subtree updates
meta-raspberrypi: 9240ea91ca..8e07f0d328:
DOLE Olivier (1):
rpi-config: U-Boot requires "enable_uart=1" to operate correctly.
Florin Sarbu (1):
udev-rules-rpi: Use 99-com.rules directly from upstream
meta-openembedded: 829dcb63f0..def4759e95:
Alex Kiernan (1):
ostree: Add soup3 PACKAGECONFIG, rename soup to soup2
Alexander Mohr (1):
dlt-daemon: apply rename of genivi to covesa
Armin Kuster (1):
wireshark: Update to a supported version 4.0.x
Bartosz Golaszewski (97):
python3-snagboot: new recipe
libgpiod: add myself as maintainer
python3-pyparted: add missing run-time dependencies
python3-send2trash: add missing run-time dependencies
python3-mock: cleanup RDEPENDS
python3-mock: add missing run-time dependencies
python3-cson: fix run-time dependencies
python3-ldap: don't use PYTHON_PN
python3-ldap: add missing run-time dependencies
python3-pyrad: add missing run-time dependencies
python3-html2text: add missing run-time dependencies
python3-parse: don't use PYTHON_PN and improve coding style
python3-parse: add missing run-time dependencies
python3-meld3: add missing run-time dependencies
python3-pyiface: add missing run-time dependencies
python3-mpmath: add missing run-time dependencies
python3-uswid: add missing run-time dependencies
python3-xmlrunner: add missing run-time dependencies
python3-editor: add missing run-time dependencies
python3-pykwalify: don't use PYTHON_PN and improve coding style
python3-pykwalify: add missing run-time dependencies
python3-iperf: add missing run-time dependencies
python3-sdnotify: add missing run-time dependencies
python3-service-identity: add missing run-time dependencies
python3-sqlsoup: add missing run-time dependencies
python3-sqlalchemy: don't use PYTHON_PN and improve coding style
python3-sqlalchemy: add missing run-time dependencies
python3-pure-eval: add missing run-time dependencies
python3-stack-data: fix coding style
python3-stack-data: add missing run-time dependencies
python3-sympy: add missing run-time dependencies
python3-thrift: don't use PYTHON_PN and improve coding style
python3-thrift: add missing run-time dependencies
python3-tomlkit: add missing run-time dependencies
python3-tornado: drop ${PN} from RDEPENDS
python3-tornado: fix coding style
python3-tornado: remove the testing submodule from FILES:${PN}-test
python3-tornado: add missing run-time dependencies
python3-trustme: add missing run-time dependencies
python3-twofish: add missing run-time dependencies
python3-txws: add missing run-time dependencies
python3-web3: add missing run-time dependencies
python3-uefi-firmware: add missing run-time dependencies
python3-websockets: fix coding style
python3-websockets: add missing run-time dependencies
python3-xlrd: fix coding style
python3-xlrd: add missing run-time dependencies
python3-versiontools: add missing run-time dependencies
python3-typeguard: add missing run-time dependencies
python3-process-tests: add missing run-time dependencies
python3-pyatspi: add missing run-time dependencies
python3-pydantic: don't use PYTHON_PN and improve coding style
python3-pydantic: add missing run-time dependencies
python3-python-vlc: add missing run-time dependencies
python3-redis: fix coding style
python3-redis: add missing run-time dependencies
python3-raven: add missing run-time dependencies
python3-pypng: new package
python3-qrcode: add missing run-time dependencies
python3-pyusb: fix run-time dependencies
python3-pytest-mock: add missing run-time dependencies
python3-pyroute2: fix coding style
python3-fcntl: add missing run-time dependencies
python3-pyproject-metadata: add missing run-time dependencies
python3-pyproj: don't use PYTHON_PN
python3-pyproj: drop unnecessary run-time dependency
python3-pyproj: add missing run-time dependencies
python3-classes: new package
python3-pylyrics: add missing run-time dependencies
python3-pyjwt: stop using PYTHON_PN
python3-pyjwt: add missing run-time dependencies
python3-javaobj-py3: add missing run-time dependencies
python3-pyjks: stop using PYTHON_PN
python3-pyjks: fix run-time dependencies
python3-pyexpect: add missing run-time dependencies
python3-pynetlinux: fix relative imports
python3-pynetlinux: add missing run-time dependencies
python3-pickleshare: add missing run-time dependencies
python3-petact: add missing run-time dependencies
python3-pefile: add missing run-time dependencies
python3-jsonpath-rw: add missing run-time dependencies
python3-jsonrpcclient: add missing run-time dependencies
python3-jstyleson: add missing run-time dependencies
python3-kconfiglib: add missing run-time dependencies
python3-libevdev: add missing run-time dependencies
python3-linux-procfs: add missing run-time dependencies
python3-lockfile: add missing run-time dependencies
python3-msm: fix coding style
python3-lazy: new recipe
python3-msm: add missing run-time dependencies
python3-netaddr: stop using PYTHON_PN
python3-netaddr: add missing run-time dependencies
python3-ninja-syntax: new package
python3-ninja: add missing run-time dependencies
python3-nmap: add missing run-time dependencies
python3-oslash: add missing run-time dependencies
python3-padaos: add missing run-time dependencies
Christophe Vu-Brugier (1):
switchtec-user: add new recipe
Geoff Parker (1):
python3-platformdirs: add nativesdk to BBCLASSEXTEND
Ivan Maidanski (1):
bdwgc: upgrade 8.2.2 -> 8.2.4
Johannes Kauffmann (2):
open62541: update to v1.3.6
open62541: build optimized binary
Khem Raj (21):
ipvsadm: Pass build environment cflags to compiler
orrery: Pass OE provided cflags
libleak: Upgrade to 0.3.6
zeroconf: Pass cflags from environment
lshw: Pass OE cflags via RPM_OPT_FLAGS
ruli: Pass cflags to makefile
gnome-online-accounts: Replace filename with basename
rdma-core: Use target path for systemctl
monkey: Remove buildpaths from generated mk_env.h
minio: Ignore from world builds
libcppkafka: Remove RECIPE_SYSROOT from packageconfig .pc file
doxygen: Do not generate #line directive with flex/bison
gattlib: Upgrade to latest tip of trunk
ettercap: Do not generate #line directives with bison/flex
zfs: Add a patch to fix aarch64 build with gcc13
zfs: Upgrade to 2.1.11
zfs: Fix build with aarch64
zfs: Fix build on musl
ctapi-common: Use archives.fedoraproject.org to fetch srpm
Revert "libgpiod: modify test 'gpioset: toggle (continuous)'"
meta-python-ptest-fast-image: Do not run python3-pytest-mock ptests
Lei Maohui (1):
dovecot: Fix install conflict when enable multilib.
Marek Vasut (1):
v4l-utils: Update 1.23.0+9431e4b2 -> 1.24.1
Markus Volk (4):
iwd: update 2.4 -> 2.5
gnome-control-center: upgrade 44.1 -> 44.2
mutter: upgrade 44.1 -> 44.2
gnome-shell: upgrade 44.1 -> 44.2
Martin Jansa (1):
switchtec-user: fix installed-vs-shipped with multilib
Niko Mauno (2):
contrib: oe-stylize: Fix ambiguous variable names
contrib: oe-stylize: Use Python3 explicitly
Peter Marko (1):
nss: ignore CVE-2022-3479
Petr Gotthard (4):
blueman: fix REQUIRED_DISTRO_FEATURES gobject-introspection-data
firewalld: fix REQUIRED_DISTRO_FEATURES gobject-introspection-data
system-config-printer: fix REQUIRED_DISTRO_FEATURES gobject-introspection-data
firewalld: upgrade 1.2.0 -> 1.3.2
Wang Mingyu (40):
ctags: upgrade 6.0.20230521.0 -> 6.0.20230528.0
eog: upgrade 44.1 -> 44.2
nautilus: upgrade 44.1 -> 44.2
evolution-data-server: upgrade 3.48.1 -> 3.48.2
flatbuffers: upgrade 23.1.4 -> 23.3.56
python3-asgiref: upgrade 3.7.1 -> 3.7.2
python3-cachetools: upgrade 5.3.0 -> 5.3.1
python3-coverage: upgrade 7.2.6 -> 7.2.7
python3-croniter: upgrade 1.3.14 -> 1.3.15
python3-deprecated: upgrade 1.2.13 -> 1.2.14
python3-google-api-python-client: upgrade 2.86.0 -> 2.87.0
python3-google-auth: upgrade 2.18.1 -> 2.19.0
python3-imageio: upgrade 2.29.0 -> 2.30.0
python3-license-expression: upgrade 30.1.0 -> 30.1.1
python3-lru-dict: upgrade 1.1.8 -> 1.2.0
python3-paramiko: upgrade 3.1.0 -> 3.2.0
python3-pint: upgrade 0.21 -> 0.22
python3-protobuf: upgrade 4.23.1 -> 4.23.2
python3-xlsxwriter: upgrade 3.1.1 -> 3.1.2
xterm: upgrade 380 -> 381
python3-zeroconf: upgrade 0.62.0 -> 0.63.0
dnf-plugin-tui: modify suffix of spdx file.
evolution-data-server: upgrade 3.48.2 -> 3.48.3
samba: upgrade 4.18.2 -> 4.18.3
ctags: upgrade 6.0.20230528.0 -> 6.0.20230604.0
tree: upgrade 2.1.0 -> 2.1.1
xrdb: upgrade 1.2.1 -> 1.2.2
xterm: upgrade 381 -> 382
xwd: upgrade 1.0.8 -> 1.0.9
libnet-dns-perl: upgrade 1.38 -> 1.39
pamela: upgrade 1.0.0 -> 1.1.0
python3-cachecontrol: upgrade 0.12.12 -> 0.13.0
python3-google-api-python-client: upgrade 2.87.0 -> 2.88.0
python3-google-auth: upgrade 2.19.0 -> 2.19.1
python3-nocaselist: upgrade 1.1.1 -> 2.0.0
python3-pymodbus: upgrade 3.2.2 -> 3.3.0
python3-regex: upgrade 2023.5.5 -> 2023.6.3
python3-rich: upgrade 13.3.5 -> 13.4.1
python3-sentry-sdk: upgrade 1.24.0 -> 1.25.0
ntp: upgrade 4.2.8p15 -> 4.2.8p16
poky: 76494f2b66..00f3d58064:
Alex Kiernan (1):
rust: Upgrade 1.69.0 -> 1.70.0
Alexander Kanavin (5):
maintaines.inc: unassign Richard Weinberger from erofs-utils entry
maintainers.inc: unassign Andreas Müller from itstool entry
maintainers.inc: unassign Pascal Bach from cmake entry
maintainers.inc: correct unassigned entries (> was missing)
maintainers.inc: correct Carlos Rafael Giani's email address
Andrej Valek (1):
busybox: 1.36.0 -> 1.36.1
Anuj Mittal (3):
gstreamer1.0: upgrade 1.22.2 -> 1.22.3
stress-ng: upgrade 0.15.07 -> 0.15.08
glib-networking: upgrade 2.74.0 -> 2.76.0
Bruce Ashfield (10):
linux-yocto/6.1: update to v6.1.26
linux-yocto/6.1: update to v6.1.27
linux-yocto-dev: bump to v6.4+
kernel: don't force PAHOLE=false
linux-yocto: move build / debug dependencies to .inc
linux-yocto/6.1: update to v6.1.28
linux-yocto/6.1: update to v6.1.29
linux-yocto/6.1: update to v6.1.30
linux-yocto/6.1: update to v6.1.31
linux-yocto/6.1: update to v6.1.32
Chen Qi (4):
libsdl2: disable SDL's own ccache
cmake.bbclass: do not search host paths for find_program()
Revert "libsdl2: disable SDL's own ccache"
qemurunner.py: fix error message about qmp
Daniel Ammann (1):
overview-manual: concepts.rst: Fix a typo
Denys Dmytriyenko (1):
bitbake.conf: Add SRCPV to BB_HASH_CODEPARSER_VALS
Dmitry Baryshkov (1):
openssl: fix building on riscv32
Frieder Paape (1):
image_types: Fix reproducible builds for initramfs and UKI img
Jialing Zhang (1):
linuxloader/initramfs: Add support for loongarch64
Joshua Watt (7):
bitbake: server: Fix crash when checking lock file
bitbake: runqueue: Pass hashfn in taskdep data
classes/create-spdx-2.2: Use hashfn from BB_TASKDEPDATA instead of MACHINE
classes/create-spdx-2.2: Respect PKG for providers
classes/create-spdx-2.2: Fix build time dependency calculations
classes/create-spdx-2.2: Fix runtime dependency calculations
classes/create-spdx-2.2: Make license errors fatal
Khem Raj (2):
gcc: Upgrade to 13.1.1
perf: Make built-in libtraceevent plugins cohabit with external libtraceevent
Lee Chee Yang (4):
release-notes-4.2: update known issues and Repositories/Downloads
migration-guides: add release-notes for 4.1.4
migration-guides: add release notes for 4.0.10
migration-guides: add release notes for 4.2.1
Louis Rannou (1):
spdx: Fix license parsing
Marc Ferland (1):
connman: fix warning by specifying runstatedir at configure time
Markus Volk (4):
ell: upgrade 0.56 -> 0.57
python3: add libxcrypt-native dependency
ruby: add libxcrypt-native dependency
shadow: add libxcrypt-native dependency
Martin Jansa (2):
connman: backport a fix for build with pppd-2.5.0
selftest: wic.py respect IMAGE_LINK_NAME
Mauro Queiros (1):
pybootchartgui: show elapsed time for each task
Michael Halstead (2):
uninative: Upgrade to 3.10 to support gcc 13
uninative: Upgrade to 4.0 to include latest gcc 13.1.1
Michael Opdenacker (19):
migration-guides: release-notes-4.2: add doc improvement highlights
migration-guides: release-notes-4.3: add stub section for documentation changes
releases.svg: update according to latest release
ref-manual: improve description of kernel-fitimage variables
ref-manual: document uboot-sign class and variables
ref-manual: improve documentation for kernel-devicetree class
migration-guides: update 4.3 release notes
releases.svg: fix and explain duration of Hardknott 3.3
conf.py: add macro for Mitre CVE links
migration-guides: use new cve_mitre macro
migration-guides: release-notes-4.0.4.rst: fix typo
alsa-lib: upgrade 1.2.8 -> 1.2.9
alsa-ucm-conf: upgrade 1.2.8 -> 1.2.9
psplash: enable fullscreen and disable startup-msg
alsa-utils: upgrade 1.2.8 -> 1.2.9
ref-manual: document SPLASH variable
manuals: document SPLASH_IMAGES variable
bitbake: bitbake-user-manual: update releases.rst
bitbake: bitbake-user-manual: document "network" task flag
Ming Liu (1):
kernel.bbclass: introduce KERNEL_LOCALVERSION
Natasha Bailey (1):
tiff: backport a fix for CVE-2023-2731
Peter Kjellerstedt (1):
manuals: kernel-dev: Use protocol=https in a SRC_URI example
Petr Kubizňák (1):
ref-manual: document devicetree class variables
Richard Purdie (18):
glib: Fix ptest race issue
Revert "python3/ruby/shadow: Revert add libxcrypt-native dependency"
Revert "sqlite3: Whitelist CVE-2022-21227"
glib-2.0: Update ptest fix to upstream backport
meta-world-pkgdata: Fix for create-spdx
selftest/license: Exclude from world
create-spdx-2-2: Fix packagedata usage to work with SDK packages
create-spdx-2.2: Add missing variable exclusions
layer.conf: Add missing dependency exclusion
selftest/incompatible_lic: Ensure create_sdpx isn't used with the tests
oeqa/selftest/sstatetests: Add easier debug option
oeqa/selftest/wic: Fix host contamination issue
v86d: Improve kernel dependency
sstatesig: Drop SPDX special casing
packagegroup: Handle SPDX signature issues
poky: Enable spdx manifests by default
build-appliance-image: Update to master head revision
selftest/reproducible: Allow native/cross reuse in test
Riyaz Khan (1):
openssh: Remove BSD-4-clause contents completely from codebase
Robert Joslyn (1):
curl: Update from 8.1.0 to 8.1.1
Ross Burton (11):
avahi: remove redundant gobject-introspection DEPENDS
base: add ability to provide further details when using LICENSE_FLAGS
ninja: ignore CVE-2021-4336, wrong ninja
vulkan-samples: fix build on 32-bit platforms
gtk+3: upgrade 3.24.37 -> 3.24.38
piglit: upgrade to latest revision
pkgconf: upgrade 1.9.4 -> 1.9.5
ghostscript: upgrade to 10.01.1
git: upgrade to 2.39.3
binutils: fix CVE-2023-1972
cve-extra-exclusions: add more linux-yocto CVE ignores
Sanjay Chitroda (1):
sqlite3: Whitelist CVE-2022-21227
Sudip Mukherjee (1):
apt: Upgrade to v2.6.1
Tim Orling (1):
openssl: upgrade 3.1.0 -> 3.1.1
Tom Isaacson (1):
sdk-manual: fix Makefile example
Trevor Gamblin (6):
bind: upgrade 9.18.13 -> 9.18.14
pciutils: upgrade 3.9.0 -> 3.10.0
vim: upgrade 9.0.1527 -> 9.0.1592
python_hatchling: remove empty python sysroot dirs
python3-webcolors: upgrade 1.12 -> 1.13
python3-poetry-core: upgrade 1.5.2 -> 1.6.1
Ulrich Ölmann (1):
ref-manual: classes.rst: fix typo
Victor Kamensky (1):
systemtap: upgrade 4.8 -> 4.9
Wang Mingyu (34):
babeltrace2: upgrade 2.0.4 -> 2.0.5
curl: upgrade 8.1.1 -> 8.1.2
dos2unix: upgrade 7.4.4 -> 7.5.0
enchant2: upgrade 2.3.4 -> 2.5.0
fribidi: upgrade 1.0.12 -> 1.0.13
libdnf: upgrade 0.70.0 -> 0.70.1
libmicrohttpd: upgrade 0.9.76 -> 0.9.77
libxft: upgrade 2.3.7 -> 2.3.8
libxpm: upgrade 3.5.15 -> 3.5.16
mobile-broadband-provider-info: upgrade 20221107 -> 20230416
bind: upgrade 9.18.14 -> 9.18.15
ccache: upgrade 4.8 -> 4.8.1
libcap: upgrade 2.68 -> 2.69
libuv: upgrade 1.44.2 -> 1.45.0
python3-pip: upgrade 23.0.1 -> 23.1.2
python3-psutil: upgrade 5.9.4 -> 5.9.5
python3-ruamel-yaml: upgrade 0.17.21 -> 0.17.31
python3-sphinx: upgrade 6.1.3 -> 7.0.1
orc: upgrade 0.4.33 -> 0.4.34
python3-cython: upgrade 0.29.34 -> 0.29.35
python3-dbusmock: upgrade 0.28.7 -> 0.29.0
python3-hatch-fancy-pypi-readme: upgrade 22.8.0 -> 23.1.0
python3-hypothesis: upgrade 6.71.0 -> 6.75.7
python3-numpy: upgrade 1.24.2 -> 1.24.3
python3-pycryptodome: upgrade 3.17 -> 3.18.0
python3-pycryptodomex: upgrade 3.17 -> 3.18.0
python3-requests: upgrade 2.30.0 -> 2.31.0
python3-setuptools-rust: upgrade 1.5.2 -> 1.6.0
python3-sphinx-rtd-theme: upgrade 1.2.0 -> 1.2.1
python3-trove-classifiers: upgrade 2023.5.2 -> 2023.5.24
python3-typing-extensions: upgrade 4.5.0 -> 4.6.2
repo: upgrade 2.32 -> 2.34.1
sysklogd: upgrade 2.4.4 -> 2.5.0
xdpyinfo: upgrade 1.3.3 -> 1.3.4
Xiangyu Chen (1):
sysstat: Fix CVE-2023-33204
schitrod=cisco.com@lists.openembedded.org (1):
Revert "sqlite3: update CVE_PRODUCT"
meta-arm: 5cbe3041be..3fcafa3a94:
Adam Johnston (1):
CI: Platform specific Trusted Services config
Anton Antonov (1):
arm/oeqa: Make ts-service-test config match selected SPs
Claus Stovgaard (1):
arm-toolchain/gcc: Workaround for missing libcrypt
Emekcan Aras (1):
arm-bsp/u-boot: corstone1000: enable PSCI reset
Gyorgy Szing (11):
arm/trusted-services: update TS version
optee-os: remove v3.18 pin of OP-TEE on qemuarm64-secureboot
optee-os: Add support for TOS_FW_CONFIG on qemu
arm/trusted-firmware-a: Add TOS_FW_CONFIG handling for quemu
optee-test: backport SWd ABI compatibility changes
optee-os: enable SPMC test
arm/oeqa: enable OP-TEE SPMC tests
trusted-services: update documentation
arm/trusted-services: disable psa-iat on qemuarm64-secureboot
arm/trusted-services: fix nanopb build error
optee-os: unblock NWd interrupts
Jon Mason (9):
CI: move FVP license auto-accept to fvp.yml
CI/corstone: remove debug-tweaks usage
arm/qemuarm-secureboot: add musl testing
arm/linux-yocto: remove 5.15 bbappend
Revert "arm-bsp/tc1: re-enable signed kernel image"
arm/linux-yocto: remove unused 5.15 patches and inc file
arm-bsp/optee: Remove unreferenced patches
CI: add debug yml file for ease of use
arm/linux-yocto: add gcc 13 gimple backport patch
Mikko Rapeli (1):
scp-firmware: remove -fcanon-prefix-map
Ross Burton (3):
kas: remove obsolete armcompiler LICENSE_FLAGS_ACCEPTED
arm/fvp: add LICENSE_FLAGS_DETAILS
arm/trusted-firmware-a: look for LTS releases when looking for releases
Rui Miguel Silva (3):
arm-bsp/trusted-services:corstone1000: remove already merged patches
arm-bsp/trusted-services: remove merged patches for corstone1000
arm-bps/corstone1000: setup trusted service proxy configuration
meta-security: 5c2379f4bc..180dac9aec:
Andrew Geissler (1):
ibmswtpm2: update to 164-2020-192.1
Mikko Rapeli (4):
linux-yocto: support tpm and tpm2 on all architectures
linux-yocto: remove tpm_x86.cfg
parsec-service: fix build error
parsec-tool: fix build error
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I7e7960123b241d099e5ace7c36bb5836bdac6aad
diff --git a/meta-arm/.gitlab-ci.yml b/meta-arm/.gitlab-ci.yml
index df1f0f5..0ae5c99 100644
--- a/meta-arm/.gitlab-ci.yml
+++ b/meta-arm/.gitlab-ci.yml
@@ -150,7 +150,7 @@
parallel:
matrix:
- TOOLCHAINS: [gcc, armgcc]
- TS: [none, trusted-services]
+ TS: [none, n1sdp-ts]
qemu-generic-arm64:
extends: .build
@@ -167,7 +167,7 @@
- KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
TOOLCHAINS: [gcc, clang]
TCLIBC: [glibc, musl]
- TS: [none, trusted-services]
+ TS: [none, qemuarm64-secureboot-ts]
TESTING: testimage
qemuarm64:
@@ -188,7 +188,10 @@
parallel:
matrix:
- KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
- TOOLCHAINS: [gcc, clang, external-gccarm]
+ TOOLCHAINS: [gcc, clang]
+ TCLIBC: [glibc, musl]
+ TESTING: testimage
+ - TOOLCHAINS: external-gccarm
TESTING: testimage
qemuarm:
diff --git a/meta-arm/ci/base.yml b/meta-arm/ci/base.yml
index a724db6..92fa707 100644
--- a/meta-arm/ci/base.yml
+++ b/meta-arm/ci/base.yml
@@ -27,11 +27,9 @@
local_conf_header:
base: |
CONF_VERSION = "2"
- LICENSE_FLAGS_ACCEPTED += "Arm-FVP-EULA"
setup: |
PACKAGE_CLASSES = "package_ipk"
PACKAGECONFIG:remove:pn-qemu-system-native = "gtk+ sdl"
- EXTRA_IMAGE_FEATURES:append = " debug-tweaks"
PACKAGECONFIG:append:pn-perf = " coresight"
INHERIT += "rm_work"
DISTRO_FEATURES:remove = "ptest"
diff --git a/meta-arm/ci/debug.yml b/meta-arm/ci/debug.yml
new file mode 100644
index 0000000..757f6d1
--- /dev/null
+++ b/meta-arm/ci/debug.yml
@@ -0,0 +1,7 @@
+header:
+ version: 11
+
+# Add universally helpful features when testing boards
+local_conf_header:
+ debug: |
+ EXTRA_IMAGE_FEATURES:append = " debug-tweaks"
diff --git a/meta-arm/ci/fvp-baser-aemv8r64.yml b/meta-arm/ci/fvp-baser-aemv8r64.yml
index 40818bc..cfaf9ef 100644
--- a/meta-arm/ci/fvp-baser-aemv8r64.yml
+++ b/meta-arm/ci/fvp-baser-aemv8r64.yml
@@ -2,6 +2,6 @@
version: 11
includes:
- ci/base.yml
+ - ci/fvp.yml
machine: fvp-baser-aemv8r64
-
diff --git a/meta-arm/ci/fvp.yml b/meta-arm/ci/fvp.yml
index a8f8dfc..3803d8c 100644
--- a/meta-arm/ci/fvp.yml
+++ b/meta-arm/ci/fvp.yml
@@ -3,9 +3,10 @@
local_conf_header:
testimagefvp: |
+ LICENSE_FLAGS_ACCEPTED += "Arm-FVP-EULA"
INHERIT += "fvpboot"
+ failing_tests: |
# This fails but we can't add to the ignorelist from meta-arm yet
# https://bugzilla.yoctoproject.org/show_bug.cgi?id=14604
TEST_SUITES:remove = "parselogs"
- failing_tests: |
TEST_SUITES:remove = "xorg"
diff --git a/meta-arm/ci/fvps.yml b/meta-arm/ci/fvps.yml
index 58c29d5..44c153a 100644
--- a/meta-arm/ci/fvps.yml
+++ b/meta-arm/ci/fvps.yml
@@ -8,6 +8,8 @@
machine: qemuarm64
local_conf_header:
+ license: |
+ LICENSE_FLAGS_ACCEPTED += "Arm-FVP-EULA"
sdk: |
SDKMACHINE = "x86_64"
diff --git a/meta-arm/ci/trusted-services.yml b/meta-arm/ci/n1sdp-ts.yml
similarity index 76%
rename from meta-arm/ci/trusted-services.yml
rename to meta-arm/ci/n1sdp-ts.yml
index 433ec78..e8e9298 100644
--- a/meta-arm/ci/trusted-services.yml
+++ b/meta-arm/ci/n1sdp-ts.yml
@@ -6,8 +6,8 @@
local_conf_header:
trusted_services: |
TEST_SUITES:append = " trusted_services"
- # Include TS Crypto, Storage, ITS, Attestation and SMM-Gateway SPs into optee-os image
- MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its ts-attestation ts-smm-gateway"
+ # Include TS Crypto, TS Protected Storage, TS Internal and Trusted Storage SPs into optee-os image
+ MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its"
# Include TS demo/test tools into image
IMAGE_INSTALL:append = " packagegroup-ts-tests"
# Include TS PSA Arch tests into image
diff --git a/meta-arm/ci/trusted-services.yml b/meta-arm/ci/qemuarm64-secureboot-ts.yml
similarity index 75%
copy from meta-arm/ci/trusted-services.yml
copy to meta-arm/ci/qemuarm64-secureboot-ts.yml
index 433ec78..5f28dd3 100644
--- a/meta-arm/ci/trusted-services.yml
+++ b/meta-arm/ci/qemuarm64-secureboot-ts.yml
@@ -6,8 +6,8 @@
local_conf_header:
trusted_services: |
TEST_SUITES:append = " trusted_services"
- # Include TS Crypto, Storage, ITS, Attestation and SMM-Gateway SPs into optee-os image
- MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its ts-attestation ts-smm-gateway"
+ # Include TS Crypto, TS Protected Storage, TS Internal Trusted Storage and SMM-Gateway SPs into optee-os image
+ MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its ts-smm-gateway"
# Include TS demo/test tools into image
IMAGE_INSTALL:append = " packagegroup-ts-tests"
# Include TS PSA Arch tests into image
diff --git a/meta-arm/ci/testimage.yml b/meta-arm/ci/testimage.yml
index d7de7d06..5d402f0 100644
--- a/meta-arm/ci/testimage.yml
+++ b/meta-arm/ci/testimage.yml
@@ -1,5 +1,7 @@
header:
version: 11
+ includes:
+ - ci/debug.yml
local_conf_header:
testimage: |
diff --git a/meta-arm/documentation/trusted-services.md b/meta-arm/documentation/trusted-services.md
index e3cee6b..70826f6 100644
--- a/meta-arm/documentation/trusted-services.md
+++ b/meta-arm/documentation/trusted-services.md
@@ -1,6 +1,6 @@
# The Trusted Services: framework for developing root-of-trust services
- meta-arm layer includes recipes for [Trusted Services][1] Secure Partitions and Normal World applications
+meta-arm layer includes recipes for [Trusted Services][^1] Secure Partitions and Normal World applications
in `meta-arm/recipes-security/trusted-services`
## Secure Partitions recipes
@@ -12,7 +12,7 @@
### How to include TS SPs
To include TS SPs into optee-os image you need to add into MACHINE_FEATURES
-features for each [Secure Partition][2] you would like to include:
+features for each [Secure Partition][^2] you would like to include:
| Secure Partition | MACHINE_FEATURE |
| ----------------- | --------------- |
@@ -22,32 +22,44 @@
| Protected Storage | ts-storage |
| se-proxy | ts-se-proxy |
| smm-gateway | ts-smm-gateway |
+| spm-test[1-3] | optee-spmc-test |
Other steps depend on your machine/platform definition:
1. For communications between Secure and Normal Words Linux kernel option `CONFIG_ARM_FFA_TRANSPORT=y`
-is required. If your platform doesn't include it already you can add `arm-ffa` into MACHINE_FEATURES.
+ is required. If your platform doesn't include it already you can add `arm-ffa` into MACHINE_FEATURES.
+ (Please see ` meta-arm/recipes-kernel/arm-ffa-tee`.)
+
+ For running the `uefi-test` or the `xtest -t ffa_spmc` tests under Linux the `arm-ffa-user` drivel is required. This is
+ enabled if the `ts-smm-gateway` and/or the `optee-spmc-test` machine features are enabled.
+ (Please see ` meta-arm/recipes-kernel/arm-ffa-user`.)
2. optee-os might require platform specific OP-TEE build parameters (for example what SEL the SPM Core is implemented at).
-You can find examples in `meta-arm/recipes-security/optee/optee-os_%.bbappend` for qemuarm64-secureboot machine
-and in `meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc` and `meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc`
-for N1SDP and Corstone1000 platforms accordingly.
+ You can find examples in `meta-arm/recipes-security/optee/optee-os_%.bbappend` for qemuarm64-secureboot machine
+ and in `meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc` and `meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc`
+ for N1SDP and Corstone1000 platforms accordingly.
3. trusted-firmware-a might require platform specific TF-A build parameters (SPD and SPMC details on the platform).
-See `meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend` for qemuarm64-secureboot machine
-and in `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc` and
-`meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc` for N1SDP and Corstone1000 platforms.
+ See `meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend` for qemuarm64-secureboot machine
+ and in `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc` and
+ `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc` for N1SDP and Corstone1000 platforms.
## Normal World applications
- Optionally for testing purposes you can add `packagegroup-ts-tests` and `packagegroup-ts-tests-psa` package groups into your image.
-They include [Trusted Services test and demo tools][3]
+Optionally for testing purposes you can add `packagegroup-ts-tests` into your image. It includes
+[Trusted Services test and demo tools][^3] and [xtest][^4] configured to include the `ffa_spmc` tests.
## OEQA Trusted Services tests
meta-arm also includes Trusted Service OEQA tests which can be used for automated testing.
See `ci/trusted-services.yml` for an example how to include them into an image.
-[1] https://trusted-services.readthedocs.io/en/integration/overview/introduction.html
-[2] https://trusted-services.readthedocs.io/en/integration/developer/deployments/secure-partitions.html
-[3] https://trusted-services.readthedocs.io/en/integration/developer/deployments/test-executables.html
+
+------
+[^1]: https://trusted-services.readthedocs.io/en/integration/overview/index.html
+
+[^2]: https://trusted-services.readthedocs.io/en/integration/deployments/secure-partitions.html
+
+[^3]: https://trusted-services.readthedocs.io/en/integration/deployments/test-executables.html
+
+[^4]: https://optee.readthedocs.io/en/latest/building/gits/optee_test.html
\ No newline at end of file
diff --git a/meta-arm/kas/corstone1000-base.yml b/meta-arm/kas/corstone1000-base.yml
index 6fda343..9cfe1a2 100644
--- a/meta-arm/kas/corstone1000-base.yml
+++ b/meta-arm/kas/corstone1000-base.yml
@@ -31,7 +31,6 @@
base: |
CONF_VERSION = "2"
PACKAGE_CLASSES = "package_ipk"
- LICENSE_FLAGS_ACCEPTED += "armcompiler"
BB_NUMBER_THREADS ?= "16"
PARALLEL_MAKE ?= "-j16"
PACKAGECONFIG:append:pn-perf = " coresight"
diff --git a/meta-arm/kas/corstone500.yml b/meta-arm/kas/corstone500.yml
index a454a46..f1587b4 100644
--- a/meta-arm/kas/corstone500.yml
+++ b/meta-arm/kas/corstone500.yml
@@ -33,7 +33,6 @@
base: |
CONF_VERSION = "2"
PACKAGE_CLASSES = "package_ipk"
- LICENSE_FLAGS_ACCEPTED += "armcompiler"
BB_NUMBER_THREADS ?= "16"
PARALLEL_MAKE ?= "-j16"
PACKAGECONFIG:append:pn-perf = " coresight"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/corstone500.conf b/meta-arm/meta-arm-bsp/conf/machine/corstone500.conf
index c13c86c..4794028 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/corstone500.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/corstone500.conf
@@ -17,7 +17,6 @@
EXTRA_IMAGEDEPENDS += "trusted-firmware-a u-boot"
IMAGE_CLASSES += "wic_nopt"
-IMAGE_FEATURES += "debug-tweaks"
IMAGE_FSTYPES:forcevariable = "cpio.gz squashfs wic wic.nopt"
SERIAL_CONSOLES = "115200;ttyAMA0"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc
index 3915d18..198c7ec 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc
@@ -43,6 +43,7 @@
# Include smm-gateway and se-proxy SPs into optee-os binary
MACHINE_FEATURES += "ts-smm-gateway ts-se-proxy"
TS_PLATFORM = "arm/corstone1000"
+TS_SP_SE_PROXY_CONFIG = "corstone1000"
# External System(Cortex-M3)
EXTRA_IMAGEDEPENDS += "external-system"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/include/tc.inc b/meta-arm/meta-arm-bsp/conf/machine/include/tc.inc
index 75bfea0..14ec720 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/include/tc.inc
+++ b/meta-arm/meta-arm-bsp/conf/machine/include/tc.inc
@@ -10,17 +10,6 @@
UBOOT_RD_ENTRYPOINT = "0x88000000"
UBOOT_LOADADDRESS = "0x80080000"
UBOOT_ENTRYPOINT = "0x80080000"
-# Below options will generate a key to sign the kernel Image and INITRAMFS_IMAGE
-# according to the default parameters of kernel-fitimage.bbclass. If the user
-# would prefer to use their own keys, disable the key generation using the
-# FIT_GENERATE_KEYS parameter and specify the location of the keys using the
-# below paramters.
-UBOOT_SIGN_ENABLE = "1"
-UBOOT_MKIMAGE_DTCOPTS = "-I dts -O dtb"
-UBOOT_SIGN_KEYNAME = "dev_key"
-UBOOT_SIGN_KEYDIR = "${DEPLOY_DIR_IMAGE}/keys"
-FIT_GENERATE_KEYS = "1"
-FIT_SIGN_INDIVIDUAL = "1"
PREFERRED_PROVIDER_virtual/kernel ?= "linux-yocto"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb
index 46427b7..884d4b3 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb
@@ -15,8 +15,6 @@
inherit image-buildinfo
-IMAGE_FEATURES += "debug-tweaks"
-
#package management is not supported in corstone1000
IMAGE_FEATURES:remove = "package-management"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0044-corstone1000-enable-psci-reset.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0044-corstone1000-enable-psci-reset.patch
new file mode 100644
index 0000000..cb66d5a
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0044-corstone1000-enable-psci-reset.patch
@@ -0,0 +1,30 @@
+From fc1e331fd3ba5a75791b3841c8876f2e1fda8da9 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Wed, 24 May 2023 09:12:11 +0100
+Subject: corstone1000: enable PSCI reset
+
+Even though corstone1000 does not implement entire PSCI APIs,it relies on
+PSCI reset interface for the system reset. U-boot change the config name, so we
+need to enable it again.
+
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+---
+ configs/corstone1000_defconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
+index b8d463f931..9f2ec97f0d 100644
+--- a/configs/corstone1000_defconfig
++++ b/configs/corstone1000_defconfig
+@@ -63,6 +63,7 @@ CONFIG_DM_RTC=y
+ CONFIG_RTC_EMULATION=y
+ CONFIG_DM_SERIAL=y
+ CONFIG_SYSRESET=y
++CONFIG_SYSRESET_PSCI=y
+ CONFIG_USB=y
+ CONFIG_USB_ISP1760=y
+ CONFIG_ERRNO_STR=y
+--
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
index 0bb48a0..fbcdafb 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
@@ -61,6 +61,7 @@
file://0041-nvmxip-move-header-to-include.patch \
file://0042-corstone1000-set-kernel_addr-based-on-boot_idx.patch \
file://0043-corstone1000-boot-index-from-active.patch \
+ file://0044-corstone1000-enable-psci-reset.patch \
"
#
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/0006-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/0006-allow-setting-sysroot-for-libgcc-lookup.patch
deleted file mode 100644
index b838335..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/0006-allow-setting-sysroot-for-libgcc-lookup.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 4b2c1a31efe0c5514ae27e696e75659b55e41259 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@arm.com>
-Date: Tue, 26 May 2020 14:38:02 -0500
-Subject: [PATCH] allow setting sysroot for libgcc lookup
-
-Explicitly pass the new variable LIBGCC_LOCATE_CFLAGS variable when searching
-for the compiler libraries as there's no easy way to reliably pass --sysroot
-otherwise.
-
-Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188]
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
----
- mk/gcc.mk | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/mk/gcc.mk b/mk/gcc.mk
-index adc77a24..81bfa78a 100644
---- a/mk/gcc.mk
-+++ b/mk/gcc.mk
-@@ -13,11 +13,11 @@ nostdinc$(sm) := -nostdinc -isystem $(shell $(CC$(sm)) \
- -print-file-name=include 2> /dev/null)
-
- # Get location of libgcc from gcc
--libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \
-+libgcc$(sm) := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \
- -print-libgcc-file-name 2> /dev/null)
--libstdc++$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
-+libstdc++$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
- -print-file-name=libstdc++.a 2> /dev/null)
--libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
-+libgcc_eh$(sm) := $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
- -print-file-name=libgcc_eh.a 2> /dev/null)
-
- # Define these to something to discover accidental use
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/0007-allow-setting-sysroot-for-clang.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/0007-allow-setting-sysroot-for-clang.patch
deleted file mode 100644
index d5e3694..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/0007-allow-setting-sysroot-for-clang.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 992bed8a62c75aab034fe53d6329fa7c15cf06ee Mon Sep 17 00:00:00 2001
-From: Brett Warren <brett.warren@arm.com>
-Date: Wed, 23 Sep 2020 09:27:34 +0100
-Subject: [PATCH] optee: enable clang support
-
-When compiling with clang, the LIBGCC_LOCATE_CFLAG variable used
-to provide a sysroot wasn't included, which results in not locating
-compiler-rt. This is mitigated by including the variable as ammended.
-
-Upstream-Status: Pending
-ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701
-Signed-off-by: Brett Warren <brett.warren@arm.com>
-
----
- mk/clang.mk | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/mk/clang.mk b/mk/clang.mk
-index 0f48c836..47465523 100644
---- a/mk/clang.mk
-+++ b/mk/clang.mk
-@@ -27,7 +27,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \
-
- # Note, use the compiler runtime library (libclang_rt.builtins.*.a) instead of
- # libgcc for clang
--libgcc$(sm) := $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \
-+libgcc$(sm) := $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \
- -rtlib=compiler-rt -print-libgcc-file-name 2> /dev/null)
-
- # Core ASLR relies on the executable being ready to run from its preferred load
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/0008-no-warn-rwx-segments.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/0008-no-warn-rwx-segments.patch
deleted file mode 100644
index 4048228..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/0008-no-warn-rwx-segments.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From 3126adccaf9c9dc669bb7e1f96326c03da4b570d Mon Sep 17 00:00:00 2001
-From: Jerome Forissier <jerome.forissier@linaro.org>
-Date: Fri, 5 Aug 2022 09:48:03 +0200
-Subject: [PATCH] core: link: add --no-warn-rwx-segments
-
-Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
-Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474]
-
-binutils ld.bfd generates one RWX LOAD segment by merging several sections
-with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it
-also warns by default when that happens [1], which breaks the build due to
---fatal-warnings. The RWX segment is not a problem for the TEE core, since
-that information is not used to set memory permissions. Therefore, silence
-the warning.
-
-Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
-Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448
-Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
-Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
-Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
-
----
- core/arch/arm/kernel/link.mk | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
-
-diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
-index 69375ad6..bea239cf 100644
---- a/core/arch/arm/kernel/link.mk
-+++ b/core/arch/arm/kernel/link.mk
-@@ -17,6 +17,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map
- link-ldflags += --sort-section=alignment
- link-ldflags += --fatal-warnings
- link-ldflags += --gc-sections
-+link-ldflags += $(call ld-option,--no-warn-rwx-segments)
-
- link-ldadd = $(LDADD)
- link-ldadd += $(libdeps)
-@@ -37,6 +38,7 @@ link-script-cppflags := \
- $(cppflagscore))
-
- ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \
-+ $(call ld-option,--no-warn-rwx-segments) \
- $(link-objs) $(link-ldadd) $(libgcccore)
- cleanfiles += $(link-out-dir)/all_objs.o
- $(link-out-dir)/all_objs.o: $(objs) $(libdeps) $(MAKEFILE_LIST)
-@@ -49,7 +51,8 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o
- $(q)$(NMcore) $< | \
- $(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@
-
--unpaged-ldargs = -T $(link-script-dummy) --no-check-sections --gc-sections
-+unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
-+ $(call ld-option,--no-warn-rwx-segments)
- unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore)
- cleanfiles += $(link-out-dir)/unpaged.o
- $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt
-@@ -77,7 +80,8 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o
- $(q)$(NMcore) $< | \
- $(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@
-
--init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections
-+init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
-+ $(call ld-option,--no-warn-rwx-segments)
- init-ldadd := $(link-objs-init) $(link-out-dir)/version.o $(link-ldadd) \
- $(libgcccore)
- cleanfiles += $(link-out-dir)/init.o
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch
deleted file mode 100644
index c44885c..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch
+++ /dev/null
@@ -1,287 +0,0 @@
-From 13de79cd4f0d25b812e5f4ad4a19bc075496be83 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 16:36:51 +0000
-Subject: [PATCH 01/20] Add openamp to SE proxy deployment
-
-Openamp is required to communicate between secure partitions(running on
-Cortex-A) and trusted-firmware-m(running on Cortex-M).
-These changes are to fetch libmetal and openamp from github repo's
-and build it.
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- deployments/se-proxy/opteesp/lse.S | 28 ++++++++
- deployments/se-proxy/se-proxy.cmake | 8 +++
- external/openamp/libmetal-init-cache.cmake.in | 20 ++++++
- external/openamp/libmetal.cmake | 67 +++++++++++++++++++
- external/openamp/openamp-init-cache.cmake.in | 20 ++++++
- external/openamp/openamp.cmake | 66 ++++++++++++++++++
- 6 files changed, 209 insertions(+)
- create mode 100644 deployments/se-proxy/opteesp/lse.S
- create mode 100644 external/openamp/libmetal-init-cache.cmake.in
- create mode 100644 external/openamp/libmetal.cmake
- create mode 100644 external/openamp/openamp-init-cache.cmake.in
- create mode 100644 external/openamp/openamp.cmake
-
-diff --git a/deployments/se-proxy/opteesp/lse.S b/deployments/se-proxy/opteesp/lse.S
-new file mode 100644
-index 000000000000..8e466d65fc2b
---- /dev/null
-+++ b/deployments/se-proxy/opteesp/lse.S
-@@ -0,0 +1,28 @@
-+// SPDX-License-Identifier: BSD-3-Clause
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ */
-+
-+.text
-+.globl __aarch64_cas4_acq_rel
-+.globl __aarch64_cas4_sync
-+
-+__aarch64_cas4_acq_rel:
-+ mov w16, w0
-+ ldaxr w0, [x2]
-+ cmp w0, w16
-+0: bne 1f
-+
-+ stlxr w17, w1, [x2]
-+ cbnz w17, 0b
-+1: ret
-+
-+__aarch64_cas4_sync:
-+ mov w16, w0
-+ ldxr w0, [x2]
-+ cmp w0, w16
-+0: bne 1f
-+
-+ stlxr w17, w1, [x2]
-+ cbnz w17, 0b
-+1: ret
-diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
-index 426c66c05350..d39873a0fe81 100644
---- a/deployments/se-proxy/se-proxy.cmake
-+++ b/deployments/se-proxy/se-proxy.cmake
-@@ -61,6 +61,7 @@ add_components(TARGET "se-proxy"
- target_sources(se-proxy PRIVATE
- ${CMAKE_CURRENT_LIST_DIR}/common/se_proxy_sp.c
- ${CMAKE_CURRENT_LIST_DIR}/common/service_proxy_factory.c
-+ ${CMAKE_CURRENT_LIST_DIR}/opteesp/lse.S
- )
-
- #-------------------------------------------------------------------------------
-@@ -73,6 +74,13 @@ include(../../../external/nanopb/nanopb.cmake)
- target_link_libraries(se-proxy PRIVATE nanopb::protobuf-nanopb-static)
- protobuf_generate_all(TGT "se-proxy" NAMESPACE "protobuf" BASE_DIR "${TS_ROOT}/protocols")
-
-+# libmetal
-+include(../../../external/openamp/libmetal.cmake)
-+
-+# OpenAMP
-+include(../../../external/openamp/openamp.cmake)
-+target_link_libraries(se-proxy PRIVATE openamp libmetal)
-+
- #################################################################
-
- target_include_directories(se-proxy PRIVATE
-diff --git a/external/openamp/libmetal-init-cache.cmake.in b/external/openamp/libmetal-init-cache.cmake.in
-new file mode 100644
-index 000000000000..04c25fbde960
---- /dev/null
-+++ b/external/openamp/libmetal-init-cache.cmake.in
-@@ -0,0 +1,20 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-+# Copyright (c) 2021-2022, Linaro. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+
-+set(CMAKE_INSTALL_PREFIX "@BUILD_INSTALL_DIR@" CACHE STRING "")
-+set(CMAKE_TOOLCHAIN_FILE "@TS_EXTERNAL_LIB_TOOLCHAIN_FILE@" CACHE STRING "")
-+set(BUILD_SHARED_LIBS Off CACHE BOOL "")
-+set(BUILD_STATIC_LIBS On CACHE BOOL "")
-+
-+set(WITH_DOC OFF CACHE BOOL "")
-+set(WITH_TESTS OFF CACHE BOOL "")
-+set(WITH_EXAMPLES OFF CACHE BOOL "")
-+set(WITH_DEFAULT_LOGGER OFF CACHE BOOL "")
-+set(MACHINE "template" CACHE STRING "")
-+
-+@_cmake_fragment@
-diff --git a/external/openamp/libmetal.cmake b/external/openamp/libmetal.cmake
-new file mode 100644
-index 000000000000..6e5004ff555c
---- /dev/null
-+++ b/external/openamp/libmetal.cmake
-@@ -0,0 +1,67 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2022 Linaro Limited
-+# Copyright (c) 2022, Arm Limited. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+
-+set (LIBMETAL_URL "https://github.com/OpenAMP/libmetal.git"
-+ CACHE STRING "libmetal repository URL")
-+set (LIBMETAL_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/libmetal_install"
-+ CACHE DIR "libmetal installation directory")
-+set(LIBMETAL_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/libmetal"
-+ CACHE DIR "libmetal source-code")
-+set (LIBMETAL_PACKAGE_DIR "${LIBMETAL_INSTALL_DIR}/libmetal/cmake"
-+ CACHE DIR "libmetal CMake package directory")
-+set (LIBMETAL_TARGET_NAME "libmetal")
-+set (LIBMETAL_REFSPEC "f252f0e007fbfb8b3a52b1d5901250ddac96baad"
-+ CACHE STRING "The version of libmetal to use")
-+set(LIBMETAL_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/libmetal-build")
-+
-+set(GIT_OPTIONS
-+ GIT_REPOSITORY ${LIBMETAL_URL}
-+ GIT_TAG ${LIBMETAL_REFSPEC}
-+ GIT_SHALLOW FALSE
-+)
-+
-+if(NOT LIBMETAL_DEBUG)
-+ set(LIBMETAL_BUILD_TYPE "Release")
-+else()
-+ set(LIBMETAL_BUILD_TYPE "Debug")
-+endif()
-+
-+include(FetchContent)
-+
-+# Checking git
-+find_program(GIT_COMMAND "git")
-+if (NOT GIT_COMMAND)
-+ message(FATAL_ERROR "Please install git")
-+endif()
-+
-+# Only pass libc settings to libmetal if needed. For environments where the
-+# standard library is not overridden, this is not needed.
-+if(TARGET stdlib::c)
-+ include(${TS_ROOT}/tools/cmake/common/PropertyCopy.cmake)
-+
-+ # Save libc settings
-+ save_interface_target_properties(TGT stdlib::c PREFIX LIBC)
-+ # Translate libc settings to cmake code fragment. Will be inserted into
-+ # libmetal-init-cache.cmake.in when LazyFetch configures the file.
