Line Coverage for Module : keymgr_ctrl
Cond Coverage for Module : keymgr_ctrl
FSM Coverage for Module : keymgr_ctrl
State, Transition and Sequence Details for FSM :: state_q
Branch Coverage for Module : keymgr_ctrl
Branches:
Branches:
Branches:
Branches:
Branches:
Branches:
Branches:
Branches:
Branches:
Branches:
Branches:
Branches:
Branches:
Branches:
Branches:
Branches:
Branches:
Branches:
Branches:
Assert Coverage for Module : keymgr_ctrl
Assertion Details
CntZero_A
DataEnDis_A
DataEn_A
GeneralLegalCommands_A
InitLegalCommands_A
LoadKey_A
OwnerLegalCommands_A
SameErrCnt_A
SecCmCFILinear_A
StageDisableSel_A
u_state_regs_A
| Line No. | Total | Covered | Percent | |
|---|---|---|---|---|
| TOTAL | 194 | 194 | 100.00 | |
| CONT_ASSIGN | 150 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 151 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 152 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 153 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 155 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 165 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 166 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 169 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 185 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 186 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 187 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 188 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 202 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 207 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 213 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 215 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 230 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 243 | 1 | 1 | 100.00 |
| ALWAYS | 248 | 3 | 3 | 100.00 |
| CONT_ASSIGN | 255 | 1 | 1 | 100.00 |
| ALWAYS | 261 | 3 | 3 | 100.00 |
| ALWAYS | 264 | 3 | 3 | 100.00 |
| CONT_ASSIGN | 275 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 277 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 281 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 281 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 288 | 1 | 1 | 100.00 |
| ALWAYS | 290 | 7 | 7 | 100.00 |
| CONT_ASSIGN | 316 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 316 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 316 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 316 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 316 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 316 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 316 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 316 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 316 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 316 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 316 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 316 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 316 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 316 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 316 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 316 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 323 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 346 | 1 | 1 | 100.00 |
| ALWAYS | 349 | 21 | 21 | 100.00 |
| CONT_ASSIGN | 433 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 444 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 445 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 451 | 1 | 1 | 100.00 |
| ALWAYS | 455 | 79 | 79 | 100.00 |
| ALWAYS | 681 | 4 | 4 | 100.00 |
| ALWAYS | 689 | 12 | 12 | 100.00 |
| ALWAYS | 725 | 5 | 5 | 100.00 |
| CONT_ASSIGN | 763 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 769 | 1 | 1 | 100.00 |
| CONT_ASSIGN | 800 | 1 | 1 | 100.00 |
| ALWAYS | 808 | 3 | 3 | 100.00 |
| CONT_ASSIGN | 818 | 1 | 1 | 100.00 |
| ROUTINE | 865 | 1 | 1 | 100.00 |
| ALWAYS | 907 | 3 | 3 | 100.00 |
149 logic adv_op, dis_op, gen_id_op, gen_sw_op, gen_hw_op, gen_op; 150 1/1 assign adv_op = (op_i == OpAdvance); Tests: T1 T2 T3 151 1/1 assign gen_id_op = (op_i == OpGenId); Tests: T1 T2 T3 152 1/1 assign gen_sw_op = (op_i == OpGenSwOut); Tests: T1 T2 T3 153 1/1 assign gen_hw_op = (op_i == OpGenHwOut); Tests: T1 T2 T3 154 assign dis_op = ~(op_i inside {OpAdvance, OpGenId, OpGenSwOut, OpGenHwOut}); 155 1/1 assign gen_op = (gen_id_op | gen_sw_op | gen_hw_op); Tests: T1 T2 T3 156 157 /////////////////////////// 158 // interaction between software and main fsm 159 /////////////////////////// 160 // disable is treated like an advanced call 161 logic advance_sel; 162 logic disable_sel; 163 logic gen_out_hw_sel; 164 165 1/1 assign advance_sel = op_start_i & adv_op & en_i; Tests: T1 T2 T3 166 1/1 assign gen_out_hw_sel = op_start_i & gen_hw_op & en_i; Tests: T1 T2 T3 167 168 // disable is selected whenever a normal operation is not set 169 1/1 assign disable_sel = (op_start_i & dis_op) | !en_i; Tests: T1 T2 T3 170 171 172 /////////////////////////// 173 // interaction between main control fsm and operation fsm 174 /////////////////////////// 175 176 // req/ack interface with op handling fsm 177 logic op_req; 178 logic op_ack; 179 logic op_update; 180 logic op_busy; 181 logic disabled; 182 logic invalid; 183 184 logic adv_req, dis_req, id_req, gen_req; 185 1/1 assign adv_req = op_req & adv_op; Tests: T1 T2 T3 186 1/1 assign dis_req = op_req & dis_op; Tests: T1 T2 T3 187 1/1 assign id_req = op_req & gen_id_op; Tests: T1 T2 T3 188 1/1 assign gen_req = op_req & (gen_sw_op | gen_hw_op); Tests: T1 T2 T3 189 190 /////////////////////////// 191 // interaction between operation fsm and software 192 /////////////////////////// 193 // categories of keymgr errors 194 logic [SyncErrLastIdx-1:0] sync_err; 195 logic [SyncFaultLastIdx-1:0] sync_fault; 196 logic [AsyncFaultLastIdx-1:0] async_fault; 197 198 logic op_err; 199 logic op_fault_err; 200 201 // unlock sw binding configuration whenever an advance call is made without errors 202 1/1 assign sw_binding_unlock_o = adv_req & op_ack & ~(op_err | op_fault_err); Tests: T1 T2 T3 203 204 // error definition 205 // check incoming kmac data validity 206 // Only check during the periods when there is actual kmac output 207 1/1 assign invalid_kmac_out = (op_update | op_ack) & Tests: T1 T2 T3 208 (~valid_data_chk(kmac_data_i[0]) | 209 (~valid_data_chk(kmac_data_i[1]) & KmacEnMasking)); 210 211 // async errors have nothing to do with the operation and thus should not 212 // impact operation results. 213 1/1 assign op_err = |sync_err; Tests: T1 T2 T3 214 215 1/1 assign op_fault_err = |{sync_fault, async_fault}; Tests: T1 T2 T3 216 217 /////////////////////////// 218 // key update controls 219 /////////////////////////// 220 221 // update select can come from both main and operation fsm's 222 keymgr_key_update_e update_sel, op_update_sel; 223 224 // req from main control fsm to key update controls 225 logic wipe_req; 226 logic random_req; 227 logic random_ack; 228 229 // wipe and initialize take precedence 230 1/1 assign update_sel = wipe_req ? KeyUpdateWipe : Tests: T1 T2 T3 231 random_req ? KeyUpdateRandom : 232 init_o ? KeyUpdateRoot : op_update_sel; 233 234 /////////////////////////// 235 // interaction between main fsm and prng 236 /////////////////////////// 237 238 // Upon entering StCtrlDisabled or StCtrlInvalid, the PRNG is kept advancing until it has been 239 // reseeded twice (through the reseeding mechansism inside keymgr_reseed_ctrl.sv). 240 logic [1:0] prng_en_dis_inv_d, prng_en_dis_inv_q; 241 logic prng_en_dis_inv_set; 242 243 1/1 assign prng_en_dis_inv_d = Tests: T1 T2 T3 244 prng_en_dis_inv_set ? 2'b11 : 245 prng_reseed_done_i ? {1'b0, prng_en_dis_inv_q[1]} : prng_en_dis_inv_q; 246 247 always_ff @(posedge clk_i or negedge rst_ni) begin 248 1/1 if (!rst_ni) begin Tests: T1 T2 T3 249 1/1 prng_en_dis_inv_q <= '0; Tests: T1 T2 T3 250 end else begin 251 1/1 prng_en_dis_inv_q <= prng_en_dis_inv_d; Tests: T1 T2 T3 252 end 253 end 254 255 1/1 assign prng_en_o = random_req | wipe_req | prng_en_dis_inv_q[0]; Tests: T1 T2 T3 256 257 ////////////////////////// 258 // Main Control FSM 259 ////////////////////////// 260 // SEC_CM: CTRL.FSM.SPARSE261 3/3 `PRIM_FLOP_SPARSE_FSM(u_state_regs, state_d, state_q, state_e, StCtrlReset) Tests: T1 T2 T3 | T1 T2 T3 | T1 T2 T3
