Line Coverage for Module :
sram_ctrl
| Line No. | Total | Covered | Percent |
TOTAL | | 52 | 52 | 100.00 |
CONT_ASSIGN | 132 | 1 | 1 | 100.00 |
CONT_ASSIGN | 140 | 1 | 1 | 100.00 |
CONT_ASSIGN | 143 | 1 | 1 | 100.00 |
CONT_ASSIGN | 147 | 1 | 1 | 100.00 |
CONT_ASSIGN | 151 | 1 | 1 | 100.00 |
CONT_ASSIGN | 155 | 1 | 1 | 100.00 |
CONT_ASSIGN | 158 | 1 | 1 | 100.00 |
CONT_ASSIGN | 190 | 1 | 1 | 100.00 |
CONT_ASSIGN | 192 | 1 | 1 | 100.00 |
CONT_ASSIGN | 200 | 1 | 1 | 100.00 |
CONT_ASSIGN | 208 | 1 | 1 | 100.00 |
CONT_ASSIGN | 218 | 1 | 1 | 100.00 |
CONT_ASSIGN | 227 | 1 | 1 | 100.00 |
CONT_ASSIGN | 232 | 1 | 1 | 100.00 |
ALWAYS | 236 | 3 | 3 | 100.00 |
CONT_ASSIGN | 248 | 1 | 1 | 100.00 |
CONT_ASSIGN | 249 | 1 | 1 | 100.00 |
CONT_ASSIGN | 273 | 1 | 1 | 100.00 |
CONT_ASSIGN | 274 | 1 | 1 | 100.00 |
CONT_ASSIGN | 285 | 1 | 1 | 100.00 |
CONT_ASSIGN | 290 | 1 | 1 | 100.00 |
CONT_ASSIGN | 294 | 1 | 1 | 100.00 |
CONT_ASSIGN | 295 | 1 | 1 | 100.00 |
CONT_ASSIGN | 299 | 1 | 1 | 100.00 |
CONT_ASSIGN | 300 | 1 | 1 | 100.00 |
CONT_ASSIGN | 304 | 1 | 1 | 100.00 |
CONT_ASSIGN | 305 | 1 | 1 | 100.00 |
ALWAYS | 308 | 11 | 11 | 100.00 |
CONT_ASSIGN | 352 | 1 | 1 | 100.00 |
CONT_ASSIGN | 395 | 1 | 1 | 100.00 |
CONT_ASSIGN | 472 | 1 | 1 | 100.00 |
CONT_ASSIGN | 513 | 1 | 1 | 100.00 |
CONT_ASSIGN | 519 | 1 | 1 | 100.00 |
CONT_ASSIGN | 520 | 1 | 1 | 100.00 |
CONT_ASSIGN | 521 | 1 | 1 | 100.00 |
CONT_ASSIGN | 522 | 1 | 1 | 100.00 |
CONT_ASSIGN | 523 | 1 | 1 | 100.00 |
CONT_ASSIGN | 524 | 1 | 1 | 100.00 |
CONT_ASSIGN | 535 | 1 | 1 | 100.00 |
CONT_ASSIGN | 574 | 1 | 1 | 100.00 |
131 logic unused_nonce;
132 1/1 assign unused_nonce = ^nonce_q[otp_ctrl_pkg::SramNonceWidth-1:NonceWidth];
Tests: T1 T2 T3
133 end
134
135 //////////////////
136 // Alert Sender //
137 //////////////////
138
139 logic alert_test;
140 1/1 assign alert_test = reg2hw.alert_test.q & reg2hw.alert_test.qe;
Tests: T1 T2 T3
141
142 assign hw2reg.status.bus_integ_error.d = 1'b1;
143 1/1 assign hw2reg.status.bus_integ_error.de = |bus_integ_error;
Tests: T1 T2 T3
144
145 logic init_error;
146 assign hw2reg.status.init_error.d = 1'b1;
147 1/1 assign hw2reg.status.init_error.de = init_error;
Tests: T1 T2 T3
148
149 logic readback_error;
150 assign hw2reg.status.readback_error.d = 1'b1;
151 1/1 assign hw2reg.status.readback_error.de = readback_error;
Tests: T1 T2 T3
152
153 logic sram_alert;
154 assign hw2reg.status.sram_alert.d = 1'b1;
155 1/1 assign hw2reg.status.sram_alert.de = sram_alert;
Tests: T1 T2 T3
156
157 logic alert_req;
158 1/1 assign alert_req = (|bus_integ_error) | init_error | readback_error | sram_alert;
Tests: T1 T2 T3
159
160 prim_alert_sender #(
161 .AsyncOn(AlertAsyncOn[0]),
162 .IsFatal(1)
163 ) u_prim_alert_sender_parity (
164 .clk_i,
165 .rst_ni,
166 .alert_test_i ( alert_test ),
167 .alert_req_i ( alert_req ),
168 .alert_ack_o ( ),
169 .alert_state_o ( ),
170 .alert_rx_i ( alert_rx_i[0] ),
171 .alert_tx_o ( alert_tx_o[0] )
172 );
173
174 /////////////////////////
175 // Escalation Triggers //
176 /////////////////////////
177
178 lc_tx_t [1:0] escalate_en;
179 prim_lc_sync #(
180 .NumCopies (2)
181 ) u_prim_lc_sync (
182 .clk_i,
183 .rst_ni,
184 .lc_en_i (lc_escalate_en_i),
185 .lc_en_o (escalate_en)
186 );
187
188 // SEC_CM: KEY.GLOBAL_ESC
189 logic escalate;
190 1/1 assign escalate = lc_tx_test_true_loose(escalate_en[0]);
Tests: T1 T2 T3
191 assign hw2reg.status.escalated.d = 1'b1;
192 1/1 assign hw2reg.status.escalated.de = escalate;
Tests: T1 T2 T3
193
194 // SEC_CM: KEY.LOCAL_ESC
195 // Aggregate external and internal escalation sources.
196 // This is used in countermeasures further below (key reset and transaction blocking).
197 logic local_esc, local_esc_reg;
198 // This signal only aggregates registered escalation signals and is used for transaction
199 // blocking further below, which is on a timing-critical path.
200 1/1 assign local_esc_reg = reg2hw.status.escalated.q |
Tests: T1 T2 T3
201 reg2hw.status.init_error.q |
202 reg2hw.status.bus_integ_error.q |
203 reg2hw.status.sram_alert.q |
204 reg2hw.status.readback_error.q;
205 // This signal aggregates all escalation trigger signals, including the ones that are generated
206 // in the same cycle such as init_error, sram alert, and bus_integ_error. It is used for
207 // countermeasures that are not on the critical path (such as clearing the scrambling keys).
208 1/1 assign local_esc = escalate |
Tests: T1 T2 T3
209 init_error |
210 (|bus_integ_error) |
211 sram_alert |
212 readback_error |
213 local_esc_reg;
214
215 // Convert registered, local escalation sources to a multibit signal and combine this with
216 // the incoming escalation enable signal before feeding into the TL-UL gate further below.
217 lc_tx_t lc_tlul_gate_en;
218 1/1 assign lc_tlul_gate_en = lc_tx_inv(lc_tx_or_hi(escalate_en[1],
Tests: T1 T2 T3
219 lc_tx_bool_to_lc_tx(local_esc_reg)));
220 ///////////////////////
221 // HW Initialization //
222 ///////////////////////
223
224 // A write to the init register reloads the LFSR seed, resets the init counter and
225 // sets init_q to flag a pending initialization request.
226 logic init_trig, init_q;
227 1/1 assign init_trig = reg2hw.ctrl.init.q &&
Tests: T1 T2 T3
228 reg2hw.ctrl.init.qe &&
229 !init_q; // Ignore new requests while memory init is already pending.
230
231 logic init_d, init_done;
232 1/1 assign init_d = (init_done) ? 1'b0 :
Tests: T1 T2 T3
233 (init_trig) ? 1'b1 : init_q;
234
235 always_ff @(posedge clk_i or negedge rst_ni) begin : p_init_reg
236 1/1 if(!rst_ni) begin
Tests: T1 T2 T3
237 1/1 init_q <= 1'b0;
Tests: T1 T2 T3
238 end else begin
239 1/1 init_q <= init_d;
Tests: T1 T2 T3
240 end
241 end
242
243 // This waits until the scrambling keys are actually valid (this allows the SW to trigger
244 // key renewal and initialization at the same time).
245 logic init_req;
246 logic [AddrWidth-1:0] init_cnt;
247 logic key_req_pending_d, key_req_pending_q;
248 1/1 assign init_req = init_q & ~key_req_pending_q;
Tests: T1 T2 T3
249 1/1 assign init_done = (init_cnt == AddrWidth'(Depth - 1)) & init_req;
Tests: T1 T2 T3
250
251 // We employ two redundant counters to guard against FI attacks.
252 // If any of the two is glitched and the two counter states do not agree,
253 // we trigger an alert.
254 // SEC_CM: INIT.CTR.REDUN
255 prim_count #(
256 .Width(AddrWidth)
257 ) u_prim_count (
258 .clk_i,
259 .rst_ni,
260 .clr_i(init_trig),
261 .set_i(1'b0),
262 .set_cnt_i('0),
263 .incr_en_i(init_req),
264 .decr_en_i(1'b0),
265 .step_i(AddrWidth'(1)),
266 .commit_i(1'b1),
267 .cnt_o(init_cnt),
268 .cnt_after_commit_o(),
269 .err_o(init_error)
270 );
271
272 // Clear this bit on local escalation.
273 1/1 assign hw2reg.status.init_done.d = init_done & ~init_trig & ~local_esc;
Tests: T1 T2 T3
274 1/1 assign hw2reg.status.init_done.de = init_done | init_trig | local_esc;
Tests: T1 T2 T3
275
276 ////////////////////////////
277 // Scrambling Key Request //
278 ////////////////////////////
279
280 // The scrambling key and nonce have to be requested from the OTP controller via a req/ack
281 // protocol. Since the OTP controller works in a different clock domain, we have to synchronize
282 // the req/ack protocol as described in more details here:
283 // https://docs.opentitan.org/hw/ip/otp_ctrl/doc/index.html#interfaces-to-sram-and-otbn-scramblers
284 logic key_req, key_ack;
285 1/1 assign key_req = reg2hw.ctrl.renew_scr_key.q &&
Tests: T1 T2 T3
286 reg2hw.ctrl.renew_scr_key.qe &&
287 !key_req_pending_q && // Ignore new requests while a request is already pending.
288 !init_q; // Ignore new requests while memory init is already pending.
289
290 1/1 assign key_req_pending_d = (key_req) ? 1'b1 :
Tests: T1 T2 T3
291 (key_ack) ? 1'b0 : key_req_pending_q;
292
293 // Clear this bit on local escalation.
294 1/1 assign hw2reg.status.scr_key_valid.d = key_ack & ~key_req & ~local_esc;
Tests: T1 T2 T3
295 1/1 assign hw2reg.status.scr_key_valid.de = key_req | key_ack | local_esc;
Tests: T1 T2 T3
296
297 // As opposed to scr_key_valid, SW is responsible for clearing this register.
298 // It is not automatically cleared by HW, except when escalating.
299 1/1 assign hw2reg.scr_key_rotated.d = (key_ack & ~local_esc) ? MuBi4True : MuBi4False;
Tests: T1 T2 T3
300 1/1 assign hw2reg.scr_key_rotated.de = key_ack | local_esc;
Tests: T1 T2 T3
301
302 // Clear this bit on local escalation.
303 logic key_seed_valid;
304 1/1 assign hw2reg.status.scr_key_seed_valid.d = key_seed_valid & ~local_esc;
Tests: T1 T2 T3
305 1/1 assign hw2reg.status.scr_key_seed_valid.de = key_ack | local_esc;
Tests: T1 T2 T3
306
307 always_ff @(posedge clk_i or negedge rst_ni) begin : p_regs
308 1/1 if (!rst_ni) begin
Tests: T1 T2 T3
309 1/1 key_req_pending_q <= 1'b0;
Tests: T1 T2 T3
310 // reset case does not use buffered values as the
311 // reset value will be directly encoded into flop types
312 1/1 key_q <= RndCnstSramKey;
Tests: T1 T2 T3
313 1/1 nonce_q <= RndCnstSramNonce;
Tests: T1 T2 T3
314 end else begin
315 1/1 key_req_pending_q <= key_req_pending_d;
Tests: T1 T2 T3
316 1/1 if (key_ack) begin
Tests: T1 T2 T3
317 1/1 key_q <= key_d;
Tests: T1 T2 T4
318 1/1 nonce_q <= nonce_d;
Tests: T1 T2 T4
319 end
MISSING_ELSE
320 // This scraps the keys.