-+ translate_interface_target_properties(PREFIX LIBC RES _cmake_fragment)
-+ unset_saved_properties(LIBC)
-+endif()
-+
-+include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED)
-+LazyFetch_MakeAvailable(DEP_NAME libmetal
-+ FETCH_OPTIONS "${GIT_OPTIONS}"
-+ INSTALL_DIR "${LIBMETAL_INSTALL_DIR}"
-+ CACHE_FILE "${TS_ROOT}/external/openamp/libmetal-init-cache.cmake.in"
-+ SOURCE_DIR "${LIBMETAL_SOURCE_DIR}"
-+)
-+unset(_cmake_fragment)
-+
-+#Create an imported target to have clean abstraction in the build-system.
-+add_library(libmetal STATIC IMPORTED)
-+set_property(TARGET libmetal PROPERTY IMPORTED_LOCATION "${LIBMETAL_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}metal${CMAKE_STATIC_LIBRARY_SUFFIX}")
-+set_property(TARGET libmetal PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${LIBMETAL_INSTALL_DIR}/include")
-diff --git a/external/openamp/openamp-init-cache.cmake.in b/external/openamp/openamp-init-cache.cmake.in
-new file mode 100644
-index 000000000000..302b80511bce
---- /dev/null
-+++ b/external/openamp/openamp-init-cache.cmake.in
-@@ -0,0 +1,20 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-+# Copyright (c) 2021-2022, Linaro. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+
-+set(CMAKE_INSTALL_PREFIX "@BUILD_INSTALL_DIR@" CACHE STRING "")
-+set(CMAKE_TOOLCHAIN_FILE "@TS_EXTERNAL_LIB_TOOLCHAIN_FILE@" CACHE STRING "")
-+set(BUILD_SHARED_LIBS Off CACHE BOOL "")
-+set(BUILD_STATIC_LIBS On CACHE BOOL "")
-+
-+set(LIBMETAL_INCLUDE_DIR "@CMAKE_CURRENT_BINARY_DIR@/libmetal_install/include" CACHE
-+ STRING "")
-+set(LIBMETAL_LIB "@CMAKE_CURRENT_BINARY_DIR@/libmetal_install/lib" CACHE STRING "")
-+set(RPMSG_BUFFER_SIZE "512" CACHE STRING "")
-+set(MACHINE "template" CACHE STRING "")
-+
-+@_cmake_fragment@
-diff --git a/external/openamp/openamp.cmake b/external/openamp/openamp.cmake
-new file mode 100644
-index 000000000000..449f35f4fda4
---- /dev/null
-+++ b/external/openamp/openamp.cmake
-@@ -0,0 +1,66 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2022 Linaro Limited
-+# Copyright (c) 2022, Arm Limited. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+
-+set (OPENAMP_URL "https://github.com/OpenAMP/open-amp.git"
-+ CACHE STRING "OpenAMP repository URL")
-+set (OPENAMP_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/openamp_install"
-+ CACHE DIR "OpenAMP installation directory")
-+set (OPENAMP_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/openamp"
-+ CACHE DIR "OpenAMP source code directory")
-+set (OPENAMP_PACKAGE_DIR "${OPENAMP_INSTALL_DIR}/openamp/cmake"
-+ CACHE DIR "OpenAMP CMake package directory")
-+set (OPENAMP_TARGET_NAME "openamp")
-+set (OPENAMP_REFSPEC "347397decaa43372fc4d00f965640ebde042966d"
-+ CACHE STRING "The version of openamp to use")
-+
-+set(GIT_OPTIONS
-+ GIT_REPOSITORY ${OPENAMP_URL}
-+ GIT_TAG ${OPENAMP_REFSPEC}
-+ GIT_SHALLOW FALSE
-+)
-+
-+if(NOT OPENAMP_DEBUG)
-+ set(OPENAMP_BUILD_TYPE "Release")
-+else()
-+ set(OPENAMP_BUILD_TYPE "Debug")
-+endif()
-+
-+include(FetchContent)
-+
-+# Checking git
-+find_program(GIT_COMMAND "git")
-+if (NOT GIT_COMMAND)
-+ message(FATAL_ERROR "Please install git")
-+endif()
-+
-+# Only pass libc settings to openamp if needed. For environments where the
-+# standard library is not overridden, this is not needed.
-+if(TARGET stdlib::c)
-+ include(${TS_ROOT}/tools/cmake/common/PropertyCopy.cmake)
-+
-+ # Save libc settings
-+ save_interface_target_properties(TGT stdlib::c PREFIX LIBC)
-+ # Translate libc settings to cmake code fragment. Will be inserted into
-+ # libmetal-init-cache.cmake.in when LazyFetch configures the file.
-+ translate_interface_target_properties(PREFIX LIBC RES _cmake_fragment)
-+ unset_saved_properties(LIBC)
-+endif()
-+
-+include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED)
-+LazyFetch_MakeAvailable(DEP_NAME openamp
-+ FETCH_OPTIONS "${GIT_OPTIONS}"
-+ INSTALL_DIR "${OPENAMP_INSTALL_DIR}"
-+ CACHE_FILE "${TS_ROOT}/external/openamp/openamp-init-cache.cmake.in"
-+ SOURCE_DIR "${OPENAMP_SOURCE_DIR}"
-+)
-+unset(_cmake_fragment)
-+
-+#Create an imported target to have clean abstraction in the build-system.
-+add_library(openamp STATIC IMPORTED)
-+set_property(TARGET openamp PROPERTY IMPORTED_LOCATION "${OPENAMP_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}open_amp${CMAKE_STATIC_LIBRARY_SUFFIX}")
-+set_property(TARGET openamp PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${OPENAMP_INSTALL_DIR}/include")
---
-2.38.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch
similarity index 78%
rename from meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch
rename to meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch
index 0040e12..c1775b7 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch
@@ -1,7 +1,7 @@
-From 050be6fdfee656b0556766cc1db30f4c0ea87c79 Mon Sep 17 00:00:00 2001
+From a965129153a0cca340535fe2cf99dbfef9b557da Mon Sep 17 00:00:00 2001
From: Julian Hall <julian.hall@arm.com>
Date: Tue, 12 Oct 2021 15:45:41 +0100
-Subject: [PATCH 13/20] Add stub capsule update service components
+Subject: [PATCH 1/6] Add stub capsule update service components
To facilitate development of a capsule update service provider,
stub components are added to provide a starting point for an
@@ -18,15 +18,12 @@
.../provider/capsule_update_provider.c | 133 ++++++++++++++++++
.../provider/capsule_update_provider.h | 51 +++++++
.../capsule_update/provider/component.cmake | 13 ++
- deployments/se-proxy/common/se_proxy_sp.c | 3 +
- .../se-proxy/common/service_proxy_factory.c | 16 +++
- .../se-proxy/common/service_proxy_factory.h | 1 +
- deployments/se-proxy/se-proxy.cmake | 1 +
+ .../se-proxy/infra/corstone1000/infra.cmake | 1 +
deployments/se-proxy/se_proxy_interfaces.h | 9 +-
.../capsule_update/capsule_update_proto.h | 13 ++
protocols/service/capsule_update/opcodes.h | 17 +++
protocols/service/capsule_update/parameters.h | 15 ++
- 12 files changed, 292 insertions(+), 4 deletions(-)
+ 9 files changed, 272 insertions(+), 4 deletions(-)
create mode 100644 components/service/capsule_update/backend/capsule_update_backend.h
create mode 100644 components/service/capsule_update/provider/capsule_update_provider.c
create mode 100644 components/service/capsule_update/provider/capsule_update_provider.h
@@ -280,75 +277,18 @@
+target_sources(${TGT} PRIVATE
+ "${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c"
+ )
-diff --git a/deployments/se-proxy/common/se_proxy_sp.c b/deployments/se-proxy/common/se_proxy_sp.c
-index a37396f4454b..a38ad6ca3f56 100644
---- a/deployments/se-proxy/common/se_proxy_sp.c
-+++ b/deployments/se-proxy/common/se_proxy_sp.c
-@@ -77,6 +77,9 @@ void __noreturn sp_main(struct ffa_init_info *init_info)
- }
- rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_ATTEST, rpc_iface);
-
-+ rpc_iface = capsule_update_proxy_create();
-+ rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE, rpc_iface);
-+
- /* End of boot phase */
- result = sp_msg_wait(&req_msg);
- if (result != SP_RESULT_OK) {
-diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
-index 7edeef8b434a..591cc9eeb59e 100644
---- a/deployments/se-proxy/common/service_proxy_factory.c
-+++ b/deployments/se-proxy/common/service_proxy_factory.c
-@@ -13,6 +13,7 @@
- #include <service/crypto/factory/crypto_provider_factory.h>
- #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
- #include <trace.h>
-+#include <service/capsule_update/provider/capsule_update_provider.h>
-
- /* Stub backends */
- #include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-@@ -93,3 +94,18 @@ struct rpc_interface *its_proxy_create(void)
-
- return secure_storage_provider_init(&its_provider, backend);
- }
-+
-+struct rpc_interface *capsule_update_proxy_create(void)
-+{
-+ static struct capsule_update_provider capsule_update_provider;
-+ static struct rpc_caller *capsule_update_caller;
-+
-+ capsule_update_caller = openamp_caller_init(&openamp);
-+
-+ if (!capsule_update_caller)
-+ return NULL;
-+
-+ capsule_update_provider.client.caller = capsule_update_caller;
-+
-+ return capsule_update_provider_init(&capsule_update_provider);
-+}
-diff --git a/deployments/se-proxy/common/service_proxy_factory.h b/deployments/se-proxy/common/service_proxy_factory.h
-index 298d407a2371..02aa7fe2550d 100644
---- a/deployments/se-proxy/common/service_proxy_factory.h
-+++ b/deployments/se-proxy/common/service_proxy_factory.h
-@@ -17,6 +17,7 @@ struct rpc_interface *attest_proxy_create(void);
- struct rpc_interface *crypto_proxy_create(void);
- struct rpc_interface *ps_proxy_create(void);
- struct rpc_interface *its_proxy_create(void);
-+struct rpc_interface *capsule_update_proxy_create(void);
-
- #ifdef __cplusplus
- }
-diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
-index 3dbbc36c968d..f0db2d43f443 100644
---- a/deployments/se-proxy/se-proxy.cmake
-+++ b/deployments/se-proxy/se-proxy.cmake
-@@ -51,6 +51,7 @@ add_components(TARGET "se-proxy"
- "components/service/attestation/provider/serializer/packed-c"
+diff --git a/deployments/se-proxy/infra/corstone1000/infra.cmake b/deployments/se-proxy/infra/corstone1000/infra.cmake
+index 4e7e2bd58028..e60b5400617f 100644
+--- a/deployments/se-proxy/infra/corstone1000/infra.cmake
++++ b/deployments/se-proxy/infra/corstone1000/infra.cmake
+@@ -21,6 +21,7 @@ add_components(TARGET "se-proxy"
+ "components/service/attestation/key_mngr/local"
"components/service/attestation/reporter/psa_ipc"
- "components/service/attestation/client/psa_ipc"
+ "components/service/crypto/backend/psa_ipc"
+ "components/service/capsule_update/provider"
- "components/rpc/openamp/caller/sp"
+ "components/service/secure_storage/backend/secure_storage_ipc"
+ )
- # Stub service provider backends
diff --git a/deployments/se-proxy/se_proxy_interfaces.h b/deployments/se-proxy/se_proxy_interfaces.h
index 48908f846990..3d4a7c204785 100644
--- a/deployments/se-proxy/se_proxy_interfaces.h
@@ -432,5 +372,5 @@
+
+#endif /* CAPSULE_UPDATE_PARAMETERS_H */
--
-2.38.1
+2.40.0
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
similarity index 96%
rename from meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
rename to meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
index c1598a9..3f3800c 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
@@ -1,7 +1,7 @@
-From 1a4d46fdc0b5745b9cfb0789e4b778111bd6dbbb Mon Sep 17 00:00:00 2001
+From 51a7024967187644011c5043ef0f733cf81b26be Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Mon, 14 Feb 2022 08:22:25 +0000
-Subject: [PATCH 18/20] Fixes in AEAD for psa-arch test 54 and 58.
+Subject: [PATCH 2/6] Fixes in AEAD for psa-arch test 54 and 58.
Upstream-Status: Pending [Not submitted to upstream yet]
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
@@ -29,7 +29,7 @@
/* Mandatory input data parameter */
diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h
-index 4d7bf6e959b0..e3c4df2927b3 100644
+index 30aa102da581..130d27295878 100644
--- a/components/service/crypto/include/psa/crypto_sizes.h
+++ b/components/service/crypto/include/psa/crypto_sizes.h
@@ -351,7 +351,7 @@
@@ -117,5 +117,5 @@
/* Variable length input parameter tags */
--
-2.38.1
+2.40.0
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch
deleted file mode 100644
index 0371a7a..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch
+++ /dev/null
@@ -1,1091 +0,0 @@
-From 28aedac78016e5063ebd675a43e6c3655f87b442 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 18:00:46 +0000
-Subject: [PATCH 02/20] Implement mhu driver and the OpenAmp conversion layer.
-
-This commit adds an mhu driver (v2.1 and v2) to the secure
-partition se_proxy and a conversion layer to communicate with
-the secure enclave using OpenAmp.
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../se-proxy/opteesp/default_se-proxy.dts.in | 16 +
- .../drivers/arm/mhu_driver/component.cmake | 12 +
- platform/drivers/arm/mhu_driver/mhu_v2.h | 391 ++++++++++++
- platform/drivers/arm/mhu_driver/mhu_v2_x.c | 602 ++++++++++++++++++
- .../providers/arm/corstone1000/platform.cmake | 10 +
- 5 files changed, 1031 insertions(+)
- create mode 100644 platform/drivers/arm/mhu_driver/component.cmake
- create mode 100644 platform/drivers/arm/mhu_driver/mhu_v2.h
- create mode 100644 platform/drivers/arm/mhu_driver/mhu_v2_x.c
- create mode 100644 platform/providers/arm/corstone1000/platform.cmake
-
-diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-index 5748d2f80f88..267b4f923540 100644
---- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-+++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-@@ -17,4 +17,20 @@
- xlat-granule = <0>; /* 4KiB */
- messaging-method = <3>; /* Direct messaging only */
- legacy-elf-format = <1>;
-+
-+ device-regions {
-+ compatible = "arm,ffa-manifest-device-regions";
-+ mhu-sender {
-+ /* Armv8 A Foundation Platform values */
-+ base-address = <0x00000000 0x1b820000>;
-+ pages-count = <16>;
-+ attributes = <0x3>; /* read-write */
-+ };
-+ mhu-receiver {
-+ /* Armv8 A Foundation Platform values */
-+ base-address = <0x00000000 0x1b830000>;
-+ pages-count = <16>;
-+ attributes = <0x3>; /* read-write */
-+ };
-+ };
- };
-diff --git a/platform/drivers/arm/mhu_driver/component.cmake b/platform/drivers/arm/mhu_driver/component.cmake
-new file mode 100644
-index 000000000000..77a5a50b67d1
---- /dev/null
-+++ b/platform/drivers/arm/mhu_driver/component.cmake
-@@ -0,0 +1,12 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+
-+# Add source files for using mhu driver
-+target_sources(${TGT}
-+ PRIVATE
-+ "${CMAKE_CURRENT_LIST_DIR}/mhu_v2_x.c"
-+)
-diff --git a/platform/drivers/arm/mhu_driver/mhu_v2.h b/platform/drivers/arm/mhu_driver/mhu_v2.h
-new file mode 100644
-index 000000000000..2e4ba80fab95
---- /dev/null
-+++ b/platform/drivers/arm/mhu_driver/mhu_v2.h
-@@ -0,0 +1,391 @@
-+/*
-+ * Copyright (c) 2021 Arm Limited
-+ *
-+ * Licensed under the Apache License, Version 2.0 (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ *
-+ * http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+
-+/**
-+ * \file mhu_v2_x.h
-+ * \brief Driver for Arm MHU v2.0 and v2.1
-+ */
-+
-+#ifndef __MHU_V2_X_H__
-+#define __MHU_V2_X_H__
-+
-+#include <stdint.h>
-+#include <stdbool.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+#define MHU_2_X_INTR_NR2R_OFF (0x0u)
-+#define MHU_2_X_INTR_R2NR_OFF (0x1u)
-+#define MHU_2_1_INTR_CHCOMB_OFF (0x2u)
-+
-+#define MHU_2_X_INTR_NR2R_MASK (0x1u << MHU_2_X_INTR_NR2R_OFF)
-+#define MHU_2_X_INTR_R2NR_MASK (0x1u << MHU_2_X_INTR_R2NR_OFF)
-+#define MHU_2_1_INTR_CHCOMB_MASK (0x1u << MHU_2_1_INTR_CHCOMB_OFF)
-+
-+enum mhu_v2_x_frame_t {
-+ MHU_V2_X_SENDER_FRAME = 0x0u,
-+ MHU_V2_X_RECEIVER_FRAME = 0x1u,
-+};
-+
-+enum mhu_v2_x_supported_revisions {
-+ MHU_REV_READ_FROM_HW = 0,
-+ MHU_REV_2_0,
-+ MHU_REV_2_1,
-+};
-+
-+struct mhu_v2_x_dev_t {
-+ uint32_t base;
-+ enum mhu_v2_x_frame_t frame;
-+ uint32_t subversion; /*!< Hardware subversion: v2.X */
-+ bool is_initialized; /*!< Indicates if the MHU driver
-+ * is initialized and enabled
-+ */
-+};
-+
-+/**
-+ * \brief MHU v2 error enumeration types.
-+ */
-+enum mhu_v2_x_error_t {
-+ MHU_V_2_X_ERR_NONE = 0,
-+ MHU_V_2_X_ERR_NOT_INIT = -1,
-+ MHU_V_2_X_ERR_ALREADY_INIT = -2,
-+ MHU_V_2_X_ERR_UNSUPPORTED_VERSION = -3,
-+ MHU_V_2_X_ERR_INVALID_ARG = -4,
-+ MHU_V_2_X_ERR_GENERAL = -5
-+};
-+
-+/**
-+ * \brief Initializes the driver
-+ *
-+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] rev MHU revision (if can't be identified from HW)
-+ *
-+ * Reads the MHU hardware version
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note MHU revision only has to be specified when versions can't be read
-+ * from HW (ARCH_MAJOR_REV reg reads as 0x0).
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_driver_init(struct mhu_v2_x_dev_t *dev,
-+ enum mhu_v2_x_supported_revisions rev);
-+
-+/**
-+ * \brief Returns the number of channels implemented.
-+ *
-+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
-+ *
-+ * Returns the number of channels implemented.
-+ *
-+ * \return Returns the number of channels implemented.
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+uint32_t mhu_v2_x_get_num_channel_implemented(
-+ const struct mhu_v2_x_dev_t *dev);
-+
-+/**
-+ * \brief Sends the value over a channel.
-+ *
-+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel Channel to send the value over.
-+ * \param[in] val Value to send.
-+ *
-+ * Sends the value over a channel.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_send(const struct mhu_v2_x_dev_t *dev,
-+ uint32_t channel, uint32_t val);
-+
-+/**
-+ * \brief Clears the channel after the value is send over it.
-+ *
-+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel Channel to clear.
-+ *
-+ * Clears the channel after the value is send over it.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_clear(const struct mhu_v2_x_dev_t *dev,
-+ uint32_t channel);
-+
-+/**
-+ * \brief Receives the value over a channel.
-+ *
-+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel Channel to receive the value from.
-+ * \param[out] value Pointer to variable that will store the value.
-+ *
-+ * Receives the value over a channel.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_receive(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t *value);
-+
-+/**
-+ * \brief Sets bits in the Channel Mask.
-+ *
-+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel Which channel's mask to set.
-+ * \param[in] mask Mask to be set over a receiver frame.
-+ *
-+ * Sets bits in the Channel Mask.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_set(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask);
-+
-+/**
-+ * \brief Clears bits in the Channel Mask.
-+ *
-+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel Which channel's mask to clear.
-+ * \param[in] mask Mask to be clear over a receiver frame.
-+ *
-+ * Clears bits in the Channel Mask.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_clear(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask);
-+
-+/**
-+ * \brief Enables the Channel interrupt.
-+ *
-+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel Which channel's interrupt to enable.
-+ *
-+ * Enables the Channel clear interrupt.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_enable(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t channel);
-+
-+/**
-+ * \brief Disables the Channel interrupt.
-+ *
-+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel Which channel's interrupt to disable.
-+ *
-+ * Disables the Channel interrupt.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_disable(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t channel);
-+
-+/**
-+ * \brief Cleares the Channel interrupt.
-+ *
-+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel Which channel's interrupt to clear.
-+ *
-+ * Cleares the Channel interrupt.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_clear(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t channel);
-+
-+/**
-+ * \brief Initiates a MHU transfer with the handshake signals.
-+ *
-+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
-+ *
-+ * Initiates a MHU transfer with the handshake signals in a blocking mode.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_initiate_transfer(
-+ const struct mhu_v2_x_dev_t *dev);
-+
-+/**
-+ * \brief Closes a MHU transfer with the handshake signals.
-+ *
-+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
-+ *
-+ * Closes a MHU transfer with the handshake signals in a blocking mode.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_close_transfer(
-+ const struct mhu_v2_x_dev_t *dev);
-+
-+/**
-+ * \brief Returns the value of access request signal.
-+ *
-+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[out] val Pointer to variable that will store the value.
-+ *
-+ * For more information please read the MHU v2 user guide
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_get_access_request(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t *val);
-+
-+/**
-+ * \brief Sets the value of access request signal to high.
-+ *
-+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
-+ *
-+ * For more information please read the MHU v2 user guide
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_set_access_request(
-+ const struct mhu_v2_x_dev_t *dev);
-+
-+/**
-+ * \brief Sets the value of access request signal to low.
-+ *
-+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
-+ *
-+ * For more information please read the MHU v2 user guide
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_reset_access_request(
-+ const struct mhu_v2_x_dev_t *dev);
-+
-+/**
-+ * \brief Returns the value of access ready signal.
-+ *
-+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[out] val Pointer to variable that will store the value.
-+ *
-+ * For more information please read the MHU v2 user guide
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_get_access_ready(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t *val);
-+
-+/**
-+ * \brief Returns the MHU interrupt status.
-+ *
-+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
-+ *
-+ * \return Interrupt status register value. Masking is needed for individual
-+ * interrupts.
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+uint32_t mhu_v2_x_get_interrupt_status(const struct mhu_v2_x_dev_t *dev);
-+
-+/**
-+ * \brief Enables MHU interrupts.
-+ *
-+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] mask Bit mask for enabling/disabling interrupts
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_interrupt_enable(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t mask);
-+
-+/**
-+ * \brief Disables MHU interrupts.
-+ *
-+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] mask Bit mask for enabling/disabling interrupts
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_interrupt_disable(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t mask);
-+
-+/**
-+ * \brief Clears MHU interrupts.
-+ *
-+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] mask Bit mask for clearing interrupts
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_interrupt_clear(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t mask);
-+
-+/**
-+ * \brief Returns the first channel number whose interrupt bit is high.
-+ *
-+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[out] channel Pointer to variable that will have the channel value.
-+ *
-+ * \return Returns the first channel number whose interrupt bit is high.
-+ * \return Returns mhu_v2_x_error_t error code.
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_1_get_ch_interrupt_num(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t *channel);
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* __MHU_V2_X_H__ */
-diff --git a/platform/drivers/arm/mhu_driver/mhu_v2_x.c b/platform/drivers/arm/mhu_driver/mhu_v2_x.c
-new file mode 100644
-index 000000000000..01d8f659a73a
---- /dev/null
-+++ b/platform/drivers/arm/mhu_driver/mhu_v2_x.c
-@@ -0,0 +1,602 @@
-+/*
-+ * Copyright (c) 2021 Arm Limited
-+ *
-+ * Licensed under the Apache License, Version 2.0 (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ *
-+ * http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+#include <stdint.h>
-+#include <stdbool.h>
-+#include "mhu_v2.h"
-+
-+#define _MHU_V2_X_MAX_CHANNELS 124
-+#define _MHU_V2_1_MAX_CHCOMB_INT 4
-+#define ENABLE 0x1
-+#define DISABLE 0x0
-+#define CLEAR_INTR 0x1
-+#define CH_PER_CH_COMB 0x20
-+#define SEND_FRAME(p_mhu) ((struct _mhu_v2_x_send_frame_t *)p_mhu)
-+#define RECV_FRAME(p_mhu) ((struct _mhu_v2_x_recv_frame_t *)p_mhu)
-+
-+#define MHU_MAJOR_REV_V2 0x1u
-+#define MHU_MINOR_REV_2_0 0x0u
-+#define MHU_MINOR_REV_2_1 0x1u
-+
-+struct _mhu_v2_x_send_ch_window_t {
-+ /* Offset: 0x00 (R/ ) Channel Status */
-+ volatile uint32_t ch_st;
-+ /* Offset: 0x04 (R/ ) Reserved */
-+ volatile uint32_t reserved_0;
-+ /* Offset: 0x08 (R/ ) Reserved */
-+ volatile uint32_t reserved_1;
-+ /* Offset: 0x0C ( /W) Channel Set */
-+ volatile uint32_t ch_set;
-+ /* Offset: 0x10 (R/ ) Channel Interrupt Status (Reserved in 2.0) */
-+ volatile uint32_t ch_int_st;
-+ /* Offset: 0x14 ( /W) Channel Interrupt Clear (Reserved in 2.0) */
-+ volatile uint32_t ch_int_clr;
-+ /* Offset: 0x18 (R/W) Channel Interrupt Enable (Reserved in 2.0) */
-+ volatile uint32_t ch_int_en;
-+ /* Offset: 0x1C (R/ ) Reserved */
-+ volatile uint32_t reserved_2;
-+};
-+
-+struct _mhu_v2_x_send_frame_t {
-+ /* Offset: 0x000 ( / ) Sender Channel Window 0 -123 */
-+ struct _mhu_v2_x_send_ch_window_t send_ch_window[_MHU_V2_X_MAX_CHANNELS];
-+ /* Offset: 0xF80 (R/ ) Message Handling Unit Configuration */
-+ volatile uint32_t mhu_cfg;
-+ /* Offset: 0xF84 (R/W) Response Configuration */
-+ volatile uint32_t resp_cfg;
-+ /* Offset: 0xF88 (R/W) Access Request */
-+ volatile uint32_t access_request;
-+ /* Offset: 0xF8C (R/ ) Access Ready */
-+ volatile uint32_t access_ready;
-+ /* Offset: 0xF90 (R/ ) Interrupt Status */
-+ volatile uint32_t int_st;
-+ /* Offset: 0xF94 ( /W) Interrupt Clear */
-+ volatile uint32_t int_clr;
-+ /* Offset: 0xF98 (R/W) Interrupt Enable */
-+ volatile uint32_t int_en;
-+ /* Offset: 0xF9C (R/ ) Reserved */
-+ volatile uint32_t reserved_0;
-+ /* Offset: 0xFA0 (R/W) Channel Combined Interrupt Stat (Reserved in 2.0) */
-+ volatile uint32_t ch_comb_int_st[_MHU_V2_1_MAX_CHCOMB_INT];
-+ /* Offset: 0xFC4 (R/ ) Reserved */
-+ volatile uint32_t reserved_1[6];
-+ /* Offset: 0xFC8 (R/ ) Implementer Identification Register */
-+ volatile uint32_t iidr;
-+ /* Offset: 0xFCC (R/ ) Architecture Identification Register */
-+ volatile uint32_t aidr;
-+ /* Offset: 0xFD0 (R/ ) */
-+ volatile uint32_t pid_1[4];
-+ /* Offset: 0xFE0 (R/ ) */
-+ volatile uint32_t pid_0[4];
-+ /* Offset: 0xFF0 (R/ ) */
-+ volatile uint32_t cid[4];
-+};
-+
-+struct _mhu_v2_x_rec_ch_window_t {
-+ /* Offset: 0x00 (R/ ) Channel Status */
-+ volatile uint32_t ch_st;
-+ /* Offset: 0x04 (R/ ) Channel Status Masked */
-+ volatile uint32_t ch_st_msk;
-+ /* Offset: 0x08 ( /W) Channel Clear */
-+ volatile uint32_t ch_clr;
-+ /* Offset: 0x0C (R/ ) Reserved */
-+ volatile uint32_t reserved_0;
-+ /* Offset: 0x10 (R/ ) Channel Mask Status */
-+ volatile uint32_t ch_msk_st;
-+ /* Offset: 0x14 ( /W) Channel Mask Set */
-+ volatile uint32_t ch_msk_set;
-+ /* Offset: 0x18 ( /W) Channel Mask Clear */
-+ volatile uint32_t ch_msk_clr;
-+ /* Offset: 0x1C (R/ ) Reserved */
-+ volatile uint32_t reserved_1;
-+};
-+
-+struct _mhu_v2_x_recv_frame_t {
-+ /* Offset: 0x000 ( / ) Receiver Channel Window 0 -123 */
-+ struct _mhu_v2_x_rec_ch_window_t rec_ch_window[_MHU_V2_X_MAX_CHANNELS];
-+ /* Offset: 0xF80 (R/ ) Message Handling Unit Configuration */
-+ volatile uint32_t mhu_cfg;
-+ /* Offset: 0xF84 (R/ ) Reserved */
-+ volatile uint32_t reserved_0[3];
-+ /* Offset: 0xF90 (R/ ) Interrupt Status (Reserved in 2.0) */
-+ volatile uint32_t int_st;
-+ /* Offset: 0xF94 (R/ ) Interrupt Clear (Reserved in 2.0) */
-+ volatile uint32_t int_clr;
-+ /* Offset: 0xF98 (R/W) Interrupt Enable (Reserved in 2.0) */
-+ volatile uint32_t int_en;
-+ /* Offset: 0xF9C (R/ ) Reserved */
-+ volatile uint32_t reserved_1;
-+ /* Offset: 0xFA0 (R/ ) Channel Combined Interrupt Stat (Reserved in 2.0) */
-+ volatile uint32_t ch_comb_int_st[_MHU_V2_1_MAX_CHCOMB_INT];
-+ /* Offset: 0xFB0 (R/ ) Reserved */
-+ volatile uint32_t reserved_2[6];
-+ /* Offset: 0xFC8 (R/ ) Implementer Identification Register */
-+ volatile uint32_t iidr;
-+ /* Offset: 0xFCC (R/ ) Architecture Identification Register */
-+ volatile uint32_t aidr;
-+ /* Offset: 0xFD0 (R/ ) */
-+ volatile uint32_t pid_1[4];
-+ /* Offset: 0xFE0 (R/ ) */
-+ volatile uint32_t pid_0[4];
-+ /* Offset: 0xFF0 (R/ ) */
-+ volatile uint32_t cid[4];
-+};
-+
-+union _mhu_v2_x_frame_t {
-+ struct _mhu_v2_x_send_frame_t send_frame;
-+ struct _mhu_v2_x_recv_frame_t recv_frame;
-+};
-+
-+enum mhu_v2_x_error_t mhu_v2_x_driver_init(struct mhu_v2_x_dev_t *dev,
-+ enum mhu_v2_x_supported_revisions rev)
-+{
-+ uint32_t AIDR = 0;
-+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+ if (dev->is_initialized) {
-+ return MHU_V_2_X_ERR_ALREADY_INIT;
-+ }
-+
-+ if (rev == MHU_REV_READ_FROM_HW) {
-+ /* Read revision from HW */
-+ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+ AIDR = p_mhu->recv_frame.aidr;
-+ } else {
-+ AIDR = p_mhu->send_frame.aidr;
-+ }
-+
-+ /* Get bits 7:4 to read major revision */
-+ if ( ((AIDR >> 4) & 0b1111) != MHU_MAJOR_REV_V2) {
-+ /* Unsupported MHU version */
-+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+ } /* No need to save major version, driver only supports MHUv2 */
-+
-+ /* Get bits 3:0 to read minor revision */
-+ dev->subversion = AIDR & 0b1111;
-+
-+ if (dev->subversion != MHU_MINOR_REV_2_0 &&
-+ dev->subversion != MHU_MINOR_REV_2_1) {
-+ /* Unsupported subversion */
-+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+ }
-+ } else {
-+ /* Revisions were provided by caller */
-+ if (rev == MHU_REV_2_0) {
-+ dev->subversion = MHU_MINOR_REV_2_0;
-+ } else if (rev == MHU_REV_2_1) {
-+ dev->subversion = MHU_MINOR_REV_2_1;
-+ } else {
-+ /* Unsupported subversion */
-+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+ }/* No need to save major version, driver only supports MHUv2 */
-+ }
-+
-+ dev->is_initialized = true;
-+
-+ return MHU_V_2_X_ERR_NONE;
-+}
-+
-+uint32_t mhu_v2_x_get_num_channel_implemented(const struct mhu_v2_x_dev_t *dev)
-+{
-+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+ if ( !(dev->is_initialized) ) {
-+ return MHU_V_2_X_ERR_NOT_INIT;
-+ }
-+
-+ if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+ return (SEND_FRAME(p_mhu))->mhu_cfg;
-+ } else {
-+ return (RECV_FRAME(p_mhu))->mhu_cfg;
-+ }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_send(const struct mhu_v2_x_dev_t *dev,
-+ uint32_t channel, uint32_t val)
-+{
-+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+ if ( !(dev->is_initialized) ) {
-+ return MHU_V_2_X_ERR_NOT_INIT;
-+ }
-+
-+ if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_set = val;
-+ return MHU_V_2_X_ERR_NONE;
-+ } else {
-+ return MHU_V_2_X_ERR_INVALID_ARG;
-+ }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_clear(const struct mhu_v2_x_dev_t *dev,
-+ uint32_t channel)
-+{
-+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+ if ( !(dev->is_initialized) ) {
-+ return MHU_V_2_X_ERR_NOT_INIT;
-+ }
-+
-+ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+ (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_clr = UINT32_MAX;
-+ return MHU_V_2_X_ERR_NONE;
-+ } else {
-+ return MHU_V_2_X_ERR_INVALID_ARG;
-+ }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_receive(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t *value)
-+{
-+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+ if ( !(dev->is_initialized) ) {
-+ return MHU_V_2_X_ERR_NOT_INIT;
-+ }
-+
-+ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+ *value = (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_st;
-+ return MHU_V_2_X_ERR_NONE;
-+ } else {
-+ return MHU_V_2_X_ERR_INVALID_ARG;
-+ }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_set(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask)
-+{
-+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+ if ( !(dev->is_initialized) ) {
-+ return MHU_V_2_X_ERR_NOT_INIT;
-+ }
-+
-+ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+ (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_msk_set = mask;
-+ return MHU_V_2_X_ERR_NONE;
-+ } else {
-+ return MHU_V_2_X_ERR_INVALID_ARG;
-+ }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_clear(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask)
-+{
-+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+ if ( !(dev->is_initialized) ) {
-+ return MHU_V_2_X_ERR_NOT_INIT;
-+ }
-+
-+ if(dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+ (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_msk_clr = mask;
-+ return MHU_V_2_X_ERR_NONE;
-+ } else {
-+ return MHU_V_2_X_ERR_INVALID_ARG;
-+ }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_enable(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t channel)
-+{
-+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+ if ( !(dev->is_initialized) ) {
-+ return MHU_V_2_X_ERR_NOT_INIT;
-+ }
-+
-+ if (dev->subversion == MHU_MINOR_REV_2_1) {
-+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+ }
-+
-+ if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_en = ENABLE;
-+ return MHU_V_2_X_ERR_NONE;
-+ } else {
-+ return MHU_V_2_X_ERR_INVALID_ARG;
-+ }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_disable(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t channel)
-+{
-+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+ if ( !(dev->is_initialized) ) {
-+ return MHU_V_2_X_ERR_NOT_INIT;
-+ }
-+
-+ if (dev->subversion == MHU_MINOR_REV_2_1) {
-+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+ }
-+
-+ if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_en = DISABLE;
-+ return MHU_V_2_X_ERR_NONE;
-+ } else {
-+ return MHU_V_2_X_ERR_INVALID_ARG;
-+ }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_clear(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t channel)
-+{
-+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+ if ( !(dev->is_initialized) ) {
-+ return MHU_V_2_X_ERR_NOT_INIT;
-+ }
-+
-+ if (dev->subversion == MHU_MINOR_REV_2_1) {
-+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+ }
-+
-+ if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+ (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_clr = CLEAR_INTR;
-+ return MHU_V_2_X_ERR_NONE;
-+ } else {
-+ return MHU_V_2_X_ERR_INVALID_ARG;
-+ }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_initiate_transfer(
-+ const struct mhu_v2_x_dev_t *dev)
-+{
-+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+ if ( !(dev->is_initialized) ) {
-+ return MHU_V_2_X_ERR_NOT_INIT;
-+ }
-+
-+ if(dev->frame != MHU_V2_X_SENDER_FRAME) {
-+ return MHU_V_2_X_ERR_INVALID_ARG;
-+ }
-+
-+ (SEND_FRAME(p_mhu))->access_request = ENABLE;
-+
-+ while ( !((SEND_FRAME(p_mhu))->access_ready) ) {
-+ /* Wait in a loop for access ready signal to be high */
-+ ;
-+ }
-+
-+ return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_close_transfer(const struct mhu_v2_x_dev_t *dev)
-+{
-+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+ if ( !(dev->is_initialized) ) {
-+ return MHU_V_2_X_ERR_NOT_INIT;
-+ }
-+
-+ if(dev->frame != MHU_V2_X_SENDER_FRAME) {
-+ return MHU_V_2_X_ERR_INVALID_ARG;
-+ }
-+
-+ (SEND_FRAME(p_mhu))->access_request = DISABLE;
-+
-+ return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_get_access_request(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t *val)
-+{
-+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+ if ( !(dev->is_initialized) ) {
-+ return MHU_V_2_X_ERR_NOT_INIT;
-+ }
-+
-+ if(dev->frame != MHU_V2_X_SENDER_FRAME) {
-+ return MHU_V_2_X_ERR_INVALID_ARG;
-+ }
-+
-+ *val = (SEND_FRAME(p_mhu))->access_request;
-+
-+ return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_set_access_request(
-+ const struct mhu_v2_x_dev_t *dev)
-+{
-+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+ if ( !(dev->is_initialized) ) {
-+ return MHU_V_2_X_ERR_NOT_INIT;
-+ }
-+
-+ if(dev->frame != MHU_V2_X_SENDER_FRAME) {
-+ return MHU_V_2_X_ERR_INVALID_ARG;
-+ }
-+
-+ (SEND_FRAME(p_mhu))->access_request = ENABLE;
-+
-+ return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_reset_access_request(
-+ const struct mhu_v2_x_dev_t *dev)
-+{
-+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+ if ( !(dev->is_initialized) ) {
-+ return MHU_V_2_X_ERR_NOT_INIT;
-+ }
-+
-+ if(dev->frame != MHU_V2_X_SENDER_FRAME) {
-+ return MHU_V_2_X_ERR_INVALID_ARG;
-+ }
-+
-+ (SEND_FRAME(p_mhu))->access_request = DISABLE;
-+
-+ return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_get_access_ready(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t *val)
-+{
-+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+ if ( !(dev->is_initialized) ) {
-+ return MHU_V_2_X_ERR_NOT_INIT;
-+ }
-+
-+ if(dev->frame != MHU_V2_X_SENDER_FRAME) {
-+ return MHU_V_2_X_ERR_INVALID_ARG;
-+ }
-+
-+ *val = (SEND_FRAME(p_mhu))->access_ready;
-+
-+ return MHU_V_2_X_ERR_NONE;
-+}
-+
-+uint32_t mhu_v2_x_get_interrupt_status(const struct mhu_v2_x_dev_t *dev)
-+{
-+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+ if ( !(dev->is_initialized) ) {
-+ return MHU_V_2_X_ERR_NOT_INIT;
-+ }
-+
-+ if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+ return (SEND_FRAME(p_mhu))->int_st;
-+ } else {
-+ return (RECV_FRAME(p_mhu))->int_st;
-+ }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_interrupt_enable(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t mask)
-+{
-+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+ if ( !(dev->is_initialized) ) {
-+ return MHU_V_2_X_ERR_NOT_INIT;
-+ }
-+
-+ if (dev->subversion == MHU_MINOR_REV_2_0) {
-+ if (mask & MHU_2_1_INTR_CHCOMB_MASK) {
-+ /* Combined channel IRQ is not present in v2.0 */
-+ return MHU_V_2_X_ERR_INVALID_ARG;
-+ }
-+
-+ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+ /* Only sender frame has these registers */
-+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+ }
-+ }
-+
-+ if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+ (SEND_FRAME(p_mhu))->int_en |= mask;
-+ } else {
-+ (RECV_FRAME(p_mhu))->int_en |= mask;
-+ }
-+
-+ return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_interrupt_disable(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t mask)
-+{
-+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+ if ( !(dev->is_initialized) ) {
-+ return MHU_V_2_X_ERR_NOT_INIT;
-+ }
-+
-+ if (dev->subversion == MHU_MINOR_REV_2_0) {
-+ if (mask & MHU_2_1_INTR_CHCOMB_MASK) {
-+ /* Combined channel IRQ is not present in v2.0 */
-+ return MHU_V_2_X_ERR_INVALID_ARG;
-+ }
-+
-+ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+ /* Only sender frame has these registers */
-+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+ }
-+ }
-+
-+ if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+ (SEND_FRAME(p_mhu))->int_en &= ~mask;
-+ } else {
-+ (RECV_FRAME(p_mhu))->int_en &= ~mask;
-+ }
-+
-+ return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_interrupt_clear(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t mask)
-+{
-+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+ if ( !(dev->is_initialized) ) {
-+ return MHU_V_2_X_ERR_NOT_INIT;
-+ }
-+
-+ if (dev->subversion == MHU_MINOR_REV_2_0) {
-+ if (mask & MHU_2_1_INTR_CHCOMB_MASK) {
-+ /* Combined channel IRQ is not present in v2.0 */
-+ return MHU_V_2_X_ERR_INVALID_ARG;
-+ }
-+
-+ if (dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+ /* Only sender frame has these registers */
-+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+ }
-+ }
-+
-+ if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+ (SEND_FRAME(p_mhu))->int_clr = mask;
-+ } else {
-+ (RECV_FRAME(p_mhu))->int_clr = mask;
-+ }
-+
-+ return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_1_get_ch_interrupt_num(
-+ const struct mhu_v2_x_dev_t *dev, uint32_t *channel)
-+{
-+ uint32_t i, j, status;
-+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+ if ( !(dev->is_initialized) ) {
-+ return MHU_V_2_X_ERR_NOT_INIT;
-+ }
-+
-+ if (dev->subversion != MHU_MINOR_REV_2_1) {
-+ /* Feature is only supported in MHU v2.1 */
-+ return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+ }
-+
-+ for(i = 0; i < _MHU_V2_1_MAX_CHCOMB_INT; i++) {
-+ if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+ status = (SEND_FRAME(p_mhu))->ch_comb_int_st[i];
-+ } else {
-+ status = (RECV_FRAME(p_mhu))->ch_comb_int_st[i];
-+ }
-+
-+ for(j = 0; j < CH_PER_CH_COMB; j++) {
-+ if ((status >> CH_PER_CH_COMB - j - 1) & (ENABLE)) {
-+ *channel = (CH_PER_CH_COMB - j -1 + (i * CH_PER_CH_COMB));
-+ return MHU_V_2_X_ERR_NONE;
-+ }
-+ }
-+ }
-+
-+ return MHU_V_2_X_ERR_GENERAL;
-+}
-diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
-new file mode 100644
-index 000000000000..bb778bb9719b
---- /dev/null
-+++ b/platform/providers/arm/corstone1000/platform.cmake
-@@ -0,0 +1,10 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+# Platform definition for the 'fvp_base_revc-2xaem8a' virtual platform.
