subtree updates
meta-arm: 14c7e5b336..3b7347cd67:
Jon Mason (6):
CI: Remove host bitbake variables
arm: add Mickledore to layer compat string
CI: Add packages for opencsd and gator-daemon to base build
CI: add common fvp yml file
arm/opencsd: update to version 1.3.1
arm/gator-daemon: update to v7.8.0
Jose Quaresma (2):
optee-ftpm/optee-os: add missing space in EXTRA_OEMAKE
optee-os-ts: avoid using escape chars in EXTRA_OEMAKE
Mohamed Omar Asaker (4):
Revert "arm-bsp/trusted-firmware-m: corstone1000: secure debug code checkout from yocto"
Revert "arm-bsp/trusted-firmware-m: corstone1000: bump tfm SHA"
arm-bsp/trusted-firmware-m: corstone1000 support FMP image info
arm-bsp/corstone1000: add msd configs for fvp
Ross Burton (5):
arm/hafnium: add missing Upstream-Status
arm-bsp/hafnium: add missing Upstream-Status
arm-bsp/linux-arm64-ack: fix malformed Upstream-Status tag
CI: add documentation job
CI: track meta-openembedded's langdale branch
Rui Miguel Silva (2):
arm/trusted-services: port crypto config
arm-bsp/corstone1000: apply ts patch to psa crypto api test
Satish Kumar (1):
arm-bsp/trusted-service: corstone1000: esrt support
Vishnu Banavath (4):
runfvp: corstone1000: add mmc card configuration
meta-arm-bsp/doc: add readthedocs for corstone1000
arm-bsp/optee: register DRAM1 for N1SDP target
arm-bsp:optee: enable optee test for N1SDP target
meta-raspberrypi: 722c51647c..a305f4804b:
Sung Gon Kim (1):
libcamera: rename bbappend to match any version
meta-openembedded: 8073ec2275..6ebff843cc:
Akash Hadke (1):
audit: Fix compile error for audit_2.8.5
Alex Kiernan (1):
lldpd: Upgrade 1.0.14 -> 1.0.15
Alexander Kanavin (3):
sip3: remove the recipe
python3-wxgtk4: skip the recipe
python3-yappi: mark as incompatible with python 3.11
Bhupesh Sharma (1):
android-tools-conf-configfs: Allow handling two or more UDC controllers
Eero Aaltonen (1):
valijson: use install task from CMakeLists.txt
Etienne Cordonnier (1):
uutils-coreutils: upgrade 0.0.15 -> 0.0.16
Gianfranco Costamagna (2):
vboxguestdrivers: upgrade 6.1.38 -> 7.0.0
vbxguestdrivers: upgrade 7.0.0 -> 7.0.2
Joshua Watt (3):
nginx: Add ipv6 support
iniparser: Add native support
libzip: Add native support
Khem Raj (3):
postfix: Upgrade to 3.7.3
msktutil: Add recipe
protobuf: Enable protoc binary in nativesdk
Leon Anavi (7):
python3-cheetah: Upgrade 3.2.6 -> 3.2.6.post1
python3-dill: Upgrade 0.3.5.1 -> 0.3.6
python3-pythonping: Upgrade 1.1.3 -> 1.1.4
python3-colorama: Upgrade 0.4.5 -> 0.4.6
python3-pint: Upgrade 0.19.2 -> 0.20
python3-traitlets: Upgrade 5.4.0 -> 5.5.0
python3-py-cpuinfo: Upgrade 8.0.0 -> 9.0.0
Markus Volk (4):
perfetto: build libperfetto
libcamera: upgrade -> 0.0.1
gtk-vnc: add recipe
spice-gtk: add recipe
Meier Boas (1):
jwt-cpp: add recipe
Ovidiu Panait (1):
syzkaller: add recipe and selftest for syzkaller fuzzing
Peter Marko (2):
cpputest: remove dev package dependency
cpputest: add possibility to build extensions
Robert Joslyn (1):
fwupd: Fix plugin_gpio PACKAGECONFIG
Sebastian Trahm (1):
Add recipe for python3-pytest-json-report
Tim Orling (5):
libmime-types-perl: upgrade 2.17 -> 2.22
libcompress-raw*-perl: move from libio/compress-*
libio-compress*-perl: cleanup; fixes
libcompress-raw-*-perl: cleanup; fixes
packagegroup-meta-perl: mv libcompress-raw-*-perl
Vincent Davis Jr (2):
libglvnd: add new recipe libglvnd v1.5.0
xf86-video-amdgpu: add new recipe xf86-video-amdgpu
Wang Mingyu (36):
bats: upgrade 1.8.0 -> 1.8.2
ctags: upgrade 5.9.20221009.0 -> 5.9.20221016.0
fvwm: upgrade 2.6.9 -> 2.7.0
makedumpfile: upgrade 1.7.1 -> 1.7.2
sanlock: upgrade 3.8.4 -> 3.8.5
python3-astroid: upgrade 2.12.11 -> 2.12.12
python3-charset-normalizer: upgrade 2.1.1 -> 3.0.0
python3-google-api-python-client: upgrade 2.64.0 -> 2.65.0
python3-google-auth: upgrade 2.12.0 -> 2.13.0
python3-grpcio-tools: upgrade 1.49.1 -> 1.50.0
python3-grpcio: upgrade 1.49.1 -> 1.50.0
python3-huey: upgrade 2.4.3 -> 2.4.4
python3-incremental: upgrade 21.3.0 -> 22.10.0
python3-luma-core: upgrade 2.3.1 -> 2.4.0
python3-oauthlib: upgrade 3.2.1 -> 3.2.2
python3-pandas: upgrade 1.5.0 -> 1.5.1
python3-pastedeploy: upgrade 2.1.1 -> 3.0.1
python3-pika: upgrade 1.3.0 -> 1.3.1
python3-portalocker: upgrade 2.5.1 -> 2.6.0
python3-protobuf: upgrade 4.21.7 -> 4.21.8
python3-pyjwt: upgrade 2.5.0 -> 2.6.0
python3-pymongo: upgrade 4.2.0 -> 4.3.2
python3-pywbemtools: upgrade 1.0.0 -> 1.0.1
python3-robotframework: upgrade 5.0.1 -> 6.0
python3-socketio: upgrade 5.7.1 -> 5.7.2
python3-sqlalchemy: upgrade 1.4.41 -> 1.4.42
tracker-miners: upgrade 3.2.1 -> 3.4.1
tracker: upgrade 3.4.0 -> 3.4.1
wolfssl: upgrade 5.5.1 -> 5.5.2
cglm: upgrade 0.8.5 -> 0.8.7
ctags: upgrade 5.9.20221016.0 -> 5.9.20221023.0
flatbuffers: upgrade 22.9.29 -> 22.10.26
function2: upgrade 4.2.1 -> 4.2.2
poco: upgrade 1.12.2 -> 1.12.3
thingsboard-gateway: upgrade 3.1 -> 3.2
grpc: upgrade 1.50.0 -> 1.50.1
Xiangyu Chen (1):
ipmitool: fix typo in .bb file's comments, using = instead of =?