321 // SEC_CM: KEY.GLOBAL_ESC
322 // SEC_CM: KEY.LOCAL_ESC
323 1/1 if (local_esc) begin
Tests: T1 T2 T3
324 1/1 key_q <= cnst_sram_key;
Tests: T4 T6 T7
325 1/1 nonce_q <= cnst_sram_nonce;
Tests: T4 T6 T7
326 end
MISSING_ELSE
327 end
328 end
329
330 prim_sync_reqack_data #(
331 .Width($bits(otp_ctrl_pkg::sram_otp_key_rsp_t)-1),
332 .DataSrc2Dst(1'b0)
333 ) u_prim_sync_reqack_data (
334 .clk_src_i ( clk_i ),
335 .rst_src_ni ( rst_ni ),
336 .clk_dst_i ( clk_otp_i ),
337 .rst_dst_ni ( rst_otp_ni ),
338 .req_chk_i ( 1'b1 ),
339 .src_req_i ( key_req_pending_q ),
340 .src_ack_o ( key_ack ),
341 .dst_req_o ( sram_otp_key_o.req ),
342 .dst_ack_i ( sram_otp_key_i.ack ),
343 .data_i ( {sram_otp_key_i.key,
344 sram_otp_key_i.nonce,
345 sram_otp_key_i.seed_valid} ),
346 .data_o ( {key_d,
347 nonce_d,
348 key_seed_valid} )
349 );
350
351 logic unused_csr_sigs;
352 1/1 assign unused_csr_sigs = ^{reg2hw.status.init_done.q,
Tests: T1 T2 T3
353 reg2hw.status.scr_key_seed_valid.q};
354
355 ////////////////////
356 // SRAM Execution //
357 ////////////////////
358
359 mubi4_t en_ifetch;
360 if (InstrExec) begin : gen_instr_ctrl
361 lc_tx_t lc_hw_debug_en;
362 prim_lc_sync #(
363 .NumCopies (1)
364 ) u_prim_lc_sync_hw_debug_en (
365 .clk_i,
366 .rst_ni,
367 .lc_en_i (lc_hw_debug_en_i),
368 .lc_en_o ({lc_hw_debug_en})
369 );
370
371 mubi8_t otp_en_sram_ifetch;
372 prim_mubi8_sync #(
373 .NumCopies (1)
374 ) u_prim_mubi8_sync_otp_en_sram_ifetch (
375 .clk_i,
376 .rst_ni,
377 .mubi_i(otp_en_sram_ifetch_i),
378 .mubi_o({otp_en_sram_ifetch})
379 );
380
381 mubi4_t lc_ifetch_en;
382 mubi4_t reg_ifetch_en;
383 // SEC_CM: INSTR.BUS.LC_GATED
384 assign lc_ifetch_en = lc_to_mubi4(lc_hw_debug_en);
385 // SEC_CM: EXEC.CONFIG.MUBI
386 assign reg_ifetch_en = mubi4_t'(reg2hw.exec.q);
387 // SEC_CM: EXEC.INTERSIG.MUBI
388 assign en_ifetch = (mubi8_test_true_strict(otp_en_sram_ifetch)) ? reg_ifetch_en :
389 lc_ifetch_en;
390 end else begin : gen_tieoff
391 assign en_ifetch = MuBi4False;
392
393 // tie off unused signals
394 logic unused_sigs;
395 1/1 assign unused_sigs = ^{lc_hw_debug_en_i,
Tests: T1 T2 T3
396 reg2hw.exec.q,
397 otp_en_sram_ifetch_i};
398 end
399
400 /////////////////////////
401 // Initialization LFSR //
402 /////////////////////////
403
404 logic [LfsrWidth-1:0] lfsr_out;
405 prim_lfsr #(
406 .LfsrDw ( LfsrWidth ),
407 .EntropyDw ( LfsrWidth ),
408 .StateOutDw ( LfsrWidth ),
409 .DefaultSeed ( RndCnstLfsrSeed ),
410 .StatePermEn ( 1'b1 ),
411 .StatePerm ( RndCnstLfsrPerm )
412 ) u_lfsr (
413 .clk_i,
414 .rst_ni,
415 .lfsr_en_i(init_req),
416 .seed_en_i(init_trig),
417 .seed_i(nonce_q[NonceWidth +: LfsrWidth]),
418 .entropy_i('0),
419 .state_o(lfsr_out)
420 );
421
422 // Compute the correct integrity alongside for the pseudo-random initialization values.
423 logic [DataWidth - 1 :0] lfsr_out_integ;
424 tlul_data_integ_enc u_tlul_data_integ_enc (
425 .data_i(lfsr_out),
426 .data_intg_o(lfsr_out_integ)
427 );
428
429 ////////////////////////////
430 // SRAM TL-UL Access Gate //
431 ////////////////////////////
432
433 logic tl_gate_resp_pending;
434 tlul_pkg::tl_h2d_t ram_tl_in_gated;
435 tlul_pkg::tl_d2h_t ram_tl_out_gated;
436
437 // SEC_CM: RAM_TL_LC_GATE.FSM.SPARSE
438 tlul_lc_gate #(
439 .NumGatesPerDirection(2)
440 ) u_tlul_lc_gate (
441 .clk_i,
442 .rst_ni,
443 .tl_h2d_i(ram_tl_i),
444 .tl_d2h_o(ram_tl_o),
445 .tl_h2d_o(ram_tl_in_gated),
446 .tl_d2h_i(ram_tl_out_gated),
447 .flush_req_i('0),
448 .flush_ack_o(),
449 .resp_pending_o(tl_gate_resp_pending),
450 .lc_en_i (lc_tlul_gate_en),
451 .err_o (bus_integ_error[2])
452 );
453
454 /////////////////////////////////
455 // SRAM with scrambling device //
456 /////////////////////////////////
457
458 logic tlul_req, tlul_gnt, tlul_we;
459 logic [AddrWidth-1:0] tlul_addr;
460 logic [DataWidth-1:0] tlul_wdata, tlul_wmask;
461
462 logic sram_intg_error, sram_req, sram_gnt, sram_we, sram_rvalid;
463 logic [AddrWidth-1:0] sram_addr;
464 logic [DataWidth-1:0] sram_wdata, sram_wmask, sram_rdata;
465 logic sram_wpending, sram_wr_collision;
466
467 logic sram_compound_txn_in_progress;
468
469
470 // // SEC_CM: MEM.READBACK
471 mubi4_t reg_readback_en;
472 1/1 assign reg_readback_en = mubi4_t'(reg2hw.readback.q);
Tests: T1 T2 T3
473
474 tlul_adapter_sram #(
475 .SramAw(AddrWidth),
476 .SramDw(DataWidth - tlul_pkg::DataIntgWidth),
477 .Outstanding(2),
478 .ByteAccess(1),
479 .CmdIntgCheck(1),
480 .EnableRspIntgGen(1),
481 .EnableDataIntgGen(0),
482 .EnableDataIntgPt(1), // SEC_CM: MEM.INTEGRITY
483 .SecFifoPtr (1), // SEC_CM: TLUL_FIFO.CTR.REDUN
484 .EnableReadback (1) // SEC_CM: MEM.READBACK
485 ) u_tlul_adapter_sram (
486 .clk_i,
487 .rst_ni,
488 .tl_i (ram_tl_in_gated),
489 .tl_o (ram_tl_out_gated),
490 .en_ifetch_i (en_ifetch),
491 .req_o (tlul_req),
492 .req_type_o (),
493 .gnt_i (tlul_gnt),
494 .we_o (tlul_we),
495 .addr_o (tlul_addr),
496 .wdata_o (tlul_wdata),
497 .wmask_o (tlul_wmask),
498 // SEC_CM: BUS.INTEGRITY
499 .intg_error_o (bus_integ_error[1]),
500 .rdata_i (sram_rdata),
501 .rvalid_i (sram_rvalid),
502 .rerror_i ('0),
503 .compound_txn_in_progress_o (sram_compound_txn_in_progress),
504 .readback_en_i (reg_readback_en),
505 .readback_error_o (readback_error),
506 .wr_collision_i (sram_wr_collision),
507 .write_pending_i (sram_wpending)
508 );
509
510 logic key_valid;
511
512 // Interposing mux logic for initialization with pseudo random data.
513 1/1 assign sram_req = tlul_req | init_req;
Tests: T1 T2 T3
514 // This grant signal acts more like a ready internally in tlul_adapter_sram. In particular it's
515 // fine to assert it when tlul_req is low (it has no effect). So here tlul_gnt is asserted when
516 // a request from tlul_req will be granted regardless of whether a request exists. This is done
517 // for timing reasons so that the output TL ready isn't combinatorially connected to the incoming
518 // TL valid. In particular we must not use `sram_gnt` in the expression to avoid this.
519 1/1 assign tlul_gnt = key_valid & ~init_req;
Tests: T1 T2 T3
520 1/1 assign sram_we = tlul_we | init_req;
Tests: T1 T2 T3
521 1/1 assign sram_intg_error = |bus_integ_error[2:1] & ~init_req;
Tests: T1 T2 T3
522 1/1 assign sram_addr = (init_req) ? init_cnt : tlul_addr;
Tests: T1 T2 T3
523 1/1 assign sram_wdata = (init_req) ? lfsr_out_integ : tlul_wdata;
Tests: T1 T2 T3
524 1/1 assign sram_wmask = (init_req) ? {DataWidth{1'b1}} : tlul_wmask;
Tests: T1 T2 T3
525
526 // The SRAM scrambling wrapper will not accept any transactions while the
527 // key req is pending or if we have escalated. Note that we're not using
528 // the scr_key_valid CSR here, such that the SRAM can be used right after
529 // reset, where the keys are reset to the default netlist constant.
530 //
531 // If we have escalated, but there is a pending request in the TL gate, we may have a pending
532 // read-modify-write transaction or readback in the SRAM adapter. In that case we force key_valid
533 // high to enable that to complete so it returns a response, the TL gate won't accept any new
534 // transactions and the SRAM keys have been clobbered already.
535 1/1 assign key_valid =
Tests: T1 T2 T3
536 (key_req_pending_q) ? 1'b0 :
537 (reg2hw.status.escalated.q) ? (tl_gate_resp_pending & sram_compound_txn_in_progress) : 1'b1;
538
539 // SEC_CM: MEM.SCRAMBLE, ADDR.SCRAMBLE
540 prim_ram_1p_scr #(
541 .Width(DataWidth),
542 .Depth(Depth),
543 .EnableParity(0),
544 .DataBitsPerMask(DataWidth),
545 .NumPrinceRoundsHalf(NumPrinceRoundsHalf)
546 ) u_prim_ram_1p_scr (
547 .clk_i,
548 .rst_ni,
549
550 .key_valid_i (key_valid),
551 .key_i (key_q),
552 .nonce_i (nonce_q[NonceWidth-1:0]),
553
554 .req_i (sram_req),
555 .intg_error_i (sram_intg_error),
556 .gnt_o (sram_gnt),
557 .write_i (sram_we),
558 .addr_i (sram_addr),
559 .wdata_i (sram_wdata),
560 .wmask_i (sram_wmask),
561 .rdata_o (sram_rdata),
562 .rvalid_o (sram_rvalid),
563 .rerror_o ( ),
564 .raddr_o ( ),
565 .cfg_i,
566 .wr_collision_o (sram_wr_collision),
567 .write_pending_o (sram_wpending),
568 .alert_o (sram_alert)
569 );
570
571 logic unused_sram_gnt;
572 // Ignore sram_gnt signal to avoid creating a bad timing path, see comment on `tlul_gnt` above for
573 // more details.
574 1/1 assign unused_sram_gnt = sram_gnt;
Tests: T1 T2 T3
Cond Coverage for Module :
sram_ctrl
| Total | Covered | Percent |
Conditions | 101 | 91 | 90.10 |
Logical | 101 | 91 | 90.10 |
Non-Logical | 0 | 0 | |
Event | 0 | 0 | |
LINE 140
EXPRESSION (reg2hw.alert_test.q & reg2hw.alert_test.qe)
---------1--------- ----------2---------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T3,T13,T14 |
1 | 0 | Covered | T1,T2,T3 |
1 | 1 | Covered | T3,T13,T14 |
LINE 158
EXPRESSION (((|bus_integ_error)) | init_error | readback_error | sram_alert)
----------1--------- -----2---- -------3------ -----4----
-1- | -2- | -3- | -4- | Status | Tests |
0 | 0 | 0 | 0 | Covered | T1,T2,T3 |
0 | 0 | 0 | 1 | Not Covered | |
0 | 0 | 1 | 0 | Covered | T4,T15,T16 |
0 | 1 | 0 | 0 | Covered | T7,T17,T18 |
1 | 0 | 0 | 0 | Covered | T7,T17,T18 |
LINE 200
EXPRESSION
Number Term
1 reg2hw.status.escalated.q |
2 reg2hw.status.init_error.q |
3 reg2hw.status.bus_integ_error.q |
4 reg2hw.status.sram_alert.q |
5 reg2hw.status.readback_error.q)
-1- | -2- | -3- | -4- | -5- | Status | Tests |
0 | 0 | 0 | 0 | 0 | Covered | T1,T2,T3 |
0 | 0 | 0 | 0 | 1 | Covered | T4,T15,T16 |
0 | 0 | 0 | 1 | 0 | Not Covered | |
0 | 0 | 1 | 0 | 0 | Covered | T7,T17,T18 |
0 | 1 | 0 | 0 | 0 | Covered | T7,T17,T18 |
1 | 0 | 0 | 0 | 0 | Covered | T6,T8,T9 |
LINE 208
EXPRESSION (escalate | init_error | ((|bus_integ_error)) | sram_alert | readback_error | local_esc_reg)
----1--- -----2---- ----------3--------- -----4---- -------5------ ------6------
-1- | -2- | -3- | -4- | -5- | -6- | Status | Tests |
0 | 0 | 0 | 0 | 0 | 0 | Covered | T1,T2,T3 |
0 | 0 | 0 | 0 | 0 | 1 | Covered | T6,T7,T8 |
0 | 0 | 0 | 0 | 1 | 0 | Covered | T4,T15,T16 |
0 | 0 | 0 | 1 | 0 | 0 | Not Covered | |
0 | 0 | 1 | 0 | 0 | 0 | Covered | T7,T17,T18 |
0 | 1 | 0 | 0 | 0 | 0 | Covered | T7,T17,T18 |
1 | 0 | 0 | 0 | 0 | 0 | Covered | T6,T8,T9 |
LINE 227
EXPRESSION (reg2hw.ctrl.init.q && reg2hw.ctrl.init.qe && ((!init_q)))
---------1-------- ---------2--------- -----3-----
-1- | -2- | -3- | Status | Tests |
0 | 1 | 1 | Covered | T6,T8,T9 |
1 | 0 | 1 | Covered | T1,T2,T4 |
1 | 1 | 0 | Not Covered | |
1 | 1 | 1 | Covered | T1,T2,T4 |
LINE 232
EXPRESSION (init_done ? 1'b0 : (init_trig ? 1'b1 : init_q))
----1----
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T4 |
