.. # SPDX-FileCopyrightText: Copyright 2024-2025 Arm Limited and/or its # affiliates # # SPDX-License-Identifier: MIT ############# Release notes ############# **** v2.1 **** CSS-Aspen ========= New features ------------ * Introduced GIC FMU driver. * Added notification of FMU faults to the SSU. * Introduced MHU FMU support. * Introduced Software Built-In Self-Test Controller (SBISTC) fault handling. * Introduced Platform Fault Detection Interface Monitoring. * Introduced Arm Cryptographic Extension Demo. * Introduced Transient Fault Protection for Application Processor. * Introduced GIC Multiview on the Safety Island. * Enabled Safety Island Cluster 1 to boot Zephyr with a "Hello World" application for CFG2. * The sw-ref-stack supports two architectures, Baremetal and Virtualized. This release introduces the Virtualization architecture using Xen hypervisor. * Introduced power and performance control feature for Application Processor. * Introduced Mission-based Power Profile Demo for baremetal build. * Introduced linux-yocto-rt (PREEMPT_RT kernel) on RD-Aspen baremetal demos. Changed ------- * Refactored RAS synchronization between SI0 and the AP. * Fixed Devicetree warnings within ACS suite. * Fixed incorrect interrupt numbers in Devicetree. * Removed the unused RSE non-secure image. * Fixed RSE volatile memories size to 256KB. * Update the RSE flash and AP flash images to be GPT partitioned. * Configure the Safety Island ATU from the RSE instead of SI CL0. * Upgraded Yocto from Styhead to Walnascar. * Introduced Linux sniff test for unattended Debian distro installations. * Debian sniff test results are accounted for in ACS tests results. Resolved issues --------------- * Fixed SVE related warning in Trusted Firmware-A RD-Aspen platform Makefile. * Fixed RSS to SCP error message in RSE. * Fixed false negative error in PFDI test case. * Fixed the reboot hang when the number of AP CPUs is more than 4. * Fixed link time error in TF-M's Release build type. * Fixed 13 previously skipped psa-crypto-test cases * Fixed ERXCTLR States for RAS configuration on all Application Processor cores. The versions of the main components used in the Reference Software Stack: .. cspell:disable .. list-table:: :header-rows: 1 * - Component - Version - Source * - Arm Zena Compute Subsystem (CSS) FVP (FVP_RD_Aspen) - 11.30.8 - `FVP Cfg1 download (arm64 host) `__ `FVP Cfg2 download (arm64 host) `__ `FVP Cfg1 download (x86 host) `__ `FVP Cfg2 download (x86 host) `__ * - RSE (Trusted Firmware-M) - 9de5d116d02c07d490dc9c653e830631fbc3bb14 (based on main branch post v2.2.1) - `Trusted Firmware-M repository `__ * - SCP-firmware - 07181be79ae968be1479f0c714325ac1a31fe075 (based on main branch post v2.16.0) - `SCP-Firmware repository `__ * - Trusted Firmware-A - 168d78c376b7d39a40320df6852f13b633a4ccee (based on main branch post v2.13.0) - `Trusted Firmware-A repository `__ * - OP-TEE - 4936f055618d2a6a57ad6be12d557f2fb47a6e88 (based on master branch post v4.7.0) - `OP-TEE repository `__ * - Trusted Services - 337d474124a20a3d735dd22e5ccb429fb227c0d1 (based on integration branch post v1.2.0) - `Trusted Services repository `__ * - U-Boot - 2025.10 - `U-Boot repository `__ * - Xen - 4.20 - `Xen repository `__ * - Linux Kernel - 6.12.30 - `Linux repository `__ and `Linux preempt-rt repository `__ * - Zephyr - 4.1.0 - `Zephyr repository `__ Third-party Yocto layers used to build the Reference Software Stack: .. code-block:: yaml :substitutions: URL: |meta-arm repository| layers: meta-arm, meta-arm-toolchain branch: walnascar revision: 21894cc2ea3197e6bfc1a56d889f757a09dc8b31 URL: |meta-cassini repository| layers: meta-cassini-distro branch: walnascar revision: 4dad481980fb8a700cce8402bece7cf1bebbdee3 URL: |meta-clang repository| layers: meta-clang branch: walnascar revision: 003cba92e982bdd565a6889f28799f8bba14957e URL: |meta-ewaol repository| layers: meta-ewaol branch: walnascar revision: 4ba5f48c4e10ad2a0271bb2287a66688e6c2fa15 URL: |meta-openembedded