .async_fault_o(async_fault), 853 .error_o, 854 .fault_o 855 ); 856 857 /////////////////////////////// 858 // Functions 859 /////////////////////////////// 860 861 // unclear what this is supposed to be yet 862 // right now just check to see if it not all 0's and not all 1's 863 function automatic logic valid_data_chk (logic [KeyWidth-1:0] value); 864 865 1/1 return |value & ~&value; Tests: T1 T2 T3  866 867 endfunction // byte_mask 868 869 ///////////////////////////////// 870 // Assertions 871 ///////////////////////////////// 872 873 // This assertion will not work if fault_status ever takes on metafields such as 874 // qe / re etc. 875 `ASSERT_INIT(SameErrCnt_A, $bits(keymgr_reg2hw_fault_status_reg_t) == 876 (SyncFaultLastIdx + AsyncFaultLastIdx)) 877 878 // stage select should always be Disable whenever it is not enabled 879 `ASSERT(StageDisableSel_A, !en_i |-> stage_sel_o == Disable) 880 881 // Unless it is a legal command, only select disable 882 `ASSERT(InitLegalCommands_A, op_start_i & en_i & state_q inside {StCtrlInit} & 883 !(op_i inside {OpAdvance}) |-> stage_sel_o == Disable) 884 885 // All commands are legal, so select disable only if operation is disable 886 `ASSERT(GeneralLegalCommands_A, op_start_i & en_i & 887 state_q inside {StCtrlCreatorRootKey, StCtrlOwnerIntKey} & 888 (op_i inside {OpDisable}) |-> stage_sel_o == Disable) 889 890 `ASSERT(OwnerLegalCommands_A, op_start_i & en_i & state_q inside {StCtrlOwnerKey} & 891 (op_i inside {OpAdvance, OpDisable}) |-> stage_sel_o == Disable) 892 893 // load_key should not be high if there is no ongoing operation 894 `ASSERT(LoadKey_A, key_o.valid |-> op_start_i) 895 896 // The count value should always be 0 when a transaction start 897 `ASSERT(CntZero_A, $rose(op_start_i) |-> cnt == '0) 898 899 // Whenever a transaction completes, data_en must return to 0 on the next cycle 900 `ASSERT(DataEnDis_A, op_start_i & op_done_o |=> ~data_hw_en_o && ~data_sw_en_o) 901 902 // Whenever data enable asserts, it must be the case that there was a generate or 903 // id operation 904 `ASSERT(DataEn_A, data_hw_en_o | data_sw_en_o |-> (id_en_o | gen_en_o) & ~adv_en_o) 905 906 // Check that the FSM is linear and does not contain any loops 907 3/3 `ASSERT_FPV_LINEAR_FSM(SecCmCFILinear_A, state_q, state_e) Tests: T1 T2 T3  | T1 T2 T3  | T1 T2 T3 
ASSERT_FPV_LINEAR_FSM(SecCmCFILinear_A, state_q, state_e): 907.1 `ifdef INC_ASSERT 907.2 bit SecCmCFILinear_A_cond; 907.3 always_ff @(posedge clk_i or posedge !rst_ni) begin 907.4 1/1 if (!rst_ni) begin Tests: T1 T2 T3  907.5 1/1 SecCmCFILinear_A_cond <= 0; Tests: T1 T2 T3  907.6 end else begin 907.7 1/1 SecCmCFILinear_A_cond <= 1; Tests: T1 T2 T3  907.8 end 907.9 end 907.10 property SecCmCFILinear_A_p; 907.11 state_e initial_state; 907.12 (!$stable(state_q) & SecCmCFILinear_A_cond, initial_state = $past(state_q)) |-> 907.13 (state_q != initial_state) until (!rst_ni == 1'b1); 907.14 endproperty 907.15 SecCmCFILinear_A: assert property (@(posedge clk_i) disable iff ((0) !== '0) (SecCmCFILinear_A_p)) 907.16 else begin 907.17 `ifdef UVM 907.18 uvm_pkg::uvm_report_error("ASSERT FAILED", "SecCmCFILinear_A", uvm_pkg::UVM_NONE, 907.19 "../src/lowrisc_ip_keymgr_0.1/rtl/keymgr_ctrl.sv", 907, "", 1); 907.20 `else 907.21 $error("%0t: (%0s:%0d) [%m] [ASSERT FAILED] %0s", $time, `__FILE__, `__LINE__, 907.22 `PRIM_STRINGIFY(SecCmCFILinear_A)); 907.23 `endif 907.24 end 907.25 `endif

Cond Coverage for Module : keymgr_ctrl
TotalCoveredPercent
Conditions21220898.11
Logical21220898.11
Non-Logical00
Event00

 LINE       150
 EXPRESSION (op_i == OpAdvance)
            ---------1---------
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT1,T2,T3

 LINE       151
 EXPRESSION (op_i == OpGenId)
            --------1--------
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT1,T2,T3

 LINE       152
 EXPRESSION (op_i == OpGenSwOut)
            ----------1---------
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT1,T2,T5

 LINE       153
 EXPRESSION (op_i == OpGenHwOut)
            ----------1---------
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT2,T3,T4

 LINE       155
 EXPRESSION (gen_id_op | gen_sw_op | gen_hw_op)
             ----1----   ----2----   ----3----
-1--2--3-StatusTests
000CoveredT1,T2,T3
001CoveredT2,T3,T4
010CoveredT1,T2,T5
100CoveredT1,T2,T3

 LINE       165
 EXPRESSION (op_start_i & adv_op & en_i)
             -----1----   ---2--   --3-
-1--2--3-StatusTests
011CoveredT1,T2,T3
101CoveredT1,T2,T3
110CoveredT99,T109,T139
111CoveredT1,T2,T3

 LINE       166
 EXPRESSION (op_start_i & gen_hw_op & en_i)
             -----1----   ----2----   --3-
-1--2--3-StatusTests
011CoveredT2,T3,T4
101CoveredT1,T2,T3
110CoveredT7,T8,T140
111CoveredT2,T3,T4

 LINE       169
 EXPRESSION ((op_start_i & dis_op) | ((!en_i)))
             ----------1----------   ----2----
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT1,T2,T3
10CoveredT14,T18,T78

 LINE       169
 SUB-EXPRESSION (op_start_i & dis_op)
                 -----1----   ---2--
-1--2-StatusTests
01CoveredT14,T18,T78
10CoveredT1,T2,T3
11CoveredT14,T18,T78

