diff --git a/meta-arm/.gitlab-ci.yml b/meta-arm/.gitlab-ci.yml
index 15cf4ec..d6ac361 100644
--- a/meta-arm/.gitlab-ci.yml
+++ b/meta-arm/.gitlab-ci.yml
@@ -1,4 +1,4 @@
-image: ${MIRROR_GHCR}/siemens/kas/kas:4.0
+image: ${MIRROR_GHCR}/siemens/kas/kas:4.3.1
 
 variables:
   # These are needed as the k8s executor doesn't respect the container
@@ -186,56 +186,66 @@
   extends: .build
   parallel:
     matrix:
-      - KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
+      - KERNEL: [linux-yocto, linux-yocto-rt]
         TOOLCHAINS: [gcc, clang]
         TESTING: testimage
+      - KERNEL: linux-yocto-dev
+        TESTING: testimage
 
 qemuarm64-secureboot:
   extends: .build
   parallel:
     matrix:
-      - KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
+      - KERNEL: [linux-yocto, linux-yocto-rt]
         TOOLCHAINS: [gcc, clang]
         TCLIBC: [glibc, musl]
         TS: [none, qemuarm64-secureboot-ts]
         TESTING: testimage
+      - KERNEL: linux-yocto-dev
+        TESTING: testimage
 
 qemuarm64:
   extends: .build
   parallel:
     matrix:
       - DISTRO: poky
-        KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
+        KERNEL: [linux-yocto, linux-yocto-rt]
         TOOLCHAINS: [gcc, clang]
         FIRMWARE: [u-boot, edk2]
         TESTING: testimage
       - DISTRO: poky-tiny
         TESTING: testimage
       - VIRT: xen
+      - KERNEL: linux-yocto-dev
+        TESTING: testimage
 
 qemuarm-secureboot:
   extends: .build
   parallel:
     matrix:
-      - KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
+      - KERNEL: [linux-yocto, linux-yocto-rt]
         TOOLCHAINS: [gcc, clang]
         TCLIBC: [glibc, musl]
         TESTING: testimage
       - TOOLCHAINS: external-gccarm
         TESTING: testimage
+      - KERNEL: linux-yocto-dev
+        TESTING: testimage
 
 qemuarm:
   extends: .build
   parallel:
     matrix:
       - DISTRO: poky
-        KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
+        KERNEL: [linux-yocto, linux-yocto-rt]
         TOOLCHAINS: [gcc, clang]
         FIRMWARE: [u-boot, edk2]
         TESTING: testimage
       - DISTRO: poky-tiny
         TESTING: testimage
       - VIRT: xen
+      - KERNEL: linux-yocto-dev
+        TESTING: testimage
 
 qemuarmv5:
   extends: .build
diff --git a/meta-arm/README.md b/meta-arm/README.md
index 82c326d..e77e5ac 100644
--- a/meta-arm/README.md
+++ b/meta-arm/README.md
@@ -29,6 +29,13 @@
 
   This directory contains scripts used in running the CI tests
 
+Mailing List
+------------
+To interact with the meta-arm developer community, please email the meta-arm mailing list at meta-arm@lists.yoctoproject.org
+Currently, it is configured to only allow emails to members from those subscribed.
+To subscribe to the meta-arm mailing list, please go to
+https://lists.yoctoproject.org/g/meta-arm
+
 Contributing
 ------------
 Currently, we only accept patches from the meta-arm mailing list.  For general
@@ -49,6 +56,13 @@
 
   arm-toolchain/gcc: enable foobar v2
 
+Releases and Release Schedule
+--------------
+We follow the Yocto Project release methodology, schedule, and stable/LTS support timelines.  For more information on these, please reference:
+https://docs.yoctoproject.org/ref-manual/release-process.html
+https://wiki.yoctoproject.org/wiki/Releases
+https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS
+
 Reporting bugs
 --------------
 E-mail meta-arm@lists.yoctoproject.org with the error encountered and the steps
diff --git a/meta-arm/SECURITY.md b/meta-arm/SECURITY.md
new file mode 100644
index 0000000..0fa6cbc
--- /dev/null
+++ b/meta-arm/SECURITY.md
@@ -0,0 +1,37 @@
+# Reporting vulnerabilities
+
+Arm takes security issues seriously and welcomes feedback from researchers and
+the security community in order to improve the security of its products and
+services. We operate a coordinated disclosure policy for disclosing
+vulnerabilities and other security issues.
+
+Security issues can be complex and one single timescale doesn't fit all
+circumstances. We will make best endeavours to inform you when we expect
+security notifications and fixes to be available and facilitate coordinated
+disclosure when notifications and patches/mitigations are available.
+
+
+## How to Report a Potential Vulnerability?
+
+If you would like to report a public issue (for example, one with a released CVE
+number), please contact the meta-arm mailing list at
+meta-arm@lists.yoctoproject.org and arm-security@arm.com.
+
+If you are dealing with a not-yet released or urgent issue, please send a mail
+to the maintainers (see README.md) and arm-security@arm.com, including as much
+detail as possible.  Encrypted emails using PGP are welcome.
+
+For more information, please visit https://developer.arm.com/support/arm-security-updates/report-security-vulnerabilities.
+
+
+## Branches maintained with security fixes
+
+meta-arm follows the Yocto release model, so see
+[https://wiki.yoctoproject.org/wiki/Stable_Release_and_LTS Stable release and
+LTS] for detailed info regarding the policies and maintenance of stable
+branches.
+
+The [https://wiki.yoctoproject.org/wiki/Releases Release page] contains a list of all
+releases of the Yocto Project. Versions in grey are no longer actively maintained with
+security patches, but well-tested patches may still be accepted for them for
+significant issues.
diff --git a/meta-arm/ci/check-warnings b/meta-arm/ci/check-warnings
index 89ae955..cdf84aa 100755
--- a/meta-arm/ci/check-warnings
+++ b/meta-arm/ci/check-warnings
@@ -7,7 +7,7 @@
 
 LOGFILE=$1
 
-LINES=$(grep --invert-match "attempting MIRRORS if available" $LOGFILE | wc -l)
+LINES=$(sed -e "/attempting MIRRORS if available/d" -e "/Error parsing .*netrc:/d" $LOGFILE | wc -l)
 if test "$LINES" -ne 0; then
     echo ==============================
     echo The build had warnings/errors:
diff --git a/meta-arm/ci/corstone1000-common.yml b/meta-arm/ci/corstone1000-common.yml
index 4c71517..7fe9e87 100644
--- a/meta-arm/ci/corstone1000-common.yml
+++ b/meta-arm/ci/corstone1000-common.yml
@@ -4,44 +4,7 @@
     - ci/base.yml
     - ci/meta-openembedded.yml
     - ci/meta-secure-core.yml
-
-local_conf_header:
-  extrapackages: |
-    # Intentionally blank to prevent perf from being added to the image in base.yml
-
-  firmwarebuild: |
-    # Only needed as kas doesn't add it automatically unless you have 2 targets in seperate configs
-    BBMULTICONFIG ?= "firmware"
-
-  distrosetup: |
-    DISTRO_FEATURES = "usbhost ipv4"
-
-  initramfsetup: |
-    # Telling the build system which image is responsible of the generation of the initramfs rootfs
-    INITRAMFS_IMAGE_BUNDLE:firmware = "1"
-    INITRAMFS_IMAGE:firmware ?= "core-image-minimal"
-    IMAGE_FSTYPES:firmware:pn-core-image-minimal = "${INITRAMFS_FSTYPES}"
-    IMAGE_NAME_SUFFIX:firmware = ""
-
-    # enable mdev/busybox for init
-    INIT_MANAGER:firmware = "mdev-busybox"
-    VIRTUAL-RUNTIME_init_manager:firmware = "busybox"
-
-    # prevent the kernel image from being included in the intramfs rootfs
-    PACKAGE_EXCLUDE:firmware += "kernel-image-*"
-
-    # Disable openssl in kmod to shrink the initramfs size
-    PACKAGECONFIG:remove:firmware:pn-kmod = "openssl"
-
-  imageextras: |
-    # Don't include kernel binary in rootfs /boot path
-    RRECOMMENDS:${KERNEL_PACKAGE_NAME}-base = ""
-
-    # all optee packages
-    CORE_IMAGE_EXTRA_INSTALL += "optee-client"
-
-    # TS PSA API tests commands for crypto, its, ps and iat
-    CORE_IMAGE_EXTRA_INSTALL += "packagegroup-ts-tests-psa"
+    - kas/corstone1000-image-configuration.yml
 
 target:
   - core-image-minimal
diff --git a/meta-arm/ci/corstone1000-firmware-only.yml b/meta-arm/ci/corstone1000-firmware-only.yml
index 9cc4299..8af0146 100644
--- a/meta-arm/ci/corstone1000-firmware-only.yml
+++ b/meta-arm/ci/corstone1000-firmware-only.yml
@@ -1,24 +1,8 @@
 ---
 header:
   version: 14
-
-local_conf_header:
-  rescuebuild: |
-    # Need to ensure the rescue linux options are selected
-    OVERRIDES .= ":firmware"
-
-    # Need to ensure we build with a small libc
-    TCLIBC="musl"
-
-  mass-storage: |
-    # Ensure the Mass Storage device is absent
-    FVP_CONFIG[board.msd_mmc.p_mmc_file] = "invalid.dat"
-
-  test-configuration: |
-    TEST_SUITES = "_qemutiny ping"
-    # Remove Dropbear SSH as it will not fit into the corstone1000 image.
-    IMAGE_FEATURES:remove = "ssh-server-dropbear"
-    CORE_IMAGE_EXTRA_INSTALL:remove = "ssh-pregen-hostkeys"
+  includes:
+    - kas/corstone1000-firmware-only.yml
 
 target:
   - corstone1000-flash-firmware-image
diff --git a/meta-arm/ci/toolchains.yml b/meta-arm/ci/toolchains.yml
index 9b63bf2..056269b 100644
--- a/meta-arm/ci/toolchains.yml
+++ b/meta-arm/ci/toolchains.yml
@@ -16,5 +16,3 @@
   - nativesdk-gcc-aarch64-none-elf
   - gcc-arm-none-eabi
   - nativesdk-gcc-arm-none-eabi
-  - gcc-arm-none-eabi-11.2
-  - nativesdk-gcc-arm-none-eabi-11.2
diff --git a/meta-arm/kas/corstone1000-base.yml b/meta-arm/kas/corstone1000-base.yml
index 1ab6545..a8b9860 100644
--- a/meta-arm/kas/corstone1000-base.yml
+++ b/meta-arm/kas/corstone1000-base.yml
@@ -1,14 +1,11 @@
 header:
   version: 14
 
-env:
-  DISPLAY: ""
-
-distro: poky-tiny
+distro: poky
 
 defaults:
   repos:
-    branch: nanbield
+    branch: master
 
 repos:
   meta-arm:
@@ -19,14 +16,14 @@
 
   poky:
     url: https://git.yoctoproject.org/git/poky
-    commit: 2e9c2a2381105f1306bcbcb54816cbc5d8110eff
+    # commit: 2e9c2a2381105f1306bcbcb54816cbc5d8110eff
     layers:
       meta:
       meta-poky:
 
   meta-openembedded:
     url: https://git.openembedded.org/meta-openembedded
-    commit: 1750c66ae8e4268c472c0b2b94748a59d6ef866d
+    # commit: 1750c66ae8e4268c472c0b2b94748a59d6ef866d
     layers:
       meta-oe:
       meta-python:
@@ -34,15 +31,17 @@
 
   meta-secure-core:
     url: https://github.com/wind-river/meta-secure-core.git
-    commit: e29165a1031dcf601edbed1733cedd64826672a5
+    # commit: e29165a1031dcf601edbed1733cedd64826672a5
     layers:
-      meta:
+      meta-secure-core-common:
       meta-signing-key:
       meta-efi-secure-boot:
 
 local_conf_header:
   base: |
     CONF_VERSION = "2"
+
+  setup: |
     PACKAGE_CLASSES = "package_ipk"
     BB_NUMBER_THREADS ?= "16"
     PARALLEL_MAKE ?= "-j16"
@@ -51,4 +50,4 @@
 machine: unset
 
 target:
-  - corstone1000-image
+  - corstone1000-flash-firmware-image
diff --git a/meta-arm/kas/corstone1000-firmware-only.yml b/meta-arm/kas/corstone1000-firmware-only.yml
new file mode 100644
index 0000000..f164036
--- /dev/null
+++ b/meta-arm/kas/corstone1000-firmware-only.yml
@@ -0,0 +1,21 @@
+---
+header:
+  version: 14
+
+local_conf_header:
+  firmwarebuild: |
+    # Need to ensure the rescue linux options are selected
+    OVERRIDES .= ":firmware"
+
+    # Need to ensure we build with a small libc
+    TCLIBC="musl"
+
+  mass-storage: |
+    # Ensure the Mass Storage device is absent
+    FVP_CONFIG[board.msd_mmc.p_mmc_file] = "invalid.dat"
+
+  test-configuration: |
+    TEST_SUITES = "_qemutiny ping"
+    # Remove Dropbear SSH as it will not fit into the corstone1000 image.
+    IMAGE_FEATURES:remove = "ssh-server-dropbear"
+    CORE_IMAGE_EXTRA_INSTALL:remove = "ssh-pregen-hostkeys"
diff --git a/meta-arm/kas/corstone1000-fvp.yml b/meta-arm/kas/corstone1000-fvp.yml
index abf4070..0d6d5fe 100644
--- a/meta-arm/kas/corstone1000-fvp.yml
+++ b/meta-arm/kas/corstone1000-fvp.yml
@@ -2,15 +2,22 @@
   version: 14
   includes:
     - kas/corstone1000-base.yml
+    - kas/corstone1000-image-configuration.yml
+    - kas/corstone1000-firmware-only.yml
     - kas/fvp-eula.yml
 
-machine: corstone1000-fvp
+env:
+  DISPLAY:
+  WAYLAND_DISPLAY:
+  XAUTHORITY:
 
 local_conf_header:
-    fvp-config: |
-        # Remove Dropbear SSH as it will not fit into the corstone1000 image.
-        IMAGE_FEATURES:remove = " ssh-server-dropbear"
-        INHERIT += "fvpboot"
+  testimagefvp: |
+    LICENSE_FLAGS_ACCEPTED += "Arm-FVP-EULA"
+    IMAGE_CLASSES += "fvpboot"
 
-target:
-  - corstone1000-image
+  mass-storage: |
+    # Ensure the Mass Storage device is absent
+    FVP_CONFIG[board.msd_mmc.p_mmc_file] = "invalid.dat"
+
+machine: corstone1000-fvp
diff --git a/meta-arm/kas/corstone1000-image-configuration.yml b/meta-arm/kas/corstone1000-image-configuration.yml
new file mode 100644
index 0000000..2b28522
--- /dev/null
+++ b/meta-arm/kas/corstone1000-image-configuration.yml
@@ -0,0 +1,40 @@
+header:
+  version: 14
+
+local_conf_header:
+  extrapackages: |
+    # Intentionally blank to prevent perf from being added to the image in base.yml
+
+  firmwarebuild: |
+    # Only needed as kas doesn't add it automatically unless you have 2 targets in seperate configs
+    BBMULTICONFIG ?= "firmware"
+
+  distrosetup: |
+    DISTRO_FEATURES = "usbhost ipv4"
+
+  initramfsetup: |
+    # Telling the build system which image is responsible of the generation of the initramfs rootfs
+    INITRAMFS_IMAGE_BUNDLE:firmware = "1"
+    INITRAMFS_IMAGE:firmware ?= "core-image-minimal"
+    IMAGE_FSTYPES:firmware:pn-core-image-minimal = "${INITRAMFS_FSTYPES}"
+    IMAGE_NAME_SUFFIX:firmware = ""
+
+    # enable mdev/busybox for init
+    INIT_MANAGER:firmware = "mdev-busybox"
+    VIRTUAL-RUNTIME_init_manager:firmware = "busybox"
+
+    # prevent the kernel image from being included in the intramfs rootfs
+    PACKAGE_EXCLUDE:firmware += "kernel-image-*"
+
+    # Disable openssl in kmod to shrink the initramfs size
+    PACKAGECONFIG:remove:firmware:pn-kmod = "openssl"
+
+  imageextras: |
+    # Don't include kernel binary in rootfs /boot path
+    RRECOMMENDS:${KERNEL_PACKAGE_NAME}-base = ""
+
+    # all optee packages
+    CORE_IMAGE_EXTRA_INSTALL += "optee-client"
+
+    # TS PSA API tests commands for crypto, its, ps and iat
+    CORE_IMAGE_EXTRA_INSTALL += "packagegroup-ts-tests-psa"
diff --git a/meta-arm/kas/corstone1000-mps3.yml b/meta-arm/kas/corstone1000-mps3.yml
index 7d63a18..30f465a 100644
--- a/meta-arm/kas/corstone1000-mps3.yml
+++ b/meta-arm/kas/corstone1000-mps3.yml
@@ -2,5 +2,7 @@
   version: 14
   includes:
     - kas/corstone1000-base.yml
+    - kas/corstone1000-image-configuration.yml
+    - kas/corstone1000-firmware-only.yml
 
 machine: corstone1000-mps3
diff --git a/meta-arm/meta-arm-bsp/conf/layer.conf b/meta-arm/meta-arm-bsp/conf/layer.conf
index 543b8c2..9013d11 100644
--- a/meta-arm/meta-arm-bsp/conf/layer.conf
+++ b/meta-arm/meta-arm-bsp/conf/layer.conf
@@ -24,3 +24,5 @@
     meta-arm-systemready:${LAYERDIR}/dynamic-layers/meta-arm-systemready/*/*/*.bb \
     meta-arm-systemready:${LAYERDIR}/dynamic-layers/meta-arm-systemready/*/*/*.bbappend \
 "
+
+WARN_QA:append:layer-meta-arm-bsp = " patch-status"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc
index 8d79342..a82d007 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc
@@ -3,11 +3,11 @@
 MACHINEOVERRIDES =. "corstone1000:"
 
