From 8f9d8de180d70922e1e2a24b5b0b6266de3582a6 Mon Sep 17 00:00:00 2001 From: Canberk Topal Date: Tue, 1 Nov 2022 15:12:24 +0000 Subject: [PATCH 1/4] [dv] V2S Coverage Implementation This commit adds coverpoints and crosses for security countermeasures implemented in the design. Signed-off-by: Canberk Topal --- doc/03_reference/coverage_plan.rst | 28 +++++++++++++++ dv/uvm/core_ibex/fcov/core_ibex_fcov_if.sv | 40 +++++++++++++++++++++- dv/uvm/core_ibex/tb/core_ibex_tb_top.sv | 6 ++++ rtl/ibex_core.sv | 4 +++ rtl/ibex_if_stage.sv | 10 ++++++ 5 files changed, 87 insertions(+), 1 deletion(-) diff --git a/doc/03_reference/coverage_plan.rst b/doc/03_reference/coverage_plan.rst index 045b4d8a7d..e7397b36f8 100644 --- a/doc/03_reference/coverage_plan.rst +++ b/doc/03_reference/coverage_plan.rst @@ -299,6 +299,30 @@ Basic read/write functionality must be tested on all implemented CSRs. CSRs addresses do not need to be crossed with the variety of CSR instructions as these all use the same basic read & write interface into ``ibex_cs_registers``. Coverage of the above points will be sampled at the ``ibex_cs_registers`` interface (as opposed to sampling CSR instructions). +Security Countermeasures +^^^^^^^^^^^^^^^^^^^^^^^^ +For more detail about each security countermeasure in Ibex see :ref:`security` + +* ``cp_data_ind_timing`` - Enabling/Disabling "Data Independent Timing" feature. + +* ``cp_data_ind_timing_instr`` - Executing each instruction category while data independent timing feature is enabled. + +* ``cp_dummy_instr_en`` - Enabling/Disabling "Dummy Instruction Insertion" feature. + +* ``cp_dummy_instr_mask`` - Frequency of injection for the dummy instructions. + +* ``cp_dummy_instr_type`` - Type of the injected dummy instruction. + +* ``cp_dummy_instr`` - Executing each instruction category while dummy instruction insertion feature is enabled. + +* ``cp_rf_a_ecc_err``, ``cp_rf_b_ecc_err`` - Register file integrity (ECC) fault is seen for port A/B. + +* ``cp_icache_ecc_err`` - ICache has seen an integrity (ECC) fault. + +* ``cp_lockstep_err`` - Lockstep glitch fault seen. + +* ``cp_rf_we_glitch_err`` - Register file write enable glitch fault seen. + Miscellaneous ^^^^^^^^^^^^^ Various points of interest do not fit into the categories above. @@ -348,3 +372,7 @@ There must be a documented reason a particular bin is added to the illegal or ig * ``pmp_iside_priv_bits_cross``, ``pmp_iside2_priv_bits_cross``, ``pmp_dside_priv_bits_cross``, PMP regions x permissions x access fail/pass x privilege level * Three crosses, one for each PMP channel (instruction, instruction 2 and data). + +* ``dummy_instr_config_cross`` - Dummy Instruction Type x Dummy Instruction Insertion Frequency to explore all possible configurations. + +* ``rf_ecc_err_cross`` - ECC Error on Port A x ECC Error on Port B to explore all possible combinations of reported ECC errors. diff --git a/dv/uvm/core_ibex/fcov/core_ibex_fcov_if.sv b/dv/uvm/core_ibex/fcov/core_ibex_fcov_if.sv index 1fefe46283..6a833f7ebb 100644 --- a/dv/uvm/core_ibex/fcov/core_ibex_fcov_if.sv +++ b/dv/uvm/core_ibex/fcov/core_ibex_fcov_if.sv @@ -15,7 +15,10 @@ interface core_ibex_fcov_if import ibex_pkg::*; ( input debug_mode, input fcov_csr_read_only, - input fcov_csr_write + input fcov_csr_write, + + input fcov_rf_ecc_err_a_id, + input fcov_rf_ecc_err_b_id ); `include "dv_fcov_macros.svh" import uvm_pkg::*; @@ -381,6 +384,10 @@ interface core_ibex_fcov_if import ibex_pkg::*; ( (id_stall_type == IdStallTypeNone) && (id_stall_type_last != IdStallTypeNone) && id_stall_type_last_valid; + // V2S Related Probes for Top-Level + logic rf_we_glitch_err; + logic lockstep_glitch_err; + covergroup uarch_cg @(posedge clk_i); option.per_instance = 1; option.name = "uarch_cg"; @@ -423,6 +430,31 @@ interface core_ibex_fcov_if import ibex_pkg::*; ( cp_id_stage_state : coverpoint id_stage_state; cp_wb_stage_state : coverpoint wb_stage_state; + // V2S Coverpoints + cp_data_ind_timing: coverpoint cs_registers_i.data_ind_timing_o; + cp_data_ind_timing_instr: coverpoint id_instr_category iff (cs_registers_i.data_ind_timing_o) { + // Not certain if InstrCategoryOtherIllegal can occur. Put it in illegal_bins for now and + // revisit if any issues are seen + illegal_bins illegal = {InstrCategoryOther, InstrCategoryOtherIllegal}; + } + + cp_dummy_instr_en: coverpoint cs_registers_i.dummy_instr_en_o; + cp_dummy_instr_mask: coverpoint cs_registers_i.dummy_instr_mask_o; + cp_dummy_instr_type: coverpoint if_stage_i.fcov_dummy_instr_type; + cp_dummy_instr: coverpoint id_instr_category iff (cs_registers_i.dummy_instr_en_o) { + // Not certain if InstrCategoryOtherIllegal can occur. Put it in illegal_bins for now and + // revisit if any issues are seen + illegal_bins illegal = {InstrCategoryOther, InstrCategoryOtherIllegal}; + } + + cp_rf_a_ecc_err: coverpoint fcov_rf_ecc_err_a_id; + cp_rf_b_ecc_err: coverpoint fcov_rf_ecc_err_b_id; + + cp_icache_ecc_err : coverpoint if_stage_i.icache_ecc_error_o; + + cp_lockstep_err : coverpoint lockstep_glitch_err; + cp_rf_we_glitch_err : coverpoint rf_we_glitch_err; + // TODO: MRET/WFI in debug mode? // Specific cover points for these as `id_instr_category` will be InstrCategoryPrivIllegal when // executing these instructions in U-mode. @@ -673,6 +705,12 @@ interface core_ibex_fcov_if import ibex_pkg::*; ( // Only care about specific debug CSRs ignore_bins ignore = !binsof(cp_csr_write) intersect {`DEBUG_CSRS}; } + + dummy_instr_config_cross: cross cp_dummy_instr_type, cp_dummy_instr_mask + iff (cs_registers_i.dummy_instr_en_o); + + rf_ecc_err_cross: cross cp_rf_a_ecc_err, cp_rf_b_ecc_err + iff (id_stage_i.instr_valid_i); endgroup bit en_uarch_cov; diff --git a/dv/uvm/core_ibex/tb/core_ibex_tb_top.sv b/dv/uvm/core_ibex/tb/core_ibex_tb_top.sv index 6ca10ef130..ba105b7975 100644 --- a/dv/uvm/core_ibex/tb/core_ibex_tb_top.sv +++ b/dv/uvm/core_ibex/tb/core_ibex_tb_top.sv @@ -162,6 +162,12 @@ module core_ibex_tb_top; !dut_if.alert_minor && !dut_if.alert_major_internal && !dut_if.alert_major_bus, clk, !rst_n) `DV_ASSERT_CTRL("tb_no_alerts_triggered", core_ibex_tb_top.NoAlertsTriggered) + assign dut.u_ibex_top.u_ibex_core.u_fcov_bind.rf_we_glitch_err = + dut.u_ibex_top.rf_alert_major_internal; + + assign dut.u_ibex_top.u_ibex_core.u_fcov_bind.lockstep_glitch_err = + dut.u_ibex_top.lockstep_alert_major_internal; + // Data load/store vif connection assign data_mem_vif.reset = ~rst_n; // Instruction fetch vif connnection diff --git a/rtl/ibex_core.sv b/rtl/ibex_core.sv index 31143a40a0..8d1689f4d2 100644 --- a/rtl/ibex_core.sv +++ b/rtl/ibex_core.sv @@ -1741,6 +1741,10 @@ module ibex_core import ibex_pkg::*; #( ////////// `ifndef SYNTHESIS + // fcov signals for V2S + `DV_FCOV_SIGNAL_GEN_IF(logic, rf_ecc_err_a_id, gen_regfile_ecc.rf_ecc_err_a_id, RegFileECC) + `DV_FCOV_SIGNAL_GEN_IF(logic, rf_ecc_err_b_id, gen_regfile_ecc.rf_ecc_err_b_id, RegFileECC) + // fcov signals for CSR access. These are complicated by illegal accesses. Where an access is // legal `csr_op_en` signals the operation occurring, but this is deasserted where an access is // illegal. Instead `illegal_insn_id` confirms the instruction is taking an illegal instruction diff --git a/rtl/ibex_if_stage.sv b/rtl/ibex_if_stage.sv index 1bf21ced1f..2a5c2ce116 100644 --- a/rtl/ibex_if_stage.sv +++ b/rtl/ibex_if_stage.sv @@ -681,6 +681,16 @@ module ibex_if_stage import ibex_pkg::*; #( assign fetch_ready = id_in_ready_i & ~stall_dummy_instr; end + ////////// + // FCOV // + ////////// + +`ifndef SYNTHESIS + // fcov signals for V2S + `DV_FCOV_SIGNAL_GEN_IF(logic [1:0], dummy_instr_type, + gen_dummy_instr.dummy_instr_i.lfsr_data.instr_type, DummyInstructions) +`endif + //////////////// // Assertions // //////////////// From eb9bcb4b93dc55fcf683481ac2638be2ac21f122 Mon Sep 17 00:00:00 2001 From: Andreas Kurth Date: Fri, 4 Nov 2022 16:32:53 +0000 Subject: [PATCH 2/4] [dv] Add coverpoints for dummy instructions in each stage Signed-off-by: Andreas Kurth --- doc/03_reference/coverage_plan.rst | 6 ++++++ dv/uvm/core_ibex/fcov/core_ibex_fcov_if.sv | 5 +++++ rtl/ibex_if_stage.sv | 2 ++ 3 files changed, 13 insertions(+) diff --git a/doc/03_reference/coverage_plan.rst b/doc/03_reference/coverage_plan.rst index e7397b36f8..fa6ab3db22 100644 --- a/doc/03_reference/coverage_plan.rst +++ b/doc/03_reference/coverage_plan.rst @@ -315,6 +315,12 @@ For more detail about each security countermeasure in Ibex see :ref:`security` * ``cp_dummy_instr`` - Executing each instruction category while dummy instruction insertion feature is enabled. +* ``cp_dummy_instr_if_stage`` - The IF stage handles a dummy instruction. + +* ``cp_dummy_instr_id_stage`` - The ID/EX stage handles a dummy instruction. + +* ``cp_dummy_instr_wb_stage`` - The WB stage handles a dummy instruction. + * ``cp_rf_a_ecc_err``, ``cp_rf_b_ecc_err`` - Register file integrity (ECC) fault is seen for port A/B. * ``cp_icache_ecc_err`` - ICache has seen an integrity (ECC) fault. diff --git a/dv/uvm/core_ibex/fcov/core_ibex_fcov_if.sv b/dv/uvm/core_ibex/fcov/core_ibex_fcov_if.sv index 6a833f7ebb..9a578ef541 100644 --- a/dv/uvm/core_ibex/fcov/core_ibex_fcov_if.sv +++ b/dv/uvm/core_ibex/fcov/core_ibex_fcov_if.sv @@ -447,6 +447,11 @@ interface core_ibex_fcov_if import ibex_pkg::*; ( illegal_bins illegal = {InstrCategoryOther, InstrCategoryOtherIllegal}; } + // Each stage sees a dummy instruction. + cp_dummy_instr_if_stage: coverpoint if_stage_i.fcov_insert_dummy_instr; + cp_dummy_instr_id_stage: coverpoint if_stage_i.dummy_instr_id_o; + cp_dummy_instr_wb_stage: coverpoint wb_stage_i.dummy_instr_wb_o; + cp_rf_a_ecc_err: coverpoint fcov_rf_ecc_err_a_id; cp_rf_b_ecc_err: coverpoint fcov_rf_ecc_err_b_id; diff --git a/rtl/ibex_if_stage.sv b/rtl/ibex_if_stage.sv index 2a5c2ce116..6ed7982d96 100644 --- a/rtl/ibex_if_stage.sv +++ b/rtl/ibex_if_stage.sv @@ -689,6 +689,8 @@ module ibex_if_stage import ibex_pkg::*; #( // fcov signals for V2S `DV_FCOV_SIGNAL_GEN_IF(logic [1:0], dummy_instr_type, gen_dummy_instr.dummy_instr_i.lfsr_data.instr_type, DummyInstructions) + `DV_FCOV_SIGNAL_GEN_IF(logic, insert_dummy_instr, + gen_dummy_instr.insert_dummy_instr, DummyInstructions) `endif //////////////// From 0dd4cd1e915e75e6f9b6a83b7285e47e50a8f6cf Mon Sep 17 00:00:00 2001 From: Andreas Kurth Date: Fri, 4 Nov 2022 16:33:41 +0000 Subject: [PATCH 3/4] [dv] Add coverage for debug requests and interrupts while executing a dummy instruction Signed-off-by: Andreas Kurth --- doc/03_reference/coverage_plan.rst | 4 ++++ dv/uvm/core_ibex/fcov/core_ibex_fcov_if.sv | 13 +++++++++++++ 2 files changed, 17 insertions(+) diff --git a/doc/03_reference/coverage_plan.rst b/doc/03_reference/coverage_plan.rst index fa6ab3db22..5c84aa443b 100644 --- a/doc/03_reference/coverage_plan.rst +++ b/doc/03_reference/coverage_plan.rst @@ -382,3 +382,7 @@ There must be a documented reason a particular bin is added to the illegal or ig * ``dummy_instr_config_cross`` - Dummy Instruction Type x Dummy Instruction Insertion Frequency to explore all possible configurations. * ``rf_ecc_err_cross`` - ECC Error on Port A x ECC Error on Port B to explore all possible combinations of reported ECC errors. + +* ``debug_req_dummy_instr_{if,id,wb}_stage_cross`` - The IF, ID/EX, or WB stage handles a dummy instruction while a debug request arrives. + +* ``irq_pending_dummy_instr_{if,id,wb}_stage_cross`` - The IF, ID/EX, or WB stage handles a dummy instruction while an IRQ is pending. diff --git a/dv/uvm/core_ibex/fcov/core_ibex_fcov_if.sv b/dv/uvm/core_ibex/fcov/core_ibex_fcov_if.sv index 9a578ef541..197b3809c0 100644 --- a/dv/uvm/core_ibex/fcov/core_ibex_fcov_if.sv +++ b/dv/uvm/core_ibex/fcov/core_ibex_fcov_if.sv @@ -711,11 +711,24 @@ interface core_ibex_fcov_if import ibex_pkg::*; ( ignore_bins ignore = !binsof(cp_csr_write) intersect {`DEBUG_CSRS}; } + // V2S Crosses + dummy_instr_config_cross: cross cp_dummy_instr_type, cp_dummy_instr_mask iff (cs_registers_i.dummy_instr_en_o); rf_ecc_err_cross: cross cp_rf_a_ecc_err, cp_rf_b_ecc_err iff (id_stage_i.instr_valid_i); + + // Each stage sees a debug request while executing a dummy instruction. + debug_req_dummy_instr_if_stage_cross: cross cp_debug_req, cp_dummy_instr_if_stage; + debug_req_dummy_instr_id_stage_cross: cross cp_debug_req, cp_dummy_instr_id_stage; + debug_req_dummy_instr_wb_stage_cross: cross cp_debug_req, cp_dummy_instr_wb_stage; + + // Each stage sees an interrupt request while executing a dummy instruction. + irq_pending_dummy_instr_if_stage_cross: cross cp_irq_pending, cp_dummy_instr_if_stage; + irq_pending_dummy_instr_id_stage_cross: cross cp_irq_pending, cp_dummy_instr_id_stage; + irq_pending_dummy_instr_wb_stage_cross: cross cp_irq_pending, cp_dummy_instr_wb_stage; + endgroup bit en_uarch_cov; From 4e6715ed2eb59b76fb9d354978cdbea10b5309b9 Mon Sep 17 00:00:00 2001 From: Canberk Topal Date: Fri, 4 Nov 2022 17:44:19 +0000 Subject: [PATCH 4/4] [dv] Generate random writes in custom CSRs This commit adds random custom CSR writes to debug_single_step_test and riscv_mem_error_test. Signed-off-by: Canberk Topal --- dv/uvm/core_ibex/riscv_dv_extension/testlist.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/dv/uvm/core_ibex/riscv_dv_extension/testlist.yaml b/dv/uvm/core_ibex/riscv_dv_extension/testlist.yaml index 31f0b7bb27..810477fa30 100644 --- a/dv/uvm/core_ibex/riscv_dv_extension/testlist.yaml +++ b/dv/uvm/core_ibex/riscv_dv_extension/testlist.yaml @@ -583,6 +583,8 @@ +require_signature_addr=1 +instr_cnt=10000 +randomize_csr=1 + +gen_all_csrs_by_default=1 + +add_csr_write=MSTATUS,MEPC,MCAUSE,MTVAL,0x7c0,0x7c1 +enable_unaligned_load_store=1 +suppress_pmp_setup=1 +disable_pmp_exception_handler=1 @@ -633,8 +635,8 @@ +instr_cnt=10000 +no_csr_instr=0 +randomize_csr=1 - +enable_illegal_csr_instruction=1 - +enable_access_invalid_csr_level=1 + +gen_all_csrs_by_default=1 + +add_csr_write=MSTATUS,MEPC,MCAUSE,MTVAL,0x7c0,0x7c1 +no_fence=0 +no_wfi=0 +num_of_sub_program=1