Zheng Qiu (1):
jq: improve ptest and disable valgrind by default
zhengruoqin (5):
tcpslice: upgrade 1.5 -> 1.6
tio: upgrade 2.1 -> 2.2
python3-stevedore: upgrade 4.0.1 -> 4.1.0
python3-xxhash: upgrade 3.0.0 -> 3.1.0
python3-zeroconf: upgrade 0.39.1 -> 0.39.2
meta-security: e8e7318189..2aa48e6f4e:
Armin Kuster (1):
kas-security-base.yml: make work again
Gowtham Suresh Kumar (1):
Update PARSEC recipe to latest v1.1.0 release
Michael Haener (1):
tpm2-openssl: update to 1.1.1
poky: 95c802b0be..482c493cf6:
Adrian Freihofer (3):
own-mirrors: add crate
buildconf: compare abspath
ref-manual: add wic command bootloader ptable option
Ahmad Fatoum (2):
kernel-fitimage: mangle slashes to underscores as late as possible
kernel-fitimage: skip FDT section creation for applicable symlinks
Alex Kiernan (4):
u-boot: Remove duplicate inherit of cml1
u-boot: Add savedefconfig task
rust: update 1.63.0 -> 1.64.0
cargo_common.bbclass: Fix typos
Alexander Kanavin (40):
rust-target-config: match riscv target names with what rust expects
rust: install rustfmt for riscv32 as well
unfs3: correct upstream version check
gnu-config: update to latest revision
llvm: update 14.0.6 -> 15.0.1
grep: update 3.7 -> 3.8
hdparm: update 9.64 -> 9.65
stress-ng: update 0.14.03 -> 0.14.06
vulkan: update 1.3.216.0 -> 1.3.224.1
wayland-utils: update 1.0.0 -> 1.1.0
libxft: update 2.3.4 -> 2.3.6
pinentry: update 1.2.0 -> 1.2.1
ovmf: upgrade edk2-stable202205 -> edk2-stable202208
cmake: update 3.24.0 -> 3.24.2
jquery: upgrade 3.6.0 -> 3.6.1
python3-dbus: upgrade 1.2.18 -> 1.3.2
python3-hatch-fancy-pypi-readme: add a recipe
python3-jsonschema: upgrade 4.9.1 -> 4.16.0
shadow: update 4.12.1 -> 4.12.3
lttng-modules: upgrade 2.13.4 -> 2.13.5
libsoup: upgrade 3.0.7 -> 3.2.0
libxslt: upgrade 1.1.35 -> 1.1.37
quilt: backport a patch to address grep 3.8 failures
python3: update 3.10.6 -> 3.11.0
cargo-update-recipe-crates.bbclass: add a class to generate SRC_URI crate lists from Cargo.lock
python3-bcrypt: convert to use cargo-update-recipe-crates class.
