February_EDFA_Digital

edfas.org 13 ELECTRONIC DEVICE FAILURE ANALYSIS | VOLUME 23 NO. 1 verification and validation. Establishing a baseline golden reference in silicon is therefore a necessary step for assess- ing the trust in other untrusted components. Because there is no observability into any of the manufacturing processes, assurance assessments and approaches must assume zero trust at all stages of the fabrication. Oneway of addressing this is to performa full destruc- tive decomposition of an untrusted component to recover the as-fabricated design files. The as-fabricated design files (e.g., GDSII layout, gate netlist, etc.) can then be compared back to their original golden versions that were generated in the design phase. Developing the techniques to perform the decomposition and design file recovery at scale, in advanced nodes, andwith highest accuracy is not a trivial undertaking. Ever shrinking node sizes as well as increasing design complexity create compound scaling problems that push the limits of the existing state-of-the- art tools and techniques available today. As the industry moves toward a quantifiable assurance framework for objectively evaluating untrustedmicroelectronics, estab- lishing a golden reference in silicon is a key component to enabling this framework. This article looks at the methods and processes that have been adopted fromthe failure analysis community as the foundation for howdesign files are recovered and veri- fied from the fabricated silicon chips in order to establish the baseline golden reference in silicon. Figure 1 presents an overviewof the decompositionworkflowused to verify and validate an untrusted IC. The first stage, sample preparation, depackages and delayers the chip to prepare it for the second stage, image acquisition and stitching. This is where each of the target layers are imaged and a full layer mosaic is constructed by stitching each individual image tile together. From there, the feature extraction stage converts the pixel images into vectorized polygons, effectively extracting features such as metal traces and vias from the images. After this is completed for each layer of the chip, the full design stack-up is recreated. The fourth stage, design file recovery, recovers the GDSII layout and gate level netlist design files. The final stage, verification and validation, assesses the recovered design files and determines them to be equivalent or nonequivalent to the original golden design files. For any nonequivalence points, a deeper analysis is conducted to determine the root cause. At this point, assuming all verification and validation tests have been passed, the chip is considered trusted. Prior to the destructive decomposition, the chip is put through a thor- ough characterization process to generate a profile. After the chip is verified and trusted, this profile can be used as a golden reference for nondestructive comparison to other untrusted chips’ profiles. IC DECOMPOSITION FOR DESIGN FILE RECOVERY TARGET LAYER SAMPLE PREPARATION Sample preparation changes the physical state of the sample (i.e., fabricated chip) from its current form into the desired state in a manner that is controlled and predict- able. In microelectronic physical assurance, the require- ment is often to either expose sections or the entire die of the integrated circuit for imaging and deeper analysis. Typically, this requires the removal of some or all of the packaging material and can often require removing part of the die as well. There are several different categories of tools for removing material, and often a combination of themare required to achieve the desired level of mate- rial removal. The categories are wet etching, dry etching, and mechanical removal via milling and/or chemical- mechanical polishing (CMP). Wet etching uses the chemical reactivity of acids, bases, and solvents to removematerial. Thismethod pro- vides a highly selective isotropic etch. Proper chemicals Fig. 1 Integrated circuit decomposition workflow for assuring zero trust microelectronics.