LINE 232
SUB-EXPRESSION (init_trig ? 1'b1 : init_q)
----1----
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T4 |
LINE 248
EXPRESSION (init_q & ((~key_req_pending_q)))
---1-- -----------2----------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T2,T3 |
1 | 0 | Covered | T1,T2,T4 |
1 | 1 | Covered | T1,T2,T4 |
LINE 249
EXPRESSION ((init_cnt == 10'((Depth - 1))) & init_req)
---------------1-------------- ----2---
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T2,T4 |
1 | 0 | Covered | T1,T2,T4 |
1 | 1 | Covered | T1,T2,T4 |
LINE 249
SUB-EXPRESSION (init_cnt == 10'((Depth - 1)))
---------------1--------------
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T4 |
LINE 273
EXPRESSION (init_done & ((~init_trig)) & ((~local_esc)))
----1---- -------2------ -------3------
-1- | -2- | -3- | Status | Tests |
0 | 1 | 1 | Covered | T1,T2,T3 |
1 | 0 | 1 | Not Covered | |
1 | 1 | 0 | Covered | T6,T8,T9 |
1 | 1 | 1 | Covered | T1,T2,T4 |
LINE 274
EXPRESSION (init_done | init_trig | local_esc)
----1---- ----2---- ----3----
-1- | -2- | -3- | Status | Tests |
0 | 0 | 0 | Covered | T1,T2,T3 |
0 | 0 | 1 | Covered | T4,T6,T7 |
0 | 1 | 0 | Covered | T1,T2,T4 |
1 | 0 | 0 | Covered | T1,T2,T4 |
LINE 285
EXPRESSION (reg2hw.ctrl.renew_scr_key.q && reg2hw.ctrl.renew_scr_key.qe && ((!key_req_pending_q)) && ((!init_q)))
-------------1------------- --------------2------------- -----------3---------- -----4-----
-1- | -2- | -3- | -4- | Status | Tests |
0 | 1 | 1 | 1 | Covered | T19,T20,T21 |
1 | 0 | 1 | 1 | Covered | T1,T2,T4 |
1 | 1 | 0 | 1 | Not Covered | |
1 | 1 | 1 | 0 | Not Covered | |
1 | 1 | 1 | 1 | Covered | T1,T2,T4 |
LINE 290
EXPRESSION (key_req ? 1'b1 : (key_ack ? 1'b0 : key_req_pending_q))
---1---
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T4 |
LINE 290
SUB-EXPRESSION (key_ack ? 1'b0 : key_req_pending_q)
---1---
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T4 |
LINE 294
EXPRESSION (key_ack & ((~key_req)) & ((~local_esc)))
---1--- ------2----- -------3------
-1- | -2- | -3- | Status | Tests |
0 | 1 | 1 | Covered | T1,T2,T3 |
1 | 0 | 1 | Not Covered | |
1 | 1 | 0 | Covered | T6,T8,T9 |
1 | 1 | 1 | Covered | T1,T2,T4 |
LINE 295
EXPRESSION (key_req | key_ack | local_esc)
---1--- ---2--- ----3----
-1- | -2- | -3- | Status | Tests |
0 | 0 | 0 | Covered | T1,T2,T3 |
0 | 0 | 1 | Covered | T4,T6,T7 |
0 | 1 | 0 | Covered | T1,T2,T4 |
1 | 0 | 0 | Covered | T1,T2,T4 |
LINE 299
EXPRESSION ((key_ack & ((~local_esc))) ? MuBi4True : MuBi4False)
-------------1------------
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T4 |
LINE 299
SUB-EXPRESSION (key_ack & ((~local_esc)))
---1--- -------2------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T2,T3 |
1 | 0 | Covered | T6,T8,T9 |
1 | 1 | Covered | T1,T2,T4 |
LINE 300
EXPRESSION (key_ack | local_esc)
---1--- ----2----
-1- | -2- | Status | Tests |
0 | 0 | Covered | T1,T2,T3 |
0 | 1 | Covered | T4,T6,T7 |
1 | 0 | Covered | T1,T2,T4 |
LINE 304
EXPRESSION (key_seed_valid & ((~local_esc)))
-------1------ -------2------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T2,T4 |
1 | 0 | Covered | T6,T8,T15 |
1 | 1 | Covered | T4,T6,T12 |
LINE 305
EXPRESSION (key_ack | local_esc)
---1--- ----2----
-1- | -2- | Status | Tests |
0 | 0 | Covered | T1,T2,T3 |
0 | 1 | Covered | T4,T6,T7 |
1 | 0 | Covered | T1,T2,T4 |
LINE 513
EXPRESSION (tlul_req | init_req)
----1--- ----2---
-1- | -2- | Status | Tests |
0 | 0 | Covered | T1,T2,T3 |
0 | 1 | Covered | T1,T2,T4 |
1 | 0 | Covered | T2,T4,T5 |
LINE 519
EXPRESSION (key_valid & ((~init_req)))
----1---- ------2------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T2,T4 |
1 | 0 | Covered | T1,T2,T4 |
1 | 1 | Covered | T1,T2,T3 |
LINE 520
EXPRESSION (tlul_we | init_req)
---1--- ----2---
-1- | -2- | Status | Tests |
0 | 0 | Covered | T1,T2,T3 |
0 | 1 | Covered | T1,T2,T4 |
1 | 0 | Covered | T2,T5,T6 |
LINE 521
EXPRESSION (((|bus_integ_error[2:1])) & ((~init_req)))
------------1------------ ------2------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T2,T3 |
1 | 0 | Not Covered | |
1 | 1 | Covered | T7,T17,T18 |
LINE 522
EXPRESSION (init_req ? init_cnt : tlul_addr)
----1---
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T4 |
LINE 523
EXPRESSION (init_req ? lfsr_out_integ : tlul_wdata)
----1---
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T4 |
LINE 524
EXPRESSION (init_req ? ({sram_ctrl_pkg::DataWidth {1'b1}}) : tlul_wmask)
----1---
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T4 |
LINE 535
EXPRESSION (key_req_pending_q ? 1'b0 : (reg2hw.status.escalated.q ? (tl_gate_resp_pending & sram_compound_txn_in_progress) : 1'b1))
--------1--------
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T4 |
LINE 535
SUB-EXPRESSION (reg2hw.status.escalated.q ? (tl_gate_resp_pending & sram_compound_txn_in_progress) : 1'b1)
------------1------------
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T6,T8,T9 |
LINE 535
SUB-EXPRESSION (tl_gate_resp_pending & sram_compound_txn_in_progress)
----------1--------- --------------2--------------
-1- | -2- | Status | Tests |
0 | 1 | Not Covered | |
1 | 0 | Covered | T6,T8,T9 |
1 | 1 | Covered | T6,T8,T9 |
Toggle Coverage for Module :
sram_ctrl
| Total | Covered | Percent |
Totals |
62 |
62 |
100.00 |
Total Bits |
1230 |
1230 |
100.00 |
Total Bits 0->1 |
615 |
615 |
100.00 |
Total Bits 1->0 |
615 |
615 |
100.00 |
| | | |
Ports |
62 |
62 |
100.00 |
Port Bits |
1230 |
1230 |
100.00 |
Port Bits 0->1 |
615 |
615 |
100.00 |
Port Bits 1->0 |
615 |
615 |
100.00 |
Port Details
Name | Toggle | Toggle 1->0 | Tests | Toggle 0->1 | Tests | Direction |
clk_i |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
INPUT |
rst_ni |
Yes |
Yes |
T4,T6,T7 |
Yes |
T1,T2,T3 |
INPUT |
clk_otp_i |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
INPUT |
rst_otp_ni |
Yes |
Yes |
T4,T6,T7 |
Yes |
T1,T2,T3 |
INPUT |
ram_tl_i.d_ready |
Yes |
Yes |
T3,T4,T6 |
Yes |
T1,T2,T3 |
INPUT |
ram_tl_i.a_user.data_intg[6:0] |
Yes |
Yes |
T2,T5,T6 |
Yes |
T2,T5,T6 |
INPUT |
ram_tl_i.a_user.cmd_intg[6:0] |
Yes |
Yes |
T2,T4,T5 |
Yes |
T2,T3,T4 |
INPUT |
ram_tl_i.a_user.instr_type[3:0] |
Yes |
Yes |
T12,T22,T23 |
Yes |
T3,T12,T22 |
INPUT |
ram_tl_i.a_user.rsvd[4:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
ram_tl_i.a_data[31:0] |
Yes |
Yes |
T2,T5,T6 |
Yes |
T2,T5,T6 |
INPUT |
ram_tl_i.a_mask[3:0] |
Yes |
Yes |
T2,T3,T5 |
Yes |
T2,T5,T6 |
INPUT |
ram_tl_i.a_address[31:0] |
Yes |
Yes |
T2,T5,T6 |
Yes |
T2,T5,T6 |
INPUT |
ram_tl_i.a_source[7:0] |
Yes |
Yes |
T2,T4,T5 |
Yes |
T2,T4,T5 |
INPUT |
ram_tl_i.a_size[1:0] |
Yes |
Yes |
T2,T3,T5 |
Yes |
T2,T5,T6 |
INPUT |
ram_tl_i.a_param[2:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
ram_tl_i.a_opcode[2:0] |
Yes |
Yes |
T2,T5,T6 |
Yes |
T2,T5,T6 |
INPUT |
ram_tl_i.a_valid |
Yes |
Yes |
T2,T4,T5 |
Yes |
T2,T4,T5 |
INPUT |
ram_tl_o.a_ready |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
OUTPUT |
ram_tl_o.d_error |
Yes |
Yes |
T1,T2,T3 |
Yes |
T4,T6,T7 |
OUTPUT |
ram_tl_o.d_user.data_intg[6:0] |
Yes |
Yes |
T2,T4,T5 |
Yes |
T2,T4,T5 |
OUTPUT |
ram_tl_o.d_user.rsp_intg[5:0] |
Yes |
Yes |
T2,*T4,T5 |
Yes |
T1,T2,T3 |
OUTPUT |
ram_tl_o.d_user.rsp_intg[6] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
ram_tl_o.d_data[31:0] |
Yes |
Yes |
T2,T4,T5 |
Yes |
T2,T4,T5 |
OUTPUT |
ram_tl_o.d_sink |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
ram_tl_o.d_source[7:0] |
Yes |
Yes |
T2,T4,T5 |
Yes |
T2,T4,T5 |
OUTPUT |
ram_tl_o.d_size[1:0] |
Yes |
Yes |
T2,T5,T6 |
Yes |
T2,T5,T6 |
OUTPUT |
ram_tl_o.d_param[2:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
ram_tl_o.d_opcode[0] |
Yes |
Yes |
*T2,*T5,*T6 |
Yes |
T2,T5,T6 |
OUTPUT |
ram_tl_o.d_opcode[2:1] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
ram_tl_o.d_valid |
Yes |
Yes |
T2,T4,T5 |
Yes |
T2,T4,T5 |
OUTPUT |
regs_tl_i.d_ready |
Yes |
Yes |
T3,T4,T6 |
Yes |
T1,T2,T3 |
INPUT |
regs_tl_i.a_user.data_intg[6:0] |
Yes |
Yes |
T3,T6,T7 |
Yes |
T3,T6,T7 |
INPUT |
regs_tl_i.a_user.cmd_intg[6:0] |
Yes |
Yes |
T2,T3,T6 |
Yes |
T3,T4,T6 |
INPUT |
regs_tl_i.a_user.instr_type[3:0] |
Yes |
Yes |
T3,T6,T12 |
Yes |
T3,T6,T12 |
INPUT |
regs_tl_i.a_user.rsvd[4:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
regs_tl_i.a_data[31:0] |
Yes |
Yes |
T3,T4,T5 |
Yes |
T3,T6,T7 |
INPUT |
regs_tl_i.a_mask[3:0] |
Yes |
Yes |
T3,T6,T12 |
Yes |
T3,T6,T12 |
INPUT |
regs_tl_i.a_address[31:0] |
Yes |
Yes |
T3,T6,T12 |
Yes |
T3,T6,T12 |
INPUT |
regs_tl_i.a_source[7:0] |
Yes |
Yes |
T3,T4,T6 |
Yes |
T3,T6,T7 |
INPUT |
regs_tl_i.a_size[1:0] |
Yes |
Yes |
T3,T4,T6 |
Yes |
T3,T6,T7 |
INPUT |
regs_tl_i.a_param[2:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
regs_tl_i.a_opcode[2:0] |
Yes |
Yes |
T3,T6,T11 |
Yes |
T3,T6,T10 |
INPUT |
regs_tl_i.a_valid |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
INPUT |
regs_tl_o.a_ready |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
OUTPUT |
regs_tl_o.d_error |
Yes |
Yes |
T12,T24,T25 |
Yes |
T12,T24,T25 |
OUTPUT |
regs_tl_o.d_user.data_intg[6:0] |
Yes |
Yes |
T6,T7,T12 |
Yes |
T6,T7,T12 |
OUTPUT |
regs_tl_o.d_user.rsp_intg[5:0] |
Yes |
Yes |
*T2,*T3,*T4 |
Yes |
T1,T2,T3 |
OUTPUT |
regs_tl_o.d_user.rsp_intg[6] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
regs_tl_o.d_data[31:0] |
Yes |
Yes |
T4,T6,T7 |
Yes |
T1,T2,T3 |
OUTPUT |
regs_tl_o.d_sink |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
regs_tl_o.d_source[7:0] |
Yes |
Yes |
T3,T4,T6 |
Yes |
T1,T3,T4 |
OUTPUT |
regs_tl_o.d_size[1:0] |
Yes |
Yes |
T3,T4,T6 |
Yes |
T1,T3,T4 |
OUTPUT |
regs_tl_o.d_param[2:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
regs_tl_o.d_opcode[0] |
Yes |
Yes |
*T6,*T7,*T12 |
Yes |
T6,T7,T12 |
OUTPUT |
regs_tl_o.d_opcode[2:1] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
regs_tl_o.d_valid |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
OUTPUT |
alert_rx_i[0].ack_n |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
INPUT |
alert_rx_i[0].ack_p |
Yes |
Yes |
T3,T7,T13 |
Yes |
T3,T7,T13 |
INPUT |
alert_rx_i[0].ping_n |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
alert_rx_i[0].ping_p |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
alert_tx_o[0].alert_n |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
OUTPUT |
alert_tx_o[0].alert_p |
Yes |
Yes |
T3,T7,T13 |
Yes |
T3,T7,T13 |
OUTPUT |
lc_escalate_en_i[3:0] |
Yes |
Yes |
T6,T8,T9 |
Yes |
T6,T8,T9 |
INPUT |
lc_hw_debug_en_i[3:0] |
Yes |
Yes |
T12,T24,T25 |
Yes |
T12,T24,T25 |
INPUT |
otp_en_sram_ifetch_i[7:0] |
