forked from lowRISC/opentitan
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathotbn_testplan.hjson
184 lines (169 loc) · 6.02 KB
/
otbn_testplan.hjson
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
// Copyright lowRISC contributors (OpenTitan project).
// Licensed under the Apache License, Version 2.0, see LICENSE for details.
// SPDX-License-Identifier: Apache-2.0
{
name: "otbn"
import_testplans: ["hw/dv/tools/dvsim/testplans/csr_testplan.hjson",
"hw/dv/tools/dvsim/testplans/mem_testplan.hjson",
"hw/dv/tools/dvsim/testplans/alert_test_testplan.hjson",
"hw/dv/tools/dvsim/testplans/intr_test_testplan.hjson",
"hw/dv/tools/dvsim/testplans/tl_device_access_types_testplan.hjson",
"hw/dv/tools/dvsim/testplans/stress_all_with_reset_testplan.hjson",
"hw/dv/tools/dvsim/testplans/passthru_mem_intg_testplan.hjson",
"hw/dv/tools/dvsim/testplans/sec_cm_fsm_testplan.hjson",
"hw/dv/tools/dvsim/testplans/sec_cm_count_testplan.hjson",
"otbn_sec_cm_testplan.hjson"]
testpoints: [
{
name: smoke
desc: '''
Smoke test, running a single fixed binary
This runs the binary from otbn/dv/smoke/smoke_test.s, which is
designed to check most of the implemented instructions. The
unchanging binary should mean this basic test is particularly
appropriate for CI.
'''
stage: V1
tests: ["otbn_smoke"]
}
{
name: single_binary
desc: '''
Run a single randomly-chosen binary
This test drives the main bulk of OTBN testing. It picks a random
binary from a pre-generated set and runs it, comparing against the
model. We'll run this with a large number of seeds and use
functional coverage to track when verification of the internals of
the core is done.
Sometimes enable the "done" interrupt to check that it and the
error interrupt work correctly.
'''
stage: V1
tests: ["otbn_single"]
}
{
name: reset_recovery
desc: '''
Run two binaries, resetting the first at an arbitrary time
Running another binary after a sudden and unexpected reset via the
rst_ni signal will check that all state is properly re-initialized
after a reset. We'd expect X-propagation checks to catch most
problems like this, but an explicit reset sequence also adds the
relevant FSM/toggle coverage.
'''
stage: V2
tests: ["otbn_reset"]
}
{
name: multi_error
desc: '''
Run instructions that cause multiple SW errors in a cycle
These are directed tests, designed to exhaustively trigger all the
cases where a single instruction execution can fail for more than
one reason. Since each of these instructions causes the operation
to fail, we have to run an OTBN operation for each. To do this, we
compile and run all the binaries in a collection of ISS unit tests.
We have coverage points to ensure we see every event we expect.
'''
stage: V2
tests: ["otbn_multi_err"]
}
{
name: mem_integrity
desc: '''
Inject ECC errors into DMEM and IMEM and expect an alert
'''
stage: V2S
tests: ["otbn_imem_err", "otbn_dmem_err"]
}
{
name: internal_integrity
desc: '''
Corrupt internal state and expect an alert
'''
stage: V2S
tests: ["otbn_alu_bignum_mod_err",
"otbn_controller_ispr_rdata_err",
"otbn_mac_bignum_acc_err",
"otbn_urnd_err"]
}
{
name: back_to_back
desc: '''
Run sequences back-to-back
This runs several sequences back-to-back, without resets between
them. This should catch initialisation problems where not all state
is cleared between programs when there's no reset.
'''
stage: V2
tests: ["otbn_multi"]
}
{
name: stress_all
desc: '''
Run assorted sequences back-to-back.
'''
stage: V2
tests: ["otbn_stress_all"]
}
{
name: lc_escalation
desc: '''
Trigger the life cycle escalation input.
'''
stage: V2
tests: ["otbn_escalate"]
}
{
name: zero_state_err_urnd
desc: '''
Trigger the "state is zero" error in URND,
Check that fatal error is asserted.
'''
stage: V2
tests: ["otbn_zero_state_err_urnd"]
}
{
name: illegal_bus_access
desc: '''
Trigger reads and writes to both DMEM and IMEM and expect a fatal alert for
ILLEGAL_BUS_ACCESS. Check that *mem_rdata_bus pins are at 0 when reads are done
'''
stage: V2S
tests: ["otbn_illegal_mem_acc"]
}
{
name: sw_errs_fatal_chk
desc: '''
Set ctrl.software_errs_fatal.
When set software errors produce fatal errors, rather than recoverable errors.
'''
stage: V2
tests: ["otbn_sw_errs_fatal_chk"]
}
{
name: otbn_mem_gnt_acc_err
desc: '''
Trigger a fault to cause the IMEM/DMEM grant signal to be false when req is asserted.
This in turn should cause dmem_missed_gnt/imem_missed_gnt to get asserted resulting
in a fatal alert (a bad_internal_state fatal error).
'''
stage: V2S
tests: ["otbn_mem_gnt_acc_err"]
}
{
name: otbn_non_sec_partial_wipe
desc: '''
See a local wipe signal be raised when a secure wipe is not running. When this happens, we
expect the RTL to stop with a fatal alert. The signals tracked are:
- sec_wipe_mod_urnd_i in otbn_alu_bignum
- sec_wipe_zero_i in otbn_controller
- sec_wipe_base in otbn_core
- sec_wipe_wdr_q in otbn_core
- sec_wipe_stack_reset_i in otbn_rf_base
'''
stage: V2S
tests: ["otbn_partial_wipe"]
}
]
}