 LINE       185
 EXPRESSION (op_req & adv_op)
             ---1--   ---2--
-1--2-StatusTests
01CoveredT1,T2,T3
10CoveredT1,T2,T3
11CoveredT1,T2,T3

 LINE       186
 EXPRESSION (op_req & dis_op)
             ---1--   ---2--
-1--2-StatusTests
01CoveredT14,T18,T78
10CoveredT1,T2,T3
11CoveredT14,T18,T78

 LINE       187
 EXPRESSION (op_req & gen_id_op)
             ---1--   ----2----
-1--2-StatusTests
01CoveredT1,T2,T3
10CoveredT1,T2,T3
11CoveredT1,T2,T5

 LINE       188
 EXPRESSION (op_req & (gen_sw_op | gen_hw_op))
             ---1--   -----------2-----------
-1--2-StatusTests
01CoveredT1,T2,T3
10CoveredT1,T2,T3
11CoveredT1,T2,T3

 LINE       188
 SUB-EXPRESSION (gen_sw_op | gen_hw_op)
                 ----1----   ----2----
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT2,T3,T4
10CoveredT1,T2,T5

 LINE       202
 EXPRESSION (adv_req & op_ack & ( ~ (op_err | op_fault_err) ))
             ---1---   ---2--   --------------3--------------
-1--2--3-StatusTests
011CoveredT1,T2,T3
101CoveredT1,T2,T3
110CoveredT1,T2,T3
111CoveredT1,T2,T3

 LINE       202
 SUB-EXPRESSION (op_err | op_fault_err)
                 ---1--   ------2-----
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT28,T34,T10
10CoveredT1,T2,T3

 LINE       230
 EXPRESSION (wipe_req ? KeyUpdateWipe : (random_req ? KeyUpdateRandom : (init_o ? KeyUpdateRoot : op_update_sel)))
             ----1---
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT15,T17,T35

 LINE       230
 SUB-EXPRESSION (random_req ? KeyUpdateRandom : (init_o ? KeyUpdateRoot : op_update_sel))
                 -----1----
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT1,T2,T3

 LINE       230
 SUB-EXPRESSION (init_o ? KeyUpdateRoot : op_update_sel)
                 ---1--
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT1,T2,T3

 LINE       243
 EXPRESSION (prng_en_dis_inv_set ? 2'b11 : (prng_reseed_done_i ? ({1'b0, prng_en_dis_inv_q[1]}) : prng_en_dis_inv_q))
             ---------1---------
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT1,T2,T3

 LINE       243
 SUB-EXPRESSION (prng_reseed_done_i ? ({1'b0, prng_en_dis_inv_q[1]}) : prng_en_dis_inv_q)
                 ---------1--------
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT1,T2,T3

 LINE       255
 EXPRESSION (random_req | wipe_req | prng_en_dis_inv_q[0])
             -----1----   ----2---   ----------3---------
-1--2--3-StatusTests
000CoveredT1,T2,T3
001CoveredT1,T2,T3
010CoveredT15,T17,T35
100CoveredT1,T2,T3

 LINE       277
 EXPRESSION (advance_sel ? cdi_cnt : op_cdi_sel_i)
             -----1-----
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT1,T2,T3

 LINE       281
 EXPRESSION (invalid_stage_sel_o ? ({EntropyRounds {entropy_i[0]}}) : key_state_q[cdi_sel_o][0])
             ---------1---------
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT1,T2,T3

 LINE       281
 EXPRESSION (invalid_stage_sel_o ? ({EntropyRounds {entropy_i[1]}}) : key_state_q[cdi_sel_o][1])
             ---------1---------
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT1,T2,T3

 LINE       333
 EXPRESSION (root_key_i.creator_root_key_share0_valid && root_key_i.creator_root_key_share1_valid)
             --------------------1-------------------    --------------------2-------------------
-1--2-StatusTests
01Not Covered
10Not Covered
11CoveredT1,T2,T3

 LINE       346
 EXPRESSION (op_req ? cnt[0] : '0)
             ---1--
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT1,T2,T3

 LINE       389
 EXPRESSION ((adv_op || dis_op) ? kmac_data_i : key_state_q[cdi_sel_o])
             ---------1--------
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT1,T2,T3

 LINE       389
 SUB-EXPRESSION (adv_op || dis_op)
                 ---1--    ---2--
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT14,T18,T78
10CoveredT1,T2,T3

 LINE       408
 EXPRESSION (op_ack | random_ack)
             ---1--   -----2----
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT1,T2,T3
10CoveredT1,T2,T3

 LINE       408
 EXPRESSION (op_update | random_req)
             ----1----   -----2----
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT1,T2,T3
10CoveredT1,T2,T3

 LINE       433
 EXPRESSION (op_req ? op_ack : (init_o | invalid_op))
             ---1--
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT1,T2,T3

 LINE       433
 SUB-EXPRESSION (init_o | invalid_op)
                 ---1--   -----2----
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT1,T2,T13
10CoveredT1,T2,T3

 LINE       444
 EXPRESSION (op_ack & adv_req & ((~op_err)))
             ---1--   ---2---   -----3-----
-1--2--3-StatusTests
011CoveredT1,T2,T3
101CoveredT1,T2,T3
110CoveredT1,T2,T3
111CoveredT1,T2,T3

 LINE       445
 EXPRESSION (op_ack & dis_req)
             ---1--   ---2---
-1--2-StatusTests
01CoveredT14,T18,T78
10CoveredT1,T2,T3
11CoveredT14,T18,T78

 LINE       504
 EXPRESSION (op_start_i & ((~advance_sel)))
             -----1----   --------2-------
-1--2-StatusTests
01CoveredT1,T2,T3
10CoveredT1,T2,T3
11CoveredT1,T2,T13

 LINE       532
 EXPRESSION (int'(cnt) == (EntropyRounds - 1))
            -----------------1----------------
-1-StatusTests
0CoveredT1,T2,T3
1UnreachableT1,T2,T3

 LINE       542
 EXPRESSION ((en_i && root_key_valid_q) ? StCtrlInit : StCtrlWipe)
             -------------1------------
-1-StatusTests
0CoveredT17,T35,T134
1CoveredT1,T2,T3

 LINE       542
 SUB-EXPRESSION (en_i && root_key_valid_q)
                 --1-    --------2-------
-1--2-StatusTests
01CoveredT141,T142
10CoveredT17,T35,T134
11CoveredT1,T2,T3

 LINE       552
 EXPRESSION (advance_sel ? Creator : Disable)
             -----1-----
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT1,T2,T3