Yes |
Yes |
T12,T24,T25 |
Yes |
T12,T24,T25 |
INPUT |
sram_otp_key_o.req |
Yes |
Yes |
T1,T2,T4 |
Yes |
T1,T2,T4 |
OUTPUT |
sram_otp_key_i.seed_valid |
Yes |
Yes |
T4,T6,T12 |
Yes |
T6,T12,T8 |
INPUT |
sram_otp_key_i.nonce[127:0] |
Yes |
Yes |
T6,T12,T26 |
Yes |
T2,T6,T11 |
INPUT |
sram_otp_key_i.key[127:0] |
Yes |
Yes |
T2,T6,T11 |
Yes |
T4,T6,T12 |
INPUT |
sram_otp_key_i.ack |
Yes |
Yes |
T1,T2,T4 |
Yes |
T1,T2,T4 |
INPUT |
cfg_i.rf_cfg.cfg[3:0] |
Yes |
Yes |
T1,T27,T28 |
Yes |
T1,T27,T28 |
INPUT |
cfg_i.rf_cfg.cfg_en |
Yes |
Yes |
T1,T27,T28 |
Yes |
T1,T27,T28 |
INPUT |
cfg_i.rf_cfg.test |
Yes |
Yes |
T1,T27,T28 |
Yes |
T1,T27,T28 |
INPUT |
cfg_i.ram_cfg.cfg[3:0] |
Yes |
Yes |
T1,T27,T28 |
Yes |
T1,T27,T28 |
INPUT |
cfg_i.ram_cfg.cfg_en |
Yes |
Yes |
T1,T27,T28 |
Yes |
T1,T27,T28 |
INPUT |
cfg_i.ram_cfg.test |
Yes |
Yes |
T1,T27,T28 |
Yes |
T1,T27,T28 |
INPUT |
*Tests covering at least one bit in the range
Branch Coverage for Module :
sram_ctrl
| Line No. | Total | Covered | Percent |
Branches |
|
24 |
24 |
100.00 |
TERNARY |
232 |
3 |
3 |
100.00 |
TERNARY |
290 |
3 |
3 |
100.00 |
TERNARY |
299 |
2 |
2 |
100.00 |
TERNARY |
522 |
2 |
2 |
100.00 |
TERNARY |
523 |
2 |
2 |
100.00 |
TERNARY |
524 |
2 |
2 |
100.00 |
TERNARY |
535 |
3 |
3 |
100.00 |
IF |
236 |
2 |
2 |
100.00 |
IF |
308 |
5 |
5 |
100.00 |
232 assign init_d = (init_done) ? 1'b0 :
-1-
==>
233 (init_trig) ? 1'b1 : init_q;
-2-
==>
==>
Branches:
-1- | -2- | Status | Tests |
1 |
- |
Covered |
T1,T2,T4 |
0 |
1 |
Covered |
T1,T2,T4 |
0 |
0 |
Covered |
T1,T2,T3 |
290 assign key_req_pending_d = (key_req) ? 1'b1 :
-1-
==>
291 (key_ack) ? 1'b0 : key_req_pending_q;
-2-
==>
==>
Branches:
-1- | -2- | Status | Tests |
1 |
- |
Covered |
T1,T2,T4 |
0 |
1 |
Covered |
T1,T2,T4 |
0 |
0 |
Covered |
T1,T2,T3 |
299 assign hw2reg.scr_key_rotated.d = (key_ack & ~local_esc) ? MuBi4True : MuBi4False;
-1-
==>
==>
Branches:
-1- | Status | Tests |
1 |
Covered |
T1,T2,T4 |
0 |
Covered |
T1,T2,T3 |
522 assign sram_addr = (init_req) ? init_cnt : tlul_addr;
-1-
==>
==>
Branches:
-1- | Status | Tests |
1 |
Covered |
T1,T2,T4 |
0 |
Covered |
T1,T2,T3 |
523 assign sram_wdata = (init_req) ? lfsr_out_integ : tlul_wdata;
-1-
==>
==>
Branches:
-1- | Status | Tests |
1 |
Covered |
T1,T2,T4 |
0 |
Covered |
T1,T2,T3 |
524 assign sram_wmask = (init_req) ? {DataWidth{1'b1}} : tlul_wmask;
-1-
==>
==>
Branches:
-1- | Status | Tests |
1 |
Covered |
T1,T2,T4 |
0 |
Covered |
T1,T2,T3 |
535 assign key_valid =
536 (key_req_pending_q) ? 1'b0 :
-1-
==>
537 (reg2hw.status.escalated.q) ? (tl_gate_resp_pending & sram_compound_txn_in_progress) : 1'b1;
-2-
==>
==>
Branches:
-1- | -2- | Status | Tests |
1 |
- |
Covered |
T1,T2,T4 |
0 |
1 |
Covered |
T6,T8,T9 |
0 |
0 |
Covered |
T1,T2,T3 |
236 if(!rst_ni) begin
-1-
237 init_q <= 1'b0;
==>
238 end else begin
239 init_q <= init_d;
==>
Branches:
-1- | Status | Tests |
1 |
Covered |
T1,T2,T3 |
0 |
Covered |
T1,T2,T3 |
308 if (!rst_ni) begin
-1-
309 key_req_pending_q <= 1'b0;
==>
310 // reset case does not use buffered values as the
311 // reset value will be directly encoded into flop types
312 key_q <= RndCnstSramKey;
313 nonce_q <= RndCnstSramNonce;
314 end else begin
315 key_req_pending_q <= key_req_pending_d;
316 if (key_ack) begin
-2-
317 key_q <= key_d;
==>
318 nonce_q <= nonce_d;
319 end
MISSING_ELSE
==>
320 // This scraps the keys.
321 // SEC_CM: KEY.GLOBAL_ESC
322 // SEC_CM: KEY.LOCAL_ESC
323 if (local_esc) begin
-3-
324 key_q <= cnst_sram_key;
==>
325 nonce_q <= cnst_sram_nonce;
326 end
MISSING_ELSE
==>
Branches:
-1- | -2- | -3- | Status | Tests |
1 |
- |
- |
Covered |
T1,T2,T3 |
0 |
1 |
- |
Covered |
T1,T2,T4 |
0 |
0 |
- |
Covered |
T1,T2,T3 |
0 |
- |
1 |
Covered |
T4,T6,T7 |
0 |
- |
0 |
Covered |
T1,T2,T3 |
Assert Coverage for Module :
sram_ctrl
Assertion Details
AlertOutKnown_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
334384327 |
0 |
0 |
T1 |
2356 |
2303 |
0 |
0 |
T2 |
17797 |
17741 |
0 |
0 |
T3 |
1051 |
996 |
0 |
0 |
T4 |
2538 |
2466 |
0 |
0 |
T5 |
6457 |
6392 |
0 |
0 |
T6 |
20795 |
20656 |
0 |
0 |
T7 |
19996 |
17275 |
0 |
0 |
T10 |
65587 |
65537 |
0 |
0 |
T11 |
4971 |
4910 |
0 |
0 |
T12 |
25434 |
25326 |
0 |
0 |
FpvSecCmCntCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
80 |
0 |
0 |
T7 |
19996 |
10 |
0 |
0 |
T8 |
44807 |
0 |
0 |
0 |
T10 |
65587 |
0 |
0 |
0 |
T11 |
4971 |
0 |
0 |
0 |
T12 |
25434 |
0 |
0 |
0 |
T15 |
2928 |
0 |
0 |
0 |
T17 |
0 |
20 |
0 |
0 |
T18 |
0 |
20 |
0 |
0 |
T22 |
4437 |
0 |
0 |
0 |
T26 |
15889 |
0 |
0 |
0 |
T27 |
2691 |
0 |
0 |
0 |
T29 |
0 |
10 |
0 |
0 |
T30 |
0 |
20 |
0 |
0 |
T31 |
55617 |
0 |
0 |
0 |
FpvSecCmLcGateFsmCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
0 |
0 |
0 |
FpvSecCmRegWeOnehotCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
80 |
0 |
0 |
T7 |
19996 |
10 |
0 |
0 |
T8 |
44807 |
0 |
0 |
0 |
T10 |
65587 |
0 |
0 |
0 |
T11 |
4971 |
0 |
0 |
0 |
T12 |
25434 |
0 |
0 |
0 |
T15 |
2928 |
0 |
0 |
0 |
T17 |
0 |
20 |
0 |
0 |
T18 |
0 |
20 |
0 |
0 |
T22 |
4437 |
0 |
0 |
0 |
T26 |
15889 |
0 |
0 |
0 |
T27 |
2691 |
0 |
0 |
0 |
T29 |
0 |
10 |
0 |
0 |
T30 |
0 |
20 |
0 |
0 |
T31 |
55617 |
0 |
0 |
0 |
FpvSecCmReqFifoRptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
0 |
0 |
0 |
FpvSecCmReqFifoWptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
0 |
0 |
0 |
FpvSecCmRspFifoRptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
80 |
0 |
0 |
T7 |
19996 |
10 |
0 |
0 |
T8 |
44807 |
0 |
0 |
0 |
T10 |
65587 |
0 |
0 |
0 |
T11 |
4971 |
0 |
0 |
0 |
T12 |
25434 |
0 |
0 |
0 |
T15 |
2928 |
0 |
0 |
0 |
T17 |
0 |
20 |
0 |
0 |
T18 |
0 |
20 |
0 |
0 |
T22 |
4437 |
0 |
0 |
0 |
T26 |
15889 |
0 |
0 |
0 |
T27 |
2691 |
0 |
0 |
0 |
T29 |
0 |
10 |
0 |
0 |
T30 |
0 |
20 |
0 |
0 |
T31 |
55617 |
0 |
0 |
0 |
FpvSecCmRspFifoWptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
80 |
0 |
0 |
T7 |
19996 |
10 |
0 |
0 |
T8 |
44807 |
0 |
0 |
0 |
T10 |
65587 |
0 |
0 |
0 |
T11 |
4971 |
0 |
0 |
0 |
T12 |
25434 |
0 |
0 |
0 |
T15 |
2928 |
0 |
0 |
0 |
T17 |
0 |
20 |
0 |
0 |
T18 |
0 |
20 |
0 |
0 |
T22 |
4437 |
0 |
0 |
0 |
T26 |
15889 |
0 |
0 |
0 |
T27 |
2691 |
0 |
0 |
0 |
T29 |
0 |
10 |
0 |
0 |
T30 |
0 |
20 |
0 |
0 |
T31 |
55617 |
0 |
0 |
0 |
FpvSecCmSramReqFifoRptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
0 |
0 |
0 |
FpvSecCmSramReqFifoWptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
0 |
0 |
0 |
NonceWidthsLessThanSource_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
943 |
943 |
0 |
0 |
T1 |
1 |
1 |
0 |
0 |
T2 |
1 |
1 |
0 |
0 |
T3 |
1 |
1 |
0 |
0 |
T4 |
1 |
1 |
0 |
0 |
T5 |
1 |
1 |
0 |
0 |
T6 |
1 |
1 |
0 |
0 |
T7 |
1 |
1 |
0 |
0 |
T10 |
1 |
1 |
0 |
0 |
T11 |
1 |
1 |
0 |
0 |
T12 |
1 |
1 |
0 |
0 |
RamTlOutKnown_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
334384327 |
0 |
0 |
T1 |
2356 |
2303 |
0 |
0 |
T2 |
17797 |
17741 |
0 |
0 |
T3 |
1051 |
996 |
0 |
0 |
T4 |
2538 |
2466 |
0 |
0 |
T5 |
6457 |
6392 |
0 |
0 |
T6 |
20795 |
20656 |
0 |
0 |
T7 |
19996 |
17275 |
0 |
0 |
T10 |
65587 |
65537 |
0 |
0 |
T11 |
4971 |
4910 |
0 |
0 |
T12 |
25434 |
25326 |
0 |
0 |
RamTlOutPayLoadKnown_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
145836043 |
0 |
0 |
T2 |
17797 |
6917 |
0 |
0 |
T3 |
1051 |
0 |
0 |
0 |
T4 |
2538 |
13 |
0 |
0 |
T5 |
6457 |
933 |
0 |
0 |
T6 |
20795 |
1610 |
0 |
0 |
T7 |
19996 |
465 |
0 |
0 |
T8 |
0 |
3503 |
0 |
0 |
T10 |
65587 |
27865 |
0 |
0 |
T11 |
4971 |
977 |
0 |
0 |
T12 |
25434 |
9794 |
0 |
0 |
T26 |
15889 |
6200 |
0 |
0 |
RamTlOutPayLoadKnown_AKnownEnable
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
334384327 |
0 |
0 |
T1 |
2356 |
2303 |
0 |
0 |
T2 |
17797 |
17741 |
0 |
0 |
T3 |
1051 |
996 |
0 |
0 |
T4 |
2538 |
2466 |
0 |
0 |
T5 |
6457 |
6392 |
0 |
0 |
T6 |
20795 |
20656 |
0 |
0 |
T7 |
19996 |
17275 |
0 |
0 |
T10 |
65587 |
65537 |
0 |
0 |
T11 |
4971 |
4910 |
0 |
0 |
T12 |
25434 |
25326 |
0 |
0 |
RegsTlOutKnown_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
334384327 |
0 |
0 |
T1 |
2356 |
2303 |
0 |
0 |
T2 |
17797 |
17741 |
0 |
0 |
T3 |
1051 |
996 |
0 |
0 |
T4 |
2538 |
2466 |
0 |
0 |
T5 |
6457 |
6392 |
0 |
0 |
T6 |
20795 |
20656 |
0 |
0 |
T7 |
19996 |
17275 |
0 |
0 |
T10 |
65587 |
65537 |
0 |
0 |
T11 |
4971 |
4910 |
0 |
0 |
T12 |
25434 |
25326 |
0 |
0 |
SramOtpKeyKnown_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
334384327 |
0 |
0 |
T1 |
2356 |
2303 |
0 |
0 |
T2 |
17797 |
17741 |
0 |
0 |
T3 |
1051 |
996 |
0 |
0 |
T4 |
2538 |
2466 |
0 |
0 |
T5 |
6457 |
6392 |
0 |
0 |
T6 |
20795 |
20656 |
0 |
0 |
T7 |
19996 |
17275 |
0 |
0 |
T10 |
65587 |
65537 |
0 |
0 |
T11 |
4971 |
4910 |
0 |
0 |
T12 |
25434 |
25326 |
0 |
0 |
TlulGntIsCorrect_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
64526717 |
0 |
0 |
T2 |
17797 |
7235 |
0 |
0 |
T3 |
1051 |
0 |
0 |
0 |
T4 |
2538 |
26 |
0 |
0 |
T5 |
6457 |
2408 |
0 |
0 |
T6 |
20795 |
589 |
0 |
0 |
T7 |
19996 |
0 |
0 |
0 |
T8 |
0 |
1209 |
0 |
0 |
T10 |
65587 |
8363 |
0 |
0 |
T11 |
4971 |
1071 |
0 |
0 |
T12 |
25434 |
755 |
0 |
0 |
T15 |
0 |
269 |
0 |
0 |
T26 |
15889 |
6491 |
0 |
0 |
Line Coverage for Instance : tb.dut
| Line No. | Total | Covered | Percent |
TOTAL | | 52 | 52 | 100.00 |
CONT_ASSIGN | 132 | 1 | 1 | 100.00 |
CONT_ASSIGN | 140 | 1 | 1 | 100.00 |
CONT_ASSIGN | 143 | 1 | 1 | 100.00 |
CONT_ASSIGN | 147 | 1 | 1 | 100.00 |
CONT_ASSIGN | 151 | 1 | 1 | 100.00 |
CONT_ASSIGN | 155 | 1 | 1 | 100.00 |
CONT_ASSIGN | 158 | 1 | 1 | 100.00 |
CONT_ASSIGN | 190 | 1 | 1 | 100.00 |
CONT_ASSIGN | 192 | 1 | 1 | 100.00 |
CONT_ASSIGN | 200 | 1 | 1 | 100.00 |
CONT_ASSIGN | 208 | 1 | 1 | 100.00 |
CONT_ASSIGN | 218 | 1 | 1 | 100.00 |
CONT_ASSIGN | 227 | 1 | 1 | 100.00 |
CONT_ASSIGN | 232 | 1 | 1 | 100.00 |
ALWAYS | 236 | 3 | 3 | 100.00 |
CONT_ASSIGN | 248 | 1 | 1 | 100.00 |
CONT_ASSIGN | 249 | 1 | 1 | 100.00 |
CONT_ASSIGN | 273 | 1 | 1 | 100.00 |
CONT_ASSIGN | 274 | 1 | 1 | 100.00 |
CONT_ASSIGN | 285 | 1 | 1 | 100.00 |
CONT_ASSIGN | 290 | 1 | 1 | 100.00 |
CONT_ASSIGN | 294 | 1 | 1 | 100.00 |
CONT_ASSIGN | 295 | 1 | 1 | 100.00 |
CONT_ASSIGN | 299 | 1 | 1 | 100.00 |
CONT_ASSIGN | 300 | 1 | 1 | 100.00 |
CONT_ASSIGN | 304 | 1 | 1 | 100.00 |
CONT_ASSIGN | 305 | 1 | 1 | 100.00 |
ALWAYS | 308 | 11 | 11 | 100.00 |
CONT_ASSIGN | 352 | 1 | 1 | 100.00 |
CONT_ASSIGN | 395 | 1 | 1 | 100.00 |
CONT_ASSIGN | 472 | 1 | 1 | 100.00 |
CONT_ASSIGN | 513 | 1 | 1 | 100.00 |
CONT_ASSIGN | 519 | 1 | 1 | 100.00 |
CONT_ASSIGN | 520 | 1 | 1 | 100.00 |
CONT_ASSIGN | 521 | 1 | 1 | 100.00 |
CONT_ASSIGN | 522 | 1 | 1 | 100.00 |
CONT_ASSIGN | 523 | 1 | 1 | 100.00 |
CONT_ASSIGN | 524 | 1 | 1 | 100.00 |
CONT_ASSIGN | 535 | 1 | 1 | 100.00 |
