CN109946595B - Scan test execution method, device and system - Google Patents

Scan test execution method, device and system Download PDF

Info

Publication number
CN109946595B
CN109946595B CN201910227950.0A CN201910227950A CN109946595B CN 109946595 B CN109946595 B CN 109946595B CN 201910227950 A CN201910227950 A CN 201910227950A CN 109946595 B CN109946595 B CN 109946595B
Authority
CN
China
Prior art keywords
key
register
test
core
tested
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910227950.0A
Other languages
Chinese (zh)
Other versions
CN109946595A (en
Inventor
冯燕
陈岚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Institute of Microelectronics of CAS
Original Assignee
Institute of Microelectronics of CAS
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Institute of Microelectronics of CAS filed Critical Institute of Microelectronics of CAS
Priority to CN201910227950.0A priority Critical patent/CN109946595B/en
Publication of CN109946595A publication Critical patent/CN109946595A/en
Application granted granted Critical
Publication of CN109946595B publication Critical patent/CN109946595B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Test And Diagnosis Of Digital Computers (AREA)
  • Tests Of Electronic Circuits (AREA)

Abstract

The application discloses a scan test execution method, a device and a system, comprising: selecting at least one boundary register from the test shell scan chain as a key generation register; in the key generation stage, a key generation register is used for generating a reference key; in the key reading stage, responding to a key writing request of a user, and reading a key from a preset key reading register; when the key read from the key reading register is inconsistent with the reference key, prohibiting the scan test of the IP core to be tested; and triggering to execute the scan test on the IP core to be tested when the key read from the key reading register is consistent with the reference key. And only when the key is written into the key reading register by the user and the key written into the key reading register is consistent with the reference key, the scan test is triggered to be executed, so that the safety of executing the scan test on the IP core is improved.