PRIM_FLOP_SPARSE_FSM(u_state_regs, state_d, state_q, state_e, StCtrlReset): 261.1 `ifdef SIMULATION 261.2 prim_sparse_fsm_flop #( 261.3 .StateEnumT(state_e), 261.4 .Width($bits(state_e)), 261.5 .ResetValue($bits(state_e)'(StCtrlReset)), 261.6 .EnableAlertTriggerSVA(1), 261.7 .CustomForceName("state_q") 261.8 ) u_state_regs ( 261.9 .clk_i ( clk_i ), 261.10 .rst_ni ( rst_ni ), 261.11 .state_i ( state_d ), 261.12 .state_o ( ) 261.13 ); 261.14 always_ff @(posedge clk_i or negedge rst_ni) begin 261.15 1/1 if (!rst_ni) begin Tests: T1 T2 T3 261.16 1/1 state_q <= StCtrlReset; Tests: T1 T2 T3 261.17 end else begin 261.18 1/1 state_q <= state_d; Tests: T1 T2 T3 261.19 end 261.20 end 261.21 u_state_regs_A: assert property (@(posedge clk_i) disable iff ((!rst_ni) !== '0) (state_q === u_state_regs.state_o)) 261.22 else begin 261.23 `ifdef UVM 261.24 uvm_pkg::uvm_report_error("ASSERT FAILED", "u_state_regs_A", uvm_pkg::UVM_NONE, 261.25 "../src/lowrisc_ip_keymgr_0.1/rtl/keymgr_ctrl.sv", 261, "", 1); 261.26 `else 261.27 $error("%0t: (%0s:%0d) [%m] [ASSERT FAILED] %0s", $time, `__FILE__, `__LINE__, 261.28 `PRIM_STRINGIFY(u_state_regs_A)); 261.29 `endif 261.30 end 261.31 `else 261.32 prim_sparse_fsm_flop #( 261.33 .StateEnumT(state_e), 261.34 .Width($bits(state_e)), 261.35 .ResetValue($bits(state_e)'(StCtrlReset)), 261.36 .EnableAlertTriggerSVA(1) 261.37 ) u_state_regs ( 261.38 .clk_i ( `PRIM_FLOP_CLK ), 261.39 .rst_ni ( `PRIM_FLOP_RST ), 261.40 .state_i ( state_d ), 261.41 .state_o ( state_q ) 261.42 ); 261.43 `endif262 263 always_ff @(posedge clk_i or negedge rst_ni) begin 264 1/1 if (!rst_ni) begin Tests: T1 T2 T3 265 1/1 state_intg_err_q <= '0; Tests: T1 T2 T3 266 end else begin 267 1/1 state_intg_err_q <= state_intg_err_d; Tests: T1 T2 T3 268 end 269 end 270 271 // prevents unknowns from reaching the outside world. 272 // - whatever operation causes the input data select to be disabled should not expose the key 273 // state. 274 // - when there are no operations, the key state also should be exposed. 275 1/1 assign key_o.valid = op_req; Tests: T1 T2 T3 276 277 1/1 assign cdi_sel_o = advance_sel ? cdi_cnt : op_cdi_sel_i; Tests: T1 T2 T3 278 279 assign invalid_stage_sel_o = ~(stage_sel_o inside {Creator, OwnerInt, Owner}); 280 for (genvar i = 0; i < Shares; i++) begin : gen_key_out_assign 281 2/2 assign key_o.key[i] = invalid_stage_sel_o ? Tests: T1 T2 T3 | T1 T2 T3 282 {EntropyRounds{entropy_i[i]}} : 283 key_state_q[cdi_sel_o][i]; 284 end 285 286 287 //SEC_CM: CTRL.KEY.INTEGRITY 288 1/1 assign key_state_ecc_words_d = key_state_d; Tests: T1 T2 T3 289 always_ff @(posedge clk_i or negedge rst_ni) begin 290 1/1 if (!rst_ni) begin Tests: T1 T2 T3 291 1/1 key_state_q <= '0; Tests: T1 T2 T3 292 1/1 key_state_ecc_q <= {TotalEccWords{prim_secded_pkg::SecdedInv7264ZeroEcc}}; Tests: T1 T2 T3 293 end else begin 294 1/1 for (int i = 0; i < CDIs; i++) begin Tests: T1 T2 T3 295 1/1 for (int j = 0; j < Shares; j++) begin Tests: T1 T2 T3 296 1/1 for (int k = 0; k < EccWords; k++) begin Tests: T1 T2 T3 297 1/1 {key_state_ecc_q[i][j][k], key_state_q[i][j][k]} <= Tests: T1 T2 T3 298 prim_secded_pkg::prim_secded_inv_72_64_enc(key_state_ecc_words_d[i][j][k]); 299 end 300 end 301 end 302 end 303 end 304 305 logic [CDIs-1:0][Shares-1:0][EccWords-1:0] ecc_errs; 306 for (genvar i = 0; i < CDIs; i++) begin : gen_ecc_loop_cdi 307 for (genvar j = 0; j < Shares; j++) begin : gen_ecc_loop_shares 308 for (genvar k = 0; k < EccWords; k++) begin : gen_ecc_loop_words 309 logic [1:0] errs; 310 prim_secded_inv_72_64_dec u_dec ( 311 .data_i({key_state_ecc_q[i][j][k], key_state_q[i][j][k]}), 312 .data_o(), 313 .syndrome_o(), 314 .err_o(errs) 315 ); 316 16/16 assign ecc_errs[i][j][k] = |errs; Tests: T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 | T1 T2 T3 317 end 318 end 319 end 320 321 // These are consumed one level above in keymgr.sv 322 logic unused_otp_sigs; 323 1/1 assign unused_otp_sigs = ^{root_key_i.creator_seed, Tests: T1 T2 T3 324 root_key_i.creator_seed_valid, 325 root_key_i.owner_seed, 326 root_key_i.owner_seed_valid}; 327 328 // root key valid sync 329 logic root_key_valid_q; 330 331 prim_flop_2sync # ( 332 .Width(1) 333 ) u_key_valid_sync ( 334 .clk_i, 335 .rst_ni, 336 // Both valid signals are flopped in OTP_CTRL, and they only ever transition from 0 -> 1. 337 // It is hence ok to AND them here before the synchronizer, since we don't expect this 338 // to create glitches. 339 .d_i(root_key_i.creator_root_key_share0_valid && 340 root_key_i.creator_root_key_share1_valid), 341 .q_o(root_key_valid_q) 342 ); 343 344 // Do not let the count toggle unless an advance operation is 345 // selected 346 1/1 assign cdi_cnt = op_req ? cnt[CdiWidth-1:0] : '0; Tests: T1 T2 T3 347 348 always_comb begin 349 1/1 key_state_d = key_state_q; Tests: T1 T2 T3 350 1/1 data_valid_o = 1'b0; Tests: T1 T2 T3 351 1/1 wipe_key_o = 1'b0; Tests: T1 T2 T3 352 353 // if a wipe request arrives, immediately destroy the 354 // keys regardless of current state 355 1/1 unique case (update_sel) Tests: T1 T2 T3 356 KeyUpdateRandom: begin 357 1/1 for (int i = 0; i < CDIs; i++) begin Tests: T1 T2 T3 358 1/1 for (int j = 0; j < Shares; j++) begin Tests: T1 T2 T3 359 // Load each share with the same randomness so we can 360 // later simply XOR root key on them 361 1/1 key_state_d[i][j][cnt[EntropyRndWidth-1:0]] = entropy_i[i]; Tests: T1 T2 T3 362 end 363 end 364 end 365 366 KeyUpdateRoot: begin 367 1/1 if (root_key_valid_q) begin Tests: T1 T2 T3 368 1/1 for (int i = 0; i < CDIs; i++) begin Tests: T1 T2 T3 369 1/1 if (KmacEnMasking) begin : gen_two_share_key Tests: T1 T2 T3 370 1/1 key_state_d[i][0] ^= root_key_i.creator_root_key_share0; Tests: T1 T2 T3 371 1/1 key_state_d[i][1] ^= root_key_i.creator_root_key_share1; Tests: T1 T2 T3 372 end else begin : gen_one_share_key 373 unreachable key_state_d[i][0] = root_key_i.creator_root_key_share0 ^ 374 root_key_i.creator_root_key_share1; 375 unreachable key_state_d[i][1] = '0; 376 end 377 end 378 end else begin 379 // if root key is not valid, load and invalid value 380 1/1 for (int i = 0; i < CDIs; i++) begin Tests: T14 T38 T114 381 1/1 key_state_d[i][0] = '0; Tests: T14 T38 T114 382 1/1 key_state_d[i][1] = '{default: '1}; Tests: T14 T38 T114 383 end 384 end 385 end 386 387 KeyUpdateKmac: begin 388 1/1 data_valid_o = gen_op; Tests: T1 T2 T3 389 1/1 key_state_d[cdi_sel_o] = (adv_op || dis_op) ? kmac_data_i : key_state_q[cdi_sel_o]; Tests: T1 T2 T3 390 end 391 392 KeyUpdateWipe: begin 393 1/1 wipe_key_o = 1'b1; Tests: T14 T15 T37 394 1/1 for (int i = 0; i < CDIs; i++) begin Tests: T14 T15 T37 395 1/1 for (int j = 0; j < Shares; j++) begin Tests: T14 T15 T37 396 1/1 key_state_d[i][j] = {EntropyRounds{entropy_i[j]}}; Tests: T14 T15 T37 397 end 398 end 399 end 400 401 default:; 402 endcase // unique case (update_sel) 403 end 404 405 // SEC_CM: CTRL.CTR.REDUN 406 prim_count #( 407 .Width(CntWidth) 408 ) u_cnt ( 409 .clk_i, 410 .rst_ni, 411 .clr_i(op_ack | random_ack), 412 .set_i('0), 413 .set_cnt_i('0), 414 .incr_en_i(op_update | random_req), 415 .decr_en_i(1'b0), 416 .step_i(CntWidth'(1'b1)), 417 .commit_i(1'b1), 418 .cnt_o(cnt), 419 .cnt_after_commit_o(), 420 .err_o(cnt_err) 421 ); 422 423 424 prim_mubi4_sender u_hw_sel ( 425 .clk_i, 426 .rst_ni, 427 .mubi_i (prim_mubi_pkg::mubi4_bool_to_mubi(gen_out_hw_sel)), 428 .mubi_o (hw_sel_o) 429 ); 430 431 // when in a state that accepts commands, look at op_ack for completion 432 // when in a state that does not accept commands, wait for other triggers. 433 1/1 assign op_done_o = op_req ? op_ack : Tests: T1 T2 T3 434 (init_o | invalid_op); 435 436 437 // There are 3 possibilities 438 // advance to next state (software command) 439 // advance to disabled state (software command) 440 // advance to invalid state (detected fault) 441 logic adv_state; 442 logic dis_state; 443 logic inv_state; 444 1/1 assign adv_state = op_ack & adv_req & ~op_err; Tests: T1 T2 T3 445 1/1 assign dis_state = op_ack & dis_req; Tests: T1 T2 T3 446 447 // SEC_CM: CTRL.FSM.LOCAL_ESC 448 // begin invalidation when faults are observed. 449 // sync faults only invalidate on transaction boudaries 450 // async faults begin invalidating immediately 451 1/1 assign inv_state = |fault_o; Tests: T1 T2 T3 452 453 always_comb begin 454 // persistent data 455 1/1 state_d = state_q; Tests: T1 T2 T3 456 457 // request to op handling 458 1/1 op_req = 1'b0; Tests: T1 T2 T3 459 1/1 random_req = 1'b0; Tests: T1 T2 T3 460 1/1 random_ack = 1'b0; Tests: T1 T2 T3 461 462 // request to key updates 463 1/1 wipe_req = 1'b0; Tests: T1 T2 T3 464 465 // invalid operation issued 466 1/1 invalid_op = '0; Tests: T1 T2 T3 467 468 // data update and select signals 469 1/1 stage_sel_o = Disable; Tests: T1 T2 T3 470 471 // indication that state is disabled 472 1/1 disabled = 1'b0; Tests: T1 T2 T3 473 474 // indication that state is invalid 475 1/1 invalid = 1'b0; Tests: T1 T2 T3 476 477 // Don't request final PRNG updating and reseeding. 478 1/1 prng_en_dis_inv_set = 1'b0; Tests: T1 T2 T3 479 480 // Request PRNG reseeding. 481 1/1 prng_reseed_req_o = 1'b0; Tests: T1 T2 T3 482 483 // initialization complete 484 1/1 init_o = 1'b0; Tests: T1 T2 T3 485 486 // Most states are initialized, mark the exceptions 487 1/1 initialized = 1'b1; Tests: T1 T2 T3 488 489 // if state is ever faulted, hold on to this indication 490 // until reset. 491 1/1 state_intg_err_d = state_intg_err_q; Tests: T1 T2 T3 492 493 1/1 unique case (state_q) Tests: T1 T2 T3 494 // Only advance can be called from reset state 495 StCtrlReset: begin 496 1/1 initialized = 1'b0; Tests: T1 T2 T3 497 498 // always use random data for advance, since out of reset state 499 // the key state will be randomized. 500 1/1 stage_sel_o = Disable; Tests: T1 T2 T3 501 502 // key state is updated when it is an advance call 503 // all other operations are invalid, including disable 504 1/1 invalid_op = op_start_i & ~advance_sel; Tests: T1 T2 T3 505 506 // if there was a structural fault before anything began, wipe immediately 507 1/1 if (inv_state) begin Tests: T1 T2 T3 508 1/1 state_d = StCtrlWipe; Tests: T10 T11 T12 509 1/1 end else if (advance_sel) begin Tests: T1 T2 T3 510 1/1 state_d = StCtrlEntropyReseed; Tests: T1 T2 T3 511 end MISSING_ELSE 512 end 513 514 // reseed entropy 515 StCtrlEntropyReseed: begin 516 1/1 initialized = 1'b0; Tests: T1 T2 T3 517 1/1 prng_reseed_req_o = 1'b1; Tests: T1 T2 T3 518 519 1/1 if (prng_reseed_ack_i) begin Tests: T1 T2 T3 520 1/1 state_d = StCtrlRandom; Tests: T1 T2 T3 521 end MISSING_ELSE 522 end 523 524 // This state does not accept any command. 