Release Notes

v1.1

New Features

Implementation of UEFI Secure Boot.

Changed

  • Use the EWAOL Yocto distribution instead of Cassini.

  • Extended SystemReady IR ACS with the Security Interface Extension (SIE) Self-Certification Test (SCT).

  • Assembled the firmware images using genimage from the meta-ptx Yocto layer instead of wks/wic images.

  • Updated support from openSUSE 15.4 to 15.5.

  • Updated support from Debian 11.7 to 12.4.

  • Added Fedora 39.1.5 distribution to comply with the SystemReady IR v2.1 requirements.

  • Added Fedora 39.1.5 distribution unattended installation option.

  • Added openSUSE 15.5 distribution unattended installation option.

  • Added compiler tuning for Cortex-R82 to the Zephyr toolchain.

  • Upgraded from Yocto nanbield to scarthgap.

  • Introduced the Yocto layer meta-arm-safety-island.

  • Removed LCP from the boot flow.

  • Aligned the number of supported MHUv3 channels with the RSE specification.

  • Enabled TF-A Trusted Board Boot (TBB).

  • Enabled PSA Internal Trusted Storage API on Primary Compute.

  • Added an AP_REFCLK non-secure Generic Timer node in Kronos device tree.

  • Updated identified non-alignments on RD-Kronos for Devicetree missing schemas.

  • Introduced Safety Island GIC FMU device for Safety Island Cluster 1 and automated tests.

  • Renamed Runtime Security Subsystem (RSS) to Runtime Security Engine (RSE) to be aligned with TF-M naming.

  • Fixed the System FMU ERRIIDR register value in the Fault Management driver.

  • Fixed the GIC-720AE IVIEWRn register offsets in TF-M.

  • Using bindings of Linux Kernel from 6.3.7 to 6.10 for SystemReady IR Devicetree validation.

  • Supported EFI System Partition (ESP) checks in Arm Systemready IR ACS test.

  • Updated Safety Island Actuation Demo from v2.0 to v2.1.

  • Added Secure Firmware Update support on Virtualization architecture.

  • Enabled capsule authentication for Secure Firmware Update.

  • Automated SystemReady IR capsule update test.

  • Made the Dom0 RAM size configurable.

  • Exposed the following kas build parameters:

    • CASSINI_ROOTFS_EXTRA_SPACE

    • BAREMETAL_IMAGE_MEM_SIZE

    • DOM0_MEMORY_SIZE

    • DOMU1_MEMORY_SIZE

    • DOMU2_MEMORY_SIZE

  • Updated Critical Application Monitoring Demo from v1.0 to v1.1.

The versions of the main components used in the Reference Software Stack:

Component

Version

Source

Arm Reference Design-1 AE FVP (FVP_RD_1_AE)

11.27.20

FVP download (arm64 host) FVP download (x86 host)

RSE (Trusted Firmware-M)

53aa78efef274b9e46e63b429078ae1863609728 (based on main branch post v1.8.1)

Trusted Firmware-M repository

SCP-firmware

cc4c9e017348d92054f74026ee1beb081403c168 (based on main branch post v2.13.0)

SCP-Firmware repository

Trusted Firmware-A

ff0bd5f9bb2ba2f31fb9cec96df917747af9e92d lts-v2.8.6

Trusted Firmware-A repository

OP-TEE

3.22.0

OP-TEE repository

Trusted Services

602be607198ea784bc5ab1c0c9d3ac4e2c67f1d9 (based on main branch, post v1.0.0)

Trusted Services repository

U-Boot

2023.07.02

U-Boot repository

Xen

4.18

Xen repository

Linux Kernel

6.6.35

Linux repository and Linux preempt-rt repository

Zephyr

3.5.0

Zephyr repository

Safety Island Actuation Demo

v2.1

Actuation repository

Mbed TLS

1ec69067fa1351427f904362c1221b31538c8b57 (based on 3.5.0)

Mbed TLS repository

Critical Application Monitoring

v1.1

Critical Application Monitoring repository

Third-party Yocto layers used to build the Reference Software Stack:

URL: https://git.yoctoproject.org/meta-arm
layers: meta-arm, meta-arm-bsp, meta-arm-systemready, meta-arm-toolchain
branch: scarthgap
revision: 38bce82e42ea093333a53c4a10e51d1b26cbc989