repository| layers: meta-filesystems, meta-networking, meta-oe, meta-python, meta-perl branch: walnascar revision: 80ab58cc404959ae2f0e8b2e68935b3bfd8e8cfe URL: |meta-ptx repository| layers: meta-ptx branch: walnascar revision: 23e46e92946ca0a1b1da4cf3ad212169d46b0af8 URL: |meta-secure-core repository| layers: meta-secure-core-common, meta-efi-secure-boot, meta-signing-key branch: walnascar revision: 243281acbb4d3839b80b795030a7f4900e254735 URL: |meta-security repository| layers: meta-parsec branch: walnascar revision: 1f7eeb8e84811fa79b98f236ade42dc52d44cfc6 URL: |meta-virtualization repository| layers: meta-virtualization branch: walnascar revision: 898239e810acbb7db93299f20deec8afe434f11b URL: |meta-zephyr repository| layers: meta-zephyr-core branch: walnascar revision: 3617fcdfd0f232dcaff4a153e667c26445b2077c URL: |poky repository| layers: meta, meta-poky branch: walnascar tag: yocto-5.2.3 revision: a704e5171ce4f87e27408934b593e5a186ac1960 Limitations ----------- * There are 4 unsupported test-cases out of 64 in PSA Crypto API test suite. Failed test cases are skipped. * RSA is not supported by the current TF-M CryptoCell driver. * CSS-Aspen FVP doesn't include a TrustZone Address Space Controller (TZC). Trusted Firmware-A doesn't program TZC to set up security configurations for DRAM or peripherals. * System Memory Management Unit (SMMU) node is excluded from Primary Compute device tree. * PCIe configuration is excluded. * The flash device of TF-M Protected Storage (PS) in CSS-Aspen does not support the Replay-Protected Monotonic Counter (RPMC) feature. Instead PS Non-Volatile Counters (NV Counters) are implemented with a limited size in RSE OTP memory. Exceeding 512 writes to PS will cause the PS NV Counters to overflow and may trigger a system panic. Supporting an increase in the number of writes will require an increase in the NV Counter size. * RSE flash is implemented as part of the wider system rather than within the CSS. The Internal Trusted Storage (ITS) is located in this external flash memory and therefore requires confidentiality, integrity protection, and replay protection against attackers with physical access to the device. These protections are typically achieved through a combination of software-based encryption and authentication, along with hardware features such as flash devices that include replay protection mechanisms or by writing replay protection values through the PSA Internal Trusted Storage (ITS) API. Known issues ------------ * Platform Fault Detection Interface (PFDI) Architecture Compliance Suite (ACS) An intermittent timeout may occur when running the PFDI Architecture Compliance Suite (ACS) on the Primary Compute. When this occurs, one or more subsequent test cases might be skipped. The issue affects ACS version 3.1.0, which is used in this release. Re-running the affected test suite usually completes all test cases successfully. RD-Kronos ========= Changed ------- Following the latest Arm Automotive Solutions v2.1 release, Arm will no longer support Kronos, which was available in the previous v2.0 release. Please consider migrating to the latest Arm Zena Compute Subsystem (CSS). Details are available `here `_. **** v2.0 **** CSS-Aspen ========== New features ------------ * CSS-Aspen secure boot-flow implemented for the RSE, Safety Island Cluster 0 and Primary Compute. * Added support for DSU-120AE in TF-A. * Added support for GIC-720AE in TF-A. * Added support for RoS PLL configuration in SCP-firmware. * Added CPU RAS error handling support in TF-A and SCP-Firmware. * Added configurable Primary Compute CPUs topology feature. * Added Platform Fault Detection Interface (PFDI). * Implemented security features on Primary Compute. * Enabled Trusted Board Boot in TF-A. * Enabled SE-Proxy and SMM Gateway in Trusted Services, to provide secure services to Primary Compute Normal World. * Enabled UEFI secure boot in U-Boot. * Added SystemReady Devicetree ACS 3.0.1 support including