 LINE       553
 EXPRESSION (op_start_i & ( ~ (advance_sel | disable_sel) ))
             -----1----   ----------------2----------------
-1--2-StatusTests
01CoveredT1,T2,T3
10CoveredT1,T2,T3
11CoveredT1,T2,T3

 LINE       553
 SUB-EXPRESSION (advance_sel | disable_sel)
                 -----1-----   -----2-----
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT18,T78,T66
10CoveredT1,T2,T3

 LINE       555
 EXPRESSION (((!en_i)) || inv_state)
             ----1----    ----2----
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT34,T6,T127
10CoveredT66,T139,T143

 LINE       572
 EXPRESSION (disable_sel ? Disable : (advance_sel ? OwnerInt : Creator))
             -----1-----
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT14,T15,T99

 LINE       572
 SUB-EXPRESSION (advance_sel ? OwnerInt : Creator)
                 -----1-----
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT1,T2,T3

 LINE       575
 EXPRESSION (((!en_i)) || inv_state)
             ----1----    ----2----
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT144,T29,T145
10CoveredT15,T99,T135

 LINE       592
 EXPRESSION (disable_sel ? Disable : (advance_sel ? Owner : OwnerInt))
             -----1-----
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT18,T68,T80

 LINE       592
 SUB-EXPRESSION (advance_sel ? Owner : OwnerInt)
                 -----1-----
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT1,T2,T3

 LINE       595
 EXPRESSION (((!en_i)) || inv_state)
             ----1----    ----2----
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT79,T138,T146
10CoveredT68,T97,T8

 LINE       613
 EXPRESSION ((disable_sel | advance_sel) ? Disable : Owner)
             -------------1-------------
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT1,T2,T3

 LINE       613
 SUB-EXPRESSION (disable_sel | advance_sel)
                 -----1-----   -----2-----
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT1,T2,T3
10CoveredT69,T68,T80

 LINE       615
 EXPRESSION (((!en_i)) || inv_state)
             ----1----    ----2----
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT36,T37,T93
10CoveredT69,T68,T80

 LINE       617
 EXPRESSION (adv_state || dis_state)
             ----1----    ----2----
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT68,T147,T96
10CoveredT1,T2,T3

 LINE       656
 EXPRESSION (((!en_i)) || inv_state)
             ----1----    ----2----
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT38,T26,T148
10CoveredT69,T109,T149

 LINE       730
 EXPRESSION (((|{error_o, fault_o})) ? OpDoneFail : OpDoneSuccess)
             -----------1-----------
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT1,T2,T3

 LINE       763
 EXPRESSION ((adv_en_o & ( ~ (advance_sel | disable_sel) )) | (gen_en_o & ((~gen_op))))
             -----------------------1----------------------   ------------2-----------
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT19,T150,T151
10CoveredT6,T9,T152

 LINE       763
 SUB-EXPRESSION (adv_en_o & ( ~ (advance_sel | disable_sel) ))
                 ----1---   ----------------2----------------
-1--2-StatusTests
01CoveredT1,T2,T3
10CoveredT1,T2,T3
11CoveredT6,T9,T152

 LINE       763
 SUB-EXPRESSION (advance_sel | disable_sel)
                 -----1-----   -----2-----
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT1,T2,T3
10CoveredT1,T2,T3

 LINE       763
 SUB-EXPRESSION (gen_en_o & ((~gen_op)))
                 ----1---   -----2-----
-1--2-StatusTests
01CoveredT1,T2,T3
10CoveredT1,T2,T3
11CoveredT19,T150,T151

 LINE       769
 EXPRESSION 
 Number  Term
      1  ((op_ack | op_update) & invalid) ? KeyUpdateKmac : (((op_ack | op_update) & op_fault_err) ? KeyUpdateWipe : (((op_ack | op_update) & disabled) ? KeyUpdateKmac : (((op_ack | op_update) & op_err) ? KeyUpdateIdle : ((op_ack | op_update) ? KeyUpdateKmac : KeyUpdateIdle)))))
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT10,T11,T12

 LINE       769
 SUB-EXPRESSION ((op_ack | op_update) & invalid)
                 ----------1---------   ---2---
-1--2-StatusTests
01CoveredT15,T17,T35
10CoveredT1,T2,T3
11CoveredT10,T11,T12

 LINE       769
 SUB-EXPRESSION (op_ack | op_update)
                 ---1--   ----2----
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT1,T2,T3
10CoveredT1,T2,T3

 LINE       769
 SUB-EXPRESSION 
 Number  Term
      1  ((op_ack | op_update) & op_fault_err) ? KeyUpdateWipe : (((op_ack | op_update) & disabled) ? KeyUpdateKmac : (((op_ack | op_update) & op_err) ? KeyUpdateIdle : ((op_ack | op_update) ? KeyUpdateKmac : KeyUpdateIdle))))
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT34,T10,T38

 LINE       769
 SUB-EXPRESSION ((op_ack | op_update) & op_fault_err)
                 ----------1---------   ------2-----
-1--2-StatusTests
01CoveredT28,T34,T10
10CoveredT1,T2,T3
11CoveredT34,T10,T38

 LINE       769
 SUB-EXPRESSION (op_ack | op_update)
                 ---1--   ----2----
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT1,T2,T3
10CoveredT1,T2,T3

 LINE       769
 SUB-EXPRESSION 
 Number  Term
      1  ((op_ack | op_update) & disabled) ? KeyUpdateKmac : (((op_ack | op_update) & op_err) ? KeyUpdateIdle : ((op_ack | op_update) ? KeyUpdateKmac : KeyUpdateIdle)))
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT1,T2,T3

 LINE       769
 SUB-EXPRESSION ((op_ack | op_update) & disabled)
                 ----------1---------   ----2---
-1--2-StatusTests
01CoveredT1,T2,T3
10CoveredT1,T2,T3
11CoveredT1,T2,T3

 LINE       769
 SUB-EXPRESSION (op_ack | op_update)
                 ---1--   ----2----
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT1,T2,T3
10CoveredT1,T2,T3

 LINE       769
 SUB-EXPRESSION (((op_ack | op_update) & op_err) ? KeyUpdateIdle : ((op_ack | op_update) ? KeyUpdateKmac : KeyUpdateIdle))
                 ---------------1---------------
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT1,T2,T3

 LINE       769
 SUB-EXPRESSION ((op_ack | op_update) & op_err)
                 ----------1---------   ---2--
-1--2-StatusTests
01CoveredT1,T2,T3
10CoveredT1,T2,T3
11CoveredT1,T2,T3

 LINE       769
 SUB-EXPRESSION (op_ack | op_update)
                 ---1--   ----2----
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT1,T2,T3
10CoveredT1,T2,T3