 # TF-M
-PREFERRED_VERSION_trusted-firmware-m ?= "1.8.%"
+PREFERRED_VERSION_trusted-firmware-m ?= "2.0.%"
 
 # TF-A
 TFA_PLATFORM = "corstone1000"
-PREFERRED_VERSION_trusted-firmware-a ?= "2.9.%"
+PREFERRED_VERSION_trusted-firmware-a ?= "2.10.%"
 PREFERRED_VERSION_tf-a-tests ?= "2.8.%"
 
 TFA_BL2_BINARY = "bl2-corstone1000.bin"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/n1sdp.conf b/meta-arm/meta-arm-bsp/conf/machine/n1sdp.conf
index 12b22ce..662cf62 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/n1sdp.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/n1sdp.conf
@@ -27,7 +27,7 @@
 # TF-A
 EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
 TFA_PLATFORM = "n1sdp"
-PREFERRED_VERSION_trusted-firmware-a ?= "2.9.%"
+PREFERRED_VERSION_trusted-firmware-a ?= "2.10.%"
 PREFERRED_VERSION_tf-a-tests ?= "2.10.%"
 
 # SCP
@@ -35,7 +35,7 @@
 
 #UEFI EDK2 firmware
 EXTRA_IMAGEDEPENDS += "edk2-firmware"
-PREFERRED_VERSION_edk2-firmware ?= "202305"
+PREFERRED_VERSION_edk2-firmware ?= "202311"
 
 #optee
 PREFERRED_VERSION_optee-os ?= "4.1.%"
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png
index 399f875..578f038 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png
Binary files differ
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/index.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/index.rst
index 8626c42..cbe78c5 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/index.rst
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/index.rst
@@ -1,11 +1,21 @@
 ..
- # Copyright (c) 2022, Arm Limited.
+ # Copyright (c) 2022, 2024, Arm Limited.
  #
  # SPDX-License-Identifier: MIT
 
-################
-ARM Corstone1000
-################
+#################
+Arm Corstone-1000
+#################
+
+*************************
+Disclaimer
+*************************
+
+Arm reference solutions are Arm public example software projects that track and
+pull upstream components, incorporating their respective security fixes
+published over time. Arm partners are responsible for ensuring that the
+components they use contain all the required security fixes, if and when they
+deploy a product derived from Arm reference solutions.
 
 .. toctree::
    :maxdepth: 1
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst
index a308e42..dc1d102 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst
@@ -1,5 +1,5 @@
 ..
- # Copyright (c) 2022-2023, Arm Limited.
+ # Copyright (c) 2022-2024, Arm Limited.
  #
  # SPDX-License-Identifier: MIT
 
@@ -152,7 +152,7 @@
 
     pip3 install kas
 
-If 'kas' command is not found in command-line, please make sure the user installation directories are visible on $PATH. If you have sudo rights, try 'sudo pip3 install kas'. 
+If 'kas' command is not found in command-line, please make sure the user installation directories are visible on $PATH. If you have sudo rights, try 'sudo pip3 install kas'.
 
 In the top directory of the workspace ``<_workspace>``, run:
 
@@ -171,7 +171,7 @@
 by setting the ARM_FVP_EULA_ACCEPT environment variable as follows:
 
 ::
-  
+
     export ARM_FVP_EULA_ACCEPT="True"
 
 then run:
@@ -189,12 +189,12 @@
  - ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/`` folder for FPGA build.
 
 Everything apart from the Secure Enclave ROM firmware and External System firmware, is bundled into a single binary, the
-``corstone1000-image-corstone1000-{mps3,fvp}.wic`` file.
+``corstone1000-flash-firmware-image-corstone1000-{mps3,fvp}.wic`` file.
 
 The output binaries run in the Corstone-1000 platform are the following:
  - The Secure Enclave ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/bl1.bin``
  - The External System firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/es_flashfw.bin``
- - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/corstone1000-image-corstone1000-{mps3,fvp}.wic``
+ - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-{mps3,fvp}/corstone1000-flash-firmware-image-corstone1000-{mps3,fvp}.wic``
 
 Flash the firmware image on FPGA
 --------------------------------
@@ -252,17 +252,17 @@
 
   [IMAGES]
   TOTALIMAGES: 3      ;Number of Images (Max: 32)
-   
+
   IMAGE0PORT: 1
   IMAGE0ADDRESS: 0x00_0000_0000
   IMAGE0UPDATE: RAM
   IMAGE0FILE: \SOFTWARE\bl1.bin
-   
+
   IMAGE1PORT: 0
   IMAGE1ADDRESS: 0x00_0000_0000
   IMAGE1UPDATE: AUTOQSPI
   IMAGE1FILE: \SOFTWARE\cs1000.bin
-   
+
   IMAGE2PORT: 2
   IMAGE2ADDRESS: 0x00_0000_0000
   IMAGE2UPDATE: RAM
@@ -273,7 +273,7 @@
 1. Copy ``bl1.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle.
 2. Copy ``es_flashfw.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle
    and rename the binary to ``es0.bin``.
-3. Copy ``corstone1000-image-corstone1000-mps3.wic`` from OUTPUT_DIR directory to SOFTWARE
+3. Copy ``corstone1000-flash-firmware-image-corstone1000-mps3.wic`` from OUTPUT_DIR directory to SOFTWARE
    directory of the FPGA bundle and rename the wic image to ``cs1000.bin``.
 
 **NOTE:** Renaming of the images are required because MCC firmware has
@@ -337,7 +337,7 @@
 
 ::
 
-<_workspace>/meta-arm/scripts/runfvp <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- --version
+  kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp -- --version"
 
 The FVP can also be manually downloaded from the `Arm Ecosystem FVPs`_ page. On this page, navigate
 to "Corstone IoT FVPs" section to download the Corstone-1000 platform FVP installer.  Follow the
@@ -347,7 +347,7 @@
 
 ::
 
-<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf
+  kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm"
 
 When the script is executed, three terminal instances will be launched, one for the boot processor
 (aka Secure Enclave) processing element and two for the Host processing element. Once the FVP is
@@ -488,7 +488,7 @@
 
 ::
 
-   <_workspace>/meta-arm/scripts/runfvp <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${<path-to-img>/ir_acs_live_image.img}" -C board.msd_mmc_2.p_mmc_file="${<path-to-img>/corstone1000-efi-partition.img}"
+   kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp -- -C board.msd_mmc.p_mmc_file="${<path-to-img>/ir_acs_live_image.img}" -C board.msd_mmc_2.p_mmc_file="${<path-to-img>/corstone1000-efi-partition.img}"
 
 Clean Secure Flash Before Testing (applicable to FPGA only)
 ===========================================================
@@ -510,7 +510,7 @@
 
 Replace the bl1.bin and cs1000.bin files on the SD card with following files:
   - The ROM firmware: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin
-  - The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic
+  - The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-flash-firmware-image-corstone1000-mps3.wic
 
 Now reboot the board. This step erases the Corstone-1000 SecureEnclave flash
 completely, the user should expect following message from TF-M log (can be seen
@@ -626,7 +626,7 @@
 
   unxz ${<path-to-img>/ir-acs-live-image-generic-arm64.wic.xz}
 
-  <_workspace>/meta-arm/scripts/runfvp  --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic -C board.msd_mmc_2.p_mmc_file="${<path-to-img>/corstone1000-efi-partition.img}"
+  kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic -C board.msd_mmc_2.p_mmc_file="${<path-to-img>/corstone1000-efi-partition.img}"
 
 The test results can be fetched using following commands:
 
@@ -658,7 +658,7 @@
   cd meta-arm
   git am 0001-embedded-a-corstone1000-sr-ir-workaround.patch
   cd ..
-  kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c="bitbake u-boot -c cleanall; bitbake trusted-firmware-a -c cleanall; bitbake corstone1000-image -c cleanall; bitbake corstone1000-image"
+  kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "bitbake u-boot -c cleanall; bitbake trusted-firmware-a -c cleanall; bitbake corstone1000-flash-firmware-image -c cleanall; bitbake corstone1000-flash-firmware-image"
 
 
 Common to FVP and FPGA
@@ -833,7 +833,7 @@
 
 ::
 
-   <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic
+   kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic"
 
 **NOTE:** <path-to-img> must start from the root directory. make sure there are no spaces before or after of "=". board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic.
 
@@ -857,25 +857,25 @@
 
   FS0:
 
-In case of the positive scenario run the update with the higher version capsule as shown below: 
+In case of the positive scenario run the update with the higher version capsule as shown below:
 
 ::
-  
+
   EFI/BOOT/app/CapsuleApp.efi cs1k_cap_<fvp/mps3>_v6
 
 After successfully updating the capsule the system will reset.
 
-In case of the negative scenario run the update with the lower version capsule as shown below: 
+In case of the negative scenario run the update with the lower version capsule as shown below:
 
 ::
-  
+
   EFI/BOOT/app/CapsuleApp.efi cs1k_cap_<fvp/mps3>_v5
 
 The command above should fail and in the TF-M logs the following message should appear:
 
 ::
 
-   ERROR: flash_full_capsule: version error 
+   ERROR: flash_full_capsule: version error
 
 Then, reboot manually:
 
@@ -942,7 +942,7 @@
 
    # cd /sys/firmware/efi/esrt/entries/entry0
    # cat *
-    
+
    0x0
    989f3a4e-46e0-4cd0-9877-a25c70c01329
    0
@@ -956,7 +956,7 @@
    fw_class:	989f3a4e-46e0-4cd0-9877-a25c70c01329
    fw_type:	0
    fw_version:	6
-   last_attempt_status:	0 
+   last_attempt_status:	0
    last_attempt_version:	6
    lowest_supported_fw_ver:	0
 
@@ -964,12 +964,12 @@
 Negative scenario (Applicable to FPGA only)
 ===========================================
 
-In the negative case scenario (rollback the capsule version), the user should 
-see appropriate logs in the secure enclave terminal. 
+In the negative case scenario (rollback the capsule version), the user should
+see appropriate logs in the secure enclave terminal.
 
 ::
 
-  ...  
+  ...
     uefi_capsule_retrieve_images: image 0 at 0xa0000070, size=15654928
     uefi_capsule_retrieve_images: exit
     flash_full_capsule: enter: image = 0x0xa0000070, size = 7764541, version = 5
@@ -988,8 +988,8 @@
   ...
 
 
-If capsule pass initial verification, but fails verifications performed during 
-boot time, secure enclave will try new images predetermined number of times 
+If capsule pass initial verification, but fails verifications performed during
+boot time, secure enclave will try new images predetermined number of times
 (defined in the code), before reverting back to the previous good bank.
 
 ::
@@ -1007,7 +1007,7 @@
 
    # cd /sys/firmware/efi/esrt/entries/entry0
    # cat *
-    
+
    0x0
    989f3a4e-46e0-4cd0-9877-a25c70c01329
    0
@@ -1035,7 +1035,7 @@
 -------------------
 
 *************************************************************
-Debian install and boot preparation 
+Debian install and boot preparation
 *************************************************************
 
 There is a known issue in the `Shim 15.7 <https://salsa.debian.org/efi-team/shim/-/tree/upstream/15.7?ref_type=tags>`__
@@ -1064,12 +1064,12 @@
 **On FPGA**
 ::
 
-  kas shell meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml -c="bitbake u-boot trusted-firmware-a corstone1000-image -c cleansstate; bitbake corstone1000-image"
+  kas shell meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml -c="bitbake u-boot trusted-firmware-a corstone1000-flash-firmware-image -c cleansstate; bitbake corstone1000-flash-firmware-image"
 
 **On FVP**
 ::
 
-  kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c="bitbake u-boot trusted-firmware-a corstone1000-image -c cleansstate; bitbake corstone1000-image"
+  kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c="bitbake u-boot trusted-firmware-a corstone1000-flash-firmware-image -c cleansstate; bitbake corstone1000-flash-firmware-image"
 
 On FPGA, please update the cs1000.bin on the SD card with the newly generated wic file.
 
@@ -1080,7 +1080,7 @@
   cd <_workspace>/meta-arm
   git reset --hard HEAD~1
   cd ..
-  kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c="bitbake u-boot -c cleanall; bitbake trusted-firmware-a -c cleanall; bitbake corstone1000-image -c cleanall; bitbake corstone1000-image"
+  kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c="bitbake u-boot -c cleanall; bitbake trusted-firmware-a -c cleanall; bitbake corstone1000-flash-firmware-image -c cleanall; bitbake corstone1000-flash-firmware-image"
 
 *************************************************
 Preparing the Installation Media
@@ -1089,7 +1089,7 @@
 Download one of following Linux distro images:
  - `Debian installer image <https://cdimage.debian.org/debian-cd/current/arm64/iso-dvd/>`__ (Tested on: debian-12.2.0-arm64-DVD-1.iso)
  - `OpenSUSE Tumbleweed installer image <http://download.opensuse.org/ports/aarch64/tumbleweed/iso/>`__ (Tested on: openSUSE-Tumbleweed-DVD-aarch64-Snapshot20231120-Media.iso)
-  
+
 **NOTE:** For OpenSUSE Tumbleweed, the user should look for a DVD Snapshot like
 openSUSE-Tumbleweed-DVD-aarch64-Snapshot<date>-Media.iso
 
@@ -1100,7 +1100,7 @@
 To test Linux distro install and boot on FPGA, the user should prepare two empty USB
 sticks (minimum size should be 4GB and formatted with FAT32).
 
-The downloaded iso file needs to be flashed to your USB drive. 
+The downloaded iso file needs to be flashed to your USB drive.
 This can be done with your development machine.
 
 In the example given below, we assume the USB device is ``/dev/sdb`` (the user
@@ -1157,10 +1157,10 @@
 
 ::
 
-  <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="<path-to-iso_file>" -C board.msd_mmc_2.p_mmc_file="<_workspace>/mmc2_file.img"
+  kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file="<path-to-iso_file>" -C board.msd_mmc_2.p_mmc_file="<_workspace>/mmc2_file.img"
 
 The installer should now start.
-The os will be installed on the second mmc 'mmc2_file.img'. 
+The os will be installed on the second mmc 'mmc2_file.img'.
 
 *******************************************************
 Debian install clarifications
@@ -1209,24 +1209,23 @@
 Once the installation is complete, unplug the first USB stick and reboot the
 board.
 The board will then enter recovery mode, from which the user can access a shell
-after entering the password for the root user. 
+after entering the password for the root user.
 
 FVP
 ==============
-Once the installation is complete, you will need to exit the shell instance 
+Once the installation is complete, you will need to exit the shell instance
 and run this command to boot into the installed OS:
 
-:: 
+::
 
-  <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="<_workspace>/mmc2_file.img"
-
+  kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c "../meta-arm/scripts/runfvp --terminals=xterm -- -C board.msd_mmc.p_mmc_file="<path-to-iso_file>" -C board.msd_mmc.p_mmc_file="<_workspace>/mmc2_file.img"
 
 Once the FVP begins booting, you will need to quickly change the boot option in grub,
-to boot into recovery mode. 
+to boot into recovery mode.
 
 **NOTE:** This option will disappear quickly, so it's best to preempt it.
 
-Select 'Advanced Options for '<OS>' and then '<OS> (recovery mode)'. 
+Select 'Advanced Options for '<OS>' and then '<OS> (recovery mode)'.
 
 Common
 ==============
@@ -1247,7 +1246,7 @@
 
   The system.conf has been moved from /etc/systemd/ to /usr/lib/systemd/ and directly modifying
   the /usr/lib/systemd/system.conf is not working and it is getting overridden. We have to create
-  drop ins system configurations in /etc/systemd/system.conf.d/ directory. So, copy the 
+  drop ins system configurations in /etc/systemd/system.conf.d/ directory. So, copy the
   /usr/lib/systemd/system.conf to /etc/systemd/system.conf.d/ directory after the mentioned modifications.
 
