Verification plan debate – Part III

Continued from: Verification debate Part II

Few months had already rolled. It was bright sunny day.

Ananta sensed tensed activity at the sheriff’s office. He asked one of the officers. Officer indicated that one of the high profile criminal has escaped during transit. Office was bustling with activities. There was sense of urgency everywhere.

Even among this distressed situation sheriff seemed to be calm and composed. He was messaging and calling all the time while other officers were busy collecting information about incidence and getting it under control.

Just within few hours sheriff called for meeting with his key deputy officers. He provided them with the exact location where to find the escaped convict. He also indicated that this house is located in secluded locality near highway and there is underground passage from house to highway. So we should first set up the team on highway and then attack on the house. They did that and grabbed the convict in matter of few hours. This impressed Ananta further. He thought I am at right place.

Ananta went in and congratulated sheriff on this success. He asked how was he able to pinpoint the location so quick?

Sheriff said it’s my informers network. We have a widespread and deep network of informers. We get a very good intelligence on various happenings in county. This has been one of our key strengths helping us maintain the low crime rate in our county. We do invest, grow and guard our valuable informers network.

Interrogation of the escaped convict captured went on during most of the part of the day.

Sheriff came to Ananta with the expression of melancholy in early evening. Asked him if he knew anything about blocking hacking efforts?

Ananta asked what happened?

Escaped convict had some confidential information, which he has passed on. It was location of our hidden machine guarded data center far away from city limits. Looks like there is already a physical breach and they have got access to serial and usb debug ports of our main machine. By the time we reach there they will hack it. Considering the holiday seasons our key specialists are out. Is there anything you can do help us?

Ananta asked what is stored on these machines?

It’s very confidential. We have information about our informers on that machine we need to protect it at any cost. We cannot afford to lose it.

Ananta said let me see please take me to your team working on it. He joined the team working on blocking the hacking attempt. He got a quick brain dump. The experts working indicated, hacking is going on with the FPGA based custom designed system. They will accelerate by running hacking algorithms on custom hardware quicker.

Ananta asked which port are they trying to break in first? It’s serial port because that’s simplest. When he looked at the schematics of the machine he found a small relay near serial lines. He asked what is it used for? We had plans to allow remote control of machine power but we did not use it. We just have LED attached to it.

Can we control relay remotely?

Yes said the expert. Then let’s start switching it on and off. What do we get by doing that? It might induce some emi noise on the serial lines. They immediately acted and started program to turn relay on and off.

Over here in the data center the mastermind Professor Buggart and his associates were trying to break in with the serial port. The glitches on the lines due to relay switching on and off sent their UART IP’s receive state machines to unknown states resulting in hang. His associate quickly generated the waveforms from embedded analyzer in his FPGA board. Figured out that noise on the line is leading to false start bits. They had not completely covered these cases in verification. We have bug here said assistant.

We don’t have time for these bug fixes shouted professor. You guys had said the code coverage was 100 %. Why are we having this issue? Assistant said that’s something can discuss later. Now let’s try the USB port.

They reconfigured the FPGA with USB IP and started trying out with the USB. The link came up and Professor Buggart was very happy. Now quickly start copying the files.

Here at sheriff’s office hack prevention team had figured out USB port was compromised. Ananta asked what speed is USB port operating? 3.0 replied one of the experts. Lets quickly create a large file with the repeated control symbol values from the training pattern of the USB3x link training. Through a script they quickly created the file of gigabyte in size containing these control symbols and uploaded to machine. Name it as highly_confidential.txt

Here in the data center. When the hackers tried copying the file their USB IP crashed. Professor Buggart was very upset. He shouted, what is happening here? His assistant replied our LTSSM is getting falsely triggered and moving to recovery state during data transfer. Looks like some of our control symbols decode was not validated with LTSSM states. We did randomize the data in our verification but we are not sure how why this is happening. Professor Buggart kept repeating you guys said code coverage was 100 % even on USB IP. Before assistant could answer the sheriff’s team nabbed them.

Sheriff thanked his team and Ananta for his help.

One of the experts on prevention team asked to Ananta how did you think of those cases to prevent hacking? Oh! These are some of the corner cases that verification teams often ignore. I have also figured them out hard way replied Ananta. Also when you guys said they are using FPGA based systems, I guessed FPGA based IP developers generally rush to FPGA rather than verifying it sufficiently in simulation.

Ananta was satisfied with the results and contributions he had made. He was tired with the hustle of the day when he reached back his hostel.

Ananta’s internship was also coming to an end. He reflected deeply on his experiences that night. Find out what insights he gained in the last part of the series.

Conclusion: Part IV.