-+#-------------------------------------------------------------------------------
-+
-+# include MHU driver
-+include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake)
---
-2.38.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch
deleted file mode 100644
index 5686fac..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch
+++ /dev/null
@@ -1,1196 +0,0 @@
-From 55394c4c9681af71b1ed7f7ebc7c44b2e1737113 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 19:00:54 +0000
-Subject: [PATCH 03/20] Add openamp rpc caller
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- components/rpc/common/caller/rpc_caller.c | 10 +
- components/rpc/common/interface/rpc_caller.h | 8 +
- .../rpc/openamp/caller/sp/component.cmake | 15 +
- .../rpc/openamp/caller/sp/openamp_caller.c | 203 +++++++
- .../rpc/openamp/caller/sp/openamp_caller.h | 43 ++
- .../rpc/openamp/caller/sp/openamp_mhu.c | 191 ++++++
- .../rpc/openamp/caller/sp/openamp_mhu.h | 19 +
- .../rpc/openamp/caller/sp/openamp_virtio.c | 555 ++++++++++++++++++
- .../rpc/openamp/caller/sp/openamp_virtio.h | 24 +
- .../se-proxy/opteesp/default_se-proxy.dts.in | 6 +
- deployments/se-proxy/se-proxy.cmake | 1 +
- 11 files changed, 1075 insertions(+)
- create mode 100644 components/rpc/openamp/caller/sp/component.cmake
- create mode 100644 components/rpc/openamp/caller/sp/openamp_caller.c
- create mode 100644 components/rpc/openamp/caller/sp/openamp_caller.h
- create mode 100644 components/rpc/openamp/caller/sp/openamp_mhu.c
- create mode 100644 components/rpc/openamp/caller/sp/openamp_mhu.h
- create mode 100644 components/rpc/openamp/caller/sp/openamp_virtio.c
- create mode 100644 components/rpc/openamp/caller/sp/openamp_virtio.h
-
-diff --git a/components/rpc/common/caller/rpc_caller.c b/components/rpc/common/caller/rpc_caller.c
-index 2dceabeb8967..20d889c162b0 100644
---- a/components/rpc/common/caller/rpc_caller.c
-+++ b/components/rpc/common/caller/rpc_caller.c
-@@ -37,3 +37,13 @@ void rpc_caller_end(struct rpc_caller *s, rpc_call_handle handle)
- {
- s->call_end(s->context, handle);
- }
-+
-+void *rpc_caller_virt_to_phys(struct rpc_caller *s, void *va)
-+{
-+ return s->virt_to_phys(s->context, va);
-+}
-+
-+void *rpc_caller_phys_to_virt(struct rpc_caller *s, void *pa)
-+{
-+ return s->phys_to_virt(s->context, pa);
-+}
-diff --git a/components/rpc/common/interface/rpc_caller.h b/components/rpc/common/interface/rpc_caller.h
-index 387489cdb1b2..ef9bb64905ed 100644
---- a/components/rpc/common/interface/rpc_caller.h
-+++ b/components/rpc/common/interface/rpc_caller.h
-@@ -45,6 +45,10 @@ struct rpc_caller
- rpc_opstatus_t *opstatus, uint8_t **resp_buf, size_t *resp_len);
-
- void (*call_end)(void *context, rpc_call_handle handle);
-+
-+ void *(*virt_to_phys)(void *context, void *va);
-+
-+ void *(*phys_to_virt)(void *context, void *pa);
- };
-
- /*
-@@ -87,6 +91,10 @@ RPC_CALLER_EXPORTED rpc_status_t rpc_caller_invoke(struct rpc_caller *s, rpc_cal
- */
- RPC_CALLER_EXPORTED void rpc_caller_end(struct rpc_caller *s, rpc_call_handle handle);
-
-+RPC_CALLER_EXPORTED void *rpc_caller_virt_to_phys(struct rpc_caller *s, void *va);
-+
-+RPC_CALLER_EXPORTED void *rpc_caller_phys_to_virt(struct rpc_caller *s, void *pa);
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/components/rpc/openamp/caller/sp/component.cmake b/components/rpc/openamp/caller/sp/component.cmake
-new file mode 100644
-index 000000000000..fc919529d731
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/component.cmake
-@@ -0,0 +1,15 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+ "${CMAKE_CURRENT_LIST_DIR}/openamp_caller.c"
-+ "${CMAKE_CURRENT_LIST_DIR}/openamp_virtio.c"
-+ "${CMAKE_CURRENT_LIST_DIR}/openamp_mhu.c"
-+ )
-diff --git a/components/rpc/openamp/caller/sp/openamp_caller.c b/components/rpc/openamp/caller/sp/openamp_caller.c
-new file mode 100644
-index 000000000000..6cdfb756568f
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_caller.c
-@@ -0,0 +1,203 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <stddef.h>
-+#include <trace.h>
-+#include "openamp_caller.h"
-+#include "openamp_mhu.h"
-+#include "openamp_virtio.h"
-+#include <protocols/rpc/common/packed-c/status.h>
-+
-+#define OPENAMP_TRANSACTION_IDLE 0x0
-+#define OPENAMP_TRANSACTION_INPROGRESS 0x1
-+#define OPENAMP_TRANSACTION_INVOKED 0x2
-+
-+static rpc_call_handle openamp_call_begin(void *context, uint8_t **req_buf,
-+ size_t req_len)
-+{
-+ struct openamp_caller *openamp = context;
-+ const struct openamp_platform_ops *ops = openamp->platform_ops;
-+ rpc_call_handle handle;
-+ int ret;
-+
-+ if (!req_buf) {
-+ EMSG("openamp: call_begin: not req_buf");
-+ return NULL;
-+ }
-+
-+ if (req_len > UINT32_MAX || req_len == 0) {
-+ EMSG("openamp: call_begin: resp_len invalid: %lu", req_len);
-+ return NULL;
-+ }
-+
-+ if (openamp->status != OPENAMP_TRANSACTION_IDLE) {
-+ EMSG("openamp: call_begin: transaction not idle");
-+ return NULL;
-+ }
-+
-+ ret = ops->platform_call_begin(openamp, req_buf, req_len);
-+ if (ret < 0) {
-+ EMSG("openamp: call_begin: platform begin failed: %d", ret);
-+ return NULL;
-+ }
-+
-+ openamp->status = OPENAMP_TRANSACTION_INPROGRESS;
-+ handle = openamp;
-+
-+ return handle;
-+}
-+
-+static rpc_status_t openamp_call_invoke(void *context, rpc_call_handle handle,
-+ uint32_t opcode, int *opstatus,
-+ uint8_t **resp_buf, size_t *resp_len)
-+{
-+ struct openamp_caller *openamp = context;
-+ const struct openamp_platform_ops *ops = openamp->platform_ops;
-+ rpc_status_t status;
-+ int ret;
-+
-+ (void)opcode;
-+
-+ if ((handle != openamp) || !opstatus || !resp_buf || !resp_len) {
-+ EMSG("openamp: call_invoke: invalid arguments");
-+ return TS_RPC_ERROR_INVALID_PARAMETER;
-+ }
-+
-+ if (openamp->status != OPENAMP_TRANSACTION_INPROGRESS) {
-+ EMSG("openamp: call_invoke: transaction needed to be started");
-+ return TS_RPC_ERROR_NOT_READY;
-+ }
-+
-+ ret = ops->platform_call_invoke(openamp, opstatus, resp_buf, resp_len);
-+ if (ret < 0)
-+ return TS_RPC_ERROR_INTERNAL;
-+
-+ openamp->status = OPENAMP_TRANSACTION_INVOKED;
-+ *opstatus = 0;
-+
-+ return TS_RPC_CALL_ACCEPTED;
-+}
-+
-+static void openamp_call_end(void *context, rpc_call_handle handle)
-+{
-+ struct openamp_caller *openamp = context;
-+ const struct openamp_platform_ops *ops = openamp->platform_ops;
-+
-+ if (handle != openamp) {
-+ EMSG("openamp: call_end: invalid arguments");
-+ return;
-+ }
-+
-+ if (openamp->status == OPENAMP_TRANSACTION_IDLE) {
-+ EMSG("openamp: call_end: transaction idle");
-+ return;
-+ }
-+
-+ ops->platform_call_end(openamp);
-+
-+ openamp->status = OPENAMP_TRANSACTION_IDLE;
-+}
-+
-+static void *openamp_virt_to_phys(void *context, void *va)
-+{
-+ struct openamp_caller *openamp = context;
-+ const struct openamp_platform_ops *ops = openamp->platform_ops;
-+
-+ return ops->platform_virt_to_phys(openamp, va);
-+}
-+
-+static void *openamp_phys_to_virt(void *context, void *pa)
-+{
-+ struct openamp_caller *openamp = context;
-+ const struct openamp_platform_ops *ops = openamp->platform_ops;
-+
-+ return ops->platform_phys_to_virt(openamp, pa);
-+}
-+
-+static int openamp_init(struct openamp_caller *openamp)
-+{
-+ const struct openamp_platform_ops *ops = openamp->platform_ops;
-+ int ret;
-+
-+ ret = ops->transport_init(openamp);
-+ if (ret < 0)
-+ return ret;
-+
-+ ret = ops->platform_init(openamp);
-+ if (ret < 0)
-+ goto denit_transport;
-+
-+ return 0;
-+
-+denit_transport:
-+ ops->transport_deinit(openamp);
-+
-+ return ret;
-+}
-+
-+static const struct openamp_platform_ops openamp_virtio_ops = {
-+ .transport_init = openamp_mhu_init,
-+ .transport_deinit = openamp_mhu_deinit,
-+ .transport_notify = openamp_mhu_notify_peer,
-+ .transport_receive = openamp_mhu_receive,
-+ .platform_init = openamp_virtio_init,
-+ .platform_call_begin = openamp_virtio_call_begin,
-+ .platform_call_invoke = openamp_virtio_call_invoke,
-+ .platform_call_end = openamp_virtio_call_end,
-+ .platform_virt_to_phys = openamp_virtio_virt_to_phys,
-+ .platform_phys_to_virt = openamp_virtio_phys_to_virt,
-+};
-+
-+struct rpc_caller *openamp_caller_init(struct openamp_caller *openamp)
-+{
-+ struct rpc_caller *rpc = &openamp->rpc_caller;
-+ int ret;
-+
-+ if (openamp->ref_count)
-+ return rpc;
-+
-+ rpc_caller_init(rpc, openamp);
-+
-+ rpc->call_begin = openamp_call_begin;
-+ rpc->call_invoke = openamp_call_invoke;
-+ rpc->call_end = openamp_call_end;
-+ rpc->virt_to_phys = openamp_virt_to_phys;
-+ rpc->phys_to_virt = openamp_phys_to_virt;
-+ openamp->platform_ops = &openamp_virtio_ops;
-+
-+ ret = openamp_init(openamp);
-+ if (ret < 0) {
-+ EMSG("openamp_init: failed to start: %d", ret);
-+ return rpc;
-+ }
-+ openamp->ref_count++;
-+
-+ return rpc;
-+}
-+
-+void openamp_caller_deinit(struct openamp_caller *openamp)
-+{
-+ struct rpc_caller *rpc = &openamp->rpc_caller;
-+
-+ if (--openamp->ref_count)
-+ return;
-+
-+ rpc->context = NULL;
-+ rpc->call_begin = NULL;
-+ rpc->call_invoke = NULL;
-+ rpc->call_end = NULL;
-+}
-+
-+int openamp_caller_discover(struct openamp_caller *openamp)
-+{
-+ return openamp_init(openamp);
-+}
-+
-+int openamp_caller_open(struct openamp_caller *openamp)
-+{
-+
-+}
-diff --git a/components/rpc/openamp/caller/sp/openamp_caller.h b/components/rpc/openamp/caller/sp/openamp_caller.h
-new file mode 100644
-index 000000000000..3fb67c56cc53
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_caller.h
-@@ -0,0 +1,43 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+#ifndef OPENAMP_CALLER_H
-+#define OPENAMP_CALLER_H
-+
-+#include <stddef.h>
-+#include <rpc_caller.h>
-+
-+struct openamp_caller {
-+ struct rpc_caller rpc_caller;
-+ const struct openamp_platform_ops *platform_ops;
-+ uint32_t ref_count;
-+ uint8_t status;
-+
-+ void *transport;
-+ void *platform;
-+};
-+
-+struct openamp_platform_ops {
-+ int (*transport_init)(struct openamp_caller *openamp);
-+ int (*transport_deinit)(struct openamp_caller *openamp);
-+ int (*transport_notify)(struct openamp_caller *openamp);
-+ int (*transport_receive)(struct openamp_caller *openamp);
-+ int (*platform_init)(struct openamp_caller *openamp);
-+ int (*platform_deinit)(struct openamp_caller *openamp);
-+ int (*platform_call_begin)(struct openamp_caller *openamp,
-+ uint8_t **req_buf, size_t req_len);
-+ int (*platform_call_invoke)(struct openamp_caller *openamp,
-+ int *opstatus, uint8_t **resp_buf,
-+ size_t *resp_len);
-+ int (*platform_call_end)(struct openamp_caller *openamp);
-+ void *(*platform_virt_to_phys)(struct openamp_caller *openamp, void *va);
-+ void *(*platform_phys_to_virt)(struct openamp_caller *openamp, void *pa);
-+};
-+
-+struct rpc_caller *openamp_caller_init(struct openamp_caller *openamp);
-+void openamp_caller_deinit(struct openamp_caller *openamp);
-+
-+#endif
-diff --git a/components/rpc/openamp/caller/sp/openamp_mhu.c b/components/rpc/openamp/caller/sp/openamp_mhu.c
-new file mode 100644
-index 000000000000..ffdadaf870a3
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_mhu.c
-@@ -0,0 +1,191 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <config/interface/config_store.h>
-+#include <config/interface/config_blob.h>
-+#include <platform/interface/device_region.h>
-+#include <platform/drivers/arm/mhu_driver/mhu_v2.h>
-+#include <trace.h>
-+#include <errno.h>
-+#include <stdlib.h>
-+#include <stdint.h>
-+#include <stddef.h>
-+#include <limits.h>
-+
-+#include "openamp_caller.h"
-+
-+#define MHU_V_2_NOTIFY_CHANNEL 0
-+#define MHU_V_2_NOTIFY_VALUE 0xff
-+
-+struct openamp_mhu {
-+ struct device_region rx_region;
-+ struct device_region tx_region;
-+ struct mhu_v2_x_dev_t rx_dev;
-+ struct mhu_v2_x_dev_t tx_dev;
-+};
-+
-+static int openamp_mhu_device_get(const char *dev,
-+ struct device_region *dev_region)
-+{
-+ bool found;
-+
-+ found = config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION, dev, 0,
-+ dev_region, sizeof(*dev_region));
-+ if (!found)
-+ return -EINVAL;
-+
-+ if (!dev_region->base_addr)
-+ return -EINVAL;
-+
-+ IMSG("mhu: device region found: %s addr: 0x%x size: %d", dev,
-+ dev_region->base_addr, dev_region->io_region_size);
-+
-+ return 0;
-+}
-+
-+int openamp_mhu_receive(struct openamp_caller *openamp)
-+{
-+ struct mhu_v2_x_dev_t *rx_dev;
-+ enum mhu_v2_x_error_t ret;
-+ struct openamp_mhu *mhu;
-+ uint32_t channel = 0;
-+ uint32_t irq_status;
-+
-+ if (!openamp->transport) {
-+ EMSG("openamp: mhu: receive transport not initialized");
-+ return -EINVAL;
-+ }
-+
-+ mhu = openamp->transport;
-+ rx_dev = &mhu->rx_dev;
-+
-+ irq_status = 0;
-+
-+ do {
-+ irq_status = mhu_v2_x_get_interrupt_status(rx_dev);
-+ } while(!irq_status);
-+
-+ ret = mhu_v2_1_get_ch_interrupt_num(rx_dev, &channel);
-+
-+ ret = mhu_v2_x_channel_clear(rx_dev, channel);
-+ if (ret != MHU_V_2_X_ERR_NONE) {
-+ EMSG("openamp: mhu: failed to clear channel: %d", channel);
-+ return -EPROTO;
-+ }
-+
-+ return 0;
-+}
-+
-+int openamp_mhu_notify_peer(struct openamp_caller *openamp)
-+{
-+ struct mhu_v2_x_dev_t *tx_dev;
-+ enum mhu_v2_x_error_t ret;
-+ struct openamp_mhu *mhu;
-+ uint32_t access_ready;
-+
-+ if (!openamp->transport) {
-+ EMSG("openamp: mhu: notify transport not initialized");
-+ return -EINVAL;
-+ }
-+
-+ mhu = openamp->transport;
-+ tx_dev = &mhu->tx_dev;
-+
-+ ret = mhu_v2_x_set_access_request(tx_dev);
-+ if (ret != MHU_V_2_X_ERR_NONE) {
-+ EMSG("openamp: mhu: set access request failed");
-+ return -EPROTO;
-+ }
-+
-+ do {
-+ ret = mhu_v2_x_get_access_ready(tx_dev, &access_ready);
-+ if (ret != MHU_V_2_X_ERR_NONE) {
-+ EMSG("openamp: mhu: failed to get access_ready");
-+ return -EPROTO;
-+ }
-+ } while (!access_ready);
-+
-+ ret = mhu_v2_x_channel_send(tx_dev, MHU_V_2_NOTIFY_CHANNEL,
-+ MHU_V_2_NOTIFY_VALUE);
-+ if (ret != MHU_V_2_X_ERR_NONE) {
-+ EMSG("openamp: mhu: failed send over channel");
-+ return -EPROTO;
-+ }
-+
-+ ret = mhu_v2_x_reset_access_request(tx_dev);
-+ if (ret != MHU_V_2_X_ERR_NONE) {
-+ EMSG("openamp: mhu: failed reset access request");
-+ return -EPROTO;
-+ }
-+
-+ return 0;
-+}
-+
-+int openamp_mhu_init(struct openamp_caller *openamp)
-+{
-+ struct mhu_v2_x_dev_t *rx_dev;
-+ struct mhu_v2_x_dev_t *tx_dev;
-+ struct openamp_mhu *mhu;
-+ int ret;
-+
-+ /* if we already have initialized skip this */
-+ if (openamp->transport)
-+ return 0;
-+
-+ mhu = malloc(sizeof(*mhu));
-+ if (!mhu)
-+ return -1;
-+
-+ ret = openamp_mhu_device_get("mhu-sender", &mhu->tx_region);
-+ if (ret < 0)
-+ goto free_mhu;
-+
-+ ret = openamp_mhu_device_get("mhu-receiver", &mhu->rx_region);
-+ if (ret < 0)
-+ goto free_mhu;
-+
-+ rx_dev = &mhu->rx_dev;
-+ tx_dev = &mhu->tx_dev;
-+
-+ rx_dev->base = (unsigned int)mhu->rx_region.base_addr;
-+ rx_dev->frame = MHU_V2_X_RECEIVER_FRAME;
-+
-+ tx_dev->base = (unsigned int)mhu->tx_region.base_addr;
-+ tx_dev->frame = MHU_V2_X_SENDER_FRAME;
-+
-+ ret = mhu_v2_x_driver_init(rx_dev, MHU_REV_READ_FROM_HW);
-+ if (ret < 0)
-+ goto free_mhu;
-+
-+ ret = mhu_v2_x_driver_init(tx_dev, MHU_REV_READ_FROM_HW);
-+ if (ret < 0)
-+ goto free_mhu;
-+
-+ openamp->transport = (void *)mhu;
-+
-+ return 0;
-+
-+free_mhu:
-+ free(mhu);
-+
-+ return ret;
-+}
-+
-+int openamp_mhu_deinit(struct openamp_caller *openamp)
-+{
-+ struct openamp_mhu *mhu;
-+
-+ if (!openamp->transport)
-+ return 0;
-+
-+ mhu = openamp->transport;
-+ free(mhu);
-+
-+ openamp->transport = NULL;
-+
-+ return 0;
-+}
-diff --git a/components/rpc/openamp/caller/sp/openamp_mhu.h b/components/rpc/openamp/caller/sp/openamp_mhu.h
-new file mode 100644
-index 000000000000..2ae5cb8ee1c6
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_mhu.h
-@@ -0,0 +1,19 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+#ifndef OPENAMP_MHU_H
-+#define OPENAMP_MHU_H
-+
-+#include <stddef.h>
-+#include "openamp_caller.h"
-+
-+int openamp_mhu_init(struct openamp_caller *openamp);
-+int openamp_mhu_deinit(struct openamp_caller *openamp);
-+
-+int openamp_mhu_notify_peer(struct openamp_caller *openamp);
-+int openamp_mhu_receive(struct openamp_caller *openamp);
-+
-+#endif
-diff --git a/components/rpc/openamp/caller/sp/openamp_virtio.c b/components/rpc/openamp/caller/sp/openamp_virtio.c
-new file mode 100644
-index 000000000000..b7c1aa929111
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_virtio.c
-@@ -0,0 +1,555 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <metal/device.h>
-+#include <metal/spinlock.h>
-+#include <openamp/open_amp.h>
-+#include <platform/interface/device_region.h>
-+#include <config/interface/config_store.h>
-+
-+#include <stddef.h>
-+#include <trace.h>
-+#include "openamp_caller.h"
-+
-+#define OPENAMP_SHEM_DEVICE_NAME "openamp-virtio"
-+#define OPENAMP_RPMSG_ENDPOINT_NAME OPENAMP_SHEM_DEVICE_NAME
-+#define OPENAMP_RPMSG_ENDPOINT_ADDR 1024
-+
-+#define OPENAMP_SHEM_PHYS 0x88000000
-+#define OPENAMP_SHEM_PHYS_PAGES 1
-+#define OPENAMP_SHEM_SE_PHYS 0xa8000000
-+
-+#define OPENAMP_SHEM_VDEV_SIZE (4 * 1024)
-+#define OPENAMP_SHEM_VRING_SIZE (4 * 1024)
-+
-+#define OPENAMP_BUFFER_NO_WAIT 0
-+#define OPENAMP_BUFFER_WAIT 1
-+
-+#define VIRTQUEUE_NR 2
-+#define VQ_TX 0
-+#define VQ_RX 1
-+
-+#define VRING_DESCRIPTORS 16
-+#define VRING_ALIGN 4
-+
-+#define container_of(ptr, type, member) \
-+ ((type *)((char *)(ptr) - (unsigned long)(&((type *)0)->member)))
-+
-+struct openamp_virtio_shm {
-+ uintptr_t base_addr;
-+ size_t size;
-+ uintptr_t vdev_status;
-+ size_t vdev_status_size;
-+ uintptr_t payload_addr;
-+ size_t payload_size;
-+ uintptr_t vring_tx;
-+ size_t vring_tx_size;
-+ uintptr_t vring_rx;
-+ size_t vring_rx_size;
-+
-+ metal_phys_addr_t shm_physmap[OPENAMP_SHEM_PHYS_PAGES];
-+};
-+
-+struct openamp_virtio_metal {
-+ struct metal_spinlock lock;
-+ struct metal_device shm_dev;
-+ struct metal_device *io_dev;
-+
-+ struct metal_io_region *io;
-+ struct openamp_virtio_shm shm;
-+};
-+
-+struct openamp_virtio_device {
-+ struct virtio_device virtio_dev;
-+ struct virtqueue *vq[VIRTQUEUE_NR];
-+ struct virtio_vring_info rvrings[VIRTQUEUE_NR];
-+};
-+
-+struct openamp_virtio_rpmsg {
-+ struct rpmsg_virtio_device rpmsg_vdev;
-+ struct rpmsg_endpoint ep;
-+ uint8_t *req_buf;
-+ uint32_t req_len;
-+ uint8_t *resp_buf;
-+ size_t resp_len;
-+};
-+
-+struct openamp_virtio {
-+ struct openamp_caller *openamp;
-+ struct openamp_virtio_rpmsg rpmsg;
-+ struct openamp_virtio_device vdev;
-+ struct openamp_virtio_metal metal;
-+};
-+
-+static struct openamp_virtio *openamp_virtio_from_dev(struct virtio_device *vdev)
-+{
-+ struct openamp_virtio_device *openamp_vdev;
-+
-+ openamp_vdev = container_of(vdev, struct openamp_virtio_device,
-+ virtio_dev);
-+
-+ return container_of(openamp_vdev, struct openamp_virtio, vdev);
-+}
-+
-+static struct openamp_virtio_rpmsg *openamp_virtio_rpmsg_from_dev(struct rpmsg_device *rdev)
-+{
-+ struct rpmsg_virtio_device *rvdev;
-+
-+ rvdev = container_of(rdev, struct rpmsg_virtio_device, rdev);
-+
-+ return container_of(rvdev, struct openamp_virtio_rpmsg, rpmsg_vdev);
-+
-+}
-+
-+static void openamp_virtio_metal_device_setup(struct metal_device *shm_dev,
-+ struct openamp_virtio_shm *shm)
-+{
-+ struct metal_io_region *shm_region;
-+
-+ shm_region = &shm_dev->regions[0];
-+
-+ shm_dev->name = OPENAMP_SHEM_DEVICE_NAME;
-+ shm_dev->num_regions = 1;
-+
-+ shm_region->virt = (void *)shm->payload_addr;
-+ shm_region->size = shm->payload_size;
-+
-+ shm_region->physmap = &shm->shm_physmap;
-+ shm_region->page_shift = (metal_phys_addr_t)(-1);
-+ shm_region->page_mask = (metal_phys_addr_t)(-1);
-+}
-+
-+static int openamp_virtio_metal_init(struct openamp_virtio_metal *metal)
-+{
-+ struct metal_init_params params = METAL_INIT_DEFAULTS;
-+ struct metal_device *shm_dev = &metal->shm_dev;
-+ int ret;
-+
-+ openamp_virtio_metal_device_setup(shm_dev, &metal->shm);
-+
-+ metal_spinlock_init(&metal->lock);
-+
-+ ret = metal_init(¶ms);
-+ if (ret < 0)
-+ return ret;
-+
-+ ret = metal_register_generic_device(shm_dev);
-+ if (ret < 0)
-+ goto metal_finish;
-+
-+ ret = metal_device_open("generic", OPENAMP_SHEM_DEVICE_NAME,
-+ &metal->io_dev);
-+ if (ret < 0)
-+ goto metal_finish;
-+
-+ metal->io = metal_device_io_region(metal->io_dev, 0);
-+ if (!metal->io) {
-+ EMSG("openamp: virtio: failed to init metal io");
-+ ret = -EPROTO;
-+ goto metal_finish;
-+ }
-+
-+ return 0;
-+
-+metal_finish:
-+ metal_finish();
-+ return ret;
-+}
-+
-+static unsigned char openamp_virtio_status_get(struct virtio_device *vdev)
-+{
-+ struct openamp_virtio *virtio = openamp_virtio_from_dev(vdev);
-+ struct openamp_virtio_shm *shm = &virtio->metal.shm;
-+
-+ uint32_t status = *(volatile uint32_t *)shm->vdev_status;
-+
-+ return status;
-+}
-+
-+static void openamp_virtio_status_set(struct virtio_device *vdev,
-+ unsigned char status)
-+{
-+ struct openamp_virtio *virtio = openamp_virtio_from_dev(vdev);
-+ struct openamp_virtio_shm *shm = &virtio->metal.shm;
-+
-+ *(volatile uint32_t *)shm->vdev_status = status;
-+}
-+
-+static int count;
-+
-+static uint32_t openamp_virtio_features_get(struct virtio_device *vdev)
-+{
-+ return 1 << VIRTIO_RPMSG_F_NS;
-+}
-+
-+static void openamp_virtio_notify(struct virtqueue *vq)
-+{
-+ struct openamp_virtio_device *openamp_vdev;
-+ struct openamp_caller *openamp;
-+ struct openamp_virtio *virtio;
-+ int ret;
-+
-+ openamp_vdev = container_of(vq->vq_dev, struct openamp_virtio_device, virtio_dev);
-+ virtio = container_of(openamp_vdev, struct openamp_virtio, vdev);
-+ openamp = virtio->openamp;
-+
-+ ret = openamp->platform_ops->transport_notify(openamp);
-+ if (ret < 0)
-+ EMSG("openamp: virtio: erro in transport_notify: %d", ret);
-+}
-+
-+const static struct virtio_dispatch openamp_virtio_dispatch = {
-+ .get_status = openamp_virtio_status_get,
-+ .set_status = openamp_virtio_status_set,
-+ .get_features = openamp_virtio_features_get,
-+ .notify = openamp_virtio_notify,
-+};
-+
-+static int openamp_virtio_device_setup(struct openamp_virtio *virtio)
-+{
-+ struct openamp_virtio_metal *metal = &virtio->metal;
-+ struct openamp_virtio_device *openamp_vdev = &virtio->vdev;
-+ struct virtio_device *vdev = &openamp_vdev->virtio_dev;
-+ struct openamp_virtio_shm *shm = &metal->shm;
-+ struct virtio_vring_info *rvring;
-+
-+ rvring = &openamp_vdev->rvrings[0];
-+
-+ vdev->role = RPMSG_REMOTE;
-+ vdev->vrings_num = VIRTQUEUE_NR;
-+ vdev->func = &openamp_virtio_dispatch;
-+
-+ openamp_vdev->vq[VQ_TX] = virtqueue_allocate(VRING_DESCRIPTORS);
-+ if (!openamp_vdev->vq[VQ_TX]) {
-+ EMSG("openamp: virtio: failed to allocate virtqueue 0");
-+ return -ENOMEM;
-+ }
-+ rvring->io = metal->io;
-+ rvring->info.vaddr = (void *)shm->vring_tx;
-+ rvring->info.num_descs = VRING_DESCRIPTORS;
-+ rvring->info.align = VRING_ALIGN;
-+ rvring->vq = openamp_vdev->vq[VQ_TX];
-+
-+ openamp_vdev->vq[VQ_RX] = virtqueue_allocate(VRING_DESCRIPTORS);
-+ if (!openamp_vdev->vq[VQ_RX]) {
-+ EMSG("openamp: virtio: failed to allocate virtqueue 1");
-+ goto free_vq;
-+ }
-+ rvring = &openamp_vdev->rvrings[VQ_RX];
-+ rvring->io = metal->io;
-+ rvring->info.vaddr = (void *)shm->vring_rx;
-+ rvring->info.num_descs = VRING_DESCRIPTORS;
-+ rvring->info.align = VRING_ALIGN;
-+ rvring->vq = openamp_vdev->vq[VQ_RX];
-+
-+ vdev->vrings_info = &openamp_vdev->rvrings[0];
-+
-+ return 0;
-+
-+free_vq:
-+ virtqueue_free(openamp_vdev->vq[VQ_TX]);
-+ virtqueue_free(openamp_vdev->vq[VQ_RX]);
-+
-+ return -ENOMEM;
-+}
-+
-+static int openamp_virtio_rpmsg_endpoint_callback(struct rpmsg_endpoint *ep,
-+ void *data, size_t len,
-+ uint32_t src, void *priv)
-+{
-+ struct openamp_virtio_rpmsg *vrpmsg;
-+ struct rpmsg_device *rdev;
-+ struct openamp_virtio *virtio;
-+
-+ rdev = ep->rdev;
-+ vrpmsg = openamp_virtio_rpmsg_from_dev(rdev);
-+ virtio = container_of(vrpmsg, struct openamp_virtio, rpmsg);
-+
-+ rpmsg_hold_rx_buffer(ep, data);
-+ vrpmsg->resp_buf = data;
-+ vrpmsg->resp_len = len;
-+
-+ return 0;
-+}
-+
-+static void openamp_virtio_rpmsg_service_unbind(struct rpmsg_endpoint *ep)
-+{
-+ struct openamp_virtio_rpmsg *vrpmsg;
-+ struct rpmsg_device *rdev;
-+
-+ rdev = container_of(ep, struct rpmsg_device, ns_ept);
-+ vrpmsg = openamp_virtio_rpmsg_from_dev(rdev);
-+
-+ rpmsg_destroy_ept(&vrpmsg->ep);
-+}
-+
-+static void openamp_virtio_rpmsg_endpoint_bind(struct rpmsg_device *rdev,
-+ const char *name,
-+ unsigned int dest)
-+{
-+ struct openamp_virtio_rpmsg *vrpmsg;
-+
-+ vrpmsg = openamp_virtio_rpmsg_from_dev(rdev);
-+
-+ rpmsg_create_ept(&vrpmsg->ep, rdev, name, RPMSG_ADDR_ANY, dest,
-+ openamp_virtio_rpmsg_endpoint_callback,
-+ openamp_virtio_rpmsg_service_unbind);
-+}
-+
-+static int openamp_virtio_rpmsg_device_setup(struct openamp_virtio *virtio,
-+ struct device_region *virtio_dev)
-+{
-+ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg;
-+ struct rpmsg_virtio_device *rpmsg_vdev = &vrpmsg->rpmsg_vdev;
-+ struct openamp_virtio_device *openamp_vdev = &virtio->vdev;
-+ struct virtio_device *vdev = &openamp_vdev->virtio_dev;
-+ struct openamp_virtio_metal *metal = &virtio->metal;
-+ int ret;
-+
-+ /*
-+ * we assume here that we are the client side and do not need to
-+ * initialize the share memory poll (this is done at server side).
-+ */
-+ ret = rpmsg_init_vdev(rpmsg_vdev, vdev,
-+ openamp_virtio_rpmsg_endpoint_bind, metal->io,
-+ NULL);
-+ if (ret < 0) {
-+ EMSG("openamp: virtio: init vdev failed: %d", ret);
-+ return ret;
-+ }
-+
-+
-+ ret = rpmsg_create_ept(&vrpmsg->ep, &rpmsg_vdev->rdev,
-+ OPENAMP_RPMSG_ENDPOINT_NAME, RPMSG_ADDR_ANY,
-+ RPMSG_ADDR_ANY,
-+ openamp_virtio_rpmsg_endpoint_callback,
-+ openamp_virtio_rpmsg_service_unbind);
-+ if (ret < 0) {
-+ EMSG("openamp: virtio: failed to create endpoint: %d", ret);
-+ return ret;
-+ }
-+
-+ /* set default remote addr */
-+ vrpmsg->ep.dest_addr = OPENAMP_RPMSG_ENDPOINT_ADDR;
-+
-+ return 0;
-+}
-+
-+static void openamp_virtio_shm_set(struct openamp_virtio *virtio,
-+ struct device_region *virtio_region)
-+{
-+ struct openamp_virtio_shm *shm = &virtio->metal.shm;
-+
-+ shm->base_addr = virtio_region->base_addr;
-+ shm->size = virtio_region->io_region_size;
-+
-+ shm->vdev_status = shm->base_addr;
-+ shm->vdev_status_size = OPENAMP_SHEM_VDEV_SIZE;
-+
-+ shm->vring_rx = shm->base_addr + shm->size -
-+ (2 * OPENAMP_SHEM_VRING_SIZE);
-+ shm->vring_rx_size = OPENAMP_SHEM_VRING_SIZE;
-+
-+ shm->vring_tx = shm->vring_rx + shm->vring_rx_size;
-+ shm->vring_tx_size = OPENAMP_SHEM_VRING_SIZE;
-+
-+ shm->payload_addr = shm->vdev_status + shm->vdev_status_size;
-+ shm->payload_size = shm->size - shm->vdev_status_size -
-+ shm->vring_rx_size - shm->vring_tx_size;
-+
-+ shm->shm_physmap[0] = OPENAMP_SHEM_PHYS + shm->vdev_status_size;
-+
-+ IMSG("SHEM: base: 0x%0x size: 0x%0x size: %d",
-+ shm->base_addr, shm->size, shm->size);
-+ IMSG("VDEV: base: 0x%0x size: 0x%0x size: %d",
-+ shm->vdev_status, shm->vdev_status_size, shm->vdev_status_size);
-+ IMSG("PAYLOAD: base: 0x%0x size: 0x%0x size: %d",
-+ shm->payload_addr, shm->payload_size, shm->payload_size);
-+ IMSG("VRING_TX: base: 0x%0x size: 0x%0x size: %d",
-+ shm->vring_tx, shm->vring_tx_size, shm->vring_tx_size);
-+ IMSG("VRING_RX: base: 0x%0x size: 0x%0x size: %d",
-+ shm->vring_rx, shm->vring_rx_size, shm->vring_rx_size);
-+ IMSG("PHYMAP: base: 0x%0x", shm->shm_physmap[0]);
-+}
-+
-+static int openamp_virtio_device_get(const char *dev,
-+ struct device_region *dev_region)
-+{
-+ bool found;
-+
-+ found = config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION, dev, 0,
-+ dev_region, sizeof(*dev_region));
-+ if (!found) {
-+ EMSG("openamp: virtio: device region not found: %s", dev);
-+ return -EINVAL;
-+ }
-+
-+ if (dev_region->base_addr == 0 || dev_region->io_region_size == 0) {
-+ EMSG("openamp: virtio: device region not valid");
-+ return -EINVAL;
-+ }
-+
-+ IMSG("openamp: virtio: device region found: %s addr: 0x%x size: %d",
-+ dev, dev_region->base_addr, dev_region->io_region_size);
-+
-+ return 0;
-+}
-+
-+int openamp_virtio_call_begin(struct openamp_caller *openamp, uint8_t **req_buf,
-+ size_t req_len)
-+{
-+ struct openamp_virtio *virtio = openamp->platform;
-+ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg;
-+ struct rpmsg_endpoint *ep = &vrpmsg->ep;
-+
-+
-+ *req_buf = rpmsg_get_tx_payload_buffer(ep, &vrpmsg->req_len,
-+ OPENAMP_BUFFER_WAIT);
-+ if (*req_buf == NULL)
-+ return -EINVAL;
-+
-+ if (vrpmsg->req_len < req_len)
-+ return -E2BIG;
-+
-+ vrpmsg->req_buf = *req_buf;
-+
-+ return 0;
-+}
-+
-+int openamp_virtio_call_invoke(struct openamp_caller *openamp, int *opstatus,
-+ uint8_t **resp_buf, size_t *resp_len)
-+{
-+ const struct openamp_platform_ops *ops = openamp->platform_ops;
-+ struct openamp_virtio *virtio = openamp->platform;
-+ struct openamp_virtio_device *openamp_vdev = &virtio->vdev;
-+ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg;
-+ struct rpmsg_endpoint *ep = &vrpmsg->ep;
-+ int ret;
-+
-+ ret = rpmsg_send_nocopy(ep, vrpmsg->req_buf, vrpmsg->req_len);
-+ if (ret < 0) {
-+ EMSG("openamp: virtio: send nocopy failed: %d", ret);
-+ return -EIO;
-+ }
-+
-+ if (ret != vrpmsg->req_len) {
-+ EMSG("openamp: virtio: send less bytes %d than requested %d",
-+ ret, vrpmsg->req_len);
-+ return -EIO;
-+ }
-+
-+ if (!ops->transport_receive)
-+ return 0;
-+
-+ ret = ops->transport_receive(openamp);
-+ if (ret < 0) {
-+ EMSG("openamp: virtio: failed transport_receive");
-+ return -EIO;
-+ }
-+
-+ virtqueue_notification(openamp_vdev->vq[VQ_RX]);
-+
-+ *resp_buf = vrpmsg->resp_buf;
-+ *resp_len = vrpmsg->resp_len;
-+
-+ return 0;
-+}
-+
-+void openamp_virtio_call_end(struct openamp_caller *openamp)
-+{
-+ struct openamp_virtio *virtio = openamp->platform;
-+ struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg;
-+
-+ rpmsg_release_rx_buffer(&vrpmsg->ep, vrpmsg->resp_buf);
-+
-+ vrpmsg->req_buf = NULL;
-+ vrpmsg->req_len = 0;
-+ vrpmsg->resp_buf = NULL;
-+ vrpmsg->resp_len = 0;
-+}
-+
-+void *openamp_virtio_virt_to_phys(struct openamp_caller *openamp, void *va)
-+{
-+ struct openamp_virtio *virtio = openamp->platform;
-+ struct openamp_virtio_metal *metal = &virtio->metal;
-+
-+ return metal_io_virt_to_phys(metal->io, va);
-+}
-+
-+void *openamp_virtio_phys_to_virt(struct openamp_caller *openamp, void *pa)
-+{
-+ struct openamp_virtio *virtio = openamp->platform;
-+ struct openamp_virtio_metal *metal = &virtio->metal;
-+
-+ return metal_io_phys_to_virt(metal->io, pa);
-+}
-+
-+int openamp_virtio_init(struct openamp_caller *openamp)
-+{
-+ struct device_region virtio_dev;
-+ struct openamp_virtio *virtio;
-+ int ret;
-+
-+ if (openamp->platform)
-+ return 0;
-+
-+
-+ virtio = malloc(sizeof(*virtio));
-+ if (!virtio)
-+ return -ENOMEM;
-+
-+ virtio->openamp = openamp;
-+
-+ ret = openamp_virtio_device_get(OPENAMP_SHEM_DEVICE_NAME, &virtio_dev);
-+ if (ret < 0)
-+ goto free_virtio;
-+
-+ openamp_virtio_shm_set(virtio, &virtio_dev);
-+
-+ ret = openamp_virtio_metal_init(&virtio->metal);
-+ if (ret < 0)
-+ goto free_virtio;
-+
-+ ret = openamp_virtio_device_setup(virtio);
-+ if (ret < 0)
-+ goto finish_metal;
-+
-+ ret = openamp_virtio_rpmsg_device_setup(virtio, &virtio_dev);
-+ if (ret < 0) {
-+ EMSG("openamp: virtio: rpmsg device setup failed: %d", ret);
-+ goto finish_metal;
-+ }
-+
-+ openamp->platform = virtio;
-+
-+ return 0;
-+
-+finish_metal:
-+ metal_finish();
-+
-+free_virtio:
-+ free(virtio);
-+
-+ return ret;
-+}
-+
-+int openamp_virtio_deinit(struct openamp_caller *openamp)
-+{
-+ struct openamp_virtio *virtio;
-+
-+ if (!openamp->platform)
-+ return 0;
-+
-+ virtio = openamp->platform;
-+
-+ metal_finish();
-+ free(virtio);
-+
-+ openamp->platform = NULL;
-+
-+ return 0;
-+}
-diff --git a/components/rpc/openamp/caller/sp/openamp_virtio.h b/components/rpc/openamp/caller/sp/openamp_virtio.h
-new file mode 100644
-index 000000000000..915128ff65ce
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_virtio.h
-@@ -0,0 +1,24 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+#ifndef OPENAMP_VIRTIO_H
-+#define OPENAMP_VIRTIO_H
-+
-+#include <stddef.h>
-+#include "openamp_caller.h"
-+
-+int openamp_virtio_call_begin(struct openamp_caller *openamp, uint8_t **req_buf,
-+ size_t req_len);
-+int openamp_virtio_call_invoke(struct openamp_caller *openamp, int *opstatus,
-+ uint8_t **resp_buf, size_t *resp_len);
-+int openamp_virtio_call_end(struct openamp_caller *openamp);
-+void *openamp_virtio_virt_to_phys(struct openamp_caller *openamp, void *va);
-+void *openamp_virtio_phys_to_virt(struct openamp_caller *openamp, void *pa);
-+
-+int openamp_virtio_init(struct openamp_caller *openamp);
-+int openamp_virtio_deinit(struct openamp_caller *openamp);
-+
-+#endif
-diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-index 267b4f923540..04c181586b06 100644
---- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-+++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-@@ -32,5 +32,11 @@
- pages-count = <16>;
- attributes = <0x3>; /* read-write */
- };
-+ openamp-virtio {
-+ /* Armv8 A Foundation Platform values */
-+ base-address = <0x00000000 0x88000000>;
-+ pages-count = <256>;
-+ attributes = <0x3>; /* read-write */
-+ };
- };
- };
-diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
-index d39873a0fe81..34fe5ff1b925 100644
---- a/deployments/se-proxy/se-proxy.cmake
-+++ b/deployments/se-proxy/se-proxy.cmake
-@@ -47,6 +47,7 @@ add_components(TARGET "se-proxy"
- "components/service/attestation/include"
- "components/service/attestation/provider"
- "components/service/attestation/provider/serializer/packed-c"
-+ "components/rpc/openamp/caller/sp"
-
- # Stub service provider backends
- "components/rpc/dummy"
---
-2.38.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch
similarity index 99%
rename from meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch
rename to meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch
index ce40df0..3d743d2 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch
@@ -1,7 +1,7 @@
-From 70cf374fb55f2d62ecbe28049253df33b42b6749 Mon Sep 17 00:00:00 2001
+From 5c8ac10337ac853d8a82992fb6e1d91b122b99d2 Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Fri, 8 Jul 2022 09:48:06 +0100
-Subject: [PATCH 20/20] FMP Support in Corstone1000.
+Subject: [PATCH 3/6] FMP Support in Corstone1000.
The FMP support is used by u-boot to pupolate ESRT information
for the kernel.
@@ -414,5 +414,5 @@
+
+#endif /* CORSTONE1000_FMP_SERVICE_H */
--
-2.38.1
+2.40.0
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch
deleted file mode 100644
index 84d418c..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch
+++ /dev/null
@@ -1,298 +0,0 @@
-From fb6d2f33e26c7b6ef88d552feca1f835da3f0df6 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 19:05:18 +0000
-Subject: [PATCH 04/20] add psa client definitions for ff-m
-
-Add PSA client definitions in common include to add future
-ff-m support.
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../service/common/include/psa/client.h | 194 ++++++++++++++++++
- components/service/common/include/psa/sid.h | 71 +++++++
- 2 files changed, 265 insertions(+)
- create mode 100644 components/service/common/include/psa/client.h
- create mode 100644 components/service/common/include/psa/sid.h
-
-diff --git a/components/service/common/include/psa/client.h b/components/service/common/include/psa/client.h
-new file mode 100644
-index 000000000000..69ccf14f40a3
---- /dev/null
-+++ b/components/service/common/include/psa/client.h
-@@ -0,0 +1,194 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef SERVICE_PSA_IPC_H
-+#define SERVICE_PSA_IPC_H
-+
-+#include <stddef.h>
-+#include <stdint.h>
-+
-+#include <rpc_caller.h>
-+#include <psa/error.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+#ifndef IOVEC_LEN
-+#define IOVEC_LEN(arr) ((uint32_t)(sizeof(arr)/sizeof(arr[0])))
-+#endif
-+
-+/*********************** PSA Client Macros and Types *************************/
-+
-+typedef int32_t psa_handle_t;
-+
-+/**
-+ * The version of the PSA Framework API that is being used to build the calling
-+ * firmware. Only part of features of FF-M v1.1 have been implemented. FF-M v1.1
-+ * is compatible with v1.0.
-+ */
-+#define PSA_FRAMEWORK_VERSION (0x0101u)
-+
-+/**
-+ * Return value from psa_version() if the requested RoT Service is not present
-+ * in the system.
-+ */
-+#define PSA_VERSION_NONE (0u)
-+
-+/**
-+ * The zero-value null handle can be assigned to variables used in clients and
-+ * RoT Services, indicating that there is no current connection or message.
-+ */
-+#define PSA_NULL_HANDLE ((psa_handle_t)0)
-+
-+/**
-+ * Tests whether a handle value returned by psa_connect() is valid.
-+ */
-+#define PSA_HANDLE_IS_VALID(handle) ((psa_handle_t)(handle) > 0)
-+
-+/**
-+ * Converts the handle value returned from a failed call psa_connect() into
-+ * an error code.
-+ */
-+#define PSA_HANDLE_TO_ERROR(handle) ((psa_status_t)(handle))
-+
-+/**
-+ * Maximum number of input and output vectors for a request to psa_call().
-+ */
-+#define PSA_MAX_IOVEC (4u)
-+
-+/**
-+ * An IPC message type that indicates a generic client request.
-+ */
-+#define PSA_IPC_CALL (0)
-+
-+/**
-+ * A read-only input memory region provided to an RoT Service.
-+ */
-+struct __attribute__ ((__packed__)) psa_invec {
-+ uint32_t base; /*!< the start address of the memory buffer */
-+ uint32_t len; /*!< the size in bytes */
-+};
-+
-+/**
-+ * A writable output memory region provided to an RoT Service.
-+ */
-+struct __attribute__ ((__packed__)) psa_outvec {
-+ uint32_t base; /*!< the start address of the memory buffer */
-+ uint32_t len; /*!< the size in bytes */
-+};
-+
-+/*************************** PSA Client API **********************************/
-+
-+/**
-+ * \brief Retrieve the version of the PSA Framework API that is implemented.
-+ *
-+ * \param[in] rpc_caller RPC caller to use
-+ * \return version The version of the PSA Framework implementation
-+ * that is providing the runtime services to the
-+ * caller. The major and minor version are encoded
-+ * as follows:
-+ * \arg version[15:8] -- major version number.
-+ * \arg version[7:0] -- minor version number.
-+ */
-+uint32_t psa_framework_version(struct rpc_caller *caller);
-+
-+/**
-+ * \brief Retrieve the version of an RoT Service or indicate that it is not
-+ * present on this system.
-+ *
-+ * \param[in] rpc_caller RPC caller to use
-+ * \param[in] sid ID of the RoT Service to query.
-+ *
-+ * \retval PSA_VERSION_NONE The RoT Service is not implemented, or the
-+ * caller is not permitted to access the service.
-+ * \retval > 0 The version of the implemented RoT Service.
-+ */
-+uint32_t psa_version(struct rpc_caller *caller, uint32_t sid);
-+
-+/**
-+ * \brief Connect to an RoT Service by its SID.
-+ *
-+ * \param[in] rpc_caller RPC caller to use
-+ * \param[in] sid ID of the RoT Service to connect to.
-+ * \param[in] version Requested version of the RoT Service.
-+ *
-+ * \retval > 0 A handle for the connection.
-+ * \retval PSA_ERROR_CONNECTION_REFUSED The SPM or RoT Service has refused the
-+ * connection.
-+ * \retval PSA_ERROR_CONNECTION_BUSY The SPM or RoT Service cannot make the
-+ * connection at the moment.
-+ * \retval "PROGRAMMER ERROR" The call is a PROGRAMMER ERROR if one or more
-+ * of the following are true:
-+ * \arg The RoT Service ID is not present.
-+ * \arg The RoT Service version is not supported.
-+ * \arg The caller is not allowed to access the RoT
-+ * service.
-+ */
-+psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
-+ uint32_t version);
-+
-+/**
-+ * \brief Call an RoT Service on an established connection.
-+ *
-+ * \note FF-M 1.0 proposes 6 parameters for psa_call but the secure gateway ABI
-+ * support at most 4 parameters. TF-M chooses to encode 'in_len',
-+ * 'out_len', and 'type' into a 32-bit integer to improve efficiency.
-+ * Compared with struct-based encoding, this method saves extra memory
-+ * check and memory copy operation. The disadvantage is that the 'type'
-+ * range has to be reduced into a 16-bit integer. So with this encoding,
-+ * the valid range for 'type' is 0-32767.
-+ *
-+ * \param[in] rpc_caller RPC caller to use
-+ * \param[in] handle A handle to an established connection.
-+ * \param[in] type The request type.
-+ * Must be zero( \ref PSA_IPC_CALL) or positive.
-+ * \param[in] in_vec Array of input \ref psa_invec structures.
-+ * \param[in] in_len Number of input \ref psa_invec structures.
-+ * \param[in,out] out_vec Array of output \ref psa_outvec structures.
-+ * \param[in] out_len Number of output \ref psa_outvec structures.
-+ *
-+ * \retval >=0 RoT Service-specific status value.
-+ * \retval <0 RoT Service-specific error code.
-+ * \retval PSA_ERROR_PROGRAMMER_ERROR The connection has been terminated by the
-+ * RoT Service. The call is a PROGRAMMER ERROR if
-+ * one or more of the following are true:
-+ * \arg An invalid handle was passed.
-+ * \arg The connection is already handling a request.
-+ * \arg type < 0.
-+ * \arg An invalid memory reference was provided.
-+ * \arg in_len + out_len > PSA_MAX_IOVEC.
-+ * \arg The message is unrecognized by the RoT
-+ * Service or incorrectly formatted.
-+ */
-+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle,
-+ int32_t type, const struct psa_invec *in_vec,
-+ size_t in_len, struct psa_outvec *out_vec, size_t out_len);
-+
-+/**
-+ * \brief Close a connection to an RoT Service.
-+ *
-+ * \param[in] rpc_caller RPC caller to use
-+ * \param[in] handle A handle to an established connection, or the
-+ * null handle.
-+ *
-+ * \retval void Success.
-+ * \retval "PROGRAMMER ERROR" The call is a PROGRAMMER ERROR if one or more
-+ * of the following are true:
-+ * \arg An invalid handle was provided that is not
-+ * the null handle.
-+ * \arg The connection is currently handling a
-+ * request.
-+ */
-+void psa_close(struct rpc_caller *caller, psa_handle_t handle);
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* SERVICE_PSA_IPC_H */
-+
-+
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-new file mode 100644
-index 000000000000..aaa973c6e987
---- /dev/null
-+++ b/components/service/common/include/psa/sid.h
-@@ -0,0 +1,71 @@
-+/*
-+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ *
-+ */
-+
-+#ifndef __PSA_MANIFEST_SID_H__
-+#define __PSA_MANIFEST_SID_H__
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/******** TFM_SP_PS ********/
-+#define TFM_PROTECTED_STORAGE_SERVICE_SID (0x00000060U)
-+#define TFM_PROTECTED_STORAGE_SERVICE_VERSION (1U)
-+#define TFM_PROTECTED_STORAGE_SERVICE_HANDLE (0x40000101U)
-+
-+/* Invalid UID */
-+#define TFM_PS_INVALID_UID 0
-+
-+/* PS message types that distinguish PS services. */
-+#define TFM_PS_SET 1001
-+#define TFM_PS_GET 1002
-+#define TFM_PS_GET_INFO 1003
-+#define TFM_PS_REMOVE 1004
-+#define TFM_PS_GET_SUPPORT 1005
-+
-+/******** TFM_SP_ITS ********/
-+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SID (0x00000070U)
-+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_VERSION (1U)
-+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE (0x40000102U)
-+
-+/******** TFM_SP_CRYPTO ********/
-+#define TFM_CRYPTO_SID (0x00000080U)
-+#define TFM_CRYPTO_VERSION (1U)
-+#define TFM_CRYPTO_HANDLE (0x40000100U)
-+
-+/******** TFM_SP_PLATFORM ********/
-+#define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U)
-+#define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U)
-+#define TFM_SP_PLATFORM_IOCTL_SID (0x00000041U)
-+#define TFM_SP_PLATFORM_IOCTL_VERSION (1U)
-+#define TFM_SP_PLATFORM_NV_COUNTER_SID (0x00000042U)
-+#define TFM_SP_PLATFORM_NV_COUNTER_VERSION (1U)
-+
-+/******** TFM_SP_INITIAL_ATTESTATION ********/
-+#define TFM_ATTESTATION_SERVICE_SID (0x00000020U)
-+#define TFM_ATTESTATION_SERVICE_VERSION (1U)
-+#define TFM_ATTESTATION_SERVICE_HANDLE (0x40000103U)
-+
-+/******** TFM_SP_FWU ********/
-+#define TFM_FWU_WRITE_SID (0x000000A0U)
-+#define TFM_FWU_WRITE_VERSION (1U)
-+#define TFM_FWU_INSTALL_SID (0x000000A1U)
-+#define TFM_FWU_INSTALL_VERSION (1U)
-+#define TFM_FWU_ABORT_SID (0x000000A2U)
-+#define TFM_FWU_ABORT_VERSION (1U)
-+#define TFM_FWU_QUERY_SID (0x000000A3U)
-+#define TFM_FWU_QUERY_VERSION (1U)
-+#define TFM_FWU_REQUEST_REBOOT_SID (0x000000A4U)
-+#define TFM_FWU_REQUEST_REBOOT_VERSION (1U)
-+#define TFM_FWU_ACCEPT_SID (0x000000A5U)
-+#define TFM_FWU_ACCEPT_VERSION (1U)
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* __PSA_MANIFEST_SID_H__ */
---
-2.38.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch
deleted file mode 100644
index df3cb2f..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch
+++ /dev/null
@@ -1,295 +0,0 @@
-From 0311fc8f131fe7a2b0f4dd9988c610fda47394aa Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 19:13:03 +0000
-Subject: [PATCH 05/20] Add common service component to ipc support
-
-Add support for inter processor communication for PSA
-including, the openamp client side structures lib.