python3-cryptography: convert to cargo-update-recipe-crates class
groff: submit patches upstream
tcl: correct patch status
tcl: correct upstream version check
lttng-tools: submit determinism.patch upstream
cmake: drop qt4 patches
kea: submit patch upstream
argp-standalone: replace with a maintained fork
ovmf: correct patches status
go: submit patch upstream
libffi: submit patch upstream
go: update 1.19 -> 1.19.2
rust-common.bbclass: use built-in rust targets for -native builds
rust: submit a rewritten version of crossbeam_atomic.patch upstream
Andrew Geissler (1):
go: add support to build on ppc64le
Bartosz Golaszewski (1):
bluez5: add dbus to RDEPENDS
Bernhard Rosenkränzer (1):
cmake-native: Fix host tool contamination
Bruce Ashfield (3):
kern-tools: fix relative path processing
linux-yocto/5.19: update to v5.19.14
linux-yocto/5.15: update to v5.15.72
Changhyeok Bae (2):
ethtool: upgrade 5.19 -> 6.0
iproute2: upgrade 5.19.0 -> 6.0.0
Chen Qi (1):
openssl: export necessary env vars in SDK
Christian Eggers (1):
linux-firmware: split rtl8761 firmware
Claus Stovgaard (1):
gstreamer1.0-libav: fix errors with ffmpeg 5.x
Ed Tanous (1):
openssl: Upgrade 3.0.5 -> 3.0.7
Etienne Cordonnier (1):
mirrors.bbclass: use shallow tarball for binutils-native
Fabio Estevam (1):
go-mod.bbclass: Remove repeated word
Frank de Brabander (1):
cve-update-db-native: add timeout to urlopen() calls
Hitendra Prajapati (1):
openssl: CVE-2022-3358 Using a Custom Cipher with NID_undef may lead to NULL encryption
Jan-Simon Moeller (1):
buildtools-tarball: export certificates to python and curl
Jeremy Puhlman (1):
qemu-native: Add PACKAGECONFIG option for jack
Johan Korsnes (1):
bitbake: bitbake: user-manual: inform about spaces in :remove
Jon Mason (2):
linux-yocto: add efi entry for machine features
linux-yocto-dev: add qemuarmv5
Jose Quaresma (3):
kernel-yocto: improve fatal error messages of symbol_why.py
oeqa/selftest/archiver: Add multiconfig test for shared recipes
archiver: avoid using machine variable as it breaks multiconfig
Joshua Watt (3):
runqemu: Fix gl-es argument from causing other arguments to be ignored
qemu-helper-native: Re-write bridge helper as C program
runqemu: Do not perturb script environment
Justin Bronder (1):
bitbake: asyncrpc: serv: correct closed client socket detection
Kai Kang (1):
mesa: only apply patch to fix ALWAYS_INLINE for native
Keiya Nobuta (2):
gnutls: Unified package names to lower-case
create-spdx: Remove ";name=..." for downloadLocation
Khem Raj (3):
perf: Depend on native setuptools3
musl: Upgrade to latest master
mesa: Add native patch via a variable
Lee Chee Yang (2):
migration-guides/release-notes-4.1.rst: update Repositories / Downloads
migration-guides/release-notes-4.1.rst: update Repositories / Downloads
Leon Anavi (1):
python3-manifest.json: Move urllib to netclient
Liam Beguin (1):
meson: make wrapper options sub-command specific
Luca Boccassi (1):
systemd: add systemd-creds and systemd-cryptenroll to systemd-extra-utils
Marek Vasut (1):
bluez5: Point hciattach bcm43xx firmware search path to /lib/firmware
Mark Asselstine (2):
bitbake: tests: bb.tests.fetch.URLHandle: add 2 new tests
bitbake: bitbake: bitbake-layers: checkout layer(s) branch when clone exists
Mark Hatle (2):
insane.bbclass: Allow hashlib version that only accepts on parameter
bitbake: utils/ply: Update md5 to better report errors with hashlib
Markus Volk (2):
wayland-protocols: upgrade 1.26 -> 1.27
mesa: update 22.2.0 -> 22.2.2
Martin Jansa (3):
vulkan-samples: add lfs=0 to SRC_URI to avoid git smudge errors in do_unpack
externalsrc.bbclass: fix git repo detection
cargo-update-recipe-crates: small improvements
Maxim Uvarov (2):
wic: add UEFI kernel as UEFI stub
wic: bootimg-efi: implement --include-path
Michael Opdenacker (11):
manuals: updates for building on Windows (WSL 2)
ref-manual: classes.rst: add links to all references to a class
poky.conf: remove Ubuntu 21.10
bitbake: doc: bitbake-user-manual: expand description of BB_PRESSURE_MAX variables
bitbake: bitbake-user-manual: details about variable flags starting with underscore
Documentation/README: formalize guidelines for external link syntax
manuals: replace "_" by "__" in external links
manuals: stop referring to the meta-openembedded repo from GitHub
manuals: add missing references to SDKMACHINE and SDK_ARCH
manuals: use references to the "Build Directory" term
create-spdx.bbclass: remove unused SPDX_INCLUDE_PACKAGED
Mikko Rapeli (6):
os-release: replace DISTRO_CODENAME with VERSION_CODENAME
os-release: add HOMEPAGE and link to documentation
ref-manual: variables.rst: add documentation for CVE_VERSION
ref-manual: classes.rst: improve documentation for cve-check.bbclass
dev-manual: common-tasks.rst: add regular updates and CVE scans to security best practices
dev-manual: common-tasks.rst: refactor and improve "Checking for Vulnerabilities" section
Ming Liu (1):
dropbear: add pam to PACKAGECONFIG
Mingli Yu (1):
grub: disable build on armv7ve/a with hardfp
Oliver Lang (2):
bitbake: cooker: fix a typo
bitbake: runqueue: fix a typo
Pablo Saavedra Rodi?o (1):
weston: update 10.0.2 -> 11.0.0
Paul Eggleton (2):
install-buildtools: support buildtools-make-tarball and update to 4.1
ref-manual: add info on buildtools-make-tarball
Peter Bergin (1):
gptfdisk: remove warning message from target system