Base Boot Security Requirements Self-Certification Test (BBSR SCT) and Firmware Test Suite (BBSR FWTS). * Added unattended and attended distro installation support for: * Debian v12.8.0 * Fedora v39.1.5 * openSUSE v15.5 Limitations ----------- * CSS-Aspen FVP doesn't include a TrustZone Address Space Controller (TZC). Trusted Firmware-A doesn't program TZC to set up security configurations for DRAM or peripherals. * System Memory Management Unit (SMMU) node is excluded from Primary Compute device tree. * PCIe configuration is excluded. * There are 17 unsupported test-cases out of 64 in PSA Crypto API test suite. Failed test cases are skipped to unblock CI pipeline. * The flash device of TF-M Protected Storage (PS) in CSS-Aspen does not support the Replay-Protected Monotonic Counter (RPMC) feature. Instead PS Non-Volatile Counters (NV Counters) are implemented with a limited size in RSE OTP memory. Exceeding 512 writes to PS will cause the PS NV Counters to overflow and may trigger a system panic. Supporting an increase in the number of writes will require an increase in the NV Counter size. Known issues ------------ * The number of available Primary Compute CPUs is currently limited to 4 due to a reboot-related issue. After initiating a reboot from Linux, the Out-of-Reset Platform Fault Detection Interface (PFDI) fails to re-enable all CPU cores. Kronos ====== New features ------------ * Introduced a new build called `Arm Automotive Solutions Demo`, which demonstrates the use cases of the Arm Automotive Solutions Software Reference Stack, including: - Critical Application Monitoring Demo - Safety Island Actuation Demo - Safety Island Communication (utilizing HIPC) - Parsec-enabled TLS Demo - Primary Compute PSA Secure Storage and Crypto APIs Architecture Test Suite - Safety Island PSA Secure Storage APIs Architecture Test Suite - Safety Island PSA Crypto APIs Architecture Test Suite - Fault Management Demo - Secure Firmware Update * Added Debian v12.8.0 distribution unattended installation option. Changed ------- * Updated the build host system requirements to Ubuntu 22.04. * Updated RD-1 AE FVP to 11.29.27 version. .. _v2.0 Kronos limitations: Limitations ----------- * Same as `v1.1.1 Limitations`_. Resolved and known issues ------------------------- Resolved issues ^^^^^^^^^^^^^^^ * Backported PPU AE feature addition in SCP-firmware to align with the Safety Island Cortex-R82AE modeling fix in the RD-1 AE FVP. * Added GIC-720AE IIDR in TF-A to align with the corrected IIDR in the RD-1 AE FVP. .. _v2.0 Kronos known issues: Known issues ^^^^^^^^^^^^ * Same as `v1.1.1 Known Issues`_. ****** v1.1.1 ****** New features ============ No new features were introduced. Changed ======= * Change diagram showing RSE-oriented boot flow to show that RSE BL1_2 is executed from SRAM. * Change diagram showing RSE-oriented boot flow to show that BL2 releases SCP RAMFW from reset. * Change diagram showing Yocto layer dependencies to show that meta-efi-secure-boot depends on meta-perl. * Added command to refresh firmware image before re-running entire ACS test suite. Bug fixes as listed in :ref:`v1.1.1 Resolved issues`. .. _v1.1.1 Limitations: Limitations =========== * The platform lacks hardware support for partitioning DRAM into secure and non-secure regions. Consequently, a non-secure endpoint running on the AP can access the DRAM region allocated for AP BL32, compromising its security. * Same as `v1.1 Limitations`_. Resolved and known issues ========================= .. _v1.1.1 Resolved issues: Resolved issues --------------- * Added Google Analytics extension for Read The Docs to replace removed integrated Google Analytics support. * Fixed incorrect ``if()`` conditional statements in RSE drivers. * Backported fixes for SCP vulnerabilities: * `CVE-2024-9413 `__. * `CVE-2024-11863 `__. * `CVE-2024-11864 `__. * Fixed MHUv3 communication documentation mistake in Secure Services section. * Fixed GIC GICR register region size and PSCI