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../service/common/psa_ipc/component.cmake | 13 ++
- .../service/common/psa_ipc/service_psa_ipc.c | 97 +++++++++++++
- .../psa_ipc/service_psa_ipc_openamp_lib.h | 131 ++++++++++++++++++
- deployments/se-proxy/se-proxy.cmake | 1 +
- 4 files changed, 242 insertions(+)
- create mode 100644 components/service/common/psa_ipc/component.cmake
- create mode 100644 components/service/common/psa_ipc/service_psa_ipc.c
- create mode 100644 components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h
-
-diff --git a/components/service/common/psa_ipc/component.cmake b/components/service/common/psa_ipc/component.cmake
-new file mode 100644
-index 000000000000..5a1c9e62e2f0
---- /dev/null
-+++ b/components/service/common/psa_ipc/component.cmake
-@@ -0,0 +1,13 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+ "${CMAKE_CURRENT_LIST_DIR}/service_psa_ipc.c"
-+ )
-diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
-new file mode 100644
-index 000000000000..e8093c20a523
---- /dev/null
-+++ b/components/service/common/psa_ipc/service_psa_ipc.c
-@@ -0,0 +1,97 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <stddef.h>
-+#include <stdint.h>
-+#include <string.h>
-+#include <trace.h>
-+
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <psa/error.h>
-+#include <rpc_caller.h>
-+
-+#include <psa/client.h>
-+#include "service_psa_ipc_openamp_lib.h"
-+
-+psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
-+ uint32_t version)
-+{
-+ psa_status_t psa_status = PSA_SUCCESS;
-+ struct s_openamp_msg *resp_msg = NULL;
-+ struct ns_openamp_msg *req_msg;
-+ rpc_call_handle rpc_handle;
-+ size_t resp_len;
-+ uint8_t *resp;
-+ uint8_t *req;
-+ int ret;
-+
-+ rpc_handle = rpc_caller_begin(caller, &req,
-+ sizeof(struct ns_openamp_msg));
-+ if (!rpc_handle) {
-+ EMSG("psa_connect: could not get handle");
-+ return PSA_ERROR_GENERIC_ERROR;
-+ }
-+
-+ req_msg = (struct ns_openamp_msg *)req;
-+
-+ req_msg->call_type = OPENAMP_PSA_CONNECT;
-+ req_msg->params.psa_connect_params.sid = sid;
-+ req_msg->params.psa_connect_params.version = version;
-+
-+ ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
-+ &resp_len);
-+ if (ret != TS_RPC_CALL_ACCEPTED) {
-+ EMSG("psa_connect: invoke failed: %d", ret);
-+ return PSA_ERROR_GENERIC_ERROR;
-+ }
-+
-+ if (psa_status == PSA_SUCCESS)
-+ resp_msg = (struct s_openamp_msg *)resp;
-+
-+ rpc_caller_end(caller, rpc_handle);
-+
-+ return resp_msg ? (psa_handle_t)resp_msg->reply : PSA_NULL_HANDLE;
-+}
-+
-+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle,
-+ int32_t type, const struct psa_invec *in_vec,
-+ size_t in_len, struct psa_outvec *out_vec, size_t out_len)
-+{
-+
-+}
-+
-+void psa_close(struct rpc_caller *caller, psa_handle_t handle)
-+{
-+ psa_status_t psa_status = PSA_SUCCESS;
-+ struct s_openamp_msg *resp_msg = NULL;
-+ struct ns_openamp_msg *req_msg;
-+ rpc_call_handle rpc_handle;
-+ size_t resp_len;
-+ uint8_t *resp;
-+ uint8_t *req;
-+ int ret;
-+
-+ rpc_handle = rpc_caller_begin(caller, &req,
-+ sizeof(struct ns_openamp_msg));
-+ if (!rpc_handle) {
-+ EMSG("psa_close: could not get handle");
-+ return;
-+ }
-+
-+ req_msg = (struct ns_openamp_msg *)req;
-+
-+ req_msg->call_type = OPENAMP_PSA_CLOSE;
-+ req_msg->params.psa_close_params.handle = handle;
-+
-+ ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
-+ &resp_len);
-+ if (ret != TS_RPC_CALL_ACCEPTED) {
-+ EMSG("psa_close: invoke failed: %d", ret);
-+ return;
-+ }
-+
-+ rpc_caller_end(caller, rpc_handle);
-+}
-diff --git a/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h b/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h
-new file mode 100644
-index 000000000000..33ea96660572
---- /dev/null
-+++ b/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h
-@@ -0,0 +1,131 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef SERVICE_PSA_IPC_OPENAMP_LIB_H
-+#define SERVICE_PSA_IPC_OPENAMP_LIB_H
-+
-+#include <stddef.h>
-+#include <stdint.h>
-+
-+#include <compiler.h>
-+#include <psa/error.h>
-+
-+#include <stdint.h>
-+#include <psa/client.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/* PSA client call type value */
-+#define OPENAMP_PSA_FRAMEWORK_VERSION (0x1)
-+#define OPENAMP_PSA_VERSION (0x2)
-+#define OPENAMP_PSA_CONNECT (0x3)
-+#define OPENAMP_PSA_CALL (0x4)
-+#define OPENAMP_PSA_CLOSE (0x5)
-+
-+/* Return code of openamp APIs */
-+#define OPENAMP_SUCCESS (0)
-+#define OPENAMP_MAP_FULL (INT32_MIN + 1)
-+#define OPENAMP_MAP_ERROR (INT32_MIN + 2)
-+#define OPENAMP_INVAL_PARAMS (INT32_MIN + 3)
-+#define OPENAMP_NO_PERMS (INT32_MIN + 4)
-+#define OPENAMP_NO_PEND_EVENT (INT32_MIN + 5)
-+#define OPENAMP_CHAN_BUSY (INT32_MIN + 6)
-+#define OPENAMP_CALLBACK_REG_ERROR (INT32_MIN + 7)
-+#define OPENAMP_INIT_ERROR (INT32_MIN + 8)
-+
-+#define HOLD_INPUT_BUFFER (1) /* IF true, TF-M Library will hold the openamp
-+ * buffer so that openamp shared memory buffer
-+ * does not get freed.
-+ */
-+
-+/*
-+ * This structure holds the parameters used in a PSA client call.
-+ */
-+typedef struct __packed psa_client_in_params {
-+ union {
-+ struct __packed {
-+ uint32_t sid;
-+ } psa_version_params;
-+
-+ struct __packed {
-+ uint32_t sid;
-+ uint32_t version;
-+ } psa_connect_params;
-+
-+ struct __packed {
-+ psa_handle_t handle;
-+ int32_t type;
-+ uint32_t in_vec;
-+ uint32_t in_len;
-+ uint32_t out_vec;
-+ uint32_t out_len;
-+ } psa_call_params;
-+
-+ struct __packed {
-+ psa_handle_t handle;
-+ } psa_close_params;
-+ };
-+} psa_client_in_params_t;
-+
-+/* Openamp message passed from NSPE to SPE to deliver a PSA client call */
-+struct __packed ns_openamp_msg {
-+ uint32_t call_type; /* PSA client call type */
-+ struct psa_client_in_params params; /* Contain parameters used in PSA
-+ * client call
-+ */
-+
-+ int32_t client_id; /* Optional client ID of the
-+ * non-secure caller.
-+ * It is required to identify the
-+ * non-secure task when NSPE OS
-+ * enforces non-secure task
-+ * isolation
-+ */
-+ int32_t request_id; /* This is the unique ID for a
-+ * request send to TF-M by the
-+ * non-secure core. TF-M forward
-+ * the ID back to non-secure on the
-+ * reply to a given request. Using
-+ * this id, the non-secure library
-+ * can identify the request for
-+ * which the reply has received.
-+ */
-+};
-+
-+/*
-+ * This structure holds the location of the out data of the PSA client call.
-+ */
-+struct __packed psa_client_out_params {
-+ uint32_t out_vec;
-+ uint32_t out_len;
-+};
-+
-+
-+/* Openamp message from SPE to NSPE delivering the reply back for a PSA client
-+ * call.
-+ */
-+struct __packed s_openamp_msg {
-+ int32_t request_id; /* Using this id, the non-secure
-+ * library identifies the request.
-+ * TF-M forwards the same
-+ * request-id received on the
-+ * initial request.
-+ */
-+ int32_t reply; /* Reply of the PSA client call */
-+ struct psa_client_out_params params; /* Contain out data result of the
-+ * PSA client call.
-+ */
-+};
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* SERVICE_PSA_IPC_OPENAMP_LIB_H */
-+
-+
-diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
-index 34fe5ff1b925..dd0c5d00c21e 100644
---- a/deployments/se-proxy/se-proxy.cmake
-+++ b/deployments/se-proxy/se-proxy.cmake
-@@ -24,6 +24,7 @@ add_components(TARGET "se-proxy"
- "components/service/common/include"
- "components/service/common/serializer/protobuf"
- "components/service/common/client"
-+ "components/service/common/psa_ipc"
- "components/service/common/provider"
- "components/service/discovery/provider"
- "components/service/discovery/provider/serializer/packed-c"
---
-2.38.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch
deleted file mode 100644
index 74a8377..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch
+++ /dev/null
@@ -1,523 +0,0 @@
-From ed4371d63cb52c121be9678bc225055944286c30 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 19:19:24 +0000
-Subject: [PATCH 06/20] Add secure storage ipc backend
-
-Add secure storage ipc ff-m implementation which may use
-openamp as rpc to communicate with other processor.
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../service/common/psa_ipc/service_psa_ipc.c | 143 +++++++++++-
- .../secure_storage_ipc/component.cmake | 14 ++
- .../secure_storage_ipc/secure_storage_ipc.c | 214 ++++++++++++++++++
- .../secure_storage_ipc/secure_storage_ipc.h | 52 +++++
- deployments/se-proxy/se-proxy.cmake | 1 +
- 5 files changed, 420 insertions(+), 4 deletions(-)
- create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/component.cmake
- create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
- create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-
-diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
-index e8093c20a523..95a07c135f31 100644
---- a/components/service/common/psa_ipc/service_psa_ipc.c
-+++ b/components/service/common/psa_ipc/service_psa_ipc.c
-@@ -16,6 +16,52 @@
- #include <psa/client.h>
- #include "service_psa_ipc_openamp_lib.h"
-
-+static struct psa_invec *psa_call_in_vec_param(uint8_t *req)
-+{
-+ return (struct psa_invec *)(req + sizeof(struct ns_openamp_msg));
-+}
-+
-+static struct psa_outvec *psa_call_out_vec_param(uint8_t *req, size_t in_len)
-+{
-+ return (struct psa_outvec *)(req + sizeof(struct ns_openamp_msg) +
-+ (in_len * sizeof(struct psa_invec)));
-+}
-+
-+static size_t psa_call_header_len(const struct psa_invec *in_vec, size_t in_len,
-+ struct psa_outvec *out_vec, size_t out_len)
-+{
-+ return sizeof(struct ns_openamp_msg) + (in_len * sizeof(*in_vec)) +
-+ (out_len * sizeof(*out_vec));
-+}
-+
-+static size_t psa_call_in_vec_len(const struct psa_invec *in_vec, size_t in_len)
-+{
-+ size_t req_len = 0;
-+ int i;
-+
-+ if (!in_vec || !in_len)
-+ return 0;
-+
-+ for (i = 0; i < in_len; i++)
-+ req_len += in_vec[i].len;
-+
-+ return req_len;
-+}
-+
-+static size_t psa_call_out_vec_len(const struct psa_outvec *out_vec, size_t out_len)
-+{
-+ size_t resp_len = 0;
-+ int i;
-+
-+ if (!out_vec || !out_len)
-+ return 0;
-+
-+ for (i = 0; i < out_len; i++)
-+ resp_len += out_vec[i].len;
-+
-+ return resp_len;
-+}
-+
- psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
- uint32_t version)
- {
-@@ -31,7 +77,7 @@ psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
- rpc_handle = rpc_caller_begin(caller, &req,
- sizeof(struct ns_openamp_msg));
- if (!rpc_handle) {
-- EMSG("psa_connect: could not get handle");
-+ EMSG("psa_connect: could not get rpc handle");
- return PSA_ERROR_GENERIC_ERROR;
- }
-
-@@ -56,14 +102,100 @@ psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
- return resp_msg ? (psa_handle_t)resp_msg->reply : PSA_NULL_HANDLE;
- }
-
--psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle,
-+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
- int32_t type, const struct psa_invec *in_vec,
- size_t in_len, struct psa_outvec *out_vec, size_t out_len)
- {
-+ psa_status_t psa_status = PSA_SUCCESS;
-+ struct s_openamp_msg *resp_msg = NULL;
-+ struct psa_outvec *out_vec_param;
-+ struct psa_invec *in_vec_param;
-+ struct ns_openamp_msg *req_msg;
-+ rpc_call_handle rpc_handle;
-+ size_t out_vec_len;
-+ size_t in_vec_len;
-+ size_t header_len;
-+ uint8_t *payload;
-+ size_t resp_len;
-+ uint8_t *resp;
-+ uint8_t *req;
-+ int ret;
-+ int i;
-+
-+ if ((psa_handle == PSA_NULL_HANDLE) || !caller)
-+ return PSA_ERROR_INVALID_ARGUMENT;
-+
-+ header_len = psa_call_header_len(in_vec, in_len, out_vec, out_len);
-+ in_vec_len = psa_call_in_vec_len(in_vec, in_len);
-+ out_vec_len = psa_call_out_vec_len(out_vec, out_len);
-
-+ rpc_handle = rpc_caller_begin(caller, &req, header_len + in_vec_len);
-+ if (!rpc_handle) {
-+ EMSG("psa_call: could not get handle");
-+ return PSA_ERROR_GENERIC_ERROR;
-+ }
-+
-+ payload = req + header_len;
-+
-+ out_vec_param = psa_call_out_vec_param(req, in_len);
-+ in_vec_param = psa_call_in_vec_param(req);
-+
-+ req_msg = (struct ns_openamp_msg *)req;
-+
-+ req_msg->call_type = OPENAMP_PSA_CALL;
-+ req_msg->request_id = 1234;
-+ req_msg->params.psa_call_params.handle = psa_handle;
-+ req_msg->params.psa_call_params.type = type;
-+ req_msg->params.psa_call_params.in_len = in_len;
-+ req_msg->params.psa_call_params.in_vec = rpc_caller_virt_to_phys(caller, in_vec_param);
-+ req_msg->params.psa_call_params.out_len = out_len;
-+ req_msg->params.psa_call_params.out_vec = rpc_caller_virt_to_phys(caller, out_vec_param);
-+
-+ for (i = 0; i < in_len; i++) {
-+ in_vec_param[i].base = rpc_caller_virt_to_phys(caller, payload);
-+ in_vec_param[i].len = in_vec[i].len;
-+
-+ memcpy(payload, in_vec[i].base, in_vec[i].len);
-+ payload += in_vec[i].len;
-+ }
-+
-+ for (i = 0; i < out_len; i++) {
-+ out_vec_param[i].base = NULL;
-+ out_vec_param[i].len = out_vec[i].len;
-+ }
-+
-+ ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
-+ &resp_len);
-+ if (ret != TS_RPC_CALL_ACCEPTED) {
-+ EMSG("psa_call: invoke failed: %d", ret);
-+ return PSA_ERROR_GENERIC_ERROR;
-+ }
-+
-+ if (psa_status != PSA_SUCCESS) {
-+ EMSG("psa_call: psa_status invoke failed: %d", psa_status);
-+ return PSA_ERROR_GENERIC_ERROR;
-+ }
-+
-+ resp_msg = (struct s_openamp_msg *)resp;
-+
-+ if (!resp_msg || !out_len || resp_msg->reply != PSA_SUCCESS)
-+ goto caller_end;
-+
-+ out_vec_param = (struct psa_outvec *)rpc_caller_phys_to_virt(caller,
-+ resp_msg->params.out_vec);
-+
-+ for (i = 0; i < resp_msg->params.out_len; i++) {
-+ memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base),
-+ out_vec[i].len);
-+ }
-+
-+caller_end:
-+ rpc_caller_end(caller, rpc_handle);
-+
-+ return resp_msg ? resp_msg->reply : PSA_ERROR_COMMUNICATION_FAILURE;
- }
-
--void psa_close(struct rpc_caller *caller, psa_handle_t handle)
-+void psa_close(struct rpc_caller *caller, psa_handle_t psa_handle)
- {
- psa_status_t psa_status = PSA_SUCCESS;
- struct s_openamp_msg *resp_msg = NULL;
-@@ -74,6 +206,9 @@ void psa_close(struct rpc_caller *caller, psa_handle_t handle)
- uint8_t *req;
- int ret;
-
-+ if ((psa_handle == PSA_NULL_HANDLE) || !caller)
-+ return;
-+
- rpc_handle = rpc_caller_begin(caller, &req,
- sizeof(struct ns_openamp_msg));
- if (!rpc_handle) {
-@@ -84,7 +219,7 @@ void psa_close(struct rpc_caller *caller, psa_handle_t handle)
- req_msg = (struct ns_openamp_msg *)req;
-
- req_msg->call_type = OPENAMP_PSA_CLOSE;
-- req_msg->params.psa_close_params.handle = handle;
-+ req_msg->params.psa_close_params.handle = psa_handle;
-
- ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
- &resp_len);
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/component.cmake b/components/service/secure_storage/backend/secure_storage_ipc/component.cmake
-new file mode 100644
-index 000000000000..5d8f6714e0bd
---- /dev/null
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/component.cmake
-@@ -0,0 +1,14 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+ "${CMAKE_CURRENT_LIST_DIR}/secure_storage_ipc.c"
-+ )
-+
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-new file mode 100644
-index 000000000000..9b55f77dd395
---- /dev/null
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-@@ -0,0 +1,214 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include "secure_storage_ipc.h"
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <rpc_caller.h>
-+#include <string.h>
-+#include <trace.h>
-+
-+
-+static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
-+ psa_storage_uid_t uid, size_t data_length,
-+ const void *p_data, psa_storage_create_flags_t create_flags)
-+{
-+ struct secure_storage_ipc *ipc = context;
-+ struct rpc_caller *caller = ipc->client.caller;
-+ psa_handle_t psa_handle;
-+ psa_status_t psa_status;
-+ struct psa_invec in_vec[] = {
-+ { .base = &uid, .len = sizeof(uid) },
-+ { .base = p_data, .len = data_length },
-+ { .base = &create_flags, .len = sizeof(create_flags) },
-+ };
-+
-+ (void)client_id;
-+
-+ ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED;
-+
-+ /* Validating input parameters */
-+ if (p_data == NULL)
-+ return PSA_ERROR_INVALID_ARGUMENT;
-+
-+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-+ TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0);
-+ if (psa_status < 0)
-+ EMSG("ipc_set: psa_call failed: %d", psa_status);
-+
-+ return psa_status;
-+}
-+
-+static psa_status_t secure_storage_ipc_get(void *context,
-+ uint32_t client_id,
-+ psa_storage_uid_t uid,
-+ size_t data_offset,
-+ size_t data_size,
-+ void *p_data,
-+ size_t *p_data_length)
-+{
-+ struct secure_storage_ipc *ipc = context;
-+ struct rpc_caller *caller = ipc->client.caller;
-+ psa_handle_t psa_handle;
-+ psa_status_t psa_status;
-+ uint32_t offset = (uint32_t)data_offset;
-+ struct psa_invec in_vec[] = {
-+ { .base = &uid, .len = sizeof(uid) },
-+ { .base = &offset, .len = sizeof(offset) },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = p_data, .len = data_size },
-+ };
-+
-+ if (!p_data_length) {
-+ EMSG("ipc_get: p_data_length not defined");
-+ return PSA_ERROR_INVALID_ARGUMENT;
-+ }
-+
-+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-+ TFM_PS_GET, in_vec, IOVEC_LEN(in_vec),
-+ out_vec, IOVEC_LEN(out_vec));
-+ if (psa_status == PSA_SUCCESS)
-+ *p_data_length = out_vec[0].len;
-+
-+ return psa_status;
-+}
-+
-+static psa_status_t secure_storage_ipc_get_info(void *context,
-+ uint32_t client_id,
-+ psa_storage_uid_t uid,
-+ struct psa_storage_info_t *p_info)
-+{
-+ struct secure_storage_ipc *ipc = context;
-+ struct rpc_caller *caller = ipc->client.caller;
-+ psa_handle_t psa_handle;
-+ psa_status_t psa_status;
-+ struct psa_invec in_vec[] = {
-+ { .base = &uid, .len = sizeof(uid) },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = p_info, .len = sizeof(*p_info) },
-+ };
-+
-+ (void)client_id;
-+
-+ /* Validating input parameters */
-+ if (!p_info)
-+ return PSA_ERROR_INVALID_ARGUMENT;
-+
-+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-+ TFM_PS_GET_INFO, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+ if (psa_status != PSA_SUCCESS)
-+ EMSG("ipc_get_info: failed to psa_call: %d", psa_status);
-+
-+ return psa_status;
-+}
-+
-+static psa_status_t secure_storage_ipc_remove(void *context,
-+ uint32_t client_id,
-+ psa_storage_uid_t uid)
-+{
-+ struct secure_storage_ipc *ipc = context;
-+ struct rpc_caller *caller = ipc->client.caller;
-+ psa_handle_t psa_handle;
-+ psa_status_t psa_status;
-+ struct psa_invec in_vec[] = {
-+ { .base = &uid, .len = sizeof(uid) },
-+ };
-+
-+ (void)client_id;
-+
-+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-+ TFM_PS_REMOVE, in_vec,
-+ IOVEC_LEN(in_vec), NULL, 0);
-+ if (psa_status != PSA_SUCCESS)
-+ EMSG("ipc_remove: failed to psa_call: %d", psa_status);
-+
-+ return psa_status;
-+}
-+
-+static psa_status_t secure_storage_ipc_create(void *context,
-+ uint32_t client_id,
-+ uint64_t uid,
-+ size_t capacity,
-+ uint32_t create_flags)
-+{
-+ (void)context;
-+ (void)uid;
-+ (void)client_id;
-+ (void)capacity;
-+ (void)create_flags;
-+
-+ return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static psa_status_t secure_storage_set_extended(void *context,
-+ uint32_t client_id,
-+ uint64_t uid,
-+ size_t data_offset,
-+ size_t data_length,
-+ const void *p_data)
-+{
-+ (void)context;
-+ (void)uid;
-+ (void)client_id;
-+ (void)data_offset;
-+ (void)data_length;
-+ (void)p_data;
-+
-+ return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static uint32_t secure_storage_get_support(void *context, uint32_t client_id)
-+{
-+ struct secure_storage_ipc *ipc = context;
-+ struct rpc_caller *caller = ipc->client.caller;
-+ psa_handle_t psa_handle;
-+ psa_status_t psa_status;
-+ uint32_t support_flags;
-+ struct psa_outvec out_vec[] = {
-+ { .base = &support_flags, .len = sizeof(support_flags) },
-+ };
-+
-+ (void)client_id;
-+
-+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-+ TFM_PS_GET_SUPPORT, NULL, 0,
-+ out_vec, IOVEC_LEN(out_vec));
-+ if (psa_status != PSA_SUCCESS)
-+ EMSG("ipc_get_support: failed to psa_call: %d", psa_status);
-+
-+ return psa_status;
-+}
-+
-+struct storage_backend *secure_storage_ipc_init(struct secure_storage_ipc *context,
-+ struct rpc_caller *caller)
-+{
-+ service_client_init(&context->client, caller);
-+
-+ static const struct storage_backend_interface interface =
-+ {
-+ .set = secure_storage_ipc_set,
-+ .get = secure_storage_ipc_get,
-+ .get_info = secure_storage_ipc_get_info,
-+ .remove = secure_storage_ipc_remove,
-+ .create = secure_storage_ipc_create,
-+ .set_extended = secure_storage_set_extended,
-+ .get_support = secure_storage_get_support,
-+ };
-+
-+ context->backend.context = context;
-+ context->backend.interface = &interface;
-+
-+ return &context->backend;
-+}
-+
-+void secure_storage_ipc_deinit(struct secure_storage_ipc *context)
-+{
-+ service_client_deinit(&context->client);
-+}
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-new file mode 100644
-index 000000000000..e8c1e8fd2f92
---- /dev/null
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-@@ -0,0 +1,52 @@
-+/*
-+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef SECURE_STORAGE_IPC_H
-+#define SECURE_STORAGE_IPC_H
-+
-+#include <service/secure_storage/backend/storage_backend.h>
-+#include <service/common/client/service_client.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/**
-+ * @brief Secure storage ipc instance
-+ */
-+struct secure_storage_ipc
-+{
-+ struct storage_backend backend;
-+ struct service_client client;
-+};
-+
-+/**
-+ * @brief Initialize a secure storage ipc client
-+ *
-+ * A secure storage client is a storage backend that makes RPC calls
-+ * to a remote secure storage provider.
-+ *
-+ * @param[in] context Instance data
-+ * @param[in] rpc_caller RPC caller instance
-+ *
-+ *
-+ * @return Pointer to inialized storage backend or NULL on failure
-+ */
-+struct storage_backend *secure_storage_ipc_init(struct secure_storage_ipc *context,
-+ struct rpc_caller *caller);
-+
-+/**
-+ * @brief Deinitialize a secure storage ipc client
-+ *
-+ * @param[in] context Instance data
-+ */
-+void secure_storage_ipc_deinit(struct secure_storage_ipc *context);
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* SECURE_STORAGE_IPC_H */
-diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
-index dd0c5d00c21e..cd51460406ca 100644
---- a/deployments/se-proxy/se-proxy.cmake
-+++ b/deployments/se-proxy/se-proxy.cmake
-@@ -45,6 +45,7 @@ add_components(TARGET "se-proxy"
- "components/service/crypto/factory/full"
- "components/service/secure_storage/include"
- "components/service/secure_storage/frontend/secure_storage_provider"
-+ "components/service/secure_storage/backend/secure_storage_ipc"
- "components/service/attestation/include"
- "components/service/attestation/provider"
- "components/service/attestation/provider/serializer/packed-c"
---
-2.38.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch
deleted file mode 100644
index ad33295..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From d1377a5ed909e3a1d9caca56aeda262a80322a4b Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 19:25:34 +0000
-Subject: [PATCH 07/20] Use secure storage ipc and openamp for se_proxy
-
-Remove mock up backend for secure storage in se proxy
-deployment and use instead the secure storage ipc backend with
-openamp as rpc to secure enclave side.
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../se-proxy/common/service_proxy_factory.c | 16 +++++++++++++---
- 1 file changed, 13 insertions(+), 3 deletions(-)
-
-diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
-index acfb6e8873fa..57290056d614 100644
---- a/deployments/se-proxy/common/service_proxy_factory.c
-+++ b/deployments/se-proxy/common/service_proxy_factory.c
-@@ -6,15 +6,20 @@
-
- #include <stddef.h>
- #include <rpc/common/endpoint/rpc_interface.h>
-+#include <rpc/openamp/caller/sp/openamp_caller.h>
- #include <service/attestation/provider/attest_provider.h>
- #include <service/attestation/provider/serializer/packed-c/packedc_attest_provider_serializer.h>
- #include <service/crypto/factory/crypto_provider_factory.h>
- #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
-+#include <trace.h>
-
- /* Stub backends */
- #include <service/crypto/backend/stub/stub_crypto_backend.h>
-+#include <service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h>
- #include <service/secure_storage/backend/mock_store/mock_store.h>
-
-+struct openamp_caller openamp;
-+
- struct rpc_interface *attest_proxy_create(void)
- {
- struct rpc_interface *attest_iface;
-@@ -47,10 +52,15 @@ struct rpc_interface *crypto_proxy_create(void)
-
- struct rpc_interface *ps_proxy_create(void)
- {
-- static struct mock_store ps_backend;
- static struct secure_storage_provider ps_provider;
--
-- struct storage_backend *backend = mock_store_init(&ps_backend);
-+ static struct secure_storage_ipc ps_backend;
-+ static struct rpc_caller *storage_caller;
-+ struct storage_backend *backend;
-+
-+ storage_caller = openamp_caller_init(&openamp);
-+ if (!storage_caller)
-+ return NULL;
-+ backend = secure_storage_ipc_init(&ps_backend, &openamp.rpc_caller);
-
- return secure_storage_provider_init(&ps_provider, backend);
- }
---
-2.38.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch
deleted file mode 100644
index ab57688..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 1b50ab6b6ff1c6f27ab320e18fb0d4aeb1122f0d Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Sun, 12 Dec 2021 10:43:48 +0000
-Subject: [PATCH 08/20] Run psa-arch-test
-
-Fixes needed to run psa-arch-test
-
-Upstream-Status: Pending
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- components/service/common/psa_ipc/service_psa_ipc.c | 1 +
- .../backend/secure_storage_ipc/secure_storage_ipc.c | 8 --------
- .../service/secure_storage/include/psa/storage_common.h | 4 ++--
- 3 files changed, 3 insertions(+), 10 deletions(-)
-
-diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
-index 95a07c135f31..5e5815dbc9cf 100644
---- a/components/service/common/psa_ipc/service_psa_ipc.c
-+++ b/components/service/common/psa_ipc/service_psa_ipc.c
-@@ -185,6 +185,7 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
- resp_msg->params.out_vec);
-
- for (i = 0; i < resp_msg->params.out_len; i++) {
-+ out_vec[i].len = out_vec_param[i].len;
- memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base),
- out_vec[i].len);
- }
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-index 9b55f77dd395..a1f369db253e 100644
---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-@@ -31,10 +31,6 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
-
- ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED;
-
-- /* Validating input parameters */
-- if (p_data == NULL)
-- return PSA_ERROR_INVALID_ARGUMENT;
--
- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
- TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0);
- if (psa_status < 0)
-@@ -96,10 +92,6 @@ static psa_status_t secure_storage_ipc_get_info(void *context,
-
- (void)client_id;
-
-- /* Validating input parameters */
-- if (!p_info)
-- return PSA_ERROR_INVALID_ARGUMENT;
--
- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
- TFM_PS_GET_INFO, in_vec,
- IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-diff --git a/components/service/secure_storage/include/psa/storage_common.h b/components/service/secure_storage/include/psa/storage_common.h
-index 4f6ba2a7d822..1fd6b40dc803 100644
---- a/components/service/secure_storage/include/psa/storage_common.h
-+++ b/components/service/secure_storage/include/psa/storage_common.h
-@@ -20,8 +20,8 @@ typedef uint64_t psa_storage_uid_t;
- typedef uint32_t psa_storage_create_flags_t;
-
- struct psa_storage_info_t {
-- size_t capacity;
-- size_t size;
-+ uint32_t capacity;
-+ uint32_t size;
- psa_storage_create_flags_t flags;
- };
-
---
-2.38.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch
deleted file mode 100644
index 3295fa9..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch
+++ /dev/null
@@ -1,168 +0,0 @@
-From a6fba503ffddae004e23b32559212e749e8586f6 Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Sun, 12 Dec 2021 10:57:17 +0000
-Subject: [PATCH 09/20] Use address instead of pointers
-
-Since secure enclave is 32bit and we 64bit there is an issue
-in the protocol communication design that force us to handle
-on our side the manipulation of address and pointers to make
-this work.
-
-Upstream-Status: Pending
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../service/common/include/psa/client.h | 15 ++++++++++++++
- .../service/common/psa_ipc/service_psa_ipc.c | 20 ++++++++++++-------
- .../secure_storage_ipc/secure_storage_ipc.c | 20 +++++++++----------
- 3 files changed, 38 insertions(+), 17 deletions(-)
-
-diff --git a/components/service/common/include/psa/client.h b/components/service/common/include/psa/client.h
-index 69ccf14f40a3..12dcd68f8a76 100644
---- a/components/service/common/include/psa/client.h
-+++ b/components/service/common/include/psa/client.h
-@@ -81,6 +81,21 @@ struct __attribute__ ((__packed__)) psa_outvec {
- uint32_t len; /*!< the size in bytes */
- };
-
-+static void *psa_u32_to_ptr(uint32_t addr)
-+{
-+ return (void *)(uintptr_t)addr;
-+}
-+
-+static uint32_t psa_ptr_to_u32(void *ptr)
-+{
-+ return (uintptr_t)ptr;
-+}
-+
-+static uint32_t psa_ptr_const_to_u32(const void *ptr)
-+{
-+ return (uintptr_t)ptr;
-+}
-+
- /*************************** PSA Client API **********************************/
-
- /**
-diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
-index 5e5815dbc9cf..435c6c0a2eba 100644
---- a/components/service/common/psa_ipc/service_psa_ipc.c
-+++ b/components/service/common/psa_ipc/service_psa_ipc.c
-@@ -62,6 +62,11 @@ static size_t psa_call_out_vec_len(const struct psa_outvec *out_vec, size_t out_
- return resp_len;
- }
-
-+static uint32_t psa_virt_to_phys_u32(struct rpc_caller *caller, void *va)
-+{
-+ return (uintptr_t)rpc_caller_virt_to_phys(caller, va);
-+}
-+
- psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
- uint32_t version)
- {
-@@ -147,20 +152,20 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
- req_msg->params.psa_call_params.handle = psa_handle;
- req_msg->params.psa_call_params.type = type;
- req_msg->params.psa_call_params.in_len = in_len;
-- req_msg->params.psa_call_params.in_vec = rpc_caller_virt_to_phys(caller, in_vec_param);
-+ req_msg->params.psa_call_params.in_vec = psa_virt_to_phys_u32(caller, in_vec_param);
- req_msg->params.psa_call_params.out_len = out_len;
-- req_msg->params.psa_call_params.out_vec = rpc_caller_virt_to_phys(caller, out_vec_param);
-+ req_msg->params.psa_call_params.out_vec = psa_virt_to_phys_u32(caller, out_vec_param);
-
- for (i = 0; i < in_len; i++) {
-- in_vec_param[i].base = rpc_caller_virt_to_phys(caller, payload);
-+ in_vec_param[i].base = psa_virt_to_phys_u32(caller, payload);
- in_vec_param[i].len = in_vec[i].len;
-
-- memcpy(payload, in_vec[i].base, in_vec[i].len);
-+ memcpy(payload, psa_u32_to_ptr(in_vec[i].base), in_vec[i].len);
- payload += in_vec[i].len;
- }
-
- for (i = 0; i < out_len; i++) {
-- out_vec_param[i].base = NULL;
-+ out_vec_param[i].base = 0;
- out_vec_param[i].len = out_vec[i].len;
- }
-
-@@ -182,11 +187,12 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
- goto caller_end;
-
- out_vec_param = (struct psa_outvec *)rpc_caller_phys_to_virt(caller,
-- resp_msg->params.out_vec);
-+ psa_u32_to_ptr(resp_msg->params.out_vec));
-
- for (i = 0; i < resp_msg->params.out_len; i++) {
- out_vec[i].len = out_vec_param[i].len;
-- memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base),
-+ memcpy(psa_u32_to_ptr(out_vec[i].base),
-+ rpc_caller_phys_to_virt(caller, psa_u32_to_ptr(out_vec_param[i].base)),
- out_vec[i].len);
- }
-
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-index a1f369db253e..bda442a61d5c 100644
---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-@@ -22,9 +22,9 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
- psa_handle_t psa_handle;
- psa_status_t psa_status;
- struct psa_invec in_vec[] = {
-- { .base = &uid, .len = sizeof(uid) },
-- { .base = p_data, .len = data_length },
-- { .base = &create_flags, .len = sizeof(create_flags) },
-+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
-+ { .base = psa_ptr_const_to_u32(p_data), .len = data_length },
-+ { .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) },
- };
-
- (void)client_id;
-@@ -53,11 +53,11 @@ static psa_status_t secure_storage_ipc_get(void *context,
- psa_status_t psa_status;
- uint32_t offset = (uint32_t)data_offset;
- struct psa_invec in_vec[] = {
-- { .base = &uid, .len = sizeof(uid) },
-- { .base = &offset, .len = sizeof(offset) },
-+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
-+ { .base = psa_ptr_to_u32(&offset), .len = sizeof(offset) },
- };
- struct psa_outvec out_vec[] = {
-- { .base = p_data, .len = data_size },
-+ { .base = psa_ptr_to_u32(p_data), .len = data_size },
- };
-
- if (!p_data_length) {
-@@ -84,10 +84,10 @@ static psa_status_t secure_storage_ipc_get_info(void *context,
- psa_handle_t psa_handle;
- psa_status_t psa_status;
- struct psa_invec in_vec[] = {
-- { .base = &uid, .len = sizeof(uid) },
-+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
- };
- struct psa_outvec out_vec[] = {
-- { .base = p_info, .len = sizeof(*p_info) },
-+ { .base = psa_ptr_to_u32(p_info), .len = sizeof(*p_info) },
- };
-
- (void)client_id;
-@@ -110,7 +110,7 @@ static psa_status_t secure_storage_ipc_remove(void *context,
- psa_handle_t psa_handle;
- psa_status_t psa_status;
- struct psa_invec in_vec[] = {
-- { .base = &uid, .len = sizeof(uid) },
-+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
- };
-
- (void)client_id;
-@@ -164,7 +164,7 @@ static uint32_t secure_storage_get_support(void *context, uint32_t client_id)
- psa_status_t psa_status;
- uint32_t support_flags;
- struct psa_outvec out_vec[] = {
-- { .base = &support_flags, .len = sizeof(support_flags) },
-+ { .base = psa_ptr_to_u32(&support_flags), .len = sizeof(support_flags) },
- };
-
- (void)client_id;
---
-2.38.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch
deleted file mode 100644
index 2d0725c..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch
+++ /dev/null
@@ -1,323 +0,0 @@
-From b142f3c162fb1c28982d26b5ac2181ba79197a28 Mon Sep 17 00:00:00 2001
-From: Rui Miguel Silva <rui.silva@linaro.org>
-Date: Tue, 7 Dec 2021 11:50:00 +0000
-Subject: [PATCH 10/20] Add psa ipc attestation to se proxy
-
-Implement attestation client API as psa ipc and include it to
-se proxy deployment.
-
-Upstream-Status: Pending
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../client/psa_ipc/component.cmake | 13 +++
- .../client/psa_ipc/iat_ipc_client.c | 86 +++++++++++++++++++
- .../reporter/psa_ipc/component.cmake | 13 +++
- .../reporter/psa_ipc/psa_ipc_attest_report.c | 45 ++++++++++
- components/service/common/include/psa/sid.h | 4 +
- .../se-proxy/common/service_proxy_factory.c | 6 ++
- deployments/se-proxy/se-proxy.cmake | 7 +-
- ...ble-using-hard-coded-attestation-key.patch | 29 -------
- external/psa_arch_tests/psa_arch_tests.cmake | 4 -
- 9 files changed, 171 insertions(+), 36 deletions(-)
- create mode 100644 components/service/attestation/client/psa_ipc/component.cmake
- create mode 100644 components/service/attestation/client/psa_ipc/iat_ipc_client.c
- create mode 100644 components/service/attestation/reporter/psa_ipc/component.cmake
- create mode 100644 components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c
- delete mode 100644 external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch
-
-diff --git a/components/service/attestation/client/psa_ipc/component.cmake b/components/service/attestation/client/psa_ipc/component.cmake
-new file mode 100644
-index 000000000000..a5bc6b4a387e
---- /dev/null
-+++ b/components/service/attestation/client/psa_ipc/component.cmake
-@@ -0,0 +1,13 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+ "${CMAKE_CURRENT_LIST_DIR}/iat_ipc_client.c"
-+ )
-diff --git a/components/service/attestation/client/psa_ipc/iat_ipc_client.c b/components/service/attestation/client/psa_ipc/iat_ipc_client.c
-new file mode 100644
-index 000000000000..30bd0a13a385
---- /dev/null
-+++ b/components/service/attestation/client/psa_ipc/iat_ipc_client.c
-@@ -0,0 +1,86 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <stddef.h>
-+#include <string.h>
-+
-+#include "../psa/iat_client.h"
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <psa/initial_attestation.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+
-+/**
-+ * @brief The singleton psa_iat_client instance
-+ *
-+ * The psa attestation C API assumes a single backend service provider.
-+ */
-+static struct service_client instance;
-+
-+
-+psa_status_t psa_iat_client_init(struct rpc_caller *caller)
-+{
-+ return service_client_init(&instance, caller);
-+}
-+
-+void psa_iat_client_deinit(void)
-+{
-+ service_client_deinit(&instance);
-+}
-+
-+int psa_iat_client_rpc_status(void)
-+{
-+ return instance.rpc_status;
-+}
-+
-+psa_status_t psa_initial_attest_get_token(const uint8_t *auth_challenge,
-+ size_t challenge_size,
-+ uint8_t *token_buf,
-+ size_t token_buf_size,
-+ size_t *token_size)
-+{
-+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
-+ struct rpc_caller *caller = instance.caller;
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_const_to_u32(auth_challenge), .len = challenge_size},
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(token_buf), .len = token_buf_size},
-+ };
-+
-+ if (!token_buf || !token_buf_size)
-+ return PSA_ERROR_INVALID_ARGUMENT;
-+
-+ status = psa_call(caller, TFM_ATTESTATION_SERVICE_HANDLE,
-+ TFM_ATTEST_GET_TOKEN, in_vec, IOVEC_LEN(in_vec),
-+ out_vec, IOVEC_LEN(out_vec));
-+ if (status == PSA_SUCCESS) {
-+ *token_size = out_vec[0].len;
-+ }
-+
-+ return status;
-+}
-+
-+psa_status_t psa_initial_attest_get_token_size(size_t challenge_size,
-+ size_t *token_size)
-+{
-+ struct rpc_caller *caller = instance.caller;
-+ psa_status_t status;
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&challenge_size), .len = sizeof(uint32_t)}
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(token_size), .len = sizeof(uint32_t)}
-+ };
-+
-+ status = psa_call(caller, TFM_ATTESTATION_SERVICE_HANDLE,
-+ TFM_ATTEST_GET_TOKEN_SIZE,
-+ in_vec, IOVEC_LEN(in_vec),
-+ out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-diff --git a/components/service/attestation/reporter/psa_ipc/component.cmake b/components/service/attestation/reporter/psa_ipc/component.cmake
-new file mode 100644
-index 000000000000..b37830c618fe
---- /dev/null
-+++ b/components/service/attestation/reporter/psa_ipc/component.cmake
-@@ -0,0 +1,13 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+ "${CMAKE_CURRENT_LIST_DIR}/psa_ipc_attest_report.c"
-+ )
-diff --git a/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c b/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c
-new file mode 100644
-index 000000000000..15805e8ed4b1
---- /dev/null
-+++ b/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c
-@@ -0,0 +1,45 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+/**
-+ * A attestation reporter for psa ipc
-+ */
-+
-+#include <stddef.h>
-+#include <psa/error.h>
-+#include <service/attestation/reporter/attest_report.h>
-+#include <psa/initial_attestation.h>
-+
-+#define TOKEN_BUF_SIZE 1024
-+
-+static uint8_t token_buf[TOKEN_BUF_SIZE];
-+
-+int attest_report_create(int32_t client_id, const uint8_t *auth_challenge_data,
-+ size_t auth_challenge_len, const uint8_t **report,
-+ size_t *report_len)
-+{
-+ *report = token_buf;
-+ psa_status_t ret;
-+ size_t token_size = 0;
-+
-+ ret = psa_initial_attest_get_token(auth_challenge_data,
-+ auth_challenge_len, token_buf,
-+ TOKEN_BUF_SIZE, &token_size);
-+ if (ret != PSA_SUCCESS) {
-+ *report = NULL;
-+ *report_len = 0;
-+ return ret;
-+ }
-+
-+ *report_len = token_size;
-+
-+ return PSA_SUCCESS;
-+}
-+
-+void attest_report_destroy(const uint8_t *report)
-+{
-+ (void)report;
-+}
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index aaa973c6e987..833f5039425f 100644
---- a/components/service/common/include/psa/sid.h
-+++ b/components/service/common/include/psa/sid.h
-@@ -50,6 +50,10 @@ extern "C" {
- #define TFM_ATTESTATION_SERVICE_VERSION (1U)
- #define TFM_ATTESTATION_SERVICE_HANDLE (0x40000103U)
-
-+/* Initial Attestation message types that distinguish Attest services. */
-+#define TFM_ATTEST_GET_TOKEN 1001
-+#define TFM_ATTEST_GET_TOKEN_SIZE 1002
-+
- /******** TFM_SP_FWU ********/
- #define TFM_FWU_WRITE_SID (0x000000A0U)
- #define TFM_FWU_WRITE_VERSION (1U)
-diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
-index 57290056d614..4b8cceccbe4d 100644
---- a/deployments/se-proxy/common/service_proxy_factory.c
-+++ b/deployments/se-proxy/common/service_proxy_factory.c
-@@ -23,12 +23,18 @@ struct openamp_caller openamp;
- struct rpc_interface *attest_proxy_create(void)
- {
- struct rpc_interface *attest_iface;
-+ struct rpc_caller *attest_caller;
-
- /* Static objects for proxy instance */
- static struct attest_provider attest_provider;
-
-+ attest_caller = openamp_caller_init(&openamp);
-+ if (!attest_caller)
-+ return NULL;
-+
- /* Initialize the service provider */
- attest_iface = attest_provider_init(&attest_provider);
-+ psa_iat_client_init(&openamp.rpc_caller);
-
- attest_provider_register_serializer(&attest_provider,
- TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance());
-diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
-index cd51460406ca..3dbbc36c968d 100644
---- a/deployments/se-proxy/se-proxy.cmake
-+++ b/deployments/se-proxy/se-proxy.cmake
-@@ -49,14 +49,15 @@ add_components(TARGET "se-proxy"
- "components/service/attestation/include"
- "components/service/attestation/provider"
- "components/service/attestation/provider/serializer/packed-c"
-+ "components/service/attestation/reporter/psa_ipc"
-+ "components/service/attestation/client/psa_ipc"
- "components/rpc/openamp/caller/sp"
-
- # Stub service provider backends
- "components/rpc/dummy"
- "components/rpc/common/caller"
-- "components/service/attestation/reporter/stub"
-- "components/service/attestation/key_mngr/stub"
-- "components/service/crypto/backend/stub"
-+ "components/service/attestation/key_mngr/local"
-+ "components/service/crypto/backend/psa_ipc"
- "components/service/crypto/client/psa"
- "components/service/secure_storage/backend/mock_store"
- )
-diff --git a/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch b/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch
-deleted file mode 100644
-index 6664961ab662..000000000000
---- a/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch
-+++ /dev/null
-@@ -1,29 +0,0 @@
--From dbd25f94eb62a9855bf342dd97503a49ea50f83e Mon Sep 17 00:00:00 2001
--From: Gyorgy Szing <Gyorgy.Szing@arm.com>
--Date: Tue, 8 Feb 2022 17:06:37 +0000
--Subject: [PATCH 1/1] Disable using hard-coded attestation key
--
--Modify platform config to disable using a hard-coded attestation
--key.
--
--Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
-----
-- api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h | 2 +-
-- 1 file changed, 1 insertion(+), 1 deletion(-)
--
--diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h
--index 6112ba7..1cdf581 100755
----- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h
--+++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h
--@@ -60,7 +60,7 @@ typedef uint32_t cfg_id_t;
-- #define CRYPTO_VERSION_BETA3
--
-- /* Use hardcoded public key */
---#define PLATFORM_OVERRIDE_ATTEST_PK
--+//#define PLATFORM_OVERRIDE_ATTEST_PK
--
-- /*
-- * Include of PSA defined Header files
----
--2.17.1
--
-diff --git a/external/psa_arch_tests/psa_arch_tests.cmake b/external/psa_arch_tests/psa_arch_tests.cmake
-index a8b77a1fc05e..1995df3e0b49 100644
---- a/external/psa_arch_tests/psa_arch_tests.cmake
-+++ b/external/psa_arch_tests/psa_arch_tests.cmake
-@@ -15,10 +15,6 @@ set(GIT_OPTIONS
- GIT_REPOSITORY ${PSA_ARCH_TESTS_URL}
- GIT_TAG ${PSA_ARCH_TESTS_REFSPEC}
- GIT_SHALLOW FALSE
-- PATCH_COMMAND git stash
-- COMMAND git tag -f ts-before-am
-- COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0001-Disable-using-hard-coded-attestation-key.patch
-- COMMAND git reset ts-before-am
- )
-
- # Ensure list of defines is separated correctly
---
-2.38.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch
deleted file mode 100644
index 5803cc1..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch
+++ /dev/null
@@ -1,163 +0,0 @@
-From 4240977f7c38950f5edb316bb08ae05cb7b99875 Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Thu, 9 Dec 2021 14:11:06 +0000
-Subject: [PATCH 11/20] Setup its backend as openamp rpc using secure storage
- ipc implementation.
