Line Coverage for Module :
sram_ctrl
| Line No. | Total | Covered | Percent |
TOTAL | | 52 | 52 | 100.00 |
CONT_ASSIGN | 131 | 1 | 1 | 100.00 |
CONT_ASSIGN | 139 | 1 | 1 | 100.00 |
CONT_ASSIGN | 142 | 1 | 1 | 100.00 |
CONT_ASSIGN | 146 | 1 | 1 | 100.00 |
CONT_ASSIGN | 150 | 1 | 1 | 100.00 |
CONT_ASSIGN | 154 | 1 | 1 | 100.00 |
CONT_ASSIGN | 157 | 1 | 1 | 100.00 |
CONT_ASSIGN | 189 | 1 | 1 | 100.00 |
CONT_ASSIGN | 191 | 1 | 1 | 100.00 |
CONT_ASSIGN | 199 | 1 | 1 | 100.00 |
CONT_ASSIGN | 207 | 1 | 1 | 100.00 |
CONT_ASSIGN | 217 | 1 | 1 | 100.00 |
CONT_ASSIGN | 226 | 1 | 1 | 100.00 |
CONT_ASSIGN | 231 | 1 | 1 | 100.00 |
ALWAYS | 235 | 3 | 3 | 100.00 |
CONT_ASSIGN | 247 | 1 | 1 | 100.00 |
CONT_ASSIGN | 248 | 1 | 1 | 100.00 |
CONT_ASSIGN | 272 | 1 | 1 | 100.00 |
CONT_ASSIGN | 273 | 1 | 1 | 100.00 |
CONT_ASSIGN | 284 | 1 | 1 | 100.00 |
CONT_ASSIGN | 289 | 1 | 1 | 100.00 |
CONT_ASSIGN | 293 | 1 | 1 | 100.00 |
CONT_ASSIGN | 294 | 1 | 1 | 100.00 |
CONT_ASSIGN | 298 | 1 | 1 | 100.00 |
CONT_ASSIGN | 299 | 1 | 1 | 100.00 |
CONT_ASSIGN | 303 | 1 | 1 | 100.00 |
CONT_ASSIGN | 304 | 1 | 1 | 100.00 |
ALWAYS | 307 | 11 | 11 | 100.00 |
CONT_ASSIGN | 351 | 1 | 1 | 100.00 |
CONT_ASSIGN | 394 | 1 | 1 | 100.00 |
CONT_ASSIGN | 471 | 1 | 1 | 100.00 |
CONT_ASSIGN | 512 | 1 | 1 | 100.00 |
CONT_ASSIGN | 518 | 1 | 1 | 100.00 |
CONT_ASSIGN | 519 | 1 | 1 | 100.00 |
CONT_ASSIGN | 520 | 1 | 1 | 100.00 |
CONT_ASSIGN | 521 | 1 | 1 | 100.00 |
CONT_ASSIGN | 522 | 1 | 1 | 100.00 |
CONT_ASSIGN | 523 | 1 | 1 | 100.00 |
CONT_ASSIGN | 534 | 1 | 1 | 100.00 |
CONT_ASSIGN | 573 | 1 | 1 | 100.00 |
130 logic unused_nonce;
131 1/1 assign unused_nonce = ^nonce_q[otp_ctrl_pkg::SramNonceWidth-1:NonceWidth];
Tests: T1 T2 T3
132 end
133
134 //////////////////
135 // Alert Sender //
136 //////////////////
137
138 logic alert_test;
139 1/1 assign alert_test = reg2hw.alert_test.q & reg2hw.alert_test.qe;
Tests: T1 T2 T3
140
141 assign hw2reg.status.bus_integ_error.d = 1'b1;
142 1/1 assign hw2reg.status.bus_integ_error.de = |bus_integ_error;
Tests: T1 T2 T3
143
144 logic init_error;
145 assign hw2reg.status.init_error.d = 1'b1;
146 1/1 assign hw2reg.status.init_error.de = init_error;
Tests: T1 T2 T3
147
148 logic readback_error;
149 assign hw2reg.status.readback_error.d = 1'b1;
150 1/1 assign hw2reg.status.readback_error.de = readback_error;
Tests: T1 T2 T3
151
152 logic sram_alert;
153 assign hw2reg.status.sram_alert.d = 1'b1;
154 1/1 assign hw2reg.status.sram_alert.de = sram_alert;
Tests: T1 T2 T3
155
156 logic alert_req;
157 1/1 assign alert_req = (|bus_integ_error) | init_error | readback_error | sram_alert;
Tests: T1 T2 T3
158
159 prim_alert_sender #(
160 .AsyncOn(AlertAsyncOn[0]),
161 .IsFatal(1)
162 ) u_prim_alert_sender_parity (
163 .clk_i,
164 .rst_ni,
165 .alert_test_i ( alert_test ),
166 .alert_req_i ( alert_req ),
167 .alert_ack_o ( ),
168 .alert_state_o ( ),
169 .alert_rx_i ( alert_rx_i[0] ),
170 .alert_tx_o ( alert_tx_o[0] )
171 );
172
173 /////////////////////////
174 // Escalation Triggers //
175 /////////////////////////
176
177 lc_tx_t [1:0] escalate_en;
178 prim_lc_sync #(
179 .NumCopies (2)
180 ) u_prim_lc_sync (
181 .clk_i,
182 .rst_ni,
183 .lc_en_i (lc_escalate_en_i),
184 .lc_en_o (escalate_en)
185 );
186
187 // SEC_CM: KEY.GLOBAL_ESC
188 logic escalate;
189 1/1 assign escalate = lc_tx_test_true_loose(escalate_en[0]);
Tests: T1 T2 T3
190 assign hw2reg.status.escalated.d = 1'b1;
191 1/1 assign hw2reg.status.escalated.de = escalate;
Tests: T1 T2 T3
192
193 // SEC_CM: KEY.LOCAL_ESC
194 // Aggregate external and internal escalation sources.
195 // This is used in countermeasures further below (key reset and transaction blocking).
196 logic local_esc, local_esc_reg;
197 // This signal only aggregates registered escalation signals and is used for transaction
198 // blocking further below, which is on a timing-critical path.
199 1/1 assign local_esc_reg = reg2hw.status.escalated.q |
Tests: T1 T2 T3
200 reg2hw.status.init_error.q |
201 reg2hw.status.bus_integ_error.q |
202 reg2hw.status.sram_alert.q |
203 reg2hw.status.readback_error.q;
204 // This signal aggregates all escalation trigger signals, including the ones that are generated
205 // in the same cycle such as init_error, sram alert, and bus_integ_error. It is used for
206 // countermeasures that are not on the critical path (such as clearing the scrambling keys).
207 1/1 assign local_esc = escalate |
Tests: T1 T2 T3
208 init_error |
209 (|bus_integ_error) |
210 sram_alert |
211 readback_error |
212 local_esc_reg;
213
214 // Convert registered, local escalation sources to a multibit signal and combine this with
215 // the incoming escalation enable signal before feeding into the TL-UL gate further below.
216 lc_tx_t lc_tlul_gate_en;
217 1/1 assign lc_tlul_gate_en = lc_tx_inv(lc_tx_or_hi(escalate_en[1],
Tests: T1 T2 T3
218 lc_tx_bool_to_lc_tx(local_esc_reg)));
219 ///////////////////////
220 // HW Initialization //
221 ///////////////////////
222
223 // A write to the init register reloads the LFSR seed, resets the init counter and
224 // sets init_q to flag a pending initialization request.
225 logic init_trig, init_q;
226 1/1 assign init_trig = reg2hw.ctrl.init.q &&
Tests: T1 T2 T3
227 reg2hw.ctrl.init.qe &&
228 !init_q; // Ignore new requests while memory init is already pending.
229
230 logic init_d, init_done;
231 1/1 assign init_d = (init_done) ? 1'b0 :
Tests: T1 T2 T3
232 (init_trig) ? 1'b1 : init_q;
233
234 always_ff @(posedge clk_i or negedge rst_ni) begin : p_init_reg
235 1/1 if(!rst_ni) begin
Tests: T1 T2 T3
236 1/1 init_q <= 1'b0;
Tests: T1 T2 T3
237 end else begin
238 1/1 init_q <= init_d;
Tests: T1 T2 T3
239 end
240 end
241
242 // This waits until the scrambling keys are actually valid (this allows the SW to trigger
243 // key renewal and initialization at the same time).
244 logic init_req;
245 logic [AddrWidth-1:0] init_cnt;
246 logic key_req_pending_d, key_req_pending_q;
247 1/1 assign init_req = init_q & ~key_req_pending_q;
Tests: T1 T2 T3
248 1/1 assign init_done = (init_cnt == AddrWidth'(Depth - 1)) & init_req;
Tests: T1 T2 T3
249
250 // We employ two redundant counters to guard against FI attacks.
251 // If any of the two is glitched and the two counter states do not agree,
252 // we trigger an alert.
253 // SEC_CM: INIT.CTR.REDUN
254 prim_count #(
255 .Width(AddrWidth)
256 ) u_prim_count (
257 .clk_i,
258 .rst_ni,
259 .clr_i(init_trig),
260 .set_i(1'b0),
261 .set_cnt_i('0),
262 .incr_en_i(init_req),
263 .decr_en_i(1'b0),
264 .step_i(AddrWidth'(1)),
265 .commit_i(1'b1),
266 .cnt_o(init_cnt),
267 .cnt_after_commit_o(),
268 .err_o(init_error)
269 );
270
271 // Clear this bit on local escalation.
272 1/1 assign hw2reg.status.init_done.d = init_done & ~init_trig & ~local_esc;
Tests: T1 T2 T3
273 1/1 assign hw2reg.status.init_done.de = init_done | init_trig | local_esc;
Tests: T1 T2 T3
274
275 ////////////////////////////
276 // Scrambling Key Request //
277 ////////////////////////////
278
279 // The scrambling key and nonce have to be requested from the OTP controller via a req/ack
280 // protocol. Since the OTP controller works in a different clock domain, we have to synchronize
281 // the req/ack protocol as described in more details here:
282 // https://docs.opentitan.org/hw/ip/otp_ctrl/doc/index.html#interfaces-to-sram-and-otbn-scramblers
283 logic key_req, key_ack;
284 1/1 assign key_req = reg2hw.ctrl.renew_scr_key.q &&
Tests: T1 T2 T3
285 reg2hw.ctrl.renew_scr_key.qe &&
286 !key_req_pending_q && // Ignore new requests while a request is already pending.
287 !init_q; // Ignore new requests while memory init is already pending.
288
289 1/1 assign key_req_pending_d = (key_req) ? 1'b1 :
Tests: T1 T2 T3
290 (key_ack) ? 1'b0 : key_req_pending_q;
291
292 // Clear this bit on local escalation.
293 1/1 assign hw2reg.status.scr_key_valid.d = key_ack & ~key_req & ~local_esc;
Tests: T1 T2 T3
294 1/1 assign hw2reg.status.scr_key_valid.de = key_req | key_ack | local_esc;
Tests: T1 T2 T3
295
296 // As opposed to scr_key_valid, SW is responsible for clearing this register.
297 // It is not automatically cleared by HW, except when escalating.
298 1/1 assign hw2reg.scr_key_rotated.d = (key_ack & ~local_esc) ? MuBi4True : MuBi4False;
Tests: T1 T2 T3
299 1/1 assign hw2reg.scr_key_rotated.de = key_ack | local_esc;
Tests: T1 T2 T3
300
301 // Clear this bit on local escalation.
302 logic key_seed_valid;
303 1/1 assign hw2reg.status.scr_key_seed_valid.d = key_seed_valid & ~local_esc;
Tests: T1 T2 T3
304 1/1 assign hw2reg.status.scr_key_seed_valid.de = key_ack | local_esc;
Tests: T1 T2 T3
305
306 always_ff @(posedge clk_i or negedge rst_ni) begin : p_regs
307 1/1 if (!rst_ni) begin
Tests: T1 T2 T3
308 1/1 key_req_pending_q <= 1'b0;
Tests: T1 T2 T3
309 // reset case does not use buffered values as the
310 // reset value will be directly encoded into flop types
311 1/1 key_q <= RndCnstSramKey;
Tests: T1 T2 T3
312 1/1 nonce_q <= RndCnstSramNonce;
Tests: T1 T2 T3
313 end else begin
314 1/1 key_req_pending_q <= key_req_pending_d;
Tests: T1 T2 T3
315 1/1 if (key_ack) begin
Tests: T1 T2 T3
316 1/1 key_q <= key_d;
Tests: T1 T2 T3
317 1/1 nonce_q <= nonce_d;
Tests: T1 T2 T3
318 end
MISSING_ELSE
319 // This scraps the keys.