CONT_ASSIGN | 574 | 1 | 1 | 100.00 |
131 logic unused_nonce;
132 1/1 assign unused_nonce = ^nonce_q[otp_ctrl_pkg::SramNonceWidth-1:NonceWidth];
Tests: T1 T2 T3
133 end
134
135 //////////////////
136 // Alert Sender //
137 //////////////////
138
139 logic alert_test;
140 1/1 assign alert_test = reg2hw.alert_test.q & reg2hw.alert_test.qe;
Tests: T1 T2 T3
141
142 assign hw2reg.status.bus_integ_error.d = 1'b1;
143 1/1 assign hw2reg.status.bus_integ_error.de = |bus_integ_error;
Tests: T1 T2 T3
144
145 logic init_error;
146 assign hw2reg.status.init_error.d = 1'b1;
147 1/1 assign hw2reg.status.init_error.de = init_error;
Tests: T1 T2 T3
148
149 logic readback_error;
150 assign hw2reg.status.readback_error.d = 1'b1;
151 1/1 assign hw2reg.status.readback_error.de = readback_error;
Tests: T1 T2 T3
152
153 logic sram_alert;
154 assign hw2reg.status.sram_alert.d = 1'b1;
155 1/1 assign hw2reg.status.sram_alert.de = sram_alert;
Tests: T1 T2 T3
156
157 logic alert_req;
158 1/1 assign alert_req = (|bus_integ_error) | init_error | readback_error | sram_alert;
Tests: T1 T2 T3
159
160 prim_alert_sender #(
161 .AsyncOn(AlertAsyncOn[0]),
162 .IsFatal(1)
163 ) u_prim_alert_sender_parity (
164 .clk_i,
165 .rst_ni,
166 .alert_test_i ( alert_test ),
167 .alert_req_i ( alert_req ),
168 .alert_ack_o ( ),
169 .alert_state_o ( ),
170 .alert_rx_i ( alert_rx_i[0] ),
171 .alert_tx_o ( alert_tx_o[0] )
172 );
173
174 /////////////////////////
175 // Escalation Triggers //
176 /////////////////////////
177
178 lc_tx_t [1:0] escalate_en;
179 prim_lc_sync #(
180 .NumCopies (2)
181 ) u_prim_lc_sync (
182 .clk_i,
183 .rst_ni,
184 .lc_en_i (lc_escalate_en_i),
185 .lc_en_o (escalate_en)
186 );
187
188 // SEC_CM: KEY.GLOBAL_ESC
189 logic escalate;
190 1/1 assign escalate = lc_tx_test_true_loose(escalate_en[0]);
Tests: T1 T2 T3
191 assign hw2reg.status.escalated.d = 1'b1;
192 1/1 assign hw2reg.status.escalated.de = escalate;
Tests: T1 T2 T3
193
194 // SEC_CM: KEY.LOCAL_ESC
195 // Aggregate external and internal escalation sources.
196 // This is used in countermeasures further below (key reset and transaction blocking).
197 logic local_esc, local_esc_reg;
198 // This signal only aggregates registered escalation signals and is used for transaction
199 // blocking further below, which is on a timing-critical path.
200 1/1 assign local_esc_reg = reg2hw.status.escalated.q |
Tests: T1 T2 T3
201 reg2hw.status.init_error.q |
202 reg2hw.status.bus_integ_error.q |
203 reg2hw.status.sram_alert.q |
204 reg2hw.status.readback_error.q;
205 // This signal aggregates all escalation trigger signals, including the ones that are generated
206 // in the same cycle such as init_error, sram alert, and bus_integ_error. It is used for
207 // countermeasures that are not on the critical path (such as clearing the scrambling keys).
208 1/1 assign local_esc = escalate |
Tests: T1 T2 T3
209 init_error |
210 (|bus_integ_error) |
211 sram_alert |
212 readback_error |
213 local_esc_reg;
214
215 // Convert registered, local escalation sources to a multibit signal and combine this with
216 // the incoming escalation enable signal before feeding into the TL-UL gate further below.
217 lc_tx_t lc_tlul_gate_en;
218 1/1 assign lc_tlul_gate_en = lc_tx_inv(lc_tx_or_hi(escalate_en[1],
Tests: T1 T2 T3
219 lc_tx_bool_to_lc_tx(local_esc_reg)));
220 ///////////////////////
221 // HW Initialization //
222 ///////////////////////
223
224 // A write to the init register reloads the LFSR seed, resets the init counter and
225 // sets init_q to flag a pending initialization request.
226 logic init_trig, init_q;
227 1/1 assign init_trig = reg2hw.ctrl.init.q &&
Tests: T1 T2 T3
228 reg2hw.ctrl.init.qe &&
229 !init_q; // Ignore new requests while memory init is already pending.
230
231 logic init_d, init_done;
232 1/1 assign init_d = (init_done) ? 1'b0 :
Tests: T1 T2 T3
233 (init_trig) ? 1'b1 : init_q;
234
235 always_ff @(posedge clk_i or negedge rst_ni) begin : p_init_reg
236 1/1 if(!rst_ni) begin
Tests: T1 T2 T3
237 1/1 init_q <= 1'b0;
Tests: T1 T2 T3
238 end else begin
239 1/1 init_q <= init_d;
Tests: T1 T2 T3
240 end
241 end
242
243 // This waits until the scrambling keys are actually valid (this allows the SW to trigger
244 // key renewal and initialization at the same time).
245 logic init_req;
246 logic [AddrWidth-1:0] init_cnt;
247 logic key_req_pending_d, key_req_pending_q;
248 1/1 assign init_req = init_q & ~key_req_pending_q;
Tests: T1 T2 T3
249 1/1 assign init_done = (init_cnt == AddrWidth'(Depth - 1)) & init_req;
Tests: T1 T2 T3
250
251 // We employ two redundant counters to guard against FI attacks.
252 // If any of the two is glitched and the two counter states do not agree,
253 // we trigger an alert.
254 // SEC_CM: INIT.CTR.REDUN
255 prim_count #(
256 .Width(AddrWidth)
257 ) u_prim_count (
258 .clk_i,
259 .rst_ni,
260 .clr_i(init_trig),
261 .set_i(1'b0),
262 .set_cnt_i('0),
263 .incr_en_i(init_req),
264 .decr_en_i(1'b0),
265 .step_i(AddrWidth'(1)),
266 .commit_i(1'b1),
267 .cnt_o(init_cnt),
268 .cnt_after_commit_o(),
269 .err_o(init_error)
270 );
271
272 // Clear this bit on local escalation.
273 1/1 assign hw2reg.status.init_done.d = init_done & ~init_trig & ~local_esc;
Tests: T1 T2 T3
274 1/1 assign hw2reg.status.init_done.de = init_done | init_trig | local_esc;
Tests: T1 T2 T3
275
276 ////////////////////////////
277 // Scrambling Key Request //
278 ////////////////////////////
279
280 // The scrambling key and nonce have to be requested from the OTP controller via a req/ack
281 // protocol. Since the OTP controller works in a different clock domain, we have to synchronize
282 // the req/ack protocol as described in more details here:
283 // https://docs.opentitan.org/hw/ip/otp_ctrl/doc/index.html#interfaces-to-sram-and-otbn-scramblers
284 logic key_req, key_ack;
285 1/1 assign key_req = reg2hw.ctrl.renew_scr_key.q &&
Tests: T1 T2 T3
286 reg2hw.ctrl.renew_scr_key.qe &&
287 !key_req_pending_q && // Ignore new requests while a request is already pending.
288 !init_q; // Ignore new requests while memory init is already pending.
289
290 1/1 assign key_req_pending_d = (key_req) ? 1'b1 :
Tests: T1 T2 T3
291 (key_ack) ? 1'b0 : key_req_pending_q;
292
293 // Clear this bit on local escalation.
294 1/1 assign hw2reg.status.scr_key_valid.d = key_ack & ~key_req & ~local_esc;
Tests: T1 T2 T3
295 1/1 assign hw2reg.status.scr_key_valid.de = key_req | key_ack | local_esc;
Tests: T1 T2 T3
296
297 // As opposed to scr_key_valid, SW is responsible for clearing this register.
298 // It is not automatically cleared by HW, except when escalating.
299 1/1 assign hw2reg.scr_key_rotated.d = (key_ack & ~local_esc) ? MuBi4True : MuBi4False;
Tests: T1 T2 T3
300 1/1 assign hw2reg.scr_key_rotated.de = key_ack | local_esc;
Tests: T1 T2 T3
301
302 // Clear this bit on local escalation.
303 logic key_seed_valid;
304 1/1 assign hw2reg.status.scr_key_seed_valid.d = key_seed_valid & ~local_esc;
Tests: T1 T2 T3
305 1/1 assign hw2reg.status.scr_key_seed_valid.de = key_ack | local_esc;
Tests: T1 T2 T3
306
307 always_ff @(posedge clk_i or negedge rst_ni) begin : p_regs
308 1/1 if (!rst_ni) begin
Tests: T1 T2 T3
309 1/1 key_req_pending_q <= 1'b0;
Tests: T1 T2 T3
310 // reset case does not use buffered values as the
311 // reset value will be directly encoded into flop types
312 1/1 key_q <= RndCnstSramKey;
Tests: T1 T2 T3
313 1/1 nonce_q <= RndCnstSramNonce;
Tests: T1 T2 T3
314 end else begin
315 1/1 key_req_pending_q <= key_req_pending_d;
Tests: T1 T2 T3
316 1/1 if (key_ack) begin
Tests: T1 T2 T3
317 1/1 key_q <= key_d;
Tests: T1 T2 T4
318 1/1 nonce_q <= nonce_d;
Tests: T1 T2 T4
319 end
MISSING_ELSE
320 // This scraps the keys.
321 // SEC_CM: KEY.GLOBAL_ESC
322 // SEC_CM: KEY.LOCAL_ESC
323 1/1 if (local_esc) begin
Tests: T1 T2 T3
324 1/1 key_q <= cnst_sram_key;
Tests: T4 T6 T7
325 1/1 nonce_q <= cnst_sram_nonce;
Tests: T4 T6 T7
326 end
MISSING_ELSE
327 end
328 end
329
330 prim_sync_reqack_data #(
331 .Width($bits(otp_ctrl_pkg::sram_otp_key_rsp_t)-1),
332 .DataSrc2Dst(1'b0)
333 ) u_prim_sync_reqack_data (
334 .clk_src_i ( clk_i ),
335 .rst_src_ni ( rst_ni ),
336 .clk_dst_i ( clk_otp_i ),
337 .rst_dst_ni ( rst_otp_ni ),
338 .req_chk_i ( 1'b1 ),
339 .src_req_i ( key_req_pending_q ),
340 .src_ack_o ( key_ack ),
341 .dst_req_o ( sram_otp_key_o.req ),
342 .dst_ack_i ( sram_otp_key_i.ack ),
343 .data_i ( {sram_otp_key_i.key,
344 sram_otp_key_i.nonce,
345 sram_otp_key_i.seed_valid} ),
346 .data_o ( {key_d,
347 nonce_d,
348 key_seed_valid} )
349 );
350
351 logic unused_csr_sigs;
352 1/1 assign unused_csr_sigs = ^{reg2hw.status.init_done.q,
Tests: T1 T2 T3
353 reg2hw.status.scr_key_seed_valid.q};
354
355 ////////////////////
356 // SRAM Execution //
357 ////////////////////
358
359 mubi4_t en_ifetch;
360 if (InstrExec) begin : gen_instr_ctrl
361 lc_tx_t lc_hw_debug_en;
362 prim_lc_sync #(
363 .NumCopies (1)
364 ) u_prim_lc_sync_hw_debug_en (
365 .clk_i,
366 .rst_ni,
367 .lc_en_i (lc_hw_debug_en_i),
368 .lc_en_o ({lc_hw_debug_en})
369 );
370
371 mubi8_t otp_en_sram_ifetch;
372 prim_mubi8_sync #(
373 .NumCopies (1)
374 ) u_prim_mubi8_sync_otp_en_sram_ifetch (
375 .clk_i,
376 .rst_ni,
377 .mubi_i(otp_en_sram_ifetch_i),
378 .mubi_o({otp_en_sram_ifetch})
379 );
380
381 mubi4_t lc_ifetch_en;
382 mubi4_t reg_ifetch_en;
383 // SEC_CM: INSTR.BUS.LC_GATED
384 assign lc_ifetch_en = lc_to_mubi4(lc_hw_debug_en);
385 // SEC_CM: EXEC.CONFIG.MUBI
386 assign reg_ifetch_en = mubi4_t'(reg2hw.exec.q);
387 // SEC_CM: EXEC.INTERSIG.MUBI
388 assign en_ifetch = (mubi8_test_true_strict(otp_en_sram_ifetch)) ? reg_ifetch_en :
389 lc_ifetch_en;
390 end else begin : gen_tieoff
391 assign en_ifetch = MuBi4False;
392
393 // tie off unused signals
394 logic unused_sigs;
395 1/1 assign unused_sigs = ^{lc_hw_debug_en_i,
Tests: T1 T2 T3
396 reg2hw.exec.q,
397 otp_en_sram_ifetch_i};
398 end
399
400 /////////////////////////
401 // Initialization LFSR //
402 /////////////////////////
403
404 logic [LfsrWidth-1:0] lfsr_out;
405 prim_lfsr #(
406 .LfsrDw ( LfsrWidth ),
407 .EntropyDw ( LfsrWidth ),
408 .StateOutDw ( LfsrWidth ),
409 .DefaultSeed ( RndCnstLfsrSeed ),
410 .StatePermEn ( 1'b1 ),
411 .StatePerm ( RndCnstLfsrPerm )
412 ) u_lfsr (
413 .clk_i,
414 .rst_ni,
415 .lfsr_en_i(init_req),
416 .seed_en_i(init_trig),
417 .seed_i(nonce_q[NonceWidth +: LfsrWidth]),
418 .entropy_i('0),
419 .state_o(lfsr_out)
420 );
421
422 // Compute the correct integrity alongside for the pseudo-random initialization values.