 The file to be edited next is different depending on the installed distro:
@@ -1338,7 +1337,7 @@
 
 --------------
 
-*Copyright (c) 2022-2023, Arm Limited. All rights reserved.*
+*Copyright (c) 2022-2024, Arm Limited. All rights reserved.*
 
 .. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
 .. _U-Boot repo: https://github.com/u-boot/u-boot.git
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc
index 41d8f44..c89b132 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc
@@ -13,9 +13,6 @@
 EXTRA_OECMAKE:append = " \
     -DSCP_N1SDP_SENSOR_LIB_PATH=${RECIPE_SYSROOT}/n1sdp-board-firmware_source/LIB/sensor.a \
 "
-# scp-firmware version aligning to Arm Reference Solutions N1SDP-2023.06.22 Release
-SRCREV = "543ae8ca3c9e38da3058311118fa3ceef1da47f7"
-PV .= "+git"
 
 do_install:append() {
    fiptool \
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-sgi575.inc b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-sgi575.inc
index 3413822..79a41a0 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-sgi575.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-sgi575.inc
@@ -1,5 +1,6 @@
 # SGI575 specific SCP configurations and build instructions
 
 COMPATIBLE_MACHINE:sgi575 = "sgi575"
+SCP_PRODUCT_GROUP = "neoverse-rd"
 
 SCP_LOG_LEVEL = "INFO"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc.inc b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc.inc
index 2c65635..8716059 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc.inc
@@ -1,5 +1,6 @@
 # TC specific SCP configuration
 
 COMPATIBLE_MACHINE = "(tc1)"
+SCP_PRODUCT_GROUP = "totalcompute"
 
 FW_TARGETS = "scp"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch
deleted file mode 100644
index e26fd34..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch
+++ /dev/null
@@ -1,162 +0,0 @@
-From fa7ab9b40babee29d2aadb267dfce7a96f8989d4 Mon Sep 17 00:00:00 2001
-From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-Date: Mon, 9 Jan 2023 13:59:06 +0000
-Subject: [PATCH] feat(corstone1000): bl2 loads fip based on metadata
-
-Previously bl2 was reading the boot_index directly with a hard coded
-address and then set the fip image spec with fip offsets base based on
-the boot_index value.
-This commit removes this logic and rely on PSA_FWU_SUPPORT
-which reads the fip partition based on the active firmware bank written in
-metadata.
-
-Note: fip partition contains signature area at the begining. Hence, the fip
-image starts at fip partition + fip signature area size.
-
-Upstream-Status: Pending
-Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
----
- bl2/bl2_main.c                                |  4 +++
- .../corstone1000/common/corstone1000_plat.c   | 32 ++++++-------------
- .../common/include/platform_def.h             | 12 +++----
- tools/cert_create/Makefile                    |  4 +--
- tools/fiptool/Makefile                        |  4 +--
- 5 files changed, 24 insertions(+), 32 deletions(-)
-
-diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c
-index ce83692e0ebc..1a9febc007b2 100644
---- a/bl2/bl2_main.c
-+++ b/bl2/bl2_main.c
-@@ -87,6 +87,10 @@ void bl2_main(void)
- 	/* Perform remaining generic architectural setup in S-EL1 */
- 	bl2_arch_setup();
- 
-+#if ARM_GPT_SUPPORT
-+	partition_init(GPT_IMAGE_ID);
-+#endif
-+
- #if PSA_FWU_SUPPORT
- 	fwu_init();
- #endif /* PSA_FWU_SUPPORT */
-diff --git a/plat/arm/board/corstone1000/common/corstone1000_plat.c b/plat/arm/board/corstone1000/common/corstone1000_plat.c
-index 0235f8b8474c..7f9708a82489 100644
---- a/plat/arm/board/corstone1000/common/corstone1000_plat.c
-+++ b/plat/arm/board/corstone1000/common/corstone1000_plat.c
-@@ -33,36 +33,17 @@ const mmap_region_t plat_arm_mmap[] = {
- static void set_fip_image_source(void)
- {
- 	const struct plat_io_policy *policy;
--	/*
--	 * metadata for firmware update is written at 0x0000 offset of the flash.
--	 * PLAT_ARM_BOOT_BANK_FLAG contains the boot bank that TF-M is booted.
--	 * As per firmware update spec, at a given point of time, only one bank
--	 * is active. This means, TF-A should boot from the same bank as TF-M.
--	 */
--	volatile uint32_t *boot_bank_flag = (uint32_t *)(PLAT_ARM_BOOT_BANK_FLAG);
--
--	if (*boot_bank_flag > 1) {
--		VERBOSE("Boot_bank is set higher than possible values");
--	}
--
--	VERBOSE("Boot bank flag = %u.\n\r", *boot_bank_flag);
- 
- 	policy = FCONF_GET_PROPERTY(arm, io_policies, FIP_IMAGE_ID);
- 
- 	assert(policy != NULL);
- 	assert(policy->image_spec != 0UL);
- 
-+	/* FIP Partition contains Signature area at the begining which TF-A doesn't expect */
- 	io_block_spec_t *spec = (io_block_spec_t *)policy->image_spec;
-+	spec->offset += FIP_SIGNATURE_AREA_SIZE;
-+	spec->length -= FIP_SIGNATURE_AREA_SIZE;
- 
--	if ((*boot_bank_flag) == 0) {
--		VERBOSE("Booting from bank 0: fip offset = 0x%lx\n\r",
--						PLAT_ARM_FIP_BASE_BANK0);
--		spec->offset = PLAT_ARM_FIP_BASE_BANK0;
--	} else {
--		VERBOSE("Booting from bank 1: fip offset = 0x%lx\n\r",
--						PLAT_ARM_FIP_BASE_BANK1);
--		spec->offset = PLAT_ARM_FIP_BASE_BANK1;
--	}
- }
- 
- void bl2_platform_setup(void)
-@@ -75,6 +56,13 @@ void bl2_platform_setup(void)
- 	set_fip_image_source();
- }
- 
-+void bl2_early_platform_setup2(u_register_t arg0, u_register_t arg1,
-+			       u_register_t arg2, u_register_t arg3)
-+{
-+	arm_bl2_early_platform_setup((uintptr_t)arg0, (meminfo_t *)arg1);
-+	NOTICE("CS1k: early at bl2_platform_setup\n");
-+}
-+
- /* corstone1000 only has one always-on power domain and there
-  * is no power control present
-  */
-diff --git a/plat/arm/board/corstone1000/common/include/platform_def.h b/plat/arm/board/corstone1000/common/include/platform_def.h
-index 584d485f3ea7..0bfab05a482b 100644
---- a/plat/arm/board/corstone1000/common/include/platform_def.h
-+++ b/plat/arm/board/corstone1000/common/include/platform_def.h
-@@ -173,16 +173,16 @@
- 
- /* NOR Flash */
- 
--#define PLAT_ARM_BOOT_BANK_FLAG		UL(0x08002000)
--#define PLAT_ARM_FIP_BASE_BANK0		UL(0x081EF000)
--#define PLAT_ARM_FIP_BASE_BANK1		UL(0x0916F000)
--#define PLAT_ARM_FIP_MAX_SIZE		UL(0x1ff000)  /* 1.996 MB */
--
- #define PLAT_ARM_NVM_BASE		V2M_FLASH0_BASE
- #define PLAT_ARM_NVM_SIZE		(SZ_32M)  /* 32 MB */
-+#define PLAT_ARM_FIP_MAX_SIZE		UL(0x1ff000)  /* 1.996 MB */
- 
--#define PLAT_ARM_FLASH_IMAGE_BASE	PLAT_ARM_FIP_BASE_BANK0
-+#define PLAT_ARM_FLASH_IMAGE_BASE	UL(0x08000000)
- #define PLAT_ARM_FLASH_IMAGE_MAX_SIZE	PLAT_ARM_FIP_MAX_SIZE
-+#define PLAT_ARM_FIP_OFFSET_IN_GPT	(0x86000)
-+
-+/* FIP Information */
-+#define FIP_SIGNATURE_AREA_SIZE         (0x1000)      /* 4 KB */
- 
- /*
-  * Some data must be aligned on the biggest cache line size in the platform.
-diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile
-index 042e844626bd..45b76a022f91 100644
---- a/tools/cert_create/Makefile
-+++ b/tools/cert_create/Makefile
-@@ -78,8 +78,8 @@ INC_DIR += -I ./include -I ${PLAT_INCLUDE} -I ${OPENSSL_DIR}/include
- # directory. However, for a local build of OpenSSL, the built binaries are
- # located under the main project directory (i.e.: ${OPENSSL_DIR}, not
- # ${OPENSSL_DIR}/lib/).
--LIB_DIR := -L ${OPENSSL_DIR}/lib -L ${OPENSSL_DIR}
--LIB := -lssl -lcrypto
-+LIB_DIR := -L ${OPENSSL_DIR}/lib -L ${OPENSSL_DIR} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS}
-+LIB := -lssl -lcrypto ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS}
- 
- HOSTCC ?= gcc
- 
-diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile
-index 2ebee33931ba..dcfd314bee89 100644
---- a/tools/fiptool/Makefile
-+++ b/tools/fiptool/Makefile
-@@ -39,7 +39,7 @@ HOSTCCFLAGS += -DUSING_OPENSSL3=$(USING_OPENSSL3)
- # directory. However, for a local build of OpenSSL, the built binaries are
- # located under the main project directory (i.e.: ${OPENSSL_DIR}, not
- # ${OPENSSL_DIR}/lib/).
--LDLIBS := -L${OPENSSL_DIR}/lib -L${OPENSSL_DIR} -lcrypto
-+LDLIBS := -L${OPENSSL_DIR}/lib -L${OPENSSL_DIR} -lcrypto ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS} ${BUILD_LDFLAGS}
- 
- ifeq (${V},0)
-   Q := @
-@@ -47,7 +47,7 @@ else
-   Q :=
- endif
- 
--INCLUDE_PATHS := -I../../include/tools_share  -I${OPENSSL_DIR}/include
-+INCLUDE_PATHS := -I../../include/tools_share  -I${OPENSSL_DIR}/include ${BUILD_CFLAGS} ${BUILD_CFLAGS} ${BUILD_CFLAGS} ${BUILD_CFLAGS} ${BUILD_CFLAGS} ${BUILD_CFLAGS}
- 
- HOSTCC ?= gcc
- 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-fix-corstone1000-pass-spsr-value-explicitly.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-fix-corstone1000-pass-spsr-value-explicitly.patch
new file mode 100644
index 0000000..4a08abb
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-fix-corstone1000-pass-spsr-value-explicitly.patch
@@ -0,0 +1,32 @@
+From d70a07562d3b0a7b4441922fd3ce136565927d04 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <Emekcan.Aras@arm.com>
+Date: Wed, 21 Feb 2024 07:57:36 +0000
+Subject: [PATCH] fix(corstone1000): pass spsr value explicitly
+
+Passes spsr value for BL32 (OPTEE) explicitly between different boot
+stages.
+
+Upstream-Status: Pending
+Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
+---
+ .../corstone1000/common/corstone1000_bl2_mem_params_desc.c     | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c b/plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c
+index fe521a9fa..2cc096f38 100644
+--- a/plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c
++++ b/plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c
+@@ -72,7 +72,8 @@ static bl_mem_params_node_t bl2_mem_params_descs[] = {
+ 		SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP,
+ 			VERSION_2, entry_point_info_t, NON_SECURE | EXECUTABLE),
+ 		.ep_info.pc = BL33_BASE,
+-
++		.ep_info.spsr = SPSR_64(MODE_EL2, MODE_SP_ELX,
++				       DISABLE_ALL_EXCEPTIONS),
+ 		SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
+ 			VERSION_2, image_info_t, 0),
+ 		.image_info.image_base = BL33_BASE,
+-- 
+2.25.1
+
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0003-fix-spmd-remove-EL3-interrupt-registration.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0003-fix-spmd-remove-EL3-interrupt-registration.patch
new file mode 100644
index 0000000..ea7a291
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0003-fix-spmd-remove-EL3-interrupt-registration.patch
@@ -0,0 +1,54 @@
+From 684b8f88238f522b52eb102485762e02e6b1671a Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <Emekcan.Aras@arm.com>
+Date: Fri, 23 Feb 2024 13:17:59 +0000
+Subject: [PATCH] fix(spmd): remove EL3 interrupt registration
+
+This configuration should not be done for corstone1000 and similar
+platforms. GICv2 systems only support EL3 interrupts and can have SEL1 component
+as SPMC.
+
+Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
+Upstream-Status: Inappropriate [Discussions of fixing this in a better way is ongoing in upstream]
+---
+ services/std_svc/spmd/spmd_main.c | 24 ------------------------
+ 1 file changed, 24 deletions(-)
+
+diff --git a/services/std_svc/spmd/spmd_main.c b/services/std_svc/spmd/spmd_main.c
+index 066571e9b..313f05bf3 100644
+--- a/services/std_svc/spmd/spmd_main.c
++++ b/services/std_svc/spmd/spmd_main.c
+@@ -580,30 +580,6 @@ static int spmd_spmc_init(void *pm_addr)
+ 		panic();
+ 	}
+ 
+-	/*
+-	 * Permit configurations where the SPM resides at S-EL1/2 and upon a
+-	 * Group0 interrupt triggering while the normal world runs, the
+-	 * interrupt is routed either through the EHF or directly to the SPMD:
+-	 *
+-	 * EL3_EXCEPTION_HANDLING=0: the Group0 interrupt is routed to the SPMD
+-	 *                   for handling by spmd_group0_interrupt_handler_nwd.
+-	 *
+-	 * EL3_EXCEPTION_HANDLING=1: the Group0 interrupt is routed to the EHF.
+-	 *
+-	 */
+-#if (EL3_EXCEPTION_HANDLING == 0)
+-	/*
+-	 * Register an interrupt handler routing Group0 interrupts to SPMD
+-	 * while the NWd is running.
+-	 */
+-	rc = register_interrupt_type_handler(INTR_TYPE_EL3,
+-					     spmd_group0_interrupt_handler_nwd,
+-					     flags);
+-	if (rc != 0) {
+-		panic();
+-	}
+-#endif
+-
+ 	return 0;
+ }
+ 
+-- 
+2.25.1
+
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0003-psci-SMCCC_ARCH_FEATURES-discovery-through-PSCI_FEATURES.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0003-psci-SMCCC_ARCH_FEATURES-discovery-through-PSCI_FEATURES.patch
deleted file mode 100644
index 2a7cd47..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0003-psci-SMCCC_ARCH_FEATURES-discovery-through-PSCI_FEATURES.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 16937460429d6bcd502b21c20d16222541ed8d48 Mon Sep 17 00:00:00 2001
-From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-Date: Mon, 6 Mar 2023 15:57:59 +0000
-Subject: [PATCH] psci: SMCCC_ARCH_FEATURES discovery through PSCI_FEATURES
-
-allow normal world use PSCI_FEATURES to discover SMCCC_ARCH_FEATURES
-
-Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-Upstream-Status: Inappropriate [A U-Boot patch will be released to fix an issue in the PSCI driver]
----
- lib/psci/psci_main.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/psci/psci_main.c b/lib/psci/psci_main.c
-index a631f3ffbf..cc8904b006 100644
---- a/lib/psci/psci_main.c
-+++ b/lib/psci/psci_main.c
-@@ -337,7 +337,7 @@ int psci_features(unsigned int psci_fid)
- {
- 	unsigned int local_caps = psci_caps;
- 
--	if (psci_fid == SMCCC_VERSION)
-+	if (psci_fid == SMCCC_VERSION || psci_fid == SMCCC_ARCH_FEATURES)
- 		return PSCI_E_SUCCESS;
- 
- 	/* Check if it is a 64 bit function */
--- 
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-add-cpuhelper-to-makefile.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-add-cpuhelper-to-makefile.patch
deleted file mode 100644
index 6ddde10..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-add-cpuhelper-to-makefile.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 33078d8ef143e8c79f06399de46dd26e1d53a220 Mon Sep 17 00:00:00 2001
-From: Gauri Sahnan <Gauri.Sahnan@arm.com>
-Date: Tue, 8 Aug 2023 17:16:51 +0100
-Subject: fix(corstone1000): add cpuhelpers to makefile
-
-Adds cpu_helpers.S to the Makefile to align with the changes in new
-trusted-firmware-a version.
-
-Signed-off-by: Gauri Sahnan <Gauri.Sahnan@arm.com>
-Upstream-Status: Pending [Not submitted to upstream yet]
----
- plat/arm/board/corstone1000/platform.mk | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/plat/arm/board/corstone1000/platform.mk b/plat/arm/board/corstone1000/platform.mk
-index 3edffe087..079e9d6c1 100644
---- a/plat/arm/board/corstone1000/platform.mk
-+++ b/plat/arm/board/corstone1000/platform.mk
-@@ -43,6 +43,7 @@ BL2_SOURCES		+=	plat/arm/board/corstone1000/common/corstone1000_security.c		\
- 				plat/arm/board/corstone1000/common/corstone1000_err.c		\
- 				plat/arm/board/corstone1000/common/corstone1000_trusted_boot.c	\
- 				lib/utils/mem_region.c					\
-+				lib/cpus/aarch64/cpu_helpers.S \
- 				plat/arm/board/corstone1000/common/corstone1000_helpers.S		\
- 				plat/arm/board/corstone1000/common/corstone1000_plat.c		\
- 				plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c \
--- 
-2.25.1
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/0001-n1sdp-tftf-tests-to-skip.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-n1sdp-tftf-tests-to-skip.patch
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/0001-n1sdp-tftf-tests-to-skip.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-n1sdp-tftf-tests-to-skip.patch
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_%.bbappend
index 6421033..ec1158c 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_%.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_%.bbappend
@@ -3,7 +3,6 @@
 FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
 
