1. Field of the Invention
The invention relates, in general terms, to synchronous integrated electronic circuits equipped with combinatorial logic means, flip-flops, and test means.
More specifically, the invention relates to an electronic circuit that includes: a plurality of logic cells; a plurality of configurable cells each including at least one multiplexer and one flip-flop; and a plurality of control conductors connected to the configurable cells and in which flow selectively control signals emitted in operation by a control circuit such as an access controller, the configurable cells adopting selectively, as a function of the control signals, a standard operating mode in which they are operationally connected to some at least of the logic cells with which they engage to form a logic circuit, and a test mode in which these configurable cells are operationally connected in a chain to form a shift register equipped with a data input and output.
2. Discussion of the Related Art
It is a well known practice today to test the correct operation of the operational elements of an integrated circuit by imposing and/or setting, at pre-set moments, data values present at certain internal points of the integrated circuit.
A technique of this kind for testing internal paths of an integrated circuit (known as “scanpath” or “internal scan method”;) is for example described in the publication by M. Williams and J. Angel entitled “Enhancing Testability of LSI Circuits Via Test Points and Additional Logic, IEEE Transactions on Computers, vol. C-22, no.1; January 1973”, which is incorporated herein by reference.
According to this technique, each of the flip-flops in the logic circuit, for which it is useful to know the state and/or to impose the content during the standard operation of the integrated circuit, is equipped at its input with a multiplexer.
The different flip-flops and the multiplexers which are associated with them thus constitute as many configurable cells whose accesses are individually controlled by these multiplexers.
The multiplexers of these different configurable cells are collectively controlled by an access controller or “TAP controller” (“TAP” standing for “Test Access Port”) which, depending on a selected operating mode, uses this set of configurable cells either as a standard operating circuit, integrated into the logic circuit which it forms with the logic cells, or as a test circuit.
To do this, the TAP controller addresses on different control conductors, by which it is connected to the different configurable cells, control signals, such as a mode control signal, a chaining control signal or a data propagation control signal, which modify the data flow paths within the integrated circuit and which thus allow the controller to capture this data, for the purpose of analyzing it.
In standard operating mode, the TAP controller therefore controls the multiplexers of the configurable cells in such a way that the flip-flops of these cells are connected to surrounding logic cells to define one or more operating sub-assemblies of the integrated circuit.
In test mode, which is normally triggered on receipt by the TAP controller of a test execution command, this controller produces a chaining control signal to connect the flip-flops of the configurable cells in series in such a way as to form a shift register.
This register notably includes a series input and a series output connected to an output and an input of the TAP controller respectively, and a clock input receiving a clock signal to time the data flow.
Initially, the TAP controller loads data in series into the flip-flops of the configurable cells through the input of the shift register formed by these cells.
Then, the TAP controller changes the switching of the multiplexers to form the operating circuit, and controls the execution of one or more clock cycles by this operating circuit. The data loaded into the flip-flops of the configurable cells is then processed by the operating circuit.
The controller then once again changes the switching of the multiplexers to again form the shift register and retrieves, in series at the output of the shift register, the data stored in the flip-flops of the configurable cells during the last clock cycle.
Despite proven interest in this testing technique, its practical application may under some circumstances prove problematic, particularly in respect of integrated circuits processing confidential data.
Indeed, insofar as activating the test mode may allow a fraudster to read the content of the flip-flops of the configurable cells, this test technique has at first sight the drawback of making such circuits highly vulnerable to fraudulent use.
For example, by stopping at various intervals of time a process for the internal loading of confidential data into the integrated circuit and by unloading the content of the shift register, a fraudster may be able to obtain information about confidential data, and even reconstitute it.
By activating the test mode, a fraudster may also access the flip-flops of the configurable cells in write mode so as to insert fraudulent data, or to put the integrated circuit in an unauthorized configuration. He may thus for example access a register controlling a security component such as a sensor in order to deactivate it. He may also inject an erroneous data item for the purpose of obtaining information about a confidential data item.
The fraud may in fact adopt two different strategies, the first of which consists in taking control of the TAP controller and in observing the shift register cell content on the external contact blocks, and the second of which consists in taking control of the configurable cells by exciting them by micro-probing so as to simulate the control of these cells by the control signals emitted by the TAP controller.
An attempt at fraud in accordance with the first strategy may be blocked by a technique which is the subject of a patent application filed simultaneously by the Proprietor.