Silicon Test and Yield Analysis Whitepaper
High Quality Test Solutions for Secure
Applications
April 2010
Abstract
Designs for secure applications such as smart cards and those used in the defense industry
require security to ensure sensitive data is inaccessible to outside agents. Conversely, scan chains
have been used for decades to improve access to internal logic for automatic tester equipment
(ATE) so that devices can be tested efficiently and quickly. Traditionally designers have used
logic BIST for secure applications. There are now additional options using embedded
deterministic test (EDT) for secure applications.
In this paper, we will explore the techniques currently in use for testing devices designed for
secure application and review the benefits and challenges of each available solution.
Table of Contents
INTRODUCTION................................................................................................................... 1
FUNCTIONAL TEST ............................................................................................................ 1
DETERMINISTIC SCAN TEST........................................................................................... 1
LOGIC BUILT-IN SELF TEST ............................................................................................ 2
EMBEDDED COMPRESSION............................................................................................. 3
REDUCED PIN COUNT TEST ............................................................................................ 5
SUMMARY ............................................................................................................................. 5
REFERENCES ........................................................................................................................ 6
www.mentor.com/silicon-yield
Copyright Mentor Graphics Corporation 2010 All rights reserved
This document contains information that is proprietary to Mentor Graphics Corporation. The original recipient of this
document may duplicate this document in whole or in part for internal business purposes only, provided that this
entire notice appears in all copies. In duplicating any part of this document, the recipient agrees to make every
reasonable effort to prevent the unauthorized use and distribution of the proprietary information.
�Design-for-Test Whitepaper
Introduction
In order to successfully identify silicon defects, it is imperative that high quality test is applied to
the device and that accurate diagnosis can be performed in the event of a failure. Designers often
choose to utilize test patterns that not only target stuck-at faults, but also target a variety of
timing fault models. High quality test standards ensure that defective parts do not escape the
manufacturing test process.
Designs for secure applications have similar requirements and in some sensitive applications
require even higher test quality and support for diagnosis. This paper discusses the test
approaches utilizing embedded deterministic test which enables both the testability and the high
level of security needed by secure applications.
Functional Test
The most basic test technique is creation of functional patterns that ensure the device works as
designed and meets its functional specifications. Both difficult and time-consuming to create,
functional patterns are used for secure applications because they can be created in a closed
environment by the chip design team who has intimate knowledge of the design. Typically,
functional patterns must be applied in a secure tester environment due to the amount of sensitive
information that can be derived from the pattern set.
Although it is difficult to measure the effectiveness of functional patterns, they can be fault
simulated in order to determine the achieved test coverage. In most cases, additional top-up
ATPG patterns are required to achieve acceptable fault coverage across all necessary fault
models.
Applying functional patterns in a manufacturing test environment requires functional test
equipment and can be complicated to diagnose when devices fail on the tester.
The complexity of creating, evaluating, applying, and diagnosing functional patterns has greatly
limited their use in the manufacturing test environment. This is especially true for secure
applications that require limited and abstracted test data.
Deterministic Scan Test
For decades, scan chains have been used to provide full access to the sequential elements of the
device under test. Serial access from device pins allows patterns created by Automatic Test
Pattern Generation (ATPG) tools to provide the necessary stimulus and response to detect a
variety of defects. Historically, this method of testing has been used to establish a baseline for
the highest achievable test quality. The predictability of high test quality and low design and
schedule impact have made deterministic scan test one of the easiest test methods to implement.
Other benefits of deterministic scan test include the ability to support advanced fault models,
such as bridging, timing-aware, and path delay, which are currently growing in use. Using
deterministic patterns also makes this approach scalable to support fault models that will be
required in the future to maintain test quality standards. Additionally, no special handling of
unknown (X) states is required as they can be masked in the generated pattern set to ensure
correct operation on the tester.