 COMPATIBLE_MACHINE:corstone1000 = "corstone1000"
-SRCREV:corstone1000 = "5f591f67738a1bbe6b262c53d9dad46ed8bbcd67"
 EXTRA_OEMAKE:append:corstone1000 = " DEBUG=0"
 EXTRA_OEMAKE:append:corstone1000 = " LOG_LEVEL=30"
 TFTF_MODE:corstone1000 = "release"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
index 8673199..e061b94 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
@@ -5,9 +5,8 @@
 FILESEXTRAPATHS:prepend := "${THISDIR}/files/corstone1000:"
 SRC_URI:append = " \
 	file://0001-Fix-FF-A-version-in-SPMC-manifest.patch \
-	file://0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch \
-	file://0003-psci-SMCCC_ARCH_FEATURES-discovery-through-PSCI_FEATURES.patch \
-	file://0004-fix-corstone1000-add-cpuhelper-to-makefile.patch \
+	file://0002-fix-corstone1000-pass-spsr-value-explicitly.patch \
+	file://0003-fix-spmd-remove-EL3-interrupt-registration.patch \
        "
 
 TFA_DEBUG = "1"
@@ -51,4 +50,5 @@
                         ERRATA_A35_855472=1 \
                         ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \
                         BL32=${RECIPE_SYSROOT}/${nonarch_base_libdir}/firmware/tee-pager_v2.bin \
+                        FVP_USE_GIC_DRIVER=FVP_GICV2 \
                         "
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0002-arm-trusted-firmware-m-disable-address-warnings-into.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0002-arm-trusted-firmware-m-disable-address-warnings-into.patch
new file mode 100644
index 0000000..1f19f55
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/0002-arm-trusted-firmware-m-disable-address-warnings-into.patch
@@ -0,0 +1,26 @@
+From 961d2e3718e9e6d652cadf5b4d3597cfe822dd04 Mon Sep 17 00:00:00 2001
+From: Ali Can Ozaslan <ali.oezaslan@arm.com>
+Date: Wed, 24 Jan 2024 16:10:08 +0000
+Subject: [PATCH] arm/trusted-firmware-m: disable address warnings into an
+ error
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
+Upstream-Status: Inappropriate
+
+---
+ toolchain_GNUARM.cmake | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/toolchain_GNUARM.cmake b/toolchain_GNUARM.cmake
+index b6ae50ec3..4c2f5b3d7 100644
+--- a/toolchain_GNUARM.cmake
++++ b/toolchain_GNUARM.cmake
+@@ -111,6 +111,7 @@ add_compile_options(
+     -Wno-format
+     -Wno-return-type
+     -Wno-unused-but-set-variable
++    -Wno-error=address
+     -c
+     -fdata-sections
+     -ffunction-sections
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch
deleted file mode 100644
index 4f00ea2..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 60598f3b44237bd5038e33400e749ec1e7e8fbda Mon Sep 17 00:00:00 2001
-From: Emekcan Aras <emekcan.aras@arm.com>
-Date: Mon, 15 May 2023 10:42:23 +0100
-Subject: [PATCH] Platform: corstone1000: Increase BL2 size in flash layout
-
-Increases BL2 size to align with the flash page size in corstone1000.
-
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24103]
-
----
- platform/ext/target/arm/corstone1000/partition/flash_layout.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
-index 41b4c6323f..bfe8c4fb3c 100644
---- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h
-+++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
-@@ -89,7 +89,7 @@
- #endif
- 
- /* Static Configurations of the Flash */
--#define SE_BL2_PARTITION_SIZE           (0x18800)    /* 98 KB */
-+#define SE_BL2_PARTITION_SIZE           (0x19000)    /* 98 KB */
- #define SE_BL2_BANK_0_OFFSET            (0x9000)  /* 72nd LBA */
- #define SE_BL2_BANK_1_OFFSET            (0x1002000)  /* 32784th LBA */
- 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-platform-corstone1000-Update-MPU-configuration.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-platform-corstone1000-Update-MPU-configuration.patch
new file mode 100644
index 0000000..25e53b5
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-platform-corstone1000-Update-MPU-configuration.patch
@@ -0,0 +1,274 @@
+From eb096e4c03b80f9f31e5d15ca06e5a38e4112664 Mon Sep 17 00:00:00 2001
+From: Bence Balogh <bence.balogh@arm.com>
+Date: Tue, 7 Nov 2023 20:25:49 +0100
+Subject: [PATCH 1/2] platform: corstone1000: Update MPU configuration
+
+In Armv6-M the MPU requires the regions to be aligned with
+region sizes.
+The commit aligns the different code/data sections using the
+alignment macros. The code/data sections can be covered by
+multiple MPU regions in order to save memory.
+
+Small adjustments had to be made in the memory layout in order to
+not overflow the flash:
+- Decreased TFM_PARTITION_SIZE
+- Increased S_UNPRIV_DATA_SIZE
+
+Added checks to the MPU configuration function for checking the
+MPU constraints:
+- Base address has to be aligned to the size
+- The minimum MPU region size is 0x100
+- The MPU can have 8 regions at most
+
+Change-Id: I059468e8aba0822bb354fd1cd4987ac2bb1f34d1
+Signed-off-by: Bence Balogh <bence.balogh@arm.com>
+Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/25393]
+
+---
+ .../target/arm/corstone1000/CMakeLists.txt    | 19 +++++
+ .../arm/corstone1000/create-flash-image.sh    |  8 +-
+ .../arm/corstone1000/partition/flash_layout.h |  2 +-
+ .../arm/corstone1000/partition/region_defs.h  |  6 +-
+ .../arm/corstone1000/tfm_hal_isolation.c      | 83 +++++++++++++++----
+ 5 files changed, 93 insertions(+), 25 deletions(-)
+
+diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+index e6cf15b11..8817f514c 100644
+--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+@@ -22,6 +22,25 @@ target_compile_definitions(platform_region_defs
+     INTERFACE
+         $<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST>
+ )
++
++# The Armv6-M MPU requires that the MPU regions be aligned to the region sizes.
++# The minimal region size is 0x100 bytes.
++#
++# The alignments have to be a power of two and ideally bigger than the section size (which
++# can be checked in the map file).
++# In some cases the alignment value is smaller than the actual section
++# size to save memory. In that case, multiple MPU region has to be configured to cover it.
++#
++# To save memory, the attributes are set to XN_EXEC_OK and AP_RO_PRIV_UNPRIV for
++# the SRAM so the PSA_ROT_LINKER_CODE, TFM_UNPRIV_CODE and APP_ROT_LINKER_CODE don't have to
++# be aligned. The higher-priority regions will overwrite these attributes if needed.
++# The RAM is also located in the SRAM so it has to be configured to overwrite these default
++# attributes.
++target_compile_definitions(platform_region_defs
++    INTERFACE
++        TFM_LINKER_APP_ROT_LINKER_DATA_ALIGNMENT=0x2000
++        TFM_LINKER_SP_META_PTR_ALIGNMENT=0x100
++)
+ #========================= Platform common defs ===============================#
+ 
+ # Specify the location of platform specific build dependencies.
+diff --git a/platform/ext/target/arm/corstone1000/create-flash-image.sh b/platform/ext/target/arm/corstone1000/create-flash-image.sh
+index 2522d3674..a6be61384 100755
+--- a/platform/ext/target/arm/corstone1000/create-flash-image.sh
++++ b/platform/ext/target/arm/corstone1000/create-flash-image.sh
+@@ -8,7 +8,7 @@
+ 
+ ######################################################################
+ # This script is to create a flash gpt image for corstone platform
+-# 
++#
+ #  Flash image layout:
+ #       |------------------------------|
+ #       |        Protective MBR        |
+@@ -82,15 +82,15 @@ sgdisk  --mbrtogpt \
+         --new=4:56:+4K --typecode=4:$PRIVATE_METADATA_TYPE_UUID --partition-guid=4:$(uuidgen) --change-name=4:'private_metadata_replica_1' \
+         --new=5:64:+4k --typecode=5:$PRIVATE_METADATA_TYPE_UUID --partition-guid=5:$(uuidgen) --change-name=5:'private_metadata_replica_2' \
+         --new=6:72:+100k --typecode=6:$SE_BL2_TYPE_UUID --partition-guid=6:$(uuidgen) --change-name=6:'bl2_primary' \
+-        --new=7:272:+376K --typecode=7:$TFM_TYPE_UUID --partition-guid=7:$(uuidgen) --change-name=7:'tfm_primary' \
++        --new=7:272:+368K --typecode=7:$TFM_TYPE_UUID --partition-guid=7:$(uuidgen) --change-name=7:'tfm_primary' \
+         --new=8:32784:+100k --typecode=8:$SE_BL2_TYPE_UUID --partition-guid=8:$(uuidgen) --change-name=8:'bl2_secondary' \
+-        --new=9:32984:+376K --typecode=9:$TFM_TYPE_UUID --partition-guid=9:$(uuidgen) --change-name=9:'tfm_secondary' \
++        --new=9:32984:+368K --typecode=9:$TFM_TYPE_UUID --partition-guid=9:$(uuidgen) --change-name=9:'tfm_secondary' \
+         --new=10:65496:65501  --partition-guid=10:$(uuidgen) --change-name=10:'reserved_2' \
+         $IMAGE
+ 
+ [ $? -ne 0 ] && echo "Error occurs while writing the GPT layout" && exit 1
+ 
+-# Write partitions 
++# Write partitions
+ # conv=notrunc avoids truncation to keep the geometry of the image.
+ dd if=$BIN_DIR/bl2_signed.bin of=${IMAGE}  seek=72 conv=notrunc
+ dd if=$BIN_DIR/tfm_s_signed.bin of=${IMAGE} seek=272 conv=notrunc
+diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
+index 568c8de28..7fffd94c6 100644
+--- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h
++++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
+@@ -134,7 +134,7 @@
+ 
+ /* Bank configurations */
+ #define BANK_PARTITION_SIZE             (0xFE0000)   /* 15.875 MB */
+-#define TFM_PARTITION_SIZE              (0x5E000)    /* 376 KB */
++#define TFM_PARTITION_SIZE              (0x5C000)    /* 368 KB */
+ 
+ /************************************************************/
+ /* Bank : Images flash offsets are with respect to the bank */
+diff --git a/platform/ext/target/arm/corstone1000/partition/region_defs.h b/platform/ext/target/arm/corstone1000/partition/region_defs.h
+index 99e822f51..64ab786e5 100644
+--- a/platform/ext/target/arm/corstone1000/partition/region_defs.h
++++ b/platform/ext/target/arm/corstone1000/partition/region_defs.h
+@@ -1,8 +1,10 @@
+ /*
+- * Copyright (c) 2017-2022 Arm Limited. All rights reserved.
++ * Copyright (c) 2017-2023 Arm Limited. All rights reserved.
+  * Copyright (c) 2021-2023 Cypress Semiconductor Corporation (an Infineon company)
+  * or an affiliate of Cypress Semiconductor Corporation. All rights reserved.
+  *
++ * SPDX-License-Identifier: Apache-2.0
++ *
+  * Licensed under the Apache License, Version 2.0 (the "License");
+  * you may not use this file except in compliance with the License.
+  * You may obtain a copy of the License at
+@@ -53,7 +55,7 @@
+ 
+ #define S_DATA_START            (SRAM_BASE + TFM_PARTITION_SIZE)
+ #define S_DATA_SIZE             (SRAM_SIZE - TFM_PARTITION_SIZE)
+-#define S_UNPRIV_DATA_SIZE      (0x2160)
++#define S_UNPRIV_DATA_SIZE      (0x4000)
+ #define S_DATA_LIMIT            (S_DATA_START + S_DATA_SIZE - 1)
+ #define S_DATA_PRIV_START       (S_DATA_START + S_UNPRIV_DATA_SIZE)
+ 
+diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c
+index 01f7687bc..98e795dde 100644
+--- a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c
++++ b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2020-2022, Arm Limited. All rights reserved.
++ * Copyright (c) 2020-2023, Arm Limited. All rights reserved.
+  * Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon
+  * company) or an affiliate of Cypress Semiconductor Corporation. All rights
+  * reserved.
+@@ -14,9 +14,11 @@
+ #include "tfm_hal_isolation.h"
+ #include "mpu_config.h"
+ #include "mmio_defs.h"
++#include "flash_layout.h"
+ 
+ #define PROT_BOUNDARY_VAL \
+     ((1U << HANDLE_ATTR_PRIV_POS) & HANDLE_ATTR_PRIV_MASK)
++#define MPU_REGION_MIN_SIZE (0x100)
+ 
+ #ifdef CONFIG_TFM_ENABLE_MEMORY_PROTECT
+ 
+@@ -31,20 +33,38 @@ REGION_DECLARE(Image$$, TFM_SP_META_PTR, $$ZI$$Base);
+ REGION_DECLARE(Image$$, TFM_SP_META_PTR, $$ZI$$Limit);
+ #endif /* CONFIG_TFM_PARTITION_META */
+ 
+-static void configure_mpu(uint32_t rnr, uint32_t base, uint32_t limit,
+-                          uint32_t is_xn_exec, uint32_t ap_permissions)
++static enum tfm_hal_status_t configure_mpu(uint32_t rnr, uint32_t base,
++                          uint32_t limit, uint32_t is_xn_exec, uint32_t ap_permissions)
+ {
+-    uint32_t size; /* region size */
++    uint32_t rbar_size_field; /* region size as it is used in the RBAR */
+     uint32_t rasr; /* region attribute and size register */
+     uint32_t rbar; /* region base address register */
+ 
+-    size = get_rbar_size_field(limit - base);
++    rbar_size_field = get_rbar_size_field(limit - base);
++
++    /* The MPU region's base address has to be aligned to the region
++     * size for a valid MPU configuration */
++    if ((base % (1 << (rbar_size_field + 1))) != 0) {
++        return TFM_HAL_ERROR_INVALID_INPUT;
++    }
++
++    /* The MPU supports only 8 memory regions */
++    if (rnr > 7) {
++        return TFM_HAL_ERROR_INVALID_INPUT;
++    }
++
++    /* The minimum size for a region is 0x100 bytes */
++    if((limit - base) < MPU_REGION_MIN_SIZE) {
++        return TFM_HAL_ERROR_INVALID_INPUT;
++    }
+ 
+     rasr = ARM_MPU_RASR(is_xn_exec, ap_permissions, TEX, NOT_SHAREABLE,
+-            NOT_CACHEABLE, NOT_BUFFERABLE, SUB_REGION_DISABLE, size);
++            NOT_CACHEABLE, NOT_BUFFERABLE, SUB_REGION_DISABLE, rbar_size_field);
+     rbar = base & MPU_RBAR_ADDR_Msk;
+ 
+     ARM_MPU_SetRegionEx(rnr, rbar, rasr);
++
++    return TFM_HAL_SUCCESS;
+ }
+ 
+ #endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
+@@ -56,33 +76,60 @@ enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(
+     uint32_t rnr = TFM_ISOLATION_REGION_START_NUMBER; /* current region number */
+     uint32_t base; /* start address */
+     uint32_t limit; /* end address */
++    enum tfm_hal_status_t ret;
+ 
+     ARM_MPU_Disable();
+ 
+-    /* TFM Core unprivileged code region */
+-    base = (uint32_t)&REGION_NAME(Image$$, TFM_UNPRIV_CODE_START, $$RO$$Base);
+-    limit = (uint32_t)&REGION_NAME(Image$$, TFM_UNPRIV_CODE_END, $$RO$$Limit);
+-
+-    configure_mpu(rnr++, base, limit, XN_EXEC_OK, AP_RO_PRIV_UNPRIV);
+-
+-    /* RO region */
+-    base = (uint32_t)&REGION_NAME(Image$$, TFM_APP_CODE_START, $$Base);
+-    limit = (uint32_t)&REGION_NAME(Image$$, TFM_APP_CODE_END, $$Base);
++    /* Armv6-M MPU allows region overlapping. The region with the higher RNR
++     * will decide the attributes.
++     *
++     * The default attributes are set to XN_EXEC_OK and AP_RO_PRIV_UNPRIV for the
++     * whole SRAM so the PSA_ROT_LINKER_CODE, TFM_UNPRIV_CODE and APP_ROT_LINKER_CODE
++     * don't have to be aligned and memory space can be saved.
++     * This region has the lowest RNR so the next regions can overwrite these
++     * attributes if it's needed.
++     */
++    base = SRAM_BASE;
++    limit = SRAM_BASE + SRAM_SIZE;
++
++    ret = configure_mpu(rnr++, base, limit,
++                            XN_EXEC_OK, AP_RW_PRIV_UNPRIV);
++    if (ret != TFM_HAL_SUCCESS) {
++        return ret;
++    }
+ 
+-    configure_mpu(rnr++, base, limit, XN_EXEC_OK, AP_RO_PRIV_UNPRIV);
+ 
+     /* RW, ZI and stack as one region */
+     base = (uint32_t)&REGION_NAME(Image$$, TFM_APP_RW_STACK_START, $$Base);
+     limit = (uint32_t)&REGION_NAME(Image$$, TFM_APP_RW_STACK_END, $$Base);
+ 
+-    configure_mpu(rnr++, base, limit, XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV);
++    /* The section size can be bigger than the alignment size, else the code would
++     * not fit into the memory. Because of this, the sections can use multiple MPU
++     * regions. */
++    do {
++        ret = configure_mpu(rnr++, base, base + TFM_LINKER_APP_ROT_LINKER_DATA_ALIGNMENT,
++                                XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV);
++        if (ret != TFM_HAL_SUCCESS) {
++            return ret;
++        }
++        base += TFM_LINKER_APP_ROT_LINKER_DATA_ALIGNMENT;
++    } while (base < limit);
++
+ 
+ #ifdef CONFIG_TFM_PARTITION_META
+     /* TFM partition metadata pointer region */
+     base = (uint32_t)&REGION_NAME(Image$$, TFM_SP_META_PTR, $$ZI$$Base);
+     limit = (uint32_t)&REGION_NAME(Image$$, TFM_SP_META_PTR, $$ZI$$Limit);
+ 
+-    configure_mpu(rnr++, base, limit, XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV);
++    do {
++        ret = configure_mpu(rnr++, base, base + TFM_LINKER_SP_META_PTR_ALIGNMENT,
++                                XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV);
++        if (ret != TFM_HAL_SUCCESS) {
++            return ret;
++        }
++        base += TFM_LINKER_SP_META_PTR_ALIGNMENT;
++    } while (base < limit);
++
+ #endif
+ 
+     arm_mpu_enable();
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch
deleted file mode 100644
index 6bbd66f..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From b05fb661b3afc3ed8e3d4817df2798e9d4877b39 Mon Sep 17 00:00:00 2001
-From: Emekcan Aras <emekcan.aras@arm.com>
-Date: Mon, 15 May 2023 10:46:18 +0100
-Subject: [PATCH] Platform: Corstone1000: Increase BL2_DATA_SIZE
-
-Increases BL2_DATA_SIZE to accommodate the changes in
-metadata_write/read.
-
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24103]
-
----
- platform/ext/target/arm/corstone1000/partition/region_defs.h | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/platform/ext/target/arm/corstone1000/partition/region_defs.h b/platform/ext/target/arm/corstone1000/partition/region_defs.h
-index abfac39b62..e7f0bad2ba 100644
---- a/platform/ext/target/arm/corstone1000/partition/region_defs.h
-+++ b/platform/ext/target/arm/corstone1000/partition/region_defs.h
-@@ -90,9 +90,10 @@
- #define BL2_CODE_SIZE     (IMAGE_BL2_CODE_SIZE)
- #define BL2_CODE_LIMIT    (BL2_CODE_START + BL2_CODE_SIZE - 1)
- 
-+#define BL2_DATA_ADDITIONAL 448 /* To increase the BL2_DATA_SIZE more than the default value */
- #define BL2_DATA_START    (BOOT_TFM_SHARED_DATA_BASE + \
-                            BOOT_TFM_SHARED_DATA_SIZE)
--#define BL2_DATA_SIZE     (BL2_CODE_START - BL2_HEADER_SIZE - BL2_DATA_START)
-+#define BL2_DATA_SIZE     (BL2_CODE_START - BL2_HEADER_SIZE - BL2_DATA_START + BL2_DATA_ADDITIONAL)
- #define BL2_DATA_LIMIT    (BL2_DATA_START + BL2_DATA_SIZE - 1)
- 
- /* SE BL1 regions */
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-platform-corstone1000-Cover-S_DATA-with-MPU.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-platform-corstone1000-Cover-S_DATA-with-MPU.patch
new file mode 100644
index 0000000..6676acf
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-platform-corstone1000-Cover-S_DATA-with-MPU.patch
@@ -0,0 +1,76 @@
+From ca7696bca357cfd71a34582c65a7c7c08828b6dc Mon Sep 17 00:00:00 2001
+From: Bence Balogh <bence.balogh@arm.com>
+Date: Mon, 18 Dec 2023 14:00:14 +0100
+Subject: [PATCH 2/2] platform: corstone1000: Cover S_DATA with MPU
+
+The S_DATA has to be covered with MPU regions to override the
+other MPU regions with smaller RNR values.
+
+Change-Id: I45fec65f51241939314941e25d287e6fdc82777c
+Signed-off-by: Bence Balogh <bence.balogh@arm.com>
+Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/25583]
+
+---
+ .../target/arm/corstone1000/CMakeLists.txt    |  8 +++++++
+ .../arm/corstone1000/tfm_hal_isolation.c      | 22 +++++++++++++++++++
+ 2 files changed, 30 insertions(+)
+
+diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+index 8817f514c..541504368 100644
+--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+@@ -40,6 +40,14 @@ target_compile_definitions(platform_region_defs
+     INTERFACE
+         TFM_LINKER_APP_ROT_LINKER_DATA_ALIGNMENT=0x2000
+         TFM_LINKER_SP_META_PTR_ALIGNMENT=0x100
++
++        # The RAM MPU Region block sizes are calculated manually. The RAM has to be covered
++        # with the MPU regions. These regions also have to be the power of 2 and
++        # the start addresses have to be aligned to these sizes. The sizes can be calculated
++        # from the S_DATA_START and S_DATA_SIZE defines.
++        RAM_MPU_REGION_BLOCK_1_SIZE=0x4000
++        RAM_MPU_REGION_BLOCK_2_SIZE=0x20000
++
+ )
+ #========================= Platform common defs ===============================#
+ 
+diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c
+index 98e795dde..39b19c535 100644
+--- a/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c
++++ b/platform/ext/target/arm/corstone1000/tfm_hal_isolation.c
+@@ -15,6 +15,7 @@
+ #include "mpu_config.h"
+ #include "mmio_defs.h"
+ #include "flash_layout.h"
++#include "region_defs.h"
+ 
+ #define PROT_BOUNDARY_VAL \
+     ((1U << HANDLE_ATTR_PRIV_POS) & HANDLE_ATTR_PRIV_MASK)
+@@ -132,6 +133,27 @@ enum tfm_hal_status_t tfm_hal_set_up_static_boundaries(
+ 
+ #endif
+ 
++    /* Set the RAM attributes. It is needed because the first region overlaps the whole
++     * SRAM and it has to be overridden.
++     * The RAM_MPU_REGION_BLOCK_1_SIZE and RAM_MPU_REGION_BLOCK_2_SIZE are calculated manually
++     * and added to the platform_region_defs compile definitions.
++     */
++    base = S_DATA_START;
++    limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE;
++    ret = configure_mpu(rnr++, base, limit,
++                            XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV);
++    if (ret != TFM_HAL_SUCCESS) {
++        return ret;
++    }
++
++    base = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE;
++    limit = S_DATA_START + RAM_MPU_REGION_BLOCK_1_SIZE + RAM_MPU_REGION_BLOCK_2_SIZE;
++    ret = configure_mpu(rnr++, base, limit,
