..
 # SPDX-FileCopyrightText: <text>Copyright 2024-2026 Arm Limited and/or its
 # affiliates <open-source-office@arm.com></text>
 #
 # SPDX-License-Identifier: MIT

#############
Release notes
#############


.. important::

   This page contains release notes for ``arm-zena-css``.
   For common releases and shared content, refer to the `Software Reference Stack release notes <https://arm-auto-solutions.docs.arm.com/en/latest/releasenotes.html>`__.


**********
v2.2
**********

New features
------------

 * Introduced NI-710AE FMU support.
 * Introduced Primary compute standalone reset support.
 * Introduced Cortex-A720AE CPU core RAS FFH support in Linux.
 * Added platform-specific rasdaemon integration for RAS logging on RD-Aspen.
 * Introduced System Monitoring Control Framework.
 * Introduced safety boot support for SI clusters.
 * RSE firmware images Encryption and Decryption.
 * Added support for Linux boot to shell on the Arm Zena CSS Cfg0 RTL.
 * Introduced Secure Firmware Update using capsule-on-disk mechanism.
 * Introduced a Platform Fault Detection Interface for Safety Island Cluster 1.
 * Introduced PFDI monitoring support for Safety Island (SI) cluster 1.
 * SystemReady Devicetree v3.1.1 compliance.
 * Added HIPC support for Baremetal Architecture.

Changed
-------

 * Upgraded openSUSE version to 16.0.
 * Implemented Linux sniff tests for unattended openSUSE installations.
 * Upgraded SystemReady Devicetree ACS version to 3.1.1.
 * Upgraded Trusted Services version to 1.3.0.
 * Upgraded U-Boot version to 2026.01.
 * Replaced Fedora Server with Rocky Linux 10.1.
 * SystemReady builds use upstream Linux device tree (zena-css-fvp.dts)

Resolved issues
---------------
 * Fixed an intermittent timeout in the Platform Fault Detection Interface
   (PFDI) Architecture Compliance Suite (ACS) when running on the Primary
   Compute. The issue is resolved in version 3.1.1, which is used in this
   release.
 * Fixed the exclusion of the System Memory Management Unit (SMMU) node from
   the Primary Compute device tree.
  
Dependencies
------------

The versions of the main components used in the Reference Software Stack:

..
  cspell:disable

.. list-table:: Component versions
   :widths: 20 40 40
   :header-rows: 1

   * - Component
     - Version
     - Source
   * - Arm Zena CSS FVP (FVP_RD_Aspen)
     - 11.31.25
     - `FVP Cfg1 download (arm64 host) <https://developer.arm.com/-/cdn-downloads/permalink/FVPs-Automotive/Arm-Zena-CSS-FVP/FVP_Zena_CSS_Cfg1_11.31_25_Linux_armv8.tar.gz>`__

       `FVP Cfg2 download (arm64 host) <https://developer.arm.com/-/cdn-downloads/permalink/FVPs-Automotive/Arm-Zena-CSS-FVP/FVP_Zena_CSS_Cfg2_11.31_25_Linux_armv8.tar.gz>`__

       `FVP Cfg1 download (x86 host) <https://developer.arm.com/-/cdn-downloads/permalink/FVPs-Automotive/Arm-Zena-CSS-FVP/FVP_Zena_CSS_Cfg1_11.31_25_Linux_x86.tar.gz>`__

       `FVP Cfg2 download (x86 host) <https://developer.arm.com/-/cdn-downloads/permalink/FVPs-Automotive/Arm-Zena-CSS-FVP/FVP_Zena_CSS_Cfg2_11.31_25_Linux_x86.tar.gz>`__
   * - RSE (Trusted Firmware-M)
     - 48bdbb5415ab9241b3dfcc51280b32cfbf285c1a (based on main branch post v2.2.2)
     - `Trusted Firmware-M repository <https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/+/48bdbb5415ab9241b3dfcc51280b32cfbf285c1a>`__
   * - SCP-firmware
     - 07181be79ae968be1479f0c714325ac1a31fe075 (based on main branch post v2.16.0)
     - `SCP-Firmware repository <https://git.gitlab.arm.com/firmware/SCP-firmware/-/tree/07181be79ae968be1479f0c714325ac1a31fe075>`__
   * - Trusted Firmware-A
     - bacd68ff6d993d7a65791c8693de2e1e738bc4cf (based on master branch post v2.14.0)
     - `Trusted Firmware-A repository <https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/+/bacd68ff6d993d7a65791c8693de2e1e738bc4cf>`__
   * - OP-TEE
     - 4936f055618d2a6a57ad6be12d557f2fb47a6e88 (based on master branch post v4.7.0)
     - `OP-TEE repository <https://github.com/OP-TEE/optee_os/commit/4936f055618d2a6a57ad6be12d557f2fb47a6e88>`__
   * - Trusted Services
     - a5db25bc3f2892781a07620af5d6625900988281 (based on integration branch post v1.3.0)
     - `Trusted Services repository <https://git.trustedfirmware.org/TS/trusted-services.git/+/a5db25bc3f2892781a07620af5d6625900988281>`__
   * - U-Boot
     - 2026.01
     - `U-Boot repository <https://source.denx.de/u-boot/u-boot/-/tree/v2026.01>`__
   * - Xen
     - 4.21
     - `Xen repository <https://xenbits.xen.org/gitweb/?p=xen.git;a=tree;h=refs/heads/stable-4.21>`__
   * - Linux Kernel
     - 6.18.5
     - `Linux repository <https://git.yoctoproject.org/linux-yocto/log/?h=v6.18%2Fstandard%2Fbase&id=0d1b47da567fe4d6ff80c562b706e7a9232d3553>`__ and `Linux preempt-rt repository <https://git.yoctoproject.org/linux-yocto/log/?h=v6.18%2Fstandard%2Fpreempt-rt%2Fbase&id=878f4a23dbbd21b2eaa97cd82be39db3131f26e3>`__
   * - Zephyr
     - 4.1.0
     - `Zephyr repository <https://github.com/zephyrproject-rtos/zephyr/tree/v4.1-branch>`__


