Zeroization is a process in which zeros are shifted through all of the storage elements and then verified that the shift occurred correctly. This is achieved using MBIST and scan clear functionality. The scan clear engines can only be controlled by the PMU and CSU processors through their direct interfaces to the engines. Other processors can request the PMU through its SCAN_CLR_REQ register to start any specific scan clear engines. When a scan clear engine is started, the completion status signal from the engine transitions from 1 to 0. This signal, which is routed directly to a PMU LOGCLR_ACK register, communicates the completion status of the engine to the PMU. When a scan clear engine finishes its operation, its completion status bit toggles from 0 to 1 generating an interrupt to the PMU. The pass/fail status of the clearing operation can be checked by the bits in the PMU LOGCLR_STATUS global register that are directly driven by the pass/fail status of the engine.
The CSU only starts scan clear engines under a security lock-down scenario and there is no functional requirement for the CSU to check the pass/fail status, or the completion status, of the clearing operation.
Every power island and every power domain has a scan clear engine. The PMU and CSU blocks have separate scan clear engines even though they are not power islands. The PMU scan clear is triggered only on power-on reset and the CSU scan clear can only be triggered by the PMU.
IMPORTANT: The scan clear has to operate on the entire power island. In this case, the power island needs to be isolated before the block is put in the scan mode to start the scan clear functionality.
To ensure running the scan clear on the LP domain, the full LPD (minus the PMU) is in reset, the reset logic must follow these guidelines:
1.Keep reset registers off the LPD scan chain.
2.Leverage the explicit reset input to clear state in registers that have this feature (this is recommended, but not required). The explicit reset can be asserted by the scan clear request output from the PMU (scan_clear_trigger_lpd output for the LPD domain) to force the reset to stay asserted by OR’ing it with the reset. The use of explicit resets for clearing instead of using scan on these registers requires them to be applied on chains that are included in the scan test rather than in the scan clear. However, this makes the scan architecture more complex.
3.The PMU local and global registers implement self-clearing through reset and are excluded from the scan clear. This is done to prevent an unnecessary power cycle of the islands during the scan clear of the PMU. The PMU is required to be cleared only during a POR or after a security shutdown. In either case, the flip-flops on the local and global registers are excluded from clearing functions. If for any reason this is not acceptable for the security lock-down, the reset to the flip-flops with the self-clearing feature that are not cleared through scan has to be asserted after the scan clear function on the rest of the flops is completed. This guarantees that the self-clearing of the PS is not affected by a potential IR drop due to the power up of the blocks that were previously powered down.
Note: User functions that need FPD SC must power MGTRAVCC even if not using the GT.