Description

Scan test execution method, device and system
Technical Field
The invention relates to the technical field of integrated circuits, in particular to a scan test execution method, a device and a system.
Background
With the enhancement of the functions of integrated chips and the continuous expansion of the integration scale, the testing of chips becomes more and more difficult. Therefore, testability is one of the design goals, i.e., testability design, in the early stages of integrated circuit design. In modern integrated circuits, scan test is the most popular design for testability, and the basic principle of scan test is as follows: the sequential units with the scanning function are replaced by the sequential units with the scanning function in the circuit, and all the sequential units with the scanning function are connected in series to form a scanning path which is called a scanning chain. The scan enable signal is used to control the circuit state: when the scan enable signal is effective, the time sequence unit in the scan chain is controlled to be in a shift register state, and the scan test function of the chip is executed through the scan chain; when the scan enable signal is invalid, the sequential units in the scan chain restore to the normal working state.
The scan test performed on the chip is mainly a scan test on an IP (Intellectual Property) Core, the scan test process of the IP Core needs to be completed by relying on a test shell arranged at the periphery of the IP Core, the IEEE 1500 (all called IEEE Standard test Method for Embedded Core-based Integrated Circuits) Standard is a Standard related to the IP Core test technology, the Standard defines a hardware structure of the test shell surrounding the periphery of the IP Core, a Standard test platform is provided for the IP Core test, and fig. 1 shows the hardware structure of the test shell and the connection relationship between the test shell and the IP Core to be tested.
The scanning test mode can provide high testability for the IP core, but simultaneously reduces the safety of the IP core. This is because, after the scan chain is inserted into the IP core circuit, a malicious attacker can use the scan chain to acquire the confidential data of the circuit, for example, the confidential data of the IP core circuit is acquired under the normal operating state of the IP core, and the confidential data is shifted out by using the scan chain under the scan test state, which threatens the security of the IP core.
Therefore, how to provide a security scan test method to improve the security of performing scan test on the IP core becomes a problem to be solved urgently at present.
Disclosure of Invention
In view of this, embodiments of the present invention provide a scan test execution method, apparatus, and system, which can improve the security of performing a scan test on an IP core.
A scan test execution method applied to a test case, the scan test execution method comprising:
selecting at least one boundary register from the test shell scan chain as a key generation register;
in a key generation stage, generating a reference key by using the key generation register;
in the key reading stage, responding to a key writing request of a user, and reading a key from a preset key reading register;
under the condition that the key read from the key reading register is inconsistent with the reference key, forbidding to execute scanning test on the IP core of the intellectual property to be tested;
and under the condition that the key read from the key reading register is consistent with the reference key, triggering to execute the scan test on the IP core to be tested.
Preferably, the process of generating the reference key by using the key generation register in the key generation stage includes:
in the key generation stage, according to a preset linear feedback shift characteristic polynomial and an initial input value of a key generation register, the key generation register is utilized to perform linear feedback shift operation to obtain an operation result, and the operation result is used as a reference key.
Preferably, the process of prohibiting the scan test performed on the intellectual property IP core to be tested when the key read from the key reading register is inconsistent with the reference key includes:
and under the condition that the key read from the key reading register is inconsistent with the reference key, connecting a test shell scan chain between the input port and the output port of the test shell, and forbidding the test shell to execute scan test on the IP core to be tested.
Preferably, the process of triggering the scan test on the IP core to be tested when the key read from the key reading register is consistent with the reference key includes:
and under the condition that the key read from the key reading register is consistent with the reference key, connecting the test shell scan chain with the internal scan chain of the IP core to be tested, connecting the connected test shell scan chain and the internal scan chain of the IP core to be tested between the input port and the output port of the test shell, and performing scan test on the IP core to be tested by using the test shell scan chain and the internal scan chain of the IP core to be tested.
A scan test execution apparatus applied to a test case, the scan test execution apparatus comprising:
the key generation register selection module is used for selecting at least one boundary register from the scan chain of the test shell as a key generation register;
the reference key generation module is used for generating a reference key by using the key generation register in a key generation stage;
the key reading module is used for responding to a key writing request of a user and reading a key from a preset key reading register in a key reading stage;
the scanning test execution module is used for forbidding to execute scanning test on the IP core to be tested under the condition that the key read from the key reading register is inconsistent with the reference key; and under the condition that the key read from the key reading register is consistent with the reference key, triggering to execute the scan test on the IP core to be tested.
Preferably, the reference key generation module includes:
and the reference key generation submodule is used for performing linear feedback shift operation by using the key generation register according to a preset linear feedback shift characteristic polynomial and an initial input value of the key generation register in a key generation stage to obtain an operation result, and the operation result is used as a reference key.
Preferably, the scan test execution module includes:
and the first scan test execution submodule is used for connecting a test shell scan chain between the input port and the output port of the test shell under the condition that the key read from the key reading register is inconsistent with the reference key, and forbidding the test shell to execute a scan test on the IP core to be tested.
Preferably, the scan test execution module includes:
and the second scanning test execution submodule is used for connecting the test shell scan chain with the internal scan chain of the IP core to be tested under the condition that the key read from the key reading register is consistent with the reference key, connecting the connected test shell scan chain and the internal scan chain of the IP core to be tested between the input port and the output port of the test shell, and executing scanning test on the IP core to be tested by using the test shell scan chain and the internal scan chain of the IP core to be tested.
A scan test execution system, comprising: the test shell, with controller, the memory that the test shell is connected, the memory is used for storing the procedure, the program is called to the controller, the procedure is used for:
selecting at least one boundary register from the test shell scan chain as a key generation register;
in a key generation stage, generating a reference key by using the key generation register;
in the key reading stage, responding to a key writing request of a user, and reading a key from a preset key reading register;
under the condition that the key read from the key reading register is inconsistent with the reference key, forbidding to execute the scanning test on the IP core to be tested;