URL: https://gitlab.com/Linaro/cassini/meta-cassini
layers: meta-cassini-distro, meta-cassini-tests
branch: scarthgap
tag: v2.0.0
revision: bef1d728c6db464ff89828afae5b51e648058f35

URL: https://github.com/kraj/meta-clang
layers: meta-clang
branch: scarthgap
revision: 0acff283249842eb1f617b20c2ed4ebf9f8e3557

URL: https://gitlab.com/soafee/ewaol/meta-ewaol
layers: meta-ewaol
branch: scarthgap
tag: ewaol-2.0.0
revision: c28142e72691202ba55a954f0faaed4375615b68

URL: https://git.openembedded.org/meta-openembedded
layers: meta-filesystems, meta-networking, meta-oe, meta-python, meta-perl
branch: scarthgap
revision: 78a14731cf0cf38a19ff8bd0e9255b319afaf3a7

URL: https://github.com/pengutronix/meta-ptx
layers: meta-ptx
branch: scarthgap
revision: 547b079bf309ebe1576aa5ae0d58564feb245a42

URL: https://github.com/Wind-River/meta-secure-core
layers: meta-secure-core-common, meta-efi-secure-boot, meta-signing-key
branch: scarthgap
revision: f3f928d097917b8a131044fe718440eb7f7e381b

URL: https://git.yoctoproject.org/git/meta-security
layers: meta-parsec
branch: scarthgap
revision: 11ea91192d43d7c2b0b95a93aa63ca7e73e38034

URL: https://git.yoctoproject.org/git/meta-virtualization
layers: meta-virtualization
branch: scarthgap
revision: 37c06acf58f9020bccfc61954eeefe160642d5f3

URL: https://git.yoctoproject.org/git/meta-zephyr
layers: meta-zephyr-core
branch: scarthgap
revision: 763c72fc3088fc09ccfde6edfcdad43811d16616

URL: https://git.yoctoproject.org/git/poky
layers: meta, meta-poky
branch: scarthgap
revision: ca27724b44031fe11b631ee50eb1e20f7a60009d

Limitations

  • Same as v1.0 Limitations with the following exception:

    • Now, the Reference Software Stack also supports the Internal Trusted Storage (ITS) API on the Primary Compute.

Resolved and Known Issues

Resolved Issues

  • Added runtime checks of Update Capsule flags in U-Boot, which fixed SystemReady IR ACS SCT Update Capsule test failure.

  • Fixed a bug in TF-M where the RSE communication request from AP was not handled by RSE.

Known Issues

  • For Heterogeneous Inter-Processor Communication (HIPC), during ping between Clusters, a transient issue is observed where ICMP replies take longer time to reach the originating Cluster.

  • The CAM automated validation might rarely fail with the error: “Received timestamp is in the future” in the Safety Island console. This is caused by PTP sync loss between the Primary Compute and Safety Island in the FVP model.

  • The Virtualization Architecture might rarely fail to boot a DomU, leaving it hanging before reaching its shell. This may be caused by an RCU stalling issue. The last expected line printed by the DomU is (potentially followed by an RCU backtrace):

    Freeing initrd memory: 117108K

    When running the Automated Validation the output looks like:

    pexpect.exceptions.TIMEOUT: Timeout exceeded.
[...]
RESULTS - test_10_linuxlogin.LinuxLoginTest.test_linux_login: ERROR

    To overcome the problem, restart the command that launched the FVP (either directly or through the Automated Validation).

  • Same as v1.0 Known Issues.

v1.0

New Features

Implementation of the Use-Cases.

The versions of the main components used in the Reference Software Stack:

Component

Version

Source

Kronos Reference Design FVP (FVP_RD_Kronos)

11.25.15

FVP download (arm64 host) FVP download (x86 host)

RSS (Trusted Firmware-M)

53aa78efef274b9e46e63b429078ae1863609728 (based on master branch post v1.8.1)

Trusted Firmware-M repository

SCP-firmware

cc4c9e017348d92054f74026ee1beb081403c168 (based on master branch post v2.13.0)

SCP-Firmware repository

Trusted Firmware-A

2.8.0

Trusted Firmware-A repository

OP-TEE

3.22.0

OP-TEE repository

Trusted Services

08b3d39471f4914186bd23793dc920e83b0e3197 (based on main branch, pre v1.0.0)

