subtree updates
meta-security: b9bc938785..1856a7cf43:
Armin Kuster (1):
scap-security-guide: update to 0.1.69+
Lei Maohui (2):
paxctl: Fix do_package QA Issue.
ccs-tools: Fix do_package QA Issue.
Martin Jansa (1):
layer.conf: update LAYERSERIES_COMPAT for nanbield
Yi Zhao (1):
scap-security-guide: pass the correct cpe/schemas/xsl paths to oscap
meta-arm: 992c07f7c0..bd0953cc60:
Abdellatif El Khlifi (1):
arm-bsp/u-boot: corstone1000: detect the kernel size automatically
Anusmita Dutta Mazumder (5):
arm-bsp/u-boot: corstone1000: add unique firmware GUID
arm-bsp/trusted-firmware-m: corstone1000: add unique firmware GUID
arm-bsp/scp-firmware: Update N1SDP scp-firmware version
arm-bsp/n1sdp: Enable tests with pseudo trusted application
CI: Build custom image for N1SDP optee-xtest
Delane Brandy (1):
arm-bsp/corstone1000: mmc2-enablement
Emekcan Aras (2):
arm-bsp/trusted-firmware-a: corstone1000: Update TF-A v2.9
arm-bsp/optee-os: corstone1000: Update optee-os v3.22
Javier Tia (1):
optee-client: Add path condition to tee-supplicant.service
Jon Mason (14):
arm/trusted-firmware-a: update to 2.9.0
arm-bsp/juno: update kernel to 6.4
arm/linux-yocto: change defconfig patch for 6.4
arm/hafnium: update to v2.8
arm/linux-yocto: update kernel patches
arm/trusted-services: add SRCREV_FORMAT
arm-bsp/tc1: update optee
arm-bsp/fvp-baser-aemv8r64: update u-boot to 2023.01
arm-bsp/corstone500: upgrade u-boot to the latest
arm-bsp/corstone500: removal of support
arm: patch clean-ups
arm/edk2: update to 202305 version
arm/sbsa-acs: update to v7.1.2
arm-bsp/trusted-firmware-a: remove unneeded patches
Mariam Elshakfy (2):
arm-bsp/trusted-firmware-a: Update TF-A version for N1SDP
arm-bsp/n1sdp: Update edk2-firmware version for N1SDP to 202305
Ross Burton (3):
kas/: pass through DISPLAY from environment
Remove explicit SRCPV
arm-bsp/external-system: set PACKAGE_ARCH as this is machine-specific
meta-raspberrypi: 5e2f79a6fa..6501ec892c:
Andrei Gherzan (2):
ci: Add usrmerge to distro features
docs: Fix documentation theme
Sangmo Kang (1):
omxplayer: fix an error caused by new srcrev fetcher API
Change-Id: Ibfc1e039975c1d20358c861af19fc8538125118e
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0001-Fix-FF-A-version-in-SPMC-manifest.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0001-Fix-FF-A-version-in-SPMC-manifest.patch
index 016de8d..6d5114e 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0001-Fix-FF-A-version-in-SPMC-manifest.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0001-Fix-FF-A-version-in-SPMC-manifest.patch
@@ -1,7 +1,4 @@
-Upstream-Status: Inappropriate
-Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
-
-From a31aee0988ef64724ec5866f10709f51f8cb3237 Mon Sep 17 00:00:00 2001
+From adaa22bc2f529bb34e9d4fe89ff5c65f0c83ca0c Mon Sep 17 00:00:00 2001
From: emeara01 <emekcan.aras@arm.com>
Date: Wed, 11 May 2022 14:37:06 +0100
Subject: [PATCH] Fix FF-A version in SPMC manifest
@@ -11,13 +8,14 @@
This patch will not be upstreamed and will be dropped once
OPTEE version is updated for Corstone1000.
+Upstream-Status: Inappropriate
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
---
.../corstone1000/common/fdts/corstone1000_spmc_manifest.dts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts b/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts
-index 8e49ab83f..5baa1b115 100644
+index 8e49ab83f76a..5baa1b115b2e 100644
--- a/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts
+++ b/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts
@@ -20,7 +20,7 @@
@@ -29,6 +27,3 @@
exec_state = <0x0>;
load_address = <0x0 0x2002000>;
entrypoint = <0x0 0x2002000>;
---
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch
index d834e95..e26fd34 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch
@@ -1,4 +1,4 @@
-From 360aa32846a97e775750e06865d462c6258179fa Mon Sep 17 00:00:00 2001
+From fa7ab9b40babee29d2aadb267dfce7a96f8989d4 Mon Sep 17 00:00:00 2001
From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
Date: Mon, 9 Jan 2023 13:59:06 +0000
Subject: [PATCH] feat(corstone1000): bl2 loads fip based on metadata
@@ -15,7 +15,6 @@
Upstream-Status: Pending
Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-
---
bl2/bl2_main.c | 4 +++
.../corstone1000/common/corstone1000_plat.c | 32 ++++++-------------
@@ -25,10 +24,10 @@
5 files changed, 24 insertions(+), 32 deletions(-)
diff --git a/bl2/bl2_main.c b/bl2/bl2_main.c
-index 5da803795..f25dc3029 100644
+index ce83692e0ebc..1a9febc007b2 100644
--- a/bl2/bl2_main.c
+++ b/bl2/bl2_main.c
-@@ -86,6 +86,10 @@ void bl2_main(void)
+@@ -87,6 +87,10 @@ void bl2_main(void)
/* Perform remaining generic architectural setup in S-EL1 */
bl2_arch_setup();
@@ -40,7 +39,7 @@
fwu_init();
#endif /* PSA_FWU_SUPPORT */
diff --git a/plat/arm/board/corstone1000/common/corstone1000_plat.c b/plat/arm/board/corstone1000/common/corstone1000_plat.c
-index 0235f8b84..7f9708a82 100644
+index 0235f8b8474c..7f9708a82489 100644
--- a/plat/arm/board/corstone1000/common/corstone1000_plat.c
+++ b/plat/arm/board/corstone1000/common/corstone1000_plat.c
@@ -33,36 +33,17 @@ const mmap_region_t plat_arm_mmap[] = {
@@ -98,7 +97,7 @@
* is no power control present
*/
diff --git a/plat/arm/board/corstone1000/common/include/platform_def.h b/plat/arm/board/corstone1000/common/include/platform_def.h
-index 584d485f3..0bfab05a4 100644
+index 584d485f3ea7..0bfab05a482b 100644
--- a/plat/arm/board/corstone1000/common/include/platform_def.h
+++ b/plat/arm/board/corstone1000/common/include/platform_def.h
@@ -173,16 +173,16 @@
@@ -125,10 +124,10 @@
/*
* Some data must be aligned on the biggest cache line size in the platform.
diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile
-index ca548b836..32b5486a0 100644
+index 042e844626bd..45b76a022f91 100644
--- a/tools/cert_create/Makefile
+++ b/tools/cert_create/Makefile
-@@ -69,8 +69,8 @@ INC_DIR += -I ./include -I ${PLAT_INCLUDE} -I ${OPENSSL_DIR}/include
+@@ -78,8 +78,8 @@ INC_DIR += -I ./include -I ${PLAT_INCLUDE} -I ${OPENSSL_DIR}/include
# directory. However, for a local build of OpenSSL, the built binaries are
# located under the main project directory (i.e.: ${OPENSSL_DIR}, not
# ${OPENSSL_DIR}/lib/).
@@ -140,10 +139,10 @@
HOSTCC ?= gcc
diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile
-index e6aeba95b..7c047479e 100644
+index 2ebee33931ba..dcfd314bee89 100644
--- a/tools/fiptool/Makefile
+++ b/tools/fiptool/Makefile
-@@ -29,7 +29,7 @@ endif
+@@ -39,7 +39,7 @@ HOSTCCFLAGS += -DUSING_OPENSSL3=$(USING_OPENSSL3)
# directory. However, for a local build of OpenSSL, the built binaries are
# located under the main project directory (i.e.: ${OPENSSL_DIR}, not
# ${OPENSSL_DIR}/lib/).
@@ -152,7 +151,7 @@
ifeq (${V},0)
Q := @
-@@ -37,7 +37,7 @@ else
+@@ -47,7 +47,7 @@ else
Q :=
endif
@@ -161,6 +160,3 @@
HOSTCC ?= gcc
---
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-add-cpuhelper-to-makefile.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-add-cpuhelper-to-makefile.patch
new file mode 100644
index 0000000..6ddde10
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-add-cpuhelper-to-makefile.patch
@@ -0,0 +1,28 @@
+From 33078d8ef143e8c79f06399de46dd26e1d53a220 Mon Sep 17 00:00:00 2001
+From: Gauri Sahnan <Gauri.Sahnan@arm.com>
+Date: Tue, 8 Aug 2023 17:16:51 +0100
+Subject: fix(corstone1000): add cpuhelpers to makefile
+
+Adds cpu_helpers.S to the Makefile to align with the changes in new
+trusted-firmware-a version.
+
+Signed-off-by: Gauri Sahnan <Gauri.Sahnan@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ plat/arm/board/corstone1000/platform.mk | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/plat/arm/board/corstone1000/platform.mk b/plat/arm/board/corstone1000/platform.mk
+index 3edffe087..079e9d6c1 100644
+--- a/plat/arm/board/corstone1000/platform.mk
++++ b/plat/arm/board/corstone1000/platform.mk
+@@ -43,6 +43,7 @@ BL2_SOURCES += plat/arm/board/corstone1000/common/corstone1000_security.c \
+ plat/arm/board/corstone1000/common/corstone1000_err.c \
+ plat/arm/board/corstone1000/common/corstone1000_trusted_boot.c \
+ lib/utils/mem_region.c \
++ lib/cpus/aarch64/cpu_helpers.S \
+ plat/arm/board/corstone1000/common/corstone1000_helpers.S \
+ plat/arm/board/corstone1000/common/corstone1000_plat.c \
+ plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c \
+--
+2.25.1
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/rwx-segments.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/rwx-segments.patch
new file mode 100644
index 0000000..a4518ec
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/rwx-segments.patch
@@ -0,0 +1,38 @@
+Binutils 2.39 now warns when a segment has RXW permissions[1]:
+
+aarch64-none-elf-ld.bfd: warning: bl31.elf has a LOAD segment with RWX
+permissions
+
+However, TF-A passes --fatal-warnings to LD, so this is a build failure.
+
+There is a ticket filed upstream[2], so until that is resolved just
+remove --fatal-warnings.
+
+[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
+[2] https://developer.trustedfirmware.org/T996
+
+Upstream-Status: Inappropriate
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+diff --git a/Makefile b/Makefile
+index 3941f8698..13bbac348 100644
+--- a/Makefile
++++ b/Makefile
+@@ -418,7 +418,7 @@ TF_LDFLAGS += $(TF_LDFLAGS_$(ARCH))
+ # LD = gcc (used when GCC LTO is enabled)
+ else ifneq ($(findstring gcc,$(notdir $(LD))),)
+ # Pass ld options with Wl or Xlinker switches
+-TF_LDFLAGS += -Wl,--fatal-warnings -O1
++TF_LDFLAGS += -O1
+ TF_LDFLAGS += -Wl,--gc-sections
+ ifeq ($(ENABLE_LTO),1)
+ ifeq (${ARCH},aarch64)
+@@ -435,7 +435,7 @@ TF_LDFLAGS += $(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH)))
+
+ # LD = gcc-ld (ld) or llvm-ld (ld.lld) or other
+ else
+-TF_LDFLAGS += --fatal-warnings -O1
++TF_LDFLAGS += -O1
+ TF_LDFLAGS += --gc-sections
+ # ld.lld doesn't recognize the errata flags,
+ # therefore don't add those in that case
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tf-a-tests-no-warn-rwx-segments.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tf-a-tests-no-warn-rwx-segments.patch
new file mode 100644
index 0000000..5d02e35
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tf-a-tests-no-warn-rwx-segments.patch
@@ -0,0 +1,26 @@
+Binutils 2.39 now warns when a segment has RXW permissions[1]:
+
+aarch64-poky-linux-musl-ld: tftf.elf has a LOAD segment with RWX permissions
+
+There is a ticket filed upstream[2], so until that is resolved just
+disable the warning
+
+[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
+[2] https://developer.trustedfirmware.org/T996
+
+Upstream-Status: Inappropriate
+Signed-off-by: Anton Antonov <anrton.antonov@arm.com>
+
+diff --git a/Makefile b/Makefile
+index 6d0774e1..be3f84ce 100644
+--- a/Makefile
++++ b/Makefile
+@@ -238,7 +238,7 @@ TFTF_SOURCES := ${FRAMEWORK_SOURCES} ${TESTS_SOURCES} ${PLAT_SOURCES} ${LIBC_SR
+ TFTF_INCLUDES += ${PLAT_INCLUDES}
+ TFTF_CFLAGS += ${COMMON_CFLAGS}
+ TFTF_ASFLAGS += ${COMMON_ASFLAGS}
+-TFTF_LDFLAGS += ${COMMON_LDFLAGS}
++TFTF_LDFLAGS += ${COMMON_LDFLAGS} --no-warn-rwx-segments
+ TFTF_EXTRA_OBJS :=
+
+ ifneq (${BP_OPTION},none)
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/fiptool-native_2.8.6.bb b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/fiptool-native_2.8.6.bb
new file mode 100644
index 0000000..02f3387
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/fiptool-native_2.8.6.bb
@@ -0,0 +1,33 @@
+# Firmware Image Package (FIP)
+# It is a packaging format used by TF-A to package the
+# firmware images in a single binary.
+
+DESCRIPTION = "fiptool - Trusted Firmware tool for packaging"
+LICENSE = "BSD-3-Clause"
+
+SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https"
+SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}"
+LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde"
+
+# Use fiptool from TF-A v2.8.6
+SRCREV = "ff0bd5f9bb2ba2f31fb9cec96df917747af9e92d"
+SRCBRANCH = "lts-v2.8"
+
+DEPENDS += "openssl-native"
+
+inherit native
+
+EXTRA_OEMAKE = "V=1 HOSTCC='${BUILD_CC}' OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}"
+
+do_compile () {
+ # This is still needed to have the native fiptool executing properly by
+ # setting the RPATH
+ sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile
+ sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile
+
+ oe_runmake fiptool
+}
+
+do_install () {
+ install -D -p -m 0755 tools/fiptool/fiptool ${D}${bindir}/fiptool
+}
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_%.bbappend
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bbappend
rename to meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_%.bbappend
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bb b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bb
new file mode 100644
index 0000000..ed3b349
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bb
@@ -0,0 +1,54 @@
+DESCRIPTION = "Trusted Firmware-A tests(aka TFTF)"
+LICENSE = "BSD-3-Clause & NCSA"
+
+LIC_FILES_CHKSUM += "file://docs/license.rst;md5=6175cc0aa2e63b6d21a32aa0ee7d1b4a"
+
+inherit deploy
+
+COMPATIBLE_MACHINE ?= "invalid"
+
+SRC_URI_TRUSTED_FIRMWARE_A_TESTS ?= "git://git.trustedfirmware.org/TF-A/tf-a-tests.git;protocol=https"
+SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A_TESTS};branch=${SRCBRANCH} \
+ file://tf-a-tests-no-warn-rwx-segments.patch"
+SRCBRANCH = "lts-v2.8"
+SRCREV = "85442d2943440718c2c2c9c5c690202b4b4f5725"
+
+DEPENDS += "optee-os"
+
+EXTRA_OEMAKE += "USE_NVM=0"
+EXTRA_OEMAKE += "SHELL_COLOR=1"
+EXTRA_OEMAKE += "DEBUG=1"
+
+# Platform must be set for each machine
+TFA_PLATFORM ?= "invalid"
+
+EXTRA_OEMAKE += "ARCH=aarch64"
+EXTRA_OEMAKE += "LOG_LEVEL=50"
+
+S = "${WORKDIR}/git"
+B = "${WORKDIR}/build"
+
+# Add platform parameter
+EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}"
+
+# Requires CROSS_COMPILE set by hand as there is no configure script
+export CROSS_COMPILE="${TARGET_PREFIX}"
+
+do_compile() {
+ oe_runmake -C ${S} tftf
+}
+
+do_compile[cleandirs] = "${B}"
+
+FILES:${PN} = "/firmware/tftf.bin"
+SYSROOT_DIRS += "/firmware"
+
+do_install() {
+ install -d -m 755 ${D}/firmware
+ install -m 0644 ${B}/${TFA_PLATFORM}/debug/tftf.bin ${D}/firmware/tftf.bin
+}
+
+do_deploy() {
+ cp -rf ${D}/firmware/* ${DEPLOYDIR}/
+}
+addtask deploy after do_install
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
index 06be28e..3f66bed 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
@@ -3,16 +3,12 @@
COMPATIBLE_MACHINE = "(corstone1000)"
FILESEXTRAPATHS:prepend := "${THISDIR}/files/corstone1000:"
-
-SRC_URI:append = " \
+SRC_URI:append = " \
file://0001-Fix-FF-A-version-in-SPMC-manifest.patch \
- file://0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch \
- file://0003-psci-SMCCC_ARCH_FEATURES-discovery-through-PSCI_FEATURES.patch \
- "
-
-#Sets TF-A version to 2.8.0
-SRCREV_tfa = "9881bb93a3bc0a3ea37e9f093e09ab4b360a9e48"
-PV = "2.8.0"
+ file://0002-feat-corstone1000-bl2-loads-fip-based-on-metadata.patch \
+ file://0003-psci-SMCCC_ARCH_FEATURES-discovery-through-PSCI_FEATURES.patch \
+ file://0004-fix-corstone1000-add-cpuhelper-to-makefile.patch \
+ "
TFA_DEBUG = "1"
TFA_UBOOT ?= "1"
@@ -33,7 +29,7 @@
TARGET_PLATFORM=${TFA_TARGET_PLATFORM} \
ENABLE_STACK_PROTECTOR=strong \
ENABLE_PIE=1 \
- BL2_AT_EL3=1 \
+ RESET_TO_BL2=1 \
CREATE_KEYS=1 \
GENERATE_COT=1 \
TRUSTED_BOARD_BOOT=1 \
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone500.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone500.inc
deleted file mode 100644
index acd9e3d..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone500.inc
+++ /dev/null
@@ -1,17 +0,0 @@
-# Corstone-500 specific TFA support
-
-COMPATIBLE_MACHINE = "corstone500"
-TFA_PLATFORM = "a5ds"
-TFA_DEBUG = "1"
-TFA_UBOOT = "1"
-TFA_BUILD_TARGET = "all fip"
-TFA_INSTALL_TARGET = "bl1.bin fip.bin"
-
-EXTRA_OEMAKE:append = " \
- ARCH=aarch32 \
- FVP_HW_CONFIG_DTS=fdts/a5ds.dts \
- ARM_ARCH_MAJOR=7 \
- AARCH32_SP=sp_min \
- ARM_CORTEX_A5=yes \
- ARM_XLAT_TABLES_LIB_V1=1 \
- "
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc
index 654e432..c2fa223 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc
@@ -1,5 +1,9 @@
# N1SDP specific TFA support
+# Align with N1SDP-2023.06.22 Manifest
+SRCREV_tfa = "31f60a968347497562b0129134928d7ac4767710"
+PV .= "+git"
+
COMPATIBLE_MACHINE = "n1sdp"
TFA_PLATFORM = "n1sdp"
TFA_BUILD_TARGET = "all fip"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
similarity index 87%
rename from meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.%.bbappend
rename to meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
index 220dd6e..7fbcd3a 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.%.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
@@ -3,7 +3,6 @@
# Machine specific TFAs
MACHINE_TFA_REQUIRE ?= ""
-MACHINE_TFA_REQUIRE:corstone500 = "trusted-firmware-a-corstone500.inc"
MACHINE_TFA_REQUIRE:corstone1000 = "trusted-firmware-a-corstone1000.inc"
MACHINE_TFA_REQUIRE:fvp-base = "trusted-firmware-a-fvp.inc"
MACHINE_TFA_REQUIRE:juno = "trusted-firmware-a-juno.inc"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.6.bb b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.6.bb
new file mode 100644
index 0000000..cffc6db
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.6.bb
@@ -0,0 +1,15 @@
+require recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
+
+# TF-A v2.8.6
+SRCREV_tfa = "ff0bd5f9bb2ba2f31fb9cec96df917747af9e92d"
+SRCBRANCH = "lts-v2.8"
+
+SRC_URI += "file://rwx-segments.patch"
+
+LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde"
+
+# mbed TLS v2.28.2
+SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=mbedtls-2.28"
+SRCREV_mbedtls = "89f040a5c938985c5f30728baed21e49d0846a53"
+
+LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"