and under the condition that the key read from the key reading register is consistent with the reference key, triggering to execute the scan test on the IP core to be tested.
Based on the technical scheme, the embodiment of the invention discloses a scan test execution method, a device and a system, wherein the scan test execution method is applied to a test shell and comprises the following steps: selecting at least one boundary register from the test shell scan chain as a key generation register; in a key generation stage, generating a reference key by using the key generation register; in the key reading stage, responding to a key writing request of a user, and reading a key from a preset key reading register; under the condition that the key read from the key reading register is inconsistent with the reference key, forbidding to execute the scanning test on the IP core to be tested; and under the condition that the key read from the key reading register is consistent with the reference key, triggering to execute the scan test on the IP core to be tested. The embodiment of the invention only reads the key from the selected key reading register, responds to the key writing request of the user, and leads the key read from the key reading register to be inconsistent with the reference key under the condition that the user does not write the key in the key reading register and writes the key in other registers in a scan chain, or the key written in the key reading register by the user is inconsistent with the reference key, thereby forbidding executing the scan test. The scan test is triggered to be executed only when the user writes the key into the key reading register and the key written into the key reading register is consistent with the reference key, that is, the scan test is triggered to be executed only when the content of the key written by the user and the position of the key written by the user meet the conditions, so that the safety of the scan test executed on the IP core is improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a schematic diagram of a hardware structure of a test shell and a connection relationship between the test shell and an IP core under test in the prior art;
FIG. 2 is a flowchart of a scan test execution method according to an embodiment of the present invention;
fig. 3 is a schematic diagram of a hardware structure of a test shell boundary register according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a hardware structure of a key generation register according to an embodiment of the present invention;
FIG. 5 is a flowchart of another scan test execution method according to an embodiment of the present invention;
fig. 6(a) is a schematic diagram illustrating a connection manner of a key generation register with an exo-xor type structure according to an embodiment of the present invention;
FIG. 6(b) is a schematic diagram illustrating a connection manner of a key generation register with an XOR structure according to an embodiment of the present invention;
FIG. 7 is a flowchart of another scan test execution method according to an embodiment of the present invention;
fig. 8 is a circuit structure diagram of an internal scan chain of an IP core to be tested according to an embodiment of the present invention;
fig. 9 is a schematic diagram illustrating a connection manner between a scan chain of a test shell and an IP core to be tested according to an embodiment of the present invention;
fig. 10 is a schematic diagram illustrating another connection manner between a scan chain of a test shell and an IP core to be tested according to an embodiment of the present invention;
FIG. 11 is a diagram illustrating a hardware structure of a scan test execution apparatus according to an embodiment of the present invention;
FIG. 12 is a timing diagram illustrating loading of initial input values and execution of linear feedback-shift operations according to the loading timing of a multiplexed instruction according to an embodiment of the present invention;
fig. 13 is a block diagram of a scan test execution apparatus according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the scan test procedure performed on the IP core needs to be based on a test shell proposed by IEEE 1500 standard, and a test shell hardware structure common to the IP core is defined in the IEEE 1500 standard. Referring to fig. 1, a test shell proposed by the IEEE 1500 standard is disposed on the periphery of an IP core to be tested, and the test shell is composed of a WIR (Wrapper Instruction Register), WBY (Wrapper BYpass Register), WBR (Wrapper Boundary Register), WSP (Wrapper Serial Ports), and optional WPP (Wrapper Parallel Ports). The WSP is composed of WSI (Wrapper Serial Input), WSO (Wrapper Serial Output), and WSC (Wrapper Serial Control), which is composed of 6 forced signal lines (WRSTN, WRCK, SelectWIR, ShiftWR, CaptureWR, UpdateWR), and 2 optional signal lines (TransferDR, AUXCK). The WPP is composed of WPI (Wrapper Parallel Input), WPO (Wrapper Parallel Output), and WPC (Wrapper Parallel Control). The WBR in fig. 1 is used as a test shell boundary register and the test shell scan chain is made up of a plurality of test shell boundary registers connected end-to-end.
The IEEE 1500 test shell controls different test modes by loading different instructions, as described below in Table 1 for several common instructions.
Figure BDA0002005810460000061
Figure BDA0002005810460000071
Fig. 2 is a flowchart illustrating a scan test execution method applied to a test shell, which is proposed based on the IEEE 1500 standard to multiplex instructions, control signals, and instruction/data loading timings of the test shell of the IEEE 1500 standard in order to minimize area overhead and design complexity, since the IEEE 1500 standard has a rich instruction set, which can be used for IP core testing, IP core interconnection testing, and IP core isolation. Specifically, referring to fig. 2, the method may include:
s100, selecting at least one boundary register from a scan chain of a test shell as a key generation register;
because the test shell scan chain is formed by connecting a plurality of test shell boundary registers end to end, the embodiment of the invention can select at least one boundary register from the plurality of test shell boundary registers as the key generation register, and the positions of the selected boundary registers in the test shell scan chain can be continuous or discontinuous. The plurality of test shell boundary registers in the test shell scan chain are compliant with the IEEE 1500 standard.
Step S110, in a key generation stage, generating a reference key by using the key generation register;
it should be noted that, in the embodiment of the present invention, a linear feedback shift register is constructed by using a boundary register in a scan chain of a test shell to generate a reference key.
The reference key is a key which is set for triggering the process of executing the scanning test on the IP core to be tested and needs to be matched with the key input by the user.
In the embodiment of the present invention, based on a boundary register in a test shell (a hardware structure of the boundary register in the test shell is shown in fig. 3), a key generation register is formed by adding a LoadEn port, a hardware structure of the key generation register is shown in fig. 4, and when the LoadEn is valid, an initial input value is loaded into the key generation register. The key generation register time-division multiplexes the shift path of the normal boundary register to realize a linear feedback shift register path (CTI → CTO). In the embodiment of the invention, the linear feedback shift register is operated by multiplexing the instruction loading time sequence, Scan Enable is effective, and LFSROut (namely CTO) is updated and output through CTO in the instruction loading process.
Step S120, in the key reading stage, responding to a key writing request of a user, and reading a key from a preset key reading register;
the user can select at least one boundary register from the boundary registers in the scan chain of the test shell as a key writing register, and the user can write the key in the selected key writing register. In the application, after the key written by the user is received, the key is read from the preset key reading register, and since the position for reading the key in the application is fixed, the key is only read from the preset key reading register.