423 logic [DataWidth - 1 :0] lfsr_out_integ;
424 tlul_data_integ_enc u_tlul_data_integ_enc (
425 .data_i(lfsr_out),
426 .data_intg_o(lfsr_out_integ)
427 );
428
429 ////////////////////////////
430 // SRAM TL-UL Access Gate //
431 ////////////////////////////
432
433 logic tl_gate_resp_pending;
434 tlul_pkg::tl_h2d_t ram_tl_in_gated;
435 tlul_pkg::tl_d2h_t ram_tl_out_gated;
436
437 // SEC_CM: RAM_TL_LC_GATE.FSM.SPARSE
438 tlul_lc_gate #(
439 .NumGatesPerDirection(2)
440 ) u_tlul_lc_gate (
441 .clk_i,
442 .rst_ni,
443 .tl_h2d_i(ram_tl_i),
444 .tl_d2h_o(ram_tl_o),
445 .tl_h2d_o(ram_tl_in_gated),
446 .tl_d2h_i(ram_tl_out_gated),
447 .flush_req_i('0),
448 .flush_ack_o(),
449 .resp_pending_o(tl_gate_resp_pending),
450 .lc_en_i (lc_tlul_gate_en),
451 .err_o (bus_integ_error[2])
452 );
453
454 /////////////////////////////////
455 // SRAM with scrambling device //
456 /////////////////////////////////
457
458 logic tlul_req, tlul_gnt, tlul_we;
459 logic [AddrWidth-1:0] tlul_addr;
460 logic [DataWidth-1:0] tlul_wdata, tlul_wmask;
461
462 logic sram_intg_error, sram_req, sram_gnt, sram_we, sram_rvalid;
463 logic [AddrWidth-1:0] sram_addr;
464 logic [DataWidth-1:0] sram_wdata, sram_wmask, sram_rdata;
465 logic sram_wpending, sram_wr_collision;
466
467 logic sram_compound_txn_in_progress;
468
469
470 // // SEC_CM: MEM.READBACK
471 mubi4_t reg_readback_en;
472 1/1 assign reg_readback_en = mubi4_t'(reg2hw.readback.q);
Tests: T1 T2 T3
473
474 tlul_adapter_sram #(
475 .SramAw(AddrWidth),
476 .SramDw(DataWidth - tlul_pkg::DataIntgWidth),
477 .Outstanding(2),
478 .ByteAccess(1),
479 .CmdIntgCheck(1),
480 .EnableRspIntgGen(1),
481 .EnableDataIntgGen(0),
482 .EnableDataIntgPt(1), // SEC_CM: MEM.INTEGRITY
483 .SecFifoPtr (1), // SEC_CM: TLUL_FIFO.CTR.REDUN
484 .EnableReadback (1) // SEC_CM: MEM.READBACK
485 ) u_tlul_adapter_sram (
486 .clk_i,
487 .rst_ni,
488 .tl_i (ram_tl_in_gated),
489 .tl_o (ram_tl_out_gated),
490 .en_ifetch_i (en_ifetch),
491 .req_o (tlul_req),
492 .req_type_o (),
493 .gnt_i (tlul_gnt),
494 .we_o (tlul_we),
495 .addr_o (tlul_addr),
496 .wdata_o (tlul_wdata),
497 .wmask_o (tlul_wmask),
498 // SEC_CM: BUS.INTEGRITY
499 .intg_error_o (bus_integ_error[1]),
500 .rdata_i (sram_rdata),
501 .rvalid_i (sram_rvalid),
502 .rerror_i ('0),
503 .compound_txn_in_progress_o (sram_compound_txn_in_progress),
504 .readback_en_i (reg_readback_en),
505 .readback_error_o (readback_error),
506 .wr_collision_i (sram_wr_collision),
507 .write_pending_i (sram_wpending)
508 );
509
510 logic key_valid;
511
512 // Interposing mux logic for initialization with pseudo random data.
513 1/1 assign sram_req = tlul_req | init_req;
Tests: T1 T2 T3
514 // This grant signal acts more like a ready internally in tlul_adapter_sram. In particular it's
515 // fine to assert it when tlul_req is low (it has no effect). So here tlul_gnt is asserted when
516 // a request from tlul_req will be granted regardless of whether a request exists. This is done
517 // for timing reasons so that the output TL ready isn't combinatorially connected to the incoming
518 // TL valid. In particular we must not use `sram_gnt` in the expression to avoid this.
519 1/1 assign tlul_gnt = key_valid & ~init_req;
Tests: T1 T2 T3
520 1/1 assign sram_we = tlul_we | init_req;
Tests: T1 T2 T3
521 1/1 assign sram_intg_error = |bus_integ_error[2:1] & ~init_req;
Tests: T1 T2 T3
522 1/1 assign sram_addr = (init_req) ? init_cnt : tlul_addr;
Tests: T1 T2 T3
523 1/1 assign sram_wdata = (init_req) ? lfsr_out_integ : tlul_wdata;
Tests: T1 T2 T3
524 1/1 assign sram_wmask = (init_req) ? {DataWidth{1'b1}} : tlul_wmask;
Tests: T1 T2 T3
525
526 // The SRAM scrambling wrapper will not accept any transactions while the
527 // key req is pending or if we have escalated. Note that we're not using
528 // the scr_key_valid CSR here, such that the SRAM can be used right after
529 // reset, where the keys are reset to the default netlist constant.
530 //
531 // If we have escalated, but there is a pending request in the TL gate, we may have a pending
532 // read-modify-write transaction or readback in the SRAM adapter. In that case we force key_valid
533 // high to enable that to complete so it returns a response, the TL gate won't accept any new
534 // transactions and the SRAM keys have been clobbered already.
535 1/1 assign key_valid =
Tests: T1 T2 T3
536 (key_req_pending_q) ? 1'b0 :
537 (reg2hw.status.escalated.q) ? (tl_gate_resp_pending & sram_compound_txn_in_progress) : 1'b1;
538
539 // SEC_CM: MEM.SCRAMBLE, ADDR.SCRAMBLE
540 prim_ram_1p_scr #(
541 .Width(DataWidth),
542 .Depth(Depth),
543 .EnableParity(0),
544 .DataBitsPerMask(DataWidth),
545 .NumPrinceRoundsHalf(NumPrinceRoundsHalf)
546 ) u_prim_ram_1p_scr (
547 .clk_i,
548 .rst_ni,
549
550 .key_valid_i (key_valid),
551 .key_i (key_q),
552 .nonce_i (nonce_q[NonceWidth-1:0]),
553
554 .req_i (sram_req),
555 .intg_error_i (sram_intg_error),
556 .gnt_o (sram_gnt),
557 .write_i (sram_we),
558 .addr_i (sram_addr),
559 .wdata_i (sram_wdata),
560 .wmask_i (sram_wmask),
561 .rdata_o (sram_rdata),
562 .rvalid_o (sram_rvalid),
563 .rerror_o ( ),
564 .raddr_o ( ),
565 .cfg_i,
566 .wr_collision_o (sram_wr_collision),
567 .write_pending_o (sram_wpending),
568 .alert_o (sram_alert)
569 );
570
571 logic unused_sram_gnt;
572 // Ignore sram_gnt signal to avoid creating a bad timing path, see comment on `tlul_gnt` above for
573 // more details.
574 1/1 assign unused_sram_gnt = sram_gnt;
Tests: T1 T2 T3
Cond Coverage for Instance : tb.dut
| Total | Covered | Percent |
Conditions | 99 | 91 | 91.92 |
Logical | 99 | 91 | 91.92 |
Non-Logical | 0 | 0 | |
Event | 0 | 0 | |
LINE 140
EXPRESSION (reg2hw.alert_test.q & reg2hw.alert_test.qe)
---------1--------- ----------2---------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T3,T13,T14 |
1 | 0 | Covered | T1,T2,T3 |
1 | 1 | Covered | T3,T13,T14 |
LINE 158
EXPRESSION (((|bus_integ_error)) | init_error | readback_error | sram_alert)
----------1--------- -----2---- -------3------ -----4----
-1- | -2- | -3- | -4- | Status | Tests |
0 | 0 | 0 | 0 | Covered | T1,T2,T3 |
0 | 0 | 0 | 1 | Not Covered | |
0 | 0 | 1 | 0 | Covered | T4,T15,T16 |
0 | 1 | 0 | 0 | Covered | T7,T17,T18 |
1 | 0 | 0 | 0 | Covered | T7,T17,T18 |
LINE 200
EXPRESSION
Number Term
1 reg2hw.status.escalated.q |
2 reg2hw.status.init_error.q |
3 reg2hw.status.bus_integ_error.q |
4 reg2hw.status.sram_alert.q |
5 reg2hw.status.readback_error.q)
-1- | -2- | -3- | -4- | -5- | Status | Tests |
0 | 0 | 0 | 0 | 0 | Covered | T1,T2,T3 |
0 | 0 | 0 | 0 | 1 | Covered | T4,T15,T16 |
0 | 0 | 0 | 1 | 0 | Not Covered | |
0 | 0 | 1 | 0 | 0 | Covered | T7,T17,T18 |
0 | 1 | 0 | 0 | 0 | Covered | T7,T17,T18 |
1 | 0 | 0 | 0 | 0 | Covered | T6,T8,T9 |
LINE 208
EXPRESSION (escalate | init_error | ((|bus_integ_error)) | sram_alert | readback_error | local_esc_reg)
----1--- -----2---- ----------3--------- -----4---- -------5------ ------6------
-1- | -2- | -3- | -4- | -5- | -6- | Status | Tests |
0 | 0 | 0 | 0 | 0 | 0 | Covered | T1,T2,T3 |
0 | 0 | 0 | 0 | 0 | 1 | Covered | T6,T7,T8 |
0 | 0 | 0 | 0 | 1 | 0 | Covered | T4,T15,T16 |
0 | 0 | 0 | 1 | 0 | 0 | Not Covered | |
0 | 0 | 1 | 0 | 0 | 0 | Covered | T7,T17,T18 |
0 | 1 | 0 | 0 | 0 | 0 | Covered | T7,T17,T18 |
1 | 0 | 0 | 0 | 0 | 0 | Covered | T6,T8,T9 |
LINE 227
EXPRESSION (reg2hw.ctrl.init.q && reg2hw.ctrl.init.qe && ((!init_q)))
---------1-------- ---------2--------- -----3-----
-1- | -2- | -3- | Status | Tests |
0 | 1 | 1 | Covered | T6,T8,T9 |
1 | 0 | 1 | Covered | T1,T2,T4 |
1 | 1 | 0 | Not Covered | |
1 | 1 | 1 | Covered | T1,T2,T4 |
LINE 232
EXPRESSION (init_done ? 1'b0 : (init_trig ? 1'b1 : init_q))
----1----
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T4 |
LINE 232
SUB-EXPRESSION (init_trig ? 1'b1 : init_q)
----1----
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T4 |
LINE 248
EXPRESSION (init_q & ((~key_req_pending_q)))
---1-- -----------2----------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T2,T3 |
1 | 0 | Covered | T1,T2,T4 |
1 | 1 | Covered | T1,T2,T4 |
LINE 249
EXPRESSION ((init_cnt == 10'((Depth - 1))) & init_req)
---------------1-------------- ----2---
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T2,T4 |
1 | 0 | Covered | T1,T2,T4 |
1 | 1 | Covered | T1,T2,T4 |
LINE 249
SUB-EXPRESSION (init_cnt == 10'((Depth - 1)))
---------------1--------------
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T4 |
LINE 273
EXPRESSION (init_done & ((~init_trig)) & ((~local_esc)))
----1---- -------2------ -------3------
-1- | -2- | -3- | Status | Tests | Exclude Annotation |
0 | 1 | 1 | Covered | T1,T2,T3 |
1 | 0 | 1 | Excluded | |
[LOWRISK] we don't issue a new init when there is a unfinished init |
1 | 1 | 0 | Covered | T6,T8,T9 |
1 | 1 | 1 | Covered | T1,T2,T4 |
LINE 274
EXPRESSION (init_done | init_trig | local_esc)
----1---- ----2---- ----3----
-1- | -2- | -3- | Status | Tests |
0 | 0 | 0 | Covered | T1,T2,T3 |
0 | 0 | 1 | Covered | T4,T6,T7 |
0 | 1 | 0 | Covered | T1,T2,T4 |
1 | 0 | 0 | Covered | T1,T2,T4 |
LINE 285
EXPRESSION (reg2hw.ctrl.renew_scr_key.q && reg2hw.ctrl.renew_scr_key.qe && ((!key_req_pending_q)) && ((!init_q)))