Third-party Yocto layers used to build the Reference Software Stack:

  .. code-block:: yaml
    :substitutions:

    URL: |meta-arm repository|
    layers: meta-arm, meta-arm-bsp, meta-arm-systemready, meta-arm-toolchain
    branch: walnascar
    revision: 21894cc2ea3197e6bfc1a56d889f757a09dc8b31

    URL: |poky repository|
    layers: meta, meta-poky
    branch: walnascar
    tag: yocto-5.2.3
    revision: a704e5171ce4f87e27408934b593e5a186ac1960

    URL: |meta-cassini repository|
    layers: meta-cassini-distro, meta-cassini-tests
    branch: walnascar
    revision: 4dad481980fb8a700cce8402bece7cf1bebbdee3

    URL: |meta-clang repository|
    layers: meta-clang
    branch: walnascar
    revision: 003cba92e982bdd565a6889f28799f8bba14957e

    URL: |meta-ewaol repository|
    layers: meta-ewaol
    branch: walnascar
    revision: 4ba5f48c4e10ad2a0271bb2287a66688e6c2fa15

    URL: |meta-bluechi repository|
    layers: meta-bluechi
    branch: walnascar
    revision: f5f1f43f93939198d64124d85e61370df4fb2c77

    URL: |meta-openembedded repository|
    layers: meta-filesystems, meta-networking, meta-oe, meta-python, meta-perl
    branch: walnascar
    revision: 80ab58cc404959ae2f0e8b2e68935b3bfd8e8cfe

    URL: |meta-ptx repository|
    layers: meta-ptx
    branch: walnascar
    revision: 23e46e92946ca0a1b1da4cf3ad212169d46b0af8

    URL: |meta-secure-core repository|
    layers: meta-secure-core-common, meta-efi-secure-boot, meta-signing-key, meta-integrity
    branch: walnascar
    revision: 243281acbb4d3839b80b795030a7f4900e254735

    URL: |meta-security repository|
    layers: meta-parsec
    branch: walnascar
    revision: 1f7eeb8e84811fa79b98f236ade42dc52d44cfc6

    URL: |meta-virtualization repository|
    layers: meta-virtualization
    branch: walnascar
    revision: 898239e810acbb7db93299f20deec8afe434f11b

    URL: |meta-zephyr repository|
    layers: meta-zephyr-core
    branch: walnascar
    revision: 3617fcdfd0f232dcaff4a153e667c26445b2077c

    URL: |meta-mender repository|
    layers: meta-mender
    branch: walnascar
    revision: cbe7fa19997a5fb462a925552b92a1e19408ed63


 .. _RD-Aspen_limitations:

Limitations
-----------

 * OP-TEE v4.7.0 doesn't support FF-A Notification pending interrupt and
   Schedule Receiver interrupt.

   When Linux FF-A driver discovers that those 2 FF-A features are not
   supported, it outputs the following error message in Application Processor
   (AP) Non-secure world terminal and terminates notification feature setup.
   FF-A notification feature is not mandatory and FF-A communication in AP is
   not affected.

   .. cspell:disable

   .. code-block:: console

     ARM FF-A: Notification setup failed -95, not enabled

   .. cspell:enable

 * Trusted Services (TS) Logging Service is not enabled in CSS-Aspen.

   TS System Management Mode Gateway (SMM Gateway) secure partition outputs the
   following error messages in AP Secure world terminal, when it attempts to
   discover Logging Service during its initialization.
   SMM Gateway functionalities are not changed or affected when Logging Service
   is not enabled in TS v1.3.0.