High Quality Test Solutions for Secure Applications
Page 1
�Design-for-Test Whitepaper
Using the full access available through scan chains, devices that fail deterministic scan test on
the tester can be efficiently diagnosed to identify the location of the failure. This expeditious
process aids in the identification of design and process issues that contribute to silicon defects.
Although fully accessible scan chains provide many benefits in the area of test, they effectively
eliminate all security by allowing easy access to any portion of the device. This limitation has
required many designers of secure applications to seek alternate approaches that provide the
benefits of deterministic scan test while maintaining the required protection.
Logic Built-in Self Test
One of the common test generation and application techniques is Built-In Self-Test (BIST).
Logic BIST utilizes a Pseudorandom Pattern Generator (PRPG) embedded in the circuit to create
patterns on chip and apply them through the designs scan chains. The circuit responses are
compressed into a final signature using a Multiple-input Shift Register (MISR) which also
resides in the circuit. An on-chip BIST controller controls the number of patterns, shift cycles,
and other parameters that allow the test to be fully contained inside the device. An external start
signal launches the test and the final unique signature is scanned out after all the test patterns
have been applied. Given this simple interface, logic BIST is ideal for applications requiring insystem test capabilities where the test logic can be controlled through a simple board-level access
such as a JTAG TAP controller.
Figure 1: Logic Build-in Self-Test
For secure applications, Logic BIST provides the highest level of security because no scan data
is shifted in or out of the device. Only the final MISR signature is scanned out and unless the
designer includes a bypass mode, there is no direct access to the internal scan chains from the
outside of the device.
An important part of test is the ability to diagnose the cause of device failure on the tester.
Because logic BIST only outputs a final signature or a pass/fail flag at the end of test, diagnosis
requires additional patterns to be applied in BIST bypass mode. It can therefore be problematic
to simultaneously perform diagnosis and maintain security by limiting access to the device.
High Quality Test Solutions for Secure Applications
Page 2
�Design-for-Test Whitepaper
Embedded Compression
As new test methods and fault models have been added in recent years to improve overall test
quality, the amount of test data volume and test application time has increased beyond the limits
of many existing testers. In order to reduce the overall cost associated with required tester
memory and test application time, embedded compression has become standard on many modern
designs [1].
Embedded Deterministic Test (EDT) is the patented embedded compression methodology that
can provide the benefits of deterministic scan test while meeting the security requirements of
secure applications. Since its introduction in 2001 [2], Tessent TestKompress, which
implements EDT, has been employed in a variety of applications such as smart cards and
systems in the defense industry.
In addition to dramatic compression (> 100x) of deterministic scan data and test application time,
Tessent TestKompress enables application of advanced fault models such as path delay,
bridging, timing-aware, and other emerging fault types. EDT technology guarantees that high
test coverage is achieved even in the presence of unknown (X) states in the design. X-bounding
logic is not necessary because Tessent TestKompress can automatically mask unknown states on
the output of scan chains (Figure 2).
Figure 2: Tessent TestKompress masking logic
Patterns generated by Tessent TestKompress include information that determines when each
chain should be masked. This technology eliminates any need for masking hardware inside the
design, and ensures that credit is given for fault detection only when a fault effect can be
observed on the output of the compactor logic.
By achieving the same high test coverage as traditional scan with the least amount of test data,
Tessent TestKompress test patterns provide for the fastest manufacturing test application time.
Additionally, Tessent TestKompress patterns can be diagnosed with similar resolution as
uncompressed patterns without the need for any bypass patterns.
Security of Embedded Deterministic Test
By eliminating the need for direct access to scan chains, Tessent TestKompress provides a more
secure test protocol than traditional deterministic scan test. In order to deliver the required
High Quality Test Solutions for Secure Applications
Page 3
�Design-for-Test Whitepaper
deterministic values to the scan chains, Tessent TestKompress solves a series of linear equations
and calculates the stimulus for each pattern (Figure 3).