 LINE       769
 SUB-EXPRESSION ((op_ack | op_update) ? KeyUpdateKmac : KeyUpdateIdle)
                 ----------1---------
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT1,T2,T3

 LINE       769
 SUB-EXPRESSION (op_ack | op_update)
                 ---1--   ----2----
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT1,T2,T3
10CoveredT1,T2,T3

 LINE       800
 EXPRESSION ((state_d != state_q) & (state_d inside {StCtrlRootKey, StCtrlCreatorRootKey, StCtrlOwnerIntKey, StCtrlOwnerKey}))
             ----------1---------   --------------------------------------------2--------------------------------------------
-1--2-StatusTests
01CoveredT1,T2,T3
10CoveredT1,T2,T3
11CoveredT1,T2,T3

 LINE       800
 SUB-EXPRESSION (state_d != state_q)
                ----------1---------
-1-StatusTests
0CoveredT1,T2,T3
1CoveredT1,T2,T3

 LINE       818
 EXPRESSION (vld_state_change_q & ((!adv_op)))
             ---------1--------   -----2-----
-1--2-StatusTests
01CoveredT1,T2,T3
10CoveredT1,T2,T3
11Not Covered

 LINE       820
 EXPRESSION (disabled | (initialized & ((~en_i))))
             ----1---   ------------2------------
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT15,T99,T69
10CoveredT1,T2,T3

 LINE       820
 SUB-EXPRESSION (initialized & ((~en_i)))
                 -----1-----   ----2----
-1--2-StatusTests
01CoveredT1,T2,T3
10CoveredT1,T2,T3
11CoveredT15,T99,T69

 LINE       820
 EXPRESSION (state_intg_err_q | state_intg_err_d)
             --------1-------   --------2-------
-1--2-StatusTests
00CoveredT1,T2,T3
01CoveredT10,T11,T12
10Not Covered

FSM Coverage for Module : keymgr_ctrl
Summary for FSM :: state_q
TotalCoveredPercent
States 11 11 100.00 (Not included in score)
Transitions 19 19 100.00
Sequences 0 0

State, Transition and Sequence Details for FSM :: state_q
statesLine No.CoveredTests
StCtrlCreatorRootKey 561 Covered T1,T2,T3
StCtrlDisabled 558 Covered T1,T2,T3
StCtrlEntropyReseed 510 Covered T1,T2,T3
StCtrlInit 542 Covered T1,T2,T3
StCtrlInvalid 641 Covered T15,T17,T35
StCtrlOwnerIntKey 581 Covered T1,T2,T3
StCtrlOwnerKey 601 Covered T1,T2,T3
StCtrlRandom 520 Covered T1,T2,T3
StCtrlReset 495 Covered T1,T2,T3
StCtrlRootKey 534 Covered T1,T2,T3
StCtrlWipe 508 Covered T15,T17,T35


transitionsLine No.CoveredTests
StCtrlCreatorRootKey->StCtrlDisabled 578 Covered T14,T136,T137
StCtrlCreatorRootKey->StCtrlOwnerIntKey 581 Covered T1,T2,T3
StCtrlCreatorRootKey->StCtrlWipe 576 Covered T15,T99,T135
StCtrlDisabled->StCtrlWipe 657 Covered T38,T69,T109
StCtrlEntropyReseed->StCtrlRandom 520 Covered T1,T2,T3
StCtrlInit->StCtrlCreatorRootKey 561 Covered T1,T2,T3
StCtrlInit->StCtrlDisabled 558 Covered T18,T78,T66
StCtrlInit->StCtrlWipe 556 Covered T34,T66,T6
StCtrlOwnerIntKey->StCtrlDisabled 598 Covered T18,T68,T80
StCtrlOwnerIntKey->StCtrlOwnerKey 601 Covered T1,T2,T3
StCtrlOwnerIntKey->StCtrlWipe 596 Covered T68,T79,T138
StCtrlOwnerKey->StCtrlDisabled 618 Covered T1,T2,T3
StCtrlOwnerKey->StCtrlWipe 616 Covered T36,T69,T37
StCtrlRandom->StCtrlRootKey 534 Covered T1,T2,T3
StCtrlReset->StCtrlEntropyReseed 510 Covered T1,T2,T3
StCtrlReset->StCtrlWipe 508 Covered T28,T10,T11
StCtrlRootKey->StCtrlInit 542 Covered T1,T2,T3
StCtrlRootKey->StCtrlWipe 542 Covered T17,T35,T134
StCtrlWipe->StCtrlInvalid 641 Covered T15,T17,T35



Branch Coverage for Module : keymgr_ctrl
Line No.TotalCoveredPercent
Branches 97 97 100.00
TERNARY 230 4 4 100.00
TERNARY 243 3 3 100.00
TERNARY 277 2 2 100.00
TERNARY 346 2 2 100.00
TERNARY 433 2 2 100.00
TERNARY 769 6 6 100.00
TERNARY 281 2 2 100.00
TERNARY 281 2 2 100.00
IF 248 2 2 100.00
IF 261 2 2 100.00
IF 264 2 2 100.00
IF 290 2 2 100.00
CASE 355 7 7 100.00
CASE 493 39 39 100.00
IF 681 3 3 100.00
CASE 692 9 9 100.00
IF 726 4 4 100.00
IF 808 2 2 100.00
IF 907 2 2 100.00


230 assign update_sel = wipe_req ? KeyUpdateWipe : -1- ==> 231 random_req ? KeyUpdateRandom : -2- ==> 232 init_o ? KeyUpdateRoot : op_update_sel; -3- ==> ==>

Branches:
-1--2--3-StatusTests
1 - - Covered T15,T17,T35
0 1 - Covered T1,T2,T3
0 0 1 Covered T1,T2,T3
0 0 0 Covered T1,T2,T3


243 assign prng_en_dis_inv_d = 244 prng_en_dis_inv_set ? 2'b11 : -1- ==> 245 prng_reseed_done_i ? {1'b0, prng_en_dis_inv_q[1]} : prng_en_dis_inv_q; -2- ==> ==>

Branches:
-1--2-StatusTests
1 - Covered T1,T2,T3
0 1 Covered T1,T2,T3
0 0 Covered T1,T2,T3