It should be noted that, the key reading register in the embodiment of the present invention is preset from the scan chain of the test shell, and the key reading register and the key generating register may be the same or different, and the embodiment of the present invention is not limited specifically.
Step S130, under the condition that the key read from the key reading register is inconsistent with the reference key, prohibiting the scanning test to be executed on the IP core to be tested;
if the key writing register selected by the user is not the key reading register, the key read from the key reading register is inconsistent with the reference key, and the scanning test of the IP core to be tested is forbidden; if the key writing register selected by the user is the key reading register, but the key written by the user is inconsistent with the reference key, the key read from the key reading register is inconsistent with the reference key, and the scan test on the IP core to be tested is prohibited.
And step S140, under the condition that the key read from the key reading register is consistent with the reference key, triggering to execute the scanning test on the IP core to be tested.
And triggering the scan test of the IP core to be tested only when the key writing register selected by the user is the key reading register and the key written by the user is consistent with the reference key.
Therefore, in the embodiment of the invention, not only the content of the key written by the user is compared and judged, but also the position of the key written by the user is judged, and the scan test is triggered to be executed only under the condition that the content of the key written by the user and the position of the key written by the user meet the condition, so that the safety of executing the scan test on the IP core is improved.
In addition, it should be noted that the scan test execution method disclosed in the embodiment of the present invention is applied to a test case, and multiplexes a hardware structure, an instruction, a control signal, and an instruction/data loading timing sequence of the test case, and does not need to modify a testability design of a circuit, thereby reducing area overhead and design complexity.
The following specifically describes the reason why the method disclosed by the embodiment of the present invention is applied to improve the security of the scan test performed on the IP core:
assuming that an attacker inputs a completely random key, when the key length is k, the probability of 1 or 0 occurring in each bit of the key is 1/2, and the probability of completely matching the random key input by the attacker with the reference key is 1/2k. If the attacker does not know the value of k, he must try all sequences from 1 to k, i.e. try all key possibilities from 1 to k. Therefore, the probability of a perfect match between the random key and the reference key is:
Figure BDA0002005810460000091
security is defined as the inverse of the probability that a random key matches perfectly with a reference key:
Figure BDA0002005810460000092
equations (1) and (2) consider only the matching key values. In order to further improve the security, the scan test execution method provided by the embodiment of the invention randomly embeds k-bit reference keys (n ≧ k) in the scan chain of the test shell with the length of n, and an attacker needs to match the key values and the key positions at the same time. If the attacker does not know the position of the randomly chosen k key writing units in the scan chain of the test shell, he must constantly try to extract all combinations of k elements from the n elements, the number of combinations being
Figure BDA0002005810460000093
In the formula, n is the length of the scan chain of the test shell, and k is the length of the reference key. In this case, the key matching probability and security are:
Figure BDA0002005810460000094
Figure BDA0002005810460000095
it can be seen that, compared with matching only the k-bit reference key, the method in the embodiment of the present invention has the following security improvement factors:
Figure BDA0002005810460000096
the length n of the scan chain of the test shell is related to the number of input/output ports of the tested IP core, and a technician can calculate the corresponding k value when the security is the highest according to the formula (5), so that the security of the scan test execution method is maximized.
Therefore, in the embodiment of the invention, the test shell scan chain with the length of n is used for loading the key written by the user, and the k-bit user key is randomly embedded in the test shell scan chain with the length of n, so that an attackerThere is a need to match key values and key positions simultaneously, with improved security compared to matching key values of k bits only
Figure BDA0002005810460000101
And (4) doubling.
In the following, a specific process of reference key generation is described in detail with a specific embodiment, fig. 5 shows a flowchart of a scan test execution method, and in particular, referring to fig. 5, the method may include:
s200, selecting at least one boundary register from a scan chain of a test shell as a key generation register;
step S210, in a key generation stage, according to a preset linear feedback shift characteristic polynomial and an initial input value of a key generation register, performing linear feedback shift operation by using the key generation register to obtain an operation result, and taking the operation result as a reference key;
the embodiment of the invention is based on a boundary register in a test shell and a shift path of a time-sharing multiplexing boundary register to realize a linear feedback shift register path, a preset linear feedback shift characteristic polynomial and an initial input value of a key generation register, and carries out linear feedback shift operation to obtain an operation result which is used as a reference key.
The length and content of the reference key are related to the preset linear feedback shift characteristic polynomial and the initial input value of the key generation register. In the embodiment of the present invention, a technician may set the linear feedback shift characteristic polynomial and the initial input value of the key generation register according to an actual situation, and the embodiment of the present invention is not particularly limited.
The key generation register starts to work according to a preset linear feedback shift characteristic polynomial from an initial input value, each clock cycle generates an output, the initial input value is different, and data generated by the key generation register is also different. The key generation register consists of a series of registers and exclusive-or gates, and the state values of the registers depend only on the initial state and the circuit connection mode.
Optionally, in combination with the connection manner of the key generation register with the exo-xor type structure shown in fig. 6(a) and the connection manner of the key generation register with the endo-xor type structure shown in fig. 6(b), in the embodiment of the present invention, the key generation register performing the linear feedback shift operation may form an exo-xor type structure, or may form an endo-xor type structure, so as to obtain the reference key by using the preset linear feedback shift characteristic polynomial and the initial input value of the key generation register. FF in FIGS. 6(a) and 6(b)k(k ═ 1,2, …, n) denotes a key generation register; gi denotes the presence or absence of an XOR gate feedback connection, i.e. g i1 denotes feedback access, g i0 means that there is no feedback, where i is 1,2, …, n,.