320 // SEC_CM: KEY.GLOBAL_ESC
321 // SEC_CM: KEY.LOCAL_ESC
322 1/1 if (local_esc) begin
Tests: T1 T2 T3
323 1/1 key_q <= cnst_sram_key;
Tests: T4 T5 T6
324 1/1 nonce_q <= cnst_sram_nonce;
Tests: T4 T5 T6
325 end
MISSING_ELSE
326 end
327 end
328
329 prim_sync_reqack_data #(
330 .Width($bits(otp_ctrl_pkg::sram_otp_key_rsp_t)-1),
331 .DataSrc2Dst(1'b0)
332 ) u_prim_sync_reqack_data (
333 .clk_src_i ( clk_i ),
334 .rst_src_ni ( rst_ni ),
335 .clk_dst_i ( clk_otp_i ),
336 .rst_dst_ni ( rst_otp_ni ),
337 .req_chk_i ( 1'b1 ),
338 .src_req_i ( key_req_pending_q ),
339 .src_ack_o ( key_ack ),
340 .dst_req_o ( sram_otp_key_o.req ),
341 .dst_ack_i ( sram_otp_key_i.ack ),
342 .data_i ( {sram_otp_key_i.key,
343 sram_otp_key_i.nonce,
344 sram_otp_key_i.seed_valid} ),
345 .data_o ( {key_d,
346 nonce_d,
347 key_seed_valid} )
348 );
349
350 logic unused_csr_sigs;
351 1/1 assign unused_csr_sigs = ^{reg2hw.status.init_done.q,
Tests: T1 T2 T3
352 reg2hw.status.scr_key_seed_valid.q};
353
354 ////////////////////
355 // SRAM Execution //
356 ////////////////////
357
358 mubi4_t en_ifetch;
359 if (InstrExec) begin : gen_instr_ctrl
360 lc_tx_t lc_hw_debug_en;
361 prim_lc_sync #(
362 .NumCopies (1)
363 ) u_prim_lc_sync_hw_debug_en (
364 .clk_i,
365 .rst_ni,
366 .lc_en_i (lc_hw_debug_en_i),
367 .lc_en_o ({lc_hw_debug_en})
368 );
369
370 mubi8_t otp_en_sram_ifetch;
371 prim_mubi8_sync #(
372 .NumCopies (1)
373 ) u_prim_mubi8_sync_otp_en_sram_ifetch (
374 .clk_i,
375 .rst_ni,
376 .mubi_i(otp_en_sram_ifetch_i),
377 .mubi_o({otp_en_sram_ifetch})
378 );
379
380 mubi4_t lc_ifetch_en;
381 mubi4_t reg_ifetch_en;
382 // SEC_CM: INSTR.BUS.LC_GATED
383 assign lc_ifetch_en = lc_to_mubi4(lc_hw_debug_en);
384 // SEC_CM: EXEC.CONFIG.MUBI
385 assign reg_ifetch_en = mubi4_t'(reg2hw.exec.q);
386 // SEC_CM: EXEC.INTERSIG.MUBI
387 assign en_ifetch = (mubi8_test_true_strict(otp_en_sram_ifetch)) ? reg_ifetch_en :
388 lc_ifetch_en;
389 end else begin : gen_tieoff
390 assign en_ifetch = MuBi4False;
391
392 // tie off unused signals
393 logic unused_sigs;
394 1/1 assign unused_sigs = ^{lc_hw_debug_en_i,
Tests: T1 T2 T3
395 reg2hw.exec.q,
396 otp_en_sram_ifetch_i};
397 end
398
399 /////////////////////////
400 // Initialization LFSR //
401 /////////////////////////
402
403 logic [LfsrWidth-1:0] lfsr_out;
404 prim_lfsr #(
405 .LfsrDw ( LfsrWidth ),
406 .EntropyDw ( LfsrWidth ),
407 .StateOutDw ( LfsrWidth ),
408 .DefaultSeed ( RndCnstLfsrSeed ),
409 .StatePermEn ( 1'b1 ),
410 .StatePerm ( RndCnstLfsrPerm )
411 ) u_lfsr (
412 .clk_i,
413 .rst_ni,
414 .lfsr_en_i(init_req),
415 .seed_en_i(init_trig),
416 .seed_i(nonce_q[NonceWidth +: LfsrWidth]),
417 .entropy_i('0),
418 .state_o(lfsr_out)
419 );
420
421 // Compute the correct integrity alongside for the pseudo-random initialization values.
422 logic [DataWidth - 1 :0] lfsr_out_integ;
423 tlul_data_integ_enc u_tlul_data_integ_enc (
424 .data_i(lfsr_out),
425 .data_intg_o(lfsr_out_integ)
426 );
427
428 ////////////////////////////
429 // SRAM TL-UL Access Gate //
430 ////////////////////////////
431
432 logic tl_gate_resp_pending;
433 tlul_pkg::tl_h2d_t ram_tl_in_gated;
434 tlul_pkg::tl_d2h_t ram_tl_out_gated;
435
436 // SEC_CM: RAM_TL_LC_GATE.FSM.SPARSE
437 tlul_lc_gate #(
438 .NumGatesPerDirection(2)
439 ) u_tlul_lc_gate (
440 .clk_i,
441 .rst_ni,
442 .tl_h2d_i(ram_tl_i),
443 .tl_d2h_o(ram_tl_o),
444 .tl_h2d_o(ram_tl_in_gated),
445 .tl_d2h_i(ram_tl_out_gated),
446 .flush_req_i('0),
447 .flush_ack_o(),
448 .resp_pending_o(tl_gate_resp_pending),
449 .lc_en_i (lc_tlul_gate_en),
450 .err_o (bus_integ_error[2])
451 );
452
453 /////////////////////////////////
454 // SRAM with scrambling device //
455 /////////////////////////////////
456
457 logic tlul_req, tlul_gnt, tlul_we;
458 logic [AddrWidth-1:0] tlul_addr;
459 logic [DataWidth-1:0] tlul_wdata, tlul_wmask;
460
461 logic sram_intg_error, sram_req, sram_gnt, sram_we, sram_rvalid;
462 logic [AddrWidth-1:0] sram_addr;
463 logic [DataWidth-1:0] sram_wdata, sram_wmask, sram_rdata;
464 logic sram_wpending, sram_wr_collision;
465
466 logic sram_compound_txn_in_progress;
467
468
469 // // SEC_CM: MEM.READBACK
470 mubi4_t reg_readback_en;
471 1/1 assign reg_readback_en = mubi4_t'(reg2hw.readback.q);
Tests: T1 T2 T3
472
473 tlul_adapter_sram #(
474 .SramAw(AddrWidth),
475 .SramDw(DataWidth - tlul_pkg::DataIntgWidth),
476 .Outstanding(2),
477 .ByteAccess(1),
478 .CmdIntgCheck(1),
479 .EnableRspIntgGen(1),
480 .EnableDataIntgGen(0),
481 .EnableDataIntgPt(1), // SEC_CM: MEM.INTEGRITY
482 .SecFifoPtr (1), // SEC_CM: TLUL_FIFO.CTR.REDUN
483 .EnableReadback (1) // SEC_CM: MEM.READBACK
484 ) u_tlul_adapter_sram (
485 .clk_i,
486 .rst_ni,
487 .tl_i (ram_tl_in_gated),
488 .tl_o (ram_tl_out_gated),
489 .en_ifetch_i (en_ifetch),
490 .req_o (tlul_req),
491 .req_type_o (),
492 .gnt_i (tlul_gnt),
493 .we_o (tlul_we),
494 .addr_o (tlul_addr),
495 .wdata_o (tlul_wdata),
496 .wmask_o (tlul_wmask),
497 // SEC_CM: BUS.INTEGRITY
498 .intg_error_o (bus_integ_error[1]),
499 .rdata_i (sram_rdata),
500 .rvalid_i (sram_rvalid),
501 .rerror_i ('0),
502 .compound_txn_in_progress_o (sram_compound_txn_in_progress),
503 .readback_en_i (reg_readback_en),
504 .readback_error_o (readback_error),
505 .wr_collision_i (sram_wr_collision),
506 .write_pending_i (sram_wpending)
507 );
508
509 logic key_valid;
510
511 // Interposing mux logic for initialization with pseudo random data.
512 1/1 assign sram_req = tlul_req | init_req;
Tests: T1 T2 T3
513 // This grant signal acts more like a ready internally in tlul_adapter_sram. In particular it's
514 // fine to assert it when tlul_req is low (it has no effect). So here tlul_gnt is asserted when
515 // a request from tlul_req will be granted regardless of whether a request exists. This is done
516 // for timing reasons so that the output TL ready isn't combinatorially connected to the incoming
517 // TL valid. In particular we must not use `sram_gnt` in the expression to avoid this.
518 1/1 assign tlul_gnt = key_valid & ~init_req;
Tests: T1 T2 T3
519 1/1 assign sram_we = tlul_we | init_req;
Tests: T1 T2 T3
520 1/1 assign sram_intg_error = |bus_integ_error[2:1] & ~init_req;
Tests: T1 T2 T3
521 1/1 assign sram_addr = (init_req) ? init_cnt : tlul_addr;
Tests: T1 T2 T3
522 1/1 assign sram_wdata = (init_req) ? lfsr_out_integ : tlul_wdata;
Tests: T1 T2 T3
523 1/1 assign sram_wmask = (init_req) ? {DataWidth{1'b1}} : tlul_wmask;
Tests: T1 T2 T3
524
525 // The SRAM scrambling wrapper will not accept any transactions while the
526 // key req is pending or if we have escalated. Note that we're not using
527 // the scr_key_valid CSR here, such that the SRAM can be used right after
528 // reset, where the keys are reset to the default netlist constant.
529 //
530 // If we have escalated, but there is a pending request in the TL gate, we may have a pending
531 // read-modify-write transaction or readback in the SRAM adapter. In that case we force key_valid
532 // high to enable that to complete so it returns a response, the TL gate won't accept any new
533 // transactions and the SRAM keys have been clobbered already.
534 1/1 assign key_valid =
Tests: T1 T2 T3
535 (key_req_pending_q) ? 1'b0 :
536 (reg2hw.status.escalated.q) ? (tl_gate_resp_pending & sram_compound_txn_in_progress) : 1'b1;
537
538 // SEC_CM: MEM.SCRAMBLE, ADDR.SCRAMBLE
539 prim_ram_1p_scr #(
540 .Width(DataWidth),
541 .Depth(Depth),
542 .EnableParity(0),
543 .DataBitsPerMask(DataWidth),
544 .NumPrinceRoundsHalf(NumPrinceRoundsHalf)
545 ) u_prim_ram_1p_scr (
546 .clk_i,
547 .rst_ni,
548
549 .key_valid_i (key_valid),
550 .key_i (key_q),
551 .nonce_i (nonce_q[NonceWidth-1:0]),
552
553 .req_i (sram_req),
554 .intg_error_i (sram_intg_error),
555 .gnt_o (sram_gnt),
556 .write_i (sram_we),
557 .addr_i (sram_addr),
558 .wdata_i (sram_wdata),
559 .wmask_i (sram_wmask),
560 .rdata_o (sram_rdata),
561 .rvalid_o (sram_rvalid),
562 .rerror_o ( ),
563 .raddr_o ( ),
564 .cfg_i,
565 .wr_collision_o (sram_wr_collision),
566 .write_pending_o (sram_wpending),
567 .alert_o (sram_alert)
568 );
569
570 logic unused_sram_gnt;
571 // Ignore sram_gnt signal to avoid creating a bad timing path, see comment on `tlul_gnt` above for
572 // more details.