Peter Kjellerstedt (3):
gcc: Allow -Wno-error=poison-system-directories to take effect
base-passwd: Update to 3.6.1
externalsrc.bbclass: Remove a trailing slash from ${B}
Qiu, Zheng (2):
tiff: fix a typo for CVE-2022-2953.patch
valgrind: update to 3.20.0
Quentin Schulz (1):
docs: add support for langdale (4.1) release
Richard Purdie (4):
openssl: Fix SSL_CERT_FILE to match ca-certs location
bitbake: tests/fetch: Allow handling of a file:// url within a submodule
patchelf: upgrade 0.15.0 -> 0.16.1
lttng-modules: upgrade 2.13.5 -> 2.13.7
Robert Joslyn (1):
curl: Update 7.85.0 to 7.86.0
Ross Burton (26):
populate_sdk_base: ensure ptest-pkgs pulls in ptest-runner
scripts/oe-check-sstate: cleanup
scripts/oe-check-sstate: force build to run for all targets, specifically populate_sysroot
externalsrc: move back to classes
opkg-utils: use a git clone, not a dynamic snapshot
oe/packagemanager/rpm: don't leak file objects
zlib: use .gz archive and set a PREMIRROR
glib-2.0: fix rare GFileInfo test case failure
lighttpd: fix CVE-2022-41556
acpid: upgrade 2.0.33 -> 2.0.34
python3-hatchling: upgrade 1.9.0 -> 1.10.0
pango: upgrade 1.50.9 -> 1.50.10
piglit: upgrade to latest revision
lsof: upgrade 4.95.0 -> 4.96.3
zlib: do out-of-tree builds
zlib: upgrade 1.2.12 -> 1.2.13
libx11: apply the fix for CVE-2022-3554
xserver-xorg: ignore CVE-2022-3553 as it is XQuartz-specific
xserver-xorg: backport fixes for CVE-2022-3550 and CVE-2022-3551
tiff: fix a number of CVEs
qemu: backport the fix for CVE-2022-3165
bitbake: fetch2/git: don't set core.fsyncobjectfiles=0
sanity: check for GNU tar specifically
expat: upgrade to 2.5.0
oeqa/target/ssh: add ignore_status argument to run()
oeqa/runtime/dnf: rewrite test_dnf_installroot_usrmerge
Sakib Sajal (1):
go: update 1.19.2 -> 1.19.3
Sean Anderson (6):
uboot-sign: Fix using wrong KEY_REQ_ARGS
kernel: Clear SYSROOT_DIRS instead of replacing sysroot_stage_all
kernel-fitimage: Use KERNEL_OUTPUT_DIR where appropriate
uboot-sign: Use bitbake variables directly
uboot-sign: Split off kernel-fitimage variables
u-boot: Rework signing to remove interdependencies
Sergei Zhmylev (2):
wic: implement binary repeatable disk identifiers
wic: honor the SOURCE_DATE_EPOCH in case of updated fstab
Teoh Jay Shen (1):
vim: Upgrade 9.0.0598 -> 9.0.0614
Thomas Perrot (2):
psplash: add psplash-default in rdepends
xserver-xorg: move some recommended dependencies in required
Tim Orling (23):
python3-cryptography: upgrade 37.0.4 -> 38.0.1
python3-cryptography-vectors: upgrade 37.0.4 -> 38.0.1
python3-certifi: upgrade 2022.9.14 -> 2022.9.24
python3-hypothesis: upgrade 6.54.5 -> 6.56.1
python3-pyopenssl: upgrade 22.0.0 -> 22.1.0
python3-bcrypt: upgrade 3.2.2 -> 4.0.0
python3-sphinx: upgrade 5.1.1 -> 5.2.3
python3-setuptools-rust: upgrade 1.5.1 -> 1.5.2
python3-iso8601: upgrade 1.0.2 -> 1.1.0
python3-poetry-core: upgrade 1.0.8 -> 1.3.2
git: upgrade 2.37.3 -> 2.38.1
vim: upgrade 9.0.0614 -> 9.0.0820
python3-mako: upgrade 1.2.2 -> 1.2.3
python3-bcrypt: upgrade 4.0.0 -> 4.0.1
python3-cryptography{-vectors}: 38.0.1 -> 38.0.3
python3-psutil: upgrade 5.9.2 -> 5.9.3
python3-pytest: upgrade 7.1.3 -> 7.2.0
python3-pytest-subtests: upgrade 0.8.0 -> 0.9.0
python3-hypothesis: upgrade 6.56.1 -> 6.56.4
python3-more-itertools: upgrade 8.14.0 -> 9.0.0
python3-pytz: upgrade 2022.4 -> 2022.6
python3-zipp: upgrade 3.9.0 -> 3.10.0
python3-sphinx: upgrade 5.2.3 -> 5.3.0
Vincent Davis Jr (1):
linux-firmware: package amdgpu firmware
Vyacheslav Yurkov (1):
overlayfs: Allow not used mount points
Xiangyu Chen (1):
linux-yocto-dev: add qemuarm64
Yan Xinkuan (1):
bc: Add ptest.
ciarancourtney (1):
wic: swap partitions are not added to fstab
wangmy (32):
init-system-helpers: upgrade 1.64 -> 1.65.2
meson: upgrade 0.63.2 -> 0.63.3
mtools: upgrade 4.0.40 -> 4.0.41
dbus: upgrade 1.14.0 -> 1.14.4
ifupdown: upgrade 0.8.37 -> 0.8.39
openssh: upgrade 9.0p1 -> 9.1p1
python3-hatchling: upgrade 1.10.0 -> 1.11.0
u-boot: upgrade 2022.07 -> 2022.10
python3-git: upgrade 3.1.27 -> 3.1.28
python3-importlib-metadata: upgrade 4.12.0 -> 5.0.0
gnutls: upgrade 3.7.7 -> 3.7.8
gsettings-desktop-schemas: upgrade 42.0 -> 43.0
harfbuzz: upgrade 5.1.0 -> 5.3.0
libcap: upgrade 2.65 -> 2.66
libical: upgrade 3.0.14 -> 3.0.15
libva: upgrade 2.15.0 -> 2.16.0
libva-utils: upgrade 2.15.0 -> 2.16.0
powertop: upgrade 2.14 -> 2.15
numactl: upgrade 2.0.15 -> 2.0.16
python3-pytz: upgrade 2022.2.1 -> 2022.4
python3-zipp: upgrade 3.8.1 -> 3.9.0
repo: upgrade 2.29.2 -> 2.29.3
sqlite3: upgrade 3.39.3 -> 3.39.4
wpebackend-fdo: upgrade 1.12.1 -> 1.14.0
xkeyboard-config: upgrade 2.36 -> 2.37
xz: upgrade 5.2.6 -> 5.2.7
libksba: upgrade 1.6.0 -> 1.6.2
libsdl2: upgrade 2.24.0 -> 2.24.1
libwpe: upgrade 1.12.3 -> 1.14.0
lttng-ust: upgrade 2.13.4 -> 2.13.5
btrfs-tools: upgrade 5.19.1 -> 6.0
lighttpd: upgrade 1.4.66 -> 1.4.67
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I3322dd0057da9f05bb2ba216fdcda3f569c0493b
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
index 0fdb254..9ab1157 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
@@ -1,9 +1,11 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
+
From a1da63a8c4d55d52321608a72129af49e0a498b2 Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Mon, 14 Feb 2022 08:22:25 +0000
Subject: [PATCH 18/19] Fixes in AEAD for psa-arch test 54 and 58.