   .. cspell:disable

   .. code-block:: console

     E/SMMGW: open_session:90 sp_msg_send_direct_req(): error -4
     E/SMMGW: find_and_open_session:168 no SP found supporting protocol version 1 and the requested service
     E/SMMGW: close_session:442 session is already closed
     E/SMMGW: ts_rpc_caller_sp_deinit:524 failed to close session
     E/SMMGW: sp_init:162 Logging service discovery failed, falling back to console log

   .. cspell:enable

 * In the HIPC, the ``iperf`` parameter ``-l/–length`` should be less than 1473
   (IP and UDP overhead) in the case of Zephyr running as a UDP server since it
   does not support IP fragmentation.

 * FMU software module uses only aggregated outputs from the
   Fault Management Unit (FMU). The system connects this fault signal to the
   interrupt controller. When the interrupt controller receives the signal, the
   FMU software parses the FMU tree. It then locates the corresponding error
   record. The parsing logic assumes that each leaf FMU provides one critical
   signal and one non-critical signal. This assumption does not hold for the
   NI-710AE FMU. This FMU can generate two non-critical faults: corrected errors
   (CE) and uncorrected errors (UE). The parsing tree supports only one
   non-critical signal. The system discards the second fault. As a result, the
   driver cannot identify the fault source or access the error record for the
   second non-critical fault.

 * There are 4 unsupported test-cases out of 64 in PSA Crypto API test suite. 
   Failed test cases are skipped.

 * RSA is not supported by the current TF-M CryptoCell driver.
  
 * CSS-Aspen FVP doesn’t include a TrustZone Address Space Controller (TZC). 
   Trusted Firmware-A doesn’t program TZC to set up security configurations for 
   DRAM or peripherals.

 * PCIe configuration is excluded.
  
 * The flash device of TF-M Protected Storage (PS) in CSS-Aspen does not support 
   the Replay-Protected Monotonic Counter (RPMC) feature. Instead PS Non-Volatile 
   Counters (NV Counters) are implemented with a limited size in RSE OTP memory. 
   Exceeding 512 writes to PS will cause the PS NV Counters to overflow and may 
   trigger a system panic. Supporting an increase in the number of writes will 
   require an increase in the NV Counter size.

 * RSE flash is implemented as part of the wider system rather than within the CSS. 
   The Internal Trusted Storage (ITS) is located in this external flash memory and 
   therefore requires confidentiality, integrity protection, and replay protection 
   against attackers with physical access to the device. 
   These protections are typically achieved through a combination of software-based 
   encryption and authentication, along with hardware features such as flash devices 
   that include replay protection mechanisms or by writing replay protection values 
   through the PSA Internal Trusted Storage (ITS) API.

 * Disabled Fault Management Unit interrupts in the RTL build.
   These interrupts are currently not enabled due to limitations in the RTL implementation.

Known issues
------------

 * When CSS-Aspen starts for the first time, TS SE-Proxy secure partition
   outputs the following error messages in AP Secure world terminal.

   .. cspell:disable

   .. code-block:: console

     E/SEPROXY: secure_storage_ipc_remove:115 ipc_remove: failed to psa_call: -140
     E/SEPROXY: secure_storage_ipc_remove:115 ipc_remove: failed to psa_call: -140

   .. cspell:enable

   This is normal and expected behavior. When SMM Gateway stores new variables,
   it calls SE-Proxy to remove 2 SMM variable indexes from RSE Protected Storage
   (PS) flash and store new ones.
   On the first boot, the default PS implementation erases PS flash to create an
   empty flash layout. Those 2 SMM variable indexes don't exist in PS flash when
   SMM Gateway attempts to remove them for the first time. As a result, PS
   returns the error code ``PSA_ERROR_DOES_NOT_EXIST`` (``-140``) to SE-Proxy.

   SMM Gateway will create SMM variable indexes in PS flash if they don't exist.
   On subsequent boots, those SMM variable indexes are preserved in PS flash and
   therefore SE-Proxy does not report this error.

 * Baremetal CFG2 and STL automated tests may intermittently fail when executed 
   in sequence. Re-running the tests typically resolves the issue.

 * After a successful Secure Firmware Update (Secure FWU), any subsequent update
   attempt will fail. The following message is observed in the AP non-secure
   world terminal:

   .. cspell:disable

   .. code-block:: console

     Firmware update failed: <NULL>
     Applying capsule fw.cap failed.

   .. cspell:enable

   Secure FWU is unable to write images to the ``FIP_B`` firmware image bank in
   AP Flash. This is due to a conflict in the ATU mappings. Specifically, the
   mapping for the AP Flash region corresponding to ``FIP_B`` overlaps with
   another existing ATU mapping.

Previous releases
=================

For information about previous releases, see:

* `v2.1.1 release notes <https://arm-auto-solutions.docs.arm.com/en/v2.1.1/releasenotes.html>`__