573 1/1 assign unused_sram_gnt = sram_gnt;
Tests: T1 T2 T3
Cond Coverage for Module :
sram_ctrl
| Total | Covered | Percent |
Conditions | 101 | 88 | 87.13 |
Logical | 101 | 88 | 87.13 |
Non-Logical | 0 | 0 | |
Event | 0 | 0 | |
LINE 139
EXPRESSION (reg2hw.alert_test.q & reg2hw.alert_test.qe)
---------1--------- ----------2---------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T11,T13,T14 |
1 | 0 | Covered | T1,T2,T3 |
1 | 1 | Covered | T11,T13,T14 |
LINE 157
EXPRESSION (((|bus_integ_error)) | init_error | readback_error | sram_alert)
----------1--------- -----2---- -------3------ -----4----
-1- | -2- | -3- | -4- | Status | Tests |
0 | 0 | 0 | 0 | Covered | T1,T2,T3 |
0 | 0 | 0 | 1 | Not Covered | |
0 | 0 | 1 | 0 | Not Covered | |
0 | 1 | 0 | 0 | Covered | T5,T15,T16 |
1 | 0 | 0 | 0 | Covered | T5,T15,T16 |
LINE 199
EXPRESSION
Number Term
1 reg2hw.status.escalated.q |
2 reg2hw.status.init_error.q |
3 reg2hw.status.bus_integ_error.q |
4 reg2hw.status.sram_alert.q |
5 reg2hw.status.readback_error.q)
-1- | -2- | -3- | -4- | -5- | Status | Tests |
0 | 0 | 0 | 0 | 0 | Covered | T1,T2,T3 |
0 | 0 | 0 | 0 | 1 | Not Covered | |
0 | 0 | 0 | 1 | 0 | Not Covered | |
0 | 0 | 1 | 0 | 0 | Covered | T5,T15,T16 |
0 | 1 | 0 | 0 | 0 | Covered | T5,T15,T16 |
1 | 0 | 0 | 0 | 0 | Covered | T4,T6,T7 |
LINE 207
EXPRESSION (escalate | init_error | ((|bus_integ_error)) | sram_alert | readback_error | local_esc_reg)
----1--- -----2---- ----------3--------- -----4---- -------5------ ------6------
-1- | -2- | -3- | -4- | -5- | -6- | Status | Tests |
0 | 0 | 0 | 0 | 0 | 0 | Covered | T1,T2,T3 |
0 | 0 | 0 | 0 | 0 | 1 | Covered | T4,T5,T6 |
0 | 0 | 0 | 0 | 1 | 0 | Not Covered | |
0 | 0 | 0 | 1 | 0 | 0 | Not Covered | |
0 | 0 | 1 | 0 | 0 | 0 | Covered | T5,T15,T16 |
0 | 1 | 0 | 0 | 0 | 0 | Covered | T5,T15,T16 |
1 | 0 | 0 | 0 | 0 | 0 | Covered | T4,T6,T7 |
LINE 226
EXPRESSION (reg2hw.ctrl.init.q && reg2hw.ctrl.init.qe && ((!init_q)))
---------1-------- ---------2--------- -----3-----
-1- | -2- | -3- | Status | Tests |
0 | 1 | 1 | Covered | T4,T6,T7 |
1 | 0 | 1 | Covered | T1,T2,T3 |
1 | 1 | 0 | Not Covered | |
1 | 1 | 1 | Covered | T1,T2,T3 |
LINE 231
EXPRESSION (init_done ? 1'b0 : (init_trig ? 1'b1 : init_q))
----1----
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T3 |
LINE 231
SUB-EXPRESSION (init_trig ? 1'b1 : init_q)
----1----
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T3 |
LINE 247
EXPRESSION (init_q & ((~key_req_pending_q)))
---1-- -----------2----------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T2,T3 |
1 | 0 | Covered | T1,T2,T3 |
1 | 1 | Covered | T1,T2,T3 |
LINE 248
EXPRESSION ((init_cnt == 10'((Depth - 1))) & init_req)
---------------1-------------- ----2---
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T2,T3 |
1 | 0 | Covered | T1,T2,T3 |
1 | 1 | Covered | T1,T2,T3 |
LINE 248
SUB-EXPRESSION (init_cnt == 10'((Depth - 1)))
---------------1--------------
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T3 |
LINE 272
EXPRESSION (init_done & ((~init_trig)) & ((~local_esc)))
----1---- -------2------ -------3------
-1- | -2- | -3- | Status | Tests |
0 | 1 | 1 | Covered | T1,T2,T3 |
1 | 0 | 1 | Not Covered | |
1 | 1 | 0 | Covered | T4,T6,T7 |
1 | 1 | 1 | Covered | T1,T2,T3 |
LINE 273
EXPRESSION (init_done | init_trig | local_esc)
----1---- ----2---- ----3----
-1- | -2- | -3- | Status | Tests |
0 | 0 | 0 | Covered | T1,T2,T3 |
0 | 0 | 1 | Covered | T4,T5,T6 |
0 | 1 | 0 | Covered | T1,T2,T3 |
1 | 0 | 0 | Covered | T1,T2,T3 |
LINE 284
EXPRESSION (reg2hw.ctrl.renew_scr_key.q && reg2hw.ctrl.renew_scr_key.qe && ((!key_req_pending_q)) && ((!init_q)))
-------------1------------- --------------2------------- -----------3---------- -----4-----
-1- | -2- | -3- | -4- | Status | Tests |
0 | 1 | 1 | 1 | Covered | T17,T18,T19 |
1 | 0 | 1 | 1 | Covered | T1,T2,T3 |
1 | 1 | 0 | 1 | Not Covered | |
1 | 1 | 1 | 0 | Not Covered | |
1 | 1 | 1 | 1 | Covered | T1,T2,T3 |
LINE 289
EXPRESSION (key_req ? 1'b1 : (key_ack ? 1'b0 : key_req_pending_q))
---1---
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T3 |
LINE 289
SUB-EXPRESSION (key_ack ? 1'b0 : key_req_pending_q)
---1---
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T3 |
LINE 293
EXPRESSION (key_ack & ((~key_req)) & ((~local_esc)))
---1--- ------2----- -------3------
-1- | -2- | -3- | Status | Tests |
0 | 1 | 1 | Covered | T1,T2,T3 |
1 | 0 | 1 | Not Covered | |
1 | 1 | 0 | Covered | T4,T6,T7 |
1 | 1 | 1 | Covered | T1,T2,T3 |
LINE 294
EXPRESSION (key_req | key_ack | local_esc)
---1--- ---2--- ----3----
-1- | -2- | -3- | Status | Tests |
0 | 0 | 0 | Covered | T1,T2,T3 |
0 | 0 | 1 | Covered | T4,T5,T6 |
0 | 1 | 0 | Covered | T1,T2,T3 |
1 | 0 | 0 | Covered | T1,T2,T3 |
LINE 298
EXPRESSION ((key_ack & ((~local_esc))) ? MuBi4True : MuBi4False)
-------------1------------
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T3 |
LINE 298
SUB-EXPRESSION (key_ack & ((~local_esc)))
---1--- -------2------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T2,T3 |
1 | 0 | Covered | T4,T6,T7 |
1 | 1 | Covered | T1,T2,T3 |
LINE 299
EXPRESSION (key_ack | local_esc)
---1--- ----2----
-1- | -2- | Status | Tests |
0 | 0 | Covered | T1,T2,T3 |
0 | 1 | Covered | T4,T5,T6 |
1 | 0 | Covered | T1,T2,T3 |
LINE 303
EXPRESSION (key_seed_valid & ((~local_esc)))
-------1------ -------2------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T4,T8 |
1 | 0 | Covered | T4,T6,T7 |
1 | 1 | Covered | T2,T3,T4 |
LINE 304
EXPRESSION (key_ack | local_esc)
---1--- ----2----
-1- | -2- | Status | Tests |
0 | 0 | Covered | T1,T2,T3 |
0 | 1 | Covered | T4,T5,T6 |
1 | 0 | Covered | T1,T2,T3 |
LINE 512
EXPRESSION (tlul_req | init_req)
----1--- ----2---
-1- | -2- | Status | Tests |
0 | 0 | Covered | T1,T2,T3 |
0 | 1 | Covered | T1,T2,T3 |
1 | 0 | Covered | T2,T3,T4 |
LINE 518
EXPRESSION (key_valid & ((~init_req)))
----1---- ------2------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T2,T3 |
1 | 0 | Covered | T1,T2,T3 |
1 | 1 | Covered | T1,T2,T3 |
LINE 519
EXPRESSION (tlul_we | init_req)
---1--- ----2---
-1- | -2- | Status | Tests |
0 | 0 | Covered | T1,T2,T3 |
0 | 1 | Covered | T1,T2,T3 |
1 | 0 | Covered | T2,T3,T4 |
LINE 520
EXPRESSION (((|bus_integ_error[2:1])) & ((~init_req)))
------------1------------ ------2------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T2,T3 |
1 | 0 | Not Covered | |
1 | 1 | Covered | T5,T15,T16 |
LINE 521
EXPRESSION (init_req ? init_cnt : tlul_addr)
----1---
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T3 |
LINE 522
EXPRESSION (init_req ? lfsr_out_integ : tlul_wdata)
----1---
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T3 |
LINE 523
EXPRESSION (init_req ? ({sram_ctrl_pkg::DataWidth {1'b1}}) : tlul_wmask)
----1---
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T3 |
LINE 534
EXPRESSION (key_req_pending_q ? 1'b0 : (reg2hw.status.escalated.q ? (tl_gate_resp_pending & sram_compound_txn_in_progress) : 1'b1))
--------1--------
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T3 |
LINE 534
SUB-EXPRESSION (reg2hw.status.escalated.q ? (tl_gate_resp_pending & sram_compound_txn_in_progress) : 1'b1)
------------1------------
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T4,T6,T7 |
LINE 534
SUB-EXPRESSION (tl_gate_resp_pending & sram_compound_txn_in_progress)
----------1--------- --------------2--------------
-1- | -2- | Status | Tests |
0 | 1 | Not Covered | |
1 | 0 | Covered | T4,T6,T7 |
1 | 1 | Covered | T6,T7,T20 |
Toggle Coverage for Module :
sram_ctrl
| Total | Covered | Percent |
Totals |
62 |
62 |
100.00 |
Total Bits |
1230 |
1230 |
100.00 |
Total Bits 0->1 |
615 |
615 |
100.00 |
Total Bits 1->0 |
615 |
615 |
100.00 |
| | | |
Ports |
62 |
62 |
100.00 |
Port Bits |
1230 |
1230 |
100.00 |
Port Bits 0->1 |
615 |
615 |
100.00 |
Port Bits 1->0 |
615 |
615 |
100.00 |
Port Details
Name | Toggle | Toggle 1->0 | Tests | Toggle 0->1 | Tests | Direction |
clk_i |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
INPUT |
rst_ni |
Yes |
Yes |
T4,T5,T6 |
Yes |
T1,T2,T3 |
INPUT |
clk_otp_i |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
INPUT |
rst_otp_ni |
Yes |
Yes |
T4,T5,T6 |
Yes |
T1,T2,T3 |
INPUT |
ram_tl_i.d_ready |
Yes |
Yes |
T1,T2,T4 |
Yes |
T1,T2,T3 |
INPUT |
ram_tl_i.a_user.data_intg[6:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
INPUT |
ram_tl_i.a_user.cmd_intg[6:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
INPUT |
ram_tl_i.a_user.instr_type[3:0] |
Yes |
Yes |
T4,T10,T21 |
Yes |
T4,T10,T21 |
INPUT |
ram_tl_i.a_user.rsvd[4:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
ram_tl_i.a_data[31:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
INPUT |
ram_tl_i.a_mask[3:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
INPUT |
ram_tl_i.a_address[31:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
INPUT |
ram_tl_i.a_source[7:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
INPUT |
ram_tl_i.a_size[1:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
INPUT |
ram_tl_i.a_param[2:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
ram_tl_i.a_opcode[2:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
INPUT |
ram_tl_i.a_valid |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
INPUT |
ram_tl_o.a_ready |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
OUTPUT |
ram_tl_o.d_error |
Yes |
Yes |
T1,T2,T3 |
Yes |
T4,T5,T6 |
OUTPUT |
ram_tl_o.d_user.data_intg[6:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
OUTPUT |
ram_tl_o.d_user.rsp_intg[5:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T1,T2,T3 |
OUTPUT |
ram_tl_o.d_user.rsp_intg[6] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
ram_tl_o.d_data[31:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
OUTPUT |
ram_tl_o.d_sink |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
ram_tl_o.d_source[7:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
OUTPUT |
ram_tl_o.d_size[1:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
OUTPUT |
ram_tl_o.d_param[2:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
ram_tl_o.d_opcode[0] |
Yes |
Yes |
*T2,*T3,*T4 |
Yes |
T2,T3,T4 |
OUTPUT |
ram_tl_o.d_opcode[2:1] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
ram_tl_o.d_valid |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
OUTPUT |
regs_tl_i.d_ready |
Yes |
Yes |
T1,T2,T4 |
Yes |
T1,T2,T3 |
INPUT |
regs_tl_i.a_user.data_intg[6:0] |
