subtree updates
poky: 3e5faccfaf..95c802b0be:
Alexander Kanavin (1):
sdk-manual: correct the bitbake target for a unified sysroot build
Michael Opdenacker (6):
ref-manual/variables.rst: clarify sentence
test-manual: fix typo in machine name
ref-manual: faq.rst: reorganize into subsections, contents at top
migration-guides: use contributor real name
manuals: fix misc typos
migration-guides: use contributor real name
Paul Eggleton (31):
migration-general: add section on using buildhistory
ref-manual: add DISABLE_STATIC
ref-manual: expand documentation on image-buildinfo class
ref-manual: add WATCHDOG_TIMEOUT to variable glossary
ref-manual: correct default for BUILDHISTORY_COMMIT
ref-manual: document new github-releases class
ref-manual: add a note to ssh-server-dropbear feature
ref-manual: update buildpaths QA check documentation
ref-manual: add UBOOT_MKIMAGE_KERNEL_TYPE
ref-manual: add DEV_PKG_DEPENDENCY
ref-manual: add SDK_TOOLCHAIN_LANGS
ref-manual: add pypi class
ref-manual: update pypi documentation for CVE_PRODUCT default in 4.1
ref-manual: add CVE_CHECK_SHOW_WARNINGS
ref-manual: add FIT_PAD_ALG
ref-manual: add CVE_DB_UPDATE_INTERVAL
ref-manual: add KERNEL_DEPLOY_DEPEND
ref-manual: add MOUNT_BASE variable
ref-manual: remove reference to testimage-auto class
Update documentation for classes split
ref-manual: complementary package installation recommends
ref-manual: remove reference to largefile in DISTRO_FEATURES
ref-manual: add missing features
ref-manual: add serial-autologin-root to IMAGE_FEATURES documentation
ref-manual: add previous overlayfs-etc variables
ref-manual: add OVERLAYFS_ETC_EXPOSE_LOWER
ref-manual: add WIRELESS_DAEMON
ref-manual: add section for create-spdx class
ref-manual: add overlayfs class variables
ref-manual: add OVERLAYFS_QA_SKIP
Add 4.1 migration guide & release notes
Ross Burton (2):
migration-guides: add known issues for 4.1
migration-guides/release-notes-4.1.rst: add more known issues
Takayasu Ito (1):
release-notes-4.1.rst remove bitbake-layers subcommand argument
meta-arm: 13199c55c0..14c7e5b336:
Jon Mason (1):
CI: track langdale branch
Mohamed Omar Asaker (1):
arm-bsp/u-boot: corstone1000: support 32bit ffa direct messaging
Ross Burton (3):
arm-bsp: remove TC0
arm-bsp/scp-firmware: remove TC0 patches
arm/fvp-tc0: remove Total Compute 2020 FVP
Rui Miguel Silva (2):
arm-bsp/optee: add log handler
arm-bsp/trusted-services: support for libmetal and openamp
Vishnu Banavath (1):
arm-bsp/linux: add kernel file search path for N1SDP
meta-openembedded: 6529e5f963..8073ec2275:
Alex Kiernan (4):
conntrack-tools: Upgrade 1.4.6 -> 1.4.7
conntrack-tools: Add PACKAGECONFIGs for build options
conntrack-tools: Use canonical shell spacing
uriparser: Upgrade 0.9.6 -> 0.9.7
Andreas Müller (1):
onboard: remove
Changqing Li (1):
redis: upgrade 7.0.4 to 7.0.5
Fabio Estevam (2):
remmina: Update to 1.4.27
crucible: Add recipe
Khem Raj (1):
grpc: Update to 1.50.x release
Leon Anavi (2):
python3-imageio: Upgrade 2.22.1 -> 2.22.2
python3-distro: Upgrade 1.7.0 -> 1.8.0
Markus Volk (2):
pipewire: upgrade 0.3.57 -> 0.3.59
wireplumber: upgrade 0.4.11 -> 0.4.12
Peter Kjellerstedt (1):
v4l-utils: Support building without NLS
Sebastian Suesens (2):
md4c: added md4c lib
double-conversion: added double-conversion lib
Sui Chen (1):
Add recipe for Perfetto
Thomas Perrot (1):
xfce4-settings: upgrade 4.16.2 -> 4.16.3
Ulysse Manceron (1):
abseil-cpp: Upgrade to head on 2022-10-14
Wang Mingyu (19):
broadcom-bt-firmware: upgrade
cppzmq: upgrade 4.8.1 -> 4.9.0
ctags: upgrade 5.9.20221002.0 -> 5.9.20221009.0
debootstrap: upgrade 1.0.127 -> 1.0.128
freerdp: upgrade 2.8.0 -> 2.8.1
gst-editing-services: upgrade 1.20.3 -> 1.20.4
libwacom: upgrade 2.4.0 -> 2.5.0
nbdkit: upgrade 1.33.1 -> 1.33.2
xfstests: upgrade 2022.09.25 -> 2022.10.09
blueman: upgrade 2.3.2 -> 2.3.4
cli11: upgrade 2.2.0 -> 2.3.0
tesseract: upgrade 4.1.3 -> 5.2.0
python3-absl: upgrade 1.2.0 -> 1.3.0
python3-gevent: upgrade 22.8.0 -> 22.10.1
python3-google-api-core: upgrade 2.10.1 -> 2.10.2
python3-google-api-python-client: upgrade 2.62.0 -> 2.64.0
python3-google-auth: upgrade 2.11.1 -> 2.12.0
python3-pymodbus: upgrade 2.5.3 -> 3.0.0
python3-pywbem: upgrade 1.4.1 -> 1.5.0
homalozoa (1):
Add condition for libusbgx-examples
zhengrq.fnst (5):
python3-stevedore: upgrade 4.0.0 -> 4.0.1
yelp: upgrade 42.1 -> 42.2
tio: upgrade 2.0 -> 2.1
python3-zopeinterface: upgrade 5.4.0 -> 5.5.0
unbound: upgrade 1.16.3 -> 1.17.0
meta-raspberrypi: fc5f80a47e..722c51647c:
Oliver Lang (1):
rpi-base.inc: handle empty/undefined KERNEL_DEVICETREE
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I555ec2b7aca80e0511bf112acd0a045de17fe91b
diff --git a/meta-arm/.gitlab-ci.yml b/meta-arm/.gitlab-ci.yml
index 60c6ed9..98a95c1 100644
--- a/meta-arm/.gitlab-ci.yml
+++ b/meta-arm/.gitlab-ci.yml
@@ -188,11 +188,6 @@
sgi575:
extends: .build
-tc0:
- extends: .build
- tags:
- - x86_64
-
tc1:
extends: .build
tags:
diff --git a/meta-arm/ci/base.yml b/meta-arm/ci/base.yml
index 3619b8f..4981265 100644
--- a/meta-arm/ci/base.yml
+++ b/meta-arm/ci/base.yml
@@ -5,7 +5,7 @@
defaults:
repos:
- refspec: master
+ refspec: langdale
repos:
meta-arm:
diff --git a/meta-arm/ci/clang.yml b/meta-arm/ci/clang.yml
index a2063f1..e5e7dd5 100644
--- a/meta-arm/ci/clang.yml
+++ b/meta-arm/ci/clang.yml
@@ -4,6 +4,7 @@
repos:
meta-clang:
url: https://github.com/kraj/meta-clang
+ refspec: master
local_conf_header:
clang: |
diff --git a/meta-arm/ci/fvps.yml b/meta-arm/ci/fvps.yml
index 576faa3..e3bc5fe5a 100644
--- a/meta-arm/ci/fvps.yml
+++ b/meta-arm/ci/fvps.yml
@@ -17,4 +17,3 @@
- nativesdk-fvp-sgi575
- nativesdk-fvp-corstone500
- nativesdk-fvp-corstone1000
- - nativesdk-fvp-tc0
diff --git a/meta-arm/ci/meta-openembedded.yml b/meta-arm/ci/meta-openembedded.yml
index bed338d..dd0f663 100644
--- a/meta-arm/ci/meta-openembedded.yml
+++ b/meta-arm/ci/meta-openembedded.yml
@@ -4,6 +4,7 @@
repos:
meta-openembedded:
url: https://git.openembedded.org/meta-openembedded
+ refspec: master
layers:
meta-filesystems:
meta-networking:
diff --git a/meta-arm/ci/tc0.yml b/meta-arm/ci/tc0.yml
deleted file mode 100644
index b2f75d5..0000000
--- a/meta-arm/ci/tc0.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-header:
- version: 11
- includes:
- - ci/base.yml
-
-machine: tc0
-
-target:
- - tc-artifacts-image
diff --git a/meta-arm/meta-arm-bsp/conf/machine/tc0.conf b/meta-arm/meta-arm-bsp/conf/machine/tc0.conf
deleted file mode 100644
index b9c762d..0000000
--- a/meta-arm/meta-arm-bsp/conf/machine/tc0.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-# Configuration for TC0
-
-#@TYPE: Machine
-#@NAME: TC0
-#@DESCRIPTION: Machine configuration for TC0
-
-require conf/machine/include/tc.inc
diff --git a/meta-arm/meta-arm-bsp/documentation/tc0.md b/meta-arm/meta-arm-bsp/documentation/tc0.md
deleted file mode 100644
index 2ae2592..0000000
--- a/meta-arm/meta-arm-bsp/documentation/tc0.md
+++ /dev/null
@@ -1,32 +0,0 @@
-# TC0 Platform Support in meta-arm-bsp
-
-## Overview
-The Total Compute platform provides an envelope for all of Arm's latest IP and
-software solutions, optimised to work together. Further information can be
-found on the Total Compute community page:
-https://community.arm.com/developer/tools-software/oss-platforms/w/docs/606/total-compute
-
-The user guide for TC0 platform with detailed instructions for
-syncing and building the source code and running on TC0 Fixed Virtual Platform
-for poky and android distributions is available at:
-https://git.linaro.org/landing-teams/working/arm/arm-reference-platforms.git/tree/docs/tc0/user-guide.rst
-
-## Building
-In the local.conf file, MACHINE should be set as follows:
-MACHINE = "tc0"
-
-To build the required binaries for tc0, run the commmand:
-```bash$ bitbake tc-artifacts-image```
-
-Trusted-firmware-a is the final component to be built with the rest of the
-components dependent of it, therefore building tc-artifacts-image which depends
-on trusted-firmware-a will build all the required binaries.
-
-## Running
-To run the produced binaries in a TC0 Fixed Virtual Platform please get
-the run scripts at:
-https://git.linaro.org/landing-teams/working/arm/model-scripts.git/
-
-and follow the instructions in the user-guide.rst available in:
-https://git.linaro.org/landing-teams/working/arm/arm-reference-platforms.git/tree/docs/tc0/user-guide.rst
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/files/tc/0002-tc0-fix-mpmm-config.patch b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/files/tc/0002-tc0-fix-mpmm-config.patch
deleted file mode 100644
index f2044a9..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/files/tc/0002-tc0-fix-mpmm-config.patch
+++ /dev/null
@@ -1,92 +0,0 @@
-From 736bd8aeceefd474c15a97e4a4ec99f07ef9a82c Mon Sep 17 00:00:00 2001
-From: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
-Date: Fri, 11 Feb 2022 18:28:43 +0000
-Subject: [PATCH 2/4] tc0: fix mpmm config
-
-Do not enable MPMM in standard features set.
-
-Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
-Change-Id: I7b273a2055452e2e8cd78a0d932514a6f2947ec5
-Upstream-Status: Pending [Not submitted to upstream yet]
----
- product/tc0/scp_ramfw/config_mpmm.c | 15 ---------------
- 1 file changed, 15 deletions(-)
-
-diff --git a/product/tc0/scp_ramfw/config_mpmm.c b/product/tc0/scp_ramfw/config_mpmm.c
-index 3bfe99d3..13d866a5 100644
---- a/product/tc0/scp_ramfw/config_mpmm.c
-+++ b/product/tc0/scp_ramfw/config_mpmm.c
-@@ -27,7 +27,6 @@ enum core_pd_idx {
- CORE7_IDX
- };
-
--#if defined(PLATFORM_VARIANT) && (PLATFORM_VARIANT == TC0_VARIANT_STD)
- static struct mod_mpmm_pct_table k_pct[] = {
- { .cores_online = 4,
- .default_perf_limit = 1153 * 1000000UL,
-@@ -115,7 +114,6 @@ static struct mod_mpmm_pct_table m_pct[] = {
- },
- } },
- };
--#endif
-
- static struct mod_mpmm_pct_table m_elp_pct[] = {
- { .cores_online = 1,
-@@ -132,7 +130,6 @@ static struct mod_mpmm_pct_table m_elp_pct[] = {
- } },
- };
-
--#if defined(PLATFORM_VARIANT) && (PLATFORM_VARIANT == TC0_VARIANT_STD)
- static const struct mod_mpmm_core_config k_core_config[] = {
- [0] = {
- .pd_id = FWK_ID_ELEMENT_INIT(FWK_MODULE_IDX_POWER_DOMAIN, CORE0_IDX),
-@@ -180,7 +177,6 @@ static const struct mod_mpmm_core_config m_core_config[] = {
- .core_starts_online = false,
- },
- };
--#endif
-
- static const struct mod_mpmm_core_config m_elp_core_config[] = {
- [0] = {
-@@ -191,7 +187,6 @@ static const struct mod_mpmm_core_config m_elp_core_config[] = {
- },
- };
-
--#if defined(PLATFORM_VARIANT) && (PLATFORM_VARIANT == TC0_VARIANT_STD)
- static const struct mod_mpmm_domain_config k_domain_conf[] = {
- [0] = {
- .perf_id = FWK_ID_ELEMENT_INIT(
-@@ -219,7 +214,6 @@ static const struct mod_mpmm_domain_config m_domain_conf[] = {
- },
- [1] = {0},
- };
--#endif
-
- static const struct mod_mpmm_domain_config m_elp_domain_conf[] = {
- [0] = {
-@@ -236,14 +230,6 @@ static const struct mod_mpmm_domain_config m_elp_domain_conf[] = {
- };
-
- static const struct fwk_element element_table[] = {
--#if defined(PLATFORM_VARIANT) && (PLATFORM_VARIANT == TC0_VAR_EXPERIMENT_POWER)
-- [0] = {
-- .name = "MPMM_MATTERHORN_ELP_ARM_ELEM",
-- .sub_element_count = 1,
-- .data = m_elp_domain_conf,
-- },
-- [1] = { 0 },
--#else
- [0] = {
- .name = "MPMM_KLEIN_ELEM",
- .sub_element_count = 4,
-@@ -260,7 +246,6 @@ static const struct fwk_element element_table[] = {
- .data = m_elp_domain_conf,
- },
- [3] = { 0 },
--#endif
- };
-
- static const struct fwk_element *mpmm_get_element_table(fwk_id_t module_id)
---
-2.30.2
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/files/tc/0003-tc0-rename-platform-variant-to-platform-feature-set.patch b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/files/tc/0003-tc0-rename-platform-variant-to-platform-feature-set.patch
deleted file mode 100644
index 87dfbfa..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/files/tc/0003-tc0-rename-platform-variant-to-platform-feature-set.patch
+++ /dev/null
@@ -1,203 +0,0 @@
-From 50e63f11762348bcd95d809af248f620f03d9ce4 Mon Sep 17 00:00:00 2001
-From: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
-Date: Fri, 11 Feb 2022 18:16:54 +0000
-Subject: [PATCH 3/4] tc0: rename platform variant to platform feature set
-
-THe PLATFORM_VARIANT flag was added to differentiate the software
-features enabled in SCP firmware. But this flag misleads to a new
-variant of same platform. This commits renames PLATFORM_VARIANT to
-PLATFORM_FEATURE_SET
-
-Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
-Change-Id: I93c0bc3e11fe18192bb8246df851345bdc473974
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
----
- product/tc0/doc/{variants.md => features.md} | 28 +++++++++-----------
- product/tc0/scp_ramfw/CMakeLists.txt | 26 +++---------------
- product/tc0/scp_ramfw/Firmware.cmake | 2 +-
- product/tc0/scp_ramfw/config_scmi_perf.c | 8 +++---
- product/tc0/scp_romfw/CMakeLists.txt | 6 ++---
- product/tc0/scp_romfw/Firmware.cmake | 2 +-
- 6 files changed, 25 insertions(+), 47 deletions(-)
- rename product/tc0/doc/{variants.md => features.md} (77%)
-
-diff --git a/product/tc0/doc/variants.md b/product/tc0/doc/features.md
-similarity index 77%
-rename from product/tc0/doc/variants.md
-rename to product/tc0/doc/features.md
-index fbf616db..3ef520e2 100644
---- a/product/tc0/doc/variants.md
-+++ b/product/tc0/doc/features.md
-@@ -1,4 +1,4 @@
--# TC0 Platform Variants
-+# TC0 Platform Features
-
- Copyright (c) 2022, Arm Limited. All rights reserved.
-
-@@ -7,30 +7,27 @@ Copyright (c) 2022, Arm Limited. All rights reserved.
-
- Documentation for TC0 platform can be found at [1].
-
-+### Standard
-+
-+The standard build provides all the features described in [1].
-+For this default features, it's not required to provide any extra parameters in
-+the build commands.
-+
-+### MPMM/Power/Performance (Experimental)
-+
- For the purpose of experimenting some of the software features that have been
--introduced in SCP-firmware a new variant of TC0 has been created.
--The variant(s) can be chosen at build time by adding:
-+introduced in SCP-firmware of TC0. This can be enabled at build time, by adding:
-
- ```sh
-
- make -f Makefile.cmake \
- PRODUCT=tc0 \
- MODE=<debug,release> \
-- PLATFORM_VARIANT=<0,1>
-+ EXTRA_CONFIG_ARGS+=-DSCP_PLATFORM_FEATURE_SET=1
-
- ```
-
--
--### Variant 0 (Standard build)
--
--The standard build provides all the features described in [1].
--For this default variant, it's not required to provide any extra parameters in
--the build commands.
--
--
--### Variant 1 (Power/Performance testing)
--
--This variant adds support for the following software features:
-+This adds support for the following software features:
- - Traffic Cop
- - MPMM (Maximum Power Mitigation Mechanism)
- - Thermal Management
-@@ -63,7 +60,6 @@ Once built, the features above will act as:
-
- ## Limitations
-
--- The "variant" option is available only with the CMake build.
- - The Thermal functionality is limited at this time cause the constant
- temperature being sampled.
-
-diff --git a/product/tc0/scp_ramfw/CMakeLists.txt b/product/tc0/scp_ramfw/CMakeLists.txt
-index 96310320..ce3178ee 100644
---- a/product/tc0/scp_ramfw/CMakeLists.txt
-+++ b/product/tc0/scp_ramfw/CMakeLists.txt
-@@ -11,25 +11,13 @@
-
- add_executable(tc0-bl2)
-
-+set(SCP_PLATFORM_FEATURE_SET ${SCP_PLATFORM_FEATURE_SET_INIT} CACHE STRING "1")
-
--# SCP_PLATFORM_VARIANT options:
--# - 'TC0_VARIANT_STD' for TC0 standard build
--# - 'TC0_VAR_EXPERIMENT_POWER' for TC0 with power/performance plugins used for
--# evaluation purposes
--
--
--target_compile_definitions(tc0-bl2 PUBLIC -DTC0_VARIANT_STD=0)
--target_compile_definitions(tc0-bl2 PUBLIC -DTC0_VAR_EXPERIMENT_POWER=1)
--
--
--set(SCP_PLATFORM_VARIANT ${SCP_PLATFORM_VARIANT_INIT} CACHE STRING "1")
--
--
--if (SCP_PLATFORM_VARIANT STREQUAL "1")
-- message(NOTICE "SCP_PLATFORM_VARIANT set to EXPERIMENT_POWER (tc0-bl2)\n")
-+if (SCP_PLATFORM_FEATURE_SET STREQUAL "1")
-+ message(NOTICE "TC0 platform features MPMM/POWER/PERFORMANCE is experimental (tc0-bl2)\n")
-
- target_compile_definitions(tc0-bl2
-- PUBLIC -DPLATFORM_VARIANT=TC0_VAR_EXPERIMENT_POWER)
-+ PUBLIC -DTC0_FEATURES_MPMM_POWER_PERF)
-
- set(SCP_ENABLE_PLUGIN_HANDLER TRUE PARENT_SCOPE)
- set(SCP_ENABLE_FAST_CHANNELS TRUE PARENT_SCOPE)
-@@ -56,12 +44,6 @@ if (SCP_PLATFORM_VARIANT STREQUAL "1")
- list(PREPEND SCP_MODULE_PATHS
- "${CMAKE_CURRENT_LIST_DIR}/../module/tc0_power_model")
- target_sources(tc0-bl2 PRIVATE "config_tc0_power_model.c")
--
--else()
-- message(NOTICE "SCP_PLATFORM_VARIANT set to STANDARD (tc0-bl2)\n")
--
-- target_compile_definitions(tc0-bl2
-- PUBLIC -DPLATFORM_VARIANT=TC0_VARIANT_STD)
- endif()
-
-
-diff --git a/product/tc0/scp_ramfw/Firmware.cmake b/product/tc0/scp_ramfw/Firmware.cmake
-index 11d8eaab..4a555296 100644
---- a/product/tc0/scp_ramfw/Firmware.cmake
-+++ b/product/tc0/scp_ramfw/Firmware.cmake
-@@ -27,7 +27,7 @@ set(SCP_ENABLE_FAST_CHANNELS_INIT FALSE)
-
- set(SCP_ENABLE_PLUGIN_HANDLER_INIT FALSE)
-
--set(SCP_PLATFORM_VARIANT_INIT 0)
-+set(SCP_PLATFORM_FEATURE_SET_INIT 0)
-
- set(SCP_ARCHITECTURE "armv7-m")
-
-diff --git a/product/tc0/scp_ramfw/config_scmi_perf.c b/product/tc0/scp_ramfw/config_scmi_perf.c
-index a4a47b3a..3e91939a 100644
---- a/product/tc0/scp_ramfw/config_scmi_perf.c
-+++ b/product/tc0/scp_ramfw/config_scmi_perf.c
-@@ -129,7 +129,7 @@ static const struct mod_scmi_perf_domain_config domains[] = {
- },
- };
-
--#if defined(PLATFORM_VARIANT) && (PLATFORM_VARIANT == TC0_VAR_EXPERIMENT_POWER)
-+#ifdef TC0_FEATURES_MPMM_POWER_PERF
- static const struct mod_scmi_plugin_config plugins_table[] = {
- [0] = {
- .id = FWK_ID_MODULE_INIT(FWK_MODULE_IDX_TRAFFIC_COP),
-@@ -156,9 +156,9 @@ const struct fwk_module_config config_scmi_perf = {
- #else
- .fast_channels_alarm_id = FWK_ID_NONE_INIT,
- #endif
--#if defined(PLATFORM_VARIANT) && (PLATFORM_VARIANT == TC0_VAR_EXPERIMENT_POWER)
-- .plugins = plugins_table,
-- .plugins_count = FWK_ARRAY_SIZE(plugins_table),
-+#ifdef TC0_FEATURES_MPMM_POWER_PERF
-+ .plugins = plugins_table,
-+ .plugins_count = FWK_ARRAY_SIZE(plugins_table),
- #endif
- })
- };
-diff --git a/product/tc0/scp_romfw/CMakeLists.txt b/product/tc0/scp_romfw/CMakeLists.txt
-index f9f40ad3..09cd2f5d 100644
---- a/product/tc0/scp_romfw/CMakeLists.txt
-+++ b/product/tc0/scp_romfw/CMakeLists.txt
-@@ -48,6 +48,6 @@ target_include_directories(tc0-bl1
- PUBLIC $<TARGET_PROPERTY:cmsis::core-m,INTERFACE_INCLUDE_DIRECTORIES>)
-
- cmake_dependent_option(
-- SCP_PLATFORM_VARIANT "Choose platform software variant?"
-- "${SCP_PLATFORM_VARIANT_INIT}" "DEFINED SCP_PLATFORM_VARIANT_INIT"
-- "${SCP_PLATFORM_VARIANT}")
-+ SCP_PLATFORM_FEATURE_SET "Choose platform software features?"
-+ "${SCP_PLATFORM_FEATURE_SET_INIT}" "DEFINED SCP_PLATFORM_FEATURE_SET_INIT"
-+ "${SCP_PLATFORM_FEATURE_SET}")
-diff --git a/product/tc0/scp_romfw/Firmware.cmake b/product/tc0/scp_romfw/Firmware.cmake
-index ab4468be..e1360159 100644
---- a/product/tc0/scp_romfw/Firmware.cmake
-+++ b/product/tc0/scp_romfw/Firmware.cmake
-@@ -21,7 +21,7 @@ set(SCP_ENABLE_NOTIFICATIONS_INIT TRUE)
-
- set(SCP_ENABLE_IPO_INIT FALSE)
-
--set(SCP_PLATFORM_VARIANT_INIT 0)
-+set(SCP_PLATFORM_FEATURE_SET_INIT 0)
-
- set(SCP_ARCHITECTURE "armv7-m")
-
---
-2.30.2
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/files/tc/0004-tc0-support-platform-feature-set-options-in-firmware.patch b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/files/tc/0004-tc0-support-platform-feature-set-options-in-firmware.patch
deleted file mode 100644
index aa83332..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/files/tc/0004-tc0-support-platform-feature-set-options-in-firmware.patch
+++ /dev/null
@@ -1,114 +0,0 @@
-From 3e737dd47b228bdeffb06e39bffec7a4a436b244 Mon Sep 17 00:00:00 2001
-From: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
-Date: Wed, 9 Feb 2022 16:02:10 +0000
-Subject: [PATCH 4/4] tc0: support platform feature set options in firmware.mk
-
-Support existing platform feature set options that is in cmake to
-firmware.mk. Two feature set for TC0 are
-0. Standard
-1. MPMM/Power/Performance (Experimental)
-
-Build option to select the feature set is using:
-make PRODUCT=tc0 MODE=<debug,release> SCP_PLATFORM_FEATURE_SET=<0,1>
-
-The default value is set to 0 (Standard).
-Refer product/tc0/doc/features.md for more details.
-
-Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
-Change-Id: I4028686a8f8461e0e2c29e15d5e52eb1d37ca60a
-Upstream-Status: Pending [Not submitted to upstream yet]
----
- product/tc0/scp_ramfw/firmware.mk | 41 +++++++++++++++++++++++++++++--
- product/tc0/scp_romfw/firmware.mk | 12 +++++++++
- 2 files changed, 51 insertions(+), 2 deletions(-)
-
-diff --git a/product/tc0/scp_ramfw/firmware.mk b/product/tc0/scp_ramfw/firmware.mk
-index ec6e6679..d7515f5b 100644
---- a/product/tc0/scp_ramfw/firmware.mk
-+++ b/product/tc0/scp_ramfw/firmware.mk
-@@ -9,8 +9,24 @@ BS_FIRMWARE_CPU := cortex-m3
- BS_FIRMWARE_HAS_NOTIFICATION := yes
- BS_FIRMWARE_HAS_RESOURCE_PERMISSIONS := yes
- BS_FIRMWARE_USE_NEWLIB_NANO_SPECS := yes
--BS_FIRMWARE_HAS_FAST_CHANNELS := no
--BS_FIRMWARE_HAS_PERF_PLUGIN_HANDLER := no
-+
-+DEFAULT_SCP_PLATFORM_FEATURE_SET := 0
-+
-+export SCP_PLATFORM_FEATURE_SET ?= $(DEFAULT_SCP_PLATFORM_FEATURE_SET)
-+ifneq ($(filter-out 0 1, $(SCP_PLATFORM_FEATURE_SET)),)
-+ $(error "Invalid for SCP_PLATFORM_FEATURE_SET parameter. Valid options are \
-+ 0 or 1. Aborting...")
-+endif
-+
-+ifeq ($(SCP_PLATFORM_FEATURE_SET),0)
-+ BS_FIRMWARE_HAS_PERF_PLUGIN_HANDLER := no
-+ BS_FIRMWARE_HAS_FAST_CHANNELS := no
-+else
-+ DEFINES += TC0_FEATURES_MPMM_POWER_PERF
-+ BS_FIRMWARE_HAS_PERF_PLUGIN_HANDLER := yes
-+ BS_FIRMWARE_HAS_FAST_CHANNELS := yes
-+ $(info "TC0 platform features POWER/PERFORMANCE is experimental")
-+endif
-
- BS_FIRMWARE_MODULES := \
- armv7m_mpu \
-@@ -44,6 +60,16 @@ ifeq ($(BS_FIRMWARE_HAS_RESOURCE_PERMISSIONS),yes)
- BS_FIRMWARE_MODULES += resource_perms
- endif
-
-+ifeq ($(SCP_PLATFORM_FEATURE_SET),1)
-+BS_FIRMWARE_MODULES += \
-+ traffic_cop \
-+ mpmm \
-+ sensor \
-+ reg_sensor \
-+ thermal_mgmt \
-+ tc0_power_model
-+endif
-+
- BS_FIRMWARE_SOURCES := \
- config_system_power.c \
- config_armv7m_mpu.c \
-@@ -75,4 +101,15 @@ ifeq ($(BS_FIRMWARE_HAS_RESOURCE_PERMISSIONS),yes)
- BS_FIRMWARE_SOURCES += config_resource_perms.c
- endif
-
-+ifeq ($(SCP_PLATFORM_FEATURE_SET),1)
-+ BS_FIRMWARE_SOURCES += \
-+ config_traffic_cop.c \
-+ config_mpmm.c \
-+ config_sensor.c \
-+ config_reg_sensor.c \
-+ config_thermal_mgmt.c \
-+ config_tc0_power_model.c
-+endif
-+
-+
- include $(BS_DIR)/firmware.mk
-diff --git a/product/tc0/scp_romfw/firmware.mk b/product/tc0/scp_romfw/firmware.mk
-index 9977712f..0012b9fa 100644
---- a/product/tc0/scp_romfw/firmware.mk
-+++ b/product/tc0/scp_romfw/firmware.mk
-@@ -9,6 +9,18 @@ BS_FIRMWARE_CPU := cortex-m3
- BS_FIRMWARE_HAS_NOTIFICATION := yes
- BS_FIRMWARE_USE_NEWLIB_NANO_SPECS := yes
-
-+DEFAULT_SCP_PLATFORM_FEATURE_SET := 0
-+
-+export SCP_PLATFORM_FEATURE_SET ?= $(DEFAULT_SCP_PLATFORM_FEATURE_SET)
-+ifneq ($(filter-out 0 1, $(SCP_PLATFORM_FEATURE_SET)),)
-+ $(error "Invalid for SCP_PLATFORM_FEATURE_SET parameter. Valid options are \
-+ 0 or 1. Aborting...")
-+endif
-+
-+ifeq ($(SCP_PLATFORM_FEATURE_SET),1)
-+ $(info "TC0 platform features POWER/PERFORMANCE is experimental")
-+endif
-+
- BS_FIRMWARE_MODULE_HEADERS_ONLY := \
- power_domain \
- timer
---
-2.30.2
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc.inc b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc.inc
index a6a005c..3cbadad 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc.inc
@@ -1,14 +1,6 @@
# TC specific SCP configuration
-FILESEXTRAPATHS:prepend := "${THISDIR}/files/tc:"
-SRC_URI:append:tc = " \
- file://0002-tc0-fix-mpmm-config.patch \
- file://0003-tc0-rename-platform-variant-to-platform-feature-set.patch \
- file://0004-tc0-support-platform-feature-set-options-in-firmware.patch \
- "
+COMPATIBLE_MACHINE = "(tc1)"
-COMPATIBLE_MACHINE = "(tc?)"
-
-SCP_PLATFORM:tc0 = "tc0"
SCP_PLATFORM:tc1 = "tc1"
FW_TARGETS = "scp"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0031-ffa-add-support-for-32-bit-direct-messaging.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0031-ffa-add-support-for-32-bit-direct-messaging.patch
new file mode 100644
index 0000000..ac0638e
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0031-ffa-add-support-for-32-bit-direct-messaging.patch
@@ -0,0 +1,182 @@
+From 6cb8e5f83d53357fbc6e58c2c5c5a3450654f9e6 Mon Sep 17 00:00:00 2001
+From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Date: Wed, 19 Oct 2022 17:51:10 +0100
+Subject: [PATCH] arm_ffa: add support for 32-bit direct messaging
+
+add 32-bit mode for FFA_MSG_SEND_DIRECT_REQ and FFA_MSG_SEND_DIRECT_RESP
+
+Tested-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ cmd/armffa.c | 2 +-
+ drivers/firmware/arm-ffa/core.c | 17 ++++++++++++++---
+ drivers/firmware/arm-ffa/sandbox.c | 2 +-
+ include/arm_ffa.h | 2 +-
+ lib/efi_loader/efi_capsule.c | 2 +-
+ lib/efi_loader/efi_setup.c | 2 +-
+ lib/efi_loader/efi_variable_tee.c | 2 +-
+ test/dm/ffa.c | 6 +++---
+ 8 files changed, 23 insertions(+), 12 deletions(-)
+
+diff --git a/cmd/armffa.c b/cmd/armffa.c
+index 9b56e8a830..9842b99181 100644
+--- a/cmd/armffa.c
++++ b/cmd/armffa.c
+@@ -129,7 +129,7 @@ int do_ffa_msg_send_direct_req(struct cmd_tbl *cmdtp, int flag, int argc,
+ return -EINVAL;
+ }
+
+- ret = ffa_bus_ops_get()->sync_send_receive(part_id, &msg);
++ ret = ffa_bus_ops_get()->sync_send_receive(part_id, &msg, 1);
+ if (ret == 0) {
+ u8 cnt;
+
+diff --git a/drivers/firmware/arm-ffa/core.c b/drivers/firmware/arm-ffa/core.c
+index caba10caae..ba1ba59937 100644
+--- a/drivers/firmware/arm-ffa/core.c
++++ b/drivers/firmware/arm-ffa/core.c
+@@ -1032,6 +1032,7 @@ static int ffa_cache_partitions_info(void)
+ * ffa_msg_send_direct_req - FFA_MSG_SEND_DIRECT_{REQ,RESP} handler function
+ * @dst_part_id: destination partition ID
+ * @msg: pointer to the message data preallocated by the client (in/out)
++ * @is_smc64: select 64-bit or 32-bit FF-A ABI
+ *
+ * This is the runtime function that implements FFA_MSG_SEND_DIRECT_{REQ,RESP}
+ * FF-A functions.
+@@ -1048,10 +1049,12 @@ static int ffa_cache_partitions_info(void)
+ *
+ * 0 on success. Otherwise, failure
+ */
+-static int __ffa_runtime ffa_msg_send_direct_req(u16 dst_part_id, struct ffa_send_direct_data *msg)
++static int __ffa_runtime ffa_msg_send_direct_req(u16 dst_part_id, struct ffa_send_direct_data *msg,
++ u8 is_smc64)
+ {
+ ffa_value_t res = {0};
+ int ffa_errno;
++ u64 req_mode, resp_mode;
+
+ if (!ffa_priv_data || !ffa_priv_data->invoke_ffa_fn)
+ return -EINVAL;
+@@ -1060,8 +1063,16 @@ static int __ffa_runtime ffa_msg_send_direct_req(u16 dst_part_id, struct ffa_sen
+ if (!ffa_priv_data->partitions.count || !ffa_priv_data->partitions.descs)
+ return -ENODEV;
+
++ if(is_smc64) {
++ req_mode = FFA_SMC_64(FFA_MSG_SEND_DIRECT_REQ);
++ resp_mode = FFA_SMC_64(FFA_MSG_SEND_DIRECT_RESP);
++ } else {
++ req_mode = FFA_SMC_32(FFA_MSG_SEND_DIRECT_REQ);
++ resp_mode = FFA_SMC_32(FFA_MSG_SEND_DIRECT_RESP);
++ }
++
+ ffa_priv_data->invoke_ffa_fn((ffa_value_t){
+- .a0 = FFA_SMC_64(FFA_MSG_SEND_DIRECT_REQ),
++ .a0 = req_mode,
+ .a1 = PREP_SELF_ENDPOINT_ID(ffa_priv_data->id) |
+ PREP_PART_ENDPOINT_ID(dst_part_id),
+ .a2 = 0,
+@@ -1083,7 +1094,7 @@ static int __ffa_runtime ffa_msg_send_direct_req(u16 dst_part_id, struct ffa_sen
+ return 0;
+ }
+
+- if (res.a0 == FFA_SMC_64(FFA_MSG_SEND_DIRECT_RESP)) {
++ if (res.a0 == resp_mode){
+ /*
+ * Message sent with response
+ * extract the return data
+diff --git a/drivers/firmware/arm-ffa/sandbox.c b/drivers/firmware/arm-ffa/sandbox.c
+index 16e1fdc809..8e8549441d 100644
+--- a/drivers/firmware/arm-ffa/sandbox.c
++++ b/drivers/firmware/arm-ffa/sandbox.c
+@@ -430,7 +430,7 @@ static int sandbox_ffa_sp_valid(u16 part_id)
+ * @{a0-a7} , res: The SMC call arguments and return structure.
+ *
+ * This is the function that emulates FFA_MSG_SEND_DIRECT_{REQ,RESP}
+- * FF-A functions.
++ * FF-A functions. Only SMC 64-bit is supported in Sandbox.
+ *
+ * Emulating interrupts is not supported. So, FFA_RUN and FFA_INTERRUPT are not supported.
+ * In case of success FFA_MSG_SEND_DIRECT_RESP is returned with default pattern data (0xff).
+diff --git a/include/arm_ffa.h b/include/arm_ffa.h
+index 665413a0c5..4a7c59ff28 100644
+--- a/include/arm_ffa.h
++++ b/include/arm_ffa.h
+@@ -97,7 +97,7 @@ struct __packed ffa_send_direct_data {
+ struct ffa_bus_ops {
+ int (*partition_info_get)(const char *uuid_str,
+ u32 *parts_size, struct ffa_partition_info *buffer);
+- int (*sync_send_receive)(u16 dst_part_id, struct ffa_send_direct_data *msg);
++ int (*sync_send_receive)(u16 dst_part_id, struct ffa_send_direct_data *msg, u8 is_smc64);
+ int (*rxtx_unmap)(void);
+ };
+
+diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
+index 65e2fc8296..c479c53d04 100644
+--- a/lib/efi_loader/efi_capsule.c
++++ b/lib/efi_loader/efi_capsule.c
+@@ -591,7 +591,7 @@ static int __efi_runtime efi_corstone1000_buffer_ready_event(u32 capsule_image_s
+ msg.data1 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) |
+ PREP_SEPROXY_EVT(CORSTONE1000_BUFFER_READY_EVT); /* w4 */
+
+- return ffa_bus_ops_get()->sync_send_receive(CORSTONE1000_SEPROXY_PART_ID, &msg);
++ return ffa_bus_ops_get()->sync_send_receive(CORSTONE1000_SEPROXY_PART_ID, &msg, 0);
+ }
+ #endif
+
+diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c
+index 6ccda175ff..416af8d663 100644
+--- a/lib/efi_loader/efi_setup.c
++++ b/lib/efi_loader/efi_setup.c
+@@ -153,7 +153,7 @@ static int efi_corstone1000_uboot_efi_started_event(void)
+ msg.data1 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) |
+ PREP_SEPROXY_EVT(CORSTONE1000_UBOOT_EFI_STARTED_EVT); /* w4 */
+
+- return ffa_bus_ops_get()->sync_send_receive(CORSTONE1000_SEPROXY_PART_ID, &msg);
++ return ffa_bus_ops_get()->sync_send_receive(CORSTONE1000_SEPROXY_PART_ID, &msg, 0);
+ }
+ #endif
+
+diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c
+index 7d9d577281..05f3c02911 100644
+--- a/lib/efi_loader/efi_variable_tee.c
++++ b/lib/efi_loader/efi_variable_tee.c
+@@ -201,7 +201,7 @@ static int __efi_runtime ffa_notify_mm_sp(void)
+
+ msg.data0 = FFA_SHARED_MM_BUFFER_OFFSET; /* x3 */
+
+- ret = ffa_bus_ops_get()->sync_send_receive(mm_sp_id, &msg);
++ ret = ffa_bus_ops_get()->sync_send_receive(mm_sp_id, &msg, 1);
+ if (ret != 0)
+ return ret;
+
+diff --git a/test/dm/ffa.c b/test/dm/ffa.c
+index 052d5fc3f4..14b19cf71e 100644
+--- a/test/dm/ffa.c
++++ b/test/dm/ffa.c
+@@ -170,7 +170,7 @@ static int test_ffa_msg_send_direct_req(u16 part_id, struct unit_test_state *ut
+ struct ffa_send_direct_data msg = {0};
+ u8 cnt;
+
+- ut_assertok(ffa_bus_ops_get()->sync_send_receive(part_id, &msg));
++ ut_assertok(ffa_bus_ops_get()->sync_send_receive(part_id, &msg, 1));
+
+ for (cnt = 0; cnt < sizeof(struct ffa_send_direct_data) / sizeof(u64); cnt++)
+ ut_assertok(((u64 *)&msg)[cnt] != 0xffffffffffffffff);
+@@ -380,12 +380,12 @@ static int dm_test_ffa_nack(struct unit_test_state *uts)
+ ut_assertok(count != SANDBOX_SP_COUNT_PER_VALID_SERVICE);
+
+ /* send data to an invalid partition */
+- ret = ffa_bus_ops_get()->sync_send_receive(part_id, &msg);
++ ret = ffa_bus_ops_get()->sync_send_receive(part_id, &msg, 1);
+ ut_assertok(ret != -EINVAL);
+
+ /* send data to a valid partition */
+ part_id = prvdata->partitions.descs[0].info.id;
+- ret = ffa_bus_ops_get()->sync_send_receive(part_id, &msg);
++ ret = ffa_bus_ops_get()->sync_send_receive(part_id, &msg, 1);
+ ut_assertok(ret != 0);
+
+ return CMD_RET_SUCCESS;
+--
+2.17.1
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
index 465f034..6144e97 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
@@ -48,7 +48,8 @@
file://0028-Introduce-external-sys-driver-to-device-tree.patch \
file://0029-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch \
file://0030-arm-corstone1000-esrt-support.patch \
- "
+ file://0031-ffa-add-support-for-32-bit-direct-messaging.patch \
+ "
#
# FVP BASE
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc
index 34a4090..99a40e7 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc
@@ -115,6 +115,7 @@
KBUILD_DEFCONFIG:n1sdp = "defconfig"
KCONFIG_MODE:n1sdp = "--alldefconfig"
FILESEXTRAPATHS:prepend:n1sdp := "${ARMBSPFILESPATHS}"
+FILESEXTRAPATHS:prepend:n1sdp := "${ARMFILESPATHS}"
SRC_URI:append:n1sdp = " \
file://0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch \
file://0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch \
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0004-Handle-logging-syscall.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0004-Handle-logging-syscall.patch
new file mode 100644
index 0000000..356be9e
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0004-Handle-logging-syscall.patch
@@ -0,0 +1,33 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+
+From b3fde6c2e1a950214f760ab9f194f3a6572292a8 Mon Sep 17 00:00:00 2001
+From: Balint Dobszay <balint.dobszay@arm.com>
+Date: Fri, 15 Jul 2022 13:45:54 +0200
+Subject: [PATCH] Handle logging syscall
+
+Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
+Change-Id: Ib8151cc9c66aea8bcc8fe8b1ecdc3f9f9c5f14e4
+
+%% original patch: 0004-Handle-logging-syscall.patch
+
+diff --git a/core/arch/arm/kernel/spmc_sp_handler.c b/core/arch/arm/kernel/spmc_sp_handler.c
+index e0fa0aa6..c7a45387 100644
+--- a/core/arch/arm/kernel/spmc_sp_handler.c
++++ b/core/arch/arm/kernel/spmc_sp_handler.c
+@@ -1004,6 +1004,12 @@ void spmc_sp_msg_handler(struct thread_smc_args *args,
+ ffa_mem_reclaim(args, caller_sp);
+ sp_enter(args, caller_sp);
+ break;
++ case 0xdeadbeef:
++ ts_push_current_session(&caller_sp->ts_sess);
++ IMSG("%s", (char *)args->a1);
++ ts_pop_current_session();
++ sp_enter(args, caller_sp);
++ break;
+ default:
+ EMSG("Unhandled FFA function ID %#"PRIx32,
+ (uint32_t)args->a0);
+--
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc
index 1aca3a9..c54e004 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc
@@ -5,6 +5,11 @@
file://0008-no-warn-rwx-segments.patch \
"
+FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/corstone1000:"
+SRC_URI:append = " \
+ file://0004-Handle-logging-syscall.patch \
+ "
+
COMPATIBLE_MACHINE = "corstone1000"
OPTEEMACHINE = "corstone1000"
@@ -15,3 +20,5 @@
EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n"
EXTRA_OEMAKE += " CFG_CORE_SEL1_SPMC=y CFG_CORE_FFA=y"
+
+EXTRA_OEMAKE += " CFG_WITH_SP=y"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch
new file mode 100644
index 0000000..801905d
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch
@@ -0,0 +1,287 @@
+From 7c9589c4bb056db5e1696f2a777891ab235b1b63 Mon Sep 17 00:00:00 2001
+From: Vishnu Banavath <vishnu.banavath@arm.com>
+Date: Fri, 3 Dec 2021 16:36:51 +0000
+Subject: [PATCH 01/19] Add openamp to SE proxy deployment
+
+Openamp is required to communicate between secure partitions(running on
+Cortex-A) and trusted-firmware-m(running on Cortex-M).
+These changes are to fetch libmetal and openamp from github repo's
+and build it.
+
+Upstream-Status: Pending
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ deployments/se-proxy/opteesp/lse.S | 28 ++++++++
+ deployments/se-proxy/se-proxy.cmake | 8 +++
+ external/openamp/libmetal-init-cache.cmake.in | 20 ++++++
+ external/openamp/libmetal.cmake | 67 +++++++++++++++++++
+ external/openamp/openamp-init-cache.cmake.in | 20 ++++++
+ external/openamp/openamp.cmake | 66 ++++++++++++++++++
+ 6 files changed, 209 insertions(+)
+ create mode 100644 deployments/se-proxy/opteesp/lse.S
+ create mode 100644 external/openamp/libmetal-init-cache.cmake.in
+ create mode 100644 external/openamp/libmetal.cmake
+ create mode 100644 external/openamp/openamp-init-cache.cmake.in
+ create mode 100644 external/openamp/openamp.cmake
+
+diff --git a/deployments/se-proxy/opteesp/lse.S b/deployments/se-proxy/opteesp/lse.S
+new file mode 100644
+index 000000000000..8e466d65fc2b
+--- /dev/null
++++ b/deployments/se-proxy/opteesp/lse.S
+@@ -0,0 +1,28 @@
++// SPDX-License-Identifier: BSD-3-Clause
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ */
++
++.text
++.globl __aarch64_cas4_acq_rel
++.globl __aarch64_cas4_sync
++
++__aarch64_cas4_acq_rel:
++ mov w16, w0
++ ldaxr w0, [x2]
++ cmp w0, w16
++0: bne 1f
++
++ stlxr w17, w1, [x2]
++ cbnz w17, 0b
++1: ret
++
++__aarch64_cas4_sync:
++ mov w16, w0
++ ldxr w0, [x2]
++ cmp w0, w16
++0: bne 1f
++
++ stlxr w17, w1, [x2]
++ cbnz w17, 0b
++1: ret
+diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
+index 426c66c05350..d39873a0fe81 100644
+--- a/deployments/se-proxy/se-proxy.cmake
++++ b/deployments/se-proxy/se-proxy.cmake
+@@ -61,6 +61,7 @@ add_components(TARGET "se-proxy"
+ target_sources(se-proxy PRIVATE
+ ${CMAKE_CURRENT_LIST_DIR}/common/se_proxy_sp.c
+ ${CMAKE_CURRENT_LIST_DIR}/common/service_proxy_factory.c
++ ${CMAKE_CURRENT_LIST_DIR}/opteesp/lse.S
+ )
+
+ #-------------------------------------------------------------------------------
+@@ -73,6 +74,13 @@ include(../../../external/nanopb/nanopb.cmake)
+ target_link_libraries(se-proxy PRIVATE nanopb::protobuf-nanopb-static)
+ protobuf_generate_all(TGT "se-proxy" NAMESPACE "protobuf" BASE_DIR "${TS_ROOT}/protocols")
+
++# libmetal
++include(../../../external/openamp/libmetal.cmake)
++
++# OpenAMP
++include(../../../external/openamp/openamp.cmake)
++target_link_libraries(se-proxy PRIVATE openamp libmetal)
++
+ #################################################################
+
+ target_include_directories(se-proxy PRIVATE
+diff --git a/external/openamp/libmetal-init-cache.cmake.in b/external/openamp/libmetal-init-cache.cmake.in
+new file mode 100644
+index 000000000000..04c25fbde960
+--- /dev/null
++++ b/external/openamp/libmetal-init-cache.cmake.in
+@@ -0,0 +1,20 @@
++#-------------------------------------------------------------------------------
++# Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
++# Copyright (c) 2021-2022, Linaro. All rights reserved.
++#
++# SPDX-License-Identifier: BSD-3-Clause
++#
++#-------------------------------------------------------------------------------
++
++set(CMAKE_INSTALL_PREFIX "@BUILD_INSTALL_DIR@" CACHE STRING "")
++set(CMAKE_TOOLCHAIN_FILE "@TS_EXTERNAL_LIB_TOOLCHAIN_FILE@" CACHE STRING "")
++set(BUILD_SHARED_LIBS Off CACHE BOOL "")
++set(BUILD_STATIC_LIBS On CACHE BOOL "")
++
++set(WITH_DOC OFF CACHE BOOL "")
++set(WITH_TESTS OFF CACHE BOOL "")
++set(WITH_EXAMPLES OFF CACHE BOOL "")
++set(WITH_DEFAULT_LOGGER OFF CACHE BOOL "")
++set(MACHINE "template" CACHE STRING "")
++
++@_cmake_fragment@
+diff --git a/external/openamp/libmetal.cmake b/external/openamp/libmetal.cmake
+new file mode 100644
+index 000000000000..6e5004ff555c
+--- /dev/null
++++ b/external/openamp/libmetal.cmake
+@@ -0,0 +1,67 @@
++#-------------------------------------------------------------------------------
++# Copyright (c) 2022 Linaro Limited
++# Copyright (c) 2022, Arm Limited. All rights reserved.
++#
++# SPDX-License-Identifier: BSD-3-Clause
++#
++#-------------------------------------------------------------------------------
++
++set (LIBMETAL_URL "https://github.com/OpenAMP/libmetal.git"
++ CACHE STRING "libmetal repository URL")
++set (LIBMETAL_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/libmetal_install"
++ CACHE DIR "libmetal installation directory")
++set(LIBMETAL_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/libmetal"
++ CACHE DIR "libmetal source-code")
++set (LIBMETAL_PACKAGE_DIR "${LIBMETAL_INSTALL_DIR}/libmetal/cmake"
++ CACHE DIR "libmetal CMake package directory")
++set (LIBMETAL_TARGET_NAME "libmetal")
++set (LIBMETAL_REFSPEC "f252f0e007fbfb8b3a52b1d5901250ddac96baad"
++ CACHE STRING "The version of libmetal to use")
++set(LIBMETAL_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/libmetal-build")
++
++set(GIT_OPTIONS
++ GIT_REPOSITORY ${LIBMETAL_URL}
++ GIT_TAG ${LIBMETAL_REFSPEC}
++ GIT_SHALLOW FALSE
++)
++
++if(NOT LIBMETAL_DEBUG)
++ set(LIBMETAL_BUILD_TYPE "Release")
++else()
++ set(LIBMETAL_BUILD_TYPE "Debug")
++endif()
++
++include(FetchContent)
++
++# Checking git
++find_program(GIT_COMMAND "git")
++if (NOT GIT_COMMAND)
++ message(FATAL_ERROR "Please install git")
++endif()
++
++# Only pass libc settings to libmetal if needed. For environments where the
++# standard library is not overridden, this is not needed.
++if(TARGET stdlib::c)
++ include(${TS_ROOT}/tools/cmake/common/PropertyCopy.cmake)
++
++ # Save libc settings
++ save_interface_target_properties(TGT stdlib::c PREFIX LIBC)
++ # Translate libc settings to cmake code fragment. Will be inserted into
++ # libmetal-init-cache.cmake.in when LazyFetch configures the file.
++ translate_interface_target_properties(PREFIX LIBC RES _cmake_fragment)
++ unset_saved_properties(LIBC)
++endif()
++
++include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED)
++LazyFetch_MakeAvailable(DEP_NAME libmetal
++ FETCH_OPTIONS "${GIT_OPTIONS}"
++ INSTALL_DIR "${LIBMETAL_INSTALL_DIR}"
++ CACHE_FILE "${TS_ROOT}/external/openamp/libmetal-init-cache.cmake.in"
++ SOURCE_DIR "${LIBMETAL_SOURCE_DIR}"
++)
++unset(_cmake_fragment)
++
++#Create an imported target to have clean abstraction in the build-system.
++add_library(libmetal STATIC IMPORTED)
++set_property(TARGET libmetal PROPERTY IMPORTED_LOCATION "${LIBMETAL_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}metal${CMAKE_STATIC_LIBRARY_SUFFIX}")
++set_property(TARGET libmetal PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${LIBMETAL_INSTALL_DIR}/include")
+diff --git a/external/openamp/openamp-init-cache.cmake.in b/external/openamp/openamp-init-cache.cmake.in
+new file mode 100644
+index 000000000000..302b80511bce
+--- /dev/null
++++ b/external/openamp/openamp-init-cache.cmake.in
+@@ -0,0 +1,20 @@
++#-------------------------------------------------------------------------------
++# Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
++# Copyright (c) 2021-2022, Linaro. All rights reserved.
++#
++# SPDX-License-Identifier: BSD-3-Clause
++#
++#-------------------------------------------------------------------------------
++
++set(CMAKE_INSTALL_PREFIX "@BUILD_INSTALL_DIR@" CACHE STRING "")
++set(CMAKE_TOOLCHAIN_FILE "@TS_EXTERNAL_LIB_TOOLCHAIN_FILE@" CACHE STRING "")
++set(BUILD_SHARED_LIBS Off CACHE BOOL "")
++set(BUILD_STATIC_LIBS On CACHE BOOL "")
++
++set(LIBMETAL_INCLUDE_DIR "@CMAKE_CURRENT_BINARY_DIR@/libmetal_install/include" CACHE
++ STRING "")
++set(LIBMETAL_LIB "@CMAKE_CURRENT_BINARY_DIR@/libmetal_install/lib" CACHE STRING "")
++set(RPMSG_BUFFER_SIZE "512" CACHE STRING "")
++set(MACHINE "template" CACHE STRING "")
++
++@_cmake_fragment@
+diff --git a/external/openamp/openamp.cmake b/external/openamp/openamp.cmake
+new file mode 100644
+index 000000000000..449f35f4fda4
+--- /dev/null
++++ b/external/openamp/openamp.cmake
+@@ -0,0 +1,66 @@
++#-------------------------------------------------------------------------------
++# Copyright (c) 2022 Linaro Limited
++# Copyright (c) 2022, Arm Limited. All rights reserved.
++#
++# SPDX-License-Identifier: BSD-3-Clause
++#
++#-------------------------------------------------------------------------------
++
++set (OPENAMP_URL "https://github.com/OpenAMP/open-amp.git"
++ CACHE STRING "OpenAMP repository URL")
++set (OPENAMP_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/openamp_install"
++ CACHE DIR "OpenAMP installation directory")
++set (OPENAMP_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/openamp"
++ CACHE DIR "OpenAMP source code directory")
++set (OPENAMP_PACKAGE_DIR "${OPENAMP_INSTALL_DIR}/openamp/cmake"
++ CACHE DIR "OpenAMP CMake package directory")
++set (OPENAMP_TARGET_NAME "openamp")
++set (OPENAMP_REFSPEC "347397decaa43372fc4d00f965640ebde042966d"
++ CACHE STRING "The version of openamp to use")
++
++set(GIT_OPTIONS
++ GIT_REPOSITORY ${OPENAMP_URL}
++ GIT_TAG ${OPENAMP_REFSPEC}
++ GIT_SHALLOW FALSE
++)
++
++if(NOT OPENAMP_DEBUG)
++ set(OPENAMP_BUILD_TYPE "Release")
++else()
++ set(OPENAMP_BUILD_TYPE "Debug")
++endif()
++
++include(FetchContent)
++
++# Checking git
++find_program(GIT_COMMAND "git")
++if (NOT GIT_COMMAND)
++ message(FATAL_ERROR "Please install git")
++endif()
++
++# Only pass libc settings to openamp if needed. For environments where the
++# standard library is not overridden, this is not needed.
++if(TARGET stdlib::c)
++ include(${TS_ROOT}/tools/cmake/common/PropertyCopy.cmake)
++
++ # Save libc settings
++ save_interface_target_properties(TGT stdlib::c PREFIX LIBC)
++ # Translate libc settings to cmake code fragment. Will be inserted into
++ # libmetal-init-cache.cmake.in when LazyFetch configures the file.
++ translate_interface_target_properties(PREFIX LIBC RES _cmake_fragment)
++ unset_saved_properties(LIBC)
++endif()
++
++include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED)
++LazyFetch_MakeAvailable(DEP_NAME openamp
++ FETCH_OPTIONS "${GIT_OPTIONS}"
++ INSTALL_DIR "${OPENAMP_INSTALL_DIR}"
++ CACHE_FILE "${TS_ROOT}/external/openamp/openamp-init-cache.cmake.in"
++ SOURCE_DIR "${OPENAMP_SOURCE_DIR}"
++)
++unset(_cmake_fragment)
++
++#Create an imported target to have clean abstraction in the build-system.
++add_library(openamp STATIC IMPORTED)
++set_property(TARGET openamp PROPERTY IMPORTED_LOCATION "${OPENAMP_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}open_amp${CMAKE_STATIC_LIBRARY_SUFFIX}")
++set_property(TARGET openamp PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${OPENAMP_INSTALL_DIR}/include")
+--
+2.38.0
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0027-Add-MHU-driver.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch
similarity index 93%
rename from meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0027-Add-MHU-driver.patch
rename to meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch
index 77be7f3..39edc9d 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0027-Add-MHU-driver.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch
@@ -1,27 +1,55 @@
-From 9e6f16c236fbf5d8631ebc53a79c80b85042b736 Mon Sep 17 00:00:00 2001
+From e4ccb92f8de94a82edd3548d62c853790ae36bd1 Mon Sep 17 00:00:00 2001
From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Tue, 27 Sep 2022 18:47:36 +0100
-Subject: [PATCH 27/27] Add MHU driver
+Date: Fri, 3 Dec 2021 18:00:46 +0000
+Subject: [PATCH 02/19] Implement mhu driver and the OpenAmp conversion layer.
-This change is to add MHU driver. This is required to communicate
-between cortex-A and cortex-M
+This commit adds an mhu driver (v2.1 and v2) to the secure
+partition se_proxy and a conversion layer to communicate with
+the secure enclave using OpenAmp.