-Upstream-Status: Pending
Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch
new file mode 100644
index 0000000..79429c7
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch
@@ -0,0 +1,417 @@
+From 6430bf31a25a1ef67e9141f85dbd070feb0d1a1e Mon Sep 17 00:00:00 2001
+From: Satish Kumar <satish.kumar01@arm.com>
+Date: Fri, 8 Jul 2022 09:48:06 +0100
+Subject: [PATCH] FMP Support in Corstone1000.
+
+The FMP support is used by u-boot to pupolate ESRT information
+for the kernel.
+
+The solution is platform specific and needs to be revisted.
+
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+
+Upstream-Status: Inappropriate [The solution is platform specific and needs to be revisted]
+---
+ .../provider/capsule_update_provider.c | 5 +
+ .../capsule_update/provider/component.cmake | 1 +
+ .../provider/corstone1000_fmp_service.c | 307 ++++++++++++++++++
+ .../provider/corstone1000_fmp_service.h | 26 ++
+ 4 files changed, 339 insertions(+)
+ create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.c
+ create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.h
+
+diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
+index 9bbd7abc..871d6bcf 100644
+--- a/components/service/capsule_update/provider/capsule_update_provider.c
++++ b/components/service/capsule_update/provider/capsule_update_provider.c
+@@ -11,6 +11,7 @@
+ #include <protocols/service/capsule_update/capsule_update_proto.h>
+ #include <protocols/rpc/common/packed-c/status.h>
+ #include "capsule_update_provider.h"
++#include "corstone1000_fmp_service.h"
+
+
+ #define CAPSULE_UPDATE_REQUEST (0x1)
+@@ -47,6 +48,8 @@ struct rpc_interface *capsule_update_provider_init(
+ rpc_interface = service_provider_get_rpc_interface(&context->base_provider);
+ }
+
++ provision_fmp_variables_metadata(context->client.caller);
++
+ return rpc_interface;
+ }
+
+@@ -85,6 +88,7 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
+ }
+ psa_call(caller,handle, PSA_IPC_CALL,
+ in_vec,IOVEC_LEN(in_vec), NULL, 0);
++ set_fmp_image_info(caller, handle);
+ break;
+
+ case KERNEL_STARTED_EVENT:
+@@ -99,6 +103,7 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
+ }
+ psa_call(caller,handle, PSA_IPC_CALL,
+ in_vec,IOVEC_LEN(in_vec), NULL, 0);
++ set_fmp_image_info(caller, handle);
+ break;
+ default:
+ EMSG("%s unsupported opcode", __func__);
+diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake
+index 1d412eb2..6b060149 100644
+--- a/components/service/capsule_update/provider/component.cmake
++++ b/components/service/capsule_update/provider/component.cmake
+@@ -10,4 +10,5 @@ endif()
+
+ target_sources(${TGT} PRIVATE
+ "${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c"
++ "${CMAKE_CURRENT_LIST_DIR}/corstone1000_fmp_service.c"
+ )
+diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
+new file mode 100644
+index 00000000..6a7a47a7
+--- /dev/null
++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
+@@ -0,0 +1,307 @@
++/*
++ * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#include "corstone1000_fmp_service.h"
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <psa/storage_common.h>
++#include <trace.h>
++
++#include <service/smm_variable/backend/variable_index.h>
++
++#define VARIABLE_INDEX_STORAGE_UID (0x787)
++
++/**
++ * Variable attributes
++ */
++#define EFI_VARIABLE_NON_VOLATILE (0x00000001)
++#define EFI_VARIABLE_BOOTSERVICE_ACCESS (0x00000002)
++#define EFI_VARIABLE_RUNTIME_ACCESS (0x00000004)
++#define EFI_VARIABLE_HARDWARE_ERROR_RECORD (0x00000008)
++#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS (0x00000010)
++#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS (0x00000020)
++#define EFI_VARIABLE_APPEND_WRITE (0x00000040)
++#define EFI_VARIABLE_MASK \
++ (EFI_VARIABLE_NON_VOLATILE | \
++ EFI_VARIABLE_BOOTSERVICE_ACCESS | \
++ EFI_VARIABLE_RUNTIME_ACCESS | \
++ EFI_VARIABLE_HARDWARE_ERROR_RECORD | \
++ EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \
++ EFI_VARIABLE_APPEND_WRITE)
++
++#define FMP_VARIABLES_COUNT 6
++
++static struct variable_metadata fmp_variables_metadata[FMP_VARIABLES_COUNT] = {
++ {
++ { 0x86c77a67, 0x0b97, 0x4633, \
++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
++ /* name size = (variable_name + \0) * sizeof(u16) */
++ .name_size = 42, { 'F', 'm', 'p', 'D', 'e', 's', 'c', 'r', 'i', 'p', 't', 'o', 'r', 'V', 'e', 'r', 's', 'i', 'o', 'n' },
++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
++ },
++ {
++ { 0x86c77a67, 0x0b97, 0x4633, \
++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
++ /* name size = (variable_name + \0) * sizeof(u16) */
++ .name_size = 34, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'I', 'n', 'f', 'o', 'S', 'i', 'z', 'e' },
++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
++ },
++ {
++ { 0x86c77a67, 0x0b97, 0x4633, \
++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
++ /* name size = (variable_name + \0) * sizeof(u16) */