cpu_on function ID in Kronos device tree. .. _v1.1.1 Known issues: Known issues ------------ * Same as `v1.1 Known Issues`_. **** v1.1 **** New features ============ Implementation of UEFI secure boot. Changed ======= * Use the EWAOL Yocto distribution instead of Cassini. * Extended SystemReady IR ACS with the Security Interface Extension (SIE) Self-Certification Test (SCT). * Assembled the firmware images using genimage from the meta-ptx Yocto layer instead of wks/wic images. * Updated support from openSUSE 15.4 to 15.5. * Updated support from Debian 11.7 to 12.4. * Added Fedora 39.1.5 distribution to comply with the SystemReady IR v2.1 requirements. * Added Fedora 39.1.5 distribution unattended installation option. * Added openSUSE 15.5 distribution unattended installation option. * Added compiler tuning for Cortex-R82 to the Zephyr toolchain. * Upgraded from Yocto nanbield to scarthgap. * Introduced the Yocto layer meta-arm-safety-island. * Removed LCP from the boot flow. * Aligned the number of supported MHUv3 channels with the RSE specification. * Enabled TF-A Trusted Board Boot (TBB). * Enabled PSA Internal Trusted Storage API on Primary Compute. * Added an AP_REFCLK non-secure Generic Timer node in Kronos device tree. * Updated identified non-alignments on RD-Kronos for Devicetree missing schemas. * Introduced Safety Island GIC FMU device for Safety Island Cluster 1 and automated tests. * Renamed Runtime Security Subsystem (RSS) to Runtime Security Engine (RSE) to be aligned with TF-M naming. * Fixed the System FMU ERRIIDR register value in the Fault Management driver. * Fixed the GIC-720AE IVIEWRn register offsets in TF-M. * Using bindings of Linux Kernel from 6.3.7 to 6.10 for SystemReady IR Devicetree validation. * Supported EFI System Partition (ESP) checks in Arm Systemready IR ACS test. * Updated Safety Island Actuation Demo from v2.0 to v2.1. * Added Secure Firmware Update support on Virtualization architecture. * Enabled capsule authentication for Secure Firmware Update. * Automated SystemReady IR capsule update test. * Made the Dom0 RAM size configurable. * Exposed the following kas build parameters: * ``CASSINI_ROOTFS_EXTRA_SPACE`` * ``BAREMETAL_IMAGE_MEM_SIZE`` * ``DOM0_MEMORY_SIZE`` * ``DOMU1_MEMORY_SIZE`` * ``DOMU2_MEMORY_SIZE`` * Updated Critical Application Monitoring Demo from v1.0 to v1.1. The versions of the main components used in the Reference Software Stack: .. cspell:disable .. list-table:: :header-rows: 1 * - Component - Version - Source * - Arm Reference Design-1 AE FVP (FVP_RD_1_AE) - 11.27.20 - `FVP download (arm64 host) `__ `FVP download (x86 host) `__ * - RSE (Trusted Firmware-M) - 53aa78efef274b9e46e63b429078ae1863609728 (based on main branch post v1.8.1) - `Trusted Firmware-M repository `__ * - SCP-firmware - cc4c9e017348d92054f74026ee1beb081403c168 (based on main branch post v2.13.0) - `SCP-Firmware repository `__ * - Trusted Firmware-A - 168d78c376b7d39a40320df6852f13b633a4ccee (based on main branch post v2.13.0) - `Trusted Firmware-A repository `__ * - OP-TEE - 3.22.0 - `OP-TEE repository `__ * - Trusted Services - 602be607198ea784bc5ab1c0c9d3ac4e2c67f1d9 (based on main branch, post v1.0.0) - `Trusted Services repository `__ * - U-Boot - 2023.07.02 - `U-Boot repository `__ * - Xen - 4.18 - `Xen repository `__ * - Linux Kernel - 6.6.35 - `Linux repository `__ and `Linux preempt-rt repository `__ * - Zephyr - 3.5.0 - :link_subs:`common:zephyr-repo` * - Safety Island Actuation Demo - v2.1 - `Actuation repository `__ * - Mbed TLS - 1ec69067fa1351427f904362c1221b31538c8b57 (based on 3.5.0) - `Mbed TLS repository `__ * - Critical Application Monitoring - v1.1 - `Critical Application Monitoring repository `__ Third-party Yocto layers used to build the Reference Software Stack: .. code-block:: yaml :substitutions: URL: |meta-arm repository| layers: meta-arm, meta-arm-bsp, meta-arm-systemready, meta-arm-toolchain branch: scarthgap revision: 38bce82e42ea093333a53c4a10e51d1b26cbc989 