277 assign cdi_sel_o = advance_sel ? cdi_cnt : op_cdi_sel_i; -1- ==> ==>

Branches:
-1-StatusTests
1 Covered T1,T2,T3
0 Covered T1,T2,T3


346 assign cdi_cnt = op_req ? cnt[CdiWidth-1:0] : '0; -1- ==> ==>

Branches:
-1-StatusTests
1 Covered T1,T2,T3
0 Covered T1,T2,T3


433 assign op_done_o = op_req ? op_ack : -1- ==> ==>

Branches:
-1-StatusTests
1 Covered T1,T2,T3
0 Covered T1,T2,T3


769 assign op_update_sel = (op_ack | op_update) & invalid ? KeyUpdateKmac : -1- ==> 770 (op_ack | op_update) & op_fault_err ? KeyUpdateWipe : -2- ==> 771 (op_ack | op_update) & disabled ? KeyUpdateKmac : -3- ==> 772 (op_ack | op_update) & op_err ? KeyUpdateIdle : -4- ==> 773 (op_ack | op_update) ? KeyUpdateKmac : KeyUpdateIdle; -5- ==> ==>

Branches:
-1--2--3--4--5-StatusTests
1 - - - - Covered T10,T11,T12
0 1 - - - Covered T34,T10,T38
0 0 1 - - Covered T1,T2,T3
0 0 0 1 - Covered T1,T2,T3
0 0 0 0 1 Covered T1,T2,T3
0 0 0 0 0 Covered T1,T2,T3


281 assign key_o.key[i] = invalid_stage_sel_o ? -1- ==> ==>

Branches:
-1-StatusTests
1 Covered T1,T2,T3
0 Covered T1,T2,T3


281 assign key_o.key[i] = invalid_stage_sel_o ? -1- ==> ==>

Branches:
-1-StatusTests
1 Covered T1,T2,T3
0 Covered T1,T2,T3


248 if (!rst_ni) begin -1- 249 prng_en_dis_inv_q <= '0; ==> 250 end else begin 251 prng_en_dis_inv_q <= prng_en_dis_inv_d; ==>

Branches:
-1-StatusTests
1 Covered T1,T2,T3
0 Covered T1,T2,T3


261 `PRIM_FLOP_SPARSE_FSM(u_state_regs, state_d, state_q, state_e, StCtrlReset) -1- ==> ==>

Branches:
-1-StatusTests
1 Covered T1,T2,T3
0 Covered T1,T2,T3


264 if (!rst_ni) begin -1- 265 state_intg_err_q <= '0; ==> 266 end else begin 267 state_intg_err_q <= state_intg_err_d; ==>

Branches:
-1-StatusTests
1 Covered T1,T2,T3
0 Covered T1,T2,T3


290 if (!rst_ni) begin -1- 291 key_state_q <= '0; ==> 292 key_state_ecc_q <= {TotalEccWords{prim_secded_pkg::SecdedInv7264ZeroEcc}}; 293 end else begin 294 for (int i = 0; i < CDIs; i++) begin ==>

Branches:
-1-StatusTests
1 Covered T1,T2,T3
0 Covered T1,T2,T3


355 unique case (update_sel) -1- 356 KeyUpdateRandom: begin 357 for (int i = 0; i < CDIs; i++) begin ==> 358 for (int j = 0; j < Shares; j++) begin 359 // Load each share with the same randomness so we can 360 // later simply XOR root key on them 361 key_state_d[i][j][cnt[EntropyRndWidth-1:0]] = entropy_i[i]; 362 end 363 end 364 end 365 366 KeyUpdateRoot: begin 367 if (root_key_valid_q) begin -2- 368 for (int i = 0; i < CDIs; i++) begin ==> 369 if (KmacEnMasking) begin : gen_two_share_key 370 key_state_d[i][0] ^= root_key_i.creator_root_key_share0; 371 key_state_d[i][1] ^= root_key_i.creator_root_key_share1; 372 end else begin : gen_one_share_key 373 key_state_d[i][0] = root_key_i.creator_root_key_share0 ^ 374 root_key_i.creator_root_key_share1; 375 key_state_d[i][1] = '0; 376 end 377 end 378 end else begin 379 // if root key is not valid, load and invalid value 380 for (int i = 0; i < CDIs; i++) begin ==> 381 key_state_d[i][0] = '0; 382 key_state_d[i][1] = '{default: '1}; 383 end 384 end 385 end 386 387 KeyUpdateKmac: begin 388 data_valid_o = gen_op; 389 key_state_d[cdi_sel_o] = (adv_op || dis_op) ? kmac_data_i : key_state_q[cdi_sel_o]; -3- ==> ==> 390 end 391 392 KeyUpdateWipe: begin 393 wipe_key_o = 1'b1; ==> 394 for (int i = 0; i < CDIs; i++) begin 395 for (int j = 0; j < Shares; j++) begin 396 key_state_d[i][j] = {EntropyRounds{entropy_i[j]}}; 397 end 398 end 399 end 400 401 default:; ==>

Branches:
-1--2--3-StatusTests
KeyUpdateRandom - - Covered T1,T2,T3
KeyUpdateRoot 1 - Covered T1,T2,T3
KeyUpdateRoot 0 - Covered T17,T35,T134
KeyUpdateKmac - 1 Covered T1,T2,T3
KeyUpdateKmac - 0 Covered T1,T2,T3
KeyUpdateWipe - - Covered T15,T17,T35
default - - Covered T1,T2,T3


