Examples include techniques for infield testing of cryptographic circuitry located on a die. The infield testing to include providing a pass or fail status of an infield test scan of the cryptographic circuitry based on comparing an output generated by the cryptographic circuitry during a test run to a signature. The output generated by the cryptographic circuitry is in response to an input generated by a linear-feedback shift register during the test run.

A Joint Test Action Group (JTAG) communication lockout processor is disclosed. The processor is configured to generate a multi-channel unlock sequence based on an operational mode change of an operably connected programmable device, and save the unlock sequence to one or more memory registers. The processor can also receive an execution of the multi-channel unlock sequence via two or more unlock channels, determine, via an unlock logic, whether the execution of the multi-channel unlock sequence is valid, and responsive to determining that the execution of the multi-channel unlock sequence is valid, allow or disallow the JTAG communication with an embedded processor.

Devices, methods, and computer program products for detecting Points Of Failures in an integrated circuit (IC) are provided. The integrated circuit device is described by a structural description (2) comprising a plurality of elements, the elements representing cells and wires interconnecting the cells, the structural description further comprising portions representing a set of sensitive functional blocks (16), each sensitive functional block comprising one or more inputs, at least one sensitive output, and a set of elements interconnected such that the value of the sensitive output is a Boolean function of the input values of the sensitive functional block. The detection device (100) comprises: a selection unit (101) configured to iteratively select a n-tuple of elements in at least the portions of the netlist corresponding to said sensitive functional blocks, a testing unit (104) configured to test each selected n-tuple of elements, the testing unit being configured to: modify said selected n-tuple of elements from an initial state to a testing state; determine if the derivative of the Boolean function associated with each sensitive functional block is equal to zero.

The detection device (100) is configured to detect that said n-tuple represents a Point Of Failure of order n in the integrated circuit (IC) device if the derivative of the Boolean function associated with said sensitive functional block is equal to zero.

The present disclosure relates to a method wherein a state of an integrated circuit between a first state (e.g., CLOSED), allowing a reading access to the first area of fuse-type non-volatile memory by a processor, and a second state (e.g., OPEN), forbidding the reading access to the memory to the processor, is conditioned to a verification, by a finite state machine, of values of a first fuse word of the memory, representative of a number of transitions to the first state and of a second fuse word of the memory, representative of a number of transitions to the second state.

A reconfigurable JTAG includes, in part, a core logic, a boundary scan chain cell, one or more reconfigurable blocks (RBs), and a reconfigurable block (RB) programming module. The RBs may include, in part, one or more reconfigurable boundary scan chain blocks (RBB) adapted to couple the boundary scan chain cell to the core logic and to input/output (I/O) ports of the reconfigurable JTAG. The RBs may also include, in part, one or more additional reconfigurable logic (ARL) blocks to provide enhanced logic for locking operations. The RB programmable module may communicate with a memory storing data for configuring the RBBs and ARLs. The RB programming module may configure the RBBs and ARLs based at least in part on the data stored in the memory to disable access to the I/O ports of the JTAG. The RB programming module may configure the RBBs to encrypt the I/O ports in accordance with a cipher algorithm. The RB programming module may also configure the RBBs and ARLs to compare a counter's count to a predefined time and lock the I/O ports after an expiration of the predefined time.

A semiconductor chip device include device state fuses that may be used to configure various device states and corresponding security levels for the semiconductor chip as it transitions from wafer manufacturing to provisioned device. The device states and security levels prevent the semiconductor chip from being accessed and exploited, for example, during manufacturing testing. A secure boot flow process for a semiconductor chip over its lifecycle is also disclosed. The secure boot flow may start at the wafer manufacturing stage and continue on through the insertion of keys and firmware.

A system on chip (SoC) is provided. The system on chip includes a multiprocessor that includes multiple processors, a debugging controller that includes a debug port and retention logic configured to store an authentication result of a secure joint test action group system, and a power management unit configured to manage power supplied to the multiprocessor and the debugging controller. The power management unit changes the debug port and the retention logic into an alive power domain in response to a debugging request signal.

Secured debug of an integrated circuit having a test operation mode and a secure mission operation mode. The integrated circuit has a processing unit, a test interface through which the test operation mode is controllable, an on-chip memory which is accessible in the test operation mode and in the secure mission operation mode, and one or more protected resources inaccessible in the test operation mode. The processing unit is configured, in the test operation mode, to receive an authenticated object through the test interface, and store the received authenticated object in the on-chip memory. The processing unit is moreover configured, upon reset into the secure mission operation mode, to execute a boot procedure to determine that the authenticated object is available in the on-chip memory, authenticate the authenticated object, andupon successful authenticationrender the more protected resources accessible to a debug host external to the integrated circuit.

According to an embodiment, a method for testing a triple-voting flop (TVF) is provided. The method includes providing a first and a second scan enable signal by a control circuit to, respectively, a first scan flip-flop and a third scan flip-flop of the TVF; receiving a third scan enable signal at the second scan flip-flop of the TVF; providing a scan input signal to the first scan flip-flop, the second scan flip-flop, and the third scan flip-flop; controlling the first scan enable signal, the second scan enable signal, and the third scan enable signal; receiving, at an output of the TVF, a scan output signal; and determining whether the TVF suffers from a fault based on the scan output signal and the controlling of the first scan enable signal, the second scan enable signal, and the third scan enable signal.

An integrated circuit senses attempts to access security-related data stored in registers connectable into a scan chain when the attempt includes locally and selectively asserting a scan-enable signal at a corresponding branch of the scan-enable tree when the integrated circuit is in a secure functional mode. When such an attempt is detected, the integrated circuit (i) generates a security warning that causes a reset of the security-related data and/or (ii) engages a bypass switch to disconnect the scan chain from the respective output terminal to preclude the security-related data from being shifted out of the IC via the scan chain.