Yes |
Yes |
T2,T4,T8 |
Yes |
T4,T8,T11 |
INPUT |
regs_tl_i.a_user.cmd_intg[6:0] |
Yes |
Yes |
T2,T4,T8 |
Yes |
T2,T4,T8 |
INPUT |
regs_tl_i.a_user.instr_type[3:0] |
Yes |
Yes |
T2,T8,T11 |
Yes |
T2,T8,T11 |
INPUT |
regs_tl_i.a_user.rsvd[4:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
regs_tl_i.a_data[31:0] |
Yes |
Yes |
T4,T8,T10 |
Yes |
T2,T4,T8 |
INPUT |
regs_tl_i.a_mask[3:0] |
Yes |
Yes |
T4,T8,T11 |
Yes |
T2,T4,T11 |
INPUT |
regs_tl_i.a_address[31:0] |
Yes |
Yes |
T2,T4,T11 |
Yes |
T2,T4,T11 |
INPUT |
regs_tl_i.a_source[7:0] |
Yes |
Yes |
T4,T8,T10 |
Yes |
T4,T8,T11 |
INPUT |
regs_tl_i.a_size[1:0] |
Yes |
Yes |
T2,T4,T8 |
Yes |
T2,T4,T8 |
INPUT |
regs_tl_i.a_param[2:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
regs_tl_i.a_opcode[2:0] |
Yes |
Yes |
T2,T4,T8 |
Yes |
T2,T3,T4 |
INPUT |
regs_tl_i.a_valid |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
INPUT |
regs_tl_o.a_ready |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
OUTPUT |
regs_tl_o.d_error |
Yes |
Yes |
T22,T23,T24 |
Yes |
T22,T23,T24 |
OUTPUT |
regs_tl_o.d_user.data_intg[6:0] |
Yes |
Yes |
T4,T5,T6 |
Yes |
T4,T5,T6 |
OUTPUT |
regs_tl_o.d_user.rsp_intg[5:0] |
Yes |
Yes |
*T4,*T10,*T11 |
Yes |
T2,T3,T4 |
OUTPUT |
regs_tl_o.d_user.rsp_intg[6] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
regs_tl_o.d_data[31:0] |
Yes |
Yes |
T4,T5,T6 |
Yes |
T1,T2,T3 |
OUTPUT |
regs_tl_o.d_sink |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
regs_tl_o.d_source[7:0] |
Yes |
Yes |
T4,T10,T11 |
Yes |
T3,T4,T8 |
OUTPUT |
regs_tl_o.d_size[1:0] |
Yes |
Yes |
T4,T10,T9 |
Yes |
T2,T4,T8 |
OUTPUT |
regs_tl_o.d_param[2:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
regs_tl_o.d_opcode[0] |
Yes |
Yes |
*T4,*T5,*T6 |
Yes |
T4,T5,T6 |
OUTPUT |
regs_tl_o.d_opcode[2:1] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
regs_tl_o.d_valid |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
OUTPUT |
alert_rx_i[0].ack_n |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
INPUT |
alert_rx_i[0].ack_p |
Yes |
Yes |
T11,T5,T13 |
Yes |
T11,T5,T13 |
INPUT |
alert_rx_i[0].ping_n |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
alert_rx_i[0].ping_p |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
alert_tx_o[0].alert_n |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
OUTPUT |
alert_tx_o[0].alert_p |
Yes |
Yes |
T11,T5,T13 |
Yes |
T11,T5,T13 |
OUTPUT |
lc_escalate_en_i[3:0] |
Yes |
Yes |
T4,T6,T7 |
Yes |
T4,T6,T7 |
INPUT |
lc_hw_debug_en_i[3:0] |
Yes |
Yes |
T22,T23,T24 |
Yes |
T22,T23,T24 |
INPUT |
otp_en_sram_ifetch_i[7:0] |
Yes |
Yes |
T22,T23,T24 |
Yes |
T22,T23,T24 |
INPUT |
sram_otp_key_o.req |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
OUTPUT |
sram_otp_key_i.seed_valid |
Yes |
Yes |
T4,T21,T6 |
Yes |
T4,T6,T7 |
INPUT |
sram_otp_key_i.nonce[127:0] |
Yes |
Yes |
T4,T9,T21 |
Yes |
T3,T4,T6 |
INPUT |
sram_otp_key_i.key[127:0] |
Yes |
Yes |
T4,T21,T6 |
Yes |
T3,T4,T9 |
INPUT |
sram_otp_key_i.ack |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
INPUT |
cfg_i.rf_cfg.cfg[3:0] |
Yes |
Yes |
T1,T12,T25 |
Yes |
T1,T12,T25 |
INPUT |
cfg_i.rf_cfg.cfg_en |
Yes |
Yes |
T1,T12,T25 |
Yes |
T1,T12,T25 |
INPUT |
cfg_i.rf_cfg.test |
Yes |
Yes |
T1,T12,T25 |
Yes |
T1,T12,T25 |
INPUT |
cfg_i.ram_cfg.cfg[3:0] |
Yes |
Yes |
T1,T12,T25 |
Yes |
T1,T12,T25 |
INPUT |
cfg_i.ram_cfg.cfg_en |
Yes |
Yes |
T1,T12,T25 |
Yes |
T1,T12,T25 |
INPUT |
cfg_i.ram_cfg.test |
Yes |
Yes |
T1,T12,T25 |
Yes |
T1,T12,T25 |
INPUT |
*Tests covering at least one bit in the range
Branch Coverage for Module :
sram_ctrl
| Line No. | Total | Covered | Percent |
Branches |
|
24 |
24 |
100.00 |
TERNARY |
231 |
3 |
3 |
100.00 |
TERNARY |
289 |
3 |
3 |
100.00 |
TERNARY |
298 |
2 |
2 |
100.00 |
TERNARY |
521 |
2 |
2 |
100.00 |
TERNARY |
522 |
2 |
2 |
100.00 |
TERNARY |
523 |
2 |
2 |
100.00 |
TERNARY |
534 |
3 |
3 |
100.00 |
IF |
235 |
2 |
2 |
100.00 |
IF |
307 |
5 |
5 |
100.00 |
231 assign init_d = (init_done) ? 1'b0 :
-1-
==>
232 (init_trig) ? 1'b1 : init_q;
-2-
==>
==>
Branches:
-1- | -2- | Status | Tests |
1 |
- |
Covered |
T1,T2,T3 |
0 |
1 |
Covered |
T1,T2,T3 |
0 |
0 |
Covered |
T1,T2,T3 |
289 assign key_req_pending_d = (key_req) ? 1'b1 :
-1-
==>
290 (key_ack) ? 1'b0 : key_req_pending_q;
-2-
==>
==>
Branches:
-1- | -2- | Status | Tests |
1 |
- |
Covered |
T1,T2,T3 |
0 |
1 |
Covered |
T1,T2,T3 |
0 |
0 |
Covered |
T1,T2,T3 |
298 assign hw2reg.scr_key_rotated.d = (key_ack & ~local_esc) ? MuBi4True : MuBi4False;
-1-
==>
==>
Branches:
-1- | Status | Tests |
1 |
Covered |
T1,T2,T3 |
0 |
Covered |
T1,T2,T3 |
521 assign sram_addr = (init_req) ? init_cnt : tlul_addr;
-1-
==>
==>
Branches:
-1- | Status | Tests |
1 |
Covered |
T1,T2,T3 |
0 |
Covered |
T1,T2,T3 |
522 assign sram_wdata = (init_req) ? lfsr_out_integ : tlul_wdata;
-1-
==>
==>
Branches:
-1- | Status | Tests |
1 |
Covered |
T1,T2,T3 |
0 |
Covered |
T1,T2,T3 |
523 assign sram_wmask = (init_req) ? {DataWidth{1'b1}} : tlul_wmask;
-1-
==>
==>
Branches:
-1- | Status | Tests |
1 |
Covered |
T1,T2,T3 |
0 |
Covered |
T1,T2,T3 |
534 assign key_valid =
535 (key_req_pending_q) ? 1'b0 :
-1-
==>
536 (reg2hw.status.escalated.q) ? (tl_gate_resp_pending & sram_compound_txn_in_progress) : 1'b1;
-2-
==>
==>
Branches:
-1- | -2- | Status | Tests |
1 |
- |
Covered |
T1,T2,T3 |
0 |
1 |
Covered |
T4,T6,T7 |
0 |
0 |
Covered |
T1,T2,T3 |
235 if(!rst_ni) begin
-1-
236 init_q <= 1'b0;
==>
237 end else begin
238 init_q <= init_d;
==>
Branches:
-1- | Status | Tests |
1 |
Covered |
T1,T2,T3 |
0 |
Covered |
T1,T2,T3 |
307 if (!rst_ni) begin
-1-
308 key_req_pending_q <= 1'b0;
==>
309 // reset case does not use buffered values as the
310 // reset value will be directly encoded into flop types
311 key_q <= RndCnstSramKey;
312 nonce_q <= RndCnstSramNonce;
313 end else begin
314 key_req_pending_q <= key_req_pending_d;
315 if (key_ack) begin
-2-
316 key_q <= key_d;
==>
317 nonce_q <= nonce_d;
318 end
MISSING_ELSE
==>
319 // This scraps the keys.
320 // SEC_CM: KEY.GLOBAL_ESC
321 // SEC_CM: KEY.LOCAL_ESC
322 if (local_esc) begin
-3-
323 key_q <= cnst_sram_key;
==>
324 nonce_q <= cnst_sram_nonce;
325 end
MISSING_ELSE
==>
Branches:
-1- | -2- | -3- | Status | Tests |
1 |
- |
- |
Covered |
T1,T2,T3 |
0 |
1 |
- |
Covered |
T1,T2,T3 |
0 |
0 |
- |
Covered |
T1,T2,T3 |
0 |
- |
1 |
Covered |
T4,T5,T6 |
0 |
- |
0 |
Covered |
T1,T2,T3 |
Assert Coverage for Module :
sram_ctrl
Assertion Details
AlertOutKnown_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
322303845 |
0 |
0 |
T1 |
1623 |
1567 |
0 |
0 |
T2 |
9045 |
8990 |
0 |
0 |
T3 |
4225 |
4148 |
0 |
0 |
T4 |
32061 |
31902 |
0 |
0 |
T5 |
11232 |
8552 |
0 |
0 |
T8 |
18819 |
18746 |
0 |
0 |
T9 |
5321 |
5243 |
0 |
0 |
T10 |
28255 |
28199 |
0 |
0 |
T11 |
1354 |
1292 |
0 |
0 |
T12 |
2447 |
2383 |
0 |
0 |
FpvSecCmCntCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
70 |
0 |
0 |
T5 |
11232 |
10 |
0 |
0 |
T6 |
28229 |
0 |
0 |
0 |
T13 |
1154 |
0 |
0 |
0 |
T14 |
723 |
0 |
0 |
0 |
T15 |
16365 |
20 |
0 |
0 |
T16 |
0 |
20 |
0 |
0 |
T21 |
6692 |
0 |
0 |
0 |
T25 |
1986 |
0 |
0 |
0 |
T26 |
0 |
10 |
0 |
0 |
T27 |
0 |
10 |
0 |
0 |
T28 |
33450 |
0 |
0 |
0 |
T29 |
4213 |
0 |
0 |
0 |
T30 |
27749 |
0 |
0 |
0 |
FpvSecCmLcGateFsmCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
0 |
0 |
0 |
FpvSecCmRegWeOnehotCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
70 |
0 |
0 |
T5 |
11232 |
10 |
0 |
0 |
T6 |
28229 |
0 |
0 |
0 |
T13 |
1154 |
0 |
0 |
0 |
T14 |
723 |
0 |
0 |
0 |
T15 |
16365 |
20 |
0 |
0 |
T16 |
0 |
20 |
0 |
0 |
T21 |
6692 |
0 |
0 |
0 |
T25 |
1986 |
0 |
0 |
0 |
T26 |
0 |
10 |
0 |
0 |
T27 |
0 |
10 |
0 |
0 |
T28 |
33450 |
0 |
0 |
0 |
T29 |
4213 |
0 |
0 |
0 |
T30 |
27749 |
0 |
0 |
0 |
FpvSecCmReqFifoRptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
0 |
0 |
0 |
FpvSecCmReqFifoWptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
0 |
0 |
0 |
FpvSecCmRspFifoRptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
70 |
0 |
0 |
T5 |
11232 |
10 |
0 |
0 |
T6 |
28229 |
0 |
0 |
0 |
T13 |
1154 |
0 |
0 |
0 |
T14 |
723 |
0 |
0 |
0 |
T15 |
16365 |
20 |
0 |
0 |
T16 |
0 |
20 |
0 |
0 |
T21 |
6692 |
0 |
0 |
0 |
T25 |
1986 |
0 |
0 |
0 |
T26 |
0 |
10 |
0 |
0 |
T27 |
0 |
10 |
0 |
0 |
T28 |
33450 |
0 |
0 |
0 |
T29 |
4213 |
0 |
0 |
0 |
T30 |
27749 |
0 |
0 |
0 |
FpvSecCmRspFifoWptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
70 |
0 |
0 |
T5 |
11232 |
10 |
0 |
0 |
T6 |
28229 |
0 |
0 |
0 |
T13 |
1154 |
0 |
0 |
0 |
T14 |
723 |
0 |
0 |
0 |
T15 |
16365 |
20 |
0 |
0 |
T16 |
0 |
20 |
0 |
0 |
T21 |
6692 |
0 |
0 |
0 |
T25 |
1986 |
0 |
0 |
0 |
T26 |
0 |
10 |
0 |
0 |
T27 |
0 |
10 |
0 |
0 |
T28 |
33450 |
0 |
0 |
0 |
T29 |
4213 |
0 |
0 |
0 |
T30 |
27749 |
0 |
0 |
0 |
FpvSecCmSramReqFifoRptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
0 |
0 |
0 |
FpvSecCmSramReqFifoWptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
0 |
0 |
0 |
NonceWidthsLessThanSource_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
893 |
893 |
0 |
0 |
T1 |
1 |
1 |
0 |
0 |
T2 |
1 |
1 |
0 |
0 |
T3 |
1 |
1 |
0 |
0 |
T4 |
1 |
1 |
0 |
0 |
T5 |
1 |
1 |
0 |
0 |
T8 |
1 |
1 |
0 |
0 |
T9 |
1 |
1 |
0 |
0 |
T10 |
1 |
1 |
0 |
0 |
T11 |
1 |
1 |
0 |
0 |
T12 |
1 |
1 |
0 |
0 |
RamTlOutKnown_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
322303845 |
0 |
0 |
T1 |
1623 |
1567 |
0 |
0 |
T2 |
9045 |
8990 |
0 |
0 |
T3 |
4225 |
4148 |
0 |
0 |
T4 |
32061 |
31902 |
0 |
0 |
T5 |
11232 |
8552 |
0 |
0 |
T8 |
18819 |
18746 |
0 |
0 |
T9 |
5321 |
5243 |
0 |
0 |
T10 |
28255 |
28199 |
0 |
0 |
T11 |
1354 |
1292 |
0 |
0 |
T12 |
2447 |
2383 |
0 |
0 |
RamTlOutPayLoadKnown_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
133031396 |
0 |
0 |
T2 |
9045 |
2704 |
0 |
0 |
T3 |
4225 |
765 |
0 |
0 |
T4 |
32061 |
2271 |
0 |
0 |
T5 |
11232 |
527 |
0 |
0 |
T6 |
0 |
2776 |
0 |
0 |
T8 |
18819 |
8581 |
0 |
0 |
T9 |
5321 |
2379 |
0 |
0 |
T10 |
28255 |
9099 |
0 |
0 |
T11 |
1354 |
0 |
0 |
0 |
T12 |
2447 |
0 |
0 |
0 |
T21 |
6692 |
3253 |
0 |
0 |
T28 |
0 |
13703 |
0 |
0 |
RamTlOutPayLoadKnown_AKnownEnable
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
322303845 |
0 |
0 |
T1 |
1623 |
1567 |
0 |
0 |
T2 |
9045 |
8990 |
0 |
0 |
T3 |
4225 |
4148 |
0 |
0 |
T4 |
32061 |
31902 |
0 |
0 |
T5 |
11232 |
8552 |
0 |
0 |
T8 |
18819 |
18746 |
0 |
0 |
T9 |
5321 |
5243 |
0 |
0 |
T10 |
28255 |
28199 |
0 |
0 |
T11 |
1354 |
1292 |
0 |
0 |
T12 |
2447 |
2383 |
0 |
0 |
RegsTlOutKnown_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