493 unique case (state_q) -1- 494 // Only advance can be called from reset state 495 StCtrlReset: begin 496 initialized = 1'b0; 497 498 // always use random data for advance, since out of reset state 499 // the key state will be randomized. 500 stage_sel_o = Disable; 501 502 // key state is updated when it is an advance call 503 // all other operations are invalid, including disable 504 invalid_op = op_start_i & ~advance_sel; 505 506 // if there was a structural fault before anything began, wipe immediately 507 if (inv_state) begin -2- 508 state_d = StCtrlWipe; ==> 509 end else if (advance_sel) begin -3- 510 state_d = StCtrlEntropyReseed; ==> 511 end MISSING_ELSE ==> 512 end 513 514 // reseed entropy 515 StCtrlEntropyReseed: begin 516 initialized = 1'b0; 517 prng_reseed_req_o = 1'b1; 518 519 if (prng_reseed_ack_i) begin -4- 520 state_d = StCtrlRandom; ==> 521 end MISSING_ELSE ==> 522 end 523 524 // This state does not accept any command. 525 StCtrlRandom: begin 526 initialized = 1'b0; 527 random_req = 1'b1; 528 529 // when mask population is complete, xor the root_key into the zero share 530 // if in the future the root key is updated to 2 shares, it will direclty overwrite 531 // the values here 532 if (int'(cnt) == EntropyRounds-1) begin -5- 533 random_ack = 1'b1; ==> (Unreachable) 534 state_d = StCtrlRootKey; 535 end MISSING_ELSE ==> 536 end 537 538 // load the root key. 539 StCtrlRootKey: begin 540 init_o = 1'b1; 541 initialized = 1'b1; 542 state_d = (en_i && root_key_valid_q) ? StCtrlInit : StCtrlWipe; -6- ==> ==> 543 end 544 545 // Beginning from the Init state, operations are accepted. 546 // Only valid operation is advance state. If invalid command received, 547 // random data is selected for operation and no persistent state is changed. 548 StCtrlInit: begin 549 op_req = op_start_i; 550 551 // when advancing select creator data, otherwise use random input 552 stage_sel_o = advance_sel ? Creator : Disable; -7- ==> ==> 553 invalid_op = op_start_i & ~(advance_sel | disable_sel); 554 555 if (!en_i || inv_state) begin -8- 556 state_d = StCtrlWipe; ==> 557 end else if (dis_state) begin -9- 558 state_d = StCtrlDisabled; ==> 559 prng_en_dis_inv_set = 1'b1; 560 end else if (adv_state) begin -10- 561 state_d = StCtrlCreatorRootKey; ==> 562 end MISSING_ELSE ==> 563 end 564 565 // all commands are valid during this stage 566 StCtrlCreatorRootKey: begin 567 op_req = op_start_i; 568 569 // when generating, select creator data input 570 // when advancing, select owner intermediate key as target 571 // when disabling, select random data input 572 stage_sel_o = disable_sel ? Disable : -11- ==> 573 advance_sel ? OwnerInt : Creator; -12- ==> ==> 574 575 if (!en_i || inv_state) begin -13- 576 state_d = StCtrlWipe; ==> 577 end else if (dis_state) begin -14- 578 state_d = StCtrlDisabled; ==> 579 prng_en_dis_inv_set = 1'b1; 580 end else if (adv_state) begin -15- 581 state_d = StCtrlOwnerIntKey; ==> 582 end MISSING_ELSE ==> 583 end 584 585 // all commands are valid during this stage 586 StCtrlOwnerIntKey: begin 587 op_req = op_start_i; 588 589 // when generating, select owner intermediate data input 590 // when advancing, select owner as target 591 // when disabling, select random data input 592 stage_sel_o = disable_sel ? Disable : -16- ==> 593 advance_sel ? Owner : OwnerInt; -17- ==> ==> 594 595 if (!en_i || inv_state) begin -18- 596 state_d = StCtrlWipe; ==> 597 end else if (dis_state) begin -19- 598 state_d = StCtrlDisabled; ==> 599 prng_en_dis_inv_set = 1'b1; 600 end else if (adv_state) begin -20- 601 state_d = StCtrlOwnerKey; ==> 602 end MISSING_ELSE ==> 603 end 604 605 // all commands are valid during this stage 606 // however advance goes directly to disabled state 607 StCtrlOwnerKey: begin 608 op_req = op_start_i; 609 610 // when generating, select owner data input 611 // when advancing, select disable as target 612 // when disabling, select random data input 613 stage_sel_o = disable_sel | advance_sel ? Disable : Owner; -21- ==> ==> 614 615 if (!en_i || inv_state) begin -22- 616 state_d = StCtrlWipe; ==> 617 end else if (adv_state || dis_state) begin -23- 618 state_d = StCtrlDisabled; ==> 619 prng_en_dis_inv_set = 1'b1; 620 end MISSING_ELSE ==> 621 end 622 623 // The wipe state immediately clears out the key state, but waits for any ongoing 624 // transaction to finish before going to disabled state. 625 // Unlike the random state, this is an immedaite shutdown request, so all parts of the 626 // key are wiped. 627 StCtrlWipe: begin 628 wipe_req = 1'b1; 629 // if there was already an operation ongoing, maintain the request until completion 630 op_req = op_busy; 631 invalid_op = op_start_i; 632 633 // If the enable is dropped during the middle of a transaction, we clear and wait for that 634 // transaction to gracefully complete (if it can). 635 // There are two scenarios: 636 // 1. the operation completed right when we started wiping, in which case the done would 637 // clear the start. 638 // 2. the operation completed before we started wiping, or there was never an operation to 639 // begin with (op_start_i == 0), in this case, don't wait and immediately transition 640 if (!op_start_i) begin -24- 641 state_d = StCtrlInvalid; ==> 642 prng_en_dis_inv_set = 1'b1; 643 end MISSING_ELSE ==> 644 end 645 646 // StCtrlDisabled and StCtrlInvalid are almost functionally equivalent 647 // The only difference is that Disabled is entered through software invocation, 648 // while Invalid is entered through life cycle disable or operational fault. 649 // 650 // Both states continue to kick off random transactions 651 // All transactions are treated as invalid despite completing 652 StCtrlDisabled: begin 653 op_req = op_start_i; 654 disabled = 1'b1; 655 656 if (!en_i || inv_state) begin -25- 657 state_d = StCtrlWipe; ==> 658 end MISSING_ELSE ==> 659 end 660 661 StCtrlInvalid: begin 662 invalid_op = op_start_i; ==> 663 invalid = 1'b1; 664 end 665 666 // latch the fault indication and start to wipe the key manager 667 default: begin 668 state_intg_err_d = 1'b1; ==>