-
-Upstream-Status: Pending
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- components/service/common/include/psa/sid.h | 12 +++++-----
- .../secure_storage_ipc/secure_storage_ipc.c | 20 ++++++++---------
- .../secure_storage_ipc/secure_storage_ipc.h | 1 +
- .../se-proxy/common/service_proxy_factory.c | 22 +++++++++++++------
- 4 files changed, 32 insertions(+), 23 deletions(-)
-
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index 833f5039425f..4a951d4a3502 100644
---- a/components/service/common/include/psa/sid.h
-+++ b/components/service/common/include/psa/sid.h
-@@ -20,12 +20,12 @@ extern "C" {
- /* Invalid UID */
- #define TFM_PS_INVALID_UID 0
-
--/* PS message types that distinguish PS services. */
--#define TFM_PS_SET 1001
--#define TFM_PS_GET 1002
--#define TFM_PS_GET_INFO 1003
--#define TFM_PS_REMOVE 1004
--#define TFM_PS_GET_SUPPORT 1005
-+/* PS / ITS message types that distinguish PS services. */
-+#define TFM_PS_ITS_SET 1001
-+#define TFM_PS_ITS_GET 1002
-+#define TFM_PS_ITS_GET_INFO 1003
-+#define TFM_PS_ITS_REMOVE 1004
-+#define TFM_PS_ITS_GET_SUPPORT 1005
-
- /******** TFM_SP_ITS ********/
- #define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SID (0x00000070U)
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-index bda442a61d5c..0e1b48c0d2e2 100644
---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-@@ -31,8 +31,8 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
-
- ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED;
-
-- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-- TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0);
-+ psa_status = psa_call(caller, ipc->service_handle, TFM_PS_ITS_SET,
-+ in_vec, IOVEC_LEN(in_vec), NULL, 0);
- if (psa_status < 0)
- EMSG("ipc_set: psa_call failed: %d", psa_status);
-
-@@ -65,8 +65,8 @@ static psa_status_t secure_storage_ipc_get(void *context,
- return PSA_ERROR_INVALID_ARGUMENT;
- }
-
-- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-- TFM_PS_GET, in_vec, IOVEC_LEN(in_vec),
-+ psa_status = psa_call(caller, ipc->service_handle,
-+ TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec),
- out_vec, IOVEC_LEN(out_vec));
- if (psa_status == PSA_SUCCESS)
- *p_data_length = out_vec[0].len;
-@@ -92,8 +92,8 @@ static psa_status_t secure_storage_ipc_get_info(void *context,
-
- (void)client_id;
-
-- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-- TFM_PS_GET_INFO, in_vec,
-+ psa_status = psa_call(caller, ipc->service_handle,
-+ TFM_PS_ITS_GET_INFO, in_vec,
- IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
- if (psa_status != PSA_SUCCESS)
- EMSG("ipc_get_info: failed to psa_call: %d", psa_status);
-@@ -115,8 +115,8 @@ static psa_status_t secure_storage_ipc_remove(void *context,
-
- (void)client_id;
-
-- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-- TFM_PS_REMOVE, in_vec,
-+ psa_status = psa_call(caller, ipc->service_handle,
-+ TFM_PS_ITS_REMOVE, in_vec,
- IOVEC_LEN(in_vec), NULL, 0);
- if (psa_status != PSA_SUCCESS)
- EMSG("ipc_remove: failed to psa_call: %d", psa_status);
-@@ -169,8 +169,8 @@ static uint32_t secure_storage_get_support(void *context, uint32_t client_id)
-
- (void)client_id;
-
-- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-- TFM_PS_GET_SUPPORT, NULL, 0,
-+ psa_status = psa_call(caller, ipc->service_handle,
-+ TFM_PS_ITS_GET_SUPPORT, NULL, 0,
- out_vec, IOVEC_LEN(out_vec));
- if (psa_status != PSA_SUCCESS)
- EMSG("ipc_get_support: failed to psa_call: %d", psa_status);
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-index e8c1e8fd2f92..d9949f6a9305 100644
---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-@@ -21,6 +21,7 @@ struct secure_storage_ipc
- {
- struct storage_backend backend;
- struct service_client client;
-+ int32_t service_handle;
- };
-
- /**
-diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
-index 4b8cceccbe4d..1110ac46bf8b 100644
---- a/deployments/se-proxy/common/service_proxy_factory.c
-+++ b/deployments/se-proxy/common/service_proxy_factory.c
-@@ -5,6 +5,7 @@
- */
-
- #include <stddef.h>
-+#include <psa/sid.h>
- #include <rpc/common/endpoint/rpc_interface.h>
- #include <rpc/openamp/caller/sp/openamp_caller.h>
- #include <service/attestation/provider/attest_provider.h>
-@@ -60,23 +61,30 @@ struct rpc_interface *ps_proxy_create(void)
- {
- static struct secure_storage_provider ps_provider;
- static struct secure_storage_ipc ps_backend;
-- static struct rpc_caller *storage_caller;
-+ struct rpc_caller *storage_caller;
- struct storage_backend *backend;
-
- storage_caller = openamp_caller_init(&openamp);
- if (!storage_caller)
- return NULL;
- backend = secure_storage_ipc_init(&ps_backend, &openamp.rpc_caller);
-+ ps_backend.service_handle = TFM_PROTECTED_STORAGE_SERVICE_HANDLE;
-
- return secure_storage_provider_init(&ps_provider, backend);
- }
-
- struct rpc_interface *its_proxy_create(void)
- {
-- static struct mock_store its_backend;
-- static struct secure_storage_provider its_provider;
--
-- struct storage_backend *backend = mock_store_init(&its_backend);
--
-- return secure_storage_provider_init(&its_provider, backend);
-+ static struct secure_storage_provider its_provider;
-+ static struct secure_storage_ipc its_backend;
-+ struct rpc_caller *storage_caller;
-+ struct storage_backend *backend;
-+
-+ storage_caller = openamp_caller_init(&openamp);
-+ if (!storage_caller)
-+ return NULL;
-+ backend = secure_storage_ipc_init(&its_backend, &openamp.rpc_caller);
-+ its_backend.service_handle = TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE;
-+
-+ return secure_storage_provider_init(&its_provider, backend);
- }
---
-2.38.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch
deleted file mode 100644
index 67ea7b8..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch
+++ /dev/null
@@ -1,2570 +0,0 @@
-From 0b5d96b1a9f927dc141047600edf2249af7022c5 Mon Sep 17 00:00:00 2001
-From: Rui Miguel Silva <rui.silva@linaro.org>
-Date: Thu, 9 Dec 2021 14:17:39 +0000
-Subject: [PATCH 12/20] add psa ipc crypto backend
-
-Add psa ipc crypto backend and attach it to se proxy
-deployment.
-
-Upstream-Status: Pending
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- components/service/common/include/psa/sid.h | 73 +++++
- .../crypto/backend/psa_ipc/component.cmake | 21 ++
- .../backend/psa_ipc/crypto_ipc_backend.c | 26 ++
- .../backend/psa_ipc/crypto_ipc_backend.h | 70 ++++
- .../client/caller/psa_ipc/crypto_caller.h | 34 ++
- .../caller/psa_ipc/crypto_caller_aead.h | 252 +++++++++++++++
- .../crypto_caller_asymmetric_decrypt.h | 76 +++++
- .../crypto_caller_asymmetric_encrypt.h | 76 +++++
- .../caller/psa_ipc/crypto_caller_cipher.h | 246 +++++++++++++++
- .../caller/psa_ipc/crypto_caller_copy_key.h | 57 ++++
- .../psa_ipc/crypto_caller_destroy_key.h | 51 +++
- .../caller/psa_ipc/crypto_caller_export_key.h | 59 ++++
- .../psa_ipc/crypto_caller_export_public_key.h | 59 ++++
- .../psa_ipc/crypto_caller_generate_key.h | 55 ++++
- .../psa_ipc/crypto_caller_generate_random.h | 57 ++++
- .../crypto_caller_get_key_attributes.h | 56 ++++
- .../caller/psa_ipc/crypto_caller_hash.h | 220 +++++++++++++
- .../caller/psa_ipc/crypto_caller_import_key.h | 57 ++++
- .../psa_ipc/crypto_caller_key_attributes.h | 51 +++
- .../psa_ipc/crypto_caller_key_derivation.h | 298 ++++++++++++++++++
- .../client/caller/psa_ipc/crypto_caller_mac.h | 207 ++++++++++++
- .../caller/psa_ipc/crypto_caller_purge_key.h | 51 +++
- .../caller/psa_ipc/crypto_caller_sign_hash.h | 64 ++++
- .../psa_ipc/crypto_caller_verify_hash.h | 59 ++++
- .../crypto/include/psa/crypto_client_struct.h | 8 +-
- .../service/crypto/include/psa/crypto_sizes.h | 2 +-
- .../se-proxy/common/service_proxy_factory.c | 15 +-
- .../providers/arm/corstone1000/platform.cmake | 2 +
- 28 files changed, 2292 insertions(+), 10 deletions(-)
- create mode 100644 components/service/crypto/backend/psa_ipc/component.cmake
- create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c
- create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index 4a951d4a3502..7a29cc253bad 100644
---- a/components/service/common/include/psa/sid.h
-+++ b/components/service/common/include/psa/sid.h
-@@ -37,6 +37,79 @@ extern "C" {
- #define TFM_CRYPTO_VERSION (1U)
- #define TFM_CRYPTO_HANDLE (0x40000100U)
-
-+/**
-+ * \brief Define a progressive numerical value for each SID which can be used
-+ * when dispatching the requests to the service
-+ */
-+enum {
-+ TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID = (0u),
-+ TFM_CRYPTO_RESET_KEY_ATTRIBUTES_SID,
-+ TFM_CRYPTO_OPEN_KEY_SID,
-+ TFM_CRYPTO_CLOSE_KEY_SID,
-+ TFM_CRYPTO_IMPORT_KEY_SID,
-+ TFM_CRYPTO_DESTROY_KEY_SID,
-+ TFM_CRYPTO_EXPORT_KEY_SID,
-+ TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
-+ TFM_CRYPTO_PURGE_KEY_SID,
-+ TFM_CRYPTO_COPY_KEY_SID,
-+ TFM_CRYPTO_HASH_COMPUTE_SID,
-+ TFM_CRYPTO_HASH_COMPARE_SID,
-+ TFM_CRYPTO_HASH_SETUP_SID,
-+ TFM_CRYPTO_HASH_UPDATE_SID,
-+ TFM_CRYPTO_HASH_FINISH_SID,
-+ TFM_CRYPTO_HASH_VERIFY_SID,
-+ TFM_CRYPTO_HASH_ABORT_SID,
-+ TFM_CRYPTO_HASH_CLONE_SID,
-+ TFM_CRYPTO_MAC_COMPUTE_SID,
-+ TFM_CRYPTO_MAC_VERIFY_SID,
-+ TFM_CRYPTO_MAC_SIGN_SETUP_SID,
-+ TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
-+ TFM_CRYPTO_MAC_UPDATE_SID,
-+ TFM_CRYPTO_MAC_SIGN_FINISH_SID,
-+ TFM_CRYPTO_MAC_VERIFY_FINISH_SID,
-+ TFM_CRYPTO_MAC_ABORT_SID,
-+ TFM_CRYPTO_CIPHER_ENCRYPT_SID,
-+ TFM_CRYPTO_CIPHER_DECRYPT_SID,
-+ TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
-+ TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
-+ TFM_CRYPTO_CIPHER_GENERATE_IV_SID,
-+ TFM_CRYPTO_CIPHER_SET_IV_SID,
-+ TFM_CRYPTO_CIPHER_UPDATE_SID,
-+ TFM_CRYPTO_CIPHER_FINISH_SID,
-+ TFM_CRYPTO_CIPHER_ABORT_SID,
-+ TFM_CRYPTO_AEAD_ENCRYPT_SID,
-+ TFM_CRYPTO_AEAD_DECRYPT_SID,
-+ TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
-+ TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
-+ TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
-+ TFM_CRYPTO_AEAD_SET_NONCE_SID,
-+ TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
-+ TFM_CRYPTO_AEAD_UPDATE_AD_SID,
-+ TFM_CRYPTO_AEAD_UPDATE_SID,
-+ TFM_CRYPTO_AEAD_FINISH_SID,
-+ TFM_CRYPTO_AEAD_VERIFY_SID,
-+ TFM_CRYPTO_AEAD_ABORT_SID,
-+ TFM_CRYPTO_SIGN_MESSAGE_SID,
-+ TFM_CRYPTO_VERIFY_MESSAGE_SID,
-+ TFM_CRYPTO_SIGN_HASH_SID,
-+ TFM_CRYPTO_VERIFY_HASH_SID,
-+ TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
-+ TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
-+ TFM_CRYPTO_KEY_DERIVATION_SETUP_SID,
-+ TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID,
-+ TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID,
-+ TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID,
-+ TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
-+ TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
-+ TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID,
-+ TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID,
-+ TFM_CRYPTO_KEY_DERIVATION_ABORT_SID,
-+ TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
-+ TFM_CRYPTO_GENERATE_RANDOM_SID,
-+ TFM_CRYPTO_GENERATE_KEY_SID,
-+ TFM_CRYPTO_SID_MAX,
-+};
-+
- /******** TFM_SP_PLATFORM ********/
- #define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U)
- #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U)
-diff --git a/components/service/crypto/backend/psa_ipc/component.cmake b/components/service/crypto/backend/psa_ipc/component.cmake
-new file mode 100644
-index 000000000000..93c297a83ac6
---- /dev/null
-+++ b/components/service/crypto/backend/psa_ipc/component.cmake
-@@ -0,0 +1,21 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+ "${CMAKE_CURRENT_LIST_DIR}/crypto_ipc_backend.c"
-+ )
-+
-+# The ipc crypto backend uses the psa crypto client to realize the
-+# psa crypto API that the crypto provider depends on. This define
-+# configures the psa crypto client to be built with the ipc crypto
-+# caller.
-+target_compile_definitions(${TGT} PRIVATE
-+ PSA_CRYPTO_CLIENT_CALLER_SELECTION_H="service/crypto/client/caller/psa_ipc/crypto_caller.h"
-+)
-diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c
-new file mode 100644
-index 000000000000..e47cd4ffb4ce
---- /dev/null
-+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c
-@@ -0,0 +1,26 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <stddef.h>
-+#include <psa/crypto.h>
-+#include <service/crypto/client/psa/psa_crypto_client.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include "crypto_ipc_backend.h"
-+
-+psa_status_t crypto_ipc_backend_init(struct rpc_caller *caller)
-+{
-+ psa_status_t status = psa_crypto_client_init(caller);
-+
-+ if (status == PSA_SUCCESS)
-+ status = psa_crypto_init();
-+
-+ return status;
-+}
-+
-+void crypto_ipc_backend_deinit(void)
-+{
-+ psa_crypto_client_deinit();
-+}
-diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-new file mode 100644
-index 000000000000..c13c20e84131
---- /dev/null
-+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-@@ -0,0 +1,70 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef CRYPTO_IPC_BACKEND_H
-+#define CRYPTO_IPC_BACKEND_H
-+
-+#include <service/crypto/client/psa/psa_crypto_client.h>
-+#include <psa/error.h>
-+#include <rpc_caller.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/**
-+ * \brief This type is used to overcome a limitation in the number of maximum
-+ * IOVECs that can be used especially in psa_aead_encrypt and
-+ * psa_aead_decrypt. To be removed in case the AEAD APIs number of
-+ * parameters passed gets restructured
-+ */
-+#define TFM_CRYPTO_MAX_NONCE_LENGTH (16u)
-+struct psa_ipc_crypto_aead_pack_input {
-+ uint8_t nonce[TFM_CRYPTO_MAX_NONCE_LENGTH];
-+ uint32_t nonce_length;
-+};
-+
-+struct psa_ipc_crypto_pack_iovec {
-+ uint32_t sfn_id; /*!< Secure function ID used to dispatch the
-+ * request
-+ */
-+ uint16_t step; /*!< Key derivation step */
-+ psa_key_id_t key_id; /*!< Key id */
-+ psa_algorithm_t alg; /*!< Algorithm */
-+ uint32_t op_handle; /*!< Frontend context handle associated to a
-+ * multipart operation
-+ */
-+ uint32_t capacity; /*!< Key derivation capacity */
-+
-+ struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for
-+ * AEAD until the API is
-+ * restructured
-+ */
-+};
-+
-+#define iov_size sizeof(struct psa_ipc_crypto_pack_iovec)
-+
-+/**
-+ * \brief Initialize the psa ipc crypto backend
-+ *
-+ * Initializes a crypto backend that uses the psa API client with a
-+ * psa_ipc_backend caller to realize the PSA crypto API used by the crypto
-+ * service proviser.
-+ *
-+ * \return PSA_SUCCESS if backend initialized successfully
-+ */
-+psa_status_t crypto_ipc_backend_init(struct rpc_caller *caller);
-+
-+/**
-+ * \brief Clean-up to free any resource used by the crypto backend
-+ */
-+void crypto_ipc_backend_deinit(void);
-+
-+#ifdef __cplusplus
-+} /* extern "C" */
-+#endif
-+
-+#endif /* CRYPTO_IPC_BACKEND_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller.h
-new file mode 100644
-index 000000000000..0a972187062f
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller.h
-@@ -0,0 +1,34 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_H
-+#define PSA_IPC_CRYPTO_CALLER_H
-+
-+/**
-+ * Includes all header files that form the psa ipc crypto caller
-+ * interface. May be used by a client that needs to call operations
-+ * provided by a crypto service instance using the psa ipc interface.
-+ */
-+#include "crypto_caller_aead.h"
-+#include "crypto_caller_asymmetric_decrypt.h"
-+#include "crypto_caller_asymmetric_encrypt.h"
-+#include "crypto_caller_cipher.h"
-+#include "crypto_caller_copy_key.h"
-+#include "crypto_caller_destroy_key.h"
-+#include "crypto_caller_export_key.h"
-+#include "crypto_caller_export_public_key.h"
-+#include "crypto_caller_generate_key.h"
-+#include "crypto_caller_generate_random.h"
-+#include "crypto_caller_get_key_attributes.h"
-+#include "crypto_caller_hash.h"
-+#include "crypto_caller_import_key.h"
-+#include "crypto_caller_key_derivation.h"
-+#include "crypto_caller_mac.h"
-+#include "crypto_caller_purge_key.h"
-+#include "crypto_caller_sign_hash.h"
-+#include "crypto_caller_verify_hash.h"
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-new file mode 100644
-index 000000000000..78517fe32ca9
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-@@ -0,0 +1,252 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_AEAD_H
-+#define PSA_IPC_CRYPTO_CALLER_AEAD_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_aead_encrypt(
-+ struct service_client *context,
-+ psa_key_id_t key,
-+ psa_algorithm_t alg,
-+ const uint8_t *nonce,
-+ size_t nonce_length,
-+ const uint8_t *additional_data,
-+ size_t additional_data_length,
-+ const uint8_t *plaintext,
-+ size_t plaintext_length,
-+ uint8_t *aeadtext,
-+ size_t aeadtext_size,
-+ size_t *aeadtext_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ size_t in_len;
-+ int i;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SID,
-+ .key_id = key,
-+ .alg = alg,
-+ .aead_in = { .nonce = {0}, .nonce_length = nonce_length },
-+ };
-+
-+ if (!additional_data && additional_data_length)
-+ return PSA_ERROR_INVALID_ARGUMENT;
-+
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ { .base = psa_ptr_const_to_u32(plaintext),
-+ .len = plaintext_length },
-+ { .base = psa_ptr_const_to_u32(additional_data),
-+ .len = additional_data_length},
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(aeadtext), .len = aeadtext_size },
-+ };
-+
-+ if (nonce_length > TFM_CRYPTO_MAX_NONCE_LENGTH)
-+ return PSA_ERROR_INVALID_ARGUMENT;
-+
-+ if (nonce) {
-+ for (i = 0; i < nonce_length; i++)
-+ iov.aead_in.nonce[i] = nonce[i];
-+ }
-+
-+ in_len = IOVEC_LEN(in_vec);
-+
-+ if (!additional_data)
-+ in_len--;
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ in_len, out_vec, IOVEC_LEN(out_vec));
-+
-+ *aeadtext_length = out_vec[0].len;
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_decrypt(
-+ struct service_client *context,
-+ psa_key_id_t key,
-+ psa_algorithm_t alg,
-+ const uint8_t *nonce,
-+ size_t nonce_length,
-+ const uint8_t *additional_data,
-+ size_t additional_data_length,
-+ const uint8_t *aeadtext,
-+ size_t aeadtext_length,
-+ uint8_t *plaintext,
-+ size_t plaintext_size,
-+ size_t *plaintext_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ size_t in_len;
-+ int i;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SID,
-+ .key_id = key,
-+ .alg = alg,
-+ .aead_in = { .nonce = {0}, .nonce_length = nonce_length },
-+ };
-+
-+ if (!additional_data && additional_data_length)
-+ return PSA_ERROR_INVALID_ARGUMENT;
-+
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ { .base = psa_ptr_const_to_u32(aeadtext),
-+ .len = aeadtext_length },
-+ { .base = psa_ptr_const_to_u32(additional_data),
-+ .len = additional_data_length},
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(plaintext), .len = plaintext_size },
-+ };
-+
-+ if (nonce_length > TFM_CRYPTO_MAX_NONCE_LENGTH)
-+ return PSA_ERROR_INVALID_ARGUMENT;
-+
-+ if (nonce) {
-+ for (i = 0; i < nonce_length; i++)
-+ iov.aead_in.nonce[i] = nonce[i];
-+ }
-+
-+ in_len = IOVEC_LEN(in_vec);
-+
-+ if (!additional_data)
-+ in_len--;
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ in_len, out_vec, IOVEC_LEN(out_vec));
-+
-+ *plaintext_length = out_vec[0].len;
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_encrypt_setup(
-+ struct service_client *context,
-+ uint32_t *op_handle,
-+ psa_key_id_t key,
-+ psa_algorithm_t alg)
-+{
-+ return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_decrypt_setup(
-+ struct service_client *context,
-+ uint32_t *op_handle,
-+ psa_key_id_t key,
-+ psa_algorithm_t alg)
-+{
-+ return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_generate_nonce(
-+ struct service_client *context,
-+ uint32_t op_handle,
-+ uint8_t *nonce,
-+ size_t nonce_size,
-+ size_t *nonce_length)
-+{
-+ return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_set_nonce(
-+ struct service_client *context,
-+ uint32_t op_handle,
-+ const uint8_t *nonce,
-+ size_t nonce_length)
-+{
-+ return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_set_lengths(
-+ struct service_client *context,
-+ uint32_t op_handle,
-+ size_t ad_length,
-+ size_t plaintext_length)
-+{
-+ return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_update_ad(
-+ struct service_client *context,
-+ uint32_t op_handle,
-+ const uint8_t *input,
-+ size_t input_length)
-+{
-+ return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_update(
-+ struct service_client *context,
-+ uint32_t op_handle,
-+ const uint8_t *input,
-+ size_t input_length,
-+ uint8_t *output,
-+ size_t output_size,
-+ size_t *output_length)
-+{
-+ return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_finish(
-+ struct service_client *context,
-+ uint32_t op_handle,
-+ uint8_t *aeadtext,
-+ size_t aeadtext_size,
-+ size_t *aeadtext_length,
-+ uint8_t *tag,
-+ size_t tag_size,
-+ size_t *tag_length)
-+{
-+ return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_verify(
-+ struct service_client *context,
-+ uint32_t op_handle,
-+ uint8_t *plaintext,
-+ size_t plaintext_size,
-+ size_t *plaintext_length,
-+ const uint8_t *tag,
-+ size_t tag_length)
-+{
-+ return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_abort(
-+ struct service_client *context,
-+ uint32_t op_handle)
-+{
-+ return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_AEAD_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
-new file mode 100644
-index 000000000000..ff01815c09e9
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
-@@ -0,0 +1,76 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H
-+#define PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_asymmetric_decrypt(
-+ struct service_client *context,
-+ psa_key_id_t id,
-+ psa_algorithm_t alg,
-+ const uint8_t *input, size_t input_length,
-+ const uint8_t *salt, size_t salt_length,
-+ uint8_t *output, size_t output_size,
-+ size_t *output_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ size_t in_len;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
-+ .key_id = id,
-+ .alg = alg,
-+ };
-+
-+ /* Sanitize optional input */
-+ if (!salt && salt_length)
-+ return PSA_ERROR_INVALID_ARGUMENT;
-+
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ { .base = psa_ptr_const_to_u32(input), .len = input_length },
-+ { .base = psa_ptr_const_to_u32(salt), .len = salt_length },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(output), .len = output_size },
-+ };
-+
-+
-+ in_len = IOVEC_LEN(in_vec);
-+ if (!salt)
-+ in_len--;
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ in_len, out_vec, IOVEC_LEN(out_vec));
-+
-+ *output_length = out_vec[0].len;
-+
-+ return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
-new file mode 100644
-index 000000000000..1daf1689c076
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
-@@ -0,0 +1,76 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H
-+#define PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_asymmetric_encrypt(
-+ struct service_client *context,
-+ psa_key_id_t id,
-+ psa_algorithm_t alg,
-+ const uint8_t *input, size_t input_length,
-+ const uint8_t *salt, size_t salt_length,
-+ uint8_t *output, size_t output_size,
-+ size_t *output_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ size_t in_len;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
-+ .key_id = id,
-+ .alg = alg,
-+ };
-+
-+ /* Sanitize optional input */
-+ if (!salt && salt_length)
-+ return PSA_ERROR_INVALID_ARGUMENT;
-+
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ { .base = psa_ptr_const_to_u32(input), .len = input_length },
-+ { .base = psa_ptr_const_to_u32(salt), .len = salt_length },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(output), .len = output_size },
-+ };
-+
-+
-+ in_len = IOVEC_LEN(in_vec);
-+ if (!salt)
-+ in_len--;
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ in_len, out_vec, IOVEC_LEN(out_vec));
-+
-+ *output_length = out_vec[0].len;
-+
-+ return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-new file mode 100644
-index 000000000000..fbefb28d813a
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-@@ -0,0 +1,246 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_CIPHER_H
-+#define PSA_IPC_CRYPTO_CALLER_CIPHER_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_cipher_encrypt_setup(
-+ struct service_client *context,
-+ uint32_t *op_handle,
-+ psa_key_id_t key,
-+ psa_algorithm_t alg)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
-+ .key_id = key,
-+ .alg = alg,
-+ .op_handle = *op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_decrypt_setup(
-+ struct service_client *context,
-+ uint32_t *op_handle,
-+ psa_key_id_t key,
-+ psa_algorithm_t alg)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
-+ .key_id = key,
-+ .alg = alg,
-+ .op_handle = *op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_generate_iv(
-+ struct service_client *context,
-+ uint32_t op_handle,
-+ uint8_t *iv,
-+ size_t iv_size,
-+ size_t *iv_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID,
-+ .op_handle = op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+ { .base = psa_ptr_to_u32(iv), .len = iv_size },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ *iv_length = out_vec[1].len;
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_set_iv(
-+ struct service_client *context,
-+ uint32_t op_handle,
-+ const uint8_t *iv,
-+ size_t iv_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_CIPHER_SET_IV_SID,
-+ .op_handle = op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ { .base = psa_ptr_const_to_u32(iv), .len = iv_length },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_update(
-+ struct service_client *context,
-+ uint32_t op_handle,
-+ const uint8_t *input,
-+ size_t input_length,
-+ uint8_t *output,
-+ size_t output_size,
-+ size_t *output_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_CIPHER_UPDATE_SID,
-+ .op_handle = op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ { .base = psa_ptr_const_to_u32(input), .len = input_length },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+ { .base = psa_ptr_to_u32(output), .len = output_size },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ *output_length = out_vec[1].len;
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_finish(
-+ struct service_client *context,
-+ uint32_t op_handle,
-+ uint8_t *output,
-+ size_t output_size,
-+ size_t *output_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_CIPHER_FINISH_SID,
-+ .op_handle = op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+ { .base = psa_ptr_to_u32(output), .len = output_size },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ *output_length = out_vec[1].len;
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_abort(
-+ struct service_client *context,
-+ uint32_t op_handle)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_CIPHER_ABORT_SID,
-+ .op_handle = op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+static inline size_t crypto_caller_cipher_max_update_size(const struct service_client *context)
-+{
-+ /* Returns the maximum number of bytes that may be
-+ * carried as a parameter of the cipher_update operation
-+ * using the ipc encoding.
-+ */
-+ size_t payload_space = context->service_info.max_payload;
-+ size_t overhead = iov_size;
-+
-+ /* Allow for output to be a whole number of blocks */
-+ overhead += PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE;
-+
-+ return (payload_space > overhead) ? payload_space - overhead : 0;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_CIPHER_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
-new file mode 100644
-index 000000000000..9a988171b098
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
-@@ -0,0 +1,57 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_COPY_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_COPY_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_copy_key(struct service_client *context,
-+ psa_key_id_t source_key,
-+ const psa_key_attributes_t *attributes,
-+ psa_key_id_t *target_key)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_COPY_KEY_SID,
-+ .key_id = source_key,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+ { .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(target_key), .len = sizeof(psa_key_id_t) }
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_COPY_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
-new file mode 100644
-index 000000000000..d00f4faa7a52
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
-@@ -0,0 +1,51 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_destroy_key(struct service_client *context,
-+ psa_key_id_t id)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_DESTROY_KEY_SID,
-+ .key_id = id,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), NULL, 0);
-+
-+ return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
-new file mode 100644
-index 000000000000..8ac5477f7b9a
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
-@@ -0,0 +1,59 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_export_key(struct service_client *context,
-+ psa_key_id_t id,
-+ uint8_t *data,
-+ size_t data_size,
-+ size_t *data_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_EXPORT_KEY_SID,
-+ .key_id = id,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(data), .len = data_size }
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ *data_length = out_vec[0].len;
-+
-+ return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
-new file mode 100644
-index 000000000000..b24c47f1257e
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
-@@ -0,0 +1,59 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_export_public_key(struct service_client *context,
-+ psa_key_id_t id,
-+ uint8_t *data,
-+ size_t data_size,
-+ size_t *data_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
-+ .key_id = id,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(data), .len = data_size }
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ *data_length = out_vec[0].len;
-+
-+ return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
-new file mode 100644
-index 000000000000..1b66ed4020de
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
-@@ -0,0 +1,55 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_generate_key(struct service_client *context,
-+ const psa_key_attributes_t *attributes,
-+ psa_key_id_t *id)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_GENERATE_KEY_SID,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+ { .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(id), .len = sizeof(psa_key_id_t) }
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
-new file mode 100644
-index 000000000000..7c538237805a
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
-@@ -0,0 +1,57 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H
-+#define PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_generate_random(struct service_client *context,
-+ uint8_t *output,
-+ size_t output_size)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_GENERATE_RANDOM_SID,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(output), .len = output_size }
-+ };
-+
-+ if (!output_size)
-+ return PSA_SUCCESS;
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
-new file mode 100644
-index 000000000000..22f1d18f1476
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
-@@ -0,0 +1,56 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H
-+#define PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_get_key_attributes(
-+ struct service_client *context,
-+ psa_key_id_t key,
-+ psa_key_attributes_t *attributes)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID,
-+ .key_id = key,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(attributes), .len = sizeof(psa_key_attributes_t) }
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-new file mode 100644
-index 000000000000..9f37908a2f25
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-@@ -0,0 +1,220 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_HASH_H
-+#define PSA_IPC_CRYPTO_CALLER_HASH_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_hash_setup(
-+ struct service_client *context,
-+ uint32_t *op_handle,
-+ psa_algorithm_t alg)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_HASH_SETUP_SID,
-+ .alg = alg,
-+ .op_handle = *op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_update(
-+ struct service_client *context,
-+ uint32_t op_handle,
-+ const uint8_t *input,
-+ size_t input_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_HASH_UPDATE_SID,
-+ .op_handle = op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ { .base = psa_ptr_const_to_u32(input), .len = input_length },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_finish(
-+ struct service_client *context,
-+ uint32_t op_handle,
-+ uint8_t *hash,
-+ size_t hash_size,
-+ size_t *hash_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_HASH_FINISH_SID,
-+ .op_handle = op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+ { .base = psa_ptr_to_u32(hash), .len = hash_size},
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ *hash_length = out_vec[1].len;
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_abort(
-+ struct service_client *context,
-+ uint32_t op_handle)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_HASH_ABORT_SID,
-+ .op_handle = op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_verify(
-+ struct service_client *context,
-+ uint32_t op_handle,
-+ const uint8_t *hash,
-+ size_t hash_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_HASH_VERIFY_SID,
-+ .op_handle = op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ { .base = psa_ptr_const_to_u32(hash), .len = hash_length},
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_clone(
-+ struct service_client *context,
-+ uint32_t source_op_handle,
-+ uint32_t *target_op_handle)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_HASH_CLONE_SID,
-+ .op_handle = source_op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(target_op_handle),
-+ .len = sizeof(uint32_t) },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_suspend(struct service_client *context,
-+ uint32_t op_handle,
-+ uint8_t *hash_state,
-+ size_t hash_state_size,
-+ size_t *hash_state_length)
-+{
-+ return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_resume(struct service_client *context,
-+ uint32_t op_handle,
-+ const uint8_t *hash_state,
-+ size_t hash_state_length)
-+{
-+ return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline size_t crypto_caller_hash_max_update_size(const struct service_client *context)
-+{
-+ /* Returns the maximum number of bytes that may be
-+ * carried as a parameter of the hash_update operation
-+ * using the packed-c encoding.
-+ */
-+ size_t payload_space = context->service_info.max_payload;
-+ size_t overhead = iov_size;
-+
-+ return (payload_space > overhead) ? payload_space - overhead : 0;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_HASH_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
-new file mode 100644
-index 000000000000..d47033662790
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
-@@ -0,0 +1,57 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_IMPORT_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_IMPORT_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_import_key(struct service_client *context,
-+ const psa_key_attributes_t *attributes,
-+ const uint8_t *data, size_t data_length,
-+ psa_key_id_t *id)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_IMPORT_KEY_SID,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+ { .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) },
-+ { .base = psa_ptr_const_to_u32(data), .len = data_length }
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(id), .len = sizeof(psa_key_id_t) }
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PACKEDC_CRYPTO_CALLER_IMPORT_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h
-new file mode 100644
-index 000000000000..2fad2f0a64e6
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h
-@@ -0,0 +1,51 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H
-+#define PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H
-+
-+#include <psa/crypto.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline void packedc_crypto_caller_translate_key_attributes_to_proto(
-+ struct ts_crypto_key_attributes *proto_attributes,
-+ const psa_key_attributes_t *psa_attributes)
-+{
-+ proto_attributes->type = psa_get_key_type(psa_attributes);
-+ proto_attributes->key_bits = psa_get_key_bits(psa_attributes);
-+ proto_attributes->lifetime = psa_get_key_lifetime(psa_attributes);
-+ proto_attributes->id = psa_get_key_id(psa_attributes);
-+
-+ proto_attributes->policy.usage = psa_get_key_usage_flags(psa_attributes);
-+ proto_attributes->policy.alg = psa_get_key_algorithm(psa_attributes);
-+ }
-+
-+static inline void packedc_crypto_caller_translate_key_attributes_from_proto(
-+ psa_key_attributes_t *psa_attributes,
-+ const struct ts_crypto_key_attributes *proto_attributes)
-+{
-+ psa_set_key_type(psa_attributes, proto_attributes->type);
-+ psa_set_key_bits(psa_attributes, proto_attributes->key_bits);
-+ psa_set_key_lifetime(psa_attributes, proto_attributes->lifetime);
-+
-+ if (proto_attributes->lifetime == PSA_KEY_LIFETIME_PERSISTENT) {
-+
-+ psa_set_key_id(psa_attributes, proto_attributes->id);
-+ }
-+
-+ psa_set_key_usage_flags(psa_attributes, proto_attributes->policy.usage);
-+ psa_set_key_algorithm(psa_attributes, proto_attributes->policy.alg);
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
-new file mode 100644
-index 000000000000..5ce4fb6cca82
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
-@@ -0,0 +1,298 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H
-+#define PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_key_derivation_setup(
-+ struct service_client *context,
-+ uint32_t *op_handle,
-+ psa_algorithm_t alg)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID,
-+ .alg = alg,
-+ .op_handle = *op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_get_capacity(
-+ struct service_client *context,
-+ const uint32_t op_handle,
-+ size_t *capacity)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID,
-+ .op_handle = op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(capacity), .len = sizeof(uint32_t) }
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_set_capacity(
-+ struct service_client *context,
-+ uint32_t op_handle,
-+ size_t capacity)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID,
-+ .capacity = capacity,
-+ .op_handle = op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), NULL, 0);
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_input_bytes(
-+ struct service_client *context,
-+ uint32_t op_handle,
-+ psa_key_derivation_step_t step,
-+ const uint8_t *data,
-+ size_t data_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID,
-+ .step = step,
-+ .op_handle = op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ { .base = psa_ptr_const_to_u32(data), .len = data_length },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), NULL, 0);
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_input_key(
-+ struct service_client *context,
-+ uint32_t op_handle,
-+ psa_key_derivation_step_t step,
-+ psa_key_id_t key)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
-+ .key_id = key,
-+ .step = step,
-+ .op_handle = op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), NULL, 0);
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_output_bytes(
-+ struct service_client *context,
-+ uint32_t op_handle,
-+ uint8_t *output,
-+ size_t output_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID,
-+ .op_handle = op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(output), .len = output_length },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_output_key(
-+ struct service_client *context,
-+ const psa_key_attributes_t *attributes,
-+ uint32_t op_handle,
-+ psa_key_id_t *key)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID,
-+ .op_handle = op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ { .base = psa_ptr_const_to_u32(attributes),
-+ .len = sizeof(psa_key_attributes_t) },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(key), .len = sizeof(psa_key_id_t)},
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_abort(
-+ struct service_client *context,
-+ uint32_t op_handle)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID,
-+ .op_handle = op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_key_agreement(
-+ struct service_client *context,
-+ uint32_t op_handle,
-+ psa_key_derivation_step_t step,
-+ psa_key_id_t private_key,
-+ const uint8_t *peer_key,
-+ size_t peer_key_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
-+ .key_id = private_key,
-+ .step = step,
-+ .op_handle = op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ { .base = psa_ptr_const_to_u32(peer_key),
-+ .len = peer_key_length},
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), NULL, 0);
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_raw_key_agreement(
-+ struct service_client *context,
-+ psa_algorithm_t alg,
-+ psa_key_id_t private_key,
-+ const uint8_t *peer_key,
-+ size_t peer_key_length,
-+ uint8_t *output,
-+ size_t output_size,
-+ size_t *output_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
-+ .alg = alg,
-+ .key_id = private_key,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ { .base = psa_ptr_const_to_u32(peer_key),
-+ .len = peer_key_length},
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(output), .len = output_size },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ *output_length = out_vec[0].len;
-+
-+ return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
-new file mode 100644
-index 000000000000..3a820192495a
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
-@@ -0,0 +1,207 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_MAC_H
-+#define PSA_IPC_CRYPTO_CALLER_MAC_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_mac_sign_setup(
-+ struct service_client *context,
-+ uint32_t *op_handle,
-+ psa_key_id_t key,
-+ psa_algorithm_t alg)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID,
-+ .key_id = key,
-+ .alg = alg,
-+ .op_handle = *op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_mac_verify_setup(
-+ struct service_client *context,
-+ uint32_t *op_handle,
-+ psa_key_id_t key,
-+ psa_algorithm_t alg)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
-+ .key_id = key,
-+ .alg = alg,
-+ .op_handle = *op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_mac_update(
-+ struct service_client *context,
-+ uint32_t op_handle,
-+ const uint8_t *input,
-+ size_t input_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_MAC_UPDATE_SID,
-+ .op_handle = op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ { .base = psa_ptr_const_to_u32(input), .len = input_length },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_mac_sign_finish(
-+ struct service_client *context,
-+ uint32_t op_handle,
-+ uint8_t *mac,
-+ size_t mac_size,
-+ size_t *mac_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID,
-+ .op_handle = op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+ { .base = psa_ptr_to_u32(mac), .len = mac_size },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ *mac_length = out_vec[1].len;
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_mac_verify_finish(
-+ struct service_client *context,
-+ uint32_t op_handle,
-+ const uint8_t *mac,
-+ size_t mac_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID,
-+ .op_handle = op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ { .base = psa_ptr_const_to_u32(mac), .len = mac_length },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+static inline psa_status_t crypto_caller_mac_abort(
-+ struct service_client *context,
-+ uint32_t op_handle)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_MAC_ABORT_SID,
-+ .op_handle = op_handle,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
-+}
-+
-+static inline size_t crypto_caller_mac_max_update_size(const struct service_client *context)
-+{
-+ /* Returns the maximum number of bytes that may be
-+ * carried as a parameter of the mac_update operation
-+ * using the packed-c encoding.
-+ */
-+ size_t payload_space = context->service_info.max_payload;
-+ size_t overhead = iov_size;
-+
-+ return (payload_space > overhead) ? payload_space - overhead : 0;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_MAC_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
-new file mode 100644
-index 000000000000..a3a796e2166c
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
-@@ -0,0 +1,51 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PACKEDC_CRYPTO_CALLER_PURGE_KEY_H
-+#define PACKEDC_CRYPTO_CALLER_PURGE_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_purge_key(struct service_client *context,
-+ psa_key_id_t id)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_PURGE_KEY_SID,
-+ .key_id = id,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), NULL, 0);
-+
-+ return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PACKEDC_CRYPTO_CALLER_PURGE_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-new file mode 100644
-index 000000000000..71d88cededf5
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-@@ -0,0 +1,64 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H
-+#define PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_sign_hash(struct service_client *context,
-+ psa_key_id_t id,
-+ psa_algorithm_t alg,
-+ const uint8_t *hash,
-+ size_t hash_length,
-+ uint8_t *signature,
-+ size_t signature_size,
-+ size_t *signature_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_SIGN_HASH_SID,
-+ .key_id = id,
-+ .alg = alg,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ { .base = psa_ptr_const_to_u32(hash), .len = hash_length },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(signature), .len = signature_size },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ *signature_length = out_vec[0].len;
-+
-+ return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-new file mode 100644
-index 000000000000..e16f6e5450af
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-@@ -0,0 +1,59 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H
-+#define PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_verify_hash(struct service_client *context,
-+ psa_key_id_t id,
-+ psa_algorithm_t alg,
-+ const uint8_t *hash,
-+ size_t hash_length,
-+ const uint8_t *signature,
-+ size_t signature_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_VERIFY_HASH_SID,
-+ .key_id = id,
-+ .alg = alg,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+ { .base = psa_ptr_const_to_u32(hash), .len = hash_length },
-+ { .base = psa_ptr_const_to_u32(signature), .len = signature_length},
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), NULL, 0);
-+
-+ return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H */
-diff --git a/components/service/crypto/include/psa/crypto_client_struct.h b/components/service/crypto/include/psa/crypto_client_struct.h
-index abd420c82607..bf95c9821e55 100644
---- a/components/service/crypto/include/psa/crypto_client_struct.h
-+++ b/components/service/crypto/include/psa/crypto_client_struct.h
-@@ -31,12 +31,12 @@ extern "C" {
- * data structure internally. */
- struct psa_client_key_attributes_s
- {
-+ uint16_t type;
-+ uint16_t bits;
- uint32_t lifetime;
-- uint32_t id;
-- uint32_t alg;
-+ psa_key_id_t id;
- uint32_t usage;
-- size_t bits;
-- uint16_t type;
-+ uint32_t alg;
- };
-
- #define PSA_CLIENT_KEY_ATTRIBUTES_INIT {0, 0, 0, 0, 0, 0}
-diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h
-index 7a0149bbca62..4d7bf6e959b0 100644
---- a/components/service/crypto/include/psa/crypto_sizes.h
-+++ b/components/service/crypto/include/psa/crypto_sizes.h
-@@ -81,7 +81,7 @@
- #define PSA_HASH_MAX_SIZE 64
- #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
- #else
--#define PSA_HASH_MAX_SIZE 32
-+#define PSA_HASH_MAX_SIZE 64
- #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
- #endif
-
-diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
-index 1110ac46bf8b..7edeef8b434a 100644
---- a/deployments/se-proxy/common/service_proxy_factory.c
-+++ b/deployments/se-proxy/common/service_proxy_factory.c
-@@ -15,7 +15,7 @@
- #include <trace.h>
-
- /* Stub backends */
--#include <service/crypto/backend/stub/stub_crypto_backend.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
- #include <service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h>
- #include <service/secure_storage/backend/mock_store/mock_store.h>
-
-@@ -47,12 +47,17 @@ struct rpc_interface *crypto_proxy_create(void)
- {
- struct rpc_interface *crypto_iface = NULL;
- struct crypto_provider *crypto_provider;
-+ struct rpc_caller *crypto_caller;
-
-- if (stub_crypto_backend_init() == PSA_SUCCESS) {
-+ crypto_caller = openamp_caller_init(&openamp);
-+ if (!crypto_caller)
-+ return NULL;
-+
-+ if (crypto_ipc_backend_init(&openamp.rpc_caller) != PSA_SUCCESS)
-+ return NULL;
-
-- crypto_provider = crypto_provider_factory_create();
-- crypto_iface = service_provider_get_rpc_interface(&crypto_provider->base_provider);
-- }
-+ crypto_provider = crypto_provider_factory_create();
-+ crypto_iface = service_provider_get_rpc_interface(&crypto_provider->base_provider);
-
- return crypto_iface;
- }
-diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
-index bb778bb9719b..51e5faa3e4d8 100644
---- a/platform/providers/arm/corstone1000/platform.cmake
-+++ b/platform/providers/arm/corstone1000/platform.cmake
-@@ -8,3 +8,5 @@
-
- # include MHU driver
- include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake)
-+
-+add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
---
-2.38.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch
deleted file mode 100644
index 22b1da6..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 229ec29154a4404426ad3083af68ca111a214e13 Mon Sep 17 00:00:00 2001
-From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-Date: Thu, 16 Dec 2021 21:31:40 +0000
-Subject: [PATCH 14/20] Configure storage size
-
-Upstream-Status: Pending
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../service/smm_variable/backend/uefi_variable_store.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
-index 611e2e225c6b..6c3b9ed81c25 100644
---- a/components/service/smm_variable/backend/uefi_variable_store.c
-+++ b/components/service/smm_variable/backend/uefi_variable_store.c
-@@ -88,6 +88,7 @@ static efi_status_t check_name_terminator(
- * may be overridden using uefi_variable_store_set_storage_limits()
- */
- #define DEFAULT_MAX_VARIABLE_SIZE (2048)
-+#define CONFIGURE_STORAGE_SIZE (50)
-
- efi_status_t uefi_variable_store_init(
- struct uefi_variable_store *context,
-@@ -101,13 +102,13 @@ efi_status_t uefi_variable_store_init(
- /* Initialise persistent store defaults */
- context->persistent_store.is_nv = true;
- context->persistent_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE;
-- context->persistent_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables;
-+ context->persistent_store.total_capacity = CONFIGURE_STORAGE_SIZE * max_variables;
- context->persistent_store.storage_backend = persistent_store;
-
- /* Initialise volatile store defaults */
- context->volatile_store.is_nv = false;
- context->volatile_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE;
-- context->volatile_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables;
-+ context->volatile_store.total_capacity = CONFIGURE_STORAGE_SIZE * max_variables;
- context->volatile_store.storage_backend = volatile_store;
-
- context->owner_id = owner_id;
---
-2.38.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch
deleted file mode 100644
index 426f2ca..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From cf83184500703f9b4f2ac04be59cc7d624d8fd66 Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Sun, 13 Feb 2022 09:01:10 +0000
-Subject: [PATCH 15/20] Fix: Crypto interface structure aligned with tf-m
- change.
-
-NO NEED TO RAISE PR: The PR for this FIX is raied by Emek.
-
-Upstream-Status: Pending
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-index c13c20e84131..ec25eaf868c7 100644
---- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-@@ -38,7 +38,8 @@ struct psa_ipc_crypto_pack_iovec {
- * multipart operation
- */
- uint32_t capacity; /*!< Key derivation capacity */
--
-+ uint32_t ad_length; /*!< Additional Data length for multipart AEAD */
-+ uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */
- struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for
- * AEAD until the API is
- * restructured
---
-2.38.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch
deleted file mode 100644
index a59d140..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch
+++ /dev/null
@@ -1,494 +0,0 @@
-From 551d8722769fa2f2d2ac74adcb289333a9b03598 Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Sun, 13 Feb 2022 09:49:51 +0000
-Subject: [PATCH 16/20] Integrate remaining psa-ipc client APIs.