++ .name_size = 38, { 'F', 'm', 'p', 'D', 'e', 's', 'c', 'r', 'i', 'p', 't', 'o', 'r', 'C', 'o', 'u', 'n', 't' },
++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
++ },
++ {
++ { 0x86c77a67, 0x0b97, 0x4633, \
++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
++ /* name size = (variable_name + \0) * sizeof(u16) */
++ .name_size = 26, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'I', 'n', 'f', 'o' },
++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
++ },
++ {
++ { 0x86c77a67, 0x0b97, 0x4633, \
++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
++ /* name size = (variable_name + \0) * sizeof(u16) */
++ .name_size = 28, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'N', 'a', 'm', 'e', '1' },
++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
++ },
++ {
++ { 0x86c77a67, 0x0b97, 0x4633, \
++ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
++ /* name size = (variable_name + \0) * sizeof(u16) */
++ .name_size = 32, { 'F', 'm', 'p', 'V', 'e', 'r', 's', 'i', 'o', 'n', 'N', 'a', 'm', 'e', '1' },
++ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
++ },
++};
++
++static psa_status_t protected_storage_set(struct rpc_caller *caller,
++ psa_storage_uid_t uid, size_t data_length, const void *p_data)
++{
++ psa_status_t psa_status;
++ psa_storage_create_flags_t create_flags = PSA_STORAGE_FLAG_NONE;
++
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
++ { .base = psa_ptr_const_to_u32(p_data), .len = data_length },
++ { .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) },
++ };
++
++ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_ITS_SET,
++ in_vec, IOVEC_LEN(in_vec), NULL, 0);
++ if (psa_status < 0)
++ EMSG("ipc_set: psa_call failed: %d", psa_status);
++
++ return psa_status;
++}
++
++static psa_status_t protected_storage_get(struct rpc_caller *caller,
++ psa_storage_uid_t uid, size_t data_size, void *p_data)
++{
++ psa_status_t psa_status;
++ uint32_t offset = 0;
++
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
++ { .base = psa_ptr_to_u32(&offset), .len = sizeof(offset) },
++ };
++
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(p_data), .len = data_size },
++ };
++
++ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
++ TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec),
++ out_vec, IOVEC_LEN(out_vec));
++
++ if (psa_status == PSA_SUCCESS && out_vec[0].len != data_size) {
++ EMSG("Return size does not match with expected size.");
++ return PSA_ERROR_BUFFER_TOO_SMALL;
++ }
++
++ return psa_status;
++}
++
++static uint64_t name_hash(EFI_GUID *guid, size_t name_size,
++ const int16_t *name)
++{
++ /* Using djb2 hash by Dan Bernstein */
++ uint64_t hash = 5381;
++
++ /* Calculate hash over GUID */
++ hash = ((hash << 5) + hash) + guid->Data1;
++ hash = ((hash << 5) + hash) + guid->Data2;
++ hash = ((hash << 5) + hash) + guid->Data3;
++
++ for (int i = 0; i < 8; ++i) {
++
++ hash = ((hash << 5) + hash) + guid->Data4[i];
++ }
++
++ /* Extend to cover name up to but not including null terminator */
++ for (int i = 0; i < name_size / sizeof(int16_t); ++i) {
++
++ if (!name[i]) break;
++ hash = ((hash << 5) + hash) + name[i];
++ }
++
++ return hash;
++}
++
++
++static void initialize_metadata(void)
++{
++ for (int i = 0; i < FMP_VARIABLES_COUNT; i++) {
++
++ fmp_variables_metadata[i].uid = name_hash(
++ &fmp_variables_metadata[i].guid,
++ fmp_variables_metadata[i].name_size,
++ fmp_variables_metadata[i].name);
++ }
++}
++
++
++void provision_fmp_variables_metadata(struct rpc_caller *caller)
++{
++ struct variable_metadata metadata;
++ psa_status_t status;
++ uint32_t dummy_values = 0xDEAD;
++
++ EMSG("Provisioning FMP metadata.");
++
++ initialize_metadata();
++
++ status = protected_storage_get(caller, VARIABLE_INDEX_STORAGE_UID,
++ sizeof(struct variable_metadata), &metadata);
++
++ if (status == PSA_SUCCESS) {
++ EMSG("UEFI variables store is already provisioned.");
++ return;
++ }
++
++ /* Provision FMP variables with dummy values. */
++ for (int i = 0; i < FMP_VARIABLES_COUNT; i++) {
++ protected_storage_set(caller, fmp_variables_metadata[i].uid,
++ sizeof(dummy_values), &dummy_values);
++ }
++
++ status = protected_storage_set(caller, VARIABLE_INDEX_STORAGE_UID,
++ sizeof(struct variable_metadata) * FMP_VARIABLES_COUNT,
++ fmp_variables_metadata);
++
++ if (status != EFI_SUCCESS) {
++ return;
++ }
++
++ EMSG("FMP metadata is provisioned");
++}
++
++typedef struct {
++ void *base;
++ int len;
++} variable_data_t;
++
++static variable_data_t fmp_variables_data[FMP_VARIABLES_COUNT];
++
++#define IMAGE_INFO_BUFFER_SIZE 256
++static char image_info_buffer[IMAGE_INFO_BUFFER_SIZE];
++#define IOCTL_CORSTONE1000_FMP_IMAGE_INFO 2
++
++static psa_status_t unpack_image_info(void *buffer, uint32_t size)
++{
++ typedef struct __attribute__ ((__packed__)) {
++ uint32_t variable_count;
++ uint32_t variable_size[FMP_VARIABLES_COUNT];
++ uint8_t variable[];
++ } packed_buffer_t;