Branches:
-1--2--3--4--5--6--7--8--9--10--11--12--13--14--15--16--17--18--19--20--21--22--23--24--25-StatusTests
StCtrlReset 1 - - - - - - - - - - - - - - - - - - - - - - - Covered T28,T10,T11
StCtrlReset 0 1 - - - - - - - - - - - - - - - - - - - - - - Covered T1,T2,T3
StCtrlReset 0 0 - - - - - - - - - - - - - - - - - - - - - - Covered T1,T2,T3
StCtrlEntropyReseed - - 1 - - - - - - - - - - - - - - - - - - - - - Covered T1,T2,T3
StCtrlEntropyReseed - - 0 - - - - - - - - - - - - - - - - - - - - - Covered T1,T2,T3
StCtrlRandom - - - 1 - - - - - - - - - - - - - - - - - - - - Unreachable T1,T2,T3
StCtrlRandom - - - 0 - - - - - - - - - - - - - - - - - - - - Covered T1,T2,T3
StCtrlRootKey - - - - 1 - - - - - - - - - - - - - - - - - - - Covered T1,T2,T3
StCtrlRootKey - - - - 0 - - - - - - - - - - - - - - - - - - - Covered T17,T35,T134
StCtrlInit - - - - - 1 - - - - - - - - - - - - - - - - - - Covered T1,T2,T3
StCtrlInit - - - - - 0 - - - - - - - - - - - - - - - - - - Covered T1,T2,T3
StCtrlInit - - - - - - 1 - - - - - - - - - - - - - - - - - Covered T34,T66,T6
StCtrlInit - - - - - - 0 1 - - - - - - - - - - - - - - - - Covered T18,T78,T66
StCtrlInit - - - - - - 0 0 1 - - - - - - - - - - - - - - - Covered T1,T2,T3
StCtrlInit - - - - - - 0 0 0 - - - - - - - - - - - - - - - Covered T1,T2,T3
StCtrlCreatorRootKey - - - - - - - - - 1 - - - - - - - - - - - - - - Covered T14,T15,T99
StCtrlCreatorRootKey - - - - - - - - - 0 1 - - - - - - - - - - - - - Covered T1,T2,T3
StCtrlCreatorRootKey - - - - - - - - - 0 0 - - - - - - - - - - - - - Covered T1,T2,T3
StCtrlCreatorRootKey - - - - - - - - - - - 1 - - - - - - - - - - - - Covered T15,T99,T135
StCtrlCreatorRootKey - - - - - - - - - - - 0 1 - - - - - - - - - - - Covered T14,T136,T137
StCtrlCreatorRootKey - - - - - - - - - - - 0 0 1 - - - - - - - - - - Covered T1,T2,T3
StCtrlCreatorRootKey - - - - - - - - - - - 0 0 0 - - - - - - - - - - Covered T1,T2,T3
StCtrlOwnerIntKey - - - - - - - - - - - - - - 1 - - - - - - - - - Covered T18,T68,T80
StCtrlOwnerIntKey - - - - - - - - - - - - - - 0 1 - - - - - - - - Covered T1,T2,T3
StCtrlOwnerIntKey - - - - - - - - - - - - - - 0 0 - - - - - - - - Covered T1,T2,T3
StCtrlOwnerIntKey - - - - - - - - - - - - - - - - 1 - - - - - - - Covered T68,T79,T138
StCtrlOwnerIntKey - - - - - - - - - - - - - - - - 0 1 - - - - - - Covered T18,T68,T80
StCtrlOwnerIntKey - - - - - - - - - - - - - - - - 0 0 1 - - - - - Covered T1,T2,T3
StCtrlOwnerIntKey - - - - - - - - - - - - - - - - 0 0 0 - - - - - Covered T1,T2,T3
StCtrlOwnerKey - - - - - - - - - - - - - - - - - - - 1 - - - - Covered T1,T2,T3
StCtrlOwnerKey - - - - - - - - - - - - - - - - - - - 0 - - - - Covered T1,T2,T3
StCtrlOwnerKey - - - - - - - - - - - - - - - - - - - - 1 - - - Covered T36,T69,T37
StCtrlOwnerKey - - - - - - - - - - - - - - - - - - - - 0 1 - - Covered T1,T2,T3
StCtrlOwnerKey - - - - - - - - - - - - - - - - - - - - 0 0 - - Covered T1,T2,T3
StCtrlWipe - - - - - - - - - - - - - - - - - - - - - - 1 - Covered T15,T17,T35
StCtrlWipe - - - - - - - - - - - - - - - - - - - - - - 0 - Covered T15,T99,T109
StCtrlDisabled - - - - - - - - - - - - - - - - - - - - - - - 1 Covered T38,T69,T109
StCtrlDisabled - - - - - - - - - - - - - - - - - - - - - - - 0 Covered T1,T2,T3
StCtrlInvalid - - - - - - - - - - - - - - - - - - - - - - - - Covered T15,T17,T35
default - - - - - - - - - - - - - - - - - - - - - - - - Covered T10,T11,T12


681 if (!rst_ni) begin -1- 682 last_working_st <= StReset; ==> 683 end else if (update_en) begin -2- 684 last_working_st <= working_state_o; ==> 685 end MISSING_ELSE ==>

Branches:
-1--2-StatusTests
1 - Covered T1,T2,T3
0 1 Covered T1,T2,T3
0 0 Covered T15,T17,T35


692 unique case (state_q) -1- 693 StCtrlReset, StCtrlEntropyReseed, StCtrlRandom: 694 working_state_o = StReset; ==> 695 696 StCtrlRootKey, StCtrlInit: 697 working_state_o = StInit; ==> 698 699 StCtrlCreatorRootKey: 700 working_state_o = StCreatorRootKey; ==> 701 702 StCtrlOwnerIntKey: 703 working_state_o = StOwnerIntKey; ==> 704 705 StCtrlOwnerKey: 706 working_state_o = StOwnerKey; ==> 707 708 StCtrlDisabled: 709 working_state_o = StDisabled; ==> 710 711 StCtrlWipe: begin 712 update_en = 1'b0; ==> 713 working_state_o = last_working_st; 714 end 715 716 StCtrlInvalid: 717 working_state_o = StInvalid; ==> 718 719 default: 720 working_state_o = StInvalid; ==>

Branches:
-1-StatusTests
StCtrlReset StCtrlEntropyReseed StCtrlRandom Covered T1,T2,T3
StCtrlRootKey StCtrlInit Covered T1,T2,T3
StCtrlCreatorRootKey Covered T1,T2,T3
StCtrlOwnerIntKey Covered T1,T2,T3
StCtrlOwnerKey Covered T1,T2,T3
StCtrlDisabled Covered T1,T2,T3
StCtrlWipe Covered T15,T17,T35
StCtrlInvalid Covered T15,T17,T35
default Covered T10,T11,T12


726 if (op_done_o) begin -1- 727 // It is possible for an operation to finish the same cycle en_i goes low. 728 // The main fsm handling is one cycle behind, but still report operation 729 // fail. 730 status_o = |{error_o, fault_o} ? OpDoneFail : OpDoneSuccess; -2- ==> ==> 731 end else if (op_start_i) begin -3- 732 status_o = OpWip; ==> 733 end MISSING_ELSE ==>

Branches:
-1--2--3-StatusTests
1 1 - Covered T1,T2,T3
1 0 - Covered T1,T2,T3
0 - 1 Covered T1,T2,T3
0 - 0 Covered T1,T2,T3


808 if (!rst_ni) begin -1- 809 vld_state_change_q <= '0; ==> 810 end else begin 811 vld_state_change_q <= vld_state_change_d; ==>