322303845 |
0 |
0 |
T1 |
1623 |
1567 |
0 |
0 |
T2 |
9045 |
8990 |
0 |
0 |
T3 |
4225 |
4148 |
0 |
0 |
T4 |
32061 |
31902 |
0 |
0 |
T5 |
11232 |
8552 |
0 |
0 |
T8 |
18819 |
18746 |
0 |
0 |
T9 |
5321 |
5243 |
0 |
0 |
T10 |
28255 |
28199 |
0 |
0 |
T11 |
1354 |
1292 |
0 |
0 |
T12 |
2447 |
2383 |
0 |
0 |
SramOtpKeyKnown_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
322303845 |
0 |
0 |
T1 |
1623 |
1567 |
0 |
0 |
T2 |
9045 |
8990 |
0 |
0 |
T3 |
4225 |
4148 |
0 |
0 |
T4 |
32061 |
31902 |
0 |
0 |
T5 |
11232 |
8552 |
0 |
0 |
T8 |
18819 |
18746 |
0 |
0 |
T9 |
5321 |
5243 |
0 |
0 |
T10 |
28255 |
28199 |
0 |
0 |
T11 |
1354 |
1292 |
0 |
0 |
T12 |
2447 |
2383 |
0 |
0 |
TlulGntIsCorrect_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
65737425 |
0 |
0 |
T2 |
9045 |
637 |
0 |
0 |
T3 |
4225 |
833 |
0 |
0 |
T4 |
32061 |
659 |
0 |
0 |
T5 |
11232 |
0 |
0 |
0 |
T6 |
0 |
811 |
0 |
0 |
T8 |
18819 |
4680 |
0 |
0 |
T9 |
5321 |
2379 |
0 |
0 |
T10 |
28255 |
4868 |
0 |
0 |
T11 |
1354 |
0 |
0 |
0 |
T12 |
2447 |
0 |
0 |
0 |
T21 |
6692 |
3545 |
0 |
0 |
T28 |
0 |
5410 |
0 |
0 |
T29 |
0 |
1547 |
0 |
0 |
Line Coverage for Instance : tb.dut
| Line No. | Total | Covered | Percent |
TOTAL | | 52 | 52 | 100.00 |
CONT_ASSIGN | 131 | 1 | 1 | 100.00 |
CONT_ASSIGN | 139 | 1 | 1 | 100.00 |
CONT_ASSIGN | 142 | 1 | 1 | 100.00 |
CONT_ASSIGN | 146 | 1 | 1 | 100.00 |
CONT_ASSIGN | 150 | 1 | 1 | 100.00 |
CONT_ASSIGN | 154 | 1 | 1 | 100.00 |
CONT_ASSIGN | 157 | 1 | 1 | 100.00 |
CONT_ASSIGN | 189 | 1 | 1 | 100.00 |
CONT_ASSIGN | 191 | 1 | 1 | 100.00 |
CONT_ASSIGN | 199 | 1 | 1 | 100.00 |
CONT_ASSIGN | 207 | 1 | 1 | 100.00 |
CONT_ASSIGN | 217 | 1 | 1 | 100.00 |
CONT_ASSIGN | 226 | 1 | 1 | 100.00 |
CONT_ASSIGN | 231 | 1 | 1 | 100.00 |
ALWAYS | 235 | 3 | 3 | 100.00 |
CONT_ASSIGN | 247 | 1 | 1 | 100.00 |
CONT_ASSIGN | 248 | 1 | 1 | 100.00 |
CONT_ASSIGN | 272 | 1 | 1 | 100.00 |
CONT_ASSIGN | 273 | 1 | 1 | 100.00 |
CONT_ASSIGN | 284 | 1 | 1 | 100.00 |
CONT_ASSIGN | 289 | 1 | 1 | 100.00 |
CONT_ASSIGN | 293 | 1 | 1 | 100.00 |
CONT_ASSIGN | 294 | 1 | 1 | 100.00 |
CONT_ASSIGN | 298 | 1 | 1 | 100.00 |
CONT_ASSIGN | 299 | 1 | 1 | 100.00 |
CONT_ASSIGN | 303 | 1 | 1 | 100.00 |
CONT_ASSIGN | 304 | 1 | 1 | 100.00 |
ALWAYS | 307 | 11 | 11 | 100.00 |
CONT_ASSIGN | 351 | 1 | 1 | 100.00 |
CONT_ASSIGN | 394 | 1 | 1 | 100.00 |
CONT_ASSIGN | 471 | 1 | 1 | 100.00 |
CONT_ASSIGN | 512 | 1 | 1 | 100.00 |
CONT_ASSIGN | 518 | 1 | 1 | 100.00 |
CONT_ASSIGN | 519 | 1 | 1 | 100.00 |
CONT_ASSIGN | 520 | 1 | 1 | 100.00 |
CONT_ASSIGN | 521 | 1 | 1 | 100.00 |
CONT_ASSIGN | 522 | 1 | 1 | 100.00 |
CONT_ASSIGN | 523 | 1 | 1 | 100.00 |
CONT_ASSIGN | 534 | 1 | 1 | 100.00 |
CONT_ASSIGN | 573 | 1 | 1 | 100.00 |
130 logic unused_nonce;
131 1/1 assign unused_nonce = ^nonce_q[otp_ctrl_pkg::SramNonceWidth-1:NonceWidth];
Tests: T1 T2 T3
132 end
133
134 //////////////////
135 // Alert Sender //
136 //////////////////
137
138 logic alert_test;
139 1/1 assign alert_test = reg2hw.alert_test.q & reg2hw.alert_test.qe;
Tests: T1 T2 T3
140
141 assign hw2reg.status.bus_integ_error.d = 1'b1;
142 1/1 assign hw2reg.status.bus_integ_error.de = |bus_integ_error;
Tests: T1 T2 T3
143
144 logic init_error;
145 assign hw2reg.status.init_error.d = 1'b1;
146 1/1 assign hw2reg.status.init_error.de = init_error;
Tests: T1 T2 T3
147
148 logic readback_error;
149 assign hw2reg.status.readback_error.d = 1'b1;
150 1/1 assign hw2reg.status.readback_error.de = readback_error;
Tests: T1 T2 T3
151
152 logic sram_alert;
153 assign hw2reg.status.sram_alert.d = 1'b1;
154 1/1 assign hw2reg.status.sram_alert.de = sram_alert;
Tests: T1 T2 T3
155
156 logic alert_req;
157 1/1 assign alert_req = (|bus_integ_error) | init_error | readback_error | sram_alert;
Tests: T1 T2 T3
158
159 prim_alert_sender #(
160 .AsyncOn(AlertAsyncOn[0]),
161 .IsFatal(1)
162 ) u_prim_alert_sender_parity (
163 .clk_i,
164 .rst_ni,
165 .alert_test_i ( alert_test ),
166 .alert_req_i ( alert_req ),
167 .alert_ack_o ( ),
168 .alert_state_o ( ),
169 .alert_rx_i ( alert_rx_i[0] ),
170 .alert_tx_o ( alert_tx_o[0] )
171 );
172
173 /////////////////////////
174 // Escalation Triggers //
175 /////////////////////////
176
177 lc_tx_t [1:0] escalate_en;
178 prim_lc_sync #(
179 .NumCopies (2)
180 ) u_prim_lc_sync (
181 .clk_i,
182 .rst_ni,
183 .lc_en_i (lc_escalate_en_i),
184 .lc_en_o (escalate_en)
185 );
186
187 // SEC_CM: KEY.GLOBAL_ESC
188 logic escalate;
189 1/1 assign escalate = lc_tx_test_true_loose(escalate_en[0]);
Tests: T1 T2 T3
190 assign hw2reg.status.escalated.d = 1'b1;
191 1/1 assign hw2reg.status.escalated.de = escalate;
Tests: T1 T2 T3
192
193 // SEC_CM: KEY.LOCAL_ESC
194 // Aggregate external and internal escalation sources.
195 // This is used in countermeasures further below (key reset and transaction blocking).
196 logic local_esc, local_esc_reg;
197 // This signal only aggregates registered escalation signals and is used for transaction
198 // blocking further below, which is on a timing-critical path.
199 1/1 assign local_esc_reg = reg2hw.status.escalated.q |
Tests: T1 T2 T3
200 reg2hw.status.init_error.q |
201 reg2hw.status.bus_integ_error.q |
202 reg2hw.status.sram_alert.q |
203 reg2hw.status.readback_error.q;
204 // This signal aggregates all escalation trigger signals, including the ones that are generated
205 // in the same cycle such as init_error, sram alert, and bus_integ_error. It is used for
206 // countermeasures that are not on the critical path (such as clearing the scrambling keys).
207 1/1 assign local_esc = escalate |
Tests: T1 T2 T3
208 init_error |
209 (|bus_integ_error) |
210 sram_alert |
211 readback_error |
212 local_esc_reg;
213
214 // Convert registered, local escalation sources to a multibit signal and combine this with
215 // the incoming escalation enable signal before feeding into the TL-UL gate further below.
216 lc_tx_t lc_tlul_gate_en;
217 1/1 assign lc_tlul_gate_en = lc_tx_inv(lc_tx_or_hi(escalate_en[1],
Tests: T1 T2 T3
218 lc_tx_bool_to_lc_tx(local_esc_reg)));
219 ///////////////////////
220 // HW Initialization //
221 ///////////////////////
222
223 // A write to the init register reloads the LFSR seed, resets the init counter and
224 // sets init_q to flag a pending initialization request.
225 logic init_trig, init_q;
226 1/1 assign init_trig = reg2hw.ctrl.init.q &&
Tests: T1 T2 T3
227 reg2hw.ctrl.init.qe &&
228 !init_q; // Ignore new requests while memory init is already pending.
229
230 logic init_d, init_done;
231 1/1 assign init_d = (init_done) ? 1'b0 :
Tests: T1 T2 T3
232 (init_trig) ? 1'b1 : init_q;
233
234 always_ff @(posedge clk_i or negedge rst_ni) begin : p_init_reg
235 1/1 if(!rst_ni) begin
Tests: T1 T2 T3
236 1/1 init_q <= 1'b0;
Tests: T1 T2 T3
237 end else begin
238 1/1 init_q <= init_d;
Tests: T1 T2 T3
239 end
240 end
241
242 // This waits until the scrambling keys are actually valid (this allows the SW to trigger
243 // key renewal and initialization at the same time).
244 logic init_req;
245 logic [AddrWidth-1:0] init_cnt;
246 logic key_req_pending_d, key_req_pending_q;
247 1/1 assign init_req = init_q & ~key_req_pending_q;
Tests: T1 T2 T3
248 1/1 assign init_done = (init_cnt == AddrWidth'(Depth - 1)) & init_req;
Tests: T1 T2 T3
249
250 // We employ two redundant counters to guard against FI attacks.
251 // If any of the two is glitched and the two counter states do not agree,
252 // we trigger an alert.
253 // SEC_CM: INIT.CTR.REDUN
254 prim_count #(
255 .Width(AddrWidth)
256 ) u_prim_count (
257 .clk_i,
258 .rst_ni,
259 .clr_i(init_trig),
260 .set_i(1'b0),
261 .set_cnt_i('0),
262 .incr_en_i(init_req),
263 .decr_en_i(1'b0),
264 .step_i(AddrWidth'(1)),
265 .commit_i(1'b1),
266 .cnt_o(init_cnt),
267 .cnt_after_commit_o(),
268 .err_o(init_error)
269 );
270
271 // Clear this bit on local escalation.
272 1/1 assign hw2reg.status.init_done.d = init_done & ~init_trig & ~local_esc;
Tests: T1 T2 T3
273 1/1 assign hw2reg.status.init_done.de = init_done | init_trig | local_esc;
Tests: T1 T2 T3
274
275 ////////////////////////////
276 // Scrambling Key Request //
277 ////////////////////////////
278
279 // The scrambling key and nonce have to be requested from the OTP controller via a req/ack
280 // protocol. Since the OTP controller works in a different clock domain, we have to synchronize
281 // the req/ack protocol as described in more details here:
282 // https://docs.opentitan.org/hw/ip/otp_ctrl/doc/index.html#interfaces-to-sram-and-otbn-scramblers
283 logic key_req, key_ack;
284 1/1 assign key_req = reg2hw.ctrl.renew_scr_key.q &&
Tests: T1 T2 T3
285 reg2hw.ctrl.renew_scr_key.qe &&
286 !key_req_pending_q && // Ignore new requests while a request is already pending.
287 !init_q; // Ignore new requests while memory init is already pending.
288
289 1/1 assign key_req_pending_d = (key_req) ? 1'b1 :
Tests: T1 T2 T3
290 (key_ack) ? 1'b0 : key_req_pending_q;
291
292 // Clear this bit on local escalation.
293 1/1 assign hw2reg.status.scr_key_valid.d = key_ack & ~key_req & ~local_esc;
Tests: T1 T2 T3
294 1/1 assign hw2reg.status.scr_key_valid.de = key_req | key_ack | local_esc;
Tests: T1 T2 T3
295
296 // As opposed to scr_key_valid, SW is responsible for clearing this register.
297 // It is not automatically cleared by HW, except when escalating.
298 1/1 assign hw2reg.scr_key_rotated.d = (key_ack & ~local_esc) ? MuBi4True : MuBi4False;
Tests: T1 T2 T3
299 1/1 assign hw2reg.scr_key_rotated.de = key_ack | local_esc;
Tests: T1 T2 T3
300
301 // Clear this bit on local escalation.
302 logic key_seed_valid;
303 1/1 assign hw2reg.status.scr_key_seed_valid.d = key_seed_valid & ~local_esc;
Tests: T1 T2 T3
304 1/1 assign hw2reg.status.scr_key_seed_valid.de = key_ack | local_esc;
Tests: T1 T2 T3
305
306 always_ff @(posedge clk_i or negedge rst_ni) begin : p_regs
307 1/1 if (!rst_ni) begin
Tests: T1 T2 T3
308 1/1 key_req_pending_q <= 1'b0;
Tests: T1 T2 T3
309 // reset case does not use buffered values as the
310 // reset value will be directly encoded into flop types
311 1/1 key_q <= RndCnstSramKey;
Tests: T1 T2 T3
312 1/1 nonce_q <= RndCnstSramNonce;
Tests: T1 T2 T3
313 end else begin
314 1/1 key_req_pending_q <= key_req_pending_d;
Tests: T1 T2 T3
315 1/1 if (key_ack) begin
Tests: T1 T2 T3
316 1/1 key_q <= key_d;
Tests: T1 T2 T3
317 1/1 nonce_q <= nonce_d;
Tests: T1 T2 T3
318 end
MISSING_ELSE
319 // This scraps the keys.