Trusted Services repository

U-Boot

2023.07.02

U-Boot repository

Xen

4.18

Xen repository

Linux Kernel

6.1.73

Linux repository and Linux preempt-rt repository

Zephyr

3.5.0

Zephyr repository

Safety Island Actuation Demo

v2.0

Actuation repository

Mbed TLS

1ec69067fa1351427f904362c1221b31538c8b57 (based on 3.5.0)

Mbed TLS repository

Critical Application Monitoring

v1.0

Critical Application Monitoring repository

Third-party Yocto layers used to build the Reference Software Stack:

URL: https://git.yoctoproject.org/meta-arm
layers: meta-arm, meta-arm-bsp, meta-arm-systemready, meta-arm-toolchain
branch: kronos-nanbield
revision: 5e4851a884985b952b33f6f88a8724fbbe5300ec

URL: https://gitlab.com/Linaro/cassini/meta-cassini
layers: meta-cassini-distro
branch: nanbield
revision: v1.1.0

URL: https://github.com/kraj/meta-clang
layers: meta-clang
branch: nanbield
revision: 5170ec9cdfe215fcef146fa9142521bfad1d7d6c

URL: https://git.openembedded.org/meta-openembedded
layers: meta-filesystems, meta-networking, meta-oe, meta-python
branch: nanbield
revision: da9063bdfbe130f424ba487f167da68e0ce90e7d

URL: https://git.yoctoproject.org/git/meta-security
layers: meta-parsec
branch: nanbield
revision: 5938fa58396968cc6412b398d403e37da5b27fce

URL: https://git.yoctoproject.org/git/meta-virtualization
layers: meta-virtualization
branch: nanbield
revision: ac125d881f34ff356390e19e02964f8980d4ec38

URL: https://git.yoctoproject.org/git/meta-zephyr
layers: meta-zephyr-core
branch: nanbield
revision: fa76b75bd65da63abcc2d65dd5d4eb24296f2f65

URL: https://git.yoctoproject.org/git/poky
layers: meta, meta-poky
branch: nanbield
revision: 1a5c00f00c14cee3ba5d39c8c8db7a9738469eab

Changed

Initial version.

Limitations

  • In the HIPC, the iperf parameter “-l/–length” should be less than 1473 (IP and UDP overhead) in the case of Zephyr running as a UDP server since it does not support IP fragmentation.

  • PSA Secure Storage API defines two interfaces for storages: Internal Trusted Storage (ITS) API and Protected Storage (PS) API. For now the Reference Software Stack supports the ITS API on Safety Island only.

  • PSA Protected Storage Optional APIs psa_ps_create and psa_ps_extended are not supported by Arm Automotive Solutions as they are not implemented in the Protected Storage Service provided by Trusted Firmware-M.

  • PSA Secure Storage APIs Architecture Test Suite only runs on Cluster 2 in the Safety Island due to the following limitations:

    • Trusted Firmware-M supports a single partition only. This causes tests running simultaneously on different entities to interfere with each other due to accessing the same assets, resulting in failures.

    • Trusted Firmware-M has no support against Denial of Service attacks, where a test running on one entity might take up all the storage on the RSS resulting in denial of service for tests running on other entities.

Resolved and Known Issues

Known Issues

  • The automated validation might fail due to the encoding issues in the logs. This has been observed on an AWS aarch64 Graviton 2 build host. In the test logs, the error message that appears is a typical timeout error.

    The console log appears normal, but some characters are either corrupted or replaced with 00, x00 or ^@ characters. This issue is likely caused by encoding mismatches or inconsistencies in the logging process, and it could occur in any of the test suites. When this issue occurs, something similar to the following would be observed in the logs:

    52 28 bytes from 192.168.1.2 to 192.168.1.1: icmp_seq=7 ttl=64 time=0.00 ^@s^M
or
fault set_critical f\00u@2a570000 0x10000600 0
or
System shutdown complet\x00

    If this occurs, trigger the “Automated Validation” again to resolve it.

  • Automated validation may fail at times due to CPU frequency and throttling issues. If this occurs, trigger the “Automated Validation” again to resolve it.

  • Refer to Critical Application Monitoring Known Issues for CAM-related known issues.