URL: |meta-cassini repository| layers: meta-cassini-distro, meta-cassini-tests branch: scarthgap tag: v2.0.0 revision: bef1d728c6db464ff89828afae5b51e648058f35 URL: |meta-clang repository| layers: meta-clang branch: scarthgap revision: 0acff283249842eb1f617b20c2ed4ebf9f8e3557 URL: |meta-ewaol repository| layers: meta-ewaol branch: scarthgap tag: ewaol-2.0.0 revision: c28142e72691202ba55a954f0faaed4375615b68 URL: |meta-openembedded repository| layers: meta-filesystems, meta-networking, meta-oe, meta-python, meta-perl branch: scarthgap revision: 78a14731cf0cf38a19ff8bd0e9255b319afaf3a7 URL: |meta-ptx repository| layers: meta-ptx branch: scarthgap revision: 547b079bf309ebe1576aa5ae0d58564feb245a42 URL: |meta-secure-core repository| layers: meta-secure-core-common, meta-efi-secure-boot, meta-signing-key branch: scarthgap revision: f3f928d097917b8a131044fe718440eb7f7e381b URL: |meta-security repository| layers: meta-parsec branch: scarthgap revision: 11ea91192d43d7c2b0b95a93aa63ca7e73e38034 URL: |meta-virtualization repository| layers: meta-virtualization branch: scarthgap revision: 37c06acf58f9020bccfc61954eeefe160642d5f3 URL: |meta-zephyr repository| layers: meta-zephyr-core branch: scarthgap revision: 763c72fc3088fc09ccfde6edfcdad43811d16616 URL: |poky repository| layers: meta, meta-poky branch: scarthgap revision: ca27724b44031fe11b631ee50eb1e20f7a60009d .. _v1.1 Limitations: Limitations =========== * Same as `v1.0 Limitations`_ with the following exception: * Now, the Reference Software Stack also supports the Internal Trusted Storage (ITS) API on the Primary Compute. Resolved and known issues ========================= Resolved issues --------------- * Added runtime checks of Update Capsule flags in U-Boot, which fixed SystemReady IR ACS SCT Update Capsule test failure. * Fixed a bug in TF-M where the RSE communication request from AP was not handled by RSE. .. _v1.1 Known Issues: Known issues ------------ * For Heterogeneous Inter-Processor Communication (HIPC), during ping between Clusters, a transient issue is observed where ICMP replies take longer time to reach the originating Cluster. * The CAM automated validation might rarely fail with the error: "Received timestamp is in the future" in the Safety Island console. This is caused by PTP sync loss between the Primary Compute and Safety Island in the FVP model. * The Virtualization Architecture might rarely fail to boot a DomU, leaving it hanging before reaching its shell. This may be caused by an RCU stalling issue. The last expected line printed by the DomU is (potentially followed by an RCU backtrace): .. code-block:: text Freeing initrd memory: 117108K When running the Automated Validation the output looks like: .. code-block:: text pexpect.exceptions.TIMEOUT: Timeout exceeded. [...] RESULTS - test_10_linuxlogin.LinuxLoginTest.test_linux_login: ERROR To overcome the problem, restart the command that launched the FVP (either directly or through the Automated Validation). * Same as `v1.0 Known Issues`_. **** v1.0 **** New features ============ Implementation of the use cases. The versions of the main components used in the Reference Software Stack: .. cspell:disable .. list-table:: :header-rows: 1 * - Component - Version - Source * - Kronos Reference Design FVP (FVP_RD_Kronos) - 11.25.15 - `FVP download (arm64 host) `__ `FVP download (x86 host) `__ * - RSS (Trusted Firmware-M) - 53aa78efef274b9e46e63b429078ae1863609728 (based on master branch post v1.8.1) - `Trusted Firmware-M repository `__ * - SCP-firmware - cc4c9e017348d92054f74026ee1beb081403c168 (based on master branch post v2.13.0) - `SCP-Firmware repository `__ * - Trusted Firmware-A - 2.8.0 - `Trusted Firmware-A repository `__ * - OP-TEE - 3.22.0 - `OP-TEE repository `__ * - Trusted Services - 08b3d39471f4914186bd23793dc920e83b0e3197 (based on main branch, pre v1.0.0) - `Trusted Services repository `__ * - U-Boot - 2023.07.02 - `U-Boot repository `__ * - Xen - 4.18 - `Xen repository `__ * - Linux Kernel - 6.1.73 - `Linux repository `__ and `Linux preempt-rt repository `__ * - Zephyr - 3.5.0 - `Zephyr repository `__ * - Safety Island Actuation Demo - v2.0 - `Actuation repository `__ * - Mbed TLS - 1ec69067fa1351427f904362c1221b31538c8b57 (based on 3.5.0) - `Mbed TLS repository `__ * - Critical Application Monitoring - v1.0 - `Critical Application Monitoring repository `__ .. cspell:enable Third-party Yocto layers used to build the Reference Software Stack: .. code-block:: yaml :substitutions: URL: |meta-arm repository| layers: meta-arm, meta-arm-bsp, meta-arm-systemready, meta-arm-toolchain branch: kronos-nanbield revision: 5e4851a884985b952b33f6f88a8724fbbe5300ec URL: |meta-cassini repository| layers: meta-cassini-distro branch: nanbield revision: v1.1.0 URL: |meta-clang repository| layers: meta-clang branch: nanbield revision: 5170ec9cdfe215fcef146fa9142521bfad1d7d6c URL: |meta-openembedded repository| layers: meta-filesystems, meta-networking, meta-oe, meta-python branch: nanbield revision: da9063bdfbe130f424ba487f167da68e0ce90e7d URL: |meta-security repository| layers: meta-parsec branch: nanbield revision: 5938fa58396968cc6412b398d403e37da5b27fce URL: |meta-virtualization repository| layers: meta-virtualization branch: nanbield revision: ac125d881f34ff356390e19e02964f8980d4ec38 URL: |meta-zephyr repository| layers: meta-zephyr-core branch: nanbield revision: fa76b75bd65da63abcc2d65dd5d4eb24296f2f65 URL: |poky repository| layers: meta, meta-poky branch: nanbield revision: 1a5c00f00c14cee3ba5d39c8c8db7a9738469eab Changed ======= Initial version. .. _v1.0 Limitations: Limitations =========== * In the HIPC, the iperf parameter "-l/--length" should be less than 1473 (IP and UDP overhead) in the case of Zephyr running as a UDP server since it does not support IP fragmentation. * PSA Secure Storage API defines two interfaces for storages: Internal Trusted Storage (ITS) API and Protected Storage (PS) API. For now the Reference Software Stack supports the ITS API on Safety Island only. * PSA Protected Storage Optional APIs ``psa_ps_create`` and ``psa_ps_extended`` are not supported by Arm Automotive Solutions as they are not implemented in the Protected Storage Service provided by Trusted Firmware-M. * PSA Secure Storage APIs Architecture Test Suite only runs on Cluster 2 in the Safety Island due to the following limitations: * Trusted Firmware-M supports a single partition only. This causes tests running simultaneously on different entities to interfere with each other due to accessing the same assets, resulting in failures. * Trusted Firmware-M has no support against Denial of Service attacks, where a test running on one entity might take up all the storage on the RSS resulting in denial of service for tests running on other entities. Resolved and known issues ========================= .. _v1.0 Known Issues: Known issues ------------ * The automated validation might fail due to the encoding issues in the logs. This has been observed on an AWS aarch64 Graviton 2 build host. In the test logs, the error message that appears is a typical timeout error. The console log appears normal, but some characters are either corrupted or replaced with \00, \x00 or ^@ characters. This issue is likely caused by encoding mismatches or inconsistencies in the logging process, and it could occur in any of the test suites. When this issue occurs, something similar to the following would be observed in the logs: .. cspell:disable .. code-block:: text 52 28 bytes from 192.168.1.2 to 192.168.1.1: icmp_seq=7 ttl=64 time=0.00 ^@s^M or fault set_critical f\00u@2a570000 0x10000600 0 or System shutdown complet\x00 .. cspell:enable If this occurs, trigger the "Automated Validation" again to resolve it. * Automated validation may fail at times due to CPU frequency and throttling issues. If this occurs, trigger the "Automated Validation" again to resolve it. * Refer to `Critical Application Monitoring Known Issues `_ for CAM-related known issues.