320 // SEC_CM: KEY.GLOBAL_ESC
321 // SEC_CM: KEY.LOCAL_ESC
322 1/1 if (local_esc) begin
Tests: T1 T2 T3
323 1/1 key_q <= cnst_sram_key;
Tests: T4 T5 T6
324 1/1 nonce_q <= cnst_sram_nonce;
Tests: T4 T5 T6
325 end
MISSING_ELSE
326 end
327 end
328
329 prim_sync_reqack_data #(
330 .Width($bits(otp_ctrl_pkg::sram_otp_key_rsp_t)-1),
331 .DataSrc2Dst(1'b0)
332 ) u_prim_sync_reqack_data (
333 .clk_src_i ( clk_i ),
334 .rst_src_ni ( rst_ni ),
335 .clk_dst_i ( clk_otp_i ),
336 .rst_dst_ni ( rst_otp_ni ),
337 .req_chk_i ( 1'b1 ),
338 .src_req_i ( key_req_pending_q ),
339 .src_ack_o ( key_ack ),
340 .dst_req_o ( sram_otp_key_o.req ),
341 .dst_ack_i ( sram_otp_key_i.ack ),
342 .data_i ( {sram_otp_key_i.key,
343 sram_otp_key_i.nonce,
344 sram_otp_key_i.seed_valid} ),
345 .data_o ( {key_d,
346 nonce_d,
347 key_seed_valid} )
348 );
349
350 logic unused_csr_sigs;
351 1/1 assign unused_csr_sigs = ^{reg2hw.status.init_done.q,
Tests: T1 T2 T3
352 reg2hw.status.scr_key_seed_valid.q};
353
354 ////////////////////
355 // SRAM Execution //
356 ////////////////////
357
358 mubi4_t en_ifetch;
359 if (InstrExec) begin : gen_instr_ctrl
360 lc_tx_t lc_hw_debug_en;
361 prim_lc_sync #(
362 .NumCopies (1)
363 ) u_prim_lc_sync_hw_debug_en (
364 .clk_i,
365 .rst_ni,
366 .lc_en_i (lc_hw_debug_en_i),
367 .lc_en_o ({lc_hw_debug_en})
368 );
369
370 mubi8_t otp_en_sram_ifetch;
371 prim_mubi8_sync #(
372 .NumCopies (1)
373 ) u_prim_mubi8_sync_otp_en_sram_ifetch (
374 .clk_i,
375 .rst_ni,
376 .mubi_i(otp_en_sram_ifetch_i),
377 .mubi_o({otp_en_sram_ifetch})
378 );
379
380 mubi4_t lc_ifetch_en;
381 mubi4_t reg_ifetch_en;
382 // SEC_CM: INSTR.BUS.LC_GATED
383 assign lc_ifetch_en = lc_to_mubi4(lc_hw_debug_en);
384 // SEC_CM: EXEC.CONFIG.MUBI
385 assign reg_ifetch_en = mubi4_t'(reg2hw.exec.q);
386 // SEC_CM: EXEC.INTERSIG.MUBI
387 assign en_ifetch = (mubi8_test_true_strict(otp_en_sram_ifetch)) ? reg_ifetch_en :
388 lc_ifetch_en;
389 end else begin : gen_tieoff
390 assign en_ifetch = MuBi4False;
391
392 // tie off unused signals
393 logic unused_sigs;
394 1/1 assign unused_sigs = ^{lc_hw_debug_en_i,
Tests: T1 T2 T3
395 reg2hw.exec.q,
396 otp_en_sram_ifetch_i};
397 end
398
399 /////////////////////////
400 // Initialization LFSR //
401 /////////////////////////
402
403 logic [LfsrWidth-1:0] lfsr_out;
404 prim_lfsr #(
405 .LfsrDw ( LfsrWidth ),
406 .EntropyDw ( LfsrWidth ),
407 .StateOutDw ( LfsrWidth ),
408 .DefaultSeed ( RndCnstLfsrSeed ),
409 .StatePermEn ( 1'b1 ),
410 .StatePerm ( RndCnstLfsrPerm )
411 ) u_lfsr (
412 .clk_i,
413 .rst_ni,
414 .lfsr_en_i(init_req),
415 .seed_en_i(init_trig),
416 .seed_i(nonce_q[NonceWidth +: LfsrWidth]),
417 .entropy_i('0),
418 .state_o(lfsr_out)
419 );
420
421 // Compute the correct integrity alongside for the pseudo-random initialization values.
422 logic [DataWidth - 1 :0] lfsr_out_integ;
423 tlul_data_integ_enc u_tlul_data_integ_enc (
424 .data_i(lfsr_out),
425 .data_intg_o(lfsr_out_integ)
426 );
427
428 ////////////////////////////
429 // SRAM TL-UL Access Gate //
430 ////////////////////////////
431
432 logic tl_gate_resp_pending;
433 tlul_pkg::tl_h2d_t ram_tl_in_gated;
434 tlul_pkg::tl_d2h_t ram_tl_out_gated;
435
436 // SEC_CM: RAM_TL_LC_GATE.FSM.SPARSE
437 tlul_lc_gate #(
438 .NumGatesPerDirection(2)
439 ) u_tlul_lc_gate (
440 .clk_i,
441 .rst_ni,
442 .tl_h2d_i(ram_tl_i),
443 .tl_d2h_o(ram_tl_o),
444 .tl_h2d_o(ram_tl_in_gated),
445 .tl_d2h_i(ram_tl_out_gated),
446 .flush_req_i('0),
447 .flush_ack_o(),
448 .resp_pending_o(tl_gate_resp_pending),
449 .lc_en_i (lc_tlul_gate_en),
450 .err_o (bus_integ_error[2])
451 );
452
453 /////////////////////////////////
454 // SRAM with scrambling device //
455 /////////////////////////////////
456
457 logic tlul_req, tlul_gnt, tlul_we;
458 logic [AddrWidth-1:0] tlul_addr;
459 logic [DataWidth-1:0] tlul_wdata, tlul_wmask;
460
461 logic sram_intg_error, sram_req, sram_gnt, sram_we, sram_rvalid;
462 logic [AddrWidth-1:0] sram_addr;
463 logic [DataWidth-1:0] sram_wdata, sram_wmask, sram_rdata;
464 logic sram_wpending, sram_wr_collision;
465
466 logic sram_compound_txn_in_progress;
467
468
469 // // SEC_CM: MEM.READBACK
470 mubi4_t reg_readback_en;
471 1/1 assign reg_readback_en = mubi4_t'(reg2hw.readback.q);
Tests: T1 T2 T3
472
473 tlul_adapter_sram #(
474 .SramAw(AddrWidth),
475 .SramDw(DataWidth - tlul_pkg::DataIntgWidth),
476 .Outstanding(2),
477 .ByteAccess(1),
478 .CmdIntgCheck(1),
479 .EnableRspIntgGen(1),
480 .EnableDataIntgGen(0),
481 .EnableDataIntgPt(1), // SEC_CM: MEM.INTEGRITY
482 .SecFifoPtr (1), // SEC_CM: TLUL_FIFO.CTR.REDUN
483 .EnableReadback (1) // SEC_CM: MEM.READBACK
484 ) u_tlul_adapter_sram (
485 .clk_i,
486 .rst_ni,
487 .tl_i (ram_tl_in_gated),
488 .tl_o (ram_tl_out_gated),
489 .en_ifetch_i (en_ifetch),
490 .req_o (tlul_req),
491 .req_type_o (),
492 .gnt_i (tlul_gnt),
493 .we_o (tlul_we),
494 .addr_o (tlul_addr),
495 .wdata_o (tlul_wdata),
496 .wmask_o (tlul_wmask),
497 // SEC_CM: BUS.INTEGRITY
498 .intg_error_o (bus_integ_error[1]),
499 .rdata_i (sram_rdata),
500 .rvalid_i (sram_rvalid),
501 .rerror_i ('0),
502 .compound_txn_in_progress_o (sram_compound_txn_in_progress),
503 .readback_en_i (reg_readback_en),
504 .readback_error_o (readback_error),
505 .wr_collision_i (sram_wr_collision),
506 .write_pending_i (sram_wpending)
507 );
508
509 logic key_valid;
510
511 // Interposing mux logic for initialization with pseudo random data.
512 1/1 assign sram_req = tlul_req | init_req;
Tests: T1 T2 T3
513 // This grant signal acts more like a ready internally in tlul_adapter_sram. In particular it's
514 // fine to assert it when tlul_req is low (it has no effect). So here tlul_gnt is asserted when
515 // a request from tlul_req will be granted regardless of whether a request exists. This is done
516 // for timing reasons so that the output TL ready isn't combinatorially connected to the incoming
517 // TL valid. In particular we must not use `sram_gnt` in the expression to avoid this.
518 1/1 assign tlul_gnt = key_valid & ~init_req;
Tests: T1 T2 T3
519 1/1 assign sram_we = tlul_we | init_req;
Tests: T1 T2 T3
520 1/1 assign sram_intg_error = |bus_integ_error[2:1] & ~init_req;
Tests: T1 T2 T3
521 1/1 assign sram_addr = (init_req) ? init_cnt : tlul_addr;
Tests: T1 T2 T3
522 1/1 assign sram_wdata = (init_req) ? lfsr_out_integ : tlul_wdata;
Tests: T1 T2 T3
523 1/1 assign sram_wmask = (init_req) ? {DataWidth{1'b1}} : tlul_wmask;
Tests: T1 T2 T3
524
525 // The SRAM scrambling wrapper will not accept any transactions while the
526 // key req is pending or if we have escalated. Note that we're not using
527 // the scr_key_valid CSR here, such that the SRAM can be used right after
528 // reset, where the keys are reset to the default netlist constant.
529 //
530 // If we have escalated, but there is a pending request in the TL gate, we may have a pending
531 // read-modify-write transaction or readback in the SRAM adapter. In that case we force key_valid
532 // high to enable that to complete so it returns a response, the TL gate won't accept any new
533 // transactions and the SRAM keys have been clobbered already.
534 1/1 assign key_valid =
Tests: T1 T2 T3
535 (key_req_pending_q) ? 1'b0 :
536 (reg2hw.status.escalated.q) ? (tl_gate_resp_pending & sram_compound_txn_in_progress) : 1'b1;
537
538 // SEC_CM: MEM.SCRAMBLE, ADDR.SCRAMBLE
539 prim_ram_1p_scr #(
540 .Width(DataWidth),
541 .Depth(Depth),
542 .EnableParity(0),
543 .DataBitsPerMask(DataWidth),
544 .NumPrinceRoundsHalf(NumPrinceRoundsHalf)
545 ) u_prim_ram_1p_scr (
546 .clk_i,
547 .rst_ni,
548
549 .key_valid_i (key_valid),
550 .key_i (key_q),
551 .nonce_i (nonce_q[NonceWidth-1:0]),
552
553 .req_i (sram_req),
554 .intg_error_i (sram_intg_error),
555 .gnt_o (sram_gnt),
556 .write_i (sram_we),
557 .addr_i (sram_addr),
558 .wdata_i (sram_wdata),
559 .wmask_i (sram_wmask),
560 .rdata_o (sram_rdata),
561 .rvalid_o (sram_rvalid),
562 .rerror_o ( ),
563 .raddr_o ( ),
564 .cfg_i,
565 .wr_collision_o (sram_wr_collision),
566 .write_pending_o (sram_wpending),
567 .alert_o (sram_alert)
568 );
569
570 logic unused_sram_gnt;
571 // Ignore sram_gnt signal to avoid creating a bad timing path, see comment on `tlul_gnt` above for
572 // more details.