-
-Upstream-Status: Pending
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../caller/psa_ipc/crypto_caller_aead.h | 297 +++++++++++++++++-
- .../caller/psa_ipc/crypto_caller_sign_hash.h | 35 +++
- .../psa_ipc/crypto_caller_verify_hash.h | 33 +-
- 3 files changed, 352 insertions(+), 13 deletions(-)
-
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-index 78517fe32ca9..f6aadd8b9098 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-@@ -152,7 +152,27 @@ static inline psa_status_t crypto_caller_aead_encrypt_setup(
- psa_key_id_t key,
- psa_algorithm_t alg)
- {
-- return PSA_ERROR_NOT_SUPPORTED;
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
-+ .key_id = key,
-+ .alg = alg,
-+ .op_handle = (*op_handle),
-+ };
-+
-+ struct psa_invec in_vec[] = {
-+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}
-+ };
-+ struct psa_outvec out_vec[] = {
-+ {.base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t)}
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
- }
-
- static inline psa_status_t crypto_caller_aead_decrypt_setup(
-@@ -161,7 +181,26 @@ static inline psa_status_t crypto_caller_aead_decrypt_setup(
- psa_key_id_t key,
- psa_algorithm_t alg)
- {
-- return PSA_ERROR_NOT_SUPPORTED;
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
-+ .key_id = key,
-+ .alg = alg,
-+ .op_handle = (*op_handle),
-+ };
-+
-+ struct psa_invec in_vec[] = {
-+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}
-+ };
-+ struct psa_outvec out_vec[] = {
-+ {.base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t)}
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+ return status;
- }
-
- static inline psa_status_t crypto_caller_aead_generate_nonce(
-@@ -171,7 +210,27 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
- size_t nonce_size,
- size_t *nonce_length)
- {
-- return PSA_ERROR_NOT_SUPPORTED;
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
-+ .op_handle = op_handle,
-+ };
-+
-+ struct psa_invec in_vec[] = {
-+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+ };
-+ struct psa_outvec out_vec[] = {
-+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
-+ {.base = psa_ptr_to_u32(nonce), .len = nonce_size}
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ *nonce_length = out_vec[1].len;
-+ return status;
- }
-
- static inline psa_status_t crypto_caller_aead_set_nonce(
-@@ -180,7 +239,25 @@ static inline psa_status_t crypto_caller_aead_set_nonce(
- const uint8_t *nonce,
- size_t nonce_length)
- {
-- return PSA_ERROR_NOT_SUPPORTED;
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
-+ .op_handle = op_handle,
-+ };
-+
-+ struct psa_invec in_vec[] = {
-+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+ {.base = psa_ptr_to_u32(nonce), .len = nonce_length}
-+ };
-+ struct psa_outvec out_vec[] = {
-+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+ return status;
- }
-
- static inline psa_status_t crypto_caller_aead_set_lengths(
-@@ -189,7 +266,27 @@ static inline psa_status_t crypto_caller_aead_set_lengths(
- size_t ad_length,
- size_t plaintext_length)
- {
-- return PSA_ERROR_NOT_SUPPORTED;
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
-+ .ad_length = ad_length,
-+ .plaintext_length = plaintext_length,
-+ .op_handle = op_handle,
-+ };
-+
-+ struct psa_invec in_vec[] = {
-+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+ };
-+ struct psa_outvec out_vec[] = {
-+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ return status;
- }
-
- static inline psa_status_t crypto_caller_aead_update_ad(
-@@ -198,7 +295,35 @@ static inline psa_status_t crypto_caller_aead_update_ad(
- const uint8_t *input,
- size_t input_length)
- {
-- return PSA_ERROR_NOT_SUPPORTED;
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
-+ .op_handle = op_handle,
-+ };
-+
-+ /* Sanitize the optional input */
-+ if ((input == NULL) && (input_length != 0)) {
-+ return PSA_ERROR_INVALID_ARGUMENT;
-+ }
-+
-+ struct psa_invec in_vec[] = {
-+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+ {.base = psa_ptr_const_to_u32(input), .len = input_length}
-+ };
-+ struct psa_outvec out_vec[] = {
-+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}
-+ };
-+
-+ size_t in_len = IOVEC_LEN(in_vec);
-+
-+ if (input == NULL) {
-+ in_len--;
-+ }
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ in_len, out_vec, IOVEC_LEN(out_vec));
-+ return status;
- }
-
- static inline psa_status_t crypto_caller_aead_update(
-@@ -210,7 +335,38 @@ static inline psa_status_t crypto_caller_aead_update(
- size_t output_size,
- size_t *output_length)
- {
-- return PSA_ERROR_NOT_SUPPORTED;
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID,
-+ .op_handle = op_handle,
-+ };
-+
-+ /* Sanitize the optional input */
-+ if ((input == NULL) && (input_length != 0)) {
-+ return PSA_ERROR_INVALID_ARGUMENT;
-+ }
-+
-+ struct psa_invec in_vec[] = {
-+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+ {.base = psa_ptr_const_to_u32(input), .len = input_length}
-+ };
-+ struct psa_outvec out_vec[] = {
-+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
-+ {.base = psa_ptr_const_to_u32(output), .len = output_size},
-+ };
-+
-+ size_t in_len = IOVEC_LEN(in_vec);
-+
-+ if (input == NULL) {
-+ in_len--;
-+ }
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ in_len, out_vec, IOVEC_LEN(out_vec));
-+
-+ *output_length = out_vec[1].len;
-+ return status;
- }
-
- static inline psa_status_t crypto_caller_aead_finish(
-@@ -223,7 +379,48 @@ static inline psa_status_t crypto_caller_aead_finish(
- size_t tag_size,
- size_t *tag_length)
- {
-- return PSA_ERROR_NOT_SUPPORTED;
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_AEAD_FINISH_SID,
-+ .op_handle = op_handle,
-+ };
-+
-+ /* Sanitize the optional output */
-+ if ((aeadtext == NULL) && (aeadtext_size != 0)) {
-+ return PSA_ERROR_INVALID_ARGUMENT;
-+ }
-+
-+ struct psa_invec in_vec[] = {
-+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+ };
-+ struct psa_outvec out_vec[] = {
-+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
-+ {.base = psa_ptr_const_to_u32(tag), .len = tag_size},
-+ {.base = psa_ptr_const_to_u32(aeadtext), .len = aeadtext_size}
-+ };
-+
-+ size_t out_len = IOVEC_LEN(out_vec);
-+
-+ if (aeadtext == NULL || aeadtext_size == 0) {
-+ out_len--;
-+ }
-+ if ((out_len == 3) && (aeadtext_length == NULL)) {
-+ return PSA_ERROR_INVALID_ARGUMENT;
-+ }
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, out_len);
-+
-+ *tag_length = out_vec[1].len;
-+
-+ if (out_len == 3) {
-+ *aeadtext_length = out_vec[2].len;
-+ } else {
-+ *aeadtext_length = 0;
-+ }
-+ return status;
- }
-
- static inline psa_status_t crypto_caller_aead_verify(
-@@ -235,14 +432,94 @@ static inline psa_status_t crypto_caller_aead_verify(
- const uint8_t *tag,
- size_t tag_length)
- {
-- return PSA_ERROR_NOT_SUPPORTED;
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID,
-+ .op_handle = op_handle,
-+ };
-+
-+ /* Sanitize the optional output */
-+ if ((plaintext == NULL) && (plaintext_size != 0)) {
-+ return PSA_ERROR_INVALID_ARGUMENT;
-+ }
-+
-+ struct psa_invec in_vec[] = {
-+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+ {.base = psa_ptr_const_to_u32(tag), .len = tag_length}
-+ };
-+ struct psa_outvec out_vec[] = {
-+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
-+ {.base = psa_ptr_const_to_u32(plaintext), .len = plaintext_size},
-+ };
-+
-+ size_t out_len = IOVEC_LEN(out_vec);
-+
-+ if (plaintext == NULL || plaintext_size == 0) {
-+ out_len--;
-+ }
-+ if ((out_len == 2) && (plaintext_length == NULL)) {
-+ return PSA_ERROR_INVALID_ARGUMENT;
-+ }
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, out_len);
-+
-+ if (out_len == 2) {
-+ *plaintext_length = out_vec[1].len;
-+ } else {
-+ *plaintext_length = 0;
-+ }
-+ return status;
- }
-
- static inline psa_status_t crypto_caller_aead_abort(
- struct service_client *context,
- uint32_t op_handle)
- {
-- return PSA_ERROR_NOT_SUPPORTED;
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_AEAD_ABORT_SID,
-+ .op_handle = op_handle,
-+ };
-+
-+ struct psa_invec in_vec[] = {
-+ {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+ };
-+ struct psa_outvec out_vec[] = {
-+ {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+ return status;
-+}
-+
-+static inline size_t crypto_caller_aead_max_update_size(const struct service_client *context)
-+{
-+ /* Returns the maximum number of bytes that may be
-+ * carried as a parameter of the mac_update operation
-+ * using the packed-c encoding.
-+ */
-+ size_t payload_space = context->service_info.max_payload;
-+ size_t overhead = iov_size;
-+
-+ return (payload_space > overhead) ? payload_space - overhead : 0;
-+}
-+
-+static inline size_t crypto_caller_aead_max_update_ad_size(const struct service_client *context)
-+{
-+ /* Returns the maximum number of bytes that may be
-+ * carried as a parameter of the mac_update operation
-+ * using the packed-c encoding.
-+ */
-+ size_t payload_space = context->service_info.max_payload;
-+ size_t overhead = iov_size;
-+
-+ return (payload_space > overhead) ? payload_space - overhead : 0;
- }
-
- #ifdef __cplusplus
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-index 71d88cededf5..e4a2b167defb 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-@@ -57,6 +57,41 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex
- return status;
- }
-
-+static inline psa_status_t crypto_caller_sign_message(struct service_client *context,
-+ psa_key_id_t id,
-+ psa_algorithm_t alg,
-+ const uint8_t *hash,
-+ size_t hash_length,
-+ uint8_t *signature,
-+ size_t signature_size,
-+ size_t *signature_length)
-+{
-+ struct service_client *ipc = context;
-+ struct rpc_caller *caller = ipc->caller;
-+ psa_status_t status;
-+ struct psa_ipc_crypto_pack_iovec iov = {
-+ .sfn_id = TFM_CRYPTO_SIGN_MESSAGE_SID,
-+ .key_id = id,
-+ .alg = alg,
-+ };
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ { .base = psa_ptr_const_to_u32(hash), .len = hash_length },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(signature), .len = signature_size },
-+ };
-+
-+ status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+ IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ *signature_length = out_vec[0].len;
-+
-+ return status;
-+}
-+
-+
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-index e16f6e5450af..cc9279ee79f2 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-@@ -24,19 +24,20 @@
- extern "C" {
- #endif
-
--static inline psa_status_t crypto_caller_verify_hash(struct service_client *context,
-+static inline psa_status_t crypto_caller_common(struct service_client *context,
- psa_key_id_t id,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- const uint8_t *signature,
-- size_t signature_length)
-+ size_t signature_length,
-+ uint32_t sfn_id)
- {
- struct service_client *ipc = context;
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_VERIFY_HASH_SID,
-+ .sfn_id = sfn_id,
- .key_id = id,
- .alg = alg,
- };
-@@ -52,6 +53,32 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont
- return status;
- }
-
-+static inline psa_status_t crypto_caller_verify_hash(struct service_client *context,
-+ psa_key_id_t id,
-+ psa_algorithm_t alg,
-+ const uint8_t *hash,
-+ size_t hash_length,
-+ const uint8_t *signature,
-+ size_t signature_length)
-+{
-+
-+ return crypto_caller_common(context,id,alg,hash,hash_length,
-+ signature,signature_length, TFM_CRYPTO_VERIFY_HASH_SID);
-+}
-+
-+static inline psa_status_t crypto_caller_verify_message(struct service_client *context,
-+ psa_key_id_t id,
-+ psa_algorithm_t alg,
-+ const uint8_t *hash,
-+ size_t hash_length,
-+ const uint8_t *signature,
-+ size_t signature_length)
-+{
-+
-+ return crypto_caller_common(context,id,alg,hash,hash_length,
-+ signature,signature_length, TFM_CRYPTO_VERIFY_MESSAGE_SID);
-+}
-+
- #ifdef __cplusplus
- }
- #endif
---
-2.38.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch
deleted file mode 100644
index 4adcd90..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 5a5e162e17c9decb04b3b2905a0fb604e8f06e91 Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Mon, 14 Feb 2022 17:52:00 +0000
-Subject: [PATCH 17/20] Fix : update psa_set_key_usage_flags definition to the
- latest from the tf-m
-
-Upstream-Status: Pending
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- components/service/crypto/include/psa/crypto_struct.h | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/components/service/crypto/include/psa/crypto_struct.h b/components/service/crypto/include/psa/crypto_struct.h
-index 1bc55e375eea..b4a7ed4b39d3 100644
---- a/components/service/crypto/include/psa/crypto_struct.h
-+++ b/components/service/crypto/include/psa/crypto_struct.h
-@@ -155,9 +155,19 @@ static inline psa_key_lifetime_t psa_get_key_lifetime(
- return( attributes->lifetime );
- }
-
-+static inline void psa_extend_key_usage_flags( psa_key_usage_t *usage_flags )
-+{
-+ if( *usage_flags & PSA_KEY_USAGE_SIGN_HASH )
-+ *usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE;
-+
-+ if( *usage_flags & PSA_KEY_USAGE_VERIFY_HASH )
-+ *usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE;
-+}
-+
- static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
- psa_key_usage_t usage_flags)
- {
-+ psa_extend_key_usage_flags( &usage_flags );
- attributes->usage = usage_flags;
- }
-
---
-2.38.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch
deleted file mode 100644
index 02c89d8..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From c519bae79629bfe551d79cfeb4e7d8a059545145 Mon Sep 17 00:00:00 2001
-From: Rui Miguel Silva <rui.silva@linaro.org>
-Date: Tue, 11 Oct 2022 10:46:10 +0100
-Subject: [PATCH 19/20] plat: corstone1000: change default smm values
-
-Smm gateway uses SE proxy to route the calls for any NV
-storage so set the NV_STORE_SN.
-Change the storage index uid because TF-M in the secure
-enclave reserves the default value (0x1) to some internal
-operation.
-Increase the maximum number of uefi variables to cope with all
-the needs for testing and certification
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- platform/providers/arm/corstone1000/platform.cmake | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
-index 51e5faa3e4d8..04b629a81906 100644
---- a/platform/providers/arm/corstone1000/platform.cmake
-+++ b/platform/providers/arm/corstone1000/platform.cmake
-@@ -10,3 +10,9 @@
- include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake)
-
- add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-+
-+target_compile_definitions(${TGT} PRIVATE
-+ SMM_GATEWAY_NV_STORE_SN="sn:ffa:46bb39d1-b4d9-45b5-88ff-040027dab249:1"
-+ SMM_VARIABLE_INDEX_STORAGE_UID=0x787
-+ SMM_GATEWAY_MAX_UEFI_VARIABLES=100
-+)
---
-2.38.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch
deleted file mode 100644
index 87c053f..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 6d3cac6f3a6e977e9330c9c06514a372ade170a2 Mon Sep 17 00:00:00 2001
-From: Emekcan <emekcan.aras@arm.com>
-Date: Wed, 2 Nov 2022 09:58:27 +0000
-Subject: [PATCH] smm_gateway: add checks for null attributes
-
-As par EDK-2 and EDK-2 test code, setVariable() with 0
-attributes means a delete variable request. Currently,
-smm gatway doesn't handle this scenario. This commit adds
-that support.
-
-Upstream-Status: Pending
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
----
- components/service/smm_variable/backend/uefi_variable_store.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
-index 6c3b9ed8..a691dc5d 100644
---- a/components/service/smm_variable/backend/uefi_variable_store.c
-+++ b/components/service/smm_variable/backend/uefi_variable_store.c
-@@ -202,9 +202,9 @@ efi_status_t uefi_variable_store_set_variable(
- if (info->is_variable_set) {
-
- /* It's a request to update to an existing variable */
-- if (!(var->Attributes &
-+ if (!(var->Attributes) || (!(var->Attributes &
- (EFI_VARIABLE_APPEND_WRITE | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS_MASK)) &&
-- !var->DataSize) {
-+ !var->DataSize)) {
-
- /* It's a remove operation - for a remove, the variable
- * data must be removed from the storage backend before
---
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch
deleted file mode 100644
index ed4e6e2..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 2aa665ad2cb13bc79b645db41686449a47593aab Mon Sep 17 00:00:00 2001
-From: Emekcan <emekcan.aras@arm.com>
-Date: Thu, 3 Nov 2022 17:43:40 +0000
-Subject: [PATCH] smm_gateway: GetNextVariableName Fix
-
-GetNextVariableName() should return EFI_BUFFER_TOO_SMALL
-when NameSize is smaller than the actual NameSize. It
-currently returns EFI_BUFFER_OUT_OF_RESOURCES due to setting
-max_name_len incorrectly. This fixes max_name_len error by
-replacing it with actual NameSize request by u-boot.
-
-Upstream-Status: Pending
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
----
- .../service/smm_variable/provider/smm_variable_provider.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/components/service/smm_variable/provider/smm_variable_provider.c b/components/service/smm_variable/provider/smm_variable_provider.c
-index a9679b7e..6a4b6fa7 100644
---- a/components/service/smm_variable/provider/smm_variable_provider.c
-+++ b/components/service/smm_variable/provider/smm_variable_provider.c
-@@ -197,7 +197,7 @@ static rpc_status_t get_next_variable_name_handler(void *context, struct call_re
- efi_status = uefi_variable_store_get_next_variable_name(
- &this_instance->variable_store,
- (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data,
-- max_name_len,
-+ ((SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data)->NameSize,
- &resp_buf->data_len);
- }
- else {
---
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0023-Use-the-stateless-platform-service.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0023-Use-the-stateless-platform-service.patch
deleted file mode 100644
index 824196c..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0023-Use-the-stateless-platform-service.patch
+++ /dev/null
@@ -1,140 +0,0 @@
-From 956b8a8e1dd5702b9c1657f4ec27a7aeddb0758e Mon Sep 17 00:00:00 2001
-From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-Date: Mon, 21 Nov 2022 00:08:20 +0000
-Subject: [PATCH] Use the stateless platform service calls
-
-Calls to psa_connect is not needed and psa_call can be called
-directly with a pre defined handle.
-
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-Upstream-Status: Inappropriate [Design is to revisted]
-
----
- .../provider/capsule_update_provider.c | 24 ++++---------------
- .../provider/corstone1000_fmp_service.c | 10 ++++----
- .../provider/corstone1000_fmp_service.h | 3 +--
- components/service/common/include/psa/sid.h | 6 +++++
- 4 files changed, 16 insertions(+), 27 deletions(-)
-
-diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
-index 991a2235..6809249f 100644
---- a/components/service/capsule_update/provider/capsule_update_provider.c
-+++ b/components/service/capsule_update/provider/capsule_update_provider.c
-@@ -61,7 +61,6 @@ void capsule_update_provider_deinit(struct capsule_update_provider *context)
- static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
- {
- uint32_t ioctl_id;
-- psa_handle_t handle;
- rpc_status_t rpc_status = TS_RPC_CALL_ACCEPTED;
-
- struct psa_invec in_vec[] = {
-@@ -79,31 +78,18 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
- case CAPSULE_UPDATE_REQUEST:
- /* Openamp call with IOCTL for firmware update*/
- ioctl_id = IOCTL_CORSTONE1000_FWU_FLASH_IMAGES;
-- handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
-- TFM_SP_PLATFORM_IOCTL_VERSION);
-- if (handle <= 0) {
-- EMSG("%s Invalid handle", __func__);
-- rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
-- return rpc_status;
-- }
-- psa_call(caller,handle, PSA_IPC_CALL,
-+ psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
- in_vec,IOVEC_LEN(in_vec), NULL, 0);
-- set_fmp_image_info(caller, handle);
-+ set_fmp_image_info(caller);
- break;
-
- case KERNEL_STARTED_EVENT:
- ioctl_id = IOCTL_CORSTONE1000_FWU_HOST_ACK;
- /*openamp call with IOCTL for kernel start*/
-- handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
-- TFM_SP_PLATFORM_IOCTL_VERSION);
-- if (handle <= 0) {
-- EMSG("%s Invalid handle", __func__);
-- rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
-- return rpc_status;
-- }
-- psa_call(caller,handle, PSA_IPC_CALL,
-+
-+ psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
- in_vec,IOVEC_LEN(in_vec), NULL, 0);
-- set_fmp_image_info(caller, handle);
-+ set_fmp_image_info(caller);
- break;
- default:
- EMSG("%s unsupported opcode", __func__);
-diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
-index 6a7a47a7..d811af9f 100644
---- a/components/service/capsule_update/provider/corstone1000_fmp_service.c
-+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
-@@ -238,8 +238,7 @@ static psa_status_t unpack_image_info(void *buffer, uint32_t size)
- return PSA_SUCCESS;
- }
-
--static psa_status_t get_image_info(struct rpc_caller *caller,
-- psa_handle_t platform_service_handle)
-+static psa_status_t get_image_info(struct rpc_caller *caller)
- {
- psa_status_t status;
- psa_handle_t handle;
-@@ -255,7 +254,7 @@ static psa_status_t get_image_info(struct rpc_caller *caller,
-
- memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE);
-
-- psa_call(caller, platform_service_handle, PSA_IPC_CALL,
-+ psa_call(caller, TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
- in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-
- status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE);
-@@ -288,12 +287,11 @@ static psa_status_t set_image_info(struct rpc_caller *caller)
- return PSA_SUCCESS;
- }
-
--void set_fmp_image_info(struct rpc_caller *caller,
-- psa_handle_t platform_service_handle)
-+void set_fmp_image_info(struct rpc_caller *caller)
- {
- psa_status_t status;
-
-- status = get_image_info(caller, platform_service_handle);
-+ status = get_image_info(caller);
- if (status != PSA_SUCCESS) {
- return;
- }
-diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h
-index 95fba2a0..963223e8 100644
---- a/components/service/capsule_update/provider/corstone1000_fmp_service.h
-+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h
-@@ -16,8 +16,7 @@ extern "C" {
-
- void provision_fmp_variables_metadata(struct rpc_caller *caller);
-
--void set_fmp_image_info(struct rpc_caller *caller,
-- psa_handle_t platform_service_handle);
-+void set_fmp_image_info(struct rpc_caller *caller);
-
- #ifdef __cplusplus
- } /* extern "C" */
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index 7a29cc25..8103a9af 100644
---- a/components/service/common/include/psa/sid.h
-+++ b/components/service/common/include/psa/sid.h
-@@ -37,6 +37,12 @@ extern "C" {
- #define TFM_CRYPTO_VERSION (1U)
- #define TFM_CRYPTO_HANDLE (0x40000100U)
-
-+
-+/******** TFM_PLATFORM_SERVICE *******/
-+#define TFM_PLATFORM_API_ID_IOCTL (1013)
-+#define TFM_PLATFORM_SERVICE_HANDLE (0x40000105U)
-+
-+
- /**
- * \brief Define a progressive numerical value for each SID which can be used
- * when dispatching the requests to the service
---
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch
deleted file mode 100644
index 7e65de8..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch
+++ /dev/null
@@ -1,413 +0,0 @@
-From ca7d37502f9453125aead14c7ee5181336cbe8f4 Mon Sep 17 00:00:00 2001
-From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-Date: Thu, 9 Feb 2023 00:22:40 +0000
-Subject: [PATCH 1/3] TF-Mv1.7 alignment: Align PSA Crypto SIDs
-
-This patch is to change the PSA Crypto SIDs to match the values of the
-PSA Crypto SID definitions in TF-M v1.7 running on the secure enclave
-
-Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-Upstream-Status: Pending [Not submitted yet]
----
- .../service/common/include/psa/crypto_sid.h | 241 ++++++++++++++++++
- components/service/common/include/psa/sid.h | 78 +-----
- .../caller/psa_ipc/crypto_caller_sign_hash.h | 4 +-
- .../psa_ipc/crypto_caller_verify_hash.h | 4 +-
- 4 files changed, 249 insertions(+), 78 deletions(-)
- create mode 100644 components/service/common/include/psa/crypto_sid.h
-
-diff --git a/components/service/common/include/psa/crypto_sid.h b/components/service/common/include/psa/crypto_sid.h
-new file mode 100644
-index 00000000..5b05f46d
---- /dev/null
-+++ b/components/service/common/include/psa/crypto_sid.h
-@@ -0,0 +1,241 @@
-+/*
-+ * Copyright (c) 2023, Arm Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ *
-+ */
-+
-+#ifndef __PSA_CRYPTO_SID_H__
-+#define __PSA_CRYPTO_SID_H__
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+#include <stdint.h>
-+
-+/**
-+ * \brief Type associated to the group of a function encoding. There can be
-+ * nine groups (Random, Key management, Hash, MAC, Cipher, AEAD,
-+ * Asym sign, Asym encrypt, Key derivation).
-+ */
-+enum tfm_crypto_group_id {
-+ TFM_CRYPTO_GROUP_ID_RANDOM = 0x0,
-+ TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT,
-+ TFM_CRYPTO_GROUP_ID_HASH,
-+ TFM_CRYPTO_GROUP_ID_MAC,
-+ TFM_CRYPTO_GROUP_ID_CIPHER,
-+ TFM_CRYPTO_GROUP_ID_AEAD,
-+ TFM_CRYPTO_GROUP_ID_ASYM_SIGN,
-+ TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT,
-+ TFM_CRYPTO_GROUP_ID_KEY_DERIVATION,
-+};
-+
-+/* X macro describing each of the available PSA Crypto APIs */
-+#define KEY_MANAGEMENT_FUNCS \
-+ X(TFM_CRYPTO_GET_KEY_ATTRIBUTES) \
-+ X(TFM_CRYPTO_RESET_KEY_ATTRIBUTES) \
-+ X(TFM_CRYPTO_OPEN_KEY) \
-+ X(TFM_CRYPTO_CLOSE_KEY) \
-+ X(TFM_CRYPTO_IMPORT_KEY) \
-+ X(TFM_CRYPTO_DESTROY_KEY) \
-+ X(TFM_CRYPTO_EXPORT_KEY) \
-+ X(TFM_CRYPTO_EXPORT_PUBLIC_KEY) \
-+ X(TFM_CRYPTO_PURGE_KEY) \
-+ X(TFM_CRYPTO_COPY_KEY) \
-+ X(TFM_CRYPTO_GENERATE_KEY)
-+
-+#define HASH_FUNCS \
-+ X(TFM_CRYPTO_HASH_COMPUTE) \
-+ X(TFM_CRYPTO_HASH_COMPARE) \
-+ X(TFM_CRYPTO_HASH_SETUP) \
-+ X(TFM_CRYPTO_HASH_UPDATE) \
-+ X(TFM_CRYPTO_HASH_CLONE) \
-+ X(TFM_CRYPTO_HASH_FINISH) \
-+ X(TFM_CRYPTO_HASH_VERIFY) \
-+ X(TFM_CRYPTO_HASH_ABORT)
-+
-+#define MAC_FUNCS \
-+ X(TFM_CRYPTO_MAC_COMPUTE) \
-+ X(TFM_CRYPTO_MAC_VERIFY) \
-+ X(TFM_CRYPTO_MAC_SIGN_SETUP) \
-+ X(TFM_CRYPTO_MAC_VERIFY_SETUP) \
-+ X(TFM_CRYPTO_MAC_UPDATE) \
-+ X(TFM_CRYPTO_MAC_SIGN_FINISH) \
-+ X(TFM_CRYPTO_MAC_VERIFY_FINISH) \
-+ X(TFM_CRYPTO_MAC_ABORT)
-+
-+#define CIPHER_FUNCS \
-+ X(TFM_CRYPTO_CIPHER_ENCRYPT) \
-+ X(TFM_CRYPTO_CIPHER_DECRYPT) \
-+ X(TFM_CRYPTO_CIPHER_ENCRYPT_SETUP) \
-+ X(TFM_CRYPTO_CIPHER_DECRYPT_SETUP) \
-+ X(TFM_CRYPTO_CIPHER_GENERATE_IV) \
-+ X(TFM_CRYPTO_CIPHER_SET_IV) \
-+ X(TFM_CRYPTO_CIPHER_UPDATE) \
-+ X(TFM_CRYPTO_CIPHER_FINISH) \
-+ X(TFM_CRYPTO_CIPHER_ABORT)
-+
-+#define AEAD_FUNCS \
-+ X(TFM_CRYPTO_AEAD_ENCRYPT) \
-+ X(TFM_CRYPTO_AEAD_DECRYPT) \
-+ X(TFM_CRYPTO_AEAD_ENCRYPT_SETUP) \
-+ X(TFM_CRYPTO_AEAD_DECRYPT_SETUP) \
-+ X(TFM_CRYPTO_AEAD_GENERATE_NONCE) \
-+ X(TFM_CRYPTO_AEAD_SET_NONCE) \
-+ X(TFM_CRYPTO_AEAD_SET_LENGTHS) \
-+ X(TFM_CRYPTO_AEAD_UPDATE_AD) \
-+ X(TFM_CRYPTO_AEAD_UPDATE) \
-+ X(TFM_CRYPTO_AEAD_FINISH) \
-+ X(TFM_CRYPTO_AEAD_VERIFY) \
-+ X(TFM_CRYPTO_AEAD_ABORT)
-+
-+#define ASYMMETRIC_SIGN_FUNCS \
-+ X(TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE) \
-+ X(TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE) \
-+ X(TFM_CRYPTO_ASYMMETRIC_SIGN_HASH) \
-+ X(TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH)
-+
-+#define AYSMMETRIC_ENCRYPT_FUNCS \
-+ X(TFM_CRYPTO_ASYMMETRIC_ENCRYPT) \
-+ X(TFM_CRYPTO_ASYMMETRIC_DECRYPT)
-+
-+#define KEY_DERIVATION_FUNCS \
-+ X(TFM_CRYPTO_RAW_KEY_AGREEMENT) \
-+ X(TFM_CRYPTO_KEY_DERIVATION_SETUP) \
-+ X(TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY) \
-+ X(TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY) \
-+ X(TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES) \
-+ X(TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY) \
-+ X(TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT) \
-+ X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES) \
-+ X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY) \
-+ X(TFM_CRYPTO_KEY_DERIVATION_ABORT)
-+
-+#define RANDOM_FUNCS \
-+ X(TFM_CRYPTO_GENERATE_RANDOM)
-+
-+/*
-+ * Define function IDs in each group. The function ID will be encoded into
-+ * tfm_crypto_func_sid below.
-+ * Each group is defined as a dedicated enum in case the total number of
-+ * PSA Crypto APIs exceeds 256.
-+ */
-+#define X(func_id) func_id,
-+enum tfm_crypto_key_management_func_id {
-+ KEY_MANAGEMENT_FUNCS
-+};
-+enum tfm_crypto_hash_func_id {
-+ HASH_FUNCS
-+};
-+enum tfm_crypto_mac_func_id {
-+ MAC_FUNCS
-+};
-+enum tfm_crypto_cipher_func_id {
-+ CIPHER_FUNCS
-+};
-+enum tfm_crypto_aead_func_id {
-+ AEAD_FUNCS
-+};
-+enum tfm_crypto_asym_sign_func_id {
-+ ASYMMETRIC_SIGN_FUNCS
-+};
-+enum tfm_crypto_asym_encrypt_func_id {
-+ AYSMMETRIC_ENCRYPT_FUNCS
-+};
-+enum tfm_crypto_key_derivation_func_id {
-+ KEY_DERIVATION_FUNCS
-+};
-+enum tfm_crypto_random_func_id {
-+ RANDOM_FUNCS
-+};
-+#undef X
-+
-+#define FUNC_ID(func_id) (((func_id) & 0xFF) << 8)
-+
-+/*
-+ * Numerical progressive value identifying a function API exposed through
-+ * the interfaces (S or NS). It's used to dispatch the requests from S/NS
-+ * to the corresponding API implementation in the Crypto service backend.
-+ *
-+ * Each function SID is encoded as uint16_t.
-+ * | Func ID | Group ID |
-+ * 15 8 7 0
-+ * Func ID is defined in each group func_id enum above
-+ * Group ID is defined in tfm_crypto_group_id.
-+ */
-+enum tfm_crypto_func_sid {
-+
-+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-+ (TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT & 0xFF)),
-+
-+ KEY_MANAGEMENT_FUNCS
-+
-+#undef X
-+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-+ (TFM_CRYPTO_GROUP_ID_HASH & 0xFF)),
-+ HASH_FUNCS
-+
-+#undef X
-+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-+ (TFM_CRYPTO_GROUP_ID_MAC & 0xFF)),
-+ MAC_FUNCS
-+
-+#undef X
-+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-+ (TFM_CRYPTO_GROUP_ID_CIPHER & 0xFF)),
-+ CIPHER_FUNCS
-+
-+#undef X
-+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-+ (TFM_CRYPTO_GROUP_ID_AEAD & 0xFF)),
-+ AEAD_FUNCS
-+
-+#undef X
-+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-+ (TFM_CRYPTO_GROUP_ID_ASYM_SIGN & 0xFF)),
-+ ASYMMETRIC_SIGN_FUNCS
-+
-+#undef X
-+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-+ (TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT & 0xFF)),
-+ AYSMMETRIC_ENCRYPT_FUNCS
-+
-+#undef X
-+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-+ (TFM_CRYPTO_GROUP_ID_KEY_DERIVATION & 0xFF)),
-+ KEY_DERIVATION_FUNCS
-+
-+#undef X
-+#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-+ (TFM_CRYPTO_GROUP_ID_RANDOM & 0xFF)),
-+ RANDOM_FUNCS
-+
-+};
-+#undef X
-+
-+/**
-+ * \brief Define an invalid value for an SID
-+ *
-+ */
-+#define TFM_CRYPTO_SID_INVALID (~0x0u)
-+
-+/**
-+ * \brief This value is used to mark an handle as invalid.
-+ *
-+ */
-+#define TFM_CRYPTO_INVALID_HANDLE (0x0u)
-+
-+/**
-+ * \brief Define miscellaneous literal constants that are used in the service
-+ *
-+ */
-+enum {
-+ TFM_CRYPTO_NOT_IN_USE = 0,
-+ TFM_CRYPTO_IN_USE = 1
-+};
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* __PSA_CRYPTO_SID_H__ */
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index 8103a9af..50ad070e 100644
---- a/components/service/common/include/psa/sid.h
-+++ b/components/service/common/include/psa/sid.h
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
-+ * Copyright (c) 2019-2023, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
-@@ -12,6 +12,9 @@
- extern "C" {
- #endif
-
-+/******** PSA Crypto SIDs ********/
-+#include "crypto_sid.h"
-+
- /******** TFM_SP_PS ********/
- #define TFM_PROTECTED_STORAGE_SERVICE_SID (0x00000060U)
- #define TFM_PROTECTED_STORAGE_SERVICE_VERSION (1U)
-@@ -43,79 +46,6 @@ extern "C" {
- #define TFM_PLATFORM_SERVICE_HANDLE (0x40000105U)
-
-
--/**
-- * \brief Define a progressive numerical value for each SID which can be used
-- * when dispatching the requests to the service
-- */
--enum {
-- TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID = (0u),
-- TFM_CRYPTO_RESET_KEY_ATTRIBUTES_SID,
-- TFM_CRYPTO_OPEN_KEY_SID,
-- TFM_CRYPTO_CLOSE_KEY_SID,
-- TFM_CRYPTO_IMPORT_KEY_SID,
-- TFM_CRYPTO_DESTROY_KEY_SID,
-- TFM_CRYPTO_EXPORT_KEY_SID,
-- TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
-- TFM_CRYPTO_PURGE_KEY_SID,
-- TFM_CRYPTO_COPY_KEY_SID,
-- TFM_CRYPTO_HASH_COMPUTE_SID,
-- TFM_CRYPTO_HASH_COMPARE_SID,
-- TFM_CRYPTO_HASH_SETUP_SID,
-- TFM_CRYPTO_HASH_UPDATE_SID,
-- TFM_CRYPTO_HASH_FINISH_SID,
-- TFM_CRYPTO_HASH_VERIFY_SID,
-- TFM_CRYPTO_HASH_ABORT_SID,
-- TFM_CRYPTO_HASH_CLONE_SID,
-- TFM_CRYPTO_MAC_COMPUTE_SID,
-- TFM_CRYPTO_MAC_VERIFY_SID,
-- TFM_CRYPTO_MAC_SIGN_SETUP_SID,
-- TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
-- TFM_CRYPTO_MAC_UPDATE_SID,
-- TFM_CRYPTO_MAC_SIGN_FINISH_SID,
-- TFM_CRYPTO_MAC_VERIFY_FINISH_SID,
-- TFM_CRYPTO_MAC_ABORT_SID,
-- TFM_CRYPTO_CIPHER_ENCRYPT_SID,
-- TFM_CRYPTO_CIPHER_DECRYPT_SID,
-- TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
-- TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
-- TFM_CRYPTO_CIPHER_GENERATE_IV_SID,
-- TFM_CRYPTO_CIPHER_SET_IV_SID,
-- TFM_CRYPTO_CIPHER_UPDATE_SID,
-- TFM_CRYPTO_CIPHER_FINISH_SID,
-- TFM_CRYPTO_CIPHER_ABORT_SID,
-- TFM_CRYPTO_AEAD_ENCRYPT_SID,
-- TFM_CRYPTO_AEAD_DECRYPT_SID,
-- TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
-- TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
-- TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
-- TFM_CRYPTO_AEAD_SET_NONCE_SID,
-- TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
-- TFM_CRYPTO_AEAD_UPDATE_AD_SID,
-- TFM_CRYPTO_AEAD_UPDATE_SID,
-- TFM_CRYPTO_AEAD_FINISH_SID,
-- TFM_CRYPTO_AEAD_VERIFY_SID,
-- TFM_CRYPTO_AEAD_ABORT_SID,
-- TFM_CRYPTO_SIGN_MESSAGE_SID,
-- TFM_CRYPTO_VERIFY_MESSAGE_SID,
-- TFM_CRYPTO_SIGN_HASH_SID,
-- TFM_CRYPTO_VERIFY_HASH_SID,
-- TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
-- TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
-- TFM_CRYPTO_KEY_DERIVATION_SETUP_SID,
-- TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID,
-- TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID,
-- TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID,
-- TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
-- TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
-- TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID,
-- TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID,
-- TFM_CRYPTO_KEY_DERIVATION_ABORT_SID,
-- TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
-- TFM_CRYPTO_GENERATE_RANDOM_SID,
-- TFM_CRYPTO_GENERATE_KEY_SID,
-- TFM_CRYPTO_SID_MAX,
--};
--
- /******** TFM_SP_PLATFORM ********/
- #define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U)
- #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U)
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-index e4a2b167..9276748d 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-@@ -37,7 +37,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_SIGN_HASH_SID,
-+ .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID,
- .key_id = id,
- .alg = alg,
- };
-@@ -70,7 +70,7 @@ static inline psa_status_t crypto_caller_sign_message(struct service_client *con
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_SIGN_MESSAGE_SID,
-+ .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID,
- .key_id = id,
- .alg = alg,
- };
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-index cc9279ee..bcd8e0e4 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-@@ -63,7 +63,7 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont
- {
-
- return crypto_caller_common(context,id,alg,hash,hash_length,
-- signature,signature_length, TFM_CRYPTO_VERIFY_HASH_SID);
-+ signature,signature_length, TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH_SID);
- }
-
- static inline psa_status_t crypto_caller_verify_message(struct service_client *context,
-@@ -76,7 +76,7 @@ static inline psa_status_t crypto_caller_verify_message(struct service_client *c
- {
-
- return crypto_caller_common(context,id,alg,hash,hash_length,
-- signature,signature_length, TFM_CRYPTO_VERIFY_MESSAGE_SID);
-+ signature,signature_length, TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE_SID);
- }
-
- #ifdef __cplusplus
---
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch
deleted file mode 100644
index ecea236..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch
+++ /dev/null
@@ -1,655 +0,0 @@
-From a3e203136e7c552069ae582273e0540a219c105f Mon Sep 17 00:00:00 2001
-From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-Date: Thu, 9 Feb 2023 00:01:06 +0000
-Subject: [PATCH 2/3] TF-Mv1.7 alignment: Align crypto iovec definition
-
-This patch is to align psa_ipc_crypto_pack_iovec with TF-M v1.7
-And propagate changes accross psa_ipc functions
-More accuratly change sfn_id to function_id
-
-Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-Upstream-Status: Pending [Not submitted yet]
----
- .../backend/psa_ipc/crypto_ipc_backend.h | 34 +++++++++----------
- .../caller/psa_ipc/crypto_caller_aead.h | 24 ++++++-------
- .../crypto_caller_asymmetric_decrypt.h | 2 +-
- .../crypto_caller_asymmetric_encrypt.h | 2 +-
- .../caller/psa_ipc/crypto_caller_cipher.h | 14 ++++----
- .../caller/psa_ipc/crypto_caller_copy_key.h | 2 +-
- .../psa_ipc/crypto_caller_destroy_key.h | 2 +-
- .../caller/psa_ipc/crypto_caller_export_key.h | 2 +-
- .../psa_ipc/crypto_caller_export_public_key.h | 2 +-
- .../psa_ipc/crypto_caller_generate_key.h | 2 +-
- .../psa_ipc/crypto_caller_generate_random.h | 2 +-
- .../crypto_caller_get_key_attributes.h | 2 +-
- .../caller/psa_ipc/crypto_caller_hash.h | 12 +++----
- .../caller/psa_ipc/crypto_caller_import_key.h | 2 +-
- .../psa_ipc/crypto_caller_key_derivation.h | 20 +++++------
- .../client/caller/psa_ipc/crypto_caller_mac.h | 12 +++----
- .../caller/psa_ipc/crypto_caller_purge_key.h | 2 +-
- .../caller/psa_ipc/crypto_caller_sign_hash.h | 4 +--
- .../psa_ipc/crypto_caller_verify_hash.h | 4 +--
- 19 files changed, 73 insertions(+), 73 deletions(-)
-
-diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-index ec25eaf8..aacd3fcc 100644
---- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-@@ -28,23 +28,23 @@ struct psa_ipc_crypto_aead_pack_input {
- };
-
- struct psa_ipc_crypto_pack_iovec {
-- uint32_t sfn_id; /*!< Secure function ID used to dispatch the
-- * request
-- */
-- uint16_t step; /*!< Key derivation step */
-- psa_key_id_t key_id; /*!< Key id */
-- psa_algorithm_t alg; /*!< Algorithm */
-- uint32_t op_handle; /*!< Frontend context handle associated to a
-- * multipart operation
-- */
-- uint32_t capacity; /*!< Key derivation capacity */
-- uint32_t ad_length; /*!< Additional Data length for multipart AEAD */
-- uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */
-- struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for
-- * AEAD until the API is
-- * restructured
-- */
--};
-+ psa_key_id_t key_id; /*!< Key id */
-+ psa_algorithm_t alg; /*!< Algorithm */
-+ uint32_t op_handle; /*!< Frontend context handle associated to a
-+ * multipart operation
-+ */
-+ uint32_t capacity; /*!< Key derivation capacity */
-+ uint32_t ad_length; /*!< Additional Data length for multipart AEAD */
-+ uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */
-+
-+ struct psa_ipc_crypto_aead_pack_input aead_in; /*!< Packs AEAD-related inputs */
-+
-+ uint16_t function_id; /*!< Used to identify the function in the
-+ * API dispatcher to the service backend
-+ * See tfm_crypto_func_sid for detail
-+ */
-+ uint16_t step; /*!< Key derivation step */
-+}__packed;
-
- #define iov_size sizeof(struct psa_ipc_crypto_pack_iovec)
-
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-index f6aadd8b..efdffdf7 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-@@ -44,7 +44,7 @@ static inline psa_status_t crypto_caller_aead_encrypt(
- size_t in_len;
- int i;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SID,
-+ .function_id = TFM_CRYPTO_AEAD_ENCRYPT_SID,
- .key_id = key,
- .alg = alg,
- .aead_in = { .nonce = {0}, .nonce_length = nonce_length },
-@@ -105,7 +105,7 @@ static inline psa_status_t crypto_caller_aead_decrypt(
- size_t in_len;
- int i;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SID,
-+ .function_id = TFM_CRYPTO_AEAD_DECRYPT_SID,
- .key_id = key,
- .alg = alg,
- .aead_in = { .nonce = {0}, .nonce_length = nonce_length },
-@@ -156,7 +156,7 @@ static inline psa_status_t crypto_caller_aead_encrypt_setup(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
-+ .function_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
- .key_id = key,
- .alg = alg,
- .op_handle = (*op_handle),
-@@ -185,7 +185,7 @@ static inline psa_status_t crypto_caller_aead_decrypt_setup(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
-+ .function_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
- .key_id = key,
- .alg = alg,
- .op_handle = (*op_handle),
-@@ -214,7 +214,7 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
-+ .function_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
- .op_handle = op_handle,
- };
-
-@@ -243,7 +243,7 @@ static inline psa_status_t crypto_caller_aead_set_nonce(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
-+ .function_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
- .op_handle = op_handle,
- };
-
-@@ -270,7 +270,7 @@ static inline psa_status_t crypto_caller_aead_set_lengths(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
-+ .function_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
- .ad_length = ad_length,
- .plaintext_length = plaintext_length,
- .op_handle = op_handle,
-@@ -299,7 +299,7 @@ static inline psa_status_t crypto_caller_aead_update_ad(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
-+ .function_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
- .op_handle = op_handle,
- };
-
-@@ -339,7 +339,7 @@ static inline psa_status_t crypto_caller_aead_update(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID,
-+ .function_id = TFM_CRYPTO_AEAD_UPDATE_SID,
- .op_handle = op_handle,
- };
-
-@@ -383,7 +383,7 @@ static inline psa_status_t crypto_caller_aead_finish(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_AEAD_FINISH_SID,
-+ .function_id = TFM_CRYPTO_AEAD_FINISH_SID,
- .op_handle = op_handle,
- };
-
-@@ -436,7 +436,7 @@ static inline psa_status_t crypto_caller_aead_verify(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID,
-+ .function_id = TFM_CRYPTO_AEAD_VERIFY_SID,
- .op_handle = op_handle,
- };
-
-@@ -482,7 +482,7 @@ static inline psa_status_t crypto_caller_aead_abort(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_AEAD_ABORT_SID,
-+ .function_id = TFM_CRYPTO_AEAD_ABORT_SID,
- .op_handle = op_handle,
- };
-
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
-index ff01815c..c387eb55 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
-@@ -38,7 +38,7 @@ static inline psa_status_t crypto_caller_asymmetric_decrypt(
- psa_status_t status;
- size_t in_len;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
-+ .function_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
- .key_id = id,
- .alg = alg,
- };
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
-index 1daf1689..8eb3de45 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
-@@ -38,7 +38,7 @@ static inline psa_status_t crypto_caller_asymmetric_encrypt(
- psa_status_t status;
- size_t in_len;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
-+ .function_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
- .key_id = id,
- .alg = alg,
- };
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-index fbefb28d..20aa46a5 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_cipher_encrypt_setup(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
-+ .function_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
- .key_id = key,
- .alg = alg,
- .op_handle = *op_handle,
-@@ -62,7 +62,7 @@ static inline psa_status_t crypto_caller_cipher_decrypt_setup(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
-+ .function_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
- .key_id = key,
- .alg = alg,
- .op_handle = *op_handle,
-@@ -91,7 +91,7 @@ static inline psa_status_t crypto_caller_cipher_generate_iv(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID,
-+ .function_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID,
- .op_handle = op_handle,
- };
- struct psa_invec in_vec[] = {
-@@ -120,7 +120,7 @@ static inline psa_status_t crypto_caller_cipher_set_iv(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_CIPHER_SET_IV_SID,
-+ .function_id = TFM_CRYPTO_CIPHER_SET_IV_SID,
- .op_handle = op_handle,
- };
- struct psa_invec in_vec[] = {
-@@ -150,7 +150,7 @@ static inline psa_status_t crypto_caller_cipher_update(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_CIPHER_UPDATE_SID,
-+ .function_id = TFM_CRYPTO_CIPHER_UPDATE_SID,
- .op_handle = op_handle,
- };
- struct psa_invec in_vec[] = {
-@@ -181,7 +181,7 @@ static inline psa_status_t crypto_caller_cipher_finish(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_CIPHER_FINISH_SID,
-+ .function_id = TFM_CRYPTO_CIPHER_FINISH_SID,
- .op_handle = op_handle,
- };
- struct psa_invec in_vec[] = {
-@@ -208,7 +208,7 @@ static inline psa_status_t crypto_caller_cipher_abort(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_CIPHER_ABORT_SID,
-+ .function_id = TFM_CRYPTO_CIPHER_ABORT_SID,
- .op_handle = op_handle,
- };
- struct psa_invec in_vec[] = {
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
-index 9a988171..48157d7e 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
-@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_copy_key(struct service_client *context
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_COPY_KEY_SID,
-+ .function_id = TFM_CRYPTO_COPY_KEY_SID,
- .key_id = source_key,
- };
- struct psa_invec in_vec[] = {
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
-index d00f4faa..6d0a05e6 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
-@@ -31,7 +31,7 @@ static inline psa_status_t crypto_caller_destroy_key(struct service_client *cont
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_DESTROY_KEY_SID,
-+ .function_id = TFM_CRYPTO_DESTROY_KEY_SID,
- .key_id = id,
- };
- struct psa_invec in_vec[] = {
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
-index 8ac5477f..9a6b7013 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
-@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_export_key(struct service_client *conte
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_EXPORT_KEY_SID,
-+ .function_id = TFM_CRYPTO_EXPORT_KEY_SID,
- .key_id = id,
- };
- struct psa_invec in_vec[] = {
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
-index b24c47f1..52bdd757 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
-@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_export_public_key(struct service_client
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
-+ .function_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
- .key_id = id,
- };
- struct psa_invec in_vec[] = {
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
-index 1b66ed40..7ed1673b 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
-@@ -32,7 +32,7 @@ static inline psa_status_t crypto_caller_generate_key(struct service_client *con
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_GENERATE_KEY_SID,
-+ .function_id = TFM_CRYPTO_GENERATE_KEY_SID,
- };
- struct psa_invec in_vec[] = {
- { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
-index 7c538237..4fb87aa8 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
-@@ -32,7 +32,7 @@ static inline psa_status_t crypto_caller_generate_random(struct service_client *
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_GENERATE_RANDOM_SID,
-+ .function_id = TFM_CRYPTO_GENERATE_RANDOM_SID,
- };
- struct psa_invec in_vec[] = {
- { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
-index 22f1d18f..2caa3bd3 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
-@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_get_key_attributes(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID,
-+ .function_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID,
- .key_id = key,
- };
- struct psa_invec in_vec[] = {
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-index 9f37908a..4fb60d44 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_hash_setup(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_HASH_SETUP_SID,
-+ .function_id = TFM_CRYPTO_HASH_SETUP_SID,
- .alg = alg,
- .op_handle = *op_handle,
- };
-@@ -60,7 +60,7 @@ static inline psa_status_t crypto_caller_hash_update(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_HASH_UPDATE_SID,
-+ .function_id = TFM_CRYPTO_HASH_UPDATE_SID,
- .op_handle = op_handle,
- };
- struct psa_invec in_vec[] = {
-@@ -88,7 +88,7 @@ static inline psa_status_t crypto_caller_hash_finish(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_HASH_FINISH_SID,
-+ .function_id = TFM_CRYPTO_HASH_FINISH_SID,
- .op_handle = op_handle,
- };
- struct psa_invec in_vec[] = {
-@@ -115,7 +115,7 @@ static inline psa_status_t crypto_caller_hash_abort(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_HASH_ABORT_SID,
-+ .function_id = TFM_CRYPTO_HASH_ABORT_SID,
- .op_handle = op_handle,
- };
- struct psa_invec in_vec[] = {
-@@ -141,7 +141,7 @@ static inline psa_status_t crypto_caller_hash_verify(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_HASH_VERIFY_SID,
-+ .function_id = TFM_CRYPTO_HASH_VERIFY_SID,
- .op_handle = op_handle,
- };
- struct psa_invec in_vec[] = {
-@@ -167,7 +167,7 @@ static inline psa_status_t crypto_caller_hash_clone(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_HASH_CLONE_SID,
-+ .function_id = TFM_CRYPTO_HASH_CLONE_SID,
- .op_handle = source_op_handle,
- };
- struct psa_invec in_vec[] = {
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
-index d4703366..1458163c 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
-@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_import_key(struct service_client *conte
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_IMPORT_KEY_SID,
-+ .function_id = TFM_CRYPTO_IMPORT_KEY_SID,
- };
- struct psa_invec in_vec[] = {
- { .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
-index 5ce4fb6c..16be9916 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
-@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_key_derivation_setup(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID,
-+ .function_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID,
- .alg = alg,
- .op_handle = *op_handle,
- };
-@@ -59,7 +59,7 @@ static inline psa_status_t crypto_caller_key_derivation_get_capacity(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID,
-+ .function_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID,
- .op_handle = op_handle,
- };
- struct psa_invec in_vec[] = {
-@@ -84,7 +84,7 @@ static inline psa_status_t crypto_caller_key_derivation_set_capacity(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID,
-+ .function_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID,
- .capacity = capacity,
- .op_handle = op_handle,
- };
-@@ -109,7 +109,7 @@ static inline psa_status_t crypto_caller_key_derivation_input_bytes(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID,
-+ .function_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID,
- .step = step,
- .op_handle = op_handle,
- };
-@@ -134,7 +134,7 @@ static inline psa_status_t crypto_caller_key_derivation_input_key(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
-+ .function_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
- .key_id = key,
- .step = step,
- .op_handle = op_handle,
-@@ -159,7 +159,7 @@ static inline psa_status_t crypto_caller_key_derivation_output_bytes(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID,
-+ .function_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID,
- .op_handle = op_handle,
- };
- struct psa_invec in_vec[] = {
-@@ -185,7 +185,7 @@ static inline psa_status_t crypto_caller_key_derivation_output_key(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID,
-+ .function_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID,
- .op_handle = op_handle,
- };
- struct psa_invec in_vec[] = {
-@@ -211,7 +211,7 @@ static inline psa_status_t crypto_caller_key_derivation_abort(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID,
-+ .function_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID,
- .op_handle = op_handle,
- };
- struct psa_invec in_vec[] = {
-@@ -239,7 +239,7 @@ static inline psa_status_t crypto_caller_key_derivation_key_agreement(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
-+ .function_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
- .key_id = private_key,
- .step = step,
- .op_handle = op_handle,
-@@ -270,7 +270,7 @@ static inline psa_status_t crypto_caller_raw_key_agreement(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
-+ .function_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
- .alg = alg,
- .key_id = private_key,
- };
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
-index 3a820192..30222800 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
-@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_mac_sign_setup(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID,
-+ .function_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID,
- .key_id = key,
- .alg = alg,
- .op_handle = *op_handle,
-@@ -62,7 +62,7 @@ static inline psa_status_t crypto_caller_mac_verify_setup(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
-+ .function_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
- .key_id = key,
- .alg = alg,
- .op_handle = *op_handle,
-@@ -90,7 +90,7 @@ static inline psa_status_t crypto_caller_mac_update(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_MAC_UPDATE_SID,
-+ .function_id = TFM_CRYPTO_MAC_UPDATE_SID,
- .op_handle = op_handle,
- };
- struct psa_invec in_vec[] = {
-@@ -118,7 +118,7 @@ static inline psa_status_t crypto_caller_mac_sign_finish(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID,
-+ .function_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID,
- .op_handle = op_handle,
- };
- struct psa_invec in_vec[] = {
-@@ -147,7 +147,7 @@ static inline psa_status_t crypto_caller_mac_verify_finish(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID,
-+ .function_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID,
- .op_handle = op_handle,
- };
- struct psa_invec in_vec[] = {
-@@ -172,7 +172,7 @@ static inline psa_status_t crypto_caller_mac_abort(
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_MAC_ABORT_SID,
-+ .function_id = TFM_CRYPTO_MAC_ABORT_SID,
- .op_handle = op_handle,
- };
- struct psa_invec in_vec[] = {
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
-index a3a796e2..f6ab0978 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
-@@ -31,7 +31,7 @@ static inline psa_status_t crypto_caller_purge_key(struct service_client *contex
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_PURGE_KEY_SID,
-+ .function_id = TFM_CRYPTO_PURGE_KEY_SID,
- .key_id = id,
- };
- struct psa_invec in_vec[] = {
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-index 9276748d..8b53e3dc 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-@@ -37,7 +37,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID,
-+ .function_id = TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID,
- .key_id = id,
- .alg = alg,
- };
-@@ -70,7 +70,7 @@ static inline psa_status_t crypto_caller_sign_message(struct service_client *con
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID,
-+ .function_id = TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID,
- .key_id = id,
- .alg = alg,
- };
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-index bcd8e0e4..c9ed865b 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-@@ -31,13 +31,13 @@ static inline psa_status_t crypto_caller_common(struct service_client *context,
- size_t hash_length,
- const uint8_t *signature,
- size_t signature_length,
-- uint32_t sfn_id)
-+ uint32_t function_id)
- {
- struct service_client *ipc = context;
- struct rpc_caller *caller = ipc->caller;
- psa_status_t status;
- struct psa_ipc_crypto_pack_iovec iov = {
-- .sfn_id = sfn_id,
-+ .function_id = function_id,
- .key_id = id,
- .alg = alg,
- };
---
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch
deleted file mode 100644
index 0dcdd5d..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch
+++ /dev/null
@@ -1,117 +0,0 @@
-From ee7e13dcc14110aa16f7c6453cfe72f088857ed2 Mon Sep 17 00:00:00 2001
-From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-Date: Thu, 9 Feb 2023 00:34:23 +0000
-Subject: [PATCH 3/3] TF-Mv1.7 alignment: PSA crypto client in/out_vec
-
-Few psa crypto operations have different in/out_vec expectations
-This patch is fixing the differences between psa crypto client in TS
-and psa crypto service in TF-M running on the secure enclave
-
-operations:
-- aead_generate_nonce: TFM service doesn't expect op_handle in in_vec
-- aead_update: TFM service doesn't expect op_handle in in_vec
-- cipher_generate_iv: TFM service doesn't expect op_handle in in_vec
-- cipher_update: TFM service doesn't expect op_handle in in_vec
-- hash_clone: TFM service expects target_op_handle in the in_vec
- rationale is target_op_handle according to the spec
- must be initialized and not active. and since hash_clone
- manipulates it. hence, target_op_handle should be passed
- as input and output.