+Upstream-Status: Pending
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
+ .../se-proxy/opteesp/default_se-proxy.dts.in | 16 +
.../drivers/arm/mhu_driver/component.cmake | 12 +
platform/drivers/arm/mhu_driver/mhu_v2.h | 391 ++++++++++++
platform/drivers/arm/mhu_driver/mhu_v2_x.c | 602 ++++++++++++++++++
- .../providers/arm/corstone1000/platform.cmake | 3 +
- 4 files changed, 1008 insertions(+)
+ .../providers/arm/corstone1000/platform.cmake | 10 +
+ 5 files changed, 1031 insertions(+)
create mode 100644 platform/drivers/arm/mhu_driver/component.cmake
create mode 100644 platform/drivers/arm/mhu_driver/mhu_v2.h
create mode 100644 platform/drivers/arm/mhu_driver/mhu_v2_x.c
+ create mode 100644 platform/providers/arm/corstone1000/platform.cmake
+diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
+index 5748d2f80f88..267b4f923540 100644
+--- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in
++++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
+@@ -17,4 +17,20 @@
+ xlat-granule = <0>; /* 4KiB */
+ messaging-method = <3>; /* Direct messaging only */
+ legacy-elf-format = <1>;
++
++ device-regions {
++ compatible = "arm,ffa-manifest-device-regions";
++ mhu-sender {
++ /* Armv8 A Foundation Platform values */
++ base-address = <0x00000000 0x1b820000>;
++ pages-count = <16>;
++ attributes = <0x3>; /* read-write */
++ };
++ mhu-receiver {
++ /* Armv8 A Foundation Platform values */
++ base-address = <0x00000000 0x1b830000>;
++ pages-count = <16>;
++ attributes = <0x3>; /* read-write */
++ };
++ };
+ };
diff --git a/platform/drivers/arm/mhu_driver/component.cmake b/platform/drivers/arm/mhu_driver/component.cmake
new file mode 100644
-index 00000000..77a5a50b
+index 000000000000..77a5a50b67d1
--- /dev/null
+++ b/platform/drivers/arm/mhu_driver/component.cmake
@@ -0,0 +1,12 @@
@@ -39,7 +67,7 @@
+)
diff --git a/platform/drivers/arm/mhu_driver/mhu_v2.h b/platform/drivers/arm/mhu_driver/mhu_v2.h
new file mode 100644
-index 00000000..2e4ba80f
+index 000000000000..2e4ba80fab95
--- /dev/null
+++ b/platform/drivers/arm/mhu_driver/mhu_v2.h
@@ -0,0 +1,391 @@
@@ -436,7 +464,7 @@
+#endif /* __MHU_V2_X_H__ */
diff --git a/platform/drivers/arm/mhu_driver/mhu_v2_x.c b/platform/drivers/arm/mhu_driver/mhu_v2_x.c
new file mode 100644
-index 00000000..01d8f659
+index 000000000000..01d8f659a73a
--- /dev/null
+++ b/platform/drivers/arm/mhu_driver/mhu_v2_x.c
@@ -0,0 +1,602 @@
@@ -1043,19 +1071,21 @@
+ return MHU_V_2_X_ERR_GENERAL;
+}
diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
-index 14a9f6b0..df9cab71 100644
---- a/platform/providers/arm/corstone1000/platform.cmake
+new file mode 100644
+index 000000000000..bb778bb9719b
+--- /dev/null
+++ b/platform/providers/arm/corstone1000/platform.cmake
-@@ -6,6 +6,9 @@
- # Platform definition for the corstone1000 platform.
- #-------------------------------------------------------------------------------
-
+@@ -0,0 +1,10 @@
++#-------------------------------------------------------------------------------
++# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++#
++# SPDX-License-Identifier: BSD-3-Clause
++#
++# Platform definition for the 'fvp_base_revc-2xaem8a' virtual platform.
++#-------------------------------------------------------------------------------
++
+# include MHU driver
+include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake)
-+
- target_compile_definitions(${TGT} PRIVATE
- SMM_GATEWAY_NV_STORE_SN="sn:ffa:46bb39d1-b4d9-45b5-88ff-040027dab249:1"
- )
--
-2.17.1
+2.38.0
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch
new file mode 100644
index 0000000..bf52a23
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch
@@ -0,0 +1,1196 @@
+From e187510a814b48b7b2e477a9913ee35b68522d06 Mon Sep 17 00:00:00 2001
+From: Vishnu Banavath <vishnu.banavath@arm.com>
+Date: Fri, 3 Dec 2021 19:00:54 +0000
+Subject: [PATCH 03/19] Add openamp rpc caller
+
+Upstream-Status: Pending
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ components/rpc/common/caller/rpc_caller.c | 10 +
+ components/rpc/common/interface/rpc_caller.h | 8 +
+ .../rpc/openamp/caller/sp/component.cmake | 15 +
+ .../rpc/openamp/caller/sp/openamp_caller.c | 203 +++++++
+ .../rpc/openamp/caller/sp/openamp_caller.h | 43 ++
+ .../rpc/openamp/caller/sp/openamp_mhu.c | 191 ++++++
+ .../rpc/openamp/caller/sp/openamp_mhu.h | 19 +
+ .../rpc/openamp/caller/sp/openamp_virtio.c | 555 ++++++++++++++++++
+ .../rpc/openamp/caller/sp/openamp_virtio.h | 24 +
+ .../se-proxy/opteesp/default_se-proxy.dts.in | 6 +
+ deployments/se-proxy/se-proxy.cmake | 1 +
+ 11 files changed, 1075 insertions(+)
+ create mode 100644 components/rpc/openamp/caller/sp/component.cmake
+ create mode 100644 components/rpc/openamp/caller/sp/openamp_caller.c
+ create mode 100644 components/rpc/openamp/caller/sp/openamp_caller.h
+ create mode 100644 components/rpc/openamp/caller/sp/openamp_mhu.c
+ create mode 100644 components/rpc/openamp/caller/sp/openamp_mhu.h
+ create mode 100644 components/rpc/openamp/caller/sp/openamp_virtio.c
+ create mode 100644 components/rpc/openamp/caller/sp/openamp_virtio.h
+
+diff --git a/components/rpc/common/caller/rpc_caller.c b/components/rpc/common/caller/rpc_caller.c
+index 2dceabeb8967..20d889c162b0 100644
+--- a/components/rpc/common/caller/rpc_caller.c
++++ b/components/rpc/common/caller/rpc_caller.c
+@@ -37,3 +37,13 @@ void rpc_caller_end(struct rpc_caller *s, rpc_call_handle handle)
+ {
+ s->call_end(s->context, handle);
+ }
++
++void *rpc_caller_virt_to_phys(struct rpc_caller *s, void *va)
++{
++ return s->virt_to_phys(s->context, va);
++}
++
++void *rpc_caller_phys_to_virt(struct rpc_caller *s, void *pa)
++{
++ return s->phys_to_virt(s->context, pa);
++}
+diff --git a/components/rpc/common/interface/rpc_caller.h b/components/rpc/common/interface/rpc_caller.h
+index 387489cdb1b2..ef9bb64905ed 100644
+--- a/components/rpc/common/interface/rpc_caller.h
++++ b/components/rpc/common/interface/rpc_caller.h
+@@ -45,6 +45,10 @@ struct rpc_caller
+ rpc_opstatus_t *opstatus, uint8_t **resp_buf, size_t *resp_len);
+
+ void (*call_end)(void *context, rpc_call_handle handle);
++
++ void *(*virt_to_phys)(void *context, void *va);
++
++ void *(*phys_to_virt)(void *context, void *pa);
+ };
+
+ /*
+@@ -87,6 +91,10 @@ RPC_CALLER_EXPORTED rpc_status_t rpc_caller_invoke(struct rpc_caller *s, rpc_cal
+ */
+ RPC_CALLER_EXPORTED void rpc_caller_end(struct rpc_caller *s, rpc_call_handle handle);
+
++RPC_CALLER_EXPORTED void *rpc_caller_virt_to_phys(struct rpc_caller *s, void *va);
++
++RPC_CALLER_EXPORTED void *rpc_caller_phys_to_virt(struct rpc_caller *s, void *pa);
++
+ #ifdef __cplusplus
+ }
+ #endif
+diff --git a/components/rpc/openamp/caller/sp/component.cmake b/components/rpc/openamp/caller/sp/component.cmake
+new file mode 100644
+index 000000000000..fc919529d731
+--- /dev/null
++++ b/components/rpc/openamp/caller/sp/component.cmake
+@@ -0,0 +1,15 @@
++#-------------------------------------------------------------------------------
++# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
++#
++# SPDX-License-Identifier: BSD-3-Clause
++#
++#-------------------------------------------------------------------------------
++if (NOT DEFINED TGT)
++ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
++endif()
++
++target_sources(${TGT} PRIVATE
++ "${CMAKE_CURRENT_LIST_DIR}/openamp_caller.c"
++ "${CMAKE_CURRENT_LIST_DIR}/openamp_virtio.c"
++ "${CMAKE_CURRENT_LIST_DIR}/openamp_mhu.c"
++ )
+diff --git a/components/rpc/openamp/caller/sp/openamp_caller.c b/components/rpc/openamp/caller/sp/openamp_caller.c
+new file mode 100644
+index 000000000000..6cdfb756568f
+--- /dev/null
++++ b/components/rpc/openamp/caller/sp/openamp_caller.c
+@@ -0,0 +1,203 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ * Copyright (c) 2021, Linaro Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#include <stddef.h>
++#include <trace.h>
++#include "openamp_caller.h"
++#include "openamp_mhu.h"
++#include "openamp_virtio.h"
++#include <protocols/rpc/common/packed-c/status.h>
++
++#define OPENAMP_TRANSACTION_IDLE 0x0
++#define OPENAMP_TRANSACTION_INPROGRESS 0x1
++#define OPENAMP_TRANSACTION_INVOKED 0x2
++
++static rpc_call_handle openamp_call_begin(void *context, uint8_t **req_buf,
++ size_t req_len)
++{
++ struct openamp_caller *openamp = context;
++ const struct openamp_platform_ops *ops = openamp->platform_ops;
++ rpc_call_handle handle;
++ int ret;
++
++ if (!req_buf) {
++ EMSG("openamp: call_begin: not req_buf");
++ return NULL;
++ }
++
++ if (req_len > UINT32_MAX || req_len == 0) {
++ EMSG("openamp: call_begin: resp_len invalid: %lu", req_len);
++ return NULL;
++ }
++
++ if (openamp->status != OPENAMP_TRANSACTION_IDLE) {
++ EMSG("openamp: call_begin: transaction not idle");
++ return NULL;
++ }
++
++ ret = ops->platform_call_begin(openamp, req_buf, req_len);
++ if (ret < 0) {
++ EMSG("openamp: call_begin: platform begin failed: %d", ret);
++ return NULL;
++ }
++
++ openamp->status = OPENAMP_TRANSACTION_INPROGRESS;
++ handle = openamp;
++
++ return handle;
++}
++
++static rpc_status_t openamp_call_invoke(void *context, rpc_call_handle handle,
++ uint32_t opcode, int *opstatus,
++ uint8_t **resp_buf, size_t *resp_len)
++{
++ struct openamp_caller *openamp = context;
++ const struct openamp_platform_ops *ops = openamp->platform_ops;
++ rpc_status_t status;
++ int ret;
++
++ (void)opcode;
++
++ if ((handle != openamp) || !opstatus || !resp_buf || !resp_len) {
++ EMSG("openamp: call_invoke: invalid arguments");
++ return TS_RPC_ERROR_INVALID_PARAMETER;
++ }
++
++ if (openamp->status != OPENAMP_TRANSACTION_INPROGRESS) {
++ EMSG("openamp: call_invoke: transaction needed to be started");
++ return TS_RPC_ERROR_NOT_READY;
++ }
++
++ ret = ops->platform_call_invoke(openamp, opstatus, resp_buf, resp_len);
++ if (ret < 0)
++ return TS_RPC_ERROR_INTERNAL;
++
++ openamp->status = OPENAMP_TRANSACTION_INVOKED;
++ *opstatus = 0;
++
++ return TS_RPC_CALL_ACCEPTED;
++}
++
++static void openamp_call_end(void *context, rpc_call_handle handle)
++{
++ struct openamp_caller *openamp = context;
++ const struct openamp_platform_ops *ops = openamp->platform_ops;
++
++ if (handle != openamp) {
++ EMSG("openamp: call_end: invalid arguments");
++ return;
++ }
++
++ if (openamp->status == OPENAMP_TRANSACTION_IDLE) {
++ EMSG("openamp: call_end: transaction idle");
++ return;
++ }
++
++ ops->platform_call_end(openamp);
++
++ openamp->status = OPENAMP_TRANSACTION_IDLE;
++}
++
++static void *openamp_virt_to_phys(void *context, void *va)
++{
++ struct openamp_caller *openamp = context;
++ const struct openamp_platform_ops *ops = openamp->platform_ops;
++
++ return ops->platform_virt_to_phys(openamp, va);
++}
++
++static void *openamp_phys_to_virt(void *context, void *pa)
++{
++ struct openamp_caller *openamp = context;
++ const struct openamp_platform_ops *ops = openamp->platform_ops;
++
++ return ops->platform_phys_to_virt(openamp, pa);
++}
++
++static int openamp_init(struct openamp_caller *openamp)
++{
++ const struct openamp_platform_ops *ops = openamp->platform_ops;
++ int ret;
++
++ ret = ops->transport_init(openamp);
++ if (ret < 0)
++ return ret;
++
++ ret = ops->platform_init(openamp);
++ if (ret < 0)
++ goto denit_transport;
++
++ return 0;
++
++denit_transport:
++ ops->transport_deinit(openamp);
++
++ return ret;
++}
++
++static const struct openamp_platform_ops openamp_virtio_ops = {
++ .transport_init = openamp_mhu_init,
++ .transport_deinit = openamp_mhu_deinit,
++ .transport_notify = openamp_mhu_notify_peer,
++ .transport_receive = openamp_mhu_receive,
++ .platform_init = openamp_virtio_init,
++ .platform_call_begin = openamp_virtio_call_begin,
++ .platform_call_invoke = openamp_virtio_call_invoke,
++ .platform_call_end = openamp_virtio_call_end,
++ .platform_virt_to_phys = openamp_virtio_virt_to_phys,
++ .platform_phys_to_virt = openamp_virtio_phys_to_virt,
++};
++
++struct rpc_caller *openamp_caller_init(struct openamp_caller *openamp)
++{
++ struct rpc_caller *rpc = &openamp->rpc_caller;
++ int ret;
++
++ if (openamp->ref_count)
++ return rpc;
++
++ rpc_caller_init(rpc, openamp);
++
++ rpc->call_begin = openamp_call_begin;
++ rpc->call_invoke = openamp_call_invoke;
++ rpc->call_end = openamp_call_end;
++ rpc->virt_to_phys = openamp_virt_to_phys;
++ rpc->phys_to_virt = openamp_phys_to_virt;
++ openamp->platform_ops = &openamp_virtio_ops;
++
++ ret = openamp_init(openamp);
++ if (ret < 0) {
++ EMSG("openamp_init: failed to start: %d", ret);
++ return rpc;
++ }
++ openamp->ref_count++;
++
++ return rpc;
++}
++
++void openamp_caller_deinit(struct openamp_caller *openamp)
++{
++ struct rpc_caller *rpc = &openamp->rpc_caller;
++
++ if (--openamp->ref_count)
++ return;
++
++ rpc->context = NULL;
++ rpc->call_begin = NULL;
++ rpc->call_invoke = NULL;
++ rpc->call_end = NULL;
++}
++
++int openamp_caller_discover(struct openamp_caller *openamp)
++{
++ return openamp_init(openamp);
++}
++
++int openamp_caller_open(struct openamp_caller *openamp)
++{
++
++}
+diff --git a/components/rpc/openamp/caller/sp/openamp_caller.h b/components/rpc/openamp/caller/sp/openamp_caller.h
+new file mode 100644
+index 000000000000..3fb67c56cc53
+--- /dev/null
++++ b/components/rpc/openamp/caller/sp/openamp_caller.h
+@@ -0,0 +1,43 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ * Copyright (c) 2021, Linaro Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++#ifndef OPENAMP_CALLER_H
++#define OPENAMP_CALLER_H
++
++#include <stddef.h>
++#include <rpc_caller.h>
++
++struct openamp_caller {
++ struct rpc_caller rpc_caller;
++ const struct openamp_platform_ops *platform_ops;
++ uint32_t ref_count;
++ uint8_t status;
++
++ void *transport;
++ void *platform;
++};
++
++struct openamp_platform_ops {
++ int (*transport_init)(struct openamp_caller *openamp);
++ int (*transport_deinit)(struct openamp_caller *openamp);
++ int (*transport_notify)(struct openamp_caller *openamp);
++ int (*transport_receive)(struct openamp_caller *openamp);
++ int (*platform_init)(struct openamp_caller *openamp);
++ int (*platform_deinit)(struct openamp_caller *openamp);
++ int (*platform_call_begin)(struct openamp_caller *openamp,
++ uint8_t **req_buf, size_t req_len);
++ int (*platform_call_invoke)(struct openamp_caller *openamp,
++ int *opstatus, uint8_t **resp_buf,
++ size_t *resp_len);
++ int (*platform_call_end)(struct openamp_caller *openamp);
++ void *(*platform_virt_to_phys)(struct openamp_caller *openamp, void *va);
++ void *(*platform_phys_to_virt)(struct openamp_caller *openamp, void *pa);
++};
++
++struct rpc_caller *openamp_caller_init(struct openamp_caller *openamp);
++void openamp_caller_deinit(struct openamp_caller *openamp);
++
++#endif
+diff --git a/components/rpc/openamp/caller/sp/openamp_mhu.c b/components/rpc/openamp/caller/sp/openamp_mhu.c
+new file mode 100644
+index 000000000000..ffdadaf870a3
+--- /dev/null
++++ b/components/rpc/openamp/caller/sp/openamp_mhu.c
+@@ -0,0 +1,191 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ * Copyright (c) 2021, Linaro Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#include <config/interface/config_store.h>
++#include <config/interface/config_blob.h>
++#include <platform/interface/device_region.h>
++#include <platform/drivers/arm/mhu_driver/mhu_v2.h>
++#include <trace.h>
++#include <errno.h>
++#include <stdlib.h>
++#include <stdint.h>
++#include <stddef.h>
++#include <limits.h>
++
++#include "openamp_caller.h"
++
++#define MHU_V_2_NOTIFY_CHANNEL 0
++#define MHU_V_2_NOTIFY_VALUE 0xff
++
++struct openamp_mhu {
++ struct device_region rx_region;
++ struct device_region tx_region;
++ struct mhu_v2_x_dev_t rx_dev;
++ struct mhu_v2_x_dev_t tx_dev;
++};
++
++static int openamp_mhu_device_get(const char *dev,
++ struct device_region *dev_region)
++{
++ bool found;
++
++ found = config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION, dev, 0,
++ dev_region, sizeof(*dev_region));
++ if (!found)
++ return -EINVAL;
++
++ if (!dev_region->base_addr)
++ return -EINVAL;
++
++ IMSG("mhu: device region found: %s addr: 0x%x size: %d", dev,
++ dev_region->base_addr, dev_region->io_region_size);
++
++ return 0;
++}
++
++int openamp_mhu_receive(struct openamp_caller *openamp)
++{
++ struct mhu_v2_x_dev_t *rx_dev;
++ enum mhu_v2_x_error_t ret;
++ struct openamp_mhu *mhu;
++ uint32_t channel = 0;
++ uint32_t irq_status;
++
++ if (!openamp->transport) {
++ EMSG("openamp: mhu: receive transport not initialized");
++ return -EINVAL;
++ }
++
++ mhu = openamp->transport;
++ rx_dev = &mhu->rx_dev;
++
++ irq_status = 0;
++
++ do {
++ irq_status = mhu_v2_x_get_interrupt_status(rx_dev);
++ } while(!irq_status);
++
++ ret = mhu_v2_1_get_ch_interrupt_num(rx_dev, &channel);
++
++ ret = mhu_v2_x_channel_clear(rx_dev, channel);
++ if (ret != MHU_V_2_X_ERR_NONE) {
++ EMSG("openamp: mhu: failed to clear channel: %d", channel);
++ return -EPROTO;
++ }
++
++ return 0;
++}
++
++int openamp_mhu_notify_peer(struct openamp_caller *openamp)
++{
++ struct mhu_v2_x_dev_t *tx_dev;
++ enum mhu_v2_x_error_t ret;
++ struct openamp_mhu *mhu;
++ uint32_t access_ready;
++
++ if (!openamp->transport) {
++ EMSG("openamp: mhu: notify transport not initialized");
++ return -EINVAL;
++ }
++
++ mhu = openamp->transport;
++ tx_dev = &mhu->tx_dev;
++
++ ret = mhu_v2_x_set_access_request(tx_dev);
++ if (ret != MHU_V_2_X_ERR_NONE) {
++ EMSG("openamp: mhu: set access request failed");
++ return -EPROTO;
++ }
++
++ do {
++ ret = mhu_v2_x_get_access_ready(tx_dev, &access_ready);
++ if (ret != MHU_V_2_X_ERR_NONE) {
++ EMSG("openamp: mhu: failed to get access_ready");
++ return -EPROTO;
++ }
++ } while (!access_ready);
++
++ ret = mhu_v2_x_channel_send(tx_dev, MHU_V_2_NOTIFY_CHANNEL,
++ MHU_V_2_NOTIFY_VALUE);
++ if (ret != MHU_V_2_X_ERR_NONE) {
++ EMSG("openamp: mhu: failed send over channel");
++ return -EPROTO;
++ }
++
++ ret = mhu_v2_x_reset_access_request(tx_dev);
++ if (ret != MHU_V_2_X_ERR_NONE) {
++ EMSG("openamp: mhu: failed reset access request");
++ return -EPROTO;
++ }
++
++ return 0;
++}
++
++int openamp_mhu_init(struct openamp_caller *openamp)
++{
++ struct mhu_v2_x_dev_t *rx_dev;
++ struct mhu_v2_x_dev_t *tx_dev;
++ struct openamp_mhu *mhu;
++ int ret;
++
++ /* if we already have initialized skip this */
++ if (openamp->transport)
++ return 0;
++
++ mhu = malloc(sizeof(*mhu));
++ if (!mhu)
++ return -1;
++
++ ret = openamp_mhu_device_get("mhu-sender", &mhu->tx_region);
++ if (ret < 0)
++ goto free_mhu;
++
++ ret = openamp_mhu_device_get("mhu-receiver", &mhu->rx_region);
++ if (ret < 0)
++ goto free_mhu;
++
++ rx_dev = &mhu->rx_dev;
++ tx_dev = &mhu->tx_dev;
++
++ rx_dev->base = (unsigned int)mhu->rx_region.base_addr;
++ rx_dev->frame = MHU_V2_X_RECEIVER_FRAME;
++
++ tx_dev->base = (unsigned int)mhu->tx_region.base_addr;
++ tx_dev->frame = MHU_V2_X_SENDER_FRAME;
++
++ ret = mhu_v2_x_driver_init(rx_dev, MHU_REV_READ_FROM_HW);
++ if (ret < 0)
++ goto free_mhu;
++
++ ret = mhu_v2_x_driver_init(tx_dev, MHU_REV_READ_FROM_HW);
++ if (ret < 0)
++ goto free_mhu;
++
++ openamp->transport = (void *)mhu;
++
++ return 0;
++
++free_mhu:
++ free(mhu);
++
++ return ret;
++}
++
++int openamp_mhu_deinit(struct openamp_caller *openamp)
++{
++ struct openamp_mhu *mhu;
++
++ if (!openamp->transport)
++ return 0;
++
++ mhu = openamp->transport;
++ free(mhu);
++
++ openamp->transport = NULL;
++
++ return 0;
++}
+diff --git a/components/rpc/openamp/caller/sp/openamp_mhu.h b/components/rpc/openamp/caller/sp/openamp_mhu.h
+new file mode 100644
+index 000000000000..2ae5cb8ee1c6
+--- /dev/null
++++ b/components/rpc/openamp/caller/sp/openamp_mhu.h
+@@ -0,0 +1,19 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ * Copyright (c) 2021, Linaro Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++#ifndef OPENAMP_MHU_H
++#define OPENAMP_MHU_H
++
++#include <stddef.h>
++#include "openamp_caller.h"
++
++int openamp_mhu_init(struct openamp_caller *openamp);
++int openamp_mhu_deinit(struct openamp_caller *openamp);
++
++int openamp_mhu_notify_peer(struct openamp_caller *openamp);
++int openamp_mhu_receive(struct openamp_caller *openamp);
++
++#endif
+diff --git a/components/rpc/openamp/caller/sp/openamp_virtio.c b/components/rpc/openamp/caller/sp/openamp_virtio.c
+new file mode 100644
+index 000000000000..b7c1aa929111
+--- /dev/null
++++ b/components/rpc/openamp/caller/sp/openamp_virtio.c
+@@ -0,0 +1,555 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ * Copyright (c) 2021, Linaro Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#include <metal/device.h>
++#include <metal/spinlock.h>
++#include <openamp/open_amp.h>
++#include <platform/interface/device_region.h>
++#include <config/interface/config_store.h>
++
++#include <stddef.h>
++#include <trace.h>
++#include "openamp_caller.h"
++
++#define OPENAMP_SHEM_DEVICE_NAME "openamp-virtio"
++#define OPENAMP_RPMSG_ENDPOINT_NAME OPENAMP_SHEM_DEVICE_NAME
++#define OPENAMP_RPMSG_ENDPOINT_ADDR 1024
++
++#define OPENAMP_SHEM_PHYS 0x88000000
++#define OPENAMP_SHEM_PHYS_PAGES 1
++#define OPENAMP_SHEM_SE_PHYS 0xa8000000
++
++#define OPENAMP_SHEM_VDEV_SIZE (4 * 1024)
++#define OPENAMP_SHEM_VRING_SIZE (4 * 1024)
++
++#define OPENAMP_BUFFER_NO_WAIT 0
++#define OPENAMP_BUFFER_WAIT 1
++
++#define VIRTQUEUE_NR 2
++#define VQ_TX 0
++#define VQ_RX 1
++
++#define VRING_DESCRIPTORS 16
++#define VRING_ALIGN 4
++
++#define container_of(ptr, type, member) \
++ ((type *)((char *)(ptr) - (unsigned long)(&((type *)0)->member)))
++
++struct openamp_virtio_shm {
++ uintptr_t base_addr;
++ size_t size;
++ uintptr_t vdev_status;
++ size_t vdev_status_size;
++ uintptr_t payload_addr;
++ size_t payload_size;
++ uintptr_t vring_tx;
++ size_t vring_tx_size;
++ uintptr_t vring_rx;
++ size_t vring_rx_size;
++
++ metal_phys_addr_t shm_physmap[OPENAMP_SHEM_PHYS_PAGES];
++};
++
++struct openamp_virtio_metal {
++ struct metal_spinlock lock;
++ struct metal_device shm_dev;
++ struct metal_device *io_dev;
++
++ struct metal_io_region *io;
++ struct openamp_virtio_shm shm;
++};
++
++struct openamp_virtio_device {
++ struct virtio_device virtio_dev;
++ struct virtqueue *vq[VIRTQUEUE_NR];
++ struct virtio_vring_info rvrings[VIRTQUEUE_NR];
++};
++
++struct openamp_virtio_rpmsg {
++ struct rpmsg_virtio_device rpmsg_vdev;
++ struct rpmsg_endpoint ep;
++ uint8_t *req_buf;
++ uint32_t req_len;
++ uint8_t *resp_buf;
++ size_t resp_len;
++};
++
++struct openamp_virtio {
++ struct openamp_caller *openamp;
++ struct openamp_virtio_rpmsg rpmsg;
++ struct openamp_virtio_device vdev;
++ struct openamp_virtio_metal metal;
++};
++
++static struct openamp_virtio *openamp_virtio_from_dev(struct virtio_device *vdev)
++{
++ struct openamp_virtio_device *openamp_vdev;
++
++ openamp_vdev = container_of(vdev, struct openamp_virtio_device,
++ virtio_dev);
++
++ return container_of(openamp_vdev, struct openamp_virtio, vdev);
++}
++
++static struct openamp_virtio_rpmsg *openamp_virtio_rpmsg_from_dev(struct rpmsg_device *rdev)
++{
++ struct rpmsg_virtio_device *rvdev;
++
++ rvdev = container_of(rdev, struct rpmsg_virtio_device, rdev);
++
++ return container_of(rvdev, struct openamp_virtio_rpmsg, rpmsg_vdev);
++
++}
++
++static void openamp_virtio_metal_device_setup(struct metal_device *shm_dev,
++ struct openamp_virtio_shm *shm)
++{
++ struct metal_io_region *shm_region;
++
++ shm_region = &shm_dev->regions[0];
++
++ shm_dev->name = OPENAMP_SHEM_DEVICE_NAME;
++ shm_dev->num_regions = 1;
++
++ shm_region->virt = (void *)shm->payload_addr;
++ shm_region->size = shm->payload_size;
++
++ shm_region->physmap = &shm->shm_physmap;
++ shm_region->page_shift = (metal_phys_addr_t)(-1);
++ shm_region->page_mask = (metal_phys_addr_t)(-1);
++}
++
++static int openamp_virtio_metal_init(struct openamp_virtio_metal *metal)
++{
++ struct metal_init_params params = METAL_INIT_DEFAULTS;
++ struct metal_device *shm_dev = &metal->shm_dev;
++ int ret;
++
++ openamp_virtio_metal_device_setup(shm_dev, &metal->shm);
++
++ metal_spinlock_init(&metal->lock);
++
++ ret = metal_init(¶ms);
++ if (ret < 0)
++ return ret;
++
++ ret = metal_register_generic_device(shm_dev);
++ if (ret < 0)
++ goto metal_finish;
++
++ ret = metal_device_open("generic", OPENAMP_SHEM_DEVICE_NAME,
++ &metal->io_dev);
++ if (ret < 0)
++ goto metal_finish;
++
++ metal->io = metal_device_io_region(metal->io_dev, 0);
++ if (!metal->io) {
++ EMSG("openamp: virtio: failed to init metal io");
++ ret = -EPROTO;
++ goto metal_finish;
++ }
++
++ return 0;
++
++metal_finish:
++ metal_finish();
++ return ret;
++}
++
++static unsigned char openamp_virtio_status_get(struct virtio_device *vdev)
++{
++ struct openamp_virtio *virtio = openamp_virtio_from_dev(vdev);
++ struct openamp_virtio_shm *shm = &virtio->metal.shm;
++
++ uint32_t status = *(volatile uint32_t *)shm->vdev_status;
++
++ return status;
++}
++
++static void openamp_virtio_status_set(struct virtio_device *vdev,
++ unsigned char status)
++{
++ struct openamp_virtio *virtio = openamp_virtio_from_dev(vdev);
++ struct openamp_virtio_shm *shm = &virtio->metal.shm;
++
++ *(volatile uint32_t *)shm->vdev_status = status;
++}
++
++static int count;
++
++static uint32_t openamp_virtio_features_get(struct virtio_device *vdev)
++{
++ return 1 << VIRTIO_RPMSG_F_NS;
++}
++
++static void openamp_virtio_notify(struct virtqueue *vq)
++{
++ struct openamp_virtio_device *openamp_vdev;
++ struct openamp_caller *openamp;
++ struct openamp_virtio *virtio;
++ int ret;
++
++ openamp_vdev = container_of(vq->vq_dev, struct openamp_virtio_device, virtio_dev);
++ virtio = container_of(openamp_vdev, struct openamp_virtio, vdev);
++ openamp = virtio->openamp;
++
++ ret = openamp->platform_ops->transport_notify(openamp);
++ if (ret < 0)
++ EMSG("openamp: virtio: erro in transport_notify: %d", ret);
++}
++
++const static struct virtio_dispatch openamp_virtio_dispatch = {
++ .get_status = openamp_virtio_status_get,
++ .set_status = openamp_virtio_status_set,
++ .get_features = openamp_virtio_features_get,
++ .notify = openamp_virtio_notify,
++};
++
++static int openamp_virtio_device_setup(struct openamp_virtio *virtio)
++{
++ struct openamp_virtio_metal *metal = &virtio->metal;
++ struct openamp_virtio_device *openamp_vdev = &virtio->vdev;
++ struct virtio_device *vdev = &openamp_vdev->virtio_dev;
++ struct openamp_virtio_shm *shm = &metal->shm;
++ struct virtio_vring_info *rvring;
++
++ rvring = &openamp_vdev->rvrings[0];
++
++ vdev->role = RPMSG_REMOTE;
++ vdev->vrings_num = VIRTQUEUE_NR;
++ vdev->func = &openamp_virtio_dispatch;
++
++ openamp_vdev->vq[VQ_TX] = virtqueue_allocate(VRING_DESCRIPTORS);
++ if (!openamp_vdev->vq[VQ_TX]) {
++ EMSG("openamp: virtio: failed to allocate virtqueue 0");
++ return -ENOMEM;
++ }
++ rvring->io = metal->io;
++ rvring->info.vaddr = (void *)shm->vring_tx;
++ rvring->info.num_descs = VRING_DESCRIPTORS;
++ rvring->info.align = VRING_ALIGN;
++ rvring->vq = openamp_vdev->vq[VQ_TX];
++
++ openamp_vdev->vq[VQ_RX] = virtqueue_allocate(VRING_DESCRIPTORS);
++ if (!openamp_vdev->vq[VQ_RX]) {
++ EMSG("openamp: virtio: failed to allocate virtqueue 1");
++ goto free_vq;
++ }
++ rvring = &openamp_vdev->rvrings[VQ_RX];
++ rvring->io = metal->io;
++ rvring->info.vaddr = (void *)shm->vring_rx;
++ rvring->info.num_descs = VRING_DESCRIPTORS;
++ rvring->info.align = VRING_ALIGN;
++ rvring->vq = openamp_vdev->vq[VQ_RX];
++
++ vdev->vrings_info = &openamp_vdev->rvrings[0];
++
++ return 0;
++
++free_vq:
++ virtqueue_free(openamp_vdev->vq[VQ_TX]);
++ virtqueue_free(openamp_vdev->vq[VQ_RX]);
++
++ return -ENOMEM;
++}
++
++static int openamp_virtio_rpmsg_endpoint_callback(struct rpmsg_endpoint *ep,
++ void *data, size_t len,
++ uint32_t src, void *priv)
++{
++ struct openamp_virtio_rpmsg *vrpmsg;
++ struct rpmsg_device *rdev;
++ struct openamp_virtio *virtio;
++
++ rdev = ep->rdev;
++ vrpmsg = openamp_virtio_rpmsg_from_dev(rdev);
++ virtio = container_of(vrpmsg, struct openamp_virtio, rpmsg);
++
++ rpmsg_hold_rx_buffer(ep, data);
++ vrpmsg->resp_buf = data;
++ vrpmsg->resp_len = len;
++
++ return 0;
++}
++
++static void openamp_virtio_rpmsg_service_unbind(struct rpmsg_endpoint *ep)
++{
++ struct openamp_virtio_rpmsg *vrpmsg;
++ struct rpmsg_device *rdev;
++
++ rdev = container_of(ep, struct rpmsg_device, ns_ept);
++ vrpmsg = openamp_virtio_rpmsg_from_dev(rdev);
++
++ rpmsg_destroy_ept(&vrpmsg->ep);
++}
++
++static void openamp_virtio_rpmsg_endpoint_bind(struct rpmsg_device *rdev,
++ const char *name,
++ unsigned int dest)
++{
++ struct openamp_virtio_rpmsg *vrpmsg;
++
++ vrpmsg = openamp_virtio_rpmsg_from_dev(rdev);
++
++ rpmsg_create_ept(&vrpmsg->ep, rdev, name, RPMSG_ADDR_ANY, dest,
++ openamp_virtio_rpmsg_endpoint_callback,
++ openamp_virtio_rpmsg_service_unbind);
++}
++
++static int openamp_virtio_rpmsg_device_setup(struct openamp_virtio *virtio,
++ struct device_region *virtio_dev)
++{
++ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg;
++ struct rpmsg_virtio_device *rpmsg_vdev = &vrpmsg->rpmsg_vdev;
++ struct openamp_virtio_device *openamp_vdev = &virtio->vdev;
++ struct virtio_device *vdev = &openamp_vdev->virtio_dev;
++ struct openamp_virtio_metal *metal = &virtio->metal;
++ int ret;
++
++ /*
++ * we assume here that we are the client side and do not need to
++ * initialize the share memory poll (this is done at server side).
++ */
++ ret = rpmsg_init_vdev(rpmsg_vdev, vdev,
++ openamp_virtio_rpmsg_endpoint_bind, metal->io,
++ NULL);
++ if (ret < 0) {
++ EMSG("openamp: virtio: init vdev failed: %d", ret);
++ return ret;
++ }
++
++
++ ret = rpmsg_create_ept(&vrpmsg->ep, &rpmsg_vdev->rdev,
++ OPENAMP_RPMSG_ENDPOINT_NAME, RPMSG_ADDR_ANY,
++ RPMSG_ADDR_ANY,
++ openamp_virtio_rpmsg_endpoint_callback,
++ openamp_virtio_rpmsg_service_unbind);
++ if (ret < 0) {
++ EMSG("openamp: virtio: failed to create endpoint: %d", ret);
++ return ret;
++ }
++
++ /* set default remote addr */
++ vrpmsg->ep.dest_addr = OPENAMP_RPMSG_ENDPOINT_ADDR;
++
++ return 0;
++}
++
++static void openamp_virtio_shm_set(struct openamp_virtio *virtio,
++ struct device_region *virtio_region)
++{
++ struct openamp_virtio_shm *shm = &virtio->metal.shm;
++
++ shm->base_addr = virtio_region->base_addr;
++ shm->size = virtio_region->io_region_size;
++
++ shm->vdev_status = shm->base_addr;
++ shm->vdev_status_size = OPENAMP_SHEM_VDEV_SIZE;
++
++ shm->vring_rx = shm->base_addr + shm->size -
++ (2 * OPENAMP_SHEM_VRING_SIZE);
++ shm->vring_rx_size = OPENAMP_SHEM_VRING_SIZE;
++
++ shm->vring_tx = shm->vring_rx + shm->vring_rx_size;
++ shm->vring_tx_size = OPENAMP_SHEM_VRING_SIZE;
++
++ shm->payload_addr = shm->vdev_status + shm->vdev_status_size;
++ shm->payload_size = shm->size - shm->vdev_status_size -
++ shm->vring_rx_size - shm->vring_tx_size;
++
++ shm->shm_physmap[0] = OPENAMP_SHEM_PHYS + shm->vdev_status_size;
++
++ IMSG("SHEM: base: 0x%0x size: 0x%0x size: %d",
++ shm->base_addr, shm->size, shm->size);
++ IMSG("VDEV: base: 0x%0x size: 0x%0x size: %d",
++ shm->vdev_status, shm->vdev_status_size, shm->vdev_status_size);
++ IMSG("PAYLOAD: base: 0x%0x size: 0x%0x size: %d",
++ shm->payload_addr, shm->payload_size, shm->payload_size);
++ IMSG("VRING_TX: base: 0x%0x size: 0x%0x size: %d",
++ shm->vring_tx, shm->vring_tx_size, shm->vring_tx_size);
++ IMSG("VRING_RX: base: 0x%0x size: 0x%0x size: %d",
++ shm->vring_rx, shm->vring_rx_size, shm->vring_rx_size);
++ IMSG("PHYMAP: base: 0x%0x", shm->shm_physmap[0]);
++}
++
++static int openamp_virtio_device_get(const char *dev,
++ struct device_region *dev_region)
++{
++ bool found;
++
++ found = config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION, dev, 0,
++ dev_region, sizeof(*dev_region));
++ if (!found) {
++ EMSG("openamp: virtio: device region not found: %s", dev);
++ return -EINVAL;
++ }
++
++ if (dev_region->base_addr == 0 || dev_region->io_region_size == 0) {
++ EMSG("openamp: virtio: device region not valid");
++ return -EINVAL;
++ }
++
++ IMSG("openamp: virtio: device region found: %s addr: 0x%x size: %d",
++ dev, dev_region->base_addr, dev_region->io_region_size);
++
++ return 0;
++}
++
++int openamp_virtio_call_begin(struct openamp_caller *openamp, uint8_t **req_buf,
++ size_t req_len)
++{
++ struct openamp_virtio *virtio = openamp->platform;
++ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg;
++ struct rpmsg_endpoint *ep = &vrpmsg->ep;
++
++
++ *req_buf = rpmsg_get_tx_payload_buffer(ep, &vrpmsg->req_len,
++ OPENAMP_BUFFER_WAIT);
++ if (*req_buf == NULL)
++ return -EINVAL;
++
++ if (vrpmsg->req_len < req_len)
++ return -E2BIG;
++
++ vrpmsg->req_buf = *req_buf;
++
++ return 0;
++}
++
++int openamp_virtio_call_invoke(struct openamp_caller *openamp, int *opstatus,
++ uint8_t **resp_buf, size_t *resp_len)
++{
++ const struct openamp_platform_ops *ops = openamp->platform_ops;
++ struct openamp_virtio *virtio = openamp->platform;
++ struct openamp_virtio_device *openamp_vdev = &virtio->vdev;
++ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg;
++ struct rpmsg_endpoint *ep = &vrpmsg->ep;
++ int ret;
++
++ ret = rpmsg_send_nocopy(ep, vrpmsg->req_buf, vrpmsg->req_len);
++ if (ret < 0) {
++ EMSG("openamp: virtio: send nocopy failed: %d", ret);
++ return -EIO;
++ }
++
++ if (ret != vrpmsg->req_len) {
++ EMSG("openamp: virtio: send less bytes %d than requested %d",
++ ret, vrpmsg->req_len);
++ return -EIO;
++ }
++
++ if (!ops->transport_receive)
++ return 0;
++
++ ret = ops->transport_receive(openamp);
++ if (ret < 0) {
++ EMSG("openamp: virtio: failed transport_receive");
++ return -EIO;
++ }
++
++ virtqueue_notification(openamp_vdev->vq[VQ_RX]);
++
++ *resp_buf = vrpmsg->resp_buf;
++ *resp_len = vrpmsg->resp_len;
++
++ return 0;
++}
++
++void openamp_virtio_call_end(struct openamp_caller *openamp)
++{
++ struct openamp_virtio *virtio = openamp->platform;
++ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg;
++
++ rpmsg_release_rx_buffer(&vrpmsg->ep, vrpmsg->resp_buf);
++
++ vrpmsg->req_buf = NULL;
++ vrpmsg->req_len = 0;
++ vrpmsg->resp_buf = NULL;
++ vrpmsg->resp_len = 0;
++}
++
++void *openamp_virtio_virt_to_phys(struct openamp_caller *openamp, void *va)
++{
++ struct openamp_virtio *virtio = openamp->platform;
++ struct openamp_virtio_metal *metal = &virtio->metal;
++
++ return metal_io_virt_to_phys(metal->io, va);
++}
++
++void *openamp_virtio_phys_to_virt(struct openamp_caller *openamp, void *pa)
++{
++ struct openamp_virtio *virtio = openamp->platform;
++ struct openamp_virtio_metal *metal = &virtio->metal;
++
++ return metal_io_phys_to_virt(metal->io, pa);
++}
++
++int openamp_virtio_init(struct openamp_caller *openamp)
++{
++ struct device_region virtio_dev;
++ struct openamp_virtio *virtio;
++ int ret;
++
++ if (openamp->platform)
++ return 0;
++
++
++ virtio = malloc(sizeof(*virtio));
++ if (!virtio)
++ return -ENOMEM;
++
++ virtio->openamp = openamp;
++
++ ret = openamp_virtio_device_get(OPENAMP_SHEM_DEVICE_NAME, &virtio_dev);
++ if (ret < 0)
++ goto free_virtio;
++
++ openamp_virtio_shm_set(virtio, &virtio_dev);
++
++ ret = openamp_virtio_metal_init(&virtio->metal);
++ if (ret < 0)
++ goto free_virtio;
++
++ ret = openamp_virtio_device_setup(virtio);
++ if (ret < 0)
++ goto finish_metal;
++
++ ret = openamp_virtio_rpmsg_device_setup(virtio, &virtio_dev);
++ if (ret < 0) {
++ EMSG("openamp: virtio: rpmsg device setup failed: %d", ret);
++ goto finish_metal;
++ }
++
++ openamp->platform = virtio;
++
++ return 0;
++
++finish_metal:
++ metal_finish();
++
++free_virtio:
++ free(virtio);
++
++ return ret;
++}
++
++int openamp_virtio_deinit(struct openamp_caller *openamp)
++{
++ struct openamp_virtio *virtio;
++
++ if (!openamp->platform)
++ return 0;
++
++ virtio = openamp->platform;
++
++ metal_finish();
++ free(virtio);
++
++ openamp->platform = NULL;
++
++ return 0;
++}
+diff --git a/components/rpc/openamp/caller/sp/openamp_virtio.h b/components/rpc/openamp/caller/sp/openamp_virtio.h
+new file mode 100644
+index 000000000000..915128ff65ce
+--- /dev/null
++++ b/components/rpc/openamp/caller/sp/openamp_virtio.h
+@@ -0,0 +1,24 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ * Copyright (c) 2021, Linaro Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++#ifndef OPENAMP_VIRTIO_H
++#define OPENAMP_VIRTIO_H
++
++#include <stddef.h>
++#include "openamp_caller.h"
++
++int openamp_virtio_call_begin(struct openamp_caller *openamp, uint8_t **req_buf,
++ size_t req_len);
++int openamp_virtio_call_invoke(struct openamp_caller *openamp, int *opstatus,
++ uint8_t **resp_buf, size_t *resp_len);
++int openamp_virtio_call_end(struct openamp_caller *openamp);
++void *openamp_virtio_virt_to_phys(struct openamp_caller *openamp, void *va);
++void *openamp_virtio_phys_to_virt(struct openamp_caller *openamp, void *pa);
++
++int openamp_virtio_init(struct openamp_caller *openamp);
++int openamp_virtio_deinit(struct openamp_caller *openamp);
++
++#endif
+diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
+index 267b4f923540..04c181586b06 100644
+--- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in
++++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
+@@ -32,5 +32,11 @@
+ pages-count = <16>;
+ attributes = <0x3>; /* read-write */
+ };
++ openamp-virtio {
++ /* Armv8 A Foundation Platform values */
++ base-address = <0x00000000 0x88000000>;
++ pages-count = <256>;
++ attributes = <0x3>; /* read-write */
++ };
+ };
+ };
+diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
+index d39873a0fe81..34fe5ff1b925 100644
+--- a/deployments/se-proxy/se-proxy.cmake
++++ b/deployments/se-proxy/se-proxy.cmake
+@@ -47,6 +47,7 @@ add_components(TARGET "se-proxy"
+ "components/service/attestation/include"
+ "components/service/attestation/provider"
+ "components/service/attestation/provider/serializer/packed-c"
++ "components/rpc/openamp/caller/sp"
+
+ # Stub service provider backends
+ "components/rpc/dummy"
+--
+2.38.0
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch
new file mode 100644
index 0000000..3246224
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch
@@ -0,0 +1,298 @@
+From 8c1bc5a7ae525d64802e2a06746f698f54cf07ca Mon Sep 17 00:00:00 2001
+From: Vishnu Banavath <vishnu.banavath@arm.com>
+Date: Fri, 3 Dec 2021 19:05:18 +0000
+Subject: [PATCH 04/19] add psa client definitions for ff-m
+
+Add PSA client definitions in common include to add future
+ff-m support.
+
+Upstream-Status: Pending
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ .../service/common/include/psa/client.h | 194 ++++++++++++++++++
+ components/service/common/include/psa/sid.h | 71 +++++++
+ 2 files changed, 265 insertions(+)
+ create mode 100644 components/service/common/include/psa/client.h
+ create mode 100644 components/service/common/include/psa/sid.h
+
+diff --git a/components/service/common/include/psa/client.h b/components/service/common/include/psa/client.h
+new file mode 100644
+index 000000000000..69ccf14f40a3
+--- /dev/null
++++ b/components/service/common/include/psa/client.h
+@@ -0,0 +1,194 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef SERVICE_PSA_IPC_H
++#define SERVICE_PSA_IPC_H
++
++#include <stddef.h>
++#include <stdint.h>
++
++#include <rpc_caller.h>
++#include <psa/error.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++#ifndef IOVEC_LEN
++#define IOVEC_LEN(arr) ((uint32_t)(sizeof(arr)/sizeof(arr[0])))
++#endif
++
++/*********************** PSA Client Macros and Types *************************/
++
++typedef int32_t psa_handle_t;
++
++/**
++ * The version of the PSA Framework API that is being used to build the calling
++ * firmware. Only part of features of FF-M v1.1 have been implemented. FF-M v1.1
++ * is compatible with v1.0.
++ */
++#define PSA_FRAMEWORK_VERSION (0x0101u)
++
++/**
++ * Return value from psa_version() if the requested RoT Service is not present
++ * in the system.
++ */
++#define PSA_VERSION_NONE (0u)
++
++/**
++ * The zero-value null handle can be assigned to variables used in clients and
++ * RoT Services, indicating that there is no current connection or message.
++ */
++#define PSA_NULL_HANDLE ((psa_handle_t)0)
++
++/**
++ * Tests whether a handle value returned by psa_connect() is valid.
++ */
++#define PSA_HANDLE_IS_VALID(handle) ((psa_handle_t)(handle) > 0)
++
++/**
++ * Converts the handle value returned from a failed call psa_connect() into
++ * an error code.
++ */
++#define PSA_HANDLE_TO_ERROR(handle) ((psa_status_t)(handle))
++
++/**
++ * Maximum number of input and output vectors for a request to psa_call().
++ */
++#define PSA_MAX_IOVEC (4u)
++
++/**
++ * An IPC message type that indicates a generic client request.
++ */
++#define PSA_IPC_CALL (0)
++
++/**
++ * A read-only input memory region provided to an RoT Service.
++ */
++struct __attribute__ ((__packed__)) psa_invec {
++ uint32_t base; /*!< the start address of the memory buffer */
++ uint32_t len; /*!< the size in bytes */
++};
++
++/**
++ * A writable output memory region provided to an RoT Service.
++ */
++struct __attribute__ ((__packed__)) psa_outvec {
++ uint32_t base; /*!< the start address of the memory buffer */
++ uint32_t len; /*!< the size in bytes */
++};
++
++/*************************** PSA Client API **********************************/
++
++/**
++ * \brief Retrieve the version of the PSA Framework API that is implemented.
++ *
++ * \param[in] rpc_caller RPC caller to use
++ * \return version The version of the PSA Framework implementation
++ * that is providing the runtime services to the
++ * caller. The major and minor version are encoded
++ * as follows:
++ * \arg version[15:8] -- major version number.
++ * \arg version[7:0] -- minor version number.
++ */
++uint32_t psa_framework_version(struct rpc_caller *caller);
++
++/**
++ * \brief Retrieve the version of an RoT Service or indicate that it is not
++ * present on this system.
++ *
++ * \param[in] rpc_caller RPC caller to use
++ * \param[in] sid ID of the RoT Service to query.
++ *
++ * \retval PSA_VERSION_NONE The RoT Service is not implemented, or the
++ * caller is not permitted to access the service.
++ * \retval > 0 The version of the implemented RoT Service.
++ */
++uint32_t psa_version(struct rpc_caller *caller, uint32_t sid);
++
++/**
++ * \brief Connect to an RoT Service by its SID.
++ *
++ * \param[in] rpc_caller RPC caller to use
++ * \param[in] sid ID of the RoT Service to connect to.
++ * \param[in] version Requested version of the RoT Service.
++ *
++ * \retval > 0 A handle for the connection.
++ * \retval PSA_ERROR_CONNECTION_REFUSED The SPM or RoT Service has refused the
++ * connection.
++ * \retval PSA_ERROR_CONNECTION_BUSY The SPM or RoT Service cannot make the
++ * connection at the moment.
++ * \retval "PROGRAMMER ERROR" The call is a PROGRAMMER ERROR if one or more
++ * of the following are true:
++ * \arg The RoT Service ID is not present.
++ * \arg The RoT Service version is not supported.
++ * \arg The caller is not allowed to access the RoT
++ * service.
++ */
++psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
++ uint32_t version);
++
++/**
++ * \brief Call an RoT Service on an established connection.
++ *
++ * \note FF-M 1.0 proposes 6 parameters for psa_call but the secure gateway ABI
++ * support at most 4 parameters. TF-M chooses to encode 'in_len',
++ * 'out_len', and 'type' into a 32-bit integer to improve efficiency.
++ * Compared with struct-based encoding, this method saves extra memory
++ * check and memory copy operation. The disadvantage is that the 'type'
++ * range has to be reduced into a 16-bit integer. So with this encoding,
++ * the valid range for 'type' is 0-32767.
++ *
++ * \param[in] rpc_caller RPC caller to use
++ * \param[in] handle A handle to an established connection.
++ * \param[in] type The request type.
++ * Must be zero( \ref PSA_IPC_CALL) or positive.
++ * \param[in] in_vec Array of input \ref psa_invec structures.
++ * \param[in] in_len Number of input \ref psa_invec structures.
++ * \param[in,out] out_vec Array of output \ref psa_outvec structures.
++ * \param[in] out_len Number of output \ref psa_outvec structures.
++ *
++ * \retval >=0 RoT Service-specific status value.
++ * \retval <0 RoT Service-specific error code.
++ * \retval PSA_ERROR_PROGRAMMER_ERROR The connection has been terminated by the
++ * RoT Service. The call is a PROGRAMMER ERROR if
++ * one or more of the following are true:
++ * \arg An invalid handle was passed.
++ * \arg The connection is already handling a request.
++ * \arg type < 0.
++ * \arg An invalid memory reference was provided.
++ * \arg in_len + out_len > PSA_MAX_IOVEC.
++ * \arg The message is unrecognized by the RoT
++ * Service or incorrectly formatted.
++ */
++psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle,
++ int32_t type, const struct psa_invec *in_vec,
++ size_t in_len, struct psa_outvec *out_vec, size_t out_len);
++
++/**
++ * \brief Close a connection to an RoT Service.
++ *
++ * \param[in] rpc_caller RPC caller to use
++ * \param[in] handle A handle to an established connection, or the
++ * null handle.
++ *
++ * \retval void Success.
++ * \retval "PROGRAMMER ERROR" The call is a PROGRAMMER ERROR if one or more
++ * of the following are true:
++ * \arg An invalid handle was provided that is not
++ * the null handle.
++ * \arg The connection is currently handling a
++ * request.
++ */
++void psa_close(struct rpc_caller *caller, psa_handle_t handle);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* SERVICE_PSA_IPC_H */
++
++
+diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
+new file mode 100644
+index 000000000000..aaa973c6e987
+--- /dev/null
++++ b/components/service/common/include/psa/sid.h
+@@ -0,0 +1,71 @@
++/*
++ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#ifndef __PSA_MANIFEST_SID_H__
++#define __PSA_MANIFEST_SID_H__
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/******** TFM_SP_PS ********/
++#define TFM_PROTECTED_STORAGE_SERVICE_SID (0x00000060U)
++#define TFM_PROTECTED_STORAGE_SERVICE_VERSION (1U)
++#define TFM_PROTECTED_STORAGE_SERVICE_HANDLE (0x40000101U)
++
++/* Invalid UID */
++#define TFM_PS_INVALID_UID 0
++
++/* PS message types that distinguish PS services. */
++#define TFM_PS_SET 1001
++#define TFM_PS_GET 1002
++#define TFM_PS_GET_INFO 1003
++#define TFM_PS_REMOVE 1004
++#define TFM_PS_GET_SUPPORT 1005
++
++/******** TFM_SP_ITS ********/
++#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SID (0x00000070U)
++#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_VERSION (1U)
++#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE (0x40000102U)
++
++/******** TFM_SP_CRYPTO ********/
++#define TFM_CRYPTO_SID (0x00000080U)
++#define TFM_CRYPTO_VERSION (1U)
++#define TFM_CRYPTO_HANDLE (0x40000100U)
++
++/******** TFM_SP_PLATFORM ********/
++#define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U)
++#define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U)
++#define TFM_SP_PLATFORM_IOCTL_SID (0x00000041U)
++#define TFM_SP_PLATFORM_IOCTL_VERSION (1U)
++#define TFM_SP_PLATFORM_NV_COUNTER_SID (0x00000042U)
++#define TFM_SP_PLATFORM_NV_COUNTER_VERSION (1U)
++
++/******** TFM_SP_INITIAL_ATTESTATION ********/
++#define TFM_ATTESTATION_SERVICE_SID (0x00000020U)
++#define TFM_ATTESTATION_SERVICE_VERSION (1U)
++#define TFM_ATTESTATION_SERVICE_HANDLE (0x40000103U)
++
++/******** TFM_SP_FWU ********/
++#define TFM_FWU_WRITE_SID (0x000000A0U)
++#define TFM_FWU_WRITE_VERSION (1U)
++#define TFM_FWU_INSTALL_SID (0x000000A1U)
++#define TFM_FWU_INSTALL_VERSION (1U)
++#define TFM_FWU_ABORT_SID (0x000000A2U)
++#define TFM_FWU_ABORT_VERSION (1U)
++#define TFM_FWU_QUERY_SID (0x000000A3U)
++#define TFM_FWU_QUERY_VERSION (1U)
++#define TFM_FWU_REQUEST_REBOOT_SID (0x000000A4U)
++#define TFM_FWU_REQUEST_REBOOT_VERSION (1U)
++#define TFM_FWU_ACCEPT_SID (0x000000A5U)
++#define TFM_FWU_ACCEPT_VERSION (1U)
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* __PSA_MANIFEST_SID_H__ */
+--
+2.38.0
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch
new file mode 100644
index 0000000..e179fb0
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch
@@ -0,0 +1,295 @@
+From e9778f726ed582360152f150301995b10d268aae Mon Sep 17 00:00:00 2001
+From: Vishnu Banavath <vishnu.banavath@arm.com>
+Date: Fri, 3 Dec 2021 19:13:03 +0000
+Subject: [PATCH 05/19] Add common service component to ipc support
+
+Add support for inter processor communication for PSA
+including, the openamp client side structures lib.