The method for generating the reference key in the embodiment of the invention has flexibility, when higher security is required and the key length is selected, more key generation registers can be selected to form a higher-order reference key generation circuit to directly obtain the reference key, or the expected key can be obtained by the low-order reference key generation circuit through multiple cycles, the area overhead can be reduced by obtaining the expected key through the low-order reference key generation circuit through multiple cycles, and because the multiplexing instruction loading time sequence is required, the most supporting key length (k) in the embodiment of the invention is 4 times of the order (d) of the key generation register.
Step S220, in the key reading stage, responding to a key writing request of a user, and reading a key from a preset key reading register;
step S230, under the condition that the key read from the key reading register is inconsistent with the reference key, prohibiting the scan test of the IP core to be tested;
and step S240, under the condition that the key read from the key reading register is consistent with the reference key, triggering to execute a scanning test on the IP core to be tested.
In the embodiment of the invention, the boundary register in the scan chain of the multiplexing test shell constructs the reference key generating circuit to generate the reference key, and the instruction, the control signal and the instruction/data loading time sequence of the multiplexing test shell are multiplexed, so that the improvement of the circuit hardware structure is less, the area overhead is effectively reduced, and the design of the safety scanning device is simplified.
In the embodiment of the present invention, the result of triggering the scan test performed on the to-be-tested IP core or prohibiting the scan test performed on the to-be-tested IP core may be achieved by changing the circuit connection mode according to the matching result of the secret key, based on which fig. 7 shows a flowchart of another scan test execution method, specifically, referring to fig. 7, the method may include:
s300, selecting at least one boundary register from a scan chain of a test shell as a key generation register;
step S310, in a key generation stage, generating a reference key by using the key generation register;
step S320, in the key reading stage, responding to the key writing request of the user, and reading the key from a preset key reading register;
step S330, under the condition that the key read from the key reading register is inconsistent with the reference key, connecting the test shell scan chain between the input port and the output port of the test shell, and forbidding the test shell to execute the scan test on the IP core to be tested;
the test shell scan chain is a scan chain which is arranged in the test shell and consists of a plurality of test shell boundary registers which are connected end to end.
Step S340, under the condition that the key read from the key reading register is consistent with the reference key, connecting the test shell scan chain with the internal scan chain of the IP core to be tested, connecting the connected test shell scan chain and the internal scan chain of the IP core to be tested between the input port and the output port of the test shell, and performing a scan test on the IP core to be tested by using the test shell scan chain and the internal scan chain of the IP core to be tested.
The internal scan chain of the IP core to be tested is a scan chain which is arranged in the IP core to be tested and executes a scan test function on the IP core to be tested, and the internal scan chain of the IP core to be tested is formed by connecting a plurality of time sequence units with the scan function end to end. As shown in fig. 8, which is a circuit structure diagram of the scan chain in the IP core to be tested, in the scan mode, SE is valid, all the sequential units with scan function are serially connected to form the scan chain in the IP core to be tested, and under the clock action, test data are sequentially scanned from the SI end of the scan chain, so that the scan test on the IP core to be tested can be realized.
Because the test shell is provided with a serial input/output interface and a parallel input/output interface, the embodiment of the invention takes the serial input/output interface as an example to describe the specific process of the scan test execution method disclosed by the embodiment of the invention in detail:
referring to the circuit structure of fig. 9, the 0-7 units in fig. 9 are test shell boundary registers, the 0-3 units are input test shell boundary registers, the 4-7 units are output test shell boundary registers, and the 0-7 units are connected together to form a test shell scan chain. The test shell scan chain is formed by connecting a plurality of test shell boundary registers end to end, and a gate in the test shell scan chain realizes the configuration of the test shell scan chain and generates a data path which accords with a current instruction, thereby realizing different test modes.
The IP Core is an IP Core to be tested, A0-A3 is an input interface of the IP Core to be tested, B0-B3 is an output interface of the IP Core to be tested, and Scan Chain0 and Scan Chain 1 are internal Scan chains of the IP Core to be tested and are formed by connecting Scan time sequence units inside the IP Core to be tested end to end. The WSI/WSO is a serial input/output signal of the test shell; WBY is a test case bypass register; WIR is a test shell instruction register, Wrapper Scan Chain is a test shell Scan Chain, and the test shell Scan Chain is formed by connecting end to end test shell boundary register units 0-7, and each input/output port of the IP Core corresponds to one test shell boundary register unit.
Under the condition that the key read from the key reading register is inconsistent with the reference key, connecting the test shell scan chain between an input port (such as a WSI port in the figure) and an output port (such as a WSO port in the figure) of the test shell, forbidding the test shell to execute scan test on the IP core to be tested, wherein the test shell scan chain is in a ring connection mode as shown in figure 9; and the scanning test cannot be executed on the IP core to be tested in the ring connection mode.
In the case that the key read from the key reading register is consistent with the reference key, as shown in fig. 10, the test shell Scan Chain is connected to the internal Scan Chain of the IP Core to be tested, and the connected test shell Scan Chain and the internal Scan Chain of the IP Core to be tested are connected between the input port and the output port of the test shell, that is, the test shell Scan Chain is connected in series to Scan Chain0 and Scan Chain 1 inside the IP Core, and the Scan test is performed on the IP Core to be tested by using the test shell Scan Chain and the internal Scan Chain of the IP Core to be tested.
It should be noted that, for a test case with a parallel input/output interface, under the conditions of triggering to execute a scan test and prohibiting to execute the scan test, components connected between the parallel input/output ports of the test case are the same as a serial test mode, that is, when the scan test is triggered to be executed, an internal scan chain of an IP Core and a scan chain of the test case are connected between the parallel input/output ports of the test case; the test shell scan chains are coupled between the test shell parallel input-output ports while inhibiting scan testing from being performed, the only difference being that the parallel test instructions will configure multiple test shell scan chains.
The scan test execution method disclosed in the embodiment of the present invention is based on the hardware structure of the scan test execution device disclosed in the embodiment of the present invention, and fig. 11 shows a hardware structure diagram of the scan test execution device:
in FIG. 11, WSI/WSO is the test case serial input/output signal; WBY is a test case bypass register; WIR is a test shell instruction register; the Wrapper Scan Chain is a test shell Scan Chain and is formed by connecting test shell boundary registers end to end, and each input/output port of the IP Core corresponds to one test shell boundary register; scan Chain0/1 is an internal Scan Chain of the IP Core and is formed by connecting Scan time sequence units inside the IP Core end to end; sel _ gen is a selection signal generator which generates a strobe signal according to an instruction in the WIR, and the strobe signal can change the configuration of the test shell boundary register; the Controller is a Controller module and is responsible for matching an input key and a reference key to generate a ScanActive signal;