-------------1------------- --------------2------------- -----------3---------- -----4-----
-1- | -2- | -3- | -4- | Status | Tests |
0 | 1 | 1 | 1 | Covered | T19,T20,T21 |
1 | 0 | 1 | 1 | Covered | T1,T2,T4 |
1 | 1 | 0 | 1 | Not Covered | |
1 | 1 | 1 | 0 | Not Covered | |
1 | 1 | 1 | 1 | Covered | T1,T2,T4 |
LINE 290
EXPRESSION (key_req ? 1'b1 : (key_ack ? 1'b0 : key_req_pending_q))
---1---
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T4 |
LINE 290
SUB-EXPRESSION (key_ack ? 1'b0 : key_req_pending_q)
---1---
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T4 |
LINE 294
EXPRESSION (key_ack & ((~key_req)) & ((~local_esc)))
---1--- ------2----- -------3------
-1- | -2- | -3- | Status | Tests | Exclude Annotation |
0 | 1 | 1 | Covered | T1,T2,T3 |
1 | 0 | 1 | Excluded | |
[UNSUPPORTED] ACK can't come without REQ |
1 | 1 | 0 | Covered | T6,T8,T9 |
1 | 1 | 1 | Covered | T1,T2,T4 |
LINE 295
EXPRESSION (key_req | key_ack | local_esc)
---1--- ---2--- ----3----
-1- | -2- | -3- | Status | Tests |
0 | 0 | 0 | Covered | T1,T2,T3 |
0 | 0 | 1 | Covered | T4,T6,T7 |
0 | 1 | 0 | Covered | T1,T2,T4 |
1 | 0 | 0 | Covered | T1,T2,T4 |
LINE 299
EXPRESSION ((key_ack & ((~local_esc))) ? MuBi4True : MuBi4False)
-------------1------------
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T4 |
LINE 299
SUB-EXPRESSION (key_ack & ((~local_esc)))
---1--- -------2------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T2,T3 |
1 | 0 | Covered | T6,T8,T9 |
1 | 1 | Covered | T1,T2,T4 |
LINE 300
EXPRESSION (key_ack | local_esc)
---1--- ----2----
-1- | -2- | Status | Tests |
0 | 0 | Covered | T1,T2,T3 |
0 | 1 | Covered | T4,T6,T7 |
1 | 0 | Covered | T1,T2,T4 |
LINE 304
EXPRESSION (key_seed_valid & ((~local_esc)))
-------1------ -------2------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T2,T4 |
1 | 0 | Covered | T6,T8,T15 |
1 | 1 | Covered | T4,T6,T12 |
LINE 305
EXPRESSION (key_ack | local_esc)
---1--- ----2----
-1- | -2- | Status | Tests |
0 | 0 | Covered | T1,T2,T3 |
0 | 1 | Covered | T4,T6,T7 |
1 | 0 | Covered | T1,T2,T4 |
LINE 513
EXPRESSION (tlul_req | init_req)
----1--- ----2---
-1- | -2- | Status | Tests |
0 | 0 | Covered | T1,T2,T3 |
0 | 1 | Covered | T1,T2,T4 |
1 | 0 | Covered | T2,T4,T5 |
LINE 519
EXPRESSION (key_valid & ((~init_req)))
----1---- ------2------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T2,T4 |
1 | 0 | Covered | T1,T2,T4 |
1 | 1 | Covered | T1,T2,T3 |
LINE 520
EXPRESSION (tlul_we | init_req)
---1--- ----2---
-1- | -2- | Status | Tests |
0 | 0 | Covered | T1,T2,T3 |
0 | 1 | Covered | T1,T2,T4 |
1 | 0 | Covered | T2,T5,T6 |
LINE 521
EXPRESSION (((|bus_integ_error[2:1])) & ((~init_req)))
------------1------------ ------2------
-1- | -2- | Status | Tests |
0 | 1 | Covered | T1,T2,T3 |
1 | 0 | Not Covered | |
1 | 1 | Covered | T7,T17,T18 |
LINE 522
EXPRESSION (init_req ? init_cnt : tlul_addr)
----1---
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T4 |
LINE 523
EXPRESSION (init_req ? lfsr_out_integ : tlul_wdata)
----1---
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T4 |
LINE 524
EXPRESSION (init_req ? ({sram_ctrl_pkg::DataWidth {1'b1}}) : tlul_wmask)
----1---
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T4 |
LINE 535
EXPRESSION (key_req_pending_q ? 1'b0 : (reg2hw.status.escalated.q ? (tl_gate_resp_pending & sram_compound_txn_in_progress) : 1'b1))
--------1--------
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T1,T2,T4 |
LINE 535
SUB-EXPRESSION (reg2hw.status.escalated.q ? (tl_gate_resp_pending & sram_compound_txn_in_progress) : 1'b1)
------------1------------
-1- | Status | Tests |
0 | Covered | T1,T2,T3 |
1 | Covered | T6,T8,T9 |
LINE 535
SUB-EXPRESSION (tl_gate_resp_pending & sram_compound_txn_in_progress)
----------1--------- --------------2--------------
-1- | -2- | Status | Tests |
0 | 1 | Not Covered | |
1 | 0 | Covered | T6,T8,T9 |
1 | 1 | Covered | T6,T8,T9 |
Toggle Coverage for Instance : tb.dut
| Total | Covered | Percent |
Totals |
62 |
62 |
100.00 |
Total Bits |
1230 |
1230 |
100.00 |
Total Bits 0->1 |
615 |
615 |
100.00 |
Total Bits 1->0 |
615 |
615 |
100.00 |
| | | |
Ports |
62 |
62 |
100.00 |
Port Bits |
1230 |
1230 |
100.00 |
Port Bits 0->1 |
615 |
615 |
100.00 |
Port Bits 1->0 |
615 |
615 |
100.00 |
Port Details
Name | Toggle | Toggle 1->0 | Tests | Toggle 0->1 | Tests | Direction |
clk_i |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
INPUT |
rst_ni |
Yes |
Yes |
T4,T6,T7 |
Yes |
T1,T2,T3 |
INPUT |
clk_otp_i |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
INPUT |
rst_otp_ni |
Yes |
Yes |
T4,T6,T7 |
Yes |
T1,T2,T3 |
INPUT |
ram_tl_i.d_ready |
Yes |
Yes |
T3,T4,T6 |
Yes |
T1,T2,T3 |
INPUT |
ram_tl_i.a_user.data_intg[6:0] |
Yes |
Yes |
T2,T5,T6 |
Yes |
T2,T5,T6 |
INPUT |
ram_tl_i.a_user.cmd_intg[6:0] |
Yes |
Yes |
T2,T4,T5 |
Yes |
T2,T3,T4 |
INPUT |
ram_tl_i.a_user.instr_type[3:0] |
Yes |
Yes |
T12,T22,T23 |
Yes |
T3,T12,T22 |
INPUT |
ram_tl_i.a_user.rsvd[4:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
ram_tl_i.a_data[31:0] |
Yes |
Yes |
T2,T5,T6 |
Yes |
T2,T5,T6 |
INPUT |
ram_tl_i.a_mask[3:0] |
Yes |
Yes |
T2,T3,T5 |
Yes |
T2,T5,T6 |
INPUT |
ram_tl_i.a_address[31:0] |
Yes |
Yes |
T2,T5,T6 |
Yes |
T2,T5,T6 |
INPUT |
ram_tl_i.a_source[7:0] |
Yes |
Yes |
T2,T4,T5 |
Yes |
T2,T4,T5 |
INPUT |
ram_tl_i.a_size[1:0] |
Yes |
Yes |
T2,T3,T5 |
Yes |
T2,T5,T6 |
INPUT |
ram_tl_i.a_param[2:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
ram_tl_i.a_opcode[2:0] |
Yes |
Yes |
T2,T5,T6 |
Yes |
T2,T5,T6 |
INPUT |
ram_tl_i.a_valid |
Yes |
Yes |
T2,T4,T5 |
Yes |
T2,T4,T5 |
INPUT |
ram_tl_o.a_ready |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
OUTPUT |
ram_tl_o.d_error |
Yes |
Yes |
T1,T2,T3 |
Yes |
T4,T6,T7 |
OUTPUT |
ram_tl_o.d_user.data_intg[6:0] |
Yes |
Yes |
T2,T4,T5 |
Yes |
T2,T4,T5 |
OUTPUT |
ram_tl_o.d_user.rsp_intg[5:0] |
Yes |
Yes |
T2,*T4,T5 |
Yes |
T1,T2,T3 |
OUTPUT |
ram_tl_o.d_user.rsp_intg[6] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
ram_tl_o.d_data[31:0] |
Yes |
Yes |
T2,T4,T5 |
Yes |
T2,T4,T5 |
OUTPUT |
ram_tl_o.d_sink |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
ram_tl_o.d_source[7:0] |
Yes |
Yes |
T2,T4,T5 |
Yes |
T2,T4,T5 |
OUTPUT |
ram_tl_o.d_size[1:0] |
Yes |
Yes |
T2,T5,T6 |
Yes |
T2,T5,T6 |
OUTPUT |
ram_tl_o.d_param[2:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
ram_tl_o.d_opcode[0] |
Yes |
Yes |
*T2,*T5,*T6 |
Yes |
T2,T5,T6 |
OUTPUT |
ram_tl_o.d_opcode[2:1] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
ram_tl_o.d_valid |
Yes |
Yes |
T2,T4,T5 |
Yes |
T2,T4,T5 |
OUTPUT |
regs_tl_i.d_ready |
Yes |
Yes |
T3,T4,T6 |
Yes |
T1,T2,T3 |
INPUT |
regs_tl_i.a_user.data_intg[6:0] |
Yes |
Yes |
T3,T6,T7 |
Yes |
T3,T6,T7 |
INPUT |
regs_tl_i.a_user.cmd_intg[6:0] |
Yes |
Yes |
T2,T3,T6 |
Yes |
T3,T4,T6 |
INPUT |
regs_tl_i.a_user.instr_type[3:0] |
Yes |
Yes |
T3,T6,T12 |
Yes |
T3,T6,T12 |
INPUT |
regs_tl_i.a_user.rsvd[4:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
regs_tl_i.a_data[31:0] |
Yes |
Yes |
T3,T4,T5 |
Yes |
T3,T6,T7 |
INPUT |
regs_tl_i.a_mask[3:0] |
Yes |
Yes |
T3,T6,T12 |
Yes |
T3,T6,T12 |
INPUT |
regs_tl_i.a_address[31:0] |
Yes |
Yes |
T3,T6,T12 |
Yes |
T3,T6,T12 |
INPUT |
regs_tl_i.a_source[7:0] |
Yes |
Yes |
T3,T4,T6 |
Yes |
T3,T6,T7 |
INPUT |
regs_tl_i.a_size[1:0] |
Yes |
Yes |
T3,T4,T6 |
Yes |
T3,T6,T7 |
INPUT |
regs_tl_i.a_param[2:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
regs_tl_i.a_opcode[2:0] |
Yes |
Yes |
T3,T6,T11 |
Yes |
T3,T6,T10 |
INPUT |
regs_tl_i.a_valid |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
INPUT |
regs_tl_o.a_ready |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
OUTPUT |
regs_tl_o.d_error |
Yes |
Yes |
T12,T24,T25 |
Yes |
T12,T24,T25 |
OUTPUT |
regs_tl_o.d_user.data_intg[6:0] |
Yes |
Yes |
T6,T7,T12 |
Yes |
T6,T7,T12 |
OUTPUT |
regs_tl_o.d_user.rsp_intg[5:0] |
Yes |
Yes |
*T2,*T3,*T4 |
Yes |
T1,T2,T3 |
OUTPUT |
regs_tl_o.d_user.rsp_intg[6] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
regs_tl_o.d_data[31:0] |
Yes |
Yes |
T4,T6,T7 |
Yes |
T1,T2,T3 |
OUTPUT |
regs_tl_o.d_sink |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
regs_tl_o.d_source[7:0] |
Yes |
Yes |
T3,T4,T6 |
Yes |
T1,T3,T4 |
OUTPUT |
regs_tl_o.d_size[1:0] |
Yes |
Yes |
T3,T4,T6 |
Yes |
T1,T3,T4 |
OUTPUT |
regs_tl_o.d_param[2:0] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
regs_tl_o.d_opcode[0] |
Yes |
Yes |
*T6,*T7,*T12 |
Yes |
T6,T7,T12 |
OUTPUT |
regs_tl_o.d_opcode[2:1] |
Unreachable |
Unreachable |
|
Unreachable |
|
OUTPUT |
regs_tl_o.d_valid |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
OUTPUT |
alert_rx_i[0].ack_n |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
INPUT |
alert_rx_i[0].ack_p |
Yes |
Yes |
T3,T7,T13 |
Yes |
T3,T7,T13 |
INPUT |
alert_rx_i[0].ping_n |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
alert_rx_i[0].ping_p |
Unreachable |
Unreachable |
|
Unreachable |
|
INPUT |
alert_tx_o[0].alert_n |
Yes |
Yes |
T1,T2,T3 |
Yes |
T1,T2,T3 |
OUTPUT |
alert_tx_o[0].alert_p |
Yes |
Yes |
T3,T7,T13 |
Yes |
T3,T7,T13 |
OUTPUT |
lc_escalate_en_i[3:0] |
Yes |
Yes |
T6,T8,T9 |
Yes |