+
+Upstream-Status: Pending
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ .../service/common/psa_ipc/component.cmake | 13 ++
+ .../service/common/psa_ipc/service_psa_ipc.c | 97 +++++++++++++
+ .../psa_ipc/service_psa_ipc_openamp_lib.h | 131 ++++++++++++++++++
+ deployments/se-proxy/se-proxy.cmake | 1 +
+ 4 files changed, 242 insertions(+)
+ create mode 100644 components/service/common/psa_ipc/component.cmake
+ create mode 100644 components/service/common/psa_ipc/service_psa_ipc.c
+ create mode 100644 components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h
+
+diff --git a/components/service/common/psa_ipc/component.cmake b/components/service/common/psa_ipc/component.cmake
+new file mode 100644
+index 000000000000..5a1c9e62e2f0
+--- /dev/null
++++ b/components/service/common/psa_ipc/component.cmake
+@@ -0,0 +1,13 @@
++#-------------------------------------------------------------------------------
++# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++#
++# SPDX-License-Identifier: BSD-3-Clause
++#
++#-------------------------------------------------------------------------------
++if (NOT DEFINED TGT)
++ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
++endif()
++
++target_sources(${TGT} PRIVATE
++ "${CMAKE_CURRENT_LIST_DIR}/service_psa_ipc.c"
++ )
+diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
+new file mode 100644
+index 000000000000..e8093c20a523
+--- /dev/null
++++ b/components/service/common/psa_ipc/service_psa_ipc.c
+@@ -0,0 +1,97 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#include <stddef.h>
++#include <stdint.h>
++#include <string.h>
++#include <trace.h>
++
++#include <protocols/rpc/common/packed-c/status.h>
++#include <psa/error.h>
++#include <rpc_caller.h>
++
++#include <psa/client.h>
++#include "service_psa_ipc_openamp_lib.h"
++
++psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
++ uint32_t version)
++{
++ psa_status_t psa_status = PSA_SUCCESS;
++ struct s_openamp_msg *resp_msg = NULL;
++ struct ns_openamp_msg *req_msg;
++ rpc_call_handle rpc_handle;
++ size_t resp_len;
++ uint8_t *resp;
++ uint8_t *req;
++ int ret;
++
++ rpc_handle = rpc_caller_begin(caller, &req,
++ sizeof(struct ns_openamp_msg));
++ if (!rpc_handle) {
++ EMSG("psa_connect: could not get handle");
++ return PSA_ERROR_GENERIC_ERROR;
++ }
++
++ req_msg = (struct ns_openamp_msg *)req;
++
++ req_msg->call_type = OPENAMP_PSA_CONNECT;
++ req_msg->params.psa_connect_params.sid = sid;
++ req_msg->params.psa_connect_params.version = version;
++
++ ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
++ &resp_len);
++ if (ret != TS_RPC_CALL_ACCEPTED) {
++ EMSG("psa_connect: invoke failed: %d", ret);
++ return PSA_ERROR_GENERIC_ERROR;
++ }
++
++ if (psa_status == PSA_SUCCESS)
++ resp_msg = (struct s_openamp_msg *)resp;
++
++ rpc_caller_end(caller, rpc_handle);
++
++ return resp_msg ? (psa_handle_t)resp_msg->reply : PSA_NULL_HANDLE;
++}
++
++psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle,
++ int32_t type, const struct psa_invec *in_vec,
++ size_t in_len, struct psa_outvec *out_vec, size_t out_len)
++{
++
++}
++
++void psa_close(struct rpc_caller *caller, psa_handle_t handle)
++{
++ psa_status_t psa_status = PSA_SUCCESS;
++ struct s_openamp_msg *resp_msg = NULL;
++ struct ns_openamp_msg *req_msg;
++ rpc_call_handle rpc_handle;
++ size_t resp_len;
++ uint8_t *resp;
++ uint8_t *req;
++ int ret;
++
++ rpc_handle = rpc_caller_begin(caller, &req,
++ sizeof(struct ns_openamp_msg));
++ if (!rpc_handle) {
++ EMSG("psa_close: could not get handle");
++ return;
++ }
++
++ req_msg = (struct ns_openamp_msg *)req;
++
++ req_msg->call_type = OPENAMP_PSA_CLOSE;
++ req_msg->params.psa_close_params.handle = handle;
++
++ ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
++ &resp_len);
++ if (ret != TS_RPC_CALL_ACCEPTED) {
++ EMSG("psa_close: invoke failed: %d", ret);
++ return;
++ }
++
++ rpc_caller_end(caller, rpc_handle);
++}
+diff --git a/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h b/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h
+new file mode 100644
+index 000000000000..33ea96660572
+--- /dev/null
++++ b/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h
+@@ -0,0 +1,131 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef SERVICE_PSA_IPC_OPENAMP_LIB_H
++#define SERVICE_PSA_IPC_OPENAMP_LIB_H
++
++#include <stddef.h>
++#include <stdint.h>
++
++#include <compiler.h>
++#include <psa/error.h>
++
++#include <stdint.h>
++#include <psa/client.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/* PSA client call type value */
++#define OPENAMP_PSA_FRAMEWORK_VERSION (0x1)
++#define OPENAMP_PSA_VERSION (0x2)
++#define OPENAMP_PSA_CONNECT (0x3)
++#define OPENAMP_PSA_CALL (0x4)
++#define OPENAMP_PSA_CLOSE (0x5)
++
++/* Return code of openamp APIs */
++#define OPENAMP_SUCCESS (0)
++#define OPENAMP_MAP_FULL (INT32_MIN + 1)
++#define OPENAMP_MAP_ERROR (INT32_MIN + 2)
++#define OPENAMP_INVAL_PARAMS (INT32_MIN + 3)
++#define OPENAMP_NO_PERMS (INT32_MIN + 4)
++#define OPENAMP_NO_PEND_EVENT (INT32_MIN + 5)
++#define OPENAMP_CHAN_BUSY (INT32_MIN + 6)
++#define OPENAMP_CALLBACK_REG_ERROR (INT32_MIN + 7)
++#define OPENAMP_INIT_ERROR (INT32_MIN + 8)
++
++#define HOLD_INPUT_BUFFER (1) /* IF true, TF-M Library will hold the openamp
++ * buffer so that openamp shared memory buffer
++ * does not get freed.
++ */
++
++/*
++ * This structure holds the parameters used in a PSA client call.
++ */
++typedef struct __packed psa_client_in_params {
++ union {
++ struct __packed {
++ uint32_t sid;
++ } psa_version_params;
++
++ struct __packed {
++ uint32_t sid;
++ uint32_t version;
++ } psa_connect_params;
++
++ struct __packed {
++ psa_handle_t handle;
++ int32_t type;
++ uint32_t in_vec;
++ uint32_t in_len;
++ uint32_t out_vec;
++ uint32_t out_len;
++ } psa_call_params;
++
++ struct __packed {
++ psa_handle_t handle;
++ } psa_close_params;
++ };
++} psa_client_in_params_t;
++
++/* Openamp message passed from NSPE to SPE to deliver a PSA client call */
++struct __packed ns_openamp_msg {
++ uint32_t call_type; /* PSA client call type */
++ struct psa_client_in_params params; /* Contain parameters used in PSA
++ * client call
++ */
++
++ int32_t client_id; /* Optional client ID of the
++ * non-secure caller.
++ * It is required to identify the
++ * non-secure task when NSPE OS
++ * enforces non-secure task
++ * isolation
++ */
++ int32_t request_id; /* This is the unique ID for a
++ * request send to TF-M by the
++ * non-secure core. TF-M forward
++ * the ID back to non-secure on the
++ * reply to a given request. Using
++ * this id, the non-secure library
++ * can identify the request for
++ * which the reply has received.
++ */
++};
++
++/*
++ * This structure holds the location of the out data of the PSA client call.
++ */
++struct __packed psa_client_out_params {
++ uint32_t out_vec;
++ uint32_t out_len;
++};
++
++
++/* Openamp message from SPE to NSPE delivering the reply back for a PSA client
++ * call.
++ */
++struct __packed s_openamp_msg {
++ int32_t request_id; /* Using this id, the non-secure
++ * library identifies the request.
++ * TF-M forwards the same
++ * request-id received on the
++ * initial request.
++ */
++ int32_t reply; /* Reply of the PSA client call */
++ struct psa_client_out_params params; /* Contain out data result of the
++ * PSA client call.
++ */
++};
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* SERVICE_PSA_IPC_OPENAMP_LIB_H */
++
++
+diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
+index 34fe5ff1b925..dd0c5d00c21e 100644
+--- a/deployments/se-proxy/se-proxy.cmake
++++ b/deployments/se-proxy/se-proxy.cmake
+@@ -24,6 +24,7 @@ add_components(TARGET "se-proxy"
+ "components/service/common/include"
+ "components/service/common/serializer/protobuf"
+ "components/service/common/client"
++ "components/service/common/psa_ipc"
+ "components/service/common/provider"
+ "components/service/discovery/provider"
+ "components/service/discovery/provider/serializer/packed-c"
+--
+2.38.0
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch
new file mode 100644
index 0000000..cac43ec
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch
@@ -0,0 +1,523 @@
+From 0df82487a7a253c601ca20ca1bd64fbb9ed64230 Mon Sep 17 00:00:00 2001
+From: Vishnu Banavath <vishnu.banavath@arm.com>
+Date: Fri, 3 Dec 2021 19:19:24 +0000
+Subject: [PATCH 06/19] Add secure storage ipc backend
+
+Add secure storage ipc ff-m implementation which may use
+openamp as rpc to communicate with other processor.
+
+Upstream-Status: Pending
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ .../service/common/psa_ipc/service_psa_ipc.c | 143 +++++++++++-
+ .../secure_storage_ipc/component.cmake | 14 ++
+ .../secure_storage_ipc/secure_storage_ipc.c | 214 ++++++++++++++++++
+ .../secure_storage_ipc/secure_storage_ipc.h | 52 +++++
+ deployments/se-proxy/se-proxy.cmake | 1 +
+ 5 files changed, 420 insertions(+), 4 deletions(-)
+ create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/component.cmake
+ create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
+ create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
+
+diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
+index e8093c20a523..95a07c135f31 100644
+--- a/components/service/common/psa_ipc/service_psa_ipc.c
++++ b/components/service/common/psa_ipc/service_psa_ipc.c
+@@ -16,6 +16,52 @@
+ #include <psa/client.h>
+ #include "service_psa_ipc_openamp_lib.h"
+
++static struct psa_invec *psa_call_in_vec_param(uint8_t *req)
++{
++ return (struct psa_invec *)(req + sizeof(struct ns_openamp_msg));
++}
++
++static struct psa_outvec *psa_call_out_vec_param(uint8_t *req, size_t in_len)
++{
++ return (struct psa_outvec *)(req + sizeof(struct ns_openamp_msg) +
++ (in_len * sizeof(struct psa_invec)));
++}
++
++static size_t psa_call_header_len(const struct psa_invec *in_vec, size_t in_len,
++ struct psa_outvec *out_vec, size_t out_len)
++{
++ return sizeof(struct ns_openamp_msg) + (in_len * sizeof(*in_vec)) +
++ (out_len * sizeof(*out_vec));
++}
++
++static size_t psa_call_in_vec_len(const struct psa_invec *in_vec, size_t in_len)
++{
++ size_t req_len = 0;
++ int i;
++
++ if (!in_vec || !in_len)
++ return 0;
++
++ for (i = 0; i < in_len; i++)
++ req_len += in_vec[i].len;
++
++ return req_len;
++}
++
++static size_t psa_call_out_vec_len(const struct psa_outvec *out_vec, size_t out_len)
++{
++ size_t resp_len = 0;
++ int i;
++
++ if (!out_vec || !out_len)
++ return 0;
++
++ for (i = 0; i < out_len; i++)
++ resp_len += out_vec[i].len;
++
++ return resp_len;
++}
++
+ psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
+ uint32_t version)
+ {
+@@ -31,7 +77,7 @@ psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
+ rpc_handle = rpc_caller_begin(caller, &req,
+ sizeof(struct ns_openamp_msg));
+ if (!rpc_handle) {
+- EMSG("psa_connect: could not get handle");
++ EMSG("psa_connect: could not get rpc handle");
+ return PSA_ERROR_GENERIC_ERROR;
+ }
+
+@@ -56,14 +102,100 @@ psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
+ return resp_msg ? (psa_handle_t)resp_msg->reply : PSA_NULL_HANDLE;
+ }
+
+-psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle,
++psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
+ int32_t type, const struct psa_invec *in_vec,
+ size_t in_len, struct psa_outvec *out_vec, size_t out_len)
+ {
++ psa_status_t psa_status = PSA_SUCCESS;
++ struct s_openamp_msg *resp_msg = NULL;
++ struct psa_outvec *out_vec_param;
++ struct psa_invec *in_vec_param;
++ struct ns_openamp_msg *req_msg;
++ rpc_call_handle rpc_handle;
++ size_t out_vec_len;
++ size_t in_vec_len;
++ size_t header_len;
++ uint8_t *payload;
++ size_t resp_len;
++ uint8_t *resp;
++ uint8_t *req;
++ int ret;
++ int i;
++
++ if ((psa_handle == PSA_NULL_HANDLE) || !caller)
++ return PSA_ERROR_INVALID_ARGUMENT;
++
++ header_len = psa_call_header_len(in_vec, in_len, out_vec, out_len);
++ in_vec_len = psa_call_in_vec_len(in_vec, in_len);
++ out_vec_len = psa_call_out_vec_len(out_vec, out_len);
+
++ rpc_handle = rpc_caller_begin(caller, &req, header_len + in_vec_len);
++ if (!rpc_handle) {
++ EMSG("psa_call: could not get handle");
++ return PSA_ERROR_GENERIC_ERROR;
++ }
++
++ payload = req + header_len;
++
++ out_vec_param = psa_call_out_vec_param(req, in_len);
++ in_vec_param = psa_call_in_vec_param(req);
++
++ req_msg = (struct ns_openamp_msg *)req;
++
++ req_msg->call_type = OPENAMP_PSA_CALL;
++ req_msg->request_id = 1234;
++ req_msg->params.psa_call_params.handle = psa_handle;
++ req_msg->params.psa_call_params.type = type;
++ req_msg->params.psa_call_params.in_len = in_len;
++ req_msg->params.psa_call_params.in_vec = rpc_caller_virt_to_phys(caller, in_vec_param);
++ req_msg->params.psa_call_params.out_len = out_len;
++ req_msg->params.psa_call_params.out_vec = rpc_caller_virt_to_phys(caller, out_vec_param);
++
++ for (i = 0; i < in_len; i++) {
++ in_vec_param[i].base = rpc_caller_virt_to_phys(caller, payload);
++ in_vec_param[i].len = in_vec[i].len;
++
++ memcpy(payload, in_vec[i].base, in_vec[i].len);
++ payload += in_vec[i].len;
++ }
++
++ for (i = 0; i < out_len; i++) {
++ out_vec_param[i].base = NULL;
++ out_vec_param[i].len = out_vec[i].len;
++ }
++
++ ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
++ &resp_len);
++ if (ret != TS_RPC_CALL_ACCEPTED) {
++ EMSG("psa_call: invoke failed: %d", ret);
++ return PSA_ERROR_GENERIC_ERROR;
++ }
++
++ if (psa_status != PSA_SUCCESS) {
++ EMSG("psa_call: psa_status invoke failed: %d", psa_status);
++ return PSA_ERROR_GENERIC_ERROR;
++ }
++
++ resp_msg = (struct s_openamp_msg *)resp;
++
++ if (!resp_msg || !out_len || resp_msg->reply != PSA_SUCCESS)
++ goto caller_end;
++
++ out_vec_param = (struct psa_outvec *)rpc_caller_phys_to_virt(caller,
++ resp_msg->params.out_vec);
++
++ for (i = 0; i < resp_msg->params.out_len; i++) {
++ memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base),
++ out_vec[i].len);
++ }
++
++caller_end:
++ rpc_caller_end(caller, rpc_handle);
++
++ return resp_msg ? resp_msg->reply : PSA_ERROR_COMMUNICATION_FAILURE;
+ }
+
+-void psa_close(struct rpc_caller *caller, psa_handle_t handle)
++void psa_close(struct rpc_caller *caller, psa_handle_t psa_handle)
+ {
+ psa_status_t psa_status = PSA_SUCCESS;
+ struct s_openamp_msg *resp_msg = NULL;
+@@ -74,6 +206,9 @@ void psa_close(struct rpc_caller *caller, psa_handle_t handle)
+ uint8_t *req;
+ int ret;
+
++ if ((psa_handle == PSA_NULL_HANDLE) || !caller)
++ return;
++
+ rpc_handle = rpc_caller_begin(caller, &req,
+ sizeof(struct ns_openamp_msg));
+ if (!rpc_handle) {
+@@ -84,7 +219,7 @@ void psa_close(struct rpc_caller *caller, psa_handle_t handle)
+ req_msg = (struct ns_openamp_msg *)req;
+
+ req_msg->call_type = OPENAMP_PSA_CLOSE;
+- req_msg->params.psa_close_params.handle = handle;
++ req_msg->params.psa_close_params.handle = psa_handle;
+
+ ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
+ &resp_len);
+diff --git a/components/service/secure_storage/backend/secure_storage_ipc/component.cmake b/components/service/secure_storage/backend/secure_storage_ipc/component.cmake
+new file mode 100644
+index 000000000000..5d8f6714e0bd
+--- /dev/null
++++ b/components/service/secure_storage/backend/secure_storage_ipc/component.cmake
+@@ -0,0 +1,14 @@
++#-------------------------------------------------------------------------------
++# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
++#
++# SPDX-License-Identifier: BSD-3-Clause
++#
++#-------------------------------------------------------------------------------
++if (NOT DEFINED TGT)
++ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
++endif()
++
++target_sources(${TGT} PRIVATE
++ "${CMAKE_CURRENT_LIST_DIR}/secure_storage_ipc.c"
++ )
++
+diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
+new file mode 100644
+index 000000000000..9b55f77dd395
+--- /dev/null
++++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
+@@ -0,0 +1,214 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#include <protocols/rpc/common/packed-c/status.h>
++#include "secure_storage_ipc.h"
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <rpc_caller.h>
++#include <string.h>
++#include <trace.h>
++
++
++static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
++ psa_storage_uid_t uid, size_t data_length,
++ const void *p_data, psa_storage_create_flags_t create_flags)
++{
++ struct secure_storage_ipc *ipc = context;
++ struct rpc_caller *caller = ipc->client.caller;
++ psa_handle_t psa_handle;
++ psa_status_t psa_status;
++ struct psa_invec in_vec[] = {
++ { .base = &uid, .len = sizeof(uid) },
++ { .base = p_data, .len = data_length },
++ { .base = &create_flags, .len = sizeof(create_flags) },
++ };
++
++ (void)client_id;
++
++ ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED;
++
++ /* Validating input parameters */
++ if (p_data == NULL)
++ return PSA_ERROR_INVALID_ARGUMENT;
++
++ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
++ TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0);
++ if (psa_status < 0)
++ EMSG("ipc_set: psa_call failed: %d", psa_status);
++
++ return psa_status;
++}
++
++static psa_status_t secure_storage_ipc_get(void *context,
++ uint32_t client_id,
++ psa_storage_uid_t uid,
++ size_t data_offset,
++ size_t data_size,
++ void *p_data,
++ size_t *p_data_length)
++{
++ struct secure_storage_ipc *ipc = context;
++ struct rpc_caller *caller = ipc->client.caller;
++ psa_handle_t psa_handle;
++ psa_status_t psa_status;
++ uint32_t offset = (uint32_t)data_offset;
++ struct psa_invec in_vec[] = {
++ { .base = &uid, .len = sizeof(uid) },
++ { .base = &offset, .len = sizeof(offset) },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = p_data, .len = data_size },
++ };
++
++ if (!p_data_length) {
++ EMSG("ipc_get: p_data_length not defined");
++ return PSA_ERROR_INVALID_ARGUMENT;
++ }
++
++ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
++ TFM_PS_GET, in_vec, IOVEC_LEN(in_vec),
++ out_vec, IOVEC_LEN(out_vec));
++ if (psa_status == PSA_SUCCESS)
++ *p_data_length = out_vec[0].len;
++
++ return psa_status;
++}
++
++static psa_status_t secure_storage_ipc_get_info(void *context,
++ uint32_t client_id,
++ psa_storage_uid_t uid,
++ struct psa_storage_info_t *p_info)
++{
++ struct secure_storage_ipc *ipc = context;
++ struct rpc_caller *caller = ipc->client.caller;
++ psa_handle_t psa_handle;
++ psa_status_t psa_status;
++ struct psa_invec in_vec[] = {
++ { .base = &uid, .len = sizeof(uid) },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = p_info, .len = sizeof(*p_info) },
++ };
++
++ (void)client_id;
++
++ /* Validating input parameters */
++ if (!p_info)
++ return PSA_ERROR_INVALID_ARGUMENT;
++
++ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
++ TFM_PS_GET_INFO, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++ if (psa_status != PSA_SUCCESS)
++ EMSG("ipc_get_info: failed to psa_call: %d", psa_status);
++
++ return psa_status;
++}
++
++static psa_status_t secure_storage_ipc_remove(void *context,
++ uint32_t client_id,
++ psa_storage_uid_t uid)
++{
++ struct secure_storage_ipc *ipc = context;
++ struct rpc_caller *caller = ipc->client.caller;
++ psa_handle_t psa_handle;
++ psa_status_t psa_status;
++ struct psa_invec in_vec[] = {
++ { .base = &uid, .len = sizeof(uid) },
++ };
++
++ (void)client_id;
++
++ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
++ TFM_PS_REMOVE, in_vec,
++ IOVEC_LEN(in_vec), NULL, 0);
++ if (psa_status != PSA_SUCCESS)
++ EMSG("ipc_remove: failed to psa_call: %d", psa_status);
++
++ return psa_status;
++}
++
++static psa_status_t secure_storage_ipc_create(void *context,
++ uint32_t client_id,
++ uint64_t uid,
++ size_t capacity,
++ uint32_t create_flags)
++{
++ (void)context;
++ (void)uid;
++ (void)client_id;
++ (void)capacity;
++ (void)create_flags;
++
++ return PSA_ERROR_NOT_SUPPORTED;
++}
++
++static psa_status_t secure_storage_set_extended(void *context,
++ uint32_t client_id,
++ uint64_t uid,
++ size_t data_offset,
++ size_t data_length,
++ const void *p_data)
++{
++ (void)context;
++ (void)uid;
++ (void)client_id;
++ (void)data_offset;
++ (void)data_length;
++ (void)p_data;
++
++ return PSA_ERROR_NOT_SUPPORTED;
++}
++
++static uint32_t secure_storage_get_support(void *context, uint32_t client_id)
++{
++ struct secure_storage_ipc *ipc = context;
++ struct rpc_caller *caller = ipc->client.caller;
++ psa_handle_t psa_handle;
++ psa_status_t psa_status;
++ uint32_t support_flags;
++ struct psa_outvec out_vec[] = {
++ { .base = &support_flags, .len = sizeof(support_flags) },
++ };
++
++ (void)client_id;
++
++ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
++ TFM_PS_GET_SUPPORT, NULL, 0,
++ out_vec, IOVEC_LEN(out_vec));
++ if (psa_status != PSA_SUCCESS)
++ EMSG("ipc_get_support: failed to psa_call: %d", psa_status);
++
++ return psa_status;
++}
++
++struct storage_backend *secure_storage_ipc_init(struct secure_storage_ipc *context,
++ struct rpc_caller *caller)
++{
++ service_client_init(&context->client, caller);
++
++ static const struct storage_backend_interface interface =
++ {
++ .set = secure_storage_ipc_set,
++ .get = secure_storage_ipc_get,
++ .get_info = secure_storage_ipc_get_info,
++ .remove = secure_storage_ipc_remove,
++ .create = secure_storage_ipc_create,
++ .set_extended = secure_storage_set_extended,
++ .get_support = secure_storage_get_support,
++ };
++
++ context->backend.context = context;
++ context->backend.interface = &interface;
++
++ return &context->backend;
++}
++
++void secure_storage_ipc_deinit(struct secure_storage_ipc *context)
++{
++ service_client_deinit(&context->client);
++}
+diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
+new file mode 100644
+index 000000000000..e8c1e8fd2f92
+--- /dev/null
++++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
+@@ -0,0 +1,52 @@
++/*
++ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef SECURE_STORAGE_IPC_H
++#define SECURE_STORAGE_IPC_H
++
++#include <service/secure_storage/backend/storage_backend.h>
++#include <service/common/client/service_client.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * @brief Secure storage ipc instance
++ */
++struct secure_storage_ipc
++{
++ struct storage_backend backend;
++ struct service_client client;
++};
++
++/**
++ * @brief Initialize a secure storage ipc client
++ *
++ * A secure storage client is a storage backend that makes RPC calls
++ * to a remote secure storage provider.
++ *
++ * @param[in] context Instance data
++ * @param[in] rpc_caller RPC caller instance
++ *
++ *
++ * @return Pointer to inialized storage backend or NULL on failure
++ */
++struct storage_backend *secure_storage_ipc_init(struct secure_storage_ipc *context,
++ struct rpc_caller *caller);
++
++/**
++ * @brief Deinitialize a secure storage ipc client
++ *
++ * @param[in] context Instance data
++ */
++void secure_storage_ipc_deinit(struct secure_storage_ipc *context);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* SECURE_STORAGE_IPC_H */
+diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
+index dd0c5d00c21e..cd51460406ca 100644
+--- a/deployments/se-proxy/se-proxy.cmake
++++ b/deployments/se-proxy/se-proxy.cmake
+@@ -45,6 +45,7 @@ add_components(TARGET "se-proxy"
+ "components/service/crypto/factory/full"
+ "components/service/secure_storage/include"
+ "components/service/secure_storage/frontend/secure_storage_provider"
++ "components/service/secure_storage/backend/secure_storage_ipc"
+ "components/service/attestation/include"
+ "components/service/attestation/provider"
+ "components/service/attestation/provider/serializer/packed-c"
+--
+2.38.0
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch
new file mode 100644
index 0000000..192e976
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch
@@ -0,0 +1,63 @@
+From 9c7f1e6a5eb9ab887e568cfa3c2003583d387bc9 Mon Sep 17 00:00:00 2001
+From: Vishnu Banavath <vishnu.banavath@arm.com>
+Date: Fri, 3 Dec 2021 19:25:34 +0000
+Subject: [PATCH 07/19] Use secure storage ipc and openamp for se_proxy
+
+Remove mock up backend for secure storage in se proxy
+deployment and use instead the secure storage ipc backend with
+openamp as rpc to secure enclave side.
+
+Upstream-Status: Pending
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ .../se-proxy/common/service_proxy_factory.c | 16 +++++++++++++---
+ 1 file changed, 13 insertions(+), 3 deletions(-)
+
+diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
+index acfb6e8873fa..57290056d614 100644
+--- a/deployments/se-proxy/common/service_proxy_factory.c
++++ b/deployments/se-proxy/common/service_proxy_factory.c
+@@ -6,15 +6,20 @@
+
+ #include <stddef.h>
+ #include <rpc/common/endpoint/rpc_interface.h>
++#include <rpc/openamp/caller/sp/openamp_caller.h>
+ #include <service/attestation/provider/attest_provider.h>
+ #include <service/attestation/provider/serializer/packed-c/packedc_attest_provider_serializer.h>
+ #include <service/crypto/factory/crypto_provider_factory.h>
+ #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
++#include <trace.h>
+
+ /* Stub backends */
+ #include <service/crypto/backend/stub/stub_crypto_backend.h>
++#include <service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h>
+ #include <service/secure_storage/backend/mock_store/mock_store.h>
+
++struct openamp_caller openamp;
++
+ struct rpc_interface *attest_proxy_create(void)
+ {
+ struct rpc_interface *attest_iface;
+@@ -47,10 +52,15 @@ struct rpc_interface *crypto_proxy_create(void)
+
+ struct rpc_interface *ps_proxy_create(void)
+ {
+- static struct mock_store ps_backend;
+ static struct secure_storage_provider ps_provider;
+-
+- struct storage_backend *backend = mock_store_init(&ps_backend);
++ static struct secure_storage_ipc ps_backend;
++ static struct rpc_caller *storage_caller;
++ struct storage_backend *backend;
++
++ storage_caller = openamp_caller_init(&openamp);
++ if (!storage_caller)
++ return NULL;
++ backend = secure_storage_ipc_init(&ps_backend, &openamp.rpc_caller);
+
+ return secure_storage_provider_init(&ps_provider, backend);
+ }
+--
+2.38.0
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch
new file mode 100644
index 0000000..ce7aacf
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch
@@ -0,0 +1,72 @@
+From d9169d380366afc63af5d4bf02791aeb41f47897 Mon Sep 17 00:00:00 2001
+From: Satish Kumar <satish.kumar01@arm.com>
+Date: Sun, 12 Dec 2021 10:43:48 +0000
+Subject: [PATCH 08/19] Run psa-arch-test
+
+Fixes needed to run psa-arch-test
+
+Upstream-Status: Pending
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ components/service/common/psa_ipc/service_psa_ipc.c | 1 +
+ .../backend/secure_storage_ipc/secure_storage_ipc.c | 8 --------
+ .../service/secure_storage/include/psa/storage_common.h | 4 ++--
+ 3 files changed, 3 insertions(+), 10 deletions(-)
+
+diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
+index 95a07c135f31..5e5815dbc9cf 100644
+--- a/components/service/common/psa_ipc/service_psa_ipc.c
++++ b/components/service/common/psa_ipc/service_psa_ipc.c
+@@ -185,6 +185,7 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
+ resp_msg->params.out_vec);
+
+ for (i = 0; i < resp_msg->params.out_len; i++) {
++ out_vec[i].len = out_vec_param[i].len;
+ memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base),
+ out_vec[i].len);
+ }
+diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
+index 9b55f77dd395..a1f369db253e 100644
+--- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
++++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
+@@ -31,10 +31,6 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
+
+ ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED;
+
+- /* Validating input parameters */
+- if (p_data == NULL)
+- return PSA_ERROR_INVALID_ARGUMENT;
+-
+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
+ TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0);
+ if (psa_status < 0)
+@@ -96,10 +92,6 @@ static psa_status_t secure_storage_ipc_get_info(void *context,
+
+ (void)client_id;
+
+- /* Validating input parameters */
+- if (!p_info)
+- return PSA_ERROR_INVALID_ARGUMENT;
+-
+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
+ TFM_PS_GET_INFO, in_vec,
+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
+diff --git a/components/service/secure_storage/include/psa/storage_common.h b/components/service/secure_storage/include/psa/storage_common.h
+index 4f6ba2a7d822..1fd6b40dc803 100644
+--- a/components/service/secure_storage/include/psa/storage_common.h
++++ b/components/service/secure_storage/include/psa/storage_common.h
+@@ -20,8 +20,8 @@ typedef uint64_t psa_storage_uid_t;
+ typedef uint32_t psa_storage_create_flags_t;
+
+ struct psa_storage_info_t {
+- size_t capacity;
+- size_t size;
++ uint32_t capacity;
++ uint32_t size;
+ psa_storage_create_flags_t flags;
+ };
+
+--
+2.38.0
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch
new file mode 100644
index 0000000..ca0c9d9
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch
@@ -0,0 +1,168 @@
+From ee767c1ae857cfcc8b4bb520b2558091e253cf94 Mon Sep 17 00:00:00 2001
+From: Satish Kumar <satish.kumar01@arm.com>
+Date: Sun, 12 Dec 2021 10:57:17 +0000
+Subject: [PATCH 09/19] Use address instead of pointers
+
+Since secure enclave is 32bit and we 64bit there is an issue
+in the protocol communication design that force us to handle
+on our side the manipulation of address and pointers to make
+this work.
+
+Upstream-Status: Pending
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ .../service/common/include/psa/client.h | 15 ++++++++++++++
+ .../service/common/psa_ipc/service_psa_ipc.c | 20 ++++++++++++-------
+ .../secure_storage_ipc/secure_storage_ipc.c | 20 +++++++++----------
+ 3 files changed, 38 insertions(+), 17 deletions(-)
+
+diff --git a/components/service/common/include/psa/client.h b/components/service/common/include/psa/client.h
+index 69ccf14f40a3..12dcd68f8a76 100644
+--- a/components/service/common/include/psa/client.h
++++ b/components/service/common/include/psa/client.h
+@@ -81,6 +81,21 @@ struct __attribute__ ((__packed__)) psa_outvec {
+ uint32_t len; /*!< the size in bytes */
+ };
+
++static void *psa_u32_to_ptr(uint32_t addr)
++{
++ return (void *)(uintptr_t)addr;
++}
++
++static uint32_t psa_ptr_to_u32(void *ptr)
++{
++ return (uintptr_t)ptr;
++}
++
++static uint32_t psa_ptr_const_to_u32(const void *ptr)
++{
++ return (uintptr_t)ptr;
++}
++
+ /*************************** PSA Client API **********************************/
+
+ /**
+diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
+index 5e5815dbc9cf..435c6c0a2eba 100644
+--- a/components/service/common/psa_ipc/service_psa_ipc.c
++++ b/components/service/common/psa_ipc/service_psa_ipc.c
+@@ -62,6 +62,11 @@ static size_t psa_call_out_vec_len(const struct psa_outvec *out_vec, size_t out_
+ return resp_len;
+ }
+
++static uint32_t psa_virt_to_phys_u32(struct rpc_caller *caller, void *va)
++{
++ return (uintptr_t)rpc_caller_virt_to_phys(caller, va);
++}
++
+ psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
+ uint32_t version)
+ {
+@@ -147,20 +152,20 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
+ req_msg->params.psa_call_params.handle = psa_handle;
+ req_msg->params.psa_call_params.type = type;
+ req_msg->params.psa_call_params.in_len = in_len;
+- req_msg->params.psa_call_params.in_vec = rpc_caller_virt_to_phys(caller, in_vec_param);
++ req_msg->params.psa_call_params.in_vec = psa_virt_to_phys_u32(caller, in_vec_param);
+ req_msg->params.psa_call_params.out_len = out_len;
+- req_msg->params.psa_call_params.out_vec = rpc_caller_virt_to_phys(caller, out_vec_param);
++ req_msg->params.psa_call_params.out_vec = psa_virt_to_phys_u32(caller, out_vec_param);
+
+ for (i = 0; i < in_len; i++) {
+- in_vec_param[i].base = rpc_caller_virt_to_phys(caller, payload);
++ in_vec_param[i].base = psa_virt_to_phys_u32(caller, payload);
+ in_vec_param[i].len = in_vec[i].len;
+
+- memcpy(payload, in_vec[i].base, in_vec[i].len);
++ memcpy(payload, psa_u32_to_ptr(in_vec[i].base), in_vec[i].len);
+ payload += in_vec[i].len;
+ }
+
+ for (i = 0; i < out_len; i++) {
+- out_vec_param[i].base = NULL;
++ out_vec_param[i].base = 0;
+ out_vec_param[i].len = out_vec[i].len;
+ }
+
+@@ -182,11 +187,12 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
+ goto caller_end;
+
+ out_vec_param = (struct psa_outvec *)rpc_caller_phys_to_virt(caller,
+- resp_msg->params.out_vec);
++ psa_u32_to_ptr(resp_msg->params.out_vec));
+
+ for (i = 0; i < resp_msg->params.out_len; i++) {
+ out_vec[i].len = out_vec_param[i].len;
+- memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base),
++ memcpy(psa_u32_to_ptr(out_vec[i].base),
++ rpc_caller_phys_to_virt(caller, psa_u32_to_ptr(out_vec_param[i].base)),
+ out_vec[i].len);
+ }
+
+diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
+index a1f369db253e..bda442a61d5c 100644
+--- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
++++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
+@@ -22,9 +22,9 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
+ psa_handle_t psa_handle;
+ psa_status_t psa_status;
+ struct psa_invec in_vec[] = {
+- { .base = &uid, .len = sizeof(uid) },
+- { .base = p_data, .len = data_length },
+- { .base = &create_flags, .len = sizeof(create_flags) },
++ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
++ { .base = psa_ptr_const_to_u32(p_data), .len = data_length },
++ { .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) },
+ };
+
+ (void)client_id;
+@@ -53,11 +53,11 @@ static psa_status_t secure_storage_ipc_get(void *context,
+ psa_status_t psa_status;
+ uint32_t offset = (uint32_t)data_offset;
+ struct psa_invec in_vec[] = {
+- { .base = &uid, .len = sizeof(uid) },
+- { .base = &offset, .len = sizeof(offset) },
++ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
++ { .base = psa_ptr_to_u32(&offset), .len = sizeof(offset) },
+ };
+ struct psa_outvec out_vec[] = {
+- { .base = p_data, .len = data_size },
++ { .base = psa_ptr_to_u32(p_data), .len = data_size },
+ };
+
+ if (!p_data_length) {
+@@ -84,10 +84,10 @@ static psa_status_t secure_storage_ipc_get_info(void *context,
+ psa_handle_t psa_handle;
+ psa_status_t psa_status;
+ struct psa_invec in_vec[] = {
+- { .base = &uid, .len = sizeof(uid) },
++ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
+ };
+ struct psa_outvec out_vec[] = {
+- { .base = p_info, .len = sizeof(*p_info) },
++ { .base = psa_ptr_to_u32(p_info), .len = sizeof(*p_info) },
+ };
+
+ (void)client_id;
+@@ -110,7 +110,7 @@ static psa_status_t secure_storage_ipc_remove(void *context,
+ psa_handle_t psa_handle;
+ psa_status_t psa_status;
+ struct psa_invec in_vec[] = {
+- { .base = &uid, .len = sizeof(uid) },
++ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
+ };
+
+ (void)client_id;
+@@ -164,7 +164,7 @@ static uint32_t secure_storage_get_support(void *context, uint32_t client_id)
+ psa_status_t psa_status;
+ uint32_t support_flags;
+ struct psa_outvec out_vec[] = {
+- { .base = &support_flags, .len = sizeof(support_flags) },
++ { .base = psa_ptr_to_u32(&support_flags), .len = sizeof(support_flags) },
+ };
+
+ (void)client_id;
+--
+2.38.0
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch
new file mode 100644
index 0000000..d47b0de
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch
@@ -0,0 +1,266 @@
+From afdeb8e098a1f2822adf2ea83ded8dd9e2d021ba Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Tue, 7 Dec 2021 11:50:00 +0000
+Subject: [PATCH 10/19] Add psa ipc attestation to se proxy
+
+Implement attestation client API as psa ipc and include it to
+se proxy deployment.
+
+Upstream-Status: Pending
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ .../client/psa_ipc/component.cmake | 13 +++
+ .../client/psa_ipc/iat_ipc_client.c | 86 +++++++++++++++++++
+ .../reporter/psa_ipc/component.cmake | 13 +++
+ .../reporter/psa_ipc/psa_ipc_attest_report.c | 45 ++++++++++
+ components/service/common/include/psa/sid.h | 4 +
+ .../se-proxy/common/service_proxy_factory.c | 6 ++
+ deployments/se-proxy/se-proxy.cmake | 3 +-
+ 7 files changed, 169 insertions(+), 1 deletion(-)
+ create mode 100644 components/service/attestation/client/psa_ipc/component.cmake
+ create mode 100644 components/service/attestation/client/psa_ipc/iat_ipc_client.c
+ create mode 100644 components/service/attestation/reporter/psa_ipc/component.cmake
+ create mode 100644 components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c
+
+diff --git a/components/service/attestation/client/psa_ipc/component.cmake b/components/service/attestation/client/psa_ipc/component.cmake
+new file mode 100644
+index 000000000000..a5bc6b4a387e
+--- /dev/null
++++ b/components/service/attestation/client/psa_ipc/component.cmake
+@@ -0,0 +1,13 @@
++#-------------------------------------------------------------------------------
++# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++#
++# SPDX-License-Identifier: BSD-3-Clause
++#
++#-------------------------------------------------------------------------------
++if (NOT DEFINED TGT)
++ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
++endif()
++
++target_sources(${TGT} PRIVATE
++ "${CMAKE_CURRENT_LIST_DIR}/iat_ipc_client.c"
++ )
+diff --git a/components/service/attestation/client/psa_ipc/iat_ipc_client.c b/components/service/attestation/client/psa_ipc/iat_ipc_client.c
+new file mode 100644
+index 000000000000..30bd0a13a385
+--- /dev/null
++++ b/components/service/attestation/client/psa_ipc/iat_ipc_client.c
+@@ -0,0 +1,86 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#include <stddef.h>
++#include <string.h>
++
++#include "../psa/iat_client.h"
++#include <protocols/rpc/common/packed-c/status.h>
++#include <psa/initial_attestation.h>
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <service/common/client/service_client.h>
++
++/**
++ * @brief The singleton psa_iat_client instance
++ *
++ * The psa attestation C API assumes a single backend service provider.
++ */
++static struct service_client instance;
++
++
++psa_status_t psa_iat_client_init(struct rpc_caller *caller)
++{
++ return service_client_init(&instance, caller);
++}
++
++void psa_iat_client_deinit(void)
++{
++ service_client_deinit(&instance);
++}
++
++int psa_iat_client_rpc_status(void)
++{
++ return instance.rpc_status;
++}
++
++psa_status_t psa_initial_attest_get_token(const uint8_t *auth_challenge,
++ size_t challenge_size,
++ uint8_t *token_buf,
++ size_t token_buf_size,
++ size_t *token_size)
++{
++ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
++ struct rpc_caller *caller = instance.caller;
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_const_to_u32(auth_challenge), .len = challenge_size},
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(token_buf), .len = token_buf_size},
++ };
++
++ if (!token_buf || !token_buf_size)
++ return PSA_ERROR_INVALID_ARGUMENT;
++
++ status = psa_call(caller, TFM_ATTESTATION_SERVICE_HANDLE,
++ TFM_ATTEST_GET_TOKEN, in_vec, IOVEC_LEN(in_vec),
++ out_vec, IOVEC_LEN(out_vec));
++ if (status == PSA_SUCCESS) {
++ *token_size = out_vec[0].len;
++ }
++
++ return status;
++}
++
++psa_status_t psa_initial_attest_get_token_size(size_t challenge_size,
++ size_t *token_size)
++{
++ struct rpc_caller *caller = instance.caller;
++ psa_status_t status;
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&challenge_size), .len = sizeof(uint32_t)}
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(token_size), .len = sizeof(uint32_t)}
++ };
++
++ status = psa_call(caller, TFM_ATTESTATION_SERVICE_HANDLE,
++ TFM_ATTEST_GET_TOKEN_SIZE,
++ in_vec, IOVEC_LEN(in_vec),
++ out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
+diff --git a/components/service/attestation/reporter/psa_ipc/component.cmake b/components/service/attestation/reporter/psa_ipc/component.cmake
+new file mode 100644
+index 000000000000..b37830c618fe
+--- /dev/null
++++ b/components/service/attestation/reporter/psa_ipc/component.cmake
+@@ -0,0 +1,13 @@
++#-------------------------------------------------------------------------------
++# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++#
++# SPDX-License-Identifier: BSD-3-Clause
++#
++#-------------------------------------------------------------------------------
++if (NOT DEFINED TGT)
++ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
++endif()
++
++target_sources(${TGT} PRIVATE
++ "${CMAKE_CURRENT_LIST_DIR}/psa_ipc_attest_report.c"
++ )
+diff --git a/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c b/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c
+new file mode 100644
+index 000000000000..15805e8ed4b1
+--- /dev/null
++++ b/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c
+@@ -0,0 +1,45 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++/**
++ * A attestation reporter for psa ipc
++ */
++
++#include <stddef.h>
++#include <psa/error.h>
++#include <service/attestation/reporter/attest_report.h>
++#include <psa/initial_attestation.h>
++
++#define TOKEN_BUF_SIZE 1024
++
++static uint8_t token_buf[TOKEN_BUF_SIZE];
++
++int attest_report_create(int32_t client_id, const uint8_t *auth_challenge_data,
++ size_t auth_challenge_len, const uint8_t **report,
++ size_t *report_len)
++{
++ *report = token_buf;
++ psa_status_t ret;
++ size_t token_size = 0;
++
++ ret = psa_initial_attest_get_token(auth_challenge_data,
++ auth_challenge_len, token_buf,
++ TOKEN_BUF_SIZE, &token_size);
++ if (ret != PSA_SUCCESS) {
++ *report = NULL;
++ *report_len = 0;
++ return ret;
++ }
++
++ *report_len = token_size;
++
++ return PSA_SUCCESS;
++}
++
++void attest_report_destroy(const uint8_t *report)
++{
++ (void)report;
++}
+diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
+index aaa973c6e987..833f5039425f 100644
+--- a/components/service/common/include/psa/sid.h
++++ b/components/service/common/include/psa/sid.h
+@@ -50,6 +50,10 @@ extern "C" {
+ #define TFM_ATTESTATION_SERVICE_VERSION (1U)
+ #define TFM_ATTESTATION_SERVICE_HANDLE (0x40000103U)
+
++/* Initial Attestation message types that distinguish Attest services. */
++#define TFM_ATTEST_GET_TOKEN 1001
++#define TFM_ATTEST_GET_TOKEN_SIZE 1002
++
+ /******** TFM_SP_FWU ********/
+ #define TFM_FWU_WRITE_SID (0x000000A0U)
+ #define TFM_FWU_WRITE_VERSION (1U)
+diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
+index 57290056d614..4b8cceccbe4d 100644
+--- a/deployments/se-proxy/common/service_proxy_factory.c
++++ b/deployments/se-proxy/common/service_proxy_factory.c
+@@ -23,12 +23,18 @@ struct openamp_caller openamp;
+ struct rpc_interface *attest_proxy_create(void)
+ {
+ struct rpc_interface *attest_iface;
++ struct rpc_caller *attest_caller;
+
+ /* Static objects for proxy instance */
+ static struct attest_provider attest_provider;
+
++ attest_caller = openamp_caller_init(&openamp);
++ if (!attest_caller)
++ return NULL;
++
+ /* Initialize the service provider */
+ attest_iface = attest_provider_init(&attest_provider);
++ psa_iat_client_init(&openamp.rpc_caller);
+
+ attest_provider_register_serializer(&attest_provider,
+ TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance());
+diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
+index cd51460406ca..38d26821d44d 100644
+--- a/deployments/se-proxy/se-proxy.cmake
++++ b/deployments/se-proxy/se-proxy.cmake
+@@ -49,12 +49,13 @@ add_components(TARGET "se-proxy"
+ "components/service/attestation/include"
+ "components/service/attestation/provider"
+ "components/service/attestation/provider/serializer/packed-c"
++ "components/service/attestation/reporter/psa_ipc"
++ "components/service/attestation/client/psa_ipc"
+ "components/rpc/openamp/caller/sp"
+
+ # Stub service provider backends
+ "components/rpc/dummy"
+ "components/rpc/common/caller"
+- "components/service/attestation/reporter/stub"
+ "components/service/attestation/key_mngr/stub"
+ "components/service/crypto/backend/stub"
+ "components/service/crypto/client/psa"
+--
+2.38.0
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch
new file mode 100644
index 0000000..988fbbe
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch
@@ -0,0 +1,163 @@
+From 94770f9660154bb1157e19c11fb706889a81ae73 Mon Sep 17 00:00:00 2001
+From: Satish Kumar <satish.kumar01@arm.com>
+Date: Thu, 9 Dec 2021 14:11:06 +0000
+Subject: [PATCH 11/19] Setup its backend as openamp rpc using secure storage
+ ipc implementation.
+
+Upstream-Status: Pending
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ components/service/common/include/psa/sid.h | 12 +++++-----
+ .../secure_storage_ipc/secure_storage_ipc.c | 20 ++++++++---------
+ .../secure_storage_ipc/secure_storage_ipc.h | 1 +
+ .../se-proxy/common/service_proxy_factory.c | 22 +++++++++++++------
+ 4 files changed, 32 insertions(+), 23 deletions(-)
+
+diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
+index 833f5039425f..4a951d4a3502 100644
+--- a/components/service/common/include/psa/sid.h
++++ b/components/service/common/include/psa/sid.h
+@@ -20,12 +20,12 @@ extern "C" {
+ /* Invalid UID */
+ #define TFM_PS_INVALID_UID 0
+
+-/* PS message types that distinguish PS services. */
+-#define TFM_PS_SET 1001
+-#define TFM_PS_GET 1002
+-#define TFM_PS_GET_INFO 1003
+-#define TFM_PS_REMOVE 1004
+-#define TFM_PS_GET_SUPPORT 1005
++/* PS / ITS message types that distinguish PS services. */
++#define TFM_PS_ITS_SET 1001
++#define TFM_PS_ITS_GET 1002
++#define TFM_PS_ITS_GET_INFO 1003
++#define TFM_PS_ITS_REMOVE 1004
++#define TFM_PS_ITS_GET_SUPPORT 1005
+
+ /******** TFM_SP_ITS ********/
+ #define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SID (0x00000070U)
+diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
+index bda442a61d5c..0e1b48c0d2e2 100644
+--- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
++++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
+@@ -31,8 +31,8 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
+
+ ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED;
+
+- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
+- TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0);
++ psa_status = psa_call(caller, ipc->service_handle, TFM_PS_ITS_SET,
++ in_vec, IOVEC_LEN(in_vec), NULL, 0);
+ if (psa_status < 0)
+ EMSG("ipc_set: psa_call failed: %d", psa_status);
+
+@@ -65,8 +65,8 @@ static psa_status_t secure_storage_ipc_get(void *context,
+ return PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
+- TFM_PS_GET, in_vec, IOVEC_LEN(in_vec),
++ psa_status = psa_call(caller, ipc->service_handle,
++ TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec),
+ out_vec, IOVEC_LEN(out_vec));
+ if (psa_status == PSA_SUCCESS)
+ *p_data_length = out_vec[0].len;
+@@ -92,8 +92,8 @@ static psa_status_t secure_storage_ipc_get_info(void *context,
+
+ (void)client_id;
+
+- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
+- TFM_PS_GET_INFO, in_vec,
++ psa_status = psa_call(caller, ipc->service_handle,
++ TFM_PS_ITS_GET_INFO, in_vec,
+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
+ if (psa_status != PSA_SUCCESS)
+ EMSG("ipc_get_info: failed to psa_call: %d", psa_status);
+@@ -115,8 +115,8 @@ static psa_status_t secure_storage_ipc_remove(void *context,
+
+ (void)client_id;
+
+- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
+- TFM_PS_REMOVE, in_vec,
++ psa_status = psa_call(caller, ipc->service_handle,
++ TFM_PS_ITS_REMOVE, in_vec,
+ IOVEC_LEN(in_vec), NULL, 0);
+ if (psa_status != PSA_SUCCESS)
+ EMSG("ipc_remove: failed to psa_call: %d", psa_status);
+@@ -169,8 +169,8 @@ static uint32_t secure_storage_get_support(void *context, uint32_t client_id)
+
+ (void)client_id;
+
+- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
+- TFM_PS_GET_SUPPORT, NULL, 0,
++ psa_status = psa_call(caller, ipc->service_handle,
++ TFM_PS_ITS_GET_SUPPORT, NULL, 0,
+ out_vec, IOVEC_LEN(out_vec));
+ if (psa_status != PSA_SUCCESS)
+ EMSG("ipc_get_support: failed to psa_call: %d", psa_status);
+diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
+index e8c1e8fd2f92..d9949f6a9305 100644
+--- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
++++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
+@@ -21,6 +21,7 @@ struct secure_storage_ipc
+ {
+ struct storage_backend backend;
+ struct service_client client;
++ int32_t service_handle;
+ };
+
+ /**
+diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
+index 4b8cceccbe4d..1110ac46bf8b 100644
+--- a/deployments/se-proxy/common/service_proxy_factory.c
++++ b/deployments/se-proxy/common/service_proxy_factory.c
+@@ -5,6 +5,7 @@
+ */
+
+ #include <stddef.h>
++#include <psa/sid.h>
+ #include <rpc/common/endpoint/rpc_interface.h>
+ #include <rpc/openamp/caller/sp/openamp_caller.h>
+ #include <service/attestation/provider/attest_provider.h>
+@@ -60,23 +61,30 @@ struct rpc_interface *ps_proxy_create(void)
+ {
+ static struct secure_storage_provider ps_provider;
+ static struct secure_storage_ipc ps_backend;
+- static struct rpc_caller *storage_caller;
++ struct rpc_caller *storage_caller;
+ struct storage_backend *backend;
+
+ storage_caller = openamp_caller_init(&openamp);
+ if (!storage_caller)
+ return NULL;
+ backend = secure_storage_ipc_init(&ps_backend, &openamp.rpc_caller);
++ ps_backend.service_handle = TFM_PROTECTED_STORAGE_SERVICE_HANDLE;
+
+ return secure_storage_provider_init(&ps_provider, backend);
+ }
+
+ struct rpc_interface *its_proxy_create(void)
+ {
+- static struct mock_store its_backend;
+- static struct secure_storage_provider its_provider;
+-
+- struct storage_backend *backend = mock_store_init(&its_backend);
+-
+- return secure_storage_provider_init(&its_provider, backend);
++ static struct secure_storage_provider its_provider;
++ static struct secure_storage_ipc its_backend;
++ struct rpc_caller *storage_caller;
++ struct storage_backend *backend;
++
++ storage_caller = openamp_caller_init(&openamp);
++ if (!storage_caller)
++ return NULL;
++ backend = secure_storage_ipc_init(&its_backend, &openamp.rpc_caller);
++ its_backend.service_handle = TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE;
++
++ return secure_storage_provider_init(&its_provider, backend);
+ }
+--
+2.38.0
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch
new file mode 100644
index 0000000..fdc39b0
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch
@@ -0,0 +1,2584 @@
+From 896b5009bb07c4b53541290e1712856063411107 Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Thu, 9 Dec 2021 14:17:39 +0000
+Subject: [PATCH 12/19] add psa ipc crypto backend
+
+Add psa ipc crypto backend and attach it to se proxy
+deployment.
+
+Upstream-Status: Pending
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ components/service/common/include/psa/sid.h | 73 +++++
+ .../crypto/backend/psa_ipc/component.cmake | 21 ++
+ .../backend/psa_ipc/crypto_ipc_backend.c | 26 ++
+ .../backend/psa_ipc/crypto_ipc_backend.h | 70 ++++
+ .../client/caller/psa_ipc/crypto_caller.h | 34 ++
+ .../caller/psa_ipc/crypto_caller_aead.h | 252 +++++++++++++++
+ .../crypto_caller_asymmetric_decrypt.h | 76 +++++
+ .../crypto_caller_asymmetric_encrypt.h | 76 +++++
+ .../caller/psa_ipc/crypto_caller_cipher.h | 246 +++++++++++++++
+ .../caller/psa_ipc/crypto_caller_copy_key.h | 57 ++++
+ .../psa_ipc/crypto_caller_destroy_key.h | 51 +++
+ .../caller/psa_ipc/crypto_caller_export_key.h | 59 ++++
+ .../psa_ipc/crypto_caller_export_public_key.h | 59 ++++
+ .../psa_ipc/crypto_caller_generate_key.h | 55 ++++
+ .../psa_ipc/crypto_caller_generate_random.h | 57 ++++
+ .../crypto_caller_get_key_attributes.h | 56 ++++
+ .../caller/psa_ipc/crypto_caller_hash.h | 220 +++++++++++++
+ .../caller/psa_ipc/crypto_caller_import_key.h | 57 ++++
+ .../psa_ipc/crypto_caller_key_attributes.h | 51 +++
+ .../psa_ipc/crypto_caller_key_derivation.h | 298 ++++++++++++++++++
+ .../client/caller/psa_ipc/crypto_caller_mac.h | 207 ++++++++++++
+ .../caller/psa_ipc/crypto_caller_purge_key.h | 51 +++
+ .../caller/psa_ipc/crypto_caller_sign_hash.h | 64 ++++
+ .../psa_ipc/crypto_caller_verify_hash.h | 59 ++++
+ .../crypto/include/psa/crypto_client_struct.h | 8 +-
+ .../service/crypto/include/psa/crypto_sizes.h | 2 +-
+ .../se-proxy/common/service_proxy_factory.c | 15 +-
+ deployments/se-proxy/se-proxy.cmake | 2 +-
+ .../providers/arm/corstone1000/platform.cmake | 2 +
+ 29 files changed, 2293 insertions(+), 11 deletions(-)
+ create mode 100644 components/service/crypto/backend/psa_ipc/component.cmake
+ create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c
+ create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
+ create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller.h
+ create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
+ create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
+ create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
+ create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
+ create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
+ create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
+ create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
+ create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
+ create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
+ create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
+ create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
+ create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
+ create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
+ create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h
+ create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
+ create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
+ create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
+ create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
+ create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
+
+diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
+index 4a951d4a3502..7a29cc253bad 100644
+--- a/components/service/common/include/psa/sid.h
++++ b/components/service/common/include/psa/sid.h
+@@ -37,6 +37,79 @@ extern "C" {
+ #define TFM_CRYPTO_VERSION (1U)
+ #define TFM_CRYPTO_HANDLE (0x40000100U)
+
++/**
++ * \brief Define a progressive numerical value for each SID which can be used
++ * when dispatching the requests to the service
++ */
++enum {
++ TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID = (0u),
++ TFM_CRYPTO_RESET_KEY_ATTRIBUTES_SID,
++ TFM_CRYPTO_OPEN_KEY_SID,
++ TFM_CRYPTO_CLOSE_KEY_SID,
++ TFM_CRYPTO_IMPORT_KEY_SID,
++ TFM_CRYPTO_DESTROY_KEY_SID,
++ TFM_CRYPTO_EXPORT_KEY_SID,
++ TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
++ TFM_CRYPTO_PURGE_KEY_SID,
++ TFM_CRYPTO_COPY_KEY_SID,
++ TFM_CRYPTO_HASH_COMPUTE_SID,
++ TFM_CRYPTO_HASH_COMPARE_SID,
++ TFM_CRYPTO_HASH_SETUP_SID,
++ TFM_CRYPTO_HASH_UPDATE_SID,
++ TFM_CRYPTO_HASH_FINISH_SID,
++ TFM_CRYPTO_HASH_VERIFY_SID,
++ TFM_CRYPTO_HASH_ABORT_SID,
++ TFM_CRYPTO_HASH_CLONE_SID,
++ TFM_CRYPTO_MAC_COMPUTE_SID,
++ TFM_CRYPTO_MAC_VERIFY_SID,
++ TFM_CRYPTO_MAC_SIGN_SETUP_SID,
++ TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
++ TFM_CRYPTO_MAC_UPDATE_SID,
++ TFM_CRYPTO_MAC_SIGN_FINISH_SID,
++ TFM_CRYPTO_MAC_VERIFY_FINISH_SID,
++ TFM_CRYPTO_MAC_ABORT_SID,
++ TFM_CRYPTO_CIPHER_ENCRYPT_SID,
++ TFM_CRYPTO_CIPHER_DECRYPT_SID,
++ TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
++ TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
++ TFM_CRYPTO_CIPHER_GENERATE_IV_SID,
++ TFM_CRYPTO_CIPHER_SET_IV_SID,
++ TFM_CRYPTO_CIPHER_UPDATE_SID,
++ TFM_CRYPTO_CIPHER_FINISH_SID,
++ TFM_CRYPTO_CIPHER_ABORT_SID,
++ TFM_CRYPTO_AEAD_ENCRYPT_SID,
++ TFM_CRYPTO_AEAD_DECRYPT_SID,
++ TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
++ TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
++ TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
++ TFM_CRYPTO_AEAD_SET_NONCE_SID,
++ TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
++ TFM_CRYPTO_AEAD_UPDATE_AD_SID,
++ TFM_CRYPTO_AEAD_UPDATE_SID,
++ TFM_CRYPTO_AEAD_FINISH_SID,
++ TFM_CRYPTO_AEAD_VERIFY_SID,
++ TFM_CRYPTO_AEAD_ABORT_SID,
++ TFM_CRYPTO_SIGN_MESSAGE_SID,
++ TFM_CRYPTO_VERIFY_MESSAGE_SID,
++ TFM_CRYPTO_SIGN_HASH_SID,
++ TFM_CRYPTO_VERIFY_HASH_SID,
++ TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
++ TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
++ TFM_CRYPTO_KEY_DERIVATION_SETUP_SID,
++ TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID,
++ TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID,
++ TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID,
++ TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
++ TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
++ TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID,
++ TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID,
++ TFM_CRYPTO_KEY_DERIVATION_ABORT_SID,
++ TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
++ TFM_CRYPTO_GENERATE_RANDOM_SID,
++ TFM_CRYPTO_GENERATE_KEY_SID,
++ TFM_CRYPTO_SID_MAX,
++};
++
+ /******** TFM_SP_PLATFORM ********/
+ #define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U)
+ #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U)
+diff --git a/components/service/crypto/backend/psa_ipc/component.cmake b/components/service/crypto/backend/psa_ipc/component.cmake
+new file mode 100644
+index 000000000000..93c297a83ac6
+--- /dev/null
++++ b/components/service/crypto/backend/psa_ipc/component.cmake
+@@ -0,0 +1,21 @@
++#-------------------------------------------------------------------------------
++# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++#
++# SPDX-License-Identifier: BSD-3-Clause
++#
++#-------------------------------------------------------------------------------
++if (NOT DEFINED TGT)
++ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
++endif()
++
++target_sources(${TGT} PRIVATE
++ "${CMAKE_CURRENT_LIST_DIR}/crypto_ipc_backend.c"
++ )
++
++# The ipc crypto backend uses the psa crypto client to realize the
++# psa crypto API that the crypto provider depends on. This define
++# configures the psa crypto client to be built with the ipc crypto
++# caller.