Figure 3: Tessent TestKompress calculates scan patterns by solving a series of linear equations
With this technology, only some of the scan chain data needs to be loaded through the tester scan
channels. The EDT sequential ring generator generates 95% to 99% of scan data internally thus
greatly limiting access from outside of the chip. This means that even with access to the
generated scan patterns, it is impossible to predict the destination of each bit of data and the
source of responses without the original netlist.
The EDT decompressor which includes the ring generator and phase shifter is based on a
primitive polynomial. By default, Tessent TestKompress uses predetermined polynomials when
creating the EDT hardware. Although this is predictable, the polynomials can be customized by
the user in order to generate logic that is unique to a particular design.
On the output of scan chains, Tessent TestKompress uses an XOR compactor and combines all
scan chain data into fewer bits that are then shifted out of the scan channels. One of the key
benefits of Tessent TestKompress is that as few as one scan channel output can be used to
increase data grouping and limit output scan data.
The logic introduced by EDT on the scan channel outputs, automatically mask data in order to
block unknown states and prevent aliasing. This completely blocks chains containing X states
from being observed. In order to shift data out of a device with Tessent TestKompress logic, you
need to understand the size of the mask register and the order in which scan chains are connected
to the masking logic.
The combination of sequential decompressor and XOR compactor make it impossible to overshift the scan chains to understand the scan configuration of the design. For most secure
applications, this provides a high level of security that meets the intended requirements. In
extreme cases, it is possible to customize the EDT hardware to change the order in which scan
chains are connected to the compression logic. This further camouflages the design and its scan
chains from anyone with intimate knowledge of Tessent TestKompress and its default settings.
Another key cost-saving benefit of Tessent TestKompress is the ability to apply test patterns
securely without the added cost of providing a secure tester environment.
High Quality Test Solutions for Secure Applications
Page 4
�Design-for-Test Whitepaper
Reduced Pin Count Test
Another test approach that limits the amount of test access to the design is Reduced Pin Count
Test (RPCT) [3, 4]. This methodology eliminates tester access to functional pins and delivers all
stimuli as part of the scan patterns.
Figure 4: Reduced Pin Count Test and Tessent TestKompress
Typically, RPCT is used to reduce test cost by enabling multi-site testing and the use of low-cost,
low-pin testers. However, by combining test data for scan cells with functional pin data another
level of abstraction can be added to scan patterns. This is accomplished by controlling and
observing the functional I/O through a scan chain connected between the EDT decompressor and
compactor (Figure 4). Similar to scan cell data, the functional I/O data is now generated by the
decompressor and compressed before exiting the chip.
The security advantage of patterns generated using RCPT technology provides is that less direct
information about the operation of the device under test. This is accomplished by eliminating
direct access the functional I/O and abstracting scan chain access through the EDT decompressor
and compactor.
Summary
Secure applications are moving towards scan compression due to the need for high test quality
with restricted access to internal scan chains. Logic BIST is the most secure test method and
ideal if the design constraints are acceptable. However, logic BIST does not address the
requirement for diagnosis without bypass patterns which is necessary for data security.
Using Embedded Deterministic Test technology, Tessent TestKompress can apply all fault
models with the same high test coverage as standard deterministic scan test. Additionally,
Tessent TestKompress provides high level of data security by abstracting access to the designs
sequential elements. Tester access can be further reduced by combining Embedded Deterministic
Test and Reduced Pin Count Test techniques.
High Quality Test Solutions for Secure Applications
Page 5
�Design-for-Test Whitepaper
References
1. J. Rajski, et al., Embedded Deterministic Test for Low Cost Manufacturing Test, Proc.
Intl Test Conf. (ITC 02), IEEE Press, 2002, pp. 301-310.
2. R. Press, Embedded Compression for Production Test, Evaluation Engineering,
October 2007.
3. T. Kobayashi et al, DFT Approaches Enable Mass Production Test, Semicon Japan
2007 proceedings, Dec. 2007.
4. J. Jahangiri, et al, Achieving High Test Quality with Reduced Pin Count Testing, ATS
2005.
High Quality Test Solutions for Secure Applications
Page 6