the ScanActive signal is an IP Core internal scan chain activating signal, is output to the selection signal generator, generates a gating signal of a corresponding gating device and controls a data path of an IP Core internal scan test mode.
Based on the hardware structure of the scan test execution device, the specific execution process of the scan test execution method disclosed by the embodiment of the invention is as follows:
1. when the power is on, the controller is in an idle state;
2. when the instruction starts to be loaded and the ScanActive signal is invalid, jumping to a LoadSeed state to load an initial input value; then triggering a key generation register to perform linear feedback shift operation according to a preset linear feedback shift characteristic polynomial to generate a reference key;
FIG. 12 is a timing diagram of loading an initial input value at a loading timing of a multiplexing instruction and performing a linear feedback shift operation, where random seeds are loaded when LoadEn is valid and a linear feedback shift operation is performed to generate a linear feedback shift operation output result LFSROut when ShiftWR is valid.
3. After the reference key is generated, the controller enters a LoadKey state, and the data loading period of the multiplex test shell boundary register loads the key written by the user;
4. after the LoadKey is finished, if the current instruction is internal scan test, jumping to a CompareKey state for key matching, otherwise, jumping to an idle state;
5. if the key matching is successful, jumping to a ScanActive state, activating an internal scan chain of the IP core to be tested, and starting a security scan test mode; and if the key matching fails, the scan chain in the IP core to be tested is forbidden, and the scan test on the IP core to be tested is forbidden.
Therefore, the scheme completely multiplexes the serial control signals and instructions of the test shell, and the design of the controller is simplified. In addition, the controller multiplexes the instruction loading timing of the test shell into the seed and performs linear feedback shift operation, and multiplexes the data loading timing into the key written by the user.
It is noted that for all states, when the test shell reset signal is active, the controller jumps to the idle state, waiting for the next instruction to load and restart the key matching process.
In the following, the scan test execution apparatus provided by the embodiment of the present invention is described, and the scan test execution apparatus described below and the scan test execution method described above are referred to correspondingly.
Fig. 13 is a block diagram of a scan test execution apparatus according to an embodiment of the present invention, where the scan test execution apparatus is applied to a test case, and referring to fig. 13, the scan test execution apparatus may include:
a key generation register selection module 100, configured to select at least one boundary register from the scan chain of the test case as a key generation register;
a reference key generation module 110, configured to generate a reference key by using the key generation register in a key generation phase;
a key reading module 120, configured to, in a key reading stage, respond to a key writing request of a user, and read a key from a preset key reading register;
a scan test execution module 130, configured to prohibit a scan test from being performed on the IP core to be tested when the key read from the key reading register is inconsistent with the reference key; and under the condition that the key read from the key reading register is consistent with the reference key, triggering to execute the scan test on the IP core to be tested.
The reference key generation module includes:
and the reference key generation submodule is used for performing linear feedback shift operation by using the key generation register according to a preset linear feedback shift characteristic polynomial and an initial input value of the key generation register in a key generation stage to obtain an operation result, and the operation result is used as a reference key.
The scan test execution module includes:
and the first scan test execution submodule is used for connecting a test shell scan chain between the input port and the output port of the test shell under the condition that the key read from the key reading register is inconsistent with the reference key, and forbidding the test shell to execute a scan test on the IP core to be tested.
The scan test execution module includes:
and the second scanning test execution submodule is used for connecting the test shell scan chain with the internal scan chain of the IP core to be tested under the condition that the key read from the key reading register is consistent with the reference key, connecting the connected test shell scan chain and the internal scan chain of the IP core to be tested between the input port and the output port of the test shell, and executing scanning test on the IP core to be tested by using the test shell scan chain and the internal scan chain of the IP core to be tested.
The embodiment of the invention also discloses a scanning test execution system, which comprises: the test shell, with controller, the memory that the test shell is connected, the memory is used for storing the procedure, the program is called to the controller, the procedure is used for:
selecting at least one boundary register from the test shell scan chain as a key generation register;
in a key generation stage, generating a reference key by using the key generation register;
in the key reading stage, responding to a key writing request of a user, and reading a key from a preset key reading register;
under the condition that the key read from the key reading register is inconsistent with the reference key, forbidding to execute the scanning test on the IP core to be tested;
and under the condition that the key read from the key reading register is consistent with the reference key, triggering to execute the scan test on the IP core to be tested.
In summary, the following steps:
the embodiment of the invention discloses a scan test execution method, a device and a system, wherein the scan test execution method is applied to a test shell and comprises the following steps: selecting at least one boundary register from the test shell scan chain as a key generation register; in a key generation stage, generating a reference key by using the key generation register; in the key reading stage, responding to a key writing request of a user, and reading a key from a preset key reading register; under the condition that the key read from the key reading register is inconsistent with the reference key, forbidding to execute the scanning test on the IP core to be tested; and under the condition that the key read from the key reading register is consistent with the reference key, triggering to execute the scan test on the IP core to be tested. The embodiment of the invention only reads the key from the selected key reading register, responds to the key writing request of the user, and leads the key read from the key reading register to be inconsistent with the reference key under the condition that the user does not write the key in the key reading register and writes the key in other registers in a scan chain, or the key written in the key reading register by the user is inconsistent with the reference key, thereby forbidding executing the scan test. The scan test is triggered to be executed only when the user writes the key into the key reading register and the key written into the key reading register is consistent with the reference key, that is, the scan test is triggered to be executed only when the content of the key written by the user and the position of the key written by the user meet the conditions, so that the safety of the scan test executed on the IP core is improved.
The embodiments in the present description are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the invention. Thus, the present invention is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (9)