525 StCtrlRandom: begin 526 1/1 initialized = 1'b0; Tests: T1 T2 T3 527 1/1 random_req = 1'b1; Tests: T1 T2 T3 528 529 // when mask population is complete, xor the root_key into the zero share 530 // if in the future the root key is updated to 2 shares, it will direclty overwrite 531 // the values here 532 1/1 if (int'(cnt) == EntropyRounds-1) begin Tests: T1 T2 T3 533 unreachable random_ack = 1'b1; 534 unreachable state_d = StCtrlRootKey; 535 end MISSING_ELSE 536 end 537 538 // load the root key. 539 StCtrlRootKey: begin 540 1/1 init_o = 1'b1; Tests: T1 T2 T3 541 1/1 initialized = 1'b1; Tests: T1 T2 T3 542 1/1 state_d = (en_i && root_key_valid_q) ? StCtrlInit : StCtrlWipe; Tests: T1 T2 T3 543 end 544 545 // Beginning from the Init state, operations are accepted. 546 // Only valid operation is advance state. If invalid command received, 547 // random data is selected for operation and no persistent state is changed. 548 StCtrlInit: begin 549 1/1 op_req = op_start_i; Tests: T1 T2 T3 550 551 // when advancing select creator data, otherwise use random input 552 1/1 stage_sel_o = advance_sel ? Creator : Disable; Tests: T1 T2 T3 553 1/1 invalid_op = op_start_i & ~(advance_sel | disable_sel); Tests: T1 T2 T3 554 555 1/1 if (!en_i || inv_state) begin Tests: T1 T2 T3 556 1/1 state_d = StCtrlWipe; Tests: T74 T40 T28 557 1/1 end else if (dis_state) begin Tests: T1 T2 T3 558 1/1 state_d = StCtrlDisabled; Tests: T4 T126 T48 559 1/1 prng_en_dis_inv_set = 1'b1; Tests: T4 T126 T48 560 1/1 end else if (adv_state) begin Tests: T1 T2 T3 561 1/1 state_d = StCtrlCreatorRootKey; Tests: T1 T2 T3 562 end MISSING_ELSE 563 end 564 565 // all commands are valid during this stage 566 StCtrlCreatorRootKey: begin 567 1/1 op_req = op_start_i; Tests: T1 T2 T3 568 569 // when generating, select creator data input 570 // when advancing, select owner intermediate key as target 571 // when disabling, select random data input 572 1/1 stage_sel_o = disable_sel ? Disable : Tests: T1 T2 T3 573 advance_sel ? OwnerInt : Creator; 574 575 1/1 if (!en_i || inv_state) begin Tests: T1 T2 T3 576 1/1 state_d = StCtrlWipe; Tests: T39 T5 T92 577 1/1 end else if (dis_state) begin Tests: T1 T2 T3 578 1/1 state_d = StCtrlDisabled; Tests: T116 T48 T60 579 1/1 prng_en_dis_inv_set = 1'b1; Tests: T116 T48 T60 580 1/1 end else if (adv_state) begin Tests: T1 T2 T3 581 1/1 state_d = StCtrlOwnerIntKey; Tests: T1 T2 T3 582 end MISSING_ELSE 583 end 584 585 // all commands are valid during this stage 586 StCtrlOwnerIntKey: begin 587 1/1 op_req = op_start_i; Tests: T1 T2 T3 588 589 // when generating, select owner intermediate data input 590 // when advancing, select owner as target 591 // when disabling, select random data input 592 1/1 stage_sel_o = disable_sel ? Disable : Tests: T1 T2 T3 593 advance_sel ? Owner : OwnerInt; 594 595 1/1 if (!en_i || inv_state) begin Tests: T1 T2 T3 596 1/1 state_d = StCtrlWipe; Tests: T37 T41 T45 597 1/1 end else if (dis_state) begin Tests: T1 T2 T3 598 1/1 state_d = StCtrlDisabled; Tests: T127 T50 T128 599 1/1 prng_en_dis_inv_set = 1'b1; Tests: T127 T50 T128 600 1/1 end else if (adv_state) begin Tests: T1 T2 T3 601 1/1 state_d = StCtrlOwnerKey; Tests: T1 T2 T3 602 end MISSING_ELSE 603 end 604 605 // all commands are valid during this stage 606 // however advance goes directly to disabled state 607 StCtrlOwnerKey: begin 608 1/1 op_req = op_start_i; Tests: T1 T2 T3 609 610 // when generating, select owner data input 611 // when advancing, select disable as target 612 // when disabling, select random data input 613 1/1 stage_sel_o = disable_sel | advance_sel ? Disable : Owner; Tests: T1 T2 T3 614 615 1/1 if (!en_i || inv_state) begin Tests: T1 T2 T3 616 1/1 state_d = StCtrlWipe; Tests: T68 T60 T30 617 1/1 end else if (adv_state || dis_state) begin Tests: T1 T2 T3 618 1/1 state_d = StCtrlDisabled; Tests: T1 T2 T3 619 1/1 prng_en_dis_inv_set = 1'b1; Tests: T1 T2 T3 620 end MISSING_ELSE 621 end 622 623 // The wipe state immediately clears out the key state, but waits for any ongoing 624 // transaction to finish before going to disabled state. 625 // Unlike the random state, this is an immedaite shutdown request, so all parts of the 626 // key are wiped. 627 StCtrlWipe: begin 628 1/1 wipe_req = 1'b1; Tests: T14 T15 T37 629 // if there was already an operation ongoing, maintain the request until completion 630 1/1 op_req = op_busy; Tests: T14 T15 T37 631 1/1 invalid_op = op_start_i; Tests: T14 T15 T37 632 633 // If the enable is dropped during the middle of a transaction, we clear and wait for that 634 // transaction to gracefully complete (if it can). 635 // There are two scenarios: 636 // 1. the operation completed right when we started wiping, in which case the done would 637 // clear the start. 638 // 2. the operation completed before we started wiping, or there was never an operation to 639 // begin with (op_start_i == 0), in this case, don't wait and immediately transition 640 1/1 if (!op_start_i) begin Tests: T14 T15 T37 641 1/1 state_d = StCtrlInvalid; Tests: T14 T15 T37 642 1/1 prng_en_dis_inv_set = 1'b1; Tests: T14 T15 T37 643 end MISSING_ELSE 644 end 645 646 // StCtrlDisabled and StCtrlInvalid are almost functionally equivalent 647 // The only difference is that Disabled is entered through software invocation, 648 // while Invalid is entered through life cycle disable or operational fault. 649 // 650 // Both states continue to kick off random transactions 651 // All transactions are treated as invalid despite completing 652 StCtrlDisabled: begin 653 1/1 op_req = op_start_i; Tests: T1 T2 T3 654 1/1 disabled = 1'b1; Tests: T1 T2 T3 655 656 1/1 if (!en_i || inv_state) begin Tests: T1 T2 T3 657 1/1 state_d = StCtrlWipe; Tests: T15 T48 T60 658 end MISSING_ELSE 659 end 660 661 StCtrlInvalid: begin 662 1/1 invalid_op = op_start_i; Tests: T14 T15 T37 663 1/1 invalid = 1'b1; Tests: T14 T15 T37 664 end 665 666 // latch the fault indication and start to wipe the key manager 667 default: begin 668 state_intg_err_d = 1'b1; 669 state_d = StCtrlWipe; 670 end 671 672 endcase // unique case (state_q) 673 end // always_comb 674 675 // Current working state provided for software read 676 // Certain states are collapsed for simplicity 677 keymgr_working_state_e last_working_st; 678 logic update_en; 679 680 always_ff @(posedge clk_i or negedge rst_ni) begin 681 1/1 if (!rst_ni) begin Tests: T1 T2 T3 682 1/1 last_working_st <= StReset; Tests: T1 T2 T3 683 1/1 end else if (update_en) begin Tests: T1 T2 T3 684 1/1 last_working_st <= working_state_o; Tests: T1 T2 T3 685 end MISSING_ELSE 686 end 687 688 always_comb begin 689 1/1 update_en = 1'b1; Tests: T1 T2 T3 690 1/1 working_state_o = StInvalid; Tests: T1 T2 T3 691 692 1/1 unique case (state_q) Tests: T1 T2 T3 693 StCtrlReset, StCtrlEntropyReseed, StCtrlRandom: 694 1/1 working_state_o = StReset; Tests: T1 T2 T3 695 696 StCtrlRootKey, StCtrlInit: 697 1/1 working_state_o = StInit; Tests: T1 T2 T3 698 699 StCtrlCreatorRootKey: 700 1/1 working_state_o = StCreatorRootKey; Tests: T1 T2 T3 701 702 StCtrlOwnerIntKey: 703 1/1 working_state_o = StOwnerIntKey; Tests: T1 T2 T3 704 705 StCtrlOwnerKey: 706 1/1 working_state_o = StOwnerKey; Tests: T1 T2 T3 707 708 StCtrlDisabled: 709 1/1 working_state_o = StDisabled; Tests: T1 T2 T3 710 711 StCtrlWipe: begin 712 1/1 update_en = 1'b0; Tests: T14 T15 T37 713 1/1 working_state_o = last_working_st; Tests: T14 T15 T37 714 end 715 716 StCtrlInvalid: 717 1/1 working_state_o = StInvalid; Tests: T14 T15 T37 718 719 default: 720 working_state_o = StInvalid; 721 endcase // unique case (state_q) 722 end 723 724 always_comb begin 725 1/1 status_o = OpIdle; Tests: T1 T2 T3 726 1/1 if (op_done_o) begin Tests: T1 T2 T3 727 // It is possible for an operation to finish the same cycle en_i goes low. 728 // The main fsm handling is one cycle behind, but still report operation 729 // fail. 730 1/1 status_o = |{error_o, fault_o} ? OpDoneFail : OpDoneSuccess; Tests: T1 T2 T3 731 1/1 end else if (op_start_i) begin Tests: T1 T2 T3 732 1/1 status_o = OpWip; Tests: T1 T2 T3 733 end MISSING_ELSE 734 end 735 736 737 ///////////////////////// 738 // Operateion state, handle advance and generate 739 ///////////////////////// 740 741 logic op_fsm_err; 742 keymgr_op_state_ctrl u_op_state ( 743 .clk_i, 744 .rst_ni, 745 .adv_req_i(adv_req), 746 .dis_req_i(dis_req), 747 .id_req_i(id_req), 748 .gen_req_i(gen_req), 749 .cnt_i(cdi_cnt), 750 .op_ack_o(op_ack), 751 .op_busy_o(op_busy), 752 .op_update_o(op_update), 753 .kmac_done_i, 754 .adv_en_o, 755 .id_en_o, 756 .gen_en_o, 757 .op_fsm_err_o(op_fsm_err) 758 ); 759 760 // operational state cross check. The state value must be consistent with 761 // the input operations. 762 logic op_state_cmd_err; 763 1/1 assign op_state_cmd_err = (adv_en_o & ~(advance_sel | disable_sel)) | Tests: T1 T2 T3 764 (gen_en_o & ~gen_op); 765 766 // operations fsm update precedence 767 // when in invalid state, always update. 768 // when in disabled state, always update unless a fault is encountered. 