This work addresses the vulnerability of commercial off-the-shelf (COTS) processors to hardware Trojan insertion due to untrusted supply chains, a challenge exacerbated by the inapplicability of existing detection methods that rely on golden reference models in black-box scenarios. To overcome this limitation, the paper proposes a novel trust verification framework that eliminates the need for a golden model by leveraging large language models to automatically generate test programs capable of triggering rare microarchitectural events. By integrating publicly available RTL design information with cross-ISA knowledge transfer, the approach efficiently activates latent Trojan behaviors. Experimental evaluation on open-source COTS processors, including RISC-V implementations, demonstrates that the method achieves over 80% Trojan activation coverage for the rarest 5% of microarchitectural events, significantly enhancing both detection efficacy and generalizability.

Commercial Off-The-Shelf (COTS) hardware, such as microprocessors, are widely adopted in system design due to their ability to reduce development time and cost compared to custom solutions. However, supply chain entities involved in the design and fabrication of COTS components are considered untrusted from the consumer's standpoint due to the potential insertion of hidden malicious logic or hardware Trojans (HTs). Existing solutions to detect Trojans are largely inapplicable for COTS components due to their black-box nature and lack of access to a golden model. A few studies that apply require expensive equipment, lack scalability, and apply to a limited class of Trojans. In this work, we present a novel golden-free trust verification framework, COVERT for COTS microprocessors, which can efficiently test the presence of hardware Trojan implants by identifying microarchitectural rare events and transferring activation knowledge from existing processor designs to trigger highly susceptible internal nodes. COVERT leverages Large Language Models to automatically generate test programs that trigger rare microarchitectural events, which may be exploited to develop Trojan trigger conditions. By deriving these events from publicly available Register Transfer Level implementations, COVERT can verify a wide variety of COTS microprocessors that inherit the same Instruction Set Architecture. We have evaluated the proposed framework on open-source RISC-V COTS microprocessors and demonstrated its effectiveness in activating combinational and sequential Trojan triggers with high coverage, highlighting the efficiency of the trust verification. By pruning rare microarchitectural events from mor1kx Cappuccino OpenRISC processor design, COVERT has been able to achieve more than 80% trigger coverage for the rarest 5% of events in or1k Marocchino and PicoRV32 as COTS processors.