T6,T8,T9 |
INPUT |
lc_hw_debug_en_i[3:0] |
Yes |
Yes |
T12,T24,T25 |
Yes |
T12,T24,T25 |
INPUT |
otp_en_sram_ifetch_i[7:0] |
Yes |
Yes |
T12,T24,T25 |
Yes |
T12,T24,T25 |
INPUT |
sram_otp_key_o.req |
Yes |
Yes |
T1,T2,T4 |
Yes |
T1,T2,T4 |
OUTPUT |
sram_otp_key_i.seed_valid |
Yes |
Yes |
T4,T6,T12 |
Yes |
T6,T12,T8 |
INPUT |
sram_otp_key_i.nonce[127:0] |
Yes |
Yes |
T6,T12,T26 |
Yes |
T2,T6,T11 |
INPUT |
sram_otp_key_i.key[127:0] |
Yes |
Yes |
T2,T6,T11 |
Yes |
T4,T6,T12 |
INPUT |
sram_otp_key_i.ack |
Yes |
Yes |
T1,T2,T4 |
Yes |
T1,T2,T4 |
INPUT |
cfg_i.rf_cfg.cfg[3:0] |
Yes |
Yes |
T1,T27,T28 |
Yes |
T1,T27,T28 |
INPUT |
cfg_i.rf_cfg.cfg_en |
Yes |
Yes |
T1,T27,T28 |
Yes |
T1,T27,T28 |
INPUT |
cfg_i.rf_cfg.test |
Yes |
Yes |
T1,T27,T28 |
Yes |
T1,T27,T28 |
INPUT |
cfg_i.ram_cfg.cfg[3:0] |
Yes |
Yes |
T1,T27,T28 |
Yes |
T1,T27,T28 |
INPUT |
cfg_i.ram_cfg.cfg_en |
Yes |
Yes |
T1,T27,T28 |
Yes |
T1,T27,T28 |
INPUT |
cfg_i.ram_cfg.test |
Yes |
Yes |
T1,T27,T28 |
Yes |
T1,T27,T28 |
INPUT |
*Tests covering at least one bit in the range
Branch Coverage for Instance : tb.dut
| Line No. | Total | Covered | Percent |
Branches |
|
24 |
24 |
100.00 |
TERNARY |
232 |
3 |
3 |
100.00 |
TERNARY |
290 |
3 |
3 |
100.00 |
TERNARY |
299 |
2 |
2 |
100.00 |
TERNARY |
522 |
2 |
2 |
100.00 |
TERNARY |
523 |
2 |
2 |
100.00 |
TERNARY |
524 |
2 |
2 |
100.00 |
TERNARY |
535 |
3 |
3 |
100.00 |
IF |
236 |
2 |
2 |
100.00 |
IF |
308 |
5 |
5 |
100.00 |
232 assign init_d = (init_done) ? 1'b0 :
-1-
==>
233 (init_trig) ? 1'b1 : init_q;
-2-
==>
==>
Branches:
-1- | -2- | Status | Tests |
1 |
- |
Covered |
T1,T2,T4 |
0 |
1 |
Covered |
T1,T2,T4 |
0 |
0 |
Covered |
T1,T2,T3 |
290 assign key_req_pending_d = (key_req) ? 1'b1 :
-1-
==>
291 (key_ack) ? 1'b0 : key_req_pending_q;
-2-
==>
==>
Branches:
-1- | -2- | Status | Tests |
1 |
- |
Covered |
T1,T2,T4 |
0 |
1 |
Covered |
T1,T2,T4 |
0 |
0 |
Covered |
T1,T2,T3 |
299 assign hw2reg.scr_key_rotated.d = (key_ack & ~local_esc) ? MuBi4True : MuBi4False;
-1-
==>
==>
Branches:
-1- | Status | Tests |
1 |
Covered |
T1,T2,T4 |
0 |
Covered |
T1,T2,T3 |
522 assign sram_addr = (init_req) ? init_cnt : tlul_addr;
-1-
==>
==>
Branches:
-1- | Status | Tests |
1 |
Covered |
T1,T2,T4 |
0 |
Covered |
T1,T2,T3 |
523 assign sram_wdata = (init_req) ? lfsr_out_integ : tlul_wdata;
-1-
==>
==>
Branches:
-1- | Status | Tests |
1 |
Covered |
T1,T2,T4 |
0 |
Covered |
T1,T2,T3 |
524 assign sram_wmask = (init_req) ? {DataWidth{1'b1}} : tlul_wmask;
-1-
==>
==>
Branches:
-1- | Status | Tests |
1 |
Covered |
T1,T2,T4 |
0 |
Covered |
T1,T2,T3 |
535 assign key_valid =
536 (key_req_pending_q) ? 1'b0 :
-1-
==>
537 (reg2hw.status.escalated.q) ? (tl_gate_resp_pending & sram_compound_txn_in_progress) : 1'b1;
-2-
==>
==>
Branches:
-1- | -2- | Status | Tests |
1 |
- |
Covered |
T1,T2,T4 |
0 |
1 |
Covered |
T6,T8,T9 |
0 |
0 |
Covered |
T1,T2,T3 |
236 if(!rst_ni) begin
-1-
237 init_q <= 1'b0;
==>
238 end else begin
239 init_q <= init_d;
==>
Branches:
-1- | Status | Tests |
1 |
Covered |
T1,T2,T3 |
0 |
Covered |
T1,T2,T3 |
308 if (!rst_ni) begin
-1-
309 key_req_pending_q <= 1'b0;
==>
310 // reset case does not use buffered values as the
311 // reset value will be directly encoded into flop types
312 key_q <= RndCnstSramKey;
313 nonce_q <= RndCnstSramNonce;
314 end else begin
315 key_req_pending_q <= key_req_pending_d;
316 if (key_ack) begin
-2-
317 key_q <= key_d;
==>
318 nonce_q <= nonce_d;
319 end
MISSING_ELSE
==>
320 // This scraps the keys.
321 // SEC_CM: KEY.GLOBAL_ESC
322 // SEC_CM: KEY.LOCAL_ESC
323 if (local_esc) begin
-3-
324 key_q <= cnst_sram_key;
==>
325 nonce_q <= cnst_sram_nonce;
326 end
MISSING_ELSE
==>
Branches:
-1- | -2- | -3- | Status | Tests |
1 |
- |
- |
Covered |
T1,T2,T3 |
0 |
1 |
- |
Covered |
T1,T2,T4 |
0 |
0 |
- |
Covered |
T1,T2,T3 |
0 |
- |
1 |
Covered |
T4,T6,T7 |
0 |
- |
0 |
Covered |
T1,T2,T3 |
Assert Coverage for Instance : tb.dut
Assertion Details
AlertOutKnown_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
334384327 |
0 |
0 |
T1 |
2356 |
2303 |
0 |
0 |
T2 |
17797 |
17741 |
0 |
0 |
T3 |
1051 |
996 |
0 |
0 |
T4 |
2538 |
2466 |
0 |
0 |
T5 |
6457 |
6392 |
0 |
0 |
T6 |
20795 |
20656 |
0 |
0 |
T7 |
19996 |
17275 |
0 |
0 |
T10 |
65587 |
65537 |
0 |
0 |
T11 |
4971 |
4910 |
0 |
0 |
T12 |
25434 |
25326 |
0 |
0 |
FpvSecCmCntCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
80 |
0 |
0 |
T7 |
19996 |
10 |
0 |
0 |
T8 |
44807 |
0 |
0 |
0 |
T10 |
65587 |
0 |
0 |
0 |
T11 |
4971 |
0 |
0 |
0 |
T12 |
25434 |
0 |
0 |
0 |
T15 |
2928 |
0 |
0 |
0 |
T17 |
0 |
20 |
0 |
0 |
T18 |
0 |
20 |
0 |
0 |
T22 |
4437 |
0 |
0 |
0 |
T26 |
15889 |
0 |
0 |
0 |
T27 |
2691 |
0 |
0 |
0 |
T29 |
0 |
10 |
0 |
0 |
T30 |
0 |
20 |
0 |
0 |
T31 |
55617 |
0 |
0 |
0 |
FpvSecCmLcGateFsmCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
0 |
0 |
0 |
FpvSecCmRegWeOnehotCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
80 |
0 |
0 |
T7 |
19996 |
10 |
0 |
0 |
T8 |
44807 |
0 |
0 |
0 |
T10 |
65587 |
0 |
0 |
0 |
T11 |
4971 |
0 |
0 |
0 |
T12 |
25434 |
0 |
0 |
0 |
T15 |
2928 |
0 |
0 |
0 |
T17 |
0 |
20 |
0 |
0 |
T18 |
0 |
20 |
0 |
0 |
T22 |
4437 |
0 |
0 |
0 |
T26 |
15889 |
0 |
0 |
0 |
T27 |
2691 |
0 |
0 |
0 |
T29 |
0 |
10 |
0 |
0 |
T30 |
0 |
20 |
0 |
0 |
T31 |
55617 |
0 |
0 |
0 |
FpvSecCmReqFifoRptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
0 |
0 |
0 |
FpvSecCmReqFifoWptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
0 |
0 |
0 |
FpvSecCmRspFifoRptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
80 |
0 |
0 |
T7 |
19996 |
10 |
0 |
0 |
T8 |
44807 |
0 |
0 |
0 |
T10 |
65587 |
0 |
0 |
0 |
T11 |
4971 |
0 |
0 |
0 |
T12 |
25434 |
0 |
0 |
0 |
T15 |
2928 |
0 |
0 |
0 |
T17 |
0 |
20 |
0 |
0 |
T18 |
0 |
20 |
0 |
0 |
T22 |
4437 |
0 |
0 |
0 |
T26 |
15889 |
0 |
0 |
0 |
T27 |
2691 |
0 |
0 |
0 |
T29 |
0 |
10 |
0 |
0 |
T30 |
0 |
20 |
0 |
0 |
T31 |
55617 |
0 |
0 |
0 |
FpvSecCmRspFifoWptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
80 |
0 |
0 |
T7 |
19996 |
10 |
0 |
0 |
T8 |
44807 |
0 |
0 |
0 |
T10 |
65587 |
0 |
0 |
0 |
T11 |
4971 |
0 |
0 |
0 |
T12 |
25434 |
0 |
0 |
0 |
T15 |
2928 |
0 |
0 |
0 |
T17 |
0 |
20 |
0 |
0 |
T18 |
0 |
20 |
0 |
0 |
T22 |
4437 |
0 |
0 |
0 |
T26 |
15889 |
0 |
0 |
0 |
T27 |
2691 |
0 |
0 |
0 |
T29 |
0 |
10 |
0 |
0 |
T30 |
0 |
20 |
0 |
0 |
T31 |
55617 |
0 |
0 |
0 |
FpvSecCmSramReqFifoRptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
0 |
0 |
0 |
FpvSecCmSramReqFifoWptrCheck_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
0 |
0 |
0 |
NonceWidthsLessThanSource_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
943 |
943 |
0 |
0 |
T1 |
1 |
1 |
0 |
0 |
T2 |
1 |
1 |
0 |
0 |
T3 |
1 |
1 |
0 |
0 |
T4 |
1 |
1 |
0 |
0 |
T5 |
1 |
1 |
0 |
0 |
T6 |
1 |
1 |
0 |
0 |
T7 |
1 |
1 |
0 |
0 |
T10 |
1 |
1 |
0 |
0 |
T11 |
1 |
1 |
0 |
0 |
T12 |
1 |
1 |
0 |
0 |
RamTlOutKnown_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
334384327 |
0 |
0 |
T1 |
2356 |
2303 |
0 |
0 |
T2 |
17797 |
17741 |
0 |
0 |
T3 |
1051 |
996 |
0 |
0 |
T4 |
2538 |
2466 |
0 |
0 |
T5 |
6457 |
6392 |
0 |
0 |
T6 |
20795 |
20656 |
0 |
0 |
T7 |
19996 |
17275 |
0 |
0 |
T10 |
65587 |
65537 |
0 |
0 |
T11 |
4971 |
4910 |
0 |
0 |
T12 |
25434 |
25326 |
0 |
0 |
RamTlOutPayLoadKnown_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
145836043 |
0 |
0 |
T2 |
17797 |
6917 |
0 |
0 |
T3 |
1051 |
0 |
0 |
0 |
T4 |
2538 |
13 |
0 |
0 |
T5 |
6457 |
933 |
0 |
0 |
T6 |
20795 |
1610 |
0 |
0 |
T7 |
19996 |
465 |
0 |
0 |
T8 |
0 |
3503 |
0 |
0 |
T10 |
65587 |
27865 |
0 |
0 |
T11 |
4971 |
977 |
0 |
0 |
T12 |
25434 |
9794 |
0 |
0 |
T26 |
15889 |
6200 |
0 |
0 |
RamTlOutPayLoadKnown_AKnownEnable
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
334384327 |
0 |
0 |
T1 |
2356 |
2303 |
0 |
0 |
T2 |
17797 |
17741 |
0 |
0 |
T3 |
1051 |
996 |
0 |
0 |
T4 |
2538 |
2466 |
0 |
0 |
T5 |
6457 |
6392 |
0 |
0 |
T6 |
20795 |
20656 |
0 |
0 |
T7 |
19996 |
17275 |
0 |
0 |
T10 |
65587 |
65537 |
0 |
0 |
T11 |
4971 |
4910 |
0 |
0 |
T12 |
25434 |
25326 |
0 |
0 |
RegsTlOutKnown_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
334384327 |
0 |
0 |
T1 |
2356 |
2303 |
0 |
0 |
T2 |
17797 |
17741 |
0 |
0 |
T3 |
1051 |
996 |
0 |
0 |
T4 |
2538 |
2466 |
0 |
0 |
T5 |
6457 |
6392 |
0 |
0 |
T6 |
20795 |
20656 |
0 |
0 |
T7 |
19996 |
17275 |
0 |
0 |
T10 |
65587 |
65537 |
0 |
0 |
T11 |
4971 |
4910 |
0 |
0 |
T12 |
25434 |
25326 |
0 |
0 |
SramOtpKeyKnown_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
334384327 |
0 |
0 |
T1 |
2356 |
2303 |
0 |
0 |
T2 |
17797 |
17741 |
0 |
0 |
T3 |
1051 |
996 |
0 |
0 |
T4 |
2538 |
2466 |
0 |
0 |
T5 |
6457 |
6392 |
0 |
0 |
T6 |
20795 |
20656 |
0 |
0 |
T7 |
19996 |
17275 |
0 |
0 |
T10 |
65587 |
65537 |
0 |
0 |
T11 |
4971 |
4910 |
0 |
0 |
T12 |
25434 |
25326 |
0 |
0 |
TlulGntIsCorrect_A
Name | Attempts | Real Successes | Failures | Incomplete |
Total |
334494304 |
64526717 |
0 |
0 |
T2 |
17797 |
7235 |
0 |
0 |
T3 |
1051 |
0 |
0 |
0 |
T4 |
2538 |
26 |
0 |
0 |
T5 |
6457 |
2408 |
0 |
0 |
T6 |
20795 |
589 |
0 |
0 |
T7 |
19996 |
0 |
0 |
0 |
T8 |
0 |
1209 |
0 |
0 |
T10 |
65587 |
8363 |
0 |
0 |
T11 |
4971 |
1071 |
0 |
0 |
T12 |
25434 |
755 |
0 |
0 |
T15 |
0 |
269 |
0 |
0 |
T26 |
15889 |
6491 |
0 |
0 |