769 1/1 assign op_update_sel = (op_ack | op_update) & invalid ? KeyUpdateKmac : Tests: T1 T2 T3 770 (op_ack | op_update) & op_fault_err ? KeyUpdateWipe : 771 (op_ack | op_update) & disabled ? KeyUpdateKmac : 772 (op_ack | op_update) & op_err ? KeyUpdateIdle : 773 (op_ack | op_update) ? KeyUpdateKmac : KeyUpdateIdle; 774 775 776 /////////////////////////////// 777 // Suppress kmac return data 778 /////////////////////////////// 779 780 logic data_fsm_err; 781 keymgr_data_en_state u_data_en ( 782 .clk_i, 783 .rst_ni, 784 .hw_sel_i(hw_sel_o), 785 .adv_en_i(adv_en_o), 786 .id_en_i(id_en_o), 787 .gen_en_i(gen_en_o), 788 .op_done_i(op_done_o), 789 .op_start_i, 790 .data_hw_en_o, 791 .data_sw_en_o, 792 .fsm_err_o(data_fsm_err) 793 ); 794 795 ///////////////////////// 796 // Cross-checks, errors and faults 797 ///////////////////////// 798 799 logic vld_state_change_d, vld_state_change_q; 800 1/1 assign vld_state_change_d = (state_d != state_q) & Tests: T1 T2 T3 801 (state_d inside {StCtrlRootKey, 802 StCtrlCreatorRootKey, 803 StCtrlOwnerIntKey, 804 StCtrlOwnerKey}); 805 806 // capture for cross check in following cycle 807 always_ff @(posedge clk_i or negedge rst_ni) begin 808 1/1 if (!rst_ni) begin Tests: T1 T2 T3 809 1/1 vld_state_change_q <= '0; Tests: T1 T2 T3 810 end else begin 811 1/1 vld_state_change_q <= vld_state_change_d; Tests: T1 T2 T3 812 end 813 end 814 815 // state cross check 816 // if the state advanced, ensure that it was due to an advanced operation 817 logic state_change_err; 818 1/1 assign state_change_err = vld_state_change_q & !adv_op; Tests: T1 T2 T3 819 820 keymgr_err u_err ( 821 .clk_i, 822 .rst_ni, 823 .invalid_op_i(invalid_op), 824 .disabled_i(disabled | (initialized & ~en_i)), 825 .invalid_i(invalid), 826 .kmac_input_invalid_i, 827 .shadowed_update_err_i, 828 .kmac_op_err_i, 829 .invalid_kmac_out_i(invalid_kmac_out), 830 .sideload_sel_err_i, 831 .kmac_cmd_err_i, 832 .kmac_fsm_err_i, 833 .kmac_done_err_i, 834 .regfile_intg_err_i, 835 .shadowed_storage_err_i, 836 .ctrl_fsm_err_i(state_intg_err_q | state_intg_err_d), 837 .data_fsm_err_i(data_fsm_err), 838 .op_fsm_err_i(op_fsm_err), 839 .ecc_err_i(|ecc_errs), 840 .state_change_err_i(state_change_err), 841 .op_state_cmd_err_i(op_state_cmd_err), 842 .cnt_err_i(cnt_err), 843 .reseed_cnt_err_i, 844 .sideload_fsm_err_i, 845 846 .op_update_i(op_update), 847 .op_done_i(op_done_o), 848 849 .sync_err_o(sync_err), 850 .async_err_o(), 851 .sync_fault_o(sync_fault), 852 .async_fault_o(async_fault), 853 .error_o, 854 .fault_o 855 ); 856 857 /////////////////////////////// 858 // Functions 859 /////////////////////////////// 860 861 // unclear what this is supposed to be yet 862 // right now just check to see if it not all 0's and not all 1's 863 function automatic logic valid_data_chk (logic [KeyWidth-1:0] value); 864 865 1/1 return |value & ~&value; Tests: T1 T2 T3 866 867 endfunction // byte_mask 868 869 ///////////////////////////////// 870 // Assertions 871 ///////////////////////////////// 872 873 // This assertion will not work if fault_status ever takes on metafields such as 874 // qe / re etc. 875 `ASSERT_INIT(SameErrCnt_A, $bits(keymgr_reg2hw_fault_status_reg_t) == 876 (SyncFaultLastIdx + AsyncFaultLastIdx)) 877 878 // stage select should always be Disable whenever it is not enabled 879 `ASSERT(StageDisableSel_A, !en_i |-> stage_sel_o == Disable) 880 881 // Unless it is a legal command, only select disable 882 `ASSERT(InitLegalCommands_A, op_start_i & en_i & state_q inside {StCtrlInit} & 883 !(op_i inside {OpAdvance}) |-> stage_sel_o == Disable) 884 885 // All commands are legal, so select disable only if operation is disable 886 `ASSERT(GeneralLegalCommands_A, op_start_i & en_i & 887 state_q inside {StCtrlCreatorRootKey, StCtrlOwnerIntKey} & 888 (op_i inside {OpDisable}) |-> stage_sel_o == Disable) 889 890 `ASSERT(OwnerLegalCommands_A, op_start_i & en_i & state_q inside {StCtrlOwnerKey} & 891 (op_i inside {OpAdvance, OpDisable}) |-> stage_sel_o == Disable) 892 893 // load_key should not be high if there is no ongoing operation 894 `ASSERT(LoadKey_A, key_o.valid |-> op_start_i) 895 896 // The count value should always be 0 when a transaction start 897 `ASSERT(CntZero_A, $rose(op_start_i) |-> cnt == '0) 898 899 // Whenever a transaction completes, data_en must return to 0 on the next cycle 900 `ASSERT(DataEnDis_A, op_start_i & op_done_o |=> ~data_hw_en_o && ~data_sw_en_o) 901 902 // Whenever data enable asserts, it must be the case that there was a generate or 903 // id operation 904 `ASSERT(DataEn_A, data_hw_en_o | data_sw_en_o |-> (id_en_o | gen_en_o) & ~adv_en_o) 905 906 // Check that the FSM is linear and does not contain any loops
ASSERT_FPV_LINEAR_FSM(SecCmCFILinear_A, state_q, state_e): 907.1 `ifdef INC_ASSERT 907.2 bit SecCmCFILinear_A_cond; 907.3 always_ff @(posedge clk_i or posedge !rst_ni) begin 907.4 1/1 if (!rst_ni) begin Tests: T1 T2 T3 907.5 1/1 SecCmCFILinear_A_cond <= 0; Tests: T1 T2 T3 907.6 end else begin 907.7 1/1 SecCmCFILinear_A_cond <= 1; Tests: T1 T2 T3 907.8 end 907.9 end 907.10 property SecCmCFILinear_A_p; 907.11 state_e initial_state; 907.12 (!$stable(state_q) & SecCmCFILinear_A_cond, initial_state = $past(state_q)) |-> 907.13 (state_q != initial_state) until (!rst_ni == 1'b1); 907.14 endproperty 907.15 SecCmCFILinear_A: assert property (@(posedge clk_i) disable iff ((0) !== '0) (SecCmCFILinear_A_p)) 907.16 else begin 907.17 `ifdef UVM 907.18 uvm_pkg::uvm_report_error("ASSERT FAILED", "SecCmCFILinear_A", uvm_pkg::UVM_NONE, 907.19 "../src/lowrisc_ip_keymgr_0.1/rtl/keymgr_ctrl.sv", 907, "", 1); 907.20 `else 907.21 $error("%0t: (%0s:%0d) [%m] [ASSERT FAILED] %0s", $time, `__FILE__, `__LINE__, 907.22 `PRIM_STRINGIFY(SecCmCFILinear_A)); 907.23 `endif 907.24 end 907.25 `endif
Cond Coverage for Module : keymgr_ctrl
| Total | Covered | Percent | |
|---|---|---|---|
| Conditions | 212 | 208 | 98.11 |
| Logical | 212 | 208 | 98.11 |
| Non-Logical | 0 | 0 | |
| Event | 0 | 0 |
LINE 150
EXPRESSION (op_i == OpAdvance)
---------1---------
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T2,T3 |
LINE 151
EXPRESSION (op_i == OpGenId)
--------1--------
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T2,T3 |
LINE 152
EXPRESSION (op_i == OpGenSwOut)
----------1---------
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T2,T4 |
LINE 153
EXPRESSION (op_i == OpGenHwOut)
----------1---------
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T3,T4 |
LINE 155
EXPRESSION (gen_id_op | gen_sw_op | gen_hw_op)
----1---- ----2---- ----3----
| -1- | -2- | -3- | Status | Tests |
|---|---|---|---|---|
| 0 | 0 | 0 | Covered | T1,T2,T3 |
| 0 | 0 | 1 | Covered | T1,T3,T4 |
| 0 | 1 | 0 | Covered | T1,T2,T4 |
| 1 | 0 | 0 | Covered | T1,T2,T3 |
LINE 165
EXPRESSION (op_start_i & adv_op & en_i)
-----1---- ---2-- --3-
| -1- | -2- | -3- | Status | Tests |
|---|---|---|---|---|
| 0 | 1 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | 1 | Covered | T1,T2,T3 |
| 1 | 1 | 0 | Covered | T74,T92,T48 |
| 1 | 1 | 1 | Covered | T1,T2,T3 |
LINE 166
EXPRESSION (op_start_i & gen_hw_op & en_i)
-----1---- ----2---- --3-
| -1- | -2- | -3- | Status | Tests |
|---|---|---|---|---|
| 0 | 1 | 1 | Covered | T1,T3,T4 |
| 1 | 0 | 1 | Covered | T1,T2,T3 |
| 1 | 1 | 0 | Covered | T5,T6,T7 |
| 1 | 1 | 1 | Covered | T1,T3,T4 |
LINE 169
EXPRESSION ((op_start_i & dis_op) | ((!en_i)))
----------1---------- ----2----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | Covered | T4,T129,T116 |
LINE 169
SUB-EXPRESSION (op_start_i & dis_op)
-----1---- ---2--
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 1 | Covered | T4,T15,T129 |
| 1 | 0 | Covered | T1,T2,T3 |
| 1 | 1 | Covered | T4,T129,T116 |
LINE 185
EXPRESSION (op_req & adv_op)
---1-- ---2--
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | Covered | T1,T2,T3 |
| 1 | 1 | Covered | T1,T2,T3 |
LINE 186
EXPRESSION (op_req & dis_op)
---1-- ---2--
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 1 | Covered | T4,T15,T129 |
| 1 | 0 | Covered | T1,T2,T3 |
| 1 | 1 | Covered | T4,T129,T116 |
LINE 187
EXPRESSION (op_req & gen_id_op)
---1-- ----2----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | Covered | T1,T2,T3 |
| 1 | 1 | Covered | T1,T2,T4 |
LINE 188
EXPRESSION (op_req & (gen_sw_op | gen_hw_op))
---1-- -----------2-----------
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | Covered | T1,T2,T3 |
| 1 | 1 | Covered | T1,T2,T3 |
LINE 188
SUB-EXPRESSION (gen_sw_op | gen_hw_op)
----1---- ----2----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T1,T3,T4 |
| 1 | 0 | Covered | T1,T2,T4 |
LINE 202
EXPRESSION (adv_req & op_ack & ( ~ (op_err | op_fault_err) ))
---1--- ---2-- --------------3--------------
| -1- | -2- | -3- | Status | Tests |
|---|---|---|---|---|
| 0 | 1 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | 1 | Covered | T1,T2,T3 |
| 1 | 1 | 0 | Covered | T1,T2,T3 |
| 1 | 1 | 1 | Covered | T1,T2,T3 |
LINE 202
SUB-EXPRESSION (op_err | op_fault_err)
---1-- ------2-----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T15,T37,T10 |
| 1 | 0 | Covered | T1,T2,T3 |
LINE 230
EXPRESSION (wipe_req ? KeyUpdateWipe : (random_req ? KeyUpdateRandom : (init_o ? KeyUpdateRoot : op_update_sel)))
----1---
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T14,T15,T37 |
LINE 230
SUB-EXPRESSION (random_req ? KeyUpdateRandom : (init_o ? KeyUpdateRoot : op_update_sel))
-----1----
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T2,T3 |
LINE 230
SUB-EXPRESSION (init_o ? KeyUpdateRoot : op_update_sel)
---1--
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T2,T3 |
LINE 243
EXPRESSION (prng_en_dis_inv_set ? 2'b11 : (prng_reseed_done_i ? ({1'b0, prng_en_dis_inv_q[1]}) : prng_en_dis_inv_q))
---------1---------
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T2,T3 |
LINE 243
SUB-EXPRESSION (prng_reseed_done_i ? ({1'b0, prng_en_dis_inv_q[1]}) : prng_en_dis_inv_q)
---------1--------
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T2,T3 |
LINE 255
EXPRESSION (random_req | wipe_req | prng_en_dis_inv_q[0])
-----1---- ----2--- ----------3---------
| -1- | -2- | -3- | Status | Tests |
|---|---|---|---|---|
| 0 | 0 | 0 | Covered | T1,T2,T3 |
| 0 | 0 | 1 | Covered | T1,T2,T3 |
| 0 | 1 | 0 | Covered | T14,T15,T37 |
| 1 | 0 | 0 | Covered | T1,T2,T3 |
LINE 277
EXPRESSION (advance_sel ? cdi_cnt : op_cdi_sel_i)
-----1-----
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T2,T3 |
