Release notes

Important

This page contains release notes for arm-zena-css. For common releases and shared content, refer to the Software Reference Stack release notes.

v2.2

New features

  • Introduced NI-710AE FMU support.

  • Introduced Primary compute standalone reset support.

  • Introduced Cortex-A720AE CPU core RAS FFH support in Linux.

  • Added platform-specific rasdaemon integration for RAS logging on RD-Aspen.

  • Introduced System Monitoring Control Framework.

  • Introduced safety boot support for SI clusters.

  • RSE firmware images Encryption and Decryption.

  • Added support for Linux boot to shell on the Arm Zena CSS Cfg0 RTL.

  • Introduced Secure Firmware Update using capsule-on-disk mechanism.

  • Introduced a Platform Fault Detection Interface for Safety Island Cluster 1.

  • Introduced PFDI monitoring support for Safety Island (SI) cluster 1.

  • SystemReady Devicetree v3.1.1 compliance.

  • Added HIPC support for Baremetal Architecture.

Changed

  • Upgraded openSUSE version to 16.0.

  • Implemented Linux sniff tests for unattended openSUSE installations.

  • Upgraded SystemReady Devicetree ACS version to 3.1.1.

  • Upgraded Trusted Services version to 1.3.0.

  • Upgraded U-Boot version to 2026.01.

  • Replaced Fedora Server with Rocky Linux 10.1.

  • SystemReady builds use upstream Linux device tree (zena-css-fvp.dts)

Resolved issues

  • Fixed an intermittent timeout in the Platform Fault Detection Interface (PFDI) Architecture Compliance Suite (ACS) when running on the Primary Compute. The issue is resolved in version 3.1.1, which is used in this release.

  • Fixed the exclusion of the System Memory Management Unit (SMMU) node from the Primary Compute device tree.

Dependencies

The versions of the main components used in the Reference Software Stack:

Table 21 Component versions

Component

Version

Source

Arm Zena CSS FVP (FVP_RD_Aspen)

11.31.25

FVP Cfg1 download (arm64 host)

FVP Cfg2 download (arm64 host)

FVP Cfg1 download (x86 host)

FVP Cfg2 download (x86 host)

RSE (Trusted Firmware-M)

48bdbb5415ab9241b3dfcc51280b32cfbf285c1a (based on main branch post v2.2.2)

Trusted Firmware-M repository

SCP-firmware

07181be79ae968be1479f0c714325ac1a31fe075 (based on main branch post v2.16.0)

SCP-Firmware repository

Trusted Firmware-A

bacd68ff6d993d7a65791c8693de2e1e738bc4cf (based on master branch post v2.14.0)

Trusted Firmware-A repository

OP-TEE

4936f055618d2a6a57ad6be12d557f2fb47a6e88 (based on master branch post v4.7.0)

OP-TEE repository

Trusted Services

a5db25bc3f2892781a07620af5d6625900988281 (based on integration branch post v1.3.0)

Trusted Services repository

U-Boot

2026.01

U-Boot repository

Xen

4.21

Xen repository

Linux Kernel

6.18.5

Linux repository and Linux preempt-rt repository

Zephyr

4.1.0

Zephyr repository

Third-party Yocto layers used to build the Reference Software Stack:

URL: https://git.yoctoproject.org/meta-arm
layers: meta-arm, meta-arm-bsp, meta-arm-systemready, meta-arm-toolchain
branch: walnascar
revision: 21894cc2ea3197e6bfc1a56d889f757a09dc8b31

URL: https://git.yoctoproject.org/poky
layers: meta, meta-poky
branch: walnascar
tag: yocto-5.2.3
revision: a704e5171ce4f87e27408934b593e5a186ac1960

URL: https://gitlab.arm.com/cassini/meta-cassini
layers: meta-cassini-distro, meta-cassini-tests
branch: walnascar
revision: 4dad481980fb8a700cce8402bece7cf1bebbdee3

URL: https://github.com/kraj/meta-clang
layers: meta-clang
branch: walnascar
revision: 003cba92e982bdd565a6889f28799f8bba14957e

URL: https://gitlab.com/soafee/ewaol/meta-ewaol
layers: meta-ewaol
branch: walnascar
revision: 4ba5f48c4e10ad2a0271bb2287a66688e6c2fa15

URL: https://github.com/eclipse-bluechi/bluechi-on-yocto
layers: meta-bluechi
branch: walnascar
revision: f5f1f43f93939198d64124d85e61370df4fb2c77

URL: https://git.openembedded.org/meta-openembedded
layers: meta-filesystems, meta-networking, meta-oe, meta-python, meta-perl
branch: walnascar
revision: 80ab58cc404959ae2f0e8b2e68935b3bfd8e8cfe

URL: https://github.com/pengutronix/meta-ptx
layers: meta-ptx
branch: walnascar
revision: 23e46e92946ca0a1b1da4cf3ad212169d46b0af8

URL: https://github.com/Wind-River/meta-secure-core
layers: meta-secure-core-common, meta-efi-secure-boot, meta-signing-key, meta-integrity
branch: walnascar
revision: 243281acbb4d3839b80b795030a7f4900e254735

URL: https://git.yoctoproject.org/meta-security
layers: meta-parsec
branch: walnascar
revision: 1f7eeb8e84811fa79b98f236ade42dc52d44cfc6

URL: https://git.yoctoproject.org/meta-virtualization
layers: meta-virtualization
branch: walnascar
revision: 898239e810acbb7db93299f20deec8afe434f11b

URL: https://git.yoctoproject.org/meta-zephyr
layers: meta-zephyr-core
branch: walnascar
revision: 3617fcdfd0f232dcaff4a153e667c26445b2077c

URL: https://gitlab.com/Linaro/cassini/meta-mender
layers: meta-mender
branch: walnascar
revision: cbe7fa19997a5fb462a925552b92a1e19408ed63

Limitations

  • OP-TEE v4.7.0 doesn’t support FF-A Notification pending interrupt and Schedule Receiver interrupt.

