Ibex RISC-V Core Wrapper DV document

Goals

  • Verify compliance with the RISC-V specifications used by OpenTitan.
  • Verify Ibex’s security hardening features.
  • Ensure correct functionality is maintained across all possible behaviours of Ibex’s external interfaces when integrated into OpenTitan.
  • Verify additional features provided by the wrapper.

Design features

rv_core_ibex wraps a dual core lockstep configuration of Ibex, an RV32IMC CPU with security hardening features. The wrapper adapts Ibex’s top-level interfaces to be suitable for use with OpenTitan. In addition rv_core_ibex provides some extra functionality controlled via bus accessible registers.

For more information please see the Ibex RISC-V Core Wrapper Technical Specification.

Current Status

Verification strategy

The main Ibex testbench is not contained in the OpenTitan repository. Verification is primarily done by the testbench in the Ibex reposity, see the Ibex Testplan for more details.

The additional features provided by the RISC-V Core Wrapper are verified at a chip level only (See the Earlgrey Chip DV testplan. As they are simple features chip level only verification suffices to meet our goals.

Similarly there is no specific verification for the TL-UL <-> Ibex memory protocol wrappers (provided by the separate TLUL IP). These are exercised extensively by all chip-level testing that runs software on Ibex providing comprehensive verification.

Coverage

Due to the simplicity of the additional rv_core_ibex features, the existence of self checking chip-level tests combined with code and expression coverage is sufficient to be confident of their verification without functional coverpoints.

The TL-UL <-> Ibex memory protocol contains minimal logic so again code and expression coverage will suffice with one exception. The iside and dside Ibex interfaces can have up to 8 or 2 outstanding requests respectively, we need to ensure these scenarios are seen. An SVA cover expression will be used to produce coverage for this.