LINE 281
EXPRESSION (invalid_stage_sel_o ? ({EntropyRounds {entropy_i[0]}}) : key_state_q[cdi_sel_o][0])
---------1---------
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T2,T3 |
LINE 281
EXPRESSION (invalid_stage_sel_o ? ({EntropyRounds {entropy_i[1]}}) : key_state_q[cdi_sel_o][1])
---------1---------
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T2,T3 |
LINE 333
EXPRESSION (root_key_i.creator_root_key_share0_valid && root_key_i.creator_root_key_share1_valid)
--------------------1------------------- --------------------2-------------------
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 1 | Not Covered | |
| 1 | 0 | Not Covered | |
| 1 | 1 | Covered | T1,T2,T3 |
LINE 346
EXPRESSION (op_req ? cnt[0] : '0)
---1--
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T2,T3 |
LINE 389
EXPRESSION ((adv_op || dis_op) ? kmac_data_i : key_state_q[cdi_sel_o])
---------1--------
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T2,T3 |
LINE 389
SUB-EXPRESSION (adv_op || dis_op)
---1-- ---2--
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T4,T129,T116 |
| 1 | 0 | Covered | T1,T2,T3 |
LINE 408
EXPRESSION (op_ack | random_ack)
---1-- -----2----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | Covered | T1,T2,T3 |
LINE 408
EXPRESSION (op_update | random_req)
----1---- -----2----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | Covered | T1,T2,T3 |
LINE 433
EXPRESSION (op_req ? op_ack : (init_o | invalid_op))
---1--
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T2,T3 |
LINE 433
SUB-EXPRESSION (init_o | invalid_op)
---1-- -----2----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T4,T14,T15 |
| 1 | 0 | Covered | T1,T2,T3 |
LINE 444
EXPRESSION (op_ack & adv_req & ((~op_err)))
---1-- ---2--- -----3-----
| -1- | -2- | -3- | Status | Tests |
|---|---|---|---|---|
| 0 | 1 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | 1 | Covered | T1,T2,T3 |
| 1 | 1 | 0 | Covered | T1,T2,T3 |
| 1 | 1 | 1 | Covered | T1,T2,T3 |
LINE 445
EXPRESSION (op_ack & dis_req)
---1-- ---2---
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 1 | Covered | T4,T129,T116 |
| 1 | 0 | Covered | T1,T2,T3 |
| 1 | 1 | Covered | T4,T129,T116 |
LINE 504
EXPRESSION (op_start_i & ((~advance_sel)))
-----1---- --------2-------
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | Covered | T1,T2,T3 |
| 1 | 1 | Covered | T4,T15,T16 |
LINE 532
EXPRESSION (int'(cnt) == (EntropyRounds - 1))
-----------------1----------------
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Unreachable | T1,T2,T3 |
LINE 542
EXPRESSION ((en_i && root_key_valid_q) ? StCtrlInit : StCtrlWipe)
-------------1------------
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T14,T38,T114 |
| 1 | Covered | T1,T2,T3 |
LINE 542
SUB-EXPRESSION (en_i && root_key_valid_q)
--1- --------2-------
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 1 | Covered | T65,T130,T131 |
| 1 | 0 | Covered | T14,T38,T114 |
| 1 | 1 | Covered | T1,T2,T3 |
LINE 552
EXPRESSION (advance_sel ? Creator : Disable)
-----1-----
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T2,T3 |
LINE 553
EXPRESSION (op_start_i & ( ~ (advance_sel | disable_sel) ))
-----1---- ----------------2----------------
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | Covered | T1,T2,T3 |
| 1 | 1 | Covered | T1,T2,T3 |
LINE 553
SUB-EXPRESSION (advance_sel | disable_sel)
-----1----- -----2-----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T4,T74,T126 |
| 1 | 0 | Covered | T1,T2,T3 |
LINE 555
EXPRESSION (((!en_i)) || inv_state)
----1---- ----2----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T40,T28,T20 |
| 1 | 0 | Covered | T74,T94,T6 |
LINE 572
EXPRESSION (disable_sel ? Disable : (advance_sel ? OwnerInt : Creator))
-----1-----
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T116,T5,T92 |
LINE 572
SUB-EXPRESSION (advance_sel ? OwnerInt : Creator)
-----1-----
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T2,T3 |
LINE 575
EXPRESSION (((!en_i)) || inv_state)
----1---- ----2----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T39,T132,T133 |
| 1 | 0 | Covered | T5,T92,T60 |
LINE 592
EXPRESSION (disable_sel ? Disable : (advance_sel ? Owner : OwnerInt))
-----1-----
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T134,T127,T50 |
LINE 592
SUB-EXPRESSION (advance_sel ? Owner : OwnerInt)
-----1-----
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T2,T3 |
LINE 595
EXPRESSION (((!en_i)) || inv_state)
----1---- ----2----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T37,T41,T45 |
| 1 | 0 | Covered | T134,T7,T135 |
LINE 613
EXPRESSION ((disable_sel | advance_sel) ? Disable : Owner)
-------------1-------------
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T2,T3 |
LINE 613
SUB-EXPRESSION (disable_sel | advance_sel)
-----1----- -----2-----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | Covered | T129,T60,T94 |
LINE 615
EXPRESSION (((!en_i)) || inv_state)
----1---- ----2----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T68,T30,T46 |
| 1 | 0 | Covered | T60,T136,T137 |
LINE 617
EXPRESSION (adv_state || dis_state)
----1---- ----2----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T129,T60,T94 |
| 1 | 0 | Covered | T1,T2,T3 |
LINE 656
EXPRESSION (((!en_i)) || inv_state)
----1---- ----2----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T15,T29,T27 |
| 1 | 0 | Covered | T48,T60,T138 |
LINE 730
EXPRESSION (((|{error_o, fault_o})) ? OpDoneFail : OpDoneSuccess)
-----------1-----------
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T2,T3 |
LINE 763
EXPRESSION ((adv_en_o & ( ~ (advance_sel | disable_sel) )) | (gen_en_o & ((~gen_op))))
-----------------------1---------------------- ------------2-----------
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T15,T27,T44 |
| 1 | 0 | Covered | T22,T139,T8 |
LINE 763
SUB-EXPRESSION (adv_en_o & ( ~ (advance_sel | disable_sel) ))
----1--- ----------------2----------------
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | Covered | T1,T2,T3 |
| 1 | 1 | Covered | T22,T139,T8 |
LINE 763
SUB-EXPRESSION (advance_sel | disable_sel)
-----1----- -----2-----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | Covered | T1,T2,T3 |
LINE 763
SUB-EXPRESSION (gen_en_o & ((~gen_op)))
----1--- -----2-----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | Covered | T1,T2,T3 |
| 1 | 1 | Covered | T15,T27,T44 |
LINE 769
EXPRESSION
Number Term
1 ((op_ack | op_update) & invalid) ? KeyUpdateKmac : (((op_ack | op_update) & op_fault_err) ? KeyUpdateWipe : (((op_ack | op_update) & disabled) ? KeyUpdateKmac : (((op_ack | op_update) & op_err) ? KeyUpdateIdle : ((op_ack | op_update) ? KeyUpdateKmac : KeyUpdateIdle)))))
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T10,T11,T12 |
LINE 769
SUB-EXPRESSION ((op_ack | op_update) & invalid)
----------1--------- ---2---
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 1 | Covered | T14,T15,T37 |
| 1 | 0 | Covered | T1,T2,T3 |
| 1 | 1 | Covered | T10,T11,T12 |
LINE 769
SUB-EXPRESSION (op_ack | op_update)
---1-- ----2----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | Covered | T1,T2,T3 |
LINE 769
SUB-EXPRESSION
Number Term
1 ((op_ack | op_update) & op_fault_err) ? KeyUpdateWipe : (((op_ack | op_update) & disabled) ? KeyUpdateKmac : (((op_ack | op_update) & op_err) ? KeyUpdateIdle : ((op_ack | op_update) ? KeyUpdateKmac : KeyUpdateIdle))))
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T37,T10,T39 |
LINE 769
SUB-EXPRESSION ((op_ack | op_update) & op_fault_err)
----------1--------- ------2-----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 1 | Covered | T15,T37,T10 |
| 1 | 0 | Covered | T1,T2,T3 |
| 1 | 1 | Covered | T37,T10,T39 |
LINE 769
SUB-EXPRESSION (op_ack | op_update)
---1-- ----2----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | Covered | T1,T2,T3 |
LINE 769
SUB-EXPRESSION
Number Term
1 ((op_ack | op_update) & disabled) ? KeyUpdateKmac : (((op_ack | op_update) & op_err) ? KeyUpdateIdle : ((op_ack | op_update) ? KeyUpdateKmac : KeyUpdateIdle)))
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T2,T3 |
LINE 769
SUB-EXPRESSION ((op_ack | op_update) & disabled)
----------1--------- ----2---
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | Covered | T1,T2,T3 |
| 1 | 1 | Covered | T1,T2,T3 |
LINE 769
SUB-EXPRESSION (op_ack | op_update)
---1-- ----2----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | Covered | T1,T2,T3 |
LINE 769
SUB-EXPRESSION (((op_ack | op_update) & op_err) ? KeyUpdateIdle : ((op_ack | op_update) ? KeyUpdateKmac : KeyUpdateIdle))
---------------1---------------
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T2,T3 |
LINE 769
SUB-EXPRESSION ((op_ack | op_update) & op_err)
----------1--------- ---2--
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | Covered | T1,T2,T3 |
| 1 | 1 | Covered | T1,T2,T3 |
LINE 769
SUB-EXPRESSION (op_ack | op_update)
---1-- ----2----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | Covered | T1,T2,T3 |
LINE 769
SUB-EXPRESSION ((op_ack | op_update) ? KeyUpdateKmac : KeyUpdateIdle)
----------1---------
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T2,T3 |
LINE 769
SUB-EXPRESSION (op_ack | op_update)
---1-- ----2----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | Covered | T1,T2,T3 |
LINE 800
EXPRESSION ((state_d != state_q) & (state_d inside {StCtrlRootKey, StCtrlCreatorRootKey, StCtrlOwnerIntKey, StCtrlOwnerKey}))
----------1--------- --------------------------------------------2--------------------------------------------
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | Covered | T1,T2,T3 |
| 1 | 1 | Covered | T1,T2,T3 |
LINE 800
SUB-EXPRESSION (state_d != state_q)
----------1---------
| -1- | Status | Tests |
|---|---|---|
| 0 | Covered | T1,T2,T3 |
| 1 | Covered | T1,T2,T3 |
LINE 818
EXPRESSION (vld_state_change_q & ((!adv_op)))
---------1-------- -----2-----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | Covered | T1,T2,T3 |
| 1 | 1 | Not Covered |
LINE 820
EXPRESSION (disabled | (initialized & ((~en_i))))
----1--- ------------2------------
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T74,T5,T92 |
| 1 | 0 | Covered | T1,T2,T3 |
LINE 820
SUB-EXPRESSION (initialized & ((~en_i)))
-----1----- ----2----
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 1 | Covered | T1,T2,T3 |
| 1 | 0 | Covered | T1,T2,T3 |
| 1 | 1 | Covered | T74,T5,T92 |
LINE 820
EXPRESSION (state_intg_err_q | state_intg_err_d)
--------1------- --------2-------
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 0 | 0 | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T10,T11,T12 |
| 1 | 0 | Not Covered |
FSM Coverage for Module : keymgr_ctrl
| Total | Covered | Percent | ||
|---|---|---|---|---|
| States | 11 | 11 | 100.00 | (Not included in score) |
| Transitions | 19 | 19 | 100.00 | |
| Sequences | 0 | 0 |
State, Transition and Sequence Details for FSM :: state_q
| states | Line No. | Covered | Tests |
| StCtrlCreatorRootKey | 561 | Covered | T1,T2,T3 |
| StCtrlDisabled | 558 | Covered | T1,T2,T3 |
| StCtrlEntropyReseed | 510 | Covered | T1,T2,T3 |
| StCtrlInit | 542 | Covered | T1,T2,T3 |
| StCtrlInvalid | 641 | Covered | T14,T15,T37 |
| StCtrlOwnerIntKey | 581 | Covered | T1,T2,T3 |
| StCtrlOwnerKey | 601 | Covered | T1,T2,T3 |
| StCtrlRandom | 520 | Covered | T1,T2,T3 |
| StCtrlReset | 495 | Covered | T1,T2,T3 |
| StCtrlRootKey | 534 | Covered | T1,T2,T3 |
| StCtrlWipe | 508 | Covered | T14,T15,T37 |
| transitions | Line No. | Covered | Tests |
| StCtrlCreatorRootKey->StCtrlDisabled | 578 | Covered | T116,T48,T60 |
| StCtrlCreatorRootKey->StCtrlOwnerIntKey | 581 | Covered | T1,T2,T3 |
| StCtrlCreatorRootKey->StCtrlWipe | 576 | Covered | T39,T5,T92 |
| StCtrlDisabled->StCtrlWipe | 657 | Covered | T15,T48,T60 |
| StCtrlEntropyReseed->StCtrlRandom | 520 | Covered | T1,T2,T3 |
| StCtrlInit->StCtrlCreatorRootKey | 561 | Covered | T1,T2,T3 |
| StCtrlInit->StCtrlDisabled | 558 | Covered | T4,T126,T48 |
| StCtrlInit->StCtrlWipe | 556 | Covered | T74,T40,T28 |
| StCtrlOwnerIntKey->StCtrlDisabled | 598 | Covered | T127,T50,T128 |
| StCtrlOwnerIntKey->StCtrlOwnerKey | 601 | Covered | T1,T2,T3 |
| StCtrlOwnerIntKey->StCtrlWipe | 596 | Covered | T37,T41,T45 |
| StCtrlOwnerKey->StCtrlDisabled | 618 | Covered | T1,T2,T3 |
| StCtrlOwnerKey->StCtrlWipe | 616 | Covered | T68,T60,T30 |
| StCtrlRandom->StCtrlRootKey | 534 | Covered | T1,T2,T3 |
| StCtrlReset->StCtrlEntropyReseed | 510 | Covered | T1,T2,T3 |
| StCtrlReset->StCtrlWipe | 508 | Covered | T10,T11,T12 |
| StCtrlRootKey->StCtrlInit | 542 | Covered | T1,T2,T3 |
| StCtrlRootKey->StCtrlWipe | 542 | Covered | T14,T38,T114 |
| StCtrlWipe->StCtrlInvalid | 641 | Covered | T14,T15,T37 |
Branch Coverage for Module : keymgr_ctrl
| Line No. | Total | Covered | Percent | |
|---|---|---|---|---|
| Branches | 97 | 97 | 100.00 | |
| TERNARY | 230 | 4 | 4 | 100.00 |
| TERNARY | 243 | 3 | 3 | 100.00 |
| TERNARY | 277 | 2 | 2 | 100.00 |
| TERNARY | 346 | 2 | 2 | 100.00 |
| TERNARY | 433 | 2 | 2 | 100.00 |
| TERNARY | 769 | 6 | 6 | 100.00 |
| TERNARY | 281 | 2 | 2 | 100.00 |
| TERNARY | 281 | 2 | 2 | 100.00 |
| IF | 248 | 2 | 2 | 100.00 |
| IF | 261 | 2 | 2 | 100.00 |
| IF | 264 | 2 | 2 | 100.00 |
| IF | 290 | 2 | 2 | 100.00 |
| CASE | 355 | 7 | 7 | 100.00 |
| CASE | 493 | 39 | 39 | 100.00 |
| IF | 681 | 3 | 3 | 100.00 |
| CASE | 692 | 9 | 9 | 100.00 |
| IF | 726 | 4 | 4 | 100.00 |
| IF | 808 | 2 | 2 | 100.00 |
| IF | 907 | 2 | 2 | 100.00 |
230 assign update_sel = wipe_req ? KeyUpdateWipe : -1- ==> 231 random_req ? KeyUpdateRandom : -2- ==> 232 init_o ? KeyUpdateRoot : op_update_sel; -3- ==> ==>
Branches:
| -1- | -2- | -3- | Status | Tests |
|---|---|---|---|---|
| 1 | - | - | Covered | T14,T15,T37 |
| 0 | 1 | - | Covered | T1,T2,T3 |
| 0 | 0 | 1 | Covered | T1,T2,T3 |
| 0 | 0 | 0 | Covered | T1,T2,T3 |
243 assign prng_en_dis_inv_d = 244 prng_en_dis_inv_set ? 2'b11 : -1- ==> 245 prng_reseed_done_i ? {1'b0, prng_en_dis_inv_q[1]} : prng_en_dis_inv_q; -2- ==> ==>
Branches:
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 1 | - | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T1,T2,T3 |
| 0 | 0 | Covered | T1,T2,T3 |
277 assign cdi_sel_o = advance_sel ? cdi_cnt : op_cdi_sel_i; -1- ==> ==>
Branches:
| -1- | Status | Tests |
|---|---|---|
| 1 | Covered | T1,T2,T3 |
| 0 | Covered | T1,T2,T3 |
346 assign cdi_cnt = op_req ? cnt[CdiWidth-1:0] : '0; -1- ==> ==>
Branches:
| -1- | Status | Tests |
|---|---|---|
| 1 | Covered | T1,T2,T3 |
| 0 | Covered | T1,T2,T3 |
433 assign op_done_o = op_req ? op_ack : -1- ==> ==>
Branches:
| -1- | Status | Tests |
|---|---|---|
| 1 | Covered | T1,T2,T3 |
| 0 | Covered | T1,T2,T3 |
769 assign op_update_sel = (op_ack | op_update) & invalid ? KeyUpdateKmac : -1- ==> 770 (op_ack | op_update) & op_fault_err ? KeyUpdateWipe : -2- ==> 771 (op_ack | op_update) & disabled ? KeyUpdateKmac : -3- ==> 772 (op_ack | op_update) & op_err ? KeyUpdateIdle : -4- ==> 773 (op_ack | op_update) ? KeyUpdateKmac : KeyUpdateIdle; -5- ==> ==>
Branches:
| -1- | -2- | -3- | -4- | -5- | Status | Tests |
|---|---|---|---|---|---|---|
| 1 | - | - | - | - | Covered | T10,T11,T12 |
| 0 | 1 | - | - | - | Covered | T37,T10,T39 |
| 0 | 0 | 1 | - | - | Covered | T1,T2,T3 |
| 0 | 0 | 0 | 1 | - | Covered | T1,T2,T3 |
| 0 | 0 | 0 | 0 | 1 | Covered | T1,T2,T3 |
| 0 | 0 | 0 | 0 | 0 | Covered | T1,T2,T3 |
281 assign key_o.key[i] = invalid_stage_sel_o ? -1- ==> ==>
Branches:
| -1- | Status | Tests |
|---|---|---|
| 1 | Covered | T1,T2,T3 |
| 0 | Covered | T1,T2,T3 |
281 assign key_o.key[i] = invalid_stage_sel_o ? -1- ==> ==>
Branches:
| -1- | Status | Tests |
|---|---|---|
| 1 | Covered | T1,T2,T3 |
| 0 | Covered | T1,T2,T3 |
248 if (!rst_ni) begin -1- 249 prng_en_dis_inv_q <= '0; ==> 250 end else begin 251 prng_en_dis_inv_q <= prng_en_dis_inv_d; ==>
Branches:
| -1- | Status | Tests |
|---|---|---|
| 1 | Covered | T1,T2,T3 |
| 0 | Covered | T1,T2,T3 |
261 `PRIM_FLOP_SPARSE_FSM(u_state_regs, state_d, state_q, state_e, StCtrlReset) -1- ==> ==>
Branches:
| -1- | Status | Tests |
|---|---|---|
| 1 | Covered | T1,T2,T3 |
| 0 | Covered | T1,T2,T3 |
264 if (!rst_ni) begin -1- 265 state_intg_err_q <= '0; ==> 266 end else begin 267 state_intg_err_q <= state_intg_err_d; ==>
Branches:
| -1- | Status | Tests |
|---|---|---|
| 1 | Covered | T1,T2,T3 |
| 0 | Covered | T1,T2,T3 |
290 if (!rst_ni) begin -1- 291 key_state_q <= '0; ==> 292 key_state_ecc_q <= {TotalEccWords{prim_secded_pkg::SecdedInv7264ZeroEcc}}; 293 end else begin 294 for (int i = 0; i < CDIs; i++) begin ==>
Branches:
| -1- | Status | Tests |
|---|---|---|
| 1 | Covered | T1,T2,T3 |
| 0 | Covered | T1,T2,T3 |
355 unique case (update_sel) -1- 356 KeyUpdateRandom: begin 357 for (int i = 0; i < CDIs; i++) begin ==> 358 for (int j = 0; j < Shares; j++) begin 359 // Load each share with the same randomness so we can 360 // later simply XOR root key on them 361 key_state_d[i][j][cnt[EntropyRndWidth-1:0]] = entropy_i[i]; 362 end 363 end 364 end 365 366 KeyUpdateRoot: begin 367 if (root_key_valid_q) begin -2- 368 for (int i = 0; i < CDIs; i++) begin ==> 369 if (KmacEnMasking) begin : gen_two_share_key 370 key_state_d[i][0] ^= root_key_i.creator_root_key_share0; 371 key_state_d[i][1] ^= root_key_i.creator_root_key_share1; 372 end else begin : gen_one_share_key 373 key_state_d[i][0] = root_key_i.creator_root_key_share0 ^ 374 root_key_i.creator_root_key_share1; 375 key_state_d[i][1] = '0; 376 end 377 end 378 end else begin 379 // if root key is not valid, load and invalid value 380 for (int i = 0; i < CDIs; i++) begin ==> 381 key_state_d[i][0] = '0; 382 key_state_d[i][1] = '{default: '1}; 383 end 384 end 385 end 386 387 KeyUpdateKmac: begin 388 data_valid_o = gen_op; 389 key_state_d[cdi_sel_o] = (adv_op || dis_op) ? kmac_data_i : key_state_q[cdi_sel_o]; -3- ==> ==> 390 end 391 392 KeyUpdateWipe: begin 393 wipe_key_o = 1'b1; ==> 394 for (int i = 0; i < CDIs; i++) begin 395 for (int j = 0; j < Shares; j++) begin 396 key_state_d[i][j] = {EntropyRounds{entropy_i[j]}}; 397 end 398 end 399 end 400 401 default:; ==>
Branches:
| -1- | -2- | -3- | Status | Tests |
|---|---|---|---|---|
| KeyUpdateRandom | - | - | Covered | T1,T2,T3 |
| KeyUpdateRoot | 1 | - | Covered | T1,T2,T3 |
| KeyUpdateRoot | 0 | - | Covered | T14,T38,T114 |
| KeyUpdateKmac | - | 1 | Covered | T1,T2,T3 |
| KeyUpdateKmac | - | 0 | Covered | T1,T2,T3 |
| KeyUpdateWipe | - | - | Covered | T14,T15,T37 |
| default | - | - | Covered | T1,T2,T3 |
493 unique case (state_q) -1- 494 // Only advance can be called from reset state 495 StCtrlReset: begin 496 initialized = 1'b0; 497 498 // always use random data for advance, since out of reset state 499 // the key state will be randomized. 500 stage_sel_o = Disable; 501 502 // key state is updated when it is an advance call 503 // all other operations are invalid, including disable 504 invalid_op = op_start_i & ~advance_sel; 505 506 // if there was a structural fault before anything began, wipe immediately 507 if (inv_state) begin -2- 508 state_d = StCtrlWipe; ==> 509 end else if (advance_sel) begin -3- 510 state_d = StCtrlEntropyReseed; ==> 511 end MISSING_ELSE ==> 512 end 513 514 // reseed entropy 515 StCtrlEntropyReseed: begin 516 initialized = 1'b0; 517 prng_reseed_req_o = 1'b1; 518 519 if (prng_reseed_ack_i) begin -4- 520 state_d = StCtrlRandom; ==> 521 end MISSING_ELSE ==> 522 end 523 524 // This state does not accept any command. 525 StCtrlRandom: begin 526 initialized = 1'b0; 527 random_req = 1'b1; 528 529 // when mask population is complete, xor the root_key into the zero share 530 // if in the future the root key is updated to 2 shares, it will direclty overwrite 531 // the values here 532 if (int'(cnt) == EntropyRounds-1) begin -5- 533 random_ack = 1'b1; ==> (Unreachable) 534 state_d = StCtrlRootKey; 535 end MISSING_ELSE ==> 536 end 537 538 // load the root key. 539 StCtrlRootKey: begin 540 init_o = 1'b1; 541 initialized = 1'b1; 542 state_d = (en_i && root_key_valid_q) ? StCtrlInit : StCtrlWipe; -6- ==> ==> 543 end 544 545 // Beginning from the Init state, operations are accepted. 546 // Only valid operation is advance state. If invalid command received, 547 // random data is selected for operation and no persistent state is changed. 548 StCtrlInit: begin 549 op_req = op_start_i; 550 551 // when advancing select creator data, otherwise use random input 552 stage_sel_o = advance_sel ? Creator : Disable; -7- ==> ==> 553 invalid_op = op_start_i & ~(advance_sel | disable_sel); 554 555 if (!en_i || inv_state) begin -8- 556 state_d = StCtrlWipe; ==> 557 end else if (dis_state) begin -9- 558 state_d = StCtrlDisabled; ==> 559 prng_en_dis_inv_set = 1'b1; 560 end else if (adv_state) begin -10- 561 state_d = StCtrlCreatorRootKey; ==> 562 end MISSING_ELSE ==> 563 end 564 565 // all commands are valid during this stage 566 StCtrlCreatorRootKey: begin 567 op_req = op_start_i; 568 569 // when generating, select creator data input 570 // when advancing, select owner intermediate key as target 571 // when disabling, select random data input 572 stage_sel_o = disable_sel ? Disable : -11- ==> 573 advance_sel ? OwnerInt : Creator; -12- ==> ==> 574 575 if (!en_i || inv_state) begin -13- 576 state_d = StCtrlWipe; ==> 577 end else if (dis_state) begin -14- 578 state_d = StCtrlDisabled; ==> 579 prng_en_dis_inv_set = 1'b1; 580 end else if (adv_state) begin -15- 581 state_d = StCtrlOwnerIntKey; ==> 582 end MISSING_ELSE ==> 583 end 584 585 // all commands are valid during this stage 586 StCtrlOwnerIntKey: begin 587 op_req = op_start_i; 588 589 // when generating, select owner intermediate data input 590 // when advancing, select owner as target 591 // when disabling, select random data input 592 stage_sel_o = disable_sel ? Disable : -16- ==> 593 advance_sel ? Owner : OwnerInt; -17- ==> ==> 594 595 if (!en_i || inv_state) begin -18- 596 state_d = StCtrlWipe; ==> 597 end else if (dis_state) begin -19- 598 state_d = StCtrlDisabled; ==> 599 prng_en_dis_inv_set = 1'b1; 600 end else if (adv_state) begin -20- 601 state_d = StCtrlOwnerKey; ==> 602 end MISSING_ELSE ==> 603 end 604 605 // all commands are valid during this stage 606 // however advance goes directly to disabled state 607 StCtrlOwnerKey: begin 608 op_req = op_start_i; 609 610 // when generating, select owner data input 611 // when advancing, select disable as target 612 // when disabling, select random data input 613 stage_sel_o = disable_sel | advance_sel ? Disable : Owner; -21- ==> ==> 614 615 if (!en_i || inv_state) begin -22- 616 state_d = StCtrlWipe; ==> 617 end else if (adv_state || dis_state) begin -23- 618 state_d = StCtrlDisabled; ==> 619 prng_en_dis_inv_set = 1'b1; 620 end MISSING_ELSE ==> 621 end 622 623 // The wipe state immediately clears out the key state, but waits for any ongoing 624 // transaction to finish before going to disabled state. 625 // Unlike the random state, this is an immedaite shutdown request, so all parts of the 626 // key are wiped. 627 StCtrlWipe: begin 628 wipe_req = 1'b1; 629 // if there was already an operation ongoing, maintain the request until completion 630 op_req = op_busy; 631 invalid_op = op_start_i; 632 633 // If the enable is dropped during the middle of a transaction, we clear and wait for that 634 // transaction to gracefully complete (if it can). 635 // There are two scenarios: 636 // 1. the operation completed right when we started wiping, in which case the done would 637 // clear the start. 638 // 2. the operation completed before we started wiping, or there was never an operation to 639 // begin with (op_start_i == 0), in this case, don't wait and immediately transition 640 if (!op_start_i) begin -24- 641 state_d = StCtrlInvalid; ==> 642 prng_en_dis_inv_set = 1'b1; 643 end MISSING_ELSE ==> 644 end 645 646 // StCtrlDisabled and StCtrlInvalid are almost functionally equivalent 647 // The only difference is that Disabled is entered through software invocation, 648 // while Invalid is entered through life cycle disable or operational fault. 649 // 650 // Both states continue to kick off random transactions 651 // All transactions are treated as invalid despite completing 652 StCtrlDisabled: begin 653 op_req = op_start_i; 654 disabled = 1'b1; 655 656 if (!en_i || inv_state) begin -25- 657 state_d = StCtrlWipe; ==> 658 end MISSING_ELSE ==> 659 end 660 661 StCtrlInvalid: begin 662 invalid_op = op_start_i; ==> 663 invalid = 1'b1; 664 end 665 666 // latch the fault indication and start to wipe the key manager 667 default: begin 668 state_intg_err_d = 1'b1; ==>
Branches:
| -1- | -2- | -3- | -4- | -5- | -6- | -7- | -8- | -9- | -10- | -11- | -12- | -13- | -14- | -15- | -16- | -17- | -18- | -19- | -20- | -21- | -22- | -23- | -24- | -25- | Status | Tests |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| StCtrlReset | 1 | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | Covered | T10,T11,T12 |
| StCtrlReset | 0 | 1 | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | Covered | T1,T2,T3 |
| StCtrlReset | 0 | 0 | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | Covered | T1,T2,T3 |
| StCtrlEntropyReseed | - | - | 1 | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | Covered | T1,T2,T3 |
| StCtrlEntropyReseed | - | - | 0 | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | Covered | T1,T2,T3 |
| StCtrlRandom | - | - | - | 1 | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | Unreachable | T1,T2,T3 |
| StCtrlRandom | - | - | - | 0 | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | Covered | T1,T2,T3 |
| StCtrlRootKey | - | - | - | - | 1 | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | Covered | T1,T2,T3 |
| StCtrlRootKey | - | - | - | - | 0 | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | Covered | T14,T38,T114 |
| StCtrlInit | - | - | - | - | - | 1 | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | Covered | T1,T2,T3 |
| StCtrlInit | - | - | - | - | - | 0 | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | Covered | T1,T2,T3 |
| StCtrlInit | - | - | - | - | - | - | 1 | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | Covered | T74,T40,T28 |
| StCtrlInit | - | - | - | - | - | - | 0 | 1 | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | Covered | T4,T126,T48 |
| StCtrlInit | - | - | - | - | - | - | 0 | 0 | 1 | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | Covered | T1,T2,T3 |
| StCtrlInit | - | - | - | - | - | - | 0 | 0 | 0 | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | Covered | T1,T2,T3 |
| StCtrlCreatorRootKey | - | - | - | - | - | - | - | - | - | 1 | - | - | - | - | - | - | - | - | - | - | - | - | - | - | Covered | T116,T5,T92 |
| StCtrlCreatorRootKey | - | - | - | - | - | - | - | - | - | 0 | 1 | - | - | - | - | - | - | - | - | - | - | - | - | - | Covered | T1,T2,T3 |
| StCtrlCreatorRootKey | - | - | - | - | - | - | - | - | - | 0 | 0 | - | - | - | - | - | - | - | - | - | - | - | - | - | Covered | T1,T2,T3 |
| StCtrlCreatorRootKey | - | - | - | - | - | - | - | - | - | - | - | 1 | - | - | - | - | - | - | - | - | - | - | - | - | Covered | T39,T5,T92 |
| StCtrlCreatorRootKey | - | - | - | - | - | - | - | - | - | - | - | 0 | 1 | - | - | - | - | - | - | - | - | - | - | - | Covered | T116,T48,T60 |
| StCtrlCreatorRootKey | - | - | - | - | - | - | - | - | - | - | - | 0 | 0 | 1 | - | - | - | - | - | - | - | - | - | - | Covered | T1,T2,T3 |
| StCtrlCreatorRootKey | - | - | - | - | - | - | - | - | - | - | - | 0 | 0 | 0 | - | - | - | - | - | - | - | - | - | - | Covered | T1,T2,T3 |
| StCtrlOwnerIntKey | - | - | - | - | - | - | - | - | - | - | - | - | - | - | 1 | - | - | - | - | - | - | - | - | - | Covered | T134,T127,T50 |
| StCtrlOwnerIntKey | - | - | - | - | - | - | - | - | - | - | - | - | - | - | 0 | 1 | - | - | - | - | - | - | - | - | Covered | T1,T2,T3 |
| StCtrlOwnerIntKey | - | - | - | - | - | - | - | - | - | - | - | - | - | - | 0 | 0 | - | - | - | - | - | - | - | - | Covered | T1,T2,T3 |
| StCtrlOwnerIntKey | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | 1 | - | - | - | - | - | - | - | Covered | T37,T41,T45 |
| StCtrlOwnerIntKey | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | 0 | 1 | - | - | - | - | - | - | Covered | T127,T50,T128 |
| StCtrlOwnerIntKey | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | 0 | 0 | 1 | - | - | - | - | - | Covered | T1,T2,T3 |
| StCtrlOwnerIntKey | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | 0 | 0 | 0 | - | - | - | - | - | Covered | T1,T2,T3 |
| StCtrlOwnerKey | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | 1 | - | - | - | - | Covered | T1,T2,T3 |
| StCtrlOwnerKey | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | 0 | - | - | - | - | Covered | T1,T2,T3 |
| StCtrlOwnerKey | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | 1 | - | - | - | Covered | T68,T60,T30 |