1. A scan test execution method is applied to a test shell, and the scan test execution method multiplexes a hardware structure, an instruction, a control signal, and an instruction/data load timing of the test shell, and includes:
selecting at least one boundary register from the test shell scan chain as a key generation register;
in a key generation stage, generating a reference key by using the key generation register; the reference key is matched with a key written by a user, the key generation register time-division multiplexes a shift path of a boundary register in the test shell to realize a linear feedback shift register path, and in the process of generating the reference key, the reference key is multiplexed with an instruction loading time sequence loading seed of the test shell and linear feedback shift operation, and the multiplexing data loading time sequence is loaded with the key written by the user;
the method comprises the steps that a boundary register selected by a user from boundary registers in a test shell scan chain is used as a key writing register, a key writing request of the user is received through the key writing register, and the operation of reading a key from a preset key reading register in a key reading stage is triggered;
under the condition that the key read from the key reading register is inconsistent with the reference key, forbidding to execute scanning test on the IP core of the intellectual property to be tested;
under the condition that the key read from the key reading register is consistent with the reference key, triggering to execute scanning test on the IP core to be tested;
the prohibiting performing of the scan test on the intellectual property IP core to be tested under the condition that the key read from the key reading register is inconsistent with the reference key includes:
if the key write-in register selected by the user is not the key read register, forbidding to execute the scanning test on the IP core to be tested;
and if the key writing register selected by the user is the key reading register, but the key written by the user is inconsistent with the reference key, forbidding to execute the scanning test on the IP core to be tested.
2. The method of claim 1, wherein the step of generating a reference key using the key generation register during the key generation phase comprises:
in the key generation stage, according to a preset linear feedback shift characteristic polynomial and an initial input value of a key generation register, the key generation register is utilized to perform linear feedback shift operation to obtain an operation result, and the operation result is used as a reference key.
3. The method of claim 1, wherein the process of inhibiting the scan test from being performed on the intellectual property IP core under test in the case that the key read from the key read register is inconsistent with the reference key comprises:
and under the condition that the key read from the key reading register is inconsistent with the reference key, connecting a test shell scan chain between the input port and the output port of the test shell, and forbidding the test shell to execute scan test on the IP core to be tested.
4. The method of claim 1, wherein triggering the scan test on the IP core under test if the key read from the key read register matches the reference key comprises:
and under the condition that the key read from the key reading register is consistent with the reference key, connecting the test shell scan chain with the internal scan chain of the IP core to be tested, connecting the connected test shell scan chain and the internal scan chain of the IP core to be tested between the input port and the output port of the test shell, and performing scan test on the IP core to be tested by using the test shell scan chain and the internal scan chain of the IP core to be tested.
5. A scan test execution apparatus, applied to a test shell, that multiplexes a hardware structure, instructions, control signals, and an instruction/data loading timing of the test shell, the scan test execution apparatus comprising:
the key generation register selection module is used for selecting at least one boundary register from the scan chain of the test shell as a key generation register;
the reference key generation module is used for generating a reference key by using the key generation register in a key generation stage; the reference key is matched with a key written by a user, the key generation register time-division multiplexes a shift path of a boundary register in the test shell to realize a linear feedback shift register path, and in the process of generating the reference key, the reference key is multiplexed with an instruction loading time sequence loading seed of the test shell and linear feedback shift operation, and the multiplexing data loading time sequence is loaded with the key written by the user;
the key reading module is used for taking a boundary register selected by a user from the boundary register in the test shell scan chain as a key writing register, receiving a key writing request of the user through the key writing register and triggering the operation of reading a key from a preset key reading register in a key reading stage;
the scanning test execution module is used for forbidding to execute scanning test on the IP core to be tested under the condition that the key read from the key reading register is inconsistent with the reference key; under the condition that the key read from the key reading register is consistent with the reference key, triggering to execute scanning test on the IP core to be tested;
the prohibiting performing of the scan test on the intellectual property IP core to be tested under the condition that the key read from the key reading register is inconsistent with the reference key includes:
if the key write-in register selected by the user is not the key read register, forbidding to execute the scanning test on the IP core to be tested;
and if the key writing register selected by the user is the key reading register, but the key written by the user is inconsistent with the reference key, forbidding to execute the scanning test on the IP core to be tested.
6. The apparatus of claim 5, wherein the reference key generation module comprises:
and the reference key generation submodule is used for performing linear feedback shift operation by using the key generation register according to a preset linear feedback shift characteristic polynomial and an initial input value of the key generation register in a key generation stage to obtain an operation result, and the operation result is used as a reference key.
7. The apparatus of claim 5, wherein the scan test execution module comprises:
and the first scan test execution submodule is used for connecting a test shell scan chain between the input port and the output port of the test shell under the condition that the key read from the key reading register is inconsistent with the reference key, and forbidding the test shell to execute a scan test on the IP core to be tested.
8. The apparatus of claim 5, wherein the scan test execution module comprises:
and the second scanning test execution submodule is used for connecting the test shell scan chain with the internal scan chain of the IP core to be tested under the condition that the key read from the key reading register is consistent with the reference key, connecting the connected test shell scan chain and the internal scan chain of the IP core to be tested between the input port and the output port of the test shell, and executing scanning test on the IP core to be tested by using the test shell scan chain and the internal scan chain of the IP core to be tested.
9. A scan test execution system, comprising: the test shell, with controller, the memory that the test shell is connected, the memory is used for storing the procedure, the program is called to the controller, the hardware structure, the instruction of test shell, control signal, and instruction/data load time sequence are multiplexed to the procedure, the procedure is used for:
selecting at least one boundary register from the test shell scan chain as a key generation register;
in a key generation stage, generating a reference key by using the key generation register; the reference key is matched with a key written by a user, the key generation register time-division multiplexes a shift path of a boundary register in the test shell to realize a linear feedback shift register path, and in the process of generating the reference key, the reference key is multiplexed with an instruction loading time sequence loading seed of the test shell and linear feedback shift operation, and the multiplexing data loading time sequence is loaded with the key written by the user;
the method comprises the steps that a boundary register selected by a user from boundary registers in a test shell scan chain is used as a key writing register, a key writing request of the user is received through the key writing register, and the operation of reading a key from a preset key reading register in a key reading stage is triggered;
under the condition that the key read from the key reading register is inconsistent with the reference key, forbidding to execute the scanning test on the IP core to be tested;
under the condition that the key read from the key reading register is consistent with the reference key, triggering to execute scanning test on the IP core to be tested;
the prohibiting performing of the scan test on the intellectual property IP core to be tested under the condition that the key read from the key reading register is inconsistent with the reference key includes:
if the key write-in register selected by the user is not the key read register, forbidding to execute the scanning test on the IP core to be tested;
and if the key writing register selected by the user is the key reading register, but the key written by the user is inconsistent with the reference key, forbidding to execute the scanning test on the IP core to be tested.
CN201910227950.0A 2019-03-25 2019-03-25 Scan test execution method, device and system Active CN109946595B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910227950.0A CN109946595B (en) 2019-03-25 2019-03-25 Scan test execution method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910227950.0A CN109946595B (en) 2019-03-25 2019-03-25 Scan test execution method, device and system