++
++ packed_buffer_t *packed_buffer = buffer;
++ int runner = 0;
++
++ if (packed_buffer->variable_count != FMP_VARIABLES_COUNT) {
++ EMSG("Expected fmp varaibles = %u, but received = %u",
++ FMP_VARIABLES_COUNT, packed_buffer->variable_count);
++ return PSA_ERROR_PROGRAMMER_ERROR;
++ }
++
++ for (int i = 0; i < packed_buffer->variable_count; i++) {
++ EMSG("FMP variable %d : size %u", i, packed_buffer->variable_size[i]);
++ fmp_variables_data[i].base = &packed_buffer->variable[runner];
++ fmp_variables_data[i].len= packed_buffer->variable_size[i];
++ runner += packed_buffer->variable_size[i];
++ }
++
++ return PSA_SUCCESS;
++}
++
++static psa_status_t get_image_info(struct rpc_caller *caller,
++ psa_handle_t platform_service_handle)
++{
++ psa_status_t status;
++ psa_handle_t handle;
++ uint32_t ioctl_id = IOCTL_CORSTONE1000_FMP_IMAGE_INFO;
++
++ struct psa_invec in_vec[] = {
++ { .base = &ioctl_id, .len = sizeof(ioctl_id) },
++ };
++
++ struct psa_outvec out_vec[] = {
++ { .base = image_info_buffer, .len = IMAGE_INFO_BUFFER_SIZE },
++ };
++
++ memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE);
++
++ psa_call(caller, platform_service_handle, PSA_IPC_CALL,
++ in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE);
++ if (status != PSA_SUCCESS) {
++ return status;
++ }
++
++ return PSA_SUCCESS;
++}
++
++static psa_status_t set_image_info(struct rpc_caller *caller)
++{
++ psa_status_t status;
++
++ for (int i = 0; i < FMP_VARIABLES_COUNT; i++) {
++
++ status = protected_storage_set(caller,
++ fmp_variables_metadata[i].uid,
++ fmp_variables_data[i].len, fmp_variables_data[i].base);
++
++ if (status != PSA_SUCCESS) {
++
++ EMSG("FMP variable %d set unsuccessful", i);
++ return status;
++ }
++
++ EMSG("FMP variable %d set success", i);
++ }
++
++ return PSA_SUCCESS;
++}
++
++void set_fmp_image_info(struct rpc_caller *caller,
++ psa_handle_t platform_service_handle)
++{
++ psa_status_t status;
++
++ status = get_image_info(caller, platform_service_handle);
++ if (status != PSA_SUCCESS) {
++ return;
++ }
++
++ status = set_image_info(caller);
++ if (status != PSA_SUCCESS) {
++ return;
++ }
++
++ return;
++}
+diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h
+new file mode 100644
+index 00000000..95fba2a0
+--- /dev/null
++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h
+@@ -0,0 +1,26 @@
++/*
++ * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef CORSTONE1000_FMP_SERVICE_H
++#define CORSTONE1000_FMP_SERVICE_H
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++#include <rpc_caller.h>
++#include <psa/client.h>
++
++void provision_fmp_variables_metadata(struct rpc_caller *caller);
++
++void set_fmp_image_info(struct rpc_caller *caller,
++ psa_handle_t platform_service_handle);
++
++#ifdef __cplusplus
++} /* extern "C" */
++#endif
++
++#endif /* CORSTONE1000_FMP_SERVICE_H */
+--
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch
new file mode 100644
index 0000000..c728956
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch
@@ -0,0 +1,230 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
+
+From c1bcab09bb5b73e0f7131d9433f5e23c3943f007 Mon Sep 17 00:00:00 2001
+From: Satish Kumar <satish.kumar01@arm.com>
+Date: Sat, 11 Dec 2021 11:06:57 +0000
+Subject: [PATCH] corstone1000: port crypto config
+
+
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+
+%% original patch: 0002-corstone1000-port-crypto-config.patch
+
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ .../nspe/pal_crypto_config.h | 81 +++++++++++++++----
+ 1 file changed, 65 insertions(+), 16 deletions(-)
+
+diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
+index 218a94c69502..c6d4aadd8476 100755
+--- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
++++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
+@@ -34,10 +34,14 @@
+ *
+ * Comment macros to disable the types
+ */
++#ifndef TF_M_PROFILE_SMALL
++#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_RSA
+ #define ARCH_TEST_RSA_1024
+ #define ARCH_TEST_RSA_2048
+ #define ARCH_TEST_RSA_3072
++#endif
++#endif
+
+ /**
+ * \def ARCH_TEST_ECC
+@@ -50,11 +54,17 @@
+ * Requires: ARCH_TEST_ECC
+ * Comment macros to disable the curve
+ */
++#ifndef TF_M_PROFILE_SMALL
+ #define ARCH_TEST_ECC
+ #define ARCH_TEST_ECC_CURVE_SECP192R1
++#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_ECC_CURVE_SECP224R1
++#endif
+ #define ARCH_TEST_ECC_CURVE_SECP256R1
++#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_ECC_CURVE_SECP384R1
++#endif
++#endif
+
+ /**
+ * \def ARCH_TEST_AES
+@@ -78,10 +88,10 @@
+ *
+ * Comment macros to disable the types
+ */
+-#define ARCH_TEST_DES
+-#define ARCH_TEST_DES_1KEY
+-#define ARCH_TEST_DES_2KEY
+-#define ARCH_TEST_DES_3KEY
++//#define ARCH_TEST_DES
++//#define ARCH_TEST_DES_1KEY
++//#define ARCH_TEST_DES_2KEY
++//#define ARCH_TEST_DES_3KEY
+
+ /**
+ * \def ARCH_TEST_RAW
+@@ -104,7 +114,7 @@
+ *
+ * Enable the ARC4 key type.