++                            XN_EXEC_NOT_OK, AP_RW_PRIV_UNPRIV);
++    if (ret != TFM_HAL_SUCCESS) {
++        return ret;
++    }
++
+     arm_mpu_enable();
+ 
+ #endif /* CONFIG_TFM_ENABLE_MEMORY_PROTECT */
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch
deleted file mode 100644
index 7a07c0c..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 88cfce2e04913d48ec8636b6a3550d71ebdd49c4 Mon Sep 17 00:00:00 2001
-From: Emekcan Aras <emekcan.aras@arm.com>
-Date: Mon, 15 May 2023 10:47:27 +0100
-Subject: [PATCH] Platform: Corstone1000: Calculate the new CRC32 value after
- changing the metadata
-
-Calculates the new CRC32 value for the metadata struct after chaing a value
-during the capsule update. It also updates the CRC32 field in the metadata
-so it doesn't fail the CRC check after a succesfull capsule update.
-It also skips doing a sanity check the BL2 nv counter after the capsule
-update since the tfm bl1 does not sync metadata and nv counters in OTP during
-the boot anymore.
-
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24104/7]
-
----
- .../arm/corstone1000/fw_update_agent/fwu_agent.c       | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
-index afd8d66e42..f564f2902c 100644
---- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
-+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
-@@ -802,6 +802,8 @@ static enum fwu_agent_error_t flash_full_capsule(
-     }
-     metadata->active_index = previous_active_index;
-     metadata->previous_active_index = active_index;
-+    metadata->crc_32 = crc32((uint8_t *)&metadata->version,
-+                              sizeof(struct fwu_metadata) - sizeof(uint32_t));
- 
-     ret = metadata_write(metadata);
-     if (ret) {
-@@ -913,6 +915,8 @@ static enum fwu_agent_error_t accept_full_capsule(
-     if (ret) {
-         return ret;
-     }
-+    metadata->crc_32 = crc32((uint8_t *)&metadata->version,
-+                              sizeof(struct fwu_metadata) - sizeof(uint32_t));
- 
-     ret = metadata_write(metadata);
-     if (ret) {
-@@ -1007,6 +1011,8 @@ static enum fwu_agent_error_t fwu_select_previous(
-     if (ret) {
-         return ret;
-     }
-+    metadata->crc_32 = crc32((uint8_t *)&metadata->version,
-+                              sizeof(struct fwu_metadata) - sizeof(uint32_t));
- 
-     ret = metadata_write(metadata);
-     if (ret) {
-@@ -1119,8 +1125,7 @@ static enum fwu_agent_error_t update_nv_counters(
- 
-     FWU_LOG_MSG("%s: enter\n\r", __func__);
- 
--    for (int i = 0; i <= FWU_MAX_NV_COUNTER_INDEX; i++) {
--
-+    for (int i = 1; i <= FWU_MAX_NV_COUNTER_INDEX; i++) {
-         switch (i) {
-             case FWU_BL2_NV_COUNTER:
-                 tfm_nv_counter_i = PLAT_NV_COUNTER_BL1_0;
-@@ -1141,7 +1146,6 @@ static enum fwu_agent_error_t update_nv_counters(
-         if (err != TFM_PLAT_ERR_SUCCESS) {
-             return FWU_AGENT_ERROR;
-         }
--
-         if (priv_metadata->nv_counter[i] < security_cnt) {
-             return FWU_AGENT_ERROR;
-         } else if (priv_metadata->nv_counter[i] > security_cnt) {
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch
new file mode 100644
index 0000000..2360992
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch
@@ -0,0 +1,76 @@
+From f7b58b5ba5b48e071eb360c1bcfc4d31290a77c1 Mon Sep 17 00:00:00 2001
+From: Ali Can Ozaslan <ali.oezaslan@arm.com>
+Date: Tue, 5 Mar 2024 21:01:59 +0000
+Subject: [PATCH] Platform:corstone1000:Fix issues due to adjustment Mailbox
+ Agent params
+
+Adjust Mailbox Agent API parameters patch changed memory check and
+related parameters. As a result, platform-specific issues occurred.
+Secure side client IDs are converted to negative values. Control
+parameter is created.
+
+Signed-off-by: Bence Balogh <bence.balogh@arm.com>
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
+Upstream-Status: Pending
+
+---
+ .../tfm_spe_dual_core_psa_client_secure_lib.c | 23 +++++++++++++++----
+ 1 file changed, 18 insertions(+), 5 deletions(-)
+
+diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c
+index d2eabe144..39e11b8cd 100644
+--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c
++++ b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c
+@@ -18,6 +18,9 @@
+ #include "utilities.h"
+ #include "thread.h"
+ 
++#define SE_PROXY_SP_UID 0
++#define SMM_GW_SP_UID 0x8003
++
+ /**
+  * In linux environment and for psa_call type client api,
+  * the layout of the reply from tf-m to linux is as following.
+@@ -174,7 +177,14 @@ static psa_status_t prepare_params_for_psa_call(struct client_params_t *params,
+ {
+     psa_status_t ret = PSA_SUCCESS;
+ 
+-    params->ns_client_id_stateless = s_map_entry->msg.client_id;
++    if (s_map_entry->msg.client_id == SE_PROXY_SP_UID) {
++        params->ns_client_id_stateless = -1;
++    }
++    else if (s_map_entry->msg.client_id == SMM_GW_SP_UID) {
++        params->ns_client_id_stateless = -1 * s_map_entry->msg.client_id;
++    } else {
++        params->ns_client_id_stateless = s_map_entry->msg.client_id;
++    }
+ 
+     params->p_outvecs = NULL;
+     ret = alloc_and_prepare_out_vecs(&params->p_outvecs, s_map_entry);
+@@ -250,6 +260,9 @@ void deliver_msg_to_tfm_spe(void *private)
+     struct client_params_t params = {0};
+     psa_status_t psa_ret = PSA_ERROR_GENERIC_ERROR;
+     unordered_map_entry_t* s_map_entry = (unordered_map_entry_t*)private;
++    uint32_t control = PARAM_PACK(s_map_entry->msg.params.psa_call_params.type,
++                                  s_map_entry->msg.params.psa_call_params.in_len,
++                                  s_map_entry->msg.params.psa_call_params.out_len);
+ 
+     switch(s_map_entry->msg.call_type) {
+         case OPENAMP_PSA_FRAMEWORK_VERSION:
+@@ -266,11 +279,11 @@ void deliver_msg_to_tfm_spe(void *private)
+                 send_service_reply_to_non_secure(psa_ret, s_map_entry);
+                 break;
+             }
++            control = PARAM_SET_NS_INVEC(control);
++            control = PARAM_SET_NS_OUTVEC(control);
++            control = PARAM_SET_NS_VEC(control);           
+             psa_ret = tfm_rpc_psa_call(s_map_entry->msg.params.psa_call_params.handle,
+-                                       PARAM_PACK(s_map_entry->msg.params.psa_call_params.type,
+-                                                  s_map_entry->msg.params.psa_call_params.in_len,
+-                                                  s_map_entry->msg.params.psa_call_params.out_len),
+-                                       &params, NULL);
++                                       control, &params, NULL);
+             if (psa_ret != PSA_SUCCESS) {
+                 send_service_reply_to_non_secure(psa_ret, s_map_entry);
+                 break;
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-arm-trusted-firmware-m-disable-fatal-warnings.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-arm-trusted-firmware-m-disable-fatal-warnings.patch
deleted file mode 100644
index 07db4f6..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-arm-trusted-firmware-m-disable-fatal-warnings.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From 04ce07d289e8cec75223349e9ebf7e69126fc04d Mon Sep 17 00:00:00 2001
-From: Jon Mason <jon.mason@arm.com>
-Date: Wed, 18 Jan 2023 15:13:37 -0500
-Subject: [PATCH] arm/trusted-firmware-m: disable fatal warnings
-
-Signed-off-by: Jon Mason <jon.mason@arm.com>
-Upstream-Status: Inappropriate
-
----
- toolchain_GNUARM.cmake | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/toolchain_GNUARM.cmake b/toolchain_GNUARM.cmake
-index 7989718515..a5939323d6 100644
---- a/toolchain_GNUARM.cmake
-+++ b/toolchain_GNUARM.cmake
-@@ -71,7 +71,6 @@ macro(tfm_toolchain_reset_linker_flags)
-         --entry=Reset_Handler
-         -specs=nano.specs
-         LINKER:-check-sections
--        LINKER:-fatal-warnings
-         LINKER:--gc-sections
-         LINKER:--no-wchar-size-warning
-         ${MEMORY_USAGE_FLAG}
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-platform-corstone1000-align-capsule-update-structs.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-platform-corstone1000-align-capsule-update-structs.patch
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-platform-corstone1000-align-capsule-update-structs.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-platform-corstone1000-align-capsule-update-structs.patch
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-Platform-corstone1000-add-unique-firmware-GUID.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-Platform-corstone1000-add-unique-firmware-GUID.patch
deleted file mode 100644
index e4eba62..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-Platform-corstone1000-add-unique-firmware-GUID.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 3004fda909079ebebd62c495a4e49e64d6c8a85f Mon Sep 17 00:00:00 2001
-From: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
-Date: Tue, 8 Aug 2023 10:58:01 +0000
-Subject: [PATCH] Platform corstone1000 add unique firmware GUID
-
-Add unique Corstone-1000 firmware GUID
-
-Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
-Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24132/3]
----
- .../target/arm/corstone1000/fw_update_agent/fwu_agent.c   | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
-index f564f2902c..9c31aeee9d 100644
---- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
-+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
-@@ -113,10 +113,10 @@ enum fwu_agent_state_t {
- };
- 
- struct efi_guid full_capsule_image_guid = {
--    .time_low = 0xe2bb9c06,
--    .time_mid = 0x70e9,
--    .time_hi_and_version = 0x4b14,
--    .clock_seq_and_node = {0x97, 0xa3, 0x5a, 0x79, 0x13, 0x17, 0x6e, 0x3f}
-+    .time_low = 0x989f3a4e,
-+    .time_mid = 0x46e0,
-+    .time_hi_and_version = 0x4cd0,
-+    .clock_seq_and_node = {0x98, 0x77, 0xa2, 0x5c, 0x70, 0xc0, 0x13, 0x29}
- };
- 
- 
--- 
-2.38.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-platform-corstone1000-fix-synchronization-issue-on-o.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-fix-synchronization-issue-on-o.patch
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-platform-corstone1000-fix-synchronization-issue-on-o.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-fix-synchronization-issue-on-o.patch
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-Signed-Capsule.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-Signed-Capsule.patch
deleted file mode 100644
index f805a44..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-Signed-Capsule.patch
+++ /dev/null
@@ -1,102 +0,0 @@
-From fa0988fd876400dc1bb451fffc4b167265b40d25 Mon Sep 17 00:00:00 2001
-From: Emekcan Aras <emekcan.aras@arm.com>
-Date: Thu, 14 Sep 2023 12:14:28 +0100
-Subject: [PATCH] Platform: Corstone1000: Enable Signed Capsule
-
-Enables signed capsule update and adjusts the necessary structs (fmp_payload_header
-, image_auth, etc.) to comply with the new capsule generation tool (mkeficapsule).
-
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24131/3]
----
- .../fw_update_agent/uefi_capsule_parser.c     | 25 +++++++++++--------
- .../fw_update_agent/uefi_capsule_parser.h     |  2 ++
- 2 files changed, 17 insertions(+), 10 deletions(-)
-
-diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c
-index b72ff1eb91..c706c040ac 100644
---- a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c
-+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c
-@@ -102,11 +102,9 @@ enum uefi_capsule_error_t uefi_capsule_retrieve_images(void* capsule_ptr,
-     }
- 
-     capsule_header = (efi_capsule_header_t*)ptr;
--    ptr += sizeof(efi_capsule_header_t) + sizeof(uint32_t);
-+    ptr += sizeof(efi_capsule_header_t);
-     fmp_capsule_header = (efi_firmware_management_capsule_header_t*)ptr;
- 
--    fmp_payload_header = fmp_capsule_header + sizeof(*fmp_capsule_header);
--
-     total_size = capsule_header->capsule_image_size;
-     image_count = fmp_capsule_header->payload_item_count;
-     images_info->nr_image = image_count;
-@@ -119,22 +117,20 @@ enum uefi_capsule_error_t uefi_capsule_retrieve_images(void* capsule_ptr,
-     }
- 
-     for (int i = 0; i < image_count; i++) {
--
-         image_header = (efi_firmware_management_capsule_image_header_t*)(ptr +
-                                 fmp_capsule_header->item_offset_list[i]);
- 
-         images_info->size[i] = image_header->update_image_size;
--        images_info->version[i] = fmp_payload_header->fw_version;
--        FWU_LOG_MSG("%s: image %i version = %u\n\r", __func__, i,
--                                images_info->version[i]);
-+
- #ifdef AUTHENTICATED_CAPSULE
-         image_auth = (efi_firmware_image_authentication_t*)(
-                         (char*)image_header +
-                         sizeof (efi_firmware_management_capsule_image_header_t)
-                      );
-         auth_size = sizeof(uint64_t) /* monotonic_count */  +
--                    image_auth->auth_info.hdr.dwLength /* WIN_CERTIFICATE + cert_data */ +
--                    sizeof(struct efi_guid) /* cert_type */;
-+                    image_auth->auth_info.hdr.dwLength/* WIN_CERTIFICATE + cert_data + cert_type */;
-+
-+        fmp_payload_header = (fmp_payload_header_t*)((char*)image_auth + auth_size);
- 
-         FWU_LOG_MSG("%s: auth size = %u\n\r", __func__, auth_size);
- 
-@@ -143,16 +139,25 @@ enum uefi_capsule_error_t uefi_capsule_retrieve_images(void* capsule_ptr,
-         images_info->image[i] = (
-                 (char*)image_header +
-                 sizeof(efi_firmware_management_capsule_image_header_t) +
--                auth_size);
-+                auth_size +
-+                sizeof(*fmp_payload_header));
- #else
-         images_info->image[i] = (
-                 (char*)image_header +
-                 sizeof(efi_firmware_management_capsule_image_header_t) +
-                 sizeof(*fmp_payload_header));
-+
-+        fmp_payload_header = (fmp_payload_header_t*)((char*)image_header +
-+                sizeof(efi_firmware_management_capsule_image_header_t));
-+
- #endif
-         memcpy(&images_info->guid[i], &(image_header->update_image_type_id),
-                                                         sizeof(struct efi_guid));
- 
-+        images_info->version[i] = fmp_payload_header->fw_version;
-+        FWU_LOG_MSG("%s: image %i version = %d\n\r", __func__, i,
-+                                images_info->version[i]);
-+
-         FWU_LOG_MSG("%s: image %d at %p, size=%u\n\r", __func__, i,
-                         images_info->image[i], images_info->size[i]);
- 
-diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.h b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.h
-index a890a709e9..a31cd8a3a0 100644
---- a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.h
-+++ b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.h
-@@ -12,6 +12,8 @@
- #include "fip_parser/external/uuid.h"
- #include "flash_layout.h"
- 
-+#define AUTHENTICATED_CAPSULE 1
-+
- enum uefi_capsule_error_t {
-     UEFI_CAPSULE_PARSER_SUCCESS = 0,
-     UEFI_CAPSULE_PARSER_ERROR = (-1)
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-skip-the-first-nv-counter.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-skip-the-first-nv-counter.patch
new file mode 100644
index 0000000..4c486e6
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-skip-the-first-nv-counter.patch
@@ -0,0 +1,33 @@
+From 001e5bea183bc78352ac3ba6283d9d7912bb6ea5 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <Emekcan.Aras@arm.com>
+Date: Wed, 21 Feb 2024 07:44:25 +0000
+Subject: [PATCH] Platform: Corstone1000: skip the first nv counter
+
+It skips doing a sanity check the BL2 nv counter after the capsule
+update since the tfm bl1 does not sync metadata and nv counters in OTP during
+the boot anymore.
+
+Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
+Upstream-Status: Pending
+
+---
+ .../ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c     | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
+index 2e6de255b..2e6cf8047 100644
+--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
+@@ -1125,7 +1125,7 @@ static enum fwu_agent_error_t update_nv_counters(
+ 
+     FWU_LOG_MSG("%s: enter\n\r", __func__);
+ 
+-    for (int i = 0; i <= FWU_MAX_NV_COUNTER_INDEX; i++) {
++    for (int i = 1; i <= FWU_MAX_NV_COUNTER_INDEX; i++) {
+ 
+         switch (i) {
+             case FWU_BL2_NV_COUNTER:
+-- 
+2.25.1
+
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-increase-ITS-max-asset-size.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-increase-ITS-max-asset-size.patch
deleted file mode 100644
index 97cd14d..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-increase-ITS-max-asset-size.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From ef97f7083279565dab45a550139935d741f159a9 Mon Sep 17 00:00:00 2001
-From: Emekcan Aras <emekcan.aras@arm.com>
-Date: Fri, 29 Sep 2023 09:57:19 +0100
-Subject: [PATCH] platform: corstone1000: Increase ITS max asset size
-​
-Increases the max asset size for ITS to enable parsec services & tests
-​
-Upstream-Status: Pending
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Signed-off-by: Vikas Katariya <vikas.katariya@arm.com>
----
- platform/ext/target/arm/corstone1000/config_tfm_target.h | 5 +++++
- 1 files changed, 5 insertions(+)
-​
-diff --git a/platform/ext/target/arm/corstone1000/config_tfm_target.h b/platform/ext/target/arm/corstone1000/config_tfm_target.h
-index e968366639..3f6e8477e5 100644
---- a/platform/ext/target/arm/corstone1000/config_tfm_target.h
-+++ b/platform/ext/target/arm/corstone1000/config_tfm_target.h
-@@ -24,4 +24,9 @@
- #undef PS_NUM_ASSETS
- #define PS_NUM_ASSETS        20
-
-+/* The maximum size of asset to be stored in the Internal Trusted Storage area. */
-+#undef ITS_MAX_ASSET_SIZE
-+#define ITS_MAX_ASSET_SIZE        2048
-+
-+
- #endif /* __CONFIG_TFM_TARGET_H__ */
--- 
\ No newline at end of file
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.8.1-src.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.8.1-src.inc
deleted file mode 100644
index f7e202a..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-1.8.1-src.inc
+++ /dev/null
@@ -1,46 +0,0 @@
-# Common src definitions for trusted-firmware-m and trusted-firmware-m-scripts
-
-LICENSE = "BSD-2-Clause & BSD-3-Clause & Apache-2.0"
-
-LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa \
-                    file://../tf-m-tests/license.rst;md5=4481bae2221b0cfca76a69fb3411f390 \
-                    file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \
-                    file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8"
-
-SRC_URI_TRUSTED_FIRMWARE_M ?= "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https"
-SRC_URI_TRUSTED_FIRMWARE_M_TESTS ?= "git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https"
-SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS ?= "git://github.com/ARMmbed/mbedtls.git;protocol=https"
-SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT ?= "git://github.com/mcu-tools/mcuboot.git;protocol=https"
-SRC_URI_TRUSTED_FIRMWARE_M_QCBOR ?= "git://github.com/laurencelundblade/QCBOR.git;protocol=https"
-SRC_URI_TRUSTED_FIRMWARE_M_EXTRAS ?= "git://git.trustedfirmware.org/TF-M/tf-m-extras.git;protocol=https"
-SRC_URI  = "${SRC_URI_TRUSTED_FIRMWARE_M};branch=${SRCBRANCH_tfm};name=tfm;destsuffix=git/tfm \
-            ${SRC_URI_TRUSTED_FIRMWARE_M_TESTS};branch=${SRCBRANCH_tfm-tests};name=tfm-tests;destsuffix=git/tf-m-tests \
-            ${SRC_URI_TRUSTED_FIRMWARE_M_MBEDTLS};branch=${SRCBRANCH_mbedtls};name=mbedtls;destsuffix=git/mbedtls \
-            ${SRC_URI_TRUSTED_FIRMWARE_M_MCUBOOT};branch=${SRCBRANCH_mcuboot};name=mcuboot;destsuffix=git/mcuboot \
-            ${SRC_URI_TRUSTED_FIRMWARE_M_QCBOR};branch=${SRCBRANCH_qcbor};name=qcbor;destsuffix=git/qcbor \
-            ${SRC_URI_TRUSTED_FIRMWARE_M_EXTRAS};branch=${SRCBRANCH_tfm-extras};name=tfm-extras;destsuffix=git/tfm-extras \
-            "
-
-# The required dependencies are documented in tf-m/config/config_default.cmake
-# TF-Mv1.8.1
-SRCBRANCH_tfm ?= "master"
-SRCREV_tfm = "53aa78efef274b9e46e63b429078ae1863609728"
-# TF-Mv1.8.1
-SRCBRANCH_tfm-tests ?= "master"
-SRCREV_tfm-tests = "1273c5bcd3d8ade60d51524797e0b22b6fd7eea1"
-# mbedtls-3.4.1
-SRCBRANCH_mbedtls ?= "master"
-SRCREV_mbedtls = "72718dd87e087215ce9155a826ee5a66cfbe9631"
-# mcuboot v1.10.0
-SRCBRANCH_mcuboot ?= "main"
-SRCREV_mcuboot = "23d28832f02dcdc18687782c6cd8ba99e9b274d2"
-# QCBOR v1.2
-SRCBRANCH_qcbor ?= "master"
-SRCREV_qcbor = "b0e7033268e88c9f27146fa9a1415ef4c19ebaff"
-# TF-Mv1.8.1
-SRCBRANCH_tfm-extras ?= "master"
-SRCREV_tfm-extras = "504ae9a9a50981e9dd4d8accec8261a1dba9e965"
-
-SRCREV_FORMAT = "tfm"
-
-S = "${WORKDIR}/git/tfm"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
index 19ad289..716d3f1 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
@@ -9,13 +9,14 @@
 ## Default is the MPS3 board
 TFM_PLATFORM_IS_FVP ?= "FALSE"
 EXTRA_OECMAKE += "-DPLATFORM_IS_FVP=${TFM_PLATFORM_IS_FVP}"
-EXTRA_OECMAKE += "-DCC312_LEGACY_DRIVER_API_ENABLED=ON"
+EXTRA_OECMAKE += "-DCC312_LEGACY_DRIVER_API_ENABLED=OFF"
 