573 1/1 assign unused_sram_gnt = sram_gnt;
Tests: T1 T2 T3
Cond Coverage for Instance : tb.dut
| Total | Covered | Percent |
Conditions | 99 | 88 | 88.89 |
Logical | 99 | 88 | 88.89 |
Non-Logical | 0 | 0 | |
Event | 0 | 0 | |
LINE 139
EXPRESSION (reg2hw.alert_test.q & reg2hw.alert_test.qe)
---------1--------- ----------2---------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T11,T13,T14 |
1 | 0 | Covered | T1,T2,T3 |
1 | 1 | Covered | T11,T13,T14 |
LINE 157
EXPRESSION (((|bus_integ_error)) | init_error | readback_error | sram_alert)
----------1--------- -----2---- -------3------ -----4----
-1- | -2- | -3- | -4- | Status | Tests |
0 | 0 | 0 | 0 | Covered | T1,T2,T3 |
0 | 0 | 0 | 1 | Not Covered | |
0 | 0 | 1 | 0 | Not Covered | |
0 | 1 | 0 | 0 | Covered | T5,T15,T16 |
1 | 0 | 0 | 0 | Covered | T5,T15,T16 |
LINE 199
EXPRESSION
Number Term
1 reg2hw.status.escalated.q |
2 reg2hw.status.init_error.q |
3 reg2hw.status.bus_integ_error.q |
4 reg2hw.status.sram_alert.q |
5 reg2hw.status.readback_error.q)
-1- | -2- | -3- | -4- | -5- | Status | Tests |
0 | 0 | 0 | 0 | 0 | Covered | T1,T2,T3 |
0 | 0 | 0 | 0 | 1 | Not Covered | |
0 | 0 | 0 | 1 | 0 | Not Covered | |
0 | 0 | 1 | 0 | 0 | Covered | T5,T15,T16 |
0 | 1 | 0 | 0 | 0 | Covered | T5,T15,T16 |
1 | 0 | 0 | 0 | 0 | Covered | T4,T6,T7 |
LINE 207
EXPRESSION (escalate | init_error | ((|bus_integ_error)) | sram_alert | readback_error | local_esc_reg)
----1--- -----2---- ----------3--------- -----4---- -------5------ ------6------
-1- | -2- | -3- | -4- | -5- | -6- | Status | Tests |
0 | 0 | 0 | 0 | 0 | 0 | Covered | T1,T2,T3 |
0 | 0 | 0 | 0 | 0 | 1 | Covered | T4,T5,T6 |
0 | 0 | 0 | 0 | 1 | 0 | Not Covered | |
0 | 0 | 0 | 1 | 0 | 0 | Not Covered | |
0 | 0 | 1 | 0 | 0 | 0 | Covered | T5,T15,T16 |
0 | 1 | 0 | 0 | 0 | 0 | Covered | T5,T15,T16 |
1 | 0 | 0 | 0 | 0 | 0 | Covered | T4,T6,T7 |
LINE 226
EXPRESSION (reg2hw.ctrl.init.q && reg2hw.ctrl.init.qe && ((!init_q)))
---------1-------- ---------2--------- -----3-----
-1- | -2- | -3- | Status | Tests |
0 | 1 | 1 | Covered | T4,T6,T7 |
1 | 0 | 1 | Covered | T1,T2,T3 |
1 | 1 | 0 | Not Covered | |
1 | 1 | 1 | Covered | T1,T2,T3 |
LINE 231
EXPRESSION (init_done ? 1'b0 : (init_trig ? 1'b1 : init_q))
----1----
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T3 |
LINE 231
SUB-EXPRESSION (init_trig ? 1'b1 : init_q)
----1----
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T3 |
LINE 247
EXPRESSION (init_q & ((~key_req_pending_q)))
---1-- -----------2----------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T2,T3 |
1 | 0 | Covered | T1,T2,T3 |
1 | 1 | Covered | T1,T2,T3 |
LINE 248
EXPRESSION ((init_cnt == 10'((Depth - 1))) & init_req)
---------------1-------------- ----2---
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T2,T3 |
1 | 0 | Covered | T1,T2,T3 |
1 | 1 | Covered | T1,T2,T3 |
LINE 248
SUB-EXPRESSION (init_cnt == 10'((Depth - 1)))
---------------1--------------
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T3 |
LINE 272
EXPRESSION (init_done & ((~init_trig)) & ((~local_esc)))
----1---- -------2------ -------3------
-1- | -2- | -3- | Status | Tests | Exclude Annotation |
0 | 1 | 1 | Covered | T1,T2,T3 |
1 | 0 | 1 | Excluded | |
[LOWRISK] we don't issue a new init when there is a unfinished init |
1 | 1 | 0 | Covered | T4,T6,T7 |
1 | 1 | 1 | Covered | T1,T2,T3 |
LINE 273
EXPRESSION (init_done | init_trig | local_esc)
----1---- ----2---- ----3----
-1- | -2- | -3- | Status | Tests |
0 | 0 | 0 | Covered | T1,T2,T3 |
0 | 0 | 1 | Covered | T4,T5,T6 |
0 | 1 | 0 | Covered | T1,T2,T3 |
1 | 0 | 0 | Covered | T1,T2,T3 |
LINE 284
EXPRESSION (reg2hw.ctrl.renew_scr_key.q && reg2hw.ctrl.renew_scr_key.qe && ((!key_req_pending_q)) && ((!init_q)))
-------------1------------- --------------2------------- -----------3---------- -----4-----
-1- | -2- | -3- | -4- | Status | Tests |
0 | 1 | 1 | 1 | Covered | T17,T18,T19 |
1 | 0 | 1 | 1 | Covered | T1,T2,T3 |
1 | 1 | 0 | 1 | Not Covered | |
1 | 1 | 1 | 0 | Not Covered | |
1 | 1 | 1 | 1 | Covered | T1,T2,T3 |
LINE 289
EXPRESSION (key_req ? 1'b1 : (key_ack ? 1'b0 : key_req_pending_q))
---1---
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T3 |
LINE 289
SUB-EXPRESSION (key_ack ? 1'b0 : key_req_pending_q)
---1---
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T3 |
LINE 293
EXPRESSION (key_ack & ((~key_req)) & ((~local_esc)))
---1--- ------2----- -------3------
-1- | -2- | -3- | Status | Tests | Exclude Annotation |
0 | 1 | 1 | Covered | T1,T2,T3 |
1 | 0 | 1 | Excluded | |
[UNSUPPORTED] ACK can't come without REQ |
1 | 1 | 0 | Covered | T4,T6,T7 |
1 | 1 | 1 | Covered | T1,T2,T3 |
LINE 294
EXPRESSION (key_req | key_ack | local_esc)
---1--- ---2--- ----3----
-1- | -2- | -3- | Status | Tests |
0 | 0 | 0 | Covered | T1,T2,T3 |
0 | 0 | 1 | Covered | T4,T5,T6 |
0 | 1 | 0 | Covered | T1,T2,T3 |
1 | 0 | 0 | Covered | T1,T2,T3 |
LINE 298
EXPRESSION ((key_ack & ((~local_esc))) ? MuBi4True : MuBi4False)
-------------1------------
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T3 |
LINE 298
SUB-EXPRESSION (key_ack & ((~local_esc)))
---1--- -------2------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T2,T3 |
1 | 0 | Covered | T4,T6,T7 |
1 | 1 | Covered | T1,T2,T3 |
LINE 299
EXPRESSION (key_ack | local_esc)
---1--- ----2----
-1- | -2- | Status | Tests |
0 | 0 | Covered | T1,T2,T3 |
0 | 1 | Covered | T4,T5,T6 |
1 | 0 | Covered | T1,T2,T3 |
LINE 303
EXPRESSION (key_seed_valid & ((~local_esc)))
-------1------ -------2------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T4,T8 |
1 | 0 | Covered | T4,T6,T7 |
1 | 1 | Covered | T2,T3,T4 |
LINE 304
EXPRESSION (key_ack | local_esc)
---1--- ----2----
-1- | -2- | Status | Tests |
0 | 0 | Covered | T1,T2,T3 |
0 | 1 | Covered | T4,T5,T6 |
1 | 0 | Covered | T1,T2,T3 |
LINE 512
EXPRESSION (tlul_req | init_req)
----1--- ----2---
-1- | -2- | Status | Tests |
0 | 0 | Covered | T1,T2,T3 |
0 | 1 | Covered | T1,T2,T3 |
1 | 0 | Covered | T2,T3,T4 |
LINE 518
EXPRESSION (key_valid & ((~init_req)))
----1---- ------2------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T2,T3 |
1 | 0 | Covered | T1,T2,T3 |
1 | 1 | Covered | T1,T2,T3 |
LINE 519
EXPRESSION (tlul_we | init_req)
---1--- ----2---
-1- | -2- | Status | Tests |
0 | 0 | Covered | T1,T2,T3 |
0 | 1 | Covered | T1,T2,T3 |
1 | 0 | Covered | T2,T3,T4 |
LINE 520
EXPRESSION (((|bus_integ_error[2:1])) & ((~init_req)))
------------1------------ ------2------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T2,T3 |
1 | 0 | Not Covered | |
1 | 1 | Covered | T5,T15,T16 |
LINE 521
EXPRESSION (init_req ? init_cnt : tlul_addr)
----1---
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T3 |
LINE 522
EXPRESSION (init_req ? lfsr_out_integ : tlul_wdata)
----1---
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T3 |
LINE 523
EXPRESSION (init_req ? ({sram_ctrl_pkg::DataWidth {1'b1}}) : tlul_wmask)
----1---
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T3 |
LINE 534
EXPRESSION (key_req_pending_q ? 1'b0 : (reg2hw.status.escalated.q ? (tl_gate_resp_pending & sram_compound_txn_in_progress) : 1'b1))
--------1--------
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T3 |
LINE 534
SUB-EXPRESSION (reg2hw.status.escalated.q ? (tl_gate_resp_pending & sram_compound_txn_in_progress) : 1'b1)
------------1------------
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T4,T6,T7 |
LINE 534
SUB-EXPRESSION (tl_gate_resp_pending & sram_compound_txn_in_progress)
----------1--------- --------------2--------------
-1- | -2- | Status | Tests |
0 | 1 | Not Covered | |
1 | 0 | Covered | T4,T6,T7 |
1 | 1 | Covered | T6,T7,T20 |
Toggle Coverage for Instance : tb.dut
| Total | Covered | Percent |
Totals |
62 |
62 |
100.00 |
Total Bits |
1230 |
1230 |
100.00 |
Total Bits 0->1 |
615 |
615 |
100.00 |
Total Bits 1->0 |
615 |
615 |
100.00 |
| | | |
Ports |
62 |
62 |
100.00 |
Port Bits |
1230 |
1230 |
100.00 |
Port Bits 0->1 |
615 |
615 |
100.00 |
Port Bits 1->0 |
615 |
615 |
100.00 |
Port Details
Name | Toggle | Toggle 1->0 | Tests | Toggle 0->1 | Tests | Direction |
clk_i |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
INPUT |
rst_ni |
Yes |
Yes |
T4,T5,T6 |
Yes |
T1,T2,T3 |
INPUT |
clk_otp_i |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
INPUT |
rst_otp_ni |
Yes |
Yes |
T4,T5,T6 |
Yes |
T1,T2,T3 |
INPUT |
ram_tl_i.d_ready |
Yes |
Yes |
T1,T2,T4 |
Yes |
T1,T2,T3 |
INPUT |
ram_tl_i.a_user.data_intg[6:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
INPUT |
ram_tl_i.a_user.cmd_intg[6:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
INPUT |
ram_tl_i.a_user.instr_type[3:0] |
Yes |
Yes |
T4,T10,T21 |
Yes |
T4,T10,T21 |
INPUT |
ram_tl_i.a_user.rsvd[4:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
ram_tl_i.a_data[31:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
INPUT |
ram_tl_i.a_mask[3:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
INPUT |
ram_tl_i.a_address[31:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
INPUT |
ram_tl_i.a_source[7:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
INPUT |
ram_tl_i.a_size[1:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
INPUT |
ram_tl_i.a_param[2:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
ram_tl_i.a_opcode[2:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
INPUT |
ram_tl_i.a_valid |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
INPUT |
ram_tl_o.a_ready |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
OUTPUT |
ram_tl_o.d_error |
Yes |
Yes |
T1,T2,T3 |
Yes |
T4,T5,T6 |
OUTPUT |
ram_tl_o.d_user.data_intg[6:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
OUTPUT |
ram_tl_o.d_user.rsp_intg[5:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T1,T2,T3 |
OUTPUT |
ram_tl_o.d_user.rsp_intg[6] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
ram_tl_o.d_data[31:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
OUTPUT |
ram_tl_o.d_sink |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
ram_tl_o.d_source[7:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
OUTPUT |
ram_tl_o.d_size[1:0] |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
OUTPUT |
ram_tl_o.d_param[2:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
ram_tl_o.d_opcode[0] |
Yes |
Yes |
*T2,*T3,*T4 |
Yes |
T2,T3,T4 |
OUTPUT |
ram_tl_o.d_opcode[2:1] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
ram_tl_o.d_valid |
Yes |
Yes |
T2,T3,T4 |
Yes |
T2,T3,T4 |
OUTPUT |
regs_tl_i.d_ready |
Yes |
Yes |
T1,T2,T4 |
Yes |
T1,T2,T3 |
INPUT |
regs_tl_i.a_user.data_intg[6:0] |
Yes |
Yes |
T2,T4,T8 |
Yes |
T4,T8,T11 |
INPUT |
regs_tl_i.a_user.cmd_intg[6:0] |
Yes |
Yes |
T2,T4,T8 |
Yes |
T2,T4,T8 |
INPUT |
regs_tl_i.a_user.instr_type[3:0] |
Yes |
Yes |
T2,T8,T11 |
Yes |
T2,T8,T11 |
INPUT |
regs_tl_i.a_user.rsvd[4:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
regs_tl_i.a_data[31:0] |
Yes |
Yes |
T4,T8,T10 |
Yes |
T2,T4,T8 |
INPUT |
regs_tl_i.a_mask[3:0] |
Yes |
Yes |
T4,T8,T11 |
Yes |
T2,T4,T11 |
INPUT |
regs_tl_i.a_address[31:0] |
Yes |
Yes |
T2,T4,T11 |
