diff --git a/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.2.bb b/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.3.bb
similarity index 95%
rename from meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.2.bb
rename to meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.3.bb
index c1e3108..97fa8f9 100644
--- a/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.2.bb
+++ b/meta-security/dynamic-layers/meta-python/recipes-security/mfa/python3-privacyidea_3.7.3.bb
@@ -6,7 +6,7 @@
 LIC_FILES_CHKSUM = "file://LICENSE;md5=c0acfa7a8a03b718abee9135bc1a1c55"
 
 PYPI_PACKAGE = "privacyIDEA"
-SRC_URI[sha256sum] = "17cbfdf0212eec94ffb10b3046093cf25af71b41413b6361668685333c5a35a7"
+SRC_URI[sha256sum] = "7b5725d1af004fe3f68d16c2b14be5a3d61c4d265d18cb7d50a9013da0df42d2"
 
 inherit pypi setuptools3
 
diff --git a/meta-security/kas/kas-security-base.yml b/meta-security/kas/kas-security-base.yml
index 3bf46db..a594fd7 100644
--- a/meta-security/kas/kas-security-base.yml
+++ b/meta-security/kas/kas-security-base.yml
@@ -39,8 +39,7 @@
     BB_SIGNATURE_HANDLER = "OEEquivHash"
     INHERIT += "buildstats buildstats-summary buildhistory"
     INHERIT += "report-error"
-    INHERIT += "testimage"
-    INHERIT += "rm_work"
+    IMAGE_CLASSES += "testimage"
     BB_NUMBER_THREADS="24"
     BB_NUMBER_PARSE_THREADS="12"
     BB_TASK_NICE_LEVEL = '5'
diff --git a/meta-security/meta-parsec/README.md b/meta-security/meta-parsec/README.md
index f720cd2..99935bc 100644
--- a/meta-security/meta-parsec/README.md
+++ b/meta-security/meta-parsec/README.md
@@ -99,6 +99,7 @@
 - all providers pre-configured in the Parsec config file included in the image.
 - PKCS11 and TPM providers with software backends if softhsm and
   swtpm packages included in the image.
+- TS Provider if Parsec is built with it included.
 
 Meta-parsec also contains a recipe for `security-parsec-image` image with Parsec,
 softhsm and swtpm included.
@@ -214,7 +215,7 @@
   The IBM Software TPM service can be used for manual testing of the provider by
 including it into your test image:
 
-    IMAGE_INSTALL:append = " ibmswtpm2 tpm2-tools libtss2 libtss2-tcti-mssim"
+    IMAGE_INSTALL:append = " swtpm tpm2-tools libtss2 libtss2-tcti-mssim"
 
 Inside the running VM:
 - Stop Parsec
diff --git a/meta-security/meta-parsec/lib/oeqa/runtime/cases/parsec.py b/meta-security/meta-parsec/lib/oeqa/runtime/cases/parsec.py
index 11e5572..6be84ba 100644
--- a/meta-security/meta-parsec/lib/oeqa/runtime/cases/parsec.py
+++ b/meta-security/meta-parsec/lib/oeqa/runtime/cases/parsec.py
@@ -12,12 +12,8 @@
 class ParsecTest(OERuntimeTestCase):
     @classmethod
     def setUpClass(cls):
-        cls.tc.target.run('swtpm_ioctl -s --tcp :2322')
         cls.toml_file = '/etc/parsec/config.toml'
-
-    @classmethod
-    def tearDownClass(cls):
-        cls.tc.target.run('swtpm_ioctl -s --tcp :2322')
+        cls.tc.target.run('cp -p %s %s-original' % (cls.toml_file, cls.toml_file))
 
     def setUp(self):
         super(ParsecTest, self).setUp()
@@ -40,6 +36,11 @@
         status, output = self.target.run('cat %s-%s >>%s' % (self.toml_file, provider, self.toml_file))
         os.remove(tmp_path)
 
+    def restore_parsec_config(self):
+        """ Restore original Parsec config """
+        self.target.run('cp -p %s-original %s' % (self.toml_file, self.toml_file))
+        self.target.run(self.parsec_reload)
+
     def check_parsec_providers(self, provider=None, prov_id=None):
         """ Get Parsec providers list and check for one if defined """
 
@@ -58,6 +59,23 @@
         status, output = self.target.run('parsec-cli-tests.sh %s' % ("-%d" % prov_id if prov_id else ""))
         self.assertEqual(status, 0, msg='Parsec CLI tests failed.\n %s' % output)
 
+    def check_packageconfig(self, prov):
+        """ Check that the require provider is included in Parsec """
+        if prov not in self.tc.td['PACKAGECONFIG:pn-parsec-service']:
+            self.skipTest('%s provider is not included in Parsec. Parsec PACKAGECONFIG: "%s"' % \
+                          (prov, self.tc.td['PACKAGECONFIG:pn-parsec-service']))
+
+    def check_packages(self, prov, packages):
+        """ Check for the required packages for Parsec providers software backends """
+        if isinstance(packages, str):
+            need_pkgs = set([packages,])
+        else:
+            need_pkgs = set(packages)
+
+        if not self.tc.image_packages.issuperset(need_pkgs):
+            self.skipTest('%s provider is not configured and packages "%s" are not included into the image' % \
+                          (prov, need_pkgs))
+
     @OEHasPackage(['parsec-service'])
     @OETestDepends(['ssh.SSHTest.test_ssh'])
     def test_all_providers(self):
@@ -84,7 +102,9 @@
                 'mkdir /tmp/myvtpm',
                 'swtpm socket -d --tpmstate dir=/tmp/myvtpm --tpm2 --ctrl type=tcp,port=2322 --server type=tcp,port=2321 --flags not-need-init',
                 'tpm2_startup -c -T "swtpm:port=2321"',
+                'chown -R parsec /tmp/myvtpm',
                 self.parsec_reload,
+                'sleep 5',
                ]
 
         for cmd in cmds:
@@ -92,16 +112,30 @@
             self.assertEqual(status, 0, msg='\n'.join([cmd, output]))
 
     @OEHasPackage(['parsec-service'])
-    @OEHasPackage(['swtpm'])
     @skipIfNotFeature('tpm2','Test parsec_tpm_provider requires tpm2 to be in DISTRO_FEATURES')
-    @OETestDepends(['ssh.SSHTest.test_ssh', 'parsec.ParsecTest.test_all_providers'])
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
     def test_tpm_provider(self):
         """ Configure and test Parsec TPM provider with swtpm as a backend """
 
+        self.check_packageconfig("TPM")
+
+        reconfigure = False
         prov_id = 3
-        self.configure_tpm_provider()
-        self.check_parsec_providers("TPM", prov_id)
+        try:
+            # Chech if the provider is already configured
+            self.check_parsec_providers("TPM", prov_id)
+        except:
+            # Try to test the provider with a software backend
+            self.check_packages("TPM", ['swtpm', 'tpm2-tools'])
+            reconfigure = True
+            self.configure_tpm_provider()
+            self.check_parsec_providers("TPM", prov_id)
+
         self.run_cli_tests(prov_id)
+        self.restore_parsec_config()
+
+        if reconfigure:
+            self.target.run('swtpm_ioctl -s --tcp :2322')
 
     def configure_pkcs11_provider(self):
         """ Create Parsec PKCS11 provider configuration """
@@ -132,12 +166,52 @@
         self.assertEqual(status, 0, msg='Failed to reload Parsec.\n%s' % output)
 
     @OEHasPackage(['parsec-service'])
-    @OEHasPackage(['softhsm'])
-    @OETestDepends(['ssh.SSHTest.test_ssh', 'parsec.ParsecTest.test_all_providers'])
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
     def test_pkcs11_provider(self):
         """ Configure and test Parsec PKCS11 provider with softhsm as a backend """
 
+        self.check_packageconfig("PKCS11")
         prov_id = 2
-        self.configure_pkcs11_provider()
-        self.check_parsec_providers("PKCS #11", prov_id)
+        try:
+            # Chech if the provider is already configured
+            self.check_parsec_providers("PKCS #11", prov_id)
+        except:
+            # Try to test the provider with a software backend
+            self.check_packages("PKCS11", 'softhsm')
+            self.configure_pkcs11_provider()
+            self.check_parsec_providers("PKCS #11", prov_id)
+
         self.run_cli_tests(prov_id)
+        self.restore_parsec_config()
+
+    def configure_TS_provider(self):
+        """ Create Trusted Services provider configuration """
+
+        cfg = [
+                '',
+                '[[provider]]',
+                'name = "trusted-service-provider"',
+                'provider_type = "TrustedService"',
+                'key_info_manager = "sqlite-manager"',
+              ]
+        self.copy_subconfig(cfg, "TS")
+
+        status, output = self.target.run(self.parsec_reload)
+        self.assertEqual(status, 0, msg='Failed to reload Parsec.\n%s' % output)
+
+    @OEHasPackage(['parsec-service'])
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
+    def test_TS_provider(self):
+        """ Configure and test Parsec PKCS11 provider with softhsm as a backend """
+
+        self.check_packageconfig("TS")
+        prov_id = 4
+        try:
+            # Chech if the provider is already configured
+            self.check_parsec_providers("Trusted Service", prov_id)
+        except:
+            self.configure_TS_provider()
+            self.check_parsec_providers("Trusted Service", prov_id)
+
+        self.run_cli_tests(prov_id)
+        self.restore_parsec_config()
diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.0.0.bb b/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.0.0.bb
index 84539f9..931abee 100644
--- a/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.0.0.bb
+++ b/meta-security/meta-parsec/recipes-parsec/parsec-service/parsec-service_1.0.0.bb
@@ -45,7 +45,7 @@
 do_install () {
     # Binaries
     install -d -m 700 -o parsec -g parsec "${D}${libexecdir}/parsec"
-    install -m 700 -o parsec -g parsec "${WORKDIR}/build/target/${CARGO_TARGET_SUBDIR}/parsec" ${D}${libexecdir}/parsec/parsec
+    install -m 700 -o parsec -g parsec "${B}/target/${CARGO_TARGET_SUBDIR}/parsec" ${D}${libexecdir}/parsec/parsec
 
     # Config file
     install -d -m 700 -o parsec -g parsec "${D}${sysconfdir}/parsec"
@@ -69,9 +69,10 @@
 
 inherit useradd
 USERADD_PACKAGES = "${PN}"
-USERADD_PARAM:${PN} = "-r -g parsec -s /bin/false -d ${localstatedir}/lib/parsec parsec"
 GROUPADD_PARAM:${PN} = "-r parsec"
-GROUPMEMS_PARAM:${PN} = "${@bb.utils.contains('PACKAGECONFIG_CONFARGS', 'tpm-provider', '-a parsec -g tss', '', d)}"
+USERADD_PARAM:${PN} = "-r -g parsec -s /bin/false -d ${localstatedir}/lib/parsec parsec"
+GROUPMEMS_PARAM:${PN} = "${@bb.utils.contains('PACKAGECONFIG_CONFARGS', 'tpm-provider', '-a parsec -g tss ;', '', d)}"
+GROUPMEMS_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG_CONFARGS', 'trusted-service-provider', '-a parsec -g teeclnt', '', d)}"
 
 FILES:${PN} += " \
     ${sysconfdir}/parsec/config.toml \
diff --git a/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.5.2.bb b/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.5.2.bb
index 4b053b9..6ecce8e 100644
--- a/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.5.2.bb
+++ b/meta-security/meta-parsec/recipes-parsec/parsec-tool/parsec-tool_0.5.2.bb
@@ -11,7 +11,7 @@
 
 do_install() {
   install -d ${D}/${bindir}
-  install -m 755 "${B}/target/${TARGET_SYS}/release/parsec-tool" "${D}${bindir}/parsec-tool"
+  install -m 755 "${B}/target/${CARGO_TARGET_SUBDIR}/parsec-tool" "${D}${bindir}/parsec-tool"
   install -m 755 "${S}/tests/parsec-cli-tests.sh" "${D}${bindir}/parsec-cli-tests.sh"
 }
 
diff --git a/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb b/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb
index a12a4c2..22c1245 100644
--- a/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb
+++ b/meta-security/recipes-core/packagegroup/packagegroup-core-security.bb
@@ -28,9 +28,11 @@
 RDEPENDS:packagegroup-security-utils = "\
     bubblewrap \
     checksec \
+    cryptmount \
     ding-libs \
     ecryptfs-utils \
     fscryptctl \
+    glome \
     keyutils \
     nmap \
     pinentry \
@@ -42,8 +44,8 @@
     ${@bb.utils.contains("DISTRO_FEATURES", "pax", "pax-utils packctl", "",d)} \
     "
 
-RDEPENDS:packagegroup-security-utils:append:x86 = "chipsec"
-RDEPENDS:packagegroup-security-utils:append:x86-64 = "chipsec"
+RDEPENDS:packagegroup-security-utils:append:x86 = " chipsec"
+RDEPENDS:packagegroup-security-utils:append:x86-64 = " chipsec"
 RDEPENDS:packagegroup-security-utils:remove:mipsarch = "firejail krill"
 RDEPENDS:packagegroup-security-utils:remove:libc-musl = "krill"
 RDEPENDS:packagegroup-security-utils:remove:riscv64 = "krill"
diff --git a/meta-security/recipes-ids/samhain/files/0001-Don-t-expose-configure-args.patch b/meta-security/recipes-ids/samhain/files/0001-Don-t-expose-configure-args.patch
new file mode 100644
index 0000000..fedbe5b
--- /dev/null
+++ b/meta-security/recipes-ids/samhain/files/0001-Don-t-expose-configure-args.patch
@@ -0,0 +1,44 @@
+From 111b1e8f35e989513d8961a45a806767109f6e1e Mon Sep 17 00:00:00 2001
+From: Mingli Yu <mingli.yu@windriver.com>
+Date: Thu, 11 Aug 2022 17:15:30 +0800
+Subject: [PATCH] Don't expose configure args
+
+Don't expost configure args to fix buildpath issue.
+
+Upstream-Status: Inappropriate [oe specific]
+
+Signed-off-by: Mingli Yu <mingli.yu@windriver.com>
+---
+ scripts/samhain.ebuild-light.in | 2 +-
+ scripts/samhain.ebuild.in       | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/scripts/samhain.ebuild-light.in b/scripts/samhain.ebuild-light.in
+index 2b09cdb..b7f7062 100644
+--- a/scripts/samhain.ebuild-light.in
++++ b/scripts/samhain.ebuild-light.in
+@@ -55,7 +55,7 @@ src_compile() {
+ #	      --with-state-dir=/var/lib/${PN} \
+ #	      --with-log-file=/var/log/${PN}.log \
+ 
+-	./configure ${myconf} @mydefargs@ || die
++	./configure ${myconf} mydefargs || die
+         emake || die
+ 
+ 	echo '#!/bin/sh' > ./sstrip
+diff --git a/scripts/samhain.ebuild.in b/scripts/samhain.ebuild.in
+index 635a746..b9a42e7 100644
+--- a/scripts/samhain.ebuild.in
++++ b/scripts/samhain.ebuild.in
+@@ -55,7 +55,7 @@ src_compile() {
+ #	      --with-state-dir=/var/lib/${PN} \
+ #	      --with-log-file=/var/log/${PN}.log \
+ 
+-	./configure ${myconf} @mydefargs@ || die
++	./configure ${myconf} mydefargs || die
+         emake || die
+ 
+ 	echo '#!/bin/sh' > ./sstrip
+-- 
+2.25.1
+
diff --git a/meta-security/recipes-ids/samhain/samhain-standalone.bb b/meta-security/recipes-ids/samhain/samhain-standalone.bb
index 445cb99..b832dc8 100644
--- a/meta-security/recipes-ids/samhain/samhain-standalone.bb
+++ b/meta-security/recipes-ids/samhain/samhain-standalone.bb
@@ -1,6 +1,7 @@
 require samhain.inc
 
 SRC_URI += "file://samhain-not-run-ptest-on-host.patch \
+            file://0001-Don-t-expose-configure-args.patch \
             file://run-ptest \
 "
 
diff --git a/meta-security/recipes-kernel/lkrg/lkrg-module_0.9.4.bb b/meta-security/recipes-kernel/lkrg/lkrg-module_0.9.5.bb
similarity index 100%
rename from meta-security/recipes-kernel/lkrg/lkrg-module_0.9.4.bb
rename to meta-security/recipes-kernel/lkrg/lkrg-module_0.9.5.bb
diff --git a/meta-security/recipes-mac/AppArmor/apparmor_3.0.5.bb b/meta-security/recipes-mac/AppArmor/apparmor_3.0.6.bb
similarity index 100%
rename from meta-security/recipes-mac/AppArmor/apparmor_3.0.5.bb
rename to meta-security/recipes-mac/AppArmor/apparmor_3.0.6.bb
diff --git a/meta-security/recipes-security/cryptmount/cryptmount_5.3.3.bb b/meta-security/recipes-security/cryptmount/cryptmount_5.3.3.bb
new file mode 100644
index 0000000..fb522cb
--- /dev/null
+++ b/meta-security/recipes-security/cryptmount/cryptmount_5.3.3.bb
@@ -0,0 +1,27 @@
+SUMMARY = "Linux encrypted filesystem management tool"
+HOMEPAGE = "http://cryptmount.sourceforge.net/"
+LIC_FILES_CHKSUM = "file://README;beginline=3;endline=4;md5=673a990de93a2c5531a0f13f1c40725a"
+LICENSE = "GPL-2.0-only"
+
+SRC_URI = "https://sourceforge.net/projects/cryptmount/files/${BPN}/${BPN}-5.3/${BPN}-${PV}.tar.gz \
+           file://remove_linux_fs.patch \
+           "
+
+SRC_URI[sha256sum] = "682953ff5ba497d48d6b13e22ca726c98659abd781bb8596bb299640dd255d9b"
+
+inherit autotools-brokensep gettext pkgconfig systemd
+
+EXTRA_OECONF = " --enable-cswap --enable-fsck --enable-argv0switch"
+
+PACKAGECONFIG ?="intl luks gcrypt nls"
+PACKAGECONFIG:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}"
+
+PACKAGECONFIG[systemd] = "--with-systemd, --without-systemd, systemd"
+PACKAGECONFIG[intl] = "--with-libintl-prefix, --without-libintl-prefix"
+PACKAGECONFIG[gcrypt] = "--with-libgcrypt, --without-libgcrypt, libgcrypt"
+PACKAGECONFIG[luks] = "--enable-luks, --disable-luks, cryptsetup"
+PACKAGECONFIG[nls] = "--enable-nls, --disable-nls, "
+
+SYSTEMD_SERVICE:${PN} = "cryptmount.service"
+
+RDEPENDS:${PN} = "libdevmapper"
diff --git a/meta-security/recipes-security/cryptmount/files/remove_linux_fs.patch b/meta-security/recipes-security/cryptmount/files/remove_linux_fs.patch
new file mode 100644
index 0000000..304b853
--- /dev/null
+++ b/meta-security/recipes-security/cryptmount/files/remove_linux_fs.patch
@@ -0,0 +1,19 @@
+# From glibc 2.36, <linux/mount.h> (included from <linux/fs.h>) and 
+# <sys/mount.h> (included from glibc) are no longer compatible:
+# https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E
+
+Upstream-Status: Pending
+Signed-off-by: Armin Kuster <akuster808@gmail.com>
+
+Index: cryptmount-5.3.3/cryptmount.c
+===================================================================
+--- cryptmount-5.3.3.orig/cryptmount.c
++++ cryptmount-5.3.3/cryptmount.c
+@@ -41,7 +41,6 @@
+ #ifdef HAVE_SYSLOG
+ #  include <syslog.h>
+ #endif
+-#include <linux/fs.h>       /* Beware ordering conflict with sys/mount.h */
+ 
+ 
+ #include "armour.h"
diff --git a/meta-security/recipes-security/glome/glome_git.bb b/meta-security/recipes-security/glome/glome_git.bb
new file mode 100644
index 0000000..12d6d5f
--- /dev/null
+++ b/meta-security/recipes-security/glome/glome_git.bb
@@ -0,0 +1,24 @@
+SUMMARY = "GLOME Login Client"
+HOME_PAGE = "https://github.com/google/glome"
+DESCRIPTION = "GLOME is used to authorize serial console access to Linux machines"
+PV = "0.1+git${SRCPV}"
+
+LICENSE = "Apache-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
+
+inherit meson pkgconfig
+
+DEPENDS += "openssl"
+
+S = "${WORKDIR}/git"
+SRC_URI = "git://github.com/google/glome.git;branch=master;protocol=https"
+SRCREV = "978ad9fb165f1e382c875f2ce08a1fc4f2ddcf1b"
+
+FILES:${PN} += "${libdir}/security"
+
+PACKAGECONFIG ??= ""
+PACKAGECONFIG[glome-cli] = "-Dglome-cli=true,-Dglome-cli=false"
+PACKAGECONFIG[pam-glome] = "-Dpam-glome=true,-Dpam-glome=false,libpam"
+
+EXTRA_OEMESON = "-Dtests=false"
+