++target_compile_definitions(${TGT} PRIVATE
++ PSA_CRYPTO_CLIENT_CALLER_SELECTION_H="service/crypto/client/caller/psa_ipc/crypto_caller.h"
++)
+diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c
+new file mode 100644
+index 000000000000..e47cd4ffb4ce
+--- /dev/null
++++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c
+@@ -0,0 +1,26 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#include <stddef.h>
++#include <psa/crypto.h>
++#include <service/crypto/client/psa/psa_crypto_client.h>
++#include <protocols/rpc/common/packed-c/status.h>
++#include "crypto_ipc_backend.h"
++
++psa_status_t crypto_ipc_backend_init(struct rpc_caller *caller)
++{
++ psa_status_t status = psa_crypto_client_init(caller);
++
++ if (status == PSA_SUCCESS)
++ status = psa_crypto_init();
++
++ return status;
++}
++
++void crypto_ipc_backend_deinit(void)
++{
++ psa_crypto_client_deinit();
++}
+diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
+new file mode 100644
+index 000000000000..c13c20e84131
+--- /dev/null
++++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
+@@ -0,0 +1,70 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef CRYPTO_IPC_BACKEND_H
++#define CRYPTO_IPC_BACKEND_H
++
++#include <service/crypto/client/psa/psa_crypto_client.h>
++#include <psa/error.h>
++#include <rpc_caller.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * \brief This type is used to overcome a limitation in the number of maximum
++ * IOVECs that can be used especially in psa_aead_encrypt and
++ * psa_aead_decrypt. To be removed in case the AEAD APIs number of
++ * parameters passed gets restructured
++ */
++#define TFM_CRYPTO_MAX_NONCE_LENGTH (16u)
++struct psa_ipc_crypto_aead_pack_input {
++ uint8_t nonce[TFM_CRYPTO_MAX_NONCE_LENGTH];
++ uint32_t nonce_length;
++};
++
++struct psa_ipc_crypto_pack_iovec {
++ uint32_t sfn_id; /*!< Secure function ID used to dispatch the
++ * request
++ */
++ uint16_t step; /*!< Key derivation step */
++ psa_key_id_t key_id; /*!< Key id */
++ psa_algorithm_t alg; /*!< Algorithm */
++ uint32_t op_handle; /*!< Frontend context handle associated to a
++ * multipart operation
++ */
++ uint32_t capacity; /*!< Key derivation capacity */
++
++ struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for
++ * AEAD until the API is
++ * restructured
++ */
++};
++
++#define iov_size sizeof(struct psa_ipc_crypto_pack_iovec)
++
++/**
++ * \brief Initialize the psa ipc crypto backend
++ *
++ * Initializes a crypto backend that uses the psa API client with a
++ * psa_ipc_backend caller to realize the PSA crypto API used by the crypto
++ * service proviser.
++ *
++ * \return PSA_SUCCESS if backend initialized successfully
++ */
++psa_status_t crypto_ipc_backend_init(struct rpc_caller *caller);
++
++/**
++ * \brief Clean-up to free any resource used by the crypto backend
++ */
++void crypto_ipc_backend_deinit(void);
++
++#ifdef __cplusplus
++} /* extern "C" */
++#endif
++
++#endif /* CRYPTO_IPC_BACKEND_H */
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller.h
+new file mode 100644
+index 000000000000..0a972187062f
+--- /dev/null
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller.h
+@@ -0,0 +1,34 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef PSA_IPC_CRYPTO_CALLER_H
++#define PSA_IPC_CRYPTO_CALLER_H
++
++/**
++ * Includes all header files that form the psa ipc crypto caller
++ * interface. May be used by a client that needs to call operations
++ * provided by a crypto service instance using the psa ipc interface.
++ */
++#include "crypto_caller_aead.h"
++#include "crypto_caller_asymmetric_decrypt.h"
++#include "crypto_caller_asymmetric_encrypt.h"
++#include "crypto_caller_cipher.h"
++#include "crypto_caller_copy_key.h"
++#include "crypto_caller_destroy_key.h"
++#include "crypto_caller_export_key.h"
++#include "crypto_caller_export_public_key.h"
++#include "crypto_caller_generate_key.h"
++#include "crypto_caller_generate_random.h"
++#include "crypto_caller_get_key_attributes.h"
++#include "crypto_caller_hash.h"
++#include "crypto_caller_import_key.h"
++#include "crypto_caller_key_derivation.h"
++#include "crypto_caller_mac.h"
++#include "crypto_caller_purge_key.h"
++#include "crypto_caller_sign_hash.h"
++#include "crypto_caller_verify_hash.h"
++
++#endif /* PSA_IPC_CRYPTO_CALLER_H */
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
+new file mode 100644
+index 000000000000..78517fe32ca9
+--- /dev/null
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
+@@ -0,0 +1,252 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef PSA_IPC_CRYPTO_CALLER_AEAD_H
++#define PSA_IPC_CRYPTO_CALLER_AEAD_H
++
++#include <string.h>
++#include <stdlib.h>
++#include <psa/crypto.h>
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <service/common/client/service_client.h>
++#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
++#include <protocols/rpc/common/packed-c/status.h>
++#include <protocols/service/crypto/packed-c/opcodes.h>
++#include <protocols/service/crypto/packed-c/key_attributes.h>
++#include <protocols/service/crypto/packed-c/import_key.h>
++#include "crypto_caller_key_attributes.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++static inline psa_status_t crypto_caller_aead_encrypt(
++ struct service_client *context,
++ psa_key_id_t key,
++ psa_algorithm_t alg,
++ const uint8_t *nonce,
++ size_t nonce_length,
++ const uint8_t *additional_data,
++ size_t additional_data_length,
++ const uint8_t *plaintext,
++ size_t plaintext_length,
++ uint8_t *aeadtext,
++ size_t aeadtext_size,
++ size_t *aeadtext_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ size_t in_len;
++ int i;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SID,
++ .key_id = key,
++ .alg = alg,
++ .aead_in = { .nonce = {0}, .nonce_length = nonce_length },
++ };
++
++ if (!additional_data && additional_data_length)
++ return PSA_ERROR_INVALID_ARGUMENT;
++
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ { .base = psa_ptr_const_to_u32(plaintext),
++ .len = plaintext_length },
++ { .base = psa_ptr_const_to_u32(additional_data),
++ .len = additional_data_length},
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(aeadtext), .len = aeadtext_size },
++ };
++
++ if (nonce_length > TFM_CRYPTO_MAX_NONCE_LENGTH)
++ return PSA_ERROR_INVALID_ARGUMENT;
++
++ if (nonce) {
++ for (i = 0; i < nonce_length; i++)
++ iov.aead_in.nonce[i] = nonce[i];
++ }
++
++ in_len = IOVEC_LEN(in_vec);
++
++ if (!additional_data)
++ in_len--;
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ in_len, out_vec, IOVEC_LEN(out_vec));
++
++ *aeadtext_length = out_vec[0].len;
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_aead_decrypt(
++ struct service_client *context,
++ psa_key_id_t key,
++ psa_algorithm_t alg,
++ const uint8_t *nonce,
++ size_t nonce_length,
++ const uint8_t *additional_data,
++ size_t additional_data_length,
++ const uint8_t *aeadtext,
++ size_t aeadtext_length,
++ uint8_t *plaintext,
++ size_t plaintext_size,
++ size_t *plaintext_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ size_t in_len;
++ int i;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SID,
++ .key_id = key,
++ .alg = alg,
++ .aead_in = { .nonce = {0}, .nonce_length = nonce_length },
++ };
++
++ if (!additional_data && additional_data_length)
++ return PSA_ERROR_INVALID_ARGUMENT;
++
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ { .base = psa_ptr_const_to_u32(aeadtext),
++ .len = aeadtext_length },
++ { .base = psa_ptr_const_to_u32(additional_data),
++ .len = additional_data_length},
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(plaintext), .len = plaintext_size },
++ };
++
++ if (nonce_length > TFM_CRYPTO_MAX_NONCE_LENGTH)
++ return PSA_ERROR_INVALID_ARGUMENT;
++
++ if (nonce) {
++ for (i = 0; i < nonce_length; i++)
++ iov.aead_in.nonce[i] = nonce[i];
++ }
++
++ in_len = IOVEC_LEN(in_vec);
++
++ if (!additional_data)
++ in_len--;
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ in_len, out_vec, IOVEC_LEN(out_vec));
++
++ *plaintext_length = out_vec[0].len;
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_aead_encrypt_setup(
++ struct service_client *context,
++ uint32_t *op_handle,
++ psa_key_id_t key,
++ psa_algorithm_t alg)
++{
++ return PSA_ERROR_NOT_SUPPORTED;
++}
++
++static inline psa_status_t crypto_caller_aead_decrypt_setup(
++ struct service_client *context,
++ uint32_t *op_handle,
++ psa_key_id_t key,
++ psa_algorithm_t alg)
++{
++ return PSA_ERROR_NOT_SUPPORTED;
++}
++
++static inline psa_status_t crypto_caller_aead_generate_nonce(
++ struct service_client *context,
++ uint32_t op_handle,
++ uint8_t *nonce,
++ size_t nonce_size,
++ size_t *nonce_length)
++{
++ return PSA_ERROR_NOT_SUPPORTED;
++}
++
++static inline psa_status_t crypto_caller_aead_set_nonce(
++ struct service_client *context,
++ uint32_t op_handle,
++ const uint8_t *nonce,
++ size_t nonce_length)
++{
++ return PSA_ERROR_NOT_SUPPORTED;
++}
++
++static inline psa_status_t crypto_caller_aead_set_lengths(
++ struct service_client *context,
++ uint32_t op_handle,
++ size_t ad_length,
++ size_t plaintext_length)
++{
++ return PSA_ERROR_NOT_SUPPORTED;
++}
++
++static inline psa_status_t crypto_caller_aead_update_ad(
++ struct service_client *context,
++ uint32_t op_handle,
++ const uint8_t *input,
++ size_t input_length)
++{
++ return PSA_ERROR_NOT_SUPPORTED;
++}
++
++static inline psa_status_t crypto_caller_aead_update(
++ struct service_client *context,
++ uint32_t op_handle,
++ const uint8_t *input,
++ size_t input_length,
++ uint8_t *output,
++ size_t output_size,
++ size_t *output_length)
++{
++ return PSA_ERROR_NOT_SUPPORTED;
++}
++
++static inline psa_status_t crypto_caller_aead_finish(
++ struct service_client *context,
++ uint32_t op_handle,
++ uint8_t *aeadtext,
++ size_t aeadtext_size,
++ size_t *aeadtext_length,
++ uint8_t *tag,
++ size_t tag_size,
++ size_t *tag_length)
++{
++ return PSA_ERROR_NOT_SUPPORTED;
++}
++
++static inline psa_status_t crypto_caller_aead_verify(
++ struct service_client *context,
++ uint32_t op_handle,
++ uint8_t *plaintext,
++ size_t plaintext_size,
++ size_t *plaintext_length,
++ const uint8_t *tag,
++ size_t tag_length)
++{
++ return PSA_ERROR_NOT_SUPPORTED;
++}
++
++static inline psa_status_t crypto_caller_aead_abort(
++ struct service_client *context,
++ uint32_t op_handle)
++{
++ return PSA_ERROR_NOT_SUPPORTED;
++}
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* PSA_IPC_CRYPTO_CALLER_AEAD_H */
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
+new file mode 100644
+index 000000000000..ff01815c09e9
+--- /dev/null
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
+@@ -0,0 +1,76 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H
++#define PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H
++
++#include <string.h>
++#include <stdlib.h>
++#include <psa/crypto.h>
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <service/common/client/service_client.h>
++#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
++#include <protocols/rpc/common/packed-c/status.h>
++#include <protocols/service/crypto/packed-c/opcodes.h>
++#include <protocols/service/crypto/packed-c/key_attributes.h>
++#include <protocols/service/crypto/packed-c/import_key.h>
++#include "crypto_caller_key_attributes.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++static inline psa_status_t crypto_caller_asymmetric_decrypt(
++ struct service_client *context,
++ psa_key_id_t id,
++ psa_algorithm_t alg,
++ const uint8_t *input, size_t input_length,
++ const uint8_t *salt, size_t salt_length,
++ uint8_t *output, size_t output_size,
++ size_t *output_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ size_t in_len;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
++ .key_id = id,
++ .alg = alg,
++ };
++
++ /* Sanitize optional input */
++ if (!salt && salt_length)
++ return PSA_ERROR_INVALID_ARGUMENT;
++
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ { .base = psa_ptr_const_to_u32(input), .len = input_length },
++ { .base = psa_ptr_const_to_u32(salt), .len = salt_length },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(output), .len = output_size },
++ };
++
++
++ in_len = IOVEC_LEN(in_vec);
++ if (!salt)
++ in_len--;
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ in_len, out_vec, IOVEC_LEN(out_vec));
++
++ *output_length = out_vec[0].len;
++
++ return status;
++}
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H */
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
+new file mode 100644
+index 000000000000..1daf1689c076
+--- /dev/null
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
+@@ -0,0 +1,76 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H
++#define PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H
++
++#include <string.h>
++#include <stdlib.h>
++#include <psa/crypto.h>
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <service/common/client/service_client.h>
++#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
++#include <protocols/rpc/common/packed-c/status.h>
++#include <protocols/service/crypto/packed-c/opcodes.h>
++#include <protocols/service/crypto/packed-c/key_attributes.h>
++#include <protocols/service/crypto/packed-c/import_key.h>
++#include "crypto_caller_key_attributes.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++static inline psa_status_t crypto_caller_asymmetric_encrypt(
++ struct service_client *context,
++ psa_key_id_t id,
++ psa_algorithm_t alg,
++ const uint8_t *input, size_t input_length,
++ const uint8_t *salt, size_t salt_length,
++ uint8_t *output, size_t output_size,
++ size_t *output_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ size_t in_len;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
++ .key_id = id,
++ .alg = alg,
++ };
++
++ /* Sanitize optional input */
++ if (!salt && salt_length)
++ return PSA_ERROR_INVALID_ARGUMENT;
++
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ { .base = psa_ptr_const_to_u32(input), .len = input_length },
++ { .base = psa_ptr_const_to_u32(salt), .len = salt_length },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(output), .len = output_size },
++ };
++
++
++ in_len = IOVEC_LEN(in_vec);
++ if (!salt)
++ in_len--;
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ in_len, out_vec, IOVEC_LEN(out_vec));
++
++ *output_length = out_vec[0].len;
++
++ return status;
++}
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H */
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
+new file mode 100644
+index 000000000000..fbefb28d813a
+--- /dev/null
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
+@@ -0,0 +1,246 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef PSA_IPC_CRYPTO_CALLER_CIPHER_H
++#define PSA_IPC_CRYPTO_CALLER_CIPHER_H
++
++#include <string.h>
++#include <stdlib.h>
++#include <psa/crypto.h>
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <service/common/client/service_client.h>
++#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
++#include <protocols/rpc/common/packed-c/status.h>
++#include <protocols/service/crypto/packed-c/opcodes.h>
++#include <protocols/service/crypto/packed-c/key_attributes.h>
++#include <protocols/service/crypto/packed-c/import_key.h>
++#include "crypto_caller_key_attributes.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++static inline psa_status_t crypto_caller_cipher_encrypt_setup(
++ struct service_client *context,
++ uint32_t *op_handle,
++ psa_key_id_t key,
++ psa_algorithm_t alg)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
++ .key_id = key,
++ .alg = alg,
++ .op_handle = *op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_cipher_decrypt_setup(
++ struct service_client *context,
++ uint32_t *op_handle,
++ psa_key_id_t key,
++ psa_algorithm_t alg)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
++ .key_id = key,
++ .alg = alg,
++ .op_handle = *op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_cipher_generate_iv(
++ struct service_client *context,
++ uint32_t op_handle,
++ uint8_t *iv,
++ size_t iv_size,
++ size_t *iv_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID,
++ .op_handle = op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
++ { .base = psa_ptr_to_u32(iv), .len = iv_size },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ *iv_length = out_vec[1].len;
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_cipher_set_iv(
++ struct service_client *context,
++ uint32_t op_handle,
++ const uint8_t *iv,
++ size_t iv_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_CIPHER_SET_IV_SID,
++ .op_handle = op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ { .base = psa_ptr_const_to_u32(iv), .len = iv_length },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_cipher_update(
++ struct service_client *context,
++ uint32_t op_handle,
++ const uint8_t *input,
++ size_t input_length,
++ uint8_t *output,
++ size_t output_size,
++ size_t *output_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_CIPHER_UPDATE_SID,
++ .op_handle = op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ { .base = psa_ptr_const_to_u32(input), .len = input_length },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
++ { .base = psa_ptr_to_u32(output), .len = output_size },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ *output_length = out_vec[1].len;
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_cipher_finish(
++ struct service_client *context,
++ uint32_t op_handle,
++ uint8_t *output,
++ size_t output_size,
++ size_t *output_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_CIPHER_FINISH_SID,
++ .op_handle = op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
++ { .base = psa_ptr_to_u32(output), .len = output_size },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ *output_length = out_vec[1].len;
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_cipher_abort(
++ struct service_client *context,
++ uint32_t op_handle)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_CIPHER_ABORT_SID,
++ .op_handle = op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++static inline size_t crypto_caller_cipher_max_update_size(const struct service_client *context)
++{
++ /* Returns the maximum number of bytes that may be
++ * carried as a parameter of the cipher_update operation
++ * using the ipc encoding.
++ */
++ size_t payload_space = context->service_info.max_payload;
++ size_t overhead = iov_size;
++
++ /* Allow for output to be a whole number of blocks */
++ overhead += PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE;
++
++ return (payload_space > overhead) ? payload_space - overhead : 0;
++}
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* PSA_IPC_CRYPTO_CALLER_CIPHER_H */
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
+new file mode 100644
+index 000000000000..9a988171b098
+--- /dev/null
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
+@@ -0,0 +1,57 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef PSA_IPC_CRYPTO_CALLER_COPY_KEY_H
++#define PSA_IPC_CRYPTO_CALLER_COPY_KEY_H
++
++#include <string.h>
++#include <stdlib.h>
++#include <psa/crypto.h>
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <service/common/client/service_client.h>
++#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
++#include <protocols/rpc/common/packed-c/status.h>
++#include <protocols/service/crypto/packed-c/opcodes.h>
++#include <protocols/service/crypto/packed-c/key_attributes.h>
++#include <protocols/service/crypto/packed-c/import_key.h>
++#include "crypto_caller_key_attributes.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++static inline psa_status_t crypto_caller_copy_key(struct service_client *context,
++ psa_key_id_t source_key,
++ const psa_key_attributes_t *attributes,
++ psa_key_id_t *target_key)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_COPY_KEY_SID,
++ .key_id = source_key,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
++ { .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(target_key), .len = sizeof(psa_key_id_t) }
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* PSA_IPC_CRYPTO_CALLER_COPY_KEY_H */
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
+new file mode 100644
+index 000000000000..d00f4faa7a52
+--- /dev/null
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
+@@ -0,0 +1,51 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H
++#define PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H
++
++#include <string.h>
++#include <stdlib.h>
++#include <psa/crypto.h>
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <service/common/client/service_client.h>
++#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
++#include <protocols/rpc/common/packed-c/status.h>
++#include <protocols/service/crypto/packed-c/opcodes.h>
++#include <protocols/service/crypto/packed-c/key_attributes.h>
++#include <protocols/service/crypto/packed-c/import_key.h>
++#include "crypto_caller_key_attributes.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++static inline psa_status_t crypto_caller_destroy_key(struct service_client *context,
++ psa_key_id_t id)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_DESTROY_KEY_SID,
++ .key_id = id,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), NULL, 0);
++
++ return status;
++}
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H */
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
+new file mode 100644
+index 000000000000..8ac5477f7b9a
+--- /dev/null
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
+@@ -0,0 +1,59 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H
++#define PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H
++
++#include <string.h>
++#include <stdlib.h>
++#include <psa/crypto.h>
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <service/common/client/service_client.h>
++#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
++#include <protocols/rpc/common/packed-c/status.h>
++#include <protocols/service/crypto/packed-c/opcodes.h>
++#include <protocols/service/crypto/packed-c/key_attributes.h>
++#include <protocols/service/crypto/packed-c/import_key.h>
++#include "crypto_caller_key_attributes.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++static inline psa_status_t crypto_caller_export_key(struct service_client *context,
++ psa_key_id_t id,
++ uint8_t *data,
++ size_t data_size,
++ size_t *data_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_EXPORT_KEY_SID,
++ .key_id = id,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(data), .len = data_size }
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ *data_length = out_vec[0].len;
++
++ return status;
++}
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H */
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
+new file mode 100644
+index 000000000000..b24c47f1257e
+--- /dev/null
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
+@@ -0,0 +1,59 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H
++#define PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H
++
++#include <string.h>
++#include <stdlib.h>
++#include <psa/crypto.h>
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <service/common/client/service_client.h>
++#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
++#include <protocols/rpc/common/packed-c/status.h>
++#include <protocols/service/crypto/packed-c/opcodes.h>
++#include <protocols/service/crypto/packed-c/key_attributes.h>
++#include <protocols/service/crypto/packed-c/import_key.h>
++#include "crypto_caller_key_attributes.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++static inline psa_status_t crypto_caller_export_public_key(struct service_client *context,
++ psa_key_id_t id,
++ uint8_t *data,
++ size_t data_size,
++ size_t *data_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
++ .key_id = id,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(data), .len = data_size }
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ *data_length = out_vec[0].len;
++
++ return status;
++}
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H */
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
+new file mode 100644
+index 000000000000..1b66ed4020de
+--- /dev/null
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
+@@ -0,0 +1,55 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H
++#define PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H
++
++#include <string.h>
++#include <stdlib.h>
++#include <psa/crypto.h>
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <service/common/client/service_client.h>
++#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
++#include <protocols/rpc/common/packed-c/status.h>
++#include <protocols/service/crypto/packed-c/opcodes.h>
++#include <protocols/service/crypto/packed-c/key_attributes.h>
++#include <protocols/service/crypto/packed-c/import_key.h>
++#include "crypto_caller_key_attributes.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++static inline psa_status_t crypto_caller_generate_key(struct service_client *context,
++ const psa_key_attributes_t *attributes,
++ psa_key_id_t *id)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_GENERATE_KEY_SID,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
++ { .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(id), .len = sizeof(psa_key_id_t) }
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H */
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
+new file mode 100644
+index 000000000000..7c538237805a
+--- /dev/null
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
+@@ -0,0 +1,57 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H
++#define PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H
++
++#include <string.h>
++#include <stdlib.h>
++#include <psa/crypto.h>
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <service/common/client/service_client.h>
++#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
++#include <protocols/rpc/common/packed-c/status.h>
++#include <protocols/service/crypto/packed-c/opcodes.h>
++#include <protocols/service/crypto/packed-c/key_attributes.h>
++#include <protocols/service/crypto/packed-c/import_key.h>
++#include "crypto_caller_key_attributes.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++static inline psa_status_t crypto_caller_generate_random(struct service_client *context,
++ uint8_t *output,
++ size_t output_size)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_GENERATE_RANDOM_SID,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(output), .len = output_size }
++ };
++
++ if (!output_size)
++ return PSA_SUCCESS;
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H */
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
+new file mode 100644
+index 000000000000..22f1d18f1476
+--- /dev/null
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
+@@ -0,0 +1,56 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H
++#define PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H
++
++#include <string.h>
++#include <stdlib.h>
++#include <psa/crypto.h>
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <service/common/client/service_client.h>
++#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
++#include <protocols/rpc/common/packed-c/status.h>
++#include <protocols/service/crypto/packed-c/opcodes.h>
++#include <protocols/service/crypto/packed-c/key_attributes.h>
++#include <protocols/service/crypto/packed-c/import_key.h>
++#include "crypto_caller_key_attributes.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++static inline psa_status_t crypto_caller_get_key_attributes(
++ struct service_client *context,
++ psa_key_id_t key,
++ psa_key_attributes_t *attributes)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID,
++ .key_id = key,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(attributes), .len = sizeof(psa_key_attributes_t) }
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H */
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
+new file mode 100644
+index 000000000000..9f37908a2f25
+--- /dev/null
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
+@@ -0,0 +1,220 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef PSA_IPC_CRYPTO_CALLER_HASH_H
++#define PSA_IPC_CRYPTO_CALLER_HASH_H
++
++#include <string.h>
++#include <stdlib.h>
++#include <psa/crypto.h>
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <service/common/client/service_client.h>
++#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
++#include <protocols/rpc/common/packed-c/status.h>
++#include <protocols/service/crypto/packed-c/opcodes.h>
++#include <protocols/service/crypto/packed-c/key_attributes.h>
++#include <protocols/service/crypto/packed-c/import_key.h>
++#include "crypto_caller_key_attributes.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++static inline psa_status_t crypto_caller_hash_setup(
++ struct service_client *context,
++ uint32_t *op_handle,
++ psa_algorithm_t alg)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_HASH_SETUP_SID,
++ .alg = alg,
++ .op_handle = *op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_hash_update(
++ struct service_client *context,
++ uint32_t op_handle,
++ const uint8_t *input,
++ size_t input_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_HASH_UPDATE_SID,
++ .op_handle = op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ { .base = psa_ptr_const_to_u32(input), .len = input_length },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_hash_finish(
++ struct service_client *context,
++ uint32_t op_handle,
++ uint8_t *hash,
++ size_t hash_size,
++ size_t *hash_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_HASH_FINISH_SID,
++ .op_handle = op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
++ { .base = psa_ptr_to_u32(hash), .len = hash_size},
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ *hash_length = out_vec[1].len;
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_hash_abort(
++ struct service_client *context,
++ uint32_t op_handle)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_HASH_ABORT_SID,
++ .op_handle = op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_hash_verify(
++ struct service_client *context,
++ uint32_t op_handle,
++ const uint8_t *hash,
++ size_t hash_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_HASH_VERIFY_SID,
++ .op_handle = op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ { .base = psa_ptr_const_to_u32(hash), .len = hash_length},
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_hash_clone(
++ struct service_client *context,
++ uint32_t source_op_handle,
++ uint32_t *target_op_handle)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_HASH_CLONE_SID,
++ .op_handle = source_op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(target_op_handle),
++ .len = sizeof(uint32_t) },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_hash_suspend(struct service_client *context,
++ uint32_t op_handle,
++ uint8_t *hash_state,
++ size_t hash_state_size,
++ size_t *hash_state_length)
++{
++ return PSA_ERROR_NOT_SUPPORTED;
++}
++
++static inline psa_status_t crypto_caller_hash_resume(struct service_client *context,
++ uint32_t op_handle,
++ const uint8_t *hash_state,
++ size_t hash_state_length)
++{
++ return PSA_ERROR_NOT_SUPPORTED;
++}
++
++static inline size_t crypto_caller_hash_max_update_size(const struct service_client *context)
++{
++ /* Returns the maximum number of bytes that may be
++ * carried as a parameter of the hash_update operation
++ * using the packed-c encoding.
++ */
++ size_t payload_space = context->service_info.max_payload;
++ size_t overhead = iov_size;
++
++ return (payload_space > overhead) ? payload_space - overhead : 0;
++}
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* PSA_IPC_CRYPTO_CALLER_HASH_H */
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
+new file mode 100644
+index 000000000000..d47033662790
+--- /dev/null
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
+@@ -0,0 +1,57 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef PSA_IPC_CRYPTO_CALLER_IMPORT_KEY_H
++#define PSA_IPC_CRYPTO_CALLER_IMPORT_KEY_H
++
++#include <string.h>
++#include <stdlib.h>
++#include <psa/crypto.h>
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <service/common/client/service_client.h>
++#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
++#include <protocols/rpc/common/packed-c/status.h>
++#include <protocols/service/crypto/packed-c/opcodes.h>
++#include <protocols/service/crypto/packed-c/key_attributes.h>
++#include <protocols/service/crypto/packed-c/import_key.h>
++#include "crypto_caller_key_attributes.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++static inline psa_status_t crypto_caller_import_key(struct service_client *context,
++ const psa_key_attributes_t *attributes,
++ const uint8_t *data, size_t data_length,
++ psa_key_id_t *id)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_IMPORT_KEY_SID,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
++ { .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) },
++ { .base = psa_ptr_const_to_u32(data), .len = data_length }
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(id), .len = sizeof(psa_key_id_t) }
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* PACKEDC_CRYPTO_CALLER_IMPORT_KEY_H */
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h
+new file mode 100644
+index 000000000000..2fad2f0a64e6
+--- /dev/null
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h
+@@ -0,0 +1,51 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H
++#define PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H
++
++#include <psa/crypto.h>
++#include <protocols/service/crypto/packed-c/key_attributes.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++static inline void packedc_crypto_caller_translate_key_attributes_to_proto(
++ struct ts_crypto_key_attributes *proto_attributes,
++ const psa_key_attributes_t *psa_attributes)
++{
++ proto_attributes->type = psa_get_key_type(psa_attributes);
++ proto_attributes->key_bits = psa_get_key_bits(psa_attributes);
++ proto_attributes->lifetime = psa_get_key_lifetime(psa_attributes);
++ proto_attributes->id = psa_get_key_id(psa_attributes);
++
++ proto_attributes->policy.usage = psa_get_key_usage_flags(psa_attributes);
++ proto_attributes->policy.alg = psa_get_key_algorithm(psa_attributes);
++ }
++
++static inline void packedc_crypto_caller_translate_key_attributes_from_proto(
++ psa_key_attributes_t *psa_attributes,
++ const struct ts_crypto_key_attributes *proto_attributes)
++{
++ psa_set_key_type(psa_attributes, proto_attributes->type);
++ psa_set_key_bits(psa_attributes, proto_attributes->key_bits);
++ psa_set_key_lifetime(psa_attributes, proto_attributes->lifetime);
++
++ if (proto_attributes->lifetime == PSA_KEY_LIFETIME_PERSISTENT) {
++
++ psa_set_key_id(psa_attributes, proto_attributes->id);
++ }
++
++ psa_set_key_usage_flags(psa_attributes, proto_attributes->policy.usage);
++ psa_set_key_algorithm(psa_attributes, proto_attributes->policy.alg);
++}
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H */
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
+new file mode 100644
+index 000000000000..5ce4fb6cca82
+--- /dev/null
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
+@@ -0,0 +1,298 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H
++#define PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H
++
++#include <string.h>
++#include <stdlib.h>
++#include <psa/crypto.h>
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <service/common/client/service_client.h>
++#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
++#include <protocols/rpc/common/packed-c/status.h>
++#include <protocols/service/crypto/packed-c/opcodes.h>
++#include <protocols/service/crypto/packed-c/key_attributes.h>
++#include <protocols/service/crypto/packed-c/import_key.h>
++#include "crypto_caller_key_attributes.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++static inline psa_status_t crypto_caller_key_derivation_setup(
++ struct service_client *context,
++ uint32_t *op_handle,
++ psa_algorithm_t alg)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID,
++ .alg = alg,
++ .op_handle = *op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_key_derivation_get_capacity(
++ struct service_client *context,
++ const uint32_t op_handle,
++ size_t *capacity)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID,
++ .op_handle = op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(capacity), .len = sizeof(uint32_t) }
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_key_derivation_set_capacity(
++ struct service_client *context,
++ uint32_t op_handle,
++ size_t capacity)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID,
++ .capacity = capacity,
++ .op_handle = op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), NULL, 0);
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_key_derivation_input_bytes(
++ struct service_client *context,
++ uint32_t op_handle,
++ psa_key_derivation_step_t step,
++ const uint8_t *data,
++ size_t data_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID,
++ .step = step,
++ .op_handle = op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ { .base = psa_ptr_const_to_u32(data), .len = data_length },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), NULL, 0);
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_key_derivation_input_key(
++ struct service_client *context,
++ uint32_t op_handle,
++ psa_key_derivation_step_t step,
++ psa_key_id_t key)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
++ .key_id = key,
++ .step = step,
++ .op_handle = op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), NULL, 0);
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_key_derivation_output_bytes(
++ struct service_client *context,
++ uint32_t op_handle,
++ uint8_t *output,
++ size_t output_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID,
++ .op_handle = op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(output), .len = output_length },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_key_derivation_output_key(
++ struct service_client *context,
++ const psa_key_attributes_t *attributes,
++ uint32_t op_handle,
++ psa_key_id_t *key)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID,
++ .op_handle = op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ { .base = psa_ptr_const_to_u32(attributes),
++ .len = sizeof(psa_key_attributes_t) },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(key), .len = sizeof(psa_key_id_t)},
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_key_derivation_abort(
++ struct service_client *context,
++ uint32_t op_handle)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID,
++ .op_handle = op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_key_derivation_key_agreement(
++ struct service_client *context,
++ uint32_t op_handle,
++ psa_key_derivation_step_t step,
++ psa_key_id_t private_key,
++ const uint8_t *peer_key,
++ size_t peer_key_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
++ .key_id = private_key,
++ .step = step,
++ .op_handle = op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ { .base = psa_ptr_const_to_u32(peer_key),
++ .len = peer_key_length},
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), NULL, 0);
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_raw_key_agreement(
++ struct service_client *context,
++ psa_algorithm_t alg,
++ psa_key_id_t private_key,
++ const uint8_t *peer_key,
++ size_t peer_key_length,
++ uint8_t *output,
++ size_t output_size,
++ size_t *output_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
++ .alg = alg,
++ .key_id = private_key,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ { .base = psa_ptr_const_to_u32(peer_key),
++ .len = peer_key_length},
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(output), .len = output_size },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ *output_length = out_vec[0].len;
++
++ return status;
++}
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H */
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
+new file mode 100644
+index 000000000000..3a820192495a
+--- /dev/null
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
+@@ -0,0 +1,207 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef PSA_IPC_CRYPTO_CALLER_MAC_H
++#define PSA_IPC_CRYPTO_CALLER_MAC_H
++
++#include <string.h>
++#include <stdlib.h>
++#include <psa/crypto.h>
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <service/common/client/service_client.h>
++#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
++#include <protocols/rpc/common/packed-c/status.h>
++#include <protocols/service/crypto/packed-c/opcodes.h>
++#include <protocols/service/crypto/packed-c/key_attributes.h>
++#include <protocols/service/crypto/packed-c/import_key.h>
++#include "crypto_caller_key_attributes.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++static inline psa_status_t crypto_caller_mac_sign_setup(
++ struct service_client *context,
++ uint32_t *op_handle,
++ psa_key_id_t key,
++ psa_algorithm_t alg)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID,
++ .key_id = key,
++ .alg = alg,
++ .op_handle = *op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_mac_verify_setup(
++ struct service_client *context,
++ uint32_t *op_handle,
++ psa_key_id_t key,
++ psa_algorithm_t alg)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
++ .key_id = key,
++ .alg = alg,
++ .op_handle = *op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_mac_update(
++ struct service_client *context,
++ uint32_t op_handle,
++ const uint8_t *input,
++ size_t input_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_MAC_UPDATE_SID,
++ .op_handle = op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ { .base = psa_ptr_const_to_u32(input), .len = input_length },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_mac_sign_finish(
++ struct service_client *context,
++ uint32_t op_handle,
++ uint8_t *mac,
++ size_t mac_size,
++ size_t *mac_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID,
++ .op_handle = op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
++ { .base = psa_ptr_to_u32(mac), .len = mac_size },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ *mac_length = out_vec[1].len;
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_mac_verify_finish(
++ struct service_client *context,
++ uint32_t op_handle,
++ const uint8_t *mac,
++ size_t mac_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID,
++ .op_handle = op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ { .base = psa_ptr_const_to_u32(mac), .len = mac_length },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++static inline psa_status_t crypto_caller_mac_abort(
++ struct service_client *context,
++ uint32_t op_handle)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_MAC_ABORT_SID,
++ .op_handle = op_handle,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
++}
++
++static inline size_t crypto_caller_mac_max_update_size(const struct service_client *context)
++{
++ /* Returns the maximum number of bytes that may be
++ * carried as a parameter of the mac_update operation
++ * using the packed-c encoding.
++ */
++ size_t payload_space = context->service_info.max_payload;
++ size_t overhead = iov_size;
++
++ return (payload_space > overhead) ? payload_space - overhead : 0;
++}
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* PSA_IPC_CRYPTO_CALLER_MAC_H */
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
+new file mode 100644
+index 000000000000..a3a796e2166c
+--- /dev/null
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
+@@ -0,0 +1,51 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef PACKEDC_CRYPTO_CALLER_PURGE_KEY_H
++#define PACKEDC_CRYPTO_CALLER_PURGE_KEY_H
++
++#include <string.h>
++#include <stdlib.h>
++#include <psa/crypto.h>
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <service/common/client/service_client.h>
++#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
++#include <protocols/rpc/common/packed-c/status.h>
++#include <protocols/service/crypto/packed-c/opcodes.h>
++#include <protocols/service/crypto/packed-c/key_attributes.h>
++#include <protocols/service/crypto/packed-c/import_key.h>
++#include "crypto_caller_key_attributes.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++static inline psa_status_t crypto_caller_purge_key(struct service_client *context,
++ psa_key_id_t id)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_PURGE_KEY_SID,
++ .key_id = id,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), NULL, 0);
++
++ return status;
++}
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* PACKEDC_CRYPTO_CALLER_PURGE_KEY_H */
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
+new file mode 100644
+index 000000000000..71d88cededf5
+--- /dev/null
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
+@@ -0,0 +1,64 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H
++#define PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H
++
++#include <string.h>
++#include <stdlib.h>
++#include <psa/crypto.h>
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <service/common/client/service_client.h>
++#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
++#include <protocols/rpc/common/packed-c/status.h>
++#include <protocols/service/crypto/packed-c/opcodes.h>
++#include <protocols/service/crypto/packed-c/key_attributes.h>
++#include <protocols/service/crypto/packed-c/import_key.h>
++#include "crypto_caller_key_attributes.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++static inline psa_status_t crypto_caller_sign_hash(struct service_client *context,
++ psa_key_id_t id,
++ psa_algorithm_t alg,
++ const uint8_t *hash,
++ size_t hash_length,
++ uint8_t *signature,
++ size_t signature_size,
++ size_t *signature_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_SIGN_HASH_SID,
++ .key_id = id,
++ .alg = alg,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ { .base = psa_ptr_const_to_u32(hash), .len = hash_length },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(signature), .len = signature_size },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ *signature_length = out_vec[0].len;
++
++ return status;
++}
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H */
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
+new file mode 100644
+index 000000000000..e16f6e5450af
+--- /dev/null
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
+@@ -0,0 +1,59 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H
++#define PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H
++
++#include <string.h>
++#include <stdlib.h>
++#include <psa/crypto.h>
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <service/common/client/service_client.h>
++#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
++#include <protocols/rpc/common/packed-c/status.h>
++#include <protocols/service/crypto/packed-c/opcodes.h>
++#include <protocols/service/crypto/packed-c/key_attributes.h>
++#include <protocols/service/crypto/packed-c/import_key.h>
++#include "crypto_caller_key_attributes.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++static inline psa_status_t crypto_caller_verify_hash(struct service_client *context,
++ psa_key_id_t id,
++ psa_algorithm_t alg,
++ const uint8_t *hash,
++ size_t hash_length,
++ const uint8_t *signature,
++ size_t signature_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_VERIFY_HASH_SID,
++ .key_id = id,
++ .alg = alg,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
++ { .base = psa_ptr_const_to_u32(hash), .len = hash_length },
++ { .base = psa_ptr_const_to_u32(signature), .len = signature_length},
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), NULL, 0);
++
++ return status;
++}
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H */
+diff --git a/components/service/crypto/include/psa/crypto_client_struct.h b/components/service/crypto/include/psa/crypto_client_struct.h
+index abd420c82607..bf95c9821e55 100644
+--- a/components/service/crypto/include/psa/crypto_client_struct.h
++++ b/components/service/crypto/include/psa/crypto_client_struct.h
+@@ -31,12 +31,12 @@ extern "C" {
+ * data structure internally. */
+ struct psa_client_key_attributes_s
+ {
++ uint16_t type;
++ uint16_t bits;
+ uint32_t lifetime;
+- uint32_t id;
+- uint32_t alg;
++ psa_key_id_t id;
+ uint32_t usage;
+- size_t bits;
+- uint16_t type;
++ uint32_t alg;
+ };
+
+ #define PSA_CLIENT_KEY_ATTRIBUTES_INIT {0, 0, 0, 0, 0, 0}
+diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h
+index 7a0149bbca62..4d7bf6e959b0 100644
+--- a/components/service/crypto/include/psa/crypto_sizes.h
++++ b/components/service/crypto/include/psa/crypto_sizes.h
+@@ -81,7 +81,7 @@
+ #define PSA_HASH_MAX_SIZE 64
+ #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
+ #else
+-#define PSA_HASH_MAX_SIZE 32
++#define PSA_HASH_MAX_SIZE 64
+ #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
+ #endif
+
+diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
+index 1110ac46bf8b..7edeef8b434a 100644
+--- a/deployments/se-proxy/common/service_proxy_factory.c
++++ b/deployments/se-proxy/common/service_proxy_factory.c
+@@ -15,7 +15,7 @@
+ #include <trace.h>
+
+ /* Stub backends */
+-#include <service/crypto/backend/stub/stub_crypto_backend.h>
++#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
+ #include <service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h>
+ #include <service/secure_storage/backend/mock_store/mock_store.h>
+
+@@ -47,12 +47,17 @@ struct rpc_interface *crypto_proxy_create(void)
+ {
+ struct rpc_interface *crypto_iface = NULL;
+ struct crypto_provider *crypto_provider;
++ struct rpc_caller *crypto_caller;
+
+- if (stub_crypto_backend_init() == PSA_SUCCESS) {
++ crypto_caller = openamp_caller_init(&openamp);
++ if (!crypto_caller)
++ return NULL;
++
++ if (crypto_ipc_backend_init(&openamp.rpc_caller) != PSA_SUCCESS)
++ return NULL;
+
+- crypto_provider = crypto_provider_factory_create();
+- crypto_iface = service_provider_get_rpc_interface(&crypto_provider->base_provider);
+- }
++ crypto_provider = crypto_provider_factory_create();
++ crypto_iface = service_provider_get_rpc_interface(&crypto_provider->base_provider);
+
+ return crypto_iface;
+ }
+diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
+index 38d26821d44d..f647190d9559 100644
+--- a/deployments/se-proxy/se-proxy.cmake
++++ b/deployments/se-proxy/se-proxy.cmake
+@@ -57,7 +57,7 @@ add_components(TARGET "se-proxy"
+ "components/rpc/dummy"
+ "components/rpc/common/caller"
+ "components/service/attestation/key_mngr/stub"
+- "components/service/crypto/backend/stub"
++ "components/service/crypto/backend/psa_ipc"
+ "components/service/crypto/client/psa"
+ "components/service/secure_storage/backend/mock_store"
+ )
+diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
+index bb778bb9719b..51e5faa3e4d8 100644
+--- a/platform/providers/arm/corstone1000/platform.cmake
++++ b/platform/providers/arm/corstone1000/platform.cmake
+@@ -8,3 +8,5 @@
+
+ # include MHU driver
+ include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake)
++
++add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+--
+2.38.0
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch
new file mode 100644
index 0000000..1a6e8f5
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch
@@ -0,0 +1,436 @@
+From 6b8ebdeb8caa6326ae2a4befaf4410a7a54d4e02 Mon Sep 17 00:00:00 2001
+From: Julian Hall <julian.hall@arm.com>
+Date: Tue, 12 Oct 2021 15:45:41 +0100
+Subject: [PATCH 13/19] Add stub capsule update service components
+
+To facilitate development of a capsule update service provider,
+stub components are added to provide a starting point for an
+implementation. The capsule update service provider is integrated
+into the se-proxy/common deployment.
+
+Upstream-Status: Pending
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+Signed-off-by: Julian Hall <julian.hall@arm.com>
+Change-Id: I0d4049bb4de5af7ca80806403301692507085d28
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ .../backend/capsule_update_backend.h | 24 ++++
+ .../provider/capsule_update_provider.c | 133 ++++++++++++++++++
+ .../provider/capsule_update_provider.h | 51 +++++++
+ .../capsule_update/provider/component.cmake | 13 ++
+ deployments/se-proxy/common/se_proxy_sp.c | 3 +
+ .../se-proxy/common/service_proxy_factory.c | 16 +++
+ .../se-proxy/common/service_proxy_factory.h | 1 +
+ deployments/se-proxy/se-proxy.cmake | 1 +
+ deployments/se-proxy/se_proxy_interfaces.h | 9 +-
+ .../capsule_update/capsule_update_proto.h | 13 ++
+ protocols/service/capsule_update/opcodes.h | 17 +++
+ protocols/service/capsule_update/parameters.h | 15 ++
+ 12 files changed, 292 insertions(+), 4 deletions(-)
+ create mode 100644 components/service/capsule_update/backend/capsule_update_backend.h
+ create mode 100644 components/service/capsule_update/provider/capsule_update_provider.c
+ create mode 100644 components/service/capsule_update/provider/capsule_update_provider.h
+ create mode 100644 components/service/capsule_update/provider/component.cmake
+ create mode 100644 protocols/service/capsule_update/capsule_update_proto.h
+ create mode 100644 protocols/service/capsule_update/opcodes.h
+ create mode 100644 protocols/service/capsule_update/parameters.h
+
+diff --git a/components/service/capsule_update/backend/capsule_update_backend.h b/components/service/capsule_update/backend/capsule_update_backend.h
+new file mode 100644
+index 000000000000..f3144ff1d7d5
+--- /dev/null
++++ b/components/service/capsule_update/backend/capsule_update_backend.h
+@@ -0,0 +1,24 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef CAPSULE_UPDATE_BACKEND_H
++#define CAPSULE_UPDATE_BACKEND_H
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * Defines the common capsule update backend interface. Concrete backends
++ * implement this interface for different types of platform.
++ */
++
++
++#ifdef __cplusplus
++} /* extern "C" */
++#endif
++
++#endif /* CAPSULE_UPDATE_BACKEND_H */
+diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
+new file mode 100644
+index 000000000000..e133753f8560
+--- /dev/null
++++ b/components/service/capsule_update/provider/capsule_update_provider.c
+@@ -0,0 +1,133 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <trace.h>
++
++#include <protocols/service/capsule_update/capsule_update_proto.h>
++#include <protocols/rpc/common/packed-c/status.h>
++#include "capsule_update_provider.h"
++
++
++#define CAPSULE_UPDATE_REQUEST (0x1)
++#define KERNEL_STARTED_EVENT (0x2)
++
++enum corstone1000_ioctl_id_t {
++ IOCTL_CORSTONE1000_FWU_FLASH_IMAGES = 0,
++ IOCTL_CORSTONE1000_FWU_HOST_ACK,
++};
++
++/* Service request handlers */
++static rpc_status_t update_capsule_handler(void *context, struct call_req *req);
++static rpc_status_t boot_confirmed_handler(void *context, struct call_req *req);
++
++/* Handler mapping table for service */
++static const struct service_handler handler_table[] = {
++ {CAPSULE_UPDATE_OPCODE_UPDATE_CAPSULE, update_capsule_handler},
++ {CAPSULE_UPDATE_OPCODE_BOOT_CONFIRMED, boot_confirmed_handler}
++};
++
++struct rpc_interface *capsule_update_provider_init(
++ struct capsule_update_provider *context)
++{
++ struct rpc_interface *rpc_interface = NULL;
++
++ if (context) {
++
++ service_provider_init(
++ &context->base_provider,
++ context,
++ handler_table,
++ sizeof(handler_table)/sizeof(struct service_handler));
++
++ rpc_interface = service_provider_get_rpc_interface(&context->base_provider);
++ }
++
++ return rpc_interface;
++}
++
++void capsule_update_provider_deinit(struct capsule_update_provider *context)
++{
++ (void)context;
++}
++
++static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
++{
++ uint32_t ioctl_id;
++ psa_handle_t handle;
++ rpc_status_t rpc_status = TS_RPC_CALL_ACCEPTED;
++
++ struct psa_invec in_vec[] = {
++ { .base = &ioctl_id, .len = sizeof(ioctl_id) }
++ };
++
++ if(!caller) {
++ EMSG("event_handler rpc_caller is NULL");
++ rpc_status = TS_RPC_ERROR_RESOURCE_FAILURE;
++ return rpc_status;
++ }
++
++ IMSG("event handler opcode %x", opcode);
++ switch(opcode) {
++ case CAPSULE_UPDATE_REQUEST:
++ /* Openamp call with IOCTL for firmware update*/
++ ioctl_id = IOCTL_CORSTONE1000_FWU_FLASH_IMAGES;
++ handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
++ TFM_SP_PLATFORM_IOCTL_VERSION);
++ if (handle <= 0) {
++ EMSG("%s Invalid handle", __func__);
++ rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
++ return rpc_status;
++ }
++ psa_call(caller,handle, PSA_IPC_CALL,
++ in_vec,IOVEC_LEN(in_vec), NULL, 0);
++ break;
++
++ case KERNEL_STARTED_EVENT:
++ ioctl_id = IOCTL_CORSTONE1000_FWU_HOST_ACK;
++ /*openamp call with IOCTL for kernel start*/
++ handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
++ TFM_SP_PLATFORM_IOCTL_VERSION);
++ if (handle <= 0) {
++ EMSG("%s Invalid handle", __func__);
++ rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
++ return rpc_status;
++ }
++ psa_call(caller,handle, PSA_IPC_CALL,
++ in_vec,IOVEC_LEN(in_vec), NULL, 0);
++ break;
++ default:
++ EMSG("%s unsupported opcode", __func__);
++ rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
++ return rpc_status;
++ }
++ return rpc_status;
++
++}
++
++static rpc_status_t update_capsule_handler(void *context, struct call_req *req)
++{
++ struct capsule_update_provider *this_instance = (struct capsule_update_provider*)context;
++ struct rpc_caller *caller = this_instance->client.caller;
++ uint32_t opcode = req->opcode;
++ rpc_status_t rpc_status = TS_RPC_ERROR_NOT_READY;
++
++ rpc_status = event_handler(opcode, caller);
++ return rpc_status;
++}
++
++static rpc_status_t boot_confirmed_handler(void *context, struct call_req *req)
++{
++ struct capsule_update_provider *this_instance = (struct capsule_update_provider*)context;
++ struct rpc_caller *caller = this_instance->client.caller;
++ uint32_t opcode = req->opcode;
++ rpc_status_t rpc_status = TS_RPC_ERROR_NOT_READY;
++
++ rpc_status = event_handler(opcode, caller);
++
++ return rpc_status;
++}
+diff --git a/components/service/capsule_update/provider/capsule_update_provider.h b/components/service/capsule_update/provider/capsule_update_provider.h
+new file mode 100644
+index 000000000000..3de49854ea90
+--- /dev/null
++++ b/components/service/capsule_update/provider/capsule_update_provider.h
+@@ -0,0 +1,51 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef CAPSULE_UPDATE_PROVIDER_H
++#define CAPSULE_UPDATE_PROVIDER_H
++
++#include <rpc/common/endpoint/rpc_interface.h>
++#include <service/common/provider/service_provider.h>
++#include <service/common/client/service_client.h>
++#include <service/capsule_update/backend/capsule_update_backend.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * The capsule_update_provider is a service provider that accepts update capsule
++ * requests and delegates them to a suitable backend that applies the update.
++ */
++struct capsule_update_provider
++{
++ struct service_provider base_provider;
++ struct service_client client;
++};
++
++/**
++ * \brief Initialize an instance of the capsule update service provider
++ *
++ * @param[in] context The instance to initialize
++ *
++ * \return An rpc_interface or NULL on failure
++ */
++struct rpc_interface *capsule_update_provider_init(
++ struct capsule_update_provider *context);
++
++/**
++ * \brief Cleans up when the instance is no longer needed
++ *
++ * \param[in] context The instance to de-initialize
++ */
++void capsule_update_provider_deinit(
++ struct capsule_update_provider *context);
++
++#ifdef __cplusplus
++} /* extern "C" */
++#endif
++
++#endif /* CAPSULE_UPDATE_PROVIDER_H */
+diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake
+new file mode 100644
+index 000000000000..1d412eb234d9
+--- /dev/null
++++ b/components/service/capsule_update/provider/component.cmake
+@@ -0,0 +1,13 @@
++#-------------------------------------------------------------------------------
++# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++#
++# SPDX-License-Identifier: BSD-3-Clause
++#
++#-------------------------------------------------------------------------------
++if (NOT DEFINED TGT)
++ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
++endif()
++
++target_sources(${TGT} PRIVATE
++ "${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c"
++ )
+diff --git a/deployments/se-proxy/common/se_proxy_sp.c b/deployments/se-proxy/common/se_proxy_sp.c
+index a37396f4454b..a38ad6ca3f56 100644
+--- a/deployments/se-proxy/common/se_proxy_sp.c
++++ b/deployments/se-proxy/common/se_proxy_sp.c
+@@ -77,6 +77,9 @@ void __noreturn sp_main(struct ffa_init_info *init_info)
+ }
+ rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_ATTEST, rpc_iface);
+
++ rpc_iface = capsule_update_proxy_create();
++ rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE, rpc_iface);
++
+ /* End of boot phase */
+ result = sp_msg_wait(&req_msg);
+ if (result != SP_RESULT_OK) {
+diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
+index 7edeef8b434a..591cc9eeb59e 100644
+--- a/deployments/se-proxy/common/service_proxy_factory.c
++++ b/deployments/se-proxy/common/service_proxy_factory.c
+@@ -13,6 +13,7 @@
+ #include <service/crypto/factory/crypto_provider_factory.h>
+ #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
+ #include <trace.h>
++#include <service/capsule_update/provider/capsule_update_provider.h>
+
+ /* Stub backends */
+ #include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
+@@ -93,3 +94,18 @@ struct rpc_interface *its_proxy_create(void)
+
+ return secure_storage_provider_init(&its_provider, backend);
+ }
++
++struct rpc_interface *capsule_update_proxy_create(void)
++{
++ static struct capsule_update_provider capsule_update_provider;
++ static struct rpc_caller *capsule_update_caller;
++
++ capsule_update_caller = openamp_caller_init(&openamp);
++
++ if (!capsule_update_caller)
++ return NULL;
++
++ capsule_update_provider.client.caller = capsule_update_caller;
++
++ return capsule_update_provider_init(&capsule_update_provider);
++}
+diff --git a/deployments/se-proxy/common/service_proxy_factory.h b/deployments/se-proxy/common/service_proxy_factory.h
+index 298d407a2371..02aa7fe2550d 100644
+--- a/deployments/se-proxy/common/service_proxy_factory.h
++++ b/deployments/se-proxy/common/service_proxy_factory.h
+@@ -17,6 +17,7 @@ struct rpc_interface *attest_proxy_create(void);
+ struct rpc_interface *crypto_proxy_create(void);
+ struct rpc_interface *ps_proxy_create(void);
+ struct rpc_interface *its_proxy_create(void);
++struct rpc_interface *capsule_update_proxy_create(void);
+
+ #ifdef __cplusplus
+ }
+diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
+index f647190d9559..e35b0d0f610d 100644
+--- a/deployments/se-proxy/se-proxy.cmake
++++ b/deployments/se-proxy/se-proxy.cmake
+@@ -51,6 +51,7 @@ add_components(TARGET "se-proxy"
+ "components/service/attestation/provider/serializer/packed-c"
+ "components/service/attestation/reporter/psa_ipc"
+ "components/service/attestation/client/psa_ipc"
++ "components/service/capsule_update/provider"
+ "components/rpc/openamp/caller/sp"
+
+ # Stub service provider backends
+diff --git a/deployments/se-proxy/se_proxy_interfaces.h b/deployments/se-proxy/se_proxy_interfaces.h
+index 48908f846990..3d4a7c204785 100644
+--- a/deployments/se-proxy/se_proxy_interfaces.h
++++ b/deployments/se-proxy/se_proxy_interfaces.h
+@@ -8,9 +8,10 @@
+ #define SE_PROXY_INTERFACES_H
+
+ /* Interface IDs from service endpoints available from an se-proxy deployment */
+-#define SE_PROXY_INTERFACE_ID_ITS (0)
+-#define SE_PROXY_INTERFACE_ID_PS (1)
+-#define SE_PROXY_INTERFACE_ID_CRYPTO (2)
+-#define SE_PROXY_INTERFACE_ID_ATTEST (3)
++#define SE_PROXY_INTERFACE_ID_ITS (0)
++#define SE_PROXY_INTERFACE_ID_PS (1)
++#define SE_PROXY_INTERFACE_ID_CRYPTO (2)
++#define SE_PROXY_INTERFACE_ID_ATTEST (3)
++#define SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE (4)
+
+ #endif /* SE_PROXY_INTERFACES_H */
+diff --git a/protocols/service/capsule_update/capsule_update_proto.h b/protocols/service/capsule_update/capsule_update_proto.h
+new file mode 100644
+index 000000000000..8f326cd387fb
+--- /dev/null
++++ b/protocols/service/capsule_update/capsule_update_proto.h
+@@ -0,0 +1,13 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef CAPSULE_UPDATE_PROTO_H
++#define CAPSULE_UPDATE_PROTO_H
++
++#include <protocols/service/capsule_update/opcodes.h>
++#include <protocols/service/capsule_update/parameters.h>
++
++#endif /* CAPSULE_UPDATE_PROTO_H */
+diff --git a/protocols/service/capsule_update/opcodes.h b/protocols/service/capsule_update/opcodes.h
+new file mode 100644
+index 000000000000..8185a0902378
+--- /dev/null
++++ b/protocols/service/capsule_update/opcodes.h
+@@ -0,0 +1,17 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef CAPSULE_UPDATE_OPCODES_H
++#define CAPSULE_UPDATE_OPCODES_H
++
++/**
++ * Opcode definitions for the capsule update service
++ */
++
++#define CAPSULE_UPDATE_OPCODE_UPDATE_CAPSULE 1
++#define CAPSULE_UPDATE_OPCODE_BOOT_CONFIRMED 2
++
++#endif /* CAPSULE_UPDATE_OPCODES_H */
+diff --git a/protocols/service/capsule_update/parameters.h b/protocols/service/capsule_update/parameters.h
+new file mode 100644
+index 000000000000..285d924186be
+--- /dev/null
++++ b/protocols/service/capsule_update/parameters.h
+@@ -0,0 +1,15 @@
++/*
++ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef CAPSULE_UPDATE_PARAMETERS_H
++#define CAPSULE_UPDATE_PARAMETERS_H
++
++/**
++ * Operation parameter definitions for the capsule update service access protocol.
++ */
++
++
++#endif /* CAPSULE_UPDATE_PARAMETERS_H */
+--
+2.38.0
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch
new file mode 100644
index 0000000..52c793c
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch
@@ -0,0 +1,42 @@
+From a71b26f867f1b4a08285d6da82528de6a54321f2 Mon Sep 17 00:00:00 2001
+From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
+Date: Thu, 16 Dec 2021 21:31:40 +0000
+Subject: [PATCH 14/19] Configure storage size
+
+Upstream-Status: Pending
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ .../service/smm_variable/backend/uefi_variable_store.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
+index 715ccc3cb546..aeb8a22062b7 100644
+--- a/components/service/smm_variable/backend/uefi_variable_store.c
++++ b/components/service/smm_variable/backend/uefi_variable_store.c
+@@ -88,6 +88,7 @@ static efi_status_t check_name_terminator(
+ * may be overridden using uefi_variable_store_set_storage_limits()
+ */
+ #define DEFAULT_MAX_VARIABLE_SIZE (2048)
++#define CONFIGURE_STORAGE_SIZE (50)
+
+ efi_status_t uefi_variable_store_init(
+ struct uefi_variable_store *context,
+@@ -101,13 +102,13 @@ efi_status_t uefi_variable_store_init(
+ /* Initialise persistent store defaults */
+ context->persistent_store.is_nv = true;
+ context->persistent_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE;
+- context->persistent_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables;
++ context->persistent_store.total_capacity = CONFIGURE_STORAGE_SIZE * max_variables;
+ context->persistent_store.storage_backend = persistent_store;
+
+ /* Initialise volatile store defaults */
+ context->volatile_store.is_nv = false;
+ context->volatile_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE;
+- context->volatile_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables;
++ context->volatile_store.total_capacity = CONFIGURE_STORAGE_SIZE * max_variables;
+ context->volatile_store.storage_backend = volatile_store;
+
+ context->owner_id = owner_id;
+--
+2.38.0
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch
new file mode 100644
index 0000000..a8f5559
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch
@@ -0,0 +1,31 @@
+From 3cc9c417f12f005244530d8d706a6b7f3be35627 Mon Sep 17 00:00:00 2001
+From: Satish Kumar <satish.kumar01@arm.com>
+Date: Sun, 13 Feb 2022 09:01:10 +0000
+Subject: [PATCH 15/19] Fix: Crypto interface structure aligned with tf-m
+ change.
+
+NO NEED TO RAISE PR: The PR for this FIX is raied by Emek.
+
+Upstream-Status: Pending
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
+index c13c20e84131..ec25eaf868c7 100644
+--- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
++++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
+@@ -38,7 +38,8 @@ struct psa_ipc_crypto_pack_iovec {
+ * multipart operation
+ */
+ uint32_t capacity; /*!< Key derivation capacity */
+-
++ uint32_t ad_length; /*!< Additional Data length for multipart AEAD */
++ uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */
+ struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for
+ * AEAD until the API is
+ * restructured
+--
+2.38.0
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch
new file mode 100644
index 0000000..a091197
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch
@@ -0,0 +1,494 @@
+From c54afe45c1be25c4819b0f762cf03a24e6343ce5 Mon Sep 17 00:00:00 2001
+From: Satish Kumar <satish.kumar01@arm.com>
+Date: Sun, 13 Feb 2022 09:49:51 +0000
+Subject: [PATCH 16/19] Integrate remaining psa-ipc client APIs.
+
+Upstream-Status: Pending
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ .../caller/psa_ipc/crypto_caller_aead.h | 297 +++++++++++++++++-
+ .../caller/psa_ipc/crypto_caller_sign_hash.h | 35 +++
+ .../psa_ipc/crypto_caller_verify_hash.h | 33 +-
+ 3 files changed, 352 insertions(+), 13 deletions(-)
+
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
+index 78517fe32ca9..f6aadd8b9098 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
+@@ -152,7 +152,27 @@ static inline psa_status_t crypto_caller_aead_encrypt_setup(
+ psa_key_id_t key,
+ psa_algorithm_t alg)
+ {
+- return PSA_ERROR_NOT_SUPPORTED;
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
++ .key_id = key,
++ .alg = alg,
++ .op_handle = (*op_handle),
++ };
++
++ struct psa_invec in_vec[] = {
++ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}
++ };
++ struct psa_outvec out_vec[] = {
++ {.base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t)}
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
+ }
+
+ static inline psa_status_t crypto_caller_aead_decrypt_setup(
+@@ -161,7 +181,26 @@ static inline psa_status_t crypto_caller_aead_decrypt_setup(
+ psa_key_id_t key,
+ psa_algorithm_t alg)
+ {
+- return PSA_ERROR_NOT_SUPPORTED;
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
++ .key_id = key,
++ .alg = alg,
++ .op_handle = (*op_handle),
++ };
++
++ struct psa_invec in_vec[] = {
++ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}
++ };
++ struct psa_outvec out_vec[] = {
++ {.base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t)}
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++ return status;
+ }
+
+ static inline psa_status_t crypto_caller_aead_generate_nonce(
+@@ -171,7 +210,27 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
+ size_t nonce_size,
+ size_t *nonce_length)
+ {
+- return PSA_ERROR_NOT_SUPPORTED;
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
++ .op_handle = op_handle,
++ };
++
++ struct psa_invec in_vec[] = {
++ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
++ };
++ struct psa_outvec out_vec[] = {
++ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
++ {.base = psa_ptr_to_u32(nonce), .len = nonce_size}
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ *nonce_length = out_vec[1].len;
++ return status;
+ }
+
+ static inline psa_status_t crypto_caller_aead_set_nonce(
+@@ -180,7 +239,25 @@ static inline psa_status_t crypto_caller_aead_set_nonce(
+ const uint8_t *nonce,
+ size_t nonce_length)
+ {
+- return PSA_ERROR_NOT_SUPPORTED;
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
++ .op_handle = op_handle,
++ };
++
++ struct psa_invec in_vec[] = {
++ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
++ {.base = psa_ptr_to_u32(nonce), .len = nonce_length}
++ };
++ struct psa_outvec out_vec[] = {
++ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++ return status;
+ }
+
+ static inline psa_status_t crypto_caller_aead_set_lengths(
+@@ -189,7 +266,27 @@ static inline psa_status_t crypto_caller_aead_set_lengths(
+ size_t ad_length,
+ size_t plaintext_length)
+ {
+- return PSA_ERROR_NOT_SUPPORTED;
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
++ .ad_length = ad_length,
++ .plaintext_length = plaintext_length,
++ .op_handle = op_handle,
++ };
++
++ struct psa_invec in_vec[] = {
++ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
++ };
++ struct psa_outvec out_vec[] = {
++ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ return status;
+ }
+
+ static inline psa_status_t crypto_caller_aead_update_ad(
+@@ -198,7 +295,35 @@ static inline psa_status_t crypto_caller_aead_update_ad(
+ const uint8_t *input,
+ size_t input_length)
+ {
+- return PSA_ERROR_NOT_SUPPORTED;
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
++ .op_handle = op_handle,
++ };
++
++ /* Sanitize the optional input */
++ if ((input == NULL) && (input_length != 0)) {
++ return PSA_ERROR_INVALID_ARGUMENT;
++ }
++
++ struct psa_invec in_vec[] = {
++ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
++ {.base = psa_ptr_const_to_u32(input), .len = input_length}
++ };
++ struct psa_outvec out_vec[] = {
++ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}
++ };
++
++ size_t in_len = IOVEC_LEN(in_vec);
++
++ if (input == NULL) {
++ in_len--;
++ }
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ in_len, out_vec, IOVEC_LEN(out_vec));
++ return status;
+ }
+
+ static inline psa_status_t crypto_caller_aead_update(
+@@ -210,7 +335,38 @@ static inline psa_status_t crypto_caller_aead_update(
+ size_t output_size,
+ size_t *output_length)
+ {
+- return PSA_ERROR_NOT_SUPPORTED;
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID,
++ .op_handle = op_handle,
++ };
++
++ /* Sanitize the optional input */
++ if ((input == NULL) && (input_length != 0)) {
++ return PSA_ERROR_INVALID_ARGUMENT;
++ }
++
++ struct psa_invec in_vec[] = {
++ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
++ {.base = psa_ptr_const_to_u32(input), .len = input_length}
++ };
++ struct psa_outvec out_vec[] = {
++ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
++ {.base = psa_ptr_const_to_u32(output), .len = output_size},
++ };
++
++ size_t in_len = IOVEC_LEN(in_vec);
++
++ if (input == NULL) {
++ in_len--;
++ }
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ in_len, out_vec, IOVEC_LEN(out_vec));
++
++ *output_length = out_vec[1].len;
++ return status;
+ }
+
+ static inline psa_status_t crypto_caller_aead_finish(
+@@ -223,7 +379,48 @@ static inline psa_status_t crypto_caller_aead_finish(
+ size_t tag_size,
+ size_t *tag_length)
+ {
+- return PSA_ERROR_NOT_SUPPORTED;
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_AEAD_FINISH_SID,
++ .op_handle = op_handle,
++ };
++
++ /* Sanitize the optional output */
++ if ((aeadtext == NULL) && (aeadtext_size != 0)) {
++ return PSA_ERROR_INVALID_ARGUMENT;
++ }
++
++ struct psa_invec in_vec[] = {
++ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
++ };
++ struct psa_outvec out_vec[] = {
++ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
++ {.base = psa_ptr_const_to_u32(tag), .len = tag_size},
++ {.base = psa_ptr_const_to_u32(aeadtext), .len = aeadtext_size}
++ };
++
++ size_t out_len = IOVEC_LEN(out_vec);
++
++ if (aeadtext == NULL || aeadtext_size == 0) {
++ out_len--;
++ }
++ if ((out_len == 3) && (aeadtext_length == NULL)) {
++ return PSA_ERROR_INVALID_ARGUMENT;
++ }
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, out_len);
++
++ *tag_length = out_vec[1].len;
++
++ if (out_len == 3) {
++ *aeadtext_length = out_vec[2].len;
++ } else {
++ *aeadtext_length = 0;
++ }
++ return status;
+ }
+
+ static inline psa_status_t crypto_caller_aead_verify(
+@@ -235,14 +432,94 @@ static inline psa_status_t crypto_caller_aead_verify(
+ const uint8_t *tag,
+ size_t tag_length)
+ {
+- return PSA_ERROR_NOT_SUPPORTED;
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID,
++ .op_handle = op_handle,
++ };
++
++ /* Sanitize the optional output */
++ if ((plaintext == NULL) && (plaintext_size != 0)) {
++ return PSA_ERROR_INVALID_ARGUMENT;
++ }
++
++ struct psa_invec in_vec[] = {
++ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
++ {.base = psa_ptr_const_to_u32(tag), .len = tag_length}
++ };
++ struct psa_outvec out_vec[] = {
++ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
++ {.base = psa_ptr_const_to_u32(plaintext), .len = plaintext_size},
++ };
++
++ size_t out_len = IOVEC_LEN(out_vec);
++
++ if (plaintext == NULL || plaintext_size == 0) {
++ out_len--;
++ }
++ if ((out_len == 2) && (plaintext_length == NULL)) {
++ return PSA_ERROR_INVALID_ARGUMENT;
++ }
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, out_len);
++
++ if (out_len == 2) {
++ *plaintext_length = out_vec[1].len;
++ } else {
++ *plaintext_length = 0;
++ }
++ return status;
+ }
+
+ static inline psa_status_t crypto_caller_aead_abort(
+ struct service_client *context,
+ uint32_t op_handle)
+ {
+- return PSA_ERROR_NOT_SUPPORTED;
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_AEAD_ABORT_SID,
++ .op_handle = op_handle,
++ };
++
++ struct psa_invec in_vec[] = {
++ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
++ };
++ struct psa_outvec out_vec[] = {
++ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++ return status;
++}
++
++static inline size_t crypto_caller_aead_max_update_size(const struct service_client *context)
++{
++ /* Returns the maximum number of bytes that may be
++ * carried as a parameter of the mac_update operation
++ * using the packed-c encoding.
++ */
++ size_t payload_space = context->service_info.max_payload;
++ size_t overhead = iov_size;
++
++ return (payload_space > overhead) ? payload_space - overhead : 0;
++}
++
++static inline size_t crypto_caller_aead_max_update_ad_size(const struct service_client *context)
++{
++ /* Returns the maximum number of bytes that may be
++ * carried as a parameter of the mac_update operation
++ * using the packed-c encoding.
++ */
++ size_t payload_space = context->service_info.max_payload;
++ size_t overhead = iov_size;
++
++ return (payload_space > overhead) ? payload_space - overhead : 0;
+ }
+
+ #ifdef __cplusplus
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
+index 71d88cededf5..e4a2b167defb 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
+@@ -57,6 +57,41 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex
+ return status;
+ }
+
++static inline psa_status_t crypto_caller_sign_message(struct service_client *context,
++ psa_key_id_t id,
++ psa_algorithm_t alg,
++ const uint8_t *hash,
++ size_t hash_length,
++ uint8_t *signature,
++ size_t signature_size,
++ size_t *signature_length)
++{
++ struct service_client *ipc = context;
++ struct rpc_caller *caller = ipc->caller;
++ psa_status_t status;
++ struct psa_ipc_crypto_pack_iovec iov = {
++ .sfn_id = TFM_CRYPTO_SIGN_MESSAGE_SID,
++ .key_id = id,
++ .alg = alg,
++ };
++ struct psa_invec in_vec[] = {
++ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
++ { .base = psa_ptr_const_to_u32(hash), .len = hash_length },
++ };
++ struct psa_outvec out_vec[] = {
++ { .base = psa_ptr_to_u32(signature), .len = signature_size },
++ };
++
++ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
++ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++ *signature_length = out_vec[0].len;
++
++ return status;
++}
++
++
++
+ #ifdef __cplusplus
+ }
+ #endif
+diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
+index e16f6e5450af..cc9279ee79f2 100644
+--- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
++++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
+@@ -24,19 +24,20 @@
+ extern "C" {
+ #endif
+
+-static inline psa_status_t crypto_caller_verify_hash(struct service_client *context,
++static inline psa_status_t crypto_caller_common(struct service_client *context,
+ psa_key_id_t id,
+ psa_algorithm_t alg,
+ const uint8_t *hash,
+ size_t hash_length,
+ const uint8_t *signature,
+- size_t signature_length)
++ size_t signature_length,
++ uint32_t sfn_id)
+ {
+ struct service_client *ipc = context;
+ struct rpc_caller *caller = ipc->caller;
+ psa_status_t status;
+ struct psa_ipc_crypto_pack_iovec iov = {
+- .sfn_id = TFM_CRYPTO_VERIFY_HASH_SID,
++ .sfn_id = sfn_id,
+ .key_id = id,
+ .alg = alg,
+ };
+@@ -52,6 +53,32 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont
+ return status;
+ }
+
++static inline psa_status_t crypto_caller_verify_hash(struct service_client *context,
++ psa_key_id_t id,
++ psa_algorithm_t alg,
++ const uint8_t *hash,
++ size_t hash_length,
++ const uint8_t *signature,
++ size_t signature_length)
++{
++
++ return crypto_caller_common(context,id,alg,hash,hash_length,
++ signature,signature_length, TFM_CRYPTO_VERIFY_HASH_SID);
++}
++
++static inline psa_status_t crypto_caller_verify_message(struct service_client *context,
++ psa_key_id_t id,
++ psa_algorithm_t alg,
++ const uint8_t *hash,
++ size_t hash_length,
++ const uint8_t *signature,
++ size_t signature_length)
++{
++
++ return crypto_caller_common(context,id,alg,hash,hash_length,
++ signature,signature_length, TFM_CRYPTO_VERIFY_MESSAGE_SID);
++}
++
+ #ifdef __cplusplus
+ }
+ #endif
+--
+2.38.0
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch
new file mode 100644
index 0000000..e7c1dc3
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch
@@ -0,0 +1,40 @@
+From b1ff44c650ae82f364a2f74059eeb280996dc4f8 Mon Sep 17 00:00:00 2001
+From: Satish Kumar <satish.kumar01@arm.com>
+Date: Mon, 14 Feb 2022 17:52:00 +0000
+Subject: [PATCH 17/19] Fix : update psa_set_key_usage_flags definition to the
+ latest from the tf-m
+
+Upstream-Status: Pending
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ components/service/crypto/include/psa/crypto_struct.h | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/components/service/crypto/include/psa/crypto_struct.h b/components/service/crypto/include/psa/crypto_struct.h
+index 1bc55e375eea..b4a7ed4b39d3 100644
+--- a/components/service/crypto/include/psa/crypto_struct.h
++++ b/components/service/crypto/include/psa/crypto_struct.h
+@@ -155,9 +155,19 @@ static inline psa_key_lifetime_t psa_get_key_lifetime(
+ return( attributes->lifetime );
+ }
+
++static inline void psa_extend_key_usage_flags( psa_key_usage_t *usage_flags )
++{
++ if( *usage_flags & PSA_KEY_USAGE_SIGN_HASH )
++ *usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE;
++
++ if( *usage_flags & PSA_KEY_USAGE_VERIFY_HASH )
++ *usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE;
++}
++
+ static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
+ psa_key_usage_t usage_flags)
+ {
++ psa_extend_key_usage_flags( &usage_flags );
+ attributes->usage = usage_flags;
+ }
+
+--
+2.38.0
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
new file mode 100644
index 0000000..0fdb254
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
@@ -0,0 +1,120 @@
+From a1da63a8c4d55d52321608a72129af49e0a498b2 Mon Sep 17 00:00:00 2001
+From: Satish Kumar <satish.kumar01@arm.com>
+Date: Mon, 14 Feb 2022 08:22:25 +0000
+Subject: [PATCH 18/19] Fixes in AEAD for psa-arch test 54 and 58.
+
+Upstream-Status: Pending
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ .../crypto/client/caller/packed-c/crypto_caller_aead.h | 1 +
+ components/service/crypto/include/psa/crypto_sizes.h | 2 +-
+ .../crypto/provider/extension/aead/aead_provider.c | 8 ++++++--
+ .../extension/aead/serializer/aead_provider_serializer.h | 1 +
+ .../packed-c/packedc_aead_provider_serializer.c | 2 ++
+ protocols/service/crypto/packed-c/aead.h | 1 +
+ 6 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
+index c4ffb20cf7f8..a91f66c14008 100644
+--- a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
++++ b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
+@@ -309,6 +309,7 @@ static inline psa_status_t crypto_caller_aead_update(struct service_client *cont
+ size_t req_len = req_fixed_len;
+
+ *output_length = 0;
++ req_msg.output_size = output_size;
+ req_msg.op_handle = op_handle;
+
+ /* Mandatory input data parameter */
+diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h
+index 4d7bf6e959b0..e3c4df2927b3 100644
+--- a/components/service/crypto/include/psa/crypto_sizes.h
++++ b/components/service/crypto/include/psa/crypto_sizes.h
+@@ -351,7 +351,7 @@
+ * just the largest size that may be generated by
+ * #psa_aead_generate_nonce().
+ */
+-#define PSA_AEAD_NONCE_MAX_SIZE 12
++#define PSA_AEAD_NONCE_MAX_SIZE 16
+
+ /** A sufficient output buffer size for psa_aead_update().
+ *
+diff --git a/components/service/crypto/provider/extension/aead/aead_provider.c b/components/service/crypto/provider/extension/aead/aead_provider.c
+index 14a25436b3f6..6b144db821de 100644
+--- a/components/service/crypto/provider/extension/aead/aead_provider.c
++++ b/components/service/crypto/provider/extension/aead/aead_provider.c
+@@ -283,10 +283,11 @@ static rpc_status_t aead_update_handler(void *context, struct call_req *req)
+ uint32_t op_handle;
+ const uint8_t *input;
+ size_t input_len;
++ uint32_t recv_output_size;
+
+ if (serializer)
+ rpc_status = serializer->deserialize_aead_update_req(req_buf, &op_handle,
+- &input, &input_len);
++ &recv_output_size, &input, &input_len);
+
+ if (rpc_status == TS_RPC_CALL_ACCEPTED) {
+
+@@ -300,9 +301,12 @@ static rpc_status_t aead_update_handler(void *context, struct call_req *req)
+ if (crypto_context) {
+
+ size_t output_len = 0;
+- size_t output_size = PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_len);
++ size_t output_size = PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(24);
+ uint8_t *output = malloc(output_size);
+
++ if (recv_output_size < output_size) {
++ output_size = recv_output_size;
++ }
+ if (output) {
+
+ psa_status = psa_aead_update(&crypto_context->op.aead,
+diff --git a/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h b/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h
+index bb1a2a97e4b7..0156aaba3fe3 100644
+--- a/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h
++++ b/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h
+@@ -51,6 +51,7 @@ struct aead_provider_serializer {
+ /* Operation: aead_update */
+ rpc_status_t (*deserialize_aead_update_req)(const struct call_param_buf *req_buf,
+ uint32_t *op_handle,
++ uint32_t *output_size,
+ const uint8_t **input, size_t *input_len);
+
+ rpc_status_t (*serialize_aead_update_resp)(struct call_param_buf *resp_buf,
+diff --git a/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c b/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c
+index 6f00b3e3f6f1..45c739abcbb4 100644
+--- a/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c
++++ b/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c
+@@ -192,6 +192,7 @@ static rpc_status_t deserialize_aead_update_ad_req(const struct call_param_buf *
+ /* Operation: aead_update */
+ static rpc_status_t deserialize_aead_update_req(const struct call_param_buf *req_buf,
+ uint32_t *op_handle,
++ uint32_t *output_size,
+ const uint8_t **input, size_t *input_len)
+ {
+ rpc_status_t rpc_status = TS_RPC_ERROR_INVALID_REQ_BODY;
+@@ -208,6 +209,7 @@ static rpc_status_t deserialize_aead_update_req(const struct call_param_buf *req
+ memcpy(&recv_msg, req_buf->data, expected_fixed_len);
+
+ *op_handle = recv_msg.op_handle;
++ *output_size = recv_msg.output_size;
+
+ tlv_const_iterator_begin(&req_iter,
+ (uint8_t*)req_buf->data + expected_fixed_len,
+diff --git a/protocols/service/crypto/packed-c/aead.h b/protocols/service/crypto/packed-c/aead.h
+index 0be266b52403..435fd3b523ce 100644
+--- a/protocols/service/crypto/packed-c/aead.h
++++ b/protocols/service/crypto/packed-c/aead.h
+@@ -98,6 +98,7 @@ enum
+ struct __attribute__ ((__packed__)) ts_crypto_aead_update_in
+ {
+ uint32_t op_handle;
++ uint32_t output_size;
+ };
+
+ /* Variable length input parameter tags */
+--
+2.38.0
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch
new file mode 100644
index 0000000..984e297
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch
@@ -0,0 +1,37 @@
+From 07ad7e1f7ba06045bf331d5b73a6adf38a098fb7 Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Tue, 11 Oct 2022 10:46:10 +0100
+Subject: [PATCH 19/19] plat: corstone1000: change default smm values
+
+Smm gateway uses SE proxy to route the calls for any NV
+storage so set the NV_STORE_SN.
+Change the storage index uid because TF-M in the secure
+enclave reserves the default value (0x1) to some internal
+operation.
+Increase the maximum number of uefi variables to cope with all
+the needs for testing and certification
+
+Upstream-Status: Pending
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ platform/providers/arm/corstone1000/platform.cmake | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
+index 51e5faa3e4d8..04b629a81906 100644
+--- a/platform/providers/arm/corstone1000/platform.cmake
++++ b/platform/providers/arm/corstone1000/platform.cmake
+@@ -10,3 +10,9 @@
+ include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake)
+
+ add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
++
++target_compile_definitions(${TGT} PRIVATE
++ SMM_GATEWAY_NV_STORE_SN="sn:ffa:46bb39d1-b4d9-45b5-88ff-040027dab249:1"
++ SMM_VARIABLE_INDEX_STORAGE_UID=0x787
++ SMM_GATEWAY_MAX_UEFI_VARIABLES=100
++)
+--
+2.38.0
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-plat-add-corstone1000-platform-to-drivers-arm.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-plat-add-corstone1000-platform-to-drivers-arm.patch
deleted file mode 100644
index 3b15c72..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-plat-add-corstone1000-platform-to-drivers-arm.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From d262ab277a87c1cda4f71137f6bb963066ba6997 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Tue, 13 Sep 2022 16:46:14 +0100
-Subject: [PATCH 26/27] plat: add corstone1000 platform to drivers/arm
-
-This change is to add corstone1000 platform cmake. Smm gateway
-uses SE proxy to route the calls for any NV storage.
-
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Upstream-Status: Pending [Not submitted to upstream yet]
----
- platform/providers/arm/corstone1000/platform.cmake | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
- create mode 100644 platform/providers/arm/corstone1000/platform.cmake
-
-diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
-new file mode 100644
-index 00000000..14a9f6b0
---- /dev/null
-+++ b/platform/providers/arm/corstone1000/platform.cmake
-@@ -0,0 +1,12 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+# Platform definition for the corstone1000 platform.
-+#-------------------------------------------------------------------------------
-+
-+target_compile_definitions(${TGT} PRIVATE
-+ SMM_GATEWAY_NV_STORE_SN="sn:ffa:46bb39d1-b4d9-45b5-88ff-040027dab249:1"
-+)
-+
---
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-newlib/0001-newlib-memcpy-remove-optimized-version.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-newlib/0001-newlib-memcpy-remove-optimized-version.patch
new file mode 100644
index 0000000..7d8504d
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-newlib/0001-newlib-memcpy-remove-optimized-version.patch
@@ -0,0 +1,210 @@
+From 03d97c104f2d68cffd1bfc48cd62727e13a64712 Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Fri, 14 Oct 2022 17:42:52 +0100
+Subject: [PATCH] newlib: memcpy: remove optimized version
+
+When creating messages packed to send over openamp we may need
+to do some copy in unaligned address, because of that we may
+not always use the assembler optimized version, which will
+trough a data-abort on aligned address exception.
+
+So, we may just use the version in string.h (the same used in
+optee-os) that will take care to check and use different
+optimization based on given source or destination address's.
+
+Upstream-Status: Pending
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ newlib/libc/machine/aarch64/memcpy-stub.c | 2 +-
+ newlib/libc/machine/aarch64/memcpy.S | 166 ----------------------
+ 2 files changed, 1 insertion(+), 167 deletions(-)
+
+diff --git a/newlib/libc/machine/aarch64/memcpy-stub.c b/newlib/libc/machine/aarch64/memcpy-stub.c
+index cd6d72a8b8af..5f2b7968c7fc 100644
+--- a/newlib/libc/machine/aarch64/memcpy-stub.c
++++ b/newlib/libc/machine/aarch64/memcpy-stub.c
+@@ -27,5 +27,5 @@
+ #if (defined (__OPTIMIZE_SIZE__) || defined (PREFER_SIZE_OVER_SPEED))
+ # include "../../string/memcpy.c"
+ #else
+-/* See memcpy.S */
++# include "../../string/memcpy.c"
+ #endif
+diff --git a/newlib/libc/machine/aarch64/memcpy.S b/newlib/libc/machine/aarch64/memcpy.S
+index 463bad0a1816..2a1460546374 100644
+--- a/newlib/libc/machine/aarch64/memcpy.S
++++ b/newlib/libc/machine/aarch64/memcpy.S
+@@ -61,170 +61,4 @@
+ #if (defined (__OPTIMIZE_SIZE__) || defined (PREFER_SIZE_OVER_SPEED))
+ /* See memcpy-stub.c */
+ #else
+-
+-#define dstin x0
+-#define src x1
+-#define count x2
+-#define dst x3
+-#define srcend x4
+-#define dstend x5
+-#define A_l x6
+-#define A_lw w6
+-#define A_h x7
+-#define A_hw w7
+-#define B_l x8
+-#define B_lw w8
+-#define B_h x9
+-#define C_l x10
+-#define C_h x11
+-#define D_l x12
+-#define D_h x13
+-#define E_l src
+-#define E_h count
+-#define F_l srcend
+-#define F_h dst
+-#define tmp1 x9
+-
+-#define L(l) .L ## l
+-
+- .macro def_fn f p2align=0
+- .text
+- .p2align \p2align
+- .global \f
+- .type \f, %function
+-\f:
+- .endm
+-
+-/* Copies are split into 3 main cases: small copies of up to 16 bytes,
+- medium copies of 17..96 bytes which are fully unrolled. Large copies
+- of more than 96 bytes align the destination and use an unrolled loop
+- processing 64 bytes per iteration.
+- Small and medium copies read all data before writing, allowing any
+- kind of overlap, and memmove tailcalls memcpy for these cases as
+- well as non-overlapping copies.
+-*/
+-
+-def_fn memcpy p2align=6
+- prfm PLDL1KEEP, [src]
+- add srcend, src, count
+- add dstend, dstin, count
+- cmp count, 16
+- b.ls L(copy16)
+- cmp count, 96
+- b.hi L(copy_long)
+-
+- /* Medium copies: 17..96 bytes. */
+- sub tmp1, count, 1
+- ldp A_l, A_h, [src]
+- tbnz tmp1, 6, L(copy96)
+- ldp D_l, D_h, [srcend, -16]
+- tbz tmp1, 5, 1f
+- ldp B_l, B_h, [src, 16]
+- ldp C_l, C_h, [srcend, -32]
+- stp B_l, B_h, [dstin, 16]
+- stp C_l, C_h, [dstend, -32]
+-1:
+- stp A_l, A_h, [dstin]
+- stp D_l, D_h, [dstend, -16]
+- ret
+-
+- .p2align 4
+- /* Small copies: 0..16 bytes. */
+-L(copy16):
+- cmp count, 8
+- b.lo 1f
+- ldr A_l, [src]
+- ldr A_h, [srcend, -8]
+- str A_l, [dstin]
+- str A_h, [dstend, -8]
+- ret
+- .p2align 4
+-1:
+- tbz count, 2, 1f
+- ldr A_lw, [src]
+- ldr A_hw, [srcend, -4]
+- str A_lw, [dstin]
+- str A_hw, [dstend, -4]
+- ret
+-
+- /* Copy 0..3 bytes. Use a branchless sequence that copies the same
+- byte 3 times if count==1, or the 2nd byte twice if count==2. */
+-1:
+- cbz count, 2f
+- lsr tmp1, count, 1
+- ldrb A_lw, [src]
+- ldrb A_hw, [srcend, -1]
+- ldrb B_lw, [src, tmp1]
+- strb A_lw, [dstin]
+- strb B_lw, [dstin, tmp1]
+- strb A_hw, [dstend, -1]
+-2: ret
+-
+- .p2align 4
+- /* Copy 64..96 bytes. Copy 64 bytes from the start and
+- 32 bytes from the end. */
+-L(copy96):
+- ldp B_l, B_h, [src, 16]
+- ldp C_l, C_h, [src, 32]
+- ldp D_l, D_h, [src, 48]
+- ldp E_l, E_h, [srcend, -32]
+- ldp F_l, F_h, [srcend, -16]
+- stp A_l, A_h, [dstin]
+- stp B_l, B_h, [dstin, 16]
+- stp C_l, C_h, [dstin, 32]
+- stp D_l, D_h, [dstin, 48]
+- stp E_l, E_h, [dstend, -32]
+- stp F_l, F_h, [dstend, -16]
+- ret
+-
+- /* Align DST to 16 byte alignment so that we don't cross cache line
+- boundaries on both loads and stores. There are at least 96 bytes
+- to copy, so copy 16 bytes unaligned and then align. The loop
+- copies 64 bytes per iteration and prefetches one iteration ahead. */
+-
+- .p2align 4
+-L(copy_long):
+- and tmp1, dstin, 15
+- bic dst, dstin, 15
+- ldp D_l, D_h, [src]
+- sub src, src, tmp1
+- add count, count, tmp1 /* Count is now 16 too large. */
+- ldp A_l, A_h, [src, 16]
+- stp D_l, D_h, [dstin]
+- ldp B_l, B_h, [src, 32]
+- ldp C_l, C_h, [src, 48]
+- ldp D_l, D_h, [src, 64]!
+- subs count, count, 128 + 16 /* Test and readjust count. */
+- b.ls 2f
+-1:
+- stp A_l, A_h, [dst, 16]
+- ldp A_l, A_h, [src, 16]
+- stp B_l, B_h, [dst, 32]
+- ldp B_l, B_h, [src, 32]
+- stp C_l, C_h, [dst, 48]
+- ldp C_l, C_h, [src, 48]
+- stp D_l, D_h, [dst, 64]!
+- ldp D_l, D_h, [src, 64]!
+- subs count, count, 64
+- b.hi 1b
+-
+- /* Write the last full set of 64 bytes. The remainder is at most 64
+- bytes, so it is safe to always copy 64 bytes from the end even if
+- there is just 1 byte left. */
+-2:
+- ldp E_l, E_h, [srcend, -64]
+- stp A_l, A_h, [dst, 16]
+- ldp A_l, A_h, [srcend, -48]
+- stp B_l, B_h, [dst, 32]
+- ldp B_l, B_h, [srcend, -32]
+- stp C_l, C_h, [dst, 48]
+- ldp C_l, C_h, [srcend, -16]
+- stp D_l, D_h, [dst, 64]
+- stp E_l, E_h, [dstend, -64]
+- stp A_l, A_h, [dstend, -48]
+- stp B_l, B_h, [dstend, -32]
+- stp C_l, C_h, [dstend, -16]
+- ret
+-
+- .size memcpy, . - memcpy
+ #endif
+--
+2.38.0
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc
index 12d300a..aa8f271 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc
@@ -1,11 +1,28 @@
FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:"
SRC_URI:append = " \
- file://0026-plat-add-corstone1000-platform-to-drivers-arm.patch \
- file://0027-Add-MHU-driver.patch \
- "
+ file://0001-Add-openamp-to-SE-proxy-deployment.patch \
+ file://0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch \
+ file://0003-Add-openamp-rpc-caller.patch \
+ file://0004-add-psa-client-definitions-for-ff-m.patch \
+ file://0005-Add-common-service-component-to-ipc-support.patch \
+ file://0006-Add-secure-storage-ipc-backend.patch \
+ file://0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch \
+ file://0008-Run-psa-arch-test.patch \
+ file://0009-Use-address-instead-of-pointers.patch \
+ file://0010-Add-psa-ipc-attestation-to-se-proxy.patch \
+ file://0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch \
+ file://0012-add-psa-ipc-crypto-backend.patch \
+ file://0013-Add-stub-capsule-update-service-components.patch \
+ file://0014-Configure-storage-size.patch \
+ file://0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch \
+ file://0016-Integrate-remaining-psa-ipc-client-APIs.patch \
+ file://0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch \
+ file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch \
+ file://0019-plat-corstone1000-change-default-smm-values.patch \
+ "
EXTRA_OECMAKE:append = "-DMM_COMM_BUFFER_ADDRESS="0x00000000 0x02000000" \
- -DMM_COMM_BUFFER_PAGE_COUNT="1" \
-"
+ -DMM_COMM_BUFFER_PAGE_COUNT="1" \
+ "
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend
new file mode 100644
index 0000000..845f883
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend
@@ -0,0 +1,6 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000/${PN}:"
+
+SRC_URI:append:corstone1000 = " \
+ file://0001-newlib-memcpy-remove-optimized-version.patch;patchdir=../newlib \
+"
+
diff --git a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-tc0.bb b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-tc0.bb
deleted file mode 100644
index 78f2fc2..0000000
--- a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-tc0.bb
+++ /dev/null
@@ -1,12 +0,0 @@
-require fvp-ecosystem.inc
-
-MODEL = "TotalCompute"
-MODEL_CODE = "FVP_TC0"
-PV = "11.17.18"
-
-# Unconventional URI structure for this release
-SRC_URI = "https://developer.arm.com/-/media/Arm%20Developer%20Community/Downloads/OSS/FVP/TotalCompute/Total%20Compute%20Update%202022/FVP_TC0_11.17_18.tgz;subdir=${BP}"
-SRC_URI[sha256sum] = "0bd78354e036a7e92bd7f8cbd78cd2b5197dc0872fe2b25c95ea734929fe83b8"
-
-LIC_FILES_CHKSUM = "file://license_terms/license_agreement.txt;md5=1a33828e132ba71861c11688dbb0bd16 \
- file://license_terms/third_party_licenses.txt;md5=41029e71051b1c786bae3112a29905a7"
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services-src.inc b/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
index c8aa821..dc29550 100644
--- a/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
@@ -42,6 +42,16 @@
SRCREV_cpputest = "e25097614e1c4856036366877a02346c4b36bb5b"
LIC_FILES_CHKSUM += "file://../cpputest/COPYING;md5=ce5d5f1fe02bcd1343ced64a06fd4177"
+# Libmetal
+SRC_URI += "git://github.com/OpenAMP/libmetal.git;name=libmetal;protocol=https;branch=main;destsuffix=git/libmetal"
+SRCREV_libmetal = "f252f0e007fbfb8b3a52b1d5901250ddac96baad"
+LIC_FILES_CHKSUM += "file://../libmetal/LICENSE.md;md5=fe0b8a4beea8f0813b606d15a3df3d3c"
+
+# Openamp
+SRC_URI += "git://github.com/OpenAMP/open-amp.git;name=openamp;protocol=https;branch=main;destsuffix=git/openamp"
+SRCREV_openamp = "347397decaa43372fc4d00f965640ebde042966d"
+LIC_FILES_CHKSUM += "file://../openamp/LICENSE.md;md5=a8d8cf662ef6bf9936a1e1413585ecbf"
+
# TS ships patches for external dependencies that needs to be applied
apply_ts_patches() {
for p in ${S}/external/qcbor/*.patch; do
@@ -63,4 +73,6 @@
-DT_COSE_SOURCE_DIR=${WORKDIR}/git/tcose \
-DQCBOR_SOURCE_DIR=${WORKDIR}/git/qcbor \
-DMBEDTLS_SOURCE_DIR=${WORKDIR}/git/mbedtls \
+ -DOPENAMP_SOURCE_DIR=${WORKDIR}/git/openamp \
+ -DLIBMETAL_SOURCE_DIR=${WORKDIR}/git/libmetal \
"
diff --git a/meta-openembedded/meta-filesystems/recipes-utils/xfstests/xfstests_2022.09.25.bb b/meta-openembedded/meta-filesystems/recipes-utils/xfstests/xfstests_2022.10.09.bb
similarity index 96%
rename from meta-openembedded/meta-filesystems/recipes-utils/xfstests/xfstests_2022.09.25.bb
rename to meta-openembedded/meta-filesystems/recipes-utils/xfstests/xfstests_2022.10.09.bb
index 45a1578..4965d05 100644
--- a/meta-openembedded/meta-filesystems/recipes-utils/xfstests/xfstests_2022.09.25.bb
+++ b/meta-openembedded/meta-filesystems/recipes-utils/xfstests/xfstests_2022.10.09.bb
@@ -10,7 +10,7 @@
file://0002-Drop-detached_mounts_propagation-and-remove-sys-moun.patch \
"
-SRCREV_xfstests = "e5555e75ba199d153f4dfb81496a891263ec9bdd"
+SRCREV_xfstests = "3b5cb74c03312b5ac3349a0759c8d32bb9d0dada"
SRCREV_unionmount = "e3825b16b46f4c4574a1a69909944c059835f914"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-gnome/recipes-gnome/yelp/yelp_42.1.bb b/meta-openembedded/meta-gnome/recipes-gnome/yelp/yelp_42.2.bb
similarity index 88%
rename from meta-openembedded/meta-gnome/recipes-gnome/yelp/yelp_42.1.bb
rename to meta-openembedded/meta-gnome/recipes-gnome/yelp/yelp_42.2.bb
index ab8b9c3..fe3b110 100644
--- a/meta-openembedded/meta-gnome/recipes-gnome/yelp/yelp_42.1.bb
+++ b/meta-openembedded/meta-gnome/recipes-gnome/yelp/yelp_42.2.bb
@@ -9,7 +9,7 @@
# for webkitgtk
REQUIRED_DISTRO_FEATURES = "x11"
-SRC_URI[archive.sha256sum] = "25b1146ab8549888a5a8da067f63b470b0f0f800b6ae889cacd114d01d713b41"
+SRC_URI[archive.sha256sum] = "a2c5fd0787a9089c722cc66bd0f85cdf7088d870e7b6cc85799f8e5bff9eac4b"
DEPENDS += " \
libxml2-native \
diff --git a/meta-openembedded/meta-gnome/recipes-support/libwacom/libwacom_2.4.0.bb b/meta-openembedded/meta-gnome/recipes-support/libwacom/libwacom_2.5.0.bb
similarity index 93%
rename from meta-openembedded/meta-gnome/recipes-support/libwacom/libwacom_2.4.0.bb
rename to meta-openembedded/meta-gnome/recipes-support/libwacom/libwacom_2.5.0.bb
index d690df9..a290d95 100644
--- a/meta-openembedded/meta-gnome/recipes-support/libwacom/libwacom_2.4.0.bb
+++ b/meta-openembedded/meta-gnome/recipes-support/libwacom/libwacom_2.5.0.bb
@@ -8,7 +8,7 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=40a21fffb367c82f39fd91a3b137c36e"
SRC_URI = "git://github.com/linuxwacom/libwacom.git;branch=master;protocol=https"
-SRCREV = "9fd28747534ef776ffecc245721a4faa43bdd89b"
+SRCREV = "c6c1b26ad149a88b22ff790dae377fcc935b7e08"
DEPENDS = " \
libxml2-native \
diff --git a/meta-openembedded/meta-gnome/recipes-support/onboard/onboard/0001-pypredict-lm-Define-error-API-if-platform-does-not-h.patch b/meta-openembedded/meta-gnome/recipes-support/onboard/onboard/0001-pypredict-lm-Define-error-API-if-platform-does-not-h.patch
deleted file mode 100644
index fda3789..0000000
--- a/meta-openembedded/meta-gnome/recipes-support/onboard/onboard/0001-pypredict-lm-Define-error-API-if-platform-does-not-h.patch
+++ /dev/null
@@ -1,67 +0,0 @@
-From 1c95f64aa342147387ce4b1b7269a5c8b34bd898 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Thu, 13 Jul 2017 09:01:04 -0700
-Subject: [PATCH] pypredict/lm: Define error API if platform does not have it
-
-error() API is not implemented across all libcs on linux
-e.g. musl does not provide it.
-
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- Onboard/pypredict/lm/lm.cpp | 1 -
- Onboard/pypredict/lm/lm.h | 13 +++++++++++++
- Onboard/pypredict/lm/lm_dynamic.cpp | 2 --
- 3 files changed, 13 insertions(+), 3 deletions(-)
-
-diff --git a/Onboard/pypredict/lm/lm.cpp b/Onboard/pypredict/lm/lm.cpp
-index 2e64296..37ae241 100644
---- a/Onboard/pypredict/lm/lm.cpp
-+++ b/Onboard/pypredict/lm/lm.cpp
-@@ -19,7 +19,6 @@
-
- #include <stdlib.h>
- #include <stdio.h>
--#include <error.h>
- #include <algorithm>
- #include <cmath>
- #include <string>
-diff --git a/Onboard/pypredict/lm/lm.h b/Onboard/pypredict/lm/lm.h
-index ed4164a..b8b63ee 100644
---- a/Onboard/pypredict/lm/lm.h
-+++ b/Onboard/pypredict/lm/lm.h
-@@ -32,6 +32,19 @@
- #include <algorithm>
- #include <string>
-
-+#if defined(HAVE_ERROR_H)
-+#include <error.h>
-+#else
-+#include <err.h>
-+#define _onboard_error(S, E, F, ...) do { \
-+ if (E) \
-+ err(S, F ": %s", ##__VA_ARGS__, strerror(E)); \
-+ else \
-+ err(S, F, ##__VA_ARGS__); \
-+} while(0)
-+
-+#define error _onboard_error
-+#endif
-
- // break into debugger
- // step twice to come back out of the raise() call into known code
-diff --git a/Onboard/pypredict/lm/lm_dynamic.cpp b/Onboard/pypredict/lm/lm_dynamic.cpp
-index 7c62824..e7c7f40 100644
---- a/Onboard/pypredict/lm/lm_dynamic.cpp
-+++ b/Onboard/pypredict/lm/lm_dynamic.cpp
-@@ -17,8 +17,6 @@
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
--#include <error.h>
--
- #include "lm_dynamic.h"
-
- using namespace std;
---
-2.13.2
-
diff --git a/meta-openembedded/meta-gnome/recipes-support/onboard/onboard_1.4.1.bb b/meta-openembedded/meta-gnome/recipes-support/onboard/onboard_1.4.1.bb
deleted file mode 100644
index 9325ef9..0000000
--- a/meta-openembedded/meta-gnome/recipes-support/onboard/onboard_1.4.1.bb
+++ /dev/null
@@ -1,29 +0,0 @@
-SUMMARY = "An onscreen keyboard"
-LICENSE = "GPL-3.0-only"
-LIC_FILES_CHKSUM = "file://COPYING.GPL3;md5=8521fa4dd51909b407c5150498d34f4e"
-
-DEPENDS += "gtk+3 hunspell libcanberra libxkbfile dconf python3-distutils-extra-native intltool-native"
-
-SRC_URI = "https://launchpad.net/onboard/1.4/${PV}/+download/${BPN}-${PV}.tar.gz \
- file://0001-pypredict-lm-Define-error-API-if-platform-does-not-h.patch \
- "
-SRC_URI[md5sum] = "1a2fbe82e934f5b37841d17ff51e80e8"
-SRC_URI[sha256sum] = "01cae1ac5b1ef1ab985bd2d2d79ded6fc99ee04b1535cc1bb191e43a231a3865"
-
-inherit features_check setuptools3-base pkgconfig gtk-icon-cache gsettings mime-xdg
-
-REQUIRED_DISTRO_FEATURES = "x11"
-
-FILES:${PN} += " \
- ${datadir}/dbus-1 \
- ${datadir}/icons \
- ${datadir}/gnome-shell \
- ${datadir}/help \
-"
-
-RDEPENDS:${PN} += " \
- ncurses \
- python3-dbus \
- python3-pycairo \
- python3-pygobject \
-"
diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/pipewire/pipewire_0.3.57.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/pipewire/pipewire_0.3.59.bb
similarity index 99%
rename from meta-openembedded/meta-multimedia/recipes-multimedia/pipewire/pipewire_0.3.57.bb
rename to meta-openembedded/meta-multimedia/recipes-multimedia/pipewire/pipewire_0.3.59.bb
index 0ca8fd0..757c88c 100644
--- a/meta-openembedded/meta-multimedia/recipes-multimedia/pipewire/pipewire_0.3.57.bb
+++ b/meta-openembedded/meta-multimedia/recipes-multimedia/pipewire/pipewire_0.3.59.bb
@@ -13,7 +13,7 @@
DEPENDS = "dbus ncurses"
-SRCREV = "49f1c2038fb7b5249affa56709b117a2a8603b52"
+SRCREV = "f54a72fd9a67eeb8d1502d6d75979dbddb00fdf2"
SRC_URI = "git://gitlab.freedesktop.org/pipewire/pipewire.git;branch=master;protocol=https"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-multimedia/recipes-multimedia/wireplumber/wireplumber_0.4.11.bb b/meta-openembedded/meta-multimedia/recipes-multimedia/wireplumber/wireplumber_0.4.12.bb
similarity index 98%
rename from meta-openembedded/meta-multimedia/recipes-multimedia/wireplumber/wireplumber_0.4.11.bb
rename to meta-openembedded/meta-multimedia/recipes-multimedia/wireplumber/wireplumber_0.4.12.bb
index e093734..d80d934 100644
--- a/meta-openembedded/meta-multimedia/recipes-multimedia/wireplumber/wireplumber_0.4.11.bb
+++ b/meta-openembedded/meta-multimedia/recipes-multimedia/wireplumber/wireplumber_0.4.12.bb
@@ -11,7 +11,7 @@
${@bb.utils.contains("DISTRO_FEATURES", "gobject-introspection-data", "python3-native python3-lxml-native doxygen-native", "", d)} \
"
-SRCREV = "80b3559963f0ad40a7bfa6c23b0098275c0b5ebe"
+SRCREV = "6f6e5df9c1b223907efa8dcbfcd538821d0dabc4"
SRC_URI = "git://gitlab.freedesktop.org/pipewire/wireplumber.git;branch=master;protocol=https \
file://90-OE-disable-session-dbus-dependent-features.lua \
"
diff --git a/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.3.2.bb b/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.3.4.bb
similarity index 97%
rename from meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.3.2.bb
rename to meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.3.4.bb
index eed00fc..c3cde1f 100644
--- a/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.3.2.bb
+++ b/meta-openembedded/meta-networking/recipes-connectivity/blueman/blueman_2.3.4.bb
@@ -13,7 +13,7 @@
file://0001-meson-add-pythoninstalldir-option.patch \
"
S = "${WORKDIR}/git"
-SRCREV = "4275c35ffe372c3b194080726fbe1c99f974360f"
+SRCREV = "89bb5313a7cc24ca6fdbeaf2b02f6142dc1a8e60"
EXTRA_OEMESON = "-Druntime_deps_check=false -Dpythoninstalldir=${@noprefix('PYTHON_SITEPACKAGES_DIR', d)}"
diff --git a/meta-openembedded/meta-networking/recipes-filter/conntrack-tools/conntrack-tools_1.4.6.bb b/meta-openembedded/meta-networking/recipes-filter/conntrack-tools/conntrack-tools_1.4.6.bb
deleted file mode 100644
index 8f57e82..0000000
--- a/meta-openembedded/meta-networking/recipes-filter/conntrack-tools/conntrack-tools_1.4.6.bb
+++ /dev/null
@@ -1,40 +0,0 @@
-SUMMARY = "Connection tracking userspace tools for Linux"
-SECTION = "net"
-LICENSE = "GPL-2.0-or-later"
-LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b"
-
-DEPENDS = "libnfnetlink libnetfilter-conntrack libnetfilter-cttimeout \
- libnetfilter-cthelper libnetfilter-queue bison-native libtirpc"
-
-EXTRA_OECONF += "LIBS=-ltirpc CPPFLAGS=-I${STAGING_INCDIR}/tirpc"
-
-SRC_URI = "http://www.netfilter.org/projects/conntrack-tools/files/conntrack-tools-${PV}.tar.bz2;name=tar \
- file://conntrack-failover \
- file://init \
-"
-SRC_URI[tar.md5sum] = "a9dc7567921213007def78ad72313109"
-SRC_URI[tar.sha256sum] = "590859cc848245dbfd9c6487761dd303b3a1771e007f4f42213063ca56205d5f"
-
-inherit autotools update-rc.d pkgconfig
-
-INITSCRIPT_NAME = "conntrackd"
-
-do_install:append() {
- install -d ${D}/${sysconfdir}/conntrackd
- install -d ${D}/${sysconfdir}/init.d
- install -m 0644 ${S}/doc/sync/ftfw/conntrackd.conf ${D}/${sysconfdir}/conntrackd/conntrackd.conf.sample
- install -m 0755 ${WORKDIR}/conntrack-failover ${D}/${sysconfdir}/init.d/conntrack-failover
- install -m 0755 ${WORKDIR}/init ${D}/${sysconfdir}/init.d/conntrackd
-
- # Fix hardcoded paths in scripts
- sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}/${sysconfdir}/init.d/conntrack-failover ${D}/${sysconfdir}/init.d/conntrackd
- sed -i 's!/etc/!${sysconfdir}/!g' ${D}/${sysconfdir}/init.d/conntrack-failover ${D}/${sysconfdir}/init.d/conntrackd
- sed -i 's!/var/!${localstatedir}/!g' ${D}/${sysconfdir}/init.d/conntrack-failover ${D}/${sysconfdir}/init.d/conntrackd ${D}/${sysconfdir}/conntrackd/conntrackd.conf.sample
- sed -i 's!^export PATH=.*!export PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}/${sysconfdir}/init.d/conntrackd
-}
-
-# fix error message: Do not forget that you need *root* or CAP_NET_ADMIN capabilities ;-)
-pkg_postinst:${PN} () {
- setcap cap_net_admin+ep "$D/${sbindir}/conntrack"
-}
-PACKAGE_WRITE_DEPS += "libcap-native"
diff --git a/meta-openembedded/meta-networking/recipes-filter/conntrack-tools/conntrack-tools_1.4.7.bb b/meta-openembedded/meta-networking/recipes-filter/conntrack-tools/conntrack-tools_1.4.7.bb
new file mode 100644
index 0000000..8b47ceb
--- /dev/null
+++ b/meta-openembedded/meta-networking/recipes-filter/conntrack-tools/conntrack-tools_1.4.7.bb
@@ -0,0 +1,46 @@
+SUMMARY = "Connection tracking userspace tools for Linux"
+SECTION = "net"
+LICENSE = "GPL-2.0-or-later"
+LIC_FILES_CHKSUM = "file://COPYING;md5=8ca43cbc842c2336e835926c2166c28b"
+
+DEPENDS = "libnfnetlink libnetfilter-conntrack libnetfilter-cttimeout \
+ libnetfilter-cthelper libnetfilter-queue bison-native libtirpc"
+
+EXTRA_OECONF += "LIBS=-ltirpc CPPFLAGS=-I${STAGING_INCDIR}/tirpc"
+
+SRC_URI = "http://www.netfilter.org/projects/conntrack-tools/files/conntrack-tools-${PV}.tar.bz2 \
+ file://conntrack-failover \
+ file://init \
+"
+SRC_URI[sha256sum] = "099debcf57e81690ced57f516b493588a73518f48c14d656f823b29b4fc24b5d"
+
+inherit autotools update-rc.d pkgconfig systemd
+
+PACKAGECONFIG ?= "cthelper cttimeout \
+ ${@bb.utils.filter('DISTRO_FEATURES', 'systemd', d)}"
+
+PACKAGECONFIG[cthelper] = "--enable-cthelper,--disable-cthelper"
+PACKAGECONFIG[cttimeout] = "--enable-cttimeout,--disable-cttimeout"
+PACKAGECONFIG[systemd] = "--enable-systemd,--disable-systemd,systemd"
+
+INITSCRIPT_NAME = "conntrackd"
+
+do_install:append() {
+ install -d ${D}/${sysconfdir}/conntrackd
+ install -d ${D}/${sysconfdir}/init.d
+ install -m 0644 ${S}/doc/sync/ftfw/conntrackd.conf ${D}/${sysconfdir}/conntrackd/conntrackd.conf.sample
+ install -m 0755 ${WORKDIR}/conntrack-failover ${D}/${sysconfdir}/init.d/conntrack-failover
+ install -m 0755 ${WORKDIR}/init ${D}/${sysconfdir}/init.d/conntrackd
+
+ # Fix hardcoded paths in scripts
+ sed -i 's!/usr/sbin/!${sbindir}/!g' ${D}/${sysconfdir}/init.d/conntrack-failover ${D}/${sysconfdir}/init.d/conntrackd
+ sed -i 's!/etc/!${sysconfdir}/!g' ${D}/${sysconfdir}/init.d/conntrack-failover ${D}/${sysconfdir}/init.d/conntrackd
+ sed -i 's!/var/!${localstatedir}/!g' ${D}/${sysconfdir}/init.d/conntrack-failover ${D}/${sysconfdir}/init.d/conntrackd ${D}/${sysconfdir}/conntrackd/conntrackd.conf.sample
+ sed -i 's!^export PATH=.*!export PATH=${base_sbindir}:${base_bindir}:${sbindir}:${bindir}!' ${D}/${sysconfdir}/init.d/conntrackd
+}
+
+# fix error message: Do not forget that you need *root* or CAP_NET_ADMIN capabilities ;-)
+pkg_postinst:${PN} () {
+ setcap cap_net_admin+ep "$D/${sbindir}/conntrack"
+}
+PACKAGE_WRITE_DEPS += "libcap-native"
diff --git a/meta-openembedded/meta-networking/recipes-support/nbdkit/nbdkit_1.33.1.bb b/meta-openembedded/meta-networking/recipes-support/nbdkit/nbdkit_1.33.2.bb
similarity index 95%
rename from meta-openembedded/meta-networking/recipes-support/nbdkit/nbdkit_1.33.1.bb
rename to meta-openembedded/meta-networking/recipes-support/nbdkit/nbdkit_1.33.2.bb
index 322f89c..ad7b9a6 100644
--- a/meta-openembedded/meta-networking/recipes-support/nbdkit/nbdkit_1.33.1.bb
+++ b/meta-openembedded/meta-networking/recipes-support/nbdkit/nbdkit_1.33.2.bb
@@ -11,7 +11,7 @@
SRC_URI = "git://github.com/libguestfs/nbdkit.git;protocol=https;branch=master \
"
-SRCREV = "9ebc70dae82220f962167b1668fd2af6de886b16"
+SRCREV = "9e2fdefc1ba4c883c5e6aa4f32ab21777980a978"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-networking/recipes-support/unbound/unbound_1.16.3.bb b/meta-openembedded/meta-networking/recipes-support/unbound/unbound_1.17.0.bb
similarity index 96%
rename from meta-openembedded/meta-networking/recipes-support/unbound/unbound_1.16.3.bb
rename to meta-openembedded/meta-networking/recipes-support/unbound/unbound_1.17.0.bb
index 5e40d8c..0dd0ce8 100644
--- a/meta-openembedded/meta-networking/recipes-support/unbound/unbound_1.16.3.bb
+++ b/meta-openembedded/meta-networking/recipes-support/unbound/unbound_1.17.0.bb
@@ -12,7 +12,7 @@
SRC_URI = "git://github.com/NLnetLabs/unbound.git;protocol=http;branch=master;protocol=https \
file://0001-contrib-add-yocto-compatible-init-script.patch \
"
-SRCREV = "137719522a8ea5b380fbb6206d2466f402f5b554"
+SRCREV = "d25e0cd9b0545ff13120430c94326ceaf14b074f"
inherit autotools pkgconfig systemd update-rc.d
diff --git a/meta-openembedded/meta-oe/recipes-connectivity/zeromq/cppzmq_git.bb b/meta-openembedded/meta-oe/recipes-connectivity/zeromq/cppzmq_git.bb
index 7189115..1dbdc3e 100644
--- a/meta-openembedded/meta-oe/recipes-connectivity/zeromq/cppzmq_git.bb
+++ b/meta-openembedded/meta-oe/recipes-connectivity/zeromq/cppzmq_git.bb
@@ -4,8 +4,8 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=db174eaf7b55a34a7c89551197f66e94"
DEPENDS = "zeromq"
-SRCREV = "dd663fafd830466d34cba278c2cfd0f92eb67614"
-PV = "4.8.1"
+SRCREV = "d67b6352b87a238775cd17e4376b980d07fa7939"
+PV = "4.9.0"
SRC_URI = "git://github.com/zeromq/cppzmq.git;branch=master;protocol=https"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/abseil-ppc-fixes.patch b/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/abseil-ppc-fixes.patch
index ef3f50d..9b40825 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/abseil-ppc-fixes.patch
+++ b/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp/abseil-ppc-fixes.patch
@@ -20,7 +20,7 @@
#ifdef __GLIBC__
#include <sys/platform/ppc.h>
#elif defined(__FreeBSD__)
-@@ -53,7 +53,7 @@ double UnscaledCycleClock::Frequency() {
+@@ -58,7 +58,7 @@ double UnscaledCycleClock::Frequency() {
return base_internal::NominalCPUFrequency();
}
@@ -29,9 +29,9 @@
int64_t UnscaledCycleClock::Now() {
#ifdef __GLIBC__
---- a/absl/base/internal/unscaledcycleclock.h
-+++ b/absl/base/internal/unscaledcycleclock.h
-@@ -46,7 +46,8 @@
+--- a/absl/base/internal/unscaledcycleclock_config.h
++++ b/absl/base/internal/unscaledcycleclock_config.h
+@@ -21,7 +21,8 @@
// The following platforms have an implementation of a hardware counter.
#if defined(__i386__) || defined(__x86_64__) || defined(__aarch64__) || \
diff --git a/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb b/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb
index af28da5..9f8c48c 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/abseil-cpp/abseil-cpp_git.bb
@@ -7,9 +7,9 @@
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=df52c6edb7adc22e533b2bacc3bd3915"
-PV = "20220623.1"
-SRCREV = "8c0b94e793a66495e0b1f34a5eb26bd7dc672db0"
-BRANCH = "lts_2022_06_23"
+PV = "20221014.0"
+SRCREV = "5fa65f28e46e86c44966a1ca8a727a329d9c1ff8"
+BRANCH = "master"
SRC_URI = "git://github.com/abseil/abseil-cpp;branch=${BRANCH};protocol=https \
file://0001-absl-always-use-asm-sgidefs.h.patch \
file://0002-Remove-maes-option-from-cross-compilation.patch \
diff --git a/meta-openembedded/meta-oe/recipes-devtools/ctags/ctags_5.9.20221002.0.bb b/meta-openembedded/meta-oe/recipes-devtools/ctags/ctags_5.9.20221009.0.bb
similarity index 95%
rename from meta-openembedded/meta-oe/recipes-devtools/ctags/ctags_5.9.20221002.0.bb
rename to meta-openembedded/meta-oe/recipes-devtools/ctags/ctags_5.9.20221009.0.bb
index de9e6db..5564a9b 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/ctags/ctags_5.9.20221002.0.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/ctags/ctags_5.9.20221009.0.bb
@@ -14,7 +14,7 @@
inherit autotools-brokensep pkgconfig manpages
-SRCREV = "132379f59e223696f2382a84c2e12b6e7860a7ac"
+SRCREV = "5d506a1a3b6850f05de5e785c5d14cfd6f9b1620"
SRC_URI = "git://github.com/universal-ctags/ctags;branch=master;protocol=https"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/debootstrap/debootstrap_1.0.127.bb b/meta-openembedded/meta-oe/recipes-devtools/debootstrap/debootstrap_1.0.128.bb
similarity index 89%
rename from meta-openembedded/meta-oe/recipes-devtools/debootstrap/debootstrap_1.0.127.bb
rename to meta-openembedded/meta-oe/recipes-devtools/debootstrap/debootstrap_1.0.128.bb
index 5e0a488..4d13aa6 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/debootstrap/debootstrap_1.0.127.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/debootstrap/debootstrap_1.0.128.bb
@@ -11,7 +11,7 @@
file://0001-do-not-hardcode-the-full-path-of-dpkg.patch \
"
-SRC_URI[sha256sum] = "45887cf0582e6d16598e50713278d16b2272d02bdd117a9876e98277300dabd4"
+SRC_URI[sha256sum] = "09e7f8795fee894b77994213ee3a588e9d8f96ddf5f93afdec91e9a137aa7866"
S = "${WORKDIR}/debootstrap"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.45.2.bb b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.50.0.bb
similarity index 90%
rename from meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.45.2.bb
rename to meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.50.0.bb
index c2f952f..74ec3a8 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.45.2.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/grpc/grpc_1.50.0.bb
@@ -3,8 +3,8 @@
(C++, Node.js, Python, Ruby, Objective-C, PHP, C#)"
HOMEPAGE = "https://github.com/grpc/grpc"
SECTION = "libs"
-LICENSE = "Apache-2.0"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=6e4cf218112648d22420a84281b68b88"
+LICENSE = "Apache-2.0 & BSD-3-Clause & MPL-2.0"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=731e401b36f8077ae0c134b59be5c906"
DEPENDS = "c-ares protobuf protobuf-native protobuf-c protobuf-c-native openssl libnsl2 abseil-cpp re2"
DEPENDS:append:class-target = " googletest grpc-native "
@@ -20,9 +20,9 @@
# RDEPENDS:${PN}-dev += "${PN}-compiler"
S = "${WORKDIR}/git"
-SRCREV_grpc = "b39ffcc425ea990a537f98ec6fe6a1dcb90470d7"
-BRANCH = "v1.45.x"
-SRC_URI = "git://github.com/grpc/grpc.git;protocol=https;name=grpc;branch=${BRANCH} \
+SRCREV_grpc = "91091e3668144de9c6aa392f496bb7639f7025a7"
+BRANCH = "v1.50.x"
+SRC_URI = "gitsm://github.com/grpc/grpc.git;protocol=https;name=grpc;branch=${BRANCH} \
file://0001-Revert-Changed-GRPCPP_ABSEIL_SYNC-to-GPR_ABSEIL_SYNC.patch \
file://0001-cmake-add-separate-export-for-plugin-targets.patch \
file://0001-cmake-Link-with-libatomic-on-rv32-rv64.patch \
diff --git a/meta-openembedded/meta-oe/recipes-devtools/gst-editing-services/gst-editing-services_1.20.3.bb b/meta-openembedded/meta-oe/recipes-devtools/gst-editing-services/gst-editing-services_1.20.4.bb
similarity index 91%
rename from meta-openembedded/meta-oe/recipes-devtools/gst-editing-services/gst-editing-services_1.20.3.bb
rename to meta-openembedded/meta-oe/recipes-devtools/gst-editing-services/gst-editing-services_1.20.4.bb
index d14869b..37f7746 100644
--- a/meta-openembedded/meta-oe/recipes-devtools/gst-editing-services/gst-editing-services_1.20.3.bb
+++ b/meta-openembedded/meta-oe/recipes-devtools/gst-editing-services/gst-editing-services_1.20.4.bb
@@ -18,7 +18,7 @@
EXTRA_OEMESON = "-Dvalidate=disabled"
SRC_URI = "http://gstreamer.freedesktop.org/src/gst-editing-services/gst-editing-services-${PV}.tar.xz"
-SRC_URI[sha256sum] = "5fd896de69fbe24421eb6b0ff8d2f8b4c3cba3f3025ceacd302172f39a8abaa2"
+SRC_URI[sha256sum] = "aa03e983af5d79c1befffe3575b034e60960619a96bf877447cb73c28016fc41"
PACKAGES += "gst-validate-launcher libges"
diff --git a/meta-openembedded/meta-oe/recipes-devtools/perfetto/files/0001-Remove-check_build_deps-build-steps.patch b/meta-openembedded/meta-oe/recipes-devtools/perfetto/files/0001-Remove-check_build_deps-build-steps.patch
new file mode 100644
index 0000000..28fa983
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-devtools/perfetto/files/0001-Remove-check_build_deps-build-steps.patch
@@ -0,0 +1,71 @@
+From 3b7091243ec03054ca8800b51b85a1c09e7e3075 Mon Sep 17 00:00:00 2001
+From: Sui Chen <suichen6@gmail.com>
+Date: Mon, 13 Jun 2022 17:46:49 +0000
+Subject: [PATCH] Remove "check_build_deps" build steps
+
+When building with Bitbake, we want Bitbake to manage our dependencies,
+so we remove the "check_build_deps" steps from Perfetto.
+
+Also setting "is_cross_compiling" to true, so that the host-side tools
+(such as protoc) will always be generated using the native toolchain,
+rather than the Bitbake-generated one.
+
+Signed-off-by: Sui Chen <suichen6@gmail.com>
+---
+ gn/BUILD.gn | 1 -
+ gn/standalone/BUILD.gn | 12 ++++++------
+ gn/standalone/BUILDCONFIG.gn | 5 +++--
+ 3 files changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/gn/BUILD.gn b/gn/BUILD.gn
+index 8a7ca72a8..e4a2d39f0 100644
+--- a/gn/BUILD.gn
++++ b/gn/BUILD.gn
+@@ -111,7 +111,6 @@ group("default_deps") {
+ deps = [ ":gen_buildflags" ]
+ if (perfetto_build_standalone) {
+ public_deps = [
+- "//gn/standalone:check_build_deps",
+ "//gn/standalone/libc++:deps",
+ "//gn/standalone/sanitizers:deps",
+ ]
+diff --git a/gn/standalone/BUILD.gn b/gn/standalone/BUILD.gn
+index 582e9b867..9c77ac64c 100644
+--- a/gn/standalone/BUILD.gn
++++ b/gn/standalone/BUILD.gn
+@@ -441,10 +441,10 @@ config("android_liblog") {
+ }
+
+ # Checks that tools/install-build-deps has been run since it last changed.
+-perfetto_check_build_deps("check_build_deps") {
+- args = []
+-}
++#perfetto_check_build_deps("check_build_deps") {
++# args = []
++#}
+
+-perfetto_check_build_deps("check_build_deps_android") {
+- args = [ "--android" ]
+-}
++#perfetto_check_build_deps("check_build_deps_android") {
++# args = [ "--android" ]
++#}
+diff --git a/gn/standalone/BUILDCONFIG.gn b/gn/standalone/BUILDCONFIG.gn
+index 6f32686c1..c041989b0 100644
+--- a/gn/standalone/BUILDCONFIG.gn
++++ b/gn/standalone/BUILDCONFIG.gn
+@@ -59,8 +59,9 @@ declare_args() {
+ # the ossfuzz sanitizer overrides this to true. In that config the
+ # host/target cpu and arch are identical, but we want to build only the
+ # targets with the sanitizer/fuzzer flags
+- is_cross_compiling =
+- target_cpu != host_cpu || target_os != host_os || target_triplet != ""
++
++ # for Bitbake build
++ is_cross_compiling = true
+ }
+ default_configs = [
+ "//gn/standalone:debug_symbols",
+--
+2.37.1
+
diff --git a/meta-openembedded/meta-oe/recipes-devtools/perfetto/perfetto.bb b/meta-openembedded/meta-oe/recipes-devtools/perfetto/perfetto.bb
new file mode 100644
index 0000000..143445c
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-devtools/perfetto/perfetto.bb
@@ -0,0 +1,151 @@
+LICENSE = "Apache-2.0 & BSD-3-Clause & MIT & Zlib"
+
+LIC_FILES_CHKSUM = "file://LICENSE;md5=f87516e0b698007e9e75a1fe1012b390 \
+ file://buildtools/libcxx/LICENSE.TXT;md5=55d89dd7eec8d3b4204b680e27da3953 \
+ file://buildtools/libcxx/utils/google-benchmark/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \
+ file://buildtools/libcxxabi/LICENSE.TXT;md5=7b9334635b542c56868400a46b272b1e \
+ file://buildtools/libunwind/LICENSE.TXT;md5=f66970035d12f196030658b11725e1a1 \
+ file://buildtools/protobuf/LICENSE;md5=37b5762e07f0af8c74ce80a8bda4266b \
+ file://buildtools/zlib/LICENSE;md5=f09575dbfb09420642318b413159496f \
+ file://debian/copyright;md5=4e08364c82141f181de69d0a2b89d612 \
+ file://python/LICENSE;md5=c602a632c34ade9c78a976734077bce7"
+
+SRC_URI = "git://github.com/google/perfetto.git;branch=master;protocol=https;name=perfetto \
+ git://github.com/protocolbuffers/protobuf.git;branch=3.9.x;protocol=https;destsuffix=git/buildtools/protobuf;name=protobuf \
+ git://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxx.git;protocol=https;destsuffix=git/buildtools/libcxx;branch=main;name=libcxx \
+ git://chromium.googlesource.com/external/github.com/llvm/llvm-project/libcxxabi.git;protocol=https;destsuffix=git/buildtools/libcxxabi;branch=main;name=libcxxabi \
+ git://chromium.googlesource.com/external/github.com/llvm/llvm-project/libunwind.git;protocol=https;destsuffix=git/buildtools/libunwind;branch=main;name=libunwind \
+ git://android.googlesource.com/platform/external/zlib.git;branch=master;protocol=https;destsuffix=git/buildtools/zlib;name=zlib \
+ https://storage.googleapis.com/perfetto/gn-linux64-1968-0725d782;subdir=git/buildtools/;name=gn \
+ file://0001-Remove-check_build_deps-build-steps.patch "
+
+SRCREV_perfetto = "5bd3f582c075d0d026c5fe0b5e291d34dee0d976"
+SRCREV_protobuf = "6a59a2ad1f61d9696092f79b6d74368b4d7970a3"
+SRCREV_libcxx = "d9040c75cfea5928c804ab7c235fed06a63f743a"
+SRCREV_libcxxabi = "196ba1aaa8ac285d94f4ea8d9836390a45360533"
+SRCREV_libunwind = "d999d54f4bca789543a2eb6c995af2d9b5a1f3ed"
+SRCREV_zlib = "5c85a2da4c13eda07f69d81a1579a5afddd35f59"
+SRC_URI[gn.sha256sum] = "f706aaa0676e3e22f5fc9ca482295d7caee8535d1869f99efa2358177b64f5cd"
+
+DEPENDS += " ninja-native"
+
+COMPATIBLE_HOST = "(i.86|x86_64|aarch64|arm).*-linux*"
+
+FILES:${PN}:append = " \
+ ${bindir}/tracebox \
+ "
+
+S = "${WORKDIR}/git"
+B = "${WORKDIR}/build"
+
+# Run the GN (Generate Ninja) script, and replace the compiler flags where applicable
+do_configure () {
+ # Configuration needs to be done from the source directory
+ cd ${S}
+ # Rename a few build tools if they have not been renamed
+ cd buildtools
+ x="gn-linux64-1968-0725d782"
+ [ -f $x ] && mkdir linux64 && mv $x linux64/gn
+ chmod +x linux64/gn
+ cd ..
+
+ CC_BIN=`echo $CC | awk '{print $1}'`
+ CXX_BIN=`echo $CXX | awk '{print $1}'`
+ STRIP_BIN=`echo $STRIP | awk '{print $1}'`
+
+ ARGS="is_debug=false " # Tell gn to use release mode
+
+ if [ -z `echo ${TOOLCHAIN} | grep clang` ]; then
+ ARGS=$ARGS" is_clang=false"
+ else
+ ARGS=$ARGS" is_clang=true"
+ fi
+
+ # Architecture parameter accepted by Perfetto
+ arch=${TARGET_ARCH}
+ if [ $arch = "i686" ]; then
+ arch="x86"
+ elif [ $arch = "x86_64" ]; then
+ arch="x64"
+ elif [ $arch = "aarch64" ]; then
+ arch="arm64"
+ fi
+
+ # For ARM32 with hardware floating point using clang and musl, we need to
+ # specify -mfloat-abi=hard to make the ABI settings of the linker and the
+ # compiler match. The linker would use hardware float ABI. The compiler does
+ # not. As a result we need to force the compiler to do so by adding
+ # -mfloat-abi=hard to compilation flags.
+ FLOAT_ABI=""
+ if [[ "${@bb.utils.contains('TUNE_FEATURES', 'callconvention-hard', 'true', 'false', d)}" == "true" ]]; then
+ FLOAT_ABI="-mfloat-abi=hard"
+ fi
+
+ ARGS=$ARGS" target_os=\"linux\""
+ ARGS=$ARGS" target_cpu=\"$arch\""
+ ARGS=$ARGS" target_cc=\"$CC_BIN ${FLOAT_ABI}\""
+ ARGS=$ARGS" target_cxx=\"$CXX_BIN -std=c++11 ${FLOAT_ABI}\""
+ ARGS=$ARGS" target_strip=\"$STRIP_BIN\"" #
+ ARGS=$ARGS" target_sysroot=\"${RECIPE_SYSROOT}\""
+ ARGS=$ARGS" target_linker=\"$CC_BIN ${FLOAT_ABI} ${LDFLAGS}\""
+ ARGS=$ARGS" target_ar=\"$AR\""
+ ARGS="'$ARGS'"
+ cmd="tools/gn gen --args=$ARGS ${B}"
+
+ echo $cmd
+ # Use eval, not just call $cmd, due to escaping of single quotation marks
+ eval $cmd
+
+ cd ${B}
+ # Eliminate a few incompatible build flags
+ REPLACES="s/-Wl,--icf=all//g"
+ REPLACES=$REPLACES";s/-Werror//g"
+ REPLACES=$REPLACES";s/-mfpu=neon//g"
+ REPLACES=$REPLACES";s/-fcolor-diagnostics//g"
+ REPLACES=$REPLACES";s/=format-security//g"
+ REPLACES=$REPLACES";s/-fdiagnostics-show-template-tree//g"
+ REPLACES=$REPLACES";s/-D_FORTIFY_SOURCE=2//g"
+ REPLACES=$REPLACES";s/-fuse-ld=\S*//g"
+
+ find . -name "*.ninja" | xargs sed $REPLACES -i
+
+ # If using the clang toolchain: use the clang host-side binaries built by Bitbake
+ if [ "${TOOLCHAIN}" = "clang" ]; then
+ BB_CLANGXX="${BUILD_CXX} ${BUILD_LDFLAGS} ${FLOAT_ABI}"
+ BB_CLANG="${BUILD_CC} ${FLOAT_ABI}"
+ BB_LLVM_OBJCOPY="${RECIPE_SYSROOT_NATIVE}/usr/bin/llvm-objcopy"
+
+ HOST_CLANGXX="${STAGING_DIR_NATIVE}/usr/bin/clang++ -stdlib=libc++ -rtlib=libgcc -unwindlib=libgcc ${FLOAT_ABI}"
+ HOST_CLANG="${STAGING_DIR_NATIVE}/usr/bin/clang ${FLOAT_ABI}"
+ HOST_LLVM_OBJCOPY="${STAGING_DIR_NATIVE}/usr/bin/llvm-objcopy"
+
+ cd gcc_like_host
+ REPLACES="s:\S*clang++ :$HOST_CLANGXX :g"
+ REPLACES=$REPLACES";s:\S*clang :$HOST_CLANG :g"
+ REPLACES=$REPLACES";s:\S*llvm-objcopy :$HOST_LLVM_OBJCOPY :g"
+ find . -name "*.ninja" | xargs sed "$REPLACES" -i
+ cd ..
+ fi
+ # Done processing the Ninja files
+
+ # Workaround for the functions not supported by musl
+ if [ "${TCLIBC}" = "musl" ]; then
+ sed -e 's/strtoll_l(__a, \&__p2, __base, _LIBCPP_GET_C_LOCALE)/strtoll(__a, \&__p2, __base)/g' \
+ -e 's/strtoull_l(__a, \&__p2, __base, _LIBCPP_GET_C_LOCALE)/strtoull(__a, \&__p2, __base)/g' \
+ ${S}/buildtools/libcxx/include/locale -i
+ fi
+}
+
+# Perfetto generates a few different binaries, such as traced and traced_probes and perfetto.
+# The "tracebox" is a busybox that combines the 3 above and provides a single stop for trace capture, so we only build "tracebox" here.
+do_compile () {
+ cd ${B}
+ ninja -C . tracebox
+}
+
+do_install () {
+ BIN_DIR=${D}${bindir}
+
+ install -d -m0755 $BIN_DIR
+ install ${B}/tracebox $BIN_DIR/tracebox
+}
diff --git a/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.4.bb b/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.5.bb
similarity index 96%
rename from meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.4.bb
rename to meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.5.bb
index 3516592..7ed1519 100644
--- a/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.4.bb
+++ b/meta-openembedded/meta-oe/recipes-extended/redis/redis_7.0.5.bb
@@ -19,7 +19,7 @@
file://GNU_SOURCE-7.patch \
file://0006-Define-correct-gregs-for-RISCV32.patch \
"
-SRC_URI[sha256sum] = "f0e65fda74c44a3dd4fa9d512d4d4d833dd0939c934e946a5c622a630d057f2f"
+SRC_URI[sha256sum] = "67054cc37b58c125df93bd78000261ec0ef4436a26b40f38262c780e56315cc3"
inherit autotools-brokensep update-rc.d systemd useradd
diff --git a/meta-openembedded/meta-oe/recipes-graphics/tesseract/tesseract/0001-include-sys-time.h.patch b/meta-openembedded/meta-oe/recipes-graphics/tesseract/tesseract/0001-include-sys-time.h.patch
deleted file mode 100644
index de1fa75..0000000
--- a/meta-openembedded/meta-oe/recipes-graphics/tesseract/tesseract/0001-include-sys-time.h.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From b47fa9532a7090d76521603dbc818bdec100085f Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Tue, 15 Sep 2020 17:04:27 -0700
-Subject: [PATCH] include sys/time.h
-
-This provides missing definitions of timeval stuct
-
-Fixes
-| ../../../git/src/ccutil/ocrclass.h:154:7: error: member access into
-incomplete type 'struct timeval'
-| tv->tv_usec = (millisecs.count() % 1000) * 1000;
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- src/ccutil/ocrclass.h | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/ccutil/ocrclass.h b/src/ccutil/ocrclass.h
-index d39a6dd6..96395c9b 100644
---- a/src/ccutil/ocrclass.h
-+++ b/src/ccutil/ocrclass.h
-@@ -28,6 +28,8 @@
-
- #include <chrono>
- #include <ctime>
-+#include <sys/time.h>
-+
- #ifdef _WIN32
- #include <winsock2.h> // for timeval
- #endif
---
-2.28.0
-
diff --git a/meta-openembedded/meta-oe/recipes-graphics/tesseract/tesseract_4.1.3.bb b/meta-openembedded/meta-oe/recipes-graphics/tesseract/tesseract_5.2.0.bb
similarity index 71%
rename from meta-openembedded/meta-oe/recipes-graphics/tesseract/tesseract_4.1.3.bb
rename to meta-openembedded/meta-oe/recipes-graphics/tesseract/tesseract_5.2.0.bb
index 6f92679..8eb2073 100644
--- a/meta-openembedded/meta-oe/recipes-graphics/tesseract/tesseract_4.1.3.bb
+++ b/meta-openembedded/meta-oe/recipes-graphics/tesseract/tesseract_5.2.0.bb
@@ -5,10 +5,8 @@
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
-BRANCH = "4.1"
-SRCREV = "f38e7a7ba850b668d4505dd4c712238d7ec63ca8"
-SRC_URI = "git://github.com/${BPN}-ocr/${BPN}.git;branch=${BRANCH};protocol=https \
- file://0001-include-sys-time.h.patch \
+SRCREV = "5ad5325a0aa8effc47ca033625b6a51682f82767"
+SRC_URI = "git://github.com/${BPN}-ocr/${BPN}.git;branch=main;protocol=https \
"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-oe/recipes-kernel/broadcom-bt-firmware/broadcom-bt-firmware_12.0.1.1105_p3.bb b/meta-openembedded/meta-oe/recipes-kernel/broadcom-bt-firmware/broadcom-bt-firmware_12.0.1.1105_p3.bb
index f45ea5e..4b6026e 100644
--- a/meta-openembedded/meta-oe/recipes-kernel/broadcom-bt-firmware/broadcom-bt-firmware_12.0.1.1105_p3.bb
+++ b/meta-openembedded/meta-oe/recipes-kernel/broadcom-bt-firmware/broadcom-bt-firmware_12.0.1.1105_p3.bb
@@ -10,7 +10,7 @@
LIC_FILES_CHKSUM = "file://LICENSE.broadcom_bcm20702;md5=c0d5ea0502b00df74173d0f8a48b619d"
SRC_URI = "git://github.com/winterheart/broadcom-bt-firmware.git;branch=master;protocol=https"
-SRCREV = "68a7a8a4f2c4bdd3425c23653a3b9b6609e41d0b"
+SRCREV = "a0eb4805dbb232f02f156b9351a23790c1a4cec7"
PE = "1"
diff --git a/meta-openembedded/meta-oe/recipes-multimedia/v4l2apps/v4l-utils/0005-configure.ac-Makefile.am-Support-building-without-NL.patch b/meta-openembedded/meta-oe/recipes-multimedia/v4l2apps/v4l-utils/0005-configure.ac-Makefile.am-Support-building-without-NL.patch
new file mode 100644
index 0000000..0548e4f
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-multimedia/v4l2apps/v4l-utils/0005-configure.ac-Makefile.am-Support-building-without-NL.patch
@@ -0,0 +1,45 @@
+From 4fe9f6071cd24bcab157a9398adcca474f619f8d Mon Sep 17 00:00:00 2001
+From: Peter Kjellerstedt <pkj@axis.com>
+Date: Sat, 15 Oct 2022 02:45:26 +0200
+Subject: [PATCH] configure.ac, Makefile.am: Support building without NLS
+
+Avoid entering the v4l-utils-po and libdvbv5-po directories if NLS
+support is disabled, as the generated Makefiles in those directories are
+empty then.
+
+Upstream-Status: Submitted [https://patchwork.linuxtv.org/project/linux-media/patch/20221015010541.688322-1-pkj@axis.com/]
+Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
+---
+ Makefile.am | 6 +++++-
+ configure.ac | 1 +
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 7fb443ab..8e924af8 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -2,7 +2,11 @@ AUTOMAKE_OPTIONS = foreign
+ ACLOCAL_AMFLAGS = -I m4
+ AM_MAKEFLAGS = $(word 1, $(subst 1, -w, $(filter 1, $(V))) --no-print-directory)
+
+-SUBDIRS = v4l-utils-po libdvbv5-po lib
++SUBDIRS = lib
++
++if USE_NLS
++SUBDIRS += v4l-utils-po libdvbv5-po
++endif
+
+ if WITH_V4LUTILS
+ SUBDIRS += utils contrib
+diff --git a/configure.ac b/configure.ac
+index 05298981..7c78467f 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -99,6 +99,7 @@ DX_INIT_DOXYGEN($PACKAGE_NAME, doxygen_libdvbv5.cfg)
+ ALL_LINGUAS=""
+ m4_ifdef(AM_GNU_GETTEXT_REQUIRE_VERSION,[AM_GNU_GETTEXT_REQUIRE_VERSION([0.19.8])],[AM_GNU_GETTEXT_VERSION([0.19.8])])
+ AM_GNU_GETTEXT([external])
++AM_CONDITIONAL([USE_NLS], [test "$USE_NLS" = "yes"])
+
+ LIBDVBV5_DOMAIN="libdvbv5"
+ AC_DEFINE([LIBDVBV5_DOMAIN], "libdvbv5", [libdvbv5 domain])
diff --git a/meta-openembedded/meta-oe/recipes-multimedia/v4l2apps/v4l-utils_1.23.0.bb b/meta-openembedded/meta-oe/recipes-multimedia/v4l2apps/v4l-utils_1.23.0.bb
index 2f5ae35..5bc6305 100644
--- a/meta-openembedded/meta-oe/recipes-multimedia/v4l2apps/v4l-utils_1.23.0.bb
+++ b/meta-openembedded/meta-oe/recipes-multimedia/v4l2apps/v4l-utils_1.23.0.bb
@@ -27,6 +27,7 @@
file://0002-original-patch-mediactl-pkgconfig.patch \
file://0003-original-patch-export-mediactl-headers.patch \
file://0004-Do-not-use-getsubopt.patch \
+ file://0005-configure.ac-Makefile.am-Support-building-without-NL.patch \
"
SRCREV = "fd544473800d02e90bc289434cc44e5aa8fadd0f"
diff --git a/meta-openembedded/meta-oe/recipes-support/cli11/cli11_2.2.0.bb b/meta-openembedded/meta-oe/recipes-support/cli11/cli11_2.3.0.bb
similarity index 94%
rename from meta-openembedded/meta-oe/recipes-support/cli11/cli11_2.2.0.bb
rename to meta-openembedded/meta-oe/recipes-support/cli11/cli11_2.3.0.bb
index 53a5748..53ae95b 100644
--- a/meta-openembedded/meta-oe/recipes-support/cli11/cli11_2.2.0.bb
+++ b/meta-openembedded/meta-oe/recipes-support/cli11/cli11_2.3.0.bb
@@ -3,7 +3,7 @@
HOMEPAGE = "https://github.com/CLIUtils/CLI11"
LICENSE = "BSD-3-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=9ad746b5f49c0fd53c08ca1faff1922c"
-SRCREV = "b9be5b9444772324459989177108a6a65b8b2769"
+SRCREV = "a66ae4145779c56dc0f9f98a631656417dd77de8"
PV .= "+git${SRCPV}"
SRC_URI += "gitsm://github.com/CLIUtils/CLI11;branch=main;protocol=https \
diff --git a/meta-openembedded/meta-oe/recipes-support/crucible/crucible_2022.05.25.bb b/meta-openembedded/meta-oe/recipes-support/crucible/crucible_2022.05.25.bb
new file mode 100644
index 0000000..73856d5
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/crucible/crucible_2022.05.25.bb
@@ -0,0 +1,19 @@
+SUMMARY = "Utility that provides userspace support for reading and writing to the i.MX fuses"
+LICENSE = "GPL-3.0-only"
+LIC_FILES_CHKSUM = "file://src/${GO_IMPORT}/LICENSE;md5=a64ced9463b8c81d08335d41966e0592"
+
+GO_IMPORT = "github.com/usbarmory/crucible"
+SRC_URI = "git://${GO_IMPORT}.git;protocol=https;branch=master"
+
+GO_INSTALL = "\
+ ${GO_IMPORT}/cmd/crucible \
+ ${GO_IMPORT}/cmd/habtool \
+"
+SRCREV = "837bdb65a20de240f92ea57727385352e06b977e"
+
+# Workaround for network access issue during compile step.
+# This needs to be fixed in the recipes buildsystem so that
+# it can be accomplished during do_fetch task.
+do_compile[network] = "1"
+
+inherit go-mod
diff --git a/meta-openembedded/meta-oe/recipes-support/dc/double-conversion_3.2.1.bb b/meta-openembedded/meta-oe/recipes-support/dc/double-conversion_3.2.1.bb
new file mode 100644
index 0000000..cc54dc6
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/dc/double-conversion_3.2.1.bb
@@ -0,0 +1,18 @@
+SUMMARY = "Double conversion libraries"
+DESCRIPTION = "This provides binary-decimal and decimal-binary routines for IEEE doubles."
+HOMEPAGE = "https://github.com/google/double-conversion.git"
+
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=1ea35644f0ec0d9767897115667e901f"
+
+
+S = "${WORKDIR}/git"
+
+SRC_URI = " \
+ git://github.com/google/double-conversion.git;protocol=https;branch=master \
+"
+SRCREV = "af09fd65fcf24eee95dc62813ba9123414635428"
+
+inherit cmake
+
+EXTRA_OECMAKE = "-DBUILD_SHARED_LIBS=ON"
diff --git a/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp_2.8.0.bb b/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp_2.8.1.bb
similarity index 97%
rename from meta-openembedded/meta-oe/recipes-support/freerdp/freerdp_2.8.0.bb
rename to meta-openembedded/meta-oe/recipes-support/freerdp/freerdp_2.8.1.bb
index 33782e5..5f53967 100644
--- a/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp_2.8.0.bb
+++ b/meta-openembedded/meta-oe/recipes-support/freerdp/freerdp_2.8.1.bb
@@ -13,7 +13,7 @@
PE = "1"
PKGV = "${GITPKGVTAG}"
-SRCREV = "e3fc97feb512053189e276b2ca79762990bb8c4c"
+SRCREV = "0ad3f49f0e7eb78586acc6bf6e4605f96f88954e"
SRC_URI = "git://github.com/FreeRDP/FreeRDP.git;branch=stable-2.0;protocol=https \
file://winpr-makecert-Build-with-install-RPATH.patch \
"
diff --git a/meta-openembedded/meta-oe/recipes-support/libusbgx/libusbgx_git.bb b/meta-openembedded/meta-oe/recipes-support/libusbgx/libusbgx_git.bb
index 16552fd..11e8893 100644
--- a/meta-openembedded/meta-oe/recipes-support/libusbgx/libusbgx_git.bb
+++ b/meta-openembedded/meta-oe/recipes-support/libusbgx/libusbgx_git.bb
@@ -23,13 +23,13 @@
PACKAGECONFIG[gadget-schemes] = "--enable-gadget-schemes,--disable-gadget-schemes"
PACKAGECONFIG[tests] = "--enable-tests,--disable-tests,cmocka"
-PACKAGE_BEFORE_PN = "${PN}-examples"
+PACKAGE_BEFORE_PN = "${@bb.utils.contains('PACKAGECONFIG', 'examples', '${PN}-examples', '', d)}"
SYSTEMD_PACKAGES = "${PN}-examples"
SYSTEMD_SERVICE:${PN}-examples = "usbgx.service"
SYSTEMD_AUTO_ENABLE:${PN}-examples = "${@bb.utils.contains('PACKAGECONFIG', 'examples', 'enable', 'disable', d)}"
-INITSCRIPT_PACKAGES = "${PN}-examples"
+INITSCRIPT_PACKAGES = "${@bb.utils.contains('PACKAGECONFIG', 'examples', '${PN}-examples', '', d)}"
INITSCRIPT_NAME = "usbgx"
INITSCRIPT_PARAMS = "defaults"
INHIBIT_UPDATERCD_BBCLASS = "${@bb.utils.contains('PACKAGECONFIG', 'examples', '1', '0', d)}"
diff --git a/meta-openembedded/meta-oe/recipes-support/md4c/md4c_0.4.8.bb b/meta-openembedded/meta-oe/recipes-support/md4c/md4c_0.4.8.bb
new file mode 100644
index 0000000..fc3dbb3
--- /dev/null
+++ b/meta-openembedded/meta-oe/recipes-support/md4c/md4c_0.4.8.bb
@@ -0,0 +1,17 @@
+SUMMARY = "Markdown for C"
+DESCRIPTION = "MD4C is Markdown parser implementation in C."
+HOMEPAGE = "http://github.com/mity/md4c"
+
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE.md;md5=7e0fbcf3701aad22f2d2e0624a703795"
+
+
+S = "${WORKDIR}/git"
+
+SRC_URI = " \
+ git://github.com/mity/md4c.git;protocol=https;branch=master \
+"
+
+SRCREV = "c3340b480e5232711858108be07460a9836c8ab5"
+
+inherit cmake
diff --git a/meta-openembedded/meta-oe/recipes-support/remmina/remmina_1.4.24.bb b/meta-openembedded/meta-oe/recipes-support/remmina/remmina_1.4.27.bb
similarity index 90%
rename from meta-openembedded/meta-oe/recipes-support/remmina/remmina_1.4.24.bb
rename to meta-openembedded/meta-oe/recipes-support/remmina/remmina_1.4.27.bb
index 23cafa7..7eb87a0 100644
--- a/meta-openembedded/meta-oe/recipes-support/remmina/remmina_1.4.24.bb
+++ b/meta-openembedded/meta-oe/recipes-support/remmina/remmina_1.4.27.bb
@@ -25,14 +25,14 @@
DEPENDS:append:libc-musl = " libexecinfo"
LDFLAGS:append:libc-musl = " -lexecinfo"
-SRCREV = "ffa6a7ef9c6be7951bac23d14df148098fd2d3fa"
+SRCREV = "9d409a3556c8c2759a376b4f4ac5149db7aacf4f"
SRC_URI = "git://gitlab.com/Remmina/Remmina;protocol=https;branch=master"
S = "${WORKDIR}/git"
inherit cmake features_check mime mime-xdg gtk-icon-cache pkgconfig
REQUIRED_DISTRO_FEATURES = "x11"
-EXTRA_OECMAKE += "-DWITH_APPINDICATOR=OFF -DWITH_GETTEXT=OFF -DWITH_TRANSLATIONS=OFF -DHAVE_LIBAPPINDICATOR=OFF"
+EXTRA_OECMAKE += "-DWITH_APPINDICATOR=OFF -DWITH_GETTEXT=OFF -DWITH_TRANSLATIONS=OFF -DHAVE_LIBAPPINDICATOR=OFF -DWITH_WEBKIT2GTK=OFF"
PACKAGECONFIG[spice] = "-DWITH_SPICE=ON, -DWITH_SPICE=OFF, spice spice-protocol"
# Switch on gtk support in avahi recipe if you want to enable avahi support
diff --git a/meta-openembedded/meta-oe/recipes-support/tio/tio_2.0.bb b/meta-openembedded/meta-oe/recipes-support/tio/tio_2.1.bb
similarity index 91%
rename from meta-openembedded/meta-oe/recipes-support/tio/tio_2.0.bb
rename to meta-openembedded/meta-oe/recipes-support/tio/tio_2.1.bb
index 54e448b..1c36bd5 100644
--- a/meta-openembedded/meta-oe/recipes-support/tio/tio_2.0.bb
+++ b/meta-openembedded/meta-oe/recipes-support/tio/tio_2.1.bb
@@ -7,7 +7,7 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=0e1a95b7892d3015ecd6d0016f601f2c"
SRC_URI = "git://github.com/tio/tio;protocol=https;nobranch=1"
-SRCREV = "6618642acf28fec6d3e70ed75b50d4ce138ea08a"
+SRCREV = "14fc77ffc13a4c60a98f0bb7e0f431e9ed7cf1fd"
S = "${WORKDIR}/git"
diff --git a/meta-openembedded/meta-oe/recipes-support/uriparser/uriparser_0.9.6.bb b/meta-openembedded/meta-oe/recipes-support/uriparser/uriparser_0.9.7.bb
similarity index 67%
rename from meta-openembedded/meta-oe/recipes-support/uriparser/uriparser_0.9.6.bb
rename to meta-openembedded/meta-oe/recipes-support/uriparser/uriparser_0.9.7.bb
index 0d45a15..421263e 100644
--- a/meta-openembedded/meta-oe/recipes-support/uriparser/uriparser_0.9.6.bb
+++ b/meta-openembedded/meta-oe/recipes-support/uriparser/uriparser_0.9.7.bb
@@ -5,11 +5,11 @@
LIC_FILES_CHKSUM = "file://COPYING;md5=fcc5a53146c2401f4b4f6a3bdf3f0168"
SRC_URI = "https://github.com/${BPN}/${BPN}/releases/download/${BP}/${BP}.tar.gz"
-SRC_URI[sha256sum] = "10e6f90d359c1087c45f907f95e527a8aca84422251081d1533231e031a084ff"
+SRC_URI[sha256sum] = "11553b2abd2b5728a6c88e35ab08e807d0a0f23c44920df937778ce8cc4d40ff"
-UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/releases"
+inherit cmake github-releases
-inherit cmake
+UPSTREAM_CHECK_REGEX = "releases/tag/${BPN}-(?P<pver>\d+(\.\d+)+)"
EXTRA_OECMAKE += "-DURIPARSER_BUILD_DOCS:BOOL=OFF -DURIPARSER_BUILD_TESTS:BOOL=OFF"
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-absl_1.2.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-absl_1.3.0.bb
similarity index 76%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-absl_1.2.0.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-absl_1.3.0.bb
index 42b3ddc..b376278 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-absl_1.2.0.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-absl_1.3.0.bb
@@ -4,7 +4,7 @@
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
-SRC_URI[sha256sum] = "f568809938c49abbda89826223c992b630afd23c638160ad7840cfe347710d97"
+SRC_URI[sha256sum] = "463c38a08d2e4cef6c498b76ba5bd4858e4c6ef51da1a5a1f27139a022e20248"
PYPI_PACKAGE = "absl-py"
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-distro_1.7.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-distro_1.8.0.bb
similarity index 72%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-distro_1.7.0.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-distro_1.8.0.bb
index f069234..f7616e4 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-distro_1.7.0.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-distro_1.8.0.bb
@@ -5,9 +5,9 @@
PYPI_PACKAGE = "distro"
-SRC_URI[sha256sum] = "151aeccf60c216402932b52e40ee477a939f8d58898927378a02abbe852c1c39"
+SRC_URI[sha256sum] = "02e111d1dc6a50abb8eed6bf31c3e48ed8b0830d1ea2a1b78c61765c2513fdd8"
-inherit pypi setuptools3
+inherit pypi python_setuptools_build_meta
RDEPENDS:${PN} = "\
${PYTHON_PN}-core \
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-gevent_22.8.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-gevent_22.10.1.bb
similarity index 92%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-gevent_22.8.0.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-gevent_22.10.1.bb
index 96a0cb7..9319dad 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-gevent_22.8.0.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-gevent_22.10.1.bb
@@ -13,7 +13,7 @@
SRC_URI += "file://0001-_setuputils.py-Do-not-add-sys_inc_dir.patch"
-SRC_URI[sha256sum] = "868d500fe2b7f9750eadc07ada8ab32360c0e71976be2bf5919482f14a6477c7"
+SRC_URI[sha256sum] = "df3042349c9a4460eeaec8d0e56d737cb183eed055e75a6af9dbda94aaddaf4d"
inherit pypi setuptools3
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-core_2.10.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-core_2.10.2.bb
similarity index 87%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-core_2.10.1.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-core_2.10.2.bb
index c7ded90..b2e48cc 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-core_2.10.1.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-core_2.10.2.bb
@@ -6,7 +6,7 @@
inherit pypi setuptools3
-SRC_URI[sha256sum] = "e16c15a11789bc5a3457afb2818a3540a03f341e6e710d7f9bbf6cde2ef4a7c8"
+SRC_URI[sha256sum] = "10c06f7739fe57781f87523375e8e1a3a4674bf6392cd6131a3222182b971320"
RDEPENDS:${PN} += "\
${PYTHON_PN}-asyncio \
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-python-client_2.62.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-python-client_2.64.0.bb
similarity index 86%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-python-client_2.62.0.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-python-client_2.64.0.bb
index abceda8..af83c17 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-python-client_2.62.0.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-google-api-python-client_2.64.0.bb
@@ -4,7 +4,7 @@
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=86d3f3a95c324c9479bd8986968f4327"
-SRC_URI[sha256sum] = "8307b85f0b8f84252747326de50eda279220cc1a3966d6b82e94486618275637"
+SRC_URI[sha256sum] = "0dc4c967a5c795e981af01340f1bd22173a986534de968b5456cb208ed6775a6"
inherit pypi setuptools3
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-google-auth_2.11.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-google-auth_2.12.0.bb
similarity index 87%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-google-auth_2.11.1.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-google-auth_2.12.0.bb
index 747a57e..53c1d00 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-google-auth_2.11.1.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-google-auth_2.12.0.bb
@@ -6,7 +6,7 @@
inherit pypi setuptools3
-SRC_URI[sha256sum] = "516e6623038b81430dd062a1a25ecd24f173d7c15cdf4e48a9e78bc87e97aeec"
+SRC_URI[sha256sum] = "f12d86502ce0f2c0174e2e70ecc8d36c69593817e67e1d9c5e34489120422e4b"
RDEPENDS:${PN} += "\
${PYTHON_PN}-asyncio \
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-imageio_2.22.1.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-imageio_2.22.2.bb
similarity index 81%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-imageio_2.22.1.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-imageio_2.22.2.bb
index 9e187bb..272ec4b 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-imageio_2.22.1.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-imageio_2.22.2.bb
@@ -5,7 +5,7 @@
LICENSE = "BSD-2-Clause"
LIC_FILES_CHKSUM = "file://LICENSE;md5=24cb9a367a9e641b459a01c4d15256ba"
-SRC_URI[sha256sum] = "465ec35f919d538906d3023b61ccec766d8e7575fe55fcbd7669ece55afb97ca"
+SRC_URI[sha256sum] = "db7010cd10712518819a4187baf61b05988361ea20c23e829918727b27acb977"
inherit pypi setuptools3
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-pymodbus_2.5.3.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-pymodbus_3.0.0.bb
similarity index 90%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-pymodbus_2.5.3.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-pymodbus_3.0.0.bb
index 4656587..8292419 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-pymodbus_2.5.3.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-pymodbus_3.0.0.bb
@@ -4,7 +4,7 @@
LIC_FILES_CHKSUM = "file://LICENSE;md5=2c2223d66c7e674b40527b5a4c35bd76"
DEPENDS += "python3-six-native"
-SRC_URI[sha256sum] = "5ef68c1a109bdb467c830ef003ef2db6494349a5248e4af946fe21c9eefe7e74"
+SRC_URI[sha256sum] = "37c9b6f3e5c82f39ee42047ca48cbc9fd0c49a6731126789500191e9deea6cbc"
S = "${WORKDIR}/pymodbus-${PV}"
inherit pypi setuptools3
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-stevedore_4.0.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-stevedore_4.0.1.bb
similarity index 80%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-stevedore_4.0.0.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-stevedore_4.0.1.bb
index 46c6d83..70c43f3 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-stevedore_4.0.0.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-stevedore_4.0.1.bb
@@ -3,7 +3,7 @@
LICENSE = "Apache-2.0"
LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
-SRC_URI[sha256sum] = "f82cc99a1ff552310d19c379827c2c64dd9f85a38bcd5559db2470161867b786"
+SRC_URI[sha256sum] = "9a23111a6e612270c591fd31ff3321c6b5f3d5f3dabb1427317a5ab608fc261a"
DEPENDS += "${PYTHON_PN}-pbr-native"
diff --git a/meta-openembedded/meta-python/recipes-devtools/python/python3-zopeinterface_5.4.0.bb b/meta-openembedded/meta-python/recipes-devtools/python/python3-zopeinterface_5.5.0.bb
similarity index 89%
rename from meta-openembedded/meta-python/recipes-devtools/python/python3-zopeinterface_5.4.0.bb
rename to meta-openembedded/meta-python/recipes-devtools/python/python3-zopeinterface_5.5.0.bb
index b048c80..015ec0e 100644
--- a/meta-openembedded/meta-python/recipes-devtools/python/python3-zopeinterface_5.4.0.bb
+++ b/meta-openembedded/meta-python/recipes-devtools/python/python3-zopeinterface_5.5.0.bb
@@ -5,7 +5,7 @@
PYPI_PACKAGE = "zope.interface"
inherit pypi setuptools3
-SRC_URI[sha256sum] = "5dba5f530fec3f0988d83b78cc591b58c0b6eb8431a85edd1569a0539a8a5a0e"
+SRC_URI[sha256sum] = "700ebf9662cf8df70e2f0cb4988e078c53f65ee3eefd5c9d80cf988c4175c8e3"
PACKAGES =. "${PN}-test "
diff --git a/meta-openembedded/meta-python/recipes-extended/pywbem/python3-pywbem_1.4.1.bb b/meta-openembedded/meta-python/recipes-extended/pywbem/python3-pywbem_1.5.0.bb
similarity index 94%
rename from meta-openembedded/meta-python/recipes-extended/pywbem/python3-pywbem_1.4.1.bb
rename to meta-openembedded/meta-python/recipes-extended/pywbem/python3-pywbem_1.5.0.bb
index 210d643..d109fa4 100644
--- a/meta-openembedded/meta-python/recipes-extended/pywbem/python3-pywbem_1.4.1.bb
+++ b/meta-openembedded/meta-python/recipes-extended/pywbem/python3-pywbem_1.5.0.bb
@@ -16,7 +16,7 @@
LICENSE = "LGPL-2.1-only"
LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=fbc093901857fcd118f065f900982c24"
-SRC_URI[sha256sum] = "ad8bbbe4ab7e795722c0f27f2656c92fc673a7e06a14cd151a50f0306454d17e"
+SRC_URI[sha256sum] = "c5f7e458c2530c61358fbc6333be74faf366aace78eae33741431267adf32610"
inherit pypi setuptools3 update-alternatives
diff --git a/meta-openembedded/meta-xfce/recipes-xfce/xfce4-settings/xfce4-settings_4.16.2.bb b/meta-openembedded/meta-xfce/recipes-xfce/xfce4-settings/xfce4-settings_4.16.3.bb
similarity index 92%
rename from meta-openembedded/meta-xfce/recipes-xfce/xfce4-settings/xfce4-settings_4.16.2.bb
rename to meta-openembedded/meta-xfce/recipes-xfce/xfce4-settings/xfce4-settings_4.16.3.bb
index aa4265f..f283eda 100644
--- a/meta-openembedded/meta-xfce/recipes-xfce/xfce4-settings/xfce4-settings_4.16.2.bb
+++ b/meta-openembedded/meta-xfce/recipes-xfce/xfce4-settings/xfce4-settings_4.16.3.bb
@@ -9,7 +9,7 @@
REQUIRED_DISTRO_FEATURES = "x11"
SRC_URI += "file://0001-xsettings.xml-Set-default-themes.patch"
-SRC_URI[sha256sum] = "4dd7cb420860535e687f673c0b5c0274e0d2fb67181281d4b85be9197da03d7e"
+SRC_URI[sha256sum] = "f299e6d26d8e142c0b7edeb9b8917d6bd50bc8647254ea585069c68f2bab8e64"
EXTRA_OECONF += "--enable-maintainer-mode --disable-debug"
diff --git a/meta-raspberrypi/conf/machine/include/rpi-base.inc b/meta-raspberrypi/conf/machine/include/rpi-base.inc
index 3e057ed..ba3029f 100644
--- a/meta-raspberrypi/conf/machine/include/rpi-base.inc
+++ b/meta-raspberrypi/conf/machine/include/rpi-base.inc
@@ -119,6 +119,10 @@
# KERNEL_DEVICETREE.
alldtbs = d.getVar('KERNEL_DEVICETREE')
+ # DTBs may be built out of kernel with devicetree.bbclass
+ if not alldtbs:
+ return ''
+
def transform(dtb):
base = os.path.basename(dtb)
if dtb.endswith('dtbo') or base == 'overlay_map.dtb':
diff --git a/poky/documentation/dev-manual/common-tasks.rst b/poky/documentation/dev-manual/common-tasks.rst
index a4741c5..53e7686 100644
--- a/poky/documentation/dev-manual/common-tasks.rst
+++ b/poky/documentation/dev-manual/common-tasks.rst
@@ -973,7 +973,7 @@
:term:`Build Directory`.
To understand how these features work, the best reference is
-:ref:`meta/classes/image.bbclass <ref-classes-image>`.
+:ref:`meta/classes-recipe/image.bbclass <ref-classes-image>`.
This class lists out the available
:term:`IMAGE_FEATURES` of which most map to package groups while some, such
as ``debug-tweaks`` and ``read-only-rootfs``, resolve as general
@@ -2124,7 +2124,7 @@
sysroot is able to remain free from stale files.
A subset of the files installed by the :ref:`ref-tasks-install` task are
-used by the :ref:`ref-tasks-populate_sysroot` task as defined by the the
+used by the :ref:`ref-tasks-populate_sysroot` task as defined by the
:term:`SYSROOT_DIRS` variable to automatically populate the sysroot. It
is possible to modify the list of directories that populate the sysroot.
The following example shows how you could add the ``/opt`` directory to
@@ -3048,7 +3048,7 @@
your build directory.
- If you want to enable testing through the
- :ref:`testimage <ref-classes-testimage*>`
+ :ref:`testimage <ref-classes-testimage>`
class, which is optional, you need to have the following set in
your ``conf/local.conf`` file::
@@ -6889,7 +6889,7 @@
For more examples that show how to use ``do_split_packages``, see the
``connman.inc`` file in the ``meta/recipes-connectivity/connman/``
directory of the ``poky`` :ref:`source repository <overview-manual/development-environment:yocto project source repositories>`. You can
-also find examples in ``meta/classes/kernel.bbclass``.
+also find examples in ``meta/classes-recipe/kernel.bbclass``.
Following is a reference that shows ``do_split_packages`` mandatory and
optional arguments::
@@ -8893,7 +8893,7 @@
- *Manually running tests:* To manually run the tests, first globally
inherit the
- :ref:`testimage <ref-classes-testimage*>` class
+ :ref:`testimage <ref-classes-testimage>` class
by editing your ``local.conf`` file::
INHERIT += "testimage"
diff --git a/poky/documentation/dev-manual/start.rst b/poky/documentation/dev-manual/start.rst
index 499c3f8..6816ce5 100644
--- a/poky/documentation/dev-manual/start.rst
+++ b/poky/documentation/dev-manual/start.rst
@@ -497,8 +497,8 @@
launch your WSL distribution just like any other application.
6. *Optimize your WSLv2 storage often:* Due to the way storage is
- handled on WSLv2, the storage space used by the undelying Linux
- distribution is not reflected immedately, and since BitBake heavily
+ handled on WSLv2, the storage space used by the underlying Linux
+ distribution is not reflected immediately, and since BitBake heavily
uses storage, after several builds, you may be unaware you are
running out of space. WSLv2 uses a VHDX file for storage, this issue
can be easily avoided by manually optimizing this file often, this
diff --git a/poky/documentation/migration-guides/index.rst b/poky/documentation/migration-guides/index.rst
index 4597506..ce0ca8c 100644
--- a/poky/documentation/migration-guides/index.rst
+++ b/poky/documentation/migration-guides/index.rst
@@ -12,6 +12,7 @@
.. toctree::
migration-general
+ release-4.1
release-4.0
release-3.4
migration-3.3
diff --git a/poky/documentation/migration-guides/migration-1.5.rst b/poky/documentation/migration-guides/migration-1.5.rst
index 366fb00..1b78e99 100644
--- a/poky/documentation/migration-guides/migration-1.5.rst
+++ b/poky/documentation/migration-guides/migration-1.5.rst
@@ -240,7 +240,7 @@
-----------------------
A new automated image testing framework has been added through the
-:ref:`ref-classes-testimage*` classes. This
+:ref:`ref-classes-testimage` classes. This
framework replaces the older ``imagetest-qemu`` framework.
You can learn more about performing automated image tests in the
diff --git a/poky/documentation/migration-guides/migration-2.6.rst b/poky/documentation/migration-guides/migration-2.6.rst
index 32bb48b..b36eb19 100644
--- a/poky/documentation/migration-guides/migration-2.6.rst
+++ b/poky/documentation/migration-guides/migration-2.6.rst
@@ -319,7 +319,7 @@
practices now dictate that you use the
:term:`IMAGE_CLASSES` variable rather than the
:term:`INHERIT` variable when you inherit the
- :ref:`testimage <ref-classes-testimage*>` and
+ :ref:`testimage <ref-classes-testimage>` and
:ref:`testsdk <ref-classes-testsdk>` classes used for automatic
testing.
diff --git a/poky/documentation/migration-guides/migration-4.1.rst b/poky/documentation/migration-guides/migration-4.1.rst
new file mode 100644
index 0000000..bb8c6dd
--- /dev/null
+++ b/poky/documentation/migration-guides/migration-4.1.rst
@@ -0,0 +1,214 @@
+Release 4.1 (langdale)
+======================
+
+Migration notes for 4.1 (langdale)
+-----------------------------------
+
+This section provides migration information for moving to the Yocto
+Project 4.1 Release (codename "langdale") from the prior release.
+
+
+.. _migration-4.1-make-4.0:
+
+make 4.0 is now the minimum required make version
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+glibc now requires ``make`` 4.0 to build, thus it is now the version required to
+be installed on the build host. A new ``buildtools-make-tarball`` has been
+introduced to provide just make 4.0 for host distros without a current/working
+make 4.x version; if you also need other tools you can use the updated
+``buildtools-tarball``. For more information see
+:ref:`ref-manual/system-requirements:required packages for the build host`.
+
+
+.. _migration-4.1-complementary-deps:
+
+Complementary package installation ignores recommends
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+When installing complementary packages (e.g. ``-dev`` and ``-dbg`` packages when
+building an SDK, or if you have added ``dev-deps`` to :term:`IMAGE_FEATURES`),
+recommends (as defined by :term:`RRECOMMENDS`) are no longer installed.
+
+If you wish to double-check the contents of your images after this change, see
+:ref:`Checking Image / SDK Changes <migration-general-buildhistory>`. If needed
+you can explicitly install items by adding them to :term:`IMAGE_INSTALL` in
+image recipes or :term:`TOOLCHAIN_TARGET_TASK` for the SDK.
+
+
+.. _migration-4.1-dev-recommends:
+
+dev dependencies are now recommends
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The default for ``${PN}-dev`` package is now to use :term:`RRECOMMENDS` instead
+of :term:`RDEPENDS` to pull in the main package. This takes advantage of a
+change to complimentary package installation to not follow :term:`RRECOMMENDS`
+(as mentioned above) and for example means an SDK for an image with both openssh
+and dropbear components will now build successfully.
+
+
+.. _migration-4.1-dropbear-sftp:
+
+dropbear now recommends openssh-sftp-server
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+openssh has switched the scp client to use the sftp protocol instead of scp to
+move files. This means scp from Fedora 36 and other current distributions will
+no longer be able to move files to/from a system running dropbear with no sftp
+server installed.
+
+The sftp server from openssh is small (200kb uncompressed) and standalone, so
+adding it to the packagegroup seems to be the best way to preserve the
+functionality for user sanity. However, if you wish to avoid this dependency,
+you can either:
+
+ A. Use ``dropbear`` in :term:`IMAGE_INSTALL` instead of
+ ``packagegroup-core-ssh-dropbear`` (or ``ssh-server-dropbear`` in
+ :term:`IMAGE_FEATURES`), or
+ B. Add ``openssh-sftp-server`` to :term:`BAD_RECOMMENDATIONS`.
+
+
+.. _migration-4.1-classes-split:
+
+Classes now split by usage context
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+A split directory structure has now been set up for ``.bbclass`` files - classes
+that are intended to be inherited only by recipes (e.g. ``inherit`` in a recipe
+file, :term:`IMAGE_CLASSES` or :term:`KERNEL_CLASSES`) should be in a
+``classes-recipe`` subdirectory and classes that are intended to be inherited
+globally (e.g. via ``INHERIT +=``, :term:`PACKAGE_CLASSES`, :term:`USER_CLASSES`
+or :term:`INHERIT_DISTRO`) should be in ``classes-global``. Classes in the
+existing ``classes`` subdirectory will continue to work in any context as before.
+
+Other than knowing where to look when manually browsing the class files, this is
+not likely to require any changes to your configuration. However, if in your
+configuration you were using some classes in the incorrect context, you will now
+receive an error during parsing. For example, the following in ``local.conf`` will
+now cause an error::
+
+ INHERIT += "testimage"
+
+Since :ref:`testimage <ref-classes-testimage>` is a class intended solely to
+affect image recipes, this would be correctly specified as::
+
+ IMAGE_CLASSES += "testimage"
+
+
+.. _migration-4.1-local-file-error:
+
+Missing local files in SRC_URI now triggers an error
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+If a file referenced in :term:`SRC_URI` does not exist, in 4.1 this will trigger
+an error at parse time where previously this only triggered a warning. In the past
+you could ignore these warnings for example if you have multiple build
+configurations (e.g. for several different target machines) and there were recipes
+that you were not building in one of the configurations. If you have this scenario
+you will now need to conditionally add entries to :term:`SRC_URI` where they are
+valid, or use :term:`COMPATIBLE_MACHINE` / :term:`COMPATIBLE_HOST` to prevent the
+recipe from being available (and therefore avoid it being parsed) in configurations
+where the files aren't available.
+
+
+.. _migration-4.1-qa-checks:
+
+QA check changes
+~~~~~~~~~~~~~~~~
+
+- The :ref:`buildpaths <qa-check-buildpaths>` QA check is now enabled by default
+ in :term:`WARN_QA`, and thus any build system paths found in output files will
+ trigger a warning. If you see these warnings for your own recipes, for full
+ binary reproducibility you should make the necessary changes to the recipe build
+ to remove these paths. If you wish to disable the warning for a particular
+ recipe you can use :term:`INSANE_SKIP`, or for the entire build you can adjust
+ :term:`WARN_QA`. For more information, see the :ref:`buildpaths QA check
+ <qa-check-buildpaths>` section.
+
+- ``do_qa_staging`` now checks shebang length in all directories specified by
+ :term:`SYSROOT_DIRS`, since there is a maximum length defined in the kernel. For
+ native recipes which write scripts to the sysroot, if the shebang line in one of
+ these scripts is too long you will get an error. This can be skipped using
+ :term:`INSANE_SKIP` if necessary, but the best course of action is of course to
+ fix the script. There is now also a ``create_cmdline_shebang_wrapper`` function
+ that you can call e.g. from ``do_install`` (or ``do_install:append``) within a
+ recipe to create a wrapper to fix such scripts - see the ``libcheck`` recipe
+ for an example usage.
+
+
+
+Miscellaneous changes
+~~~~~~~~~~~~~~~~~~~~~
+
+- ``mount.blacklist`` has been renamed to ``mount.ignorelist`` in
+ ``udev-extraconf``. If you are customising this file via ``udev-extraconf`` then
+ you will need to update your ``udev-extraconf`` ``.bbappend`` as appropriate.
+- ``help2man-native`` has been removed from implicit sysroot dependencies. If a
+ recipe needs ``help2man-native`` it should now be explicitly added to
+ :term:`DEPENDS` within the recipe.
+- For images using systemd, the reboot watchdog timeout has been set to 60
+ seconds (from the upstream default of 10 minutes). If you wish to override this
+ you can set :term:`WATCHDOG_TIMEOUT` to the desired timeout in seconds. Note
+ that the same :term:`WATCHDOG_TIMEOUT` variable also specifies the timeout used
+ for the ``watchdog`` tool (if that is being built).
+- The :ref:`image-buildinfo <ref-classes-image-buildinfo>` class now writes to
+ ``${sysconfdir}/buildinfo`` instead of ``${sysconfdir}/build`` by default (i.e.
+ the default value of :term:`IMAGE_BUILDINFO_FILE` has been changed). If you have
+ code that reads this from images at build or runtime you will need to update it
+ or specify your own value for :term:`IMAGE_BUILDINFO_FILE`.
+- In the :ref:`archiver <ref-classes-archiver>` class, the default
+ ``ARCHIVER_OUTDIR`` value no longer includes the :term:`MACHINE` value in order
+ to avoid the archive task running multiple times in a multiconfig setup. If you
+ have custom code that does something with the files archived by the
+ :ref:`archiver <ref-classes-archiver>` class then you may need to adjust it to
+ the new structure.
+- If you are not using `systemd` then udev is now configured to use labels
+ (``LABEL`` or ``PARTLABEL``) to set the mount point for the device. For example::
+
+ /run/media/rootfs-sda2
+
+ instead of::
+
+ /run/media/sda2
+
+- ``icu`` no longer provides the ``icu-config`` configuration tool - upstream
+ have indicated ``icu-config`` is deprecated and should no longer be used. Code
+ with references to it will need to be updated, for example to use ``pkg-config``
+ instead.
+- The ``rng-tools`` systemd service name has changed from ``rngd`` to ``rng-tools``
+- The ``largefile`` :term:`DISTRO_FEATURES` item has been removed, large file
+ support is now always enabled where it was previously optional.
+- The Python ``zoneinfo`` module is now split out to its own ``python3-zoneinfo``
+ package.
+- The :term:`PACKAGECONFIG` option to enable wpa_supplicant in the ``connman``
+ recipe has been renamed to "wpa-supplicant". If you have set PACKAGECONFIG for
+ the ``connman`` recipe to include this option you will need to update
+ your configuration. Related to this, the :term:`WIRELESS_DAEMON` variable
+ now expects the new ``wpa-supplicant`` naming and affects ``packagegroup-base``
+ as well as ``connman``.
+- The ``wpa-supplicant`` recipe no longer uses a static (and stale) ``defconfig``
+ file, instead it uses the upstream version with appropriate edits for the
+ :term:`PACKAGECONFIG`. If you are customising this file you will need to
+ update your customisations.
+- With the introduction of picobuild in
+ :ref:`python_pep517 <ref-classes-python_pep517>`, The ``PEP517_BUILD_API``
+ variable is no longer supported. If you have any references to this variable
+ you should remove them.
+
+
+.. _migration-4.1-removed-recipes:
+
+Removed recipes
+~~~~~~~~~~~~~~~
+
+The following recipes have been removed in this release:
+
+- ``alsa-utils-scripts``: merged into alsa-utils
+- ``cargo-cross-canadian``: optimised out
+- ``lzop``: obsolete, unmaintained upstream
+- ``linux-yocto (5.10)``: 5.15 and 5.19 are currently provided
+- ``rust-cross``: optimised out
+- ``rust-crosssdk``: optimised out
+- ``rust-tools-cross-canadian``: optimised out
+- ``xf86-input-keyboard``: obsolete (replaced by libinput/evdev)
diff --git a/poky/documentation/migration-guides/migration-general.rst b/poky/documentation/migration-guides/migration-general.rst
index 9eecf69..0f0408e 100644
--- a/poky/documentation/migration-guides/migration-general.rst
+++ b/poky/documentation/migration-guides/migration-general.rst
@@ -70,3 +70,36 @@
bitbake-layers show-appends
+.. _migration-general-buildhistory:
+
+- *Checking Image / SDK Changes*:
+
+ The :ref:`buildhistory <ref-classes-buildhistory>` class can be used
+ if you wish to check the impact of changes to images / SDKs across
+ the migration (e.g. added/removed packages, added/removed files, size
+ changes etc.). To do this, follow these steps:
+
+ 1. Enable buildhistory before the migration
+
+ 2. Run a pre-migration build
+
+ 3. Capture the buildhistory output (as specified by :term:`BUILDHISTORY_DIR`)
+ and ensure it is preserved for subsequent builds. How you would do this
+ depends on how you are running your builds - if you are doing this all on
+ one workstation in the same build directory you may not need to do
+ anything other than not deleting the buildhistory output directory. For
+ builds in a pipeline it may be more complicated.
+
+ 4. Set a tag in the buildhistory output (which is a git repository) before
+ migration, to make the commit from the pre-migration build easy to find
+ as you may end up running multiple builds during the migration.
+
+ 5. Perform the migration
+
+ 6. Run a build
+
+ 7. Check the output changes between the previously set tag and HEAD in the
+ buildhistory output using ``git diff`` or ``buildhistory-diff``.
+
+ For more information on using buildhistory, see
+ :ref:`dev-manual/common-tasks:maintaining build output quality`.
diff --git a/poky/documentation/migration-guides/release-4.1.rst b/poky/documentation/migration-guides/release-4.1.rst
new file mode 100644
index 0000000..8ebf4a4
--- /dev/null
+++ b/poky/documentation/migration-guides/release-4.1.rst
@@ -0,0 +1,7 @@
+Release 4.1 (langdale)
+======================
+
+.. toctree::
+
+ migration-4.1
+ release-notes-4.1
diff --git a/poky/documentation/migration-guides/release-notes-3.4.2.rst b/poky/documentation/migration-guides/release-notes-3.4.2.rst
index 23c4093..2812b72 100644
--- a/poky/documentation/migration-guides/release-notes-3.4.2.rst
+++ b/poky/documentation/migration-guides/release-notes-3.4.2.rst
@@ -167,7 +167,7 @@
- Vyacheslav Yurkov
- Yongxin Liu
- pgowda
-- wangmy
+- Wang Mingyu
Repositories / Downloads for 3.4.2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/poky/documentation/migration-guides/release-notes-3.4.3.rst b/poky/documentation/migration-guides/release-notes-3.4.3.rst
index 5e118d9..2673abb 100644
--- a/poky/documentation/migration-guides/release-notes-3.4.3.rst
+++ b/poky/documentation/migration-guides/release-notes-3.4.3.rst
@@ -124,7 +124,7 @@
- Tean Cunningham
- Zoltán Böszörményi
- pgowda
-- wangmy
+- Wang Mingyu
Repositories / Downloads for 3.4.3
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/poky/documentation/migration-guides/release-notes-3.4.4.rst b/poky/documentation/migration-guides/release-notes-3.4.4.rst
index 91beba0..38e3965 100644
--- a/poky/documentation/migration-guides/release-notes-3.4.4.rst
+++ b/poky/documentation/migration-guides/release-notes-3.4.4.rst
@@ -81,8 +81,8 @@
- Richard Purdie
- Ross Burton
- Tim Orling
-- wangmy
-- zhengruoqin
+- Wang Mingyu
+- Zheng Ruoqin
Repositories / Downloads for 3.4.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/poky/documentation/migration-guides/release-notes-4.0.1.rst b/poky/documentation/migration-guides/release-notes-4.0.1.rst
index 81da6e5..e4bfd5b 100644
--- a/poky/documentation/migration-guides/release-notes-4.0.1.rst
+++ b/poky/documentation/migration-guides/release-notes-4.0.1.rst
@@ -174,8 +174,8 @@
- Ross Burton
- Russ Dill
- Steve Sakoman
-- wangmy
-- zhengruoqin
+- Wang Mingyu
+- Zheng Ruoqin
Repositories / Downloads for 4.0.1
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/poky/documentation/migration-guides/release-notes-4.0.2.rst b/poky/documentation/migration-guides/release-notes-4.0.2.rst
index cb10068..632af11 100644
--- a/poky/documentation/migration-guides/release-notes-4.0.2.rst
+++ b/poky/documentation/migration-guides/release-notes-4.0.2.rst
@@ -223,7 +223,7 @@
- Xiaobing Luo
- Yi Zhao
- leimaohui
-- wangmy
+- Wang Mingyu
Repositories / Downloads for Yocto-4.0.2
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/poky/documentation/migration-guides/release-notes-4.0.3.rst b/poky/documentation/migration-guides/release-notes-4.0.3.rst
index e2a212c..83e12a6 100644
--- a/poky/documentation/migration-guides/release-notes-4.0.3.rst
+++ b/poky/documentation/migration-guides/release-notes-4.0.3.rst
@@ -239,7 +239,7 @@
- Yue Tao
- gr embeter
- leimaohui
-- wangmy
+- Wang Mingyu
Repositories / Downloads for Yocto-4.0.3
diff --git a/poky/documentation/migration-guides/release-notes-4.0.4.rst b/poky/documentation/migration-guides/release-notes-4.0.4.rst
index 2623a1d..43f92ca 100644
--- a/poky/documentation/migration-guides/release-notes-4.0.4.rst
+++ b/poky/documentation/migration-guides/release-notes-4.0.4.rst
@@ -95,7 +95,7 @@
- linux-yocto/5.15: update genericx86* machines to v5.15.59
- linux-yocto/5.15: update to v5.15.62
- linux-yocto: Fix COMPATIBLE_MACHINE regex match
-- linux-yocto: prepend the the value with a space when append to KERNEL_EXTRA_ARGS
+- linux-yocto: prepend the value with a space when append to KERNEL_EXTRA_ARGS
- lttng-modules: fix 5.19+ build
- lttng-modules: fix build against mips and v5.19 kernel
- lttng-modules: fix build for kernel 5.10.137
@@ -226,7 +226,7 @@
- Yongxin Liu
- ghassaneben
- pgowda
-- wangmy
+- Wang Mingyu
Repositories / Downloads for Yocto-4.0.4
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/poky/documentation/migration-guides/release-notes-4.1.rst b/poky/documentation/migration-guides/release-notes-4.1.rst
new file mode 100644
index 0000000..a2d4b3d
--- /dev/null
+++ b/poky/documentation/migration-guides/release-notes-4.1.rst
@@ -0,0 +1,705 @@
+Release notes for 4.1 (langdale)
+---------------------------------
+
+
+New Features / Enhancements in 4.1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+- Linux kernel 5.19, glibc 2.36 and ~260 other recipe upgrades
+
+- ``make`` 4.0 is now the minimum make version required on the build host.
+ For host distros that do not provide it, this is included as part of the
+ ``buildtools-tarball``, and additionally a new ``buildtools-make-tarball``
+ has been introduced to provide this in particular for host distros with
+ a broken make 4.x version. For more details see
+ :ref:`ref-manual/system-requirements:required git, tar, python, make and gcc versions`.
+
+- New layer setup tooling:
+
+ - New ``scripts/oe-setup-layers`` standalone script to restore the layer
+ configuration from a json file
+ - New ``bitbake-layers create-layers-setup`` command to save the
+ layer configuration to a json file
+ - New ``bitbake-layers save-build-conf`` command to save the active build
+ configuration as a template into a layer
+
+- Rust-related enhancements:
+
+ - Support for building rust for the target
+ - Significant SDK toolchain build optimisation
+ - Support for building native components in the SDK
+ - Support ``crate://`` fetcher with :ref:`externalsrc <ref-classes-externalsrc>`
+
+- New core recipes:
+
+ - ``buildtools-make-tarball``
+ - ``icon-naming-utils`` (previously removed)
+ - ``musl-locales``
+ - ``python3-editables`` (originally in meta-python)
+ - ``python3-hatch-vcs``
+ - ``python3-hatchling`` (originally in meta-oe)
+ - ``python3-lxml`` (originally in meta-python)
+ - ``python3-pathspec`` (originally in meta-python)
+ - ``python3-picobuild``
+ - ``sato-icon-theme`` (previously removed)
+
+- CVE checking enhancements:
+
+ - New :term:`CVE_DB_UPDATE_INTERVAL` variable to allow specifying the CVE database minimum update interval (and default to once per day)
+ - Added JSON format to summary output
+ - Added support for Ignored CVEs
+ - Enable recursive CVE checking also for ``do_populate_sdk``
+ - New :term:`CVE_CHECK_SHOW_WARNINGS` variable to disable unpatched CVE warning messages
+ - The :ref:`pypi <ref-classes-pypi>` class now defaults :term:`CVE_PRODUCT` from :term:`PYPI_PACKAGE`
+ - Added current kernel CVEs to ignore list since we stay as close to the kernel stable releases as we can
+ - Optimisations to avoid dependencies on fetching
+
+- Complementary package installation (as used in SDKs and images) no longer installs recommended packages, in order to avoid conflicts
+- Dependency of -dev package on main package is now an :term:`RRECOMMENDS` and can be easily set via new :term:`DEV_PKG_DEPENDENCY` variable
+
+- Support for CPU, I/O and memory pressure regulation in BitBake
+- Pressure data gathering in ``buildstats`` and rendering in ``pybootchartgui``
+
+- New Picobuild system for lightweight Python PEP-517 build support in the :ref:`python_pep517 <ref-classes-python_pep517>` class
+
+- Many classes are now split into global and recipe contexts for better
+ validation. For more information, see
+ :ref:`Classes now split by usage context <migration-4.1-classes-split>`.
+
+- Architecture-specific enhancements:
+
+ - arch-armv8-4a.inc: add tune include for armv8.4a
+ - tune-neoversen2: support tune-neoversen2 base on armv9a
+ - riscv: Add tunes for rv64 without compressed instructions
+ - gnu-efi: enable for riscv64
+ - shadow-securetty: allow ttyS4 for amd-snowyowl-64
+
+- Kernel-related enhancements:
+
+ - linux-yocto/5.15: cfg/xen: Move x86 configs to separate file
+ - linux-yocto/5.15: Enabled MDIO bus config
+ - linux-yocto: Enable mdio for qemu
+ - linux-yocto/5.15: base: enable kernel crypto userspace API
+ - kern-tools: allow 'y' or 'm' to avoid config audit warnings
+ - kernel-yocto.bbclass: say what SRC_URI entry is being dropped
+ - kernel.bbclass: Do not overwrite recipe's custom postinst
+ - kmod: Enable xz support by default
+ - Run depmod(wrapper) against each compiled kernel when multiple kernels are enabled
+ - linux-yocto-tiny: enable qemuarmv5/qemuarm64
+
+- wic Image Creator enhancements:
+
+ - Added dependencies to support erofs
+ - Added ``fspassno`` parameter to partition to allow specifying the value of the last column (``fs_passno``) in ``/etc/fstab``.
+ - bootimg-efi: added support for loading devicetree files
+ - Added ``none`` fstype for custom image (for use in conjunction with ``rawcopy``)
+
+- SDK-related enhancements:
+
+ - :ref:`Support for using the regular build system as an SDK <sdk-manual/extensible:Setting up the Extensible SDK environment directly in a Yocto build>`
+ - :ref:`image-buildinfo <ref-classes-image-buildinfo>` class now also writes build information to SDKs
+ - New :term:`SDK_TOOLCHAIN_LANGS` variable to control support of rust / go in SDK
+ - rust-llvm: enabled nativesdk variant
+ - python3-pluggy: enabled for native/nativesdk
+
+- QEMU/runqemu enhancements:
+
+ - qemux86-64: Allow higher tunes
+ - runqemu: display host uptime when starting
+ - runqemu: add ``QB_KERNEL_CMDLINE`` that can be set to "none" to avoid overriding kernel command line specified in dtb
+
+- Image-related enhancements:
+
+ - New variable :term:`UBOOT_MKIMAGE_KERNEL_TYPE`
+ - New variable :term:`FIT_PAD_ALG` to control FIT image padding algorithm
+ - New :term:`KERNEL_DEPLOY_DEPEND` variable to allow disabling image dependency on deploying the kernel
+ - image_types: isolate the write of UBI configuration to a ``write_ubi_config`` function that can be easily overridden
+
+- openssh: add support for config snippet includes to ssh and sshd
+- :ref:`create-spdx <ref-classes-create-spdx>`: Add ``SPDX_PRETTY`` option
+- wpa-supplicant: build static library if not disabled via :term:`DISABLE_STATIC`
+- wpa-supplicant: package dynamic modules
+- openssl: extract legacy provider module to a separate package
+- linux-firmware: split out ath3k firmware
+- linux-firmware: add support for building snapshots
+- eudev: create static-nodes in init script
+- udev-extraconf: new :term:`MOUNT_BASE` variable allows configuring automount base directory
+- udev-extraconf/mount.sh: use partition labels in mountpoint paths
+- systemd: Set RebootWatchdogSec to 60s by default
+- systemd: systemd-systemctl: Support instance conf files during enable
+- weston.init: enable ``xwayland`` in weston.ini if ``x11`` is in :term:`DISTRO_FEATURES`
+- New ``npm_registry`` Python module to enable caching with nodejs 16+
+- :ref:`npm <ref-classes-npm>`: replaced ``npm pack`` call with ``tar czf`` for nodejs 16+ compatibility and improved ``do_configure`` performance
+- Enabled :ref:`bin_package <ref-classes-bin-package>` class to work properly in the native case
+- Enabled :ref:`buildpaths <qa-check-buildpaths>` QA check as a warning by default
+- New :term:`OVERLAYFS_ETC_EXPOSE_LOWER` to provide read-only access to the original ``/etc`` content with :ref:`overlayfs-etc <ref-classes-overlayfs-etc>`
+- New :term:`OVERLAYFS_QA_SKIP` variable to allow skipping check on :ref:`overlayfs <ref-classes-overlayfs>` mounts
+- New :term:`PACKAGECONFIG` options for individual recipes:
+
+ - apr: xsi-strerror
+ - btrfs-tools: lzo
+ - connman: iwd
+ - coreutils: openssl
+ - dropbear: enable-x11-forwarding
+ - eudev: blkid, kmod, rule-generator
+ - eudev: manpages, selinux
+ - flac: avx, ogg
+ - gnutls: fips
+ - gstreamer1.0-plugins-bad: avtp
+ - libsdl2: libusb
+ - llvm: optviewer
+ - mesa: vulkan, vulkan-beta, zink
+ - perf: bfd
+ - piglit: glx, opencl
+ - python3: editline
+ - qemu: bpf, brlapi, capstone, rdma, slirp, uring, vde
+ - rpm: readline
+ - ruby: capstone
+ - systemd: no-dns-fallback, sysext
+ - tiff: jbig
+
+- ptest enhancements in ``curl``, ``json-c``, ``libgcrypt``, ``libgpg-error``, ``libxml2``
+- ptest compile/install functions now use :term:`PARALLEL_MAKE` and :term:`PARALLEL_MAKEINST` in ptest for significant speedup
+- New :term:`TC_CXX_RUNTIME` variable to enable other layers to more easily control C++ runtime
+- Set :term:`BB_DEFAULT_UMASK` using ??= to make it easier to override
+- Set :term:`TCLIBC` and :term:`TCMODE` using ??= to make them easier to override
+- squashfs-tools: build with lzo support by default
+- insane.bbclass: make ``do_qa_staging`` check shebang length for native scripts in all :term:`SYSROOT_DIRS`
+- utils: Add ``create_cmdline_shebang_wrapper`` function to allow recipes to easily create a wrapper to fix long shebang lines
+- meson: provide relocation script and native/cross wrappers also for meson-native
+- meson.bbclass: add cython binary to cross/native toolchain config
+- New ``musl-locales`` recipe to provide a limited set of locale data for musl based systems
+- gobject-introspection: use ``OBJDUMP`` environment variable so that objdump tool can be picked up from the environment
+- The Python ``zoneinfo`` module is now split out to its own ``python3-zoneinfo`` package.
+- busybox: added devmem 128-bit support
+- vim: split xxd out into its own package
+- New :ref:`github-releases <ref-classes-github-releases>` class to consolidate version checks for github-based packages
+- ``devtool reset`` now preserves ``workspace/sources`` source trees in ``workspace/attic/sources/`` instead of leaving them in-place
+- scripts/patchreview: Add commit to stored json data
+- scripts/patchreview: Make json output human parsable
+- ``wpa-supplicant`` recipe now uses the upstream ``defconfig`` modified based upon :term:`PACKAGECONFIG` instead of a stale ``defconfig`` file
+- bitbake: build: prefix the tasks with a timestamp in the log.task_order
+- bitbake: fetch2/osc: Add support to query latest revision
+- bitbake: utils: Pass lock argument in fileslocked
+- bitbake: utils: Add enable_loopback_networking()
+
+
+Known Issues in 4.1
+~~~~~~~~~~~~~~~~~~~
+
+- The change to :ref:`migration-4.1-complementary-deps` means that images
+ built with the ``ptest-pkgs`` :term:`IMAGE_FEATURES` don’t automatically
+ install ``ptest-runner``, as that package is a recommendation of the
+ individual ``-ptest`` packages. This will be resolved in the next point
+ release, and can be worked around by explicitly installing ``ptest-runner``
+ into the image. Filed as :yocto_bugs:`bug 14928 </show_bug.cgi?id=14928>`.
+
+- There is a known issue with eSDKs where sstate objects may be missing,
+ resulting in packages being unavailable to install in the sysroot. This is due
+ to image generation optimisations having unintended consequences in eSDK
+ generation. This will be resolved in the next point release. Filed as
+ :yocto_bugs:`bug 14626 </show_bug.cgi?id=14626>`, which also details the fix.
+
+- The change to :ref:`migration-4.1-classes-split` inadvertently moved the
+ :ref:`externalsrc <ref-classes-externalsrc>` class to ``meta/classes-recipe``,
+ when it is not recipe-specific and can also be used in a global context. The
+ class will be moved back to ``meta/classes`` in the next point release. Filed
+ as :yocto_bugs:`bug 14940 </show_bug.cgi?id=14940>`.
+
+
+Recipe License changes in 4.1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+The following corrections have been made to the LICENSE values set by recipes:
+
+- alsa-state: add GPL-2.0-or-later because of alsa-state-init file
+- git: add GPL-2.0-or-later & BSD-3-Clause & MIT & BSL-1.0 & LGPL-2.1-or-later due to embedded code
+- libgcrypt: dropped GPLv3 license after upstream changes
+- linux-firmware: correct license for ar3k firmware (specific "ar3k" license)
+
+
+
+Security Fixes in 4.1
+~~~~~~~~~~~~~~~~~~~~~
+
+- bind: :cve:`2022-1183`, :cve:`2022-2795`, :cve:`2022-2881`, :cve:`2022-2906`, :cve:`2022-3080`, :cve:`2022-38178`
+- binutils: :cve:`2019-1010204`, :cve:`2022-38126`, :cve:`2022-38127`, :cve:`2022-38128`, :cve:`2022-38533`
+- busybox: :cve:`2022-30065`
+- connman: :cve:`2022-32292`, :cve:`2022-32293`
+- cups: :cve:`2022-26691`
+- e2fsprogs: :cve:`2022-1304`
+- expat: :cve:`2022-40674`
+- freetype: :cve:`2022-27404`
+- glibc: :cve:`2022-39046`
+- gnupg: :cve:`2022-34903`
+- grub2: :cve:`2021-3695`, :cve:`2021-3696`, :cve:`2021-3697`, :cve:`2022-28733`, :cve:`2022-28734`, :cve:`2022-28735`
+- inetutils: :cve:`2022-39028`
+- libtirpc: :cve:`2021-46828`
+- libxml2: :cve:`2016-3709 (ignored)`
+- libxslt: :cve:`2022-29824 (not applicable)`
+- linux-yocto/5.15: :cve:`2022-28796`
+- logrotate: :cve:`2022-1348`
+- lua: :cve:`2022-33099`
+- nasm: :cve:`2020-18974 (ignored)`
+- ncurses: :cve:`2022-29458`
+- openssl: :cve:`2022-1292`, :cve:`2022-1343`, :cve:`2022-1434`, :cve:`2022-1473`, :cve:`2022-2068`, :cve:`2022-2274`, :cve:`2022-2097`
+- python3: :cve:`2015-20107 (ignored)`
+- qemu: :cve:`2021-20255 (ignored)`, :cve:`2019-12067 (ignored)`, :cve:`2021-3507`, :cve:`2022-0216`, :cve:`2022-2962`, :cve:`2022-35414`
+- rpm: :cve:`2021-35937`, :cve:`2021-35938`, :cve:`2021-35939`
+- rsync: :cve:`2022-29154`
+- subversion: :cve:`2021-28544`, :cve:`2022-24070`
+- tiff: :cve:`2022-1210 (not applicable)`, :cve:`2022-1622`, :cve:`2022-1623 (invalid)`, :cve:`2022-2056`, :cve:`2022-2057`, :cve:`2022-2058`, :cve:`2022-2953`, :cve:`2022-34526`
+- unzip: :cve:`2022-0529`, :cve:`2022-0530`
+- vim: :cve:`2022-1381`, :cve:`2022-1420`, :cve:`2022-1621`, :cve:`2022-1629`, :cve:`2022-1674`, :cve:`2022-1733`, :cve:`2022-1735`, :cve:`2022-1769`, :cve:`2022-1771`, :cve:`2022-1785`, :cve:`2022-1796`, :cve:`2022-1927`, :cve:`2022-1942`, :cve:`2022-2257`, :cve:`2022-2264`, :cve:`2022-2284`, :cve:`2022-2285`, :cve:`2022-2286`, :cve:`2022-2287`, :cve:`2022-2816`, :cve:`2022-2817`, :cve:`2022-2819`, :cve:`2022-2845`, :cve:`2022-2849`, :cve:`2022-2862`, :cve:`2022-2874`, :cve:`2022-2889`, :cve:`2022-2980`, :cve:`2022-2946`, :cve:`2022-2982`, :cve:`2022-3099`, :cve:`2022-3134`, :cve:`2022-3234`, :cve:`2022-3278`
+- zlib: :cve:`2022-37434`
+
+
+
+
+
+Recipe Upgrades in 4.1
+~~~~~~~~~~~~~~~~~~~~~~
+
+- acpica 20211217 -> 20220331
+- adwaita-icon-theme 41.0 -> 42.0
+- alsa-lib 1.2.6.1 -> 1.2.7.2
+- alsa-plugins 1.2.6 -> 1.2.7.1
+- alsa-ucm-conf 1.2.6.3 -> 1.2.7.2
+- alsa-utils 1.2.6 -> 1.2.7
+- asciidoc 10.1.4 -> 10.2.0
+- at-spi2-core 2.42.0 -> 2.44.1
+- autoconf-archive 2022.02.11 -> 2022.09.03
+- base-passwd 3.5.29 -> 3.5.52
+- bind 9.18.5 -> 9.18.7
+- binutils 2.38 -> 2.39
+- boost 1.78.0 -> 1.80.0
+- boost-build-native 4.4.1 -> 1.80.0
+- btrfs-tools 5.16.2 -> 5.19.1
+- cargo 1.59.0 -> 1.63.0
+- ccache 4.6 -> 4.6.3
+- cmake 3.22.3 -> 3.24.0
+- cmake-native 3.22.3 -> 3.24.0
+- coreutils 9.0 -> 9.1
+- createrepo-c 0.19.0 -> 0.20.1
+- cross-localedef-native 2.35 -> 2.36
+- curl 7.82.0 -> 7.85.0
+- diffoscope 208 -> 221
+- dmidecode 3.3 -> 3.4
+- dnf 4.11.1 -> 4.14.0
+- dos2unix 7.4.2 -> 7.4.3
+- dpkg 1.21.4 -> 1.21.9
+- dropbear 2020.81 -> 2022.82
+- efibootmgr 17 -> 18
+- elfutils 0.186 -> 0.187
+- ell 0.50 -> 0.53
+- enchant2 2.3.2 -> 2.3.3
+- erofs-utils 1.4 -> 1.5
+- ethtool 5.16 -> 5.19
+- eudev 3.2.10 -> 3.2.11
+- ffmpeg 5.0.1 -> 5.1.1
+- file 5.41 -> 5.43
+- flac 1.3.4 -> 1.4.0
+- fontconfig 2.13.1 -> 2.14.0
+- freetype 2.11.1 -> 2.12.1
+- gcc 11.3.0 -> 12.2.0
+- gcompat 1.0.0+1.1+gitX (4d6a5156a6eb…) -> 1.0.0+1.1+gitX (c6921a1aa454…)
+- gdb 11.2 -> 12.1
+- ghostscript 9.55.0 -> 9.56.1
+- git 2.35.4 -> 2.37.3
+- glibc 2.35 -> 2.36
+- glslang 1.3.204.1 -> 1.3.216.0
+- gnu-config 20211108+gitX -> 20220525+gitX
+- gnu-efi 3.0.14 -> 3.0.15
+- gnutls 3.7.4 -> 3.7.7
+- go 1.17.13 -> 1.19
+- go-helloworld 0.1 (787a929d5a0d…) -> 0.1 (2e68773dfca0…)
+- gpgme 1.17.1 -> 1.18.0
+- gptfdisk 1.0.8 -> 1.0.9
+- harfbuzz 4.0.1 -> 5.1.0
+- hdparm 9.63 -> 9.64
+- help2man 1.49.1 -> 1.49.2
+- hwlatdetect 2.3 -> 2.4
+- icu 70.1 -> 71.1
+- inetutils 2.2 -> 2.3
+- init-system-helpers 1.62 -> 1.64
+- iproute2 5.17.0 -> 5.19.0
+- iptables 1.8.7 -> 1.8.8
+- iw 5.16 -> 5.19
+- json-c 0.15 -> 0.16
+- kbd 2.4.0 -> 2.5.1
+- kea 2.0.2 -> 2.2.0
+- kexec-tools 2.0.23 -> 2.0.25
+- kmod 29 -> 30
+- kmscube git (9f63f359fab1…) -> git (3bf6ee1a0233…)
+- less 600 -> 608
+- libaio 0.3.112 -> 0.3.113
+- libbsd 0.11.5 -> 0.11.6
+- libcap-ng 0.8.2 -> 0.8.3
+- libcap-ng-python 0.8.2 -> 0.8.3
+- libcgroup 2.0.2 -> 3.0.0
+- libcomps 0.1.18 -> 0.1.19
+- libdnf 0.66.0 -> 0.69.0
+- libdrm 2.4.110 -> 2.4.113
+- libevdev 1.12.1 -> 1.13.0
+- libfontenc 1.1.4 -> 1.1.6
+- libgcc 11.3.0 -> 12.2.0
+- libgcc-initial 11.3.0 -> 12.2.0
+- libgcrypt 1.9.4 -> 1.10.1
+- libgfortran 11.3.0 -> 12.2.0
+- libgit2 1.4.3 -> 1.5.0
+- libgpg-error 1.44 -> 1.45
+- libhandy 1.5.0 -> 1.6.3
+- libidn2 2.3.2 -> 2.3.3
+- libjitterentropy 3.4.0 -> 3.4.1
+- libmnl 1.0.4 -> 1.0.5
+- libnl 3.5.0 -> 3.7.0
+- libnotify 0.7.9 -> 0.8.1
+- libpipeline 1.5.5 -> 1.5.6
+- libproxy 0.4.17 -> 0.4.18
+- librepo 1.14.3 -> 1.14.5
+- librsvg 2.52.7 -> 2.54.5
+- libsdl2 2.0.20 -> 2.24.0
+- libseccomp 2.5.3 -> 2.5.4
+- libsndfile1 1.0.31 -> 1.1.0
+- libstd-rs 1.59.0 -> 1.63.0
+- libtirpc 1.3.2 -> 1.3.3
+- libubootenv 0.3.2 -> 0.3.3
+- libva 2.14.0 -> 2.15.0
+- libva-utils 2.14.0 -> 2.15.0
+- libx11 1.7.3.1 -> 1.8.1
+- libxau 1.0.9 -> 1.0.10
+- libxcb 1.14 -> 1.15
+- libxcursor 1.2.0 -> 1.2.1
+- libxcvt 0.1.1 -> 0.1.2
+- libxfont2 2.0.5 -> 2.0.6
+- libxvmc 1.0.12 -> 1.0.13
+- linux-libc-headers 5.16 -> 5.19
+- linux-yocto 5.10.143+gitX, 5.15.68+gitX -> 5.15.68+gitX, 5.19.9+gitX
+- linux-yocto-dev 5.18++gitX -> 5.19++gitX
+- linux-yocto-rt 5.10.143+gitX, 5.15.68+gitX -> 5.15.68+gitX, 5.19.9+gitX
+- linux-yocto-tiny 5.10.143+gitX, 5.15.68+gitX -> 5.15.68+gitX, 5.19.9+gitX
+- llvm 13.0.1 -> 14.0.6
+- lsof 4.94.0 -> 4.95.0
+- ltp 20220121 -> 20220527
+- lttng-tools 2.13.4 -> 2.13.8
+- lttng-ust 2.13.3 -> 2.13.4
+- mc 4.8.27 -> 4.8.28
+- mesa 22.0.3 -> 22.2.0
+- mesa-demos 8.4.0 -> 8.5.0
+- mesa-gl 22.0.3 -> 22.2.0
+- meson 0.61.3 -> 0.63.2
+- mmc-utils 0.1+gitX (b7e4d5a6ae99…) -> 0.1+gitX (d7b343fd2628…)
+- mpg123 1.29.3 -> 1.30.2
+- msmtp 1.8.20 -> 1.8.22
+- mtools 4.0.38 -> 4.0.40
+- musl 1.2.3+gitX (7a43f6fea908…) -> 1.2.3+gitX (37e18b7bf307…)
+- musl-obstack 1.1 -> 1.2
+- ncurses 6.3+20220423 (a0bc708bc695…) -> 6.3+20220423 (20db1fb41ec9…)
+- neard 0.16 -> 0.18
+- nettle 3.7.3 -> 3.8.1
+- nfs-utils 2.6.1 -> 2.6.2
+- nghttp2 1.47.0 -> 1.49.0
+- ninja 1.10.2 -> 1.11.1
+- numactl 2.0.14 -> 2.0.15
+- ofono 1.34 -> 2.0
+- opensbi 1.0 -> 1.1
+- openssh 8.9p1 -> 9.0p1
+- opkg 0.5.0 -> 0.6.0
+- ovmf edk2-stable202202 -> edk2-stable202205
+- pango 1.50.4 -> 1.50.9
+- parted 3.4 -> 3.5
+- patchelf 0.14.5 -> 0.15.0
+- pciutils 3.7.0 -> 3.8.0
+- perl 5.34.1 -> 5.36.0
+- perlcross 1.3.7 -> 1.4
+- piglit 1.0+gitrX (2f80c7cc9c02…) -> 1.0+gitrX (265896c86f90…)
+- pkgconf 1.8.0 -> 1.9.3
+- psmisc 23.4 -> 23.5
+- pulseaudio 15.0 -> 16.1
+- puzzles 0.0+gitX (c43a34fbfe43…) -> 0.0+gitX (8399cff6a3b9…)
+- python3 3.10.4 -> 3.10.6
+- python3-atomicwrites 1.4.0 -> 1.4.1
+- python3-attrs 21.4.0 -> 22.1.0
+- python3-babel 2.9.1 -> 2.10.3
+- python3-bcrypt 3.2.0 -> 3.2.2
+- python3-certifi 2021.10.8 -> 2022.9.14
+- python3-cffi 1.15.0 -> 1.15.1
+- python3-chardet 4.0.0 -> 5.0.0
+- python3-cryptography 36.0.2 -> 37.0.4
+- python3-cryptography-vectors 36.0.2 -> 37.0.4
+- python3-cython 0.29.28 -> 0.29.32
+- python3-dbusmock 0.27.3 -> 0.28.4
+- python3-docutils 0.18.1 -> 0.19
+- python3-dtschema 2022.1 -> 2022.8.3
+- python3-hypothesis 6.39.5 -> 6.54.5
+- python3-idna 3.3 -> 3.4
+- python3-imagesize 1.3.0 -> 1.4.1
+- python3-importlib-metadata 4.11.3 -> 4.12.0
+- python3-jinja2 3.1.1 -> 3.1.2
+- python3-jsonpointer 2.2 -> 2.3
+- python3-jsonschema 4.4.0 -> 4.9.1
+- python3-magic 0.4.25 -> 0.4.27
+- python3-mako 1.1.6 -> 1.2.2
+- python3-markdown 3.3.6 -> 3.4.1
+- python3-more-itertools 8.12.0 -> 8.14.0
+- python3-numpy 1.22.3 -> 1.23.3
+- python3-pbr 5.8.1 -> 5.10.0
+- python3-pip 22.0.3 -> 22.2.2
+- python3-psutil 5.9.0 -> 5.9.2
+- python3-pycryptodome 3.14.1 -> 3.15.0
+- python3-pycryptodomex 3.14.1 -> 3.15.0
+- python3-pyelftools 0.28 -> 0.29
+- python3-pygments 2.11.2 -> 2.13.0
+- python3-pygobject 3.42.0 -> 3.42.2
+- python3-pyparsing 3.0.7 -> 3.0.9
+- python3-pytest 7.1.1 -> 7.1.3
+- python3-pytest-subtests 0.7.0 -> 0.8.0
+- python3-pytz 2022.1 -> 2022.2.1
+- python3-requests 2.27.1 -> 2.28.1
+- python3-scons 4.3.0 -> 4.4.0
+- python3-semantic-version 2.9.0 -> 2.10.0
+- python3-setuptools 59.5.0 -> 65.0.2
+- python3-setuptools-scm 6.4.2 -> 7.0.5
+- python3-sphinx 4.4.0 -> 5.1.1
+- python3-sphinx-rtd-theme 0.5.0 -> 1.0.0
+- python3-typing-extensions 3.10.0.0 -> 4.3.0
+- python3-urllib3 1.26.9 -> 1.26.12
+- python3-webcolors 1.11.1 -> 1.12
+- python3-zipp 3.7.0 -> 3.8.1
+- qemu 6.2.0 -> 7.1.0
+- repo 2.22 -> 2.29.2
+- rpm 4.17.0 -> 4.18.0
+- rsync 3.2.3 -> 3.2.5
+- rt-tests 2.3 -> 2.4
+- rust 1.59.0 -> 1.63.0
+- rust-llvm 1.59.0 -> 1.63.0
+- sbc 1.5 -> 2.0
+- seatd 0.6.4 -> 0.7.0
+- shaderc 2022.1 -> 2022.2
+- shadow 4.11.1 -> 4.12.1
+- shared-mime-info 2.1 -> 2.2
+- slang 2.3.2 -> 2.3.3
+- speex 1.2.0 -> 1.2.1
+- speexdsp 1.2.0 -> 1.2.1
+- spirv-headers 1.3.204.1 -> 1.3.216.0
+- spirv-tools 1.3.204.1 -> 1.3.216.0
+- sqlite3 3.38.5 -> 3.39.3
+- squashfs-tools 4.5 -> 4.5.1
+- strace 5.16 -> 5.19
+- stress-ng 0.13.12 -> 0.14.03
+- sudo 1.9.10 -> 1.9.11p3
+- sysklogd 2.3.0 -> 2.4.4
+- sysstat 12.4.5 -> 12.6.0
+- systemd 250.5 -> 251.4
+- systemd-boot 250.5 -> 251.4
+- systemtap 4.6 -> 4.7
+- systemtap-native 4.6 -> 4.7
+- systemtap-uprobes 4.6 -> 4.7
+- sysvinit 3.01 -> 3.04
+- tiff 4.3.0 -> 4.4.0
+- tzcode-native 2022c -> 2022d
+- tzdata 2022c -> 2022d
+- u-boot 2022.01 -> 2022.07
+- u-boot-tools 2022.01 -> 2022.07
+- util-linux 2.37.4 -> 2.38.1
+- util-linux-libuuid 2.37.4 -> 2.38.1
+- valgrind 3.18.1 -> 3.19.0
+- vim 9.0.0541 -> 9.0.0598
+- vim-tiny 9.0.0541 -> 9.0.0598
+- virglrenderer 0.9.1 -> 0.10.3
+- vte 0.66.2 -> 0.68.0
+- vulkan-headers 1.3.204.1 -> 1.3.216.0
+- vulkan-loader 1.3.204.1 -> 1.3.216.0
+- vulkan-samples git (28ca2dad83ce…) -> git (74d45aace02d…)
+- vulkan-tools 1.3.204.1 -> 1.3.216.0
+- wayland 1.20.0 -> 1.21.0
+- wayland-protocols 1.25 -> 1.26
+- webkitgtk 2.36.5 -> 2.36.7
+- x264 r3039+gitX (5db6aa6cab1b…) -> r3039+gitX (baee400fa9ce…)
+- xauth 1.1.1 -> 1.1.2
+- xcb-proto 1.14.1 -> 1.15.2
+- xf86-video-cirrus 1.5.3 -> 1.6.0
+- xkeyboard-config 2.35.1 -> 2.36
+- xmlto 0.0.28 -> 0.0.28+0.0.29+gitX
+- xorgproto 2021.5 -> 2022.2
+- zlib 1.2.11 -> 1.2.12
+
+
+
+Contributors to 4.1
+~~~~~~~~~~~~~~~~~~~
+
+Thanks to the following people who contributed to this release:
+
+- Aatir Manzur
+- Ahmed Hossam
+- Alejandro Hernandez Samaniego
+- Alexander Kanavin
+- Alexandre Belloni
+- Alex Kiernan
+- Alex Stewart
+- Andrei Gherzan
+- Andrej Valek
+- Andrey Konovalov
+- Aníbal Limón
+- Anuj Mittal
+- Arkadiusz Drabczyk
+- Armin Kuster
+- Aryaman Gupta
+- Awais Belal
+- Beniamin Sandu
+- Bertrand Marquis
+- Bob Henz
+- Bruce Ashfield
+- Carlos Rafael Giani
+- Changhyeok Bae
+- Changqing Li
+- Chanho Park
+- Chen Qi
+- Christoph Lauer
+- Claudius Heine
+- Daiane Angolini
+- Daniel Gomez
+- Daniel McGregor
+- David Bagonyi
+- Davide Gardenal
+- Denys Dmytriyenko
+- Dmitry Baryshkov
+- Drew Moseley
+- Enrico Scholz
+- Ernst Sjöstrand
+- Etienne Cordonnier
+- Fabio Estevam
+- Federico Pellegrin
+- Felix Moessbauer
+- Ferry Toth
+- Florin Diaconescu
+- Gennaro Iorio
+- Grygorii Tertychnyi
+- Gunjan Gupta
+- Henning Schild
+- He Zhe
+- Hitendra Prajapati
+- Jack Mitchell
+- Jacob Kroon
+- Jan Kiszka
+- Jan Luebbe
+- Jan Vermaete
+- Jasper Orschulko
+- JeongBong Seo
+- Jeremy Puhlman
+- Jiaqing Zhao
+- Joerg Vehlow
+- Johan Korsnes
+- Johannes Schneider
+- John Edward Broadbent
+- Jon Mason
+- Jose Quaresma
+- Joshua Watt
+- Justin Bronder
+- Kai Kang
+- Kevin Hao
+- Khem Raj
+- Konrad Weihmann
+- Kory Maincent
+- Kristian Amlie
+- Lee Chee Yang
+- Lei Maohui
+- Leon Anavi
+- Luca Ceresoli
+- Lucas Stach
+- LUIS ENRIQUEZ
+- Marcel Ziswiler
+- Marius Kriegerowski
+- Mark Hatle
+- Markus Volk
+- Marta Rybczynska
+- Martin Beeger
+- Martin Jansa
+- Mateusz Marciniec
+- Mattias Jernberg
+- Matt Madison
+- Maxime Roussin-Bélanger
+- Michael Halstead
+- Michael Opdenacker
+- Mihai Lindner
+- Mikko Rapeli
+- Ming Liu
+- Mingli Yu
+- Muhammad Hamza
+- Naveen Saini
+- Neil Horman
+- Nick Potenski
+- Nicolas Dechesne
+- Niko Mauno
+- Ola x Nilsson
+- Otavio Salvador
+- Pascal Bach
+- Paul Eggleton
+- Paul Gortmaker
+- Paulo Neves
+- Pavel Zhukov
+- Peter Bergin
+- Peter Kjellerstedt
+- Peter Marko
+- Petr Vorel
+- Pgowda
+- Portia Stephens
+- Quentin Schulz
+- Rahul Kumar
+- Raju Kumar Pothuraju
+- Randy MacLeod
+- Raphael Teller
+- Rasmus Villemoes
+- Ricardo Salveti
+- Richard Purdie
+- Robert Joslyn
+- Robert Yang
+- Roland Hieber
+- Ross Burton
+- Rouven Czerwinski
+- Ruiqiang Hao
+- Russ Dill
+- Rusty Howell
+- Sakib Sajal
+- Samuli Piippo
+- Schmidt, Adriaan
+- Sean Anderson
+- Shruthi Ravichandran
+- Shubham Kulkarni
+- Simone Weiss
+- Sebastian Suesens
+- Stefan Herbrechtsmeier
+- Stefano Babic
+- Stefan Wiehler
+- Steve Sakoman
+- Sundeep KOKKONDA
+- Teoh Jay Shen
+- Thomas Epperson
+- Thomas Perrot
+- Thomas Roos
+- Tobias Schmidl
+- Tomasz Dziendzielski
+- Tom Hochstein
+- Tom Rini
+- Trevor Woerner
+- Ulrich Ölmann
+- Vyacheslav Yurkov
+- Wang Mingyu
+- William A. Kennington III
+- Xiaobing Luo
+- Xu Huan
+- Yang Xu
+- Yi Zhao
+- Yogesh Tyagi
+- Yongxin Liu
+- Yue Tao
+- Yulong (Kevin) Liu
+- Zach Welch
+- Zheng Ruoqin
+- Zoltán Böszörményi
+
+
+
+Repositories / Downloads for 4.1
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/poky/documentation/overview-manual/concepts.rst b/poky/documentation/overview-manual/concepts.rst
index 39b8713..75eb872 100644
--- a/poky/documentation/overview-manual/concepts.rst
+++ b/poky/documentation/overview-manual/concepts.rst
@@ -853,7 +853,7 @@
variables. For information on how this variable works within that
class, see the
:ref:`autotools <ref-classes-autotools>` class
- :yocto_git:`here </poky/tree/meta/classes/autotools.bbclass>`.
+ :yocto_git:`here </poky/tree/meta/classes-recipe/autotools.bbclass>`.
- *do_compile*: Once a configuration task has been satisfied,
BitBake compiles the source using the
@@ -931,7 +931,7 @@
files that go into each package in
:term:`PACKAGES`. If you want
details on how this is accomplished, you can look at
-:yocto_git:`package.bbclass </poky/tree/meta/classes/package.bbclass>`.
+:yocto_git:`package.bbclass </poky/tree/meta/classes-global/package.bbclass>`.
Depending on the type of packages being created (RPM, DEB, or IPK), the
:ref:`do_package_write_* <ref-tasks-package_write_deb>`
@@ -1014,7 +1014,7 @@
The manifest file (``.manifest``) resides in the same directory as the
root filesystem image. This file lists out, line-by-line, the installed
packages. The manifest file is useful for the
-:ref:`testimage <ref-classes-testimage*>` class,
+:ref:`testimage <ref-classes-testimage>` class,
for example, to determine whether or not to run specific tests. See the
:term:`IMAGE_MANIFEST`
variable for additional information.
@@ -1431,7 +1431,7 @@
:width: 100%
Most of the work occurs on the Build Host. This is the machine used to
-build images and generally work within the the Yocto Project
+build images and generally work within the Yocto Project
environment. When you run
:term:`BitBake` to create an image, the
OpenEmbedded build system uses the host ``gcc`` compiler to bootstrap a
diff --git a/poky/documentation/ref-manual/classes.rst b/poky/documentation/ref-manual/classes.rst
index 5e49613..cd5a516 100644
--- a/poky/documentation/ref-manual/classes.rst
+++ b/poky/documentation/ref-manual/classes.rst
@@ -13,8 +13,14 @@
Any :term:`Metadata` usually found in a recipe can also be
placed in a class file. Class files are identified by the extension
-``.bbclass`` and are usually placed in a ``classes/`` directory beneath
-the ``meta*/`` directory found in the :term:`Source Directory`.
+``.bbclass`` and are usually placed in one of a set of subdirectories
+beneath the ``meta*/`` directory found in the :term:`Source Directory`:
+
+ - ``classes-recipe/`` - classes intended to be inherited by recipes
+ individually
+ - ``classes-global/`` - classes intended to be inherited globally
+ - ``classes/`` - classes whose usage context is not clearly defined
+
Class files can also be pointed to by
:term:`BUILDDIR` (e.g. ``build/``) in the same way as
``.conf`` files in the ``conf`` directory. Class files are searched for
@@ -22,7 +28,7 @@
files are searched.
This chapter discusses only the most useful and important classes. Other
-classes do exist within the ``meta/classes`` directory in the Source
+classes do exist within the ``meta/classes*`` directories in the Source
Directory. You can reference the ``.bbclass`` files directly for more
information.
@@ -362,6 +368,14 @@
Both build methods inherit the ``cpan-base`` class for basic Perl
support.
+.. _ref-classes-create-spdx:
+
+``create-spdx.bbclass``
+=======================
+
+The ``create-spdx`` class provides support for automatically creating
+SPDX SBoM documents based upon image and SDK contents.
+
.. _ref-classes-cross:
``cross.bbclass``
@@ -659,6 +673,20 @@
recipes building software that use ``gettext`` should inherit this
class.
+.. _ref-classes-github-releases:
+
+``github-releases``
+===================
+
+For recipes that fetch release tarballs from github, the ``github-releases``
+class sets up a standard way for checking available upstream versions
+(to support ``devtool upgrade`` and the Automated Upgrade Helper (AUH)).
+
+To use it, add ``github-releases`` to the inherit line in the recipe,
+and if the default value of :term:`GITHUB_BASE_URI` is not suitable,
+then set your own value in the recipe. You should then use ``${GITHUB_BASE_URI}``
+in the value you set for :term:`SRC_URI` within the recipe.
+
.. _ref-classes-gnomebase:
``gnomebase.bbclass``
@@ -881,8 +909,22 @@
``image-buildinfo.bbclass``
===========================
-The ``image-buildinfo`` class writes information to the target
-filesystem on ``/etc/build``.
+The ``image-buildinfo`` class writes a plain text file containing
+build information to the target filesystem at ``${sysconfdir}/buildinfo``
+by default (as specified by :term:`IMAGE_BUILDINFO_FILE`.
+This can be useful for manually determining the origin of any given
+image. It writes out two sections:
+
+1. `Build Configuration`: a list of variables and their values (specified
+ by :term:`IMAGE_BUILDINFO_VARS`, which defaults to :term:`DISTRO` and
+ :term:`DISTRO_VERSION`)
+
+2. `Layer Revisions`: the revisions of all of the layers used in the
+ build.
+
+Additionally, when building an SDK it will write the same contents
+to ``/buildinfo`` by default (as specified by
+:term:`SDK_BUILDINFO_FILE`).
.. _ref-classes-image_types:
@@ -980,8 +1022,8 @@
software, like bootloaders, might need to bypass this check.
- ``buildpaths:`` Checks for paths to locations on the build host
- inside the output files. Currently, this test triggers too many false
- positives and thus is not normally enabled.
+ inside the output files. Not only can these leak information about
+ the build environment, they also hinder binary reproducibility.
- ``build-deps:`` Determines if a build-time dependency that is
specified through :term:`DEPENDS`, explicit
@@ -1293,7 +1335,7 @@
into a single FIT image. In theory, a FIT image can support any number
of kernels, U-boot scripts, Initramfs bundles, RAM disks and device-trees.
However, ``kernel-fitimage`` currently only supports
-limited usescases: just one kernel image, an optional U-boot script,
+limited usecases: just one kernel image, an optional U-boot script,
an optional Initramfs bundle, an optional RAM disk, and any number of
device tree.
@@ -1977,6 +2019,22 @@
native version of Perl built by the build system rather than using the
version provided by the build host.
+.. _ref-classes-pypi:
+
+``pypi.bbclass``
+================
+
+The ``pypi`` class sets variables appropriately for recipes that build
+Python modules from `PyPI <https://pypi.org/>`__, the Python Package Index.
+By default it determines the PyPI package name based upon :term:`BPN`
+(stripping the "python-" or "python3-" prefix off if present), however in
+some cases you may need to set it manually in the recipe by setting
+:term:`PYPI_PACKAGE`.
+
+Variables set by the ``pypi`` class include :term:`SRC_URI`, :term:`SECTION`,
+:term:`HOMEPAGE`, :term:`UPSTREAM_CHECK_URI`, :term:`UPSTREAM_CHECK_REGEX`
+and :term:`CVE_PRODUCT`.
+
.. _ref-classes-python_flit_core:
``python_flit_core.bbclass``
@@ -2724,33 +2782,32 @@
:ref:`devshell <ref-classes-devshell>` class all use the ``terminal``
class.
-.. _ref-classes-testimage*:
+.. _ref-classes-testimage:
-``testimage*.bbclass``
-======================
+``testimage.bbclass``
+=====================
-The ``testimage*`` classes support running automated tests against
+The ``testimage`` class supports running automated tests against
images using QEMU and on actual hardware. The classes handle loading the
tests and starting the image. To use the classes, you need to perform
steps to set up the environment.
-.. note::
+To enable this class, add the following to your configuration::
- Best practices include using :term:`IMAGE_CLASSES` rather than
- :term:`INHERIT` to inherit the ``testimage`` class for automated image
- testing.
+ IMAGE_CLASSES += "testimage"
The tests are commands that run on the target system over ``ssh``. Each
test is written in Python and makes use of the ``unittest`` module.
-The ``testimage.bbclass`` runs tests on an image when called using the
+The ``testimage`` class runs tests on an image when called using the
following::
$ bitbake -c testimage image
-The ``testimage-auto`` class
-runs tests on an image after the image is constructed (i.e.
-:term:`TESTIMAGE_AUTO` must be set to "1").
+Alternatively, if you wish to have tests automatically run for each image
+after it is built, you can set :term:`TESTIMAGE_AUTO`::
+
+ TESTIMAGE_AUTO = "1"
For information on how to enable, run, and create new tests, see the
":ref:`dev-manual/common-tasks:performing automated runtime testing`"
@@ -2892,7 +2949,7 @@
These variables list alternative commands needed by a package, provide
pathnames for links, default links for targets, and so forth. For
details on how to use this class, see the comments in the
-:yocto_git:`update-alternatives.bbclass </poky/tree/meta/classes/update-alternatives.bbclass>`
+:yocto_git:`update-alternatives.bbclass </poky/tree/meta/classes-recipe/update-alternatives.bbclass>`
file.
.. note::
diff --git a/poky/documentation/ref-manual/faq.rst b/poky/documentation/ref-manual/faq.rst
index af49d57..a570c40 100644
--- a/poky/documentation/ref-manual/faq.rst
+++ b/poky/documentation/ref-manual/faq.rst
@@ -4,9 +4,15 @@
FAQ
***
-**Q:** How does Poky differ from :oe_home:`OpenEmbedded <>`?
+.. contents::
-**A:** The term ``Poky`` refers to the specific reference build
+General questions
+=================
+
+How does Poky differ from OpenEmbedded?
+---------------------------------------
+
+The term ``Poky`` refers to the specific reference build
system that the Yocto Project provides. Poky is based on
:term:`OpenEmbedded-Core (OE-Core)` and :term:`BitBake`. Thus, the
generic term used here for the build system is the "OpenEmbedded build
@@ -15,19 +21,10 @@
first before being pulled back into Poky. This practice benefits both
projects immediately.
-**Q:** My development system does not meet the required Git, tar, and
-Python versions. In particular, I do not have Python &MIN_PYTHON_VERSION; or greater.
-Can I still use the Yocto Project?
+How can you claim Poky / OpenEmbedded-Core is stable?
+-----------------------------------------------------
-**A:** You can get the required tools on your host development system a
-couple different ways (i.e. building a tarball or downloading a
-tarball). See the
-":ref:`ref-manual/system-requirements:required git, tar, python, make and gcc versions`"
-section for steps on how to update your build tools.
-
-**Q:** How can you claim Poky / OpenEmbedded-Core is stable?
-
-**A:** There are three areas that help with stability;
+There are three areas that help with stability;
- The Yocto Project team keeps :term:`OpenEmbedded-Core (OE-Core)` small and
focused, containing around 830 recipes as opposed to the thousands
@@ -37,250 +34,33 @@
- The Yocto Project team runs manual and automated tests using a small,
fixed set of reference hardware as well as emulated targets.
-- The Yocto Project uses an autobuilder, which provides continuous
- build and integration tests.
+- The Yocto Project uses an :yocto_ab:`autobuilder <>`, which provides
+ continuous build and integration tests.
-**Q:** How do I get support for my board added to the Yocto Project?
+Are there any products built using the OpenEmbedded build system?
+-----------------------------------------------------------------
-**A:** Support for an additional board is added by creating a Board
-Support Package (BSP) layer for it. For more information on how to
-create a BSP layer, see the
-":ref:`dev-manual/common-tasks:understanding and creating layers`"
-section in the Yocto Project Development Tasks Manual and the
-:doc:`/bsp-guide/index`.
-
-Usually, if the board is not completely exotic, adding support in the
-Yocto Project is fairly straightforward.
-
-**Q:** Are there any products built using the OpenEmbedded build system?
-
-**A:** See :yocto_wiki:`Products that use the Yocto Project
+See :yocto_wiki:`Products that use the Yocto Project
</Project_Users#Products_that_use_the_Yocto_Project>` in the Yocto Project
Wiki. Don't hesitate to contribute to this page if you know other such
products.
-**Q:** What does the OpenEmbedded build system produce as output?
+Building environment
+====================
-**A:** Because you can use the same set of recipes to create output of
-various formats, the output of an OpenEmbedded build depends on how you
-start it. Usually, the output is a flashable image ready for the target
-device.
+Missing dependencies on the development system?
+-----------------------------------------------
-**Q:** How do I add my package to the Yocto Project?
+If your development system does not meet the required Git, tar, and
+Python versions, you can get the required tools on your host development
+system in different ways (i.e. building a tarball or downloading a
+tarball). See the ":ref:`ref-manual/system-requirements:required git, tar, python, make and gcc versions`"
+section for steps on how to update your build tools.
-**A:** To add a package, you need to create a BitBake recipe. For
-information on how to create a BitBake recipe, see the
-":ref:`dev-manual/common-tasks:writing a new recipe`"
-section in the Yocto Project Development Tasks Manual.
+How does OpenEmbedded fetch source code? Will it work through a firewall or proxy server?
+-----------------------------------------------------------------------------------------
-**Q:** Do I have to reflash my entire board with a new Yocto Project
-image when recompiling a package?
-
-**A:** The OpenEmbedded build system can build packages in various
-formats such as IPK for OPKG, Debian package (``.deb``), or RPM. You can
-then upgrade the packages using the package tools on the device, much
-like on a desktop distribution such as Ubuntu or Fedora. However,
-package management on the target is entirely optional.
-
-**Q:** I see the error
-'``chmod: XXXXX new permissions are r-xrwxrwx, not r-xr-xr-x``'. What is
-wrong?
-
-**A:** You are probably running the build on an NTFS filesystem. Use
-``ext2``, ``ext3``, or ``ext4`` instead.
-
-**Q:** I see lots of 404 responses for files when the OpenEmbedded build
-system is trying to download sources. Is something wrong?
-
-**A:** Nothing is wrong. The OpenEmbedded build system checks any
-configured source mirrors before downloading from the upstream sources.
-The build system does this searching for both source archives and
-pre-checked out versions of SCM-managed software. These checks help in
-large installations because it can reduce load on the SCM servers
-themselves. The address above is one of the default mirrors configured
-into the build system. Consequently, if an upstream source disappears,
-the team can place sources there so builds continue to work.
-
-**Q:** I have machine-specific data in a package for one machine only
-but the package is being marked as machine-specific in all cases, how do
-I prevent this?
-
-**A:** Set :term:`SRC_URI_OVERRIDES_PACKAGE_ARCH` = "0" in the ``.bb`` file
-but make sure the package is manually marked as machine-specific for the
-case that needs it. The code that handles
-:term:`SRC_URI_OVERRIDES_PACKAGE_ARCH` is in the
-``meta/classes/base.bbclass`` file.
-
-**Q:** I'm behind a firewall and need to use a proxy server. How do I do
-that?
-
-**A:** Most source fetching by the OpenEmbedded build system is done by
-``wget`` and you therefore need to specify the proxy settings in a
-``.wgetrc`` file, which can be in your home directory if you are a
-single user or can be in ``/usr/local/etc/wgetrc`` as a global user
-file.
-
-Following is the applicable code for setting various proxy types in the
-``.wgetrc`` file. By default, these settings are disabled with comments.
-To use them, remove the comments::
-
- # You can set the default proxies for Wget to use for http, https, and ftp.
- # They will override the value in the environment.
- #https_proxy = http://proxy.yoyodyne.com:18023/
- #http_proxy = http://proxy.yoyodyne.com:18023/
- #ftp_proxy = http://proxy.yoyodyne.com:18023/
-
- # If you do not want to use proxy at all, set this to off.
- #use_proxy = on
-
-The Yocto Project also includes a
-``meta-poky/conf/templates/default/site.conf.sample`` file that shows
-how to configure CVS and Git proxy servers if needed. For more
-information on setting up various proxy types and configuring proxy
-servers, see the
-":yocto_wiki:`Working Behind a Network Proxy </Working_Behind_a_Network_Proxy>`"
-Wiki page.
-
-**Q:** What's the difference between ``target`` and ``target-native``?
-
-**A:** The ``*-native`` targets are designed to run on the system being
-used for the build. These are usually tools that are needed to assist
-the build in some way such as ``quilt-native``, which is used to apply
-patches. The non-native version is the one that runs on the target
-device.
-
-**Q:** I'm seeing random build failures. Help?!
-
-**A:** If the same build is failing in totally different and random
-ways, the most likely explanation is:
-
-- The hardware you are running the build on has some problem.
-
-- You are running the build under virtualization, in which case the
- virtualization probably has bugs.
-
-The OpenEmbedded build system processes a massive amount of data that
-causes lots of network, disk and CPU activity and is sensitive to even
-single-bit failures in any of these areas. True random failures have
-always been traced back to hardware or virtualization issues.
-
-**Q:** When I try to build a native recipe, the build fails with
-``iconv.h`` problems.
-
-**A:** If you get an error message that indicates GNU ``libiconv`` is
-not in use but ``iconv.h`` has been included from ``libiconv``, you need
-to check to see if you have a previously installed version of the header
-file in ``/usr/local/include``.
-::
-
- #error GNU libiconv not in use but included iconv.h is from libiconv
-
-If you find a previously installed
-file, you should either uninstall it or temporarily rename it and try
-the build again.
-
-This issue is just a single manifestation of "system leakage" issues
-caused when the OpenEmbedded build system finds and uses previously
-installed files during a native build. This type of issue might not be
-limited to ``iconv.h``. Be sure that leakage cannot occur from
-``/usr/local/include`` and ``/opt`` locations.
-
-**Q:** What do we need to ship for license compliance?
-
-**A:** This is a difficult question and you need to consult your lawyer
-for the answer for your specific case. It is worth bearing in mind that
-for GPL compliance, there needs to be enough information shipped to
-allow someone else to rebuild and produce the same end result you are
-shipping. This means sharing the source code, any patches applied to it,
-and also any configuration information about how that package was
-configured and built.
-
-You can find more information on licensing in the
-":ref:`overview-manual/development-environment:licensing`"
-section in the Yocto
-Project Overview and Concepts Manual and also in the
-":ref:`dev-manual/common-tasks:maintaining open source license compliance during your product's lifecycle`"
-section in the Yocto Project Development Tasks Manual.
-
-**Q:** How do I disable the cursor on my touchscreen device?
-
-**A:** You need to create a form factor file as described in the
-":ref:`bsp-guide/bsp:miscellaneous bsp-specific recipe files`" section in
-the Yocto Project Board Support Packages (BSP) Developer's Guide. Set
-the ``HAVE_TOUCHSCREEN`` variable equal to one as follows::
-
- HAVE_TOUCHSCREEN=1
-
-**Q:** How do I make sure connected network interfaces are brought up by
-default?
-
-**A:** The default interfaces file provided by the netbase recipe does
-not automatically bring up network interfaces. Therefore, you will need
-to add a BSP-specific netbase that includes an interfaces file. See the
-":ref:`bsp-guide/bsp:miscellaneous bsp-specific recipe files`" section in
-the Yocto Project Board Support Packages (BSP) Developer's Guide for
-information on creating these types of miscellaneous recipe files.
-
-For example, add the following files to your layer::
-
- meta-MACHINE/recipes-bsp/netbase/netbase/MACHINE/interfaces
- meta-MACHINE/recipes-bsp/netbase/netbase_5.0.bbappend
-
-**Q:** How do I create images with more free space?
-
-**A:** By default, the OpenEmbedded build system creates images that are
-1.3 times the size of the populated root filesystem. To affect the image
-size, you need to set various configurations:
-
-- *Image Size:* The OpenEmbedded build system uses the
- :term:`IMAGE_ROOTFS_SIZE` variable to define
- the size of the image in Kbytes. The build system determines the size
- by taking into account the initial root filesystem size before any
- modifications such as requested size for the image and any requested
- additional free disk space to be added to the image.
-
-- *Overhead:* Use the
- :term:`IMAGE_OVERHEAD_FACTOR` variable
- to define the multiplier that the build system applies to the initial
- image size, which is 1.3 by default.
-
-- *Additional Free Space:* Use the
- :term:`IMAGE_ROOTFS_EXTRA_SPACE`
- variable to add additional free space to the image. The build system
- adds this space to the image after it determines its
- :term:`IMAGE_ROOTFS_SIZE`.
-
-**Q:** Why don't you support directories with spaces in the pathnames?
-
-**A:** The Yocto Project team has tried to do this before but too many
-of the tools the OpenEmbedded build system depends on, such as
-``autoconf``, break when they find spaces in pathnames. Until that
-situation changes, the team will not support spaces in pathnames.
-
-**Q:** How do I use an external toolchain?
-
-**A:** The toolchain configuration is very flexible and customizable. It
-is primarily controlled with the :term:`TCMODE` variable. This variable
-controls which ``tcmode-*.inc`` file to include from the
-``meta/conf/distro/include`` directory within the :term:`Source Directory`.
-
-The default value of :term:`TCMODE` is "default", which tells the
-OpenEmbedded build system to use its internally built toolchain (i.e.
-``tcmode-default.inc``). However, other patterns are accepted. In
-particular, "external-\*" refers to external toolchains. One example is
-the Sourcery G++ Toolchain. The support for this toolchain resides in
-the separate ``meta-sourcery`` layer at
-https://github.com/MentorEmbedded/meta-sourcery/.
-
-In addition to the toolchain configuration, you also need a
-corresponding toolchain recipe file. This recipe file needs to package
-up any pre-built objects in the toolchain such as ``libgcc``,
-``libstdcc++``, any locales, and ``libc``.
-
-**Q:** How does the OpenEmbedded build system obtain source code and
-will it work behind my firewall or proxy server?
-
-**A:** The way the build system obtains source code is highly
+The way the build system obtains source code is highly
configurable. You can setup the build system to get source code in most
environments if HTTP transport is available.
@@ -322,16 +102,15 @@
BB_FETCH_PREMIRRORONLY = "1"
-This statement
-limits the build system to pulling source from the :term:`PREMIRRORS` only.
-Again, this technique is useful for reproducing builds.
+This statement limits the build system to pulling source from the
+:term:`PREMIRRORS` only. Again, this technique is useful for reproducing
+builds.
Here is another technique::
BB_GENERATE_MIRROR_TARBALLS = "1"
-This
-statement tells the build system to generate mirror tarballs. This
+This statement tells the build system to generate mirror tarballs. This
technique is useful if you want to create a mirror server. If not,
however, the technique can simply waste time during the build.
@@ -350,9 +129,32 @@
over HTTP and any network accesses to anything other than the
:term:`PREMIRRORS` would fail.
-The build system also honors the standard shell environment variables
-``http_proxy``, ``ftp_proxy``, ``https_proxy``, and ``all_proxy`` to
-redirect requests through proxy servers.
+Most source fetching by the OpenEmbedded build system is done by
+``wget`` and you therefore need to specify the proxy settings in a
+``.wgetrc`` file, which can be in your home directory if you are a
+single user or can be in ``/usr/local/etc/wgetrc`` as a global user
+file.
+
+Following is the applicable code for setting various proxy types in the
+``.wgetrc`` file. By default, these settings are disabled with comments.
+To use them, remove the comments::
+
+ # You can set the default proxies for Wget to use for http, https, and ftp.
+ # They will override the value in the environment.
+ #https_proxy = http://proxy.yoyodyne.com:18023/
+ #http_proxy = http://proxy.yoyodyne.com:18023/
+ #ftp_proxy = http://proxy.yoyodyne.com:18023/
+
+ # If you do not want to use proxy at all, set this to off.
+ #use_proxy = on
+
+The build system also accepts ``http_proxy``, ``ftp_proxy``, ``https_proxy``,
+and ``all_proxy`` set as to standard shell environment variables to redirect
+requests through proxy servers.
+
+The Yocto Project also includes a
+``meta-poky/conf/templates/default/site.conf.sample`` file that shows
+how to configure CVS and Git proxy servers if needed.
.. note::
@@ -360,23 +162,199 @@
":yocto_wiki:`Working Behind a Network Proxy </Working_Behind_a_Network_Proxy>`"
Wiki page.
-**Q:** Can I get rid of build output so I can start over?
+Using the OpenEmbedded Build system
+===================================
-**A:** Yes --- you can easily do this. When you use BitBake to build an
+How do I use an external toolchain?
+-----------------------------------
+
+The toolchain configuration is very flexible and customizable. It
+is primarily controlled with the :term:`TCMODE` variable. This variable
+controls which ``tcmode-*.inc`` file to include from the
+``meta/conf/distro/include`` directory within the :term:`Source Directory`.
+
+The default value of :term:`TCMODE` is "default", which tells the
+OpenEmbedded build system to use its internally built toolchain (i.e.
+``tcmode-default.inc``). However, other patterns are accepted. In
+particular, "external-\*" refers to external toolchains. One example is
+the Sourcery G++ Toolchain. The support for this toolchain resides in
+the separate ``meta-sourcery`` layer at
+https://github.com/MentorEmbedded/meta-sourcery/.
+
+In addition to the toolchain configuration, you also need a
+corresponding toolchain recipe file. This recipe file needs to package
+up any pre-built objects in the toolchain such as ``libgcc``,
+``libstdcc++``, any locales, and ``libc``.
+
+Why do I get chmod permission issues?
+-------------------------------------
+
+If you see the error
+``chmod: XXXXX new permissions are r-xrwxrwx, not r-xr-xr-x``,
+you are probably running the build on an NTFS filesystem. Instead,
+run the build system on a partition with a modern Linux filesystem such as
+``ext4``, ``btrfs`` or ``xfs``.
+
+I see many 404 errors trying to download sources. Is anything wrong?
+--------------------------------------------------------------------
+
+Nothing is wrong. The OpenEmbedded build system checks any
+configured source mirrors before downloading from the upstream sources.
+The build system does this searching for both source archives and
+pre-checked out versions of SCM-managed software. These checks help in
+large installations because it can reduce load on the SCM servers
+themselves. This can also allow builds to continue to work if an
+upstream source disappears.
+
+Why do I get random build failures?
+-----------------------------------
+
+If the same build is failing in totally different and random
+ways, the most likely explanation is:
+
+- The hardware you are running the build on has some problem.
+
+- You are running the build under virtualization, in which case the
+ virtualization probably has bugs.
+
+The OpenEmbedded build system processes a massive amount of data that
+causes lots of network, disk and CPU activity and is sensitive to even
+single-bit failures in any of these areas. True random failures have
+always been traced back to hardware or virtualization issues.
+
+Why does the build fail with ``iconv.h`` problems?
+--------------------------------------------------
+
+When you try to build a native recipe, you may get an error message that
+indicates that GNU ``libiconv`` is not in use but ``iconv.h`` has been
+included from ``libiconv``::
+
+ #error GNU libiconv not in use but included iconv.h is from libiconv
+
+When this happens, you need to check whether you have a previously
+installed version of the header file in ``/usr/local/include/``.
+If that's the case, you should either uninstall it or temporarily rename
+it and try the build again.
+
+This issue is just a single manifestation of "system leakage" issues
+caused when the OpenEmbedded build system finds and uses previously
+installed files during a native build. This type of issue might not be
+limited to ``iconv.h``. Make sure that leakage cannot occur from
+``/usr/local/include`` and ``/opt`` locations.
+
+Why don't other recipes find the files provided by my ``*-native`` recipe?
+--------------------------------------------------------------------------
+
+Files provided by your native recipe could be missing from the native
+sysroot, your recipe could also be installing to the wrong place, or you
+could be getting permission errors during the :ref:`ref-tasks-install`
+task in your recipe.
+
+This situation happens when the build system used by a package does not
+recognize the environment variables supplied to it by :term:`BitBake`. The
+incident that prompted this FAQ entry involved a Makefile that used an
+environment variable named ``BINDIR`` instead of the more standard
+variable ``bindir``. The makefile's hardcoded default value of
+"/usr/bin" worked most of the time, but not for the recipe's ``-native``
+variant. For another example, permission errors might be caused by a
+Makefile that ignores ``DESTDIR`` or uses a different name for that
+environment variable. Check the build system of the package to see if
+these kinds of issues exist.
+
+Can I get rid of build output so I can start over?
+--------------------------------------------------
+
+Yes --- you can easily do this. When you use BitBake to build an
image, all the build output goes into the directory created when you run
-the build environment setup script (i.e.
-:ref:`structure-core-script`). By default, this :term:`Build Directory`
-is named ``build`` but can be named
+the build environment setup script (i.e. :ref:`structure-core-script`).
+By default, this :term:`Build Directory` is named ``build`` but can be named
anything you want.
Within the Build Directory, is the ``tmp`` directory. To remove all the
build output yet preserve any source code or downloaded files from
previous builds, simply remove the ``tmp`` directory.
-**Q:** Why do ``${bindir}`` and ``${libdir}`` have strange values for
-``-native`` recipes?
+Customizing generated images
+============================
-**A:** Executables and libraries might need to be used from a directory
+What does the OpenEmbedded build system produce as output?
+----------------------------------------------------------
+
+Because you can use the same set of recipes to create output of
+various formats, the output of an OpenEmbedded build depends on how you
+start it. Usually, the output is a flashable image ready for the target
+device.
+
+How do I make the Yocto Project support my board?
+-------------------------------------------------
+
+Support for an additional board is added by creating a Board
+Support Package (BSP) layer for it. For more information on how to
+create a BSP layer, see the
+":ref:`dev-manual/common-tasks:understanding and creating layers`"
+section in the Yocto Project Development Tasks Manual and the
+:doc:`/bsp-guide/index`.
+
+Usually, if the board is not completely exotic, adding support in the
+Yocto Project is fairly straightforward.
+
+How do I make the Yocto Project support my package?
+---------------------------------------------------
+
+To add a package, you need to create a BitBake recipe. For
+information on how to create a BitBake recipe, see the
+":ref:`dev-manual/common-tasks:writing a new recipe`"
+section in the Yocto Project Development Tasks Manual.
+
+What do I need to ship for license compliance?
+----------------------------------------------
+
+This is a difficult question and you need to consult your lawyer
+for the answer for your specific case. It is worth bearing in mind that
+for GPL compliance, there needs to be enough information shipped to
+allow someone else to rebuild and produce the same end result you are
+shipping. This means sharing the source code, any patches applied to it,
+and also any configuration information about how that package was
+configured and built.
+
+You can find more information on licensing in the
+":ref:`overview-manual/development-environment:licensing`"
+section in the Yocto Project Overview and Concepts Manual and also in the
+":ref:`dev-manual/common-tasks:maintaining open source license compliance during your product's lifecycle`"
+section in the Yocto Project Development Tasks Manual.
+
+Do I have to make a full reflash after recompiling one package?
+---------------------------------------------------------------
+
+The OpenEmbedded build system can build packages in various
+formats such as IPK for OPKG, Debian package (``.deb``), or RPM. You can
+then upgrade only the modified packages using the package tools on the device,
+much like on a desktop distribution such as Ubuntu or Fedora. However,
+package management on the target is entirely optional.
+
+How to prevent my package from being marked as machine specific?
+----------------------------------------------------------------
+
+If you have machine-specific data in a package for one machine only
+but the package is being marked as machine-specific in all cases,
+you can set :term:`SRC_URI_OVERRIDES_PACKAGE_ARCH` = "0" in the ``.bb`` file.
+However, but make sure the package is manually marked as machine-specific for the
+case that needs it. The code that handles :term:`SRC_URI_OVERRIDES_PACKAGE_ARCH`
+is in the ``meta/classes-global/base.bbclass`` file.
+
+What's the difference between ``target`` and ``target-native``?
+---------------------------------------------------------------
+
+The ``*-native`` targets are designed to run on the system being
+used for the build. These are usually tools that are needed to assist
+the build in some way such as ``quilt-native``, which is used to apply
+patches. The non-native version is the one that runs on the target
+device.
+
+Why do ``${bindir}`` and ``${libdir}`` have strange values for ``-native`` recipes?
+-----------------------------------------------------------------------------------
+
+Executables and libraries might need to be used from a directory
other than the directory into which they were initially installed.
Complicating this situation is the fact that sometimes these executables
and libraries are compiled with the expectation of being run from that
@@ -408,15 +386,9 @@
that program is never installed directly to the build machine's root
file system. Consequently, the build system uses paths within the Build
Directory for ``DESTDIR``, ``bindir`` and related variables. To better
-understand this, consider the following two paths where the first is
-relatively normal and the second is not:
-
-.. note::
-
- Due to these lengthy examples, the paths are artificially broken
- across lines for readability.
-
-::
+understand this, consider the following two paths (artificially broken
+across lines for readability) where the first is relatively normal and
+the second is not::
/home/maxtothemax/poky-bootchart2/build/tmp/work/i586-poky-linux/zlib/
1.2.8-r0/sysroot-destdir/usr/bin
@@ -425,32 +397,76 @@
zlib-native/1.2.8-r0/sysroot-destdir/home/maxtothemax/poky-bootchart2/
build/tmp/sysroots/x86_64-linux/usr/bin
-Even if the paths look unusual,
-they both are correct --- the first for a target and the second for a
-native recipe. These paths are a consequence of the ``DESTDIR``
-mechanism and while they appear strange, they are correct and in
-practice very effective.
+Even if the paths look unusual, they both are correct --- the first for
+a target and the second for a native recipe. These paths are a consequence
+of the ``DESTDIR`` mechanism and while they appear strange, they are correct
+and in practice very effective.
-**Q:** The files provided by my ``*-native`` recipe do not appear to be
-available to other recipes. Files are missing from the native sysroot,
-my recipe is installing to the wrong place, or I am getting permissions
-errors during the :ref:`ref-tasks-install` task in my recipe! What is wrong?
+How do I create images with more free space?
+--------------------------------------------
-**A:** This situation results when a build system does not recognize the
-environment variables supplied to it by :term:`BitBake`. The
-incident that prompted this FAQ entry involved a Makefile that used an
-environment variable named ``BINDIR`` instead of the more standard
-variable ``bindir``. The makefile's hardcoded default value of
-"/usr/bin" worked most of the time, but not for the recipe's ``-native``
-variant. For another example, permissions errors might be caused by a
-Makefile that ignores ``DESTDIR`` or uses a different name for that
-environment variable. Check the build system to see if these kinds
-of issues exist.
+By default, the OpenEmbedded build system creates images that are
+1.3 times the size of the populated root filesystem. To affect the image
+size, you need to set various configurations:
-**Q:** I'm adding a binary in a recipe but it's different in the image, what is
-changing it?
+- *Image Size:* The OpenEmbedded build system uses the
+ :term:`IMAGE_ROOTFS_SIZE` variable to define
+ the size of the image in Kbytes. The build system determines the size
+ by taking into account the initial root filesystem size before any
+ modifications such as requested size for the image and any requested
+ additional free disk space to be added to the image.
-**A:** The first most obvious change is the system stripping debug symbols from
-it. Setting :term:`INHIBIT_PACKAGE_STRIP` to stop debug symbols being stripped and/or
-:term:`INHIBIT_PACKAGE_DEBUG_SPLIT` to stop debug symbols being split into a separate
-file will ensure the binary is unchanged.
+- *Overhead:* Use the
+ :term:`IMAGE_OVERHEAD_FACTOR` variable
+ to define the multiplier that the build system applies to the initial
+ image size, which is 1.3 by default.
+
+- *Additional Free Space:* Use the
+ :term:`IMAGE_ROOTFS_EXTRA_SPACE`
+ variable to add additional free space to the image. The build system
+ adds this space to the image after it determines its
+ :term:`IMAGE_ROOTFS_SIZE`.
+
+Why aren't spaces in path names supported?
+------------------------------------------
+
+The Yocto Project team has tried to do this before but too many
+of the tools the OpenEmbedded build system depends on, such as
+``autoconf``, break when they find spaces in pathnames. Until that
+situation changes, the team will not support spaces in pathnames.
+
+I'm adding a binary in a recipe. Why is it different in the image?
+------------------------------------------------------------------
+
+The first most obvious change is the system stripping debug symbols from
+it. Setting :term:`INHIBIT_PACKAGE_STRIP` to stop debug symbols being
+stripped and/or :term:`INHIBIT_PACKAGE_DEBUG_SPLIT` to stop debug symbols
+being split into a separate file will ensure the binary is unchanged.
+
+Issues on the running system
+============================
+
+How do I disable the cursor on my touchscreen device?
+-----------------------------------------------------
+
+You need to create a form factor file as described in the
+":ref:`bsp-guide/bsp:miscellaneous bsp-specific recipe files`" section in
+the Yocto Project Board Support Packages (BSP) Developer's Guide. Set
+the ``HAVE_TOUCHSCREEN`` variable equal to one as follows::
+
+ HAVE_TOUCHSCREEN=1
+
+How to always bring up connected network interfaces?
+----------------------------------------------------
+
+The default interfaces file provided by the netbase recipe does
+not automatically bring up network interfaces. Therefore, you will need
+to add a BSP-specific netbase that includes an interfaces file. See the
+":ref:`bsp-guide/bsp:miscellaneous bsp-specific recipe files`" section in
+the Yocto Project Board Support Packages (BSP) Developer's Guide for
+information on creating these types of miscellaneous recipe files.
+
+For example, add the following files to your layer::
+
+ meta-MACHINE/recipes-bsp/netbase/netbase/MACHINE/interfaces
+ meta-MACHINE/recipes-bsp/netbase/netbase_5.0.bbappend
diff --git a/poky/documentation/ref-manual/features.rst b/poky/documentation/ref-manual/features.rst
index 5e853ca..a5b01e8 100644
--- a/poky/documentation/ref-manual/features.rst
+++ b/poky/documentation/ref-manual/features.rst
@@ -72,6 +72,8 @@
- *phone:* Mobile phone (voice) support
+- *qemu-usermode:* QEMU can support user-mode emulation for this machine
+
- *qvga:* Machine has a QVGA (320x240) display
- *rtc:* Machine has a Real-Time Clock
@@ -112,6 +114,13 @@
:term:`COMBINED_FEATURES` variable for more
information.
+.. note::
+
+ :term:`DISTRO_FEATURES` is normally independent of kernel configuration,
+ so if a feature specified in :term:`DISTRO_FEATURES` also relies on
+ support in the kernel, you will also need to ensure that support is
+ enabled in the kernel configuration.
+
This list only represents features as shipped with the Yocto Project
metadata, as extra layers can define their own:
@@ -143,6 +152,9 @@
- *ext2:* Include tools for supporting for devices with internal
HDD/Microdrive for storing files (instead of Flash only devices).
+- *gobject-introspection-data:* Include data to support
+ `GObject Introspection <https://gi.readthedocs.io/en/latest/>`__.
+
- *ipsec:* Include IPSec support.
- *ipv4:* Include IPv4 support.
@@ -152,29 +164,41 @@
- *keyboard:* Include keyboard support (e.g. keymaps will be loaded
during boot).
-- *largefile:* Enable building applications with
- `argefile support <https://en.wikipedia.org/wiki/Large-file_support>`__.
-
- *multiarch:* Enable building applications with multiple architecture
support.
+- *ld-is-gold:* Use the `gold <https://en.wikipedia.org/wiki/Gold_(linker)>`__
+ linker instead of the standard GCC linker (bfd).
+
- *ldconfig:* Include support for ldconfig and ``ld.so.conf`` on the
target.
+- *lto:* Enable `Link-Time Optimisation <https://gcc.gnu.org/wiki/LinkTimeOptimization>`__.
+
- *nfc:* Include support for
`Near Field Communication <https://en.wikipedia.org/wiki/Near-field_communication>`__.
- *nfs:* Include NFS client support (for mounting NFS exports on
device).
+- *nls:* Include National Language Support (NLS).
+
- *opengl:* Include the Open Graphics Library, which is a
cross-language, multi-platform application programming interface used
for rendering two and three-dimensional graphics.
+- *overlayfs:* Include `OverlayFS <https://docs.kernel.org/filesystems/overlayfs.html>`__
+ support.
+
+- *pam:* Include `Pluggable Authentication Module (PAM) <https://en.wikipedia.org/wiki/Pluggable_authentication_module>`__
+ support.
+
- *pci:* Include PCI bus support.
- *pcmcia:* Include PCMCIA/CompactFlash support.
+- *polkit:* Include `Polkit <https://en.wikipedia.org/wiki/Polkit>`__ support.
+
- *ppp:* Include PPP dialup support.
- *ptest:* Enables building the package tests where supported by
@@ -182,6 +206,13 @@
":ref:`dev-manual/common-tasks:testing packages with ptest`" section
in the Yocto Project Development Tasks Manual.
+- *pulseaudio:* Include support for
+ `PulseAudio <https://www.freedesktop.org/wiki/Software/PulseAudio/>`__.
+
+- *selinux:* Include support for
+ `Security-Enhanced Linux (SELinux) <https://en.wikipedia.org/wiki/Security-Enhanced_Linux>`__
+ (requires `meta-selinux <https://layers.openembedded.org/layerindex/layer/meta-selinux/>`__).
+
- *seccomp:* Enables building applications with
`seccomp <https://en.wikipedia.org/wiki/Seccomp>`__ support, to
allow them to strictly restrict the system calls that they are allowed
@@ -273,6 +304,9 @@
just disables the mechanism which forces an non-empty password for the
root user.
+- *lic-pkgs:* Installs license packages for all packages installed in a
+ given image.
+
- *overlayfs-etc:* Configures the ``/etc`` directory to be in ``overlayfs``.
This allows to store device specific information elsewhere, especially
if the root filesystem is configured to be read-only.
@@ -297,6 +331,18 @@
section in the Yocto Project Development Tasks Manual for more
information.
+- *read-only-rootfs-delayed-postinsts:* when specified in conjunction
+ with ``read-only-rootfs``, specifies that post-install scripts are
+ still permitted (this assumes that the root filesystem will be made
+ writeable for the first boot; this feature does not do anything to
+ ensure that - it just disables the check for post-install scripts.)
+
+- *serial-autologin-root:* when specified in conjunction with
+ ``empty-root-password`` will automatically login as root on the
+ serial console. This of course opens up a security hole if the
+ serial console is potentially accessible to an attacker, so use
+ with caution.
+
- *splash:* Enables showing a splash screen during boot. By default,
this screen is provided by ``psplash``, which does allow
customization. If you prefer to use an alternative splash screen
@@ -304,6 +350,11 @@
different package name (or names) within the image recipe or at the
distro configuration level.
+- *stateless-rootfs:*: specifies that the image should be created as
+ stateless - when using ``systemd``, ``systemctl-native`` will not
+ be run on the image, leaving the image for population at runtime by
+ systemd.
+
- *staticdev-pkgs:* Installs static development packages, which are
static libraries (i.e. ``*.a`` files), for all packages installed in
a given image.
@@ -322,6 +373,21 @@
- *ssh-server-dropbear:* Installs the Dropbear minimal SSH server.
+ .. note::
+
+ As of the 4.1 release, the ``ssh-server-dropbear`` feature also
+ recommends the ``openssh-sftp-server`` package, which by default
+ will be pulled into the image. This is because recent versions of
+ the OpenSSH ``scp`` client now use the SFTP protocol, and thus
+ require an SFTP server to be present to connect to. However, if
+ you wish to use the Dropbear ssh server `without` the SFTP server
+ installed, you can either remove ``ssh-server-dropbear`` from
+ ``IMAGE_FEATURES`` and add ``dropbear`` to :term:`IMAGE_INSTALL`
+ instead, or alternatively still use the feature but set
+ :term:`BAD_RECOMMENDATIONS` as follows::
+
+ BAD_RECOMMENDATIONS += "openssh-sftp-server"
+
- *ssh-server-openssh:* Installs the OpenSSH SSH server, which is more
full-featured than Dropbear. Note that if both the OpenSSH SSH server
and the Dropbear minimal SSH server are present in
@@ -339,6 +405,8 @@
- *tools-testapps:* Installs device testing tools (e.g. touchscreen
debugging).
+- *weston:* Installs Weston (reference Wayland environment).
+
- *x11:* Installs the X server.
- *x11-base:* Installs the X server with a minimal environment.
diff --git a/poky/documentation/ref-manual/qa-checks.rst b/poky/documentation/ref-manual/qa-checks.rst
index 9455bec..fb31dc1 100644
--- a/poky/documentation/ref-manual/qa-checks.rst
+++ b/poky/documentation/ref-manual/qa-checks.rst
@@ -748,6 +748,22 @@
other things in the patches, those can be discarded.
+.. _qa-check-buildpaths:
+
+- ``File <filename> in package <packagename> contains reference to TMPDIR [buildpaths]``
+
+ This check ensures that build system paths (including :term:`TMPDIR`) do not
+ appear in output files, which not only leaks build system configuration into
+ the target, but also hinders binary reproducibility as the output will change
+ if the build system configuration changes.
+
+ Typically these paths will enter the output through some mechanism in the
+ configuration or compilation of the software being built by the recipe. To
+ resolve this issue you will need to determine how the detected path is
+ entering the output. Sometimes it may require adjusting scripts or code to
+ use a relative path rather than an absolute one, or to pick up the path from
+ runtime configuration or environment variables.
+
Configuring and Disabling QA Checks
===================================
diff --git a/poky/documentation/ref-manual/release-process.rst b/poky/documentation/ref-manual/release-process.rst
index 8acb4b8..c36fa55 100644
--- a/poky/documentation/ref-manual/release-process.rst
+++ b/poky/documentation/ref-manual/release-process.rst
@@ -127,7 +127,7 @@
an ARM target, did the build produce ARM binaries. If, for example,
the build produced PPC binaries then there is a problem.
-- :ref:`ref-classes-testimage*`: This class
+- :ref:`ref-classes-testimage`: This class
performs runtime testing of images after they are built. The tests
are usually used with :doc:`QEMU </dev-manual/qemu>`
to boot the images and check the combined runtime result boot
diff --git a/poky/documentation/ref-manual/structure.rst b/poky/documentation/ref-manual/structure.rst
index 533745b..fe27d17 100644
--- a/poky/documentation/ref-manual/structure.rst
+++ b/poky/documentation/ref-manual/structure.rst
@@ -669,10 +669,10 @@
.. _structure-meta-classes:
-``meta/classes/``
------------------
+``meta/classes*/``
+------------------
-This directory contains the ``*.bbclass`` files. Class files are used to
+These directories contain the ``*.bbclass`` files. Class files are used to
abstract common code so it can be reused by multiple packages. Every
package inherits the :ref:`ref-classes-base` file. Examples of other important
classes are :ref:`ref-classes-autotools`, which in theory allows any
diff --git a/poky/documentation/ref-manual/tasks.rst b/poky/documentation/ref-manual/tasks.rst
index d4408d1..b17c09c 100644
--- a/poky/documentation/ref-manual/tasks.rst
+++ b/poky/documentation/ref-manual/tasks.rst
@@ -190,8 +190,8 @@
- The ``cp`` command with the ``--no-preserve=ownership`` option.
- The ``tar`` command with the ``--no-same-owner`` option. See the
- ``bin_package.bbclass`` file in the ``meta/classes`` directory of
- the :term:`Source Directory` for an example.
+ ``bin_package.bbclass`` file in the ``meta/classes-recipe``
+ subdirectory of the :term:`Source Directory` for an example.
.. _ref-tasks-install_ptest_base:
diff --git a/poky/documentation/ref-manual/variables.rst b/poky/documentation/ref-manual/variables.rst
index 1685a26..71e8c27 100644
--- a/poky/documentation/ref-manual/variables.rst
+++ b/poky/documentation/ref-manual/variables.rst
@@ -773,7 +773,7 @@
and `glob <https://docs.python.org/3/library/glob.html>`__.
For more information on how this variable works, see
- ``meta/classes/binconfig.bbclass`` in the :term:`Source Directory`.
+ ``meta/classes-recipe/binconfig.bbclass`` in the :term:`Source Directory`.
You can also find general
information on the class in the
":ref:`ref-classes-binconfig`" section.
@@ -920,10 +920,10 @@
and sdk). If you want to track changes to build history over time,
you should set this value to "1".
- By default, the :ref:`buildhistory <ref-classes-buildhistory>` class does not commit the build
- history output in a local Git repository::
+ By default, the :ref:`buildhistory <ref-classes-buildhistory>` class
+ enables committing the buildhistory output in a local Git repository::
- BUILDHISTORY_COMMIT ?= "0"
+ BUILDHISTORY_COMMIT ?= "1"
:term:`BUILDHISTORY_COMMIT_AUTHOR`
When inheriting the :ref:`buildhistory <ref-classes-buildhistory>`
@@ -1171,12 +1171,10 @@
packages for all the packages explicitly (or implicitly) installed in
an image.
- .. note::
-
- The :term:`COMPLEMENTARY_GLOB` variable uses Unix filename pattern matching
- (`fnmatch <https://docs.python.org/3/library/fnmatch.html#module-fnmatch>`__),
- which is similar to the Unix style pathname pattern expansion
- (`glob <https://docs.python.org/3/library/glob.html>`__).
+ The :term:`COMPLEMENTARY_GLOB` variable uses Unix filename pattern matching
+ (`fnmatch <https://docs.python.org/3/library/fnmatch.html#module-fnmatch>`__),
+ which is similar to the Unix style pathname pattern expansion
+ (`glob <https://docs.python.org/3/library/glob.html>`__).
The resulting list of complementary packages is associated with an
item that can be added to
@@ -1191,6 +1189,11 @@
COMPLEMENTARY_GLOB[dev-pkgs] = '*-dev'
+ .. note::
+
+ When installing complementary packages, recommends relationships
+ (set via :term:`RRECOMMENDS`) are always ignored.
+
:term:`COMPONENTS_DIR`
Stores sysroot components for each recipe. The OpenEmbedded build
system uses :term:`COMPONENTS_DIR` when constructing recipe-specific
@@ -1466,15 +1469,31 @@
# This is windows only issue.
CVE_CHECK_IGNORE += "CVE-2020-15523"
+ :term:`CVE_CHECK_SHOW_WARNINGS`
+ Specifies whether or not the :ref:`cve-check <ref-classes-cve-check>`
+ class should generate warning messages on the console when unpatched
+ CVEs are found. The default is "1", but you may wish to set it to "0" if
+ you are already examining/processing the logs after the build has
+ completed and thus do not need the warning messages.
+
:term:`CVE_CHECK_SKIP_RECIPE`
The list of package names (:term:`PN`) for which
CVEs (Common Vulnerabilities and Exposures) are ignored.
+ :term:`CVE_DB_UPDATE_INTERVAL`
+ Specifies the CVE database update interval in seconds, as used by
+ ``cve-update-db-native``. The default value is "86400" i.e. once a day
+ (24*60*60). If the value is set to "0" then the update will be forced
+ every time. Alternatively, a negative value e.g. "-1" will disable
+ updates entirely.
+
:term:`CVE_PRODUCT`
In a recipe, defines the name used to match the recipe name
against the name in the upstream `NIST CVE database <https://nvd.nist.gov/>`__.
- The default is ${:term:`BPN`}. If it does not match the name in the NIST CVE
+ The default is ${:term:`BPN`} (except for recipes that inherit the
+ :ref:`pypi <ref-classes-pypi>` class where it is set based upon
+ :term:`PYPI_PACKAGE`). If it does not match the name in the NIST CVE
database or matches with multiple entries in the database, the default
value needs to be changed.
@@ -1812,6 +1831,23 @@
:term:`DESCRIPTION` takes the value of the :term:`SUMMARY`
variable.
+ :term:`DEV_PKG_DEPENDENCY`
+ Provides an easy way for recipes to disable or adjust the runtime
+ dependency (:term:`RDEPENDS`) of the ``${PN}-dev`` package on the main
+ (``${PN}``) package, particularly where the main package may be empty.
+
+ :term:`DISABLE_STATIC`
+ Used in order to disable static linking by default (in order to save
+ space, since static libraries are often unused in embedded systems.)
+ The default value is " --disable-static", however it can be set to ""
+ in order to enable static linking if desired. Certain recipes do this
+ individually, and also there is a
+ ``meta/conf/distro/include/no-static-libs.inc`` include file that
+ disables static linking for a number of recipes. Some software
+ packages or build tools (such as CMake) have explicit support for
+ enabling / disabling static linking, and in those cases
+ :term:`DISABLE_STATIC` is not used.
+
:term:`DISTRO`
The short name of the distribution. For information on the long name
of the distribution, see the :term:`DISTRO_NAME`
@@ -2029,7 +2065,7 @@
available are xz and bz2.
For information on policies and on how to use this variable, see the
- comments in the ``meta/classes/compress_doc.bbclass`` file.
+ comments in the ``meta/classes-recipe/compress_doc.bbclass`` file.
:term:`EFI_PROVIDER`
When building bootable images (i.e. where ``hddimg``, ``iso``, or
@@ -2197,7 +2233,7 @@
variable tells the OpenEmbedded build system to prefer the installed
external tools. See the
:ref:`kernel-yocto <ref-classes-kernel-yocto>` class in
- ``meta/classes`` to see how the variable is used.
+ ``meta/classes-recipe`` to see how the variable is used.
:term:`EXTERNALSRC`
When inheriting the :ref:`externalsrc <ref-classes-externalsrc>`
@@ -2574,7 +2610,7 @@
:term:`SRC_URI` statements.
The default value for the :term:`FILESPATH` variable is defined in the
- :ref:`ref-classes-base` class found in ``meta/classes`` in the
+ :ref:`ref-classes-base` class found in ``meta/classes-global`` in the
:term:`Source Directory`::
FILESPATH = "${@base_set_filespath(["${FILE_DIRNAME}/${BP}", \
@@ -2687,6 +2723,10 @@
Specifies the signature algorithm used in creating the FIT Image.
For e.g. rsa2048.
+ :term:`FIT_PAD_ALG`
+ Specifies the padding algorithm used in creating the FIT Image.
+ The default value is "pkcs-1.5".
+
:term:`FIT_SIGN_INDIVIDUAL`
If set to "1", then the :ref:`kernel-fitimage <ref-classes-kernel-fitimage>`
class will sign the kernel, dtb and ramdisk images individually in addition
@@ -2756,6 +2796,13 @@
The directory in which a local copy of a Git repository is stored
when it is cloned.
+ :term:`GITHUB_BASE_URI`
+ When inheriting the :ref:`github-releases <ref-classes-github-releases>`
+ class, specifies the base URL for fetching releases for the github
+ project you wish to fetch sources from. The default value is as follows::
+
+ GITHUB_BASE_URI ?= "https://github.com/${BPN}/${BPN}/releases/"
+
:term:`GLIBC_GENERATE_LOCALES`
Specifies the list of GLIBC locales to generate should you not wish
to generate all LIBC locals, which can be time consuming.
@@ -3041,17 +3088,23 @@
material for Wic is located in the
":doc:`/ref-manual/kickstart`" chapter.
+ :term:`IMAGE_BUILDINFO_FILE`
+ When using the :ref:`image-buildinfo <ref-classes-image-buildinfo>` class,
+ specifies the file in the image to write the build information into. The
+ default value is "``${sysconfdir}/buildinfo``".
+
+ :term:`IMAGE_BUILDINFO_VARS`
+ When using the :ref:`image-buildinfo <ref-classes-image-buildinfo>` class,
+ specifies the list of variables to include in the `Build Configuration`
+ section of the output file (as a space-separated list). Defaults to
+ ":term:`DISTRO` :term:`DISTRO_VERSION`".
+
:term:`IMAGE_CLASSES`
- A list of classes that all images should inherit. You typically use
- this variable to specify the list of classes that register the
- different types of images the OpenEmbedded build system creates.
+ A list of classes that all images should inherit. This is typically used
+ to enable functionality across all image recipes.
- The default value for :term:`IMAGE_CLASSES` is ``image_types``. You can
- set this variable in your ``local.conf`` or in a distribution
- configuration file.
-
- For more information, see ``meta/classes/image_types.bbclass`` in the
- :term:`Source Directory`.
+ Classes specified in :term:`IMAGE_CLASSES` must be located in the
+ ``classes-recipe/`` or ``classes/`` subdirectories.
:term:`IMAGE_CMD`
Specifies the command to create the image file for a specific image
@@ -3067,7 +3120,7 @@
You typically do not need to set this variable unless you are adding
support for a new image type. For more examples on how to set this
variable, see the :ref:`image_types <ref-classes-image_types>`
- class file, which is ``meta/classes/image_types.bbclass``.
+ class file, which is ``meta/classes-recipe/image_types.bbclass``.
:term:`IMAGE_DEVICE_TABLES`
Specifies one or more files that contain custom device tables that
@@ -3463,7 +3516,7 @@
- wic.lzma
For more information about these types of images, see
- ``meta/classes/image_types*.bbclass`` in the :term:`Source Directory`.
+ ``meta/classes-recipe/image_types*.bbclass`` in the :term:`Source Directory`.
:term:`IMAGE_VERSION_SUFFIX`
Version suffix that is part of the default :term:`IMAGE_NAME` and
@@ -3546,7 +3599,7 @@
Although you can use other settings, you might be required to
- remove dependencies on or provide alternatives to components that
+ remove dependencies on (or provide alternatives to) components that
are required to produce a functional system image.
:term:`INCOMPATIBLE_LICENSE_EXCEPTIONS`
@@ -3562,6 +3615,8 @@
functions in the class or classes are not executed for the base
configuration and in each individual recipe. The OpenEmbedded build
system ignores changes to :term:`INHERIT` in individual recipes.
+ Classes inherited using :term:`INHERIT` must be located in the
+ ``classes-global/`` or ``classes/`` subdirectories.
For more information on :term:`INHERIT`, see the
:ref:`bitbake:bitbake-user-manual/bitbake-user-manual-metadata:\`\`inherit\`\` configuration directive`"
@@ -3571,6 +3626,9 @@
Lists classes that will be inherited at the distribution level. It is
unlikely that you want to edit this variable.
+ Classes specified in :term:`INHERIT_DISTRO` must be located in the
+ ``classes-global/`` or ``classes/`` subdirectories.
+
The default value of the variable is set as follows in the
``meta/conf/distro/defaultsetup.conf`` file::
@@ -3786,7 +3844,7 @@
:term:`INITRAMFS_LINK_NAME`
The link name of the initial RAM filesystem image. This variable is
- set in the ``meta/classes/kernel-artifact-names.bbclass`` file as
+ set in the ``meta/classes-recipe/kernel-artifact-names.bbclass`` file as
follows::
INITRAMFS_LINK_NAME ?= "initramfs-${KERNEL_ARTIFACT_LINK_NAME}"
@@ -3812,7 +3870,7 @@
:term:`INITRAMFS_NAME`
The base name of the initial RAM filesystem image. This variable is
- set in the ``meta/classes/kernel-artifact-names.bbclass`` file as
+ set in the ``meta/classes-recipe/kernel-artifact-names.bbclass`` file as
follows::
INITRAMFS_NAME ?= "initramfs-${KERNEL_ARTIFACT_NAME}"
@@ -4022,7 +4080,7 @@
variable.
The value of :term:`KERNEL_ARTIFACT_NAME`, which is set in the
- ``meta/classes/kernel-artifact-names.bbclass`` file, has the
+ ``meta/classes-recipe/kernel-artifact-names.bbclass`` file, has the
following default value::
KERNEL_ARTIFACT_NAME ?= "${PKGE}-${PKGV}-${PKGR}-${MACHINE}${IMAGE_VERSION_SUFFIX}"
@@ -4035,7 +4093,7 @@
:ref:`kernel <ref-classes-kernel>` class should inherit. You
typically append this variable to enable extended image types. An
example is the "kernel-fitimage", which enables fitImage support and
- resides in ``meta/classes/kernel-fitimage.bbclass``. You can register
+ resides in ``meta/classes-recipe/kernel-fitimage.bbclass``. You can register
custom kernel image types with the :ref:`kernel <ref-classes-kernel>` class using this
variable.
@@ -4044,6 +4102,12 @@
the kernel. The default is "0" to disable this for reproducibility
reasons.
+ :term:`KERNEL_DEPLOY_DEPEND`
+ Provides a means of controlling the dependency of an image recipe
+ on the kernel. The default value is "virtual/kernel:do_deploy",
+ however for a small initramfs image or other images that do not
+ need the kernel, this can be set to "" in the image recipe.
+
:term:`KERNEL_DEVICETREE`
Specifies the name of the generated Linux kernel device tree (i.e.
the ``.dtb``) file.
@@ -4059,7 +4123,7 @@
:term:`KERNEL_DTB_LINK_NAME`
The link name of the kernel device tree binary (DTB). This variable
- is set in the ``meta/classes/kernel-artifact-names.bbclass`` file as
+ is set in the ``meta/classes-recipe/kernel-artifact-names.bbclass`` file as
follows::
KERNEL_DTB_LINK_NAME ?= "${KERNEL_ARTIFACT_LINK_NAME}"
@@ -4075,7 +4139,7 @@
:term:`KERNEL_DTB_NAME`
The base name of the kernel device tree binary (DTB). This variable
- is set in the ``meta/classes/kernel-artifact-names.bbclass`` file as
+ is set in the ``meta/classes-recipe/kernel-artifact-names.bbclass`` file as
follows::
KERNEL_DTB_NAME ?= "${KERNEL_ARTIFACT_NAME}"
@@ -4126,7 +4190,7 @@
:term:`KERNEL_FIT_LINK_NAME`
The link name of the kernel flattened image tree (FIT) image. This
- variable is set in the ``meta/classes/kernel-artifact-names.bbclass``
+ variable is set in the ``meta/classes-recipe/kernel-artifact-names.bbclass``
file as follows::
KERNEL_FIT_LINK_NAME ?= "${KERNEL_ARTIFACT_LINK_NAME}"
@@ -4142,7 +4206,7 @@
:term:`KERNEL_FIT_NAME`
The base name of the kernel flattened image tree (FIT) image. This
- variable is set in the ``meta/classes/kernel-artifact-names.bbclass``
+ variable is set in the ``meta/classes-recipe/kernel-artifact-names.bbclass``
file as follows::
KERNEL_FIT_NAME ?= "${KERNEL_ARTIFACT_NAME}"
@@ -4154,7 +4218,7 @@
:term:`KERNEL_IMAGE_LINK_NAME`
The link name for the kernel image. This variable is set in the
- ``meta/classes/kernel-artifact-names.bbclass`` file as follows::
+ ``meta/classes-recipe/kernel-artifact-names.bbclass`` file as follows::
KERNEL_IMAGE_LINK_NAME ?= "${KERNEL_ARTIFACT_LINK_NAME}"
@@ -4182,7 +4246,7 @@
:term:`KERNEL_IMAGE_NAME`
The base name of the kernel image. This variable is set in the
- ``meta/classes/kernel-artifact-names.bbclass`` file as follows::
+ ``meta/classes-recipe/kernel-artifact-names.bbclass`` file as follows::
KERNEL_IMAGE_NAME ?= "${KERNEL_ARTIFACT_NAME}"
@@ -4917,7 +4981,7 @@
:term:`MODULE_TARBALL_LINK_NAME`
The link name of the kernel module tarball. This variable is set in
- the ``meta/classes/kernel-artifact-names.bbclass`` file as follows::
+ the ``meta/classes-recipe/kernel-artifact-names.bbclass`` file as follows::
MODULE_TARBALL_LINK_NAME ?= "${KERNEL_ARTIFACT_LINK_NAME}"
@@ -4931,7 +4995,7 @@
:term:`MODULE_TARBALL_NAME`
The base name of the kernel module tarball. This variable is set in
- the ``meta/classes/kernel-artifact-names.bbclass`` file as follows::
+ the ``meta/classes-recipe/kernel-artifact-names.bbclass`` file as follows::
MODULE_TARBALL_NAME ?= "${KERNEL_ARTIFACT_NAME}"
@@ -4940,6 +5004,11 @@
KERNEL_ARTIFACT_NAME ?= "${PKGE}-${PKGV}-${PKGR}-${MACHINE}${IMAGE_VERSION_SUFFIX}"
+ :term:`MOUNT_BASE`
+ On non-systemd systems (where ``udev-extraconf`` is being used),
+ specifies the base directory for auto-mounting filesystems. The
+ default value is "/run/media".
+
:term:`MULTIMACH_TARGET_SYS`
Uniquely identifies the type of the target system for which packages
are being built. This variable allows output for different types of
@@ -5061,7 +5130,7 @@
``sysroots/`` directory so that all builds that use the script will
use the correct directories for the cross compiling layout.
- See the ``meta/classes/binconfig.bbclass`` in the
+ See the ``meta/classes-recipe/binconfig.bbclass`` in the
:term:`Source Directory` for details on how this class
applies these additional sed command arguments.
@@ -5118,6 +5187,87 @@
default by setting the variable in a custom distribution
configuration file.
+ :term:`OVERLAYFS_ETC_DEVICE`
+ When the :ref:`overlayfs-etc <ref-classes-overlayfs-etc>` class is
+ inherited, specifies the device to be mounted for the read/write
+ layer of ``/etc``. There is no default, so you must set this if you
+ wish to enable :ref:`overlayfs-etc <ref-classes-overlayfs-etc>`, for
+ example, assuming ``/dev/mmcblk0p2`` was the desired device::
+
+ OVERLAYFS_ETC_DEVICE = "/dev/mmcblk0p2"
+
+ :term:`OVERLAYFS_ETC_EXPOSE_LOWER`
+ When the :ref:`overlayfs-etc <ref-classes-overlayfs-etc>` class is
+ inherited, if set to "1" then a read-only access to the original
+ ``/etc`` content will be provided as a ``lower/`` subdirectory of
+ :term:`OVERLAYFS_ETC_MOUNT_POINT`. The default value is "0".
+
+ :term:`OVERLAYFS_ETC_FSTYPE`
+ When the :ref:`overlayfs-etc <ref-classes-overlayfs-etc>` class is
+ inherited, specifies the file system type for the read/write
+ layer of ``/etc``. There is no default, so you must set this if you
+ wish to enable :ref:`overlayfs-etc <ref-classes-overlayfs-etc>`,
+ for example, assuming the file system is ext4::
+
+ OVERLAYFS_ETC_FSTYPE = "ext4"
+
+ :term:`OVERLAYFS_ETC_MOUNT_OPTIONS`
+ When the :ref:`overlayfs-etc <ref-classes-overlayfs-etc>` class is
+ inherited, specifies the mount options for the read-write layer.
+ The default value is "defaults".
+
+ :term:`OVERLAYFS_ETC_MOUNT_POINT`
+ When the :ref:`overlayfs-etc <ref-classes-overlayfs-etc>` class is
+ inherited, specifies the parent mount path for the filesystem layers.
+ There is no default, so you must set this if you wish to enable
+ :ref:`overlayfs-etc <ref-classes-overlayfs-etc>`, for example if
+ the desired path is "/data"::
+
+ OVERLAYFS_ETC_MOUNT_POINT = "/data"
+
+ :term:`OVERLAYFS_ETC_USE_ORIG_INIT_NAME`
+ When the :ref:`overlayfs-etc <ref-classes-overlayfs-etc>` class is
+ inherited, controls how the generated init will be named. For more
+ information, see the :ref:`overlayfs-etc <ref-classes-overlayfs-etc>`
+ class documentation. The default value is "1".
+
+ :term:`OVERLAYFS_MOUNT_POINT`
+ When inheriting the :ref:`overlayfs <ref-classes-overlayfs>` class,
+ specifies mount point(s) to be used. For example::
+
+ OVERLAYFS_MOUNT_POINT[data] = "/data"
+
+ The assumes you have a ``data.mount`` systemd unit defined elsewhere
+ in your BSP (e.g. in ``systemd-machine-units`` recipe) and it is
+ installed into the image. For more information see
+ :ref:`overlayfs <ref-classes-overlayfs>`.
+
+ .. note::
+
+ Although the :ref:`overlayfs <ref-classes-overlayfs>` class is
+ inherited by individual recipes, :term:`OVERLAYFS_MOUNT_POINT`
+ should be set in your machine configuration.
+
+ :term:`OVERLAYFS_QA_SKIP`
+ When inheriting the :ref:`overlayfs <ref-classes-overlayfs>` class,
+ provides the ability to disable QA checks for particular overlayfs
+ mounts. For example::
+
+ OVERLAYFS_QA_SKIP[data] = "mount-configured"
+
+ .. note::
+
+ Although the :ref:`overlayfs <ref-classes-overlayfs>` class is
+ inherited by individual recipes, :term:`OVERLAYFS_QA_SKIP`
+ should be set in your machine configuration.
+
+ :term:`OVERLAYFS_WRITABLE_PATHS`
+ When inheriting the :ref:`overlayfs <ref-classes-overlayfs>` class,
+ specifies writable paths used at runtime for the recipe. For
+ example::
+
+ OVERLAYFS_WRITABLE_PATHS[data] = "/usr/share/my-custom-application"
+
:term:`OVERRIDES`
A colon-separated list of overrides that currently apply. Overrides
are a BitBake mechanism that allows variables to be selectively
@@ -6142,6 +6292,14 @@
:term:`PV` is the default value of the :term:`PKGV` variable.
+ :term:`PYPI_PACKAGE`
+ When inheriting the :ref:`pypi <ref-classes-pypi>` class, specifies the
+ `PyPI <https://pypi.org/>`__ package name to be built. The default value
+ is set based upon :term:`BPN` (stripping any "python-" or "python3-"
+ prefix off if present), however for some packages it will need to be set
+ explicitly if that will not match the package name (e.g. where the
+ package name has a prefix, underscores, uppercase letters etc.)
+
:term:`PYTHON_ABI`
When used by recipes that inherit the
:ref:`setuptools3 <ref-classes-setuptools3>` class, denotes the
@@ -6615,6 +6773,11 @@
The target architecture for the SDK. Typically, you do not directly
set this variable. Instead, use :term:`SDKMACHINE`.
+ :term:`SDK_BUILDINFO_FILE`
+ When using the :ref:`image-buildinfo <ref-classes-image-buildinfo>` class,
+ specifies the file in the SDK to write the build information into. The
+ default value is "``/buildinfo``".
+
:term:`SDK_CUSTOM_TEMPLATECONF`
When building the extensible SDK, if :term:`SDK_CUSTOM_TEMPLATECONF` is set to
"1" and a ``conf/templateconf.cfg`` file exists in the build directory
@@ -6814,6 +6977,10 @@
section in the Yocto Project Application Development and the
Extensible Software Development Kit (eSDK) manual.
+ :term:`SDK_TOOLCHAIN_LANGS`
+ Specifies programming languages to support in the SDK, as a
+ space-separated list. Currently supported items are ``rust`` and ``go``.
+
:term:`SDK_UPDATE_URL`
An optional URL for an update server for the extensible SDK. If set,
the value is used as the default update server when running
@@ -8217,7 +8384,7 @@
on enabling, running, and writing these tests, see the
":ref:`dev-manual/common-tasks:performing automated runtime testing`"
section in the Yocto Project Development Tasks Manual and the
- ":ref:`ref-classes-testimage*`" section.
+ ":ref:`ref-classes-testimage`" section.
:term:`THISDIR`
The directory in which the file BitBake is currently parsing is
@@ -8529,6 +8696,10 @@
If :term:`UBOOT_MKIMAGE_DTCOPTS` is not set then kernel-fitimage will not
pass the ``-D`` option to mkimage.
+ :term:`UBOOT_MKIMAGE_KERNEL_TYPE`
+ Specifies the type argument for the kernel as passed to ``uboot-mkimage``.
+ The default value is "kernel".
+
:term:`UBOOT_MKIMAGE_SIGN`
Specifies the name of the mkimage command as used by the
:ref:`kernel-fitimage <ref-classes-kernel-fitimage>` class to sign
@@ -8696,6 +8867,9 @@
A list of classes to globally inherit. These classes are used by the
OpenEmbedded build system to enable extra features.
+ Classes inherited using :term:`USER_CLASSES` must be located in the
+ ``classes-global/`` or ``classes/`` subdirectories.
+
The default list is set in your ``local.conf`` file::
USER_CLASSES ?= "buildstats"
@@ -8844,6 +9018,15 @@
can control with this variable, see the
":ref:`ref-classes-insane`" section.
+ :term:`WATCHDOG_TIMEOUT`
+ Specifies the timeout in seconds used by the ``watchdog`` recipe and
+ also by ``systemd`` during reboot. The default is 60 seconds.
+
+ :term:`WIRELESS_DAEMON`
+ For ``connman`` and ``packagegroup-base``, specifies the wireless
+ daemon to use. The default is "wpa-supplicant" (note that the value
+ uses a dash and not an underscore).
+
:term:`WKS_FILE`
Specifies the location of the Wic kickstart file that is used by the
OpenEmbedded build system to create a partitioned image
diff --git a/poky/documentation/sdk-manual/extensible.rst b/poky/documentation/sdk-manual/extensible.rst
index 09b7169..3e3fa6c 100644
--- a/poky/documentation/sdk-manual/extensible.rst
+++ b/poky/documentation/sdk-manual/extensible.rst
@@ -71,7 +71,7 @@
$ bitbake meta-ide-support
$ bitbake -c populate_sysroot gtk+3
(or any other target or native item that the application developer would need)
- $ bitbake populate-sysroots
+ $ bitbake build-sysroots
Setting up the Extensible SDK from a standalone installer
@@ -1274,7 +1274,7 @@
can simply be executed directly:
$ bitbake mesa
- $ bitbake populate-sysroots
+ $ bitbake build-sysroots
When using a standalone installer for the Extensible SDK
--------------------------------------------------------
diff --git a/poky/documentation/test-manual/intro.rst b/poky/documentation/test-manual/intro.rst
index 6421dd5..36958d0 100644
--- a/poky/documentation/test-manual/intro.rst
+++ b/poky/documentation/test-manual/intro.rst
@@ -132,8 +132,8 @@
$ bitbake image -c testimage
- The tests utilize the :ref:`testimage* <ref-classes-testimage*>`
- classes and the :ref:`ref-tasks-testimage` task.
+ The tests utilize the :ref:`testimage <ref-classes-testimage>`
+ class and the :ref:`ref-tasks-testimage` task.
- *Layer Testing:* The Autobuilder has the possibility to test whether
specific layers work with the test of the system. The layers tested
diff --git a/poky/documentation/test-manual/understand-autobuilder.rst b/poky/documentation/test-manual/understand-autobuilder.rst
index b6809ce..c5e32cf 100644
--- a/poky/documentation/test-manual/understand-autobuilder.rst
+++ b/poky/documentation/test-manual/understand-autobuilder.rst
@@ -56,7 +56,7 @@
Combining these two entries you can see that "qemux86-64" is a three step build where the
``bitbake BBTARGETS`` would be run, then ``bitbake SANITYTARGETS`` for each step; all for
-``MACHINE="qemx86-64"`` but with differing SDKMACHINE settings. In step
+``MACHINE="qemux86-64"`` but with differing SDKMACHINE settings. In step
1 an extra variable is added to the ``auto.conf`` file to enable wic
image generation.