 # libmetal v2023.04.0
 LICENSE += "& BSD-3-Clause"
 LIC_FILES_CHKSUM += "file://../libmetal/LICENSE.md;md5=f4d5df0f12dcea1b1a0124219c0dbab4"
 SRC_URI += "git://github.com/OpenAMP/libmetal.git;protocol=https;branch=main;name=libmetal;destsuffix=git/libmetal \
             file://0001-cmake-modify-path-to-libmetal-version-file.patch;patchdir=../libmetal \
+            file://0002-arm-trusted-firmware-m-disable-address-warnings-into.patch \
            "
 SRCREV_libmetal = "28fa2351d6a8121ce6c1c2ac5ee43ce08d38dbae"
 EXTRA_OECMAKE += "-DLIBMETAL_SRC_PATH=${S}/../libmetal -DLIBMETAL_BIN_PATH=${B}/libmetal-build"
@@ -32,15 +33,12 @@
 
 FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
 SRC_URI:append:corstone1000 = " \
-    file://0001-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch \
-    file://0002-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch \
-    file://0003-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch \
-    file://0004-arm-trusted-firmware-m-disable-fatal-warnings.patch \
-    file://0005-Platform-corstone1000-add-unique-firmware-GUID.patch \
-    file://0006-Platform-Corstone1000-Enable-Signed-Capsule.patch \
-    file://0007-platform-corstone1000-increase-ITS-max-asset-size.patch \
-    file://0008-platform-corstone1000-align-capsule-update-structs.patch \
-    file://0009-platform-corstone1000-fix-synchronization-issue-on-o.patch \
+    file://0001-platform-corstone1000-Update-MPU-configuration.patch \
+    file://0002-platform-corstone1000-Cover-S_DATA-with-MPU.patch \
+    file://0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch \
+    file://0004-platform-corstone1000-align-capsule-update-structs.patch \
+    file://0005-platform-corstone1000-fix-synchronization-issue-on-o.patch \
+    file://0006-Platform-Corstone1000-skip-the-first-nv-counter.patch \
     "
 