Publications (2)

Publication Number Publication Date
CN109946595A CN109946595A (en) 2019-06-28
CN109946595B true CN109946595B (en) 2022-01-04

Family

ID=67010731

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910227950.0A Active CN109946595B (en) 2019-03-25 2019-03-25 Scan test execution method, device and system

Country Status (1)

Country Link
CN (1) CN109946595B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111342965A (en) * 2020-05-22 2020-06-26 南京航空航天大学 PUF-based security test shell with embedded IP core in network-on-chip and control circuit thereof

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103576076A (en) * 2012-07-27 2014-02-12 飞思卡尔半导体公司 System and method for executing scan test
CN105027136A (en) * 2012-12-29 2015-11-04 英特尔公司 Secure key derivation and cryptography logic for integrated circuits
CN106646203A (en) * 2016-12-16 2017-05-10 北京航空航天大学 Dynamic mixed scanning chain structure for protecting integrated circuit chip from being attacked through scanning chain
CN107345997A (en) * 2016-05-04 2017-11-14 中国科学院微电子研究所 A kind of IP kernel method of testing based on test shell
CN108875431A (en) * 2018-06-07 2018-11-23 北京航空航天大学 The dynamic obfuscation package interface control unit for preventing integrated circuit intellectual property from plagiarizing

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101472777B1 (en) * 2008-06-24 2014-12-16 한양대학교 에리카산학협력단 Cryptographic apparatus and method for protecting secret key against scan based side channel attack
CN102055747B (en) * 2009-11-06 2014-09-10 中兴通讯股份有限公司 Method for acquiring key management server information, and monitoring method, system and equipment
CN102542191B (en) * 2010-12-31 2014-12-17 深圳市证通电子股份有限公司 RTL (register transfer level) IP (intellectual property) core protecting method
CN103544410B (en) * 2013-09-30 2016-02-24 华中科技大学 It is a kind of that embedded microprocessor is non-clones function key authentication system and method
CN104615952A (en) * 2014-12-22 2015-05-13 天津大学 IP hard core intellectual property protection method and device based on path delay
CN108875430B (en) * 2018-06-07 2021-04-16 北京航空航天大学 Dynamic confusion packaging interface for preventing plagiarism of integrated circuit and intellectual property right

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103576076A (en) * 2012-07-27 2014-02-12 飞思卡尔半导体公司 System and method for executing scan test
CN105027136A (en) * 2012-12-29 2015-11-04 英特尔公司 Secure key derivation and cryptography logic for integrated circuits
CN107345997A (en) * 2016-05-04 2017-11-14 中国科学院微电子研究所 A kind of IP kernel method of testing based on test shell
CN106646203A (en) * 2016-12-16 2017-05-10 北京航空航天大学 Dynamic mixed scanning chain structure for protecting integrated circuit chip from being attacked through scanning chain
CN108875431A (en) * 2018-06-07 2018-11-23 北京航空航天大学 The dynamic obfuscation package interface control unit for preventing integrated circuit intellectual property from plagiarizing

Also Published As

Publication number Publication date
CN109946595A (en) 2019-06-28

Similar Documents

Publication Publication Date Title
JP2673298B2 (en) Semiconductor integrated circuit with self-test function
KR100897975B1 (en) Semiconductor integrated circuit
JPH0643214A (en) Method and device for testing digital system
JP3671948B2 (en) Semiconductor integrated circuit and its test method
JPH0389182A (en) Integrated circuit apparatus
JP2004212399A (en) Semiconductor device equipped with scan test circuit for reducing chip size, and its test method therefor
JP3950798B2 (en) Weighted random pattern test using pre-stored weights
CN109946595B (en) Scan test execution method, device and system
CN107492395B (en) Conditional access chip, built-in self-test circuit and test method thereof
US6708305B1 (en) Deterministic random LBIST
KR970022772A (en) Logic circuit and its design method
US20060041807A1 (en) Integrated circuit
US7249297B2 (en) Test method for a semiconductor integrated circuit having a multi-cycle path and a semiconductor integrated circuit
US8037384B2 (en) Semiconductor device
JP2009122009A (en) Test circuit
US5463638A (en) Control device for interface control between a test machine and multi-channel electronic circuitry, in particular according to boundary test standard
US5224103A (en) Processing device and method of programming such a processing device
JP2006178970A (en) Sequencer and method for sequencing
JP4520103B2 (en) Scan test pattern input method and semiconductor integrated circuit
Pomeranz Direct computation of LFSR-based stored tests for broadside and skewed-load tests
US20030126532A1 (en) Integrated circuit
JP2001265616A (en) Monitored burn-in test device and monitored burn-in test method for microcomputer
US6898748B1 (en) Test circuit method and apparatus
JP3955708B2 (en) Built-in self-test circuit
JP4526176B2 (en) IC test equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant