Today, advanced semiconductors are single packages comprised of disparate components, multiple dies that enable new levels of systemic PPA efficiency. But it’s precisely that complexity that provides greater opportunity for security threats to do damage.
In addition to attacks on the software stack, attacks on hardware can not only do damage, but also assist the software damage. This includes hardware trojans, temperature or laser-generated faults, RF and power side-channel attacks, and much more. Although it’s been used for decades, code coverage at signoff isn’t enough for quantifiable assurance. This is because weaknesses or vulnerabilities can be buried in the data of the hundreds (or more) waivers needed when an error or issue is identified. While code coverage at signoff can be helpful to check for rare or no-toggle coverage (indicators of a trojan), you’ll never have 100% code coverage, and it won’t cover the enormous attack surface through the lifecycle.