+ */
+-#define ARCH_TEST_ARC4
++//#define ARCH_TEST_ARC4
+
+ /**
+ * \def ARCH_TEST_CIPHER_MODE_CTR
+@@ -113,7 +123,11 @@
+ *
+ * Requires: ARCH_TEST_CIPHER
+ */
++#ifndef TF_M_PROFILE_SMALL
++#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_CIPHER_MODE_CTR
++#endif
++#endif
+
+ /**
+ * \def ARCH_TEST_CIPHER_MODE_CFB
+@@ -138,7 +152,11 @@
+ *
+ * Requires: ARCH_TEST_CIPHER, ARCH_TEST_AES, ARCH_TEST_CIPHER_MODE_CTR
+ */
++#ifndef TF_M_PROFILE_SMALL
++#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_CTR_AES
++#endif
++#endif
+
+ /**
+ * \def ARCH_TEST_CBC_AES
+@@ -157,7 +175,11 @@
+ *
+ * Comment macros to disable the types
+ */
++#ifndef TF_M_PROFILE_SMALL
++#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_CBC_NO_PADDING
++#endif
++#endif
+
+ /**
+ * \def ARCH_TEST_CFB_AES
+@@ -177,11 +199,15 @@
+ *
+ * Comment macros to disable the types
+ */
++#ifndef TF_M_PROFILE_SMALL
++#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_PKCS1V15
+ #define ARCH_TEST_RSA_PKCS1V15_SIGN
+ #define ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+ #define ARCH_TEST_RSA_PKCS1V15_CRYPT
+ #define ARCH_TEST_RSA_OAEP
++#endif
++#endif
+
+ /**
+ * \def ARCH_TEST_CBC_PKCS7
+@@ -190,7 +216,11 @@
+ *
+ * Comment macros to disable the types
+ */
++#ifndef TF_M_PROFILE_SMALL
++#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_CBC_PKCS7
++#endif
++#endif
+
+ /**
+ * \def ARCH_TEST_ASYMMETRIC_ENCRYPTION
+@@ -227,21 +257,27 @@
+ *
+ * Comment macros to disable the types
+ */
+-// #define ARCH_TEST_MD2
+-// #define ARCH_TEST_MD4
+-#define ARCH_TEST_MD5
+-#define ARCH_TEST_RIPEMD160
+-#define ARCH_TEST_SHA1
++//#define ARCH_TEST_MD2
++//#define ARCH_TEST_MD4
++//#define ARCH_TEST_MD5
++//#define ARCH_TEST_RIPEMD160
++//#define ARCH_TEST_SHA1
++#ifndef TF_M_PROFILE_SMALL
+ #define ARCH_TEST_SHA224
++#endif
+ #define ARCH_TEST_SHA256
++#ifndef TF_M_PROFILE_SMALL
++#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_SHA384
+ #define ARCH_TEST_SHA512
+-// #define ARCH_TEST_SHA512_224
+-// #define ARCH_TEST_SHA512_256
+-// #define ARCH_TEST_SHA3_224
+-// #define ARCH_TEST_SHA3_256
+-// #define ARCH_TEST_SHA3_384
+-// #define ARCH_TEST_SHA3_512
++#endif
++#endif
++//#define ARCH_TEST_SHA512_224
++//#define ARCH_TEST_SHA512_256
++//#define ARCH_TEST_SHA3_224
++//#define ARCH_TEST_SHA3_256
++//#define ARCH_TEST_SHA3_384
++//#define ARCH_TEST_SHA3_512
+
+ /**
+ * \def ARCH_TEST_HKDF
+@@ -270,7 +306,12 @@
+ *
+ * Comment macros to disable the types
+ */
++#ifndef TF_M_PROFILE_SMALL
++#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_CMAC
++#endif
++#endif
++//#define ARCH_TEST_GMAC
+ #define ARCH_TEST_HMAC
+
+ /**
+@@ -290,7 +331,11 @@
+ * Requires: ARCH_TEST_AES
+ *
+ */
++#ifndef TF_M_PROFILE_SMALL
++#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_GCM
++#endif
++#endif
+
+ /**
+ * \def ARCH_TEST_TRUNCATED_MAC
+@@ -309,7 +354,9 @@
+ *
+ * Requires: ARCH_TEST_ECC
+ */
++#ifndef TF_M_PROFILE_SMALL
+ #define ARCH_TEST_ECDH
++#endif
+
+ /**
+ * \def ARCH_TEST_ECDSA
+@@ -317,7 +364,9 @@
+ * Enable the elliptic curve DSA library.
+ * Requires: ARCH_TEST_ECC
+ */
++#ifndef TF_M_PROFILE_SMALL
+ #define ARCH_TEST_ECDSA
++#endif
+
+ /**
+ * \def ARCH_TEST_DETERMINISTIC_ECDSA
+--
+2.38.0
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc
index aa8f271..03f7dff 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc
@@ -20,6 +20,7 @@
file://0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch \
file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch \
file://0019-plat-corstone1000-change-default-smm-values.patch \
+ file://0020-FMP-Support-in-Corstone1000.patch \
"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend
new file mode 100644
index 0000000..6595c92
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend
@@ -0,0 +1,7 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:"
+FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000/${PN}:"
+
+SRC_URI:append:corstone1000 = " \
+ file://0001-corstone1000-port-crypto-config.patch;patchdir=../psatest \
+ file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \
+ "