    When Linux FF-A driver discovers that those 2 FF-A features are not supported, it outputs the following error message in Application Processor (AP) Non-secure world terminal and terminates notification feature setup. FF-A notification feature is not mandatory and FF-A communication in AP is not affected.

    ARM FF-A: Notification setup failed -95, not enabled

  • Trusted Services (TS) Logging Service is not enabled in CSS-Aspen.

    TS System Management Mode Gateway (SMM Gateway) secure partition outputs the following error messages in AP Secure world terminal, when it attempts to discover Logging Service during its initialization. SMM Gateway functionalities are not changed or affected when Logging Service is not enabled in TS v1.3.0.

    E/SMMGW: open_session:90 sp_msg_send_direct_req(): error -4
E/SMMGW: find_and_open_session:168 no SP found supporting protocol version 1 and the requested service
E/SMMGW: close_session:442 session is already closed
E/SMMGW: ts_rpc_caller_sp_deinit:524 failed to close session
E/SMMGW: sp_init:162 Logging service discovery failed, falling back to console log

  • In the HIPC, the iperf parameter -l/–length should be less than 1473 (IP and UDP overhead) in the case of Zephyr running as a UDP server since it does not support IP fragmentation.

  • FMU software module uses only aggregated outputs from the Fault Management Unit (FMU). The system connects this fault signal to the interrupt controller. When the interrupt controller receives the signal, the FMU software parses the FMU tree. It then locates the corresponding error record. The parsing logic assumes that each leaf FMU provides one critical signal and one non-critical signal. This assumption does not hold for the NI-710AE FMU. This FMU can generate two non-critical faults: corrected errors (CE) and uncorrected errors (UE). The parsing tree supports only one non-critical signal. The system discards the second fault. As a result, the driver cannot identify the fault source or access the error record for the second non-critical fault.

  • There are 4 unsupported test-cases out of 64 in PSA Crypto API test suite. Failed test cases are skipped.

  • RSA is not supported by the current TF-M CryptoCell driver.

  • CSS-Aspen FVP doesn’t include a TrustZone Address Space Controller (TZC). Trusted Firmware-A doesn’t program TZC to set up security configurations for DRAM or peripherals.

  • PCIe configuration is excluded.

  • The flash device of TF-M Protected Storage (PS) in CSS-Aspen does not support the Replay-Protected Monotonic Counter (RPMC) feature. Instead PS Non-Volatile Counters (NV Counters) are implemented with a limited size in RSE OTP memory. Exceeding 512 writes to PS will cause the PS NV Counters to overflow and may trigger a system panic. Supporting an increase in the number of writes will require an increase in the NV Counter size.

  • RSE flash is implemented as part of the wider system rather than within the CSS. The Internal Trusted Storage (ITS) is located in this external flash memory and therefore requires confidentiality, integrity protection, and replay protection against attackers with physical access to the device. These protections are typically achieved through a combination of software-based encryption and authentication, along with hardware features such as flash devices that include replay protection mechanisms or by writing replay protection values through the PSA Internal Trusted Storage (ITS) API.

  • Disabled Fault Management Unit interrupts in the RTL build. These interrupts are currently not enabled due to limitations in the RTL implementation.

Known issues

  • When CSS-Aspen starts for the first time, TS SE-Proxy secure partition outputs the following error messages in AP Secure world terminal.

    E/SEPROXY: secure_storage_ipc_remove:115 ipc_remove: failed to psa_call: -140
E/SEPROXY: secure_storage_ipc_remove:115 ipc_remove: failed to psa_call: -140

    This is normal and expected behavior. When SMM Gateway stores new variables, it calls SE-Proxy to remove 2 SMM variable indexes from RSE Protected Storage (PS) flash and store new ones. On the first boot, the default PS implementation erases PS flash to create an empty flash layout. Those 2 SMM variable indexes don’t exist in PS flash when SMM Gateway attempts to remove them for the first time. As a result, PS returns the error code PSA_ERROR_DOES_NOT_EXIST (-140) to SE-Proxy.

    SMM Gateway will create SMM variable indexes in PS flash if they don’t exist. On subsequent boots, those SMM variable indexes are preserved in PS flash and therefore SE-Proxy does not report this error.

  • Baremetal CFG2 and STL automated tests may intermittently fail when executed in sequence. Re-running the tests typically resolves the issue.

  • After a successful Secure Firmware Update (Secure FWU), any subsequent update attempt will fail. The following message is observed in the AP non-secure world terminal:

    Firmware update failed: <NULL>
Applying capsule fw.cap failed.

    Secure FWU is unable to write images to the FIP_B firmware image bank in AP Flash. This is due to a conflict in the ATU mappings. Specifically, the mapping for the AP Flash region corresponding to FIP_B overlaps with another existing ATU mapping.

Previous releases

For information about previous releases, see: