subtree updates

poky: 8d0ba08aa6..2696bf8cf3:
  Adam Johnston (1):
        useradd_base: Fix sed command line for passwd-expire

  Adrian Freihofer (1):
        vscode: add minimal configuration

  Alassane Yattara (44):
        bitbake: Update toaster-requirements to add django-log-viewer==1.1.7
        bitbake: toaster: bug-fix on tests.browser.test_most_recent_builds_states
        bitbake: Toaster: Bug-fix failure on tests.browser.test_layerdetails_page
        bitbake: Toaster: Fixed javascript issue on tests.browser.test_js_unit_tests
        bitbake: Toaster: bug-fix on /toastermain/logs.py
        bitbake: Toaster: bug-fix on custom image test cases
        bitbake: Toaster: bug-fix on tests/views/test_views.py
        bitbake: Toaster: bug-fix on tests.views.test_views.py
        bitbake: toaster: Write logs to BUILDDIR/toaster_logs
        bitbake: toaster: Add toaster-tests-requirements.txt to add pytest and some plugins
        bitbake: toaster: Update orm.models to catch error ProcessLookupError
        bitbake: toaster: Bug-fix pytest and Failed: Database access not allowed
        bitbake: toaster: fixed pytest error: Database access not allowed, use the "django_db"
        bitbake: toaster: Bug-fix django.db.utils.IntegrityError: Problem installing fixture
        bitbake: toaster: fixed: Tests fail when executed one after the other out of sequence
        bitbake: toaster: Added pytest.ini file
        bitbake: toaster: Check info_sign is visible and clickable in landing page
        bitbake: toaster: Test documentation link in landing header is displayed
        bitbake: toaster: Test jumbotron links visible and clickable
        bitbake: toaster: Bug-fix webdriver No parameter named options
        bitbake: Toaster: Write UI TestCase create new project
        bitbake: Toaster: Test create new project without project name
        bitbake: Toaster: Write UI TestCase import new project using
        bitbake: toaster/tests: Add UI TestCase to test if 'no build' message is shown
        bitbake: toaster/tests: Add UI TestCase to test search box on all build page
        bitbake: toaster/tests: Add UI TestCase to test the filtering feature on 'failure tasks' column
        bitbake: toaster/tests: Add UI TestCase to test filtering feature on 'completed_on' column
        bitbake: toaster/tests: Add UI TestCase to test "edit column" feature show/hide column
        bitbake: toaster/tests: Add UI TestCase to test "show rows" feature, change displaying rows in table
        bitbake: toaster/tests: Add UI TestCase for deleting project
        bitbake: toaster/tests: Add UI TestCase for Visualize all projects
        bitbake: toaster/tests: Add UI TestCase for visualize all projects edit column
        bitbake: toaster/tests: Add UI TestCase for visualize all projects show rows
        bitbake: toaster/tests/create_new_project: Code cleanup
        bitbake: toaster/tests: Add UI TestCase - Check project header contains right items
        bitbake: toaster/tests: Add UI TestCase - Test edit project name on project page
        bitbake: toaster/tests: Add UI TestCase - Test project page has right tabs displayed
        bitbake: toaster/tests: Add UI TestCase - Test project config tab navigation:
        bitbake: toaster/tests: Add UI TestCase - Test project config tab
        bitbake: toaster/tests: Add UI TestCase - Test project page tab import layer
        bitbake: toaster/tests: Add UI TestCase - Test project page tab "New custom image"
        bitbake: toaster/tests: Add UI TestCase - Test project page section images
        bitbake: toaster/tests: Add UI TestCase for the edit column feature in image recipe
        bitbake: toaster/tests: Add UI TestCase - Test the show rows feature in image recipe

  Alberto Pianon (1):
        bitbake: fetch2: Add API for upstream source tracing

  Alejandro Hernandez Samaniego (2):
        qemuarmv5: Drop QB_DTB conditional for older kernels
        baremetal-helloworld: Pull in fix for race condition on x86-64

  Alex Stewart (1):
        libsndfile1: fix CVE-2022-33065

  Alexander Kanavin (10):
        scripts/bitbake-whatchanged: remove
        selftest/buildoptions: tag the download mirror test with 'yocto-mirrors'
        bitbake: runqueue.py: clarify that 'closest' signature means 'most recent' (and not closest in its content)
        selftest/sstatetests: add tests for 'bitbake -S printdiff'
        lib/oe/sstatesig.py: dump locked.sigs.inc only when explicitly asked via -S lockedsigs
        selftest/sstatetests: add a test for CDN sstate cache
        populate_sdk_ext.bbclass: do not symlink unfsd from sdk image sysroot into eSDK tools path
        meta/lib/oe/copy_buildsystem.py: do not derefence symlinks
        scripts/esdk-tools: use a dedicated, static directory for esdk tools
        populate_sdk_ext: split copy_buildsystem() into logical steps defined as functions

  Alexander Lussier-Cullen (2):
        bitbake: toaster/tests: add passthroughs for relevant build environment variables
        bitbake: toaster: make django temp directory configurable

  Alexandre Belloni (1):
        strace: further clean up of ptest folders

  Alexis Lothoré (5):
        scripts/resulttool: limit the number of changes displayed per test
        scripts/resulttool: rearrange regressions report order
        scripts/resulttool: make additional info more compact
        scripts/yocto_testresults_query: add option to change display limit
        scripts/resulttool: group all regressions in regression report

  Anuj Mittal (9):
        gstreamer1.0: upgrade 1.22.6 -> 1.22.7
        gsettings-desktop-schemas: upgrade 44.0 -> 45.0
        harfbuzz: upgrade 8.2.2 -> 8.3.0
        libnotify: upgrade 0.8.2 -> 0.8.3
        libtirpc: upgrade 1.3.3 -> 1.3.4
        mmc-utils: upgrade to latest revision
        puzzles: upgrade to latest revision
        sqlite3: upgrade 3.43.2 -> 3.44.0
        vulkan: upgrade 1.3.261.1 -> 1.3.268.0

  Archana Polampalli (1):
        vim: Upgrade 9.0.2048 -> 9.0.2068

  Arne Schwerdt (1):
        ref-manual: Warn about COMPATIBLE_MACHINE skipping native recipes

  BELHADJ SALEM Talel (8):
        bitbake.conf: Drop DEPLOY_DIR_TAR
        ref-manual: Fix PACKAGECONFIG term and add an example
        dev-manual: layers: Add notes about layer.conf
        ref-manual: variables: add RECIPE_SYSROOT and RECIPE_SYSROOT_NATIVE
        ref-manual: variables: add TOOLCHAIN_OPTIONS variable
        ref-manual: variables: add example for SYSROOT_DIRS variable
        bitbake: Fix find_bbfiles string endswith call
        overview-manual: concepts: Add Bitbake Tasks Map

  Bastian Krause (1):
        linux-firmware: add new fw file to ${PN}-rtl8821

  Bruce Ashfield (22):
        linux-yocto/6.1: update to v6.1.56
        linux-yocto/6.5: update to v6.5.6
        linux-yocto/6.1: tiny: fix arm 32 boot
        linux-yocto/6.5: tiny: fix arm 32 boot
        linux-yocto/6.5: update to v6.5.7
        linux-yocto/6.1: update to v6.1.57
        linux-yocto/6.4: drop recipes
        linux-yocto/6.5: avoid serial port suspend issues
        linux-yocto/6.5: config: remove VIDEO_STK1160_COMMON
        linux-yocto/6.5: serial: core: integrate upstream fixes
        linux-yocto/6.5: update to v6.5.8
        linux-yocto/6.1: update to v6.1.59
        linux-yocto/6.5: update to v6.5.9
        linux-yocto/6.1: update to v6.1.60
        kern-tools: make lower context patches reproducible
        kern-tools: bump SRCREV for queue processing changes
        kern-tools: update SRCREV to include SECURITY.md file
        kernel-yocto: improve metadata patching
        linux-yocto/6.1: cfg: restore CONFIG_DEVMEM
        linux-yocto/6.1: update to v6.1.61
        linux-yocto/6.5: cfg: restore CONFIG_DEVMEM
        linux-yocto/6.5: update to v6.5.10

  Chen Qi (2):
        kernel.bbclass: add preceding space in appendVar setting
        systemd: fix DynamicUser issue

  Chris Laplante (4):
        bitbake: codeparser: replace deprecated ast.Str and 's'
        bitbake: runqueue: set has 'add', not 'append' method
        bitbake: codeparser: add missing 'import os'
        bitbake: codegen: cleanup deprecated AST usages

  Deepthi Hemraj (1):
        binutils: Fix CVE-2022-47007

  Desone Burns (1):
        bitbake: bitbake: fetch2: git: Update Git-LFS download and tests

  Dmitry Baryshkov (11):
        kernel-arch: drop CCACHE from KERNEL_STRIP definition
        meson: use correct targets for rust binaries
        linux-firmware: upgrade 20230804 -> 20231030
        linux-firmware: add missing depenencies on license packages
        linux-firmware: add notice file to sdm845 modem firmware
        linux-firmware: add audio topology symlink to the X13's audio package
        linux-firmware: package firmware for Qualcomm Adreno a702
        linux-firmware: package firmware for Qualcomm QCM2290 / QRB4210
        linux-firmware: package Qualcomm Venus 6.0 firmware
        linux-firmware: package Robotics RB5 sensors DSP firmware
        libdrm: upgrade 2.4.116 -> 2.4.117

  Eero Aaltonen (3):
        base-files, systemd: add nss-resolve plugin
        systemd: add option to use stub-resolv.conf
        ref-manual: add systemd-resolved to distro features

  Etienne Cordonnier (1):
        bitbake: bitbake-worker: add header with length of message

  Fabio Estevam (1):
        packagegroup-core-tools-profile: Remove PROFILE_TOOLS_X

  Fahad Arslan (1):
        linux-firmware: create separate packages

  Felix Moessbauer (1):
        bitbake: fetch2/aws: forward env-vars used in gitlab-ci K8s

  Florian Wickert (1):
        systemd: fix libnss-mymachines packaging

  Glenn Strauss (3):
        lighttpd: upgrade 1.4.71 -> 1.4.72
        lighttpd: update init script
        lighttpd: modernize lighttpd.conf

  Javier Tia (1):
        kernel-arch: use ccache only for compiler

  Jermain Horsman (3):
        lib/oe/buildcfg.py: Include missing import
        lib/oe/buildcfg.py: Remove unused parameter
        lib/bblayers/setupwriters/oe-setup-layers.py: Fix indentation

  Joakim Tjernlund (1):
        sed -i destroys symlinks

  Johannes Schneider (1):
        base-files: profile: allow profile.d to set EDITOR

  Jon Mason (2):
        qemu: drop unreferenced patch
        linux-yocto: Update dtb path for qemuarmv5

  Jose Quaresma (5):
        sstatesig: be more precise and show the full path in exceptions
        systemd: sort packages before pn
        systemd: add systemd-crypt package
        systemd: add cryptsetup-plugins package config
        systemd: add p11kit package config

  Joshua Watt (24):
        goarch: Move Go architecture mapping to a library
        bitbake: asyncrpc: Abstract sockets
        bitbake: hashserv: Add websocket connection implementation
        bitbake: asyncrpc: Add context manager API
        bitbake: hashserv: tests: Add external database tests
        bitbake: asyncrpc: Prefix log messages with client info
        bitbake: bitbake-hashserv: Allow arguments from environment
        bitbake: hashserv: Abstract database
        bitbake: hashserv: Add SQLalchemy backend
        bitbake: hashserv: Implement read-only version of "report" RPC
        bitbake: asyncrpc: Add InvokeError
        bitbake: asyncrpc: client: Prevent double closing of loop
        bitbake: asyncrpc: client: Add disconnect API
        bitbake: hashserv: Add user permissions
        bitbake: hashserv: Add become-user API
        bitbake: hashserv: Add db-usage API
        bitbake: hashserv: Add database column query API
        bitbake: hashserv: test: Add bitbake-hashclient tests
        bitbake: bitbake-hashclient: Output stats in JSON format
        bitbake: bitbake-hashserver: Allow anonymous permissions to be space separated
        bitbake: hashserv: tests: Allow authentication for external server tests
        bitbake: hashserv: Allow self-service deletion
        bitbake: hashserv: server: Add owner if user is logged in
        bitbake: asyncrpc: Add option to set log level when running as a process

  Julien Stephan (10):
        oeqa/selftest/devtool: abort if a local workspace already exist
        oeqa/selftest/devtool: remove spaces on empty line
        recipetool/create_buildsys_python: fix license note
        recipetool/create_buildsys_python: prefix created recipes with python3-
        recipetool/create_buildsys_python: refactor code for futur PEP517 addition
        recipetool/create_buildsys_python: add PEP517 support
        oeqa/selftest/recipetool: add selftest for PEP-517 recipe creation
        oeqa/selftest/devtool: fix test_devtool_modify_overrides test
        bitbake: bitbake: utils: remove spaces on empty lines
        bitbake: fetch2: git: add missing destsuffix and subpath parameters in docstrings

  Jérémy Rosen (5):
        insane: Add unimplemented-ptest infrastructure
        insane: Detect python and perl based tests
        insane: Detect build-system test harnesses
        insane: Add a naive heuristic to detect test subdirectories
        ref-manual: Add documentation for the unimplemented-ptest QA warning

  Jörg Sommer (3):
        libtirpc: Support ipv6 in DISTRO_FEATURES
        base-files: Remove localhost ::1 from hosts if ipv6 missing
        package_qa_check_rdepends: Allow /usr/bin/sh if usrmerge

  Khem Raj (23):
        gcompat: Add fcntl64 wrapper
        gcompat: Upgrade to 1.1.0 release
        python3-urllib3: Update to 2.0.6
        llvm: Upgrade to 17.0.3
        shared-mime-info: Fix missing sentinel warning
        openssl: Match target name for riscv64/riscv32
        openssl: Inherit riscv32 config from latomic config on linux
        kernel.bbclass: Use strip utility used for kernel build in do_package
        python3-urllib3: Upgrade to 2.0.7
        qemuriscv: Add to common MACHINE_FEATURES instead of overriding them
        meson: Add check for riscv64 in link template
        machine-sdk: Add SDK_ARCH for riscv64
        uninative.bbclass: Add ldso information for riscv64
        rust-cross-canadian: Add riscv64 to cross-canadian hosts
        cdrtools: Fix build on riscv64
        llvm: Upgrade to 17.0.4 release
        systemd: Make libnss-mymachines conditional upon packageconfig
        ptest-packagelists: Remove strace/valgrind/lttng-tools on riscv32
        libarchive: Add packageconfig knob for libb2
        librsvg: Fix build for riscv32
        librsvg: Enable 64bit atomics in crossbeam again for riscv32
        libsoup: Upgrade to 3.4.2 -> 3.4.4
        llvm: Upgrade to 17.0.5

  Lee Chee Yang (6):
        qemu: ignore RHEL specific CVE-2023-2680
        machine: drop obsolete SERIAL_CONSOLES_CHECK
        documentation.conf: drop SERIAL_CONSOLES_CHECK
        release-notes-4.3: add Repositories / Downloads section
        migration-guide: add release notes for 4.0.14
        migration-guide: add release notes for 4.2.4

  Logan Gunthorpe (1):
        runqemu: Add squashfs filesystem types

  Lukas Funke (5):
        classes: go-vendor: Add go-vendor class
        selftest: recipetool: Add test for go recipe handler
        recipetool: Ignore *.go files while scanning for licenses
        recipetool: Add handler to create go recipes
        udev-extraconf: mount.sh: check if filesystem is supported before mounting

  Malte Schmidt (3):
        systemd: use nonarch libdir for tmpfiles.d
        pam: use nonarch libdir for tmpfiles.d
        sysstat: use nonarch libdir for tmpfiles.d

  Marcus Folkesson (1):
        qemuboot.bbclass: fix typos in documentation

  Markus Fuchs (1):
        systemd: Add 'no-ntp-fallback' PACKAGECONFIG option

  Markus Volk (6):
        libcroco: drop recipe
        gnomebase.bbclass: Use meson as default buildsystem
        ghostscript: Build and install shared lib
        cups: Upgrade 2.4.6 -> 2.4.7
        gtk: Add rdepend on printbackend for cups
        ffmpeg: Upgrade 6.0 -> 6.1

  Marlon Rodriguez Garcia (6):
        bitbake: toaster: updated bootstrap version 3.3.6 -> 3.3.7
        bitbake: toaster: Update bootstrap version to 3.4.1
        bitbake: toaster: update jquery version 2.0.3 -> 3.7.1
        bitbake: toaster: fixed functional test
        bitbake: toaster: add tox.ini file to execute test suite
        bitbake: toaster: replace deprecated tags ifequal and ifnotequal

  Marta Rybczynska (6):
        SECURITY.md: add file
        bitbake: SECURITY.md: add file
        dev-manual: add security team processes
        python3-beartype: upgrade 0.16.2 -> 0.16.4
        python3-spdx-tools: upgrade 0.8.1 -> 0.8.2
        dev-manual: extend the description of CVE patch preparation

  Martin Jansa (13):
        staging.bbclass: process installed dependencies in deterministic order as well
        bitbake.conf: drop ${PE} and ${PR} from -f{file,macro,debug}-prefix-map
        ovmf: drop PE, PR from /usr/src/debug paths
        go-cross-canadian.inc: drop PE, PR from /usr/src/debug paths
        acpica: drop PE, PR from /usr/src/debug paths
        libjpeg-turbo: drop PE, PR from /usr/src/debug paths
        ffmpeg: drop PE, PR from /usr/src/debug paths
        perf: drop PE, PR from /usr/src/debug paths
        rust: drop PE, PR from /usr/src/debug paths
        vulkan-samples: drop PE, PR from /usr/src/debug paths
        valgrind: drop PE, PR from /usr/src/debug paths
        python3-cython: drop PE, PR from /usr/src/debug paths
        igt-gpu-tools: drop PR from /usr/src/debug paths

  Massimiliano Minella (1):
        systemd: update LICENSE statement

  Max Krummenacher (2):
        Revert "bin_package.bbclass: Inhibit the default dependencies"
        perf: fix build with latest kernel

  Meenali Gupta (5):
        avahi: fix CVE-2023-38469
        avahi: fix CVE-2023-38470
        avahi: fix CVE-2023-38471
        avahi: fix CVE-2023-38472
        avahi: fix CVE-2023-38473

  Michael Halstead (1):
        docs: add support for nanbield (4.3) release

  Michael Opdenacker (29):
        manuals: update linux-yocto append examples
        dev-manual: wic: update "wic list images" output
        sdk-manual: appendix-obtain: improve and update descriptions
        manuals: update list of supported machines
        bsp-guide: bsp: skip Intel machines no longer supported in Poky
        brief-yoctoprojectqs: use new CDN mirror for sstate
        dev-manual: start.rst: remove obsolete reference
        local.conf.sample: remove mips edgerouter machine
        oeqa/runtime/cases/parselogs: remove "edgerouter" case
        manuals: correct "yocto-linux" by "linux-yocto"
        test-manual: reproducible-builds: stop mentioning LTO bug
        ref-manual: document KERNEL_LOCALVERSION
        ref-manual: variables: document OEQA_REPRODUCIBLE_TEST_PACKAGE
        migration-guides: updates for 4.3
        migration-guides: mention runqemu change in serial port management
        ref-manual: document KERNEL_STRIP
        migration-guides: further updates for 4.3
        manuals: improve description of CVE_STATUS and CVE_STATUS_GROUPS
        ref-manual: document MESON_TARGET
        ref-manual: document cargo_c class
        ref-manual: variables: mention new CDN for SSTATE_MIRRORS
        ref-manual: variables: add RECIPE_MAINTAINER
        ref-manual: variables: remove SERIAL_CONSOLES_CHECK
        migration-guides: further updates for release 4.3
        bsp-guide: bsp.rst: update beaglebone example
        ref-manual: classes: explain cml1 class name
        migration-guides: fix empty sections
        manuals: fix URL
        ref-manual: releases.svg: update nanbield release status

  Mickael RAMILISON (1):
        scripts/patchreview: Add a custom pattern for finding recipe patches

  Mingli Yu (2):
        openssh: Add sshd.service
        openssh: Don't hardcode the dir in sshd.service

  Niko Mauno (6):
        package_rpm: Fix some pycodestyle issues
        package_rpm: Minor cosmetic and style fixes
        package_rpm: Remove unused definitions
        package_rpm: Allow compression mode override
        image_types.bbclass: Use xz default compression preset level
        ccache.conf: Remove obsolete configuration option

  Paul Barker (1):
        ref-manual: Fix reference to MIRRORS/PREMIRRORS defaults

  Paul Eggleton (12):
        Remove references to apm in MACHINE_FEATURES
        ref-manual: update SDK_NAME variable documentation
        ref-manual: remove semicolons from *PROCESS_COMMAND variables
        release-notes-4.3: fix some typos
        release-notes-4.3: tweaks to existing text
        release-notes-4.3: add CVEs, recipe upgrades, license changes, contributors
        release-notes-4.3: remove the Distribution section
        release-notes-4.3: move new classes to Rust section
        release-notes-4.3: feature additions
        migration-4.3: remove some unnecessary items
        migration-4.3: adjustments to existing text
        migration-4.3: additional migration items

  Pavel Zhukov (1):
        bitbake: tests/fetch.py: Add tests to cover multiple branch/name parameters

  Peter Kjellerstedt (5):
        bb-matrix-plot.sh: Show underscores correctly in labels
        bitbake: command: Make parseRecipeFile() handle virtual recipes correctly
        bitbake: cookerdata: Be consistent with what type bb_data represents
        bitbake: cache: Simplify virtualfn2realfn()
        oeqa/selftest/tinfoil: Add tests that parse virtual recipes

  Peter Marko (1):
        openssl: Upgrade 3.1.3 -> 3.1.4

  Quentin Schulz (2):
        recipes-rt: update README to match newer override syntax
        ref-manual: variables: provide no-match example for COMPATIBLE_MACHINE

  Ragesh Nair (1):
        bitbake: fetch2/git: fix lfs fetch with destsuffix param

  Randy MacLeod (2):
        strace: backport fix for so_peerpidfd-test
        strace: upgrade 6.5 -> 6.6

  Rasmus Villemoes (3):
        perf: lift TARGET_CC_ARCH modification out of security_flags.inc
        valgrind: split helper scripts to separate packages, update dependencies
        perf: add jevents PACKAGECONFIG item

  Richard Purdie (34):
        reproducible: Exclude rust for now again
        linux/cve-exclusion6.1/6.5: Update to latest kernel point releases
        oeqa/qemurunner: Drop newlines serial workaround
        local.conf.sample: Document new CDN mirror for sstate
        poky.conf: Bump version for 4.3 nanbield release
        build-appliance-image: Update to master head revision
        poky.conf: Update to post release versioning
        base: Ensure recipes using mercurial-native have certificates
        qemu: Upgrade 8.1.0 -> 8.1.2
        oeqa/selftest: Drop machines support
        sstate: Ensure sstate searches update file mtime
        insane: Move unpack tests to do_recipe_qa
        go-vendor: Minor style tweaks
        package/package_write: Improve packagedata code location
        debianutils: Fix warnings
        bitbake: runqueue: Fix runall option for setscene tasks
        bitbake: runqueue: Fix errors when using -S printdiff
        oeqa/selftest/sstatetests: Fix intermitttent errors and improve performance
        layer.conf: Switch layer to nanbield series only
        libdnf: Fix arm arch mapping issues for qemuarmv5
        linux/cve-exclusion6.1/6.5: Update to latest kernel point releases
        bitbake: Revert "toaster: Bug-fix webdriver No parameter named options"
        vim: Improve locale handling
        selftest/reproducible: Allow packages exclusion via config
        bitbake: runqueue: Move 'cantskip' into sqdata
        bitbake: runqueue: Refactor StaleSetSceneTasks event out of build_scenequeue_data
        bitbake: toaster/tox.ini: Add py 3.11 and 3.12
        bitbake.conf: Drop oldincludedir
        bitbake: cooker: Add support for BB_DEFAULT_EVENTLOG
        bitbake: cooker: Avoid sideeffects for autorev from getAllKeysWithFlags
        oeqa/selftest/sstatetests: Re-enable CDN tests
        bitbake.conf: Log events by default using BB_DEFAULT_EVENTLOG
        package_ipk: Fix Source: field variable dependency
        Revert "binutils: Fix CVE-2022-47007"

  Robert P. J. Day (2):
        dev-manual: new-recipe.rst: add missing parenthesis to "Patching Code" section
        profile-manual: aesthetic cleanups

  Ross Burton (36):
        man-db: add RRECOMMENDS on glibc-utils for iconv
        man-db: remove inexplicable man_db.conf patch
        patchtest: remove unused imports
        patchtest: sort when reading patches from a directory
        linux-yocto: update CVE exclusions
        libxml2: ignore disputed CVE-2023-45322
        zlib: ignore CVE-2023-45853
        cve-check: sort the package list in the JSON report
        cve-check: slightly more verbose warning when adding the same package twice
        pixman: ignore CVE-2023-37769
        scripts/patchreview: rework patch detection
        scripts/contrib/patchreview: add commit and recipe count fields to JSON
        scripts/contrib/patchreview: consolidate imports
        scripts/contrib/patchreview: fix commit identification
        cve-check: don't warn if a patch is remote
        migration-guides: add debian 12 to newly supported distros
        migration-guides: edgerouter machine removed
        migration-guides: QEMU_USE_SLIRP variable removed
        migration-guides: remove non-notable change
        migration-guides: mention LLVM 17
        migration-guides: mention CDN
        migration-guides: add kernel notes
        migration-guides: remove SERIAL_CONSOLES_CHECK
        migration-guides: enabling SPDX only for Poky, not a global default
        migration-guides: add testing notes
        migration-guides: add utility notes
        migration-guides: add BitBake changes
        migration-guides: packaging changes
        migration-guides: git recipes reword
        poky-tiny: fix PACKAGE_EXCLUDE
        Revert "xserver-xorg: Fix for CVE-2023-5574"
        xwayland: upgrade to 23.2.2
        lib/oe/patch: ensure os.chdir restoring always happens
        oeqa/selftest/debuginfod: improve selftest
        shared-mime-info: embed PV in the filename
        rust-llvm: remove python3native dependency

  Rouven Czerwinski (1):
        glib-2.0: Remove unnecessary assignement

  Sean Nyekjaer (3):
        rust-cross-canadian: set CARGO_TARGET_<triple>_RUSTFLAGS
        rust-cross-canadian: set CARGO_TARGET_<triple>_RUNNER for nativesdk
        oeqa/sdk/rust: Add build and run test of rust binary with SDK host

  Sergei Zhmylev (1):
        classes: Move package RDEPENDS processing out of debian.bbclass

  Siddharth Doshi (2):
        vim: Upgrade 9.0.1894 -> 9.0.2009
        vim: Upgrade 9.0.2009 -> 9.0.2048

  Stefan Herbrechtsmeier (2):
        glibc: use nonarch libdir for tmpfiles.d
        classes: go-mod: do not pack go mod cache

  Steve Sakoman (1):
        vim: use upstream generated .po files

  Stéphane Veyret (2):
        volatile-binds: Allow creation of subdirectories
        volatile-binds: Calculate the name of the /var/lib service

  Thomas Perrot (1):
        opensbi: Upgrade to 1.3.1 release

  Thomas Wolber (1):
        kea: drop unused directory

  Tim Orling (9):
        recipetool: add python_hatchling support
        lsb-release: use https for UPSTREAM_CHECK_URI
        bitbake: toaster: drop deprecated USE_L10N from settings
        bitbake: toaster: use docs for BitBake link on landing page
        bitbake: toaster: fix obsolete use of find_element_by_link_text
        bitbake: toaster: test_create_new_project typos, whitespace
        python3-hypothesis: upgrade 6.88.3 -> 6.89.0
        python3-setuptools-scm: upgrade 7.1.0 -> 8.0.4
        python3-poetry-core: upgrade 1.7.0 -> 1.8.1

  Trevor Gamblin (30):
        patchtest: improve test issue messages
        patchtest: clean up test suite
        patchtest/requirements.txt: update
        patchtest: add supporting modules
        patchtest: add scripts to oe-core
        patchtest: set default repo and testdir targets
        patchtest: update SPDX identifiers
        patchtest/selftest: fix command arguments
        patchtest: check for untracked changes
        patchtest: test regardless of mergeability
        patchtest: skip merge test if not targeting master
        contributor-guide: add patchtest section
        contributor-guide: clarify patchtest usage
        patchtest: fix lic_files_chksum test regex
        patchtest-send-results: improve subject line
        patchtest: disable merge test
        patchtest-send-results: check max line length, simplify responses
        patchtest/selftest: add XSKIP, update test files
        patchtest: simplify test directory structure
        patchtest: reduce checksum test output length
        patchtest: shorten test result outputs
        patchtest-send-results: send results to submitter
        patchtest-send-results: add In-Reply-To
        patchtest: make pylint tests compatible with 3.x
        patchtest: remove test for CVE tag in mbox
        patchtest-send-results: fix sender parsing
        patchtest: rework license checksum tests
        python3-mako: upgrade 1.2.4 -> 1.3.0
        python3-trove-classifiers: upgrade 2023.10.18 -> 2023.11.14
        python3-numpy: upgrade 1.26.0 -> 1.26.2

  Vijay Anusuri (1):
        xserver-xorg: Fix for CVE-2023-5574

  Vincent Davis Jr (1):
        acpica: add nativesdk to BBCLASSEXTEND

  Vyacheslav Yurkov (1):
        lib/oe/path: Deploy files can start only with a dot

  Wang Mingyu (79):
        openssh: upgrade 9.4p1 -> 9.5p1
        bluez5: upgrade 5.69 -> 5.70
        btrfs-tools: upgrade 6.5.1 -> 6.5.2
        createrepo-c: upgrade 1.0.0 -> 1.0.1
        dhcpcd: upgrade 10.0.2 -> 10.0.3
        ell: upgrade 0.58 -> 0.59
        kmod: upgrade 30 -> 31
        libcomps: upgrade 0.1.19 -> 0.1.20
        libsdl2: upgrade 2.28.3 -> 2.28.4
        libubootenv: upgrade 0.3.4 -> 0.3.5
        ltp: upgrade 20230516 -> 20230929
        libva: upgrade 2.19.0 -> 2.20.0
        python3-git: upgrade 3.1.36 -> 3.1.37
        python3-babel: upgrade 2.12.1 -> 2.13.0
        python3-beartype: upgrade 0.15.0 -> 0.16.2
        python3-cffi: upgrade 1.15.1 -> 1.16.0
        python3-hypothesis: upgrade 6.86.2 -> 6.87.4
        python3-iso8601: upgrade 2.0.0 -> 2.1.0
        python3-markdown: upgrade 3.4.4 -> 3.5
        python3-packaging: upgrade 23.1 -> 23.2
        python3-pycairo: upgrade 1.24.0 -> 1.25.0
        python3-ruamel-yaml: upgrade 0.17.32 -> 0.17.35
        xkeyboard-config: upgrade 2.39 -> 2.40
        python3-wcwidth: upgrade 0.2.6 -> 0.2.8
        repo: upgrade 2.36.1 -> 2.37
        shared-mime-info: upgrade 2.2 -> 2.3
        sqlite3: upgrade 3.43.1 -> 3.43.2
        stress-ng: upgrade 0.16.05 -> 0.17.00
        base-passwd: upgrade 3.6.1 -> 3.6.2
        createrepo-c: upgrade 1.0.1 -> 1.0.2
        cronie: upgrade 1.6.1 -> 1.7.0
        dhcpcd: upgrade 10.0.3 -> 10.0.4
        enchant2: upgrade 2.6.1 -> 2.6.2
        btrfs-tools: upgrade 6.5.2 -> 6.5.3
        debianutils: upgrade 5.13 -> 5.14
        gpgme: upgrade 1.22.0 -> 1.23.1
        harfbuzz: upgrade 8.2.1 -> 8.2.2
        libdnf: upgrade 0.71.0 -> 0.72.0
        libical: upgrade 3.0.16 -> 3.0.17
        libjpeg-turbo: upgrade 3.0.0 -> 3.0.1
        libnewt: upgrade 0.52.23 -> 0.52.24
        libnsl2: upgrade 2.0.0 -> 2.0.1
        lighttpd: upgrade 1.4.72 -> 1.4.73
        msmtp: upgrade 1.8.24 -> 1.8.25
        ghostscript: upgrade 10.02.0 -> 10.02.1
        glib-2.0: upgrade 2.78.0 -> 2.78.1
        python3-pyrsistent: upgrade 0.19.3 -> 0.20.0
        python3-babel: upgrade 2.13.0 -> 2.13.1
        python3-gitdb: upgrade 4.0.10 -> 4.0.11
        python3-git: upgrade 3.1.37 -> 3.1.40
        python3-hypothesis: upgrade 6.87.4 -> 6.88.1
        python3-pip: upgrade 23.2.1 -> 23.3.1
        python3-psutil: upgrade 5.9.5 -> 5.9.6
        python3-pycairo: upgrade 1.25.0 -> 1.25.1
        python3-pyopenssl: upgrade 23.2.0 -> 23.3.0
        python3-pytest: upgrade 7.4.2 -> 7.4.3
        python3-setuptools-rust: upgrade 1.7.0 -> 1.8.1
        python3-testtools: upgrade 2.6.0 -> 2.7.0
        python3-trove-classifiers: upgrade 2023.9.19 -> 2023.10.18
        python3-wcwidth: upgrade 0.2.8 -> 0.2.9
        python3-wheel: upgrade 0.41.2 -> 0.41.3
        shaderc: upgrade 2023.6 -> 2023.7
        xserver-xorg: upgrade 21.1.8 -> 21.1.9
        python3-cryptography(-vectors): upgrade 41.0.4 -> 41.0.5
        dhcpcd: upgrade 10.0.4 -> 10.0.5
        diffoscope: upgrade 249 -> 251
        git: upgrade 2.42.0 -> 2.42.1
        iproute2: upgrade 6.5.0 -> 6.6.0
        libsdl2: upgrade 2.28.4 -> 2.28.5
        libsolv: upgrade 0.7.25 -> 0.7.26
        libuv: upgrade 1.46.0 -> 1.47.0
        bash: upgrade 5.2.15 -> 5.2.21
        dnf: upgrade 4.17.0 -> 4.18.1
        python3-hatch-vcs: upgrade 0.3.0 -> 0.4.0
        python3-hypothesis: upgrade 6.88.1 -> 6.88.3
        python3-pbr: upgrade 5.11.1 -> 6.0.0
        python3-testtools: upgrade 2.7.0 -> 2.7.1
        shared-mime-info: upgrade 2.3 -> 2.4
        stress-ng: upgrade 0.17.00 -> 0.17.01

  William A. Kennington III (1):
        kernel: Commit without running hooks

  William Lyu (2):
        perl: fix intermittent test failure
        openssl: improve handshake test error reporting

  Xiangyu Chen (4):
        linux-yocto: make sure the pahole-native available before do_kernel_configme
        grub: Fix for CVE-2023-4692 and CVE-2023-4693
        sudo: upgrade 1.9.14p3 -> 1.9.15p2
        openssh: add systemd readiness notification support

  Yoann Congal (4):
        insane: skip unimplemented-ptest on S=WORKDIR recipes
        insane: unimplemented-ptest: ignore source file errors
        selftest/reproducible: Split a long line
        meta-selftest/files: add xuser to static-passwd/-group

  david d zuhn (1):
        bitbake.conf: remove ${CCACHE} from FORTRAN compiler

  luca fancellu (1):
        oeqa/ssh: Handle SSHCall timeout error code

meta-arm: e914891eee..1dff3300fb:
  Abdellatif El Khlifi (6):
        arm-bsp/linux-yocto: corstone1000: bump to v6.5%
        arm-bsp/documentation: corstone1000: enable debug-tweaks
        arm-bsp/documentation: corstone1000: update the release note
        arm-bsp/documentation: corstone1000: update the change log
        arm-bsp/documentation: corstone1000: update the user guide
        kas: corstone1000: pin the SHAs

  Ali Can Ozaslan (1):
        arm-bsp/documentation: corstone1000: Update the user guide

  Debbie Martin (10):
        arm-bsp/u-boot: Divide the U-boot configuration by machine
        arm-bsp/fvp-base: Merge fvp-common.inc into fvp-base.conf
        arm-bsp/trusted-firmware-a/fvp-base: Add stdout path and virtio net and rng
        arm-bsp/u-boot/fvp-base: Configure FVP base U-boot machine and enable U-boot sysreset, CRC-32 and virtio RNG
        arm-bsp/fvp-base: Configure grub as the EFI provider
        arm/fvp-base: Update the default testsuites
        arm-systemready: Introduce the Arm SystemReady layer
        arm-bsp/systemready: Bring up the Arm SystemReady IR ACS 2.0 suite on FVP base
        kas: Add kas configuration for Arm SystemReady and fvp-base
        ci: Add fvpboot to IMAGE_CLASSES

  Delane Brandy (1):
        arm-bsp/documentation: corstone1000: Update the user guide

  Drew Reed (2):
        arm-bsp: Enable TF-A test building for the N1SDP
        CI: Enable TF-A TFTF test builds

  Emekcan Aras (17):
        arm-bsp/u-boot: corstone1000: enable on-disk capsule update
        arm-bsp/u-boot: corstone1000: fix runtime capsule update flag checks
        arm-bsp/trusted-firmware-m: fix capsule update alignment
        arm-bsp/trusted-firmware-m: update the upstream status of the out-of-tree patches
        arm-bsp/u-boot: corstone1000: scatter gather list workaround for ondisk capsule update
        arm-bsp/trusted-services: enable signaled handling interrupts for SPs
        arm-bsp/corstone1000: fix synchronization issue on openamp notification
        arm/fvp-corstone1000: upgrade to 11.23_25
        arm-bsp/corstone1000-fvp: Add virtio-net configuration
        arm-bsp/corstone1000-fvp: add unpadded image support for MMC card config
        arm-bsp/corstone1000-fvp: Disable Time Annotation
        arm-bsp/u-boot: corstone1000: enable virtio-net support for FVP
        arm-bsp/documentation: corstone1000: update the architecture document
        arm-bsp/documentation: corstone1000: Add EFI system partition section
        arm-bsp/documentation: corstone1000: add a note and fix instructions
        arm-bsp/documentation: corstone1000: add readthedocs.yaml file
        arm-bsp/documentation: corstone1000: fix the requirements.txt and conf.py path

  Harsimran Singh Tungal (4):
        arm-bsp/u-boot: corstone1000: Remove External system patches
        arm-bsp/linux: corstone1000: update the defconfig
        arm-bsp/linux: corstone1000: Remove External system patches
        arm-bsp/images: corstone1000: Remove the external system test package

  Javier Tia (1):
        trusted-firmware-a: fix build error when using ccache

  Jon Mason (10):
        arm-bsp/linux-yocto: add recipe for v6.4 kernel
        arm/linux-yocto: remove defconfig patch
        CI: add sbsa-acs to recipe report
        arm/linux-yocto: remove PHYS_VIRT config frag
        arm-bsp/optee: remove 3.18 recipes and patches
        arm-bsp/edk2: remove 202211
        arm/hafnium: update to v2.9
        arm/optee: update to 4.0.0
        arm/optee: cleanups from code review
        arm/toolchains: update to 13.2.Rel1

  Mariam Elshakfy (3):
        arm-bsp/n1sdp: Move OP-TEE to DDR4
        arm-bsp/n1sdp: Enable OP-TEE cache in N1SDP
        arm-bsp/corstone1000: Remove inappropriate kernel delay patch

  Ross Burton (24):
        arm/oeqa/selftest: tag all tests with "meta-arm"
        CI: don't hardcode the selftest tests to run
        CI: also run the _qemutiny testcase for poky-tiny
        CI: track nanbield branches
        arm/fvp-corstone1000: upgrade to 11.22.35, add aarch64 binaries
        kas/corstone1000: don't limit the FVP use to x86-64
        CI: don't pin corstone1000-fvp to x86-64
        CI: build both aarch64 and x86-64 packages for as many FVPs as possible
        arm-bsp/u-boot: remove 2023.01
        arm/trusted-firmware-a: update mbedtls to recommended release
        CI: Add meta-secure-core to pending-upgrades for corstone1000
        arm-bsp: corstone1000 depends on meta-efi-secure-boot
        arm/generic-arm64: remove obsolete SERIAL_CONSOLES_CHECK
        arm/lib/fvp/runner: don't pass '' as cwd
        scripts/runfvp: exit code should be the FVP exit code
        arm/selftest: add test that DISPLAY is forwarded into the runfvp child
        CI: use nanbield branch for meta-virtualization
        CI: use nanbield branch of meta-clang
        arm/optee: handle CVE-2021-36133 as disputed
        arm-bsp/optee-os: backport fix for CVE-2023-41325
        arm/fvp-base-a-aem: upgrade to 11.23.9
        arm-bsp/fvp-base: upgrade tune to v8.4
        arm-bsp/trusted-firmware-a: use v8.4 instructions on fvp-base
        arm-bsp/optee-os: update Upstream-Status tags

  Vikas Katariya (1):
        arm-bsp/corstone1000: Fix RSA key generation issue

  Xueliang Zhong (2):
        Update Corstone-1000 doc with security issue reporting guideline
        arm-bsp/n1sdp: update to linux yocto kernel 6.5

meta-raspberrypi: 482d864b8f..8231f97534:
  Andrei Gherzan (1):
        docs: Fix ReadTheDocs builds.os requirement

  Carlos Alberto Lopez Perez (1):
        linux-raspberrypi: stop setting powersave as the default CPU governor

  Jose Quaresma (2):
        linux-raspberrypi/linux-raspberrypi-v7: drop 5.10 version
        rpi-base: Adds EXTRA_IMAGEDEPENDS to fix the image task do_populate_lic_deploy

  Khem Raj (1):
        linux-raspberrypi_6.1.bb: Update to 6.1.61 release

  Leon Anavi (2):
        rpi-config: Upgrade to tip of tree
        rpi-config: reintroduce start_x

  Matthew Draws (1):
        rpi-eeprom: Update to 2023.10.18-2712

  Vincent Davis Jr (1):
        rpidistro-vlc: add new patch po-Fix-typos-in-oc

meta-openembedded: 62039a2c33..991e6852a5:
  Akash Hadke (1):
        libeigen: Update GPL-3.0-only to GPL-2.0-only

  Alex Kiernan (2):
        reptyr: Add 0.10.0
        mdns: Upgrade 2200.0.8 -> 2200.40.37.0.1

  Alper Ak (1):
        unionfs-fuse: upgrade 2.2 --> 3.4

  Andrew Jeffery (1):
        mdio-tools: Add virtual/kernel dependency to avoid stale SPDX reference

  Armin Kuster (4):
        netkit: Drop old and no upstream
        MAINTANERS: drop netkit
        README: drop netkit maintainer
        pkggrp: drop netkit

  Arthur Oliveira (5):
        python3-objectpath: Add ObjectPath Python Recipe
        python3-flask-restx: Add Flask-RestX Python Recipe
        python3-zopeevent: Add Zope.Event Python Recipe
        python3-aniso8601: Add ISO 8601 parsing library
        python3-flask-restx: Switch dependency from isodate to aniso8601

  Bartosz Golaszewski (5):
        shunit2: new recipe
        libgpiod: update to v2.1
        python3-gpiod: update to v2.1.3
        python3-gpiod: setup target config in ptest compile
        python3-gpiod: fix the required version of libgpiod

  Beniamin Sandu (2):
        mbedtls: upgrade 3.4.1 -> 3.5.0
        unbound: upgrade 1.18.0 -> 1.19.0

  Benjamin Bouvier (1):
        libsmi: enable native build

  Carlos Alberto Lopez Perez (1):
        libbacktrace: Update version and enable shared library.

  Charles Perry (4):
        libosip2: add recipe
        libexosip2: add recipe
        libexosip2: add c-ares and openssl PACKAGECONFIG
        libexosip2: package binaries in a separate package

  Chi Xu (1):
        re2: Add ptest support

  Christian Eggers (1):
        python3-gcovr: switch to main branch

  Christophe Vu-Brugier (1):
        exfatprogs: upgrade 1.2.1 -> 1.2.2

  Clément Péron (2):
        proj: Upgrade to 9.3.0 release
        pcapplusplus: Add recipe for 23.09 release

  Daiane Angolini (1):
        wireguard-tools: Use PACKAGECONFIG to select wg-quick and bash-completion

  Daniel McGregor (1):
        python3-pylint: allow native build

  Daniel Semkowicz (2):
        cockpit: Fix cockpit-askpass path
        cockpit: Bump to version 304

  David Pierret (3):
        libtext: add ptest
        cjson: Add ptest
        python3-rapidjson: add missing ptest dependency

  Edi Feschiyan (1):
        libbytesize: update SRC_URI

  Etienne Cordonnier (1):
        uutils-coreutils: upgrade 0.0.21 -> 0.0.22

  Fabien Thomas (2):
        klibc/klibc.inc : Add DEBUG_PREFIX_MAP flag.
        samba.bb : Disable ad-dc by default

  Fabio Estevam (5):
        edid-decode: Upgrade to latest master
        openocd: Use https for github
        python3-piccata: Use https for github
        multipath-tools: Use https for github
        crucible: Upgrade to 2023.11.02

  Gianfranco Costamagna (3):
        vbxguestdrivers: upgrade 7.0.10 -> 7.0.12
        cpulimit: add DESCRIPTION field
        dlt-daemon: cherry-pick another upstream-proposed patch

  Hains van den Bosch (1):
        libebml: Enable shared libraries

  Jamin Lin (1):
        Brotli: fix build failed if the path includes "-static"

  Jan Claußen (1):
        btop: Add recipe

  Jan Vermaete (3):
        netdata: chown in systemd service with ':' iso '.'
        netdata: version bump 1.43.0 -> 1.43.2
        README.md: was a Markdown paragraph and should be a list

  Jeffrey Pautler (1):
        apache2: add vendor to product name used for CVE checking

  Joe Slater (2):
        python3-pynacl: add RCONFLICTS with python3-nacl
        python3-django: move to version 4.2.5

  Johannes Kauffmann (1):
        open62541: update to v1.3.8

  Johnathan Mantey (1):
        ipmitool: Update and eliminate unneeded patch

  Jonas Gorski (1):
        frr: fix CVEs CVE-2023-4675{2,3} and CVE-2023-4723{4,5}

  Jose Quaresma (4):
        ostree: Upgrade 2023.5 -> 2023.6
        ostree: drop trivial-httpd-cmdline
        ostree: add ed25519-openssl
        ostree: Upgrade 2023.6 -> 2023.7

  Kai Kang (4):
        xfce4-panel-profiles: 1.0.13 -> 1.0.14
        python3-nacl: drop duplicate recipe
        python3-blivet: 3.4.3 -> 3.8.2
        python3-blivetgui: 2.3.0 -> 2.4.2

  Khem Raj (209):
        libnet-idn-encode: Fix build with perl 2.38 and gcc13
        poco: Fix data race when create POSIX thread
        static-group: Match nogroup id to base-passwd from core.
        gutenprint: Upgrade to 5.3.4
        meta-perl: Add libtext-diff-perl to fast ptest list
        leveldb: Upgrade to 1.23 plus latest git
        meta-python: Add python3-rapidjson to PTESTS_FAST_META_PYTHON
        leveldb: Print uint64_t with PRI64
        network-manager-applet,networkmanager-openvpn, networkmanager: Apply linker versioning patch when using lld only
        emlog: Add PV
        ccid: upgrade 1.5.2 -> 1.5.4
        jack: upgrade 1.19.22 -> 2
        abseil-cpp: upgrade 20230802.0 -> 20230802.1
        xterm: upgrade 387 -> 388
        toybox: upgrade 0.8.8 -> 0.8.10
        pahole: upgrade 1.24 -> 1.25
        gcab: upgrade 1.4 -> 1.6
        feh: upgrade 3.10 -> 3.10.1
        xmlsec1: upgrade 1.2.37 -> 1.3.2
        xmlsec1: Fix the key name in verify2 test
        ctags: upgrade 6.0.20231001.0 -> 6.0.20231029.0
        googlebenchmark: upgrade 1.8.0 -> 1.8.3
        opencl-headers: upgrade 04.17 -> 2023.04.17
        thingsboard-gateway: upgrade 3.4.1 -> 3.4.2
        neatvnc: upgrade 0.6.0 -> 0.7.0
        lastlog2: upgrade 1.1.0 -> 1.2.0
        libmbim: upgrade 1.30.0 -> 1.31.1
        ser2net: upgrade 4.3.13 -> 4.5.0
        fio: upgrade 3.32 -> 2022
        libosinfo: upgrade 1.10 -> 1.11.0
        webkitgtk3: upgrade 2.42.0 -> 2.42.1
        mstpd: upgrade 0.1 -> 0.05
        smarty: upgrade 4.3.0 -> 4.3.4
        geos: upgrade 3.12.0 -> 3.12.0beta2
        wtmpdb: upgrade 0.7.1 -> 0.9.3
        lsscsi: upgrade 0.32 -> 030
        glibmm-2.68: upgrade 2.74.0 -> 2.78.0
        mcelog: upgrade 194 -> 196
        libfastjson: upgrade 0.99.9 -> 1.2304.0
        libraw: upgrade 0.20.2 -> 0.21.1
        cairomm-1.16: upgrade 1.16.2 -> 1.18.0
        libbpf: upgrade 1.2.0 -> 1.2.2
        libtorrent: upgrade 0.13.8 -> 1
        modemmanager: upgrade 1.22.0 -> 1.23.1
        c-ares: upgrade 1.20.1 -> 1.21.0
        pmdk: upgrade 1.12.1 -> 2.0.0
        hwdata: upgrade 0.370 -> 0.375
        mksh: upgrade 59 -> R59c
        sdbus-c++: upgrade 1.3.0 -> 1.4.0
        cjson: upgrade 1.7.15 -> 1.7.16
        uftrace: upgrade 0.13.1 -> 0.14
        python3-trustme: upgrade 0.9.0 -> 1.1.0
        python3-eth-utils: upgrade 2.2.2 -> 2.3.0
        python3-xstatic-font-awesome: upgrade 4.7.0.0 -> 6.2.1.1
        python3-process-tests: upgrade 2.1.2 -> 3.0.0
        python3-pyperf: upgrade 2.6.1 -> 2.6.2
        python3-sentry-sdk: upgrade 1.26.0 -> 1.34.0
        python3-websockets: upgrade 11.0.3 -> 12.0
        python3-alembic: upgrade 1.12.0 -> 1.12.1
        python3-pymisp: upgrade 2.4.176 -> 2.4.178
        python3-traitlets: upgrade 5.11.2 -> 5.13.0
        python3-pytest-mock: upgrade 3.11.1 -> 3.12.0
        python3-kivy: upgrade 2.1.0 -> 2.2.1
        python3-web3: upgrade 6.11.1 -> 6.11.2
        python3-m2crypto: upgrade 0.39.0 -> 0.40.1
        python3-rapidjson: upgrade 1.12 -> 1.13
        python3-eth-typing: upgrade 3.5.0 -> 3.5.1
        python3-email-validator: upgrade 2.0.0 -> 2.1.0
        python3-icu: upgrade 2.11 -> 2.12
        python3-virtualenv: upgrade 20.24.5 -> 20.24.6
        python3-tzlocal: upgrade 5.1 -> 5.2
        python3-cantools: upgrade 39.2.0 -> 39.3.0
        python3-flask-login: upgrade 0.6.2 -> 0.6.3
        python3-argcomplete: upgrade 3.1.2 -> 3.1.4
        python3-wxgtk4: upgrade 4.2.0 -> 4.2.1
        python3-meson-python: upgrade 0.14.0 -> 0.15.0
        python3-pymongo: upgrade 4.5.0 -> 4.6.0
        python3-imgtool: upgrade 1.10.0 -> 2.0.0
        python3-google-api-python-client: upgrade 2.104.0 -> 2.106.0
        python3-tornado: upgrade 6.3 -> 6.3.3
        python3-imageio: upgrade 2.31.5 -> 2.31.6
        python3-blinker: upgrade 1.6.3 -> 1.7.0
        python3-pyhamcrest: upgrade 2.0.4 -> 2.1.0
        python3-pytest-asyncio: upgrade 0.21.1 -> 0.22.0
        python3-pyjwt: upgrade 2.7.0 -> 2.8.0
        python3-bitstruct: upgrade 8.18.0 -> 8.19.0
        python3-filelock: upgrade 3.12.4 -> 3.13.1
        python3-sqlalchemy: upgrade 2.0.22 -> 2.0.23
        python3-greenlet: upgrade 2.0.2 -> 3.0.1
        python3-charset-normalizer: upgrade 3.3.0 -> 3.3.2
        python3-cbor2: upgrade 5.4.6 -> 5.5.1
        python3-cbor2: Add missing hypothesis rdep for ptests
        python3-asttokens: upgrade 2.4.0 -> 2.4.1
        python3-xlsxwriter: upgrade 3.1.8 -> 3.1.9
        python3-cachetools: upgrade 5.3.1 -> 5.3.2
        python3-paramiko: upgrade 3.2.0 -> 3.3.1
        python3-tomlkit: upgrade 0.12.1 -> 0.12.2
        python3-eth-account: upgrade 0.9.0 -> 0.10.0
        python3-reedsolo: upgrade 1.7.0 -> 2.0.13
        python3-shellingham: upgrade 1.5.3 -> 1.5.4
        python3-ipython: upgrade 8.16.1 -> 8.17.2
        python3-argh: upgrade 0.29.4 -> 0.30.3
        python3-executing: upgrade 2.0.0 -> 2.0.1
        python3-pylint: upgrade 3.0.1 -> 3.0.2
        python3-google-auth: upgrade 2.23.3 -> 2.23.4
        libtest-harness-perl: upgrade 3.47 -> 3.48
        libmodule-build-tiny-perl: upgrade 0.046 -> 0.047
        libdbd-sqlite-perl: upgrade 1.72 -> 1.74
        libconfig-tiny-perl: upgrade 2.29 -> 2.30
        libcgi-perl: upgrade 4.57 -> 4.60
        ipset: upgrade 7.15 -> 7.19
        openvpn: upgrade 2.6.3 -> 2.6.6
        nng: upgrade 1.5.2 -> 12
        usrsctp: upgrade to latest revision
        python3-scapy: upgrade to latest revision
        wolfssl: upgrade 5.5.4 -> 5.6.4
        tnftp: upgrade 20210827 -> 20230507
        fluidsynth: upgrade 2.3.2 -> 2.3.4
        libuvc: upgrade 0.0.6 -> 0.0.7
        libdc1394: upgrade 2.2.6 -> 2.2.7
        ncmpc: upgrade 0.47 -> 0.49
        gerbera: upgrade 1.11.0 -> 1.12.1
        gst-shark: upgrade 0.7.3.1 -> 0.8.1
        gupnp-av: upgrade 0.14.0 -> 0.14.1
        libmediaart-2.0: upgrade 1.9.5 -> 1.9.6
        libdvbpsi: upgrade 1.3.0 -> 1.3.3
        fdk-aac: upgrade 2.0.1 -> 2.0.2
        libavif: upgrade 0.11.1 -> 1.0.1
        libdvdcss: upgrade 1.4.2 -> 1.4.3
        aom: upgrade 3.6.1 -> 3.7.0
        aom: Disable neon when building on arm
        dav1d: upgrade 1.2.0 -> 1.3.0
        network-manager-applet: upgrade 1.32.0 -> 1.34.0
        gvfs: upgrade 1.52.0 -> 1.52.1
        gnome-text-editor: upgrade 45.0 -> 45.1
        libwacom: upgrade 2.6.0 -> 2.8.0
        evolution-data-server: upgrade 3.50.0 -> 3.50.1
        orage: upgrade 4.16.0 -> 4.18.0
        xfce4-systemload-plugin: upgrade 1.3.1 -> 1.3.2
        xfce4-screenshooter: upgrade 1.10.3 -> 1.10.4
        xfce4-appfinder: upgrade 4.18.0 -> 4.19.1
        xfce4-netload-plugin: upgrade 1.4.0 -> 1.4.1
        thunar-shares-plugin: upgrade 0.3.1 -> 0.3.2
        xfce4-battery-plugin: upgrade 1.1.4 -> 1.1.5
        xfce4-places-plugin: upgrade 1.8.1 -> 1.8.3
        libxfce4util: upgrade 4.18.1 -> 4.19.2
        xfce4-notes-plugin: upgrade 1.9.0 -> 1.10.0
        xfce4-weather-plugin: upgrade 0.11.0 -> 0.11.1
        thunar: upgrade 4.18.4 -> 4.19.0
        catfish: upgrade 4.16.3 -> 4.18.0
        xfce4-time-out-plugin: upgrade 1.1.2 -> 1.1.3
        thunar-archive-plugin: upgrade 0.5.1 -> 0.5.2
        xfce4-timer-plugin: upgrade 1.7.1 -> 1.7.2
        xfce4-calculator-plugin: upgrade 0.7.1 -> 0.7.2
        xfmpc: upgrade 0.3.0 -> 0.3.1
        garcon: upgrade 4.18.1 -> 4.19.0
        xfce4-genmon-plugin: upgrade 4.1.1 -> 4.2.0
        xfce4-fsguard-plugin: upgrade 1.1.2 -> 1.1.3
        xfce4-cpugraph-plugin: upgrade 1.2.7 -> 1.2.8
        parole: upgrade 4.16.0 -> 4.18.0
        xfce4-datetime-plugin: upgrade 0.8.1 -> 0.8.3
        menulibre: upgrade 2.2.3 -> 2.3.2
        xfce4-pulseaudio-plugin: upgrade 0.4.3 -> 0.4.8
        libxfce4ui: upgrade 4.18.3 -> 4.19.3
        xfce4-taskmanager: upgrade 1.5.5 -> 1.5.6
        xfce4-mpc-plugin: upgrade 0.5.2 -> 0.5.3
        mousepad: upgrade 0.5.9 -> 0.6.1
        gigolo: upgrade 0.5.2 -> 0.5.3
        xfce4-verve-plugin: upgrade 2.0.1 -> 2.0.3
        exo: upgrade 4.18.0 -> 4.19.0
        xfce4-mailwatch-plugin: upgrade 1.3.0 -> 1.3.1
        xarchiver: upgrade 0.5.4.17 -> 0.5.4.21
        xfsprogs: upgrade 6.1.1 -> 6.5.0
        xfstests: upgrade 2023.03.05 -> 2023.10.29
        xfstests: Fix build with clang17
        xfstests: Fix build on musl
        ufs-utils: upgrade to latest revision
        xfce4-systemload-plugin: Fix build on 32bit machines
        libsodium: upgrade 1.0.18 -> 1.0.19
        libsodium: Fix build with clang on aarch64
        Revert "modemmanager: upgrade 1.22.0 -> 1.23.1"
        modemmanager: inherit upstream-version-is-even
        Revert "geos: upgrade 3.12.0 -> 3.12.0beta2"
        emlog: Drop SRCPV
        makedumpfile: Change COMPATIBLE_HOST check to exclude unsupported arches
        packagegroup-meta-oe: Update makedumpfile architecture support list
        gupnp: Add missing rdep on python3-core
        vte9: Upgrade to 0.74.1
        rygel: Upgrade to 0.40.4 -> 0.42.4
        vte9: Add knob for enabling systemd
        meta-networking: Use autotools make system
        meta-oe: Use autotools make system
        toscoterm: Skip recipe, slated for removal
        loudmouth: Upgrade to 1.5.4
        toscoterm: Delete recipe
        librest: Use autotools make system
        cannelloni: Fix build with clang and libc++ runtime
        gnome-console: Add missing dependency on gtk4-native
        gnome-terminal: Add missing dependency on libhandy
        dleyna-core: Update to tip of master
        dleyna: Skip all dleyna recipes, slated for removal
        packagegroup-meta-multimedia: Remove dleyna recipes
        beep: Upgrade to 1.4.12
        yelp: Use autotools for build system
        gstd: Upgrade to 0.15.0
        gimp: Update to 2.10.36
        projucer: Refresh patch to apply cleanly
        ledmon: Fix systemd unit install
        libxml++-5.0: Make use of gnomebase bbclass

  LI Qingwu (1):
        kmsxx: Add recipe

  Lei Maohui (1):
        gexiv2: Fix do_package QA issue when usrmerge enabled.

  Leon Anavi (32):
        sip: upgrade 6.7.11 -> 6.7.12
        python3-rarfile: add recipe
        python3-colorclass: add recipe
        python3-inflate64: add recipe
        python3-jsbeautifier: add recipe
        python3-pymemcache: add recipe
        python3-multivolumefile: add recipe
        python3-oletools: add recipe
        python3-olefile: add recipe
        python3-pcodedmp: add recipe
        python3-screeninfo: add recipe
        python3-unoconv: add recipe
        python3-pybcj: add recipe
        python3-pyppmd: add recipe
        python3-py7zr: add recipe
        python3-wand: add recipe
        python3-pdm-backend: add recipe
        python3-pdm: add recipe
        python3-jsonref: Upgrade 1.0.1 -> 1.1.0
        imlib2: Upgrade 1.7.1 -> 1.12.1
        libblockdev: Upgrade 3.0.3 -> 3.0.4
        exiftool: add recipe
        bindfs: add recipe
        qpdf: Update 10.6.3 -> 11.6.3
        python3-file-magic: add recipe
        python3-wrapt: Upgrade 1.15.0 -> 1.16.0
        python3-bitarray: Upgrade 2.8.2 -> 2.8.3
        python3-pillow: Upgrade 10.0.1 -> 10.1.0
        python3-polyline: upgrade 1.4.0 -> 2.0.1
        python3-py7zr: Upgrade 0.20.7 -> 0.20.8
        python3-zeroconf: upgrade 0.120.0 -> 0.126.0
        python3-pystemd: upgrade 0.10.0 -> 0.13.2

  Luca Fancellu (5):
        linuxptp: update linuxptp recipe to 4.1
        linuxptp: install default configuration file in sysconfdir
        linuxptp: add systemd services
        linuxptp: Drop unneeded downstream patches
        linuxptp: Use templates for the systemd services

  Marek Vasut (2):
        lvgl: lv-drivers: Allow empty package
        lvgl: Allow empty package

  Markus Fuchs (1):
        remove unused AUTHOR variable

  Markus Volk (52):
        libdecor: Upgrade 0.1.99 -> 0.2.0
        wireplumber: Upgrade 0.4.14 -> 0.4.15
        pipewire: Update 0.3.81 -> 0.3.83
        gnome-software: Update 45.0 -> 45.1
        gnome-calendar: Update 45.0 -> 45.1
        gnome-disk-utility: Update 44.0 -> 45.0
        gnome-control-center: Update 45.0 -> 45.1
        eog: Update 45.0 -> 45.1
        gnome-remote-desktop: Update 45.0 -> 45.1
        gnome-shell: Add missing dependency on pipewire
        gnome-shell: Remove deprecated libcroco dependency
        openbox: Drop deprecated libcroco dependency
        pipewire: Update 0.3.83 -> 0.3.84
        tracker-miners: Upgrade 3.6.0 -> 3.6.2
        libgweather4: Upgrade 4.2.0 -> 4.4.0
        gtksourceview5: Upgrade 5.7.1 -> 5.10.0
        openal-soft: Upgrade 1.20.1 -> 1.23.1
        gnome-shell: Upgrade 45.0 -> 45.1
        mutter: Upgrade 45.0 -> 45.1
        dconf-editor: Upgrade 43 -> 45.0.1
        libgsf: Upgrade 1.14.50 -> 1.14.51
        xdg-desktop-portal: Upgrade 1.18.0 -> 1.18.1
        xdg-desktop-portal-gtk: Upgrade 1.14.1 -> 1.15.1
        rest: Upgrade 0.9.0 -> 0.9.1
        nv-codec-headers: Upgrade 12.0.16.0 -> 12.1.14.0
        webp-pixbuf-loader: Upgrade 0.2.4 -> 0.2.5
        libchamplain: Upgrade 0.12.20 -> 0.12.21
        rest: Add packageconfigs for examples and tests
        gssdp: Fix build with api-documentation enabled
        gupnp: Upgrade 0.10.2 -> 0.12.1
        Gupnp-tools upgrade 0.10.2 -> 0.12.1
        gupnp-idg: Upgrade 1.2.0 -> 1.6.0
        gssdp: Upgrade 1.4.0.1 -> 1.6.3
        ghex: Upgrade 3.18.4 -> 45.0
        Adjust vala build according to changes in vala.bbclass
        drop GNOMEBASEBUILDCLASS = "meson"
        gnome-shell-extensions: Upgrade 44.1 -> 45.1
        cups-filters: Fix for current gcc
        gnome-console: Add recipe
        vte9: Fix build with api-documentation enabled
        gnome-terminal: Upgrade 3.48.1 -> 3.50.1
        cups-filters: Upgrade 1.28.17 -> 2.0.0
        gnome-terminal: Remove recommendation on vte-prompt
        ghex: backport patch to fix build for clang
        qpdf: cleanup
        gtksourceview4: Upgrade 4.8.2 -> 4.8.4
        gnome-control-center: Add rdepends
        system-config-printer: Add cups to rdepends
        pipewire: Upgrade 0.3.84 -> 0.3.85
        flatpak: Upgrade 1.15.4 -> 1.15.6
        flatpak: Add packageconfigs for man and docbook docs
        musicpd: unbreak build with ffmpeg 6.1

  Martin Jansa (12):
        nodejs: update to latest v20 version 20.8.1
        nodejs: Revert io_uring support from bundled libuv-1.46.0
        opencv: refresh protobuf-v22 compatibility patch with backported version
        leveldb: prevent installing gtest
        android-tools: drop ${PE}, ${PR} from /usr/src/debug paths
        minifi-cpp: drop ${PE}, ${PR} from /usr/src/debug paths
        xmlrcp-c: drop ${PE}, ${PR} from /usr/src/debug paths
        fluentbit: drop ${PE}, ${PR} from /usr/src/debug paths
        ntpsec, net-snmp: drop ${PE}, ${PR} from /usr/src/debug paths
        aom, x265: drop ${PE}, ${PR} from /usr/src/debug paths
        python3-{h5py,pandas}: drop ${PE}, ${PR} from /usr/src/debug paths
        evince, gnome-calendar, tracker: drop ${PE}, ${PR} from /usr/src/debug paths

  Martin Maurer (1):
        libqmi: Upgrade 1.32.4 -> 1.34.0

  Matthias Klein (1):
        paho-mqtt-c: upgrade 1.3.12 -> 1.3.13

  Mingli Yu (3):
        vboxguestdrivers: Remove the buildpath
        nlohmann-json: Add ptest support
        ptest-packagelists-meta-oe.inc: Add nlohmann-json

  Peter Kjellerstedt (18):
        libwebsockets: Support building for native
        mosquitto: Support building for native again
        jack: Revert to 1.9.22
        pahole: Correct the version in the recipe file name
        neatvnc: Specify the version in the recipe file name
        mstpd: Update to 0.1.0+
        Revert "libtorrent: upgrade 0.13.8 -> 1"
        libtorrent: Add UPSTREAM_CHECK_GITTAGREGEX
        mksh: Update to 59c properly
        fluidsynth: Specify the version in the recipe file name
        libuvc: Specify the version in the recipe file name
        gst-shark: Update to 0.8.1 properly
        xarchiver: Specify the version in the recipe file name
        python3-kivy: Move a comment so it makes more sense
        python3-greenlet: Avoid duplicate URI in SRC_URI
        python3-pylint: Only set SRCREV once
        python3-pytest-mock: Only set SRCREV once
        zeromq: Update to 4.3.5

  Peter Marko (1):
        grpc: Upgrade 1.56.2 -> 1.59.2

  Petr Gotthard (2):
        libmbim: upgrade 1.28.4 -> 1.30.0
        modemmanager: upgrade 1.20.6 -> 1.22.0

  Poonam Jadhav (1):
        sdbus-c++: Update ptest path

  Potin Lai (2):
        libplist: Upgrade to latest master
        idevicerestore: Upgrade to latest master

  Richard Purdie (4):
        meta-python: Drop broken BBCLASSEXTEND variants
        meta-oe: Drop broken BBCLASSEXTEND variants
        meta-networking: Drop broken BBCLASSEXTEND variants
        meta-perl: Drop broken BBCLASSEXTEND variants

  Ross Burton (1):
        yajl: fix CVE-2017-16516, CVE-2022-24795, CVE-2023-33460

  Sam Van Den Berge (1):
        netdata: Upgrade 1.36.1 -> 1.43.0

  Samuli Piippo (2):
        abseil-cpp: fix mingw build
        protobuf: stage protoc binary to sysroot

  Thomas Gessler (1):
        influxdb: Add start script used by systemd service

  Tim Orling (2):
        po4a: remove old recipe
        debsums: remove old recipe

  Trevor Gamblin (5):
        python-git-pw: add from meta-patchtest
        python3-py-cpuinfo: disable broken ptests
        python3-arrow: add from meta-patchtest
        python3-pytest-mock: disable broken ptests
        meta-python: update ptests status for py-cpuinfo, pytest-mock

  Wang Mingyu (149):
        dnf-plugin-tui: create symlinks from /usr/ to /.
        c-ares: upgrade 1.19.1 -> 1.20.1
        adw-gtk3: upgrade 4.9 -> 5.1
        ctags: upgrade 6.0.20230917.0 -> 6.0.20231001.0
        dialog: upgrade 1.3-20230209 -> 1.3-20231002
        freerdp: upgrade 2.11.1 -> 2.11.2
        gnome-backgrounds: upgrade 44.0 -> 45.0
        gnome-calculator: upgrade 45.0 -> 45.0.2
        gnome-font-viewer: upgrade 44.0 -> 45.0
        ipc-run: upgrade 20220807.0 -> 20231003.0
        libbytesize: upgrade 2.9 -> 2.10
        libcoap: upgrade 4.3.3 -> 4.3.4
        libyang: upgrade 2.1.111 -> 2.1.128
        lvgl: upgrade 8.3.9 -> 8.3.10
        metacity: upgrade 3.46.1 -> 3.50.0
        nautilus: upgrade 45.0 -> 45.1
        ceres-solver: upgrade 2.1.0 -> 2.2.0
        python3-eth-abi: upgrade 3.0.1 -> 4.2.1
        python3-mypy: upgrade 1.5.1 -> 1.6.1
        python3-pylint: upgrade 3.0.0 -> 3.0.1
        python3-aiodns: upgrade 3.0.0 -> 3.1.1
        python3-aiohttp: upgrade 3.8.5 -> 3.8.6
        python3-astroid: upgrade 3.0.0 -> 3.0.1
        python3-bitarray: upgrade 2.8.1 -> 2.8.2
        python3-bitstruct: upgrade 8.17.0 -> 8.18.0
        python3-blinker: upgrade 1.6.2 -> 1.6.3
        python3-charset-normalizer: upgrade 3.2.0 -> 3.3.0
        python3-cmake: upgrade 3.27.5 -> 3.27.7
        python3-coverage: upgrade 7.3.1 -> 7.3.2
        python3-croniter: upgrade 1.4.1 -> 2.0.1
        python3-dbus-fast: upgrade 1.85.0 -> 2.12.0
        python3-email-validator: upgrade 1.3.1 -> 2.0.0
        python3-engineio: upgrade 4.7.1 -> 4.8.0
        python3-eth-typing: upgrade 3.4.0 -> 3.5.0
        python3-eth-utils: upgrade 2.2.1 -> 2.2.2
        python3-executing: upgrade 1.2.0 -> 2.0.0
        python3-flask-babel: upgrade 3.1.0 -> 4.0.0
        python3-flask-jwt-extended: upgrade 4.5.2 -> 4.5.3
        python3-google-api-python-client: upgrade 2.101.0 -> 2.104.0
        python3-googleapis-common-protos: upgrade 1.60.0 -> 1.61.0
        python3-google-auth: upgrade 2.23.1 -> 2.23.3
        python3-h5py: upgrade 3.9.0 -> 3.10.0
        python3-huey: upgrade 2.4.5 -> 2.5.0
        python3-imageio: upgrade 2.31.3 -> 2.31.5
        python3-ipython: upgrade 8.15.0 -> 8.16.1
        python3-jedi: upgrade 0.19.0 -> 0.19.1
        python3-meson-python: upgrade 0.13.1 -> 0.14.0
        python3-msgpack: upgrade 1.0.6 -> 1.0.7
        python3-platformdirs: upgrade 3.10.0 -> 3.11.0
        python3-prompt-toolkit: upgrade 3.0.36 -> 3.0.39
        python3-protobuf: upgrade 4.24.3 -> 4.24.4
        python3-pycares: upgrade 4.3.0 -> 4.4.0
        python3-pycodestyle: upgrade 2.11.0 -> 2.11.1
        python3-pydantic: upgrade 2.4.1 -> 2.4.2
        python3-pyephem: upgrade 4.1.4 -> 4.1.5
        python3-pytest-timeout: upgrade 2.1.0 -> 2.2.0
        python3-rapidjson: upgrade 1.11 -> 1.12
        python3-regex: upgrade 2023.8.8 -> 2023.10.3
        python3-rich: upgrade 13.5.3 -> 13.6.0
        python3-schedule: upgrade 1.2.0 -> 1.2.1
        python3-semver: upgrade 3.0.1 -> 3.0.2
        python3-simplejson: upgrade 3.19.1 -> 3.19.2
        python3-socketio: upgrade 5.9.0 -> 5.10.0
        python3-sqlalchemy: upgrade 2.0.21 -> 2.0.22
        python3-stack-data: upgrade 0.6.2 -> 0.6.3
        python3-texttable: upgrade 1.6.7 -> 1.7.0
        python3-traitlets: upgrade 5.10.1 -> 5.11.2
        python3-types-psutil: upgrade 5.9.5.16 -> 5.9.5.17
        python3-tzlocal: upgrade 5.0.1 -> 5.1
        python3-web3: upgrade 6.10.0 -> 6.11.1
        python3-websocket-client: upgrade 1.6.3 -> 1.6.4
        python3-xlsxwriter: upgrade 3.1.3 -> 3.1.8
        python3-xxhash: upgrade 3.3.0 -> 3.4.1
        python3-zeroconf: upgrade 0.112.0 -> 0.119.0
        python3-zopeinterface: upgrade 6.0 -> 6.1
        rdma-core: upgrade 47.0 -> 48.0
        redis: upgrade 7.2.1 -> 7.2.2
        remmina: upgrade 1.4.32 -> 1.4.33
        tesseract: upgrade 5.3.2 -> 5.3.3
        thingsboard-gateway: upgrade 3.3 -> 3.4.1
        tio: upgrade 2.6 -> 2.7
        wireshark: upgrade 4.0.8 -> 4.0.10
        xterm: upgrade 384 -> 387
        zchunk: upgrade 1.3.1 -> 1.3.2
        hdf5: Fix install conflict when enable multilib.
        dnf-plugin-tui: Recover BBCLASSEXTEND variants
        gensio: upgrade 2.7.6 -> 2.7.7
        hwdata: upgrade 0.375 -> 0.376
        libio-socket-ssl-perl: upgrade 2.083 -> 2.084
        makedumpfile: upgrade 1.7.3 -> 1.7.4
        gnome-remote-desktop: move from meta-virtualization to meta-security
        ctags: upgrade 6.0.20231029.0 -> 6.0.20231105.0
        function2: upgrade 4.2.3 -> 4.2.4
        neatvnc: upgrade 0.7.0 -> 0.7.1
        python3-argh: upgrade 0.30.3 -> 0.30.4
        python3-geojson: upgrade 3.0.1 -> 3.1.0
        python3-imageio: upgrade 2.31.6 -> 2.32.0
        python3-inflate64: upgrade 0.3.1 -> 1.0.0
        python3-jsbeautifier: upgrade 1.14.9 -> 1.14.11
        python3-lru-dict: upgrade 1.2.0 -> 1.3.0
        python3-python-vlc: upgrade 3.0.18122 -> 3.0.20123
        python3-zeroconf: upgrade 0.119.0 -> 0.120.0
        c-ares: upgrade 1.21.0 -> 1.22.0
        ctags: upgrade 6.0.20231105.0 -> 6.0.20231112.0
        libencode-perl: upgrade 3.19 -> 3.20
        bindfs: upgrade 1.17.5 -> 1.17.6
        python3-hexbytes: upgrade 0.3.1 -> 1.0.0
        python3-linux-procfs: upgrade 0.7.1 -> 0.7.3
        openvpn: upgrade 2.6.6 -> 2.6.7
        python3-argcomplete: upgrade 3.1.4 -> 3.1.6
        python3-awesomeversion: upgrade 23.8.0 -> 23.11.0
        python3-dbus-fast: upgrade 2.12.0 -> 2.14.0
        python3-eth-typing: upgrade 3.5.1 -> 3.5.2
        python3-eth-utils: upgrade 2.3.0 -> 2.3.1
        python3-geomet: upgrade 1.0.0 -> 1.1.0
        python3-google-api-core: upgrade 2.12.0 -> 2.14.0
        python3-google-api-python-client: upgrade 2.106.0 -> 2.108.0
        python3-mypy: upgrade 1.6.1 -> 1.7.0
        python3-platformdirs: upgrade 3.11.0 -> 4.0.0
        python3-prompt-toolkit: upgrade 3.0.39 -> 3.0.41
        python3-pyaudio: upgrade 0.2.13 -> 0.2.14
        python3-pydantic: upgrade 2.4.2 -> 2.5.0
        python3-pymetno: upgrade 0.11.0 -> 0.12.0
        python3-pytest-xdist: upgrade 3.3.1 -> 3.4.0
        python3-sentry-sdk: upgrade 1.34.0 -> 1.35.0
        python3-tomlkit: upgrade 0.12.2 -> 0.12.3
        python3-types-setuptools: upgrade 68.2.0.0 -> 68.2.0.1
        python3-web3: upgrade 6.11.2 -> 6.11.3
        python3-zeroconf: upgrade 0.126.0 -> 0.127.0
        ser2net: upgrade 4.5.0 -> 4.5.1
        uftp: upgrade 5.0.1 -> 5.0.2
        webkitgtk3: upgrade 2.42.1 -> 2.42.2
        imlib2: delete non-existent file
        c-ares: upgrade 1.22.0 -> 1.22.1
        ctags: upgrade 6.0.20231112.0 -> 6.0.20231119.0
        exiftool: upgrade 12.69 -> 12.70
        gnome-bluetooth: upgrade 42.6 -> 42.7
        libextutils-cppguess-perl: upgrade 0.26 -> 0.27
        libwebsockets: upgrade 4.3.2 -> 4.3.3
        python3-aiohttp: upgrade 3.8.6 -> 3.9.0
        python3-dateparser: upgrade 1.1.8 -> 1.2.0
        python3-django: upgrade 4.2.5 -> 4.2.7
        python3-imageio: upgrade 2.32.0 -> 2.33.0
        python3-ldap: upgrade 3.4.3 -> 3.4.4
        python3-pastedeploy: upgrade 3.0.1 -> 3.1.0
        python3-pdm: upgrade 2.10.1 -> 2.10.3
        python3-pydantic: upgrade 2.5.0 -> 2.5.1
        python3-rich: upgrade 13.6.0 -> 13.7.0
        strongswan: upgrade 5.9.11 -> 5.9.12

  Yi Zhao (6):
        samba: upgrade 4.18.6 -> 4.18.8
        samba: use external cmocka instead of bundled cmocka
        libtevent: fix ptest
        libldb: add ptest
        conntrack-tools: upgrade 1.4.7 -> 1.4.8
        nftables: upgrade 1.0.8 -> 1.0.9

  Yoann Congal (5):
        emlog: ignore CVE-2022-3968 & CVE-2023-43291
        juce/projucer: Backport a fix for the compilation under recent GCC
        meta-oe/static-ids: Change postgres to 28 to match forced id in recipe
        static-id: add missing netdata group
        python3-soupsieve: Break circular dependency with beautifulsoup4

  Zoltán Böszörményi (3):
        python3-ninja-syntax: Set BBCLASSEXTEND = "native nativesdk"
        python3-ninja: Set BBCLASSEXTEND = "native nativesdk"
        geos: Fix packaging

  alperak (39):
        xdebug: upgrade 3.2.0 -> 3.2.2
        catch2: upgrade 2.13.7 -> 2.13.10
        tuna: upgrade 0.18 -> 0.19
        libsrtp: upgrade 2.4.2 -> 2.5.0
        libupnp: upgrade 1.14.6 -> 1.14.18
        libisofs: upgrade 1.5.4 -> 1.5.6
        libisoburn: 1.5.4 -> 1.5.6
        fuse-exfat: upgrade 1.3.0 -> 1.4.0
        fuse3: upgrade 3.15.1 -> 3.16.2
        ufs-utils: upgrade 3.12.3 -> 4.13.5
        libebml: upgrade 1.3.0 -> 1.4.4
        libmatroska: upgrade 1.4.1 -> 1.7.1
        libde265: upgrade 1.0.5 -> 1.0.12
        libopenmpt: upgrade 0.6.2 -> 0.7.3
        mpd: upgrade 0.23.12 -> 0.23.14
        opencore-amr: upgrade 0.1.3 -> 0.1.6
        tinyalsa: upgrade 1.1.1 -> 2.0.0
        cannelloni: upgrade 1.0.0 -> 1.1.0
        civetweb: upgrade 1.12 -> 1.16
        libdnet: upgrade 1.16.3 -> 1.17.0
        openfortivpn: upgrade 1.20.5 -> 1.21.0
        fuse-exfat: Dropped md5sum
        libopenmpt: Added license change reason and dropped md5sum
        bolt: upgrade 0.9.5 -> 0.9.6
        irssi: upgrade 1.4.4 -> 1.4.5
        libmtp: upgrade 1.1.20 -> 1.1.21
        libsigc++-2.0: upgrade 2.10.7 -> 2.12.1
        libsigc++-3: upgrade 3.2.0 -> 3.6.0
        ocl-icd: upgrade 2.3.1 -> 2.3.2
        opencl-icd-loader: upgrade v2022.01.04 -> v2023.04.17
        uutils-coreutils: upgrade 0.0.22 -> 0.0.23
        botan: upgrade 2.19.3 -> 3.2.0
        capnproto: upgrade 0.10.4 -> 1.0.1
        cloc: upgrade 1.94 -> 1.98
        cpuid: upgrade 20211129 -> 20230614
        gst-editing-services: upgrade 1.20.5 -> 1.22.7
        luaposix: upgrade 35.1 -> 36.2.1
        mercurial: upgrade 6.1 -> 6.5
        ledmon: upgrade 0.93 -> 0.97

  skandigraun (1):
        libvpx: don't specify armv5 and armv6 toolchains explicitly

meta-security: 3f7d40b0fc..070a1e82cc:
  Gowtham Suresh Kumar (1):
        Update parsec recipes

  Mingli Yu (1):
        samhain: remove the buildpath

  Stefan Berger (1):
        ima,evm: Add two variables to write filenames and signatures into

Change-Id: Ib809aa0df4162c50a06c542a94a0b06cdc149a2d
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
diff --git a/meta-arm/.gitlab-ci.yml b/meta-arm/.gitlab-ci.yml
index 0466c09..9dee580 100644
--- a/meta-arm/.gitlab-ci.yml
+++ b/meta-arm/.gitlab-ci.yml
@@ -112,11 +112,13 @@
   parallel:
     matrix:
       - TESTING: [testimage, tftf]
-  tags:
-    - x86_64
 
 corstone1000-mps3:
   extends: .build
+  parallel:
+    matrix:
+      - TESTING: [none, tftf]
+
 
 fvp-base:
   extends: .build
@@ -148,8 +150,7 @@
   extends: .build
   parallel:
     matrix:
-      - TS: [none, n1sdp-ts]
-      - OPTEE: [none, n1sdp-optee]
+      - TESTING: [none, n1sdp-ts, n1sdp-optee, tftf]
 
 qemu-generic-arm64:
   extends: .build
@@ -234,7 +235,7 @@
   extends: .setup
   script:
     - KASFILES=./ci/qemuarm64.yml:./ci/selftest.yml:lockfile.yml
-    - kas shell --update --force-checkout $KASFILES -c 'oe-selftest --num-processes 1 --run-tests runfvp'
+    - kas shell --update --force-checkout $KASFILES -c 'oe-selftest --num-processes 2 --select-tag meta-arm --run-all-tests'
 
 # Validate layers are Yocto Project Compatible
 check-layers:
@@ -254,7 +255,7 @@
   script:
     - rm -fr update-report
     # This configuration has all of the layers we need enabled
-    - kas shell --update --force-checkout ci/qemuarm64.yml:ci/meta-openembedded.yml:lockfile.yml --command \
+    - kas shell --update --force-checkout ci/qemuarm64.yml:ci/meta-openembedded.yml:ci/meta-secure-core.yml:lockfile.yml --command \
       "$CI_PROJECT_DIR/scripts/machine-summary.py -t report -o $CI_PROJECT_DIR/update-report $($CI_PROJECT_DIR/ci/listmachines.py meta-arm meta-arm-bsp)"
   # Do this on x86 whilst the compilers are x86-only
   tags:
diff --git a/meta-arm/ci/base.yml b/meta-arm/ci/base.yml
index 4296d27..dd3ab21 100644
--- a/meta-arm/ci/base.yml
+++ b/meta-arm/ci/base.yml
@@ -5,7 +5,7 @@
 
 defaults:
   repos:
-    branch: master
+    branch: nanbield
 
 repos:
   meta-arm:
diff --git a/meta-arm/ci/fvp.yml b/meta-arm/ci/fvp.yml
index 81a5caa..e9f3fa9 100644
--- a/meta-arm/ci/fvp.yml
+++ b/meta-arm/ci/fvp.yml
@@ -4,7 +4,7 @@
 local_conf_header:
   testimagefvp: |
     LICENSE_FLAGS_ACCEPTED += "Arm-FVP-EULA"
-    INHERIT += "fvpboot"
+    IMAGE_CLASSES += "fvpboot"
   failing_tests: |
     # This fails but we can't add to the ignorelist from meta-arm yet
     # https://bugzilla.yoctoproject.org/show_bug.cgi?id=14604
diff --git a/meta-arm/ci/fvps.yml b/meta-arm/ci/fvps.yml
index 1bced29..a89df05 100644
--- a/meta-arm/ci/fvps.yml
+++ b/meta-arm/ci/fvps.yml
@@ -14,6 +14,10 @@
     SDKMACHINE = "x86_64"
 
 target:
+  # Target packages to test aarch64
+  - fvp-base-a-aem
+  - fvp-corstone1000
+  # Nativesdk to test x86-64
   - nativesdk-fvp-base-a-aem
   - nativesdk-fvp-corstone1000
   - nativesdk-fvp-n1-edge
diff --git a/meta-arm/ci/get-binary-toolchains b/meta-arm/ci/get-binary-toolchains
index 69a4d38..429cd1c 100755
--- a/meta-arm/ci/get-binary-toolchains
+++ b/meta-arm/ci/get-binary-toolchains
@@ -2,7 +2,7 @@
 set -u -e
 
 BASENAME=arm-gnu-toolchain
-VER=${VER:-12.2.rel1}
+VER=${VER:-13.2.Rel1}
 HOST_ARCH=${HOST_ARCH:-$(uname -m)}
 
 # Use the standard kas container locations if nothing is passed into the script
diff --git a/meta-arm/ci/poky-tiny.yml b/meta-arm/ci/poky-tiny.yml
index d869c55..f176301 100644
--- a/meta-arm/ci/poky-tiny.yml
+++ b/meta-arm/ci/poky-tiny.yml
@@ -5,7 +5,7 @@
 
 local_conf_header:
   hacking: |
-    TEST_SUITES = "ping"
+    TEST_SUITES = "_qemutiny ping"
   extrapackages: |
     # Intentionally blank to prevent perf from being added to the image in base.yml
 
diff --git a/meta-arm/ci/tftf.yml b/meta-arm/ci/tftf.yml
index 260ceab..33a8a4f 100644
--- a/meta-arm/ci/tftf.yml
+++ b/meta-arm/ci/tftf.yml
@@ -4,4 +4,5 @@
 local_conf_header:
   tftf: |
     TFA_UBOOT = "0"
+    TFA_UEFI = "0"
     TFTF_TESTS = "1"
diff --git a/meta-arm/kas/arm-systemready-firmware.yml b/meta-arm/kas/arm-systemready-firmware.yml
new file mode 100644
index 0000000..8b0b9fd
--- /dev/null
+++ b/meta-arm/kas/arm-systemready-firmware.yml
@@ -0,0 +1,12 @@
+header:
+  version: 13
+
+repos:
+  meta-arm:
+    layers:
+      meta-arm-systemready:
+
+distro: nodistro
+
+target:
+  - arm-systemready-firmware
diff --git a/meta-arm/kas/arm-systemready-ir-acs.yml b/meta-arm/kas/arm-systemready-ir-acs.yml
new file mode 100644
index 0000000..38604d7
--- /dev/null
+++ b/meta-arm/kas/arm-systemready-ir-acs.yml
@@ -0,0 +1,17 @@
+header:
+  version: 13
+  includes:
+    - kas/arm-systemready-firmware.yml
+
+env:
+  TESTIMAGE_AUTO: "1"
+  # The full testimage run typically takes around 12-24h on fvp-base.
+  TEST_OVERALL_TIMEOUT: "${@ 24*60*60}"
+
+local_conf_header:
+  systemready-ir-acs: |
+    IMAGE_CLASSES:append = " testimage"
+
+
+target:
+  - arm-systemready-ir-acs
diff --git a/meta-arm/kas/arm-systemready-linux-distros-debian.yml b/meta-arm/kas/arm-systemready-linux-distros-debian.yml
new file mode 100644
index 0000000..38cc74b
--- /dev/null
+++ b/meta-arm/kas/arm-systemready-linux-distros-debian.yml
@@ -0,0 +1,7 @@
+header:
+  version: 13
+  includes:
+    - kas/arm-systemready-firmware.yml
+
+target:
+  - arm-systemready-linux-distros-debian
diff --git a/meta-arm/kas/arm-systemready-linux-distros-opensuse.yml b/meta-arm/kas/arm-systemready-linux-distros-opensuse.yml
new file mode 100644
index 0000000..cffbdb9
--- /dev/null
+++ b/meta-arm/kas/arm-systemready-linux-distros-opensuse.yml
@@ -0,0 +1,7 @@
+header:
+  version: 13
+  includes:
+    - kas/arm-systemready-firmware.yml
+
+target:
+  - arm-systemready-linux-distros-opensuse
diff --git a/meta-arm/kas/corstone1000-base.yml b/meta-arm/kas/corstone1000-base.yml
index 5e4ae7e..1ab6545 100644
--- a/meta-arm/kas/corstone1000-base.yml
+++ b/meta-arm/kas/corstone1000-base.yml
@@ -1,5 +1,5 @@
 header:
-  version: 11
+  version: 14
 
 env:
   DISPLAY: ""
@@ -8,7 +8,7 @@
 
 defaults:
   repos:
-    refspec: master
+    branch: nanbield
 
 repos:
   meta-arm:
@@ -19,21 +19,22 @@
 
   poky:
     url: https://git.yoctoproject.org/git/poky
-    refspec: 31dd418207f6c95ef0aad589cd03cd2a4c9a8bf2
+    commit: 2e9c2a2381105f1306bcbcb54816cbc5d8110eff
     layers:
       meta:
       meta-poky:
-      meta-yocto-bsp:
 
   meta-openembedded:
     url: https://git.openembedded.org/meta-openembedded
-    refspec: 5a01ab461c9bcabcbb2298236602373948f8f073
+    commit: 1750c66ae8e4268c472c0b2b94748a59d6ef866d
     layers:
       meta-oe:
       meta-python:
+      meta-perl:
 
   meta-secure-core:
     url: https://github.com/wind-river/meta-secure-core.git
+    commit: e29165a1031dcf601edbed1733cedd64826672a5
     layers:
       meta:
       meta-signing-key:
diff --git a/meta-arm/kas/corstone1000-fvp.yml b/meta-arm/kas/corstone1000-fvp.yml
index 7d23a53..abf4070 100644
--- a/meta-arm/kas/corstone1000-fvp.yml
+++ b/meta-arm/kas/corstone1000-fvp.yml
@@ -1,5 +1,5 @@
 header:
-  version: 11
+  version: 14
   includes:
     - kas/corstone1000-base.yml
     - kas/fvp-eula.yml
@@ -10,7 +10,7 @@
     fvp-config: |
         # Remove Dropbear SSH as it will not fit into the corstone1000 image.
         IMAGE_FEATURES:remove = " ssh-server-dropbear"
-        INHERIT = " ${@bb.utils.contains('BUILD_ARCH', 'x86_64', 'fvpboot', '', d)}"
+        INHERIT += "fvpboot"
 
 target:
   - corstone1000-image
diff --git a/meta-arm/kas/corstone1000-mps3.yml b/meta-arm/kas/corstone1000-mps3.yml
index 53be438..7d63a18 100644
--- a/meta-arm/kas/corstone1000-mps3.yml
+++ b/meta-arm/kas/corstone1000-mps3.yml
@@ -1,5 +1,5 @@
 header:
-  version: 11
+  version: 14
   includes:
     - kas/corstone1000-base.yml
 
diff --git a/meta-arm/kas/fvp-base.yml b/meta-arm/kas/fvp-base.yml
new file mode 100644
index 0000000..18b9134
--- /dev/null
+++ b/meta-arm/kas/fvp-base.yml
@@ -0,0 +1,43 @@
+header:
+  version: 13
+  includes:
+    - kas/fvp-eula.yml
+
+env:
+  DISPLAY:
+  WAYLAND_DISPLAY:
+  XAUTHORITY:
+
+
+distro: poky
+machine: fvp-base
+
+defaults:
+  repos:
+    refspec: master
+
+repos:
+  meta-arm:
+    layers:
+      meta-arm:
+      meta-arm-bsp:
+      meta-arm-toolchain:
+
+  poky:
+    url: https://git.yoctoproject.org/git/poky
+    path: layers/poky
+    layers:
+      meta:
+      meta-poky:
+
+local_conf_header:
+  base: |
+    CONF_VERSION = "2"
+    PACKAGE_CLASSES = "package_ipk"
+    PACKAGECONFIG:remove:pn-qemu-system-native = "gtk+ sdl"
+    EXTRA_IMAGE_FEATURES:append = " debug-tweaks ssh-server-openssh"
+    CORE_IMAGE_EXTRA_INSTALL:append = " ssh-pregen-hostkeys"
+    IMAGE_CLASSES:append = " testimage fvpboot"
+
+target:
+  - core-image-minimal
diff --git a/meta-arm/meta-arm-bsp/conf/layer.conf b/meta-arm/meta-arm-bsp/conf/layer.conf
index 97d9728..71f64d9 100644
--- a/meta-arm/meta-arm-bsp/conf/layer.conf
+++ b/meta-arm/meta-arm-bsp/conf/layer.conf
@@ -13,9 +13,14 @@
 
 LAYERDEPENDS_meta-arm-bsp = "core meta-arm"
 # This won't be used by layerindex-fetch, but works everywhere else
-LAYERDEPENDS_meta-arm-bsp:append:corstone1000 = " meta-python openembedded-layer"
+LAYERDEPENDS_meta-arm-bsp:append:corstone1000 = " meta-python openembedded-layer efi-secure-boot"
 LAYERDEPENDS_meta-arm-bsp:append:musca-b1 = " meta-python"
 LAYERDEPENDS_meta-arm-bsp:append:musca-s1 = " meta-python"
 
 # Additional license directories.
 LICENSE_PATH += "${LAYERDIR}/custom-licenses"
+
+BBFILES_DYNAMIC += " \
+    meta-arm-systemready:${LAYERDIR}/dynamic-layers/meta-arm-systemready/*/*/*.bb \
+    meta-arm-systemready:${LAYERDIR}/dynamic-layers/meta-arm-systemready/*/*/*.bbappend \
+"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf b/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf
index 5b3e150..9c070b3 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf
@@ -16,6 +16,9 @@
 FVP_EXE ?= "FVP_Corstone-1000"
 FVP_CONSOLE ?= "host_terminal_0"
 
+#Disable Time Annotation
+FASTSIM_DISABLE_TA = "0"
+
 # FVP Parameters
 FVP_CONFIG[se.trustedBootROMloader.fname] ?= "bl1.bin"
 FVP_CONFIG[board.xnvm_size] ?= "64"
@@ -49,10 +52,19 @@
 FVP_CONFIG[board.msd_mmc.diagnostics] ?= "2"
 FVP_CONFIG[board.msd_mmc.p_max_block_count] ?= "0xFFFF"
 FVP_CONFIG[board.msd_config.pl180_fifo_depth] ?= "16"
+FVP_CONFIG[board.msd_mmc.support_unpadded_images] ?= "true"
 
 # MMC2 card configuration
 FVP_CONFIG[board.msd_mmc_2.card_type] ?= "SDHC"
 FVP_CONFIG[board.msd_mmc_2.p_fast_access] ?= "0"
 FVP_CONFIG[board.msd_mmc_2.diagnostics] ?= "2"
 FVP_CONFIG[board.msd_mmc_2.p_max_block_count] ?= "0xFFFF"
-FVP_CONFIG[board.msd_config_2.pl180_fifo_depth] ?= "16"
\ No newline at end of file
+FVP_CONFIG[board.msd_config_2.pl180_fifo_depth] ?= "16"
+FVP_CONFIG[board.msd_mmc_2.support_unpadded_images] ?= "true"
+
+# Virtio-Net configuration
+FVP_CONFIG[board.virtio_net.enabled] ?= "1"
+FVP_CONFIG[board.virtio_net.hostbridge.interfaceName] ?= "eth1"
+FVP_CONFIG[board.virtio_net.hostbridge.userNetworking] ?= "true"
+FVP_CONFIG[board.virtio_net.hostbridge.userNetPorts] ?= "5555=5555,8080=80,2222=22"
+FVP_CONFIG[board.virtio_net.transport] ?= "legacy"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf
index 3a923ba..39ef38b 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf
@@ -4,15 +4,57 @@
 #@NAME: Armv8-A Base Platform FVP machine
 #@DESCRIPTION: Machine configuration for Armv8-A Base Platform FVP model
 
-require conf/machine/include/fvp-common.inc
-require conf/machine/include/arm/arch-armv8a.inc
+require conf/machine/include/arm/arch-armv8-4a.inc
 
-TUNE_FEATURES = "aarch64"
+ARM_SYSTEMREADY_FIRMWARE = "trusted-firmware-a:do_deploy"
+ARM_SYSTEMREADY_ACS_CONSOLE = "default"
+EXTRA_IMAGEDEPENDS = "${ARM_SYSTEMREADY_FIRMWARE}"
 
-# FVP u-boot configuration
-UBOOT_MACHINE = "vexpress_aemv8a_semi_defconfig"
+MACHINE_FEATURES = "efi"
 
+IMAGE_NAME_SUFFIX = ""
+IMAGE_FSTYPES += "wic"
+WKS_FILE ?= "efi-disk.wks.in"
+
+SERIAL_CONSOLES = "115200;ttyAMA0"
+
+PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
+KERNEL_DEVICETREE = "arm/fvp-base-revc.dtb"
 KERNEL_IMAGETYPE = "Image"
 
+EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
+
+# FVP u-boot configuration
+UBOOT_MACHINE = "vexpress_fvp_defconfig"
+
+EFI_PROVIDER ?= "grub-efi"
+
+# As this is a virtual target that will not be used in the real world there is
+# no need for real SSH keys.
+MACHINE_EXTRA_RRECOMMENDS += "ssh-pregen-hostkeys"
+
+TEST_TARGET = "OEFVPTarget"
+TEST_TARGET_IP = "127.0.0.1:2222"
+DEFAULT_TEST_SUITES:append = " fvp_boot fvp_devices"
+TEST_FVP_DEVICES ?= "rtc watchdog networking virtiorng cpu_hotplug"
+
+FVP_PROVIDER ?= "fvp-base-a-aem-native"
+FVP_EXE ?= "FVP_Base_RevC-2xAEMvA"
+FVP_CONFIG[bp.ve_sysregs.exit_on_shutdown] ?= "1"
+FVP_CONFIG[bp.virtio_net.enabled] ?= "1"
+FVP_CONFIG[bp.virtio_net.hostbridge.userNetworking] ?= "1"
+# Tell testimage to connect to localhost:2222, and forward that to SSH in the FVP.
+FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] = "2222=22"
 FVP_CONFIG[bp.virtio_rng.enabled] ?= "1"
-IMAGE_NAME_SUFFIX = ""
+FVP_CONFIG[cache_state_modelled] ?= "0"
+FVP_CONFIG[bp.secureflashloader.fname] ?= "bl1-fvp.bin"
+FVP_CONFIG[bp.flashloader0.fname] ?= "fip-fvp.bin"
+FVP_CONFIG[bp.virtioblockdevice.image_path] ?= "${IMAGE_NAME}.wic"
+# Set the baseline to ARMv8.4, as the default is 8.0.
+FVP_CONFIG[cluster0.has_arm_v8-4] = "1"
+FVP_CONFIG[cluster1.has_arm_v8-4] = "1"
+FVP_CONSOLES[default] = "terminal_0"
+FVP_TERMINALS[bp.terminal_0] ?= "Console"
+FVP_TERMINALS[bp.terminal_1] ?= ""
+FVP_TERMINALS[bp.terminal_2] ?= ""
+FVP_TERMINALS[bp.terminal_3] ?= ""
diff --git a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc
index 5a66f54..749350e 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc
@@ -52,7 +52,7 @@
 
 # Linux kernel
 PREFERRED_PROVIDER_virtual/kernel:forcevariable = "linux-yocto"
-PREFERRED_VERSION_linux-yocto = "6.4%"
+PREFERRED_VERSION_linux-yocto = "6.5%"
 KERNEL_IMAGETYPE = "Image.gz"
 
 INITRAMFS_IMAGE_BUNDLE ?= "1"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc b/meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc
deleted file mode 100644
index e6e4443..0000000
--- a/meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc
+++ /dev/null
@@ -1,50 +0,0 @@
-# FVP common parameters
-
-#
-# Capturing FVP common configurations (Armv8-A Base Platform FVP,
-# Armv8-A Foundation Platform and Armv7-A Base Platform FVP).
-#
-
-MACHINE_FEATURES = "optee"
-
-IMAGE_FSTYPES += "wic"
-WKS_FILE ?= "fvp-base.wks"
-
-SERIAL_CONSOLES = "115200;ttyAMA0"
-
-PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
-
-KERNEL_DEVICETREE = "arm/fvp-base-revc.dtb"
-
-EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
-
-# As this is a virtual target that will not be used in the real world there is
-# no need for real SSH keys.
-MACHINE_EXTRA_RRECOMMENDS += "ssh-pregen-hostkeys"
-
-TEST_TARGET = "OEFVPTarget"
-TEST_TARGET_IP = "127.0.0.1:2222"
-TEST_SUITES:append = " fvp_boot fvp_devices"
-TEST_FVP_DEVICES ?= "rtc watchdog networking virtiorng cpu_hotplug"
-
-FVP_PROVIDER ?= "fvp-base-a-aem-native"
-FVP_EXE ?= "FVP_Base_RevC-2xAEMvA"
-FVP_CONFIG[bp.ve_sysregs.exit_on_shutdown] ?= "1"
-FVP_CONFIG[bp.virtio_net.enabled] ?= "1"
-FVP_CONFIG[bp.virtio_net.hostbridge.userNetworking] ?= "1"
-# Tell testimage to connect to localhost:2222, and forward that to SSH in the FVP.
-FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] = "2222=22"
-FVP_CONFIG[cache_state_modelled] ?= "0"
-FVP_CONFIG[bp.secureflashloader.fname] ?= "bl1-fvp.bin"
-FVP_CONFIG[bp.flashloader0.fname] ?= "fip-fvp.bin"
-FVP_CONFIG[bp.virtioblockdevice.image_path] ?= "${IMAGE_NAME}.wic"
-# Set the baseline to ARMv8.4, as the default is 8.0.
-FVP_CONFIG[cluster0.has_arm_v8-4] = "1"
-FVP_CONFIG[cluster1.has_arm_v8-4] = "1"
-FVP_CONSOLE ?= "terminal_0"
-FVP_DATA ?= "cluster0.cpu0=${KERNEL_IMAGETYPE}@0x80080000 \
-             cluster0.cpu0=fvp-base-revc.dtb@0x8fc00000"
-FVP_TERMINALS[bp.terminal_0] ?= "Console"
-FVP_TERMINALS[bp.terminal_1] ?= ""
-FVP_TERMINALS[bp.terminal_2] ?= ""
-FVP_TERMINALS[bp.terminal_3] ?= ""
diff --git a/meta-arm/meta-arm-bsp/conf/machine/n1sdp.conf b/meta-arm/meta-arm-bsp/conf/machine/n1sdp.conf
index b93e053..74a0a66 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/n1sdp.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/n1sdp.conf
@@ -19,12 +19,16 @@
 
 # Use kernel provided by yocto
 PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
-PREFERRED_VERSION_linux-yocto ?= "6.4%"
+PREFERRED_VERSION_linux-yocto ?= "6.5%"
 
 # RTL8168E Gigabit Ethernet Controller is attached to the PCIe interface
 MACHINE_ESSENTIAL_EXTRA_RDEPENDS += "linux-firmware-rtl8168"
 
+# TF-A
 EXTRA_IMAGEDEPENDS += "trusted-firmware-a"
+TFA_PLATFORM = "n1sdp"
+
+# SCP
 EXTRA_IMAGEDEPENDS += "virtual/control-processor-firmware"
 
 #UEFI EDK2 firmware
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/.readthedocs.yaml b/meta-arm/meta-arm-bsp/documentation/corstone1000/.readthedocs.yaml
new file mode 100644
index 0000000..1b07ce8
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/.readthedocs.yaml
@@ -0,0 +1,12 @@
+version: 2
+build:
+  os: "ubuntu-22.04"
+  tools:
+    python: "3.9"
+sphinx:
+  configuration: meta-arm-bsp/documentation/corstone1000/conf.py
+formats:
+  - pdf
+python:
+  install:
+    - requirements: meta-arm-bsp/documentation/requirements.txt
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst
index 32d6529..173823b 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst
@@ -11,6 +11,77 @@
 fixes in each release of Corstone-1000 software stack.
 
 ***************
+Version 2023.11
+***************
+
+Changes
+=======
+
+- Making Corstone-1000  SystemReady IR 2.0 certifiable
+- Allow booting Debian & OpenSUSE on FVP
+- Add support for two MMC cards for the FVP
+- Add signed capsule update support
+- Enable on-disk capsule update
+- Add the feature of purging specific DT nodes in U-Boot before Linux
+- Add Ethernet over VirtIO support in U-Boot
+- Add support for unaligned MMC card images
+- Reducing the out-of-tree patches by upstreaming them to the corresponding open-source projects
+- SW components upgrades
+- Bug fixes
+
+Corstone-1000 components versions
+=================================
+
++-------------------------------------------+-----------------------------------------------------+
+| arm-ffa-tee                               |                   1.1.2-r0                          |
++-------------------------------------------+-----------------------------------------------------+
+| linux-yocto                               |                   6.5.7                             |
++-------------------------------------------+-----------------------------------------------------+
+| u-boot                                    |                   2023.07                           |
++-------------------------------------------+-----------------------------------------------------+
+| external-system                           |    0.1.0+gitAUTOINC+8c9dca74b1-r0                   |
++-------------------------------------------+-----------------------------------------------------+
+| optee-client                              |                   3.22.0                            |
++-------------------------------------------+-----------------------------------------------------+
+| optee-os                                  |                   3.22.0                            |
++-------------------------------------------+-----------------------------------------------------+
+| trusted-firmware-a                        |                   2.9.0                             |
++-------------------------------------------+-----------------------------------------------------+
+| trusted-firmware-m                        |                   1.8.1                             |
++-------------------------------------------+-----------------------------------------------------+
+| libts                                     |                       08b3d39471                    |
++-------------------------------------------+-----------------------------------------------------+
+| ts-newlib                                 |                   4.1.0                             |
++-------------------------------------------+-----------------------------------------------------+
+| ts-psa-{crypto, iat, its. ps}-api-test    |                   38cb53a4d9                        |
++-------------------------------------------+-----------------------------------------------------+
+| ts-sp-{se-proxy, smm-gateway}             |                   08b3d39471                        |
++-------------------------------------------+-----------------------------------------------------+
+
+Yocto distribution components versions
+======================================
+
++-------------------------------------------+------------------------------+
+| meta-arm                                  | nanbield                     |
++-------------------------------------------+------------------------------+
+| poky                                      | nanbield                     |
++-------------------------------------------+------------------------------+
+| meta-openembedded                         | nanbield                     |
++-------------------------------------------+------------------------------+
+| meta-secure-core                          | nanbield                     |
++-------------------------------------------+------------------------------+
+| busybox                                   |                   1.36.1     |
++-------------------------------------------+------------------------------+
+| musl                                      |                   1.2.4      |
++-------------------------------------------+------------------------------+
+| gcc-arm-none-eabi                         |          11.2-2022.02        |
++-------------------------------------------+------------------------------+
+| gcc-cross-aarch64                         |                   13.2.0     |
++-------------------------------------------+------------------------------+
+| openssl                                   |                   3.1.3      |
++-------------------------------------------+------------------------------+
+
+***************
 Version 2023.06
 ***************
 
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst
index 62e3f8f..501a153 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst
@@ -20,6 +20,27 @@
 or correction.
 
 ***********************
+Release notes - 2023.11
+***********************
+
+Known Issues or Limitations
+---------------------------
+
+ - Use Ethernet over VirtIO due to lan91c111 Ethernet driver support dropped from U-Boot.
+ - Temporally removing the External system support in Linux due to it using multiple custom devicetree bindings that caused problems with SystemReady IR 2.0 certification. For External system support please refer to the version 2023.06. We are aiming to restore it in a more standardised manner in our next release.
+ - Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide can not boot on Corstone-1000 (i.e. user may experience timeouts or boot hang).
+ - PSA Crypto tests (psa-crypto-api-test command) approximately take 30 minutes to complete for FVP and MPS3.
+ - Corstone-1000 SoC on FVP doesn't have a secure debug peripheral. It does on the MPS3.
+ - See previous release notes for the known limitations regarding ACS tests.
+
+Platform Support
+-----------------
+ - This software release is tested on Corstone-1000 FPGA version AN550_v2
+   https://developer.arm.com/downloads/-/download-fpga-images
+ - This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.23_25
+   https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
+
+***********************
 Release notes - 2023.06
 ***********************
 
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst
index bf3535b..ce8bd7e 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst
@@ -72,8 +72,10 @@
 
 An external system is intended to implement use-case specific
 functionality. The system is based on Cortex-M3 and run RTX RTOS.
-Communictaion between external system and Host(cortex-A35) is performed
-using MHU as transport mechanism and rpmsg messaging system.
+Communication between the external system and Host (Cortex-A35) is performed
+using MHU as transport mechanism and rpmsg messaging system (the external system
+support in Linux is disabled in this release. More info about this change can be found in the
+release-notes).
 
 Overall, the Corstone-1000 architecture is designed to cover a range
 of Power, Performance, and Area (PPA) applications, and enable extension
@@ -157,9 +159,9 @@
 **********************
 
 Apart from always booting the authorized images, it is also essential that
-the device only accepts the authorized images in the firmware update
+the device only accepts the authorized (signed) images in the firmware update
 process. Corstone-1000 supports OTA (Over the Air) firmware updates and
-follows Platform Security Firmware Update sepcification (`FWU`_).
+follows Platform Security Firmware Update specification (`FWU`_).
 
 As standardized into `FWU`_, the external flash is divided into two
 banks of which one bank has currently running images and the other bank is
@@ -172,7 +174,10 @@
    :width: 690
    :alt: ExternalFlash
 
-
+When Firmware update is triggered, u-boot verifies the capsule by checking the
+capsule signature, version number and size. Then it signals the Secure Enclave
+that can start writing UEFI capsule into the flash. Once this operation finishes
+,Secure Enclave resets the entire system.
 The Metadata Block in the flash has the below firmware update state machine.
 TF-M runs an OTA service that is responsible for accepting and updating the
 images in the flash. The communication between the UEFI Capsule update
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst
index 96dee07..134ed41 100644
--- a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst
@@ -68,33 +68,33 @@
 ==================
 Based on `Trusted Firmware-A <https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git>`__
 
-+----------+-----------------------------------------------------------------------------------------------------+
-| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.%.bbappend |
-+----------+-----------------------------------------------------------------------------------------------------+
-| Recipe   | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.0.bb           |
-+----------+-----------------------------------------------------------------------------------------------------+
++----------+-------------------------------------------------------------------------------------------------+
+| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend |
++----------+-------------------------------------------------------------------------------------------------+
+| Recipe   | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb       |
++----------+-------------------------------------------------------------------------------------------------+
 
 OP-TEE
 ======
 Based on `OP-TEE <https://git.trustedfirmware.org/OP-TEE/optee_os.git>`__
 
-+----------+------------------------------------------------------------------------------------+
-| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.20.0.bbappend |
-+----------+------------------------------------------------------------------------------------+
-| Recipe   | <_workspace>/meta-arm/meta-arm/recipes-security/optee/optee-os_3.20.0.bb           |
-+----------+------------------------------------------------------------------------------------+
++----------+----------------------------------------------------------------------------------------+
+| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.22.0.bbappend     |
++----------+----------------------------------------------------------------------------------------+
+| Recipe   | <_workspace>/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.22.0.bb           |
++----------+----------------------------------------------------------------------------------------+
 
 U-Boot
 ======
 Based on `U-Boot repo`_
 
-+----------+-------------------------------------------------------------------------+
-| bbappend | <_workspace>/meta-arm/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend     |
-+----------+-------------------------------------------------------------------------+
-| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend |
-+----------+-------------------------------------------------------------------------+
-| Recipe   | <_workspace>/poky/meta/recipes-bsp/u-boot/u-boot_2023.01.bb             |
-+----------+-------------------------------------------------------------------------+
++----------+----------------------------------------------------------------------------+
+| bbappend | <_workspace>/meta-arm/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend        |
++----------+----------------------------------------------------------------------------+
+| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend    |
++----------+----------------------------------------------------------------------------+
+| Recipe   | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2023.07.02.bb |
++----------+----------------------------------------------------------------------------+
 
 Linux
 =====
@@ -107,30 +107,20 @@
 +-----------+----------------------------------------------------------------------------------------------+
 | bbappend  | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend               |
 +-----------+----------------------------------------------------------------------------------------------+
-| Recipe    | <_workspace>/poky/meta/recipes-kernel/linux/linux-yocto_6.1.bb                               |
+| Recipe    | <_workspace>/poky/meta/recipes-kernel/linux/linux-yocto_6.5.bb                               |
 +-----------+----------------------------------------------------------------------------------------------+
 | defconfig | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig         |
 +-----------+----------------------------------------------------------------------------------------------+
 
-External System Tests
-=====================
-Based on `Corstone-1000/applications <https://git.gitlab.arm.com/arm-reference-solutions/corstone1000/applications>`__
-
-+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
-| Recipe     | <_workspace>/meta-arm/meta-arm-bsp/recipes-test/corstone1000-external-sys-tests/corstone1000-external-sys-tests_1.0.bb                                                                              |
-+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
-
-The recipe provides the systems-comms-tests command run in Linux and used for testing the External System.
-
 **************************************************
 Software for Boot Processor (a.k.a Secure Enclave)
 **************************************************
 Based on `Trusted Firmware-M <https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git>`__
 
 +----------+-----------------------------------------------------------------------------------------------------+
-| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.%.bbappend |
+| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_%.bbappend     |
 +----------+-----------------------------------------------------------------------------------------------------+
-| Recipe   | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.7.0.bb           |
+| Recipe   | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.8.1.bb           |
 +----------+-----------------------------------------------------------------------------------------------------+
 
 ********************************
@@ -156,7 +146,7 @@
     cd <_workspace>
 
 Corstone-1000 software is based on the Yocto Project which uses kas and bitbake
-commands to build the stack. To install kas tool, run:
+commands to build the stack. kas version 4 is required. To install kas, run:
 
 ::
 
@@ -168,13 +158,13 @@
 
 ::
 
-    git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2023.06
+    git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2023.11
 
 To build a Corstone-1000 image for MPS3 FPGA, run:
 
 ::
 
-    kas build meta-arm/kas/corstone1000-mps3.yml
+    kas build meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml
 
 Alternatively, to build a Corstone-1000 image for FVP, you need to accept
 the EULA at https://developer.arm.com/downloads/-/arm-ecosystem-fvps/eula
@@ -188,7 +178,7 @@
 
 ::
 
-    kas build meta-arm/kas/corstone1000-fvp.yml
+    kas build meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml
 
 The initial clean build will be lengthy, given that all host utilities are to
 be built as well as the target images. This includes host executables (python,
@@ -343,7 +333,7 @@
 
 The recipe is located at <_workspace>/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb
 
-The latest supported Fixed Virtual Platform (FVP) version is 11.19_21 and is automatically downloaded and installed when using the runfvp command as detailed below. The FVP version can be checked by running the following command:
+The latest supported Fixed Virtual Platform (FVP) version is 11_23.25 and is automatically downloaded and installed when using the runfvp command as detailed below. The FVP version can be checked by running the following command:
 
 ::
 
@@ -374,8 +364,6 @@
 
 Login using the username root.
 
-The External System can be released out of reset on demand using the systems-comms-tests command.
-
 SystemReady-IR tests
 --------------------
 
@@ -398,6 +386,107 @@
 erase the SecureEnclave flash cleanly and prepare a clean board environment for
 the testing.
 
+Prepare EFI System Partition
+===========================================================
+Corstone-1000 FVP and FPGA do not have enough on-chip nonvolatile memory to host
+an EFI System Partition (ESP). Thus, Corstone-1000 uses mass storage device for
+ESP. The instructions below should be followed for both FVP and FPGA before
+running the ACS tests.
+
+**Common to FVP and FPGA:**
+
+#. Create an empty 100 MB partition:
+   ::
+
+      dd if=/dev/zero of=corstone1000-efi-partition.img iflag=fullblock bs=512 count=204800 && sync
+
+#. Use OpenSuse Raw image to copy the contents of EFI partition.
+
+   To download OpenSUSE Tumbleweed raw image:
+     - Under `OpenSUSE Tumbleweed appliances <http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/>`__
+     - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example,
+       ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw.xz``
+
+   Once the .raw.xz file is downloaded, the raw image file needs to be extracted:
+
+   ::
+
+      unxz <file-name.raw.xz>
+
+
+   The above command will generate a file ending with extension .raw image. Use the
+   following command to get address of the first partition
+
+   ::
+
+     fdisk -lu <path-to-img>/openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw
+     ->  Device                                                                               Start     End  Sectors  Size Type
+          <path-to-img>/openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw1    8192   40959    32768   16M EFI System
+          <path-to-img>/openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw2   40960 1064959  1024000  500M Linux swap
+          <path-to-img>/openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw3 1064960 5369822  4304863  2.1G Linux filesystem
+
+     ->   <blockaddress_1st_partition> = 8192
+     ->   <sectorsize_1st_partition> = 32768
+
+#. Copy the ESP from opensuse image to empty image:
+
+   ::
+
+     dd conv=notrunc if=openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw skip=<blockaddress_1st_partition> of=corstone1000-efi-partition.img seek=<blockaddress_1st_partition> iflag=fullblock seek=<blockaddress_1st_partition> bs=512 count=<sectorsize_1s_partition> && sync
+
+
+#. Use the provided disk-layout below to label the ESP correctly.
+
+   efi_disk.layout
+   ::
+
+     label: gpt
+     label-id: AC53D121-B818-4515-9031-BE02CCEB8701
+     device: corstone1000-efi-partition.img
+     unit: sectors
+     first-lba: 34
+     last-lba: 204766
+
+     corstone1000-efi-partition.img : start=8192, size=32768, type=C12A7328-F81F-11D2-BA4B-00A0C93EC93B, uuid=792D821F-98AE-46E3-BABD-948003A650F8, name="p.UEFI"
+
+   And use the following command the label the newly created ESP.
+
+   ::
+
+      sfdisk corstone1000-efi-partition.img < efi_disk.layout
+
+   To test the image, you can now mount the disk image
+
+   ::
+
+      fdisk -lu corstone1000-efi-partition.img
+      ->  Device                          Start   End Sectors Size Type
+          corstone1000-efi-partition.img1  8192 40959   32768  16M EFI System
+
+          <offset_1st_partition> = 8192 * 512 (sector size) = 4194304
+
+      sudo mount -o loop,offset=4194304 corstone1000-efi-partition.img /mount_point
+
+**Using ESP in FPGA:**
+
+Once the ESP is created, it needs to be flashed to a second USB drive different than ACS image.
+This can be done with the development machine.
+
+::
+
+   sudo dd if=corstone1000-efi-partition.img of=/dev/sdb iflag=direct oflag=direct status=progress bs=512; sync;
+
+Now you can plug this USB stick to the board together with ACS test USB stick.
+
+**Using ESP in FVP:**
+
+The ESP disk image can directly be used in Corstone-1000 FVP by simply passing it as
+the 2nd MMC card image.
+
+::
+
+   <_workspace>/meta-arm/scripts/runfvp <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${<path-to-img>/ir_acs_live_image.img}" -C board.msd_mmc_2.p_mmc_file="${<path-to-img>/corstone1000-efi-partition.img}"
+
 Clean Secure Flash Before Testing (applicable to FPGA only)
 ===========================================================
 
@@ -408,13 +497,13 @@
 ::
 
   cd <_workspace>
-  git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2023.06
-  git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.06
+  git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2023.11
+  git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.11
   cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-embedded-a-corstone1000-clean-secure-flash.patch meta-arm
   cd meta-arm
   git apply 0001-embedded-a-corstone1000-clean-secure-flash.patch
   cd ..
-  kas build meta-arm/kas/corstone1000-mps3.yml
+  kas build meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml
 
 Replace the bl1.bin and cs1000.bin files on the SD card with following files:
   - The ROM firmware: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin
@@ -488,10 +577,10 @@
 ::
 
   cd <_workspace>
-  git clone https://github.com/ARM-software/arm-systemready.git -b v21.09_REL1.0
+  git clone https://github.com/ARM-software/arm-systemready.git
 
 Once the repository is successfully downloaded, the prebuilt ACS live image can be found in:
- - ``<_workspace>/arm-systemready/IR/prebuilt_images/v21.07_0.9_BETA/ir_acs_live_image.img.xz``
+ - ``<_workspace>/arm-systemready/IR/prebuilt_images/v23.03_2.0.0/ir-acs-live-image-generic-arm64.wic.xz``
 
 **NOTE**: This prebuilt ACS image includes v5.13 kernel, which doesn't provide
 USB driver support for Corstone-1000. The ACS image with newer kernel version
@@ -505,12 +594,12 @@
 
 ::
 
-  cd <_workspace>/arm-systemready/IR/prebuilt_images/v21.07_0.9_BETA
-  unxz ir_acs_live_image.img.xz
-  sudo dd if=ir_acs_live_image.img of=/dev/sdb iflag=direct oflag=direct bs=1M status=progress; sync
+  cd <_workspace>/arm-systemready/IR/prebuilt_images/v23.03_2.0.0
+  unxz ir-acs-live-image-generic-arm64.wic.xz
+  sudo dd if=ir-acs-live-image-generic-arm64.wic of=/dev/sdb iflag=direct oflag=direct bs=1M status=progress; sync
 
 Once the USB stick with ACS image is prepared, the user should make sure that
-ensure that only the USB stick with the ACS image is connected to the board,
+ensure that both USB sticks (ESP and ACS image) are connected to the board,
 and then boot the board.
 
 The FPGA will reset multiple times during the test, and it might take approx. 24-36 hours to finish the test.
@@ -520,31 +609,30 @@
 ======================================
 
 Download ACS image from:
- - ``https://gitlab.arm.com/systemready/acs/arm-systemready/-/tree/linux-5.17-rc7/IR/prebuilt_images/v22.04_1.0-Linux-v5.17-rc7``
+ - ``https://gitlab.arm.com/systemready/acs/arm-systemready/-/tree/main/IR/prebuilt_images/v23.03_2.0.0``
 
-Use the below command to run the FVP with ACS image support in the
-SD card.
+Use the below command to run the FVP with EFI and ACS image support in the
+SD cards.
 
 ::
 
-  unxz ${<path-to-img>/ir_acs_live_image.img.xz}
+  unxz ${<path-to-img>/ir-acs-live-image-generic-arm64.wic.xz}
 
-  tmux
-
-  <_workspace>/meta-arm/scripts/runfvp <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${<path-to-img>/ir_acs_live_image.img}"
+  <_workspace>/meta-arm/scripts/runfvp  --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic -C board.msd_mmc_2.p_mmc_file="${<path-to-img>/corstone1000-efi-partition.img}"
 
 The test results can be fetched using following commands:
 
 ::
 
   sudo mkdir /mnt/test
-  sudo mount -o rw,offset=<offset_2nd_partition> <path-to-img>/ir_acs_live_image.img /mnt/test/
-  fdisk -lu <path-to-img>/ir_acs_live_image.img
+  sudo mount -o rw,offset=<offset_3rd_partition> <path-to-img>/ir-acs-live-image-generic-arm64.wic /mnt/test/
+  fdisk -lu <path-to-img>/ir-acs-live-image-generic-arm64.wic
   ->  Device                                                     Start     End Sectors  Size Type
-      <path-to-img>/ir_acs_live_image_modified.img1    2048 1050622 1048575  512M Microsoft basic data
-      <path-to-img>/ir_acs_live_image_modified.img2 1050624 1153022  102399   50M Microsoft basic data
+       <path-to-img>/ir-acs-live-image-generic-arm64.wic1    2048  206847  204800   100M Microsoft basic data
+       <path-to-img>/ir-acs-live-image-generic-arm64.wic2  206848 1024239  817392 399.1M Linux filesystem
+       <path-to-img>/ir-acs-live-image-generic-arm64.wic3 1026048 1128447  102400    50M Microsoft basic data
 
-  ->   <offset_2nd_partition> = 1050624 * 512 (sector size) = 537919488
+  ->   <offset_3rd_partition> = 1026048 * 512 (sector size) = 525336576
 
 The FVP will reset multiple times during the test, and it might take up to 1 day to finish
 the test. At the end of test, the FVP host terminal will halt showing a shell prompt.
@@ -580,20 +668,23 @@
 incorrect capsule (corrupted or outdated) which fails to boot to the host software.
 
 Check the "Run SystemReady-IR ACS tests" section above to download and unpack the ACS image file
- - ``ir_acs_live_image.img.xz``
+ - ``ir-acs-live-image-generic-arm64.wic.xz``
 
-Download edk2 under <_workspace>:
+
+Download u-boot under <_workspace> and install tools:
 
 ::
 
-  git clone https://github.com/tianocore/edk2.git
-  cd edk2
-  git checkout f2188fe5d1553ad1896e27b2514d2f8d0308da8a
+  git clone https://github.com/u-boot/u-boot.git
+  cd u-boot
+  git checkout 83aa0ed1e93e1ffac24888d98d37a5b04ed3fb07
+  make tools-only_defconfig
+  make tools-only
 
 Download systemready-patch repo under <_workspace>:
 ::
 
-  git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.06
+  git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.11
 
 *******************
 Generating Capsules
@@ -613,13 +704,14 @@
 ::
 
    cd <_workspace>
-   edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o cs1k_cap_mps3_v6 --fw-version 6 \
-   --lsv 0 --guid    e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index  0 \
-   --verbose build/tmp/deploy/images/corstone1000-mps3/corstone1000_image.nopt
 
-   edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o cs1k_cap_mps3_v5 --fw-version 5 \
-   --lsv 0 --guid    e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index  0 \
-   --verbose build/tmp/deploy/images/corstone1000-mps3/corstone1000_image.nopt
+   ./u-boot/tools/mkeficapsule --monotonic-count 1 --private-key build/tmp/deploy/images/corstone1000-mps3/corstone1000_capsule_key.key \
+   --certificate build/tmp/deploy/images/corstone1000-mps3/corstone1000_capsule_cert.crt --index 1 --guid 989f3a4e-46e0-4cd0-9877-a25c70c01329 \
+   --fw-version 6 build/tmp/deploy/images/corstone1000-mps3/corstone1000_image.nopt cs1k_cap_mps3_v6
+
+   ./u-boot/tools/mkeficapsule --monotonic-count 1 --private-key build/tmp/deploy/images/corstone1000-mps3/corstone1000_capsule_key.key \
+   --certificate build/tmp/deploy/images/corstone1000-mps3/corstone1000_capsule_cert.crt --index 1 --guid 989f3a4e-46e0-4cd0-9877-a25c70c01329 \
+   --fw-version 5 build/tmp/deploy/images/corstone1000-mps3/corstone1000_image.nopt cs1k_cap_mps3_v5
 
 Generating FVP Capsules
 =======================
@@ -632,17 +724,16 @@
 This will generate a file called "corstone1000_image.nopt" which will be used to
 generate a UEFI capsule.
 
-
 ::
 
    cd <_workspace>
-   edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o cs1k_cap_fvp_v6 \
-   --fw-version 6 --lsv 0 --guid    e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \
-   0 --verbose build/tmp/deploy/images/corstone1000-fvp/corstone1000_image.nopt
+   ./u-boot/tools/mkeficapsule --monotonic-count 1 --private-key build/tmp/deploy/images/corstone1000-fvp/corstone1000_capsule_key.key \
+   --certificate build/tmp/deploy/images/corstone1000-fvp/corstone1000_capsule_cert.crt --index 1 --guid 989f3a4e-46e0-4cd0-9877-a25c70c01329 \
+   --fw-version 6 build/tmp/deploy/images/corstone1000-fvp/corstone1000_image.nopt cs1k_cap_fvp_v6
 
-   edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o cs1k_cap_fvp_v5 --fw-version 5 \
-   --lsv 0 --guid    e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \
-   0 --verbose build/tmp/deploy/images/corstone1000-fvp/corstone1000_image.nopt
+   ./u-boot/tools/mkeficapsule --monotonic-count 1 --private-key build/tmp/deploy/images/corstone1000-fvp/corstone1000_capsule_key.key \
+   --certificate build/tmp/deploy/images/corstone1000-fvp/corstone1000_capsule_cert.crt --index 1 --guid 989f3a4e-46e0-4cd0-9877-a25c70c01329 \
+   --fw-version 5 build/tmp/deploy/images/corstone1000-fvp/corstone1000_image.nopt cs1k_cap_fvp_v5
 
 
 Common Notes for FVP and FPGA
@@ -681,7 +772,7 @@
 ::
 
    sudo mkdir /mnt/test
-   sudo mount -o rw,offset=1048576 <path-to-img>/ir_acs_live_image.img  /mnt/test
+   sudo mount -o rw,offset=1048576 <path-to-img>/ir-acs-live-image-generic-arm64.wic  /mnt/test
 
 Then, copy the capsules:
 
@@ -700,14 +791,15 @@
 **NOTE:**
 
 The size of first partition in the image file is calculated in the following way. The data is
-just an example and might vary with different ir_acs_live_image.img files.
+just an example and might vary with different ir-acs-live-image-generic-arm64.wic files.
 
 ::
 
-   fdisk -lu <path-to-img>/ir_acs_live_image.img
+   fdisk -lu <path-to-img>/ir-acs-live-image-generic-arm64.wic
    ->  Device                                                     Start     End Sectors  Size Type
-       <path-to-img>/ir_acs_live_image_modified.img1    2048 1050622 1048575  512M Microsoft basic data
-       <path-to-img>/ir_acs_live_image_modified.img2 1050624 1153022  102399   50M Microsoft basic data
+       <path-to-img>/ir-acs-live-image-generic-arm64.wic1    2048  206847  204800   100M Microsoft basic data
+       <path-to-img>/ir-acs-live-image-generic-arm64.wic2  206848 1024239  817392 399.1M Linux filesystem
+       <path-to-img>/ir-acs-live-image-generic-arm64.wic3 1026048 1128447  102400    50M Microsoft basic data
 
    ->  <offset_1st_partition> = 2048 * 512 (sector size) = 1048576
 
@@ -725,7 +817,12 @@
 
 ::
 
-   <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C "board.msd_mmc.p_mmc_file=${<path-to-img>/ir_acs_live_image.img}"
+   <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic
+
+**NOTE:**
+
+<path-to-img> must start from the root directory.
+make sure there are no spaces before or after of "=". board.msd_mmc.p_mmc_file=<path-to-img>/ir-acs-live-image-generic-arm64.wic.
 
 Running the FPGA with the IR prebuilt image
 ===========================================
@@ -796,7 +893,7 @@
 ::
 
    $ unzip $kernel_addr 0x90000000
-   $ loadm 0x90000000 $kernel_addr_r 0xf00000
+   $ loadm 0x90000000 $kernel_addr_r $filesize
    $ bootefi $kernel_addr_r $fdtcontroladdr
 
 
@@ -834,7 +931,7 @@
    # cat *
     
    0x0
-   e2bb9c06-70e9-4b14-97a3-5a7913176e3f
+   989f3a4e-46e0-4cd0-9877-a25c70c01329
    0
    6
    0
@@ -843,7 +940,7 @@
 
 .. line-block::
    capsule_flags:	0x0
-   fw_class:	e2bb9c06-70e9-4b14-97a3-5a7913176e3f
+   fw_class:	989f3a4e-46e0-4cd0-9877-a25c70c01329
    fw_type:	0
    fw_version:	6
    last_attempt_status:	0 
@@ -851,8 +948,8 @@
    lowest_supported_fw_ver:	0
 
 
-Negative scenario
-=================
+Negative scenario (Applicable to FPGA only)
+===========================================
 
 In the negative case scenario (rollback the capsule version), the user should 
 see appropriate logs in the secure enclave terminal. 
@@ -899,7 +996,7 @@
    # cat *
     
    0x0
-   e2bb9c06-70e9-4b14-97a3-5a7913176e3f
+   989f3a4e-46e0-4cd0-9877-a25c70c01329
    0
    6
    1
@@ -908,26 +1005,32 @@
 
 .. line-block::
    capsule_flags:	0x0
-   fw_class:	e2bb9c06-70e9-4b14-97a3-5a7913176e3f
+   fw_class:	989f3a4e-46e0-4cd0-9877-a25c70c01329
    fw_type:	0
    fw_version:	6
    last_attempt_status:	1
    last_attempt_version:	5
    lowest_supported_fw_ver:	0
 
+**Note**: This test is currently not working properly in Corstone-1000 FVP.
+However, it is not part of the System-Ready IR tests, and it won't affect the
+SR-IR certification. All the compulsory `capsule update tests for SR-IR
+<https://developer.arm.com/documentation/DUI1101/2-1/Test-SystemReady-IR/Test-UpdateCapsule>`__
+works on both Corstone-1000 FVP and FPGA.
+
 Linux distros tests
 -------------------
 
 *************************************************************
-Debian install and boot preparation (applicable to FPGA only)
+Debian install and boot preparation 
 *************************************************************
 
 There is a known issue in the `Shim 15.7 <https://salsa.debian.org/efi-team/shim/-/tree/upstream/15.7?ref_type=tags>`__
 provided with the Debian installer image (see below). This bug causes a fatal
-error when attempting to boot media installer for Debian, and it resets the MPS3 before installation starts.
+error when attempting to boot media installer for Debian, and it resets the platform before installation starts.
 A patch to be applied to the Corstone-1000 stack (only applicable when
 installing Debian) is provided to
-`Skip the Shim <https://gitlab.arm.com/arm-reference-solutions/systemready-patch/-/blob/CORSTONE1000-2023.06/embedded-a/corstone1000/shim/0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch>`__.
+`Skip the Shim <https://gitlab.arm.com/arm-reference-solutions/systemready-patch/-/blob/CORSTONE1000-2023.11/embedded-a/corstone1000/shim/0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch>`__.
 This patch makes U-Boot automatically bypass the Shim and run grub and allows
 the user to proceed with a normal installation. If at the moment of reading this
 document the problem is solved in the Shim, the user is encouraged to try the
@@ -939,31 +1042,44 @@
 ::
 
   cd <_workspace>
-  git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.06
+  git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git -b CORSTONE1000-2023.11
   cp -f systemready-patch/embedded-a/corstone1000/shim/0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch meta-arm
   cd meta-arm
   git am 0001-arm-bsp-u-boot-corstone1000-Skip-the-shim-by-booting.patch
   cd ..
-  kas shell meta-arm/kas/corstone1000-mps3.yml -c="bitbake u-boot trusted-firmware-a corstone1000-image -c cleansstate; bitbake corstone1000-image"
 
-Please update the cs1000.bin on the SD card with the newly generated wic file.
+**On FPGA**
+::
+
+  kas shell meta-arm/kas/corstone1000-mps3.yml:meta-arm/ci/debug.yml -c="bitbake u-boot trusted-firmware-a corstone1000-image -c cleansstate; bitbake corstone1000-image"
+
+**On FVP**
+::
+
+  kas shell meta-arm/kas/corstone1000-fvp.yml:meta-arm/ci/debug.yml -c="bitbake u-boot trusted-firmware-a corstone1000-image -c cleansstate; bitbake corstone1000-image"
+
+On FPGA, please update the cs1000.bin on the SD card with the newly generated wic file.
 
 *************************************************
-Debian/openSUSE install (applicable to FPGA only)
+Preparing the Installation Media
 *************************************************
 
-To test Linux distro install and boot, the user should prepare two empty USB
-sticks (minimum size should be 4GB and formatted with FAT32).
-
 Download one of following Linux distro images:
- - `Debian 12.0.0 installer image <https://cdimage.debian.org/debian-cd/current/arm64/iso-dvd/debian-12.0.0-arm64-DVD-1.iso>`__
- - `OpenSUSE Tumbleweed installer image <http://download.opensuse.org/ports/aarch64/tumbleweed/iso/>`__
-
+ - `Debian installer image <https://cdimage.debian.org/debian-cd/current/arm64/iso-dvd/>`__ (Tested on: debian-12.2.0-arm64-DVD-1.iso)
+ - `OpenSUSE Tumbleweed installer image <http://download.opensuse.org/ports/aarch64/tumbleweed/iso/>`__ (Tested on: openSUSE-Tumbleweed-DVD-aarch64-Snapshot20231120-Media.iso)
+  
 **NOTE:** For OpenSUSE Tumbleweed, the user should look for a DVD Snapshot like
 openSUSE-Tumbleweed-DVD-aarch64-Snapshot<date>-Media.iso
 
-Once the iso file is downloaded, the iso file needs to be flashed to your USB
-drive. This can be done with your development machine.
+
+FPGA
+==================================================
+
+To test Linux distro install and boot on FPGA, the user should prepare two empty USB
+sticks (minimum size should be 4GB and formatted with FAT32).
+
+The downloaded iso file needs to be flashed to your USB drive. 
+This can be done with your development machine.
 
 In the example given below, we assume the USB device is ``/dev/sdb`` (the user
 should use the `lsblk` command to confirm).
@@ -976,6 +1092,26 @@
 
   sudo dd if=<path-to-iso_file> of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync;
 
+
+FVP
+==================================================
+
+To test Linux distro install and boot on FVP, the user should prepare an mmc image.
+With a minimum size of 8GB formatted with gpt.
+
+::
+  #Generating mmc2
+  dd if=/dev/zero of=<_workspace>/mmc2_file.img bs=1 count=0 seek=8G; sync;
+  parted -s mmc2_file.img mklabel gpt
+
+
+*************************************************
+Debian/openSUSE install
+*************************************************
+
+FPGA
+==================================================
+
 Unplug the first USB stick from the development machine and connect it to the
 MSP3 board. At this moment, only the first USB stick should be connected. Open
 the following picocom sessions in your development machine:
@@ -993,8 +1129,18 @@
 **NOTE:** Due to the performance limitation of Corstone-1000 MPS3 FPGA, the
 distro installation process can take up to 24 hours to complete.
 
+FVP
+==================================================
+
+::
+
+  <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="<path-to-iso_file>" -C board.msd_mmc_2.p_mmc_file="<_workspace>/mmc2_file.img"
+
+The installer should now start.
+The os will be installed on the second mmc 'mmc2_file.img'. 
+
 *******************************************************
-Debian install clarifications (applicable to FPGA only)
+Debian install clarifications
 *******************************************************
 
 As the installation process for Debian is different than the one for openSUSE,
@@ -1032,21 +1178,46 @@
 8. At this stage, the installation should proceed as normal.
 
 *****************************************************************
-Debian/openSUSE boot after installation (applicable to FPGA only)
+Debian/openSUSE boot after installation
 *****************************************************************
 
+FPGA
+===============
 Once the installation is complete, unplug the first USB stick and reboot the
 board.
 The board will then enter recovery mode, from which the user can access a shell
-after entering the password for the root user. Proceed to edit the following
-files accordingly:
+after entering the password for the root user. 
+
+FVP
+==============
+Once the installation is complete, you will need to exit the shell instance 
+and run this command to boot into the installed OS:
+
+:: 
+
+  <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="<_workspace>/mmc2_file.img"
+
+
+Once the FVP begins booting, you will need to quickly change the boot option in GRUB,
+to boot into recovery mode. 
+
+**NOTE:** This option will disappear quickly, so it's best to preempt it.
+
+Select 'Advanced Options for '<OS>' and then '<OS> (recovery mode)'. 
+
+Common
+==============
+
+Proceed to edit the following files accordingly:
 
 ::
 
-  vi /etc/systemd/system.conf
+  vi /etc/systemd/system.conf #Only applicable to Debian
+  DefaultDeviceTimeoutSec=infinity
+  vi /usr/lib/systemd/system.conf # Only applicable to openSUSE
   DefaultDeviceTimeoutSec=infinity
 
-The file to be editted next is different depending on the installed distro:
+The file to be edited next is different depending on the installed distro:
 
 ::
 
@@ -1060,8 +1231,9 @@
 
   systemctl daemon-reload
 
-After applying the previous commands, please reboot the board. The user should
-see a login prompt after booting, for example, for debian:
+After applying the previous commands, please reboot the board or restart the runfvp command.
+
+The user should see a login prompt after booting, for example, for debian:
 
 ::
 
@@ -1070,38 +1242,6 @@
 Login with the username root and its corresponding password (already set at
 installation time).
 
-************************************************************
-OpenSUSE Raw image install and boot (applicable to FVP only)
-************************************************************
-
-Steps to download OpenSUSE Tumbleweed raw image:
-  - Under `OpenSUSE Tumbleweed appliances <http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/>`__
-  - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example,
-    ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-<date>-Snapshot<date>.raw.xz``
-
-Once the .raw.xz file is downloaded, the raw image file needs to be extracted:
-
-::
-
-   unxz <file-name.raw.xz>
-
-
-The above command will generate a file ending with extension .raw image. Now, use the following command
-to run FVP with raw image installation process.
-
-::
-
-   <_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${openSUSE raw image file path}"
-
-After successfully installing and booting the Linux distro, the user should see
-a openSUSE login prompt.
-
-::
-
-   localhost login:
-
-Login with the username 'root' and password 'linux'.
-
 PSA API tests
 -------------
 
@@ -1121,7 +1261,7 @@
 
 ::
 
-  insmod /lib/modules/6.1.32-yocto-standard/extra/arm-ffa-tee.ko
+  insmod /lib/modules/*-yocto-standard/extra/arm-ffa-tee.ko
 
 Then, check whether the FF-A TEE driver is loaded correctly by using the following command:
 
@@ -1146,105 +1286,20 @@
 
 **NOTE:** The psa-crypto-api-test takes between 30 minutes to 1 hour to run.
 
-External System tests
----------------------
-
-**************************************************************
-Running the External System test command (systems-comms-tests)
-**************************************************************
-
-Test 1: Releasing the External System out of reset
-==================================================
-
-Run this command in the Linux command-line:
-
-::
-
-  systems-comms-tests 1
-
-The output on the External System terminal should be:
-
-::
-
-    ___  ___
-   |    / __|
-   |=== \___
-   |___ |___/
-   External System Cortex-M3 Processor
-   Running RTX RTOS
-   v0.1.0_2022-10-19_16-41-32-8c9dca7
-   MHUv2 module 'MHU0_H' started
-   MHUv2 module 'MHU1_H' started
-   MHUv2 module 'MHU0_SE' started
-   MHUv2 module 'MHU1_SE' started
-
-Test 2: Communication
-=====================
-
-Test 2 releases the External System out of reset if not already done. Then, it performs communication between host and External System.
-
-After running Test 1, run this command in the Linux command-line:
-
-::
-
-  systems-comms-tests 2
-
-Additional output on the External System terminal will be printed:
-
-::
-
-   MHUv2: Message from 'MHU0_H': 0xabcdef1
-   Received 'abcdef1' From Host MHU0
-   CMD: Increment and return to sender...
-   MHUv2: Message from 'MHU1_H': 0xabcdef1
-   Received 'abcdef1' From Host MHU1
-   CMD: Increment and return to sender...
-
-When running Test 2 the first, Test 1 will be run in the background.
-
-The output on the External System terminal should be:
-
-::
-
-    ___  ___
-   |    / __|
-   |=== \___
-   |___ |___/
-   External System Cortex-M3 Processor
-   Running RTX RTOS
-   v0.1.0_2022-10-19_16-41-32-8c9dca7
-   MHUv2 module 'MHU0_H' started
-   MHUv2 module 'MHU1_H' started
-   MHUv2 module 'MHU0_SE' started
-   MHUv2 module 'MHU1_SE' started
-   MHUv2: Message from 'MHU0_H': 0xabcdef1
-   Received 'abcdef1' From Host MHU0
-   CMD: Increment and return to sender...
-   MHUv2: Message from 'MHU1_H': 0xabcdef1
-   Received 'abcdef1' From Host MHU1
-   CMD: Increment and return to sender...
-
-The output on the Host terminal should be:
-
-::
-
-   Received abcdf00 from es0mhu0
-   Received abcdf00 from es0mhu1
-
-
 Tests results
 -------------
 
-As a reference for the end user, reports for various tests for `Corstone-1000 software (CORSTONE1000-2023.06) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2023.06>`__
+As a reference for the end user, reports for various tests for `Corstone-1000 software (CORSTONE1000-2023.11) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2023.11>`__
 can be found `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000>`__.
 
-Running the software on FVP on Windows
---------------------------------------
+Running the software on FVP on Windows or AArch64 Linux
+------------------------------------------------------------
 
-If the user needs to run the Corstone-1000 software on FVP on Windows. The user
-should follow the build instructions in this document to build on Linux host
-PC, and copy the output binaries to the Windows PC where the FVP is located,
-and launch the FVP binary.
+The user should follow the build instructions in this document to build on a Linux host machine. Then, copy the output binaries to the Windows or Aarch64 Linux machine where the FVP is located. Then, launch the FVP binary.
+
+Security Issue Reporting
+------------------------
+To report any security issues identified with Corstone-1000, please send an email to arm-security@arm.com.
 
 --------------
 
diff --git a/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-ir-acs-fvp-base.inc b/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-ir-acs-fvp-base.inc
new file mode 100644
index 0000000..376f623
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-ir-acs-fvp-base.inc
@@ -0,0 +1,2 @@
+FILESEXTRAPATHS:append := "${THISDIR}/files/${MACHINE}:"
+SRC_URI:append = " file://report.txt"
diff --git a/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-ir-acs.bbappend b/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-ir-acs.bbappend
new file mode 100644
index 0000000..397342f
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-ir-acs.bbappend
@@ -0,0 +1 @@
+include arm-systemready-ir-acs-${MACHINE}.inc
diff --git a/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-scripts-native-fvp-base.inc b/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-scripts-native-fvp-base.inc
new file mode 100644
index 0000000..dc01d0a
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-scripts-native-fvp-base.inc
@@ -0,0 +1,5 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/files/fvp-base:"
+
+SRC_URI:append = " \
+    file://0001-check-sr-results-Change-the-expected-SR-result-confi.patch \
+"
diff --git a/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-scripts-native.bbappend b/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-scripts-native.bbappend
new file mode 100644
index 0000000..49c01ee
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-scripts-native.bbappend
@@ -0,0 +1 @@
+include arm-systemready-scripts-native-${MACHINE}.inc
diff --git a/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/files/fvp-base/0001-check-sr-results-Change-the-expected-SR-result-confi.patch b/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/files/fvp-base/0001-check-sr-results-Change-the-expected-SR-result-confi.patch
new file mode 100644
index 0000000..d2226cb
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/files/fvp-base/0001-check-sr-results-Change-the-expected-SR-result-confi.patch
@@ -0,0 +1,227 @@
+From e3e0465a25f9b1607b2e5ed42afb7b556aa8b9bc Mon Sep 17 00:00:00 2001
+From: Debbie Martin <Debbie.Martin@arm.com>
+Date: Wed, 4 Oct 2023 18:40:18 +0100
+Subject: [PATCH] [PATCH] check-sr-results: Change the expected SR result
+ config
+
+Update the check-sr-results.yaml and format-sr-results.yaml files for the
+Systemready IR suite. These changes are required because of the
+following known differences of fvp-base outputs to those expected by the
+SystemReady scripts.
+
+Changes to check-sr-results.yaml:
+  1. acs-console.log:
+      a. must-have-esp: EFI partition/variable persistence not supported due to
+         FVP reset.
+      b. warn-once-if-contains "-dirty": BL1, BL2, and BL31 have dirty versions.
+      c. must-contain "efi: ESRT=0x" and "'esrt: Reserving ESRT space from 0x'":
+         Capsule updates are not supported.
+      d. error-if-contains: "No EFI system partition" and "Failed to persist
+         EFI variables": EFI partition/variable persistence not supported due to
+         FVP reset.
+  2. acs_results/result.md:
+      a. must-contain "Failure: |0|": Capsule and EFI partition failures make
+         the total 20.
+  3. acs_results/CapsuleApp_ESRT_table_info.log:
+      a. capsuleapp-esrt: Capsule updates are not supported.
+      b. must-contain "'EFI_SYSTEM_RESOURCE_TABLE:'" and
+         "EFI_SYSTEM_RESOURCE_ENTRY": EFI partition/variable persistence not
+         supported due to FVP reset.
+      c. must-contain "FwClass": Capsule updates are not supported.
+      d. error-if-contains "ESRT - Not Found": Capsule updates are not
+         supported.
+  4. acs_results/CapsuleApp_FMP_protocol_info.log:
+      a. warn-if-contains "Aborted test": Capsule updates are not supported.
+         This patch also adds must-contain for the specific totals of the test
+         categories due to allowing the "Aborted test" string.
+  5. acs_results/linux_dump/firmware/efi/esrt:
+      a. Remove whole directory because capsule updates are not supported.
+  6. acs_results/uefi/temp:
+      a. Set min-entries to 0: this defaults to 1 despite the directory being
+         optional, so errors if a directory is empty.
+  7. acs_results/uefi_dump:
+      a. min-entries is 13: change this to 11 due to smbiosview.log being
+         optional and the change to make map.log optional.
+  8. acs_results/uefi_dump/dh.log:
+      a. must-contain "EFISystemPartition": EFI partition/variable persistence
+         not supported due to FVP reset.
+      b. must-contain "FirmwareManagement": Capsule updates are not supported.
+  9. acs_results/uefi_dump/map.log:
+      a. Make optional because it isn't populated for IR.
+  10. fw:
+      a. Make optional because capsule updates are not supported.
+  11. os-logs:
+      a. Make optional because distro installation isn't done as part of ACS.
+
+Changes to format-sr-results.yaml:
+  1. Remove the SIE section (not supported on fvp-base and, if present, causes
+     format-sr-results.py to error).
+
+Upstream-Status: Inappropriate
+Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
+---
+ check-sr-results.yaml  | 34 ++++++++++++++--------------------
+ format-sr-results.yaml | 15 ---------------
+ 2 files changed, 14 insertions(+), 35 deletions(-)
+
+diff --git a/check-sr-results.yaml b/check-sr-results.yaml
+index a4235de..555fb71 100644
+--- a/check-sr-results.yaml
++++ b/check-sr-results.yaml
+@@ -10,7 +10,6 @@ check-sr-results-configuration:
+ # The following tree applies to all ACS-IR 2.0 versions.
+ tree:
+   - file: acs-console.log
+-    must-have-esp:
+     must-contain:
+       - Booting `bbr/bsa'
+       - Press any key to stop the EFI SCT running
+@@ -24,8 +23,6 @@ tree:
+       - 'EFI stub: Booting Linux Kernel...'
+       - 'EFI stub: Using DTB from configuration table'
+       - Linux version
+-      - 'efi: ESRT=0x'
+-      - 'esrt: Reserving ESRT space from 0x'
+       - systemd
+       - Executing FWTS for EBBR
+       - 'Test: UEFI'
+@@ -36,13 +33,9 @@ tree:
+       - ACS run is completed
+       - Please press <Enter> to continue ...
+     warn-once-if-contains:
+-      - -dirty
+       - 'EFI stub: ERROR:'
+       - 'FIRMWARE BUG:'
+       - OVERLAP DETECTED
+-    error-if-contains:
+-      - No EFI system partition
+-      - Failed to persist EFI variables
+   - dir: acs_results
+     min-entries: 8  # Allow missing result.md
+     max-entries: 9
+@@ -53,7 +46,7 @@ tree:
+         must-contain:
+           - SCT Summary
+           - Dropped:|0|
+-          - Failure:|0|
++          - Failure:|20|
+           - Warning:|0|
+           - Dropped by group
+           - Failure by group
+@@ -64,16 +57,11 @@ tree:
+         max-entries: 2
+         tree:
+           - file: CapsuleApp_ESRT_table_info.log
+-            capsuleapp-esrt:
+             must-contain:
+               - ESRT TABLE
+-              - 'EFI_SYSTEM_RESOURCE_TABLE:'
+-              - EFI_SYSTEM_RESOURCE_ENTRY
+-              - FwClass
+             error-if-contains:
+               - FwResourceCount    - 0x0
+               - FwResourceCountMax - 0x0
+-              - ESRT - Not Found
+           - file: CapsuleApp_FMP_protocol_info.log
+             must-contain:
+               - FMP DATA
+@@ -95,9 +83,14 @@ tree:
+               - 'Medium failures: NONE'
+               - 'Low failures: NONE'
+               - 'Other failures: NONE'
++              - 'dt_base        |    3|     |     |     |     |     |'
++              - 'esrt           |     |     |    2|     |     |     |'
++              - 'uefibootpath   |     |     |     |     |     |     |'
++              - 'uefirtmisc     |    1|     |     |     |    8|     |'
++              - 'uefirttime     |    4|     |     |     |   35|     |'
++              - 'uefirtvariable |    2|     |     |     |   10|     |'
++              - 'uefivarinfo    |     |     |     |     |    1|     |'
+               - 'Total:'
+-            warn-if-contains:
+-              - Aborted test
+             error-if-contains:
+               - FAILED
+               - This is an invalid entry.
+@@ -180,6 +173,7 @@ tree:
+                     tree:
+                       - file: OsIndicationsSupported-*
+                   - dir: esrt
++                    optional:
+                     tree:
+                       - dir: entries
+                         tree:
+@@ -314,8 +308,9 @@ tree:
+               - BSA tests complete. Reset the system.
+           - dir: temp   # This sometimes remains; ignore it
+             optional:
++            min-entries: 0
+       - dir: uefi_dump
+-        min-entries: 13
++        min-entries: 11
+         max-entries: 13
+         tree:
+           - file: bcfg.log
+@@ -331,8 +326,6 @@ tree:
+             must-contain:
+               - Handle dump
+               - DevicePath
+-              - EFISystemPartition
+-              - FirmwareManagement
+               - SimpleTextOut
+           - file: dmem.log
+             must-contain:
+@@ -355,6 +348,7 @@ tree:
+               - DRIVER NAME
+           - file: ifconfig.log
+           - file: map.log
++            optional:
+             must-contain:
+               - Mapping table
+               - /HD(1,GPT,
+@@ -392,7 +386,7 @@ tree:
+   - dir: docs
+     optional:
+   - dir: fw
+-    min-entries: 3
++    optional:
+     tree:
+       - file: u-boot-sniff.log
+         must-contain:
+@@ -500,7 +494,7 @@ tree:
+   - dir: manual-results
+     optional:
+   - dir: os-logs
+-    min-entries: 2
++    optional:
+     tree:
+       - file: 'OS-image-download-links.txt'
+         optional:
+diff --git a/format-sr-results.yaml b/format-sr-results.yaml
+index dd34cd6..20b69de 100644
+--- a/format-sr-results.yaml
++++ b/format-sr-results.yaml
+@@ -47,21 +47,6 @@ subs:
+         extract:
+           filename: "acs_results/linux_dump/firmware/devicetree/base/psci/\
+             compatible"
+-  - heading: BBSR Compliance
+-    paragraph: TBD
+-    subs:
+-      - heading: SIE SCT
+-        extract:
+-          filename: acs_results/SIE/result.md
+-          find: '# SCT Summary'
+-          first-line: 4
+-          last-line:
+-        paragraph: TBD
+-      - heading: SIE FWTS
+-        extract:
+-          filename: acs_results/SIE/fwts/FWTSResults.log
+-          find: Test Failure Summary
+-        paragraph: TBD
+   - heading: BSA Compliance (informative)
+     paragraph: TBD
+     subs:
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/files/fvp-base/report.txt b/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/files/fvp-base/report.txt
new file mode 100644
index 0000000..f4363b7
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/dynamic-layers/meta-arm-systemready/recipes-test/arm-systemready-acs/files/fvp-base/report.txt
@@ -0,0 +1,34 @@
+General information
+-------------------
+- Arm SystemReady Band: IR
+- System name: FVP Base A AEM
+- Prepared by:
+- E-mail:
+- Date:
+
+System information
+------------------
+- Company: Arm
+- System: FVP Base A AEM
+- SoC:
+- FW version:
+- Memory:
+- Storage devices / disks:
+- Network controllers:
+- Other Hardware information:
+
+Test Logs and Results
+---------------------
+- ACS version used: 2.0
+- ACS URL (if pre-built binary): https://github.com/ARM-software/arm-systemready/blob/v23.03_IR_2.0.0/IR/prebuilt_images/v23.03_2.0.0/ir-acs-live-image-generic-arm64.wic.xz
+- Changes to ACS (if built from source):
+
+- Test Logs collected
+[X] ACS - SCT
+[X] ACS - BSA - UEFI
+[X] ACS - BSA - Linux
+[X] ACS - FWTS
+[X] ACS - Linux boot log
+[X] ACS - Linux dumps
+[X] ACS - UEFI Shell dumps
+[ ] ACS - Capsule Update
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-feat-emulate-cntp-timer-register-accesses-using-cnth.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-feat-emulate-cntp-timer-register-accesses-using-cnth.patch
deleted file mode 100644
index 9ae4b39..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-feat-emulate-cntp-timer-register-accesses-using-cnth.patch
+++ /dev/null
@@ -1,249 +0,0 @@
-From 3bc797e097ef2b29acf36560e4d2bfeec31f8d81 Mon Sep 17 00:00:00 2001
-From: Ben Horgan <ben.horgan@arm.com>
-Date: Fri, 4 Mar 2022 16:48:14 +0000
-Subject: [PATCH] feat: emulate cntp timer register accesses using cnthps
-
-Upstream-Status: Inappropriate [Experimental feature]
-Signed-off-by: Ben Horgan <ben.horgan@arm.com>
-Change-Id: I67508203273baf3bd8e6be2d99717028db945715
----
- Makefile                                |   3 +-
- src/arch/aarch64/hypervisor/BUILD.gn    |   1 +
- src/arch/aarch64/hypervisor/cpu.c       |  11 ++-
- src/arch/aarch64/hypervisor/handler.c   |   6 ++
- src/arch/aarch64/hypervisor/timer_el1.c | 104 ++++++++++++++++++++++++
- src/arch/aarch64/hypervisor/timer_el1.h |  20 +++++
- src/arch/aarch64/msr.h                  |   8 ++
- 7 files changed, 150 insertions(+), 3 deletions(-)
- create mode 100644 src/arch/aarch64/hypervisor/timer_el1.c
- create mode 100644 src/arch/aarch64/hypervisor/timer_el1.h
-
-diff --git a/Makefile b/Makefile
-index 95cab9a56bfd..21cca938531d 100644
---- a/Makefile
-+++ b/Makefile
-@@ -60,7 +60,8 @@ CHECKPATCH := $(CURDIR)/third_party/linux/scripts/checkpatch.pl \
- # debug_el1.c : uses XMACROS, which checkpatch doesn't understand.
- # perfmon.c : uses XMACROS, which checkpatch doesn't understand.
- # feature_id.c : uses XMACROS, which checkpatch doesn't understand.
--CHECKPATCH_IGNORE := "src/arch/aarch64/hypervisor/debug_el1.c\|src/arch/aarch64/hypervisor/perfmon.c\|src/arch/aarch64/hypervisor/feature_id.c"
-+# timer_el1.c : uses XMACROS, which checkpatch doesn't understand.
-+CHECKPATCH_IGNORE := "src/arch/aarch64/hypervisor/debug_el1.c\|src/arch/aarch64/hypervisor/perfmon.c\|src/arch/aarch64/hypervisor/feature_id.c\|src/arch/aarch64/hypervisor/timer_el1.c"
- 
- OUT ?= out/$(PROJECT)
- OUT_DIR = out/$(PROJECT)
-diff --git a/src/arch/aarch64/hypervisor/BUILD.gn b/src/arch/aarch64/hypervisor/BUILD.gn
-index 6068d1e8f075..de1a414dac68 100644
---- a/src/arch/aarch64/hypervisor/BUILD.gn
-+++ b/src/arch/aarch64/hypervisor/BUILD.gn
-@@ -45,6 +45,7 @@ source_set("hypervisor") {
-     "handler.c",
-     "perfmon.c",
-     "psci_handler.c",
-+    "timer_el1.c",
-     "vm.c",
-   ]
- 
-diff --git a/src/arch/aarch64/hypervisor/cpu.c b/src/arch/aarch64/hypervisor/cpu.c
-index 5e025b596674..edd5df134cfc 100644
---- a/src/arch/aarch64/hypervisor/cpu.c
-+++ b/src/arch/aarch64/hypervisor/cpu.c
-@@ -98,13 +98,20 @@ void arch_regs_reset(struct vcpu *vcpu)
- 	if (is_primary) {
- 		/*
- 		 * cnthctl_el2 is redefined when VHE is enabled.
--		 * EL1PCTEN, don't trap phys cnt access.
--		 * EL1PCEN, don't trap phys timer access.
-+		 * EL1PCTEN, don't trap phys cnt access. Except when in
-+		 * secure world without vhe.
-+		 * EL1PCEN, don't trap phys timer access. Except when in
-+		 * secure world without vhe.
- 		 */
- 		if (has_vhe_support()) {
- 			cnthctl |= (1U << 10) | (1U << 11);
- 		} else {
-+#if SECURE_WORLD == 1
-+			cnthctl &= ~(1U << 0);
-+			cnthctl &= ~(1U << 1);
-+#else
- 			cnthctl |= (1U << 0) | (1U << 1);
-+#endif
- 		}
- 	}
- 
-diff --git a/src/arch/aarch64/hypervisor/handler.c b/src/arch/aarch64/hypervisor/handler.c
-index 3422ff7b8265..c495df40f3f5 100644
---- a/src/arch/aarch64/hypervisor/handler.c
-+++ b/src/arch/aarch64/hypervisor/handler.c
-@@ -34,6 +34,7 @@
- #include "psci_handler.h"
- #include "smc.h"
- #include "sysregs.h"
-+#include "timer_el1.h"
- 
- /**
-  * Hypervisor Fault Address Register Non-Secure.
-@@ -1295,6 +1296,11 @@ void handle_system_register_access(uintreg_t esr_el2)
- 			inject_el1_sysreg_trap_exception(vcpu, esr_el2);
- 			return;
- 		}
-+	} else if (timer_el1_is_register_access(esr_el2)) {
-+		if (!timer_el1_process_access(vcpu, vm_id, esr_el2)) {
-+			inject_el1_unknown_exception(vcpu, esr_el2);
-+			return;
-+		}
- 	} else {
- 		inject_el1_sysreg_trap_exception(vcpu, esr_el2);
- 		return;
-diff --git a/src/arch/aarch64/hypervisor/timer_el1.c b/src/arch/aarch64/hypervisor/timer_el1.c
-new file mode 100644
-index 000000000000..c30e5543f436
---- /dev/null
-+++ b/src/arch/aarch64/hypervisor/timer_el1.c
-@@ -0,0 +1,104 @@
-+/*
-+ * Copyright 2022 The Hafnium Authors.
-+ *
-+ * Use of this source code is governed by a BSD-style
-+ * license that can be found in the LICENSE file or at
-+ * https://opensource.org/licenses/BSD-3-Clause.
-+ */
-+
-+#include "timer_el1.h"
-+
-+#include "hf/dlog.h"
-+
-+#include "msr.h"
-+#include "sysregs.h"
-+
-+/*
-+ * Physical timer (CNTP) register encodings as defined in
-+ * table D13-8 of the ARMv8 ARM (DDI0487F).
-+ * TYPE, op0, op1, crn, crm, op2
-+ * The register names are the concatenation of
-+ * "CNTP_", TYPE and "_EL2".
-+ */
-+#define CNTP_REGISTERS          \
-+	X(CTL,  3, 3, 14, 2, 1) \
-+	X(CVAL, 3, 3, 14, 2, 2) \
-+	X(TVAL, 3, 3, 14, 2, 0) \
-+
-+bool timer_el1_is_register_access(uintreg_t esr)
-+{
-+	uintreg_t sys_register = GET_ISS_SYSREG(esr);
-+	bool is_timer_access;
-+	switch (sys_register) {
-+#define X(type, op0, op1, crn, crm, op2)                  \
-+	case (GET_ISS_ENCODING(op0, op1, crn, crm, op2)): \
-+		is_timer_access = true;                   \
-+		break;
-+			CNTP_REGISTERS
-+#undef X
-+	case (GET_ISS_ENCODING(3, 3, 14, 0, 1)):
-+		is_timer_access = true;
-+		break;
-+	default:
-+		is_timer_access = false;
-+	}
-+
-+	return is_timer_access;
-+}
-+
-+/* Accesses to CNTP timer emulated with CNTHPS */
-+bool timer_el1_process_access(struct vcpu *vcpu, ffa_vm_id_t vm_id,
-+			      uintreg_t esr)
-+{
-+	uintreg_t sys_register = GET_ISS_SYSREG(esr);
-+	uintreg_t rt_register = GET_ISS_RT(esr);
-+	uintreg_t value;
-+
-+	if (ISS_IS_READ(esr)) {
-+		switch (sys_register) {
-+#define X(type, op0, op1, crn, crm, op2)                           \
-+		case (GET_ISS_ENCODING(op0, op1, crn, crm, op2)):  \
-+			value = read_msr(MSR_CNTHPS_##type##_EL2); \
-+			vcpu->regs.r[rt_register] = value;         \
-+			break;
-+				CNTP_REGISTERS
-+#undef X
-+		case (GET_ISS_ENCODING(3, 3, 14, 0, 1)):
-+			value = read_msr(cntpct_el0);
-+			vcpu->regs.r[rt_register] = value;
-+			break;
-+		default:
-+			dlog_notice(
-+				"Unsupported timer register "
-+				"read: "
-+				"op0=%d, op1=%d, crn=%d, crm=%d, op2=%d, "
-+				"rt=%d.\n",
-+				GET_ISS_OP0(esr), GET_ISS_OP1(esr),
-+				GET_ISS_CRN(esr), GET_ISS_CRM(esr),
-+				GET_ISS_OP2(esr), GET_ISS_RT(esr));
-+			break;
-+		}
-+	} else {
-+		value = vcpu->regs.r[rt_register];
-+		switch (sys_register) {
-+#define X(type, op0, op1, crn, crm, op2)                           \
-+		case (GET_ISS_ENCODING(op0, op1, crn, crm, op2)):  \
-+			write_msr(MSR_CNTHPS_##type##_EL2, value); \
-+			break;
-+				CNTP_REGISTERS
-+#undef X
-+		default:
-+			dlog_notice(
-+				"Unsupported timer register "
-+				"write: "
-+				"op0=%d, op1=%d, crn=%d, crm=%d, op2=%d, "
-+				"rt=%d, value=%d.\n",
-+				GET_ISS_OP0(esr), GET_ISS_OP1(esr),
-+				GET_ISS_CRN(esr), GET_ISS_CRM(esr),
-+				GET_ISS_OP2(esr), GET_ISS_RT(esr), value);
-+			break;
-+		}
-+	}
-+
-+	return true;
-+}
-diff --git a/src/arch/aarch64/hypervisor/timer_el1.h b/src/arch/aarch64/hypervisor/timer_el1.h
-new file mode 100644
-index 000000000000..04a43b6ca335
---- /dev/null
-+++ b/src/arch/aarch64/hypervisor/timer_el1.h
-@@ -0,0 +1,20 @@
-+/*
-+ * Copyright 2022 The Hafnium Authors.
-+ *
-+ * Use of this source code is governed by a BSD-style
-+ * license that can be found in the LICENSE file or at
-+ * https://opensource.org/licenses/BSD-3-Clause.
-+ */
-+
-+#pragma once
-+
-+#include "hf/arch/types.h"
-+
-+#include "hf/cpu.h"
-+
-+#include "vmapi/hf/ffa.h"
-+
-+bool timer_el1_is_register_access(uintreg_t esr);
-+
-+bool timer_el1_process_access(struct vcpu *vcpu, ffa_vm_id_t vm_id,
-+			      uintreg_t esr);
-diff --git a/src/arch/aarch64/msr.h b/src/arch/aarch64/msr.h
-index 6edc39f2af48..bf1a66d1d4c5 100644
---- a/src/arch/aarch64/msr.h
-+++ b/src/arch/aarch64/msr.h
-@@ -131,3 +131,11 @@
- #define MSR_ELR_EL12 S3_5_C4_C0_1
- 
- #endif
-+
-+/*
-+ * Secure EL2 Physical timer (CNTHPS) register encodings as defined in
-+ * table D13-8 of the ARMv8 ARM (DDI0487F).
-+ */
-+#define MSR_CNTHPS_CTL_EL2 S3_4_C14_C5_1
-+#define MSR_CNTHPS_CVAL_EL2 S3_4_C14_C5_2
-+#define MSR_CNTHPS_TVAL_EL2 S3_4_C14_C5_0
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch
deleted file mode 100644
index 9627a76..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0001-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 1fef5bd2504ce3a203c56a3b66dba773cd4893c6 Mon Sep 17 00:00:00 2001
-From: Davidson K <davidson.kumaresan@arm.com>
-Date: Thu, 8 Sep 2022 10:47:10 +0530
-Subject: [PATCH] feat(vhe): enable vhe and disable branch protection for TC
-
-Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
-Change-Id: I60cd607d9f2bf0114b482980e7ca68e24aaf4d1f
-Upstream-Status: Pending [Not submitted to upstream yet]
----
- BUILD.gn | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/BUILD.gn b/BUILD.gn
-index cc6a78f4fdb8..acd1f9d1634b 100644
---- a/BUILD.gn
-+++ b/BUILD.gn
-@@ -245,7 +245,6 @@ aarch64_toolchains("secure_tc") {
-   heap_pages = 180
-   max_cpus = 8
-   max_vms = 16
--  branch_protection = "standard"
-   toolchain_args = {
-     plat_ffa = "//src/arch/aarch64/plat/ffa:spmc"
-     plat_psci = "//src/arch/aarch64/plat/psci:spmc"
-@@ -254,6 +253,7 @@ aarch64_toolchains("secure_tc") {
-     secure_world = "1"
-     pl011_base_address = "0x7ff80000"
-     enable_mte = "1"
-+    enable_vhe = "1"
-     plat_log_level = "LOG_LEVEL_INFO"
-   }
- }
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-feat-emulate-interrupt-controller-register-access.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-feat-emulate-interrupt-controller-register-access.patch
deleted file mode 100644
index 3e67615..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-feat-emulate-interrupt-controller-register-access.patch
+++ /dev/null
@@ -1,156 +0,0 @@
-From 9f5b07e30c82713b9598ea60d9f802bd419b560f Mon Sep 17 00:00:00 2001
-From: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
-Date: Tue, 26 Apr 2022 14:43:58 +0100
-Subject: [PATCH] feat: emulate interrupt controller register access
-
-This emulates ICC_SGI1R_EL1 and ICC_IGRPEN1_EL1 register
-
-Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
-Change-Id: I0c11f034f3676067597461a183a341c809adcaa4
-Upstream-Status: Inappropriate [Experimental feature]
----
- src/arch/aarch64/hypervisor/handler.c |  5 ++
- src/arch/aarch64/hypervisor/perfmon.c | 84 +++++++++++++++++++++++++++
- src/arch/aarch64/hypervisor/perfmon.h |  5 ++
- src/arch/aarch64/msr.h                |  3 +
- 4 files changed, 97 insertions(+)
-
-diff --git a/src/arch/aarch64/hypervisor/handler.c b/src/arch/aarch64/hypervisor/handler.c
-index c495df40f3f5..13578fc99670 100644
---- a/src/arch/aarch64/hypervisor/handler.c
-+++ b/src/arch/aarch64/hypervisor/handler.c
-@@ -1301,6 +1301,11 @@ void handle_system_register_access(uintreg_t esr_el2)
- 			inject_el1_unknown_exception(vcpu, esr_el2);
- 			return;
- 		}
-+	} else if (intr_ctrl_is_register_access(esr_el2)) {
-+		if (!intr_ctrl_el1_process_access(vcpu, vm_id, esr_el2)) {
-+			inject_el1_unknown_exception(vcpu, esr_el2);
-+			return;
-+		}
- 	} else {
- 		inject_el1_sysreg_trap_exception(vcpu, esr_el2);
- 		return;
-diff --git a/src/arch/aarch64/hypervisor/perfmon.c b/src/arch/aarch64/hypervisor/perfmon.c
-index f13b035480d8..05e216c84c2e 100644
---- a/src/arch/aarch64/hypervisor/perfmon.c
-+++ b/src/arch/aarch64/hypervisor/perfmon.c
-@@ -116,6 +116,10 @@
- 	X(PMEVTYPER30_EL0   , 3, 3, 14, 15, 6) \
- 	X(PMCCFILTR_EL0     , 3, 3, 14, 15, 7)
- 
-+#define INTR_CTRL_REGISTERS                    \
-+	X(ICC_IGRPEN1_EL1   , 3, 0, 12, 12, 7) \
-+	X(ICC_SGI1R_EL1     , 3, 0, 12, 11, 5) \
-+
- /* clang-format on */
- 
- /**
-@@ -232,3 +236,83 @@ uintreg_t perfmon_get_pmccfiltr_el0_init_value(ffa_vm_id_t vm_id)
- 
- 	return 0;
- }
-+
-+bool intr_ctrl_is_register_access(uintreg_t esr)
-+{
-+	uintreg_t op0 = GET_ISS_OP0(esr);
-+	uintreg_t op1 = GET_ISS_OP1(esr);
-+	uintreg_t crn = GET_ISS_CRN(esr);
-+	uintreg_t crm = GET_ISS_CRM(esr);
-+
-+	if (op0 == 3 && op1 == 0 && crn == 12 && crm == 12) {
-+		return true;
-+	}
-+
-+	if (op0 == 3 && op1 == 0 && crn == 12 && crm == 11) {
-+		return true;
-+	}
-+
-+	return false;
-+}
-+
-+bool intr_ctrl_el1_process_access(struct vcpu *vcpu, ffa_vm_id_t vm_id,
-+				  uintreg_t esr)
-+{
-+	uintreg_t sys_register = GET_ISS_SYSREG(esr);
-+	uintreg_t rt_register = GET_ISS_RT(esr);
-+	uintreg_t value;
-+
-+	/* +1 because Rt can access register XZR */
-+	CHECK(rt_register < NUM_GP_REGS + 1);
-+
-+	if (ISS_IS_READ(esr)) {
-+		switch (sys_register) {
-+#define X(reg_name, op0, op1, crn, crm, op2)              \
-+	case (GET_ISS_ENCODING(op0, op1, crn, crm, op2)): \
-+		value = read_msr(reg_name);               \
-+		break;
-+			INTR_CTRL_REGISTERS
-+#undef X
-+		default:
-+			value = vcpu->regs.r[rt_register];
-+			dlog_notice(
-+				"Unsupported interrupt control register "
-+				"read: "
-+				"op0=%d, op1=%d, crn=%d, crm=%d, op2=%d, "
-+				"rt=%d.\n",
-+				GET_ISS_OP0(esr), GET_ISS_OP1(esr),
-+				GET_ISS_CRN(esr), GET_ISS_CRM(esr),
-+				GET_ISS_OP2(esr), GET_ISS_RT(esr));
-+			break;
-+		}
-+		if (rt_register != RT_REG_XZR) {
-+			vcpu->regs.r[rt_register] = value;
-+		}
-+	} else {
-+		if (rt_register != RT_REG_XZR) {
-+			value = vcpu->regs.r[rt_register];
-+		} else {
-+			value = 0;
-+		}
-+		switch (sys_register) {
-+#define X(reg_name, op0, op1, crn, crm, op2)              \
-+	case (GET_ISS_ENCODING(op0, op1, crn, crm, op2)): \
-+		write_msr(reg_name, value);               \
-+		break;
-+			INTR_CTRL_REGISTERS
-+#undef X
-+		default:
-+			dlog_notice(
-+				"Unsupported interrupt control register "
-+				"write: "
-+				"op0=%d, op1=%d, crn=%d, crm=%d, op2=%d, "
-+				"rt=%d.\n",
-+				GET_ISS_OP0(esr), GET_ISS_OP1(esr),
-+				GET_ISS_CRN(esr), GET_ISS_CRM(esr),
-+				GET_ISS_OP2(esr), GET_ISS_RT(esr));
-+			break;
-+		}
-+	}
-+
-+	return true;
-+}
-diff --git a/src/arch/aarch64/hypervisor/perfmon.h b/src/arch/aarch64/hypervisor/perfmon.h
-index 81669ba1c401..c90d45bfc239 100644
---- a/src/arch/aarch64/hypervisor/perfmon.h
-+++ b/src/arch/aarch64/hypervisor/perfmon.h
-@@ -70,3 +70,8 @@ bool perfmon_process_access(struct vcpu *vcpu, ffa_vm_id_t vm_id,
- 			    uintreg_t esr_el2);
- 
- uintreg_t perfmon_get_pmccfiltr_el0_init_value(ffa_vm_id_t vm_id);
-+
-+bool intr_ctrl_is_register_access(uintreg_t esr);
-+
-+bool intr_ctrl_el1_process_access(struct vcpu *vcpu, ffa_vm_id_t vm_id,
-+				  uintreg_t esr);
-diff --git a/src/arch/aarch64/msr.h b/src/arch/aarch64/msr.h
-index bf1a66d1d4c5..b88a14b52f68 100644
---- a/src/arch/aarch64/msr.h
-+++ b/src/arch/aarch64/msr.h
-@@ -139,3 +139,6 @@
- #define MSR_CNTHPS_CTL_EL2 S3_4_C14_C5_1
- #define MSR_CNTHPS_CVAL_EL2 S3_4_C14_C5_2
- #define MSR_CNTHPS_TVAL_EL2 S3_4_C14_C5_0
-+
-+#define ICC_IGRPEN1_EL1 S3_0_C12_C12_7
-+#define ICC_SGI1R_EL1 S3_0_C12_C11_5
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch
deleted file mode 100644
index cd19f63..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 41f3ff2f011da69ff81234769353955e51c7e588 Mon Sep 17 00:00:00 2001
-From: Davidson K <davidson.kumaresan@arm.com>
-Date: Thu, 7 Oct 2021 12:20:08 +0530
-Subject: [PATCH] feat(vhe): set STAGE1_NS while mapping memory from NWd to SWd
-
-If the memory is shared by a VM executing in non secure world, attribute
-MM_MODE_NS had to be set while mapping that in a S-EL0 SP executing in
-secure world. It will not be needed for a S-EL1 SP since the NS bit is
-available only for the stage 1 translations and the stage 1 translations
-for a S-EL1 SP will be handled by a trusted OS running in S-EL1.
-
-Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
-Change-Id: I074e2d5a50a659bd3c097d797c4901f08d210b1b
-Upstream-Status: Pending [Not submitted to upstream yet]
----
- src/ffa_memory.c | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/src/ffa_memory.c b/src/ffa_memory.c
-index 5826cb2fdd4b..bae677633dea 100644
---- a/src/ffa_memory.c
-+++ b/src/ffa_memory.c
-@@ -2618,6 +2618,18 @@ struct ffa_value ffa_memory_retrieve(struct vm_locked to_locked,
- 
- 	memory_to_attributes = ffa_memory_permissions_to_mode(
- 		permissions, share_state->sender_orig_mode);
-+
-+	if (to_locked.vm->el0_partition) {
-+		/*
-+		 * Get extra mapping attributes for the given VM ID.
-+		 * If the memory is shared by a VM executing in non secure
-+		 * world, attribute MM_MODE_NS had to be set while mapping
-+		 * that in a SP executing in secure world.
-+		 */
-+		memory_to_attributes |= arch_mm_extra_attributes_from_vm(
-+						retrieve_request->sender);
-+	}
-+
- 	ret = ffa_retrieve_check_update(
- 		to_locked, memory_region->sender, share_state->fragments,
- 		share_state->fragment_constituent_counts,
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/hafnium-tc.inc b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/hafnium-tc.inc
index 09de6f1..4e5368e 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/hafnium-tc.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/hafnium-tc.inc
@@ -3,15 +3,6 @@
 COMPATIBLE_MACHINE = "(tc?)"
 HAFNIUM_PLATFORM = "secure_tc"
 
-FILESEXTRAPATHS:prepend:tc := "${THISDIR}/files/tc:"
-
-SRC_URI:append = " \
-        file://0001-feat-emulate-cntp-timer-register-accesses-using-cnth.patch \
-        file://0002-feat-emulate-interrupt-controller-register-access.patch \
-        file://0003-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch \
-        file://0001-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch;patchdir=project/reference \
-        "
-
 do_compile() {
     PATH="${S}/prebuilts/linux-x64/clang/bin:$PATH" oe_runmake -C ${S}
 }
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb
index 884d4b3..cac3b73 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb
@@ -21,8 +21,5 @@
 # all optee packages
 IMAGE_INSTALL += "optee-client"
 
-# external system linux userspace test application
-IMAGE_INSTALL += "corstone1000-external-sys-tests"
-
 # TS PSA API tests commands for crypto, its, ps and iat
 IMAGE_INSTALL += "packagegroup-ts-tests-psa"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/fvp-base/0001-fdts-fvp-base-Add-stdout-path-and-virtio-net-and-rng.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/fvp-base/0001-fdts-fvp-base-Add-stdout-path-and-virtio-net-and-rng.patch
new file mode 100644
index 0000000..4d0019a
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/fvp-base/0001-fdts-fvp-base-Add-stdout-path-and-virtio-net-and-rng.patch
@@ -0,0 +1,64 @@
+From b79d3cf319cc5698311ef83247110c93d3c2de2c Mon Sep 17 00:00:00 2001
+Message-Id: <b79d3cf319cc5698311ef83247110c93d3c2de2c.1695834344.git.diego.sueiro@arm.com>
+From: Diego Sueiro <diego.sueiro@arm.com>
+Date: Wed, 27 Sep 2023 18:05:26 +0100
+Subject: [PATCH] fdts/fvp-base: Add stdout-path and virtio net and rng nodes
+
+Upstream-Status: Pending
+Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
+---
+ fdts/fvp-base-psci-common.dtsi |  8 ++++++--
+ fdts/rtsm_ve-motherboard.dtsi  | 12 ++++++++++++
+ 2 files changed, 18 insertions(+), 2 deletions(-)
+
+diff --git a/fdts/fvp-base-psci-common.dtsi b/fdts/fvp-base-psci-common.dtsi
+index 79cf37d3b0..b1ba5ce703 100644
+--- a/fdts/fvp-base-psci-common.dtsi
++++ b/fdts/fvp-base-psci-common.dtsi
+@@ -30,7 +30,9 @@
+ #if (ENABLE_RME == 1)
+ 	chosen { bootargs = "console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=on";};
+ #else
+-	chosen {};
++	chosen {
++		stdout-path = &v2m_serial0;
++	};
+ #endif
+ 
+ 	aliases {
+@@ -243,6 +245,8 @@
+ 				<0 0 39 &gic 0 GIC_SPI 39 IRQ_TYPE_LEVEL_HIGH>,
+ 				<0 0 40 &gic 0 GIC_SPI 40 IRQ_TYPE_LEVEL_HIGH>,
+ 				<0 0 41 &gic 0 GIC_SPI 41 IRQ_TYPE_LEVEL_HIGH>,
+-				<0 0 42 &gic 0 GIC_SPI 42 IRQ_TYPE_LEVEL_HIGH>;
++				<0 0 42 &gic 0 GIC_SPI 42 IRQ_TYPE_LEVEL_HIGH>,
++				<0 0 44 &gic 0 GIC_SPI 44 IRQ_TYPE_LEVEL_HIGH>,
++				<0 0 46 &gic 0 GIC_SPI 46 IRQ_TYPE_LEVEL_HIGH>;
+ 	};
+ };
+diff --git a/fdts/rtsm_ve-motherboard.dtsi b/fdts/rtsm_ve-motherboard.dtsi
+index 0a824b349a..21a083a51a 100644
+--- a/fdts/rtsm_ve-motherboard.dtsi
++++ b/fdts/rtsm_ve-motherboard.dtsi
+@@ -230,6 +230,18 @@
+ 					interrupts = <42>;
+ 				};
+ 
++				virtio@150000 {
++					compatible = "virtio,mmio";
++					reg = <0x150000 0x200>;
++					interrupts = <44>;
++				};
++
++				virtio@200000 {
++					compatible = "virtio,mmio";
++					reg = <0x200000 0x200>;
++					interrupts = <46>;
++				};
++
+ 				rtc@170000 {
+ 					compatible = "arm,pl031", "arm,primecell";
+ 					reg = <0x170000 0x1000>;
+-- 
+2.39.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-Reserve-OP-TEE-memory-from-nwd.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-Reserve-OP-TEE-memory-from-nwd.patch
index 2c634e3..ce2d059 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-Reserve-OP-TEE-memory-from-nwd.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-Reserve-OP-TEE-memory-from-nwd.patch
@@ -11,8 +11,9 @@
 prevent the normal world from using it. This is not required on most
 platforms as the Trusted OS is run from secure RAM.
 
-Upstream-Status: Pending (not yet submited to upstream)
+Upstream-Status: Pending (not yet submitted to upstream)
 Signed-off-by: Adam Johnston <adam.johnston@arm.com>
+Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
 ---
  plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts | 12 ++++++++++++
  1 file changed, 12 insertions(+)
@@ -31,9 +32,9 @@
 +		#size-cells = <2>;
 +		ranges;
 +
-+		optee@0x08000000 {
++		optee@0xDE000000 {
 +			compatible = "removed-dma-pool";
-+			reg = <0x0 0x08000000 0x0 0x02000000>;
++			reg = <0x0 0xDE000000 0x0 0x02000000>;
 +			no-map;
 +		};
 +	};
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0002-Modify-BL32-Location-to-DDR4.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0002-Modify-BL32-Location-to-DDR4.patch
new file mode 100644
index 0000000..8b2be19
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0002-Modify-BL32-Location-to-DDR4.patch
@@ -0,0 +1,30 @@
+From 15dab90c3cb8e7677c4f953c2269e8ee1afa01b0 Mon Oct 2 13:45:43 2023
+From: Mariam Elshakfy <mariam.elshakfy@arm.com>
+Date: Mon, 2 Oct 2023 13:45:43 +0000
+Subject: [PATCH] Modify BL32 Location to DDR4
+
+Since OP-TEE start address is changed to run
+from DDR4, this patch changes BL32 entrypoint
+to the correct one.
+
+Upstream-Status: Pending (not yet submitted to upstream)
+Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
+---
+ plat/arm/board/n1sdp/fdts/n1sdp_optee_spmc_manifest.dts | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/plat/arm/board/n1sdp/fdts/n1sdp_optee_spmc_manifest.dts b/plat/arm/board/n1sdp/fdts/n1sdp_optee_spmc_manifest.dts
+index ed870803c..797dfe3a4 100644
+--- a/plat/arm/board/n1sdp/fdts/n1sdp_optee_spmc_manifest.dts
++++ b/plat/arm/board/n1sdp/fdts/n1sdp_optee_spmc_manifest.dts
+@@ -22,8 +22,8 @@
+ 		maj_ver = <0x1>;
+ 		min_ver = <0x0>;
+ 		exec_state = <0x0>;
+-		load_address = <0x0 0x08000000>;
+-		entrypoint = <0x0 0x08000000>;
++		load_address = <0x0 0xDE000000>;
++		entrypoint = <0x0 0xDE000000>;
+ 		binary_size = <0x2000000>;
+ 	};
+ 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0003-Modify-SPMC-Base-to-DDR4.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0003-Modify-SPMC-Base-to-DDR4.patch
new file mode 100644
index 0000000..9e32717
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0003-Modify-SPMC-Base-to-DDR4.patch
@@ -0,0 +1,28 @@
+From 9a1d11b9fbadf740c73aee6dca4fd0370b38e4a8 Tue Oct 3 13:49:13 2023
+From: Mariam Elshakfy <mariam.elshakfy@arm.com>
+Date: Tue, 3 Oct 2023 13:49:13 +0000
+Subject: [PATCH] Modify SPMC Base to DDR4
+
+Since OP-TEE start address is changed to run
+from DDR4, this patch changes SPMC base to 
+the correct one.
+
+Upstream-Status: Pending (not yet submitted to upstream)
+Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
+---
+ plat/arm/board/n1sdp/include/platform_def.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/plat/arm/board/n1sdp/include/platform_def.h b/plat/arm/board/n1sdp/include/platform_def.h
+index b3799a7b2..b12c61b61 100644
+--- a/plat/arm/board/n1sdp/include/platform_def.h
++++ b/plat/arm/board/n1sdp/include/platform_def.h
+@@ -118,7 +118,7 @@
+ 
+ #define PLAT_ARM_MAX_BL31_SIZE		UL(0x40000)
+ 
+-#define PLAT_ARM_SPMC_BASE		U(0x08000000)
++#define PLAT_ARM_SPMC_BASE		U(0xDE000000)
+ #define PLAT_ARM_SPMC_SIZE		UL(0x02000000)  /* 32 MB */
+ 
+ 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_%.bbappend
index 392c609..074bc68 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_%.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_%.bbappend
@@ -2,3 +2,5 @@
 
 COMPATIBLE_MACHINE:corstone1000 = "corstone1000"
 SRCREV:corstone1000 = "5f591f67738a1bbe6b262c53d9dad46ed8bbcd67"
+
+COMPATIBLE_MACHINE:n1sdp = "n1sdp"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
index ee07137..8673199 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
@@ -24,6 +24,16 @@
 # BL2 loads BL32 (optee). So, optee needs to be built first:
 DEPENDS += "optee-os"
 
+# Note: Regarding the build option: LOG_LEVEL. 
+# There seems to be an issue when setting it
+# to 50 (LOG_LEVEL_VERBOSE), where the kernel 
+# tee driver sends yielding requests to OP-TEE
+# at a faster pace than OP-TEE processes them,
+# as the processing time is consumed by logging 
+# in TF-A. When this issue occurs, booting halts 
+# as soon as optee driver starts initialization.
+# Therefore, it's not currently recommended to
+# set LOG_LEVEL to 50 at all.
 EXTRA_OEMAKE:append = " \
                         ARCH=aarch64 \
                         TARGET_PLATFORM=${TFA_TARGET_PLATFORM} \
@@ -41,5 +51,4 @@
                         ERRATA_A35_855472=1 \
                         ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \
                         BL32=${RECIPE_SYSROOT}/${nonarch_base_libdir}/firmware/tee-pager_v2.bin \
-                        LOG_LEVEL=50 \
                         "
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-base.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-base.inc
new file mode 100644
index 0000000..5fafe29
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-base.inc
@@ -0,0 +1,20 @@
+# FVP specific TFA parameters
+
+#
+# Armv8-A Base Platform FVP
+#
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/files/:"
+SRC_URI:append = " file://0001-fdts-fvp-base-Add-stdout-path-and-virtio-net-and-rng.patch"
+
+COMPATIBLE_MACHINE = "fvp-base"
+TFA_PLATFORM = "fvp"
+TFA_DEBUG = "1"
+TFA_MBEDTLS = "1"
+TFA_UBOOT ?= "1"
+TFA_BUILD_TARGET = "bl1 bl2 bl31 dtbs fip"
+
+EXTRA_OEMAKE += "FVP_DT_PREFIX=fvp-base-gicv3-psci-1t"
+
+# Our fvp-base machine explicitly has v8.4 cores
+EXTRA_OEMAKE += "ARM_ARCH_MAJOR=8 ARM_ARCH_MINOR=4"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp.inc
deleted file mode 100644
index ca96b44..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp.inc
+++ /dev/null
@@ -1,12 +0,0 @@
-# FVP specific TFA parameters
-
-#
-# Armv8-A Base Platform FVP
-#
-
-COMPATIBLE_MACHINE = "fvp-base"
-TFA_PLATFORM = "fvp"
-TFA_DEBUG = "1"
-TFA_MBEDTLS = "1"
-TFA_UBOOT ?= "1"
-TFA_BUILD_TARGET = "bl1 bl2 bl31 dtbs fip"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc
index 900decc..79dc9b2 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc
@@ -5,18 +5,19 @@
 PV .= "+git"
 
 COMPATIBLE_MACHINE = "n1sdp"
-TFA_PLATFORM       = "n1sdp"
 TFA_BUILD_TARGET   = "all fip"
 TFA_INSTALL_TARGET = "bl1 bl2 bl31 n1sdp-multi-chip n1sdp-single-chip n1sdp_fw_config n1sdp_tb_fw_config fip"
 TFA_DEBUG          = "1"
 TFA_MBEDTLS        = "1"
 TFA_UBOOT          = "0"
-TFA_UEFI           = "1"
+TFA_UEFI          ?= "1"
 
 FILESEXTRAPATHS:prepend := "${THISDIR}/files/n1sdp:"
 
-SRC_URI:append = " \ 
+SRC_URI:append = " \
     file://0001-Reserve-OP-TEE-memory-from-nwd.patch \
+    file://0002-Modify-BL32-Location-to-DDR4.patch \
+    file://0003-Modify-SPMC-Base-to-DDR4.patch \
     "
 
 TFA_ROT_KEY= "plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem"
@@ -37,5 +38,4 @@
 		    ARM_ROTPK_LOCATION="devel_rsa" \
 		    ROT_KEY="${TFA_ROT_KEY}" \
 		    BL32=${RECIPE_SYSROOT}/${nonarch_base_libdir}/firmware/tee-pager_v2.bin \
-		    BL33=${RECIPE_SYSROOT}/firmware/uefi.bin \
 		    "
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
index 7fbcd3a..cb482a6 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
@@ -4,7 +4,7 @@
 
 MACHINE_TFA_REQUIRE ?= ""
 MACHINE_TFA_REQUIRE:corstone1000 = "trusted-firmware-a-corstone1000.inc"
-MACHINE_TFA_REQUIRE:fvp-base = "trusted-firmware-a-fvp.inc"
+MACHINE_TFA_REQUIRE:fvp-base = "trusted-firmware-a-fvp-base.inc"
 MACHINE_TFA_REQUIRE:juno = "trusted-firmware-a-juno.inc"
 MACHINE_TFA_REQUIRE:n1sdp = "trusted-firmware-a-n1sdp.inc"
 MACHINE_TFA_REQUIRE:sgi575 = "trusted-firmware-a-sgi575.inc"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch
index 98dabbe..4f00ea2 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0001-Platform-corstone1000-Increase-BL2-size-in-flash-lay.patch
@@ -6,7 +6,7 @@
 Increases BL2 size to align with the flash page size in corstone1000.
 
 Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Upstream-Status: Pending [Not submitted to upstream yet]
+Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24103]
 
 ---
  platform/ext/target/arm/corstone1000/partition/flash_layout.h | 2 +-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch
index d348d02..6bbd66f 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0002-Platform-Corstone1000-Increase-BL2_DATA_SIZE.patch
@@ -7,7 +7,7 @@
 metadata_write/read.
 
 Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Upstream-Status: Pending [Not submitted to upstream yet]
+Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24103]
 
 ---
  platform/ext/target/arm/corstone1000/partition/region_defs.h | 3 ++-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch
index bf7aba8..7a07c0c 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-Corstone1000-Calculate-the-new-CRC32-value-.patch
@@ -12,7 +12,7 @@
 the boot anymore.
 
 Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Upstream-Status: Pending [Not submitted to upstream yet]
+Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24104/7]
 
 ---
  .../arm/corstone1000/fw_update_agent/fwu_agent.c       | 10 +++++++---
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-Platform-corstone1000-add-unique-firmware-GUID.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-Platform-corstone1000-add-unique-firmware-GUID.patch
index 2f5ba04..e4eba62 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-Platform-corstone1000-add-unique-firmware-GUID.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-Platform-corstone1000-add-unique-firmware-GUID.patch
@@ -5,8 +5,8 @@
 
 Add unique Corstone-1000 firmware GUID
 
-Upstream-Status: Pending [Not submitted to upstream yet]
 Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
+Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24132/3]
 ---
  .../target/arm/corstone1000/fw_update_agent/fwu_agent.c   | 8 ++++----
  1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-Signed-Capsule.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-Signed-Capsule.patch
index 49c336d..f805a44 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-Signed-Capsule.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-Signed-Capsule.patch
@@ -7,7 +7,7 @@
 , image_auth, etc.) to comply with the new capsule generation tool (mkeficapsule).
 
 Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Upstream-Status: Pending [Not submitted to upstream yet]
+Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/24131/3]
 ---
  .../fw_update_agent/uefi_capsule_parser.c     | 25 +++++++++++--------
  .../fw_update_agent/uefi_capsule_parser.h     |  2 ++
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-increase-ITS-max-asset-size.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-increase-ITS-max-asset-size.patch
new file mode 100644
index 0000000..97cd14d
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-increase-ITS-max-asset-size.patch
@@ -0,0 +1,29 @@
+From ef97f7083279565dab45a550139935d741f159a9 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Fri, 29 Sep 2023 09:57:19 +0100
+Subject: [PATCH] platform: corstone1000: Increase ITS max asset size
+​
+Increases the max asset size for ITS to enable parsec services & tests
+​
+Upstream-Status: Pending
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Signed-off-by: Vikas Katariya <vikas.katariya@arm.com>
+---
+ platform/ext/target/arm/corstone1000/config_tfm_target.h | 5 +++++
+ 1 files changed, 5 insertions(+)
+​
+diff --git a/platform/ext/target/arm/corstone1000/config_tfm_target.h b/platform/ext/target/arm/corstone1000/config_tfm_target.h
+index e968366639..3f6e8477e5 100644
+--- a/platform/ext/target/arm/corstone1000/config_tfm_target.h
++++ b/platform/ext/target/arm/corstone1000/config_tfm_target.h
+@@ -24,4 +24,9 @@
+ #undef PS_NUM_ASSETS
+ #define PS_NUM_ASSETS        20
+
++/* The maximum size of asset to be stored in the Internal Trusted Storage area. */
++#undef ITS_MAX_ASSET_SIZE
++#define ITS_MAX_ASSET_SIZE        2048
++
++
+ #endif /* __CONFIG_TFM_TARGET_H__ */
+-- 
\ No newline at end of file
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-platform-corstone1000-align-capsule-update-structs.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-platform-corstone1000-align-capsule-update-structs.patch
new file mode 100644
index 0000000..7aeecfa
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-platform-corstone1000-align-capsule-update-structs.patch
@@ -0,0 +1,78 @@
+From 6807d4b30f7d4ed32d3c54dfcaf3ace63eaa4f02 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Thu, 26 Oct 2023 11:46:04 +0100
+Subject: [PATCH] platform: corstone1000: align capsule update structs
+
+U-boot mkefitool creates capsule image without packed and byte-aligned
+structs. This patch aligns the capsule-update structures and avoids
+crashes in case of unaligned pointer access.
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Upstream-Status: Pending
+---
+ .../fw_update_agent/uefi_capsule_parser.c          | 14 +++++++-------
+ 1 file changed, 7 insertions(+), 7 deletions(-)
+
+diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c
+index c706c040ac..9f8d12ad4e 100644
+--- a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c
++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_capsule_parser.c
+@@ -34,14 +34,14 @@ typedef struct {
+     uint32_t                header_size;
+     uint32_t                flags;
+     uint32_t                capsule_image_size;
+-} efi_capsule_header_t;
++} efi_capsule_header_t __attribute__((packed, aligned(1)));
+
+ typedef struct {
+     uint32_t                version;
+     uint16_t                embedded_driver_count;
+     uint16_t                payload_item_count;
+     uint64_t                item_offset_list[];
+-} efi_firmware_management_capsule_header_t;
++} efi_firmware_management_capsule_header_t __attribute__((packed, aligned(1)));
+
+ typedef struct {
+     uint32_t                version;
+@@ -52,14 +52,14 @@ typedef struct {
+     uint32_t                update_vendorcode_size;
+     uint64_t                update_hardware_instance; //introduced in v2
+     uint64_t                image_capsule_support; //introduced in v3
+-} efi_firmware_management_capsule_image_header_t;
++} efi_firmware_management_capsule_image_header_t __attribute__((packed, aligned(1)));
+
+ typedef struct {
+     uint32_t                signature;
+     uint32_t                header_size;
+     uint32_t                fw_version;
+     uint32_t                lowest_supported_version;
+-} fmp_payload_header_t;
++} fmp_payload_header_t __attribute__((packed, aligned(1)));
+
+ #define ANYSIZE_ARRAY 0
+
+@@ -68,18 +68,18 @@ typedef struct {
+     uint16_t                wRevision;
+     uint16_t                wCertificateType;
+     uint8_t                 bCertificate[ANYSIZE_ARRAY];
+-} WIN_CERTIFICATE;
++} WIN_CERTIFICATE __attribute__((packed, aligned(1)));
+
+ typedef struct {
+     WIN_CERTIFICATE         hdr;
+     struct efi_guid         cert_type;
+     uint8_t                 cert_data[ANYSIZE_ARRAY];
+-} win_certificate_uefi_guid_t;
++} win_certificate_uefi_guid_t __attribute__((packed, aligned(1)));
+
+ typedef struct {
+     uint64_t                    monotonic_count;
+     win_certificate_uefi_guid_t   auth_info;
+-} efi_firmware_image_authentication_t;
++} efi_firmware_image_authentication_t __attribute__((packed, aligned(1)));
+
+
+ enum uefi_capsule_error_t uefi_capsule_retrieve_images(void* capsule_ptr,
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-platform-corstone1000-fix-synchronization-issue-on-o.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-platform-corstone1000-fix-synchronization-issue-on-o.patch
new file mode 100644
index 0000000..be6bde6
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-platform-corstone1000-fix-synchronization-issue-on-o.patch
@@ -0,0 +1,50 @@
+From b70dd14eed59d7c5833ded8469cf99e631951e14 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Wed, 15 Nov 2023 09:52:19 +0000
+Subject: [PATCH] platform: corstone1000: fix synchronization issue on openamp
+ notification
+
+This fixes a race that is observed rarely in the FVP. It occurs in FVP
+when tfm sends the notication ack in openamp, and then reset the access
+request which resets the mhu registers before received by the host
+processor. This solution introduces polling on the status register of
+mhu until the notificaiton is read by the host processor. (Inspired by
+signal_and_wait_for_signal function in mhu_wrapper_v2_x.c in trusted-firmware-m
+https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/ext/target/arm/rss/common/native_drivers/mhu_wrapper_v2_x.c#n61)
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ .../corstone1000/openamp/platform_spe_dual_core_hal.c    | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c b/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c
+index 7613345ffc..b58088032f 100644
+--- a/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c
++++ b/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c
+@@ -83,7 +83,7 @@ enum tfm_plat_err_t tfm_dual_core_hal_init(void)
+
+ enum tfm_plat_err_t tfm_hal_notify_peer(void)
+ {
+-    uint32_t access_ready;
++    uint32_t access_ready,val;
+     enum mhu_v2_x_error_t status;
+     struct mhu_v2_x_dev_t* dev = &MHU1_SE_TO_HOST_DEV;
+
+@@ -108,6 +108,13 @@ enum tfm_plat_err_t tfm_hal_notify_peer(void)
+         return TFM_PLAT_ERR_SYSTEM_ERR;
+     }
+
++    do {
++        status = mhu_v2_x_channel_poll(dev, MHU1_SEH_NOTIFY_CH, &val);
++        if (status != MHU_V_2_X_ERR_NONE) {
++            break;
++        }
++    } while(val != 0);
++
+     status = mhu_v2_x_reset_access_request(dev);
+     if (status != MHU_V_2_X_ERR_NONE) {
+         SPMLOG_ERRMSGVAL("mhu_v2_x_reset_access_request : ", status);
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
index 601d165..7cf3b94 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
@@ -34,6 +34,9 @@
     file://0004-arm-trusted-firmware-m-disable-fatal-warnings.patch \
     file://0005-Platform-corstone1000-add-unique-firmware-GUID.patch \
     file://0006-Platform-Corstone1000-Enable-Signed-Capsule.patch \
+    file://0007-platform-corstone1000-increase-ITS-max-asset-size.patch \
+    file://0008-platform-corstone1000-align-capsule-update-structs.patch \
+    file://0009-platform-corstone1000-fix-synchronization-issue-on-o.patch \
     "
 
 # TF-M ships patches for external dependencies that needs to be applied
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc
new file mode 100644
index 0000000..b6b7a04
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-corstone1000.inc
@@ -0,0 +1,63 @@
+# Corstone1000 specific U-boot support
+
+DEPENDS:append = " gnutls-native openssl-native efitools-native"
+CORSTONE1000_DEVICE_TREE:corstone1000-mps3 = "corstone1000-mps3"
+CORSTONE1000_DEVICE_TREE:corstone1000-fvp = "corstone1000-fvp"
+EXTRA_OEMAKE:append = ' DEVICE_TREE=${CORSTONE1000_DEVICE_TREE}'
+
+SYSROOT_DIRS:append = " /boot"
+
+SRC_URI:append = " \
+    file://0001-FF-A-v15-arm64-smccc-add-support-for-SMCCCv1.2-x0-x1.patch \
+    file://0002-FF-A-v15-lib-uuid-introduce-uuid_str_to_le_bin-funct.patch \
+    file://0003-FF-A-v15-lib-uuid-introduce-testcase-for-uuid_str_to.patch \
+    file://0004-FF-A-v15-arm_ffa-introduce-Arm-FF-A-support.patch \
+    file://0005-FF-A-v15-arm_ffa-introduce-armffa-command.patch \
+    file://0006-FF-A-v15-arm_ffa-introduce-sandbox-FF-A-support.patch \
+    file://0007-FF-A-v15-arm_ffa-introduce-sandbox-test-cases-for-UC.patch \
+    file://0008-FF-A-v15-arm_ffa-introduce-armffa-command-Sandbox-te.patch \
+    file://0009-FF-A-v15-arm_ffa-efi-introduce-FF-A-MM-communication.patch \
+    file://0010-FF-A-v15-arm_ffa-efi-corstone1000-enable-MM-communic.patch \
+    file://0011-efi-corstone1000-fwu-introduce-EFI-capsule-update.patch \
+    file://0012-arm-corstone1000-fix-unrecognized-filesystem-type.patch \
+    file://0013-efi_loader-corstone1000-remove-guid-check-from-corst.patch \
+    file://0014-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch \
+    file://0015-efi_firmware-add-get_image_info-for-corstone1000.patch \
+    file://0016-efi_loader-fix-null-pointer-exception-with-get_image.patch \
+    file://0017-arm-corstone1000-add-mmc-for-fvp.patch \
+    file://0018-corstone1000-add-compressed-kernel-support.patch \
+    file://0019-arm-corstone1000-esrt-support.patch \
+    file://0020-corstone1000-enable-distro-booting-command.patch \
+    file://0021-corstone1000-add-fwu-metadata-store-info.patch \
+    file://0022-fwu_metadata-make-sure-structures-are-packed.patch \
+    file://0023-corstone1000-add-boot-index.patch \
+    file://0024-corstone1000-adjust-boot-bank-and-kernel-location.patch \
+    file://0025-corstone1000-add-nvmxip-fwu-mdata-and-gpt-options.patch \
+    file://0026-nvmxip-move-header-to-include.patch \
+    file://0027-corstone1000-set-kernel_addr-based-on-boot_idx.patch \
+    file://0028-corstone1000-boot-index-from-active.patch \
+    file://0029-corstone1000-enable-PSCI-reset.patch \
+    file://0030-Enable-EFI-set-get-time-services.patch \
+    file://0031-corstone1000-detect-inflated-kernel-size.patch \
+    file://0032-corstone1000-ESRT-add-unique-firmware-GUID.patch \
+    file://0033-dt-Provide-a-way-to-remove-non-compliant-nodes-and-p.patch \
+    file://0034-bootefi-Call-the-EVT_FT_FIXUP-event-handler.patch \
+    file://0035-corstone1000-purge-U-Boot-specific-DT-nodes.patch \
+    file://0036-corstone1000-add-signature-device-tree-overlay.patch \
+    file://0037-corstone1000-enable-authenticated-capsule-config.patch \
+    file://0038-corstone1000-introduce-EFI-authenticated-capsule-upd.patch \
+    file://0039-enables-ondisk-capsule-update-feature.patch		  \
+    file://0040-fix-runtime-capsule-update-flags-checks.patch		  \
+    file://0041-scatter-gather-flag-workaround.patch			  \
+    file://0042-corstone1000-enable-virtio-net-support.patch		  \
+    "
+
+do_configure:append(){
+    openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=CRT/ -keyout ${B}/CRT.key -out ${B}/CRT.crt -nodes -days 365
+    cert-to-efi-sig-list ${B}/CRT.crt ${B}/corstone1000_defconfig/CRT.esl
+}
+
+do_install:append() {
+   install -D -p -m 0644 ${B}/CRT.crt ${DEPLOY_DIR_IMAGE}/corstone1000_capsule_cert.crt
+   install -D -p -m 0644 ${B}/CRT.key ${DEPLOY_DIR_IMAGE}/corstone1000_capsule_key.key
+}
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-fvp-base.inc b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-fvp-base.inc
new file mode 100644
index 0000000..b766181
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-fvp-base.inc
@@ -0,0 +1,8 @@
+# FVP base specific U-boot support
+
+SRC_URI:append = " \
+    file://0001-virtio-rng-Workaround-for-FVP-returning-zero-size-bu.patch \
+    file://0002-vexpress64-Set-the-DM_RNG-property.patch \
+    file://0003-vexpress64-Select-PSCI-RESET-by-default.patch \
+    file://0004-vexpress64-Imply-CONFIG_ARM64_CRC32-by-default.patch \
+    "
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-juno.inc b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-juno.inc
new file mode 100644
index 0000000..e49d87c
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-juno.inc
@@ -0,0 +1,3 @@
+# Juno specific U-boot support
+
+SRC_URI:append = " file://0001-configs-vexpress-modify-to-boot-compressed-initramfs.patch"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-tc.inc b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-tc.inc
new file mode 100644
index 0000000..ca182c5
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-tc.inc
@@ -0,0 +1,5 @@
+# TC0 and TC1 specific U-boot support 
+
+SRC_URI:append = " \
+    file://bootargs.cfg \
+    "
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0001-FF-A-v15-arm64-smccc-add-support-for-SMCCCv1.2-x0-x1.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0001-FF-A-v15-arm64-smccc-add-support-for-SMCCCv1.2-x0-x1.patch
index df633e2..485ed4b 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0001-FF-A-v15-arm64-smccc-add-support-for-SMCCCv1.2-x0-x1.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0001-FF-A-v15-arm64-smccc-add-support-for-SMCCCv1.2-x0-x1.patch
@@ -1,7 +1,7 @@
-From b79722ade56bd49cf9e7d9b47b6256599c8cdb36 Mon Sep 17 00:00:00 2001
+From 6b7a5bff8d68b191569557b6444e2c5061af8074 Mon Sep 17 00:00:00 2001
 From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
 Date: Fri, 29 Jul 2022 13:06:19 +0100
-Subject: [PATCH 01/33] FF-A v15: arm64: smccc: add support for SMCCCv1.2
+Subject: [PATCH 01/38] FF-A v15: arm64: smccc: add support for SMCCCv1.2
  x0-x17 registers
 
 add support for x0-x17 registers used by the SMC calls
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0002-FF-A-v15-lib-uuid-introduce-uuid_str_to_le_bin-funct.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0002-FF-A-v15-lib-uuid-introduce-uuid_str_to_le_bin-funct.patch
index 550be6b..ebb2b55 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0002-FF-A-v15-lib-uuid-introduce-uuid_str_to_le_bin-funct.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0002-FF-A-v15-lib-uuid-introduce-uuid_str_to_le_bin-funct.patch
@@ -1,7 +1,7 @@
-From 43137871fcc46513eea1480cd78ad091763578f0 Mon Sep 17 00:00:00 2001
+From faa2a74ce8cc9497c551b1bee6beed5c2c2f2dee Mon Sep 17 00:00:00 2001
 From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
 Date: Thu, 4 Aug 2022 16:46:47 +0100
-Subject: [PATCH 02/33] FF-A v15: lib: uuid: introduce uuid_str_to_le_bin
+Subject: [PATCH 02/38] FF-A v15: lib: uuid: introduce uuid_str_to_le_bin
  function
 
 convert UUID string to little endian binary data
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0003-FF-A-v15-lib-uuid-introduce-testcase-for-uuid_str_to.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0003-FF-A-v15-lib-uuid-introduce-testcase-for-uuid_str_to.patch
index bbd4e04..dbdf296 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0003-FF-A-v15-lib-uuid-introduce-testcase-for-uuid_str_to.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0003-FF-A-v15-lib-uuid-introduce-testcase-for-uuid_str_to.patch
@@ -1,7 +1,7 @@
-From 80fd758cb55f8b44078b4535284ea132b0d5a944 Mon Sep 17 00:00:00 2001
+From fa4a5b45d0254e347ba15992d997529f5056fe8f Mon Sep 17 00:00:00 2001
 From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
 Date: Mon, 27 Mar 2023 16:24:29 +0100
-Subject: [PATCH 03/33] FF-A v15: lib: uuid: introduce testcase for
+Subject: [PATCH 03/38] FF-A v15: lib: uuid: introduce testcase for
  uuid_str_to_le_bin
 
 provide a test case
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0004-FF-A-v15-arm_ffa-introduce-Arm-FF-A-support.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0004-FF-A-v15-arm_ffa-introduce-Arm-FF-A-support.patch
index f0d6763..e2c9d86 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0004-FF-A-v15-arm_ffa-introduce-Arm-FF-A-support.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0004-FF-A-v15-arm_ffa-introduce-Arm-FF-A-support.patch
@@ -1,7 +1,7 @@
-From e8b71ec24884a0c973ac663e6802ff529a8be349 Mon Sep 17 00:00:00 2001
+From 6a50d03467b70220b615dbe87b4b49d7f86fcb2f Mon Sep 17 00:00:00 2001
 From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
 Date: Mon, 17 Jul 2023 15:11:43 +0100
-Subject: [PATCH 04/33] FF-A v15: arm_ffa: introduce Arm FF-A support
+Subject: [PATCH 04/38] FF-A v15: arm_ffa: introduce Arm FF-A support
 
 Add Arm FF-A support implementing Arm Firmware Framework for Armv8-A v1.0
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0005-FF-A-v15-arm_ffa-introduce-armffa-command.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0005-FF-A-v15-arm_ffa-introduce-armffa-command.patch
index aeb4bb9..0a4f4c9 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0005-FF-A-v15-arm_ffa-introduce-armffa-command.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0005-FF-A-v15-arm_ffa-introduce-armffa-command.patch
@@ -1,7 +1,7 @@
-From 3eb4fb19777383f5f05b7ce74da141f53ffc4374 Mon Sep 17 00:00:00 2001
+From 2d225908fde28c9759fae7a9fdce6bb8c39ec579 Mon Sep 17 00:00:00 2001
 From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
 Date: Wed, 10 May 2023 17:27:01 +0100
-Subject: [PATCH 05/33] FF-A v15: arm_ffa: introduce armffa command
+Subject: [PATCH 05/38] FF-A v15: arm_ffa: introduce armffa command
 
 Provide armffa command showcasing the use of the U-Boot FF-A support
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-FF-A-v15-arm_ffa-introduce-sandbox-FF-A-support.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-FF-A-v15-arm_ffa-introduce-sandbox-FF-A-support.patch
index 4f94b72..13ea227 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-FF-A-v15-arm_ffa-introduce-sandbox-FF-A-support.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-FF-A-v15-arm_ffa-introduce-sandbox-FF-A-support.patch
@@ -1,7 +1,7 @@
-From 4f104ef6804ffd6483d166840d113630be85edb0 Mon Sep 17 00:00:00 2001
+From 8b24115d3b41af53602bfc80bea7e134dc0edefb Mon Sep 17 00:00:00 2001
 From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
 Date: Mon, 17 Jul 2023 15:18:58 +0100
-Subject: [PATCH 06/33] FF-A v15: arm_ffa: introduce sandbox FF-A support
+Subject: [PATCH 06/38] FF-A v15: arm_ffa: introduce sandbox FF-A support
 
 Emulate Secure World's FF-A ABIs and allow testing U-Boot FF-A support
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0007-FF-A-v15-arm_ffa-introduce-sandbox-test-cases-for-UC.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0007-FF-A-v15-arm_ffa-introduce-sandbox-test-cases-for-UC.patch
index 966c32b..7233079 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0007-FF-A-v15-arm_ffa-introduce-sandbox-test-cases-for-UC.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0007-FF-A-v15-arm_ffa-introduce-sandbox-test-cases-for-UC.patch
@@ -1,7 +1,7 @@
-From 00d0d8edf47430e3069e7c1dfa7a5bb7bb36bd49 Mon Sep 17 00:00:00 2001
+From 9c789dbc70d58f55c84cc02ac35783af0aae85d5 Mon Sep 17 00:00:00 2001
 From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
 Date: Wed, 10 May 2023 17:34:55 +0100
-Subject: [PATCH 07/33] FF-A v15: arm_ffa: introduce sandbox test cases for
+Subject: [PATCH 07/38] FF-A v15: arm_ffa: introduce sandbox test cases for
  UCLASS_FFA
 
 Add functional test cases for the FF-A support
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-FF-A-v15-arm_ffa-introduce-armffa-command-Sandbox-te.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-FF-A-v15-arm_ffa-introduce-armffa-command-Sandbox-te.patch
index 05b5e4d..5d70db6 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-FF-A-v15-arm_ffa-introduce-armffa-command-Sandbox-te.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-FF-A-v15-arm_ffa-introduce-armffa-command-Sandbox-te.patch
@@ -1,7 +1,7 @@
-From 78547a9f322b981a93bbeeb48b3eda1d2ab35cd0 Mon Sep 17 00:00:00 2001
+From 95589fd6c92d41aa22d30a34193006216c6ee827 Mon Sep 17 00:00:00 2001
 From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
 Date: Fri, 23 Jun 2023 13:44:10 +0100
-Subject: [PATCH 08/33] FF-A v15: arm_ffa: introduce armffa command Sandbox
+Subject: [PATCH 08/38] FF-A v15: arm_ffa: introduce armffa command Sandbox
  test
 
 Add Sandbox test for the armffa command
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-FF-A-v15-arm_ffa-efi-introduce-FF-A-MM-communication.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-FF-A-v15-arm_ffa-efi-introduce-FF-A-MM-communication.patch
index bd75bc1..6f663fa 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-FF-A-v15-arm_ffa-efi-introduce-FF-A-MM-communication.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-FF-A-v15-arm_ffa-efi-introduce-FF-A-MM-communication.patch
@@ -1,7 +1,7 @@
-From 342844c2a5ad6beb127e1e8e52b311df77cff472 Mon Sep 17 00:00:00 2001
+From 02e38e24676d48d8a792ab6631a903ae1faa6271 Mon Sep 17 00:00:00 2001
 From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
 Date: Mon, 15 Aug 2022 15:12:49 +0100
-Subject: [PATCH 09/33] FF-A v15: arm_ffa: efi: introduce FF-A MM communication
+Subject: [PATCH 09/38] FF-A v15: arm_ffa: efi: introduce FF-A MM communication
 
 Add MM communication support using FF-A transport
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0010-FF-A-v15-arm_ffa-efi-corstone1000-enable-MM-communic.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0010-FF-A-v15-arm_ffa-efi-corstone1000-enable-MM-communic.patch
index 4dcec1d..bc71b94 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0010-FF-A-v15-arm_ffa-efi-corstone1000-enable-MM-communic.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0010-FF-A-v15-arm_ffa-efi-corstone1000-enable-MM-communic.patch
@@ -1,7 +1,7 @@
-From 79e941be83a7394d03b09c618c8e2924ef962d64 Mon Sep 17 00:00:00 2001
+From c726c9ff098e4b271d60856b462f3dc532763a03 Mon Sep 17 00:00:00 2001
 From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
 Date: Mon, 17 Jul 2023 15:23:33 +0100
-Subject: [PATCH 10/33] FF-A v15: arm_ffa: efi: corstone1000: enable MM
+Subject: [PATCH 10/38] FF-A v15: arm_ffa: efi: corstone1000: enable MM
  communication
 
 turn on EFI MM communication
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0011-efi-corstone1000-fwu-introduce-EFI-capsule-update.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0011-efi-corstone1000-fwu-introduce-EFI-capsule-update.patch
index d2c440c..00d6ea7 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0011-efi-corstone1000-fwu-introduce-EFI-capsule-update.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0011-efi-corstone1000-fwu-introduce-EFI-capsule-update.patch
@@ -1,7 +1,7 @@
-From 90b2741149a538c93aed61522c0d3363351bd578 Mon Sep 17 00:00:00 2001
+From 4483f276e70afdd961449ac45d4d8121c2a9080c Mon Sep 17 00:00:00 2001
 From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
 Date: Mon, 17 Jul 2023 15:56:18 +0100
-Subject: [PATCH 11/33] efi: corstone1000: fwu: introduce EFI capsule update
+Subject: [PATCH 11/38] efi: corstone1000: fwu: introduce EFI capsule update
 
 This commit provides capsule update feature for Corstone1000.
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0012-arm-corstone1000-fix-unrecognized-filesystem-type.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0012-arm-corstone1000-fix-unrecognized-filesystem-type.patch
index f9fb70b..023d53c 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0012-arm-corstone1000-fix-unrecognized-filesystem-type.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0012-arm-corstone1000-fix-unrecognized-filesystem-type.patch
@@ -1,7 +1,7 @@
-From 445dfd4a5d8f31a7efb3f2f15aa677de8b3eb602 Mon Sep 17 00:00:00 2001
+From 7844378788f308f3540c5eb10956c84113005fcc Mon Sep 17 00:00:00 2001
 From: Rui Miguel Silva <rui.silva@linaro.org>
 Date: Fri, 4 Mar 2022 15:56:09 +0000
-Subject: [PATCH 12/33] arm: corstone1000: fix unrecognized filesystem type
+Subject: [PATCH 12/38] arm: corstone1000: fix unrecognized filesystem type
 
 Some usb sticks are not recognized by usb, just add a
 delay before checking status.
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-efi_loader-corstone1000-remove-guid-check-from-corst.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-efi_loader-corstone1000-remove-guid-check-from-corst.patch
index 4ddb35e..71cdf6a 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-efi_loader-corstone1000-remove-guid-check-from-corst.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-efi_loader-corstone1000-remove-guid-check-from-corst.patch
@@ -1,7 +1,7 @@
-From 68248cd3cc95e0480ee2cbc3ebaba51967889199 Mon Sep 17 00:00:00 2001
+From 94e6c1dee044b3573991e48449de9144cfe3c0f3 Mon Sep 17 00:00:00 2001
 From: Vishnu Banavath <vishnu.banavath@arm.com>
 Date: Sat, 11 Dec 2021 13:23:55 +0000
-Subject: [PATCH 13/33] efi_loader: corstone1000: remove guid check from
+Subject: [PATCH 13/38] efi_loader: corstone1000: remove guid check from
  corstone1000 config option
 
 Use generic fmp guid and no separte check is required for
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0014-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0014-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch
index c0b3fa8..9d3cb66 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0014-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0014-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch
@@ -1,7 +1,7 @@
-From bb0eb602d3697384318cac90605259aa7fb21c9b Mon Sep 17 00:00:00 2001
+From 9be08ccf3f7b30b2c57ff2eb593c5b17c967fc4a Mon Sep 17 00:00:00 2001
 From: Vishnu Banavath <vishnu.banavath@arm.com>
 Date: Fri, 17 Dec 2021 19:49:02 +0000
-Subject: [PATCH 14/33] efi_loader: populate ESRT table if EFI_ESRT config
+Subject: [PATCH 14/38] efi_loader: populate ESRT table if EFI_ESRT config
  option is set
 
 This change is to call efi_esrt_populate function if CONFIG_EFI_ESRT
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-efi_firmware-add-get_image_info-for-corstone1000.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-efi_firmware-add-get_image_info-for-corstone1000.patch
index 2186330..c74c7c0 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-efi_firmware-add-get_image_info-for-corstone1000.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-efi_firmware-add-get_image_info-for-corstone1000.patch
@@ -1,7 +1,7 @@
-From 5e12999d179e84ac52e242d56c57a4d429651124 Mon Sep 17 00:00:00 2001
+From 03fe979677509f974b8d56097fbbd6c7e4cbe20b Mon Sep 17 00:00:00 2001
 From: Vishnu Banavath <vishnu.banavath@arm.com>
 Date: Fri, 17 Dec 2021 19:50:25 +0000
-Subject: [PATCH 15/33] efi_firmware: add get_image_info for corstone1000
+Subject: [PATCH 15/38] efi_firmware: add get_image_info for corstone1000
 
 This change is to populate get_image_info which eventually
 will be populated in ESRT table
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-efi_loader-fix-null-pointer-exception-with-get_image.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-efi_loader-fix-null-pointer-exception-with-get_image.patch
index b58c1d79..655e014 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-efi_loader-fix-null-pointer-exception-with-get_image.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-efi_loader-fix-null-pointer-exception-with-get_image.patch
@@ -1,7 +1,7 @@
-From 957e88fc52d77e6a3024f06bebfaa713c9e99e59 Mon Sep 17 00:00:00 2001
+From 13bf700129e902ba7ae556babcfb9c7956f32571 Mon Sep 17 00:00:00 2001
 From: Vishnu Banavath <vishnu.banavath@arm.com>
 Date: Fri, 14 Jan 2022 15:24:18 +0000
-Subject: [PATCH 16/33] efi_loader: fix null pointer exception with
+Subject: [PATCH 16/38] efi_loader: fix null pointer exception with
  get_image_info
 
 get_img_info API implemented for corstone1000 target does not
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-arm-corstone1000-add-mmc-for-fvp.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-arm-corstone1000-add-mmc-for-fvp.patch
index 75fe64c..dd746d9 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-arm-corstone1000-add-mmc-for-fvp.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-arm-corstone1000-add-mmc-for-fvp.patch
@@ -1,7 +1,7 @@
-From 61b5f50718431b5fff57fcaa924238135b11ed3c Mon Sep 17 00:00:00 2001
+From e07a03678e72afa7a5d2ab66ce2e1a21e0a73cfc Mon Sep 17 00:00:00 2001
 From: Rui Miguel Silva <rui.silva@linaro.org>
 Date: Mon, 17 Jul 2023 16:50:53 +0100
-Subject: [PATCH 17/33] arm:corstone1000: add mmc for fvp
+Subject: [PATCH 17/38] arm:corstone1000: add mmc for fvp
 
 Enable support mmc/sdcard for the corstone1000 FVP.
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0018-corstone1000-add-compressed-kernel-support.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0018-corstone1000-add-compressed-kernel-support.patch
index 0f28cdf..97cf4d0 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0018-corstone1000-add-compressed-kernel-support.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0018-corstone1000-add-compressed-kernel-support.patch
@@ -1,7 +1,7 @@
-From a5879f1e7d91fc31058ba75b499d77cab080d611 Mon Sep 17 00:00:00 2001
+From b5cfd8ab77e7f305b170a8cd25575e8cc08babc5 Mon Sep 17 00:00:00 2001
 From: Jon Mason <jon.mason@arm.com>
 Date: Wed, 30 Nov 2022 18:59:59 +0000
-Subject: [PATCH 18/33] corstone1000: add compressed kernel support
+Subject: [PATCH 18/38] corstone1000: add compressed kernel support
 
 The corstone1000 kernel has become too large to fit in the available
 storage.  Swtiching to a compressed kernel avoids the problem, but
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-Introduce-external-sys-driver-to-device-tree.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-Introduce-external-sys-driver-to-device-tree.patch
deleted file mode 100644
index a4c6625..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-Introduce-external-sys-driver-to-device-tree.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 0748658414dd02cec0219841a86c4e7b99bfc171 Mon Sep 17 00:00:00 2001
-From: Emekcan <emekcan.aras@arm.com>
-Date: Wed, 30 Nov 2022 19:02:26 +0000
-Subject: [PATCH 19/33] Introduce external sys driver to device-tree
-
-It adds external sys driver binding to u-boot
-device tree.
-
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- arch/arm/dts/corstone1000.dtsi | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/arch/arm/dts/corstone1000.dtsi b/arch/arm/dts/corstone1000.dtsi
-index 533dfdf8e1..a834d38454 100644
---- a/arch/arm/dts/corstone1000.dtsi
-+++ b/arch/arm/dts/corstone1000.dtsi
-@@ -167,5 +167,12 @@
- 			secure-status = "okay";     /* secure-world-only */
- 			status = "disabled";
- 		};
-+
-+		extsys0: extsys@1A010310 {
-+			compatible = "arm,extsys_ctrl";
-+			reg = <0x1A010310 0x4>,
-+			      <0x1A010314 0X4>;
-+			reg-names = "rstreg", "streg";
-+		};
- 	};
- };
--- 
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-arm-corstone1000-esrt-support.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-arm-corstone1000-esrt-support.patch
new file mode 100644
index 0000000..11e5124
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-arm-corstone1000-esrt-support.patch
@@ -0,0 +1,225 @@
+From d7682e9f7c45fffe5be0bc67ee9e31fdca1b94c5 Mon Sep 17 00:00:00 2001
+From: Satish Kumar <satish.kumar01@arm.com>
+Date: Wed, 30 Nov 2022 19:11:43 +0000
+Subject: [PATCH 19/38] arm/corstone1000: esrt support
+
+The implementation is platform specific and would require
+change in future.
+
+The patch should not be upstreamed as it is to the u-boot.
+Redesign of FMP protocol for ESRT and Capsule Update interface
+is to be considered in the future.
+
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+Upstream-Status: Inappropriate [Redesign of FMP protocol for ESRT and Capsule update interface is required]
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ include/efi_api.h             |   2 +-
+ lib/efi_loader/efi_firmware.c | 133 ++++++++++++++++++++++++++++++++++
+ lib/efi_loader/efi_setup.c    |  17 +++--
+ 3 files changed, 143 insertions(+), 9 deletions(-)
+
+diff --git a/include/efi_api.h b/include/efi_api.h
+index 55a4c989fc..f267ab5110 100644
+--- a/include/efi_api.h
++++ b/include/efi_api.h
+@@ -2086,7 +2086,7 @@ struct efi_firmware_image_descriptor {
+ 	u32 last_attempt_status;
+ 	u64 hardware_instance;
+ 	efi_firmware_image_dep_t *dependencies;
+-};
++} __packed;
+ 
+ struct efi_firmware_management_protocol {
+ 	efi_status_t (EFIAPI *get_image_info)(
+diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c
+index c883e2ff0a..c6ab6e2182 100644
+--- a/lib/efi_loader/efi_firmware.c
++++ b/lib/efi_loader/efi_firmware.c
+@@ -15,6 +15,7 @@
+ #include <signatures.h>
+ 
+ #include <linux/list.h>
++#include <efi_variable.h>
+ 
+ #define FMP_PAYLOAD_HDR_SIGNATURE	SIGNATURE_32('M', 'S', 'S', '1')
+ 
+@@ -417,8 +418,140 @@ efi_status_t EFIAPI efi_firmware_fit_set_image(
+ 	return EFI_EXIT(EFI_SUCCESS);
+ }
+ 
++#if CONFIG_IS_ENABLED(TARGET_CORSTONE1000)
++
++/**
++ * efi_firmware_corstone1000_get_image_info - return information about the current
++                                    firmware image
++ * @this:                      Protocol instance
++ * @image_info_size:           Size of @image_info
++ * @image_info:                        Image information
++ * @descriptor_version:                Pointer to version number
++ * @descriptor_count:          Pointer to number of descriptors
++ * @descriptor_size:           Pointer to descriptor size
++ * package_version:            Package version
++ * package_version_name:       Package version's name
++ *
++ * Return information bout the current firmware image in @image_info.
++ * @image_info will consist of a number of descriptors.
++ * Each descriptor will be created based on efi fetched variable.
++ *
++ * Return              status code
++ */
++static
++efi_status_t EFIAPI efi_firmware_corstone1000_get_image_info(
++       struct efi_firmware_management_protocol *this,
++       efi_uintn_t *image_info_size,
++       struct efi_firmware_image_descriptor *image_info,
++       u32 *descriptor_version,
++       u8 *descriptor_count,
++       efi_uintn_t *descriptor_size,
++       u32 *package_version,
++       u16 **package_version_name)
++{
++	efi_uintn_t var_size;
++	efi_status_t ret = EFI_SUCCESS;
++	efi_uintn_t image_info_size_var = 0;
++	efi_uintn_t image_info_name_size_var;
++	efi_uintn_t image_info_version_size_var;
++	u8 *runner = (u8 *)image_info;
++	u16 fmp_image_name[14] = {'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'N', 'a', 'm', 'e', '1', '\0'};
++	u16 fmp_version_name[16] = {'F', 'm', 'p', 'V', 'e', 'r', 's', 'i', 'o', 'n', 'N', 'a', 'm', 'e', '1', '\0'};
++
++	EFI_ENTRY("%p %p %p %p %p %p %p %p\n", this,
++	          image_info_size, image_info,
++	          descriptor_version, descriptor_count, descriptor_size,
++	          package_version, package_version_name);
++
++	if (!image_info_size)
++	        return EFI_EXIT(EFI_INVALID_PARAMETER);
++
++	if (*image_info_size &&
++	    (!image_info || !descriptor_version || !descriptor_count ||
++	     !descriptor_size || !package_version || !package_version_name))
++	        return EFI_EXIT(EFI_INVALID_PARAMETER);
++
++	var_size = sizeof(*descriptor_version);
++	ret = efi_get_variable(u"FmpDescriptorVersion",
++	                           &efi_guid_firmware_management_protocol, NULL,
++	                           &var_size, descriptor_version);
++	if (ret != EFI_SUCCESS)
++	        return EFI_EXIT(ret);
++
++	if (*descriptor_version != EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION)
++	        return EFI_EXIT(EFI_UNSUPPORTED);
++
++	var_size = sizeof(image_info_size_var);
++	ret = efi_get_variable(u"FmpImageInfoSize",
++	                           &efi_guid_firmware_management_protocol, NULL,
++	                           &var_size, &image_info_size_var);
++	if (ret != EFI_SUCCESS)
++	        return EFI_EXIT(ret);
++
++	if (*image_info_size < image_info_size_var) {
++	        *image_info_size = image_info_size_var;
++	        return EFI_EXIT(EFI_BUFFER_TOO_SMALL);
++	}
++
++	image_info_name_size_var = image_info_size_var;
++
++	var_size = sizeof(*descriptor_count);
++	ret = efi_get_variable(u"FmpDescriptorCount",
++	                           &efi_guid_firmware_management_protocol, NULL,
++	                           &var_size, descriptor_count);
++	if (ret != EFI_SUCCESS) {
++	        return EFI_EXIT(ret);
++	}
++
++	ret = efi_get_variable(u"FmpImageInfo",
++	                           &efi_guid_firmware_management_protocol, NULL,
++	                           &image_info_size_var, image_info);
++	if (ret != EFI_SUCCESS)
++	        return EFI_EXIT(ret);
++
++	runner += image_info_size_var;
++
++	image_info_name_size_var -= image_info_size_var;
++	image_info_version_size_var = image_info_name_size_var;
++
++        /* Consider changing the string modfication logic */
++	fmp_image_name[12] = '0' + (u16)image_info->image_id;
++	ret = efi_get_variable(fmp_image_name,
++	                      &efi_guid_firmware_management_protocol, NULL,
++	                      &image_info_name_size_var, runner);
++	if (ret != EFI_SUCCESS)
++	       return EFI_EXIT(ret);
++
++	image_info_version_size_var -= image_info_name_size_var;
++	image_info->image_id_name = runner;
++	runner += image_info_name_size_var;
++
++        /* Consider changing the string modfication logic */
++	fmp_version_name[14] = '0' + (u16)image_info->image_id;
++	ret = efi_get_variable(fmp_version_name,
++	                       &efi_guid_firmware_management_protocol, NULL,
++	                       &image_info_version_size_var, runner);
++	if (ret != EFI_SUCCESS)
++	        return EFI_EXIT(ret);
++
++	image_info->version_name = runner;
++
++	*image_info_size = image_info_size_var;
++
++	*package_version = 0xffffffff; /* not supported */
++	*package_version_name = NULL; /* not supported */
++
++	return EFI_EXIT(ret);
++}
++
++#endif
++
+ const struct efi_firmware_management_protocol efi_fmp_fit = {
++#if CONFIG_IS_ENABLED(TARGET_CORSTONE1000)
++	.get_image_info = efi_firmware_corstone1000_get_image_info,
++#else
+ 	.get_image_info = efi_firmware_get_image_info,
++#endif
+ 	.get_image = efi_firmware_get_image_unsupported,
+ 	.set_image = efi_firmware_fit_set_image,
+ 	.check_image = efi_firmware_check_image_unsupported,
+diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c
+index bf90a98b5a..d20568c1c8 100644
+--- a/lib/efi_loader/efi_setup.c
++++ b/lib/efi_loader/efi_setup.c
+@@ -178,14 +178,6 @@ static efi_status_t efi_init_capsule(void)
+ 	efi_status_t ret = EFI_SUCCESS;
+ 
+ #if IS_ENABLED(CONFIG_TARGET_CORSTONE1000)
+-	int ffa_ret;
+-
+-	ffa_ret = efi_corstone1000_uboot_efi_started_event();
+-	if (ffa_ret)
+-		log_err("Failure to notify SE Proxy FW update service\n");
+-	else
+-		debug("SE Proxy FW update service notified\n");
+-
+ 	ret = efi_corstone1000_alloc_capsule_shared_buf();
+ 	if (ret != EFI_SUCCESS) {
+ 		printf("EFI: Corstone-1000: cannot allocate caspsule shared buffer\n");
+@@ -304,6 +296,15 @@ efi_status_t efi_init_obj_list(void)
+ 	if (ret != EFI_SUCCESS)
+ 		goto out;
+ 
++#if IS_ENABLED(CONFIG_TARGET_CORSTONE1000)
++		int ffa_ret;
++		ffa_ret = efi_corstone1000_uboot_efi_started_event();
++		if (ffa_ret)
++			log_err("Failure to notify SE Proxy FW update service\n");
++		else
++			debug("SE Proxy FW update service notified\n");
++#endif
++
+ 	/* Initialize variable services */
+ 	ret = efi_init_variables();
+ 	if (ret != EFI_SUCCESS)
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0020-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0020-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch
deleted file mode 100644
index f3b1503..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0020-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch
+++ /dev/null
@@ -1,80 +0,0 @@
-From 396229d3d29d9cfd5e2567be5427a9066072e32f Mon Sep 17 00:00:00 2001
-From: Emekcan <emekcan.aras@arm.com>
-Date: Mon, 12 Sep 2022 15:47:06 +0100
-Subject: [PATCH 20/33] Add mhu and rpmsg client to u-boot device tree
-
-Adds external system controller and mhu driver to u-boot
-device tree. This enables communication between host and
-the external system.
-
-Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- arch/arm/dts/corstone1000.dtsi | 50 ++++++++++++++++++++++++++++++++++
- 1 file changed, 50 insertions(+)
-
-diff --git a/arch/arm/dts/corstone1000.dtsi b/arch/arm/dts/corstone1000.dtsi
-index a834d38454..18c4d1e19a 100644
---- a/arch/arm/dts/corstone1000.dtsi
-+++ b/arch/arm/dts/corstone1000.dtsi
-@@ -168,6 +168,56 @@
- 			status = "disabled";
- 		};
- 
-+		mbox_es0mhu0_tx: mhu@1b000000 {
-+			compatible = "arm,mhuv2-tx","arm,primecell";
-+			reg = <0x1b000000 0x1000>;
-+			clocks = <&refclk100mhz>;
-+			clock-names = "apb_pclk";
-+			interrupts = <GIC_SPI 11 IRQ_TYPE_LEVEL_HIGH>;
-+			#mbox-cells = <2>;
-+			arm,mhuv2-protocols = <1 1>;
-+			mbox-name = "arm-es0-mhu0_tx";
-+		};
-+
-+		mbox_es0mhu0_rx: mhu@1b010000 {
-+			compatible = "arm,mhuv2-rx","arm,primecell";
-+			reg = <0x1b010000 0x1000>;
-+			clocks = <&refclk100mhz>;
-+			clock-names = "apb_pclk";
-+			interrupts = <GIC_SPI 12 IRQ_TYPE_LEVEL_HIGH>;
-+			#mbox-cells = <2>;
-+			arm,mhuv2-protocols = <1 1>;
-+			mbox-name = "arm-es0-mhu0_rx";
-+		};
-+
-+		mbox_es0mhu1_tx: mhu@1b020000 {
-+			compatible = "arm,mhuv2-tx","arm,primecell";
-+			reg = <0x1b020000 0x1000>;
-+			clocks = <&refclk100mhz>;
-+			clock-names = "apb_pclk";
-+			interrupts = <GIC_SPI 46 IRQ_TYPE_LEVEL_HIGH>;
-+			#mbox-cells = <2>;
-+			arm,mhuv2-protocols = <1 1>;
-+			mbox-name = "arm-es0-mhu1_tx";
-+		};
-+
-+		mbox_es0mhu1_rx: mhu@1b030000 {
-+			compatible = "arm,mhuv2-rx","arm,primecell";
-+			reg = <0x1b030000 0x1000>;
-+			clocks = <&refclk100mhz>;
-+			clock-names = "apb_pclk";
-+			interrupts = <GIC_SPI 47 IRQ_TYPE_LEVEL_HIGH>;
-+			#mbox-cells = <2>;
-+			arm,mhuv2-protocols = <1 1>;
-+			mbox-name = "arm-es0-mhu1_rx";
-+		};
-+
-+		client {
-+			compatible = "arm,client";
-+			mboxes = <&mbox_es0mhu0_tx 0 0>, <&mbox_es0mhu1_tx 0 0>, <&mbox_es0mhu0_rx 0 0>, <&mbox_es0mhu1_rx 0 0>;
-+			mbox-names = "es0mhu0_tx", "es0mhu1_tx", "es0mhu0_rx", "es0mhu1_rx";
-+		};
-+
- 		extsys0: extsys@1A010310 {
- 			compatible = "arm,extsys_ctrl";
- 			reg = <0x1A010310 0x4>,
--- 
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0020-corstone1000-enable-distro-booting-command.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0020-corstone1000-enable-distro-booting-command.patch
new file mode 100644
index 0000000..ba9aeeb
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0020-corstone1000-enable-distro-booting-command.patch
@@ -0,0 +1,28 @@
+From 0094eb1e6ca78988f105fefb69dd5cc9046c89fe Mon Sep 17 00:00:00 2001
+From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Date: Mon, 5 Dec 2022 17:02:32 +0000
+Subject: [PATCH 20/38] corstone1000: enable distro booting command
+
+enable distro_bootcmd
+
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ include/configs/corstone1000.h | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h
+index 1466507f80..8622565a87 100644
+--- a/include/configs/corstone1000.h
++++ b/include/configs/corstone1000.h
+@@ -55,5 +55,6 @@
+ 
+ #include <config_distro_bootcmd.h>
+ 
++#define CFG_EXTRA_ENV_SETTINGS BOOTENV
+ 
+ #endif
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0021-arm-corstone1000-esrt-support.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0021-arm-corstone1000-esrt-support.patch
deleted file mode 100644
index 369613e..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0021-arm-corstone1000-esrt-support.patch
+++ /dev/null
@@ -1,225 +0,0 @@
-From 0380dee4df6ef11bb08a9c44119b41c58afc562d Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Wed, 30 Nov 2022 19:11:43 +0000
-Subject: [PATCH 21/33] arm/corstone1000: esrt support
-
-The implementation is platform specific and would require
-change in future.
-
-The patch should not be upstreamed as it is to the u-boot.
-Redesign of FMP protocol for ESRT and Capsule Update interface
-is to be considered in the future.
-
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Upstream-Status: Inappropriate [Redesign of FMP protocol for ESRT and Capsule update interface is required]
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- include/efi_api.h             |   2 +-
- lib/efi_loader/efi_firmware.c | 133 ++++++++++++++++++++++++++++++++++
- lib/efi_loader/efi_setup.c    |  17 +++--
- 3 files changed, 143 insertions(+), 9 deletions(-)
-
-diff --git a/include/efi_api.h b/include/efi_api.h
-index 55a4c989fc..f267ab5110 100644
---- a/include/efi_api.h
-+++ b/include/efi_api.h
-@@ -2086,7 +2086,7 @@ struct efi_firmware_image_descriptor {
- 	u32 last_attempt_status;
- 	u64 hardware_instance;
- 	efi_firmware_image_dep_t *dependencies;
--};
-+} __packed;
- 
- struct efi_firmware_management_protocol {
- 	efi_status_t (EFIAPI *get_image_info)(
-diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c
-index c883e2ff0a..c6ab6e2182 100644
---- a/lib/efi_loader/efi_firmware.c
-+++ b/lib/efi_loader/efi_firmware.c
-@@ -15,6 +15,7 @@
- #include <signatures.h>
- 
- #include <linux/list.h>
-+#include <efi_variable.h>
- 
- #define FMP_PAYLOAD_HDR_SIGNATURE	SIGNATURE_32('M', 'S', 'S', '1')
- 
-@@ -417,8 +418,140 @@ efi_status_t EFIAPI efi_firmware_fit_set_image(
- 	return EFI_EXIT(EFI_SUCCESS);
- }
- 
-+#if CONFIG_IS_ENABLED(TARGET_CORSTONE1000)
-+
-+/**
-+ * efi_firmware_corstone1000_get_image_info - return information about the current
-+                                    firmware image
-+ * @this:                      Protocol instance
-+ * @image_info_size:           Size of @image_info
-+ * @image_info:                        Image information
-+ * @descriptor_version:                Pointer to version number
-+ * @descriptor_count:          Pointer to number of descriptors
-+ * @descriptor_size:           Pointer to descriptor size
-+ * package_version:            Package version
-+ * package_version_name:       Package version's name
-+ *
-+ * Return information bout the current firmware image in @image_info.
-+ * @image_info will consist of a number of descriptors.
-+ * Each descriptor will be created based on efi fetched variable.
-+ *
-+ * Return              status code
-+ */
-+static
-+efi_status_t EFIAPI efi_firmware_corstone1000_get_image_info(
-+       struct efi_firmware_management_protocol *this,
-+       efi_uintn_t *image_info_size,
-+       struct efi_firmware_image_descriptor *image_info,
-+       u32 *descriptor_version,
-+       u8 *descriptor_count,
-+       efi_uintn_t *descriptor_size,
-+       u32 *package_version,
-+       u16 **package_version_name)
-+{
-+	efi_uintn_t var_size;
-+	efi_status_t ret = EFI_SUCCESS;
-+	efi_uintn_t image_info_size_var = 0;
-+	efi_uintn_t image_info_name_size_var;
-+	efi_uintn_t image_info_version_size_var;
-+	u8 *runner = (u8 *)image_info;
-+	u16 fmp_image_name[14] = {'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'N', 'a', 'm', 'e', '1', '\0'};
-+	u16 fmp_version_name[16] = {'F', 'm', 'p', 'V', 'e', 'r', 's', 'i', 'o', 'n', 'N', 'a', 'm', 'e', '1', '\0'};
-+
-+	EFI_ENTRY("%p %p %p %p %p %p %p %p\n", this,
-+	          image_info_size, image_info,
-+	          descriptor_version, descriptor_count, descriptor_size,
-+	          package_version, package_version_name);
-+
-+	if (!image_info_size)
-+	        return EFI_EXIT(EFI_INVALID_PARAMETER);
-+
-+	if (*image_info_size &&
-+	    (!image_info || !descriptor_version || !descriptor_count ||
-+	     !descriptor_size || !package_version || !package_version_name))
-+	        return EFI_EXIT(EFI_INVALID_PARAMETER);
-+
-+	var_size = sizeof(*descriptor_version);
-+	ret = efi_get_variable(u"FmpDescriptorVersion",
-+	                           &efi_guid_firmware_management_protocol, NULL,
-+	                           &var_size, descriptor_version);
-+	if (ret != EFI_SUCCESS)
-+	        return EFI_EXIT(ret);
-+
-+	if (*descriptor_version != EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION)
-+	        return EFI_EXIT(EFI_UNSUPPORTED);
-+
-+	var_size = sizeof(image_info_size_var);
-+	ret = efi_get_variable(u"FmpImageInfoSize",
-+	                           &efi_guid_firmware_management_protocol, NULL,
-+	                           &var_size, &image_info_size_var);
-+	if (ret != EFI_SUCCESS)
-+	        return EFI_EXIT(ret);
-+
-+	if (*image_info_size < image_info_size_var) {
-+	        *image_info_size = image_info_size_var;
-+	        return EFI_EXIT(EFI_BUFFER_TOO_SMALL);
-+	}
-+
-+	image_info_name_size_var = image_info_size_var;
-+
-+	var_size = sizeof(*descriptor_count);
-+	ret = efi_get_variable(u"FmpDescriptorCount",
-+	                           &efi_guid_firmware_management_protocol, NULL,
-+	                           &var_size, descriptor_count);
-+	if (ret != EFI_SUCCESS) {
-+	        return EFI_EXIT(ret);
-+	}
-+
-+	ret = efi_get_variable(u"FmpImageInfo",
-+	                           &efi_guid_firmware_management_protocol, NULL,
-+	                           &image_info_size_var, image_info);
-+	if (ret != EFI_SUCCESS)
-+	        return EFI_EXIT(ret);
-+
-+	runner += image_info_size_var;
-+
-+	image_info_name_size_var -= image_info_size_var;
-+	image_info_version_size_var = image_info_name_size_var;
-+
-+        /* Consider changing the string modfication logic */
-+	fmp_image_name[12] = '0' + (u16)image_info->image_id;
-+	ret = efi_get_variable(fmp_image_name,
-+	                      &efi_guid_firmware_management_protocol, NULL,
-+	                      &image_info_name_size_var, runner);
-+	if (ret != EFI_SUCCESS)
-+	       return EFI_EXIT(ret);
-+
-+	image_info_version_size_var -= image_info_name_size_var;
-+	image_info->image_id_name = runner;
-+	runner += image_info_name_size_var;
-+
-+        /* Consider changing the string modfication logic */
-+	fmp_version_name[14] = '0' + (u16)image_info->image_id;
-+	ret = efi_get_variable(fmp_version_name,
-+	                       &efi_guid_firmware_management_protocol, NULL,
-+	                       &image_info_version_size_var, runner);
-+	if (ret != EFI_SUCCESS)
-+	        return EFI_EXIT(ret);
-+
-+	image_info->version_name = runner;
-+
-+	*image_info_size = image_info_size_var;
-+
-+	*package_version = 0xffffffff; /* not supported */
-+	*package_version_name = NULL; /* not supported */
-+
-+	return EFI_EXIT(ret);
-+}
-+
-+#endif
-+
- const struct efi_firmware_management_protocol efi_fmp_fit = {
-+#if CONFIG_IS_ENABLED(TARGET_CORSTONE1000)
-+	.get_image_info = efi_firmware_corstone1000_get_image_info,
-+#else
- 	.get_image_info = efi_firmware_get_image_info,
-+#endif
- 	.get_image = efi_firmware_get_image_unsupported,
- 	.set_image = efi_firmware_fit_set_image,
- 	.check_image = efi_firmware_check_image_unsupported,
-diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c
-index bf90a98b5a..d20568c1c8 100644
---- a/lib/efi_loader/efi_setup.c
-+++ b/lib/efi_loader/efi_setup.c
-@@ -178,14 +178,6 @@ static efi_status_t efi_init_capsule(void)
- 	efi_status_t ret = EFI_SUCCESS;
- 
- #if IS_ENABLED(CONFIG_TARGET_CORSTONE1000)
--	int ffa_ret;
--
--	ffa_ret = efi_corstone1000_uboot_efi_started_event();
--	if (ffa_ret)
--		log_err("Failure to notify SE Proxy FW update service\n");
--	else
--		debug("SE Proxy FW update service notified\n");
--
- 	ret = efi_corstone1000_alloc_capsule_shared_buf();
- 	if (ret != EFI_SUCCESS) {
- 		printf("EFI: Corstone-1000: cannot allocate caspsule shared buffer\n");
-@@ -304,6 +296,15 @@ efi_status_t efi_init_obj_list(void)
- 	if (ret != EFI_SUCCESS)
- 		goto out;
- 
-+#if IS_ENABLED(CONFIG_TARGET_CORSTONE1000)
-+		int ffa_ret;
-+		ffa_ret = efi_corstone1000_uboot_efi_started_event();
-+		if (ffa_ret)
-+			log_err("Failure to notify SE Proxy FW update service\n");
-+		else
-+			debug("SE Proxy FW update service notified\n");
-+#endif
-+
- 	/* Initialize variable services */
- 	ret = efi_init_variables();
- 	if (ret != EFI_SUCCESS)
--- 
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0021-corstone1000-add-fwu-metadata-store-info.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0021-corstone1000-add-fwu-metadata-store-info.patch
new file mode 100644
index 0000000..e524d83
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0021-corstone1000-add-fwu-metadata-store-info.patch
@@ -0,0 +1,42 @@
+From 7f0ab0707b476d141bcf16de78d09c793b3b7387 Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Wed, 1 Feb 2023 15:58:07 +0000
+Subject: [PATCH 21/38] corstone1000: add fwu-metadata store info
+
+Add fwu-mdata node and handle for the reference
+nvmxip-qspi.
+
+Upstream-Status: Submitted
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ arch/arm/dts/corstone1000.dtsi | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/arch/arm/dts/corstone1000.dtsi b/arch/arm/dts/corstone1000.dtsi
+index 533dfdf8e1..1e0ec075e4 100644
+--- a/arch/arm/dts/corstone1000.dtsi
++++ b/arch/arm/dts/corstone1000.dtsi
+@@ -38,7 +38,7 @@
+ 		reg = <0x88200000 0x77e00000>;
+ 	};
+ 
+-	nvmxip-qspi@08000000 {
++	nvmxip: nvmxip-qspi@08000000 {
+ 		compatible = "nvmxip,qspi";
+ 		reg = <0x08000000 0x2000000>;
+ 		lba_shift = <9>;
+@@ -106,6 +106,11 @@
+ 		method = "smc";
+ 	};
+ 
++	fwu-mdata {
++		compatible = "u-boot,fwu-mdata-gpt";
++		fwu-mdata-store = <&nvmxip>;
++	};
++
+ 	soc {
+ 		compatible = "simple-bus";
+ 		#address-cells = <1>;
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0022-corstone1000-enable-distro-booting-command.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0022-corstone1000-enable-distro-booting-command.patch
deleted file mode 100644
index 6f04081..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0022-corstone1000-enable-distro-booting-command.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From b3c9b57d862060b7d112725a567c0ff24184c6e1 Mon Sep 17 00:00:00 2001
-From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-Date: Mon, 5 Dec 2022 17:02:32 +0000
-Subject: [PATCH 22/33] corstone1000: enable distro booting command
-
-enable distro_bootcmd
-
-Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
-Upstream-Status: Pending [Not submitted to upstream yet]
----
- include/configs/corstone1000.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h
-index 1466507f80..8622565a87 100644
---- a/include/configs/corstone1000.h
-+++ b/include/configs/corstone1000.h
-@@ -55,5 +55,6 @@
- 
- #include <config_distro_bootcmd.h>
- 
-+#define CFG_EXTRA_ENV_SETTINGS BOOTENV
- 
- #endif
--- 
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0022-fwu_metadata-make-sure-structures-are-packed.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0022-fwu_metadata-make-sure-structures-are-packed.patch
new file mode 100644
index 0000000..addd1df
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0022-fwu_metadata-make-sure-structures-are-packed.patch
@@ -0,0 +1,50 @@
+From b2e413049dcf3dcbe3891a8a70bdd36f30b2e6c8 Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Wed, 1 Feb 2023 16:13:24 +0000
+Subject: [PATCH 22/38] fwu_metadata: make sure structures are packed
+
+The fwu metadata in the metadata partitions
+should/are packed to guarantee that the info is
+correct in all platforms. Also the size of them
+are used to calculate the crc32 and that is important
+to get it right.
+
+Upstream-Status: Pending
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ include/fwu_mdata.h | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/include/fwu_mdata.h b/include/fwu_mdata.h
+index 8fda4f4ac2..c61221a917 100644
+--- a/include/fwu_mdata.h
++++ b/include/fwu_mdata.h
+@@ -22,7 +22,7 @@ struct fwu_image_bank_info {
+ 	efi_guid_t  image_uuid;
+ 	uint32_t accepted;
+ 	uint32_t reserved;
+-};
++} __packed;
+ 
+ /**
+  * struct fwu_image_entry - information for a particular type of image
+@@ -38,7 +38,7 @@ struct fwu_image_entry {
+ 	efi_guid_t image_type_uuid;
+ 	efi_guid_t location_uuid;
+ 	struct fwu_image_bank_info img_bank_info[CONFIG_FWU_NUM_BANKS];
+-};
++} __packed;
+ 
+ /**
+  * struct fwu_mdata - FWU metadata structure for multi-bank updates
+@@ -62,6 +62,6 @@ struct fwu_mdata {
+ 	uint32_t previous_active_index;
+ 
+ 	struct fwu_image_entry img_entry[CONFIG_FWU_NUM_IMAGES_PER_BANK];
+-};
++} __packed;
+ 
+ #endif /* _FWU_MDATA_H_ */
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0023-corstone1000-add-boot-index.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0023-corstone1000-add-boot-index.patch
new file mode 100644
index 0000000..b4be24f
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0023-corstone1000-add-boot-index.patch
@@ -0,0 +1,42 @@
+From 62eaf5720bfe49feedf486c57ce9b9968360460c Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Mon, 17 Jul 2023 17:04:10 +0100
+Subject: [PATCH 23/38] corstone1000: add boot index
+
+it is expected that the firmware that runs before
+u-boot somehow provide the information of the bank
+(index) of it is booting.
+We will need to extend tf-a to pass that info,
+meanwhile just set it to the default bank.
+
+Upstream-Status: Pending
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+---
+ board/armltd/corstone1000/corstone1000.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/board/armltd/corstone1000/corstone1000.c b/board/armltd/corstone1000/corstone1000.c
+index ecfd8366df..ba6d024b80 100644
+--- a/board/armltd/corstone1000/corstone1000.c
++++ b/board/armltd/corstone1000/corstone1000.c
+@@ -8,6 +8,7 @@
+ #include <common.h>
+ #include <cpu_func.h>
+ #include <dm.h>
++#include <fwu.h>
+ #include <netdev.h>
+ #include <dm/platform_data/serial_pl01x.h>
+ #include <asm/armv8/mmu.h>
+@@ -107,6 +108,7 @@ int dram_init_banksize(void)
+ 	return 0;
+ }
+ 
+-void reset_cpu(void)
++void fwu_plat_get_bootidx(uint *boot_idx)
+ {
++	*boot_idx = 0;
+ }
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0023-corstone1000-add-fwu-metadata-store-info.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0023-corstone1000-add-fwu-metadata-store-info.patch
deleted file mode 100644
index 6b34796..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0023-corstone1000-add-fwu-metadata-store-info.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 10265c2006291f961cc4fdbbffdec6c5f52bf73b Mon Sep 17 00:00:00 2001
-From: Rui Miguel Silva <rui.silva@linaro.org>
-Date: Wed, 1 Feb 2023 15:58:07 +0000
-Subject: [PATCH 23/33] corstone1000: add fwu-metadata store info
-
-Add fwu-mdata node and handle for the reference
-nvmxip-qspi.
-
-Upstream-Status: Submitted
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- arch/arm/dts/corstone1000.dtsi | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/arch/arm/dts/corstone1000.dtsi b/arch/arm/dts/corstone1000.dtsi
-index 18c4d1e19a..25a032b6b3 100644
---- a/arch/arm/dts/corstone1000.dtsi
-+++ b/arch/arm/dts/corstone1000.dtsi
-@@ -38,7 +38,7 @@
- 		reg = <0x88200000 0x77e00000>;
- 	};
- 
--	nvmxip-qspi@08000000 {
-+	nvmxip: nvmxip-qspi@08000000 {
- 		compatible = "nvmxip,qspi";
- 		reg = <0x08000000 0x2000000>;
- 		lba_shift = <9>;
-@@ -106,6 +106,11 @@
- 		method = "smc";
- 	};
- 
-+	fwu-mdata {
-+		compatible = "u-boot,fwu-mdata-gpt";
-+		fwu-mdata-store = <&nvmxip>;
-+	};
-+
- 	soc {
- 		compatible = "simple-bus";
- 		#address-cells = <1>;
--- 
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0024-corstone1000-adjust-boot-bank-and-kernel-location.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0024-corstone1000-adjust-boot-bank-and-kernel-location.patch
new file mode 100644
index 0000000..ddf80f3
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0024-corstone1000-adjust-boot-bank-and-kernel-location.patch
@@ -0,0 +1,36 @@
+From 147f98fbefc7e13d1b9a3ae4b5fd3adc30dbed6b Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Wed, 1 Feb 2023 16:17:21 +0000
+Subject: [PATCH 24/38] corstone1000: adjust boot bank and kernel location
+
+Adjust in the env boot script the address of the
+bootbank with the new gpt layout, and also the
+kernel partition address. Please be aware that
+this is hack and needs a proper fix, since the
+offset of the kernel partition is not fixed,
+but for the propose of PoC it is enough for testing.
+
+Upstream-Status: Pending
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ board/armltd/corstone1000/corstone1000.env | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/board/armltd/corstone1000/corstone1000.env b/board/armltd/corstone1000/corstone1000.env
+index b24ff07fc6..a6ee496221 100644
+--- a/board/armltd/corstone1000/corstone1000.env
++++ b/board/armltd/corstone1000/corstone1000.env
+@@ -1,8 +1,8 @@
+ /* SPDX-License-Identifier: GPL-2.0+ */
+ 
+ usb_pgood_delay=250
+-boot_bank_flag=0x08002000
+-kernel_addr_bank_0=0x083EE000
++boot_bank_flag=0x08005006
++kernel_addr_bank_0=0x08280000
+ kernel_addr_bank_1=0x0936E000
+ retrieve_kernel_load_addr=
+ 	if itest.l *${boot_bank_flag} == 0; then
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0024-fwu_metadata-make-sure-structures-are-packed.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0024-fwu_metadata-make-sure-structures-are-packed.patch
deleted file mode 100644
index 88566a6..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0024-fwu_metadata-make-sure-structures-are-packed.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 046e54d0152987163355e33fe260419dfcf3b8bb Mon Sep 17 00:00:00 2001
-From: Rui Miguel Silva <rui.silva@linaro.org>
-Date: Wed, 1 Feb 2023 16:13:24 +0000
-Subject: [PATCH 24/33] fwu_metadata: make sure structures are packed
-
-The fwu metadata in the metadata partitions
-should/are packed to guarantee that the info is
-correct in all platforms. Also the size of them
-are used to calculate the crc32 and that is important
-to get it right.
-
-Upstream-Status: Pending
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- include/fwu_mdata.h | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/include/fwu_mdata.h b/include/fwu_mdata.h
-index 8fda4f4ac2..c61221a917 100644
---- a/include/fwu_mdata.h
-+++ b/include/fwu_mdata.h
-@@ -22,7 +22,7 @@ struct fwu_image_bank_info {
- 	efi_guid_t  image_uuid;
- 	uint32_t accepted;
- 	uint32_t reserved;
--};
-+} __packed;
- 
- /**
-  * struct fwu_image_entry - information for a particular type of image
-@@ -38,7 +38,7 @@ struct fwu_image_entry {
- 	efi_guid_t image_type_uuid;
- 	efi_guid_t location_uuid;
- 	struct fwu_image_bank_info img_bank_info[CONFIG_FWU_NUM_BANKS];
--};
-+} __packed;
- 
- /**
-  * struct fwu_mdata - FWU metadata structure for multi-bank updates
-@@ -62,6 +62,6 @@ struct fwu_mdata {
- 	uint32_t previous_active_index;
- 
- 	struct fwu_image_entry img_entry[CONFIG_FWU_NUM_IMAGES_PER_BANK];
--};
-+} __packed;
- 
- #endif /* _FWU_MDATA_H_ */
--- 
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-corstone1000-add-boot-index.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-corstone1000-add-boot-index.patch
deleted file mode 100644
index 45ec44f..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-corstone1000-add-boot-index.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 92f471d3195e3893f463b11d49f0db62793ca585 Mon Sep 17 00:00:00 2001
-From: Rui Miguel Silva <rui.silva@linaro.org>
-Date: Mon, 17 Jul 2023 17:04:10 +0100
-Subject: [PATCH 25/33] corstone1000: add boot index
-
-it is expected that the firmware that runs before
-u-boot somehow provide the information of the bank
-(index) of it is booting.
-We will need to extend tf-a to pass that info,
-meanwhile just set it to the default bank.
-
-Upstream-Status: Pending
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
-Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
----
- board/armltd/corstone1000/corstone1000.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/board/armltd/corstone1000/corstone1000.c b/board/armltd/corstone1000/corstone1000.c
-index ecfd8366df..ba6d024b80 100644
---- a/board/armltd/corstone1000/corstone1000.c
-+++ b/board/armltd/corstone1000/corstone1000.c
-@@ -8,6 +8,7 @@
- #include <common.h>
- #include <cpu_func.h>
- #include <dm.h>
-+#include <fwu.h>
- #include <netdev.h>
- #include <dm/platform_data/serial_pl01x.h>
- #include <asm/armv8/mmu.h>
-@@ -107,6 +108,7 @@ int dram_init_banksize(void)
- 	return 0;
- }
- 
--void reset_cpu(void)
-+void fwu_plat_get_bootidx(uint *boot_idx)
- {
-+	*boot_idx = 0;
- }
--- 
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-corstone1000-add-nvmxip-fwu-mdata-and-gpt-options.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-corstone1000-add-nvmxip-fwu-mdata-and-gpt-options.patch
new file mode 100644
index 0000000..7833405
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-corstone1000-add-nvmxip-fwu-mdata-and-gpt-options.patch
@@ -0,0 +1,75 @@
+From ff2e0fe577c5a564a10bcc730392dd5397f6cb34 Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Mon, 17 Jul 2023 17:33:52 +0100
+Subject: [PATCH 25/38] corstone1000: add nvmxip, fwu-mdata and gpt options
+
+Enable the newest features: nvmxip, fwu-metadata and
+gpt. Commands to print the partition info, gpt info
+and fwu metadata will be available.
+
+Upstream-Status: Pending
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ configs/corstone1000_defconfig | 21 ++++++++++++++-------
+ 1 file changed, 14 insertions(+), 7 deletions(-)
+
+diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
+index a92668389a..4c75a01818 100644
+--- a/configs/corstone1000_defconfig
++++ b/configs/corstone1000_defconfig
+@@ -15,7 +15,7 @@ CONFIG_DISTRO_DEFAULTS=y
+ CONFIG_BOOTDELAY=3
+ CONFIG_USE_BOOTARGS=y
+ CONFIG_BOOTARGS="console=ttyAMA0 loglevel=9 ip=dhcp earlyprintk"
+-CONFIG_BOOTCOMMAND="run retrieve_kernel_load_addr; echo Loading kernel from $kernel_addr to memory ... ; unzip $kernel_addr 0x90000000; loadm 0x90000000 $kernel_addr_r 0xf00000; usb start; usb reset; run distro_bootcmd; bootefi $kernel_addr_r $fdtcontroladdr;"
++CONFIG_BOOTCOMMAND="echo Loading kernel from $kernel_addr to memory ... ; unzip $kernel_addr 0x90000000; loadm 0x90000000 $kernel_addr_r 0xf00000; usb start; usb reset; run distro_bootcmd; bootefi $kernel_addr_r $fdtcontroladdr;"
+ CONFIG_CONSOLE_RECORD=y
+ CONFIG_LOGLEVEL=7
+ # CONFIG_DISPLAY_CPUINFO is not set
+@@ -23,11 +23,15 @@ CONFIG_LOGLEVEL=7
+ CONFIG_SYS_MAXARGS=64
+ CONFIG_SYS_CBSIZE=512
+ # CONFIG_CMD_CONSOLE is not set
++CONFIG_CMD_FWU_METADATA=y
+ CONFIG_CMD_BOOTZ=y
+ CONFIG_SYS_BOOTM_LEN=0x800000
+ # CONFIG_CMD_XIMG is not set
++CONFIG_CMD_GPT=y
++# CONFIG_RANDOM_UUID is not set
+ CONFIG_CMD_LOADM=y
+ # CONFIG_CMD_LOADS is not set
++CONFIG_CMD_MMC=y
+ CONFIG_CMD_USB=y
+ # CONFIG_CMD_SETEXPR is not set
+ # CONFIG_CMD_NFS is not set
+@@ -41,12 +45,7 @@ CONFIG_NET_RANDOM_ETHADDR=y
+ CONFIG_REGMAP=y
+ CONFIG_MISC=y
+ CONFIG_CLK=y
+-CONFIG_CMD_MMC=y
+-CONFIG_DM_MMC=y
+ CONFIG_ARM_PL180_MMCI=y
+-CONFIG_MMC_SDHCI_ADMA_HELPERS=y
+-CONFIG_MMC_WRITE=y
+-CONFIG_DM_GPIO=y
+ CONFIG_PHYLIB=y
+ CONFIG_PHY_SMSC=y
+ CONFIG_SMC911X=y
+@@ -65,4 +64,12 @@ CONFIG_FFA_SHARED_MM_BUF_OFFSET=0
+ CONFIG_FFA_SHARED_MM_BUF_ADDR=0x02000000
+ CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y
+ CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y
+-CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
++CONFIG_FWU_NUM_IMAGES_PER_BANK=4
++CONFIG_FWU_MDATA=y
++CONFIG_FWU_MDATA_GPT_BLK=y
++CONFIG_SYSRESET=y
++CONFIG_EFI_CAPSULE_ON_DISK=y
++CONFIG_EFI_IGNORE_OSINDICATIONS=y
++CONFIG_FWU_MULTI_BANK_UPDATE=y
++# CONFIG_TOOLS_MKEFICAPSULE is not set
++CONFIG_DM_GPIO=y
+\ No newline at end of file
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0026-corstone1000-adjust-boot-bank-and-kernel-location.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0026-corstone1000-adjust-boot-bank-and-kernel-location.patch
deleted file mode 100644
index 9a889ea..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0026-corstone1000-adjust-boot-bank-and-kernel-location.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 6ea58b2450c72036551e59186888474bcb54a194 Mon Sep 17 00:00:00 2001
-From: Rui Miguel Silva <rui.silva@linaro.org>
-Date: Wed, 1 Feb 2023 16:17:21 +0000
-Subject: [PATCH 26/33] corstone1000: adjust boot bank and kernel location
-
-Adjust in the env boot script the address of the
-bootbank with the new gpt layout, and also the
-kernel partition address. Please be aware that
-this is hack and needs a proper fix, since the
-offset of the kernel partition is not fixed,
-but for the propose of PoC it is enough for testing.
-
-Upstream-Status: Pending
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- board/armltd/corstone1000/corstone1000.env | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/board/armltd/corstone1000/corstone1000.env b/board/armltd/corstone1000/corstone1000.env
-index b24ff07fc6..a6ee496221 100644
---- a/board/armltd/corstone1000/corstone1000.env
-+++ b/board/armltd/corstone1000/corstone1000.env
-@@ -1,8 +1,8 @@
- /* SPDX-License-Identifier: GPL-2.0+ */
- 
- usb_pgood_delay=250
--boot_bank_flag=0x08002000
--kernel_addr_bank_0=0x083EE000
-+boot_bank_flag=0x08005006
-+kernel_addr_bank_0=0x08280000
- kernel_addr_bank_1=0x0936E000
- retrieve_kernel_load_addr=
- 	if itest.l *${boot_bank_flag} == 0; then
--- 
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0026-nvmxip-move-header-to-include.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0026-nvmxip-move-header-to-include.patch
new file mode 100644
index 0000000..ec38a51
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0026-nvmxip-move-header-to-include.patch
@@ -0,0 +1,42 @@
+From 2214be0f540121767d7b6ec4910a7389a1edd13c Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Fri, 9 Jun 2023 13:31:53 +0100
+Subject: [PATCH 26/38] nvmxip: move header to include
+
+Move header to include to allow external code
+to get the internal bdev structures to access
+block device operations.
+
+as at it, just add the UCLASS_NVMXIP string
+so we get the correct output in partitions
+listing.
+
+Upstream-Status: Pending
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ disk/part.c                              | 3 +++
+ {drivers/mtd/nvmxip => include}/nvmxip.h | 0
+ 2 files changed, 3 insertions(+)
+ rename {drivers/mtd/nvmxip => include}/nvmxip.h (100%)
+
+diff --git a/disk/part.c b/disk/part.c
+index 35300df590..f57dce7a29 100644
+--- a/disk/part.c
++++ b/disk/part.c
+@@ -271,6 +271,9 @@ static void print_part_header(const char *type, struct blk_desc *dev_desc)
+ 	case UCLASS_NVME:
+ 		puts ("NVMe");
+ 		break;
++	case UCLASS_NVMXIP:
++		puts ("NVMXIP");
++		break;
+ 	case UCLASS_PVBLOCK:
+ 		puts("PV BLOCK");
+ 		break;
+diff --git a/drivers/mtd/nvmxip/nvmxip.h b/include/nvmxip.h
+similarity index 100%
+rename from drivers/mtd/nvmxip/nvmxip.h
+rename to include/nvmxip.h
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0027-corstone1000-add-nvmxip-fwu-mdata-and-gpt-options.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0027-corstone1000-add-nvmxip-fwu-mdata-and-gpt-options.patch
deleted file mode 100644
index 621b9d1..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0027-corstone1000-add-nvmxip-fwu-mdata-and-gpt-options.patch
+++ /dev/null
@@ -1,75 +0,0 @@
-From af1bb3af4ff7bb9486dc9489d27605b8eded45b9 Mon Sep 17 00:00:00 2001
-From: Rui Miguel Silva <rui.silva@linaro.org>
-Date: Mon, 17 Jul 2023 17:33:52 +0100
-Subject: [PATCH 27/33] corstone1000: add nvmxip, fwu-mdata and gpt options
-
-Enable the newest features: nvmxip, fwu-metadata and
-gpt. Commands to print the partition info, gpt info
-and fwu metadata will be available.
-
-Upstream-Status: Pending
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- configs/corstone1000_defconfig | 21 ++++++++++++++-------
- 1 file changed, 14 insertions(+), 7 deletions(-)
-
-diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
-index a92668389a..4c75a01818 100644
---- a/configs/corstone1000_defconfig
-+++ b/configs/corstone1000_defconfig
-@@ -15,7 +15,7 @@ CONFIG_DISTRO_DEFAULTS=y
- CONFIG_BOOTDELAY=3
- CONFIG_USE_BOOTARGS=y
- CONFIG_BOOTARGS="console=ttyAMA0 loglevel=9 ip=dhcp earlyprintk"
--CONFIG_BOOTCOMMAND="run retrieve_kernel_load_addr; echo Loading kernel from $kernel_addr to memory ... ; unzip $kernel_addr 0x90000000; loadm 0x90000000 $kernel_addr_r 0xf00000; usb start; usb reset; run distro_bootcmd; bootefi $kernel_addr_r $fdtcontroladdr;"
-+CONFIG_BOOTCOMMAND="echo Loading kernel from $kernel_addr to memory ... ; unzip $kernel_addr 0x90000000; loadm 0x90000000 $kernel_addr_r 0xf00000; usb start; usb reset; run distro_bootcmd; bootefi $kernel_addr_r $fdtcontroladdr;"
- CONFIG_CONSOLE_RECORD=y
- CONFIG_LOGLEVEL=7
- # CONFIG_DISPLAY_CPUINFO is not set
-@@ -23,11 +23,15 @@ CONFIG_LOGLEVEL=7
- CONFIG_SYS_MAXARGS=64
- CONFIG_SYS_CBSIZE=512
- # CONFIG_CMD_CONSOLE is not set
-+CONFIG_CMD_FWU_METADATA=y
- CONFIG_CMD_BOOTZ=y
- CONFIG_SYS_BOOTM_LEN=0x800000
- # CONFIG_CMD_XIMG is not set
-+CONFIG_CMD_GPT=y
-+# CONFIG_RANDOM_UUID is not set
- CONFIG_CMD_LOADM=y
- # CONFIG_CMD_LOADS is not set
-+CONFIG_CMD_MMC=y
- CONFIG_CMD_USB=y
- # CONFIG_CMD_SETEXPR is not set
- # CONFIG_CMD_NFS is not set
-@@ -41,12 +45,7 @@ CONFIG_NET_RANDOM_ETHADDR=y
- CONFIG_REGMAP=y
- CONFIG_MISC=y
- CONFIG_CLK=y
--CONFIG_CMD_MMC=y
--CONFIG_DM_MMC=y
- CONFIG_ARM_PL180_MMCI=y
--CONFIG_MMC_SDHCI_ADMA_HELPERS=y
--CONFIG_MMC_WRITE=y
--CONFIG_DM_GPIO=y
- CONFIG_PHYLIB=y
- CONFIG_PHY_SMSC=y
- CONFIG_SMC911X=y
-@@ -65,4 +64,12 @@ CONFIG_FFA_SHARED_MM_BUF_OFFSET=0
- CONFIG_FFA_SHARED_MM_BUF_ADDR=0x02000000
- CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y
- CONFIG_EFI_CAPSULE_FIRMWARE_FIT=y
--CONFIG_EFI_CAPSULE_FIRMWARE_RAW=y
-+CONFIG_FWU_NUM_IMAGES_PER_BANK=4
-+CONFIG_FWU_MDATA=y
-+CONFIG_FWU_MDATA_GPT_BLK=y
-+CONFIG_SYSRESET=y
-+CONFIG_EFI_CAPSULE_ON_DISK=y
-+CONFIG_EFI_IGNORE_OSINDICATIONS=y
-+CONFIG_FWU_MULTI_BANK_UPDATE=y
-+# CONFIG_TOOLS_MKEFICAPSULE is not set
-+CONFIG_DM_GPIO=y
-\ No newline at end of file
--- 
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0027-corstone1000-set-kernel_addr-based-on-boot_idx.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0027-corstone1000-set-kernel_addr-based-on-boot_idx.patch
new file mode 100644
index 0000000..a95a8c6
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0027-corstone1000-set-kernel_addr-based-on-boot_idx.patch
@@ -0,0 +1,135 @@
+From c615b2e0fe9440b27b83f32c62fdc7f996237b56 Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Tue, 18 Jul 2023 12:14:47 +0100
+Subject: [PATCH 27/38] corstone1000: set kernel_addr based on boot_idx
+
+We need to distinguish between boot banks and from which
+partition to load the kernel+initramfs to memory.
+
+For that, fetch the boot index, fetch the correspondent
+partition, calculate the correct kernel address and
+then set the env variable kernel_addr with that value.
+
+Upstream-Status: Pending
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ board/armltd/corstone1000/corstone1000.c   | 58 +++++++++++++++++++++-
+ board/armltd/corstone1000/corstone1000.env |  8 ---
+ configs/corstone1000_defconfig             |  1 +
+ 3 files changed, 58 insertions(+), 9 deletions(-)
+
+diff --git a/board/armltd/corstone1000/corstone1000.c b/board/armltd/corstone1000/corstone1000.c
+index ba6d024b80..a045262ebb 100644
+--- a/board/armltd/corstone1000/corstone1000.c
++++ b/board/armltd/corstone1000/corstone1000.c
+@@ -5,15 +5,25 @@
+  * Rui Miguel Silva <rui.silva@linaro.org>
+  */
+ 
++#include <blk.h>
+ #include <common.h>
+ #include <cpu_func.h>
+ #include <dm.h>
++#include <env.h>
+ #include <fwu.h>
+ #include <netdev.h>
++#include <nvmxip.h>
++#include <part.h>
+ #include <dm/platform_data/serial_pl01x.h>
+ #include <asm/armv8/mmu.h>
+ #include <asm/global_data.h>
+ 
++#define CORSTONE1000_KERNEL_PARTS 2
++#define CORSTONE1000_KERNEL_PRIMARY "kernel_primary"
++#define CORSTONE1000_KERNEL_SECONDARY "kernel_secondary"
++
++static int corstone1000_boot_idx;
++
+ static struct mm_region corstone1000_mem_map[] = {
+ 	{
+ 		/* CVM */
+@@ -110,5 +120,51 @@ int dram_init_banksize(void)
+ 
+ void fwu_plat_get_bootidx(uint *boot_idx)
+ {
+-	*boot_idx = 0;
++	*boot_idx = corstone1000_boot_idx;
++}
++
++int board_late_init(void)
++{
++	struct disk_partition part_info;
++	struct udevice *dev, *bdev;
++	struct nvmxip_plat *plat;
++	struct blk_desc *desc;
++	int ret;
++
++	ret = uclass_first_device_err(UCLASS_NVMXIP, &dev);
++	if (ret < 0) {
++		log_err("Cannot find kernel device\n");
++		return ret;
++	}
++
++	plat = dev_get_plat(dev);
++	device_find_first_child(dev, &bdev);
++	desc = dev_get_uclass_plat(bdev);
++	ret = fwu_get_active_index(&corstone1000_boot_idx);
++	if (ret < 0)
++		log_err("corstone1000: failed to read boot index\n");
++
++	if (!corstone1000_boot_idx)
++		ret = part_get_info_by_name(desc, CORSTONE1000_KERNEL_PRIMARY,
++					    &part_info);
++	else
++		ret = part_get_info_by_name(desc, CORSTONE1000_KERNEL_SECONDARY,
++					    &part_info);
++
++	if (ret < 0) {
++		log_err("failed to fetch kernel partition index: %d\n",
++			corstone1000_boot_idx);
++		return ret;
++	}
++
++	ret = 0;
++
++	ret |= env_set_hex("kernel_addr", plat->phys_base +
++			   (part_info.start * part_info.blksz));
++	ret |= env_set_hex("kernel_size", part_info.size * part_info.blksz);
++
++	if (ret < 0)
++		log_err("failed to setup kernel addr and size\n");
++
++	return ret;
+ }
+diff --git a/board/armltd/corstone1000/corstone1000.env b/board/armltd/corstone1000/corstone1000.env
+index a6ee496221..ee318b1b1c 100644
+--- a/board/armltd/corstone1000/corstone1000.env
++++ b/board/armltd/corstone1000/corstone1000.env
+@@ -2,12 +2,4 @@
+ 
+ usb_pgood_delay=250
+ boot_bank_flag=0x08005006
+-kernel_addr_bank_0=0x08280000
+-kernel_addr_bank_1=0x0936E000
+-retrieve_kernel_load_addr=
+-	if itest.l *${boot_bank_flag} == 0; then
+-		setenv kernel_addr $kernel_addr_bank_0;
+-	else
+-		setenv kernel_addr $kernel_addr_bank_1;
+-	fi;
+ kernel_addr_r=0x88200000
+diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
+index 4c75a01818..0232131a11 100644
+--- a/configs/corstone1000_defconfig
++++ b/configs/corstone1000_defconfig
+@@ -20,6 +20,7 @@ CONFIG_CONSOLE_RECORD=y
+ CONFIG_LOGLEVEL=7
+ # CONFIG_DISPLAY_CPUINFO is not set
+ # CONFIG_DISPLAY_BOARDINFO is not set
++CONFIG_BOARD_LATE_INIT=y
+ CONFIG_SYS_MAXARGS=64
+ CONFIG_SYS_CBSIZE=512
+ # CONFIG_CMD_CONSOLE is not set
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0028-corstone1000-boot-index-from-active.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0028-corstone1000-boot-index-from-active.patch
new file mode 100644
index 0000000..5b68e12
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0028-corstone1000-boot-index-from-active.patch
@@ -0,0 +1,41 @@
+From 747da6c0d1f2558ebeaf01ba9f762efa58a08a72 Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Mon, 27 Feb 2023 14:40:13 +0000
+Subject: [PATCH 28/38] corstone1000: boot index from active
+
+In our platform, the Secure Enclave is the one who control
+all the boot tries and status, so, every time we get here
+we know that the we are booting from the active index.
+
+Upstream-Status: Pending
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+---
+ board/armltd/corstone1000/corstone1000.c | 11 ++++++++++-
+ 1 file changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/board/armltd/corstone1000/corstone1000.c b/board/armltd/corstone1000/corstone1000.c
+index a045262ebb..53c65506d5 100644
+--- a/board/armltd/corstone1000/corstone1000.c
++++ b/board/armltd/corstone1000/corstone1000.c
+@@ -120,7 +120,16 @@ int dram_init_banksize(void)
+ 
+ void fwu_plat_get_bootidx(uint *boot_idx)
+ {
+-	*boot_idx = corstone1000_boot_idx;
++	int ret;
++
++	/*
++	 * in our platform, the Secure Enclave is the one who control
++	 * all the boot tries and status, so, every time we get here
++	 * we know that the we are booting from the active index
++	 */
++	ret = fwu_get_active_index(boot_idx);
++	if (ret < 0)
++		log_err("corstone1000: failed to read active index err %d\n", ret);
+ }
+ 
+ int board_late_init(void)
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0028-nvmxip-move-header-to-include.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0028-nvmxip-move-header-to-include.patch
deleted file mode 100644
index aac5a1d..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0028-nvmxip-move-header-to-include.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 050c2d8577fd98f20c8b96dab3e4c42c8508b6bc Mon Sep 17 00:00:00 2001
-From: Rui Miguel Silva <rui.silva@linaro.org>
-Date: Fri, 9 Jun 2023 13:31:53 +0100
-Subject: [PATCH 28/33] nvmxip: move header to include
-
-Move header to include to allow external code
-to get the internal bdev structures to access
-block device operations.
-
-as at it, just add the UCLASS_NVMXIP string
-so we get the correct output in partitions
-listing.
-
-Upstream-Status: Pending
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- disk/part.c                              | 3 +++
- {drivers/mtd/nvmxip => include}/nvmxip.h | 0
- 2 files changed, 3 insertions(+)
- rename {drivers/mtd/nvmxip => include}/nvmxip.h (100%)
-
-diff --git a/disk/part.c b/disk/part.c
-index 35300df590..f57dce7a29 100644
---- a/disk/part.c
-+++ b/disk/part.c
-@@ -271,6 +271,9 @@ static void print_part_header(const char *type, struct blk_desc *dev_desc)
- 	case UCLASS_NVME:
- 		puts ("NVMe");
- 		break;
-+	case UCLASS_NVMXIP:
-+		puts ("NVMXIP");
-+		break;
- 	case UCLASS_PVBLOCK:
- 		puts("PV BLOCK");
- 		break;
-diff --git a/drivers/mtd/nvmxip/nvmxip.h b/include/nvmxip.h
-similarity index 100%
-rename from drivers/mtd/nvmxip/nvmxip.h
-rename to include/nvmxip.h
--- 
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0029-corstone1000-enable-PSCI-reset.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0029-corstone1000-enable-PSCI-reset.patch
new file mode 100644
index 0000000..828661c
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0029-corstone1000-enable-PSCI-reset.patch
@@ -0,0 +1,31 @@
+From af7054ffdb1f84875a652c6b968dacf9a29cdc9c Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Tue, 18 Jul 2023 12:19:17 +0100
+Subject: [PATCH 29/38] corstone1000: enable PSCI reset
+
+Even though corstone1000 does not implement entire PSCI APIs,it relies on
+PSCI reset interface for the system reset. U-boot change the config name, so we
+need to enable it again.
+
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+---
+ configs/corstone1000_defconfig | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
+index 0232131a11..ccd558cfce 100644
+--- a/configs/corstone1000_defconfig
++++ b/configs/corstone1000_defconfig
+@@ -73,4 +73,5 @@ CONFIG_EFI_CAPSULE_ON_DISK=y
+ CONFIG_EFI_IGNORE_OSINDICATIONS=y
+ CONFIG_FWU_MULTI_BANK_UPDATE=y
+ # CONFIG_TOOLS_MKEFICAPSULE is not set
+-CONFIG_DM_GPIO=y
+\ No newline at end of file
++CONFIG_DM_GPIO=y
++CONFIG_SYSRESET_PSCI=y
+\ No newline at end of file
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0029-corstone1000-set-kernel_addr-based-on-boot_idx.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0029-corstone1000-set-kernel_addr-based-on-boot_idx.patch
deleted file mode 100644
index 6ad4648..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0029-corstone1000-set-kernel_addr-based-on-boot_idx.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-From c547f3335ddff71a7f4915dc0c99ccbcdbf24b54 Mon Sep 17 00:00:00 2001
-From: Rui Miguel Silva <rui.silva@linaro.org>
-Date: Tue, 18 Jul 2023 12:14:47 +0100
-Subject: [PATCH 29/33] corstone1000: set kernel_addr based on boot_idx
-
-We need to distinguish between boot banks and from which
-partition to load the kernel+initramfs to memory.
-
-For that, fetch the boot index, fetch the correspondent
-partition, calculate the correct kernel address and
-then set the env variable kernel_addr with that value.
-
-Upstream-Status: Pending
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- board/armltd/corstone1000/corstone1000.c   | 58 +++++++++++++++++++++-
- board/armltd/corstone1000/corstone1000.env |  8 ---
- configs/corstone1000_defconfig             |  1 +
- 3 files changed, 58 insertions(+), 9 deletions(-)
-
-diff --git a/board/armltd/corstone1000/corstone1000.c b/board/armltd/corstone1000/corstone1000.c
-index ba6d024b80..a045262ebb 100644
---- a/board/armltd/corstone1000/corstone1000.c
-+++ b/board/armltd/corstone1000/corstone1000.c
-@@ -5,15 +5,25 @@
-  * Rui Miguel Silva <rui.silva@linaro.org>
-  */
- 
-+#include <blk.h>
- #include <common.h>
- #include <cpu_func.h>
- #include <dm.h>
-+#include <env.h>
- #include <fwu.h>
- #include <netdev.h>
-+#include <nvmxip.h>
-+#include <part.h>
- #include <dm/platform_data/serial_pl01x.h>
- #include <asm/armv8/mmu.h>
- #include <asm/global_data.h>
- 
-+#define CORSTONE1000_KERNEL_PARTS 2
-+#define CORSTONE1000_KERNEL_PRIMARY "kernel_primary"
-+#define CORSTONE1000_KERNEL_SECONDARY "kernel_secondary"
-+
-+static int corstone1000_boot_idx;
-+
- static struct mm_region corstone1000_mem_map[] = {
- 	{
- 		/* CVM */
-@@ -110,5 +120,51 @@ int dram_init_banksize(void)
- 
- void fwu_plat_get_bootidx(uint *boot_idx)
- {
--	*boot_idx = 0;
-+	*boot_idx = corstone1000_boot_idx;
-+}
-+
-+int board_late_init(void)
-+{
-+	struct disk_partition part_info;
-+	struct udevice *dev, *bdev;
-+	struct nvmxip_plat *plat;
-+	struct blk_desc *desc;
-+	int ret;
-+
-+	ret = uclass_first_device_err(UCLASS_NVMXIP, &dev);
-+	if (ret < 0) {
-+		log_err("Cannot find kernel device\n");
-+		return ret;
-+	}
-+
-+	plat = dev_get_plat(dev);
-+	device_find_first_child(dev, &bdev);
-+	desc = dev_get_uclass_plat(bdev);
-+	ret = fwu_get_active_index(&corstone1000_boot_idx);
-+	if (ret < 0)
-+		log_err("corstone1000: failed to read boot index\n");
-+
-+	if (!corstone1000_boot_idx)
-+		ret = part_get_info_by_name(desc, CORSTONE1000_KERNEL_PRIMARY,
-+					    &part_info);
-+	else
-+		ret = part_get_info_by_name(desc, CORSTONE1000_KERNEL_SECONDARY,
-+					    &part_info);
-+
-+	if (ret < 0) {
-+		log_err("failed to fetch kernel partition index: %d\n",
-+			corstone1000_boot_idx);
-+		return ret;
-+	}
-+
-+	ret = 0;
-+
-+	ret |= env_set_hex("kernel_addr", plat->phys_base +
-+			   (part_info.start * part_info.blksz));
-+	ret |= env_set_hex("kernel_size", part_info.size * part_info.blksz);
-+
-+	if (ret < 0)
-+		log_err("failed to setup kernel addr and size\n");
-+
-+	return ret;
- }
-diff --git a/board/armltd/corstone1000/corstone1000.env b/board/armltd/corstone1000/corstone1000.env
-index a6ee496221..ee318b1b1c 100644
---- a/board/armltd/corstone1000/corstone1000.env
-+++ b/board/armltd/corstone1000/corstone1000.env
-@@ -2,12 +2,4 @@
- 
- usb_pgood_delay=250
- boot_bank_flag=0x08005006
--kernel_addr_bank_0=0x08280000
--kernel_addr_bank_1=0x0936E000
--retrieve_kernel_load_addr=
--	if itest.l *${boot_bank_flag} == 0; then
--		setenv kernel_addr $kernel_addr_bank_0;
--	else
--		setenv kernel_addr $kernel_addr_bank_1;
--	fi;
- kernel_addr_r=0x88200000
-diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
-index 4c75a01818..0232131a11 100644
---- a/configs/corstone1000_defconfig
-+++ b/configs/corstone1000_defconfig
-@@ -20,6 +20,7 @@ CONFIG_CONSOLE_RECORD=y
- CONFIG_LOGLEVEL=7
- # CONFIG_DISPLAY_CPUINFO is not set
- # CONFIG_DISPLAY_BOARDINFO is not set
-+CONFIG_BOARD_LATE_INIT=y
- CONFIG_SYS_MAXARGS=64
- CONFIG_SYS_CBSIZE=512
- # CONFIG_CMD_CONSOLE is not set
--- 
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0030-Enable-EFI-set-get-time-services.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0030-Enable-EFI-set-get-time-services.patch
new file mode 100644
index 0000000..437ee88
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0030-Enable-EFI-set-get-time-services.patch
@@ -0,0 +1,33 @@
+From 8ee7a9c05eb1abe10be139f439f2adf638614290 Mon Sep 17 00:00:00 2001
+From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
+Date: Tue, 18 Jul 2023 12:21:39 +0100
+Subject: [PATCH 30/38] Enable EFI set/get time services
+
+SetTime_Conf and SetTime_Func tests in UEFI SCT test suite of ACS
+fails with unsupported return value. CONFIG_EFI_SET_TIME and
+CONFIG_EFI_GET_TIME config values are added to enable these EFI
+services.
+
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+---
+ configs/corstone1000_defconfig | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
+index ccd558cfce..a0af413de8 100644
+--- a/configs/corstone1000_defconfig
++++ b/configs/corstone1000_defconfig
+@@ -74,4 +74,6 @@ CONFIG_EFI_IGNORE_OSINDICATIONS=y
+ CONFIG_FWU_MULTI_BANK_UPDATE=y
+ # CONFIG_TOOLS_MKEFICAPSULE is not set
+ CONFIG_DM_GPIO=y
+-CONFIG_SYSRESET_PSCI=y
+\ No newline at end of file
++CONFIG_SYSRESET_PSCI=y
++CONFIG_EFI_SET_TIME=y
++CONFIG_EFI_GET_TIME=y
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0030-corstone1000-boot-index-from-active.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0030-corstone1000-boot-index-from-active.patch
deleted file mode 100644
index e59a434..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0030-corstone1000-boot-index-from-active.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From faeeeecba2a7c8c507280ce369e3779f7c63d1e4 Mon Sep 17 00:00:00 2001
-From: Rui Miguel Silva <rui.silva@linaro.org>
-Date: Mon, 27 Feb 2023 14:40:13 +0000
-Subject: [PATCH 30/33] corstone1000: boot index from active
-
-In our platform, the Secure Enclave is the one who control
-all the boot tries and status, so, every time we get here
-we know that the we are booting from the active index.
-
-Upstream-Status: Pending
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
-Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
----
- board/armltd/corstone1000/corstone1000.c | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/board/armltd/corstone1000/corstone1000.c b/board/armltd/corstone1000/corstone1000.c
-index a045262ebb..53c65506d5 100644
---- a/board/armltd/corstone1000/corstone1000.c
-+++ b/board/armltd/corstone1000/corstone1000.c
-@@ -120,7 +120,16 @@ int dram_init_banksize(void)
- 
- void fwu_plat_get_bootidx(uint *boot_idx)
- {
--	*boot_idx = corstone1000_boot_idx;
-+	int ret;
-+
-+	/*
-+	 * in our platform, the Secure Enclave is the one who control
-+	 * all the boot tries and status, so, every time we get here
-+	 * we know that the we are booting from the active index
-+	 */
-+	ret = fwu_get_active_index(boot_idx);
-+	if (ret < 0)
-+		log_err("corstone1000: failed to read active index err %d\n", ret);
- }
- 
- int board_late_init(void)
--- 
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0031-corstone1000-detect-inflated-kernel-size.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0031-corstone1000-detect-inflated-kernel-size.patch
new file mode 100644
index 0000000..0a61fd4
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0031-corstone1000-detect-inflated-kernel-size.patch
@@ -0,0 +1,29 @@
+From b65511da443c07b45151b30ea2dc280219f4252b Mon Sep 17 00:00:00 2001
+From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Date: Fri, 11 Aug 2023 10:41:19 +0100
+Subject: [PATCH 31/38] corstone1000: detect inflated kernel size
+
+use filesize variable set by unzip command
+
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+---
+ configs/corstone1000_defconfig | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
+index a0af413de8..5b0b2ac3bf 100644
+--- a/configs/corstone1000_defconfig
++++ b/configs/corstone1000_defconfig
+@@ -15,7 +15,7 @@ CONFIG_DISTRO_DEFAULTS=y
+ CONFIG_BOOTDELAY=3
+ CONFIG_USE_BOOTARGS=y
+ CONFIG_BOOTARGS="console=ttyAMA0 loglevel=9 ip=dhcp earlyprintk"
+-CONFIG_BOOTCOMMAND="echo Loading kernel from $kernel_addr to memory ... ; unzip $kernel_addr 0x90000000; loadm 0x90000000 $kernel_addr_r 0xf00000; usb start; usb reset; run distro_bootcmd; bootefi $kernel_addr_r $fdtcontroladdr;"
++CONFIG_BOOTCOMMAND="echo Loading kernel from $kernel_addr to memory ... ; unzip $kernel_addr 0x90000000; loadm 0x90000000 $kernel_addr_r $filesize; usb start; usb reset; run distro_bootcmd; bootefi $kernel_addr_r $fdtcontroladdr;"
+ CONFIG_CONSOLE_RECORD=y
+ CONFIG_LOGLEVEL=7
+ # CONFIG_DISPLAY_CPUINFO is not set
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0031-corstone1000-enable-PSCI-reset.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0031-corstone1000-enable-PSCI-reset.patch
deleted file mode 100644
index 9ba0205..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0031-corstone1000-enable-PSCI-reset.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 0524aa417c4989bf03366f13a2456b3bcb72fb87 Mon Sep 17 00:00:00 2001
-From: Emekcan Aras <emekcan.aras@arm.com>
-Date: Tue, 18 Jul 2023 12:19:17 +0100
-Subject: [PATCH 31/33] corstone1000: enable PSCI reset
-
-Even though corstone1000 does not implement entire PSCI APIs,it relies on
-PSCI reset interface for the system reset. U-boot change the config name, so we
-need to enable it again.
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
----
- configs/corstone1000_defconfig | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
-index 0232131a11..ccd558cfce 100644
---- a/configs/corstone1000_defconfig
-+++ b/configs/corstone1000_defconfig
-@@ -73,4 +73,5 @@ CONFIG_EFI_CAPSULE_ON_DISK=y
- CONFIG_EFI_IGNORE_OSINDICATIONS=y
- CONFIG_FWU_MULTI_BANK_UPDATE=y
- # CONFIG_TOOLS_MKEFICAPSULE is not set
--CONFIG_DM_GPIO=y
-\ No newline at end of file
-+CONFIG_DM_GPIO=y
-+CONFIG_SYSRESET_PSCI=y
-\ No newline at end of file
--- 
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0032-Enable-EFI-set-get-time-services.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0032-Enable-EFI-set-get-time-services.patch
deleted file mode 100644
index acc35f1..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0032-Enable-EFI-set-get-time-services.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 0ba2b25a9c1dd9c63615bf6830cfb470f33a31b5 Mon Sep 17 00:00:00 2001
-From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-Date: Tue, 18 Jul 2023 12:21:39 +0100
-Subject: [PATCH 32/33] Enable EFI set/get time services
-
-SetTime_Conf and SetTime_Func tests in UEFI SCT test suite of ACS
-fails with unsupported return value. CONFIG_EFI_SET_TIME and
-CONFIG_EFI_GET_TIME config values are added to enable these EFI
-services.
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
----
- configs/corstone1000_defconfig | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
-index ccd558cfce..a0af413de8 100644
---- a/configs/corstone1000_defconfig
-+++ b/configs/corstone1000_defconfig
-@@ -74,4 +74,6 @@ CONFIG_EFI_IGNORE_OSINDICATIONS=y
- CONFIG_FWU_MULTI_BANK_UPDATE=y
- # CONFIG_TOOLS_MKEFICAPSULE is not set
- CONFIG_DM_GPIO=y
--CONFIG_SYSRESET_PSCI=y
-\ No newline at end of file
-+CONFIG_SYSRESET_PSCI=y
-+CONFIG_EFI_SET_TIME=y
-+CONFIG_EFI_GET_TIME=y
--- 
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0032-corstone1000-ESRT-add-unique-firmware-GUID.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0032-corstone1000-ESRT-add-unique-firmware-GUID.patch
new file mode 100644
index 0000000..34e4545
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0032-corstone1000-ESRT-add-unique-firmware-GUID.patch
@@ -0,0 +1,47 @@
+From 7e63d4982fd4436d9d0d9abebd9e0ed1473f5237 Mon Sep 17 00:00:00 2001
+From: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
+Date: Tue, 8 Aug 2023 10:24:39 +0000
+Subject: [PATCH 32/38] corstone1000: ESRT: add unique firmware GUID
+
+Add unique Corstone-1000 firmware GUID
+
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
+---
+ lib/efi_loader/efi_firmware.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c
+index c6ab6e2182..7792a6aa83 100644
+--- a/lib/efi_loader/efi_firmware.c
++++ b/lib/efi_loader/efi_firmware.c
+@@ -20,12 +20,12 @@
+ #define FMP_PAYLOAD_HDR_SIGNATURE	SIGNATURE_32('M', 'S', 'S', '1')
+ 
+ #if CONFIG_IS_ENABLED(TARGET_CORSTONE1000)
+-#define EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID \
+-	EFI_GUID(0xe2bb9c06, 0x70e9, 0x4b14, 0x97, 0xa3, \
+-		 0x5a, 0x79, 0x13, 0x17, 0x6e, 0x3f)
++/* Firmware GUID */
++#define EFI_CORSTONE1000_FIRMWARE_GUID \
++	EFI_GUID(0x989f3a4e, 0x46e0, 0x4cd0, 0x98, 0x77, \
++		 0xa2, 0x5c, 0x70, 0xc0, 0x13, 0x29)
+ 
+- const efi_guid_t efi_firmware_image_type_uboot_raw =
+-				EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID;
++efi_guid_t corstone1000_firmware_guid = EFI_CORSTONE1000_FIRMWARE_GUID;
+ 
+ static efi_status_t efi_corstone1000_img_info_get (
+ 	efi_uintn_t *image_info_size,
+@@ -353,7 +353,7 @@ efi_status_t EFIAPI efi_firmware_get_image_info(
+ 			       descriptor_version, descriptor_count,
+ 			       descriptor_size,
+ 			       package_version, package_version_name,
+-			       &efi_firmware_image_type_uboot_raw);
++			       &corstone1000_firmware_guid);
+ #else
+ 	ret = efi_fill_image_desc_array(image_info_size, image_info,
+ 					descriptor_version, descriptor_count,
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0033-corstone1000-detect-inflated-kernel-size.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0033-corstone1000-detect-inflated-kernel-size.patch
deleted file mode 100644
index 9fd5b33..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0033-corstone1000-detect-inflated-kernel-size.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From b57e05e95735b9b58e81b7a67f483b645c56811e Mon Sep 17 00:00:00 2001
-From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-Date: Fri, 11 Aug 2023 10:41:19 +0100
-Subject: [PATCH] corstone1000: detect inflated kernel size
-
-use filesize variable set by unzip command
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
----
- configs/corstone1000_defconfig | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
-index b6b1ccdd78..8a10bca069 100644
---- a/configs/corstone1000_defconfig
-+++ b/configs/corstone1000_defconfig
-@@ -17,7 +17,7 @@ CONFIG_FIT=y
- CONFIG_BOOTDELAY=3
- CONFIG_USE_BOOTARGS=y
- CONFIG_BOOTARGS="console=ttyAMA0 loglevel=9 ip=dhcp earlyprintk"
--CONFIG_BOOTCOMMAND="echo Loading kernel from $kernel_addr to memory ... ; unzip $kernel_addr 0x90000000; loadm 0x90000000 $kernel_addr_r 0xf00000; usb start; usb reset; run distro_bootcmd; bootefi $kernel_addr_r $fdtcontroladdr;"
-+CONFIG_BOOTCOMMAND="echo Loading kernel from $kernel_addr to memory ... ; unzip $kernel_addr 0x90000000; loadm 0x90000000 $kernel_addr_r $filesize; usb start; usb reset; run distro_bootcmd; bootefi $kernel_addr_r $fdtcontroladdr;"
- CONFIG_CONSOLE_RECORD=y
- CONFIG_LOGLEVEL=7
- # CONFIG_DISPLAY_CPUINFO is not set
--- 
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0033-dt-Provide-a-way-to-remove-non-compliant-nodes-and-p.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0033-dt-Provide-a-way-to-remove-non-compliant-nodes-and-p.patch
new file mode 100644
index 0000000..ea5e0ef
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0033-dt-Provide-a-way-to-remove-non-compliant-nodes-and-p.patch
@@ -0,0 +1,137 @@
+From a8ecc3ce0fcabb2414a000b7c8bfe3ce46d4392c Mon Sep 17 00:00:00 2001
+From: Sughosh Ganu <sughosh.ganu@linaro.org>
+Date: Thu, 21 Sep 2023 14:13:42 +0100
+Subject: [PATCH 33/38] dt: Provide a way to remove non-compliant nodes and
+ properties
+
+Add a function which is registered to spy for a EVT_FT_FIXUP event,
+and removes the non upstreamed nodes and properties from the
+devicetree before it gets passed to the OS.
+
+This allows removing entire nodes, or specific properties under nodes
+from the devicetree. The required nodes and properties can be
+registered for removal through the DT_NON_COMPLIANT_PURGE and
+DT_NON_COMPLIANT_PURGE_LIST macros.
+
+Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
+Upstream-Status: Submitted [RFC: https://lore.kernel.org/u-boot/aca7e6fa-2dec-a7c5-e47e-84c5ffa6f9b7@gmx.de/T/#m16d14ee960427cc88066bdcdd76f0a26738bb66d]
+---
+ include/dt-structs.h | 11 +++++++
+ lib/Makefile         |  1 +
+ lib/dt_purge.c       | 73 ++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 85 insertions(+)
+ create mode 100644 lib/dt_purge.c
+
+diff --git a/include/dt-structs.h b/include/dt-structs.h
+index fa1622cb1d..f535c60471 100644
+--- a/include/dt-structs.h
++++ b/include/dt-structs.h
+@@ -57,3 +57,14 @@ struct phandle_2_arg {
+ #endif
+ 
+ #endif
++
++struct dt_non_compliant_purge {
++	const char *node_path;
++	const char *prop;
++};
++
++#define DT_NON_COMPLIANT_PURGE(__name)	\
++	ll_entry_declare(struct dt_non_compliant_purge, __name, dt_purge)
++
++#define DT_NON_COMPLIANT_PURGE_LIST(__name)	\
++	ll_entry_declare_list(struct dt_non_compliant_purge, __name, dt_purge)
+diff --git a/lib/Makefile b/lib/Makefile
+index 8d8ccc8bbc..82a906daa0 100644
+--- a/lib/Makefile
++++ b/lib/Makefile
+@@ -37,6 +37,7 @@ endif
+ obj-y += crc8.o
+ obj-y += crc16.o
+ obj-y += crc16-ccitt.o
++obj-y += dt_purge.o
+ obj-$(CONFIG_ERRNO_STR) += errno_str.o
+ obj-$(CONFIG_FIT) += fdtdec_common.o
+ obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o
+diff --git a/lib/dt_purge.c b/lib/dt_purge.c
+new file mode 100644
+index 0000000000..f893ba9796
+--- /dev/null
++++ b/lib/dt_purge.c
+@@ -0,0 +1,73 @@
++// SPDX-License-Identifier: GPL-2.0-or-later
++/*
++ * Copyright (c) 2023, Linaro Limited
++ */
++
++#include <dt-structs.h>
++#include <event.h>
++#include <linker_lists.h>
++
++#include <linux/libfdt.h>
++
++/**
++ * dt_non_compliant_purge() -	Remove non-upstreamed nodes and properties
++ *				from the DT
++ * @ctx: Context for event
++ * @event: Event to process
++ *
++ * Iterate through an array of DT nodes and properties, and remove them
++ * from the device-tree before the DT gets handed over to the kernel.
++ * These are nodes and properties which do not have upstream bindings
++ * and need to be purged before being handed over to the kernel.
++ *
++ * If both the node and property are specified, delete the property. If
++ * only the node is specified, delete the entire node, including it's
++ * subnodes, if any.
++ *
++ * Return: 0 if OK, -ve on error
++ */
++static int dt_non_compliant_purge(void *ctx, struct event *event)
++{
++	int nodeoff = 0;
++	int err = 0;
++	void *fdt;
++	const struct event_ft_fixup *fixup = &event->data.ft_fixup;
++	struct dt_non_compliant_purge *purge_entry;
++	struct dt_non_compliant_purge *purge_start =
++		ll_entry_start(struct dt_non_compliant_purge, dt_purge);
++	int nentries = ll_entry_count(struct dt_non_compliant_purge, dt_purge);
++
++	if (fixup->images)
++		return 0;
++
++	fdt = fixup->tree.fdt;
++	for (purge_entry = purge_start; purge_entry != purge_start + nentries;
++	     purge_entry++) {
++		nodeoff = fdt_path_offset(fdt, purge_entry->node_path);
++		if (nodeoff < 0) {
++			log_debug("Error (%d) getting node offset for %s\n",
++				  nodeoff, purge_entry->node_path);
++			continue;
++		}
++
++		if (purge_entry->prop) {
++			err = fdt_delprop(fdt, nodeoff, purge_entry->prop);
++			if (err < 0 && err != -FDT_ERR_NOTFOUND) {
++				log_debug("Error (%d) deleting %s\n",
++					  err, purge_entry->prop);
++				goto out;
++			}
++		} else {
++			err = fdt_del_node(fdt, nodeoff);
++			if (err) {
++				log_debug("Error (%d) trying to delete node %s\n",
++					  err, purge_entry->node_path);
++				goto out;
++			}
++		}
++	}
++
++out:
++	return err;
++}
++EVENT_SPY(EVT_FT_FIXUP, dt_non_compliant_purge);
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0034-bootefi-Call-the-EVT_FT_FIXUP-event-handler.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0034-bootefi-Call-the-EVT_FT_FIXUP-event-handler.patch
new file mode 100644
index 0000000..c44b6e3
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0034-bootefi-Call-the-EVT_FT_FIXUP-event-handler.patch
@@ -0,0 +1,56 @@
+From 829e5d3a505452fbdb420432dc885903332a8cdc Mon Sep 17 00:00:00 2001
+From: Sughosh Ganu <sughosh.ganu@linaro.org>
+Date: Thu, 21 Sep 2023 14:15:13 +0100
+Subject: [PATCH 34/38] bootefi: Call the EVT_FT_FIXUP event handler
+
+The bootefi command passes the devicetree to the kernel through the
+EFI config table. Call the event handlers for fixing the devicetree
+before jumping into the kernel. This removes any devicetree nodes
+and/or properties that are specific only to U-Boot, and are not to be
+passed to the OS.
+
+Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
+Upstream-Status: Submitted [RFC: https://lore.kernel.org/u-boot/aca7e6fa-2dec-a7c5-e47e-84c5ffa6f9b7@gmx.de/T/#m16d14ee960427cc88066bdcdd76f0a26738bb66d]
+---
+ cmd/bootefi.c | 18 ++++++++++++++++++
+ 1 file changed, 18 insertions(+)
+
+diff --git a/cmd/bootefi.c b/cmd/bootefi.c
+index 5c0afec154..f9588b66c7 100644
+--- a/cmd/bootefi.c
++++ b/cmd/bootefi.c
+@@ -237,6 +237,23 @@ static void *get_config_table(const efi_guid_t *guid)
+ 	return NULL;
+ }
+ 
++/**
++ * event_notify_dt_fixup() - call ft_fixup event
++ *
++ * @fdt:	address of the device tree to be passed to the kernel
++ *		through the configuration table
++ * Return:	None
++ */
++static void event_notify_dt_fixup(void *fdt)
++{
++	int ret;
++	struct event_ft_fixup fixup = {0};
++
++	fixup.tree.fdt = fdt;
++	ret = event_notify(EVT_FT_FIXUP, &fixup, sizeof(fixup));
++	if (ret)
++		printf("Error: %d: FDT Fixup event failed\n", ret);
++}
+ #endif /* !CONFIG_IS_ENABLED(GENERATE_ACPI_TABLE) */
+ 
+ /**
+@@ -318,6 +335,7 @@ efi_status_t efi_install_fdt(void *fdt)
+ 	efi_carve_out_dt_rsv(fdt);
+ 
+ 	efi_try_purge_kaslr_seed(fdt);
++	event_notify_dt_fixup(fdt);
+ 
+ 	if (CONFIG_IS_ENABLED(EFI_TCG2_PROTOCOL_MEASURE_DTB)) {
+ 		ret = efi_tcg2_measure_dtb(fdt);
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0034-corstone1000-ESRT-add-unique-firmware-GUID.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0034-corstone1000-ESRT-add-unique-firmware-GUID.patch
deleted file mode 100644
index 197a069..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0034-corstone1000-ESRT-add-unique-firmware-GUID.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 98b33cc6b3a56f56224e0a6fe6c3564de7b1341a Mon Sep 17 00:00:00 2001
-From: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
-Date: Tue, 8 Aug 2023 10:24:39 +0000
-Subject: [PATCH] corstone1000: ESRT: add unique firmware GUID
-
-Add unique Corstone-1000 firmware GUID
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Anusmita Dutta Mazumder <anusmita.duttamazumder@arm.com>
----
- lib/efi_loader/efi_firmware.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c
-index 6135f8ed1c..c9117ae2b2 100644
---- a/lib/efi_loader/efi_firmware.c
-+++ b/lib/efi_loader/efi_firmware.c
-@@ -20,12 +20,12 @@
- #define FMP_PAYLOAD_HDR_SIGNATURE	SIGNATURE_32('M', 'S', 'S', '1')
- 
- #if CONFIG_IS_ENABLED(TARGET_CORSTONE1000)
--#define EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID \
--	EFI_GUID(0xe2bb9c06, 0x70e9, 0x4b14, 0x97, 0xa3, \
--		 0x5a, 0x79, 0x13, 0x17, 0x6e, 0x3f)
-+/* Firmware GUID */
-+#define EFI_CORSTONE1000_FIRMWARE_GUID \
-+	EFI_GUID(0x989f3a4e, 0x46e0, 0x4cd0, 0x98, 0x77, \
-+		 0xa2, 0x5c, 0x70, 0xc0, 0x13, 0x29)
- 
-- const efi_guid_t efi_firmware_image_type_uboot_raw =
--				EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID;
-+efi_guid_t corstone1000_firmware_guid = EFI_CORSTONE1000_FIRMWARE_GUID;
- 
- static efi_status_t efi_corstone1000_img_info_get (
- 	efi_uintn_t *image_info_size,
-@@ -353,7 +353,7 @@ efi_status_t EFIAPI efi_firmware_get_image_info(
- 			       descriptor_version, descriptor_count,
- 			       descriptor_size,
- 			       package_version, package_version_name,
--			       &efi_firmware_image_type_uboot_raw);
-+			       &corstone1000_firmware_guid);
- #else
- 	ret = efi_fill_image_desc_array(image_info_size, image_info,
- 					descriptor_version, descriptor_count,
--- 
-2.38.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0035-corstone1000-purge-U-Boot-specific-DT-nodes.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0035-corstone1000-purge-U-Boot-specific-DT-nodes.patch
new file mode 100644
index 0000000..230ebe6
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0035-corstone1000-purge-U-Boot-specific-DT-nodes.patch
@@ -0,0 +1,51 @@
+From 3654cebe9449584aa94563b2252c267b926219c9 Mon Sep 17 00:00:00 2001
+From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Date: Thu, 21 Sep 2023 15:24:34 +0100
+Subject: [PATCH 35/38] corstone1000: purge U-Boot specific DT nodes
+
+Remove U-Boot specific DT nodes before passing the DT to Linux
+
+This is needed to pass SystemReady IR 2.0 dt-schema tests
+
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Upstream-Status: Pending [RFC: https://lore.kernel.org/u-boot/aca7e6fa-2dec-a7c5-e47e-84c5ffa6f9b7@gmx.de/T/#m16d14ee960427cc88066bdcdd76f0a26738bb66d]
+---
+ board/armltd/corstone1000/corstone1000.c | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/board/armltd/corstone1000/corstone1000.c b/board/armltd/corstone1000/corstone1000.c
+index 53c65506d5..e3c0e5bf50 100644
+--- a/board/armltd/corstone1000/corstone1000.c
++++ b/board/armltd/corstone1000/corstone1000.c
+@@ -9,6 +9,7 @@
+ #include <common.h>
+ #include <cpu_func.h>
+ #include <dm.h>
++#include <dt-structs.h>
+ #include <env.h>
+ #include <fwu.h>
+ #include <netdev.h>
+@@ -18,6 +19,20 @@
+ #include <asm/armv8/mmu.h>
+ #include <asm/global_data.h>
+ 
++/* remove the DT nodes not needed in Linux */
++DT_NON_COMPLIANT_PURGE_LIST(foo) = {
++	{ .node_path = "/fwu-mdata" },
++	{ .node_path = "/nvmxip-qspi@08000000" },
++	{ .node_path = "/soc/mailbox@1b820000" },
++	{ .node_path = "/soc/mailbox@1b830000" },
++	{ .node_path = "/soc/mhu@1b000000" },
++	{ .node_path = "/soc/mhu@1b010000" },
++	{ .node_path = "/soc/mhu@1b020000" },
++	{ .node_path = "/soc/mhu@1b030000" },
++	{ .node_path = "/soc/client" },
++	{ .node_path = "/soc/extsys@1A010310" },
++};
++
+ #define CORSTONE1000_KERNEL_PARTS 2
+ #define CORSTONE1000_KERNEL_PRIMARY "kernel_primary"
+ #define CORSTONE1000_KERNEL_SECONDARY "kernel_secondary"
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0035-dt-Provide-a-way-to-remove-non-compliant-nodes-and-p.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0035-dt-Provide-a-way-to-remove-non-compliant-nodes-and-p.patch
deleted file mode 100644
index 25a7aa3..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0035-dt-Provide-a-way-to-remove-non-compliant-nodes-and-p.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-From a37ab0c2578a4627111022d2d1f27f9efa1c2b76 Mon Sep 17 00:00:00 2001
-From: Sughosh Ganu <sughosh.ganu@linaro.org>
-Date: Thu, 21 Sep 2023 14:13:42 +0100
-Subject: [PATCH 35/37] dt: Provide a way to remove non-compliant nodes and
- properties
-
-Add a function which is registered to spy for a EVT_FT_FIXUP event,
-and removes the non upstreamed nodes and properties from the
-devicetree before it gets passed to the OS.
-
-This allows removing entire nodes, or specific properties under nodes
-from the devicetree. The required nodes and properties can be
-registered for removal through the DT_NON_COMPLIANT_PURGE and
-DT_NON_COMPLIANT_PURGE_LIST macros.
-
-Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
-Upstream-Status: Submitted [RFC: https://lore.kernel.org/u-boot/aca7e6fa-2dec-a7c5-e47e-84c5ffa6f9b7@gmx.de/T/#m16d14ee960427cc88066bdcdd76f0a26738bb66d]
----
- include/dt-structs.h | 11 +++++++
- lib/Makefile         |  1 +
- lib/dt_purge.c       | 73 ++++++++++++++++++++++++++++++++++++++++++++
- 3 files changed, 85 insertions(+)
- create mode 100644 lib/dt_purge.c
-
-diff --git a/include/dt-structs.h b/include/dt-structs.h
-index fa1622cb1d..f535c60471 100644
---- a/include/dt-structs.h
-+++ b/include/dt-structs.h
-@@ -57,3 +57,14 @@ struct phandle_2_arg {
- #endif
- 
- #endif
-+
-+struct dt_non_compliant_purge {
-+	const char *node_path;
-+	const char *prop;
-+};
-+
-+#define DT_NON_COMPLIANT_PURGE(__name)	\
-+	ll_entry_declare(struct dt_non_compliant_purge, __name, dt_purge)
-+
-+#define DT_NON_COMPLIANT_PURGE_LIST(__name)	\
-+	ll_entry_declare_list(struct dt_non_compliant_purge, __name, dt_purge)
-diff --git a/lib/Makefile b/lib/Makefile
-index 8d8ccc8bbc..82a906daa0 100644
---- a/lib/Makefile
-+++ b/lib/Makefile
-@@ -37,6 +37,7 @@ endif
- obj-y += crc8.o
- obj-y += crc16.o
- obj-y += crc16-ccitt.o
-+obj-y += dt_purge.o
- obj-$(CONFIG_ERRNO_STR) += errno_str.o
- obj-$(CONFIG_FIT) += fdtdec_common.o
- obj-$(CONFIG_TEST_FDTDEC) += fdtdec_test.o
-diff --git a/lib/dt_purge.c b/lib/dt_purge.c
-new file mode 100644
-index 0000000000..f893ba9796
---- /dev/null
-+++ b/lib/dt_purge.c
-@@ -0,0 +1,73 @@
-+// SPDX-License-Identifier: GPL-2.0-or-later
-+/*
-+ * Copyright (c) 2023, Linaro Limited
-+ */
-+
-+#include <dt-structs.h>
-+#include <event.h>
-+#include <linker_lists.h>
-+
-+#include <linux/libfdt.h>
-+
-+/**
-+ * dt_non_compliant_purge() -	Remove non-upstreamed nodes and properties
-+ *				from the DT
-+ * @ctx: Context for event
-+ * @event: Event to process
-+ *
-+ * Iterate through an array of DT nodes and properties, and remove them
-+ * from the device-tree before the DT gets handed over to the kernel.
-+ * These are nodes and properties which do not have upstream bindings
-+ * and need to be purged before being handed over to the kernel.
-+ *
-+ * If both the node and property are specified, delete the property. If
-+ * only the node is specified, delete the entire node, including it's
-+ * subnodes, if any.
-+ *
-+ * Return: 0 if OK, -ve on error
-+ */
-+static int dt_non_compliant_purge(void *ctx, struct event *event)
-+{
-+	int nodeoff = 0;
-+	int err = 0;
-+	void *fdt;
-+	const struct event_ft_fixup *fixup = &event->data.ft_fixup;
-+	struct dt_non_compliant_purge *purge_entry;
-+	struct dt_non_compliant_purge *purge_start =
-+		ll_entry_start(struct dt_non_compliant_purge, dt_purge);
-+	int nentries = ll_entry_count(struct dt_non_compliant_purge, dt_purge);
-+
-+	if (fixup->images)
-+		return 0;
-+
-+	fdt = fixup->tree.fdt;
-+	for (purge_entry = purge_start; purge_entry != purge_start + nentries;
-+	     purge_entry++) {
-+		nodeoff = fdt_path_offset(fdt, purge_entry->node_path);
-+		if (nodeoff < 0) {
-+			log_debug("Error (%d) getting node offset for %s\n",
-+				  nodeoff, purge_entry->node_path);
-+			continue;
-+		}
-+
-+		if (purge_entry->prop) {
-+			err = fdt_delprop(fdt, nodeoff, purge_entry->prop);
-+			if (err < 0 && err != -FDT_ERR_NOTFOUND) {
-+				log_debug("Error (%d) deleting %s\n",
-+					  err, purge_entry->prop);
-+				goto out;
-+			}
-+		} else {
-+			err = fdt_del_node(fdt, nodeoff);
-+			if (err) {
-+				log_debug("Error (%d) trying to delete node %s\n",
-+					  err, purge_entry->node_path);
-+				goto out;
-+			}
-+		}
-+	}
-+
-+out:
-+	return err;
-+}
-+EVENT_SPY(EVT_FT_FIXUP, dt_non_compliant_purge);
--- 
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0036-bootefi-Call-the-EVT_FT_FIXUP-event-handler.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0036-bootefi-Call-the-EVT_FT_FIXUP-event-handler.patch
deleted file mode 100644
index 2eb273a..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0036-bootefi-Call-the-EVT_FT_FIXUP-event-handler.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 729c0163ae6aed76b3267b95d2989e70ded66716 Mon Sep 17 00:00:00 2001
-From: Sughosh Ganu <sughosh.ganu@linaro.org>
-Date: Thu, 21 Sep 2023 14:15:13 +0100
-Subject: [PATCH 36/37] bootefi: Call the EVT_FT_FIXUP event handler
-
-The bootefi command passes the devicetree to the kernel through the
-EFI config table. Call the event handlers for fixing the devicetree
-before jumping into the kernel. This removes any devicetree nodes
-and/or properties that are specific only to U-Boot, and are not to be
-passed to the OS.
-
-Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org>
-Upstream-Status: Submitted [RFC: https://lore.kernel.org/u-boot/aca7e6fa-2dec-a7c5-e47e-84c5ffa6f9b7@gmx.de/T/#m16d14ee960427cc88066bdcdd76f0a26738bb66d]
----
- cmd/bootefi.c | 18 ++++++++++++++++++
- 1 file changed, 18 insertions(+)
-
-diff --git a/cmd/bootefi.c b/cmd/bootefi.c
-index 5c0afec154..f9588b66c7 100644
---- a/cmd/bootefi.c
-+++ b/cmd/bootefi.c
-@@ -237,6 +237,23 @@ static void *get_config_table(const efi_guid_t *guid)
- 	return NULL;
- }
- 
-+/**
-+ * event_notify_dt_fixup() - call ft_fixup event
-+ *
-+ * @fdt:	address of the device tree to be passed to the kernel
-+ *		through the configuration table
-+ * Return:	None
-+ */
-+static void event_notify_dt_fixup(void *fdt)
-+{
-+	int ret;
-+	struct event_ft_fixup fixup = {0};
-+
-+	fixup.tree.fdt = fdt;
-+	ret = event_notify(EVT_FT_FIXUP, &fixup, sizeof(fixup));
-+	if (ret)
-+		printf("Error: %d: FDT Fixup event failed\n", ret);
-+}
- #endif /* !CONFIG_IS_ENABLED(GENERATE_ACPI_TABLE) */
- 
- /**
-@@ -318,6 +335,7 @@ efi_status_t efi_install_fdt(void *fdt)
- 	efi_carve_out_dt_rsv(fdt);
- 
- 	efi_try_purge_kaslr_seed(fdt);
-+	event_notify_dt_fixup(fdt);
- 
- 	if (CONFIG_IS_ENABLED(EFI_TCG2_PROTOCOL_MEASURE_DTB)) {
- 		ret = efi_tcg2_measure_dtb(fdt);
--- 
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0036-corstone1000-add-signature-device-tree-overlay.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0036-corstone1000-add-signature-device-tree-overlay.patch
new file mode 100644
index 0000000..04193a8
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0036-corstone1000-add-signature-device-tree-overlay.patch
@@ -0,0 +1,31 @@
+From b6e69bd68c1e0171aa2acb78bec54da02defe129 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Wed, 13 Sep 2023 13:20:15 +0100
+Subject: [PATCH 36/38] corstone1000: add signature device tree overlay
+
+Adds signature device tree overlay.
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ arch/arm/dts/corstone1000.dtsi | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/arch/arm/dts/corstone1000.dtsi b/arch/arm/dts/corstone1000.dtsi
+index 1e0ec075e4..077673dd44 100644
+--- a/arch/arm/dts/corstone1000.dtsi
++++ b/arch/arm/dts/corstone1000.dtsi
+@@ -111,6 +111,10 @@
+ 		fwu-mdata-store = <&nvmxip>;
+ 	};
+ 
++	signature {
++		capsule-key = /incbin/("../../../CRT.esl");
++	};
++
+ 	soc {
+ 		compatible = "simple-bus";
+ 		#address-cells = <1>;
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0037-corstone1000-enable-authenticated-capsule-config.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0037-corstone1000-enable-authenticated-capsule-config.patch
new file mode 100644
index 0000000..fe48ab1
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0037-corstone1000-enable-authenticated-capsule-config.patch
@@ -0,0 +1,28 @@
+From 6a4d38a82755a8946ff8b79440550cae8032abed Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Wed, 13 Sep 2023 13:52:02 +0100
+Subject: [PATCH 37/38] corstone1000: enable authenticated capsule config
+
+Enables authenticated capsule update config for corstone1000.
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ configs/corstone1000_defconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
+index 5b0b2ac3bf..2de3f5d7b3 100644
+--- a/configs/corstone1000_defconfig
++++ b/configs/corstone1000_defconfig
+@@ -70,6 +70,7 @@ CONFIG_FWU_MDATA=y
+ CONFIG_FWU_MDATA_GPT_BLK=y
+ CONFIG_SYSRESET=y
+ CONFIG_EFI_CAPSULE_ON_DISK=y
++CONFIG_EFI_CAPSULE_AUTHENTICATE=y
+ CONFIG_EFI_IGNORE_OSINDICATIONS=y
+ CONFIG_FWU_MULTI_BANK_UPDATE=y
+ # CONFIG_TOOLS_MKEFICAPSULE is not set
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0037-corstone1000-purge-U-Boot-specific-DT-nodes.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0037-corstone1000-purge-U-Boot-specific-DT-nodes.patch
deleted file mode 100644
index 2aafadd..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0037-corstone1000-purge-U-Boot-specific-DT-nodes.patch
+++ /dev/null
@@ -1,51 +0,0 @@
-From 1527eef4dd54a425a5a178f09fa9d3d65aa3e30a Mon Sep 17 00:00:00 2001
-From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-Date: Thu, 21 Sep 2023 15:24:34 +0100
-Subject: [PATCH 37/37] corstone1000: purge U-Boot specific DT nodes
-
-Remove U-Boot specific DT nodes before passing the DT to Linux
-
-This is needed to pass SystemReady IR 2.0 dt-schema tests
-
-Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-Upstream-Status: Pending [RFC: https://lore.kernel.org/u-boot/aca7e6fa-2dec-a7c5-e47e-84c5ffa6f9b7@gmx.de/T/#m16d14ee960427cc88066bdcdd76f0a26738bb66d]
----
- board/armltd/corstone1000/corstone1000.c | 15 +++++++++++++++
- 1 file changed, 15 insertions(+)
-
-diff --git a/board/armltd/corstone1000/corstone1000.c b/board/armltd/corstone1000/corstone1000.c
-index 53c65506d5..e3c0e5bf50 100644
---- a/board/armltd/corstone1000/corstone1000.c
-+++ b/board/armltd/corstone1000/corstone1000.c
-@@ -9,6 +9,7 @@
- #include <common.h>
- #include <cpu_func.h>
- #include <dm.h>
-+#include <dt-structs.h>
- #include <env.h>
- #include <fwu.h>
- #include <netdev.h>
-@@ -18,6 +19,20 @@
- #include <asm/armv8/mmu.h>
- #include <asm/global_data.h>
- 
-+/* remove the DT nodes not needed in Linux */
-+DT_NON_COMPLIANT_PURGE_LIST(foo) = {
-+	{ .node_path = "/fwu-mdata" },
-+	{ .node_path = "/nvmxip-qspi@08000000" },
-+	{ .node_path = "/soc/mailbox@1b820000" },
-+	{ .node_path = "/soc/mailbox@1b830000" },
-+	{ .node_path = "/soc/mhu@1b000000" },
-+	{ .node_path = "/soc/mhu@1b010000" },
-+	{ .node_path = "/soc/mhu@1b020000" },
-+	{ .node_path = "/soc/mhu@1b030000" },
-+	{ .node_path = "/soc/client" },
-+	{ .node_path = "/soc/extsys@1A010310" },
-+};
-+
- #define CORSTONE1000_KERNEL_PARTS 2
- #define CORSTONE1000_KERNEL_PRIMARY "kernel_primary"
- #define CORSTONE1000_KERNEL_SECONDARY "kernel_secondary"
--- 
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0038-corstone1000-add-signature-device-tree-overlay.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0038-corstone1000-add-signature-device-tree-overlay.patch
deleted file mode 100644
index 9d8c6a9..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0038-corstone1000-add-signature-device-tree-overlay.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 88cb6f5a91178903d4e306d8653b941f9727987b Mon Sep 17 00:00:00 2001
-From: Emekcan Aras <emekcan.aras@arm.com>
-Date: Wed, 13 Sep 2023 13:20:15 +0100
-Subject: [PATCH] corstone1000: add signature device tree overlay
-
-Adds signature device tree overlay.
-
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Upstream-Status: Pending [Not submitted to upstream yet]
----
- arch/arm/dts/corstone1000.dtsi | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/arch/arm/dts/corstone1000.dtsi b/arch/arm/dts/corstone1000.dtsi
-index 25a032b6b3..1c3ab2c315 100644
---- a/arch/arm/dts/corstone1000.dtsi
-+++ b/arch/arm/dts/corstone1000.dtsi
-@@ -111,6 +111,10 @@
- 		fwu-mdata-store = <&nvmxip>;
- 	};
- 
-+	signature {
-+		capsule-key = /incbin/("../../../CRT.esl");
-+	};
-+
- 	soc {
- 		compatible = "simple-bus";
- 		#address-cells = <1>;
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0038-corstone1000-introduce-EFI-authenticated-capsule-upd.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0038-corstone1000-introduce-EFI-authenticated-capsule-upd.patch
new file mode 100644
index 0000000..6e268d4
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0038-corstone1000-introduce-EFI-authenticated-capsule-upd.patch
@@ -0,0 +1,77 @@
+From 0d1975369f3c483b540818cec8a088ed35116bbb Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Wed, 13 Sep 2023 13:55:08 +0100
+Subject: [PATCH 38/38] corstone1000: introduce EFI authenticated capsule
+ update
+
+Introduces EFI authenticated capsule update for corstone1000. Corstone1000
+implements platform-specific capsule update mechanism in u-bootdue to the SoC
+design. This patch add authenticated capsule update mechanism to the
+platform-specific firmware-update routine.
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Upstream-Status: Inappropriate [Redesign of Capsule update interface is required]
+---
+ lib/efi_loader/efi_capsule.c | 39 ++++++++++++++++++++++++++++++++++++
+ 1 file changed, 39 insertions(+)
+
+diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
+index 6a06605ad9..e1c78d8c1c 100644
+--- a/lib/efi_loader/efi_capsule.c
++++ b/lib/efi_loader/efi_capsule.c
+@@ -820,6 +820,12 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule(
+ 		u64 scatter_gather_list)
+ {
+ 	struct efi_capsule_header *capsule;
++	struct efi_firmware_management_capsule_header *capsule_header;
++	struct efi_firmware_management_capsule_image_header *image;
++	size_t image_binary_size;
++	size_t tmp_capsule_payload_size=0;
++	void *tmp_capsule_payload=NULL;
++	void *image_binary;
+ 	unsigned int i;
+ 	efi_status_t ret;
+ 
+@@ -859,6 +865,39 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule(
+ 			goto out;
+ 		}
+ 
++		capsule_header = (void *)capsule + capsule->header_size;
++		image = (void *)capsule_header + capsule_header->item_offset_list[0];
++		if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE) &&
++			!(image->image_capsule_support &
++			CAPSULE_SUPPORT_AUTHENTICATION)) {
++			/* no signature */
++			log_err("Corstone1000: Capsule authentication flag check failed. Aborting update\n");
++			ret = EFI_SECURITY_VIOLATION;
++			goto out;
++		}
++
++		image_binary = (void *)image + sizeof(*image);
++		image_binary_size = image->update_image_size;
++		if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE) &&
++		    (image->image_capsule_support &
++			CAPSULE_SUPPORT_AUTHENTICATION)){
++			ret = efi_capsule_authenticate(image_binary, image_binary_size,
++						  &tmp_capsule_payload,
++						  &tmp_capsule_payload_size);
++
++			if (ret == EFI_SECURITY_VIOLATION) {
++				log_err("Corstone1000: Capsule authentication check failed. Aborting update\n");
++				goto out;
++			} else if (ret != EFI_SUCCESS) {
++				goto out;
++			}
++
++			log_debug("Corstone1000: Capsule authentication successful\n");
++		} else {
++			log_debug("Corstone1000: Capsule authentication disabled. ");
++			log_debug("Corstone1000: Updating capsule without authenticating.\n");
++		}
++
+ 		/* copy the data to the contiguous buffer */
+ 		efi_memcpy_runtime(corstone1000_capsule_buf, capsule, capsule->capsule_image_size);
+ 
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0039-corstone1000-enable-authenticated-capsule-config.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0039-corstone1000-enable-authenticated-capsule-config.patch
deleted file mode 100644
index 761234e..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0039-corstone1000-enable-authenticated-capsule-config.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 9b884d4f483474b99fcb4850197a1c8dde34147d Mon Sep 17 00:00:00 2001
-From: Emekcan Aras <emekcan.aras@arm.com>
-Date: Wed, 13 Sep 2023 13:52:02 +0100
-Subject: [PATCH] corstone1000: enable authenticated capsule config
-
-Enables authenticated capsule update config for corstone1000.
-
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Upstream-Status: Pending [Not submitted to upstream yet]
----
- configs/corstone1000_defconfig | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
-index 5b0b2ac3bf..2de3f5d7b3 100644
---- a/configs/corstone1000_defconfig
-+++ b/configs/corstone1000_defconfig
-@@ -70,6 +70,7 @@ CONFIG_FWU_MDATA=y
- CONFIG_FWU_MDATA_GPT_BLK=y
- CONFIG_SYSRESET=y
- CONFIG_EFI_CAPSULE_ON_DISK=y
-+CONFIG_EFI_CAPSULE_AUTHENTICATE=y
- CONFIG_EFI_IGNORE_OSINDICATIONS=y
- CONFIG_FWU_MULTI_BANK_UPDATE=y
- # CONFIG_TOOLS_MKEFICAPSULE is not set
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0039-enables-ondisk-capsule-update-feature.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0039-enables-ondisk-capsule-update-feature.patch
new file mode 100644
index 0000000..cd002ac
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0039-enables-ondisk-capsule-update-feature.patch
@@ -0,0 +1,33 @@
+From e5057a10641a7c84186bcbbcd12ee904300ebc53 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Fri, 13 Oct 2023 15:19:32 +0100
+Subject: [PATCH] Enables on-disk capsule update feature
+
+Enables on-disk capsule update feature for corstone1000.
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Upstream-Status: Inappropriate [Redesign of Capsule update interface is required]
+---
+ lib/efi_loader/efi_capsule.c | 5 ++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
+index e1c78d8c1c..63e4c06e58 100644
+--- a/lib/efi_loader/efi_capsule.c
++++ b/lib/efi_loader/efi_capsule.c
+@@ -1499,7 +1499,12 @@ efi_status_t efi_launch_capsules(void)
+			index = 0;
+		ret = efi_capsule_read_file(files[i], &capsule);
+		if (ret == EFI_SUCCESS) {
++			#if IS_ENABLED(CONFIG_TARGET_CORSTONE1000)
++			/* capsule update only supports 1 image and no scatter gather list for corstone1000 */
++			efi_update_capsule(&capsule, 1, 0);
++			#elif
+			ret = efi_capsule_update_firmware(capsule);
++			#endif
+			if (ret != EFI_SUCCESS) {
+				log_err("Applying capsule %ls failed.\n",
+					files[i]);
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0040-corstone1000-introduce-EFI-authenticated-capsule-upd.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0040-corstone1000-introduce-EFI-authenticated-capsule-upd.patch
deleted file mode 100644
index f47dd8c..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0040-corstone1000-introduce-EFI-authenticated-capsule-upd.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From b99a39c662b9be5f940b895efa8016f5567e1c1f Mon Sep 17 00:00:00 2001
-From: Emekcan Aras <emekcan.aras@arm.com>
-Date: Wed, 13 Sep 2023 13:55:08 +0100
-Subject: [PATCH] corstone1000: introduce EFI authenticated capsule update
-
-Introduces EFI authenticated capsule update for corstone1000. Corstone1000
-implements platform-specific capsule update mechanism in u-bootdue to the SoC
-design. This patch add authenticated capsule update mechanism to the
-platform-specific firmware-update routine.
-
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Upstream-Status: Inappropriate [Redesign of Capsule update interface is required]
----
- lib/efi_loader/efi_capsule.c | 39 ++++++++++++++++++++++++++++++++++++
- 1 file changed, 39 insertions(+)
-
-diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
-index 6a06605ad9..30fb7d1dd5 100644
---- a/lib/efi_loader/efi_capsule.c
-+++ b/lib/efi_loader/efi_capsule.c
-@@ -820,6 +820,12 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule(
- 		u64 scatter_gather_list)
- {
- 	struct efi_capsule_header *capsule;
-+	struct efi_firmware_management_capsule_header *capsule_header;
-+	struct efi_firmware_management_capsule_image_header *image;
-+	size_t image_binary_size;
-+	size_t tmp_capsule_payload_size=0;
-+	void *tmp_capsule_payload=NULL;
-+	void *image_binary;
- 	unsigned int i;
- 	efi_status_t ret;
- 
-@@ -859,6 +865,39 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule(
- 			goto out;
- 		}
- 
-+		capsule_header = (void *)capsule + capsule->header_size;
-+		image = (void *)capsule_header + capsule_header->item_offset_list[0];
-+		if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE) &&
-+			!(image->image_capsule_support &
-+			CAPSULE_SUPPORT_AUTHENTICATION)) {
-+			/* no signature */
-+			log_err("Corstone1000: Capsule authentication flag check failed. Aborting update\n");
-+			ret = EFI_SECURITY_VIOLATION;
-+			goto out;
-+		}
-+
-+		image_binary = (void *)image + sizeof(*image);
-+		image_binary_size = image->update_image_size;
-+		if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE) &&
-+		    (image->image_capsule_support &
-+			CAPSULE_SUPPORT_AUTHENTICATION)){
-+			ret = efi_capsule_authenticate(image_binary, image_binary_size,
-+						  &tmp_capsule_payload,
-+						  &tmp_capsule_payload_size);
-+
-+			if (ret == EFI_SECURITY_VIOLATION) {
-+				log_err("Corstone1000: Capsule authentication check failed. Aborting update\n");
-+				goto out;
-+			} else if (ret != EFI_SUCCESS) {
-+				goto out;
-+			}
-+
-+			log_debug("Corstone1000: Capsule authentication successful\n");
-+		} else {
-+			log_debug("Corstone1000: Capsule authentication disabled. ");
-+			log_debug("Corstone1000: Updating capsule without authenticating.\n");
-+		}
-+
- 		/* copy the data to the contiguous buffer */
- 		efi_memcpy_runtime(corstone1000_capsule_buf, capsule, capsule->capsule_image_size);
- 
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0040-fix-runtime-capsule-update-flags-checks.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0040-fix-runtime-capsule-update-flags-checks.patch
new file mode 100644
index 0000000..b1d400d
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0040-fix-runtime-capsule-update-flags-checks.patch
@@ -0,0 +1,56 @@
+From a83aa9e1b8f6e312da82e54614fbca498493c34d Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Thu, 19 Oct 2023 14:56:55 +0100
+Subject: [PATCH] fix runtime capsule update flags checks for corstone1000
+
+Fixes capsule update flags checks in capsule update as these checks are missing
+in the platform-specific capsule-update implementation in corstone1000.
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Upstream-Status: Inappropriate [Redesign of Capsule update interface is required]
+---
+ lib/efi_loader/efi_capsule.c | 28 ++++++++++++++++++++++++++++
+ 1 file changed, 28 insertions(+)
+
+diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
+index 307bcfd73c..34507482b7 100644
+--- a/lib/efi_loader/efi_capsule.c
++++ b/lib/efi_loader/efi_capsule.c
+@@ -854,6 +854,34 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule(
+			continue;
+		}
+
++		/* According to UEFI specs when the flag is CAPSULE_FLAGS_PERSIST_ACROSS_RESET,
++		ScatterGatherList can't be NULL.*/
++		if ((capsule->flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET) &&
++		    scatter_gather_list == 0){
++			ret = EFI_INVALID_PARAMETER;
++			goto out;
++		}
++
++		/*According to UEFI specs a capsule which has the CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE
++		 * flag must have CAPSULE_FLAGS_PERSIST_ACROSS_RESET set in its
++		 * header as well.*/
++		if (capsule->flags & CAPSULE_FLAGS_POPULATE_SYSTEM_TABLE){
++			if(!(capsule->flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET)){
++				ret = EFI_INVALID_PARAMETER;
++				goto out;
++			}
++		}
++
++		/* According to UEFI specs, a capsule which has the CAPSULE_FLAGS_INITIATE_RESET
++		 * Flag must have  CAPSULE_FLAGS_PERSIST_ACROSS_RESET set in its
++		 * header as well.*/
++		if (capsule->flags & CAPSULE_FLAGS_INITIATE_RESET){
++			if(!(capsule->flags & CAPSULE_FLAGS_PERSIST_ACROSS_RESET)){
++				ret = EFI_INVALID_PARAMETER;
++				goto out;
++			}
++		}
++
+		log_debug("Capsule[%d] (guid:%pUs)\n",
+			  i, &capsule->capsule_guid);
+
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0041-scatter-gather-flag-workaround.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0041-scatter-gather-flag-workaround.patch
new file mode 100644
index 0000000..8ce82a7
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0041-scatter-gather-flag-workaround.patch
@@ -0,0 +1,39 @@
+From abc3b43996198012498abe5777cfeedde4538a90 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Mon, 6 Nov 2023 14:52:05 +0000
+Subject: [PATCH] workaround for scatter gather flag check for corstone1000
+
+This workaround passes 1 as scatter_gather_list value to pass the NULL checks
+for scatter_gather_list while CAPSULE_FLAGS_PERSIST_ACROSS_RESET flag is set
+(which is introduced lately to align with UEFI specs). Since these flag checks
+are not implemented in u-boot properly and corstone1000 does not support
+scatter_gather_list during capsule update, this patch will skip the check only
+for on-disk capsule update.
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Upstream-Status: Inappropriate [Redesign of Capsule update interface is required]
+---
+ lib/efi_loader/efi_capsule.c | 7 +++++--
+ 1 file changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
+index a7d70acf2a..efbedce460 100644
+--- a/lib/efi_loader/efi_capsule.c
++++ b/lib/efi_loader/efi_capsule.c
+@@ -1530,8 +1530,11 @@ efi_status_t efi_launch_capsules(void)
+		ret = efi_capsule_read_file(files[i], &capsule);
+		if (ret == EFI_SUCCESS) {
+			#if IS_ENABLED(CONFIG_TARGET_CORSTONE1000)
+-			/* capsule update only supports 1 image and no scatter gather list for corstone1000 */
+-			efi_update_capsule(&capsule, 1, 0);
++			/* capsule update only supports 1 image and use of scatter_gather_list
++			 * is not implemented for corstone1000 passing 1 to pass
++			 * the NULL flag checks. This should will be fixed with
++			 * new capsule update design*/
++			ret = efi_update_capsule(&capsule, 1, 1);
+			#elif
+			ret = efi_capsule_update_firmware(capsule);
+			#endif
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0042-corstone1000-enable-virtio-net-support.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0042-corstone1000-enable-virtio-net-support.patch
new file mode 100644
index 0000000..d94e26a
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0042-corstone1000-enable-virtio-net-support.patch
@@ -0,0 +1,97 @@
+From 2ddd34b6838e836cf94a9da2f65cd01a21252846 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Wed, 15 Nov 2023 16:04:06 +0000
+Subject: [PATCH] corstone1000: enable virtio-net support
+
+Adds virtio-net support in corstone1000-fvp.
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ arch/arm/dts/corstone1000-fvp.dts        |  6 ++++++
+ board/armltd/corstone1000/corstone1000.c | 24 +++++++++++++++++++++++-
+ configs/corstone1000_defconfig           |  2 ++
+ 3 files changed, 31 insertions(+), 1 deletion(-)
+
+diff --git a/arch/arm/dts/corstone1000-fvp.dts b/arch/arm/dts/corstone1000-fvp.dts
+index 26b0f1b3ce..8e54a40113 100644
+--- a/arch/arm/dts/corstone1000-fvp.dts
++++ b/arch/arm/dts/corstone1000-fvp.dts
+@@ -21,6 +21,12 @@
+ 		reg-io-width = <2>;
+ 	};
+ 
++	virtio: virtio-net@40400000 {
++		compatible = "virtio,mmio";
++		reg = <0x40400000 0x10000>;
++		interrupts = <145>;
++	};
++
+ 	vmmc_v3_3d: fixed_v3_3d {
+ 		compatible = "regulator-fixed";
+ 		regulator-name = "vmmc_supply";
+diff --git a/board/armltd/corstone1000/corstone1000.c b/board/armltd/corstone1000/corstone1000.c
+index e3c0e5bf50..ef74dc9032 100644
+--- a/board/armltd/corstone1000/corstone1000.c
++++ b/board/armltd/corstone1000/corstone1000.c
+@@ -18,6 +18,7 @@
+ #include <dm/platform_data/serial_pl01x.h>
+ #include <asm/armv8/mmu.h>
+ #include <asm/global_data.h>
++#include <generated/dt.h>
+ 
+ /* remove the DT nodes not needed in Linux */
+ DT_NON_COMPLIANT_PURGE_LIST(foo) = {
+@@ -101,6 +102,14 @@ static struct mm_region corstone1000_mem_map[] = {
+ 		.size = 0x80000000UL,
+ 		.attrs = PTE_BLOCK_MEMTYPE(MT_NORMAL) |
+ 			PTE_BLOCK_INNER_SHARE
++	}, {
++		/* ethernet */
++		.virt = 0x40400000UL,
++			.phys = 0x40400000UL,
++			.size = 0x00100000UL,
++			.attrs = PTE_BLOCK_MEMTYPE(MT_DEVICE_NGNRNE) |
++				PTE_BLOCK_NON_SHARE |
++				PTE_BLOCK_PXN | PTE_BLOCK_UXN
+ 	}, {
+ 		/* List terminator */
+ 		0,
+@@ -150,10 +159,23 @@ void fwu_plat_get_bootidx(uint *boot_idx)
+ int board_late_init(void)
+ {
+ 	struct disk_partition part_info;
+-	struct udevice *dev, *bdev;
++	struct udevice *dev, *bdev,*virtio_bus, *virtio_child;;
+ 	struct nvmxip_plat *plat;
+ 	struct blk_desc *desc;
+ 	int ret;
++	const char *cmp_dtb = DEVICE_TREE;
++
++	if (!strcmp(cmp_dtb, "corstone1000-fvp")) {
++		ret = uclass_first_device_err(UCLASS_VIRTIO, &virtio_bus);
++		if (!virtio_bus){
++			log_err("Cannot find virtio device\n");
++			return ret;
++		}
++		while (virtio_bus) {
++			device_foreach_child_probe(virtio_child, virtio_bus);
++			uclass_next_device(&virtio_bus);
++		}
++	}
+ 
+ 	ret = uclass_first_device_err(UCLASS_NVMXIP, &dev);
+ 	if (ret < 0) {
+diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
+index 2de3f5d7b3..8770b474e2 100644
+--- a/configs/corstone1000_defconfig
++++ b/configs/corstone1000_defconfig
+@@ -78,3 +78,5 @@ CONFIG_DM_GPIO=y
+ CONFIG_SYSRESET_PSCI=y
+ CONFIG_EFI_SET_TIME=y
+ CONFIG_EFI_GET_TIME=y
++CONFIG_VIRTIO_NET=y
++CONFIG_VIRTIO_MMIO=y
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/0001-Revert-vexpress64-pick-DRAM-size-from-DT.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/0001-Revert-vexpress64-pick-DRAM-size-from-DT.patch
deleted file mode 100644
index d551622..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/0001-Revert-vexpress64-pick-DRAM-size-from-DT.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 4f649e0a3e0f9ed1f0d6efdff5b14cdc40d84201 Mon Sep 17 00:00:00 2001
-From: Jon Mason <jon.mason@arm.com
-Date: Thu, 2 Mar 2023 15:22:08 +0000
-Subject: [PATCH] Revert "vexpress64: pick DRAM size from DT"
-
-This reverts commit 1a1143a45457161e90ea4cd5f3b0561d924ed8fe.
-
-DRAM is determined via dtb in recent versions.  Since fvp isn't
-reading and specifying a dtb, this fails and hangs u-boot.  Remove this
-and go back to the way things were.
-
-Signed-off-by: Jon Mason <jon.mason@arm.com>
-Upstream-Status: Inappropriate
----
- board/armltd/vexpress64/vexpress64.c | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)
-
-diff --git a/board/armltd/vexpress64/vexpress64.c b/board/armltd/vexpress64/vexpress64.c
-index af326dc6f453..e8ce88b22c5a 100644
---- a/board/armltd/vexpress64/vexpress64.c
-+++ b/board/armltd/vexpress64/vexpress64.c
-@@ -88,12 +88,20 @@ int board_init(void)
- 
- int dram_init(void)
- {
--	return fdtdec_setup_mem_size_base();
-+	gd->ram_size = PHYS_SDRAM_1_SIZE;
-+	return 0;
- }
- 
- int dram_init_banksize(void)
- {
--	return fdtdec_setup_memory_banksize();
-+	gd->bd->bi_dram[0].start = PHYS_SDRAM_1;
-+	gd->bd->bi_dram[0].size = PHYS_SDRAM_1_SIZE;
-+#ifdef PHYS_SDRAM_2
-+	gd->bd->bi_dram[1].start = PHYS_SDRAM_2;
-+	gd->bd->bi_dram[1].size = PHYS_SDRAM_2_SIZE;
-+#endif
-+
-+	return 0;
- }
- 
- /* Assigned in lowlevel_init.S
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/0001-virtio-rng-Workaround-for-FVP-returning-zero-size-bu.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/0001-virtio-rng-Workaround-for-FVP-returning-zero-size-bu.patch
new file mode 100644
index 0000000..689361d
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/0001-virtio-rng-Workaround-for-FVP-returning-zero-size-bu.patch
@@ -0,0 +1,49 @@
+From 3ab73b453016d91b9f942a7c12173854135530a4 Mon Sep 17 00:00:00 2001
+From: Peter Hoyes <Peter.Hoyes@arm.com>
+Date: Wed, 23 Aug 2023 21:17:17 +0100
+Subject: [PATCH] virtio: rng: Workaround for FVP returning zero-size buffer
+
+The FVP virtio-rng device is observed to always 8 fewer bytes of random
+data than requested. When 8 of fewer bytes are requested, the FVP
+returns 0 bytes. This causes U-Boot to hang upon attempting to fill the
+last 8 bytes of the input buffer.
+
+The virtio spec states than entropy devices must always return at least
+1 byte of random data.
+
+To workaround this, always request exactly 16 bytes from the virtio
+device, discarding any unused data.
+
+Upstream-Status: Inappropriate [Temporary workaround]
+Signed-off-by: Peter Hoyes <Peter.Hoyes@arm.com>
+---
+ drivers/virtio/virtio_rng.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/virtio/virtio_rng.c b/drivers/virtio/virtio_rng.c
+index b85545c2ee5..1e4fc342406 100644
+--- a/drivers/virtio/virtio_rng.c
++++ b/drivers/virtio/virtio_rng.c
+@@ -29,7 +29,7 @@ static int virtio_rng_read(struct udevice *dev, void *data, size_t len)
+
+ 	while (len) {
+ 		sg.addr = buf;
+-		sg.length = min(len, sizeof(buf));
++		sg.length = sizeof(buf);
+ 		sgs[0] = &sg;
+
+ 		ret = virtqueue_add(priv->rng_vq, sgs, 0, 1);
+@@ -44,8 +44,8 @@ static int virtio_rng_read(struct udevice *dev, void *data, size_t len)
+ 		if (rsize > sg.length)
+ 			return -EIO;
+
+-		memcpy(ptr, buf, rsize);
+-		len -= rsize;
++		memcpy(ptr, buf, min(len, (size_t)rsize));
++		len -= min(len, (size_t)rsize);
+ 		ptr += rsize;
+ 	}
+
+--
+2.34.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/0002-vexpress64-Set-the-DM_RNG-property.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/0002-vexpress64-Set-the-DM_RNG-property.patch
new file mode 100644
index 0000000..2f99eaf
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/0002-vexpress64-Set-the-DM_RNG-property.patch
@@ -0,0 +1,31 @@
+From 9a28caf05b8345cd19276cf7a840599bd9e37749 Mon Sep 17 00:00:00 2001
+From: Debbie Martin <Debbie.Martin@arm.com>
+Date: Fri, 25 Aug 2023 15:09:33 +0100
+Subject: [PATCH] vexpress64: Set the DM_RNG property
+
+Enable the DM_RNG virtio random number generator driver in
+in order to consume entropy within u-boot. This is necessary
+in the case that the kernel is not configured to enable the
+virtio rng driver itself.
+
+Upstream-Status: Pending
+Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
+---
+ board/armltd/vexpress64/Kconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/board/armltd/vexpress64/Kconfig b/board/armltd/vexpress64/Kconfig
+index cf998096e4..7ae5055f59 100644
+--- a/board/armltd/vexpress64/Kconfig
++++ b/board/armltd/vexpress64/Kconfig
+@@ -21,6 +21,7 @@ config VEXPRESS64_BASE_MODEL
+ 	imply EFI_SET_TIME if DM_RTC
+ 	select LINUX_KERNEL_IMAGE_HEADER
+ 	select POSITION_INDEPENDENT
++	imply DM_RNG
+
+ choice
+ 	prompt "VExpress64 board variant"
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/0003-vexpress64-Select-PSCI-RESET-by-default.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/0003-vexpress64-Select-PSCI-RESET-by-default.patch
new file mode 100644
index 0000000..9d9a5bd
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/0003-vexpress64-Select-PSCI-RESET-by-default.patch
@@ -0,0 +1,52 @@
+From 43881e2e9dd165a65791927b1455f4b6c8727f4c Mon Sep 17 00:00:00 2001
+Message-Id: <43881e2e9dd165a65791927b1455f4b6c8727f4c.1696397516.git.diego.sueiro@arm.com>
+In-Reply-To: <98035c418c3df58817ab678037599303842ee931.1696397516.git.diego.sueiro@arm.com>
+References: <98035c418c3df58817ab678037599303842ee931.1696397516.git.diego.sueiro@arm.com>
+From: Diego Sueiro <diego.sueiro@arm.com>
+Date: Wed, 4 Oct 2023 06:31:50 +0100
+Subject: [PATCH 2/2] vexpress64: Select PSCI RESET by default
+
+Set SYSRESET and SYSRESET_PSCI config for vexpress64 by 
+by default. This means that the reset_cpu function in
+vexpress64.c is no longer needed because it is called in
+sysreset-uclass.c instead.
+
+Upstream-Status: Pending
+Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
+---
+ board/armltd/vexpress64/Kconfig      | 2 ++
+ board/armltd/vexpress64/vexpress64.c | 5 -----
+ 2 files changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/board/armltd/vexpress64/Kconfig b/board/armltd/vexpress64/Kconfig
+index 0d161740fb..0c2e5f8759 100644
+--- a/board/armltd/vexpress64/Kconfig
++++ b/board/armltd/vexpress64/Kconfig
+@@ -31,6 +31,8 @@ config TARGET_VEXPRESS64_BASE_FVP
+ 	bool "Support Versatile Express ARMv8a FVP BASE model"
+ 	select VEXPRESS64_BASE_MODEL
+ 	imply OF_HAS_PRIOR_STAGE
++	select SYSRESET
++	select SYSRESET_PSCI
+ 
+ config TARGET_VEXPRESS64_BASER_FVP
+ 	bool "Support Versatile Express ARMv8r64 FVP BASE model"
+diff --git a/board/armltd/vexpress64/vexpress64.c b/board/armltd/vexpress64/vexpress64.c
+index ee65a59683..f73de56464 100644
+--- a/board/armltd/vexpress64/vexpress64.c
++++ b/board/armltd/vexpress64/vexpress64.c
+@@ -207,11 +207,6 @@ void *board_fdt_blob_setup(int *err)
+ }
+ #endif
+ 
+-/* Actual reset is done via PSCI. */
+-void reset_cpu(void)
+-{
+-}
+-
+ /*
+  * Board specific ethernet initialization routine.
+  */
+-- 
+2.39.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/0004-vexpress64-Imply-CONFIG_ARM64_CRC32-by-default.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/0004-vexpress64-Imply-CONFIG_ARM64_CRC32-by-default.patch
new file mode 100644
index 0000000..3d10994
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/0004-vexpress64-Imply-CONFIG_ARM64_CRC32-by-default.patch
@@ -0,0 +1,31 @@
+From 98035c418c3df58817ab678037599303842ee931 Mon Sep 17 00:00:00 2001
+Message-Id: <98035c418c3df58817ab678037599303842ee931.1696397516.git.diego.sueiro@arm.com>
+From: Diego Sueiro <diego.sueiro@arm.com>
+Date: Wed, 4 Oct 2023 06:29:12 +0100
+Subject: [PATCH 1/2] vexpress64: Imply CONFIG_ARM64_CRC32 by default
+
+Enable the Arm64 CRC-32 instruction by default for 
+vexpress64. The CRC-32 instruction is a required 
+feature of ARMv8.1 and newer. 
+
+Upstream-Status: Pending
+Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
+---
+ board/armltd/vexpress64/Kconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/board/armltd/vexpress64/Kconfig b/board/armltd/vexpress64/Kconfig
+index 7ae5055f59..0d161740fb 100644
+--- a/board/armltd/vexpress64/Kconfig
++++ b/board/armltd/vexpress64/Kconfig
+@@ -22,6 +22,7 @@ config VEXPRESS64_BASE_MODEL
+ 	select LINUX_KERNEL_IMAGE_HEADER
+ 	select POSITION_INDEPENDENT
+ 	imply DM_RNG
++	imply ARM64_CRC32
+ 
+ choice
+ 	prompt "VExpress64 board variant"
+-- 
+2.39.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/bootargs.cfg b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/bootargs.cfg
deleted file mode 100644
index 13f4cb4..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/fvp-base/bootargs.cfg
+++ /dev/null
@@ -1,4 +0,0 @@
-CONFIG_BOOTARGS="console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda1 rw rootwait"
-CONFIG_BOOTCOMMAND="booti $kernel_addr_r - $fdt_addr_r"
-# Our FVP support CRC instructions
-CONFIG_ARM64_CRC32=y
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
index c2916a5..11f332a 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
@@ -1,83 +1,10 @@
 FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
 
-#
-# Corstone1000 64-bit machines
-#
-DEPENDS:append:corstone1000 = " gnutls-native openssl-native efitools-native"
-CORSTONE1000_DEVICE_TREE:corstone1000-mps3 = "corstone1000-mps3"
-CORSTONE1000_DEVICE_TREE:corstone1000-fvp = "corstone1000-fvp"
-EXTRA_OEMAKE:append:corstone1000 = ' DEVICE_TREE=${CORSTONE1000_DEVICE_TREE}'
+MACHINE_U-BOOT_REQUIRE ?= ""
+MACHINE_U-BOOT_REQUIRE:corstone1000 = "u-boot-corstone1000.inc"
+MACHINE_U-BOOT_REQUIRE:fvp-base = "u-boot-fvp-base.inc"
+MACHINE_U-BOOT_REQUIRE:juno = "u-boot-juno.inc"
+MACHINE_U-BOOT_REQUIRE:tc = "u-boot-tc.inc"
 
-SYSROOT_DIRS:append:corstone1000 = " /boot"
+require ${MACHINE_U-BOOT_REQUIRE}
 
-SRC_URI:append:corstone1000 = " \
-        file://0001-FF-A-v15-arm64-smccc-add-support-for-SMCCCv1.2-x0-x1.patch    \
-        file://0002-FF-A-v15-lib-uuid-introduce-uuid_str_to_le_bin-funct.patch	  \
-        file://0003-FF-A-v15-lib-uuid-introduce-testcase-for-uuid_str_to.patch	  \
-	file://0004-FF-A-v15-arm_ffa-introduce-Arm-FF-A-support.patch		  \
-	file://0005-FF-A-v15-arm_ffa-introduce-armffa-command.patch		  \
-	file://0006-FF-A-v15-arm_ffa-introduce-sandbox-FF-A-support.patch	  \
-        file://0007-FF-A-v15-arm_ffa-introduce-sandbox-test-cases-for-UC.patch	  \
-        file://0008-FF-A-v15-arm_ffa-introduce-armffa-command-Sandbox-te.patch	  \
-	file://0009-FF-A-v15-arm_ffa-efi-introduce-FF-A-MM-communication.patch	  \
-	file://0010-FF-A-v15-arm_ffa-efi-corstone1000-enable-MM-communic.patch	  \
-	file://0011-efi-corstone1000-fwu-introduce-EFI-capsule-update.patch	  \
-	file://0012-arm-corstone1000-fix-unrecognized-filesystem-type.patch	  \
-	file://0013-efi_loader-corstone1000-remove-guid-check-from-corst.patch	  \
-	file://0014-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch	  \
-	file://0015-efi_firmware-add-get_image_info-for-corstone1000.patch	  \
-	file://0016-efi_loader-fix-null-pointer-exception-with-get_image.patch	  \
-	file://0017-arm-corstone1000-add-mmc-for-fvp.patch			  \
-	file://0018-corstone1000-add-compressed-kernel-support.patch		  \
-	file://0019-Introduce-external-sys-driver-to-device-tree.patch		  \
-	file://0020-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch	  \
-	file://0021-arm-corstone1000-esrt-support.patch			  \
-	file://0022-corstone1000-enable-distro-booting-command.patch		  \
-	file://0023-corstone1000-add-fwu-metadata-store-info.patch		  \
-	file://0024-fwu_metadata-make-sure-structures-are-packed.patch		  \
-	file://0025-corstone1000-add-boot-index.patch				  \
-	file://0026-corstone1000-adjust-boot-bank-and-kernel-location.patch	  \
-	file://0027-corstone1000-add-nvmxip-fwu-mdata-and-gpt-options.patch	  \
-	file://0028-nvmxip-move-header-to-include.patch			  \
-	file://0029-corstone1000-set-kernel_addr-based-on-boot_idx.patch	  \
-	file://0030-corstone1000-boot-index-from-active.patch			  \
-	file://0031-corstone1000-enable-PSCI-reset.patch			  \
-	file://0032-Enable-EFI-set-get-time-services.patch			  \
-	file://0033-corstone1000-detect-inflated-kernel-size.patch			  \
-	file://0034-corstone1000-ESRT-add-unique-firmware-GUID.patch		\
-	file://0035-dt-Provide-a-way-to-remove-non-compliant-nodes-and-p.patch \
-	file://0036-bootefi-Call-the-EVT_FT_FIXUP-event-handler.patch \
-	file://0037-corstone1000-purge-U-Boot-specific-DT-nodes.patch \
-	file://0038-corstone1000-add-signature-device-tree-overlay.patch	  \
-	file://0039-corstone1000-enable-authenticated-capsule-config.patch	  \
-	file://0040-corstone1000-introduce-EFI-authenticated-capsule-upd.patch	  \
-        "
-
-do_configure:append:corstone1000(){
-    openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=CRT/ -keyout ${B}/CRT.key -out ${B}/CRT.crt -nodes -days 365
-    cert-to-efi-sig-list ${B}/CRT.crt ${B}/corstone1000_defconfig/CRT.esl
-}
-
-do_install:append:corstone1000() {
-   install -D -p -m 0644 ${B}/CRT.crt ${DEPLOY_DIR_IMAGE}/corstone1000_capsule_cert.crt
-   install -D -p -m 0644 ${B}/CRT.key ${DEPLOY_DIR_IMAGE}/corstone1000_capsule_key.key
-}
-
-#
-# FVP BASE
-#
-SRC_URI:append:fvp-base = " file://bootargs.cfg \
-	file://0001-Revert-vexpress64-pick-DRAM-size-from-DT.patch \
-	"
-#
-# Juno Machines
-#
-SRC_URI:append:juno = " file://0001-configs-vexpress-modify-to-boot-compressed-initramfs.patch"
-
-
-#
-# TC0 and TC1 MACHINES
-#
-SRC_URI:append:tc = " \
-        file://bootargs.cfg \
-        "
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2023.01.bb b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2023.01.bb
deleted file mode 100644
index 2dd5e04..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2023.01.bb
+++ /dev/null
@@ -1,4 +0,0 @@
-require recipes-bsp/u-boot/u-boot-common.inc
-require recipes-bsp/u-boot/u-boot.inc
-
-SRCREV = "62e2ad1ceafbfdf2c44d3dc1b6efc81e768a96b9"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-n1sdp.inc
index fcdedf8..f03e4e5 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-n1sdp.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-n1sdp.inc
@@ -21,6 +21,7 @@
     file://0006-Platform-ARM-N1Sdp-Persistent-storage-for-N1Sdp.patch;patchdir=edk2-platforms \
     file://0007-Platform-ARM-N1Sdp-Enable-FaultTolerantWrite-Dxe-dri.patch;patchdir=edk2-platforms \
     file://0008-Platform-ARM-N1Sdp-manually-poll-QSPI-status-bit-aft.patch;patchdir=edk2-platforms \
+    file://0009-Platform-ARM-N1Sdp-Reserve-OP-TEE-Region-from-UEFI.patch;patchdir=edk2-platforms \
 "
 
 do_deploy:append() {
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_202211.bb b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_202211.bb
deleted file mode 100644
index 378f585..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware_202211.bb
+++ /dev/null
@@ -1,4 +0,0 @@
-SRCREV_edk2           ?= "fff6d81270b57ee786ea18ad74f43149b9f03494"
-SRCREV_edk2-platforms ?= "982212662c71b6c734b7578526071d6b78da3bcc"
-
-require recipes-bsp/uefi/edk2-firmware.inc
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0009-Platform-ARM-N1Sdp-Reserve-OP-TEE-Region-from-UEFI.patch b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0009-Platform-ARM-N1Sdp-Reserve-OP-TEE-Region-from-UEFI.patch
new file mode 100644
index 0000000..00c85eb
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/n1sdp/0009-Platform-ARM-N1Sdp-Reserve-OP-TEE-Region-from-UEFI.patch
@@ -0,0 +1,65 @@
+From 235fabb2269a86e016bab2886b9129c77f0fea71 Wed Oct 11 16:18:22 2023
+From: Mariam Elshakfy <mariam.elshakfy@arm.com>
+Date: Wed Oct 11 16:18:22 2023 +0000
+
+Subject: [PATCH] Platform/ARM/N1Sdp: Reserve OP-TEE Region from UEFI
+
+To enable cache on N1SDP, OP-TEE has to be moved
+to run from DDR4 memory. Since this memory is
+known to application side, it must be reserved
+
+Upstream-Status: Pending (not yet submitted to upstream)
+Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
+
+diff --git a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.inf b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.inf
+index 78f309c3aa..dc82d5bd87 100644
+--- a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.inf
++++ b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.inf
+@@ -62,6 +62,9 @@
+ 

+   gEfiMdePkgTokenSpaceGuid.PcdPciExpressBaseAddress

+ 

++  gArmNeoverseN1SocTokenSpaceGuid.PcdOpteeMemoryBase

++  gArmNeoverseN1SocTokenSpaceGuid.PcdOpteeMemorySize

++

+ [Guids]

+   gArmNeoverseN1SocPlatformInfoDescriptorGuid

+   gEfiHobListGuid          ## CONSUMES  ## SystemTable

+diff --git a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c
+index 8bb9407490..d8ad0f975c 100644
+--- a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c
++++ b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c
+@@ -150,6 +150,19 @@ ArmPlatformGetVirtualMemoryMap (
+     EFI_RESOURCE_ATTRIBUTE_WRITE_BACK_CACHEABLE |

+     EFI_RESOURCE_ATTRIBUTE_TESTED;

+ 

++  // Reserved OP-TEE region

++  BuildResourceDescriptorHob (

++      EFI_RESOURCE_SYSTEM_MEMORY,

++      ResourceAttributes,

++      PcdGet64 (PcdOpteeMemoryBase),

++      PcdGet64 (PcdOpteeMemorySize)

++    );

++  BuildMemoryAllocationHob (

++    PcdGet64 (PcdOpteeMemoryBase),

++    PcdGet64 (PcdOpteeMemorySize),

++    EfiReservedMemoryType

++  );

++

+   BuildResourceDescriptorHob (

+     EFI_RESOURCE_SYSTEM_MEMORY,

+     ResourceAttributes,

+diff --git a/Silicon/ARM/NeoverseN1Soc/NeoverseN1Soc.dec b/Silicon/ARM/NeoverseN1Soc/NeoverseN1Soc.dec
+index 9e257ebde0..b400b94fd5 100644
+--- a/Silicon/ARM/NeoverseN1Soc/NeoverseN1Soc.dec
++++ b/Silicon/ARM/NeoverseN1Soc/NeoverseN1Soc.dec
+@@ -86,5 +86,9 @@
+   gArmNeoverseN1SocTokenSpaceGuid.PcdRemotePcieMmio64Translation|0x40000000000|UINT64|0x00000050

+   gArmNeoverseN1SocTokenSpaceGuid.PcdRemotePcieSegmentNumber|2|UINT32|0x00000051

+ 

++  # Base Address of OP-TEE

++  gArmNeoverseN1SocTokenSpaceGuid.PcdOpteeMemoryBase|0xDE000000|UINT64|0x00000052

++  gArmNeoverseN1SocTokenSpaceGuid.PcdOpteeMemorySize|0x02000000|UINT64|0x00000053

++

+ [Ppis]

+   gNtFwConfigDtInfoPpiGuid =  { 0xb50dee0e, 0x577f, 0x47fb, { 0x83, 0xd0, 0x41, 0x78, 0x61, 0x8b, 0x33, 0x8a } }

diff --git a/meta-arm/meta-arm/recipes-kernel/linux/files/aarch64/0001-arm64-defconfig-remove-CONFIG_COMMON_CLK_NPCM8XX-y.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/aarch64/0001-arm64-defconfig-remove-CONFIG_COMMON_CLK_NPCM8XX-y.patch
similarity index 100%
rename from meta-arm/meta-arm/recipes-kernel/linux/files/aarch64/0001-arm64-defconfig-remove-CONFIG_COMMON_CLK_NPCM8XX-y.patch
rename to meta-arm/meta-arm-bsp/recipes-kernel/linux/files/aarch64/0001-arm64-defconfig-remove-CONFIG_COMMON_CLK_NPCM8XX-y.patch
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0002-Add-external-system-driver.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0002-Add-external-system-driver.patch
deleted file mode 100644
index d8d9488..0000000
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0002-Add-external-system-driver.patch
+++ /dev/null
@@ -1,220 +0,0 @@
-From 9eac502eacd36a4975ec34a3f076594fa4364032 Mon Sep 17 00:00:00 2001
-From: Emekcan <emekcan.aras@arm.com>
-Date: Fri, 19 Aug 2022 14:51:08 +0100
-Subject: [PATCH] Add external system driver
-
-Adds external system driver to control it
-from user-space. It provides run and reset
-functionality at the moment.
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- drivers/misc/Kconfig           |   1 +
- drivers/misc/Makefile          |   1 +
- drivers/misc/arm/Kconfig       |   5 ++
- drivers/misc/arm/Makefile      |   1 +
- drivers/misc/arm/extsys_ctrl.c | 151 +++++++++++++++++++++++++++++++++
- 5 files changed, 159 insertions(+)
- create mode 100644 drivers/misc/arm/Kconfig
- create mode 100644 drivers/misc/arm/Makefile
- create mode 100644 drivers/misc/arm/extsys_ctrl.c
-
-diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig
-index 433aa4197785..912986abc46c 100644
---- a/drivers/misc/Kconfig
-+++ b/drivers/misc/Kconfig
-@@ -555,4 +555,5 @@ source "drivers/misc/cardreader/Kconfig"
- source "drivers/misc/uacce/Kconfig"
- source "drivers/misc/pvpanic/Kconfig"
- source "drivers/misc/mchp_pci1xxxx/Kconfig"
-+source "drivers/misc/arm/Kconfig"
- endmenu
-diff --git a/drivers/misc/Makefile b/drivers/misc/Makefile
-index 56de43943cd5..22e6561b8192 100644
---- a/drivers/misc/Makefile
-+++ b/drivers/misc/Makefile
-@@ -63,5 +63,6 @@ obj-$(CONFIG_HI6421V600_IRQ)	+= hi6421v600-irq.o
- obj-$(CONFIG_OPEN_DICE)		+= open-dice.o
- obj-$(CONFIG_GP_PCI1XXXX)	+= mchp_pci1xxxx/
- obj-$(CONFIG_VCPU_STALL_DETECTOR)	+= vcpu_stall_detector.o
-+obj-y				+= arm/
- obj-$(CONFIG_TMR_MANAGER)      += xilinx_tmr_manager.o
- obj-$(CONFIG_TMR_INJECT)	+= xilinx_tmr_inject.o
-diff --git a/drivers/misc/arm/Kconfig b/drivers/misc/arm/Kconfig
-new file mode 100644
-index 000000000000..9f1eb284e530
---- /dev/null
-+++ b/drivers/misc/arm/Kconfig
-@@ -0,0 +1,5 @@
-+config EXTSYS_CTRL
-+	tristate "Arm External System control driver"
-+	help
-+	  Say y here to enable support for external system control
-+	  driver for the Arm Corstone-700 and Corstone1000 platform
-\ No newline at end of file
-diff --git a/drivers/misc/arm/Makefile b/drivers/misc/arm/Makefile
-new file mode 100644
-index 000000000000..1ca3084cf8a0
---- /dev/null
-+++ b/drivers/misc/arm/Makefile
-@@ -0,0 +1 @@
-+obj-$(CONFIG_EXTSYS_CTRL)	+= extsys_ctrl.o
-diff --git a/drivers/misc/arm/extsys_ctrl.c b/drivers/misc/arm/extsys_ctrl.c
-new file mode 100644
-index 000000000000..7929070ff43d
---- /dev/null
-+++ b/drivers/misc/arm/extsys_ctrl.c
-@@ -0,0 +1,151 @@
-+// SPDX-License-Identifier: GPL-2.0
-+/*
-+ * Arm Corstone700 and Corstone1000 external system reset control driver
-+ *
-+ * Copyright (C) 2019 Arm Ltd.
-+ *
-+ */
-+
-+#include <linux/fs.h>
-+#include <linux/clk.h>
-+#include <linux/err.h>
-+#include <linux/interrupt.h>
-+#include <linux/io.h>
-+#include <linux/kernel.h>
-+#include <linux/mod_devicetable.h>
-+#include <linux/module.h>
-+#include <linux/platform_device.h>
-+#include <linux/miscdevice.h>
-+#include <linux/init.h>
-+
-+#define EXTSYS_DRV_NAME		"extsys_ctrl"
-+#define EXTSYS_MAX_DEVS		 4
-+
-+#define EXTSYS_RST_SIZE		U(0x8)
-+#define EXTSYS_RST_CTRL_OFF	U(0x0)
-+#define EXTSYS_RST_ST_OFF	U(0x4)
-+
-+/* External system reset control indexes */
-+#define EXTSYS_CPU_WAIT		(0x0)
-+#define EXTSYS_RST_REQ		(0x1)
-+
-+/* External system reset status masks */
-+#define EXTSYS_RST_ST_ACK_OFF	U(0x1)
-+
-+/* No Reset Requested */
-+#define EXTSYS_RST_ST_ACK_NRR	(0x0 << EXTSYS_RST_ST_ACK_OFF)
-+
-+/* Reset Request Complete */
-+#define EXTSYS_RST_ST_ACK_RRC	(0x2 << EXTSYS_RST_ST_ACK_OFF)
-+
-+/* Reset Request Unable to Complete */
-+#define EXTSYS_RST_ST_ACK_RRUC	(0x3 << EXTSYS_RST_ST_ACK_OFF)
-+
-+/* IOCTL commands */
-+#define EXTSYS_CPU_WAIT_DISABLE	0x0
-+#define EXTSYS_RESET_REQ_ENABLE	0x1
-+
-+struct extsys_ctrl {
-+	struct miscdevice miscdev;
-+	void __iomem *reset_reg;
-+	void __iomem *set_reg;
-+};
-+
-+#define CLEAR_BIT(addr, index) writel(readl(addr) & ~(1UL << index), addr)
-+#define SET_BIT(addr, index) writel(readl(addr) | (1UL << index), addr)
-+
-+static long extsys_ctrl_ioctl(struct file *f, unsigned int cmd,
-+			      unsigned long arg)
-+{
-+	struct extsys_ctrl *extsys;
-+
-+	extsys = container_of(f->private_data, struct extsys_ctrl, miscdev);
-+
-+	switch (cmd) {
-+	case EXTSYS_CPU_WAIT_DISABLE:
-+		CLEAR_BIT(extsys->reset_reg, EXTSYS_CPU_WAIT);
-+		break;
-+	case EXTSYS_RESET_REQ_ENABLE:
-+		SET_BIT(extsys->reset_reg, EXTSYS_RST_REQ);
-+		break;
-+	default:
-+		break;
-+	}
-+
-+	return 0;
-+}
-+
-+static const struct file_operations extsys_ctrl_fops = {
-+	.owner = THIS_MODULE,
-+	.unlocked_ioctl = extsys_ctrl_ioctl,
-+};
-+
-+static int extsys_ctrl_probe(struct platform_device *pdev)
-+{
-+	struct device *dev = &pdev->dev;
-+	struct extsys_ctrl *extsys;
-+	struct resource *res;
-+	void __iomem *reset_reg;
-+	void __iomem *set_reg;
-+	int ret;
-+
-+	res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "rstreg");
-+	reset_reg = devm_ioremap_resource(dev, res);
-+	if (IS_ERR(reset_reg))
-+		return PTR_ERR(reset_reg);
-+
-+	res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "streg");
-+	set_reg = devm_ioremap_resource(dev, res);
-+	if (IS_ERR(set_reg))
-+		return PTR_ERR(set_reg);
-+
-+	extsys = devm_kzalloc(dev, sizeof(*extsys), GFP_KERNEL);
-+	if (!extsys)
-+		return -ENOMEM;
-+
-+	extsys->reset_reg = reset_reg;
-+	extsys->set_reg = set_reg;
-+
-+	extsys->miscdev.minor = MISC_DYNAMIC_MINOR;
-+	extsys->miscdev.name = EXTSYS_DRV_NAME;
-+	extsys->miscdev.fops = &extsys_ctrl_fops;
-+	extsys->miscdev.parent = dev;
-+
-+	ret = misc_register(&extsys->miscdev);
-+	if (ret)
-+		return ret;
-+
-+	dev_info(dev, "external system controller ready\n");
-+
-+	return 0;
-+}
-+
-+static int extsys_ctrl_remove(struct platform_device *pdev)
-+{
-+	struct extsys_ctrl *extsys = dev_get_drvdata(&pdev->dev);
-+
-+	misc_deregister(&extsys->miscdev);
-+
-+	return 0;
-+}
-+
-+static const struct of_device_id extsys_ctrl_match[] = {
-+	{ .compatible = "arm,extsys_ctrl" },
-+	{ },
-+};
-+MODULE_DEVICE_TABLE(of, extsys_ctrl_match);
-+
-+static struct platform_driver extsys_ctrl_driver = {
-+	.driver = {
-+		.name = EXTSYS_DRV_NAME,
-+		.of_match_table = extsys_ctrl_match,
-+	},
-+	.probe = extsys_ctrl_probe,
-+	.remove = extsys_ctrl_remove,
-+};
-+module_platform_driver(extsys_ctrl_driver);
-+
-+MODULE_LICENSE("GPL v2");
-+MODULE_DESCRIPTION("Arm External System Control Driver");
-+MODULE_AUTHOR("Morten Borup Petersen");
-+MODULE_AUTHOR("Rui Miguel Silva <rui.silva@arm.com>");
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0003-Add-rpmsg-driver-for-corstone1000.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0003-Add-rpmsg-driver-for-corstone1000.patch
deleted file mode 100644
index cd9cec2..0000000
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0003-Add-rpmsg-driver-for-corstone1000.patch
+++ /dev/null
@@ -1,218 +0,0 @@
-From a834f4e143ff647e7677dc60ab57ee5883f3ac8f Mon Sep 17 00:00:00 2001
-From: Emekcan <emekcan.aras@arm.com>
-Date: Wed, 17 Aug 2022 14:21:42 +0100
-Subject: [PATCH] Add rpmsg driver for corstone1000
-
-Adds rpmsg driver to communicate with external
-system in corstone1000 platform.
-
-Upstream-Status: Pending
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- drivers/rpmsg/Kconfig             |  10 ++
- drivers/rpmsg/Makefile            |   1 +
- drivers/rpmsg/rpmsg_arm_mailbox.c | 164 ++++++++++++++++++++++++++++++
- 3 files changed, 175 insertions(+)
- create mode 100644 drivers/rpmsg/rpmsg_arm_mailbox.c
-
-diff --git a/drivers/rpmsg/Kconfig b/drivers/rpmsg/Kconfig
-index d3795860f5c0..fc6916d7b523 100644
---- a/drivers/rpmsg/Kconfig
-+++ b/drivers/rpmsg/Kconfig
-@@ -81,4 +81,14 @@ config RPMSG_VIRTIO
- 	select RPMSG_NS
- 	select VIRTIO
- 
-+config RPMSG_ARM
-+	tristate "ARM RPMSG driver"
-+	select     RPMSG
-+	depends on HAS_IOMEM
-+	depends on MAILBOX
-+	help
-+	  Say y here to enable support for rpmsg lient driver which is built
-+	  around mailbox client using Arm MHUv2.1 as physical medium.This
-+	  driver enables communication which remote processor using MHU.
-+
- endmenu
-diff --git a/drivers/rpmsg/Makefile b/drivers/rpmsg/Makefile
-index 58e3b382e316..6bdcc69688b2 100644
---- a/drivers/rpmsg/Makefile
-+++ b/drivers/rpmsg/Makefile
-@@ -1,5 +1,6 @@
- # SPDX-License-Identifier: GPL-2.0
- obj-$(CONFIG_RPMSG)		+= rpmsg_core.o
-+obj-$(CONFIG_RPMSG_ARM)		+= rpmsg_arm_mailbox.o
- obj-$(CONFIG_RPMSG_CHAR)	+= rpmsg_char.o
- obj-$(CONFIG_RPMSG_CTRL)	+= rpmsg_ctrl.o
- obj-$(CONFIG_RPMSG_NS)		+= rpmsg_ns.o
-diff --git a/drivers/rpmsg/rpmsg_arm_mailbox.c b/drivers/rpmsg/rpmsg_arm_mailbox.c
-new file mode 100644
-index 000000000000..4a80102669f6
---- /dev/null
-+++ b/drivers/rpmsg/rpmsg_arm_mailbox.c
-@@ -0,0 +1,164 @@
-+// SPDX-License-Identifier: GPL-2.0
-+/*
-+ * rpmsg client driver using mailbox client interface
-+ *
-+ * Copyright (C) 2019 ARM Ltd.
-+ *
-+ */
-+
-+#include <linux/bitmap.h>
-+#include <linux/export.h>
-+#include <linux/io.h>
-+#include <linux/kernel.h>
-+#include <linux/ktime.h>
-+#include <linux/mailbox_client.h>
-+#include <linux/module.h>
-+#include <linux/of_address.h>
-+#include <linux/of_device.h>
-+#include <linux/processor.h>
-+#include <linux/semaphore.h>
-+#include <linux/slab.h>
-+#include <linux/rpmsg.h>
-+#include "rpmsg_internal.h"
-+#include <linux/mailbox/arm_mhuv2_message.h>
-+
-+#define RPMSG_NAME	"arm_rpmsg"
-+#define RPMSG_ADDR_ANY	0xFFFFFFFF
-+
-+struct arm_channel {
-+	struct rpmsg_endpoint ept;
-+	struct mbox_client cl;
-+	struct mbox_chan *mbox;
-+};
-+
-+#define arm_channel_from_rpmsg(_ept) container_of(_ept, struct arm_channel, ept)
-+#define arm_channel_from_mbox(_ept) container_of(_ept, struct arm_channel, cl)
-+
-+
-+static void arm_msg_rx_handler(struct mbox_client *cl, void *mssg)
-+{
-+	struct arm_mhuv2_mbox_msg *msg = mssg;
-+	struct arm_channel* channel = arm_channel_from_mbox(cl);
-+	int err = channel->ept.cb(channel->ept.rpdev, msg->data, 4, channel->ept.priv, RPMSG_ADDR_ANY);
-+	if(err) {
-+		printk("ARM Mailbox: Endpoint callback failed with error: %d", err);
-+	}
-+}
-+
-+
-+static void arm_destroy_ept(struct rpmsg_endpoint *ept)
-+{
-+	struct arm_channel *channel = arm_channel_from_rpmsg(ept);
-+	mbox_free_channel(channel->mbox);
-+	kfree(channel);
-+}
-+
-+static int arm_send(struct rpmsg_endpoint *ept, void *data, int len)
-+{
-+	struct arm_channel *channel = arm_channel_from_rpmsg(ept);
-+
-+	mbox_send_message(channel->mbox, data);
-+	return 0;
-+}
-+
-+static int arm_sendto(struct rpmsg_endpoint *ept, void *data, int len, u32 dest)
-+{
-+	struct arm_mhuv2_mbox_msg msg;
-+	struct arm_channel *channel = arm_channel_from_rpmsg(ept);
-+	msg.data = data;
-+	msg.len = len;
-+	mbox_send_message(channel->mbox, &msg);
-+	return 0;
-+}
-+
-+
-+static const struct rpmsg_endpoint_ops arm_endpoint_ops = {
-+	.destroy_ept = arm_destroy_ept,
-+	.send = arm_send,
-+	.sendto = arm_sendto,
-+};
-+
-+
-+static struct rpmsg_endpoint *arm_create_ept(struct rpmsg_device *rpdev,
-+		rpmsg_rx_cb_t cb, void *priv, struct rpmsg_channel_info chinfo)
-+{
-+	struct arm_channel *channel;
-+
-+	channel = kzalloc(sizeof(*channel), GFP_KERNEL);
-+
-+	// Initialize rpmsg endpoint
-+	kref_init(&channel->ept.refcount);
-+	channel->ept.rpdev = rpdev;
-+	channel->ept.cb = cb;
-+	channel->ept.priv = priv;
-+	channel->ept.ops = &arm_endpoint_ops;
-+
-+	// Initialize mailbox client
-+	channel->cl.dev = rpdev->dev.parent;
-+	channel->cl.rx_callback = arm_msg_rx_handler;
-+	channel->cl.tx_done = NULL; /* operate in blocking mode */
-+	channel->cl.tx_block = true;
-+	channel->cl.tx_tout = 500; /* by half a second */
-+	channel->cl.knows_txdone = false; /* depending upon protocol */
-+
-+	channel->mbox = mbox_request_channel_byname(&channel->cl, chinfo.name);
-+	if (IS_ERR_OR_NULL(channel->mbox)) {
-+		printk("RPMsg ARM: Cannot get channel by name: '%s'\n", chinfo.name);
-+		return -1;
-+	}
-+
-+	return &channel->ept;
-+}
-+
-+static const struct rpmsg_device_ops arm_device_ops = {
-+	.create_ept = arm_create_ept,
-+};
-+
-+
-+static void arm_release_device(struct device *dev)
-+{
-+	struct rpmsg_device *rpdev = to_rpmsg_device(dev);
-+
-+	kfree(rpdev);
-+}
-+
-+
-+static int client_probe(struct platform_device *pdev)
-+{
-+	struct device *dev = &pdev->dev;
-+	struct rpmsg_device *rpdev;
-+
-+	rpdev = kzalloc(sizeof(*rpdev), GFP_KERNEL);
-+	if (!rpdev)
-+		return -ENOMEM;
-+
-+	/* Assign callbacks for rpmsg_device */
-+	rpdev->ops = &arm_device_ops;
-+
-+	/* Assign public information to the rpmsg_device */
-+	memcpy(rpdev->id.name, RPMSG_NAME, strlen(RPMSG_NAME));
-+
-+	rpdev->dev.parent = dev;
-+	rpdev->dev.release = arm_release_device;
-+
-+	return rpmsg_chrdev_register_device(rpdev);
-+}
-+
-+static const struct of_device_id client_of_match[] = {
-+	{ .compatible = "arm,client", .data = NULL },
-+	{ /* Sentinel */ },
-+};
-+
-+static struct platform_driver client_driver = {
-+	.driver = {
-+		.name = "arm-mhu-client",
-+		.of_match_table = client_of_match,
-+	},
-+	.probe = client_probe,
-+};
-+
-+module_platform_driver(client_driver);
-+
-+MODULE_LICENSE("GPL v2");
-+MODULE_DESCRIPTION("ARM RPMSG Driver");
-+MODULE_AUTHOR("Tushar Khandelwal <tushar.khandelwal@arm.com>");
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0004-rpmsg-arm-fix-return-value.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0004-rpmsg-arm-fix-return-value.patch
deleted file mode 100644
index 516dbd7..0000000
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0004-rpmsg-arm-fix-return-value.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From c1ffd793062a13afdcc07d4bc1a8007188bfca5f Mon Sep 17 00:00:00 2001
-From: Rui Miguel Silva <rui.silva@linaro.org>
-Date: Tue, 27 Sep 2022 10:05:27 +0100
-Subject: [PATCH] rpmsg: arm: fix return value
-
-The creation of and endpoint returns a pointer, fix the return
-value to the right type.
-
-Upstream-Status: Pending
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- drivers/rpmsg/rpmsg_arm_mailbox.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/drivers/rpmsg/rpmsg_arm_mailbox.c b/drivers/rpmsg/rpmsg_arm_mailbox.c
-index 4a80102669f6..5c0dcc8e353d 100644
---- a/drivers/rpmsg/rpmsg_arm_mailbox.c
-+++ b/drivers/rpmsg/rpmsg_arm_mailbox.c
-@@ -103,8 +103,9 @@ static struct rpmsg_endpoint *arm_create_ept(struct rpmsg_device *rpdev,
- 
- 	channel->mbox = mbox_request_channel_byname(&channel->cl, chinfo.name);
- 	if (IS_ERR_OR_NULL(channel->mbox)) {
--		printk("RPMsg ARM: Cannot get channel by name: '%s'\n", chinfo.name);
--		return -1;
-+		printk("RPMsg ARM: Cannot get channel by name: %s\n",
-+		       chinfo.name);
-+		return ERR_PTR(-ENOENT);
- 	}
- 
- 	return &channel->ept;
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0005-rpmsg-arm-update-chrdev-to-ctrldev-registration.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0005-rpmsg-arm-update-chrdev-to-ctrldev-registration.patch
deleted file mode 100644
index ef2eb7c..0000000
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0005-rpmsg-arm-update-chrdev-to-ctrldev-registration.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From a8c295e1ff1d2b1032cc7495f212c56ba9f3e874 Mon Sep 17 00:00:00 2001
-From: Rui Miguel Silva <rui.silva@linaro.org>
-Date: Tue, 27 Sep 2022 10:07:21 +0100
-Subject: [PATCH] rpmsg: arm: update chrdev to ctrldev registration
-
-Since "rpmsg: Update rpmsg_chrdev_register_device function",
-there was a replacement of the chrdev driver to ctrldev
-driver. Fix the registration.
-
-Upstream-Status: Pending
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- drivers/rpmsg/rpmsg_arm_mailbox.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/drivers/rpmsg/rpmsg_arm_mailbox.c b/drivers/rpmsg/rpmsg_arm_mailbox.c
-index 5c0dcc8e353d..90bc8df90885 100644
---- a/drivers/rpmsg/rpmsg_arm_mailbox.c
-+++ b/drivers/rpmsg/rpmsg_arm_mailbox.c
-@@ -142,7 +142,7 @@ static int client_probe(struct platform_device *pdev)
- 	rpdev->dev.parent = dev;
- 	rpdev->dev.release = arm_release_device;
- 
--	return rpmsg_chrdev_register_device(rpdev);
-+	return rpmsg_ctrldev_register_device(rpdev);
- }
- 
- static const struct of_device_id client_of_match[] = {
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0006-Adds-workaround-for-cs1k-specific-bug.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0006-Adds-workaround-for-cs1k-specific-bug.patch
deleted file mode 100644
index 4fbeb23..0000000
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0006-Adds-workaround-for-cs1k-specific-bug.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 555ac46f6f5157741a6fd8f21f74beb1340ed941 Mon Sep 17 00:00:00 2001
-From: Emekcan <emekcan.aras@arm.com>
-Date: Thu, 13 Oct 2022 20:53:42 +0100
-Subject: [PATCH] Adds workaround for cs1k specific bug
-
-Adds a temporary workaround to solve a possible
-race-conditioning issue in the tee driver
-for corstone1000.
-
-Upstream-Status: Inappropriate
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- drivers/firmware/arm_ffa/driver.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/drivers/firmware/arm_ffa/driver.c b/drivers/firmware/arm_ffa/driver.c
-index 2109cd178ff7..c15b3a83c720 100644
---- a/drivers/firmware/arm_ffa/driver.c
-+++ b/drivers/firmware/arm_ffa/driver.c
-@@ -32,6 +32,7 @@
- #include <linux/scatterlist.h>
- #include <linux/slab.h>
- #include <linux/uuid.h>
-+#include <linux/delay.h>
- 
- #include "common.h"
- 
-@@ -282,7 +283,7 @@ static int ffa_msg_send_direct_req(u16 src_id, u16 dst_id, bool mode_32bit,
- {
- 	u32 req_id, resp_id, src_dst_ids = PACK_TARGET_INFO(src_id, dst_id);
- 	ffa_value_t ret;
--
-+	msleep(1);
- 	if (mode_32bit) {
- 		req_id = FFA_MSG_SEND_DIRECT_REQ;
- 		resp_id = FFA_MSG_SEND_DIRECT_RESP;
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig
index f6e6409..8abcaed 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig
@@ -8,15 +8,9 @@
 CONFIG_BOOT_CONFIG=y
 CONFIG_ARCH_VEXPRESS=y
 CONFIG_CMDLINE="console=ttyAMA0 loglevel=9"
-CONFIG_EFI=y
 # CONFIG_SUSPEND is not set
-CONFIG_EFI_BOOTLOADER_CONTROL=y
-CONFIG_EFI_CAPSULE_LOADER=y
-CONFIG_EFI_TEST=y
-CONFIG_RESET_ATTACK_MITIGATION=y
 # CONFIG_STACKPROTECTOR is not set
 CONFIG_MODULES=y
-# CONFIG_BLK_DEV_BSG is not set
 # CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set
 CONFIG_NET=y
 CONFIG_PACKET=y
@@ -28,8 +22,13 @@
 CONFIG_SYN_COOKIES=y
 CONFIG_NET_SCHED=y
 CONFIG_DEVTMPFS=y
+CONFIG_EFI_BOOTLOADER_CONTROL=y
+CONFIG_EFI_CAPSULE_LOADER=y
+CONFIG_EFI_TEST=y
+CONFIG_RESET_ATTACK_MITIGATION=y
 CONFIG_SCSI=y
 CONFIG_BLK_DEV_SD=y
+# CONFIG_BLK_DEV_BSG is not set
 CONFIG_NETDEVICES=y
 # CONFIG_NET_VENDOR_ALACRITECH is not set
 # CONFIG_NET_VENDOR_AMAZON is not set
@@ -49,9 +48,9 @@
 # CONFIG_NET_VENDOR_MICREL is not set
 # CONFIG_NET_VENDOR_MICROCHIP is not set
 # CONFIG_NET_VENDOR_MICROSEMI is not set
+# CONFIG_NET_VENDOR_NI is not set
 # CONFIG_NET_VENDOR_NATSEMI is not set
 # CONFIG_NET_VENDOR_NETRONOME is not set
-# CONFIG_NET_VENDOR_NI is not set
 # CONFIG_NET_VENDOR_PENSANDO is not set
 # CONFIG_NET_VENDOR_QUALCOMM is not set
 # CONFIG_NET_VENDOR_RENESAS is not set
@@ -90,11 +89,3 @@
 # CONFIG_SECTION_MISMATCH_WARN_ONLY is not set
 CONFIG_DEBUG_FS=y
 CONFIG_PANIC_TIMEOUT=5
-CONFIG_STACKTRACE=y
-CONFIG_EXTSYS_CTRL=y
-CONFIG_MAILBOX=y
-CONFIG_ARM_MHU_V2=y
-CONFIG_RPMSG=y
-CONFIG_RPMSG_CHAR=y
-CONFIG_RPMSG_ARM=y
-CONFIG_RPMSG_CTRL=y
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc
index 4028cf3..6c132c9 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc
@@ -30,11 +30,6 @@
 KERNEL_EXTRA_ARGS:corstone1000 += "CONFIG_INITRAMFS_COMPRESSION_NONE=y"
 SRC_URI:append:corstone1000 = " \
            file://defconfig  \
-           file://0002-Add-external-system-driver.patch \
-           file://0003-Add-rpmsg-driver-for-corstone1000.patch \
-           file://0004-rpmsg-arm-fix-return-value.patch \
-           file://0005-rpmsg-arm-update-chrdev-to-ctrldev-registration.patch \
-           file://0006-Adds-workaround-for-cs1k-specific-bug.patch \
         "
 
 SRC_URI:append:corstone1000 = " ${@bb.utils.contains('MACHINE_FEATURES', \
@@ -72,7 +67,7 @@
 #
 # N1SDP KMACHINE
 #
-FILESEXTRAPATHS:prepend:n1sdp := "${THISDIR}/linux-yocto-6.4/n1sdp:"
+FILESEXTRAPATHS:prepend:n1sdp := "${THISDIR}/linux-yocto-6.5/n1sdp:"
 COMPATIBLE_MACHINE:n1sdp = "n1sdp"
 KBUILD_DEFCONFIG:n1sdp = "defconfig"
 KCONFIG_MODE:n1sdp = "--alldefconfig"
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch
deleted file mode 100644
index 869ca6f..0000000
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From ec84afa8e74bc5df8b5794eef8f29b097adc7cb3 Mon Sep 17 00:00:00 2001
-From: Manoj Kumar <manoj.kumar3@arm.com>
-Date: Mon, 1 Feb 2021 21:36:43 +0530
-Subject: [PATCH] iommu/arm-smmu-v3: workaround for ATC_INV_SIZE_ALL in N1SDP
-
-ATC_INV_SIZE_ALL request should automatically translate to ATS
-address which is not happening in SMMUv3 version gone into
-N1SDP platform. This workaround manually sets the ATS address
-field to proper value for ATC_INV_SIZE_ALL command.
-
-Change-Id: If89465be94720a62be85e1e6612f17e93fa9b8a5
-Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
-Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com>
-
-Upstream-Status: Inappropriate [Workaround]
-Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Adam Johnston <adam.johnston@arm.com>
----
- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 1 +
- drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
-index 3fd83fb75722..852ed05b14a3 100644
---- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
-+++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
-@@ -1747,6 +1747,7 @@ arm_smmu_atc_inv_to_cmd(int ssid, unsigned long iova, size_t size,
- 	};
- 
- 	if (!size) {
-+		cmd->atc.addr = ATC_INV_ADDR_ALL;
- 		cmd->atc.size = ATC_INV_SIZE_ALL;
- 		return;
- 	}
-diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h
-index b574c58a3487..018086b65381 100644
---- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h
-+++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h
-@@ -472,6 +472,7 @@ struct arm_smmu_cmdq_ent {
- 
- 		#define CMDQ_OP_ATC_INV		0x40
- 		#define ATC_INV_SIZE_ALL	52
-+		#define ATC_INV_ADDR_ALL        0x7FFFFFFFFFFFF000UL
- 		struct {
- 			u32			sid;
- 			u32			ssid;
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch
deleted file mode 100644
index 9bf8112..0000000
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch
+++ /dev/null
@@ -1,159 +0,0 @@
-From 9761e48b2d6904a58996fcaadcf25684482a72c8 Mon Sep 17 00:00:00 2001
-From: Manoj Kumar <manoj.kumar3@arm.com>
-Date: Tue, 31 Aug 2021 16:15:38 +0000
-Subject: [PATCH] n1sdp: pci_quirk: add acs override for PCI devices
-
-Patch taken from:
-https://gitlab.com/Queuecumber/linux-acs-override/raw/master/workspaces/5.4/acso.patch
-
-Change-Id: Ib926bf50524ce9990fbaa2f2f8670fe84bd571f9
-Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
-
-Upstream-Status: Inappropriate [will not be submitted as its a workaround to address hardware issue]
-Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com>
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Adam Johnston <adam.johnston@arm.com>
----
- .../admin-guide/kernel-parameters.txt         |   8 ++
- drivers/pci/quirks.c                          | 102 ++++++++++++++++++
- 2 files changed, 110 insertions(+)
-
-diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
-index 9e5bab29685f..7ee740a37e5d 100644
---- a/Documentation/admin-guide/kernel-parameters.txt
-+++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -4235,6 +4235,14 @@
- 		nomsi		[MSI] If the PCI_MSI kernel config parameter is
- 				enabled, this kernel boot option can be used to
- 				disable the use of MSI interrupts system-wide.
-+		pcie_acs_override [PCIE] Override missing PCIe ACS support for
-+				downstream
-+				All downstream ports - full ACS capabilities
-+				multfunction
-+				All multifunction devices - multifunction ACS subset
-+				id:nnnn:nnnn
-+				Specfic device - full ACS capabilities
-+				Specified as vid:did (vendor/device ID) in hex
- 		noioapicquirk	[APIC] Disable all boot interrupt quirks.
- 				Safety option to keep boot IRQs enabled. This
- 				should never be necessary.
-diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
-index b7c65193e786..16b81d1ccafa 100644
---- a/drivers/pci/quirks.c
-+++ b/drivers/pci/quirks.c
-@@ -3625,6 +3625,107 @@ static void quirk_no_bus_reset(struct pci_dev *dev)
- 	dev->dev_flags |= PCI_DEV_FLAGS_NO_BUS_RESET;
- }
- 
-+static bool acs_on_downstream;
-+static bool acs_on_multifunction;
-+
-+#define NUM_ACS_IDS 16
-+struct acs_on_id {
-+	unsigned short vendor;
-+	unsigned short device;
-+};
-+static struct acs_on_id acs_on_ids[NUM_ACS_IDS];
-+static u8 max_acs_id;
-+
-+static __init int pcie_acs_override_setup(char *p)
-+{
-+	if (!p)
-+		return -EINVAL;
-+
-+	while (*p) {
-+		if (!strncmp(p, "downstream", 10))
-+			acs_on_downstream = true;
-+		if (!strncmp(p, "multifunction", 13))
-+			acs_on_multifunction = true;
-+		if (!strncmp(p, "id:", 3)) {
-+			char opt[5];
-+			int ret;
-+			long val;
-+
-+			if (max_acs_id >= NUM_ACS_IDS - 1) {
-+				pr_warn("Out of PCIe ACS override slots (%d)\n",
-+						NUM_ACS_IDS);
-+				goto next;
-+			}
-+
-+			p += 3;
-+			snprintf(opt, 5, "%s", p);
-+			ret = kstrtol(opt, 16, &val);
-+			if (ret) {
-+				pr_warn("PCIe ACS ID parse error %d\n", ret);
-+				goto next;
-+			}
-+			acs_on_ids[max_acs_id].vendor = val;
-+
-+			p += strcspn(p, ":");
-+			if (*p != ':') {
-+				pr_warn("PCIe ACS invalid ID\n");
-+				goto next;
-+			}
-+
-+			p++;
-+			snprintf(opt, 5, "%s", p);
-+			ret = kstrtol(opt, 16, &val);
-+			if (ret) {
-+				pr_warn("PCIe ACS ID parse error %d\n", ret);
-+				goto next;
-+			}
-+			acs_on_ids[max_acs_id].device = val;
-+			max_acs_id++;
-+		}
-+next:
-+		p += strcspn(p, ",");
-+		if (*p == ',')
-+			p++;
-+	}
-+
-+	if (acs_on_downstream || acs_on_multifunction || max_acs_id)
-+		pr_warn("Warning: PCIe ACS overrides enabled; This may allow non-IOMMU protected peer-to-peer DMA\n");
-+
-+	return 0;
-+}
-+early_param("pcie_acs_override", pcie_acs_override_setup);
-+
-+static int pcie_acs_overrides(struct pci_dev *dev, u16 acs_flags)
-+{
-+	int i;
-+
-+	/* Never override ACS for legacy devices or devices with ACS caps */
-+	if (!pci_is_pcie(dev) ||
-+		pci_find_ext_capability(dev, PCI_EXT_CAP_ID_ACS))
-+			return -ENOTTY;
-+
-+	for (i = 0; i < max_acs_id; i++)
-+		if (acs_on_ids[i].vendor == dev->vendor &&
-+			acs_on_ids[i].device == dev->device)
-+				return 1;
-+
-+	switch (pci_pcie_type(dev)) {
-+	case PCI_EXP_TYPE_DOWNSTREAM:
-+	case PCI_EXP_TYPE_ROOT_PORT:
-+		if (acs_on_downstream)
-+			return 1;
-+		break;
-+	case PCI_EXP_TYPE_ENDPOINT:
-+	case PCI_EXP_TYPE_UPSTREAM:
-+	case PCI_EXP_TYPE_LEG_END:
-+	case PCI_EXP_TYPE_RC_END:
-+		if (acs_on_multifunction && dev->multifunction)
-+			return 1;
-+	}
-+
-+	return -ENOTTY;
-+}
-+
- /*
-  * Some NVIDIA GPU devices do not work with bus reset, SBR needs to be
-  * prevented for those affected devices.
-@@ -5017,6 +5118,7 @@ static const struct pci_dev_acs_enabled {
- 	{ PCI_VENDOR_ID_ZHAOXIN, PCI_ANY_ID, pci_quirk_zhaoxin_pcie_ports_acs },
- 	/* Wangxun nics */
- 	{ PCI_VENDOR_ID_WANGXUN, PCI_ANY_ID, pci_quirk_wangxun_nic_acs },
-+	{ PCI_ANY_ID, PCI_ANY_ID, pcie_acs_overrides },
- 	{ 0 }
- };
- 
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/0003-pcie-Add-quirk-for-the-Arm-Neoverse-N1SDP-platform.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/0003-pcie-Add-quirk-for-the-Arm-Neoverse-N1SDP-platform.patch
deleted file mode 100644
index 96d55ad..0000000
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/0003-pcie-Add-quirk-for-the-Arm-Neoverse-N1SDP-platform.patch
+++ /dev/null
@@ -1,324 +0,0 @@
-From 268bfbcd8f16660bf5fc8e31b18b4090743c6dbe Mon Sep 17 00:00:00 2001
-From: Deepak Pandey <Deepak.Pandey@arm.com>
-Date: Fri, 31 May 2019 16:42:43 +0100
-Subject: [PATCH] pcie: Add quirk for the Arm Neoverse N1SDP platform
-
-The Arm N1SDP SoC suffers from some PCIe integration issues, most
-prominently config space accesses to not existing BDFs being answered
-with a bus abort, resulting in an SError.
-To mitigate this, the firmware scans the bus before boot (catching the
-SErrors) and creates a table with valid BDFs, which acts as a filter for
-Linux' config space accesses.
-
-Add code consulting the table as an ACPI PCIe quirk, also register the
-corresponding device tree based description of the host controller.
-Also fix the other two minor issues on the way, namely not being fully
-ECAM compliant and config space accesses being restricted to 32-bit
-accesses only.
-
-This allows the Arm Neoverse N1SDP board to boot Linux without crashing
-and to access *any* devices (there are no platform devices except UART).
-
-Signed-off-by: Deepak Pandey <Deepak.Pandey@arm.com>
-[Sudipto: extend to cover the CCIX root port as well]
-Signed-off-by: Sudipto Paul <sudipto.paul@arm.com>
-[Andre: fix coding style issues, rewrite some parts, add DT support]
-Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
-Change-Id: I1d3a4b9bf6b3b883d262e3c4ff1f88a0eb81c1fe
-Upstream-Status: Inappropriate [will not be submitted as its a workaround to address hardware issue]
-Signed-off-by: Deepak Pandey <Deepak.Pandey@arm.com>
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Adam Johnston <adam.johnston@arm.com>
----
- arch/arm64/configs/defconfig        |   1 +
- drivers/acpi/pci_mcfg.c             |   7 +
- drivers/pci/controller/Kconfig      |  11 ++
- drivers/pci/controller/Makefile     |   2 +-
- drivers/pci/controller/pcie-n1sdp.c | 198 ++++++++++++++++++++++++++++
- include/linux/pci-ecam.h            |   2 +
- 6 files changed, 220 insertions(+), 1 deletion(-)
- create mode 100644 drivers/pci/controller/pcie-n1sdp.c
-
-diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig
-index a24609e14d50..cd73d1704dd2 100644
---- a/arch/arm64/configs/defconfig
-+++ b/arch/arm64/configs/defconfig
-@@ -203,6 +203,7 @@ CONFIG_NFC_S3FWRN5_I2C=m
- CONFIG_PCI=y
- CONFIG_PCIEPORTBUS=y
- CONFIG_PCIEAER=y
-+CONFIG_PCI_QUIRKS=y
- CONFIG_PCI_IOV=y
- CONFIG_PCI_PASID=y
- CONFIG_HOTPLUG_PCI=y
-diff --git a/drivers/acpi/pci_mcfg.c b/drivers/acpi/pci_mcfg.c
-index 860014b89b8e..2d4c1c699ffe 100644
---- a/drivers/acpi/pci_mcfg.c
-+++ b/drivers/acpi/pci_mcfg.c
-@@ -171,6 +171,13 @@ static struct mcfg_fixup mcfg_quirks[] = {
- 	ALTRA_ECAM_QUIRK(1, 13),
- 	ALTRA_ECAM_QUIRK(1, 14),
- 	ALTRA_ECAM_QUIRK(1, 15),
-+
-+#define N1SDP_ECAM_MCFG(rev, seg, ops) \
-+	{"ARMLTD", "ARMN1SDP", rev, seg, MCFG_BUS_ANY, ops }
-+
-+	/* N1SDP SoC with v1 PCIe controller */
-+	N1SDP_ECAM_MCFG(0x20181101, 0, &pci_n1sdp_pcie_ecam_ops),
-+	N1SDP_ECAM_MCFG(0x20181101, 1, &pci_n1sdp_ccix_ecam_ops),
- #endif /* ARM64 */
- 
- #ifdef CONFIG_LOONGARCH
-diff --git a/drivers/pci/controller/Kconfig b/drivers/pci/controller/Kconfig
-index 8d49bad7f847..7bb49afbcd5b 100644
---- a/drivers/pci/controller/Kconfig
-+++ b/drivers/pci/controller/Kconfig
-@@ -21,6 +21,17 @@ config PCIE_ALTERA
- 	  Say Y here if you want to enable PCIe controller support on Altera
- 	  FPGA.
- 
-+config PCIE_HOST_N1SDP_ECAM
-+	bool "ARM N1SDP PCIe Controller"
-+	depends on ARM64
-+	depends on OF || (ACPI && PCI_QUIRKS)
-+	select PCI_HOST_COMMON
-+	default y if ARCH_VEXPRESS
-+	help
-+	  Say Y here if you want PCIe support for the Arm N1SDP platform.
-+	  The controller is ECAM compliant, but needs a quirk to workaround
-+	  an integration issue.
-+
- config PCIE_ALTERA_MSI
- 	tristate "Altera PCIe MSI feature"
- 	depends on PCIE_ALTERA
-diff --git a/drivers/pci/controller/Makefile b/drivers/pci/controller/Makefile
-index 37c8663de7fe..08e5afcf6e86 100644
---- a/drivers/pci/controller/Makefile
-+++ b/drivers/pci/controller/Makefile
-@@ -39,7 +39,7 @@ obj-$(CONFIG_PCI_LOONGSON) += pci-loongson.o
- obj-$(CONFIG_PCIE_HISI_ERR) += pcie-hisi-error.o
- obj-$(CONFIG_PCIE_APPLE) += pcie-apple.o
- obj-$(CONFIG_PCIE_MT7621) += pcie-mt7621.o
--
-+obj-$(CONFIG_PCIE_HOST_N1SDP_ECAM) += pcie-n1sdp.o
- # pcie-hisi.o quirks are needed even without CONFIG_PCIE_DW
- obj-y				+= dwc/
- obj-y				+= mobiveil/
-diff --git a/drivers/pci/controller/pcie-n1sdp.c b/drivers/pci/controller/pcie-n1sdp.c
-new file mode 100644
-index 000000000000..408699b9dcb1
---- /dev/null
-+++ b/drivers/pci/controller/pcie-n1sdp.c
-@@ -0,0 +1,198 @@
-+// SPDX-License-Identifier: GPL-2.0
-+/*
-+ * Copyright (C) 2018/2019 ARM Ltd.
-+ *
-+ * This quirk is to mask the following issues:
-+ * - PCIE SLVERR: config space accesses to invalid PCIe BDFs cause a bus
-+ *		  error (signalled as an asynchronous SError)
-+ * - MCFG BDF mapping: the root complex is mapped separately from the device
-+ *		       config space
-+ * - Non 32-bit accesses to config space are not supported.
-+ *
-+ * At boot time the SCP board firmware creates a discovery table with
-+ * the root complex' base address and the valid BDF values, discovered while
-+ * scanning the config space and catching the SErrors.
-+ * Linux responds only to the EPs listed in this table, returning NULL
-+ * for the rest.
-+ */
-+
-+#include <linux/kernel.h>
-+#include <linux/init.h>
-+#include <linux/ioport.h>
-+#include <linux/sizes.h>
-+#include <linux/of_pci.h>
-+#include <linux/of.h>
-+#include <linux/pci-ecam.h>
-+#include <linux/platform_device.h>
-+#include <linux/module.h>
-+
-+#include "../pci.h"
-+
-+/* Platform specific values as hardcoded in the firmware. */
-+#define AP_NS_SHARED_MEM_BASE	0x06000000
-+#define MAX_SEGMENTS		2		/* Two PCIe root complexes. */
-+#define BDF_TABLE_SIZE		SZ_16K
-+
-+/*
-+ * Shared memory layout as written by the SCP upon boot time:
-+ *  ----
-+ *  Discover data header --> RC base address
-+ *                       \-> BDF Count
-+ *  Discover data        --> BDF 0...n
-+ *  ----
-+ */
-+struct pcie_discovery_data {
-+	u32 rc_base_addr;
-+	u32 nr_bdfs;
-+	u32 valid_bdfs[0];
-+} *pcie_discovery_data[MAX_SEGMENTS];
-+
-+void __iomem *rc_remapped_addr[MAX_SEGMENTS];
-+
-+/*
-+ * map_bus() is called before we do a config space access for a certain
-+ * device. We use this to check whether this device is valid, avoiding
-+ * config space accesses which would result in an SError otherwise.
-+ */
-+static void __iomem *pci_n1sdp_map_bus(struct pci_bus *bus, unsigned int devfn,
-+				       int where)
-+{
-+	struct pci_config_window *cfg = bus->sysdata;
-+	unsigned int devfn_shift = cfg->ops->bus_shift - 8;
-+	unsigned int busn = bus->number;
-+	unsigned int segment = bus->domain_nr;
-+	unsigned int bdf_addr;
-+	unsigned int table_count, i;
-+	struct pci_dev *dev;
-+
-+	if (segment >= MAX_SEGMENTS ||
-+	    busn < cfg->busr.start || busn > cfg->busr.end)
-+		return NULL;
-+
-+	/* The PCIe root complex has a separate config space mapping. */
-+	if (busn == 0 && devfn == 0)
-+		return rc_remapped_addr[segment] + where;
-+
-+	dev = pci_get_domain_bus_and_slot(segment, busn, devfn);
-+	if (dev && dev->is_virtfn)
-+		return pci_ecam_map_bus(bus, devfn, where);
-+
-+	/* Accesses beyond the vendor ID always go to existing devices. */
-+	if (where > 0)
-+		return pci_ecam_map_bus(bus, devfn, where);
-+
-+	busn -= cfg->busr.start;
-+	bdf_addr = (busn << cfg->ops->bus_shift) + (devfn << devfn_shift);
-+	table_count = pcie_discovery_data[segment]->nr_bdfs;
-+	for (i = 0; i < table_count; i++) {
-+		if (bdf_addr == pcie_discovery_data[segment]->valid_bdfs[i])
-+			return pci_ecam_map_bus(bus, devfn, where);
-+	}
-+
-+	return NULL;
-+}
-+
-+static int pci_n1sdp_init(struct pci_config_window *cfg, unsigned int segment)
-+{
-+	phys_addr_t table_base;
-+	struct device *dev = cfg->parent;
-+	struct pcie_discovery_data *shared_data;
-+	size_t bdfs_size;
-+
-+	if (segment >= MAX_SEGMENTS)
-+		return -ENODEV;
-+
-+	table_base = AP_NS_SHARED_MEM_BASE + segment * BDF_TABLE_SIZE;
-+
-+	if (!request_mem_region(table_base, BDF_TABLE_SIZE,
-+				"PCIe valid BDFs")) {
-+		dev_err(dev, "PCIe BDF shared region request failed\n");
-+		return -ENOMEM;
-+	}
-+
-+	shared_data = devm_ioremap(dev,
-+				   table_base, BDF_TABLE_SIZE);
-+	if (!shared_data)
-+		return -ENOMEM;
-+
-+	/* Copy the valid BDFs structure to allocated normal memory. */
-+	bdfs_size = sizeof(struct pcie_discovery_data) +
-+		    sizeof(u32) * shared_data->nr_bdfs;
-+	pcie_discovery_data[segment] = devm_kmalloc(dev, bdfs_size, GFP_KERNEL);
-+	if (!pcie_discovery_data[segment])
-+		return -ENOMEM;
-+
-+	memcpy_fromio(pcie_discovery_data[segment], shared_data, bdfs_size);
-+
-+	rc_remapped_addr[segment] = devm_ioremap(dev,
-+						 shared_data->rc_base_addr,
-+						 PCI_CFG_SPACE_EXP_SIZE);
-+	if (!rc_remapped_addr[segment]) {
-+		dev_err(dev, "Cannot remap root port base\n");
-+		return -ENOMEM;
-+	}
-+
-+	devm_iounmap(dev, shared_data);
-+
-+	return 0;
-+}
-+
-+/* Called for ACPI segment 0, and for all segments when using DT. */
-+static int pci_n1sdp_pcie_init(struct pci_config_window *cfg)
-+{
-+	struct platform_device *pdev = to_platform_device(cfg->parent);
-+	int segment = 0;
-+
-+	if (pdev->dev.of_node)
-+		segment = of_get_pci_domain_nr(pdev->dev.of_node);
-+	if (segment < 0 || segment > MAX_SEGMENTS) {
-+		dev_err(&pdev->dev, "N1SDP PCI controllers require linux,pci-domain property\n");
-+		dev_err(&pdev->dev, "Or invalid segment number, must be smaller than %d\n",
-+			MAX_SEGMENTS);
-+		return -EINVAL;
-+	}
-+
-+	return pci_n1sdp_init(cfg, segment);
-+}
-+
-+/* Called for ACPI segment 1. */
-+static int pci_n1sdp_ccix_init(struct pci_config_window *cfg)
-+{
-+	return pci_n1sdp_init(cfg, 1);
-+}
-+
-+const struct pci_ecam_ops pci_n1sdp_pcie_ecam_ops = {
-+	.bus_shift	= 20,
-+	.init		= pci_n1sdp_pcie_init,
-+	.pci_ops	= {
-+		.map_bus        = pci_n1sdp_map_bus,
-+		.read           = pci_generic_config_read32,
-+		.write          = pci_generic_config_write32,
-+	}
-+};
-+
-+const struct pci_ecam_ops pci_n1sdp_ccix_ecam_ops = {
-+	.bus_shift	= 20,
-+	.init		= pci_n1sdp_ccix_init,
-+	.pci_ops	= {
-+		.map_bus        = pci_n1sdp_map_bus,
-+		.read           = pci_generic_config_read32,
-+		.write          = pci_generic_config_write32,
-+	}
-+};
-+
-+static const struct of_device_id n1sdp_pcie_of_match[] = {
-+	{ .compatible = "arm,n1sdp-pcie", .data = &pci_n1sdp_pcie_ecam_ops },
-+	{ },
-+};
-+MODULE_DEVICE_TABLE(of, n1sdp_pcie_of_match);
-+
-+static struct platform_driver n1sdp_pcie_driver = {
-+	.driver = {
-+		.name = KBUILD_MODNAME,
-+		.of_match_table = n1sdp_pcie_of_match,
-+		.suppress_bind_attrs = true,
-+	},
-+	.probe = pci_host_common_probe,
-+};
-+builtin_platform_driver(n1sdp_pcie_driver);
-diff --git a/include/linux/pci-ecam.h b/include/linux/pci-ecam.h
-index 6b1301e2498e..b3cf3adeab28 100644
---- a/include/linux/pci-ecam.h
-+++ b/include/linux/pci-ecam.h
-@@ -88,6 +88,8 @@ extern const struct pci_ecam_ops xgene_v2_pcie_ecam_ops; /* APM X-Gene PCIe v2.x
- extern const struct pci_ecam_ops al_pcie_ops;	/* Amazon Annapurna Labs PCIe */
- extern const struct pci_ecam_ops tegra194_pcie_ops; /* Tegra194 PCIe */
- extern const struct pci_ecam_ops loongson_pci_ecam_ops; /* Loongson PCIe */
-+extern const struct pci_ecam_ops pci_n1sdp_pcie_ecam_ops; /* Arm N1SDP PCIe */
-+extern const struct pci_ecam_ops pci_n1sdp_ccix_ecam_ops; /* Arm N1SDP PCIe */
- #endif
- 
- #if IS_ENABLED(CONFIG_PCI_HOST_COMMON)
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/0004-n1sdp-pcie-add-quirk-support-enabling-remote-chip-PC.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/0004-n1sdp-pcie-add-quirk-support-enabling-remote-chip-PC.patch
deleted file mode 100644
index ce28499..0000000
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/0004-n1sdp-pcie-add-quirk-support-enabling-remote-chip-PC.patch
+++ /dev/null
@@ -1,136 +0,0 @@
-From 553801193c173711e9f7f6c56a44b5fac2385c1e Mon Sep 17 00:00:00 2001
-From: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
-Date: Wed, 9 Feb 2022 20:37:43 +0530
-Subject: [PATCH] n1sdp: pcie: add quirk support enabling remote chip PCIe
-
-Base address mapping for remote chip Root PCIe ECAM space.
-
-When two N1SDP boards are coupled via the CCIX connection, the PCI host
-complex of the remote board appears as PCIe segment 2 on the primary board.
-The resources of the secondary board, including the host complex, are
-mapped at offset 0x40000000000 into the address space of the primary
-board, so take that into account when accessing the remote PCIe segment.
-
-Change-Id: I0e8d1eb119aef6444b9df854a39b24441c12195a
-Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
-Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com>
-Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-Signed-off-by: sahil <sahil@arm.com>
-
-Upstream-Status: Inappropriate [will not be submitted as its an hack required to fix the hardware issue]
-Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Adam Johnston <adam.johnston@arm.com>
----
- drivers/acpi/pci_mcfg.c             |  1 +
- drivers/pci/controller/pcie-n1sdp.c | 32 +++++++++++++++++++++++++----
- include/linux/pci-ecam.h            |  1 +
- 3 files changed, 30 insertions(+), 4 deletions(-)
-
-diff --git a/drivers/acpi/pci_mcfg.c b/drivers/acpi/pci_mcfg.c
-index 2d4c1c699ffe..27f1e9a45c17 100644
---- a/drivers/acpi/pci_mcfg.c
-+++ b/drivers/acpi/pci_mcfg.c
-@@ -178,6 +178,7 @@ static struct mcfg_fixup mcfg_quirks[] = {
- 	/* N1SDP SoC with v1 PCIe controller */
- 	N1SDP_ECAM_MCFG(0x20181101, 0, &pci_n1sdp_pcie_ecam_ops),
- 	N1SDP_ECAM_MCFG(0x20181101, 1, &pci_n1sdp_ccix_ecam_ops),
-+	N1SDP_ECAM_MCFG(0x20181101, 2, &pci_n1sdp_remote_pcie_ecam_ops),
- #endif /* ARM64 */
- 
- #ifdef CONFIG_LOONGARCH
-diff --git a/drivers/pci/controller/pcie-n1sdp.c b/drivers/pci/controller/pcie-n1sdp.c
-index 408699b9dcb1..b3b02417fd7d 100644
---- a/drivers/pci/controller/pcie-n1sdp.c
-+++ b/drivers/pci/controller/pcie-n1sdp.c
-@@ -30,8 +30,10 @@
- 
- /* Platform specific values as hardcoded in the firmware. */
- #define AP_NS_SHARED_MEM_BASE	0x06000000
--#define MAX_SEGMENTS		2		/* Two PCIe root complexes. */
-+/* Two PCIe root complexes in One Chip + One PCIe RC in Remote Chip */
-+#define MAX_SEGMENTS		3
- #define BDF_TABLE_SIZE		SZ_16K
-+#define REMOTE_CHIP_ADDR_OFFSET	0x40000000000
- 
- /*
-  * Shared memory layout as written by the SCP upon boot time:
-@@ -97,12 +99,17 @@ static int pci_n1sdp_init(struct pci_config_window *cfg, unsigned int segment)
- 	phys_addr_t table_base;
- 	struct device *dev = cfg->parent;
- 	struct pcie_discovery_data *shared_data;
--	size_t bdfs_size;
-+	size_t bdfs_size, rc_base_addr = 0;
- 
- 	if (segment >= MAX_SEGMENTS)
- 		return -ENODEV;
- 
--	table_base = AP_NS_SHARED_MEM_BASE + segment * BDF_TABLE_SIZE;
-+	if (segment > 1) {
-+		rc_base_addr = REMOTE_CHIP_ADDR_OFFSET;
-+		table_base = AP_NS_SHARED_MEM_BASE + REMOTE_CHIP_ADDR_OFFSET;
-+	} else {
-+		table_base = AP_NS_SHARED_MEM_BASE + segment * BDF_TABLE_SIZE;
-+	}
- 
- 	if (!request_mem_region(table_base, BDF_TABLE_SIZE,
- 				"PCIe valid BDFs")) {
-@@ -114,6 +121,7 @@ static int pci_n1sdp_init(struct pci_config_window *cfg, unsigned int segment)
- 				   table_base, BDF_TABLE_SIZE);
- 	if (!shared_data)
- 		return -ENOMEM;
-+	rc_base_addr += shared_data->rc_base_addr;
- 
- 	/* Copy the valid BDFs structure to allocated normal memory. */
- 	bdfs_size = sizeof(struct pcie_discovery_data) +
-@@ -125,7 +133,7 @@ static int pci_n1sdp_init(struct pci_config_window *cfg, unsigned int segment)
- 	memcpy_fromio(pcie_discovery_data[segment], shared_data, bdfs_size);
- 
- 	rc_remapped_addr[segment] = devm_ioremap(dev,
--						 shared_data->rc_base_addr,
-+						 rc_base_addr,
- 						 PCI_CFG_SPACE_EXP_SIZE);
- 	if (!rc_remapped_addr[segment]) {
- 		dev_err(dev, "Cannot remap root port base\n");
-@@ -161,6 +169,12 @@ static int pci_n1sdp_ccix_init(struct pci_config_window *cfg)
- 	return pci_n1sdp_init(cfg, 1);
- }
- 
-+/* Called for ACPI segment 2. */
-+static int pci_n1sdp_remote_pcie_init(struct pci_config_window *cfg)
-+{
-+	return pci_n1sdp_init(cfg, 2);
-+}
-+
- const struct pci_ecam_ops pci_n1sdp_pcie_ecam_ops = {
- 	.bus_shift	= 20,
- 	.init		= pci_n1sdp_pcie_init,
-@@ -181,6 +195,16 @@ const struct pci_ecam_ops pci_n1sdp_ccix_ecam_ops = {
- 	}
- };
- 
-+const struct pci_ecam_ops pci_n1sdp_remote_pcie_ecam_ops = {
-+	.bus_shift	= 20,
-+	.init		= pci_n1sdp_remote_pcie_init,
-+	.pci_ops	= {
-+		.map_bus        = pci_n1sdp_map_bus,
-+		.read           = pci_generic_config_read32,
-+		.write          = pci_generic_config_write32,
-+	}
-+};
-+
- static const struct of_device_id n1sdp_pcie_of_match[] = {
- 	{ .compatible = "arm,n1sdp-pcie", .data = &pci_n1sdp_pcie_ecam_ops },
- 	{ },
-diff --git a/include/linux/pci-ecam.h b/include/linux/pci-ecam.h
-index b3cf3adeab28..d4316795c00d 100644
---- a/include/linux/pci-ecam.h
-+++ b/include/linux/pci-ecam.h
-@@ -90,6 +90,7 @@ extern const struct pci_ecam_ops tegra194_pcie_ops; /* Tegra194 PCIe */
- extern const struct pci_ecam_ops loongson_pci_ecam_ops; /* Loongson PCIe */
- extern const struct pci_ecam_ops pci_n1sdp_pcie_ecam_ops; /* Arm N1SDP PCIe */
- extern const struct pci_ecam_ops pci_n1sdp_ccix_ecam_ops; /* Arm N1SDP PCIe */
-+extern const struct pci_ecam_ops pci_n1sdp_remote_pcie_ecam_ops; /* Arm N1SDP PCIe */
- #endif
- 
- #if IS_ENABLED(CONFIG_PCI_HOST_COMMON)
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/0005-arm64-kpti-Whitelist-early-Arm-Neoverse-N1-revisions.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/0005-arm64-kpti-Whitelist-early-Arm-Neoverse-N1-revisions.patch
deleted file mode 100644
index e4f15bb..0000000
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/0005-arm64-kpti-Whitelist-early-Arm-Neoverse-N1-revisions.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From d2e55d92eefd99ede330270b00c01b734a6b61c0 Mon Sep 17 00:00:00 2001
-From: Andre Przywara <andre.przywara@arm.com>
-Date: Fri, 17 May 2019 17:39:27 +0100
-Subject: [PATCH] arm64: kpti: Whitelist early Arm Neoverse N1 revisions
-
-Early revisions (r1p0) of the Neoverse N1 core did not feature the
-CSV3 field in ID_AA64PFR0_EL1 to advertise they are not affected by
-the Spectre variant 3 (aka Meltdown) vulnerability.
-
-Add this particular revision to the whitelist to avoid enabling KPTI.
-
-Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-Change-Id: I78df055a3e674aefd195d41cc6dc4ee08b0af099
-Upstream-Status: Inappropriate
-Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Adam Johnston <adam.johnston@arm.com>
----
- arch/arm64/kernel/cpufeature.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
-index 7d7128c65161..77e109ddd981 100644
---- a/arch/arm64/kernel/cpufeature.c
-+++ b/arch/arm64/kernel/cpufeature.c
-@@ -1674,6 +1674,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
- 		MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_2XX_SILVER),
- 		MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_3XX_SILVER),
- 		MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_SILVER),
-+		MIDR_REV(MIDR_NEOVERSE_N1, 1, 0),	/* missing CSV3 */
- 		{ /* sentinel */ }
- 	};
- 	char const *str = "kpti command line option";
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch
new file mode 100644
index 0000000..df7586c
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch
@@ -0,0 +1,45 @@
+From 63da10da7a57776196a3c323e93ef66f1d553c0c Mon Sep 17 00:00:00 2001
+From: Manoj Kumar <manoj.kumar3@arm.com>
+Date: Mon, 1 Feb 2021 21:36:43 +0530
+Subject: [PATCH] iommu/arm-smmu-v3: workaround for ATC_INV_SIZE_ALL in N1SDP
+
+ATC_INV_SIZE_ALL request should automatically translate to ATS
+address which is not happening in SMMUv3 version gone into
+N1SDP platform. This workaround manually sets the ATS address
+field to proper value for ATC_INV_SIZE_ALL command.
+
+Change-Id: If89465be94720a62be85e1e6612f17e93fa9b8a5
+Upstream-Status: Inappropriate [Workaround]
+Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
+Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com>
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+Signed-off-by: Adam Johnston <adam.johnston@arm.com>
+---
+ drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 1 +
+ drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h | 1 +
+ 2 files changed, 2 insertions(+)
+
+diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
+index 6ccbae9b93a1..5387f152fb07 100644
+--- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
++++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
+@@ -1753,6 +1753,7 @@ arm_smmu_atc_inv_to_cmd(int ssid, unsigned long iova, size_t size,
+ 	};
+ 
+ 	if (!size) {
++		cmd->atc.addr = ATC_INV_ADDR_ALL;
+ 		cmd->atc.size = ATC_INV_SIZE_ALL;
+ 		return;
+ 	}
+diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h
+index dcab85698a4e..12e12d03eebf 100644
+--- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h
++++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h
+@@ -478,6 +478,7 @@ struct arm_smmu_cmdq_ent {
+ 
+ 		#define CMDQ_OP_ATC_INV		0x40
+ 		#define ATC_INV_SIZE_ALL	52
++		#define ATC_INV_ADDR_ALL        0x7FFFFFFFFFFFF000UL
+ 		struct {
+ 			u32			sid;
+ 			u32			ssid;
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch
new file mode 100644
index 0000000..73e7a58
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch
@@ -0,0 +1,158 @@
+From 7d24cc041cbcff07b21a9a380426b38e09149648 Mon Sep 17 00:00:00 2001
+From: Manoj Kumar <manoj.kumar3@arm.com>
+Date: Tue, 31 Aug 2021 16:15:38 +0000
+Subject: [PATCH] n1sdp: pci_quirk: add acs override for PCI devices
+
+Patch taken from:
+https://gitlab.com/Queuecumber/linux-acs-override/raw/master/workspaces/5.4/acso.patch
+
+Change-Id: Ib926bf50524ce9990fbaa2f2f8670fe84bd571f9
+Upstream-Status: Inappropriate [will not be submitted as its a workaround to address hardware issue]
+Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
+Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com>
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+Signed-off-by: Adam Johnston <adam.johnston@arm.com>
+---
+ .../admin-guide/kernel-parameters.txt         |   8 ++
+ drivers/pci/quirks.c                          | 102 ++++++++++++++++++
+ 2 files changed, 110 insertions(+)
+
+diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
+index 23ebe34ff901..054b6e6d22f3 100644
+--- a/Documentation/admin-guide/kernel-parameters.txt
++++ b/Documentation/admin-guide/kernel-parameters.txt
+@@ -4271,6 +4271,14 @@
+ 		nomsi		[MSI] If the PCI_MSI kernel config parameter is
+ 				enabled, this kernel boot option can be used to
+ 				disable the use of MSI interrupts system-wide.
++		pcie_acs_override [PCIE] Override missing PCIe ACS support for
++				downstream
++				All downstream ports - full ACS capabilities
++				multfunction
++				All multifunction devices - multifunction ACS subset
++				id:nnnn:nnnn
++				Specfic device - full ACS capabilities
++				Specified as vid:did (vendor/device ID) in hex
+ 		noioapicquirk	[APIC] Disable all boot interrupt quirks.
+ 				Safety option to keep boot IRQs enabled. This
+ 				should never be necessary.
+diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
+index 321156ca273d..1144c3a8a3bb 100644
+--- a/drivers/pci/quirks.c
++++ b/drivers/pci/quirks.c
+@@ -3718,6 +3718,107 @@ static void quirk_no_bus_reset(struct pci_dev *dev)
+ 	dev->dev_flags |= PCI_DEV_FLAGS_NO_BUS_RESET;
+ }
+ 
++static bool acs_on_downstream;
++static bool acs_on_multifunction;
++
++#define NUM_ACS_IDS 16
++struct acs_on_id {
++	unsigned short vendor;
++	unsigned short device;
++};
++static struct acs_on_id acs_on_ids[NUM_ACS_IDS];
++static u8 max_acs_id;
++
++static __init int pcie_acs_override_setup(char *p)
++{
++	if (!p)
++		return -EINVAL;
++
++	while (*p) {
++		if (!strncmp(p, "downstream", 10))
++			acs_on_downstream = true;
++		if (!strncmp(p, "multifunction", 13))
++			acs_on_multifunction = true;
++		if (!strncmp(p, "id:", 3)) {
++			char opt[5];
++			int ret;
++			long val;
++
++			if (max_acs_id >= NUM_ACS_IDS - 1) {
++				pr_warn("Out of PCIe ACS override slots (%d)\n",
++						NUM_ACS_IDS);
++				goto next;
++			}
++
++			p += 3;
++			snprintf(opt, 5, "%s", p);
++			ret = kstrtol(opt, 16, &val);
++			if (ret) {
++				pr_warn("PCIe ACS ID parse error %d\n", ret);
++				goto next;
++			}
++			acs_on_ids[max_acs_id].vendor = val;
++
++			p += strcspn(p, ":");
++			if (*p != ':') {
++				pr_warn("PCIe ACS invalid ID\n");
++				goto next;
++			}
++
++			p++;
++			snprintf(opt, 5, "%s", p);
++			ret = kstrtol(opt, 16, &val);
++			if (ret) {
++				pr_warn("PCIe ACS ID parse error %d\n", ret);
++				goto next;
++			}
++			acs_on_ids[max_acs_id].device = val;
++			max_acs_id++;
++		}
++next:
++		p += strcspn(p, ",");
++		if (*p == ',')
++			p++;
++	}
++
++	if (acs_on_downstream || acs_on_multifunction || max_acs_id)
++		pr_warn("Warning: PCIe ACS overrides enabled; This may allow non-IOMMU protected peer-to-peer DMA\n");
++
++	return 0;
++}
++early_param("pcie_acs_override", pcie_acs_override_setup);
++
++static int pcie_acs_overrides(struct pci_dev *dev, u16 acs_flags)
++{
++	int i;
++
++	/* Never override ACS for legacy devices or devices with ACS caps */
++	if (!pci_is_pcie(dev) ||
++		pci_find_ext_capability(dev, PCI_EXT_CAP_ID_ACS))
++			return -ENOTTY;
++
++	for (i = 0; i < max_acs_id; i++)
++		if (acs_on_ids[i].vendor == dev->vendor &&
++			acs_on_ids[i].device == dev->device)
++				return 1;
++
++	switch (pci_pcie_type(dev)) {
++	case PCI_EXP_TYPE_DOWNSTREAM:
++	case PCI_EXP_TYPE_ROOT_PORT:
++		if (acs_on_downstream)
++			return 1;
++		break;
++	case PCI_EXP_TYPE_ENDPOINT:
++	case PCI_EXP_TYPE_UPSTREAM:
++	case PCI_EXP_TYPE_LEG_END:
++	case PCI_EXP_TYPE_RC_END:
++		if (acs_on_multifunction && dev->multifunction)
++			return 1;
++	}
++
++	return -ENOTTY;
++}
++
+ /*
+  * Some NVIDIA GPU devices do not work with bus reset, SBR needs to be
+  * prevented for those affected devices.
+@@ -5112,6 +5213,7 @@ static const struct pci_dev_acs_enabled {
+ 	{ PCI_VENDOR_ID_ZHAOXIN, PCI_ANY_ID, pci_quirk_zhaoxin_pcie_ports_acs },
+ 	/* Wangxun nics */
+ 	{ PCI_VENDOR_ID_WANGXUN, PCI_ANY_ID, pci_quirk_wangxun_nic_acs },
++	{ PCI_ANY_ID, PCI_ANY_ID, pcie_acs_overrides },
+ 	{ 0 }
+ };
+ 
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/0003-pcie-Add-quirk-for-the-Arm-Neoverse-N1SDP-platform.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/0003-pcie-Add-quirk-for-the-Arm-Neoverse-N1SDP-platform.patch
new file mode 100644
index 0000000..e91147a
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/0003-pcie-Add-quirk-for-the-Arm-Neoverse-N1SDP-platform.patch
@@ -0,0 +1,323 @@
+From 51879bfe6b0850b3746df9f9471120a6709807cb Mon Sep 17 00:00:00 2001
+From: Deepak Pandey <Deepak.Pandey@arm.com>
+Date: Fri, 31 May 2019 16:42:43 +0100
+Subject: [PATCH] pcie: Add quirk for the Arm Neoverse N1SDP platform
+
+The Arm N1SDP SoC suffers from some PCIe integration issues, most
+prominently config space accesses to not existing BDFs being answered
+with a bus abort, resulting in an SError.
+To mitigate this, the firmware scans the bus before boot (catching the
+SErrors) and creates a table with valid BDFs, which acts as a filter for
+Linux' config space accesses.
+
+Add code consulting the table as an ACPI PCIe quirk, also register the
+corresponding device tree based description of the host controller.
+Also fix the other two minor issues on the way, namely not being fully
+ECAM compliant and config space accesses being restricted to 32-bit
+accesses only.
+
+This allows the Arm Neoverse N1SDP board to boot Linux without crashing
+and to access *any* devices (there are no platform devices except UART).
+
+Signed-off-by: Deepak Pandey <Deepak.Pandey@arm.com>
+[Sudipto: extend to cover the CCIX root port as well]
+Signed-off-by: Sudipto Paul <sudipto.paul@arm.com>
+[Andre: fix coding style issues, rewrite some parts, add DT support]
+Signed-off-by: Andre Przywara <andre.przywara@arm.com>
+Change-Id: I1d3a4b9bf6b3b883d262e3c4ff1f88a0eb81c1fe
+Upstream-Status: Inappropriate [will not be submitted as its a workaround to address hardware issue]
+Signed-off-by: Deepak Pandey <Deepak.Pandey@arm.com>
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+Signed-off-by: Adam Johnston <adam.johnston@arm.com>
+---
+ arch/arm64/configs/defconfig        |   1 +
+ drivers/acpi/pci_mcfg.c             |   7 +
+ drivers/pci/controller/Kconfig      |  11 ++
+ drivers/pci/controller/Makefile     |   2 +-
+ drivers/pci/controller/pcie-n1sdp.c | 198 ++++++++++++++++++++++++++++
+ include/linux/pci-ecam.h            |   2 +
+ 6 files changed, 220 insertions(+), 1 deletion(-)
+ create mode 100644 drivers/pci/controller/pcie-n1sdp.c
+
+diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig
+index 02adc6ceb831..398a5429a8e2 100644
+--- a/arch/arm64/configs/defconfig
++++ b/arch/arm64/configs/defconfig
+@@ -207,6 +207,7 @@ CONFIG_NFC_S3FWRN5_I2C=m
+ CONFIG_PCI=y
+ CONFIG_PCIEPORTBUS=y
+ CONFIG_PCIEAER=y
++CONFIG_PCI_QUIRKS=y
+ CONFIG_PCI_IOV=y
+ CONFIG_PCI_PASID=y
+ CONFIG_HOTPLUG_PCI=y
+diff --git a/drivers/acpi/pci_mcfg.c b/drivers/acpi/pci_mcfg.c
+index 860014b89b8e..2d4c1c699ffe 100644
+--- a/drivers/acpi/pci_mcfg.c
++++ b/drivers/acpi/pci_mcfg.c
+@@ -171,6 +171,13 @@ static struct mcfg_fixup mcfg_quirks[] = {
+ 	ALTRA_ECAM_QUIRK(1, 13),
+ 	ALTRA_ECAM_QUIRK(1, 14),
+ 	ALTRA_ECAM_QUIRK(1, 15),
++
++#define N1SDP_ECAM_MCFG(rev, seg, ops) \
++	{"ARMLTD", "ARMN1SDP", rev, seg, MCFG_BUS_ANY, ops }
++
++	/* N1SDP SoC with v1 PCIe controller */
++	N1SDP_ECAM_MCFG(0x20181101, 0, &pci_n1sdp_pcie_ecam_ops),
++	N1SDP_ECAM_MCFG(0x20181101, 1, &pci_n1sdp_ccix_ecam_ops),
+ #endif /* ARM64 */
+ 
+ #ifdef CONFIG_LOONGARCH
+diff --git a/drivers/pci/controller/Kconfig b/drivers/pci/controller/Kconfig
+index 0859be86e718..c51b89781472 100644
+--- a/drivers/pci/controller/Kconfig
++++ b/drivers/pci/controller/Kconfig
+@@ -21,6 +21,17 @@ config PCIE_ALTERA
+ 	  Say Y here if you want to enable PCIe controller support on Altera
+ 	  FPGA.
+ 
++config PCIE_HOST_N1SDP_ECAM
++	bool "ARM N1SDP PCIe Controller"
++	depends on ARM64
++	depends on OF || (ACPI && PCI_QUIRKS)
++	select PCI_HOST_COMMON
++	default y if ARCH_VEXPRESS
++	help
++	  Say Y here if you want PCIe support for the Arm N1SDP platform.
++	  The controller is ECAM compliant, but needs a quirk to workaround
++	  an integration issue.
++
+ config PCIE_ALTERA_MSI
+ 	tristate "Altera PCIe MSI feature"
+ 	depends on PCIE_ALTERA
+diff --git a/drivers/pci/controller/Makefile b/drivers/pci/controller/Makefile
+index 37c8663de7fe..08e5afcf6e86 100644
+--- a/drivers/pci/controller/Makefile
++++ b/drivers/pci/controller/Makefile
+@@ -39,7 +39,7 @@ obj-$(CONFIG_PCI_LOONGSON) += pci-loongson.o
+ obj-$(CONFIG_PCIE_HISI_ERR) += pcie-hisi-error.o
+ obj-$(CONFIG_PCIE_APPLE) += pcie-apple.o
+ obj-$(CONFIG_PCIE_MT7621) += pcie-mt7621.o
+-
++obj-$(CONFIG_PCIE_HOST_N1SDP_ECAM) += pcie-n1sdp.o
+ # pcie-hisi.o quirks are needed even without CONFIG_PCIE_DW
+ obj-y				+= dwc/
+ obj-y				+= mobiveil/
+diff --git a/drivers/pci/controller/pcie-n1sdp.c b/drivers/pci/controller/pcie-n1sdp.c
+new file mode 100644
+index 000000000000..408699b9dcb1
+--- /dev/null
++++ b/drivers/pci/controller/pcie-n1sdp.c
+@@ -0,0 +1,198 @@
++// SPDX-License-Identifier: GPL-2.0
++/*
++ * Copyright (C) 2018/2019 ARM Ltd.
++ *
++ * This quirk is to mask the following issues:
++ * - PCIE SLVERR: config space accesses to invalid PCIe BDFs cause a bus
++ *		  error (signalled as an asynchronous SError)
++ * - MCFG BDF mapping: the root complex is mapped separately from the device
++ *		       config space
++ * - Non 32-bit accesses to config space are not supported.
++ *
++ * At boot time the SCP board firmware creates a discovery table with
++ * the root complex' base address and the valid BDF values, discovered while
++ * scanning the config space and catching the SErrors.
++ * Linux responds only to the EPs listed in this table, returning NULL
++ * for the rest.
++ */
++
++#include <linux/kernel.h>
++#include <linux/init.h>
++#include <linux/ioport.h>
++#include <linux/sizes.h>
++#include <linux/of_pci.h>
++#include <linux/of.h>
++#include <linux/pci-ecam.h>
++#include <linux/platform_device.h>
++#include <linux/module.h>
++
++#include "../pci.h"
++
++/* Platform specific values as hardcoded in the firmware. */
++#define AP_NS_SHARED_MEM_BASE	0x06000000
++#define MAX_SEGMENTS		2		/* Two PCIe root complexes. */
++#define BDF_TABLE_SIZE		SZ_16K
++
++/*
++ * Shared memory layout as written by the SCP upon boot time:
++ *  ----
++ *  Discover data header --> RC base address
++ *                       \-> BDF Count
++ *  Discover data        --> BDF 0...n
++ *  ----
++ */
++struct pcie_discovery_data {
++	u32 rc_base_addr;
++	u32 nr_bdfs;
++	u32 valid_bdfs[0];
++} *pcie_discovery_data[MAX_SEGMENTS];
++
++void __iomem *rc_remapped_addr[MAX_SEGMENTS];
++
++/*
++ * map_bus() is called before we do a config space access for a certain
++ * device. We use this to check whether this device is valid, avoiding
++ * config space accesses which would result in an SError otherwise.
++ */
++static void __iomem *pci_n1sdp_map_bus(struct pci_bus *bus, unsigned int devfn,
++				       int where)
++{
++	struct pci_config_window *cfg = bus->sysdata;
++	unsigned int devfn_shift = cfg->ops->bus_shift - 8;
++	unsigned int busn = bus->number;
++	unsigned int segment = bus->domain_nr;
++	unsigned int bdf_addr;
++	unsigned int table_count, i;
++	struct pci_dev *dev;
++
++	if (segment >= MAX_SEGMENTS ||
++	    busn < cfg->busr.start || busn > cfg->busr.end)
++		return NULL;
++
++	/* The PCIe root complex has a separate config space mapping. */
++	if (busn == 0 && devfn == 0)
++		return rc_remapped_addr[segment] + where;
++
++	dev = pci_get_domain_bus_and_slot(segment, busn, devfn);
++	if (dev && dev->is_virtfn)
++		return pci_ecam_map_bus(bus, devfn, where);
++
++	/* Accesses beyond the vendor ID always go to existing devices. */
++	if (where > 0)
++		return pci_ecam_map_bus(bus, devfn, where);
++
++	busn -= cfg->busr.start;
++	bdf_addr = (busn << cfg->ops->bus_shift) + (devfn << devfn_shift);
++	table_count = pcie_discovery_data[segment]->nr_bdfs;
++	for (i = 0; i < table_count; i++) {
++		if (bdf_addr == pcie_discovery_data[segment]->valid_bdfs[i])
++			return pci_ecam_map_bus(bus, devfn, where);
++	}
++
++	return NULL;
++}
++
++static int pci_n1sdp_init(struct pci_config_window *cfg, unsigned int segment)
++{
++	phys_addr_t table_base;
++	struct device *dev = cfg->parent;
++	struct pcie_discovery_data *shared_data;
++	size_t bdfs_size;
++
++	if (segment >= MAX_SEGMENTS)
++		return -ENODEV;
++
++	table_base = AP_NS_SHARED_MEM_BASE + segment * BDF_TABLE_SIZE;
++
++	if (!request_mem_region(table_base, BDF_TABLE_SIZE,
++				"PCIe valid BDFs")) {
++		dev_err(dev, "PCIe BDF shared region request failed\n");
++		return -ENOMEM;
++	}
++
++	shared_data = devm_ioremap(dev,
++				   table_base, BDF_TABLE_SIZE);
++	if (!shared_data)
++		return -ENOMEM;
++
++	/* Copy the valid BDFs structure to allocated normal memory. */
++	bdfs_size = sizeof(struct pcie_discovery_data) +
++		    sizeof(u32) * shared_data->nr_bdfs;
++	pcie_discovery_data[segment] = devm_kmalloc(dev, bdfs_size, GFP_KERNEL);
++	if (!pcie_discovery_data[segment])
++		return -ENOMEM;
++
++	memcpy_fromio(pcie_discovery_data[segment], shared_data, bdfs_size);
++
++	rc_remapped_addr[segment] = devm_ioremap(dev,
++						 shared_data->rc_base_addr,
++						 PCI_CFG_SPACE_EXP_SIZE);
++	if (!rc_remapped_addr[segment]) {
++		dev_err(dev, "Cannot remap root port base\n");
++		return -ENOMEM;
++	}
++
++	devm_iounmap(dev, shared_data);
++
++	return 0;
++}
++
++/* Called for ACPI segment 0, and for all segments when using DT. */
++static int pci_n1sdp_pcie_init(struct pci_config_window *cfg)
++{
++	struct platform_device *pdev = to_platform_device(cfg->parent);
++	int segment = 0;
++
++	if (pdev->dev.of_node)
++		segment = of_get_pci_domain_nr(pdev->dev.of_node);
++	if (segment < 0 || segment > MAX_SEGMENTS) {
++		dev_err(&pdev->dev, "N1SDP PCI controllers require linux,pci-domain property\n");
++		dev_err(&pdev->dev, "Or invalid segment number, must be smaller than %d\n",
++			MAX_SEGMENTS);
++		return -EINVAL;
++	}
++
++	return pci_n1sdp_init(cfg, segment);
++}
++
++/* Called for ACPI segment 1. */
++static int pci_n1sdp_ccix_init(struct pci_config_window *cfg)
++{
++	return pci_n1sdp_init(cfg, 1);
++}
++
++const struct pci_ecam_ops pci_n1sdp_pcie_ecam_ops = {
++	.bus_shift	= 20,
++	.init		= pci_n1sdp_pcie_init,
++	.pci_ops	= {
++		.map_bus        = pci_n1sdp_map_bus,
++		.read           = pci_generic_config_read32,
++		.write          = pci_generic_config_write32,
++	}
++};
++
++const struct pci_ecam_ops pci_n1sdp_ccix_ecam_ops = {
++	.bus_shift	= 20,
++	.init		= pci_n1sdp_ccix_init,
++	.pci_ops	= {
++		.map_bus        = pci_n1sdp_map_bus,
++		.read           = pci_generic_config_read32,
++		.write          = pci_generic_config_write32,
++	}
++};
++
++static const struct of_device_id n1sdp_pcie_of_match[] = {
++	{ .compatible = "arm,n1sdp-pcie", .data = &pci_n1sdp_pcie_ecam_ops },
++	{ },
++};
++MODULE_DEVICE_TABLE(of, n1sdp_pcie_of_match);
++
++static struct platform_driver n1sdp_pcie_driver = {
++	.driver = {
++		.name = KBUILD_MODNAME,
++		.of_match_table = n1sdp_pcie_of_match,
++		.suppress_bind_attrs = true,
++	},
++	.probe = pci_host_common_probe,
++};
++builtin_platform_driver(n1sdp_pcie_driver);
+diff --git a/include/linux/pci-ecam.h b/include/linux/pci-ecam.h
+index 6b1301e2498e..b3cf3adeab28 100644
+--- a/include/linux/pci-ecam.h
++++ b/include/linux/pci-ecam.h
+@@ -88,6 +88,8 @@ extern const struct pci_ecam_ops xgene_v2_pcie_ecam_ops; /* APM X-Gene PCIe v2.x
+ extern const struct pci_ecam_ops al_pcie_ops;	/* Amazon Annapurna Labs PCIe */
+ extern const struct pci_ecam_ops tegra194_pcie_ops; /* Tegra194 PCIe */
+ extern const struct pci_ecam_ops loongson_pci_ecam_ops; /* Loongson PCIe */
++extern const struct pci_ecam_ops pci_n1sdp_pcie_ecam_ops; /* Arm N1SDP PCIe */
++extern const struct pci_ecam_ops pci_n1sdp_ccix_ecam_ops; /* Arm N1SDP PCIe */
+ #endif
+ 
+ #if IS_ENABLED(CONFIG_PCI_HOST_COMMON)
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/0004-n1sdp-pcie-add-quirk-support-enabling-remote-chip-PC.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/0004-n1sdp-pcie-add-quirk-support-enabling-remote-chip-PC.patch
new file mode 100644
index 0000000..f85abd9
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/0004-n1sdp-pcie-add-quirk-support-enabling-remote-chip-PC.patch
@@ -0,0 +1,136 @@
+From aa7c785aff4276aa8579a54f39347cd47eb48ebb Mon Sep 17 00:00:00 2001
+From: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
+Date: Wed, 9 Feb 2022 20:37:43 +0530
+Subject: [PATCH] n1sdp: pcie: add quirk support enabling remote chip PCIe
+
+Base address mapping for remote chip Root PCIe ECAM space.
+
+When two N1SDP boards are coupled via the CCIX connection, the PCI host
+complex of the remote board appears as PCIe segment 2 on the primary board.
+The resources of the secondary board, including the host complex, are
+mapped at offset 0x40000000000 into the address space of the primary
+board, so take that into account when accessing the remote PCIe segment.
+
+Change-Id: I0e8d1eb119aef6444b9df854a39b24441c12195a
+Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
+Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com>
+Signed-off-by: Andre Przywara <andre.przywara@arm.com>
+Signed-off-by: sahil <sahil@arm.com>
+
+Upstream-Status: Inappropriate [will not be submitted as its an hack required to fix the hardware issue]
+Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+Signed-off-by: Adam Johnston <adam.johnston@arm.com>
+---
+ drivers/acpi/pci_mcfg.c             |  1 +
+ drivers/pci/controller/pcie-n1sdp.c | 32 +++++++++++++++++++++++++----
+ include/linux/pci-ecam.h            |  1 +
+ 3 files changed, 30 insertions(+), 4 deletions(-)
+
+diff --git a/drivers/acpi/pci_mcfg.c b/drivers/acpi/pci_mcfg.c
+index 2d4c1c699ffe..27f1e9a45c17 100644
+--- a/drivers/acpi/pci_mcfg.c
++++ b/drivers/acpi/pci_mcfg.c
+@@ -178,6 +178,7 @@ static struct mcfg_fixup mcfg_quirks[] = {
+ 	/* N1SDP SoC with v1 PCIe controller */
+ 	N1SDP_ECAM_MCFG(0x20181101, 0, &pci_n1sdp_pcie_ecam_ops),
+ 	N1SDP_ECAM_MCFG(0x20181101, 1, &pci_n1sdp_ccix_ecam_ops),
++	N1SDP_ECAM_MCFG(0x20181101, 2, &pci_n1sdp_remote_pcie_ecam_ops),
+ #endif /* ARM64 */
+ 
+ #ifdef CONFIG_LOONGARCH
+diff --git a/drivers/pci/controller/pcie-n1sdp.c b/drivers/pci/controller/pcie-n1sdp.c
+index 408699b9dcb1..b3b02417fd7d 100644
+--- a/drivers/pci/controller/pcie-n1sdp.c
++++ b/drivers/pci/controller/pcie-n1sdp.c
+@@ -30,8 +30,10 @@
+ 
+ /* Platform specific values as hardcoded in the firmware. */
+ #define AP_NS_SHARED_MEM_BASE	0x06000000
+-#define MAX_SEGMENTS		2		/* Two PCIe root complexes. */
++/* Two PCIe root complexes in One Chip + One PCIe RC in Remote Chip */
++#define MAX_SEGMENTS		3
+ #define BDF_TABLE_SIZE		SZ_16K
++#define REMOTE_CHIP_ADDR_OFFSET	0x40000000000
+ 
+ /*
+  * Shared memory layout as written by the SCP upon boot time:
+@@ -97,12 +99,17 @@ static int pci_n1sdp_init(struct pci_config_window *cfg, unsigned int segment)
+ 	phys_addr_t table_base;
+ 	struct device *dev = cfg->parent;
+ 	struct pcie_discovery_data *shared_data;
+-	size_t bdfs_size;
++	size_t bdfs_size, rc_base_addr = 0;
+ 
+ 	if (segment >= MAX_SEGMENTS)
+ 		return -ENODEV;
+ 
+-	table_base = AP_NS_SHARED_MEM_BASE + segment * BDF_TABLE_SIZE;
++	if (segment > 1) {
++		rc_base_addr = REMOTE_CHIP_ADDR_OFFSET;
++		table_base = AP_NS_SHARED_MEM_BASE + REMOTE_CHIP_ADDR_OFFSET;
++	} else {
++		table_base = AP_NS_SHARED_MEM_BASE + segment * BDF_TABLE_SIZE;
++	}
+ 
+ 	if (!request_mem_region(table_base, BDF_TABLE_SIZE,
+ 				"PCIe valid BDFs")) {
+@@ -114,6 +121,7 @@ static int pci_n1sdp_init(struct pci_config_window *cfg, unsigned int segment)
+ 				   table_base, BDF_TABLE_SIZE);
+ 	if (!shared_data)
+ 		return -ENOMEM;
++	rc_base_addr += shared_data->rc_base_addr;
+ 
+ 	/* Copy the valid BDFs structure to allocated normal memory. */
+ 	bdfs_size = sizeof(struct pcie_discovery_data) +
+@@ -125,7 +133,7 @@ static int pci_n1sdp_init(struct pci_config_window *cfg, unsigned int segment)
+ 	memcpy_fromio(pcie_discovery_data[segment], shared_data, bdfs_size);
+ 
+ 	rc_remapped_addr[segment] = devm_ioremap(dev,
+-						 shared_data->rc_base_addr,
++						 rc_base_addr,
+ 						 PCI_CFG_SPACE_EXP_SIZE);
+ 	if (!rc_remapped_addr[segment]) {
+ 		dev_err(dev, "Cannot remap root port base\n");
+@@ -161,6 +169,12 @@ static int pci_n1sdp_ccix_init(struct pci_config_window *cfg)
+ 	return pci_n1sdp_init(cfg, 1);
+ }
+ 
++/* Called for ACPI segment 2. */
++static int pci_n1sdp_remote_pcie_init(struct pci_config_window *cfg)
++{
++	return pci_n1sdp_init(cfg, 2);
++}
++
+ const struct pci_ecam_ops pci_n1sdp_pcie_ecam_ops = {
+ 	.bus_shift	= 20,
+ 	.init		= pci_n1sdp_pcie_init,
+@@ -181,6 +195,16 @@ const struct pci_ecam_ops pci_n1sdp_ccix_ecam_ops = {
+ 	}
+ };
+ 
++const struct pci_ecam_ops pci_n1sdp_remote_pcie_ecam_ops = {
++	.bus_shift	= 20,
++	.init		= pci_n1sdp_remote_pcie_init,
++	.pci_ops	= {
++		.map_bus        = pci_n1sdp_map_bus,
++		.read           = pci_generic_config_read32,
++		.write          = pci_generic_config_write32,
++	}
++};
++
+ static const struct of_device_id n1sdp_pcie_of_match[] = {
+ 	{ .compatible = "arm,n1sdp-pcie", .data = &pci_n1sdp_pcie_ecam_ops },
+ 	{ },
+diff --git a/include/linux/pci-ecam.h b/include/linux/pci-ecam.h
+index b3cf3adeab28..d4316795c00d 100644
+--- a/include/linux/pci-ecam.h
++++ b/include/linux/pci-ecam.h
+@@ -90,6 +90,7 @@ extern const struct pci_ecam_ops tegra194_pcie_ops; /* Tegra194 PCIe */
+ extern const struct pci_ecam_ops loongson_pci_ecam_ops; /* Loongson PCIe */
+ extern const struct pci_ecam_ops pci_n1sdp_pcie_ecam_ops; /* Arm N1SDP PCIe */
+ extern const struct pci_ecam_ops pci_n1sdp_ccix_ecam_ops; /* Arm N1SDP PCIe */
++extern const struct pci_ecam_ops pci_n1sdp_remote_pcie_ecam_ops; /* Arm N1SDP PCIe */
+ #endif
+ 
+ #if IS_ENABLED(CONFIG_PCI_HOST_COMMON)
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/0005-arm64-kpti-Whitelist-early-Arm-Neoverse-N1-revisions.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/0005-arm64-kpti-Whitelist-early-Arm-Neoverse-N1-revisions.patch
new file mode 100644
index 0000000..42ef0ee
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/0005-arm64-kpti-Whitelist-early-Arm-Neoverse-N1-revisions.patch
@@ -0,0 +1,33 @@
+From a9df434f077e7f1d8895e76381ba7179f3ebb1ba Mon Sep 17 00:00:00 2001
+From: Andre Przywara <andre.przywara@arm.com>
+Date: Fri, 17 May 2019 17:39:27 +0100
+Subject: [PATCH] arm64: kpti: Whitelist early Arm Neoverse N1 revisions
+
+Early revisions (r1p0) of the Neoverse N1 core did not feature the
+CSV3 field in ID_AA64PFR0_EL1 to advertise they are not affected by
+the Spectre variant 3 (aka Meltdown) vulnerability.
+
+Add this particular revision to the whitelist to avoid enabling KPTI.
+
+Signed-off-by: Andre Przywara <andre.przywara@arm.com>
+Change-Id: I78df055a3e674aefd195d41cc6dc4ee08b0af099
+Upstream-Status: Inappropriate
+Signed-off-by: Andre Przywara <andre.przywara@arm.com>
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+Signed-off-by: Adam Johnston <adam.johnston@arm.com>
+---
+ arch/arm64/kernel/cpufeature.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
+index 2c0b8444fea6..5c0ff40c6c8b 100644
+--- a/arch/arm64/kernel/cpufeature.c
++++ b/arch/arm64/kernel/cpufeature.c
+@@ -1690,6 +1690,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
+ 		MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_2XX_SILVER),
+ 		MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_3XX_SILVER),
+ 		MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_SILVER),
++		MIDR_REV(MIDR_NEOVERSE_N1, 1, 0),	/* missing CSV3 */
+ 		{ /* sentinel */ }
+ 	};
+ 	char const *str = "kpti command line option";
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/0006-arm64-defconfig-disable-config-options-that-does-not.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/0006-arm64-defconfig-disable-config-options-that-does-not.patch
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/0006-arm64-defconfig-disable-config-options-that-does-not.patch
rename to meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/0006-arm64-defconfig-disable-config-options-that-does-not.patch
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/enable-nvme.cfg b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/enable-nvme.cfg
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/enable-nvme.cfg
rename to meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/enable-nvme.cfg
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/enable-realtek-R8169.cfg b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/enable-realtek-R8169.cfg
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/enable-realtek-R8169.cfg
rename to meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/enable-realtek-R8169.cfg
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/enable-usb_conn_gpio.cfg b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/enable-usb_conn_gpio.cfg
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/enable-usb_conn_gpio.cfg
rename to meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/enable-usb_conn_gpio.cfg
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/usb_xhci_pci_renesas.cfg b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/usb_xhci_pci_renesas.cfg
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.4/n1sdp/usb_xhci_pci_renesas.cfg
rename to meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-6.5/n1sdp/usb_xhci_pci_renesas.cfg
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_6.4.bb b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_6.4.bb
new file mode 100644
index 0000000..f4c0654
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_6.4.bb
@@ -0,0 +1,39 @@
+KBRANCH ?= "v6.4/standard/base"
+
+require recipes-kernel/linux/linux-yocto.inc
+
+# CVE exclusions
+include recipes-kernel/linux/cve-exclusion.inc
+include recipes-kernel/linux/cve-exclusion_6.4.inc
+
+SRCREV_machine ?= "ef91ff6a4be36037808af1ca786fdd557f265a1d"
+SRCREV_meta ?= "13efe44fe9dd2626eaf6552288ea31770ec71cf1"
+
+# set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
+# get the <version>/base branch, which is pure upstream -stable, and the same
+# meta SRCREV as the linux-yocto-standard builds. Select your version using the
+# normal PREFERRED_VERSION settings.
+BBCLASSEXTEND = "devupstream:target"
+SRCREV_machine:class-devupstream ?= "ae4e4fc35b4258626644c162a702e2bce2b79190"
+PN:class-devupstream = "linux-yocto-upstream"
+KBRANCH:class-devupstream = "v6.4/base"
+
+SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH};protocol=https \
+           git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.4;destsuffix=${KMETA};protocol=https"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=6bc538ed5bd9a7fc9398086aedcd7e46"
+LINUX_VERSION ?= "6.4.16"
+
+PV = "${LINUX_VERSION}+git"
+
+KMETA = "kernel-meta"
+KCONF_BSP_AUDIT_LEVEL = "1"
+
+# Functionality flags
+KERNEL_EXTRA_FEATURES ?= "features/netfilter/netfilter.scc"
+KERNEL_FEATURES:append = " ${KERNEL_EXTRA_FEATURES}"
+KERNEL_FEATURES:append = " ${@bb.utils.contains("TUNE_FEATURES", "mx32", " cfg/x32.scc", "", d)}"
+KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/scsi/scsi-debug.scc", "", d)}"
+KERNEL_FEATURES:append = " ${@bb.utils.contains("DISTRO_FEATURES", "ptest", " features/gpio/mockup.scc", "", d)}"
+
+SRC_URI:append:aarch64 = " file://0001-arm64-defconfig-remove-CONFIG_COMMON_CLK_NPCM8XX-y.patch"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-Handle-logging-syscall.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-Handle-logging-syscall.patch
index 9c1d781..58ba2af 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-Handle-logging-syscall.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-Handle-logging-syscall.patch
@@ -4,7 +4,7 @@
 Subject: [PATCH] Handle logging syscall
 
 Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Upstream-Status:  Inappropriate [Other]
+Upstream-Status: Pending [upstreamed differently in 280b6a3]
 ---
  core/arch/arm/kernel/spmc_sp_handler.c | 7 ++++++-
  1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0002-plat-n1sdp-add-N1SDP-platform-support.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0002-plat-n1sdp-add-N1SDP-platform-support.patch
index 50283db..29623b0 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0002-plat-n1sdp-add-N1SDP-platform-support.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0002-plat-n1sdp-add-N1SDP-platform-support.patch
@@ -50,8 +50,8 @@
 +CFG_CORE_HEAP_SIZE = 0x32000 # 200kb
 +
 +CFG_TEE_CORE_NB_CORE = 4
-+CFG_TZDRAM_START ?= 0x08000000
-+CFG_TZDRAM_SIZE  ?= 0x02008000
++CFG_TZDRAM_START ?= 0xDE000000
++CFG_TZDRAM_SIZE  ?= 0x02000000
 +
 +CFG_SHMEM_START  ?= 0x83000000
 +CFG_SHMEM_SIZE   ?= 0x00210000
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0003-HACK-disable-instruction-cache-and-data-cache.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0003-HACK-disable-instruction-cache-and-data-cache.patch
deleted file mode 100644
index ebe4d72..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0003-HACK-disable-instruction-cache-and-data-cache.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-From 0c3ce4c09cd7d2ff4cd2e62acab899dd88dc9514 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Wed, 20 Jul 2022 16:45:59 +0100
-Subject: [PATCH] HACK: disable instruction cache and data cache.
-
-For some reason, n1sdp fails to boot with instruction cache and
-data cache enabled. This is a temporary change to disable I cache
-and D cache until a proper fix is found.
-
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-
-diff --git a/core/arch/arm/kernel/entry_a64.S b/core/arch/arm/kernel/entry_a64.S
-index 875b6e69..594d6928 100644
---- a/core/arch/arm/kernel/entry_a64.S
-+++ b/core/arch/arm/kernel/entry_a64.S
-@@ -52,7 +52,7 @@
- 
- 	.macro set_sctlr_el1
- 		mrs	x0, sctlr_el1
--		orr	x0, x0, #SCTLR_I
-+		bic	x0, x0, #SCTLR_I
- 		orr	x0, x0, #SCTLR_SA
- 		orr	x0, x0, #SCTLR_SPAN
- #if defined(CFG_CORE_RWDATA_NOEXEC)
-@@ -490,11 +490,11 @@ LOCAL_FUNC enable_mmu , : , .identity_map
- 	isb
- 
- 	/* Enable I and D cache */
--	mrs	x1, sctlr_el1
-+	/* mrs	x1, sctlr_el1
- 	orr	x1, x1, #SCTLR_I
- 	orr	x1, x1, #SCTLR_C
- 	msr	sctlr_el1, x1
--	isb
-+	isb */
- 
- 	/* Adjust stack pointers and return address */
- 	msr	spsel, #1
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0003-Handle-logging-syscall.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0003-Handle-logging-syscall.patch
new file mode 100644
index 0000000..0955d99
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0003-Handle-logging-syscall.patch
@@ -0,0 +1,32 @@
+Upstream-Status: Pending [upstreamed differently in 280b6a3]
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+
+From b3fde6c2e1a950214f760ab9f194f3a6572292a8 Mon Sep 17 00:00:00 2001
+From: Balint Dobszay <balint.dobszay@arm.com>
+Date: Fri, 15 Jul 2022 13:45:54 +0200
+Subject: [PATCH] Handle logging syscall
+
+Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
+Change-Id: Ib8151cc9c66aea8bcc8fe8b1ecdc3f9f9c5f14e4
+
+
+diff --git a/core/arch/arm/kernel/spmc_sp_handler.c b/core/arch/arm/kernel/spmc_sp_handler.c
+index e0fa0aa6..c7a45387 100644
+--- a/core/arch/arm/kernel/spmc_sp_handler.c
++++ b/core/arch/arm/kernel/spmc_sp_handler.c
+@@ -1277,6 +1277,13 @@ void spmc_sp_msg_handler(struct thread_smc_args *args,
+ 			sp_enter(args, caller_sp);
+ 			break;
+ 
++		case 0xdeadbeef:
++			ts_push_current_session(&caller_sp->ts_sess);
++			IMSG("%s", (char *)args->a1);
++			ts_pop_current_session();
++			sp_enter(args, caller_sp);
++			break;
++
+ 		default:
+ 			EMSG("Unhandled FFA function ID %#"PRIx32,
+ 			     (uint32_t)args->a0);
+-- 
+2.17.1
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0004-Handle-logging-syscall.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0004-Handle-logging-syscall.patch
deleted file mode 100644
index 9d305ad..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0004-Handle-logging-syscall.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-From b3fde6c2e1a950214f760ab9f194f3a6572292a8 Mon Sep 17 00:00:00 2001
-From: Balint Dobszay <balint.dobszay@arm.com>
-Date: Fri, 15 Jul 2022 13:45:54 +0200
-Subject: [PATCH] Handle logging syscall
-
-Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
-Change-Id: Ib8151cc9c66aea8bcc8fe8b1ecdc3f9f9c5f14e4
-
-
-diff --git a/core/arch/arm/kernel/spmc_sp_handler.c b/core/arch/arm/kernel/spmc_sp_handler.c
-index e0fa0aa6..c7a45387 100644
---- a/core/arch/arm/kernel/spmc_sp_handler.c
-+++ b/core/arch/arm/kernel/spmc_sp_handler.c
-@@ -1277,6 +1277,13 @@ void spmc_sp_msg_handler(struct thread_smc_args *args,
- 			sp_enter(args, caller_sp);
- 			break;
- 
-+		case 0xdeadbeef:
-+			ts_push_current_session(&caller_sp->ts_sess);
-+			IMSG("%s", (char *)args->a1);
-+			ts_pop_current_session();
-+			sp_enter(args, caller_sp);
-+			break;
-+
- 		default:
- 			EMSG("Unhandled FFA function ID %#"PRIx32,
- 			     (uint32_t)args->a0);
--- 
-2.17.1
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0005-plat-n1sdp-register-DRAM1-to-optee-os.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0004-plat-n1sdp-register-DRAM1-to-optee-os.patch
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0005-plat-n1sdp-register-DRAM1-to-optee-os.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0004-plat-n1sdp-register-DRAM1-to-optee-os.patch
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0006-plat-n1sdp-add-external-device-tree-base-and-size.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0005-plat-n1sdp-add-external-device-tree-base-and-size.patch
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0006-plat-n1sdp-add-external-device-tree-base-and-size.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0005-plat-n1sdp-add-external-device-tree-base-and-size.patch
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.18.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.18.0.bb
deleted file mode 100644
index ea7b65c..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.18.0.bb
+++ /dev/null
@@ -1,3 +0,0 @@
-require recipes-security/optee/optee-client.inc
-
-SRCREV = "e7cba71cc6e2ecd02f412c7e9ee104f0a5dffc6f"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.22.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.22.0.bb
new file mode 100644
index 0000000..904c256
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.22.0.bb
@@ -0,0 +1,7 @@
+require recipes-security/optee/optee-client.inc
+
+SRCREV = "8533e0e6329840ee96cf81b6453f257204227e6c"
+
+inherit pkgconfig
+DEPENDS += "util-linux"
+EXTRA_OEMAKE += "PKG_CONFIG=pkg-config"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-examples_3.22.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-examples_3.22.0.bb
new file mode 100644
index 0000000..f082a25
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-examples_3.22.0.bb
@@ -0,0 +1,3 @@
+require recipes-security/optee/optee-examples.inc
+
+SRCREV = "378dc0db2d5dd279f58a3b6cb3f78ffd6b165035"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0005-core-ldelf-link-add-z-execstack.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0005-core-ldelf-link-add-z-execstack.patch
deleted file mode 100644
index 862a76b..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0005-core-ldelf-link-add-z-execstack.patch
+++ /dev/null
@@ -1,93 +0,0 @@
-From 63445958678b58c5adc7eca476b216e5dc0f4195 Mon Sep 17 00:00:00 2001
-From: Jerome Forissier <jerome.forissier@linaro.org>
-Date: Tue, 23 Aug 2022 11:41:00 +0000
-Subject: [PATCH] core, ldelf: link: add -z execstack
-
-When building for arm32 with GNU binutils 2.39, the linker outputs
-warnings when generating some TEE core binaries (all_obj.o, init.o,
-unpaged.o and tee.elf) as well as ldelf.elf:
-
- arm-poky-linux-gnueabi-ld.bfd: warning: atomic_a32.o: missing .note.GNU-stack section implies executable stack
- arm-poky-linux-gnueabi-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
-
-The permissions used when mapping the TEE core stacks do not depend on
-any metadata found in the ELF file. Similarly when the TEE core loads
-ldelf it already creates a non-executable stack regardless of ELF
-information. Therefore we can safely ignore the warnings. This is done
-by adding the '-z execstack' option.
-
-Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
-
-Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
-Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
----
- core/arch/arm/kernel/link.mk | 13 +++++++++----
- ldelf/link.mk                |  3 +++
- 2 files changed, 12 insertions(+), 4 deletions(-)
-
-diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
-index c39d43cbfc5b..0e96e606cd9d 100644
---- a/core/arch/arm/kernel/link.mk
-+++ b/core/arch/arm/kernel/link.mk
-@@ -9,6 +9,11 @@ link-script-dep = $(link-out-dir)/.kern.ld.d
- 
- AWK	 = awk
- 
-+link-ldflags-common += $(call ld-option,--no-warn-rwx-segments)
-+ifeq ($(CFG_ARM32_core),y)
-+link-ldflags-common += $(call ld-option,--no-warn-execstack)
-+endif
-+
- link-ldflags  = $(LDFLAGS)
- ifeq ($(CFG_CORE_ASLR),y)
- link-ldflags += -pie -Bsymbolic -z norelro $(ldflag-apply-dynamic-relocs)
-@@ -31,7 +36,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map
- link-ldflags += --sort-section=alignment
- link-ldflags += --fatal-warnings
- link-ldflags += --gc-sections
--link-ldflags += $(call ld-option,--no-warn-rwx-segments)
-+link-ldflags += $(link-ldflags-common)
- 
- link-ldadd  = $(LDADD)
- link-ldadd += $(ldflags-external)
-@@ -56,7 +61,7 @@ link-script-cppflags := \
- 		$(cppflagscore))
- 
- ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \
--		   $(call ld-option,--no-warn-rwx-segments) \
-+		   $(link-ldflags-common) \
- 		   $(link-objs) $(link-ldadd) $(libgcccore)
- cleanfiles += $(link-out-dir)/all_objs.o
- $(link-out-dir)/all_objs.o: $(objs) $(libdeps) $(MAKEFILE_LIST)
-@@ -70,7 +75,7 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o
- 		$(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@
- 
- unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
--		 $(call ld-option,--no-warn-rwx-segments)
-+		 $(link-ldflags-common)
- unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore)
- cleanfiles += $(link-out-dir)/unpaged.o
- $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt
-@@ -99,7 +104,7 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o
- 		$(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@
- 
- init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
--	       $(call ld-option,--no-warn-rwx-segments)
-+	       $(link-ldflags-common)
- init-ldadd := $(link-objs-init) $(link-out-dir)/version.o  $(link-ldadd) \
- 	      $(libgcccore)
- cleanfiles += $(link-out-dir)/init.o
-diff --git a/ldelf/link.mk b/ldelf/link.mk
-index 64c8212a06fa..bd49551e7065 100644
---- a/ldelf/link.mk
-+++ b/ldelf/link.mk
-@@ -20,6 +20,9 @@ link-ldflags += -z max-page-size=4096 # OP-TEE always uses 4K alignment
- ifeq ($(CFG_CORE_BTI),y)
- link-ldflags += $(call ld-option,-z force-bti) --fatal-warnings
- endif
-+ifeq ($(CFG_ARM32_$(sm)), y)
-+link-ldflags += $(call ld-option,--no-warn-execstack)
-+endif
- link-ldflags += $(link-ldflags$(sm))
- 
- link-ldadd  = $(addprefix -L,$(libdirs))
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch
deleted file mode 100644
index e82fdc7..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.18.0/0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch
+++ /dev/null
@@ -1,127 +0,0 @@
-From 1a991cbedf8647d5a1e7c312614f7867c3940968 Mon Sep 17 00:00:00 2001
-From: Jerome Forissier <jerome.forissier@linaro.org>
-Date: Tue, 23 Aug 2022 12:31:46 +0000
-Subject: [PATCH] arm32: libutils, libutee, ta: add .note.GNU-stack section to
-
- .S files
-
-When building for arm32 with GNU binutils 2.39, the linker outputs
-warnings when linking Trusted Applications:
-
- arm-unknown-linux-uclibcgnueabihf-ld.bfd: warning: utee_syscalls_a32.o: missing .note.GNU-stack section implies executable stack
- arm-unknown-linux-uclibcgnueabihf-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
-
-We could silence the warning by adding the '-z execstack' option to the
-TA link flags, like we did in the parent commit for the TEE core and
-ldelf. Indeed, ldelf always allocates a non-executable piece of memory
-for the TA to use as a stack.
-
-However it seems preferable to comply with the common ELF practices in
-this case. A better fix is therefore to add the missing .note.GNU-stack
-sections in the assembler files.
-
-Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
-
-Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
-Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
----
- lib/libutee/arch/arm/utee_syscalls_a32.S             | 2 ++
- lib/libutils/ext/arch/arm/atomic_a32.S               | 2 ++
- lib/libutils/ext/arch/arm/mcount_a32.S               | 2 ++
- lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S  | 2 ++
- lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S | 2 ++
- lib/libutils/isoc/arch/arm/setjmp_a32.S              | 2 ++
- ta/arch/arm/ta_entry_a32.S                           | 2 ++
- 7 files changed, 14 insertions(+)
-
-diff --git a/lib/libutee/arch/arm/utee_syscalls_a32.S b/lib/libutee/arch/arm/utee_syscalls_a32.S
-index 6e621ca6e06d..af405f62723c 100644
---- a/lib/libutee/arch/arm/utee_syscalls_a32.S
-+++ b/lib/libutee/arch/arm/utee_syscalls_a32.S
-@@ -7,6 +7,8 @@
- #include <tee_syscall_numbers.h>
- #include <asm.S>
- 
-+	.section .note.GNU-stack,"",%progbits
-+
-         .section .text
-         .balign 4
-         .code 32
-diff --git a/lib/libutils/ext/arch/arm/atomic_a32.S b/lib/libutils/ext/arch/arm/atomic_a32.S
-index eaef6914734e..2be73ffadcc9 100644
---- a/lib/libutils/ext/arch/arm/atomic_a32.S
-+++ b/lib/libutils/ext/arch/arm/atomic_a32.S
-@@ -5,6 +5,8 @@
- 
- #include <asm.S>
- 
-+	.section .note.GNU-stack,"",%progbits
-+
- /* uint32_t atomic_inc32(uint32_t *v); */
- FUNC atomic_inc32 , :
- 	ldrex	r1, [r0]
-diff --git a/lib/libutils/ext/arch/arm/mcount_a32.S b/lib/libutils/ext/arch/arm/mcount_a32.S
-index 51439a23014e..54dc3c02da66 100644
---- a/lib/libutils/ext/arch/arm/mcount_a32.S
-+++ b/lib/libutils/ext/arch/arm/mcount_a32.S
-@@ -7,6 +7,8 @@
- 
- #if defined(CFG_TA_GPROF_SUPPORT) || defined(CFG_FTRACE_SUPPORT)
- 
-+	.section .note.GNU-stack,"",%progbits
-+
- /*
-  * Convert return address to call site address by subtracting the size of the
-  * mcount call instruction (blx __gnu_mcount_nc).
-diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
-index a600c879668c..37ae9ec6f9f1 100644
---- a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
-+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
-@@ -5,6 +5,8 @@
- 
- #include <asm.S>
- 
-+	.section .note.GNU-stack,"",%progbits
-+
- /*
-  * signed ret_idivmod_values(signed quot, signed rem);
-  * return quotient and remaining the EABI way (regs r0,r1)
-diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
-index 2dc50bc98bbf..5c3353e2c1ba 100644
---- a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
-+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
-@@ -5,6 +5,8 @@
- 
- #include <asm.S>
- 
-+	.section .note.GNU-stack,"",%progbits
-+
- /*
-  * __value_in_regs lldiv_t __aeabi_ldivmod( long long n, long long d)
-  */
-diff --git a/lib/libutils/isoc/arch/arm/setjmp_a32.S b/lib/libutils/isoc/arch/arm/setjmp_a32.S
-index 43ea593758c9..f8a0b70df705 100644
---- a/lib/libutils/isoc/arch/arm/setjmp_a32.S
-+++ b/lib/libutils/isoc/arch/arm/setjmp_a32.S
-@@ -51,6 +51,8 @@
- #define SIZE(x)
- #endif
- 
-+	.section .note.GNU-stack,"",%progbits
-+
- /* Arm/Thumb interworking support:
- 
-    The interworking scheme expects functions to use a BX instruction
-diff --git a/ta/arch/arm/ta_entry_a32.S b/ta/arch/arm/ta_entry_a32.S
-index d2f8a69daa7f..cd9a12f9dbf9 100644
---- a/ta/arch/arm/ta_entry_a32.S
-+++ b/ta/arch/arm/ta_entry_a32.S
-@@ -5,6 +5,8 @@
- 
- #include <asm.S>
- 
-+	.section .note.GNU-stack,"",%progbits
-+
- /*
-  * This function is the bottom of the user call stack. Mark it as such so that
-  * the unwinding code won't try to go further down.
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch
index 381cad9..e6fe716 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch
@@ -20,10 +20,11 @@
     file. Used by Trusted OS (BL32), that is, OP-TEE in this case
 Link: [2] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=25ae7ad1878244f78206cc7c91f7bdbd267331a1
 
-Upstream-Status: Accepted
-
 Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
 Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
+
+Upstream-Status: Backport [f1f431c7a92671b4fa397976d381cc5ad8adacc4]
+Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
 ---
  core/arch/arm/kernel/boot.c      |  8 +++++++-
  core/arch/arm/kernel/entry_a64.S | 17 ++++++++---------
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch
index 5421b10..da0422b 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch
@@ -9,10 +9,11 @@
 retrieve it later. This is necessary for the CFG_CORE_SEL1_SPMC use
 case, because the SPMC manifest is passed in this DT.
 
-Upstream-Status: Accepted
-
 Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
 Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
+
+Upstream-Status: Backport [809fa817ae6331d98b55f7afaa3c20f8407822e4]
+Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
 ---
  core/arch/arm/kernel/boot.c               | 60 ++++++++++++++++++++++-
  core/arch/arm/kernel/entry_a32.S          |  3 +-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/CVE-2023-41325.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/CVE-2023-41325.patch
new file mode 100644
index 0000000..08acce0
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.20.0/CVE-2023-41325.patch
@@ -0,0 +1,634 @@
+From 800627f054959aac0dd3527495ee3fad0137600a Mon Sep 17 00:00:00 2001
+From: Jihwan Park <jihwp@amazon.com>
+Date: Mon, 3 Jul 2023 08:51:47 +0200
+Subject: [PATCH] core: crypto_bignum_free(): add indirection and set pointer
+ to NULL
+
+To prevent human mistake, crypto_bignum_free() sets the location of the
+bignum pointer to NULL after freeing it.
+
+Signed-off-by: Jihwan Park <jihwp@amazon.com>
+Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
+Reviewed-by: Jerome Forissier <jerome.forissier@linaro.org>
+Reviewed-by: Joakim Bech <joakim.bech@linaro.org>
+Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
+
+CVE: CVE-2023-41325
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ core/crypto/crypto.c                        |  4 +--
+ core/drivers/crypto/caam/acipher/caam_dh.c  |  8 ++---
+ core/drivers/crypto/caam/acipher/caam_dsa.c | 14 ++++----
+ core/drivers/crypto/caam/acipher/caam_ecc.c | 10 +++---
+ core/drivers/crypto/caam/acipher/caam_rsa.c | 24 ++++++-------
+ core/drivers/crypto/se050/core/ecc.c        | 14 ++++----
+ core/drivers/crypto/se050/core/rsa.c        | 38 ++++++++++-----------
+ core/drivers/crypto/versal/ecc.c            |  6 ++--
+ core/include/crypto/crypto.h                |  2 +-
+ core/lib/libtomcrypt/dh.c                   |  8 ++---
+ core/lib/libtomcrypt/dsa.c                  | 14 ++++----
+ core/lib/libtomcrypt/ecc.c                  | 10 +++---
+ core/lib/libtomcrypt/mpi_desc.c             |  9 +++--
+ core/lib/libtomcrypt/rsa.c                  | 22 ++++++------
+ core/tee/tee_svc_cryp.c                     |  7 ++--
+ lib/libmbedtls/core/bignum.c                |  9 +++--
+ lib/libmbedtls/core/dh.c                    |  8 ++---
+ lib/libmbedtls/core/ecc.c                   | 10 +++---
+ lib/libmbedtls/core/rsa.c                   | 22 ++++++------
+ 19 files changed, 122 insertions(+), 117 deletions(-)
+
+diff --git a/core/crypto/crypto.c b/core/crypto/crypto.c
+index 9f7d35097..60cb89a31 100644
+--- a/core/crypto/crypto.c
++++ b/core/crypto/crypto.c
+@@ -498,9 +498,9 @@ void crypto_bignum_copy(struct bignum *to __unused,
+ 	bignum_cant_happen();
+ }
+ 
+-void crypto_bignum_free(struct bignum *a)
++void crypto_bignum_free(struct bignum **a)
+ {
+-	if (a)
++	if (a && *a)
+ 		panic();
+ }
+ 
+diff --git a/core/drivers/crypto/caam/acipher/caam_dh.c b/core/drivers/crypto/caam/acipher/caam_dh.c
+index 6131ff0ef..35fc44541 100644
+--- a/core/drivers/crypto/caam/acipher/caam_dh.c
++++ b/core/drivers/crypto/caam/acipher/caam_dh.c
+@@ -195,10 +195,10 @@ static TEE_Result do_allocate_keypair(struct dh_keypair *key, size_t size_bits)
+ err:
+ 	DH_TRACE("Allocation error");
+ 
+-	crypto_bignum_free(key->g);
+-	crypto_bignum_free(key->p);
+-	crypto_bignum_free(key->x);
+-	crypto_bignum_free(key->y);
++	crypto_bignum_free(&key->g);
++	crypto_bignum_free(&key->p);
++	crypto_bignum_free(&key->x);
++	crypto_bignum_free(&key->y);
+ 
+ 	return TEE_ERROR_OUT_OF_MEMORY;
+ }
+diff --git a/core/drivers/crypto/caam/acipher/caam_dsa.c b/core/drivers/crypto/caam/acipher/caam_dsa.c
+index 2696f0b3c..d60bb8e89 100644
+--- a/core/drivers/crypto/caam/acipher/caam_dsa.c
++++ b/core/drivers/crypto/caam/acipher/caam_dsa.c
+@@ -309,10 +309,10 @@ static TEE_Result do_allocate_keypair(struct dsa_keypair *key, size_t l_bits,
+ err:
+ 	DSA_TRACE("Allocation error");
+ 
+-	crypto_bignum_free(key->g);
+-	crypto_bignum_free(key->p);
+-	crypto_bignum_free(key->q);
+-	crypto_bignum_free(key->x);
++	crypto_bignum_free(&key->g);
++	crypto_bignum_free(&key->p);
++	crypto_bignum_free(&key->q);
++	crypto_bignum_free(&key->x);
+ 
+ 	return TEE_ERROR_OUT_OF_MEMORY;
+ }
+@@ -358,9 +358,9 @@ static TEE_Result do_allocate_publickey(struct dsa_public_key *key,
+ err:
+ 	DSA_TRACE("Allocation error");
+ 
+-	crypto_bignum_free(key->g);
+-	crypto_bignum_free(key->p);
+-	crypto_bignum_free(key->q);
++	crypto_bignum_free(&key->g);
++	crypto_bignum_free(&key->p);
++	crypto_bignum_free(&key->q);
+ 
+ 	return TEE_ERROR_OUT_OF_MEMORY;
+ }
+diff --git a/core/drivers/crypto/caam/acipher/caam_ecc.c b/core/drivers/crypto/caam/acipher/caam_ecc.c
+index 90e87c20a..6b12b6cbe 100644
+--- a/core/drivers/crypto/caam/acipher/caam_ecc.c
++++ b/core/drivers/crypto/caam/acipher/caam_ecc.c
+@@ -169,8 +169,8 @@ static TEE_Result do_allocate_keypair(struct ecc_keypair *key, size_t size_bits)
+ err:
+ 	ECC_TRACE("Allocation error");
+ 
+-	crypto_bignum_free(key->d);
+-	crypto_bignum_free(key->x);
++	crypto_bignum_free(&key->d);
++	crypto_bignum_free(&key->x);
+ 
+ 	return TEE_ERROR_OUT_OF_MEMORY;
+ }
+@@ -204,7 +204,7 @@ static TEE_Result do_allocate_publickey(struct ecc_public_key *key,
+ err:
+ 	ECC_TRACE("Allocation error");
+ 
+-	crypto_bignum_free(key->x);
++	crypto_bignum_free(&key->x);
+ 
+ 	return TEE_ERROR_OUT_OF_MEMORY;
+ }
+@@ -216,8 +216,8 @@ err:
+  */
+ static void do_free_publickey(struct ecc_public_key *key)
+ {
+-	crypto_bignum_free(key->x);
+-	crypto_bignum_free(key->y);
++	crypto_bignum_free(&key->x);
++	crypto_bignum_free(&key->y);
+ }
+ 
+ /*
+diff --git a/core/drivers/crypto/caam/acipher/caam_rsa.c b/core/drivers/crypto/caam/acipher/caam_rsa.c
+index e860c641c..b59ab0b6e 100644
+--- a/core/drivers/crypto/caam/acipher/caam_rsa.c
++++ b/core/drivers/crypto/caam/acipher/caam_rsa.c
+@@ -86,14 +86,14 @@ static uint8_t caam_era;
+  */
+ static void do_free_keypair(struct rsa_keypair *key)
+ {
+-	crypto_bignum_free(key->e);
+-	crypto_bignum_free(key->d);
+-	crypto_bignum_free(key->n);
+-	crypto_bignum_free(key->p);
+-	crypto_bignum_free(key->q);
+-	crypto_bignum_free(key->qp);
+-	crypto_bignum_free(key->dp);
+-	crypto_bignum_free(key->dq);
++	crypto_bignum_free(&key->e);
++	crypto_bignum_free(&key->d);
++	crypto_bignum_free(&key->n);
++	crypto_bignum_free(&key->p);
++	crypto_bignum_free(&key->q);
++	crypto_bignum_free(&key->qp);
++	crypto_bignum_free(&key->dp);
++	crypto_bignum_free(&key->dq);
+ }
+ 
+ /*
+@@ -435,8 +435,8 @@ static TEE_Result do_allocate_publickey(struct rsa_public_key *key,
+ err_alloc_publickey:
+ 	RSA_TRACE("Allocation error");
+ 
+-	crypto_bignum_free(key->e);
+-	crypto_bignum_free(key->n);
++	crypto_bignum_free(&key->e);
++	crypto_bignum_free(&key->n);
+ 
+ 	return TEE_ERROR_OUT_OF_MEMORY;
+ }
+@@ -448,8 +448,8 @@ err_alloc_publickey:
+  */
+ static void do_free_publickey(struct rsa_public_key *key)
+ {
+-	crypto_bignum_free(key->e);
+-	crypto_bignum_free(key->n);
++	crypto_bignum_free(&key->e);
++	crypto_bignum_free(&key->n);
+ }
+ 
+ /*
+diff --git a/core/drivers/crypto/se050/core/ecc.c b/core/drivers/crypto/se050/core/ecc.c
+index d74334760..52f82c69d 100644
+--- a/core/drivers/crypto/se050/core/ecc.c
++++ b/core/drivers/crypto/se050/core/ecc.c
+@@ -752,9 +752,9 @@ static TEE_Result do_alloc_keypair(struct ecc_keypair *s,
+ 		goto err;
+ 	return TEE_SUCCESS;
+ err:
+-	crypto_bignum_free(s->d);
+-	crypto_bignum_free(s->x);
+-	crypto_bignum_free(s->y);
++	crypto_bignum_free(&s->d);
++	crypto_bignum_free(&s->x);
++	crypto_bignum_free(&s->y);
+ 	return TEE_ERROR_OUT_OF_MEMORY;
+ }
+ 
+@@ -768,8 +768,8 @@ static TEE_Result do_alloc_publickey(struct ecc_public_key *s,
+ 		goto err;
+ 	return TEE_SUCCESS;
+ err:
+-	crypto_bignum_free(s->x);
+-	crypto_bignum_free(s->y);
++	crypto_bignum_free(&s->x);
++	crypto_bignum_free(&s->y);
+ 	return TEE_ERROR_OUT_OF_MEMORY;
+ }
+ 
+@@ -778,8 +778,8 @@ static void do_free_publickey(struct ecc_public_key *s)
+ 	if (!s)
+ 		return;
+ 
+-	crypto_bignum_free(s->x);
+-	crypto_bignum_free(s->y);
++	crypto_bignum_free(&s->x);
++	crypto_bignum_free(&s->y);
+ }
+ 
+ static struct drvcrypt_ecc driver_ecc = {
+diff --git a/core/drivers/crypto/se050/core/rsa.c b/core/drivers/crypto/se050/core/rsa.c
+index 815abb3cd..475d2b99a 100644
+--- a/core/drivers/crypto/se050/core/rsa.c
++++ b/core/drivers/crypto/se050/core/rsa.c
+@@ -537,14 +537,14 @@ static TEE_Result do_alloc_keypair(struct rsa_keypair *s,
+ 
+ 	return TEE_SUCCESS;
+ err:
+-	crypto_bignum_free(s->e);
+-	crypto_bignum_free(s->d);
+-	crypto_bignum_free(s->n);
+-	crypto_bignum_free(s->p);
+-	crypto_bignum_free(s->q);
+-	crypto_bignum_free(s->qp);
+-	crypto_bignum_free(s->dp);
+-	crypto_bignum_free(s->dq);
++	crypto_bignum_free(&s->e);
++	crypto_bignum_free(&s->d);
++	crypto_bignum_free(&s->n);
++	crypto_bignum_free(&s->p);
++	crypto_bignum_free(&s->q);
++	crypto_bignum_free(&s->qp);
++	crypto_bignum_free(&s->dp);
++	crypto_bignum_free(&s->dq);
+ 
+ 	return TEE_ERROR_OUT_OF_MEMORY;
+ }
+@@ -556,7 +556,7 @@ static TEE_Result do_alloc_publickey(struct rsa_public_key *s,
+ 	if (!bn_alloc_max(&s->e))
+ 		return TEE_ERROR_OUT_OF_MEMORY;
+ 	if (!bn_alloc_max(&s->n)) {
+-		crypto_bignum_free(s->e);
++		crypto_bignum_free(&s->e);
+ 		return TEE_ERROR_OUT_OF_MEMORY;
+ 	}
+ 
+@@ -566,8 +566,8 @@ static TEE_Result do_alloc_publickey(struct rsa_public_key *s,
+ static void do_free_publickey(struct rsa_public_key *s)
+ {
+ 	if (s) {
+-		crypto_bignum_free(s->n);
+-		crypto_bignum_free(s->e);
++		crypto_bignum_free(&s->n);
++		crypto_bignum_free(&s->e);
+ 	}
+ }
+ 
+@@ -587,14 +587,14 @@ static void do_free_keypair(struct rsa_keypair *s)
+ 			sss_se05x_key_store_erase_key(se050_kstore, &k_object);
+ 	}
+ 
+-	crypto_bignum_free(s->e);
+-	crypto_bignum_free(s->d);
+-	crypto_bignum_free(s->n);
+-	crypto_bignum_free(s->p);
+-	crypto_bignum_free(s->q);
+-	crypto_bignum_free(s->qp);
+-	crypto_bignum_free(s->dp);
+-	crypto_bignum_free(s->dq);
++	crypto_bignum_free(&s->e);
++	crypto_bignum_free(&s->d);
++	crypto_bignum_free(&s->n);
++	crypto_bignum_free(&s->p);
++	crypto_bignum_free(&s->q);
++	crypto_bignum_free(&s->qp);
++	crypto_bignum_free(&s->dp);
++	crypto_bignum_free(&s->dq);
+ }
+ 
+ static TEE_Result do_gen_keypair(struct rsa_keypair *key, size_t kb)
+diff --git a/core/drivers/crypto/versal/ecc.c b/core/drivers/crypto/versal/ecc.c
+index 3d5454509..18ec4f78d 100644
+--- a/core/drivers/crypto/versal/ecc.c
++++ b/core/drivers/crypto/versal/ecc.c
+@@ -284,9 +284,9 @@ static TEE_Result sign(uint32_t algo, struct ecc_keypair *key,
+ 
+ 	versal_mbox_alloc(bytes, NULL, &k);
+ 	crypto_bignum_bn2bin_eswap(key->curve, ephemeral.d, k.buf);
+-	crypto_bignum_free(ephemeral.d);
+-	crypto_bignum_free(ephemeral.x);
+-	crypto_bignum_free(ephemeral.y);
++	crypto_bignum_free(&ephemeral.d);
++	crypto_bignum_free(&ephemeral.x);
++	crypto_bignum_free(&ephemeral.y);
+ 
+ 	/* Private key*/
+ 	versal_mbox_alloc(bytes, NULL, &d);
+diff --git a/core/include/crypto/crypto.h b/core/include/crypto/crypto.h
+index 71a287ec6..0e6c139ce 100644
+--- a/core/include/crypto/crypto.h
++++ b/core/include/crypto/crypto.h
+@@ -98,7 +98,7 @@ size_t crypto_bignum_num_bytes(struct bignum *a);
+ size_t crypto_bignum_num_bits(struct bignum *a);
+ void crypto_bignum_bn2bin(const struct bignum *from, uint8_t *to);
+ void crypto_bignum_copy(struct bignum *to, const struct bignum *from);
+-void crypto_bignum_free(struct bignum *a);
++void crypto_bignum_free(struct bignum **a);
+ void crypto_bignum_clear(struct bignum *a);
+ 
+ /* return -1 if a<b, 0 if a==b, +1 if a>b */
+diff --git a/core/lib/libtomcrypt/dh.c b/core/lib/libtomcrypt/dh.c
+index 4eb9916f2..b1d0a4d00 100644
+--- a/core/lib/libtomcrypt/dh.c
++++ b/core/lib/libtomcrypt/dh.c
+@@ -28,10 +28,10 @@ TEE_Result crypto_acipher_alloc_dh_keypair(struct dh_keypair *s,
+ 		goto err;
+ 	return TEE_SUCCESS;
+ err:
+-	crypto_bignum_free(s->g);
+-	crypto_bignum_free(s->p);
+-	crypto_bignum_free(s->y);
+-	crypto_bignum_free(s->x);
++	crypto_bignum_free(&s->g);
++	crypto_bignum_free(&s->p);
++	crypto_bignum_free(&s->y);
++	crypto_bignum_free(&s->x);
+ 	return TEE_ERROR_OUT_OF_MEMORY;
+ }
+ 
+diff --git a/core/lib/libtomcrypt/dsa.c b/core/lib/libtomcrypt/dsa.c
+index a2dc720ed..d6243c469 100644
+--- a/core/lib/libtomcrypt/dsa.c
++++ b/core/lib/libtomcrypt/dsa.c
+@@ -30,10 +30,10 @@ TEE_Result crypto_acipher_alloc_dsa_keypair(struct dsa_keypair *s,
+ 		goto err;
+ 	return TEE_SUCCESS;
+ err:
+-	crypto_bignum_free(s->g);
+-	crypto_bignum_free(s->p);
+-	crypto_bignum_free(s->q);
+-	crypto_bignum_free(s->y);
++	crypto_bignum_free(&s->g);
++	crypto_bignum_free(&s->p);
++	crypto_bignum_free(&s->q);
++	crypto_bignum_free(&s->y);
+ 	return TEE_ERROR_OUT_OF_MEMORY;
+ }
+ 
+@@ -52,9 +52,9 @@ TEE_Result crypto_acipher_alloc_dsa_public_key(struct dsa_public_key *s,
+ 		goto err;
+ 	return TEE_SUCCESS;
+ err:
+-	crypto_bignum_free(s->g);
+-	crypto_bignum_free(s->p);
+-	crypto_bignum_free(s->q);
++	crypto_bignum_free(&s->g);
++	crypto_bignum_free(&s->p);
++	crypto_bignum_free(&s->q);
+ 	return TEE_ERROR_OUT_OF_MEMORY;
+ }
+ 
+diff --git a/core/lib/libtomcrypt/ecc.c b/core/lib/libtomcrypt/ecc.c
+index 938378247..fa645e17a 100644
+--- a/core/lib/libtomcrypt/ecc.c
++++ b/core/lib/libtomcrypt/ecc.c
+@@ -18,8 +18,8 @@ static void _ltc_ecc_free_public_key(struct ecc_public_key *s)
+ 	if (!s)
+ 		return;
+ 
+-	crypto_bignum_free(s->x);
+-	crypto_bignum_free(s->y);
++	crypto_bignum_free(&s->x);
++	crypto_bignum_free(&s->y);
+ }
+ 
+ /*
+@@ -465,8 +465,8 @@ TEE_Result crypto_asym_alloc_ecc_keypair(struct ecc_keypair *s,
+ err:
+ 	s->ops = NULL;
+ 
+-	crypto_bignum_free(s->d);
+-	crypto_bignum_free(s->x);
++	crypto_bignum_free(&s->d);
++	crypto_bignum_free(&s->x);
+ 
+ 	return TEE_ERROR_OUT_OF_MEMORY;
+ }
+@@ -541,7 +541,7 @@ TEE_Result crypto_asym_alloc_ecc_public_key(struct ecc_public_key *s,
+ err:
+ 	s->ops = NULL;
+ 
+-	crypto_bignum_free(s->x);
++	crypto_bignum_free(&s->x);
+ 
+ 	return TEE_ERROR_OUT_OF_MEMORY;
+ }
+diff --git a/core/lib/libtomcrypt/mpi_desc.c b/core/lib/libtomcrypt/mpi_desc.c
+index 235fbe630..ff8dd13c7 100644
+--- a/core/lib/libtomcrypt/mpi_desc.c
++++ b/core/lib/libtomcrypt/mpi_desc.c
+@@ -763,10 +763,13 @@ struct bignum *crypto_bignum_allocate(size_t size_bits)
+ 	return (struct bignum *)bn;
+ }
+ 
+-void crypto_bignum_free(struct bignum *s)
++void crypto_bignum_free(struct bignum **s)
+ {
+-	mbedtls_mpi_free((mbedtls_mpi *)s);
+-	free(s);
++	assert(s);
++
++	mbedtls_mpi_free((mbedtls_mpi *)*s);
++	free(*s);
++	*s = NULL;
+ }
+ 
+ void crypto_bignum_clear(struct bignum *s)
+diff --git a/core/lib/libtomcrypt/rsa.c b/core/lib/libtomcrypt/rsa.c
+index 8d0443f36..13ed23934 100644
+--- a/core/lib/libtomcrypt/rsa.c
++++ b/core/lib/libtomcrypt/rsa.c
+@@ -131,7 +131,7 @@ TEE_Result sw_crypto_acipher_alloc_rsa_public_key(struct rsa_public_key *s,
+ 		goto err;
+ 	return TEE_SUCCESS;
+ err:
+-	crypto_bignum_free(s->e);
++	crypto_bignum_free(&s->e);
+ 	return TEE_ERROR_OUT_OF_MEMORY;
+ }
+ 
+@@ -143,8 +143,8 @@ void sw_crypto_acipher_free_rsa_public_key(struct rsa_public_key *s)
+ {
+ 	if (!s)
+ 		return;
+-	crypto_bignum_free(s->n);
+-	crypto_bignum_free(s->e);
++	crypto_bignum_free(&s->n);
++	crypto_bignum_free(&s->e);
+ }
+ 
+ 
+@@ -155,14 +155,14 @@ void sw_crypto_acipher_free_rsa_keypair(struct rsa_keypair *s)
+ {
+ 	if (!s)
+ 		return;
+-	crypto_bignum_free(s->e);
+-	crypto_bignum_free(s->d);
+-	crypto_bignum_free(s->n);
+-	crypto_bignum_free(s->p);
+-	crypto_bignum_free(s->q);
+-	crypto_bignum_free(s->qp);
+-	crypto_bignum_free(s->dp);
+-	crypto_bignum_free(s->dq);
++	crypto_bignum_free(&s->e);
++	crypto_bignum_free(&s->d);
++	crypto_bignum_free(&s->n);
++	crypto_bignum_free(&s->p);
++	crypto_bignum_free(&s->q);
++	crypto_bignum_free(&s->qp);
++	crypto_bignum_free(&s->dp);
++	crypto_bignum_free(&s->dq);
+ }
+ 
+ TEE_Result crypto_acipher_gen_rsa_key(struct rsa_keypair *key,
+diff --git a/core/tee/tee_svc_cryp.c b/core/tee/tee_svc_cryp.c
+index 534e5ac39..880809753 100644
+--- a/core/tee/tee_svc_cryp.c
++++ b/core/tee/tee_svc_cryp.c
+@@ -869,8 +869,7 @@ static void op_attr_bignum_free(void *attr)
+ {
+ 	struct bignum **bn = attr;
+ 
+-	crypto_bignum_free(*bn);
+-	*bn = NULL;
++	crypto_bignum_free(bn);
+ }
+ 
+ static TEE_Result op_attr_value_from_user(void *attr, const void *buffer,
+@@ -3445,8 +3444,8 @@ TEE_Result syscall_cryp_derive_key(unsigned long state,
+ 		} else {
+ 			res = TEE_ERROR_OUT_OF_MEMORY;
+ 		}
+-		crypto_bignum_free(pub);
+-		crypto_bignum_free(ss);
++		crypto_bignum_free(&pub);
++		crypto_bignum_free(&ss);
+ 	} else if (TEE_ALG_GET_MAIN_ALG(cs->algo) == TEE_MAIN_ALGO_ECDH) {
+ 		struct ecc_public_key key_public;
+ 		uint8_t *pt_secret;
+diff --git a/lib/libmbedtls/core/bignum.c b/lib/libmbedtls/core/bignum.c
+index 61f6c5c60..dea30f61a 100644
+--- a/lib/libmbedtls/core/bignum.c
++++ b/lib/libmbedtls/core/bignum.c
+@@ -87,10 +87,13 @@ struct bignum *crypto_bignum_allocate(size_t size_bits)
+ 	return (struct bignum *)bn;
+ }
+ 
+-void crypto_bignum_free(struct bignum *s)
++void crypto_bignum_free(struct bignum **s)
+ {
+-	mbedtls_mpi_free((mbedtls_mpi *)s);
+-	free(s);
++	assert(s);
++
++	mbedtls_mpi_free((mbedtls_mpi *)*s);
++	free(*s);
++	*s = NULL;
+ }
+ 
+ void crypto_bignum_clear(struct bignum *s)
+diff --git a/lib/libmbedtls/core/dh.c b/lib/libmbedtls/core/dh.c
+index b3415aaa7..e95aa1495 100644
+--- a/lib/libmbedtls/core/dh.c
++++ b/lib/libmbedtls/core/dh.c
+@@ -35,10 +35,10 @@ TEE_Result crypto_acipher_alloc_dh_keypair(struct dh_keypair *s,
+ 		goto err;
+ 	return TEE_SUCCESS;
+ err:
+-	crypto_bignum_free(s->g);
+-	crypto_bignum_free(s->p);
+-	crypto_bignum_free(s->y);
+-	crypto_bignum_free(s->x);
++	crypto_bignum_free(&s->g);
++	crypto_bignum_free(&s->p);
++	crypto_bignum_free(&s->y);
++	crypto_bignum_free(&s->x);
+ 	return TEE_ERROR_OUT_OF_MEMORY;
+ }
+ 
+diff --git a/lib/libmbedtls/core/ecc.c b/lib/libmbedtls/core/ecc.c
+index fd4a51b9d..46cd9fd1c 100644
+--- a/lib/libmbedtls/core/ecc.c
++++ b/lib/libmbedtls/core/ecc.c
+@@ -40,8 +40,8 @@ static void ecc_free_public_key(struct ecc_public_key *s)
+ 	if (!s)
+ 		return;
+ 
+-	crypto_bignum_free(s->x);
+-	crypto_bignum_free(s->y);
++	crypto_bignum_free(&s->x);
++	crypto_bignum_free(&s->y);
+ }
+ 
+ /*
+@@ -484,8 +484,8 @@ TEE_Result crypto_asym_alloc_ecc_keypair(struct ecc_keypair *s,
+ 	return TEE_SUCCESS;
+ 
+ err:
+-	crypto_bignum_free(s->d);
+-	crypto_bignum_free(s->x);
++	crypto_bignum_free(&s->d);
++	crypto_bignum_free(&s->x);
+ 
+ 	return TEE_ERROR_OUT_OF_MEMORY;
+ }
+@@ -581,7 +581,7 @@ TEE_Result crypto_asym_alloc_ecc_public_key(struct ecc_public_key *s,
+ 	return TEE_SUCCESS;
+ 
+ err:
+-	crypto_bignum_free(s->x);
++	crypto_bignum_free(&s->x);
+ 
+ 	return TEE_ERROR_OUT_OF_MEMORY;
+ }
+diff --git a/lib/libmbedtls/core/rsa.c b/lib/libmbedtls/core/rsa.c
+index c3b5be509..a8aeb2c04 100644
+--- a/lib/libmbedtls/core/rsa.c
++++ b/lib/libmbedtls/core/rsa.c
+@@ -183,7 +183,7 @@ TEE_Result sw_crypto_acipher_alloc_rsa_public_key(struct rsa_public_key *s,
+ 		goto err;
+ 	return TEE_SUCCESS;
+ err:
+-	crypto_bignum_free(s->e);
++	crypto_bignum_free(&s->e);
+ 	return TEE_ERROR_OUT_OF_MEMORY;
+ }
+ 
+@@ -194,8 +194,8 @@ void sw_crypto_acipher_free_rsa_public_key(struct rsa_public_key *s)
+ {
+ 	if (!s)
+ 		return;
+-	crypto_bignum_free(s->n);
+-	crypto_bignum_free(s->e);
++	crypto_bignum_free(&s->n);
++	crypto_bignum_free(&s->e);
+ }
+ 
+ void crypto_acipher_free_rsa_keypair(struct rsa_keypair *s)
+@@ -205,14 +205,14 @@ void sw_crypto_acipher_free_rsa_keypair(struct rsa_keypair *s)
+ {
+ 	if (!s)
+ 		return;
+-	crypto_bignum_free(s->e);
+-	crypto_bignum_free(s->d);
+-	crypto_bignum_free(s->n);
+-	crypto_bignum_free(s->p);
+-	crypto_bignum_free(s->q);
+-	crypto_bignum_free(s->qp);
+-	crypto_bignum_free(s->dp);
+-	crypto_bignum_free(s->dq);
++	crypto_bignum_free(&s->e);
++	crypto_bignum_free(&s->d);
++	crypto_bignum_free(&s->n);
++	crypto_bignum_free(&s->p);
++	crypto_bignum_free(&s->q);
++	crypto_bignum_free(&s->qp);
++	crypto_bignum_free(&s->dp);
++	crypto_bignum_free(&s->dq);
+ }
+ 
+ TEE_Result crypto_acipher_gen_rsa_key(struct rsa_keypair *key,
+-- 
+2.34.1
+
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.22.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
similarity index 100%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.22.0/0001-allow-setting-sysroot-for-libgcc-lookup.patch
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0002-core-Define-section-attributes-for-clang.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.22.0/0002-core-Define-section-attributes-for-clang.patch
similarity index 100%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0002-core-Define-section-attributes-for-clang.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.22.0/0002-core-Define-section-attributes-for-clang.patch
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0003-optee-enable-clang-support.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.22.0/0003-optee-enable-clang-support.patch
similarity index 100%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0003-optee-enable-clang-support.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.22.0/0003-optee-enable-clang-support.patch
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0004-core-link-add-no-warn-rwx-segments.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.22.0/0004-core-link-add-no-warn-rwx-segments.patch
similarity index 100%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os-3.22.0/0004-core-link-add-no-warn-rwx-segments.patch
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-3.22.0/0004-core-link-add-no-warn-rwx-segments.patch
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc
index 80a11b5..1b66cd5 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc
@@ -8,10 +8,9 @@
 SRC_URI:append = " \
     file://0001-core-arm-add-MPIDR-affinity-shift-and-mask-for-32-bi.patch \
     file://0002-plat-n1sdp-add-N1SDP-platform-support.patch \
-    file://0003-HACK-disable-instruction-cache-and-data-cache.patch \
-    file://0004-Handle-logging-syscall.patch \
-    file://0005-plat-n1sdp-register-DRAM1-to-optee-os.patch \
-    file://0006-plat-n1sdp-add-external-device-tree-base-and-size.patch \
+    file://0003-Handle-logging-syscall.patch \
+    file://0004-plat-n1sdp-register-DRAM1-to-optee-os.patch \
+    file://0005-plat-n1sdp-add-external-device-tree-base-and-size.patch \
     "
 
 EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bb
deleted file mode 100644
index ff0baf8..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bb
+++ /dev/null
@@ -1,24 +0,0 @@
-require optee-os_3.18.0.bb
-
-SUMMARY = "OP-TEE Trusted OS TA devkit"
-DESCRIPTION = "OP-TEE TA devkit for build TAs"
-HOMEPAGE = "https://www.op-tee.org/"
-
-DEPENDS += "python3-pycryptodome-native"
-
-do_install() {
-    #install TA devkit
-    install -d ${D}${includedir}/optee/export-user_ta/
-    for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do
-        cp -aR $f ${D}${includedir}/optee/export-user_ta/
-    done
-}
-
-do_deploy() {
-	echo "Do not inherit do_deploy from optee-os."
-}
-
-FILES:${PN} = "${includedir}/optee/"
-
-# Build paths are currently embedded
-INSANE_SKIP:${PN}-dev += "buildpaths"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bbappend
deleted file mode 100644
index 0cb9b05..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bbappend
+++ /dev/null
@@ -1,6 +0,0 @@
-# Machine specific configurations
-
-MACHINE_OPTEE_OS_TADEVKIT_REQUIRE ?= ""
-MACHINE_OPTEE_OS_TADEVKIT_REQUIRE:tc = "optee-os-tc.inc"
-
-require ${MACHINE_OPTEE_OS_TADEVKIT_REQUIRE}
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.22.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.22.0.bb
new file mode 100644
index 0000000..4449616
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.22.0.bb
@@ -0,0 +1,29 @@
+require optee-os_3.22.0.bb
+
+SUMMARY = "OP-TEE Trusted OS TA devkit"
+DESCRIPTION = "OP-TEE TA devkit for build TAs"
+HOMEPAGE = "https://www.op-tee.org/"
+
+DEPENDS += "python3-pycryptodome-native"
+
+do_install() {
+    #install TA devkit
+    install -d ${D}${includedir}/optee/export-user_ta/
+    for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do
+        cp -aR $f ${D}${includedir}/optee/export-user_ta/
+    done
+}
+
+do_deploy() {
+	echo "Do not inherit do_deploy from optee-os."
+}
+
+FILES:${PN} = "${includedir}/optee/"
+
+# Build paths are currently embedded
+INSANE_SKIP:${PN}-dev += "buildpaths"
+
+# Include extra headers needed by SPMC tests to TA DEVKIT.
+# Supported after op-tee v3.20
+EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
+                                        ' CFG_SPMC_TESTS=y', '' , d)}"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bb
deleted file mode 100644
index 6e1e6ad..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bb
+++ /dev/null
@@ -1,15 +0,0 @@
-require recipes-security/optee/optee-os.inc
-
-DEPENDS += "dtc-native"
-
-FILESEXTRAPATHS:prepend := "${THISDIR}/${P}:"
-
-SRCREV = "1ee647035939e073a2e8dddb727c0f019cc035f1"
-SRC_URI += " \
-    file://0001-allow-setting-sysroot-for-libgcc-lookup.patch \
-    file://0002-optee-enable-clang-support.patch \
-    file://0003-core-link-add-no-warn-rwx-segments.patch \
-    file://0004-core-Define-section-attributes-for-clang.patch \
-    file://0005-core-ldelf-link-add-z-execstack.patch \
-    file://0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch \
-   "
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend
deleted file mode 100644
index e276fb8..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend
+++ /dev/null
@@ -1,6 +0,0 @@
-# Machine specific configurations
-
-MACHINE_OPTEE_OS_REQUIRE ?= ""
-MACHINE_OPTEE_OS_REQUIRE:tc = "optee-os-tc.inc"
-
-require ${MACHINE_OPTEE_OS_REQUIRE}
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.20.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.20.0.bb
index 0f3e58d..0638cf7 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.20.0.bb
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.20.0.bb
@@ -14,4 +14,5 @@
     file://0006-core-ffa-add-TOS_FW_CONFIG-handling.patch \
     file://0007-core-spmc-handle-non-secure-interrupts.patch \
     file://0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch \
+    file://CVE-2023-41325.patch \
    "
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.22.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.22.0.bb
new file mode 100644
index 0000000..e122019
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.22.0.bb
@@ -0,0 +1,13 @@
+require recipes-security/optee/optee-os.inc
+
+DEPENDS += "dtc-native"
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/${P}:"
+
+SRCREV = "001ace6655dd6bb9cbe31aa31b4ba69746e1a1d9"
+SRC_URI += " \
+    file://0001-allow-setting-sysroot-for-libgcc-lookup.patch \
+    file://0002-core-Define-section-attributes-for-clang.patch \
+    file://0003-optee-enable-clang-support.patch \
+    file://0004-core-link-add-no-warn-rwx-segments.patch \
+   "
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.22.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.22.0.bbappend
index b5493e5..ee4ca17 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.22.0.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.22.0.bbappend
@@ -1,5 +1,7 @@
-# Machine specific configurations
+# Include Trusted Services Secure Partitions
+require recipes-security/optee/optee-os-ts.inc
 
+# Machine specific configurations
 MACHINE_OPTEE_OS_REQUIRE ?= ""
 MACHINE_OPTEE_OS_REQUIRE:corstone1000 = "optee-os-corstone1000-common.inc"
 MACHINE_OPTEE_OS_REQUIRE:n1sdp = "optee-os-n1sdp.inc"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.18.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.18.0.bb
deleted file mode 100644
index cf8ea01..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.18.0.bb
+++ /dev/null
@@ -1,10 +0,0 @@
-require recipes-security/optee/optee-test.inc
-
-SRC_URI += " \
-    file://0001-xtest-regression_1000-remove-unneeded-stat.h-include.patch \
-   "
-SRCREV = "da5282a011b40621a2cf7a296c11a35c833ed91b"
-
-EXTRA_OEMAKE:append:libc-musl = " OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}"
-DEPENDS:append:libc-musl = " openssl"
-CFLAGS:append:libc-musl = " -Wno-error=deprecated-declarations"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.20.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.20.0.bb
index 5f73d41..4409ad5 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.20.0.bb
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.20.0.bb
@@ -6,7 +6,3 @@
     file://0003-Update-arm_ffa_user-driver-dependency.patch \
    "
 SRCREV = "5db8ab4c733d5b2f4afac3e9aef0a26634c4b444"
-
-EXTRA_OEMAKE:append = " OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}"
-DEPENDS:append = " openssl"
-CFLAGS:append = " -Wno-error=deprecated-declarations"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.22.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.22.0.bb
new file mode 100644
index 0000000..eddf04d
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.22.0.bb
@@ -0,0 +1,14 @@
+require recipes-security/optee/optee-test.inc
+
+SRC_URI += " \
+    file://0001-xtest-regression_1000-remove-unneeded-stat.h-include.patch \
+   "
+SRCREV = "a286b57f1721af215ace318d5807e63f40186df6"
+
+# Include ffa_spmc test group if the SPMC test is enabled.
+# Supported after op-tee v3.20
+EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
+                                        ' CFG_SPMC_TESTS=y CFG_SECURE_PARTITION=y', '' , d)}"
+
+RDEPENDS:${PN} += "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
+                                              ' arm-ffa-user', '' , d)}"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-plat-corstone1000-change-ns-interrupt-action.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-plat-corstone1000-change-ns-interrupt-action.patch
deleted file mode 100644
index c50f286..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-plat-corstone1000-change-ns-interrupt-action.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 7f51fa5f848b77b5aadfc553e1aeca52f4bcc5a1 Mon Sep 17 00:00:00 2001
-From: Emekcan Aras <emekcan.aras@arm.com>
-Date: Tue, 22 Aug 2023 17:18:26 +0100
-Subject: [PATCH] platform: corstone1000: change ns-interrupt-action 
-
-Changes ns-interrupt-action for corstone1000. The interrupts are queued as 
-in the previous optee release. Currently, enabling preemption (settig this field
-to 2) will halt psa-test from linux-userspace in corstone1000.
-
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Upstream-Status: Pending [Not submitted to upstream yet]
----
- .../config/corstone1000-opteesp/default_se-proxy.dts.in         | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/deployments/se-proxy/config/corstone1000-opteesp/default_se-proxy.dts.in b/deployments/se-proxy/config/corstone1000-opteesp/default_se-proxy.dts.in
-index cc42929d..839f7464 100644
---- a/deployments/se-proxy/config/corstone1000-opteesp/default_se-proxy.dts.in
-+++ b/deployments/se-proxy/config/corstone1000-opteesp/default_se-proxy.dts.in
-@@ -16,7 +16,7 @@
- 	execution-state = <0>; /* AArch64 */
- 	xlat-granule = <0>; /* 4KiB */
- 	messaging-method = <3>; /* Direct messaging only */
--	ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
-+	ns-interrupts-action = <0>; /* Non-secure interrupts are signaled */
- 	elf-format = <1>;
- 
- 	device-regions {
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-platform-corstone1000-fix-synchronization-issue.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-platform-corstone1000-fix-synchronization-issue.patch
new file mode 100644
index 0000000..5d8f731
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-platform-corstone1000-fix-synchronization-issue.patch
@@ -0,0 +1,105 @@
+From 06c3e612cb0927d783f115077d83ed97841c5668 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Tue, 14 Nov 2023 14:43:44 +0000
+Subject: [PATCH] plat: corstone1000: fix synchronization issue on openamp notification
+
+This fixes a race that is observed rarely in the FVP. It occurs in FVP
+when Secure Enclave sends the notication ack in openamp, and then reset the access
+request which resets the mhu registers before received by the SE-proxy-sp in the
+host processort. This solution introduces polling on the status register of
+mhu until the notificaiton is read by the host processor. (Inspired by
+signal_and_wait_for_signal function in mhu_wrapper_v2_x.c in trusted-firmware-m
+https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/ext/target/arm/rss/common/native_drivers/mhu_wrapper_v2_x.c#n61)
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ components/messaging/openamp/sp/openamp_mhu.c |  9 ++++++++-
+ platform/drivers/arm/mhu_driver/mhu_v2.h      | 18 ++++++++++++++++++
+ platform/drivers/arm/mhu_driver/mhu_v2_x.c    | 17 +++++++++++++++++
+ 3 files changed, 43 insertions(+), 1 deletion(-)
+
+diff --git a/components/messaging/openamp/sp/openamp_mhu.c b/components/messaging/openamp/sp/openamp_mhu.c
+index bafba3e3..0700b8b9 100644
+--- a/components/messaging/openamp/sp/openamp_mhu.c
++++ b/components/messaging/openamp/sp/openamp_mhu.c
+@@ -85,7 +85,7 @@ int openamp_mhu_notify_peer(struct openamp_messenger *openamp)
+	struct mhu_v2_x_dev_t *tx_dev;
+	enum mhu_v2_x_error_t ret;
+	struct openamp_mhu *mhu;
+-	uint32_t access_ready;
++	uint32_t access_ready,val;
+
+	if (!openamp->transport) {
+		EMSG("openamp: mhu: notify transport not initialized");
+@@ -116,6 +116,13 @@ int openamp_mhu_notify_peer(struct openamp_messenger *openamp)
+		return -EPROTO;
+	}
+
++	do {
++		ret = mhu_v2_x_channel_poll(tx_dev, MHU_V_2_NOTIFY_CHANNEL, &val);
++		if (ret != MHU_V_2_X_ERR_NONE) {
++			break;
++		}
++	} while (val != 0);
++
+	ret = mhu_v2_x_reset_access_request(tx_dev);
+	if (ret != MHU_V_2_X_ERR_NONE) {
+		EMSG("openamp: mhu: failed reset access request");
+diff --git a/platform/drivers/arm/mhu_driver/mhu_v2.h b/platform/drivers/arm/mhu_driver/mhu_v2.h
+index 26b3a5d6..2b4d6fcb 100644
+--- a/platform/drivers/arm/mhu_driver/mhu_v2.h
++++ b/platform/drivers/arm/mhu_driver/mhu_v2.h
+@@ -384,6 +384,24 @@ enum mhu_v2_x_error_t mhu_v2_x_interrupt_clear(
+ enum mhu_v2_x_error_t mhu_v2_1_get_ch_interrupt_num(
+      const struct mhu_v2_x_dev_t *dev, uint32_t *channel);
+
++
++/**
++ * \brief Polls sender channel status.
++ *
++ * \param[in]  dev         MHU device struct \ref mhu_v2_x_dev_t
++ * \param[in]  channel     Channel to poll the status of.
++ * \param[out] value       Pointer to variable that will store the value.
++ *
++ * Polls sender channel status.
++ *
++ * \return Returns mhu_v2_x_error_t error code
++ *
++ * \note This function doesn't check if dev is NULL.
++ * \note This function doesn't check if channel is implemented.
++ */
++enum mhu_v2_x_error_t mhu_v2_x_channel_poll(const struct mhu_v2_x_dev_t *dev,
++     uint32_t channel, uint32_t *value);
++
+ #ifdef __cplusplus
+ }
+ #endif
+diff --git a/platform/drivers/arm/mhu_driver/mhu_v2_x.c b/platform/drivers/arm/mhu_driver/mhu_v2_x.c
+index d7e70efa..022e287a 100644
+--- a/platform/drivers/arm/mhu_driver/mhu_v2_x.c
++++ b/platform/drivers/arm/mhu_driver/mhu_v2_x.c
+@@ -600,3 +600,20 @@ enum mhu_v2_x_error_t mhu_v2_1_get_ch_interrupt_num(
+
+     return MHU_V_2_X_ERR_GENERAL;
+ }
++
++enum mhu_v2_x_error_t mhu_v2_x_channel_poll(const struct mhu_v2_x_dev_t *dev,
++     uint32_t channel, uint32_t *value)
++{
++    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
++
++    if ( !(dev->is_initialized) ) {
++        return MHU_V_2_X_ERR_NOT_INIT;
++    }
++
++    if (dev->frame == MHU_V2_X_SENDER_FRAME) {
++        *value = (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_st;
++        return MHU_V_2_X_ERR_NONE;
++    } else {
++        return MHU_V_2_X_ERR_INVALID_ARG;
++    }
++}
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
index 551a67d..3c7e94e 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
@@ -9,7 +9,7 @@
     file://0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch \
     file://0006-plat-corstone1000-Use-the-stateless-platform-service.patch \
     file://0007-plat-corstone1000-Initialize-capsule-update-provider.patch \
-    file://0008-plat-corstone1000-change-ns-interrupt-action.patch \
+    file://0008-platform-corstone1000-fix-synchronization-issue.patch \
     "
 
 
diff --git a/meta-arm/meta-arm-bsp/wic/fvp-base.wks b/meta-arm/meta-arm-bsp/wic/fvp-base.wks
deleted file mode 100644
index 8399d04..0000000
--- a/meta-arm/meta-arm-bsp/wic/fvp-base.wks
+++ /dev/null
@@ -1,3 +0,0 @@
-# For fvp-base* machines we just need to populate the rootfs partition
-
-part / --source rootfs --ondisk sda --fstype=ext4 --label root --align 1024 --extra-space 100
diff --git a/meta-arm/meta-arm-systemready/README.md b/meta-arm/meta-arm-systemready/README.md
new file mode 100644
index 0000000..49cfed6
--- /dev/null
+++ b/meta-arm/meta-arm-systemready/README.md
@@ -0,0 +1,148 @@
+# meta-arm-systemready Yocto Layer
+
+This layer contains classes and recipes for building and running
+[Arm SystemReady][] validation on the supported machines.
+
+Information regarding contributing, reporting bugs, etc can be found in the
+top-level meta-arm [README.md](../README.md) file.
+
+## Introduction
+
+This layer provides support for the following on supported machines:
+
+* Building the firmware for the [Arm SystemReady][] certification program
+* Running [Arm SystemReady ACS][] (Architecture Compliance Suite) tests
+* Running Linux distributions installation tests
+
+This layer is designed to work alongside with a BSP layer. For example, the
+[`meta-arm-bsp`][] layer in the top-level meta-arm defines the
+[`fvp-base`][] machine, which can be used with the recipes provided by this
+layer to build the firmware, run the [Arm SystemReady IR][] ACS tests, and
+run Linux distributions installation. **Note** that users can use this layer
+with their BSP layer to perform the same build and tests.
+
+### Firmware Build
+
+The `arm-systemready-firmware.bb` recipe is to build the firmware. It requires
+the `ARM_SYSTEMREADY_FIRMWARE` variable set at the MACHINE configuration level
+to list the build dependencies.
+
+### ACS Tests
+
+The recipe to run the ACS tests fetches and deploys the prebuilt ACS test suite
+disk image, and generates the necessary metadata to support executing the test
+suite using the bitbake `testimage` task. A test case `SystemReadyACSTest` is
+introduced in `lib/oeqa/runtime/cases` to monitor the ACS tests output from the
+bitbake `testimage` task. The `ARM_SYSTEMREADY_ACS_CONSOLE` variable must be set
+at the MACHINE configuration level for this test case.
+
+There are two additional recipes for generating the Arm SystemReady ACS tests
+report files through the use of the [EDK2 SCT Results Parser][] and the
+[Arm SystemReady scripts][]. These packages are installed in the
+`edk2-test-parser-native.bb` and `arm-systemready-scripts-native.bb` recipes
+respectively.
+
+The class `arm-systemready-acs.bbclass` implements the common logic to deploy
+the Arm SystemReady ACS prebuilt image and set up the `testimage` environment.
+This class also contains a `testimage` `"postfunc"` called `acs_logs_handle`
+which generates report files and analyzes the test results.
+
+The test result analysis is performed by first using the EDK2 SCT Results
+Parser to create a results.md file, then running the Arm SystemReady result
+check script to check the contents of the result partition as well as the
+console log. The result check will fail if any of the expected files or
+directories are missing, or if any file's contents do not pass its file-specific
+checks.
+
+The ACS test results which are checked by the script can be viewed in
+`${TMPDIR}/work/aarch64-oe-linux/arm-systemready-ir-acs/2.0.0-r0/testimage/`. If
+the check fails, the bitbake `testimage` task will fail.
+
+
+### Linux Distributions Installation
+
+Recipes for testing the installation of Linux distributions are provided under
+`recipes-test/arm-systemready-linux-distros`. These recipes help to download the
+installation CD for the Linux distribution and generate an empty disk as the
+target disk for the installation.
+
+## Supported Band and Machine
+
+Arm SystemReady has four bands:
+* [Arm SystemReady SR][]
+* [Arm SystemReady ES][]
+* [Arm SystemReady IR][]
+* [Arm SystemReady LS][]
+
+Currently, this layer only supports
+[Arm SystemReady IR ACS version v23.03_2.0.0][], which is verified on the
+[`fvp-base`][] machine.
+
+## Build and Run
+
+To build the firmware for Arm SystemReady on the supported machines (take the
+`fvp-base` machine as an example):
+
+    kas build kas/fvp-base.yml:kas/arm-systemready-firmware.yml
+
+
+To run the Arm SystemReady ACS tests on the supported machines (take running
+Arm SystemReady IR on the `fvp-base` machine as an example):
+
+    kas build kas/fvp-base.yml:kas/arm-systemready-ir-acs.yml
+
+To run the Linux distributions installation on the supported machines (take
+installing openSUSE on the `fvp-base` machine as an example):
+
+    kas build kas/fvp-base.yml:kas/arm-systemready-linux-distros-opensuse.yml
+
+    kas shell \
+        kas/fvp-base.yml:kas/arm-systemready-linux-distros-opensuse.yml \
+        -c "../scripts/runfvp --verbose --console"
+
+## Guidelines for Reusing and Extending
+
+Currently, this layer only supports the Arm SystemReady IR band running on the
+`fvp-base` machine defined in the `meta-arm-bsp` layer. The supported Arm
+SystemReady IR implementation can be reused on other machines. Furthermore, the
+current implementation can be further extended to support SR, ES and LS bands.
+
+### Reuse
+
+To reuse the supported Arm SystemReady IR on other machines, you will need to:
+
+1. Set the `ARM_SYSTEMREADY_FIRMWARE` variable at the MACHINE configuration
+   level to list the build dependencies. The configuration file of the
+   [`fvp-base`][] machine can be used as a reference.
+2. Set the `ARM_SYSTEMREADY_ACS_CONSOLE` variable at the MACHINE configuration
+   level for running the ACS tests in the bitbake `testimage` task. Also refer
+   to the configuration file of the [`fvp-base`][] machine.
+
+### Extend
+
+To extend support for other bands, you will need to:
+
+1. Add a new recipe to inherit `arm-systemready-acs.bbclass`. You can use
+   [`arm-systemready-ir-acs.bb`][] as a reference.
+2. Add a new `testimage` test case for the newly added band. Refer to
+   [`arm_systemready_ir_acs.py`][].
+3. Set the necessary variables and prepare the ACS baseline files (as listed in
+   the above **Reuse** section) at the MACHINE configuration level from the BSP
+   layer for the machine to be supported.
+
+**Note**: When reusing and extending, the current classes and libs may need to
+be modified or refactored as necessary.
+
+[Arm SystemReady]: https://www.arm.com/architecture/system-architectures/systemready-certification-program
+[Arm SystemReady ACS]: https://github.com/ARM-software/arm-systemready
+[Arm SystemReady SR]: https://www.arm.com/architecture/system-architectures/systemready-certification-program/sr
+[Arm SystemReady ES]: https://www.arm.com/architecture/system-architectures/systemready-certification-program/es
+[Arm SystemReady IR]: https://www.arm.com/architecture/system-architectures/systemready-certification-program/ir
+[Arm SystemReady LS]: https://www.arm.com/architecture/system-architectures/systemready-certification-program/ls
+[Arm SystemReady IR ACS version v23.03_2.0.0]: https://github.com/ARM-software/arm-systemready/tree/main/IR/prebuilt_images/v23.03_2.0.0
+[Arm SystemReady scripts]: https://gitlab.arm.com/systemready/systemready-scripts
+[EDK2 SCT Results Parser]: https://gitlab.arm.com/systemready/edk2-test-parser
+[`arm-systemready-ir-acs.bb`]: recipes-test/arm-systemready-acs/arm-systemready-ir-acs.bb
+[`arm_systemready_ir_acs.py`]: lib/oeqa/runtime/cases/arm_systemready_ir_acs.py
+[`meta-arm-bsp`]: ../meta-arm-bsp
+[`fvp-base`]: ../meta-arm-bsp/conf/machine/fvp-base.conf
diff --git a/meta-arm/meta-arm-systemready/classes/arm-systemready-acs.bbclass b/meta-arm/meta-arm-systemready/classes/arm-systemready-acs.bbclass
new file mode 100644
index 0000000..e988802
--- /dev/null
+++ b/meta-arm/meta-arm-systemready/classes/arm-systemready-acs.bbclass
@@ -0,0 +1,161 @@
+# This class contains the common logic to deploy the SystemReady ACS pre-built
+# image and set up the testimage environment. It is to be inherited by recipes
+# which contains the URI to download the SystemReady ACS image.
+# This class also contains a testimage "postfunc" called acs_logs_handle which
+# performs the following functions after the tests have completed:
+#   * Extract the acs_results directory from the Wic image to
+#     ${WORKDIR}/testimage
+#   * Create a symlink to the acs_results in ${TMPDIR}/log/oeqa for ease of
+#     access
+#   * Run the test parser, format results, and check results routines
+
+INHIBIT_DEFAULT_DEPS = "1"
+COMPATIBLE_HOST = "aarch64-*"
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+inherit nopackages deploy rootfs-postcommands ${IMAGE_CLASSES} python3native
+
+do_configure[noexec] = "1"
+do_compile[noexec] = "1"
+do_install[noexec] = "1"
+do_testimage[depends] += "mtools-native:do_populate_sysroot"
+
+# Deploy with this suffix so it is picked up in the machine configuration
+IMAGE_DEPLOY_SUFFIX ?= ".wic"
+
+# Post-process commands may write to IMGDEPLOYDIR
+IMGDEPLOYDIR = "${DEPLOYDIR}"
+# Write the test data in IMAGE_POSTPROCESS_COMMAND
+IMAGE_POSTPROCESS_COMMAND += "write_image_test_data; "
+
+python do_deploy() {
+    deploydir = d.getVar('DEPLOYDIR')
+    suffix = d.getVar('IMAGE_DEPLOY_SUFFIX')
+    imgfile = os.path.join(d.getVar('WORKDIR'), d.getVar('IMAGE_FILENAME'))
+    deployfile = os.path.join(deploydir, d.getVar('IMAGE_NAME') + suffix)
+    linkfile = os.path.join(deploydir, d.getVar('IMAGE_LINK_NAME') + suffix)
+
+    # Install the image file in the deploy directory
+    import shutil
+    shutil.copyfile(imgfile, deployfile)
+    if os.path.lexists(linkfile):
+        os.remove(manifest_link)
+    os.symlink(os.path.basename(deployfile), linkfile)
+
+    # Run the image post-process commands
+    from oe.utils import execute_pre_post_process
+    post_process_cmds = d.getVar("IMAGE_POSTPROCESS_COMMAND")
+    execute_pre_post_process(d, post_process_cmds)
+
+    # Copy the report.txt to DEPLOYDIR
+    # The machine-specific implementation can optionally put the report file in
+    # ${WORKDIR}/report.txt. If there is no such file present, use the template.
+    workdir = d.getVar('WORKDIR')
+    report_file = os.path.join(workdir, "report.txt")
+    report_file_dest = os.path.join(deploydir, "report.txt")
+    if os.path.exists(report_file):
+        report_file_to_copy = report_file
+    else:
+        report_file_to_copy = os.path.join(workdir, "systemready-ir-template",
+                                            "report.txt")
+    shutil.copyfile(report_file_to_copy, report_file_dest)
+
+    # Ensure an empty rootfs manifest exists (required by testimage)
+    fname = os.path.join(deploydir, d.getVar('IMAGE_LINK_NAME') + ".manifest")
+    open(fname, 'w').close()
+}
+addtask deploy after do_install before do_image_complete
+
+do_image_complete() {
+    true
+}
+addtask image_complete after do_deploy before do_build
+do_image_complete[depends] += "arm-systemready-firmware:do_image_complete"
+
+ACS_LOG_NAME = "acs_results_${DATETIME}"
+ACS_LOG_NAME[vardepsexclude] += "DATETIME"
+ACS_LOG_DIR = "${TEST_LOG_DIR}/${ACS_LOG_NAME}"
+ACS_LOG_LINK = "${TEST_LOG_DIR}/acs_results"
+TEST_LOG_DIR = "${WORKDIR}/testimage"
+RM_WORK_EXCLUDE_ITEMS += "${@ os.path.basename(d.getVar('TEST_LOG_DIR')) }"
+
+do_testimage[postfuncs] += "acs_logs_handle"
+do_testimage[depends] += "edk2-test-parser-native:do_populate_sysroot \
+                          arm-systemready-scripts-native:do_populate_sysroot"
+
+# Process the logs
+python acs_logs_handle() {
+    import logging
+    from oeqa.utils import make_logger_bitbake_compatible
+    import shutil
+
+    deploy_dir_image = d.getVar('DEPLOY_DIR_IMAGE')
+    systemready_scripts_dir = os.path.join(d.getVar('STAGING_LIBDIR_NATIVE'),
+                                           "systemready_scripts")
+    edk2_test_parser_dir = os.path.join(d.getVar('STAGING_LIBDIR_NATIVE'),
+                                        "edk2_test_parser")
+    deployfile = os.path.join(deploy_dir_image, d.getVar('IMAGE_LINK_NAME')
+                              + d.getVar('IMAGE_DEPLOY_SUFFIX'))
+
+    testimage_dir = d.getVar('TEST_LOG_DIR')
+    logdir = d.getVar('ACS_LOG_DIR')
+    loglink = d.getVar('ACS_LOG_LINK')
+
+    # Copy the report.txt file from DEPLOY_DIR_IMAGE
+    report_file = os.path.join(deploy_dir_image, "report.txt")
+    report_file_dest = os.path.join(testimage_dir, "report.txt")
+    shutil.copyfile(report_file, report_file_dest)
+
+    # Extract the log files from the Wic image to the testimage logs directory
+    resultspath = deployfile + ':3/acs_results'
+    import subprocess
+    subprocess.run(['wic', 'cp', resultspath, logdir], check=True)
+
+    # Create a symlink to the acs_results directory
+    if os.path.lexists(loglink):
+        os.remove(loglink)
+    os.symlink(os.path.basename(logdir), loglink)
+
+    # Create a top-level symlink to the acs_results directory
+    top_logdir = os.path.join(get_testimage_json_result_dir(d), d.getVar("PN"))
+    log_name = d.getVar('ACS_LOG_NAME')
+    top_link = os.path.join(top_logdir, log_name)
+    log_target = os.path.relpath(logdir, top_logdir)
+    os.symlink(log_target, top_link)
+
+    # Parse the logs and generate results file
+    logger = make_logger_bitbake_compatible(logging.getLogger("BitBake"))
+
+    sct_log = os.path.join(logdir, 'sct_results', 'Overall', 'Summary.ekl')
+    sct_seq = os.path.join(logdir, 'sct_results', 'Sequence', 'EBBR.seq')
+
+    parser_path = os.path.join(edk2_test_parser_dir, "parser.py")
+    # format-sr-results.py needs the output file to be called "result.md"
+    subprocess.run([parser_path, sct_log, sct_seq, "--md",
+                   os.path.join(logdir, "result.md")], check=True)
+
+    scripts_path = os.path.join(systemready_scripts_dir,
+                                "format-sr-results.py")
+    summary_path = os.path.join(testimage_dir, "summary.md")
+    subprocess.run([scripts_path, "--dir", testimage_dir, "--md", summary_path],
+                   check=True)
+
+    # Symlink acs-console.log to default_log
+    subprocess.run(["ln", "-sf", os.path.join(testimage_dir, "default_log"),
+                    os.path.join(testimage_dir, "acs-console.log")], check=True)
+
+    # Run the check-sr-results.py systemready script to check the results
+    check_sr_results_log_path = os.path.join(testimage_dir,
+                                             "check_sr_results.log")
+    with open(check_sr_results_log_path, "w") as f:
+        check_sr_results_path = os.path.join(systemready_scripts_dir,
+                                            "check-sr-results.py")
+        try:
+            subprocess.run([check_sr_results_path, "--dir", testimage_dir,
+                            "--print-meta", "--debug"],
+                           stdout=f, stderr=f, text=True, check=True)
+        except subprocess.CalledProcessError:
+            logger.error(f"ACS run failed the check SystemReady results. See "
+                         f"{summary_path} and {check_sr_results_log_path} for "
+                         f"details of the error.")
+            raise bb.BBHandledException()
+}
diff --git a/meta-arm/meta-arm-systemready/classes/extra_imagedepends_only.bbclass b/meta-arm/meta-arm-systemready/classes/extra_imagedepends_only.bbclass
new file mode 100644
index 0000000..bf06a9f
--- /dev/null
+++ b/meta-arm/meta-arm-systemready/classes/extra_imagedepends_only.bbclass
@@ -0,0 +1,25 @@
+# This class is to be inherited by recipes interested in only deploying what is
+# listed in the EXTRA_IMAGEDEPENDS.
+# It is inheriting the image.bbclass to make sure that the
+# image_license.manifest is generated.
+
+IMAGE_FSTYPES = ""
+
+inherit image
+
+IMAGE_FEATURES = ""
+EXTRA_IMAGE_FEATURES = ""
+
+INHIBIT_DEFAULT_DEPS = "1"
+DEPENDS = ""
+RDEPENDS = ""
+RRECOMMENDS = ""
+
+deltask do_prepare_recipe_sysroot
+deltask do_flush_pseudodb
+deltask do_image_qa
+do_rootfs[depends] = ""
+do_rootfs[noexec] = "1"
+do_image[noexec] = "1"
+do_image_complete[noexec] = "1"
+do_build[depends] = ""
diff --git a/meta-arm/meta-arm-systemready/conf/layer.conf b/meta-arm/meta-arm-systemready/conf/layer.conf
new file mode 100644
index 0000000..27bb568
--- /dev/null
+++ b/meta-arm/meta-arm-systemready/conf/layer.conf
@@ -0,0 +1,15 @@
+# We have a conf and classes directory, add to BBPATH
+BBPATH .= ":${LAYERDIR}"
+
+# We have recipes-* directories, add to BBFILES
+BBFILES += "${LAYERDIR}/recipes-*/*/*.bb \
+            ${LAYERDIR}/recipes-*/*/*.bbappend"
+
+BBFILE_COLLECTIONS += "meta-arm-systemready"
+BBFILE_PATTERN_meta-arm-systemready = "^${LAYERDIR}/"
+
+LAYERSERIES_COMPAT_meta-arm-systemready = "nanbield"
+
+LAYERDEPENDS_meta-arm-systemready = "core"
+
+addpylib ${LAYERDIR}/lib oeqa
diff --git a/meta-arm/meta-arm-systemready/lib/oeqa/runtime/cases/arm_systemready_ir_acs.py b/meta-arm/meta-arm-systemready/lib/oeqa/runtime/cases/arm_systemready_ir_acs.py
new file mode 100644
index 0000000..518d1aa
--- /dev/null
+++ b/meta-arm/meta-arm-systemready/lib/oeqa/runtime/cases/arm_systemready_ir_acs.py
@@ -0,0 +1,37 @@
+from oeqa.runtime.case import OERuntimeTestCase
+
+
+class SystemReadyACSTest(OERuntimeTestCase):
+    def setUp(self):
+        self.console = self.td.get('ARM_SYSTEMREADY_ACS_CONSOLE')
+        self.assertNotEqual(self.console, '',
+                            msg='ARM_SYSTEMREADY_ACS_CONSOLE is not set')
+
+    def test_acs(self):
+        """
+        The purpose of this test case is to detect any issues with the ACS
+        tests themselves. The intention is to fail only if there is an issue
+        running the tests, not if an ACS test fails
+        """
+        self.target.transition('on')
+        # The tests finish on a root shell
+        test_patterns = [r'([a-zA-Z0-9_ ]+): \[([a-zA-Z_ ]+)\]',
+                         'ACS run is completed'] # Signifies successful completion
+
+        while True:
+            match_id = self.target.expect(self.console, test_patterns,
+                                          timeout=10*60*60)
+            if match_id == 0:
+                # A test group's result has been printed
+                matches = self.target.match(self.console)
+                group_name = matches[1].decode().strip()
+                status = matches[2].decode().strip()
+                self.logger.info(f'Test Group ({group_name}): {status}')
+            elif match_id == 1:
+                break
+
+        # Workaround to ensure the model syncs the log files to disk
+        self.target.sendline(self.console, r'sync /mnt')
+        self.target.expect(self.console, r'root@generic-arm64:~#')
+
+        self.logger.info('Linux tests complete')
diff --git a/meta-arm/meta-arm-systemready/recipes-bsp/arm-systemready/arm-systemready-firmware.bb b/meta-arm/meta-arm-systemready/recipes-bsp/arm-systemready/arm-systemready-firmware.bb
new file mode 100644
index 0000000..54ffc85
--- /dev/null
+++ b/meta-arm/meta-arm-systemready/recipes-bsp/arm-systemready/arm-systemready-firmware.bb
@@ -0,0 +1,14 @@
+SUMMARY = "Arm SystemReady Firmware Image"
+DESCRIPTION = "This recipe ensures that all packages listed in \
+ARM_SYSTEMREADY_FIRMWARE variable (set at machine conf) are deployed."
+
+EXTRA_IMAGEDEPENDS = "${ARM_SYSTEMREADY_FIRMWARE}"
+
+inherit extra_imagedepends_only
+
+python() {
+    if not d.getVar("ARM_SYSTEMREADY_FIRMWARE"):
+        raise bb.parse.SkipRecipe("ARM_SYSTEMREADY_FIRMWARE needs to be set")
+}
+
+do_testimage[noexec] = "1"
diff --git a/meta-arm/meta-arm-systemready/recipes-devtools/python/python3-construct-native_2.10.68.bb b/meta-arm/meta-arm-systemready/recipes-devtools/python/python3-construct-native_2.10.68.bb
new file mode 100644
index 0000000..5e39ae7
--- /dev/null
+++ b/meta-arm/meta-arm-systemready/recipes-devtools/python/python3-construct-native_2.10.68.bb
@@ -0,0 +1,13 @@
+SUMMARY = "A powerful declarative symmetric parser/builder for binary data"
+HOMEPAGE = "https://github.com/construct/construct"
+
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=202b39559c1c79fe4715ce81e9e0ac02"
+
+PYPI_PACKAGE = "construct"
+
+SRC_URI[sha256sum] = "7b2a3fd8e5f597a5aa1d614c3bd516fa065db01704c72a1efaaeec6ef23d8b45"
+
+inherit pypi
+inherit setuptools3
+inherit native
diff --git a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-ir-acs.bb b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-ir-acs.bb
new file mode 100644
index 0000000..f9226c3
--- /dev/null
+++ b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-ir-acs.bb
@@ -0,0 +1,61 @@
+SUMMARY = "Arm SystemReady IR ACS"
+DESCRIPTION = "Arm SystemReady IR Architecture Compliance Suite prebuilt image"
+
+LICENSE = "AFL-2.1 & Apache-2.0 & BSD-2-Clause & BSD-2-Clause-Patent \
+           & BSD-3-Clause & BSD-4-Clause & bzip2-1.0.4 & bzip2-1.0.6 & CC-BY-SA-4.0 \
+           & curl & GPL-2.0-only & GPL-2.0-or-later & GPL-3.0-only \
+           & GPL-3.0-or-later & GPL-3.0-with-GCC-exception & ISC \
+           & LGPL-2.0-only & LGPL-2.0-or-later & LGPL-2.1-only \
+           & LGPL-2.1-or-later & LGPL-3.0-only & MIT & MPL-2.0 & PD & PSF-2.0 \
+           & Python-2.0 & Unicode-DFS-2016 & Unicode-TOU & Zlib"
+LIC_FILES_CHKSUM = "\
+file://${COMMON_LICENSE_DIR}/AFL-2.1;md5=e40039b90e182a056bcd9ad3e47ddd71 \
+file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10 \
+file://${COMMON_LICENSE_DIR}/BSD-2-Clause;md5=cb641bc04cda31daea161b1bc15da69f \
+file://${COMMON_LICENSE_DIR}/BSD-2-Clause-Patent;md5=0518d409dae93098cca8dfa932f3ab1b \
+file://${COMMON_LICENSE_DIR}/BSD-3-Clause;md5=550794465ba0ec5312d6919e203a55f9 \
+file://${COMMON_LICENSE_DIR}/BSD-4-Clause;md5=624d9e67e8ac41a78f6b6c2c55a83a2b \
+file://${COMMON_LICENSE_DIR}/bzip2-1.0.4;md5=452e1b423688222dcfc3cb9462c92902 \
+file://${COMMON_LICENSE_DIR}/bzip2-1.0.6;md5=841c5495611ae95b13e80fa4a0627333 \
+file://${COMMON_LICENSE_DIR}/CC-BY-SA-4.0;md5=4084714af41157e38872e798eb3fe1b1 \
+file://${COMMON_LICENSE_DIR}/curl;md5=f7adb1397db248527ffed14d947e445c \
+file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6 \
+file://${COMMON_LICENSE_DIR}/GPL-2.0-or-later;md5=fed54355545ffd980b814dab4a3b312c \
+file://${COMMON_LICENSE_DIR}/GPL-3.0-only;md5=c79ff39f19dfec6d293b95dea7b07891 \
+file://${COMMON_LICENSE_DIR}/GPL-3.0-or-later;md5=1c76c4cc354acaac30ed4d5eefea7245 \
+file://${COMMON_LICENSE_DIR}/GPL-3.0-with-GCC-exception;md5=aef5f35c9272f508be848cd99e0151df \
+file://${COMMON_LICENSE_DIR}/ISC;md5=f3b90e78ea0cffb20bf5cca7947a896d \
+file://${COMMON_LICENSE_DIR}/LGPL-2.0-only;md5=9427b8ccf5cf3df47c29110424c9641a \
+file://${COMMON_LICENSE_DIR}/LGPL-2.0-or-later;md5=6d2d9952d88b50a51a5c73dc431d06c7 \
+file://${COMMON_LICENSE_DIR}/LGPL-2.1-only;md5=1a6d268fd218675ffea8be556788b780 \
+file://${COMMON_LICENSE_DIR}/LGPL-2.1-or-later;md5=2a4f4fd2128ea2f65047ee63fbca9f68 \
+file://${COMMON_LICENSE_DIR}/LGPL-3.0-only;md5=bfccfe952269fff2b407dd11f2f3083b \
+file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \
+file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad \
+file://${COMMON_LICENSE_DIR}/PD;md5=b3597d12946881e13cb3b548d1173851 \
+file://${COMMON_LICENSE_DIR}/PSF-2.0;md5=76c1502273262a5ebefb50dfb20d7c4f \
+file://${COMMON_LICENSE_DIR}/Python-2.0;md5=a5c8025e305fb49e6d405769358851f6 \
+file://${COMMON_LICENSE_DIR}/Unicode-DFS-2016;md5=907371994d651afe53e98adc27824669 \
+file://${COMMON_LICENSE_DIR}/Unicode-TOU;md5=666362dc5dba74f477af0f44fb85bd22 \
+file://${COMMON_LICENSE_DIR}/Zlib;md5=87f239f408daca8a157858e192597633 \
+"
+IMAGE_CLASSES:remove = "license_image"
+
+COMPATIBLE_MACHINE = "fvp-*"
+
+TEST_SUITES = "arm_systemready_ir_acs"
+
+PV = "2.0.0"
+PV_DATE = "23.03"
+FULL_PV = "v${PV_DATE}_${PV}"
+ARM_SYSTEMREADY_IR_ACS_BRANCH ?= "main"
+IMAGE_FILENAME = "ir-acs-live-image-generic-arm64.wic"
+SRC_URI = " \
+    https://github.com/ARM-software/arm-systemready/raw/${ARM_SYSTEMREADY_IR_ACS_BRANCH}/IR/prebuilt_images/${FULL_PV}/${IMAGE_FILENAME}.xz;name=acs-img \
+    git://git.gitlab.arm.com/systemready/systemready-ir-template.git;protocol=https;nobranch=1;destsuffix=systemready-ir-template;name=sr-ir-template \
+"
+SRC_URI[acs-img.sha256sum] = "ea52f84dab44bde97de3e2d2224d883acaae35724dd8e2bdfb125de49040f9b3"
+# Revision pointing to v2023.04 tag
+SRCREV_sr-ir-template = "c714db178ddf72e5ae5017f15421095297d5bf0e"
+
+inherit arm-systemready-acs
diff --git a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-scripts-native.bb b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-scripts-native.bb
new file mode 100644
index 0000000..ccc87ed
--- /dev/null
+++ b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-scripts-native.bb
@@ -0,0 +1,31 @@
+SUMMARY = "System Ready Scripts"
+DESCRIPTION = "A collection of scripts to help with SystemReady compliance."
+HOMEPAGE = "https://gitlab.arm.com/systemready/systemready-scripts"
+
+inherit native
+
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=85b7d439a311c22626c2e3f05daf628e"
+
+RDEPENDS:${PN} = "python3-packaging-native python3-pyyaml-native \
+python3-chardet-native python3-requests-native python3-construct-native \
+dtc-native python3-dtschema-wrapper-native"
+
+PV = "v2023.04"
+S = "${WORKDIR}/git"
+SRC_URI = "\
+        git://git.gitlab.arm.com/systemready/systemready-scripts.git;protocol=https;nobranch=1 \
+        file://0001-check-sr-results-Return-non-zero-exit-code-on-failur.patch \
+        file://0002-check-sr-results-Device-tree-improvements.patch \
+"
+
+# The SRCREV is at the v2023.04 tag
+SRCREV  = "f8244ab8da09f9e6005ceff81ebb234f35a2a698"
+
+do_install() {
+    install -d ${D}/${libdir}/systemready_scripts
+    cp -r ${S}/* ${D}/${libdir}/systemready_scripts
+}
+
+do_configure[noexec] = "1"
+do_compile[noexec] = "1"
diff --git a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-scripts/0001-check-sr-results-Return-non-zero-exit-code-on-failur.patch b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-scripts/0001-check-sr-results-Return-non-zero-exit-code-on-failur.patch
new file mode 100644
index 0000000..6a95881
--- /dev/null
+++ b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-scripts/0001-check-sr-results-Return-non-zero-exit-code-on-failur.patch
@@ -0,0 +1,37 @@
+From ad8f2826f6e2cefb630f7fc2c7c99857f224e109 Mon Sep 17 00:00:00 2001
+From: Debbie Martin <Debbie.Martin@arm.com>
+Date: Tue, 5 Sep 2023 21:37:46 +0100
+Subject: [PATCH] check-sr-results: Return non-zero exit code on failure
+
+Return a non-zero exit code if there are any warnings or errors found.
+
+Upstream-Status: Pending
+Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
+---
+ check-sr-results.py | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/check-sr-results.py b/check-sr-results.py
+index 12b89cd..48658f0 100755
+--- a/check-sr-results.py
++++ b/check-sr-results.py
+@@ -185,6 +185,9 @@ class Stats:
+     def inc_error(self):
+         self._inc('error')
+ 
++    def has_warnings_or_errors(self):
++        return self.data['warning'] or self.data['error']
++
+ 
+ # Download (possibly large) file from URL.
+ # We raise an exception in case of issue.
+@@ -1519,3 +1522,6 @@ if __name__ == '__main__':
+     if args.print_meta:
+         print()
+         print_meta()
++
++    if stats.has_warnings_or_errors():
++        exit(1)
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-scripts/0002-check-sr-results-Device-tree-improvements.patch b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-scripts/0002-check-sr-results-Device-tree-improvements.patch
new file mode 100644
index 0000000..f76a03a
--- /dev/null
+++ b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/arm-systemready-scripts/0002-check-sr-results-Device-tree-improvements.patch
@@ -0,0 +1,77 @@
+From 53ceb2d4167b05374678b966031b3d52fc5080a2 Mon Sep 17 00:00:00 2001
+From: Debbie Martin <Debbie.Martin@arm.com>
+Date: Fri, 29 Sep 2023 15:22:17 +0100
+Subject: [PATCH] check-sr-results: Device tree improvements
+
+Make check-sr-results.py accept 'extra_compat' configuration for
+devicetree files, and pass these in the compat list given to
+dt-parser.py.
+
+Update dt-parser.py to parse the GCC version line in the dtb log.
+
+Upstream-Status: Pending
+Signed-off-by: Debbie Martin <Debbie.Martin@arm.com>
+---
+ check-sr-results.py | 12 ++++++++++--
+ dt-parser.py        |  8 ++++++++
+ 2 files changed, 18 insertions(+), 2 deletions(-)
+
+diff --git a/check-sr-results.py b/check-sr-results.py
+index 48658f0..a207a39 100755
+--- a/check-sr-results.py
++++ b/check-sr-results.py
+@@ -598,7 +598,7 @@ def need_regen(filename, deps, margin=0):
+ # We run dtc and dt-validate to produce the log when needed.
+ # We add markers to the log, which will be ignored by dt-parser.py.
+ # We return a Stats object.
+-def check_devicetree(filename):
++def check_devicetree(filename, extra_compat=None):
+     logging.debug(f"Check Devicetree `{filename}'")
+     stats = Stats()
+     log = f"{filename}.log"
+@@ -644,6 +644,9 @@ def check_devicetree(filename):
+     # We use the compatible strings extracted from Linux bindings to filter out
+     # more false positive.
+     compat = get_compat()
++    if extra_compat:
++        with open(compat, "a") as compat_file:
++            compat_file.write("\n".join(extra_compat))
+     cp = run(f"{dt_parser} --compatibles '{compat}' '{log}'")
+
+     if cp.returncode:
+@@ -930,7 +933,12 @@ def check_file(conffile, filename):
+                 stats.add(check_uefi_capsule(filename))
+
+             if 'devicetree' in conffile:
+-                stats.add(check_devicetree(filename))
++                stats.add(
++                    check_devicetree(
++                        filename,
++                        extra_compat=conffile.get("extra_compat")
++                    )
++                )
+
+             if 'uefi-sniff' in conffile:
+                 stats.add(check_uefi_sniff(filename))
+diff --git a/dt-parser.py b/dt-parser.py
+index 3eccd74..c1c0031 100755
+--- a/dt-parser.py
++++ b/dt-parser.py
+@@ -181,6 +181,14 @@ def parse(filename):
+                 }
+                 continue
+
++            # line [GCC <version>]
++            m = re.match(r'\[GCC [0-9\.]+\]', line)
++            if m:
++                logging.debug(
++                    f"line {i}: GCC version (`{line}')"
++                )
++                continue
++
+             # If we could not parse the line we arrive here and complain.
+             logging.warning(f"Unparsed line {i}: `{line}'")
+
+--
+2.25.1
+
diff --git a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/edk2-test-parser-native.bb b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/edk2-test-parser-native.bb
new file mode 100644
index 0000000..ad93c41
--- /dev/null
+++ b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-acs/edk2-test-parser-native.bb
@@ -0,0 +1,26 @@
+SUMMARY = "EDK2 Test Parser"
+DESCRIPTION = "EDK2 Test Parser for parsing the results of UEFI SCT tests"
+HOMEPAGE = "https://gitlab.arm.com/systemready/edk2-test-parser"
+
+inherit native
+
+LICENSE = "BSD-2-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=c0550be4b3b9c0223efd0eaa70dc9085"
+
+RDEPENDS:${PN} = "python3-packaging-native python3-pyyaml-native \
+                  python3-jsonschema-native"
+
+PV = "v2023.04"
+S = "${WORKDIR}/git"
+SRC_URI = "git://git.gitlab.arm.com/systemready/edk2-test-parser.git;protocol=https;nobranch=1"
+
+# The SRCREV is at the v2023.04 tag
+SRCREV  = "e8cdb692592d2a152cb87cf4d9fbd7ba2ae8b405"
+
+do_install() {
+    install -d ${D}/${libdir}/edk2_test_parser
+    cp -r ${S}/* ${D}/${libdir}/edk2_test_parser
+}
+
+do_configure[noexec] = "1"
+do_compile[noexec] = "1"
diff --git a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-debian.bb b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-debian.bb
new file mode 100644
index 0000000..04faa3a
--- /dev/null
+++ b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-debian.bb
@@ -0,0 +1,41 @@
+require arm-systemready-linux-distros.inc
+
+LICENSE = "GPL-1.0-only & GPL-1.0-or-later & GPL-2.0-only & GPL-2.0-or-later \
+           & GPL-3.0-only & GPL-3.0-or-later & LGPL-2.0-only \
+           & LGPL-2.0-or-later & LGPL-2.1-only & LGPL-2.1-or-later \
+           & LGPL-3.0-only & LGPL-3.0-or-later & BSD-3-Clause & BSD-4-Clause \
+           & Artistic-1.0-Perl & Apache-1.0 & Apache-1.1 & Apache-2.0 & Zlib \
+           & Python-2.0 & Ruby & PHP-3.01 & W3C-20150513 & OpenSSL & Sleepycat"
+LIC_FILES_CHKSUM = "\
+file://${COMMON_LICENSE_DIR}/GPL-1.0-only;md5=e9e36a9de734199567a4d769498f743d \
+file://${COMMON_LICENSE_DIR}/GPL-1.0-or-later;md5=30c0b8a5048cc2f4be5ff15ef0d8cf61 \
+file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6 \
+file://${COMMON_LICENSE_DIR}/GPL-2.0-or-later;md5=fed54355545ffd980b814dab4a3b312c \
+file://${COMMON_LICENSE_DIR}/GPL-3.0-only;md5=c79ff39f19dfec6d293b95dea7b07891 \
+file://${COMMON_LICENSE_DIR}/GPL-3.0-or-later;md5=1c76c4cc354acaac30ed4d5eefea7245 \
+file://${COMMON_LICENSE_DIR}/LGPL-2.0-only;md5=9427b8ccf5cf3df47c29110424c9641a \
+file://${COMMON_LICENSE_DIR}/LGPL-2.0-or-later;md5=6d2d9952d88b50a51a5c73dc431d06c7 \
+file://${COMMON_LICENSE_DIR}/LGPL-2.1-only;md5=1a6d268fd218675ffea8be556788b780 \
+file://${COMMON_LICENSE_DIR}/LGPL-2.1-or-later;md5=2a4f4fd2128ea2f65047ee63fbca9f68 \
+file://${COMMON_LICENSE_DIR}/LGPL-3.0-only;md5=bfccfe952269fff2b407dd11f2f3083b \
+file://${COMMON_LICENSE_DIR}/LGPL-3.0-or-later;md5=c51d3eef3be114124d11349ca0d7e117 \
+file://${COMMON_LICENSE_DIR}/BSD-3-Clause;md5=550794465ba0ec5312d6919e203a55f9 \
+file://${COMMON_LICENSE_DIR}/BSD-4-Clause;md5=624d9e67e8ac41a78f6b6c2c55a83a2b \
+file://${COMMON_LICENSE_DIR}/Artistic-1.0-Perl;md5=8feedd169dbd5738981843bd7d931f9f \
+file://${COMMON_LICENSE_DIR}/Apache-1.0;md5=9f7a9503b805de9158a2a31a2cef4b70 \
+file://${COMMON_LICENSE_DIR}/Apache-1.1;md5=61cc638ff95ff4f38f243855bcec4317 \
+file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10 \
+file://${COMMON_LICENSE_DIR}/Zlib;md5=87f239f408daca8a157858e192597633 \
+file://${COMMON_LICENSE_DIR}/Python-2.0;md5=a5c8025e305fb49e6d405769358851f6 \
+file://${COMMON_LICENSE_DIR}/Ruby;md5=105fc57d3f4d3122db32912f3e6107d0 \
+file://${COMMON_LICENSE_DIR}/PHP-3.01;md5=3363e286b5882ec667a6ebd86e0d9d91 \
+file://${COMMON_LICENSE_DIR}/W3C-20150513;md5=9ff23a699fca546a380855dd40d12d4f \
+file://${COMMON_LICENSE_DIR}/OpenSSL;md5=4eb1764f3e65fafa1a25057f9082f2ae \
+file://${COMMON_LICENSE_DIR}/Sleepycat;md5=1cbb64231c94198653282f3ccab88ffb \
+"
+
+PV = "11.7.0"
+# netinst, DVD-1
+ISO_TYPE = "netinst"
+SRC_URI = "https://cdimage.debian.org/mirror/cdimage/archive/${PV}/arm64/iso-cd/debian-${PV}-arm64-${ISO_TYPE}.iso;unpack=0;downloadfilename=${ISO_IMAGE_NAME}.iso"
+SRC_URI[sha256sum] = "174caba674fe3172938439257156b9cb8940bb5fd5ddf124256e81ec00ec460d"
diff --git a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-opensuse.bb b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-opensuse.bb
new file mode 100644
index 0000000..13e4355
--- /dev/null
+++ b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros-opensuse.bb
@@ -0,0 +1,69 @@
+require arm-systemready-linux-distros.inc
+
+LICENSE = "AGPL-3.0-only & Apache-2.0 & Artistic-1.0 & Artistic-2.0 \
+           & BSD-2-Clause-Patent & BSD-2-Clause & BSD-3-Clause & BSD-4-Clause \
+           & CC-BY-3.0 & CC-BY-4.0 & CC-BY-SA-1.0 & CC-BY-SA-3.0 \
+           & CC-BY-SA-4.0 & CC0-1.0 & CDDL-1.0 & GFDL-1.1-only \
+           & GFDL-1.2-only & GFDL-1.3-only & GFDL-1.3-or-later \
+           & GPL-1.0-or-later & GPL-2.0-only & GPL-2.0-or-later \
+           & GPL-3.0-only & GPL-3.0-or-later & HPND & ICU & IPA \
+           & ISC & LGPL-2.0-only & LGPL-2.0-or-later & LGPL-2.1-only \
+           & LGPL-2.1-or-later & LGPL-3.0-only & LGPL-3.0-or-later \
+           & LPPL-1.3c & MIT & MPL-1.1 & MPL-2.0 & OFL-1.1 & OLDAP-2.8 \
+           & OpenSSL & Python-2.0 & Vim & W3C"
+
+LIC_FILES_CHKSUM = "\
+file://${COMMON_LICENSE_DIR}/AGPL-3.0-only;md5=73f1eb20517c55bf9493b7dd6e480788 \
+file://${COMMON_LICENSE_DIR}/Apache-2.0;md5=89aea4e17d99a7cacdbeed46a0096b10 \
+file://${COMMON_LICENSE_DIR}/Artistic-1.0;md5=cda03bbdc3c1951996392b872397b798 \
+file://${COMMON_LICENSE_DIR}/Artistic-2.0;md5=8bbc66f0ba93cec26ef526117e280266 \
+file://${COMMON_LICENSE_DIR}/BSD-2-Clause-Patent;md5=0518d409dae93098cca8dfa932f3ab1b \
+file://${COMMON_LICENSE_DIR}/BSD-2-Clause;md5=cb641bc04cda31daea161b1bc15da69f \
+file://${COMMON_LICENSE_DIR}/BSD-3-Clause;md5=550794465ba0ec5312d6919e203a55f9 \
+file://${COMMON_LICENSE_DIR}/BSD-4-Clause;md5=624d9e67e8ac41a78f6b6c2c55a83a2b \
+file://${COMMON_LICENSE_DIR}/CC-BY-3.0;md5=dfa02b5755629022e267f10b9c0a2ab7 \
+file://${COMMON_LICENSE_DIR}/CC-BY-4.0;md5=9b33bbd06fb58995fb0e299cd38d1838 \
+file://${COMMON_LICENSE_DIR}/CC-BY-SA-1.0;md5=681ffad43a0addd90f1bebf45675104e \
+file://${COMMON_LICENSE_DIR}/CC-BY-SA-3.0;md5=3248afbd148270ac7337a6f3e2558be5 \
+file://${COMMON_LICENSE_DIR}/CC-BY-SA-4.0;md5=4084714af41157e38872e798eb3fe1b1 \
+file://${COMMON_LICENSE_DIR}/CC0-1.0;md5=0ceb3372c9595f0a8067e55da801e4a1 \
+file://${COMMON_LICENSE_DIR}/CDDL-1.0;md5=d63dcc9297f2efd6c18d1e560b807bc6 \
+file://${COMMON_LICENSE_DIR}/GFDL-1.1-only;md5=03322744a1a73f36ebf29f98cced39a4 \
+file://${COMMON_LICENSE_DIR}/GFDL-1.2-only;md5=9f58808219e9a42ff1228309d6f83dc6 \
+file://${COMMON_LICENSE_DIR}/GFDL-1.3-only;md5=e0771ae6a62dc8a2e50b1d450fea66b7 \
+file://${COMMON_LICENSE_DIR}/GFDL-1.3-or-later;md5=e0771ae6a62dc8a2e50b1d450fea66b7 \
+file://${COMMON_LICENSE_DIR}/GPL-1.0-or-later;md5=30c0b8a5048cc2f4be5ff15ef0d8cf61 \
+file://${COMMON_LICENSE_DIR}/GPL-2.0-only;md5=801f80980d171dd6425610833a22dbe6 \
+file://${COMMON_LICENSE_DIR}/GPL-2.0-or-later;md5=fed54355545ffd980b814dab4a3b312c \
+file://${COMMON_LICENSE_DIR}/GPL-3.0-only;md5=c79ff39f19dfec6d293b95dea7b07891 \
+file://${COMMON_LICENSE_DIR}/GPL-3.0-or-later;md5=1c76c4cc354acaac30ed4d5eefea7245 \
+file://${COMMON_LICENSE_DIR}/HPND;md5=faa364b3e3c6db0f74cc0e704ddf6b9c \
+file://${COMMON_LICENSE_DIR}/ICU;md5=4d85ad1f393add71dc66bcf78e3ee584 \
+file://${COMMON_LICENSE_DIR}/IPA;md5=17b18da2d8b2c43c598aa7583229ef1b \
+file://${COMMON_LICENSE_DIR}/ISC;md5=f3b90e78ea0cffb20bf5cca7947a896d \
+file://${COMMON_LICENSE_DIR}/LGPL-2.0-only;md5=9427b8ccf5cf3df47c29110424c9641a \
+file://${COMMON_LICENSE_DIR}/LGPL-2.0-or-later;md5=6d2d9952d88b50a51a5c73dc431d06c7 \
+file://${COMMON_LICENSE_DIR}/LGPL-2.1-only;md5=1a6d268fd218675ffea8be556788b780 \
+file://${COMMON_LICENSE_DIR}/LGPL-2.1-or-later;md5=2a4f4fd2128ea2f65047ee63fbca9f68 \
+file://${COMMON_LICENSE_DIR}/LGPL-3.0-only;md5=bfccfe952269fff2b407dd11f2f3083b \
+file://${COMMON_LICENSE_DIR}/LGPL-3.0-or-later;md5=c51d3eef3be114124d11349ca0d7e117 \
+file://${COMMON_LICENSE_DIR}/LPPL-1.3c;md5=ba2fa6fe055623756de43a298d88a8b3 \
+file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302 \
+file://${COMMON_LICENSE_DIR}/MPL-1.1;md5=1d38e87ed8d522c49f04e1efe0fab3ab \
+file://${COMMON_LICENSE_DIR}/MPL-2.0;md5=815ca599c9df247a0c7f619bab123dad \
+file://${COMMON_LICENSE_DIR}/OFL-1.1;md5=fac3a519e5e9eb96316656e0ca4f2b90 \
+file://${COMMON_LICENSE_DIR}/OLDAP-2.8;md5=bb28ada4fbb5c3f52c233899b2e410a5 \
+file://${COMMON_LICENSE_DIR}/OpenSSL;md5=4eb1764f3e65fafa1a25057f9082f2ae \
+file://${COMMON_LICENSE_DIR}/Python-2.0;md5=a5c8025e305fb49e6d405769358851f6 \
+file://${COMMON_LICENSE_DIR}/Vim;md5=676d28582e2dca824e7e309a9865eeb1 \
+file://${COMMON_LICENSE_DIR}/W3C;md5=4b1d0384b406508a63e51f7c69687700 \
+"
+
+ARM_SYSTEMREADY_LINUX_DISTRO_INSTALL_SIZE = "6144"
+
+PV = "15.4"
+# possible value of ISO_TYPE: NET, DVD
+ISO_TYPE = "DVD"
+BUILD_NO = "243.2"
+SRC_URI = "https://download.opensuse.org/distribution/leap/${PV}/iso/openSUSE-Leap-${PV}-${ISO_TYPE}-aarch64-Build${BUILD_NO}-Media.iso;unpack=0;downloadfilename=${ISO_IMAGE_NAME}.iso"
+SRC_URI[sha256sum] = "d87f79b2b723f9baaeedd9e2be0365c04081e51a4f7f7f08c7ab3eee0c3e0fae"
diff --git a/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros.inc b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros.inc
new file mode 100644
index 0000000..e247a42
--- /dev/null
+++ b/meta-arm/meta-arm-systemready/recipes-test/arm-systemready-linux-distros/arm-systemready-linux-distros.inc
@@ -0,0 +1,50 @@
+SUMMARY = "Arm SystemReady Linux distros installation"
+DESCRIPTION = "Arm SystemReady Linux distro CD/DVD images and installation \
+               target disk image"
+
+IMAGE_CLASSES:remove = "license_image testimage"
+
+INHIBIT_DEFAULT_DEPS = "1"
+COMPATIBLE_HOST = "aarch64-*"
+PACKAGE_ARCH = "${TARGET_ARCH}"
+
+inherit nopackages deploy rootfs-postcommands ${IMAGE_CLASSES}
+
+do_configure[noexec] = "1"
+do_compile[noexec] = "1"
+
+ISO_IMAGE_NAME = "${PN}-${PV}"
+IMAGE_LINK_NAME = "${PN}-${PV}-${MACHINE}"
+
+ARM_SYSTEMREADY_LINUX_DISTRO_ISO_IMAGE = \
+    "${DEPLOY_DIR_IMAGE}/${ISO_IMAGE_NAME}.iso"
+# Size of installation disk in MB
+ARM_SYSTEMREADY_LINUX_DISTRO_INSTALL_SIZE ?= "4096"
+
+do_image() {
+    dd if=/dev/zero of=${WORKDIR}/${IMAGE_LINK_NAME}.wic \
+        bs=1M count=${ARM_SYSTEMREADY_LINUX_DISTRO_INSTALL_SIZE} status=none
+}
+
+do_deploy() {
+    # Deploy the iso and installation target disk image to the deploy folder
+    install -m 644 ${WORKDIR}/${ISO_IMAGE_NAME}.iso ${DEPLOYDIR}
+    install -m 644 ${WORKDIR}/${IMAGE_LINK_NAME}.wic ${DEPLOYDIR}
+}
+
+addtask image before do_install
+addtask deploy after do_install before do_image_complete
+
+# Post-process commands may write to IMGDEPLOYDIR
+IMGDEPLOYDIR = "${DEPLOY_DIR_IMAGE}"
+
+python do_image_complete() {
+    # Run the image post-process commands
+    from oe.utils import execute_pre_post_process
+    post_process_cmds = d.getVar("IMAGE_POSTPROCESS_COMMAND")
+    execute_pre_post_process(d, post_process_cmds)
+}
+do_image_complete[nostamp] = "1"
+addtask image_complete after do_deploy before do_build
+
+do_install[depends] += "arm-systemready-firmware:do_image_complete"
diff --git a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_12.3.rel1.bb b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_12.3.rel1.bb
deleted file mode 100644
index 7d06f29..0000000
--- a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_12.3.rel1.bb
+++ /dev/null
@@ -1,21 +0,0 @@
-# Copyright (C) 2020 Texas Instruments Inc.
-# Released under the MIT license (see COPYING.MIT for the terms)
-
-require arm-binary-toolchain.inc
-
-COMPATIBLE_HOST = "(x86_64|aarch64).*-linux"
-
-SUMMARY = "Arm GNU Toolchain - AArch64 bare-metal target (aarch64-none-elf)"
-LICENSE = "GPL-3.0-with-GCC-exception & GPL-3.0-only"
-
-LIC_FILES_CHKSUM:aarch64 = "file://share/doc/gcc/Copying.html;md5=0aef214b835259b64f026f4ad00c703e"
-LIC_FILES_CHKSUM:x86-64 = "file://share/doc/gcc/Copying.html;md5=7ba3bc8ef145b48e2756a844db2029a3"
-
-SRC_URI = "https://developer.arm.com/-/media/Files/downloads/gnu/${PV}/binrel/arm-gnu-toolchain-${PV}-${HOST_ARCH}-${BINNAME}.tar.xz;name=gcc-${HOST_ARCH}"
-SRC_URI[gcc-aarch64.sha256sum] = "76ba68db4390b50f0a16386c6a011ec611a35a517ae40b7be008ca7920cfa59f"
-SRC_URI[gcc-x86_64.sha256sum] = "382c8c786285e415bc0ff4df463e101f76d6f69a894b03f132368147c37f0ba7"
-
-S = "${WORKDIR}/arm-gnu-toolchain-${PV}-${HOST_ARCH}-${BINNAME}"
-
-UPSTREAM_CHECK_URI = "https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/gnu-a/downloads"
-UPSTREAM_CHECK_REGEX = "gcc-arm-(?P<pver>.+)-${HOST_ARCH}-${BINNAME}\.tar\.\w+"
diff --git a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_13.2.Rel1.bb b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_13.2.Rel1.bb
new file mode 100644
index 0000000..890efa7
--- /dev/null
+++ b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-aarch64-none-elf_13.2.Rel1.bb
@@ -0,0 +1,21 @@
+# Copyright (C) 2020 Texas Instruments Inc.
+# Released under the MIT license (see COPYING.MIT for the terms)
+
+require arm-binary-toolchain.inc
+
+COMPATIBLE_HOST = "(x86_64|aarch64).*-linux"
+
+SUMMARY = "Arm GNU Toolchain - AArch64 bare-metal target (aarch64-none-elf)"
+LICENSE = "GPL-3.0-with-GCC-exception & GPL-3.0-only"
+
+LIC_FILES_CHKSUM:aarch64 = "file://share/doc/gcc/Copying.html;md5=402090210d41f07263e91f760d0d1ea3"
+LIC_FILES_CHKSUM:x86-64 = "file://share/doc/gcc/Copying.html;md5=2a62a4d37ddad55da732679acd9edf03"
+
+SRC_URI = "https://developer.arm.com/-/media/Files/downloads/gnu/${PV}/binrel/arm-gnu-toolchain-${PV}-${HOST_ARCH}-${BINNAME}.tar.xz;name=gcc-${HOST_ARCH}"
+SRC_URI[gcc-aarch64.sha256sum] = "f3871c0d91a7375834eb43eb758f4df6d8dadf20ad9deca2eb569d5599d98e89"
+SRC_URI[gcc-x86_64.sha256sum] = "7fe7b8548258f079d6ce9be9144d2a10bd2bf93b551dafbf20fe7f2e44e014b8"
+
+S = "${WORKDIR}/arm-gnu-toolchain-${PV}-${HOST_ARCH}-${BINNAME}"
+
+UPSTREAM_CHECK_URI = "https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/gnu-a/downloads"
+UPSTREAM_CHECK_REGEX = "gcc-arm-(?P<pver>.+)-${HOST_ARCH}-${BINNAME}\.tar\.\w+"
diff --git a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_12.3.rel1.bb b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_12.3.rel1.bb
deleted file mode 100644
index 6c33ec6..0000000
--- a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_12.3.rel1.bb
+++ /dev/null
@@ -1,21 +0,0 @@
-# Copyright (C) 2019 Garmin Ltd. or its subsidiaries
-# Released under the MIT license (see COPYING.MIT for the terms)
-
-require arm-binary-toolchain.inc
-
-COMPATIBLE_HOST = "(x86_64|aarch64).*-linux"
-
-SUMMARY = "Arm GNU Toolchain - AArch32 bare-metal target (arm-none-eabi)"
-LICENSE = "GPL-3.0-with-GCC-exception & GPL-3.0-only"
-
-LIC_FILES_CHKSUM:aarch64 = "file://share/doc/gcc/Copying.html;md5=0aef214b835259b64f026f4ad00c703e"
-LIC_FILES_CHKSUM:x86-64 = "file://share/doc/gcc/Copying.html;md5=7ba3bc8ef145b48e2756a844db2029a3"
-
-SRC_URI = "https://developer.arm.com/-/media/Files/downloads/gnu/${PV}/binrel/arm-gnu-toolchain-${PV}-${HOST_ARCH}-${BINNAME}.tar.xz;name=gcc-${HOST_ARCH}"
-SRC_URI[gcc-aarch64.sha256sum] = "14c0487d5753f6071d24e568881f7c7e67f80dd83165dec5164b3731394af431"
-SRC_URI[gcc-x86_64.sha256sum] = "12a2815644318ebcceaf84beabb665d0924b6e79e21048452c5331a56332b309"
-
-S = "${WORKDIR}/arm-gnu-toolchain-${PV}-${HOST_ARCH}-${BINNAME}"
-
-UPSTREAM_CHECK_URI = "https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/downloads"
-UPSTREAM_CHECK_REGEX = "${BPN}-(?P<pver>.+)-${HOST_ARCH}-linux\.tar\.\w+"
diff --git a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_13.2.Rel1.bb b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_13.2.Rel1.bb
new file mode 100644
index 0000000..00390b5
--- /dev/null
+++ b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/gcc-arm-none-eabi_13.2.Rel1.bb
@@ -0,0 +1,21 @@
+# Copyright (C) 2019 Garmin Ltd. or its subsidiaries
+# Released under the MIT license (see COPYING.MIT for the terms)
+
+require arm-binary-toolchain.inc
+
+COMPATIBLE_HOST = "(x86_64|aarch64).*-linux"
+
+SUMMARY = "Arm GNU Toolchain - AArch32 bare-metal target (arm-none-eabi)"
+LICENSE = "GPL-3.0-with-GCC-exception & GPL-3.0-only"
+
+LIC_FILES_CHKSUM:aarch64 = "file://share/doc/gcc/Copying.html;md5=402090210d41f07263e91f760d0d1ea3"
+LIC_FILES_CHKSUM:x86-64 = "file://share/doc/gcc/Copying.html;md5=2a62a4d37ddad55da732679acd9edf03"
+
+SRC_URI = "https://developer.arm.com/-/media/Files/downloads/gnu/${PV}/binrel/arm-gnu-toolchain-${PV}-${HOST_ARCH}-${BINNAME}.tar.xz;name=gcc-${HOST_ARCH}"
+SRC_URI[gcc-aarch64.sha256sum] = "8fd8b4a0a8d44ab2e195ccfbeef42223dfb3ede29d80f14dcf2183c34b8d199a"
+SRC_URI[gcc-x86_64.sha256sum] = "6cd1bbc1d9ae57312bcd169ae283153a9572bd6a8e4eeae2fedfbc33b115fdbb"
+
+S = "${WORKDIR}/arm-gnu-toolchain-${PV}-${HOST_ARCH}-${BINNAME}"
+
+UPSTREAM_CHECK_URI = "https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/downloads"
+UPSTREAM_CHECK_REGEX = "${BPN}-(?P<pver>.+)-${HOST_ARCH}-linux\.tar\.\w+"
diff --git a/meta-arm/meta-arm/conf/machine/generic-arm64.conf b/meta-arm/meta-arm/conf/machine/generic-arm64.conf
index 2e82e86..9594e04 100644
--- a/meta-arm/meta-arm/conf/machine/generic-arm64.conf
+++ b/meta-arm/meta-arm/conf/machine/generic-arm64.conf
@@ -18,7 +18,6 @@
 MACHINE_FEATURES:append = " alsa bluetooth efi qemu-usermode rtc screen usbhost vfat wifi"
 
 SERIAL_CONSOLES ?= "115200;ttyAMA0 115200;hvc0"
-SERIAL_CONSOLES_CHECK = "${SERIAL_CONSOLES}"
 
 XSERVER ?= "xserver-xorg \
             xf86-video-fbdev \
diff --git a/meta-arm/meta-arm/lib/fvp/runner.py b/meta-arm/meta-arm/lib/fvp/runner.py
index 7ca3673..e7c1358 100644
--- a/meta-arm/meta-arm/lib/fvp/runner.py
+++ b/meta-arm/meta-arm/lib/fvp/runner.py
@@ -100,7 +100,7 @@
                 env[name] = os.environ[name]
 
         # Allow filepath to be relative to fvp configuration file
-        cwd = os.path.dirname(fvpconf)
+        cwd = os.path.dirname(fvpconf) or None
         self._logger.debug(f"FVP call will be executed in working directory: {cwd}")
 
         self._logger.debug(f"Constructed FVP call: {shlex_join(cli)}")
diff --git a/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py b/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py
index d60aa3c..c995f89 100644
--- a/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py
+++ b/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py
@@ -1,4 +1,3 @@
-import asyncio
 import os
 import json
 import pathlib
@@ -7,15 +6,17 @@
 import unittest.mock
 
 from oeqa.selftest.case import OESelftestTestCase
+from oeqa.core.decorator import OETestTag
 
 runfvp = pathlib.Path(__file__).parents[5] / "scripts" / "runfvp"
 testdir = pathlib.Path(__file__).parent / "tests"
 
+@OETestTag("meta-arm")
 class RunFVPTests(OESelftestTestCase):
     def setUpLocal(self):
         self.assertTrue(runfvp.exists())
 
-    def run_fvp(self, *args, should_succeed=True):
+    def run_fvp(self, *args, env=None, should_succeed=True):
         """
         Call runfvp passing any arguments. If check is True verify return stdout
         on exit code 0 or fail the test, otherwise return the CompletedProcess
@@ -24,7 +25,7 @@
         cli = [runfvp,] + list(args)
         print(f"Calling {cli}")
         # Set cwd to testdir so that any mock FVPs are found
-        ret = subprocess.run(cli, cwd=testdir, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, universal_newlines=True)
+        ret = subprocess.run(cli, cwd=testdir, env=env, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, universal_newlines=True)
         if should_succeed:
             self.assertEqual(ret.returncode, 0, f"runfvp exit {ret.returncode}, output: {ret.stdout}")
             return ret.stdout
@@ -51,6 +52,11 @@
         # test-parameter sets one argument, add another manually
         self.run_fvp(testdir / "test-parameter.json", "--", "--parameter", "board.dog=woof")
 
+    def test_fvp_environment(self):
+        output = self.run_fvp(testdir / "test-environment.json", env={"DISPLAY": "test_fvp_environment:42"})
+        self.assertEqual(output.strip(), "Found expected DISPLAY")
+
+@OETestTag("meta-arm")
 class ConfFileTests(OESelftestTestCase):
     def test_no_exe(self):
         from fvp import conffile
@@ -80,6 +86,7 @@
             self.assertTrue("env" in conf)
 
 
+@OETestTag("meta-arm")
 class RunnerTests(OESelftestTestCase):
     def create_mock(self):
         return unittest.mock.patch("subprocess.Popen")
diff --git a/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/mock-fvp.py b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/mock-fvp.py
index 2213c9f..6cf8e45 100755
--- a/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/mock-fvp.py
+++ b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/mock-fvp.py
@@ -2,12 +2,19 @@
 
 import argparse
 import sys
+import os
 
 def do_test_parameters(args):
     if not args.parameter or set(args.parameter) != set(("board.cow=moo", "board.dog=woof")):
         print(f"Unexpected arguments: {args}")
         sys.exit(1)
 
+def do_test_environment(args):
+    if os.environ.get("DISPLAY") == "test_fvp_environment:42":
+        print("Found expected DISPLAY")
+    else:
+        print("Got unexpected environment %s" % str(os.environ))
+        sys.exit(1)
 
 if __name__ == "__main__":
     parser = argparse.ArgumentParser()
diff --git a/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/test-environment.json b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/test-environment.json
new file mode 100644
index 0000000..6e23855
--- /dev/null
+++ b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/test-environment.json
@@ -0,0 +1,4 @@
+{
+    "fvp-bindir": ".",
+    "exe": "test-environment.py"
+}
diff --git a/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/test-environment.py b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/test-environment.py
new file mode 120000
index 0000000..c734eec
--- /dev/null
+++ b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/test-environment.py
@@ -0,0 +1 @@
+mock-fvp.py
\ No newline at end of file
diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-Use-pkg-config-native-to-find-the-libssl-headers.patch b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-Use-pkg-config-native-to-find-the-libssl-headers.patch
index a9a487f..cfb534d 100644
--- a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-Use-pkg-config-native-to-find-the-libssl-headers.patch
+++ b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-Use-pkg-config-native-to-find-the-libssl-headers.patch
@@ -1,4 +1,4 @@
-From 60b8c4e852cbe76c383d5c495ecc8aeb84b407b6 Mon Sep 17 00:00:00 2001
+From 1c1e7ca2874feaa3e447dce578487d42c226ef46 Mon Sep 17 00:00:00 2001
 From: Ross Burton <ross.burton@arm.com>
 Date: Sat, 17 Jul 2021 14:38:02 -0500
 Subject: [PATCH] Use pkg-config-native to find the libssl headers.
@@ -10,7 +10,7 @@
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/scripts/Makefile b/scripts/Makefile
-index 9adb6d247..5fe371c7d 100644
+index 9adb6d247818..5fe371c7d7f5 100644
 --- a/scripts/Makefile
 +++ b/scripts/Makefile
 @@ -3,8 +3,8 @@
diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-arm-hafnium-fix-kernel-tool-linking.patch b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-arm-hafnium-fix-kernel-tool-linking.patch
index d4fe49a..6f91ecf 100644
--- a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-arm-hafnium-fix-kernel-tool-linking.patch
+++ b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-arm-hafnium-fix-kernel-tool-linking.patch
@@ -1,4 +1,4 @@
-From ef156578c1f7100b339ddfe956ff2cd89d61e0d4 Mon Sep 17 00:00:00 2001
+From c17aabb2535d791a715130f21178946ab9c1e29d Mon Sep 17 00:00:00 2001
 From: Ross Burton <ross.burton@arm.com>
 Date: Tue, 9 Nov 2021 23:31:22 +0000
 Subject: [PATCH] arm/hafnium: fix kernel tool linking
diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-work-around-visibility-issue.patch b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-work-around-visibility-issue.patch
index 62c5ec1..dc0c35f 100644
--- a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-work-around-visibility-issue.patch
+++ b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-work-around-visibility-issue.patch
@@ -1,4 +1,4 @@
-From 4f1ab5944c1042a141a2ce16ec8bf1d12749e41a Mon Sep 17 00:00:00 2001
+From 745294ffa9bb9296eb4250f24dd0ae8115fadd7a Mon Sep 17 00:00:00 2001
 From: Jon Mason <jon.mason@arm.com>
 Date: Thu, 27 Oct 2022 20:10:09 +0000
 Subject: [PATCH] work around visibility issue
@@ -16,7 +16,7 @@
  1 file changed, 1 deletion(-)
 
 diff --git a/BUILD.gn b/BUILD.gn
-index f55560c..d60c3e3 100644
+index f55560c540de..d60c3e37135b 100644
 --- a/BUILD.gn
 +++ b/BUILD.gn
 @@ -5,7 +5,6 @@
diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0002-Fix-build-with-clang-15.patch b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0002-Fix-build-with-clang-15.patch
deleted file mode 100644
index c305e97..0000000
--- a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0002-Fix-build-with-clang-15.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-From 960d022fa69568752a58b6f5d78e9759b54cff68 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Thu, 22 Sep 2022 19:13:49 -0700
-Subject: [PATCH] Fix build with clang-15
-
-Clang-15 warns about prototypes a bit harder
-Remove unused variable suites_in_image
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- test/hftest/common.c                                         | 2 --
- test/vmapi/arch/aarch64/gicv3/inc/gicv3.h                    | 2 +-
- test/vmapi/arch/aarch64/gicv3/timer_secondary.c              | 2 +-
- test/vmapi/el0_partitions/services/interruptible.c           | 2 +-
- test/vmapi/el0_partitions/services/interruptible_echo.c      | 2 +-
- test/vmapi/primary_with_secondaries/services/interruptible.c | 2 +-
- 6 files changed, 5 insertions(+), 7 deletions(-)
-
-diff --git a/test/hftest/common.c b/test/hftest/common.c
-index 344ff2452c36..175230a7cfa7 100644
---- a/test/hftest/common.c
-+++ b/test/hftest/common.c
-@@ -67,7 +67,6 @@ void hftest_json(void)
- {
- 	const char *suite = NULL;
- 	size_t i;
--	size_t suites_in_image = 0;
- 	size_t tests_in_suite = 0;
- 
- 	HFTEST_LOG("{");
-@@ -81,7 +80,6 @@ void hftest_json(void)
- 				HFTEST_LOG("    },");
- 			}
- 			/* Move onto new suite. */
--			++suites_in_image;
- 			suite = test->suite;
- 			tests_in_suite = 0;
- 			HFTEST_LOG("    {");
-diff --git a/test/vmapi/arch/aarch64/gicv3/inc/gicv3.h b/test/vmapi/arch/aarch64/gicv3/inc/gicv3.h
-index 28bf29d412f4..dede047a381a 100644
---- a/test/vmapi/arch/aarch64/gicv3/inc/gicv3.h
-+++ b/test/vmapi/arch/aarch64/gicv3/inc/gicv3.h
-@@ -30,4 +30,4 @@ extern void *recv_buffer;
- 
- extern volatile uint32_t last_interrupt_id;
- 
--void gicv3_system_setup();
-+void gicv3_system_setup(void);
-diff --git a/test/vmapi/arch/aarch64/gicv3/timer_secondary.c b/test/vmapi/arch/aarch64/gicv3/timer_secondary.c
-index 0ac07f4411df..6264a5864721 100644
---- a/test/vmapi/arch/aarch64/gicv3/timer_secondary.c
-+++ b/test/vmapi/arch/aarch64/gicv3/timer_secondary.c
-@@ -55,7 +55,7 @@ TEAR_DOWN(timer_secondary_ffa)
- 	EXPECT_FFA_ERROR(ffa_rx_release(), FFA_DENIED);
- }
- 
--static void timer_busywait_secondary()
-+static void timer_busywait_secondary(void)
- {
- 	const char message[] = "loop 0099999";
- 	const char expected_response[] = "Got IRQ 03.";
-diff --git a/test/vmapi/el0_partitions/services/interruptible.c b/test/vmapi/el0_partitions/services/interruptible.c
-index 85c97dc7a857..80fc61b2e5a9 100644
---- a/test/vmapi/el0_partitions/services/interruptible.c
-+++ b/test/vmapi/el0_partitions/services/interruptible.c
-@@ -44,7 +44,7 @@ static void irq(void)
-  * Try to receive a message from the mailbox, blocking if necessary, and
-  * retrying if interrupted.
-  */
--static struct ffa_value mailbox_receive_retry()
-+static struct ffa_value mailbox_receive_retry(void)
- {
- 	struct ffa_value received;
- 
-diff --git a/test/vmapi/el0_partitions/services/interruptible_echo.c b/test/vmapi/el0_partitions/services/interruptible_echo.c
-index 958d75090cce..55511d6a2bce 100644
---- a/test/vmapi/el0_partitions/services/interruptible_echo.c
-+++ b/test/vmapi/el0_partitions/services/interruptible_echo.c
-@@ -33,7 +33,7 @@ static void irq(void)
-  * Try to receive a message from the mailbox, blocking if necessary, and
-  * retrying if interrupted.
-  */
--static struct ffa_value mailbox_receive_retry()
-+static struct ffa_value mailbox_receive_retry(void)
- {
- 	struct ffa_value received;
- 
-diff --git a/test/vmapi/primary_with_secondaries/services/interruptible.c b/test/vmapi/primary_with_secondaries/services/interruptible.c
-index 594f28ac8bc8..3888bf8b0b6e 100644
---- a/test/vmapi/primary_with_secondaries/services/interruptible.c
-+++ b/test/vmapi/primary_with_secondaries/services/interruptible.c
-@@ -41,7 +41,7 @@ static void irq(void)
-  * Try to receive a message from the mailbox, blocking if necessary, and
-  * retrying if interrupted.
-  */
--struct ffa_value mailbox_receive_retry()
-+struct ffa_value mailbox_receive_retry(void)
- {
- 	struct ffa_value received;
- 
diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.8.bb b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.8.bb
deleted file mode 100644
index 5302725..0000000
--- a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.8.bb
+++ /dev/null
@@ -1,81 +0,0 @@
-SUMMARY = "Hafnium"
-DESCRIPTION = "A reference Secure Partition Manager (SPM) for systems that implement the Armv8.4-A Secure-EL2 extension"
-DEPENDS = "gn-native ninja-native bison-native bc-native dtc-native openssl-native"
-
-LICENSE = "BSD-3-Clause & GPL-2.0-only"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=782b40c14bad5294672c500501edc103"
-
-PACKAGE_ARCH = "${MACHINE_ARCH}"
-
-
-CLANGNATIVE = ""
-CLANGNATIVE:runtime-llvm = "clang-native"
-
-inherit deploy python3native pkgconfig ${CLANGNATIVE}
-
-SRC_URI = "gitsm://git.trustedfirmware.org/hafnium/hafnium.git;protocol=https;branch=master \
-           file://0001-arm-hafnium-fix-kernel-tool-linking.patch  \
-           file://0002-Fix-build-with-clang-15.patch \
-           file://0001-Use-pkg-config-native-to-find-the-libssl-headers.patch;patchdir=third_party/linux \
-           file://0001-work-around-visibility-issue.patch;patchdir=third_party/dtc \
-          "
-SRCREV = "b7d27acb9c63a52f8bd8a37d1eee335d4ccfbe93"
-S = "${WORKDIR}/git"
-B = "${WORKDIR}/build"
-
-COMPATIBLE_MACHINE ?= "invalid"
-COMPATIBLE_MACHINE:qemuarm64 = "qemuarm64"
-
-# Default build 'reference'
-HAFNIUM_PROJECT ?= "reference"
-
-# Platform must be set for each machine
-HAFNIUM_PLATFORM ?= "invalid"
-HAFNIUM_PLATFORM:qemuarm64 = "qemu_aarch64"
-
-# do_deploy will install everything listed in this variable. It is set by
-# default to hafnium
-HAFNIUM_INSTALL_TARGET ?= "hafnium"
-
-# set project to build
-EXTRA_OEMAKE += "PROJECT=${HAFNIUM_PROJECT}"
-
-EXTRA_OEMAKE += "OUT_DIR=${B}"
-
-# Don't use prebuilt binaries for gn and ninja
-EXTRA_OEMAKE += "GN=${STAGING_BINDIR_NATIVE}/gn NINJA=${STAGING_BINDIR_NATIVE}/ninja"
-
-do_configure[cleandirs] += "${B}"
-
-do_compile() {
-    oe_runmake -C ${S}
-}
-
-do_install() {
-    cd ${B}/${HAFNIUM_PLATFORM}_clang
-    install -d -m 755 ${D}/firmware
-    for bldfile in ${HAFNIUM_INSTALL_TARGET}; do
-        install -m 0755 $bldfile.bin $bldfile.elf ${D}/firmware/
-    done
-}
-
-FILES:${PN} = "/firmware/*.bin"
-FILES:${PN}-dbg = "/firmware/*.elf"
-SYSROOT_DIRS += "/firmware"
-INSANE_SKIP:${PN} = "ldflags"
-INSANE_SKIP:${PN}-dbg = "ldflags"
-# Build paths are currently embedded
-INSANE_SKIP:${PN}-dbg += "buildpaths"
-
-do_deploy() {
-    cp -rf ${D}/firmware/* ${DEPLOYDIR}/
-}
-addtask deploy after do_install
-
-python() {
-    # https://developer.trustedfirmware.org/T898
-    if d.getVar("BUILD_ARCH") != "x86_64":
-        raise bb.parse.SkipRecipe("Cannot be built on non-x86-64 hosts")
-}
-
-EXCLUDE_FROM_WORLD = "1"
diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.9.bb b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.9.bb
new file mode 100644
index 0000000..0997448
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.9.bb
@@ -0,0 +1,80 @@
+SUMMARY = "Hafnium"
+DESCRIPTION = "A reference Secure Partition Manager (SPM) for systems that implement the Armv8.4-A Secure-EL2 extension"
+DEPENDS = "gn-native ninja-native bison-native bc-native dtc-native openssl-native"
+
+LICENSE = "BSD-3-Clause & GPL-2.0-only"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=782b40c14bad5294672c500501edc103"
+
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
+
+CLANGNATIVE = ""
+CLANGNATIVE:runtime-llvm = "clang-native"
+
+inherit deploy python3native pkgconfig ${CLANGNATIVE}
+
+SRC_URI = "gitsm://git.trustedfirmware.org/hafnium/hafnium.git;protocol=https;branch=master \
+           file://0001-arm-hafnium-fix-kernel-tool-linking.patch  \
+           file://0001-Use-pkg-config-native-to-find-the-libssl-headers.patch;patchdir=third_party/linux \
+           file://0001-work-around-visibility-issue.patch;patchdir=third_party/dtc \
+          "
+SRCREV = "0715b8e002cdfb92e6b7efb71128cb24557b70cb"
+S = "${WORKDIR}/git"
+B = "${WORKDIR}/build"
+
+COMPATIBLE_MACHINE ?= "invalid"
+COMPATIBLE_MACHINE:qemuarm64 = "qemuarm64"
+
+# Default build 'reference'
+HAFNIUM_PROJECT ?= "reference"
+
+# Platform must be set for each machine
+HAFNIUM_PLATFORM ?= "invalid"
+HAFNIUM_PLATFORM:qemuarm64 = "qemu_aarch64"
+
+# do_deploy will install everything listed in this variable. It is set by
+# default to hafnium
+HAFNIUM_INSTALL_TARGET ?= "hafnium"
+
+# set project to build
+EXTRA_OEMAKE += "PROJECT=${HAFNIUM_PROJECT}"
+
+EXTRA_OEMAKE += "OUT_DIR=${B}"
+
+# Don't use prebuilt binaries for gn and ninja
+EXTRA_OEMAKE += "GN=${STAGING_BINDIR_NATIVE}/gn NINJA=${STAGING_BINDIR_NATIVE}/ninja"
+
+do_configure[cleandirs] += "${B}"
+
+do_compile() {
+    oe_runmake -C ${S}
+}
+
+do_install() {
+    cd ${B}/${HAFNIUM_PLATFORM}_clang
+    install -d -m 755 ${D}/firmware
+    for bldfile in ${HAFNIUM_INSTALL_TARGET}; do
+        install -m 0755 $bldfile.bin $bldfile.elf ${D}/firmware/
+    done
+}
+
+FILES:${PN} = "/firmware/*.bin"
+FILES:${PN}-dbg = "/firmware/*.elf"
+SYSROOT_DIRS += "/firmware"
+INSANE_SKIP:${PN} = "ldflags"
+INSANE_SKIP:${PN}-dbg = "ldflags"
+# Build paths are currently embedded
+INSANE_SKIP:${PN}-dbg += "buildpaths"
+
+do_deploy() {
+    cp -rf ${D}/firmware/* ${DEPLOYDIR}/
+}
+addtask deploy after do_install
+
+python() {
+    # https://developer.trustedfirmware.org/T898
+    if d.getVar("BUILD_ARCH") != "x86_64":
+        raise bb.parse.SkipRecipe("Cannot be built on non-x86-64 hosts")
+}
+
+EXCLUDE_FROM_WORLD = "1"
diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
index 4d3b0ba..2bdf221 100644
--- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
+++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
@@ -103,9 +103,9 @@
     from itertools import takewhile
     return ' '.join(takewhile(lambda x: not x.startswith('-'), in_string.split(' ')))
 
-EXTRA_OEMAKE += "LD=${@remove_options_tail(d.getVar('LD'))}"
+EXTRA_OEMAKE += "LD='${@remove_options_tail(d.getVar('LD'))}'"
 
-EXTRA_OEMAKE += "CC=${@remove_options_tail(d.getVar('CC'))}"
+EXTRA_OEMAKE += "CC='${@remove_options_tail(d.getVar('CC'))}'"
 
 # Verbose builds, no -Werror
 EXTRA_OEMAKE += "V=1 E=0"
diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb
index 8f78b5e..5e52695 100644
--- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb
+++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.9.0.bb
@@ -10,8 +10,8 @@
 
 LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde"
 
-# mbed TLS v2.28.4
-SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=mbedtls-2.28"
-SRCREV_mbedtls = "aeb97a18913a86f051afab11b2c92c6be0c2eb83"
+# mbedtls-3.4.0
+SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;destsuffix=git/mbedtls;branch=master"
+SRCREV_mbedtls = "1873d3bfc2da771672bd8e7e8f41f57e0af77f33"
 
 LIC_FILES_CHKSUM_MBEDTLS = "file://mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
diff --git a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-a-aem_11.22.14.bb b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-a-aem_11.22.14.bb
deleted file mode 100644
index 606f977..0000000
--- a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-a-aem_11.22.14.bb
+++ /dev/null
@@ -1,13 +0,0 @@
-require fvp-envelope.inc
-
-SUMMARY = "Arm Fixed Virtual Platform - Armv-A Base RevC Architecture Envelope Model FVP"
-LIC_FILES_CHKSUM = "file://license_terms/license_agreement.txt;md5=1a33828e132ba71861c11688dbb0bd16 \
-                    file://license_terms/third_party_licenses/third_party_licenses.txt;md5=34a1ba318d745f05e6197def68ea5411 \
-                    file://license_terms/third_party_licenses/arm_license_management_utilities/third_party_licenses.txt;md5=c09526c02e631abb95ad61528892552d"
-
-SRC_URI[fvp-aarch64.sha256sum] = "6964dbe0e297a5a6b5abd290d09e883923b5150e087f285fcfb80077525bfe6e"
-SRC_URI[fvp-x86_64.sha256sum] = "eb0f5ca855fb8b0321e137b82306ac8a6b534a5625366ff10e20b3f68df533a4"
-
-MODEL_CODE = "FVP_Base_RevC-2xAEMvA"
-
-COMPATIBLE_HOST = "(aarch64|x86_64).*-linux"
diff --git a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-a-aem_11.23.9.bb b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-a-aem_11.23.9.bb
new file mode 100644
index 0000000..7d179b4
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-a-aem_11.23.9.bb
@@ -0,0 +1,13 @@
+require fvp-envelope.inc
+
+SUMMARY = "Arm Fixed Virtual Platform - Armv-A Base RevC Architecture Envelope Model FVP"
+LIC_FILES_CHKSUM = "file://license_terms/license_agreement.txt;md5=1a33828e132ba71861c11688dbb0bd16 \
+                    file://license_terms/third_party_licenses/third_party_licenses.txt;md5=0c32ac6f58ebff83065105042ab98211 \
+                    file://license_terms/third_party_licenses/arm_license_management_utilities/third_party_licenses.txt;md5=c09526c02e631abb95ad61528892552d"
+
+SRC_URI[fvp-aarch64.sha256sum] = "d0925791ec4cfb99c3b4122afbb442ad076f92c4e173ed3bd092a3bf180d56f0"
+SRC_URI[fvp-x86_64.sha256sum] = "9d43c8eb347bf169a024cdbbc04572d169f60098fe061316b36bdbd4a44ffd79"
+
+MODEL_CODE = "FVP_Base_RevC-2xAEMvA"
+
+COMPATIBLE_HOST = "(aarch64|x86_64).*-linux"
diff --git a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb
index 7d55661..4ac9a6c 100644
--- a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb
+++ b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000.bb
@@ -1,11 +1,14 @@
 require fvp-ecosystem.inc
 
-MODEL = "Corstone-1000-23"
+MODEL = "Corstone-1000"
 MODEL_CODE = "FVP_Corstone_1000"
-PV = "11.19_21"
+PV = "11.23_25"
 
-SRC_URI = "https://developer.arm.com/-/media/Arm%20Developer%20Community/Downloads/OSS/FVP/${MODEL}/Linux/${MODEL_CODE}_${PV}_${FVP_ARCH}.tgz;subdir=${BP}"
-SRC_URI[sha256sum] = "dbdcb8b0c206fd56fd2296fe338a62902eb978883ba07f4da28440e180383b24"
+SRC_URI = "https://developer.arm.com/-/media/Arm%20Developer%20Community/Downloads/OSS/FVP/${MODEL}/${MODEL_CODE}_${PV}_${FVP_ARCH}.tgz;subdir=${BP};name=fvp-${HOST_ARCH}"
+SRC_URI[fvp-aarch64.sha256sum] = "e299e81d5fa8b3d2afee0850fd03be31c1a1c3fad07f79849c63e46ee5e36acc"
+SRC_URI[fvp-x86_64.sha256sum] = "ec34c9564ccb5b1eb62fc2757673343a353db1d116a7cb1b5f82f9d985d99cdf"
 
 LIC_FILES_CHKSUM = "file://license_terms/license_agreement.txt;md5=1a33828e132ba71861c11688dbb0bd16 \
-                    file://license_terms/third_party_licenses/third_party_licenses.txt;md5=34a1ba318d745f05e6197def68ea5411"
+                    file://license_terms/third_party_licenses/third_party_licenses.txt;md5=0c32ac6f58ebff83065105042ab98211"
+
+COMPATIBLE_HOST = "(aarch64|x86_64).*-linux"
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/files/qemuarm-phys-virt.cfg b/meta-arm/meta-arm/recipes-kernel/linux/files/qemuarm-phys-virt.cfg
deleted file mode 100644
index b014e7f..0000000
--- a/meta-arm/meta-arm/recipes-kernel/linux/files/qemuarm-phys-virt.cfg
+++ /dev/null
@@ -1 +0,0 @@
-CONFIG_ARM_PATCH_PHYS_VIRT=y
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend
index 9d5266b..c4e351b 100644
--- a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend
+++ b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend
@@ -1,10 +1,5 @@
 ARMFILESPATHS := "${THISDIR}/files:"
 
-FILESEXTRAPATHS:prepend:aarch64 = "${ARMFILESPATHS}"
-SRC_URI:append:aarch64 = " \
-     file://0001-arm64-defconfig-remove-CONFIG_COMMON_CLK_NPCM8XX-y.patch \
-    "
-
 COMPATIBLE_MACHINE:generic-arm64 = "generic-arm64"
 FILESEXTRAPATHS:prepend:generic-arm64 = "${ARMFILESPATHS}"
 SRC_URI:append:generic-arm64 = " \
@@ -32,7 +27,6 @@
 FILESEXTRAPATHS:prepend:qemuarm = "${ARMFILESPATHS}"
 SRC_URI:append:qemuarm = " \
     file://efi.cfg \
-    file://qemuarm-phys-virt.cfg \
     "
 
 FFA_TRANSPORT_INCLUDE = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', 'arm-ffa-transport.inc', '' , d)}"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-client_3.22.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-client_3.22.0.bb
deleted file mode 100644
index d0c75d0..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-client_3.22.0.bb
+++ /dev/null
@@ -1,7 +0,0 @@
-require optee-client.inc
-
-SRCREV = "8533e0e6329840ee96cf81b6453f257204227e6c"
-
-inherit pkgconfig
-DEPENDS += "util-linux"
-EXTRA_OEMAKE += "PKG_CONFIG=pkg-config"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-client_4.0.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-client_4.0.0.bb
new file mode 100644
index 0000000..dc9577c
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-client_4.0.0.bb
@@ -0,0 +1,7 @@
+require recipes-security/optee/optee-client.inc
+
+SRCREV = "acb0885c117e73cb6c5c9b1dd9054cb3f93507ee"
+
+inherit pkgconfig
+DEPENDS += "util-linux"
+EXTRA_OEMAKE += "PKG_CONFIG=pkg-config"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.22.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.22.0.bb
deleted file mode 100644
index 8322c51..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.22.0.bb
+++ /dev/null
@@ -1,3 +0,0 @@
-require optee-examples.inc
-
-SRCREV = "378dc0db2d5dd279f58a3b6cb3f78ffd6b165035"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-examples_4.0.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-examples_4.0.0.bb
new file mode 100644
index 0000000..f082a25
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-examples_4.0.0.bb
@@ -0,0 +1,3 @@
+require recipes-security/optee/optee-examples.inc
+
+SRCREV = "378dc0db2d5dd279f58a3b6cb3f78ffd6b165035"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.2%.bbappend b/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.2%.bbappend
deleted file mode 100644
index a9732e4..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.2%.bbappend
+++ /dev/null
@@ -1,4 +0,0 @@
-# Include extra headers needed by SPMC tests to TA DEVKIT.
-# Supported after op-tee v3.20
-EXTRA_OEMAKE:append = "${@bb.utils.c