| StCtrlOwnerKey | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | 0 | 1 | - | - | Covered | T1,T2,T3 |
| StCtrlOwnerKey | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | 0 | 0 | - | - | Covered | T1,T2,T3 |
| StCtrlWipe | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | 1 | - | Covered | T14,T15,T37 |
| StCtrlWipe | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | 0 | - | Covered | T37,T74,T5 |
| StCtrlDisabled | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | 1 | Covered | T15,T48,T60 |
| StCtrlDisabled | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | 0 | Covered | T1,T2,T3 |
| StCtrlInvalid | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | Covered | T14,T15,T37 |
| default | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | - | Covered | T10,T11,T12 |
681 if (!rst_ni) begin -1- 682 last_working_st <= StReset; ==> 683 end else if (update_en) begin -2- 684 last_working_st <= working_state_o; ==> 685 end MISSING_ELSE ==>
Branches:
| -1- | -2- | Status | Tests |
|---|---|---|---|
| 1 | - | Covered | T1,T2,T3 |
| 0 | 1 | Covered | T1,T2,T3 |
| 0 | 0 | Covered | T14,T15,T37 |
692 unique case (state_q) -1- 693 StCtrlReset, StCtrlEntropyReseed, StCtrlRandom: 694 working_state_o = StReset; ==> 695 696 StCtrlRootKey, StCtrlInit: 697 working_state_o = StInit; ==> 698 699 StCtrlCreatorRootKey: 700 working_state_o = StCreatorRootKey; ==> 701 702 StCtrlOwnerIntKey: 703 working_state_o = StOwnerIntKey; ==> 704 705 StCtrlOwnerKey: 706 working_state_o = StOwnerKey; ==> 707 708 StCtrlDisabled: 709 working_state_o = StDisabled; ==> 710 711 StCtrlWipe: begin 712 update_en = 1'b0; ==> 713 working_state_o = last_working_st; 714 end 715 716 StCtrlInvalid: 717 working_state_o = StInvalid; ==> 718 719 default: 720 working_state_o = StInvalid; ==>
Branches:
| -1- | Status | Tests |
|---|---|---|
| StCtrlReset StCtrlEntropyReseed StCtrlRandom | Covered | T1,T2,T3 |
| StCtrlRootKey StCtrlInit | Covered | T1,T2,T3 |
| StCtrlCreatorRootKey | Covered | T1,T2,T3 |
| StCtrlOwnerIntKey | Covered | T1,T2,T3 |
| StCtrlOwnerKey | Covered | T1,T2,T3 |
| StCtrlDisabled | Covered | T1,T2,T3 |
| StCtrlWipe | Covered | T14,T15,T37 |
| StCtrlInvalid | Covered | T14,T15,T37 |
| default | Covered | T10,T11,T12 |
726 if (op_done_o) begin -1- 727 // It is possible for an operation to finish the same cycle en_i goes low. 728 // The main fsm handling is one cycle behind, but still report operation 729 // fail. 730 status_o = |{error_o, fault_o} ? OpDoneFail : OpDoneSuccess; -2- ==> ==> 731 end else if (op_start_i) begin -3- 732 status_o = OpWip; ==> 733 end MISSING_ELSE ==>
Branches:
| -1- | -2- | -3- | Status | Tests |
|---|---|---|---|---|
| 1 | 1 | - | Covered | T1,T2,T3 |
| 1 | 0 | - | Covered | T1,T2,T3 |
| 0 | - | 1 | Covered | T1,T2,T3 |
| 0 | - | 0 | Covered | T1,T2,T3 |
808 if (!rst_ni) begin -1- 809 vld_state_change_q <= '0; ==> 810 end else begin 811 vld_state_change_q <= vld_state_change_d; ==>
Branches:
| -1- | Status | Tests |
|---|---|---|
| 1 | Covered | T1,T2,T3 |
| 0 | Covered | T1,T2,T3 |
907 `ASSERT_FPV_LINEAR_FSM(SecCmCFILinear_A, state_q, state_e) -1- ==> ==>
Branches:
| -1- | Status | Tests |
|---|---|---|
| 1 | Covered | T1,T2,T3 |
| 0 | Covered | T1,T2,T3 |
Assert Coverage for Module : keymgr_ctrl
| Total | Attempted | Percent | Succeeded/Matched | Percent | |
|---|---|---|---|---|---|
| Assertions | 11 | 11 | 100.00 | 11 | 100.00 |
| Cover properties | 0 | 0 | 0 | ||
| Cover sequences | 0 | 0 | 0 | ||
| Total | 11 | 11 | 100.00 | 11 | 100.00 |
Assertion Details
| Name | Attempts | Real Successes | Failures | Incomplete |
| CntZero_A | 21286633 | 27836 | 0 | 0 |
| DataEnDis_A | 20964270 | 27277 | 0 | 0 |
| DataEn_A | 20964270 | 5396239 | 0 | 0 |
| GeneralLegalCommands_A | 21705443 | 14651 | 0 | 0 |
| InitLegalCommands_A | 21705443 | 974921 | 0 | 0 |
| LoadKey_A | 21588661 | 15173201 | 0 | 0 |
| OwnerLegalCommands_A | 21705443 | 1204204 | 0 | 0 |
| SameErrCnt_A | 875 | 875 | 0 | 0 |
| SecCmCFILinear_A | 21705443 | 5877 | 0 | 4820 |
| StageDisableSel_A | 21705443 | 858218 | 0 | 0 |
| u_state_regs_A | 21705443 | 21550665 | 0 | 0 |
CntZero_A
| Name | Attempts | Real Successes | Failures | Incomplete |
|---|---|---|---|---|
| Total | 21286633 | 27836 | 0 | 0 |
| T1 | 5456 | 16 | 0 | 0 |
| T2 | 18058 | 16 | 0 | 0 |
| T3 | 17046 | 16 | 0 | 0 |
| T4 | 5438 | 17 | 0 | 0 |
| T13 | 1307 | 0 | 0 | 0 |
| T14 | 4324 | 19 | 0 | 0 |
| T15 | 2423 | 18 | 0 | 0 |
| T16 | 4832 | 20 | 0 | 0 |
| T17 | 9788 | 20 | 0 | 0 |
| T18 | 11952 | 30 | 0 | 0 |
| T35 | 0 | 28 | 0 | 0 |
DataEnDis_A
| Name | Attempts | Real Successes | Failures | Incomplete |
|---|---|---|---|---|
| Total | 20964270 | 27277 | 0 | 0 |
| T1 | 5456 | 16 | 0 | 0 |
| T2 | 18058 | 16 | 0 | 0 |
| T3 | 17046 | 16 | 0 | 0 |
| T4 | 5438 | 17 | 0 | 0 |
| T13 | 1307 | 0 | 0 | 0 |
| T14 | 4324 | 19 | 0 | 0 |
| T15 | 2423 | 18 | 0 | 0 |
| T16 | 4832 | 20 | 0 | 0 |
| T17 | 7571 | 17 | 0 | 0 |
| T18 | 11952 | 30 | 0 | 0 |
| T35 | 0 | 28 | 0 | 0 |
DataEn_A
| Name | Attempts | Real Successes | Failures | Incomplete |
|---|---|---|---|---|
| Total | 20964270 | 5396239 | 0 | 0 |
| T1 | 5456 | 428 | 0 | 0 |
| T2 | 18058 | 3337 | 0 | 0 |
| T3 | 17046 | 3575 | 0 | 0 |
| T4 | 5438 | 1834 | 0 | 0 |
| T13 | 1307 | 0 | 0 | 0 |
| T14 | 4324 | 0 | 0 | 0 |
| T15 | 2423 | 304 | 0 | 0 |
| T16 | 4832 | 482 | 0 | 0 |
| T17 | 7571 | 2531 | 0 | 0 |
| T18 | 11952 | 2269 | 0 | 0 |
| T35 | 0 | 1501 | 0 | 0 |
| T36 | 0 | 6146 | 0 | 0 |
GeneralLegalCommands_A
| Name | Attempts | Real Successes | Failures | Incomplete |
|---|---|---|---|---|
| Total | 21705443 | 14651 | 0 | 0 |
| T50 | 65583 | 535 | 0 | 0 |
| T140 | 0 | 1384 | 0 | 0 |
| T141 | 0 | 1087 | 0 | 0 |
| T142 | 0 | 1786 | 0 | 0 |
| T143 | 0 | 92 | 0 | 0 |
| T144 | 0 | 42 | 0 | 0 |
| T145 | 0 | 42 | 0 | 0 |
| T146 | 0 | 42 | 0 | 0 |
| T147 | 0 | 164 | 0 | 0 |
| T148 | 0 | 8812 | 0 | 0 |
| T149 | 1269 | 0 | 0 | 0 |
| T150 | 179208 | 0 | 0 | 0 |
| T151 | 2992 | 0 | 0 | 0 |
| T152 | 1832 | 0 | 0 | 0 |
| T153 | 5524 | 0 | 0 | 0 |
| T154 | 4401 | 0 | 0 | 0 |
| T155 | 138106 | 0 | 0 | 0 |
| T156 | 10702 | 0 | 0 | 0 |
| T157 | 5563 | 0 | 0 | 0 |
InitLegalCommands_A
| Name | Attempts | Real Successes | Failures | Incomplete |
|---|---|---|---|---|
| Total | 21705443 | 974921 | 0 | 0 |
| T1 | 5456 | 16 | 0 | 0 |
| T2 | 18058 | 217 | 0 | 0 |
| T3 | 17046 | 512 | 0 | 0 |
| T4 | 5438 | 1633 | 0 | 0 |
| T13 | 1307 | 0 | 0 | 0 |
| T14 | 4324 | 0 | 0 | 0 |
| T15 | 4964 | 208 | 0 | 0 |
| T16 | 4832 | 22 | 0 | 0 |
| T17 | 9788 | 964 | 0 | 0 |
| T18 | 11952 | 499 | 0 | 0 |
| T35 | 0 | 105 | 0 | 0 |
| T36 | 0 | 837 | 0 | 0 |
LoadKey_A
| Name | Attempts | Real Successes | Failures | Incomplete |
|---|---|---|---|---|
| Total | 21588661 | 15173201 | 0 | 0 |
| T1 | 5456 | 1497 | 0 | 0 |
| T2 | 18058 | 14803 | 0 | 0 |
| T3 | 17046 | 12862 | 0 | 0 |
| T4 | 5438 | 2764 | 0 | 0 |
| T13 | 1307 | 0 | 0 | 0 |
| T14 | 4324 | 0 | 0 | 0 |
| T15 | 4964 | 1195 | 0 | 0 |
| T16 | 4832 | 1492 | 0 | 0 |
| T17 | 9788 | 5114 | 0 | 0 |
| T18 | 11952 | 4856 | 0 | 0 |
| T35 | 0 | 5574 | 0 | 0 |
| T36 | 0 | 19578 | 0 | 0 |
OwnerLegalCommands_A
| Name | Attempts | Real Successes | Failures | Incomplete |
|---|---|---|---|---|
| Total | 21705443 | 1204204 | 0 | 0 |
| T1 | 5456 | 170 | 0 | 0 |
| T2 | 18058 | 1442 | 0 | 0 |
| T3 | 17046 | 1403 | 0 | 0 |
| T4 | 5438 | 0 | 0 | 0 |
| T13 | 1307 | 0 | 0 | 0 |
| T14 | 4324 | 0 | 0 | 0 |
| T15 | 4964 | 85 | 0 | 0 |
| T16 | 4832 | 123 | 0 | 0 |
| T17 | 9788 | 0 | 0 | 0 |
| T18 | 11952 | 303 | 0 | 0 |
| T19 | 0 | 997 | 0 | 0 |
| T35 | 0 | 531 | 0 | 0 |
| T36 | 0 | 1927 | 0 | 0 |
| T75 | 0 | 96 | 0 | 0 |
SameErrCnt_A
| Name | Attempts | Real Successes | Failures | Incomplete |
|---|---|---|---|---|
| Total | 875 | 875 | 0 | 0 |
| T1 | 1 | 1 | 0 | 0 |
| T2 | 1 | 1 | 0 | 0 |
| T3 | 1 | 1 | 0 | 0 |
| T4 | 1 | 1 | 0 | 0 |
| T13 | 1 | 1 | 0 | 0 |
| T14 | 1 | 1 | 0 | 0 |
| T15 | 1 | 1 | 0 | 0 |
| T16 | 1 | 1 | 0 | 0 |
| T17 | 1 | 1 | 0 | 0 |
| T18 | 1 | 1 | 0 | 0 |
SecCmCFILinear_A
| Name | Attempts | Real Successes | Failures | Incomplete |
|---|---|---|---|---|
| Total | 21705443 | 5877 | 0 | 4820 |
| T10 | 0 | 190 | 0 | 0 |
| T14 | 4324 | 5 | 0 | 0 |
| T15 | 4964 | 10 | 0 | 0 |
| T16 | 4832 | 0 | 0 | 8 |
| T17 | 9788 | 0 | 0 | 5 |
| T18 | 11952 | 0 | 0 | 8 |
| T19 | 15024 | 0 | 0 | 8 |
| T28 | 0 | 6 | 0 | 0 |
| T35 | 12966 | 0 | 0 | 8 |
| T36 | 22721 | 0 | 0 | 8 |
| T37 | 9092 | 8 | 0 | 0 |
| T39 | 0 | 7 | 0 | 0 |
| T40 | 0 | 6 | 0 | 0 |
| T41 | 0 | 8 | 0 | 0 |
| T68 | 0 | 9 | 0 | 0 |
| T74 | 14815 | 0 | 0 | 6 |
| T75 | 0 | 0 | 0 | 8 |
| T112 | 0 | 0 | 0 | 8 |
| T114 | 0 | 5 | 0 | 0 |
| T129 | 0 | 0 | 0 | 8 |
StageDisableSel_A
| Name | Attempts | Real Successes | Failures | Incomplete |
|---|---|---|---|---|
| Total | 21705443 | 858218 | 0 | 0 |
| T1 | 5456 | 38 | 0 | 0 |
| T2 | 18058 | 3 | 0 | 0 |
| T3 | 17046 | 19 | 0 | 0 |
| T4 | 5438 | 268 | 0 | 0 |
| T13 | 1307 | 147 | 0 | 0 |
| T14 | 4324 | 42 | 0 | 0 |
| T15 | 4964 | 376 | 0 | 0 |
| T16 | 4832 | 28 | 0 | 0 |
| T17 | 9788 | 36 | 0 | 0 |
| T18 | 11952 | 3 | 0 | 0 |
u_state_regs_A
| Name | Attempts | Real Successes | Failures | Incomplete |
|---|---|---|---|---|
| Total | 21705443 | 21550665 | 0 | 0 |
| T1 | 5456 | 5398 | 0 | 0 |
| T2 | 18058 | 17959 | 0 | 0 |
| T3 | 17046 | 16955 | 0 | 0 |
| T4 | 5438 | 5384 | 0 | 0 |
| T13 | 1307 | 1207 | 0 | 0 |
| T14 | 4324 | 4161 | 0 | 0 |
| T15 | 4964 | 4817 | 0 | 0 |
| T16 | 4832 | 4772 | 0 | 0 |
| T17 | 9788 | 9733 | 0 | 0 |
| T18 | 11952 | 11877 | 0 | 0 |