Yes |
T2,T4,T11 |
INPUT |
regs_tl_i.a_source[7:0] |
Yes |
Yes |
T4,T8,T10 |
Yes |
T4,T8,T11 |
INPUT |
regs_tl_i.a_size[1:0] |
Yes |
Yes |
T2,T4,T8 |
Yes |
T2,T4,T8 |
INPUT |
regs_tl_i.a_param[2:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
regs_tl_i.a_opcode[2:0] |
Yes |
Yes |
T2,T4,T8 |
Yes |
T2,T3,T4 |
INPUT |
regs_tl_i.a_valid |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
INPUT |
regs_tl_o.a_ready |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
OUTPUT |
regs_tl_o.d_error |
Yes |
Yes |
T22,T23,T24 |
Yes |
T22,T23,T24 |
OUTPUT |
regs_tl_o.d_user.data_intg[6:0] |
Yes |
Yes |
T4,T5,T6 |
Yes |
T4,T5,T6 |
OUTPUT |
regs_tl_o.d_user.rsp_intg[5:0] |
Yes |
Yes |
*T4,*T10,*T11 |
Yes |
T2,T3,T4 |
OUTPUT |
regs_tl_o.d_user.rsp_intg[6] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
regs_tl_o.d_data[31:0] |
Yes |
Yes |
T4,T5,T6 |
Yes |
T1,T2,T3 |
OUTPUT |
regs_tl_o.d_sink |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
regs_tl_o.d_source[7:0] |
Yes |
Yes |
T4,T10,T11 |
Yes |
T3,T4,T8 |
OUTPUT |
regs_tl_o.d_size[1:0] |
Yes |
Yes |
T4,T10,T9 |
Yes |
T2,T4,T8 |
OUTPUT |
regs_tl_o.d_param[2:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
regs_tl_o.d_opcode[0] |
Yes |
Yes |
*T4,*T5,*T6 |
Yes |
T4,T5,T6 |
OUTPUT |
regs_tl_o.d_opcode[2:1] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
regs_tl_o.d_valid |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
OUTPUT |
alert_rx_i[0].ack_n |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
INPUT |
alert_rx_i[0].ack_p |
Yes |
Yes |
T11,T5,T13 |
Yes |
T11,T5,T13 |
INPUT |
alert_rx_i[0].ping_n |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
alert_rx_i[0].ping_p |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
alert_tx_o[0].alert_n |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
OUTPUT |
alert_tx_o[0].alert_p |
Yes |
Yes |
T11,T5,T13 |
Yes |
T11,T5,T13 |
OUTPUT |
lc_escalate_en_i[3:0] |
Yes |
Yes |
T4,T6,T7 |
Yes |
T4,T6,T7 |
INPUT |
lc_hw_debug_en_i[3:0] |
Yes |
Yes |
T22,T23,T24 |
Yes |
T22,T23,T24 |
INPUT |
otp_en_sram_ifetch_i[7:0] |
Yes |
Yes |
T22,T23,T24 |
Yes |
T22,T23,T24 |
INPUT |
sram_otp_key_o.req |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
OUTPUT |
sram_otp_key_i.seed_valid |
Yes |
Yes |
T4,T21,T6 |
Yes |
T4,T6,T7 |
INPUT |
sram_otp_key_i.nonce[127:0] |
Yes |
Yes |
T4,T9,T21 |
Yes |
T3,T4,T6 |
INPUT |
sram_otp_key_i.key[127:0] |
Yes |
Yes |
T4,T21,T6 |
Yes |
T3,T4,T9 |
INPUT |
sram_otp_key_i.ack |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
INPUT |
cfg_i.rf_cfg.cfg[3:0] |
Yes |
Yes |
T1,T12,T25 |
Yes |
T1,T12,T25 |
INPUT |
cfg_i.rf_cfg.cfg_en |
Yes |
Yes |
T1,T12,T25 |
Yes |
T1,T12,T25 |
INPUT |
cfg_i.rf_cfg.test |
Yes |
Yes |
T1,T12,T25 |
Yes |
T1,T12,T25 |
INPUT |
cfg_i.ram_cfg.cfg[3:0] |
Yes |
Yes |
T1,T12,T25 |
Yes |
T1,T12,T25 |
INPUT |
cfg_i.ram_cfg.cfg_en |
Yes |
Yes |
T1,T12,T25 |
Yes |
T1,T12,T25 |
INPUT |
cfg_i.ram_cfg.test |
Yes |
Yes |
T1,T12,T25 |
Yes |
T1,T12,T25 |
INPUT |
*Tests covering at least one bit in the range
Branch Coverage for Instance : tb.dut
| Line No. | Total | Covered | Percent |
Branches |
|
24 |
24 |
100.00 |
TERNARY |
231 |
3 |
3 |
100.00 |
TERNARY |
289 |
3 |
3 |
100.00 |
TERNARY |
298 |
2 |
2 |
100.00 |
TERNARY |
521 |
2 |
2 |
100.00 |
TERNARY |
522 |
2 |
2 |
100.00 |
TERNARY |
523 |
2 |
2 |
100.00 |
TERNARY |
534 |
3 |
3 |
100.00 |
IF |
235 |
2 |
2 |
100.00 |
IF |
307 |
5 |
5 |
100.00 |
231 assign init_d = (init_done) ? 1'b0 :
-1-
==>
232 (init_trig) ? 1'b1 : init_q;
-2-
==>
==>
Branches:
-1- | -2- | Status | Tests |
1 |
- |
Covered |
T1,T2,T3 |
0 |
1 |
Covered |
T1,T2,T3 |
0 |
0 |
Covered |
T1,T2,T3 |
289 assign key_req_pending_d = (key_req) ? 1'b1 :
-1-
==>
290 (key_ack) ? 1'b0 : key_req_pending_q;
-2-
==>
==>
Branches:
-1- | -2- | Status | Tests |
1 |
- |
Covered |
T1,T2,T3 |
0 |
1 |
Covered |
T1,T2,T3 |
0 |
0 |
Covered |
T1,T2,T3 |
298 assign hw2reg.scr_key_rotated.d = (key_ack & ~local_esc) ? MuBi4True : MuBi4False;
-1-
==>
==>
Branches:
-1- | Status | Tests |
1 |
Covered |
T1,T2,T3 |
0 |
Covered |
T1,T2,T3 |
521 assign sram_addr = (init_req) ? init_cnt : tlul_addr;
-1-
==>
==>
Branches:
-1- | Status | Tests |
1 |
Covered |
T1,T2,T3 |
0 |
Covered |
T1,T2,T3 |
522 assign sram_wdata = (init_req) ? lfsr_out_integ : tlul_wdata;
-1-
==>
==>
Branches:
-1- | Status | Tests |
1 |
Covered |
T1,T2,T3 |
0 |
Covered |
T1,T2,T3 |
523 assign sram_wmask = (init_req) ? {DataWidth{1'b1}} : tlul_wmask;
-1-
==>
==>
Branches:
-1- | Status | Tests |
1 |
Covered |
T1,T2,T3 |
0 |
Covered |
T1,T2,T3 |
534 assign key_valid =
535 (key_req_pending_q) ? 1'b0 :
-1-
==>
536 (reg2hw.status.escalated.q) ? (tl_gate_resp_pending & sram_compound_txn_in_progress) : 1'b1;
-2-
==>
==>
Branches:
-1- | -2- | Status | Tests |
1 |
- |
Covered |
T1,T2,T3 |
0 |
1 |
Covered |
T4,T6,T7 |
0 |
0 |
Covered |
T1,T2,T3 |
235 if(!rst_ni) begin
-1-
236 init_q <= 1'b0;
==>
237 end else begin
238 init_q <= init_d;
==>
Branches:
-1- | Status | Tests |
1 |
Covered |
T1,T2,T3 |
0 |
Covered |
T1,T2,T3 |
307 if (!rst_ni) begin
-1-
308 key_req_pending_q <= 1'b0;
==>
309 // reset case does not use buffered values as the
310 // reset value will be directly encoded into flop types
311 key_q <= RndCnstSramKey;
312 nonce_q <= RndCnstSramNonce;
313 end else begin
314 key_req_pending_q <= key_req_pending_d;
315 if (key_ack) begin
-2-
316 key_q <= key_d;
==>
317 nonce_q <= nonce_d;
318 end
MISSING_ELSE
==>
319 // This scraps the keys.
320 // SEC_CM: KEY.GLOBAL_ESC
321 // SEC_CM: KEY.LOCAL_ESC
322 if (local_esc) begin
-3-
323 key_q <= cnst_sram_key;
==>
324 nonce_q <= cnst_sram_nonce;
325 end
MISSING_ELSE
==>
Branches:
-1- | -2- | -3- | Status | Tests |
1 |
- |
- |
Covered |
T1,T2,T3 |
0 |
1 |
- |
Covered |
T1,T2,T3 |
0 |
0 |
- |
Covered |
T1,T2,T3 |
0 |
- |
1 |
Covered |
T4,T5,T6 |
0 |
- |
0 |
Covered |
T1,T2,T3 |
Assert Coverage for Instance : tb.dut
Assertion Details
AlertOutKnown_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
322303845 |
0 |
0 |
T1 |
1623 |
1567 |
0 |
0 |
T2 |
9045 |
8990 |
0 |
0 |
T3 |
4225 |
4148 |
0 |
0 |
T4 |
32061 |
31902 |
0 |
0 |
T5 |
11232 |
8552 |
0 |
0 |
T8 |
18819 |
18746 |
0 |
0 |
T9 |
5321 |
5243 |
0 |
0 |
T10 |
28255 |
28199 |
0 |
0 |
T11 |
1354 |
1292 |
0 |
0 |
T12 |
2447 |
2383 |
0 |
0 |
FpvSecCmCntCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
70 |
0 |
0 |
T5 |
11232 |
10 |
0 |
0 |
T6 |
28229 |
0 |
0 |
0 |
T13 |
1154 |
0 |
0 |
0 |
T14 |
723 |
0 |
0 |
0 |
T15 |
16365 |
20 |
0 |
0 |
T16 |
0 |
20 |
0 |
0 |
T21 |
6692 |
0 |
0 |
0 |
T25 |
1986 |
0 |
0 |
0 |
T26 |
0 |
10 |
0 |
0 |
T27 |
0 |
10 |
0 |
0 |
T28 |
33450 |
0 |
0 |
0 |
T29 |
4213 |
0 |
0 |
0 |
T30 |
27749 |
0 |
0 |
0 |
FpvSecCmLcGateFsmCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
0 |
0 |
0 |
FpvSecCmRegWeOnehotCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
70 |
0 |
0 |
T5 |
11232 |
10 |
0 |
0 |
T6 |
28229 |
0 |
0 |
0 |
T13 |
1154 |
0 |
0 |
0 |
T14 |
723 |
0 |
0 |
0 |
T15 |
16365 |
20 |
0 |
0 |
T16 |
0 |
20 |
0 |
0 |
T21 |
6692 |
0 |
0 |
0 |
T25 |
1986 |
0 |
0 |
0 |
T26 |
0 |
10 |
0 |
0 |
T27 |
0 |
10 |
0 |
0 |
T28 |
33450 |
0 |
0 |
0 |
T29 |
4213 |
0 |
0 |
0 |
T30 |
27749 |
0 |
0 |
0 |
FpvSecCmReqFifoRptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
0 |
0 |
0 |
FpvSecCmReqFifoWptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
0 |
0 |
0 |
FpvSecCmRspFifoRptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
70 |
0 |
0 |
T5 |
11232 |
10 |
0 |
0 |
T6 |
28229 |
0 |
0 |
0 |
T13 |
1154 |
0 |
0 |
0 |
T14 |
723 |
0 |
0 |
0 |
T15 |
16365 |
20 |
0 |
0 |
T16 |
0 |
20 |
0 |
0 |
T21 |
6692 |
0 |
0 |
0 |
T25 |
1986 |
0 |
0 |
0 |
T26 |
0 |
10 |
0 |
0 |
T27 |
0 |
10 |
0 |
0 |
T28 |
33450 |
0 |
0 |
0 |
T29 |
4213 |
0 |
0 |
0 |
T30 |
27749 |
0 |
0 |
0 |
FpvSecCmRspFifoWptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
70 |
0 |
0 |
T5 |
11232 |
10 |
0 |
0 |
T6 |
28229 |
0 |
0 |
0 |
T13 |
1154 |
0 |
0 |
0 |
T14 |
723 |
0 |
0 |
0 |
T15 |
16365 |
20 |
0 |
0 |
T16 |
0 |
20 |
0 |
0 |
T21 |
6692 |
0 |
0 |
0 |
T25 |
1986 |
0 |
0 |
0 |
T26 |
0 |
10 |
0 |
0 |
T27 |
0 |
10 |
0 |
0 |
T28 |
33450 |
0 |
0 |
0 |
T29 |
4213 |
0 |
0 |
0 |
T30 |
27749 |
0 |
0 |
0 |
FpvSecCmSramReqFifoRptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
0 |
0 |
0 |
FpvSecCmSramReqFifoWptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
0 |
0 |
0 |
NonceWidthsLessThanSource_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
893 |
893 |
0 |
0 |
T1 |
1 |
1 |
0 |
0 |
T2 |
1 |
1 |
0 |
0 |
T3 |
1 |
1 |
0 |
0 |
T4 |
1 |
1 |
0 |
0 |
T5 |
1 |
1 |
0 |
0 |
T8 |
1 |
1 |
0 |
0 |
T9 |
1 |
1 |
0 |
0 |
T10 |
1 |
1 |
0 |
0 |
T11 |
1 |
1 |
0 |
0 |
T12 |
1 |
1 |
0 |
0 |
RamTlOutKnown_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
322303845 |
0 |
0 |
T1 |
1623 |
1567 |
0 |
0 |
T2 |
9045 |
8990 |
0 |
0 |
T3 |
4225 |
4148 |
0 |
0 |
T4 |
32061 |
31902 |
0 |
0 |
T5 |
11232 |
8552 |
0 |
0 |
T8 |
18819 |
18746 |
0 |
0 |
T9 |
5321 |
5243 |
0 |
0 |
T10 |
28255 |
28199 |
0 |
0 |
T11 |
1354 |
1292 |
0 |
0 |
T12 |
2447 |
2383 |
0 |
0 |
RamTlOutPayLoadKnown_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
133031396 |
0 |
0 |
T2 |
9045 |
2704 |
0 |
0 |
T3 |
4225 |
765 |
0 |
0 |
T4 |
32061 |
2271 |
0 |
0 |
T5 |
11232 |
527 |
0 |
0 |
T6 |
0 |
2776 |
0 |
0 |
T8 |
18819 |
8581 |
0 |
0 |
T9 |
5321 |
2379 |
0 |
0 |
T10 |
28255 |
9099 |
0 |
0 |
T11 |
1354 |
0 |
0 |
0 |
T12 |
2447 |
0 |
0 |
0 |
T21 |
6692 |
3253 |
0 |
0 |
T28 |
0 |
13703 |
0 |
0 |
RamTlOutPayLoadKnown_AKnownEnable
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
322303845 |
0 |
0 |
T1 |
1623 |
1567 |
0 |
0 |
T2 |
9045 |
8990 |
0 |
0 |
T3 |
4225 |
4148 |
0 |
0 |
T4 |
32061 |
31902 |
0 |
0 |
T5 |
11232 |
8552 |
0 |
0 |
T8 |
18819 |
18746 |
0 |
0 |
T9 |
5321 |
5243 |
0 |
0 |
T10 |
28255 |
28199 |
0 |
0 |
T11 |
1354 |
1292 |
0 |
0 |
T12 |
2447 |
2383 |
0 |
0 |
RegsTlOutKnown_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
322303845 |
0 |
0 |
T1 |
1623 |
1567 |
0 |
0 |
T2 |
9045 |
8990 |
0 |
0 |
T3 |
4225 |
4148 |
0 |
0 |
T4 |
32061 |
31902 |
0 |
0 |
T5 |
11232 |
8552 |
0 |
0 |
T8 |
18819 |
18746 |
0 |
0 |
T9 |
5321 |
5243 |
0 |
0 |
T10 |
28255 |
28199 |
0 |
0 |
T11 |
1354 |
1292 |
0 |
0 |
T12 |
2447 |
2383 |
0 |
0 |
SramOtpKeyKnown_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
322303845 |
0 |
0 |
T1 |
1623 |
1567 |
0 |
0 |
T2 |
9045 |
8990 |
0 |
0 |
T3 |
4225 |
4148 |
0 |
0 |
T4 |
32061 |
31902 |
0 |
0 |
T5 |
11232 |
8552 |
0 |
0 |
T8 |
18819 |
18746 |
0 |
0 |
T9 |
5321 |
5243 |
0 |
0 |
T10 |
28255 |
28199 |
0 |
0 |
T11 |
1354 |
1292 |
0 |
0 |
T12 |
2447 |
2383 |
0 |
0 |
TlulGntIsCorrect_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
322406092 |
65737425 |
0 |
0 |
T2 |
9045 |
637 |
0 |
0 |
T3 |
4225 |
833 |
0 |
0 |
T4 |
32061 |
659 |
0 |
0 |
T5 |
11232 |
0 |
0 |
0 |
T6 |
0 |
811 |
0 |
0 |
T8 |
18819 |
4680 |
0 |
0 |
T9 |
5321 |
2379 |
0 |
0 |
T10 |
28255 |
4868 |
0 |
0 |
T11 |
1354 |
0 |
0 |
0 |
T12 |
2447 |
0 |
0 |
0 |
T21 |
6692 |
3545 |
0 |
0 |
T28 |
0 |
5410 |
0 |
0 |
T29 |
0 |
1547 |
0 |
0 |