Branches:
-1-StatusTests
1 Covered T1,T2,T3
0 Covered T1,T2,T3


907 `ASSERT_FPV_LINEAR_FSM(SecCmCFILinear_A, state_q, state_e) -1- ==> ==>

Branches:
-1-StatusTests
1 Covered T1,T2,T3
0 Covered T1,T2,T3


Assert Coverage for Module : keymgr_ctrl
TotalAttemptedPercentSucceeded/MatchedPercent
Assertions 11 11 100.00 11 100.00
Cover properties 0 0 0
Cover sequences 0 0 0
Total 11 11 100.00 11 100.00




Assertion Details

NameAttemptsReal SuccessesFailuresIncomplete
CntZero_A 17625423 28564 0 0
DataEnDis_A 17381030 27917 0 0
DataEn_A 17381030 4262858 0 0
GeneralLegalCommands_A 18148070 19622 0 0
InitLegalCommands_A 18148070 891797 0 0
LoadKey_A 18035947 11675341 0 0
OwnerLegalCommands_A 18148070 890647 0 0
SameErrCnt_A 880 880 0 0
SecCmCFILinear_A 18148070 6563 0 4783
StageDisableSel_A 18148070 709483 0 0
u_state_regs_A 18148070 17976056 0 0


CntZero_A
NameAttemptsReal SuccessesFailuresIncomplete
Total 17625423 28564 0 0
T1 2958 17 0 0
T2 6298 26 0 0
T3 16693 16 0 0
T4 3983 16 0 0
T5 14313 33 0 0
T13 22924 39 0 0
T14 9766 12 0 0
T15 7284 21 0 0
T16 10424 28 0 0
T17 8989 41 0 0

DataEnDis_A
NameAttemptsReal SuccessesFailuresIncomplete
Total 17381030 27917 0 0
T1 2958 17 0 0
T2 6298 26 0 0
T3 16693 16 0 0
T4 3983 16 0 0
T5 14313 33 0 0
T13 22924 39 0 0
T14 9766 12 0 0
T15 7284 21 0 0
T16 10424 28 0 0
T17 8989 41 0 0

DataEn_A
NameAttemptsReal SuccessesFailuresIncomplete
Total 17381030 4262858 0 0
T1 2958 573 0 0
T2 6298 911 0 0
T3 16693 3474 0 0
T4 3983 112 0 0
T5 14313 2773 0 0
T13 22924 9687 0 0
T14 9766 2607 0 0
T15 7284 2700 0 0
T16 10424 217 0 0
T17 8989 0 0 0
T33 0 39051 0 0

GeneralLegalCommands_A
NameAttemptsReal SuccessesFailuresIncomplete
Total 18148070 19622 0 0
T7 0 42 0 0
T14 9766 873 0 0
T15 7284 0 0 0
T16 10424 0 0 0
T17 8989 0 0 0
T28 3069 0 0 0
T33 129678 0 0 0
T34 3341 0 0 0
T35 6222 0 0 0
T44 24695 0 0 0
T111 0 42 0 0
T125 4172 0 0 0
T136 0 42 0 0
T147 0 42 0 0
T153 0 1383 0 0
T154 0 153 0 0
T155 0 42 0 0
T156 0 42 0 0
T157 0 158 0 0

InitLegalCommands_A
NameAttemptsReal SuccessesFailuresIncomplete
Total 18148070 891797 0 0
T1 2958 74 0 0
T2 6298 90 0 0
T3 16693 344 0 0
T4 3983 16 0 0
T5 14313 397 0 0
T13 22924 1357 0 0
T14 9766 825 0 0
T15 7284 1194 0 0
T16 10424 32 0 0
T17 8989 0 0 0
T33 0 5043 0 0

LoadKey_A
NameAttemptsReal SuccessesFailuresIncomplete
Total 18035947 11675341 0 0
T1 2958 1505 0 0
T2 6298 4355 0 0
T3 16693 12307 0 0
T4 3983 422 0 0
T5 14313 5041 0 0
T13 22924 19292 0 0
T14 9766 5214 0 0
T15 7284 4337 0 0
T16 10424 551 0 0
T17 8989 0 0 0
T33 0 127900 0 0

OwnerLegalCommands_A
NameAttemptsReal SuccessesFailuresIncomplete
Total 18148070 890647 0 0
T1 2958 89 0 0
T2 6298 508 0 0
T3 16693 1047 0 0
T4 3983 42 0 0
T5 14313 323 0 0
T13 22924 1349 0 0
T14 9766 0 0 0
T15 7284 0 0 0
T16 10424 42 0 0
T17 8989 0 0 0
T18 0 660 0 0
T33 0 11452 0 0
T44 0 1803 0 0

SameErrCnt_A
NameAttemptsReal SuccessesFailuresIncomplete
Total 880 880 0 0
T1 1 1 0 0
T2 1 1 0 0
T3 1 1 0 0
T4 1 1 0 0
T5 1 1 0 0
T13 1 1 0 0
T14 1 1 0 0
T15 1 1 0 0
T16 1 1 0 0
T17 1 1 0 0

SecCmCFILinear_A
NameAttemptsReal SuccessesFailuresIncomplete
Total 18148070 6563 0 4783
T10 19623 190 0 0
T18 33579 55 0 0
T28 3069 2 0 0
T34 3341 6 0 0
T35 6222 5 0 0
T36 0 9 0 0
T38 0 10 0 0
T44 24695 8 0 8
T48 0 5 0 0
T63 1276 0 0 0
T69 0 27 0 0
T72 23091 0 0 8
T73 4545 0 0 8
T74 0 0 0 8
T75 0 0 0 8
T76 0 0 0 8
T77 0 0 0 8
T78 0 0 0 5
T84 0 0 0 8
T125 4172 0 0 5

StageDisableSel_A
NameAttemptsReal SuccessesFailuresIncomplete
Total 18148070 709483 0 0
T1 2958 17 0 0
T2 6298 19 0 0
T3 16693 48 0 0
T4 3983 147 0 0
T5 14313 38 0 0
T13 22924 80 0 0
T14 9766 66 0 0
T15 7284 2078 0 0
T16 10424 1065 0 0
T17 8989 149 0 0

u_state_regs_A
NameAttemptsReal SuccessesFailuresIncomplete
Total 18148070 17976056 0 0
T1 2958 2872 0 0
T2 6298 6244 0 0
T3 16693 16627 0 0
T4 3983 3916 0 0
T5 14313 14240 0 0
T13 22924 22829 0 0
T14 9766 9669 0 0
T15 7284 7213 0 0
T16 10424 10338 0 0
T17 8989 8890 0 0

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%