 # TF-M ships patches for external dependencies that needs to be applied
@@ -54,10 +52,10 @@
 do_patch[postfuncs] += "apply_tfm_patches"
 
 do_install() {
-  install -D -p -m 0644 ${B}/install/outputs/tfm_s_signed.bin ${D}/firmware/tfm_s_signed.bin
-  install -D -p -m 0644 ${B}/install/outputs/bl2_signed.bin ${D}/firmware/bl2_signed.bin
-  install -D -p -m 0644 ${B}/install/outputs/bl1_1.bin ${D}/firmware/bl1_1.bin
-  install -D -p -m 0644 ${B}/install/outputs/bl1_provisioning_bundle.bin ${D}/firmware/bl1_provisioning_bundle.bin
+  install -D -p -m 0644 ${B}/bin/tfm_s_signed.bin ${D}/firmware/tfm_s_signed.bin
+  install -D -p -m 0644 ${B}/bin/bl2_signed.bin ${D}/firmware/bl2_signed.bin
+  install -D -p -m 0644 ${B}/bin/bl1_1.bin ${D}/firmware/bl1_1.bin
+  install -D -p -m 0644 ${B}/bin/bl1_provisioning_bundle.bin ${D}/firmware/bl1_provisioning_bundle.bin
 }
 
 create_bl1_image(){
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_1.8.1.bb b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_1.8.1.bb
deleted file mode 100644
index d50d886..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native_1.8.1.bb
+++ /dev/null
@@ -1,2 +0,0 @@
-require recipes-bsp/trusted-firmware-m/trusted-firmware-m-${PV}-src.inc
-require recipes-bsp/trusted-firmware-m/trusted-firmware-m-scripts-native.inc
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.8.1.bb b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.8.1.bb
deleted file mode 100644
index 3464f49..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.8.1.bb
+++ /dev/null
@@ -1,2 +0,0 @@
-require recipes-bsp/trusted-firmware-m/trusted-firmware-m-${PV}-src.inc
-require recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc
index 2585ff2..c7172d6 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc
@@ -58,6 +58,7 @@
     file://0040-fix-runtime-capsule-update-flags-checks.patch		  \
     file://0041-scatter-gather-flag-workaround.patch			  \
     file://0042-corstone1000-enable-virtio-net-support.patch		  \
+    file://0043-firmware-psci-Fix-bind_smccc_features-psci-check.patch		  \
     "
 
 do_configure:append() {
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0043-firmware-psci-Fix-bind_smccc_features-psci-check.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0043-firmware-psci-Fix-bind_smccc_features-psci-check.patch
new file mode 100644
index 0000000..70d684b
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0043-firmware-psci-Fix-bind_smccc_features-psci-check.patch
@@ -0,0 +1,60 @@
+Subject: [PATCH v4 1/3] firmware: psci: Fix bind_smccc_features psci check
+Date: Mon,  4 Mar 2024 14:42:40 +0000	[thread overview]
+Message-ID: <20240304144242.11666-2-o451686892@gmail.com> (raw)
+In-Reply-To: <20240304144242.11666-1-o451686892@gmail.com>
+
+According to PSCI specification DEN0022F, PSCI_FEATURES is used to check
+whether the SMCCC is implemented by discovering SMCCC_VERSION.
+
+Signed-off-by: Weizhao Ouyang <o451686892@gmail.com>
+Signed-off-by: Bence Balogh <bence.balogh@arm.com>
+Upstream-Status: Submitted [https://lore.kernel.org/all/20240304144242.11666-2-o451686892@gmail.com/]
+---
+v3: remove fallback smc call
+v2: check SMCCC_ARCH_FEATURES
+---
+ drivers/firmware/psci.c   | 5 ++++-
+ include/linux/arm-smccc.h | 6 ++++++
+ 2 files changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/firmware/psci.c b/drivers/firmware/psci.c
+index c6b9efab41..03544d76ed 100644
+--- a/drivers/firmware/psci.c
++++ b/drivers/firmware/psci.c
+@@ -135,10 +135,13 @@ static int bind_smccc_features(struct udevice *dev, int psci_method)
+ 	    PSCI_VERSION_MAJOR(psci_0_2_get_version()) == 0)
+ 		return 0;
+ 
+-	if (request_psci_features(ARM_SMCCC_ARCH_FEATURES) ==
++	if (request_psci_features(ARM_SMCCC_VERSION) ==
+ 	    PSCI_RET_NOT_SUPPORTED)
+ 		return 0;
+ 
++	if (invoke_psci_fn(ARM_SMCCC_VERSION, 0, 0, 0) < ARM_SMCCC_VERSION_1_1)
++		return 0;
++
+ 	if (psci_method == PSCI_METHOD_HVC)
+ 		pdata->invoke_fn = smccc_invoke_hvc;
+ 	else
+diff --git a/include/linux/arm-smccc.h b/include/linux/arm-smccc.h
+index f44e9e8f93..da3d29aabe 100644
+--- a/include/linux/arm-smccc.h
++++ b/include/linux/arm-smccc.h
+@@ -55,8 +55,14 @@
+ #define ARM_SMCCC_QUIRK_NONE		0
+ #define ARM_SMCCC_QUIRK_QCOM_A6		1 /* Save/restore register a6 */
+ 
++#define ARM_SMCCC_VERSION		0x80000000
+ #define ARM_SMCCC_ARCH_FEATURES		0x80000001
+ 
++#define ARM_SMCCC_VERSION_1_0		0x10000
++#define ARM_SMCCC_VERSION_1_1		0x10001
++#define ARM_SMCCC_VERSION_1_2		0x10002
++#define ARM_SMCCC_VERSION_1_3		0x10003
++
+ #define ARM_SMCCC_RET_NOT_SUPPORTED	((unsigned long)-1)
+ 
+ #ifndef __ASSEMBLY__
+-- 
+2.40.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_202305.bb b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_202305.bb
deleted file mode 100644
index 2332550..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_202305.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-SRCREV_edk2           ?= "ba91d0292e593df8528b66f99c1b0b14fadc8e16"
-SRCREV_edk2-platforms ?= "be2af02a3fb202756ed9855173e0d0ed878ab6be"
-
-# FIXME - clang is having issues with antlr
-TOOLCHAIN:aarch64 = "gcc"
-
-require recipes-bsp/uefi/edk2-firmware.inc
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_202311.bb b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_202311.bb
similarity index 100%
rename from meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_202311.bb
rename to meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_202311.bb
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0009-Platform-ARM-N1Sdp-Reserve-OP-TEE-Region-from-UEFI.patch b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0009-Platform-ARM-N1Sdp-Reserve-OP-TEE-Region-from-UEFI.patch
index 0fdf9ee..6105e9a 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0009-Platform-ARM-N1Sdp-Reserve-OP-TEE-Region-from-UEFI.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0009-Platform-ARM-N1Sdp-Reserve-OP-TEE-Region-from-UEFI.patch
@@ -1,15 +1,14 @@
-From f2a76d6595b31b0bc1be7029277676af1b1cc3d3 Mon Sep 17 00:00:00 2001
+From 60dfd5bb8f25fa5f0b6c07c3098836bec1668c19 Mon Sep 17 00:00:00 2001
 From: Mariam Elshakfy <mariam.elshakfy@arm.com>
-Date: Wed, 11 Oct 2023 16:18:22 +0000
+Date: Thu, 14 Mar 2024 14:47:27 +0000
 Subject: [PATCH] Platform/ARM/N1Sdp: Reserve OP-TEE Region from UEFI
 
 To enable cache on N1SDP, OP-TEE has to be moved
 to run from DDR4 memory. Since this memory is
 known to application side, it must be reserved
 
-Upstream-Status: Pending (not yet submitted to upstream)
+Upstream-Status: Inappropriate [will not be submitted as it's a workaround to address hardware issue]
 Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
-
 ---
  .../Library/PlatformLib/PlatformLib.inf             |  3 +++
  .../Library/PlatformLib/PlatformLibMem.c            | 13 +++++++++++++
@@ -68,3 +67,6 @@
 +
  [Ppis]
    gNtFwConfigDtInfoPpiGuid =  { 0xb50dee0e, 0x577f, 0x47fb, { 0x83, 0xd0, 0x41, 0x78, 0x61, 0x8b, 0x33, 0x8a } }
+-- 
+2.38.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-plat-corstone1000-fmp-client-id.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-plat-corstone1000-fmp-client-id.patch
new file mode 100644
index 0000000..2fb91f6
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-plat-corstone1000-fmp-client-id.patch
@@ -0,0 +1,45 @@
+From 52d962239207bd06827c18d0ed21abdc2002337f Mon Sep 17 00:00:00 2001
+From: emeara01 <emekcan.aras@arm.com>
+Date: Thu, 7 Mar 2024 10:24:42 +0000
+Subject: [PATCH] plat: corstone1000: add client_id for FMP service
+
+Corstone1000 uses trusted-firmware-m as secure enclave software component. Due
+to the changes in TF-M 2.0, psa services requires a seperate client_id now.
+This commit adds smm-gateway-sp client id to the FMP services since FMP structure
+accessed by u-boot via smm-gateway-sp.
+
+Signed-off-by: emeara01 <emekcan.aras@arm.com>
+Upstream-Status: Inappropriate [Design is to revisted]
+---
+ .../capsule_update/provider/corstone1000_fmp_service.c     | 5 ++++---
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
+index d811af9f..354d025f 100644
+--- a/components/service/capsule_update/provider/corstone1000_fmp_service.c
++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
+@@ -33,6 +33,7 @@
+ 	 EFI_VARIABLE_APPEND_WRITE)
+ 
+ #define FMP_VARIABLES_COUNT	6
++#define SMM_GW_SP_ID		0x8003
+ 
+ static struct variable_metadata fmp_variables_metadata[FMP_VARIABLES_COUNT] = {
+     {
+@@ -91,7 +92,7 @@ static psa_status_t protected_storage_set(struct rpc_caller *caller,
+ 		{ .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) },
+ 	};
+ 
+-	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_ITS_SET,
++	psa_status = psa_call_client_id(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, SMM_GW_SP_ID,TFM_PS_ITS_SET,
+ 			      in_vec, IOVEC_LEN(in_vec), NULL, 0);
+ 	if (psa_status < 0)
+ 		EMSG("ipc_set: psa_call failed: %d", psa_status);
+@@ -114,7 +115,7 @@ static psa_status_t protected_storage_get(struct rpc_caller *caller,
+ 		{ .base = psa_ptr_to_u32(p_data), .len = data_size },
+ 	};
+ 
+-	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
++	psa_status = psa_call_client_id(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, SMM_GW_SP_ID,
+ 			      TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec),
+ 			      out_vec, IOVEC_LEN(out_vec));
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
index 3c7e94e..80a5805 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
@@ -10,6 +10,7 @@
     file://0006-plat-corstone1000-Use-the-stateless-platform-service.patch \
     file://0007-plat-corstone1000-Initialize-capsule-update-provider.patch \
     file://0008-platform-corstone1000-fix-synchronization-issue.patch \
+    file://0009-plat-corstone1000-fmp-client-id.patch \
     "
 
 
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_%.bbappend
new file mode 100644
index 0000000..5c9ef21
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-block-storage_%.bbappend
@@ -0,0 +1 @@
+require ts-arm-platforms.inc
diff --git a/meta-arm/meta-arm-bsp/wic/corstone1000-flash-firmware.wks.in b/meta-arm/meta-arm-bsp/wic/corstone1000-flash-firmware.wks.in
index 88559de..6919afd 100644
--- a/meta-arm/meta-arm-bsp/wic/corstone1000-flash-firmware.wks.in
+++ b/meta-arm/meta-arm-bsp/wic/corstone1000-flash-firmware.wks.in
@@ -17,7 +17,7 @@
 
 part --source rawcopy --size 100k --sourceparams="file=bl2_signed.bin" --offset 36k --align 4 --part-name="bl2_primary" --uuid 9A3A8FBF-55EF-439C-80C9-A3F728033929 --part-type 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9
 
-part --source rawcopy --size 376k --sourceparams="file=tfm_s_signed.bin" --align 4 --part-name="tfm_primary" --uuid 07F9616C-1233-439C-ACBA-72D75421BF70 --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E
+part --source rawcopy --size 368k --sourceparams="file=tfm_s_signed.bin" --align 4 --part-name="tfm_primary" --uuid 07F9616C-1233-439C-ACBA-72D75421BF70 --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E
 
 # Rawcopy of the FIP binary
 part --source rawcopy --size 2 --sourceparams="file=signed_fip-corstone1000.bin" --align 4 --part-name="FIP_A" --uuid B9C7AC9D-40FF-4675-956B-EEF4DE9DF1C5 --part-type B5EB19BD-CF56-45E8-ABA7-7ADB228FFEA7
@@ -26,8 +26,8 @@
 part --source rawcopy --size 12 --sourceparams="file=Image.gz-initramfs-${MACHINE}.bin" --align 4 --part-name="kernel_primary" --uuid BF7A6142-0662-47FD-9434-6A8811980816 --part-type 8197561D-6124-46FC-921E-141CC5745B05
 
 
-part --source empty --size 100k --offset 16492k --align 4 --part-name="bl2_secondary" --uuid 3F0C49A4-48B7-4D1E-AF59-3E4A3CE1BA9F --part-type 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9
-part --source empty --size 376k --align 4 --part-name="tfm_secondary" --uuid 009A6A12-64A6-4F0F-9882-57CD79A34A3D --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E
+part --source empty --size 100k --offset 16488k --align 4 --part-name="bl2_secondary" --uuid 3F0C49A4-48B7-4D1E-AF59-3E4A3CE1BA9F --part-type 64BD8ADB-02C0-4819-8688-03AB4CAB0ED9
+part --source empty --size 368k --align 4 --part-name="tfm_secondary" --uuid 009A6A12-64A6-4F0F-9882-57CD79A34A3D --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E
 part --source empty --size 2 --align 4 --part-name="FIP_B" --uuid 9424E370-7BC9-43BB-8C23-71EE645E1273 --part-type B5EB19BD-CF56-45E8-ABA7-7ADB228FFEA7
 part --source empty --size 12 --align 4 --part-name="kernel_secondary" --uuid A2698A91-F9B1-4629-9188-94E4520808F8 --part-type 8197561D-6124-46FC-921E-141CC5745B05
 
diff --git a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_13.2.Rel1.bb b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_13.2.Rel1.bb
index 890efa7..6262e76 100644
--- a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_13.2.Rel1.bb
+++ b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_13.2.Rel1.bb
@@ -17,5 +17,5 @@
 
 S = "${WORKDIR}/arm-gnu-toolchain-${PV}-${HOST_ARCH}-${BINNAME}"
 
-UPSTREAM_CHECK_URI = "https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/gnu-a/downloads"
-UPSTREAM_CHECK_REGEX = "gcc-arm-(?P<pver>.+)-${HOST_ARCH}-${BINNAME}\.tar\.\w+"
+UPSTREAM_CHECK_URI = "https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads"
+UPSTREAM_CHECK_REGEX = "arm-gnu-toolchain-(?P<pver>\d+\.\d*\.[A-z]*\d*).*-${HOST_ARCH}-${BINNAME}\.tar\.\w+"
diff --git a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi-11.2_11.2-2022.02.bb b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi-11.2_11.2-2022.02.bb
deleted file mode 100644
index 7fab1e1..0000000
--- a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi-11.2_11.2-2022.02.bb
+++ /dev/null
@@ -1,23 +0,0 @@
-# Copyright (C) 2019 Garmin Ltd. or its subsidiaries
-# Released under the MIT license (see COPYING.MIT for the terms)
-
-require arm-binary-toolchain.inc
-
-COMPATIBLE_HOST = "(x86_64|aarch64).*-linux"
-
-SUMMARY = "Arm GNU Toolchain - AArch32 bare-metal target (arm-none-eabi)"
-LICENSE = "GPL-3.0-with-GCC-exception & GPL-3.0-only"
-
-LIC_FILES_CHKSUM:aarch64 = "file://share/doc/gcc/Copying.html;md5=be4f8b5ff7319cd54f6c52db5d6f36b0"
-LIC_FILES_CHKSUM:x86-64 = "file://share/doc/gcc/Copying.html;md5=1f07179249795891179bb3798bac7887"
-
-BINNAME = "arm-none-eabi"
-
-SRC_URI = "https://developer.arm.com/-/media/Files/downloads/gnu/${PV}/binrel/gcc-arm-${PV}-${HOST_ARCH}-${BINNAME}.tar.xz;name=gcc-${HOST_ARCH}"
-SRC_URI[gcc-aarch64.sha256sum] = "ef1d82e5894e3908cb7ed49c5485b5b95deefa32872f79c2b5f6f5447cabf55f"
-SRC_URI[gcc-x86_64.sha256sum] = "8c5acd5ae567c0100245b0556941c237369f210bceb196edfe5a2e7532c60326"
-
-S = "${WORKDIR}/gcc-arm-${PV}-${HOST_ARCH}-${BINNAME}"
-
-UPSTREAM_CHECK_URI = "https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/downloads"
-UPSTREAM_CHECK_REGEX = "${BPN}-(?P<pver>.+)-${HOST_ARCH}-linux\.tar\.\w+"
diff --git a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_13.2.Rel1.bb b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_13.2.Rel1.bb
index 00390b5..6569911 100644
--- a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_13.2.Rel1.bb
+++ b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_13.2.Rel1.bb
@@ -17,5 +17,5 @@
 
 S = "${WORKDIR}/arm-gnu-toolchain-${PV}-${HOST_ARCH}-${BINNAME}"
 
-UPSTREAM_CHECK_URI = "https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/downloads"
-UPSTREAM_CHECK_REGEX = "${BPN}-(?P<pver>.+)-${HOST_ARCH}-linux\.tar\.\w+"
+UPSTREAM_CHECK_URI = "https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads"
+UPSTREAM_CHECK_REGEX = "arm-gnu-toolchain-(?P<pver>\d+\.\d*\.[A-z]*\d*).*-${HOST_ARCH}-${BINNAME}\.tar\.\w+"
diff --git a/meta-arm/meta-arm/conf/layer.conf b/meta-arm/meta-arm/conf/layer.conf
index af8275a..9e9c9db 100644
--- a/meta-arm/meta-arm/conf/layer.conf
+++ b/meta-arm/meta-arm/conf/layer.conf
@@ -19,3 +19,5 @@
 HOSTTOOLS_NONFATAL += "telnet"
 
 addpylib ${LAYERDIR}/lib oeqa
+
+WARN_QA:append:layer-meta-arm = " patch-status"
diff --git a/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.13.0.bb b/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.14.0.bb
similarity index 93%
rename from meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.13.0.bb
rename to meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.14.0.bb
index 18867b0..c0e40d9 100644
--- a/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.13.0.bb
+++ b/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.14.0.bb
@@ -12,12 +12,13 @@
           "
 
 SRCBRANCH = "main"
-SRCREV  = "cc4c9e017348d92054f74026ee1beb081403c168"
+SRCREV  = "3267f2964114a56faaf46a40704be6ca78240725"
 
 PROVIDES += "virtual/control-processor-firmware"
 
 CMAKE_BUILD_TYPE    ?= "RelWithDebInfo"
 SCP_PLATFORM        ?= "${MACHINE}"
+SCP_PRODUCT_GROUP   ?= "."
 SCP_LOG_LEVEL       ?= "WARN"
 SCP_PLATFORM_FEATURE_SET ?= "0"
 
@@ -30,9 +31,6 @@
 # For now we only build with GCC, so stop meta-clang trying to get involved
 TOOLCHAIN = "gcc"
 
-# remove once arm-none-eabi-gcc updates to 13 or newer like poky
-DEBUG_PREFIX_MAP:remove = "-fcanon-prefix-map"
-
 inherit deploy
 
 B = "${WORKDIR}/build"
@@ -61,7 +59,7 @@
     for FW in ${FW_TARGETS}; do
         for TYPE in ${FW_INSTALL}; do
             bbnote Configuring ${SCP_PLATFORM}/${FW}_${TYPE}...
-            cmake -GNinja ${EXTRA_OECMAKE} -S ${S} -B "${B}/${TYPE}/${FW}" -D SCP_FIRMWARE_SOURCE_DIR:PATH="${SCP_PLATFORM}/${FW}_${TYPE}"
+            cmake -GNinja ${EXTRA_OECMAKE} -S ${S} -B "${B}/${TYPE}/${FW}" -D SCP_FIRMWARE_SOURCE_DIR:PATH="${SCP_PRODUCT_GROUP}/${SCP_PLATFORM}/${FW}_${TYPE}"
         done
     done
 }
diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.0.bb b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.2.bb
similarity index 90%
rename from meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.0.bb
rename to meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.2.bb
index e45ea9c..d0c057a 100644
--- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.0.bb
+++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/fiptool-native_2.10.2.bb
@@ -9,9 +9,9 @@
 SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}"
 LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde"
 
-# Use fiptool from TF-A v2.10.0
-SRCREV = "b6c0948400594e3cc4dbb5a4ef04b815d2675808"
-SRCBRANCH = "master"
+# Use fiptool from TF-A v2.10.2
+SRCREV = "a1be69e6c5db450f841f0edd9d734bf3cffb6621"
+SRCBRANCH = "lts-v2.10"
 
 DEPENDS += "openssl-native"
 
diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.0.bb b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.0.bb
deleted file mode 100644
index 4f01984..0000000
--- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.0.bb
+++ /dev/null
@@ -1,12 +0,0 @@
-require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
-
-# TF-A v2.10.0
-SRCREV_tfa = "b6c0948400594e3cc4dbb5a4ef04b815d2675808"
-
-LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde"
-
-# mbedtls-3.5.1
-SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master"
-SRCREV_mbedtls = "edb8fec9882084344a314368ac7fd957a187519c"
-
-LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d"
diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.2.bb b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.2.bb
new file mode 100644
index 0000000..bf2a8c1
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.10.2.bb
@@ -0,0 +1,13 @@
+require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
+
+# TF-A v2.10.2
+SRCREV_tfa = "a1be69e6c5db450f841f0edd9d734bf3cffb6621"
+SRCBRANCH = "lts-v2.10"
+
+LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde"
+
+# mbedtls-3.4.1
+SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master"
+SRCREV_mbedtls = "72718dd87e087215ce9155a826ee5a66cfbe9631"
+
+LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc
index 1747c65..772366d 100644
--- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc
+++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m.inc
@@ -22,13 +22,13 @@
 
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 
-# At present, TF-M needs GCC >10 but <11.3 so use 11.2:
-# https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/getting_started/tfm_getting_started.rst?h=TF-Mv1.8.0#n214
+# At present, TF-M Select other GNU Arm compiler versions instead of 11.2:
+# https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/docs/getting_started/tfm_getting_started.rst#n214
 #
 # See tools/requirements.txt for Python dependencies
 DEPENDS += "cmake-native \
             ninja-native \
-            gcc-arm-none-eabi-11.2-native \
+            gcc-arm-none-eabi-native \
             python3-cbor2-native \
             python3-click-native \
             python3-cryptography-native \
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202311.bb b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202402.bb
similarity index 92%
rename from meta-arm/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202311.bb
rename to meta-arm/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202402.bb
index 6bd880b..bd84096 100644
--- a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202311.bb
+++ b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-basetools-native_202402.bb
@@ -10,7 +10,7 @@
 SRC_URI = "git://github.com/tianocore/edk2.git;branch=master;protocol=https"
 LIC_FILES_CHKSUM = "file://License.txt;md5=2b415520383f7964e96700ae12b4570a"
 
-SRCREV = "8736b8fdca85e02933cdb0a13309de14c9799ece"
+SRCREV = "edc6681206c1a8791981a2f911d2fb8b3d2f5768"
 
 S = "${WORKDIR}/git"
 
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_202402.bb b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_202402.bb
new file mode 100644
index 0000000..0588531
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware_202402.bb
@@ -0,0 +1,7 @@
+SRCREV_edk2           ?= "edc6681206c1a8791981a2f911d2fb8b3d2f5768"
+SRCREV_edk2-platforms ?= "07842635c80b64c4a979a652104ea1141ba5007a"
+
+# FIXME - clang is having issues with antlr
+TOOLCHAIN:aarch64 = "gcc"
+
+require recipes-bsp/uefi/edk2-firmware.inc
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Fix-for-mismatch-in-function-prototype.patch b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Fix-for-mismatch-in-function-prototype.patch
deleted file mode 100644
index 0babf2f..0000000
--- a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs/0001-Fix-for-mismatch-in-function-prototype.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 42cc39fdea21177e82b6cec138c06726242673f7 Mon Sep 17 00:00:00 2001
-From: Srikar Josyula <srikar.josyula@arm.com>
-Date: Tue, 25 Jul 2023 12:55:04 +0530
-Subject: [PATCH] Fix for mismatch in function prototype
-
- - Mismatch between function prototype and definition
-   causing build failure with GCC 13.1.1
- - Fixed the function prototype for val_get_exerciser_err_info
-
-Signed-off-by: Srikar Josyula <srikar.josyula@arm.com>
-
-Upstream-Status: Backport
-Signed-off-by: Jon Mason <jon.mason@arm.com>
-
----
- val/include/sbsa_avs_exerciser.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/val/include/sbsa_avs_exerciser.h b/val/include/sbsa_avs_exerciser.h
-index 4b2c62b089f5..7c0e3d0fb58f 100644
---- a/val/include/sbsa_avs_exerciser.h
-+++ b/val/include/sbsa_avs_exerciser.h
-@@ -118,7 +118,7 @@ uint32_t val_exerciser_ops(EXERCISER_OPS ops, uint64_t param, uint32_t instance)
- uint32_t val_exerciser_get_data(EXERCISER_DATA_TYPE type, exerciser_data_t *data, uint32_t instance);
- uint32_t val_exerciser_execute_tests(uint32_t level);
- uint32_t val_exerciser_get_bdf(uint32_t instance);
--uint32_t val_get_exerciser_err_info(uint32_t type);
-+uint32_t val_get_exerciser_err_info(EXERCISER_ERROR_CODE type);
- 
- uint32_t e001_entry(void);
- uint32_t e002_entry(void);
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_7.1.2.bb b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_7.1.4.bb
similarity index 69%
rename from meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_7.1.2.bb
rename to meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_7.1.4.bb
index a564e2a..a29c16e 100644
--- a/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_7.1.2.bb
+++ b/meta-arm/meta-arm/recipes-bsp/uefi/sbsa-acs_7.1.4.bb
@@ -1,4 +1,4 @@
-require recipes-bsp/uefi/edk2-firmware_202311.bb
+require recipes-bsp/uefi/edk2-firmware_202402.bb
 PROVIDES:remove = "virtual/bootloader"
 
 LICENSE += "& Apache-2.0"
@@ -8,16 +8,12 @@
             git://github.com/tianocore/edk2-libc;destsuffix=edk2/edk2-libc;protocol=https;branch=master;name=libc \
             file://0001-Patch-in-the-paths-to-the-SBSA-test-suite.patch \
             file://0002-Enforce-using-good-old-BFD-linker.patch \
-            file://0001-Fix-for-mismatch-in-function-prototype.patch;patchdir=ShellPkg/Application/sbsa-acs \
             "
 
+SRCREV_acs = "be169f0008d86341e1e48cb70d524bd1518c3acc"
+SRCREV_libc = "4667a82f0d873221f8b25ea701ce57a29270e4cb"
 
-SRCREV_acs = "23253befbed2aee7304470fd83b78672488a7fc2"
-SRCREV_libc = "d3dea661da9ae4a3421a80905e75a8dc77aa980e"
-
-# GCC12 trips on it
-#see https://src.fedoraproject.org/rpms/edk2/blob/rawhide/f/0032-Basetools-turn-off-gcc12-warning.patch
-BUILD_CFLAGS += "-Wno-error=stringop-overflow"
+UPSTREAM_CHECK_URI = "https://github.com/ARM-software/sbsa-acs/releases"
 
 COMPATIBLE_HOST = "aarch64.*-linux"
 COMPATIBLE_MACHINE = ""
diff --git a/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb b/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb
index 5a6f19d..7ec340c 100644
--- a/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb
+++ b/meta-arm/meta-arm/recipes-devtools/gn/gn_git.bb
@@ -4,6 +4,8 @@
 LICENSE = "BSD-3-Clause"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=0fca02217a5d49a14dfe2d11837bb34d"
 
+UPSTREAM_CHECK_COMMITS = "1"
+
 SRC_URI = "git://gn.googlesource.com/gn;protocol=https;branch=main \
            file://0001-Replace-lstat64-stat64-functions-on-linux.patch"
 SRCREV = "4bd1a77e67958fb7f6739bd4542641646f264e5d"
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/files/aarch64/0001-Revert-arm64-defconfig-Enable-Tegra-MGBE-driver.patch b/meta-arm/meta-arm/recipes-kernel/linux/files/aarch64/0001-Revert-arm64-defconfig-Enable-Tegra-MGBE-driver.patch
deleted file mode 100644
index 995bc2c..0000000
--- a/meta-arm/meta-arm/recipes-kernel/linux/files/aarch64/0001-Revert-arm64-defconfig-Enable-Tegra-MGBE-driver.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 7bc0bae10b0f21cfc8df23848844b66bf1b4d751 Mon Sep 17 00:00:00 2001
-From: Jon Mason <jdmason@kudzu.us>
-Date: Fri, 3 Feb 2023 05:16:43 -0500
-Subject: [PATCH 1/2] Revert "arm64: defconfig: Enable Tegra MGBE driver"
-
-This reverts commit 4cac4de4b05f0a1d5920d12278bf8787011661d3.
-
-Signed-off-by: Jon Mason <jon.mason@arm.com>
-Upstream-Status: Inappropriate
----
- arch/arm64/configs/defconfig | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig
-index 0b6af3348e79..70919b241469 100644
---- a/arch/arm64/configs/defconfig
-+++ b/arch/arm64/configs/defconfig
-@@ -362,7 +362,6 @@ CONFIG_SMSC911X=y
- CONFIG_SNI_AVE=y
- CONFIG_SNI_NETSEC=y
- CONFIG_STMMAC_ETH=m
--CONFIG_DWMAC_TEGRA=m
- CONFIG_TI_K3_AM65_CPSW_NUSS=y
- CONFIG_QCOM_IPA=m
- CONFIG_MESON_GXL_PHY=m
--- 
-2.30.2
-
diff --git a/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb b/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
index df1f3bd..7996e9b 100644
--- a/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
+++ b/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-ftpm_git.bb
@@ -22,9 +22,10 @@
 
 SRC_URI = "gitsm://github.com/Microsoft/ms-tpm-20-ref;branch=main;protocol=https \
            file://0001-add-enum-to-ta-flags.patch"
-
 SRCREV = "d638536d0fe01acd5e39ffa1bd100b3da82d92c7"
 
+UPSTREAM_CHECK_COMMITS = "1"
+
 S = "${WORKDIR}/git"
 
 OPTEE_CLIENT_EXPORT = "${STAGING_DIR_HOST}${prefix}"
diff --git a/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend b/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend
index f1165da..4829bc1 100644
--- a/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend
+++ b/meta-arm/meta-arm/recipes-security/optee-ftpm/optee-os_%.bbappend
@@ -10,6 +10,6 @@
 EXTRA_OEMAKE:append = "\
                        ${@bb.utils.contains('MACHINE_FEATURES', \
                       'optee-ftpm', \
-                      'CFG_EARLY_TA=y EARLY_TA_PATHS="${STAGING_DIR_TARGET}/${nonarch_base_libdir}/optee_armtz/${FTPM_UUID}.stripped.elf"', \
+                      'CFG_EARLY_TA=y EARLY_TA_PATHS="${STAGING_DIR_TARGET}/${base_libdir}/optee_armtz/${FTPM_UUID}.stripped.elf"', \
                       '', \
                       d)} "
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-ts.inc b/meta-arm/meta-arm/recipes-security/optee/optee-os-ts.inc
index 057dde2..ce5b8b8 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-ts.inc
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-ts.inc
@@ -59,4 +59,11 @@
 EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
                                         ' CFG_SPMC_TESTS=y', '' , d)}"
 
+# Block Storage SP
+DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \
+                                        ' ts-sp-block-storage', '' , d)}"
+
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \
+                                        ' ${TS_BIN}/${BLOCK_STORAGE_UUID}.stripped.elf', '', d)}"
+
 EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', ' CFG_MAP_EXT_DT_SECURE=y CFG_SECURE_PARTITION=y SP_PATHS="${SP_PATHS}" ', d)}"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee.inc b/meta-arm/meta-arm/recipes-security/optee/optee.inc
index af391f3..1569a9d 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee.inc
+++ b/meta-arm/meta-arm/recipes-security/optee/optee.inc
@@ -15,6 +15,9 @@
 OPTEE_ARCH:aarch64 = "arm64"
 OPTEE_CORE = "${@d.getVar('OPTEE_ARCH').upper()}"
 
+# FIXME - breaks with Clang 18.  See https://github.com/OP-TEE/optee_os/issues/6754
+TOOLCHAIN = "gcc"
+
 OPTEE_TOOLCHAIN = "${@d.getVar('TOOLCHAIN') or 'gcc'}"
 OPTEE_COMPILER = "${@bb.utils.contains("BBFILE_COLLECTIONS", "clang-layer", "${OPTEE_TOOLCHAIN}", "gcc", d)}"
 
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-block-storage_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-block-storage_git.bb
new file mode 100644
index 0000000..efbaad1
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-block-storage_git.bb
@@ -0,0 +1,13 @@
+# SPDX-FileCopyrightText: <text>Copyright 2023 Arm Limited and/or its
+# affiliates <open-source-office@arm.com></text>
+#
+# SPDX-License-Identifier: MIT
+
+DESCRIPTION = "Trusted Services block storage service provider"
+
+require ts-sp-common.inc
+
+SP_UUID = "${BLOCK_STORAGE_UUID}"
+TS_SP_BLOCK_STORAGE_CONFIG ?= "default"
+
+OECMAKE_SOURCEPATH="${S}/deployments/block-storage/config/${TS_SP_BLOCK_STORAGE_CONFIG}-${TS_ENV}"
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-uuid.inc b/meta-arm/meta-arm/recipes-security/trusted-services/ts-uuid.inc
index c18ec5d..1eb05d8 100644
--- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-uuid.inc
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-uuid.inc
@@ -9,4 +9,5 @@
 STORAGE_UUID     = "751bf801-3dde-4768-a514-0f10aeed1790"
 SPM_TEST1_UUID   = "5c9edbc3-7b3a-4367-9f83-7c191ae86a37"
 SPM_TEST2_UUID   = "7817164c-c40c-4d1a-867a-9bb2278cf41a"
-SPM_TEST3_UUID   = "23eb0100-e32a-4497-9052-2f11e584afa6"
\ No newline at end of file
+SPM_TEST3_UUID   = "23eb0100-e32a-4497-9052-2f11e584afa6"
+BLOCK_STORAGE_UUID = "63646e80-eb52-462f-ac4f-8cdf3987519c"
diff --git a/meta-arm/scripts/machine-summary.py b/meta-arm/scripts/machine-summary.py
index 477bdfc..455a517 100755
--- a/meta-arm/scripts/machine-summary.py
+++ b/meta-arm/scripts/machine-summary.py
@@ -146,9 +146,11 @@
            "edk2-firmware",
            "u-boot",
            "optee-os",
+           "optee-ftpm",
            "hafnium",
            "boot-wrapper-aarch64",
            "gator-daemon",
+           "gn",
            "opencsd",
            "gcc-aarch64-none-elf-native",
            "gcc-arm-none-eabi-native")