-
-Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-Upstream-Status: Pending [Not submitted yet]
----
- .../crypto/client/caller/psa_ipc/crypto_caller_aead.h | 6 ++----
- .../crypto/client/caller/psa_ipc/crypto_caller_cipher.h | 6 ++----
- .../crypto/client/caller/psa_ipc/crypto_caller_hash.h | 2 ++
- 3 files changed, 6 insertions(+), 8 deletions(-)
-
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-index efdffdf7..e862c2de 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-@@ -222,14 +222,13 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
- {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
- };
- struct psa_outvec out_vec[] = {
-- {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
- {.base = psa_ptr_to_u32(nonce), .len = nonce_size}
- };
-
- status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
- IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-
-- *nonce_length = out_vec[1].len;
-+ *nonce_length = out_vec[0].len;
- return status;
- }
-
-@@ -353,7 +352,6 @@ static inline psa_status_t crypto_caller_aead_update(
- {.base = psa_ptr_const_to_u32(input), .len = input_length}
- };
- struct psa_outvec out_vec[] = {
-- {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
- {.base = psa_ptr_const_to_u32(output), .len = output_size},
- };
-
-@@ -365,7 +363,7 @@ static inline psa_status_t crypto_caller_aead_update(
- status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
- in_len, out_vec, IOVEC_LEN(out_vec));
-
-- *output_length = out_vec[1].len;
-+ *output_length = out_vec[0].len;
- return status;
- }
-
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-index 20aa46a5..948865e4 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-@@ -98,14 +98,13 @@ static inline psa_status_t crypto_caller_cipher_generate_iv(
- { .base = psa_ptr_to_u32(&iov), .len = iov_size },
- };
- struct psa_outvec out_vec[] = {
-- { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
- { .base = psa_ptr_to_u32(iv), .len = iv_size },
- };
-
- status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
- IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-
-- *iv_length = out_vec[1].len;
-+ *iv_length = out_vec[0].len;
-
- return status;
- }
-@@ -158,14 +157,13 @@ static inline psa_status_t crypto_caller_cipher_update(
- { .base = psa_ptr_const_to_u32(input), .len = input_length },
- };
- struct psa_outvec out_vec[] = {
-- { .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
- { .base = psa_ptr_to_u32(output), .len = output_size },
- };
-
- status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
- IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-
-- *output_length = out_vec[1].len;
-+ *output_length = out_vec[0].len;
-
- return status;
- }
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-index 4fb60d44..1e422130 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-@@ -172,6 +172,8 @@ static inline psa_status_t crypto_caller_hash_clone(
- };
- struct psa_invec in_vec[] = {
- { .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+ { .base = psa_ptr_to_u32(target_op_handle),
-+ .len = sizeof(uint32_t) },
- };
- struct psa_outvec out_vec[] = {
- { .base = psa_ptr_to_u32(target_op_handle),
---
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
index 867bd66..e601539 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
@@ -2,32 +2,9 @@
COMPATIBLE_MACHINE:corstone1000 = "corstone1000"
SRC_URI:append:corstone1000 = " \
- file://0001-Add-openamp-to-SE-proxy-deployment.patch;patchdir=../trusted-services \
- file://0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch;patchdir=../trusted-services \
- file://0003-Add-openamp-rpc-caller.patch;patchdir=../trusted-services \
- file://0004-add-psa-client-definitions-for-ff-m.patch;patchdir=../trusted-services \
- file://0005-Add-common-service-component-to-ipc-support.patch;patchdir=../trusted-services \
- file://0006-Add-secure-storage-ipc-backend.patch;patchdir=../trusted-services \
- file://0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch;patchdir=../trusted-services \
- file://0008-Run-psa-arch-test.patch;patchdir=../trusted-services \
- file://0009-Use-address-instead-of-pointers.patch;patchdir=../trusted-services \
- file://0010-Add-psa-ipc-attestation-to-se-proxy.patch;patchdir=../trusted-services \
- file://0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch;patchdir=../trusted-services;patchdir=../trusted-services \
- file://0012-add-psa-ipc-crypto-backend.patch;patchdir=../trusted-services \
- file://0013-Add-stub-capsule-update-service-components.patch;patchdir=../trusted-services \
- file://0014-Configure-storage-size.patch;patchdir=../trusted-services \
- file://0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch;patchdir=../trusted-services;patchdir=../trusted-services \
- file://0016-Integrate-remaining-psa-ipc-client-APIs.patch;patchdir=../trusted-services \
- file://0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch;patchdir=../trusted-services;patchdir=../trusted-services \
- file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \
- file://0019-plat-corstone1000-change-default-smm-values.patch;patchdir=../trusted-services \
- file://0020-FMP-Support-in-Corstone1000.patch;patchdir=../trusted-services \
- file://0021-smm_gateway-add-checks-for-null-attributes.patch;patchdir=../trusted-services \
- file://0022-GetNextVariableName-Fix.patch;patchdir=../trusted-services \
- file://0023-Use-the-stateless-platform-service.patch;patchdir=../trusted-services \
- file://0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch;patchdir=../trusted-services \
- file://0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch;patchdir=../trusted-services \
- file://0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch;patchdir=../trusted-services \
+ file://0001-Add-stub-capsule-update-service-components.patch;patchdir=../trusted-services \
+ file://0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \
+ file://0003-FMP-Support-in-Corstone1000.patch;patchdir=../trusted-services \
"
diff --git a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/arm-binary-toolchain.inc b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/arm-binary-toolchain.inc
index 528b006..44adfc8 100644
--- a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/arm-binary-toolchain.inc
+++ b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/arm-binary-toolchain.inc
@@ -24,3 +24,8 @@
PRIVATE_LIBS = "libgcc_s.so.1 libstdc++.so.6"
BBCLASSEXTEND = "native nativesdk"
+
+# Skipping file deps - we don't control the dependencies for prebuilt libraries, resulting in
+# nothing provides libcrypt.so.1()(64bit) needed by nativesdk-gcc-arm-none-eabi
+# when packaged as RPM for SDK.
+SKIP_FILEDEPS="1"
diff --git a/meta-arm/meta-arm/conf/machine/qemuarm64-secureboot.conf b/meta-arm/meta-arm/conf/machine/qemuarm64-secureboot.conf
index 7277817..55c4cab 100644
--- a/meta-arm/meta-arm/conf/machine/qemuarm64-secureboot.conf
+++ b/meta-arm/meta-arm/conf/machine/qemuarm64-secureboot.conf
@@ -23,6 +23,3 @@
IMAGE_BOOT_FILES = "${KERNEL_IMAGETYPE}"
MACHINE_FEATURES += "optee-ftpm"
-
-PREFERRED_VERSION_optee-os ?= "3.18.%"
-
diff --git a/meta-arm/meta-arm/lib/oeqa/runtime/cases/trusted_services.py b/meta-arm/meta-arm/lib/oeqa/runtime/cases/trusted_services.py
index a5f9376..8829895 100644
--- a/meta-arm/meta-arm/lib/oeqa/runtime/cases/trusted_services.py
+++ b/meta-arm/meta-arm/lib/oeqa/runtime/cases/trusted_services.py
@@ -3,25 +3,23 @@
from oeqa.runtime.case import OERuntimeTestCase
from oeqa.core.decorator.depends import OETestDepends
from oeqa.runtime.decorator.package import OEHasPackage
+from oeqa.core.decorator.data import skipIfNotInDataVar
class TrustedServicesTest(OERuntimeTestCase):
- def run_test_tool(self, cmd, expected_status=0 ):
+ def run_test_tool(self, cmd, expected_status=0, expected_output=None ):
""" Run a test utility """
status, output = self.target.run(cmd)
self.assertEqual(status, expected_status, msg='\n'.join([cmd, output]))
+ if expected_output is not None:
+ self.assertEqual(output, expected_output, msg='\n'.join([cmd, output]))
@OEHasPackage(['ts-demo'])
@OETestDepends(['ssh.SSHTest.test_ssh'])
def test_00_ts_demo(self):
self.run_test_tool('ts-demo')
- @OEHasPackage(['ts-service-test'])
- @OETestDepends(['ssh.SSHTest.test_ssh'])
- def test_01_ts_service_test(self):
- self.run_test_tool('ts-service-test')
-
@OEHasPackage(['ts-uefi-test'])
@OETestDepends(['ssh.SSHTest.test_ssh'])
def test_02_ts_uefi_test(self):
@@ -30,7 +28,8 @@
@OEHasPackage(['ts-psa-crypto-api-test'])
@OETestDepends(['ssh.SSHTest.test_ssh'])
def test_03_psa_crypto_api_test(self):
- # There are a few expected PSA Crypto tests failing
+ # There are a two expected PSA Crypto tests failures testing features
+ # TS will not support.
self.run_test_tool('psa-crypto-api-test', expected_status=46)
@OEHasPackage(['ts-psa-its-api-test'])
@@ -48,3 +47,74 @@
@OETestDepends(['ssh.SSHTest.test_ssh'])
def test_06_psa_iat_api_test(self):
self.run_test_tool('psa-iat-api-test')
+
+ @OEHasPackage(['ts-service-test'])
+ @OETestDepends(['ssh.SSHTest.test_ssh'])
+ def test_09_ts_service_grp_check(self):
+ # If this test fails, available test groups in ts-service-test have changed and all
+ # tests using the test executable need to be double checked to ensure test group to
+ # TS SP mapping is still valid.
+ test_grp_list="FwuServiceTests PsServiceTests ItsServiceTests AttestationProvisioningTests"
+ test_grp_list+=" AttestationServiceTests CryptoKeyDerivationServicePackedcTests"
+ test_grp_list+=" CryptoMacServicePackedcTests CryptoCipherServicePackedcTests"
+ test_grp_list+=" CryptoHashServicePackedcTests CryptoServicePackedcTests"
+ test_grp_list+=" CryptoServiceProtobufTests CryptoServiceLimitTests"
+ test_grp_list+=" DiscoveryServiceTests"
+ self.run_test_tool('ts-service-test -lg', expected_output=test_grp_list)
+
+ @OEHasPackage(['optee-test'])
+ @skipIfNotInDataVar('MACHINE_FEATURES', 'optee-spmc-test', 'SPMC Test SPs are not included')
+ @OETestDepends(['ssh.SSHTest.test_ssh'])
+ def test_07_spmc_test(self):
+ self.run_test_tool('xtest -t ffa_spmc')
+
+ @OEHasPackage(['ts-service-test'])
+ @skipIfNotInDataVar('MACHINE_FEATURES', 'ts-fwu', 'FWU SP is not included')
+ @OETestDepends(['ssh.SSHTest.test_ssh'])
+ def test_10_fwu_service_tests(self):
+ self.run_test_tool('ts-service-test -g FwuServiceTests')
+
+ @OEHasPackage(['ts-service-test'])
+ @OETestDepends(['ssh.SSHTest.test_ssh'])
+ def test_11_ps_service_tests(self):
+ if 'ts-storage' not in self.tc.td['MACHINE_FEATURES'] and \
+ 'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']:
+ self.skipTest('Storage SP is not included into OPTEE')
+ self.run_test_tool('ts-service-test -g PsServiceTests')
+
+ @OEHasPackage(['ts-service-test'])
+ @OETestDepends(['ssh.SSHTest.test_ssh'])
+ def test_12_its_service_tests(self):
+ if 'ts-its' not in self.tc.td['MACHINE_FEATURES'] and \
+ 'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']:
+ self.skipTest('Internal Storage SP is not included into OPTEE')
+ self.run_test_tool('ts-service-test -g ItsServiceTests')
+
+ @OEHasPackage(['ts-service-test'])
+ @OETestDepends(['ssh.SSHTest.test_ssh'])
+ def test_14_attestation_service_tests(self):
+ if 'ts-attestation' not in self.tc.td['MACHINE_FEATURES'] and \
+ 'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']:
+ self.skipTest('Attestation SP is not included into OPTEE')
+ for grp in ["AttestationProvisioningTests", "AttestationServiceTests"]:
+ self.run_test_tool('ts-service-test -g %s'%grp)
+
+ @OEHasPackage(['ts-service-test'])
+ @skipIfNotInDataVar('MACHINE_FEATURES', 'ts-crypto', 'Crypto SP is not included')
+ @OETestDepends(['ssh.SSHTest.test_ssh'])
+ def test_15_crypto_service_tests(self):
+ if 'ts-crypto' not in self.tc.td['MACHINE_FEATURES'] and \
+ 'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']:
+ self.skipTest('Crypto SP is not included into OPTEE')
+ for grp in ["CryptoKeyDerivationServicePackedcTests", "CryptoMacServicePackedcTests", \
+ "CryptoCipherServicePackedcTests", "CryptoHashServicePackedcTests", \
+ "CryptoServicePackedcTests", "CryptoServiceProtobufTests CryptoServiceLimitTests"]:
+ self.run_test_tool('ts-service-test -g %s'%grp)
+
+ @OEHasPackage(['ts-service-test'])
+ @OETestDepends(['ssh.SSHTest.test_ssh'])
+ def test_16_discovery_service_test(self):
+ if 'ts-crypto' not in self.tc.td['MACHINE_FEATURES'] and \
+ 'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']:
+ self.skipTest('Crypto SP is not included into OPTEE')
+ self.run_test_tool('ts-service-test -g DiscoveryServiceTests')
diff --git a/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.11.0.bb b/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.11.0.bb
index 30705f6..0bbd88c 100644
--- a/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.11.0.bb
+++ b/meta-arm/meta-arm/recipes-bsp/scp-firmware/scp-firmware_2.11.0.bb
@@ -29,6 +29,9 @@
# For now we only build with GCC, so stop meta-clang trying to get involved
TOOLCHAIN = "gcc"
+# remove once arm-none-eabi-gcc updates to 13 or newer like poky
+DEBUG_PREFIX_MAP:remove = "-fcanon-prefix-map"
+
inherit deploy
B = "${WORKDIR}/build"
diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/files/add-spmc_manifest-for-qemu.patch b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/files/add-spmc_manifest-for-qemu.patch
new file mode 100644
index 0000000..50a57d6
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/files/add-spmc_manifest-for-qemu.patch
@@ -0,0 +1,67 @@
+From e1cbb35ad4655fe13ccb89247c81e850f6392c92 Mon Sep 17 00:00:00 2001
+From: Gyorgy Szing <Gyorgy.Szing@arm.com>
+Date: Mon, 13 Mar 2023 21:15:59 +0100
+Subject: Add spmc_manifest for qemu
+
+This version only supports embedded packaging.
+
+Upstream-Status: Inappropriate [other]
+ - The SPMC manifest is integration specific and should live at an
+ integration spcific place. The manifest file is processed by TF-A
+ and I am adding the patch to TF-A to keep things simple.
+
+Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
+---
+ plat/qemu/fdts/optee_spmc_manifest.dts | 40 ++++++++++++++++++++++++++
+ 1 file changed, 40 insertions(+)
+ create mode 100644 plat/qemu/fdts/optee_spmc_manifest.dts
+
+diff --git a/plat/qemu/fdts/optee_spmc_manifest.dts b/plat/qemu/fdts/optee_spmc_manifest.dts
+new file mode 100644
+index 000000000..ae2ae3d95
+--- /dev/null
++++ b/plat/qemu/fdts/optee_spmc_manifest.dts
+@@ -0,0 +1,40 @@
++/* SPDX-License-Identifier: BSD-3-Clause */
++/*
++ * Copyright (c) 2023, Arm Limited. All rights reserved.
++ */
++
++/dts-v1/;
++
++/ {
++ compatible = "arm,ffa-core-manifest-1.0";
++ #address-cells = <2>;
++ #size-cells = <1>;
++
++ attribute {
++ spmc_id = <0x8000>;
++ maj_ver = <0x1>;
++ min_ver = <0x0>;
++ exec_state = <0x0>;
++ load_address = <0x0 0x0e100000>;
++ entrypoint = <0x0 0x0e100000>;
++ binary_size = <0x80000>;
++ };
++
++/*
++ * This file will be preprocessed by TF-A's build system. If Measured Boot is
++ * enabled in TF-A's config, the build system will add the MEASURED_BOOT=1 macro
++ * to the preprocessor arguments.
++ */
++#if MEASURED_BOOT
++ tpm_event_log {
++ compatible = "arm,tpm_event_log";
++ tpm_event_log_addr = <0x0 0x0>;
++ tpm_event_log_size = <0x0>;
++ };
++#endif
++
++/* If the ARM_BL2_SP_LIST_DTS is defined, SPs should be loaded from FIP */
++#ifdef ARM_BL2_SP_LIST_DTS
++ #error "FIP SP load addresses configuration is missing.
++#endif
++};
+--
+2.39.1.windows.1
+
diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/files/feat-qemu-update-abi-between-spmd-and-spmc.patch b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/files/feat-qemu-update-abi-between-spmd-and-spmc.patch
new file mode 100644
index 0000000..7c851fd
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/files/feat-qemu-update-abi-between-spmd-and-spmc.patch
@@ -0,0 +1,263 @@
+From d215b0c08e51192baab96d75beaeacf3abf8724e Mon Sep 17 00:00:00 2001
+From: Jens Wiklander <jens.wiklander@linaro.org>
+Date: Fri, 18 Nov 2022 15:40:04 +0100
+Subject: feat(qemu): update abi between spmd and spmc
+
+Updates the ABI between SPMD and the SPMC at S-EL1 so that the hard
+coded SPMC manifest can be replaced by a proper manifest via TOS FW
+Config. TOS FW Config is provided via QEMU_TOS_FW_CONFIG_DTS as a DTS
+file when building. The DTS is turned into a DTB which is added to the
+FIP.
+
+Note that this is an incompatible change and requires corresponding
+change in OP-TEE ("core: sel1 spmc: boot abi update").
+
+Upstream-Status: Accepted
+
+Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
+Change-Id: Ibabe78ef50a24f775492854ce5ac54e4d471e369
+---
+ plat/qemu/common/qemu_bl2_mem_params_desc.c | 18 +++++++++++-
+ plat/qemu/common/qemu_bl2_setup.c | 32 +++++++++++++--------
+ plat/qemu/common/qemu_io_storage.c | 16 ++++++++++-
+ plat/qemu/common/qemu_spmd_manifest.c | 31 --------------------
+ plat/qemu/qemu/include/platform_def.h | 3 ++
+ plat/qemu/qemu/platform.mk | 12 +++++++-
+ 6 files changed, 66 insertions(+), 46 deletions(-)
+ delete mode 100644 plat/qemu/common/qemu_spmd_manifest.c
+
+diff --git a/plat/qemu/common/qemu_bl2_mem_params_desc.c b/plat/qemu/common/qemu_bl2_mem_params_desc.c
+index 5af3a2264..8d8047c92 100644
+--- a/plat/qemu/common/qemu_bl2_mem_params_desc.c
++++ b/plat/qemu/common/qemu_bl2_mem_params_desc.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2017-2021, ARM Limited and Contributors. All rights reserved.
++ * Copyright (c) 2017-2022, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+@@ -122,6 +122,22 @@ static bl_mem_params_node_t bl2_mem_params_descs[] = {
+ #endif
+ .next_handoff_image_id = INVALID_IMAGE_ID,
+ },
++
++#if defined(SPD_spmd)
++ /* Fill TOS_FW_CONFIG related information */
++ {
++ .image_id = TOS_FW_CONFIG_ID,
++ SET_STATIC_PARAM_HEAD(ep_info, PARAM_IMAGE_BINARY,
++ VERSION_2, entry_point_info_t, SECURE | NON_EXECUTABLE),
++ SET_STATIC_PARAM_HEAD(image_info, PARAM_IMAGE_BINARY,
++ VERSION_2, image_info_t, 0),
++ .image_info.image_base = TOS_FW_CONFIG_BASE,
++ .image_info.image_max_size = TOS_FW_CONFIG_LIMIT -
++ TOS_FW_CONFIG_BASE,
++ .next_handoff_image_id = INVALID_IMAGE_ID,
++ },
++#endif
++
+ # endif /* QEMU_LOAD_BL32 */
+
+ /* Fill BL33 related information */
+diff --git a/plat/qemu/common/qemu_bl2_setup.c b/plat/qemu/common/qemu_bl2_setup.c
+index 2c0da15b9..6afa3a44d 100644
+--- a/plat/qemu/common/qemu_bl2_setup.c
++++ b/plat/qemu/common/qemu_bl2_setup.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
++ * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+@@ -149,8 +149,7 @@ static int qemu_bl2_handle_post_image_load(unsigned int image_id)
+ bl_mem_params_node_t *paged_mem_params = NULL;
+ #endif
+ #if defined(SPD_spmd)
+- unsigned int mode_rw = MODE_RW_64;
+- uint64_t pagable_part = 0;
++ bl_mem_params_node_t *bl32_mem_params = NULL;
+ #endif
+
+ assert(bl_mem_params);
+@@ -170,17 +169,18 @@ static int qemu_bl2_handle_post_image_load(unsigned int image_id)
+ if (err != 0) {
+ WARN("OPTEE header parse error.\n");
+ }
+-#if defined(SPD_spmd)
+- mode_rw = bl_mem_params->ep_info.args.arg0;
+- pagable_part = bl_mem_params->ep_info.args.arg1;
+-#endif
+ #endif
+
+-#if defined(SPD_spmd)
+- bl_mem_params->ep_info.args.arg0 = ARM_PRELOADED_DTB_BASE;
+- bl_mem_params->ep_info.args.arg1 = pagable_part;
+- bl_mem_params->ep_info.args.arg2 = mode_rw;
+- bl_mem_params->ep_info.args.arg3 = 0;
++#if defined(SPMC_OPTEE)
++ /*
++ * Explicit zeroes to unused registers since they may have
++ * been populated by parse_optee_header() above.
++ *
++ * OP-TEE expects system DTB in x2 and TOS_FW_CONFIG in x0,
++ * the latter is filled in below for TOS_FW_CONFIG_ID and
++ * applies to any other SPMC too.
++ */
++ bl_mem_params->ep_info.args.arg2 = ARM_PRELOADED_DTB_BASE;
+ #elif defined(SPD_opteed)
+ /*
+ * OP-TEE expect to receive DTB address in x2.
+@@ -224,6 +224,14 @@ static int qemu_bl2_handle_post_image_load(unsigned int image_id)
+
+ bl_mem_params->ep_info.spsr = qemu_get_spsr_for_bl33_entry();
+ break;
++#if defined(SPD_spmd)
++ case TOS_FW_CONFIG_ID:
++ /* An SPMC expects TOS_FW_CONFIG in x0/r0 */
++ bl32_mem_params = get_bl_mem_params_node(BL32_IMAGE_ID);
++ bl32_mem_params->ep_info.args.arg0 =
++ bl_mem_params->image_info.image_base;
++ break;
++#endif
+ default:
+ /* Do nothing in default case */
+ break;
+diff --git a/plat/qemu/common/qemu_io_storage.c b/plat/qemu/common/qemu_io_storage.c
+index 1107e443f..e2d4932c0 100644
+--- a/plat/qemu/common/qemu_io_storage.c
++++ b/plat/qemu/common/qemu_io_storage.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved.
++ * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+@@ -24,6 +24,7 @@
+ #define BL2_IMAGE_NAME "bl2.bin"
+ #define BL31_IMAGE_NAME "bl31.bin"
+ #define BL32_IMAGE_NAME "bl32.bin"
++#define TOS_FW_CONFIG_NAME "tos_fw_config.dtb"
+ #define BL32_EXTRA1_IMAGE_NAME "bl32_extra1.bin"
+ #define BL32_EXTRA2_IMAGE_NAME "bl32_extra2.bin"
+ #define BL33_IMAGE_NAME "bl33.bin"
+@@ -78,6 +79,10 @@ static const io_uuid_spec_t bl32_extra2_uuid_spec = {
+ .uuid = UUID_SECURE_PAYLOAD_BL32_EXTRA2,
+ };
+
++static const io_uuid_spec_t tos_fw_config_uuid_spec = {
++ .uuid = UUID_TOS_FW_CONFIG,
++};
++
+ static const io_uuid_spec_t bl33_uuid_spec = {
+ .uuid = UUID_NON_TRUSTED_FIRMWARE_BL33,
+ };
+@@ -137,6 +142,10 @@ static const io_file_spec_t sh_file_spec[] = {
+ .path = BL32_EXTRA2_IMAGE_NAME,
+ .mode = FOPEN_MODE_RB
+ },
++ [TOS_FW_CONFIG_ID] = {
++ .path = TOS_FW_CONFIG_NAME,
++ .mode = FOPEN_MODE_RB
++ },
+ [BL33_IMAGE_ID] = {
+ .path = BL33_IMAGE_NAME,
+ .mode = FOPEN_MODE_RB
+@@ -252,6 +261,11 @@ static const struct plat_io_policy policies[] = {
+ open_fip
+ },
+ #endif
++ [TOS_FW_CONFIG_ID] = {
++ &fip_dev_handle,
++ (uintptr_t)&tos_fw_config_uuid_spec,
++ open_fip
++ },
+ [BL33_IMAGE_ID] = {
+ &fip_dev_handle,
+ (uintptr_t)&bl33_uuid_spec,
+diff --git a/plat/qemu/common/qemu_spmd_manifest.c b/plat/qemu/common/qemu_spmd_manifest.c
+deleted file mode 100644
+index fd46e2675..000000000
+--- a/plat/qemu/common/qemu_spmd_manifest.c
++++ /dev/null
+@@ -1,31 +0,0 @@
+-/*
+- * Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- */
+-
+-#include <assert.h>
+-
+-#include <services/spm_core_manifest.h>
+-
+-#include <plat/common/platform.h>
+-#include <platform_def.h>
+-
+-int plat_spm_core_manifest_load(spmc_manifest_attribute_t *manifest,
+- const void *pm_addr)
+-{
+- entry_point_info_t *ep_info = bl31_plat_get_next_image_ep_info(SECURE);
+-
+- assert(ep_info != NULL);
+- assert(manifest != NULL);
+-
+- manifest->major_version = 1;
+- manifest->minor_version = 0;
+- manifest->exec_state = ep_info->args.arg2;
+- manifest->load_address = BL32_BASE;
+- manifest->entrypoint = BL32_BASE;
+- manifest->binary_size = BL32_LIMIT - BL32_BASE;
+- manifest->spmc_id = 0x8000;
+-
+- return 0;
+-}
+diff --git a/plat/qemu/qemu/include/platform_def.h b/plat/qemu/qemu/include/platform_def.h
+index c9ed6409f..5c3239cb8 100644
+--- a/plat/qemu/qemu/include/platform_def.h
++++ b/plat/qemu/qemu/include/platform_def.h
+@@ -118,6 +118,9 @@
+ #define BL_RAM_BASE (SHARED_RAM_BASE + SHARED_RAM_SIZE)
+ #define BL_RAM_SIZE (SEC_SRAM_SIZE - SHARED_RAM_SIZE)
+
++#define TOS_FW_CONFIG_BASE BL_RAM_BASE
++#define TOS_FW_CONFIG_LIMIT (TOS_FW_CONFIG_BASE + PAGE_SIZE)
++
+ /*
+ * BL1 specific defines.
+ *
+diff --git a/plat/qemu/qemu/platform.mk b/plat/qemu/qemu/platform.mk
+index 6becc32fa..02493025a 100644
+--- a/plat/qemu/qemu/platform.mk
++++ b/plat/qemu/qemu/platform.mk
+@@ -212,7 +212,10 @@ BL31_SOURCES += lib/cpus/aarch64/aem_generic.S \
+ ${QEMU_GIC_SOURCES}
+
+ ifeq (${SPD},spmd)
+-BL31_SOURCES += plat/qemu/common/qemu_spmd_manifest.c
++BL31_SOURCES += plat/common/plat_spmd_manifest.c \
++ common/uuid.c \
++ ${LIBFDT_SRCS} \
++ ${FDT_WRAPPERS_SOURCES}
+ endif
+ endif
+
+@@ -233,6 +236,13 @@ $(eval $(call TOOL_ADD_IMG,bl32_extra2,--tos-fw-extra2))
+ endif
+ endif
+
++ifneq ($(QEMU_TOS_FW_CONFIG_DTS),)
++FDT_SOURCES += ${QEMU_TOS_FW_CONFIG_DTS}
++QEMU_TOS_FW_CONFIG := ${BUILD_PLAT}/fdts/$(notdir $(basename ${QEMU_TOS_FW_CONFIG_DTS})).dtb
++# Add the TOS_FW_CONFIG to FIP
++$(eval $(call TOOL_ADD_PAYLOAD,${QEMU_TOS_FW_CONFIG},--tos-fw-config,${QEMU_TOS_FW_CONFIG}))
++endif
++
+ SEPARATE_CODE_AND_RODATA := 1
+ ENABLE_STACK_PROTECTOR := 0
+ ifneq ($(ENABLE_STACK_PROTECTOR), 0)
+--
+2.39.1.windows.1
+
diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
index b0533a1..4d3b0ba 100644
--- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
+++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
@@ -9,7 +9,7 @@
SRCBRANCH = "master"
SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};name=tfa;branch=${SRCBRANCH}"
-UPSTREAM_CHECK_GITTAGREGEX = "^v(?P<pver>\d+(\.\d+)+)$"
+UPSTREAM_CHECK_GITTAGREGEX = "^(lts-)?v(?P<pver>\d+(\.\d+)+)$"
SRCREV_FORMAT = "tfa"
diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
index 6cf55d6..e58a090 100644
--- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
+++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
@@ -47,7 +47,10 @@
BL32_RAM_LOCATION=tdram \
AARCH32_SP=optee \
"
-
+# When using OP-TEE SPMC specify the SPMC manifest file.
+EXTRA_OEMAKE:append:qemuarm64-secureboot = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', \
+ 'QEMU_TOS_FW_CONFIG_DTS=${S}/plat/qemu/fdts/optee_spmc_manifest.dts', '', d)}"
+
do_compile:append:qemuarm64-secureboot() {
# Create a secure flash image for booting AArch64 Qemu. See:
# https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/docs/plat/qemu.rst
diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.0.bb b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.0.bb
index 3a5006e..5830339 100644
--- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.0.bb
+++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.0.bb
@@ -5,6 +5,12 @@
SRC_URI += "file://rwx-segments.patch"
+# Enable passing TOS_FW_CONFIG from FIP package to Trusted OS.
+SRC_URI:append:qemuarm64-secureboot = " \
+ file://add-spmc_manifest-for-qemu.patch \
+ file://feat-qemu-update-abi-between-spmd-and-spmc.patch \
+ "
+
LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde"
# mbed TLS v2.28.2
diff --git a/meta-arm/meta-arm/recipes-devtools/fiptool/files/ssl.patch b/meta-arm/meta-arm/recipes-devtools/fiptool/files/ssl.patch
deleted file mode 100644
index cdabd1b..0000000
--- a/meta-arm/meta-arm/recipes-devtools/fiptool/files/ssl.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-fiptool: respect OPENSSL_DIR
-
-fiptool links to libcrypto, so as with the other tools it should respect
-OPENSSL_DIR for include/library paths.
-
-Upstream-Status: Submitted
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-diff --git a/Makefile b/Makefile
-index ec6f88585..2d3b9fc26 100644
---- a/Makefile
-+++ b/Makefile
-@@ -1388,7 +1388,7 @@ fwu_fip: ${BUILD_PLAT}/${FWU_FIP_NAME}
-
- ${FIPTOOL}: FORCE
- ifdef UNIX_MK
-- ${Q}${MAKE} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} --no-print-directory -C ${FIPTOOLPATH}
-+ ${Q}${MAKE} CPPFLAGS="-DVERSION='\"${VERSION_STRING}\"'" FIPTOOL=${FIPTOOL} OPENSSL_DIR=${OPENSSL_DIR} --no-print-directory -C ${FIPTOOLPATH}
- else
- # Clear the MAKEFLAGS as we do not want
- # to pass the gnumake flags to nmake.
-diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile
-index 11d2e7b0b..7c2a08379 100644
---- a/tools/fiptool/Makefile
-+++ b/tools/fiptool/Makefile
-@@ -12,6 +12,8 @@ FIPTOOL ?= fiptool${BIN_EXT}
- PROJECT := $(notdir ${FIPTOOL})
- OBJECTS := fiptool.o tbbr_config.o
- V ?= 0
-+OPENSSL_DIR := /usr
-+
-
- override CPPFLAGS += -D_GNU_SOURCE -D_XOPEN_SOURCE=700
- HOSTCCFLAGS := -Wall -Werror -pedantic -std=c99
-@@ -20,7 +22,7 @@ ifeq (${DEBUG},1)
- else
- HOSTCCFLAGS += -O2
- endif
--LDLIBS := -lcrypto
-+LDLIBS := -L${OPENSSL_DIR}/lib -lcrypto
-
- ifeq (${V},0)
- Q := @
-@@ -28,7 +30,7 @@ else
- Q :=
- endif
-
--INCLUDE_PATHS := -I../../include/tools_share
-+INCLUDE_PATHS := -I../../include/tools_share -I${OPENSSL_DIR}/include
-
- HOSTCC ?= gcc
-
diff --git a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc
index dd02a7c..ea3ef67 100644
--- a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc
+++ b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-common.inc
@@ -3,6 +3,7 @@
# FVP has an End User License Agreement. Add Arm-FVP-EULA to your
# LICENSE_FLAGS_ACCEPTED if you agree to these terms.
LICENSE_FLAGS = "Arm-FVP-EULA"
+LICENSE_FLAGS_DETAILS[Arm-FVP-EULA] = "https://developer.arm.com/downloads/-/arm-ecosystem-fvps/eula"
LICENSE = "Proprietary & Apache-2.0 & Python-2.0 & GPL-3.0-with-GCC-exception & Zlib & NCSA & LGPL-2.0-or-later & MIT & BSD-3-Clause"
diff --git a/meta-arm/meta-arm/recipes-kernel/arm-ffa-user/arm-ffa-user_5.0.1.bb b/meta-arm/meta-arm/recipes-kernel/arm-ffa-user/arm-ffa-user_5.0.1.bb
index 1261fa4..726a65b 100644
--- a/meta-arm/meta-arm/recipes-kernel/arm-ffa-user/arm-ffa-user_5.0.1.bb
+++ b/meta-arm/meta-arm/recipes-kernel/arm-ffa-user/arm-ffa-user_5.0.1.bb
@@ -18,10 +18,16 @@
KERNEL_MODULE_AUTOLOAD += "arm-ffa-user"
KERNEL_MODULE_PROBECONF += "arm-ffa-user"
-# This debugfs driver is used only by uefi-test for testing SmmGW SP
-# UUIDs = SMM Gateway SP
-FFA-USER-UUID-LIST ?= "ed32d533-99e6-4209-9cc0-2d72cdd998a7"
-module_conf_arm-ffa-user = "options arm-ffa-user uuid_str_list=${FFA-USER-UUID-LIST}"
+# SMM Gateway SP
+UUID_LIST = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \
+ 'ed32d533-99e6-4209-9cc0-2d72cdd998a7', '' , d)}"
+# SPMC Tests SPs
+UUID_LIST:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
+ ',5c9edbc3-7b3a-4367-9f83-7c191ae86a37,7817164c-c40c-4d1a-867a-9bb2278cf41a,23eb0100-e32a-4497-9052-2f11e584afa6', '' , d)}"
+
+FFA_USER_UUID_LIST ?= "${@d.getVar('UUID_LIST').strip(',')}"
+
+module_conf_arm-ffa-user = "options arm-ffa-user uuid_str_list=${FFA_USER_UUID_LIST}"
do_install:append() {
install -d ${D}${includedir}
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/arm-ffa-5.15.inc b/meta-arm/meta-arm/recipes-kernel/linux/arm-ffa-5.15.inc
deleted file mode 100644
index bc66efb..0000000
--- a/meta-arm/meta-arm/recipes-kernel/linux/arm-ffa-5.15.inc
+++ /dev/null
@@ -1,5 +0,0 @@
-# Include a backport kernel patch for TEE driver
-
-SRC_URI:append = " \
- file://Add-sec_world_id-to-struct-tee_shm.patch \
- "
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/files/aarch64/0001-gcc-plugins-Reorganize-gimple-includes-for-GCC-13.patch b/meta-arm/meta-arm/recipes-kernel/linux/files/aarch64/0001-gcc-plugins-Reorganize-gimple-includes-for-GCC-13.patch
new file mode 100644
index 0000000..e4d8936
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-kernel/linux/files/aarch64/0001-gcc-plugins-Reorganize-gimple-includes-for-GCC-13.patch
@@ -0,0 +1,47 @@
+From e6a71160cc145e18ab45195abf89884112e02dfb Mon Sep 17 00:00:00 2001
+From: Kees Cook <keescook@chromium.org>
+Date: Wed, 18 Jan 2023 12:21:35 -0800
+Subject: [PATCH] gcc-plugins: Reorganize gimple includes for GCC 13
+
+The gimple-iterator.h header must be included before gimple-fold.h
+starting with GCC 13. Reorganize gimple headers to work for all GCC
+versions.
+
+Reported-by: Palmer Dabbelt <palmer@rivosinc.com>
+Acked-by: Palmer Dabbelt <palmer@rivosinc.com>
+Link: https://lore.kernel.org/all/20230113173033.4380-1-palmer@rivosinc.com/
+Cc: linux-hardening@vger.kernel.org
+Signed-off-by: Kees Cook <keescook@chromium.org>
+
+Upstream-Status: Backport
+Signed-off-by: Jon Mason <jon.mason@arm.com>
+
+---
+ scripts/gcc-plugins/gcc-common.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/scripts/gcc-plugins/gcc-common.h b/scripts/gcc-plugins/gcc-common.h
+index 9a1895747b15..84c730da36dd 100644
+--- a/scripts/gcc-plugins/gcc-common.h
++++ b/scripts/gcc-plugins/gcc-common.h
+@@ -71,7 +71,9 @@
+ #include "varasm.h"
+ #include "stor-layout.h"
+ #include "internal-fn.h"
++#include "gimple.h"
+ #include "gimple-expr.h"
++#include "gimple-iterator.h"
+ #include "gimple-fold.h"
+ #include "context.h"
+ #include "tree-ssa-alias.h"
+@@ -85,10 +87,8 @@
+ #include "tree-eh.h"
+ #include "stmt.h"
+ #include "gimplify.h"
+-#include "gimple.h"
+ #include "tree-phinodes.h"
+ #include "tree-cfg.h"
+-#include "gimple-iterator.h"
+ #include "gimple-ssa.h"
+ #include "ssa-iterators.h"
+
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend
index 883ed2c..3f2c83f 100644
--- a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend
+++ b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto%.bbappend
@@ -4,6 +4,7 @@
SRC_URI:append:aarch64 = " \
file://0001-Revert-arm64-defconfig-Enable-Tegra-MGBE-driver.patch \
file://0002-Revert-arm64-defconfig-Add-Nuvoton-NPCM-family-suppo.patch \
+ file://0001-gcc-plugins-Reorganize-gimple-includes-for-GCC-13.patch \
"
COMPATIBLE_MACHINE:generic-arm64 = "generic-arm64"
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto-5.15/Add-sec_world_id-to-struct-tee_shm.patch b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto-5.15/Add-sec_world_id-to-struct-tee_shm.patch
deleted file mode 100644
index 8f54b30..0000000
--- a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto-5.15/Add-sec_world_id-to-struct-tee_shm.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 9028b2463c1ea96f51c3ba53e2479346019ff6ad Mon Sep 17 00:00:00 2001
-From: Jens Wiklander <jens.wiklander@linaro.org>
-Date: Thu, 25 Mar 2021 15:08:44 +0100
-Subject: [PATCH] tee: add sec_world_id to struct tee_shm
-
-Adds sec_world_id to struct tee_shm which describes a shared memory
-object. sec_world_id can be used by a driver to store an id assigned by
-secure world.
-
-Reviewed-by: Sumit Garg <sumit.garg@linaro.org>
-Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
-
-Upstream-Status: Submitted [https://github.com/torvalds/linux/commit/9028b2463c1ea96f51c3ba53e2479346019ff6ad]
-Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
-
----
- include/linux/tee_drv.h | 7 ++++++-
- 1 file changed, 6 insertions(+), 1 deletion(-)
-
-diff --git a/include/linux/tee_drv.h b/include/linux/tee_drv.h
-index 3ebfea0781f100..a1f03461369bd9 100644
---- a/include/linux/tee_drv.h
-+++ b/include/linux/tee_drv.h
-@@ -197,7 +197,11 @@ int tee_session_calc_client_uuid(uuid_t *uuid, u32 connection_method,
- * @num_pages: number of locked pages
- * @dmabuf: dmabuf used to for exporting to user space
- * @flags: defined by TEE_SHM_* in tee_drv.h
-- * @id: unique id of a shared memory object on this device
-+ * @id: unique id of a shared memory object on this device, shared
-+ * with user space
-+ * @sec_world_id:
-+ * secure world assigned id of this shared memory object, not
-+ * used by all drivers
- *
- * This pool is only supposed to be accessed directly from the TEE
- * subsystem and from drivers that implements their own shm pool manager.
-@@ -213,6 +217,7 @@ struct tee_shm {
- struct dma_buf *dmabuf;
- u32 flags;
- int id;
-+ u64 sec_world_id;
- };
-
- /**
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto-5.15/skip-unavailable-memory.patch b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto-5.15/skip-unavailable-memory.patch
deleted file mode 100644
index d157ef7..0000000
--- a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto-5.15/skip-unavailable-memory.patch
+++ /dev/null
@@ -1,85 +0,0 @@
-From 7bfeda1c9224270af97adf799ce0b5a4292bceb6 Mon Sep 17 00:00:00 2001
-From: Andre Przywara <andre.przywara@arm.com>
-Date: Tue, 17 May 2022 11:14:10 +0100
-Subject: [PATCH] of/fdt: Ignore disabled memory nodes
-
-When we boot a machine using a devicetree, the generic DT code goes
-through all nodes with a 'device_type = "memory"' property, and collects
-all memory banks mentioned there. However it does not check for the
-status property, so any nodes which are explicitly "disabled" will still
-be added as a memblock.
-This ends up badly for QEMU, when booting with secure firmware on
-arm/arm64 machines, because QEMU adds a node describing secure-only
-memory:
-===================
- secram@e000000 {
- secure-status = "okay";
- status = "disabled";
- reg = <0x00 0xe000000 0x00 0x1000000>;
- device_type = "memory";
- };
-===================
-
-The kernel will eventually use that memory block (which is located below
-the main DRAM bank), but accesses to that will be answered with an
-SError:
-===================
-[ 0.000000] Internal error: synchronous external abort: 96000050 [#1] PREEMPT SMP
-[ 0.000000] Modules linked in:
-[ 0.000000] CPU: 0 PID: 0 Comm: swapper Not tainted 5.18.0-rc6-00014-g10c8acb8b679 #524
-[ 0.000000] Hardware name: linux,dummy-virt (DT)
-[ 0.000000] pstate: 200000c5 (nzCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
-[ 0.000000] pc : new_slab+0x190/0x340
-[ 0.000000] lr : new_slab+0x184/0x340
-[ 0.000000] sp : ffff80000a4b3d10
-....
-==================
-The actual crash location and call stack will be somewhat random, and
-depend on the specific allocation of that physical memory range.
-
-As the DT spec[1] explicitly mentions standard properties, add a simple
-check to skip over disabled memory nodes, so that we only use memory
-that is meant for non-secure code to use.
-
-That fixes booting a QEMU arm64 VM with EL3 enabled ("secure=on"), when
-not using UEFI. In this case the QEMU generated DT will be handed on
-to the kernel, which will see the secram node.
-This issue is reproducible when using TF-A together with U-Boot as
-firmware, then booting with the "booti" command.
-
-When using U-Boot as an UEFI provider, the code there [2] explicitly
-filters for disabled nodes when generating the UEFI memory map, so we
-are safe.
-EDK/2 only reads the first bank of the first DT memory node [3] to learn
-about memory, so we got lucky there.
-
-[1] https://github.com/devicetree-org/devicetree-specification/blob/main/source/chapter3-devicenodes.rst#memory-node (after the table)
-[2] https://source.denx.de/u-boot/u-boot/-/blob/master/lib/fdtdec.c#L1061-1063
-[3] https://github.com/tianocore/edk2/blob/master/ArmVirtPkg/PrePi/FdtParser.c
-
-Reported-by: Ross Burton <ross.burton@arm.com>
-Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
-Upstream-Status: Submitted [https://lore.kernel.org/linux-arm-kernel/20220517101410.3493781-1-andre.przywara@arm.com/T/#u]
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
----
- drivers/of/fdt.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/drivers/of/fdt.c b/drivers/of/fdt.c
-index 59a7a9ee58ef..5439c899fe04 100644
---- a/drivers/of/fdt.c
-+++ b/drivers/of/fdt.c
-@@ -1102,6 +1102,9 @@ int __init early_init_dt_scan_memory(unsigned long node, const char *uname,
- if (type == NULL || strcmp(type, "memory") != 0)
- return 0;
-
-+ if (!of_fdt_device_is_available(initial_boot_params, node))
-+ return 0;
-+
- reg = of_get_flat_dt_prop(node, "linux,usable-memory", &l);
- if (reg == NULL)
- reg = of_get_flat_dt_prop(node, "reg", &l);
---
-2.25.1
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_5.15%.bbappend b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_5.15%.bbappend
deleted file mode 100644
index 9a18dd8..0000000
--- a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_5.15%.bbappend
+++ /dev/null
@@ -1,8 +0,0 @@
-FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}-5.15:"
-
-SRC_URI:append:qemuarm64-secureboot = " \
- file://skip-unavailable-memory.patch \
- "
-
-FFA_TEE_INCLUDE = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', 'arm-ffa-5.15.inc', '' , d)}"
-require ${FFA_TEE_INCLUDE}
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch
new file mode 100644
index 0000000..4313a82
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch
@@ -0,0 +1,91 @@
+From 11f4ea86579bc1a58e4adde2849326f4213694f2 Mon Sep 17 00:00:00 2001
+From: Jens Wiklander <jens.wiklander@linaro.org>
+Date: Mon, 21 Nov 2022 18:17:33 +0100
+Subject: core: arm: S-EL1 SPMC: boot ABI update
+
+Updates the boot ABI for S-EL1 SPMC to align better with other SPMCs,
+like Hafnium, but also with the non-FF-A configuration.
+
+Register usage:
+X0 - TOS FW config [1] address, if not NULL
+X2 - System DTB, if not NULL
+
+Adds check in the default get_aslr_seed() to see if the system DTB is
+present before trying to read kaslr-seed from secure-chosen.
+
+Note that this is an incompatible change and requires corresponding
+change in TF-A ("feat(qemu): update abi between spmd and spmc") [2].
+
+[1] A TF-A concept: TOS_FW_CONFIG - Trusted OS Firmware configuration
+ file. Used by Trusted OS (BL32), that is, OP-TEE in this case
+Link: [2] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=25ae7ad1878244f78206cc7c91f7bdbd267331a1
+
+Upstream-Status: Accepted
+
+Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
+Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
+---
+ core/arch/arm/kernel/boot.c | 8 +++++++-
+ core/arch/arm/kernel/entry_a64.S | 17 ++++++++---------
+ 2 files changed, 15 insertions(+), 10 deletions(-)
+
+diff --git a/core/arch/arm/kernel/boot.c b/core/arch/arm/kernel/boot.c
+index dd34173e8..e02c02b60 100644
+--- a/core/arch/arm/kernel/boot.c
++++ b/core/arch/arm/kernel/boot.c
+@@ -1502,11 +1502,17 @@ struct ns_entry_context *boot_core_hpen(void)
+ #if defined(CFG_DT)
+ unsigned long __weak get_aslr_seed(void *fdt)
+ {
+- int rc = fdt_check_header(fdt);
++ int rc = 0;
+ const uint64_t *seed = NULL;
+ int offs = 0;
+ int len = 0;
+
++ if (!fdt) {
++ DMSG("No fdt");
++ goto err;
++ }
++
++ rc = fdt_check_header(fdt);
+ if (rc) {
+ DMSG("Bad fdt: %d", rc);
+ goto err;
+diff --git a/core/arch/arm/kernel/entry_a64.S b/core/arch/arm/kernel/entry_a64.S
+index 4c6e9d75c..047ae1f25 100644
+--- a/core/arch/arm/kernel/entry_a64.S
++++ b/core/arch/arm/kernel/entry_a64.S
+@@ -143,21 +143,20 @@
+ .endm
+
+ FUNC _start , :
+-#if defined(CFG_CORE_SEL1_SPMC)
+ /*
+- * With OP-TEE as SPMC at S-EL1 the SPMD (SPD_spmd) in TF-A passes
+- * the DTB in x0, pagaeble part in x1 and the rest of the registers
+- * are unused
++ * If CFG_CORE_FFA is enabled, then x0 if non-NULL holds the TOS FW
++ * config [1] address, else x0 if non-NULL holds the pagable part
++ * address.
++ *
++ * [1] A TF-A concept: TOS_FW_CONFIG - Trusted OS Firmware
++ * configuration file. Used by Trusted OS (BL32), that is, OP-TEE
++ * here.
+ */
+- mov x19, x1 /* Save pagable part */
+- mov x20, x0 /* Save DT address */
+-#else
+- mov x19, x0 /* Save pagable part address */
++ mov x19, x0
+ #if defined(CFG_DT_ADDR)
+ ldr x20, =CFG_DT_ADDR
+ #else
+ mov x20, x2 /* Save DT address */
+-#endif
+ #endif
+
+ adr x0, reset_vect_table
+--
+2.39.1.windows.1
+
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch
new file mode 100644
index 0000000..add3907
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch
@@ -0,0 +1,249 @@
+From 84f4ef4c4f2f45e2f54597f1afe80d8f8396cc57 Mon Sep 17 00:00:00 2001
+From: Balint Dobszay <balint.dobszay@arm.com>
+Date: Fri, 10 Feb 2023 11:07:27 +0100
+Subject: core: ffa: add TOS_FW_CONFIG handling
+
+At boot TF-A passes two DT addresses (HW_CONFIG and TOS_FW_CONFIG), but
+currently only the HW_CONFIG address is saved, the other one is dropped.
+This commit adds functionality to save the TOS_FW_CONFIG too, so we can
+retrieve it later. This is necessary for the CFG_CORE_SEL1_SPMC use
+case, because the SPMC manifest is passed in this DT.
+
+Upstream-Status: Accepted
+
+Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
+Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
+---
+ core/arch/arm/kernel/boot.c | 60 ++++++++++++++++++++++-
+ core/arch/arm/kernel/entry_a32.S | 3 +-
+ core/arch/arm/kernel/entry_a64.S | 13 ++++-
+ core/arch/arm/kernel/link_dummies_paged.c | 4 +-
+ core/arch/arm/kernel/secure_partition.c | 2 +-
+ core/include/kernel/boot.h | 7 ++-
+ 6 files changed, 81 insertions(+), 8 deletions(-)
+
+diff --git a/core/arch/arm/kernel/boot.c b/core/arch/arm/kernel/boot.c
+index e02c02b60..98e13c072 100644
+--- a/core/arch/arm/kernel/boot.c
++++ b/core/arch/arm/kernel/boot.c
+@@ -1,6 +1,7 @@
+ // SPDX-License-Identifier: BSD-2-Clause
+ /*
+ * Copyright (c) 2015-2022, Linaro Limited
++ * Copyright (c) 2023, Arm Limited
+ */
+
+ #include <arm.h>
+@@ -83,6 +84,9 @@ struct dt_descriptor {
+ };
+
+ static struct dt_descriptor external_dt __nex_bss;
++#ifdef CFG_CORE_SEL1_SPMC
++static struct dt_descriptor tos_fw_config_dt __nex_bss;
++#endif
+ #endif
+
+ #ifdef CFG_SECONDARY_INIT_CNTFRQ
+@@ -1224,6 +1228,54 @@ static struct core_mmu_phys_mem *get_nsec_memory(void *fdt __unused,
+ #endif /*CFG_CORE_DYN_SHM*/
+ #endif /*!CFG_DT*/
+
++#if defined(CFG_CORE_SEL1_SPMC) && defined(CFG_DT)
++void *get_tos_fw_config_dt(void)
++{
++ if (!IS_ENABLED(CFG_MAP_EXT_DT_SECURE))
++ return NULL;
++
++ assert(cpu_mmu_enabled());
++
++ return tos_fw_config_dt.blob;
++}
++
++static void init_tos_fw_config_dt(unsigned long pa)
++{
++ struct dt_descriptor *dt = &tos_fw_config_dt;
++ void *fdt = NULL;
++ int ret = 0;
++
++ if (!IS_ENABLED(CFG_MAP_EXT_DT_SECURE))
++ return;
++
++ if (!pa)
++ panic("No TOS_FW_CONFIG DT found");
++
++ fdt = core_mmu_add_mapping(MEM_AREA_EXT_DT, pa, CFG_DTB_MAX_SIZE);
++ if (!fdt)
++ panic("Failed to map TOS_FW_CONFIG DT");
++
++ dt->blob = fdt;
++
++ ret = fdt_open_into(fdt, fdt, CFG_DTB_MAX_SIZE);
++ if (ret < 0) {
++ EMSG("Invalid Device Tree at %#lx: error %d", pa, ret);
++ panic();
++ }
++
++ IMSG("TOS_FW_CONFIG DT found");
++}
++#else
++void *get_tos_fw_config_dt(void)
++{
++ return NULL;
++}
++
++static void init_tos_fw_config_dt(unsigned long pa __unused)
++{
++}
++#endif /*CFG_CORE_SEL1_SPMC && CFG_DT*/
++
+ #ifdef CFG_CORE_DYN_SHM
+ static void discover_nsec_memory(void)
+ {
+@@ -1361,10 +1413,16 @@ static bool cpu_nmfi_enabled(void)
+ * Note: this function is weak just to make it possible to exclude it from
+ * the unpaged area.
+ */
+-void __weak boot_init_primary_late(unsigned long fdt)
++void __weak boot_init_primary_late(unsigned long fdt,
++ unsigned long tos_fw_config)
+ {
+ init_external_dt(fdt);
++ init_tos_fw_config_dt(tos_fw_config);
++#ifdef CFG_CORE_SEL1_SPMC
++ tpm_map_log_area(get_tos_fw_config_dt());
++#else
+ tpm_map_log_area(get_external_dt());
++#endif
+ discover_nsec_memory();
+ update_external_dt();
+ configure_console_from_dt();
+diff --git a/core/arch/arm/kernel/entry_a32.S b/core/arch/arm/kernel/entry_a32.S
+index 0f14ca2f6..3758fd8b7 100644
+--- a/core/arch/arm/kernel/entry_a32.S
++++ b/core/arch/arm/kernel/entry_a32.S
+@@ -1,7 +1,7 @@
+ /* SPDX-License-Identifier: BSD-2-Clause */
+ /*
+ * Copyright (c) 2014, Linaro Limited
+- * Copyright (c) 2021, Arm Limited
++ * Copyright (c) 2021-2023, Arm Limited
+ */
+
+ #include <arm32_macros.S>
+@@ -560,6 +560,7 @@ shadow_stack_access_ok:
+ str r0, [r8, #THREAD_CORE_LOCAL_FLAGS]
+ #endif
+ mov r0, r6 /* DT address */
++ mov r1, #0 /* unused */
+ bl boot_init_primary_late
+ #ifndef CFG_VIRTUALIZATION
+ mov r0, #THREAD_CLF_TMP
+diff --git a/core/arch/arm/kernel/entry_a64.S b/core/arch/arm/kernel/entry_a64.S
+index 047ae1f25..fa76437fb 100644
+--- a/core/arch/arm/kernel/entry_a64.S
++++ b/core/arch/arm/kernel/entry_a64.S
+@@ -1,7 +1,7 @@
+ /* SPDX-License-Identifier: BSD-2-Clause */
+ /*
+ * Copyright (c) 2015-2022, Linaro Limited
+- * Copyright (c) 2021, Arm Limited
++ * Copyright (c) 2021-2023, Arm Limited
+ */
+
+ #include <platform_config.h>
+@@ -320,7 +320,11 @@ clear_nex_bss:
+ bl core_mmu_set_default_prtn_tbl
+ #endif
+
++#ifdef CFG_CORE_SEL1_SPMC
++ mov x0, xzr /* pager not used */
++#else
+ mov x0, x19 /* pagable part address */
++#endif
+ mov x1, #-1
+ bl boot_init_primary_early
+
+@@ -337,7 +341,12 @@ clear_nex_bss:
+ mov x22, x0
+ str wzr, [x22, #THREAD_CORE_LOCAL_FLAGS]
+ #endif
+- mov x0, x20 /* DT address */
++ mov x0, x20 /* DT address also known as HW_CONFIG */
++#ifdef CFG_CORE_SEL1_SPMC
++ mov x1, x19 /* TOS_FW_CONFIG DT address */
++#else
++ mov x1, xzr /* unused */
++#endif
+ bl boot_init_primary_late
+ #ifdef CFG_CORE_PAUTH
+ init_pauth_per_cpu
+diff --git a/core/arch/arm/kernel/link_dummies_paged.c b/core/arch/arm/kernel/link_dummies_paged.c
+index 3b8287e06..023a5f3f5 100644
+--- a/core/arch/arm/kernel/link_dummies_paged.c
++++ b/core/arch/arm/kernel/link_dummies_paged.c
+@@ -1,6 +1,7 @@
+ // SPDX-License-Identifier: BSD-2-Clause
+ /*
+ * Copyright (c) 2017-2021, Linaro Limited
++ * Copyright (c) 2023, Arm Limited
+ */
+ #include <compiler.h>
+ #include <initcall.h>
+@@ -27,7 +28,8 @@ void __section(".text.dummy.call_finalcalls") call_finalcalls(void)
+ }
+
+ void __section(".text.dummy.boot_init_primary_late")
+-boot_init_primary_late(unsigned long fdt __unused)
++boot_init_primary_late(unsigned long fdt __unused,
++ unsigned long tos_fw_config __unused)
+ {
+ }
+
+diff --git a/core/arch/arm/kernel/secure_partition.c b/core/arch/arm/kernel/secure_partition.c
+index 1d36e90b1..d386f1e4d 100644
+--- a/core/arch/arm/kernel/secure_partition.c
++++ b/core/arch/arm/kernel/secure_partition.c
+@@ -1212,7 +1212,7 @@ static TEE_Result fip_sp_map_all(void)
+ int subnode = 0;
+ int root = 0;
+
+- fdt = get_external_dt();
++ fdt = get_tos_fw_config_dt();
+ if (!fdt) {
+ EMSG("No SPMC manifest found");
+ return TEE_ERROR_GENERIC;
+diff --git a/core/include/kernel/boot.h b/core/include/kernel/boot.h
+index 260854473..941e093b2 100644
+--- a/core/include/kernel/boot.h
++++ b/core/include/kernel/boot.h
+@@ -1,7 +1,7 @@
+ /* SPDX-License-Identifier: BSD-2-Clause */
+ /*
+ * Copyright (c) 2015-2020, Linaro Limited
+- * Copyright (c) 2021, Arm Limited
++ * Copyright (c) 2021-2023, Arm Limited
+ */
+ #ifndef __KERNEL_BOOT_H
+ #define __KERNEL_BOOT_H
+@@ -46,7 +46,7 @@ extern const struct core_mmu_config boot_mmu_config;
+ /* @nsec_entry is unused if using CFG_WITH_ARM_TRUSTED_FW */
+ void boot_init_primary_early(unsigned long pageable_part,
+ unsigned long nsec_entry);
+-void boot_init_primary_late(unsigned long fdt);
++void boot_init_primary_late(unsigned long fdt, unsigned long tos_fw_config);
+ void boot_init_memtag(void);
+
+ void __panic_at_smc_return(void) __noreturn;
+@@ -103,6 +103,9 @@ void *get_embedded_dt(void);
+ /* Returns external DTB if present, otherwise NULL */
+ void *get_external_dt(void);
+
++/* Returns TOS_FW_CONFIG DTB if present, otherwise NULL */
++void *get_tos_fw_config_dt(void);
++
+ /*
+ * get_aslr_seed() - return a random seed for core ASLR
+ * @fdt: Pointer to a device tree if CFG_DT_ADDR=y
+--
+2.39.1.windows.1
+
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0007-core-spmc-handle-non-secure-interrupts.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0007-core-spmc-handle-non-secure-interrupts.patch
new file mode 100644
index 0000000..28d1f03
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0007-core-spmc-handle-non-secure-interrupts.patch
@@ -0,0 +1,279 @@
+From f4b4f5bccc1be9a709008cc8e6107302745796c8 Mon Sep 17 00:00:00 2001
+From: Imre Kis <imre.kis@arm.com>
+Date: Tue, 18 Apr 2023 16:41:51 +0200
+Subject: [PATCH] core: spmc: handle non-secure interrupts
+
+Add FFA_INTERRUPT and FFA_RUN support for signaling non-secure
+interrupts and for resuming to the secure world. If a secure partition
+is preempted by a non-secure interrupt OP-TEE saves the SP's state and
+sends an FFA_INTERRUPT to the normal world. After handling the interrupt
+the normal world should send an FFA_RUN to OP-TEE so it can continue
+running the SP.
+If OP-TEE is the active FF-A endpoint (i.e. it is running TAs) the
+non-secure interrupts are signaled by the existing
+OPTEE_FFA_YIELDING_CALL_RETURN_INTERRUPT message instead of
+FFA_INTERRUPT.
+
+Upstream-Status: Submitted [https://github.com/OP-TEE/optee_os/pull/6002]
+
+Signed-off-by: Imre Kis <imre.kis@arm.com>
+Change-Id: I577ebe86d416ee494963216a66a3bfc8206921b4
+
+---
+ core/arch/arm/include/ffa.h | 2 +-
+ .../arch/arm/include/kernel/spmc_sp_handler.h | 11 +++++++
+ core/arch/arm/kernel/secure_partition.c | 17 ++++++++++
+ core/arch/arm/kernel/spmc_sp_handler.c | 26 ++++++++++++++++
+ core/arch/arm/kernel/thread.c | 7 +++++
+ core/arch/arm/kernel/thread_spmc.c | 31 ++++++++++++++++++-
+ core/arch/arm/kernel/thread_spmc_a64.S | 30 ++++++++++++++++++
+ 7 files changed, 122 insertions(+), 2 deletions(-)
+
+diff --git a/core/arch/arm/include/ffa.h b/core/arch/arm/include/ffa.h
+index 5a19fb0c..b3d1d354 100644
+--- a/core/arch/arm/include/ffa.h
++++ b/core/arch/arm/include/ffa.h
+@@ -50,7 +50,7 @@
+ #define FFA_ID_GET U(0x84000069)
+ #define FFA_MSG_WAIT U(0x8400006B)
+ #define FFA_MSG_YIELD U(0x8400006C)
+-#define FFA_MSG_RUN U(0x8400006D)
++#define FFA_RUN U(0x8400006D)
+ #define FFA_MSG_SEND U(0x8400006E)
+ #define FFA_MSG_SEND_DIRECT_REQ_32 U(0x8400006F)
+ #define FFA_MSG_SEND_DIRECT_REQ_64 U(0xC400006F)
+diff --git a/core/arch/arm/include/kernel/spmc_sp_handler.h b/core/arch/arm/include/kernel/spmc_sp_handler.h
+index f5bda7bf..30c1e469 100644
+--- a/core/arch/arm/include/kernel/spmc_sp_handler.h
++++ b/core/arch/arm/include/kernel/spmc_sp_handler.h
+@@ -25,6 +25,8 @@ void spmc_sp_start_thread(struct thread_smc_args *args);
+ int spmc_sp_add_share(struct ffa_rxtx *rxtx,
+ size_t blen, uint64_t *global_handle,
+ struct sp_session *owner_sp);
++void spmc_sp_set_to_preempted(struct ts_session *ts_sess);
++int spmc_sp_resume_from_preempted(uint16_t endpoint_id);
+ #else
+ static inline void spmc_sp_start_thread(struct thread_smc_args *args __unused)
+ {
+@@ -37,6 +39,15 @@ static inline int spmc_sp_add_share(struct ffa_rxtx *rxtx __unused,
+ {
+ return FFA_NOT_SUPPORTED;
+ }
++
++static inline void spmc_sp_set_to_preempted(struct ts_session *ts_sess __unused)
++{
++}
++
++static inline int spmc_sp_resume_from_preempted(uint16_t endpoint_id __unused)
++{
++ return FFA_NOT_SUPPORTED;
++}
+ #endif
+
+ #endif /* __KERNEL_SPMC_SP_HANDLER_H */
+diff --git a/core/arch/arm/kernel/secure_partition.c b/core/arch/arm/kernel/secure_partition.c
+index 1d36e90b..6e351e43 100644
+--- a/core/arch/arm/kernel/secure_partition.c
++++ b/core/arch/arm/kernel/secure_partition.c
+@@ -999,6 +999,8 @@ static TEE_Result sp_enter_invoke_cmd(struct ts_session *s,
+ struct sp_session *sp_s = to_sp_session(s);
+ struct ts_session *sess = NULL;
+ struct thread_ctx_regs *sp_regs = NULL;
++ uint32_t thread_id = THREAD_ID_INVALID;
++ uint32_t rpc_target_info = 0;
+ uint32_t panicked = false;
+ uint32_t panic_code = 0;
+
+@@ -1011,8 +1013,23 @@ static TEE_Result sp_enter_invoke_cmd(struct ts_session *s,
+ sp_regs->cpsr = read_daif() & (SPSR_64_DAIF_MASK << SPSR_64_DAIF_SHIFT);
+
+ exceptions = thread_mask_exceptions(THREAD_EXCP_ALL);
++
++ /*
++ * Store endpoint ID and thread ID in rpc_target_info. This will be used
++ * as w1 in FFA_INTERRUPT in case of a NWd interrupt.
++ */
++ rpc_target_info = thread_get_tsd()->rpc_target_info;
++ thread_id = thread_get_id();
++ assert((thread_id & ~0xffff) == 0);
++ thread_get_tsd()->rpc_target_info = (sp_s->endpoint_id << 16) |
++ (thread_id & 0xffff);
++
+ __thread_enter_user_mode(sp_regs, &panicked, &panic_code);
++
+ sp_regs->cpsr = cpsr;
++ /* Restore rpc_target_info */
++ thread_get_tsd()->rpc_target_info = rpc_target_info;
++
+ thread_unmask_exceptions(exceptions);
+
+ thread_user_clear_vfp(&ctx->uctx);
+diff --git a/core/arch/arm/kernel/spmc_sp_handler.c b/core/arch/arm/kernel/spmc_sp_handler.c
+index 5d3326fc..f4c7ff81 100644
+--- a/core/arch/arm/kernel/spmc_sp_handler.c
++++ b/core/arch/arm/kernel/spmc_sp_handler.c
+@@ -366,6 +366,32 @@ cleanup:
+ return res;
+ }
+
++void spmc_sp_set_to_preempted(struct ts_session *ts_sess)
++{
++ if (ts_sess && is_sp_ctx(ts_sess->ctx)) {
++ struct sp_session *sp_sess = to_sp_session(ts_sess);
++
++ assert(sp_sess->state == sp_busy);
++
++ sp_sess->state = sp_preempted;
++ }
++}
++
++int spmc_sp_resume_from_preempted(uint16_t endpoint_id)
++{
++ struct sp_session *sp_sess = sp_get_session(endpoint_id);
++
++ if (!sp_sess)
++ return FFA_INVALID_PARAMETERS;
++
++ if (sp_sess->state != sp_preempted)
++ return FFA_DENIED;
++
++ sp_sess->state = sp_busy;
++
++ return FFA_OK;
++}
++
+ static bool check_rxtx(struct ffa_rxtx *rxtx)
+ {
+ return rxtx && rxtx->rx && rxtx->tx && rxtx->size > 0;
+diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c
+index 1e7f9f96..8cd4dc96 100644
+--- a/core/arch/arm/kernel/thread.c
++++ b/core/arch/arm/kernel/thread.c
+@@ -531,6 +531,13 @@ int thread_state_suspend(uint32_t flags, uint32_t cpsr, vaddr_t pc)
+ core_mmu_set_user_map(NULL);
+ }
+
++ if (IS_ENABLED(CFG_SECURE_PARTITION)) {
++ struct ts_session *ts_sess =
++ TAILQ_FIRST(&threads[ct].tsd.sess_stack);
++
++ spmc_sp_set_to_preempted(ts_sess);
++ }
++
+ l->curr_thread = THREAD_ID_INVALID;
+
+ if (IS_ENABLED(CFG_VIRTUALIZATION))
+diff --git a/core/arch/arm/kernel/thread_spmc.c b/core/arch/arm/kernel/thread_spmc.c
+index 3b4ac0b4..bc4e7687 100644
+--- a/core/arch/arm/kernel/thread_spmc.c
++++ b/core/arch/arm/kernel/thread_spmc.c
+@@ -45,7 +45,7 @@ struct mem_frag_state {
+ #endif
+
+ /* Initialized in spmc_init() below */
+-static uint16_t my_endpoint_id;
++uint16_t my_endpoint_id;
+
+ /*
+ * If struct ffa_rxtx::size is 0 RX/TX buffers are not mapped or initialized.
+@@ -437,6 +437,32 @@ out:
+ FFA_PARAM_MBZ, FFA_PARAM_MBZ);
+ cpu_spin_unlock(&rxtx->spinlock);
+ }
++
++static void spmc_handle_run(struct thread_smc_args *args)
++{
++ uint16_t endpoint = (args->a1 >> 16) & 0xffff;
++ uint16_t thread_id = (args->a1 & 0xffff);
++ uint32_t rc = 0;
++
++ if (endpoint != my_endpoint_id) {
++ /*
++ * The endpoint should be an SP, try to resume the SP from
++ * preempted into busy state.
++ */
++ rc = spmc_sp_resume_from_preempted(endpoint);
++ if (rc)
++ goto out;
++ }
++
++ thread_resume_from_rpc(thread_id, 0, 0, 0, 0);
++
++ /* thread_resume_from_rpc return only of the thread_id is invalid */
++ rc = FFA_INVALID_PARAMETERS;
++
++out:
++ spmc_set_args(args, FFA_ERROR, FFA_PARAM_MBZ, rc, FFA_PARAM_MBZ,
++ FFA_PARAM_MBZ, FFA_PARAM_MBZ);
++}
+ #endif /*CFG_CORE_SEL1_SPMC*/
+
+ static void handle_yielding_call(struct thread_smc_args *args)
+@@ -970,6 +996,9 @@ void thread_spmc_msg_recv(struct thread_smc_args *args)
+ case FFA_PARTITION_INFO_GET:
+ spmc_handle_partition_info_get(args, &nw_rxtx);
+ break;
++ case FFA_RUN:
++ spmc_handle_run(args);
++ break;
+ #endif /*CFG_CORE_SEL1_SPMC*/
+ case FFA_INTERRUPT:
+ itr_core_handler();
+diff --git a/core/arch/arm/kernel/thread_spmc_a64.S b/core/arch/arm/kernel/thread_spmc_a64.S
+index 21cb6251..7297005a 100644
+--- a/core/arch/arm/kernel/thread_spmc_a64.S
++++ b/core/arch/arm/kernel/thread_spmc_a64.S
+@@ -14,6 +14,20 @@
+ #include <kernel/thread.h>
+ #include <optee_ffa.h>
+
++#if CFG_SECURE_PARTITION
++LOCAL_FUNC thread_ffa_interrupt , :
++ mov_imm x0, FFA_INTERRUPT /* FID */
++ /* X1: Endpoint/vCPU IDs is set by caller */
++ mov x2, #FFA_PARAM_MBZ /* Param MBZ */
++ mov x3, #FFA_PARAM_MBZ /* Param MBZ */
++ mov x4, #FFA_PARAM_MBZ /* Param MBZ */
++ mov x5, #FFA_PARAM_MBZ /* Param MBZ */
++ mov x6, #FFA_PARAM_MBZ /* Param MBZ */
++ mov x7, #FFA_PARAM_MBZ /* Param MBZ */
++ b .ffa_msg_loop
++END_FUNC thread_ffa_msg_wait
++#endif /* CFG_SECURE_PARTITION */
++
+ FUNC thread_ffa_msg_wait , :
+ mov_imm x0, FFA_MSG_WAIT /* FID */
+ mov x1, #FFA_TARGET_INFO_MBZ /* Target info MBZ */
+@@ -171,6 +185,14 @@ END_FUNC thread_rpc
+ * The current thread as indicated by @thread_index has just been
+ * suspended. The job here is just to inform normal world the thread id to
+ * resume when returning.
++ * If the active FF-A endpoint is OP-TEE (or a TA) then an this function send an
++ * OPTEE_FFA_YIELDING_CALL_RETURN_INTERRUPT message to the normal world via the
++ * FFA_MSG_SEND_DIRECT_RESP interface. This is handled by the OP-TEE
++ * driver in Linux so it can schedule task to the thread.
++ * If the active endpoint is an SP the function sends an FFA_INTERRUPT. This is
++ * handled by the FF-A driver and after taking care of the NWd interrupts it
++ * returns via an FFA_RUN call.
++ * The active endpoint is determined by the upper 16 bits of rpc_target_info.
+ */
+ FUNC thread_foreign_intr_exit , :
+ /* load threads[w0].tsd.rpc_target_info into w1 */
+@@ -178,6 +200,14 @@ FUNC thread_foreign_intr_exit , :
+ adr_l x2, threads
+ madd x1, x1, x0, x2
+ ldr w1, [x1, #THREAD_CTX_TSD_RPC_TARGET_INFO]
++#if CFG_SECURE_PARTITION
++ adr_l x2, my_endpoint_id
++ ldrh w2, [x2]
++ lsr w3, w1, #16
++ cmp w2, w3
++ /* (threads[w0].tsd.rpc_target_info >> 16) != my_endpoint_id */
++ bne thread_ffa_interrupt
++#endif /* CFG_SECURE_PARTITION */
+ mov x2, #FFA_PARAM_MBZ
+ mov w3, #FFA_PARAM_MBZ
+ mov w4, #OPTEE_FFA_YIELDING_CALL_RETURN_INTERRUPT
+
+--
+2.17.1
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch
new file mode 100644
index 0000000..6b502d7
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-3.20.0/0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch
@@ -0,0 +1,150 @@
+From cad33cffb5be17fc0654aaf03c4d5227ae682e7a Mon Sep 17 00:00:00 2001
+From: Imre Kis <imre.kis@arm.com>
+Date: Tue, 25 Apr 2023 14:19:14 +0200
+Subject: [PATCH] core: spmc: configure SP's NS interrupt action based on
+ the manifest
+
+Used mandatory ns-interrupts-action SP manifest property to configure
+signaled or queued non-secure interrupt handling.
+
+Upstream-Status: Submitted [https://github.com/OP-TEE/optee_os/pull/6002]
+
+Signed-off-by: Imre Kis <imre.kis@arm.com>
+Change-Id: I843e69e5dbb9613ecd8b95654e8ca1730a594ca6
+---
+ .../arm/include/kernel/secure_partition.h | 2 +
+ core/arch/arm/kernel/secure_partition.c | 66 +++++++++++++++++--
+ 2 files changed, 63 insertions(+), 5 deletions(-)
+
+diff --git a/core/arch/arm/include/kernel/secure_partition.h b/core/arch/arm/include/kernel/secure_partition.h
+index 290750936..3bf339d3c 100644
+--- a/core/arch/arm/include/kernel/secure_partition.h
++++ b/core/arch/arm/include/kernel/secure_partition.h
+@@ -43,6 +43,8 @@ struct sp_session {
+ unsigned int spinlock;
+ const void *fdt;
+ bool is_initialized;
++ uint32_t ns_interrupts_action;
++ uint32_t ns_interrupts_action_inherited;
+ TAILQ_ENTRY(sp_session) link;
+ };
+
+diff --git a/core/arch/arm/kernel/secure_partition.c b/core/arch/arm/kernel/secure_partition.c
+index 52365553b..e54069c17 100644
+--- a/core/arch/arm/kernel/secure_partition.c
++++ b/core/arch/arm/kernel/secure_partition.c
+@@ -46,6 +46,10 @@
+ SP_MANIFEST_ATTR_WRITE | \
+ SP_MANIFEST_ATTR_EXEC)
+
++#define SP_MANIFEST_NS_INT_QUEUED (0x0)
++#define SP_MANIFEST_NS_INT_MANAGED_EXIT (0x1)
++#define SP_MANIFEST_NS_INT_SIGNALED (0x2)
++
+ #define SP_PKG_HEADER_MAGIC (0x474b5053)
+ #define SP_PKG_HEADER_VERSION_V1 (0x1)
+ #define SP_PKG_HEADER_VERSION_V2 (0x2)
+@@ -907,6 +911,30 @@ static TEE_Result sp_init_uuid(const TEE_UUID *uuid, const void * const fdt)
+ return res;
+ DMSG("endpoint is 0x%"PRIx16, sess->endpoint_id);
+
++ res = sp_dt_get_u32(fdt, 0, "ns-interrupts-action",
++ &sess->ns_interrupts_action);
++
++ if (res) {
++ EMSG("Mandatory property is missing: ns-interrupts-action");
++ return res;
++ }
++
++ switch (sess->ns_interrupts_action) {
++ case SP_MANIFEST_NS_INT_QUEUED:
++ case SP_MANIFEST_NS_INT_SIGNALED:
++ /* OK */
++ break;
++
++ case SP_MANIFEST_NS_INT_MANAGED_EXIT:
++ EMSG("Managed exit is not implemented");
++ return TEE_ERROR_NOT_IMPLEMENTED;
++
++ default:
++ EMSG("Invalid ns-interrupts-action value: %d",
++ sess->ns_interrupts_action);
++ return TEE_ERROR_BAD_PARAMETERS;
++ }
++
+ return TEE_SUCCESS;
+ }
+
+@@ -989,17 +1017,45 @@ TEE_Result sp_enter(struct thread_smc_args *args, struct sp_session *sp)
+ return res;
+ }
+
++/*
++ * According to FF-A v1.1 section 8.3.1.4 if a caller requires less permissive
++ * active on NS interrupt than the callee, the callee must inherit the caller's
++ * configuration.
++ * Each SP's own NS action setting is stored in ns_interrupts_action. The
++ * effective action will be MIN([self action], [caller's action]) which is
++ * stored in the ns_interrupts_action_inherited field.
++ */
++static void sp_cpsr_configure_foreing_interrupts(struct sp_session *s,
++ struct ts_session *caller,
++ uint64_t *cpsr)
++{
++ if (caller) {
++ struct sp_session *caller_sp = to_sp_session(caller);
++
++ s->ns_interrupts_action_inherited =
++ MIN(caller_sp->ns_interrupts_action_inherited,
++ s->ns_interrupts_action);
++ } else {
++ s->ns_interrupts_action_inherited = s->ns_interrupts_action;
++ }
++
++ if (s->ns_interrupts_action_inherited == SP_MANIFEST_NS_INT_QUEUED)
++ *cpsr |= (THREAD_EXCP_FOREIGN_INTR << ARM32_CPSR_F_SHIFT);
++ else
++ *cpsr &= ~(THREAD_EXCP_FOREIGN_INTR << ARM32_CPSR_F_SHIFT);
++}
++
+ static TEE_Result sp_enter_invoke_cmd(struct ts_session *s,
+ uint32_t cmd __unused)
+ {
+ struct sp_ctx *ctx = to_sp_ctx(s->ctx);
+ TEE_Result res = TEE_SUCCESS;
+ uint32_t exceptions = 0;
+- uint64_t cpsr = 0;
+ struct sp_session *sp_s = to_sp_session(s);
+ struct ts_session *sess = NULL;
+ struct thread_ctx_regs *sp_regs = NULL;
+ uint32_t thread_id = THREAD_ID_INVALID;
++ struct ts_session *caller = NULL;
+ uint32_t rpc_target_info = 0;
+ uint32_t panicked = false;
+ uint32_t panic_code = 0;
+@@ -1009,11 +1065,12 @@ static TEE_Result sp_enter_invoke_cmd(struct ts_session *s,
+ sp_regs = &ctx->sp_regs;
+ ts_push_current_session(s);
+
+- cpsr = sp_regs->cpsr;
+- sp_regs->cpsr = read_daif() & (SPSR_64_DAIF_MASK << SPSR_64_DAIF_SHIFT);
+-
+ exceptions = thread_mask_exceptions(THREAD_EXCP_ALL);
+
++ /* Enable/disable foreign interrupts in CPSR/SPSR */
++ caller = ts_get_calling_session();
++ sp_cpsr_configure_foreing_interrupts(sp_s, caller, &sp_regs->cpsr);
++
+ /*
+ * Store endpoint ID and thread ID in rpc_target_info. This will be used
+ * as w1 in FFA_INTERRUPT in case of a NWd interrupt.
+@@ -1026,7 +1083,6 @@ static TEE_Result sp_enter_invoke_cmd(struct ts_session *s,
+
+ __thread_enter_user_mode(sp_regs, &panicked, &panic_code);
+
+- sp_regs->cpsr = cpsr;
+ /* Restore rpc_target_info */
+ thread_get_tsd()->rpc_target_info = rpc_target_info;
+
+--
+2.17.1
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.2%.bbappend b/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.2%.bbappend
new file mode 100644
index 0000000..a9732e4
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.2%.bbappend
@@ -0,0 +1,4 @@
+# Include extra headers needed by SPMC tests to TA DEVKIT.
+# Supported after op-tee v3.20
+EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
+ ' CFG_SPMC_TESTS=y', '' , d)}"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-ts-3.18.inc b/meta-arm/meta-arm/recipes-security/optee/optee-os-ts-3.18.inc
new file mode 100644
index 0000000..4dffc46
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-ts-3.18.inc
@@ -0,0 +1,54 @@
+# Include Trusted Services SPs accordingly to defined machine features
+
+# Please notice that OPTEE will load SPs in the order listed in this file.
+# If an SP requires another SP to be already loaded it must be listed lower.
+
+# TS SPs UUIDs definitions
+require recipes-security/trusted-services/ts-uuid.inc
+
+TS_ENV = "opteesp"
+TS_BIN = "${RECIPE_SYSROOT}/usr/${TS_ENV}/bin"
+
+# ITS SP
+DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \
+ ' ts-sp-its', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \
+ ' ${TS_BIN}/${ITS_UUID}.stripped.elf', '', d)}"
+
+# Storage SP
+DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \
+ ' ts-sp-storage', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \
+ ' ${TS_BIN}/${STORAGE_UUID}.stripped.elf', '', d)}"
+
+# Crypto SP.
+DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \
+ ' ts-sp-crypto', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \
+ ' ${TS_BIN}/${CRYPTO_UUID}.stripped.elf', '', d)}"
+
+# Attestation SP
+DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \
+ ' ts-sp-attestation', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \
+ ' ${TS_BIN}/${ATTESTATION_UUID}.stripped.elf', '', d)}"
+
+# Env-test SP
+DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \
+ ' ts-sp-env-test', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \
+ ' ${TS_BIN}/${ENV_TEST_UUID}.stripped.elf', '', d)}"
+
+# SE-Proxy SP
+DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \
+ ' ts-sp-se-proxy', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \
+ ' ${TS_BIN}/${SE_PROXY_UUID}.stripped.elf', '', d)}"
+
+# SMM Gateway
+DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \
+ ' ts-sp-smm-gateway', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \
+ ' ${TS_BIN}/${SMM_GATEWAY_UUID}.stripped.elf', '', d)}"
+
+EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', ' CFG_MAP_EXT_DT_SECURE=y CFG_SECURE_PARTITION=y SP_PATHS="${SP_PATHS}" ', d)}"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-ts.inc b/meta-arm/meta-arm/recipes-security/optee/optee-os-ts.inc
index 73b8c14..057dde2 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-ts.inc
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os-ts.inc
@@ -51,4 +51,12 @@
SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \
' ${TS_BIN}/${SMM_GATEWAY_UUID}.stripped.elf', '', d)}"
-EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', ' CFG_SECURE_PARTITION=y SP_PATHS="${SP_PATHS}" ', d)}"
+# SPM test SPs
+DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
+ ' ts-sp-spm-test1 ts-sp-spm-test2 ts-sp-spm-test3', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
+ ' ${TS_BIN}/${SPM_TEST1_UUID}.stripped.elf ${TS_BIN}/${SPM_TEST2_UUID}.stripped.elf ${TS_BIN}/${SPM_TEST3_UUID}.stripped.elf', '', d)}"
+EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
+ ' CFG_SPMC_TESTS=y', '' , d)}"
+
+EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', ' CFG_MAP_EXT_DT_SECURE=y CFG_SECURE_PARTITION=y SP_PATHS="${SP_PATHS}" ', d)}"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.1%.bbappend b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.1%.bbappend
new file mode 100644
index 0000000..2ff1b83
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.1%.bbappend
@@ -0,0 +1,5 @@
+# Include Trusted Services Secure Partitions
+require optee-os-ts-3.18.inc
+
+# Conditionally include platform specific Trusted Services related OPTEE build parameters
+EXTRA_OEMAKE:append:qemuarm64-secureboot = "${@oe.utils.conditional('SP_PATHS', '', '', ' CFG_CORE_HEAP_SIZE=131072 CFG_TEE_BENCHMARK=n CFG_TEE_CORE_LOG_LEVEL=4 CFG_CORE_SEL1_SPMC=y ', d)}"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os_%.bbappend b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.2%.bbappend
similarity index 100%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os_%.bbappend
rename to meta-arm/meta-arm/recipes-security/optee/optee-os_3.2%.bbappend
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.20.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.20.0.bb
index 5f4b066..2d4d6d6 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.20.0.bb
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.20.0.bb
@@ -7,4 +7,9 @@
SRCREV = "8e74d47616a20eaa23ca692f4bbbf917a236ed94"
SRC_URI:append = " \
file://0004-core-Define-section-attributes-for-clang.patch \
+ file://0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch \
+ file://0006-core-ffa-add-TOS_FW_CONFIG-handling.patch \
+ file://0007-core-spmc-handle-non-secure-interrupts.patch \
+ file://0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch \
"
+EXTRA_OEMAKE += " CFG_MAP_EXT_DT_SECURE=y"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-test/Update-arm_ffa_user-driver-dependency.patch b/meta-arm/meta-arm/recipes-security/optee/optee-test/Update-arm_ffa_user-driver-dependency.patch
new file mode 100644
index 0000000..e889f74
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-test/Update-arm_ffa_user-driver-dependency.patch
@@ -0,0 +1,39 @@
+From 7e15470f3dd45c844f0e0901f0c85c46a0882b8b Mon Sep 17 00:00:00 2001
+From: Gabor Toth <gabor.toth2@arm.com>
+Date: Fri, 3 Mar 2023 12:23:45 +0100
+Subject: [PATCH 1/2] Update arm_ffa_user driver dependency
+
+Updating arm-ffa-user to v5.0.1 to get the following changes:
+ - move to 64 bit direct messages
+ - add Linux Kernel v6.1 compatibility
+The motivation is to update x-test to depend on the same driver
+version as TS uefi-test and thus to enable running these in a single
+configuration.
+Note: arm_ffa_user.h was copied from:
+ - URL:https://git.gitlab.arm.com/linux-arm/linux-trusted-services.git
+ - SHA:18e3be71f65a405dfb5d97603ae71b3c11759861
+
+Upstream-Status: Backport
+
+Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
+Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
+---
+ host/xtest/include/uapi/linux/arm_ffa_user.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/host/xtest/include/uapi/linux/arm_ffa_user.h b/host/xtest/include/uapi/linux/arm_ffa_user.h
+index 9ef0be3..0acde4f 100644
+--- a/host/xtest/include/uapi/linux/arm_ffa_user.h
++++ b/host/xtest/include/uapi/linux/arm_ffa_user.h
+@@ -33,7 +33,7 @@ struct ffa_ioctl_ep_desc {
+ * @dst_id: [in] 16-bit ID of destination endpoint.
+ */
+ struct ffa_ioctl_msg_args {
+- __u32 args[5];
++ __u64 args[5];
+ __u16 dst_id;
+ };
+ #define FFA_IOC_MSG_SEND _IOWR(FFA_IOC_MAGIC, FFA_IOC_BASE + 1, \
+--
+2.39.1.windows.1
+
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-test/ffa_spmc-Add-arm_ffa_user-driver-compatibility-check.patch b/meta-arm/meta-arm/recipes-security/optee/optee-test/ffa_spmc-Add-arm_ffa_user-driver-compatibility-check.patch
new file mode 100644
index 0000000..d333e86
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-test/ffa_spmc-Add-arm_ffa_user-driver-compatibility-check.patch
@@ -0,0 +1,163 @@
+From 6734d14cc249af37705129de7874533df9535cd3 Mon Sep 17 00:00:00 2001
+From: Gabor Toth <gabor.toth2@arm.com>
+Date: Fri, 3 Mar 2023 12:25:58 +0100
+Subject: [PATCH 2/2] ffa_spmc: Add arm_ffa_user driver compatibility check
+
+Check the version of the arm_ffa_user Kernel Driver and fail with a
+meaningful message if incompatible driver is detected.
+
+Upstream-Status: Backport
+
+Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
+Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
+---
+ host/xtest/ffa_spmc_1000.c | 68 ++++++++++++++++++++++++++++++++++----
+ 1 file changed, 61 insertions(+), 7 deletions(-)
+
+diff --git a/host/xtest/ffa_spmc_1000.c b/host/xtest/ffa_spmc_1000.c
+index 15f4a46..1839d03 100644
+--- a/host/xtest/ffa_spmc_1000.c
++++ b/host/xtest/ffa_spmc_1000.c
+@@ -1,11 +1,12 @@
+ // SPDX-License-Identifier: BSD-3-Clause
+ /*
+- * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.
++ * Copyright (c) 2022-2023, Arm Limited and Contributors. All rights reserved.
+ */
+ #include <fcntl.h>
+ #include <ffa.h>
+ #include <stdio.h>
+ #include <string.h>
++#include <errno.h>
+ #include <sys/ioctl.h>
+ #include <unistd.h>
+ #include "include/uapi/linux/arm_ffa_user.h"
+@@ -17,6 +18,10 @@
+ #define INCORRECT_ENDPOINT_ID 0xffff
+ #define NORMAL_WORLD_ENDPOINT_ID 0
+
++#define FFA_USER_REQ_VER_MAJOR 5
++#define FFA_USER_REQ_VER_MINOR 0
++#define FFA_USER_REQ_VER_PATCH 1
++
+ /* Get the 32 least significant bits of a handle.*/
+ #define MEM_SHARE_HANDLE_LOW(x) ((x) & 0xffffffff)
+ /* Get the 32 most significant bits of a handle.*/
+@@ -62,6 +67,50 @@ static struct ffa_ioctl_ep_desc test_endpoint3 = {
+ .uuid_ptr = (uint64_t)test_endpoint3_uuid,
+ };
+
++static bool check_ffa_user_version(void)
++{
++ FILE *f = NULL;
++ int ver_major = -1;
++ int ver_minor = -1;
++ int ver_patch = -1;
++ int scan_cnt = 0;
++
++ f = fopen("/sys/module/arm_ffa_user/version", "r");
++ if (f) {
++ scan_cnt = fscanf(f, "%d.%d.%d",
++ &ver_major, &ver_minor, &ver_patch);
++ fclose(f);
++ if (scan_cnt != 3) {
++ printf("error: failed to parse arm_ffa_user version\n");
++ return false;
++ }
++ } else {
++ printf("error: failed to read arm_ffa_user module info - %s\n",
++ strerror(errno));
++ return false;
++ }
++
++ if (ver_major != FFA_USER_REQ_VER_MAJOR)
++ goto err;
++
++ if (ver_minor < FFA_USER_REQ_VER_MINOR)
++ goto err;
++
++ if (ver_minor == FFA_USER_REQ_VER_MINOR)
++ if (ver_patch < FFA_USER_REQ_VER_PATCH)
++ goto err;
++
++ return true;
++
++err:
++ printf("error: Incompatible arm_ffa_user driver detected.");
++ printf("Found v%d.%d.%d wanted >= v%d.%d.%d)\n",
++ ver_major, ver_minor, ver_patch, FFA_USER_REQ_VER_MAJOR,
++ FFA_USER_REQ_VER_MINOR, FFA_USER_REQ_VER_PATCH);
++
++ return false;
++}
++
+ static void close_debugfs(void)
+ {
+ int err = 0;
+@@ -76,6 +125,9 @@ static void close_debugfs(void)
+
+ static bool init_sp_xtest(ADBG_Case_t *c)
+ {
++ if (!check_ffa_user_version())
++ return false;
++
+ if (ffa_fd < 0) {
+ ffa_fd = open(FFA_DRIVER_FS_PATH, O_RDWR);
+ if (ffa_fd < 0) {
+@@ -83,6 +135,7 @@ static bool init_sp_xtest(ADBG_Case_t *c)
+ return false;
+ }
+ }
++
+ return true;
+ }
+
+@@ -99,7 +152,7 @@ static uint16_t get_endpoint_id(uint64_t endp)
+ struct ffa_ioctl_ep_desc sid = { .uuid_ptr = endp };
+
+ /* Get ID of destination SP based on UUID */
+- if(ioctl(ffa_fd, FFA_IOC_GET_PART_ID, &sid))
++ if (ioctl(ffa_fd, FFA_IOC_GET_PART_ID, &sid))
+ return INCORRECT_ENDPOINT_ID;
+
+ return sid.id;
+@@ -213,14 +266,15 @@ static int set_up_mem(struct ffa_ioctl_ep_desc *endp,
+ rc = share_mem(endpoint, handle);
+ ADBG_EXPECT_COMPARE_SIGNED(c, rc, ==, 0);
+
+- if (!ADBG_EXPECT_TRUE(c, handle != NULL))
+- return TEEC_ERROR_GENERIC;
++ if (!ADBG_EXPECT_NOT_NULL(c, handle))
++ return TEEC_ERROR_GENERIC;
+
+ /* SP will retrieve the memory region. */
+ memset(args, 0, sizeof(*args));
+ args->dst_id = endpoint;
+ args->args[MEM_SHARE_HANDLE_LOW_INDEX] = MEM_SHARE_HANDLE_LOW(*handle);
+- args->args[MEM_SHARE_HANDLE_HIGH_INDEX] = MEM_SHARE_HANDLE_HIGH(*handle);
++ args->args[MEM_SHARE_HANDLE_HIGH_INDEX] =
++ MEM_SHARE_HANDLE_HIGH(*handle);
+ args->args[MEM_SHARE_HANDLE_ENDPOINT_INDEX] = NORMAL_WORLD_ENDPOINT_ID;
+
+ rc = start_sp_test(endpoint, EP_RETRIEVE, args);
+@@ -254,7 +308,7 @@ static void xtest_ffa_spmc_test_1002(ADBG_Case_t *c)
+ rc = start_sp_test(endpoint1_id, EP_TEST_SP, &args);
+ ADBG_EXPECT_COMPARE_SIGNED(c, rc, ==, 0);
+ if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, args.args[0], ==, SPMC_TEST_OK))
+- goto out;
++ goto out;
+
+ /* Set up memory and have the SP retrieve it. */
+ Do_ADBG_BeginSubCase(c, "Test memory set-up");
+@@ -469,7 +523,7 @@ static void xtest_ffa_spmc_test_1005(ADBG_Case_t *c)
+ memset(&args, 0, sizeof(args));
+ args.args[1] = endpoint2;
+ args.args[2] = endpoint3;
+- rc = start_sp_test(endpoint1, EP_SP_MEM_SHARING_MULTI,&args);
++ rc = start_sp_test(endpoint1, EP_SP_MEM_SHARING_MULTI, &args);
+ ADBG_EXPECT_COMPARE_SIGNED(c, rc, ==, 0);
+ ADBG_EXPECT_COMPARE_UNSIGNED(c, args.args[0], ==, SPMC_TEST_OK);
+
+--
+2.39.1.windows.1
+
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-test_3.2%.bbappend b/meta-arm/meta-arm/recipes-security/optee/optee-test_3.2%.bbappend
new file mode 100644
index 0000000..c052774
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-test_3.2%.bbappend
@@ -0,0 +1,7 @@
+# Include ffa_spmc test group if the SPMC test is enabled.
+# Supported after op-tee v3.20
+EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
+ ' CFG_SPMC_TESTS=y CFG_SECURE_PARTITION=y', '' , d)}"
+
+RDEPENDS:${PN} += "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
+ ' arm-ffa-user', '' , d)}"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-test_3.20.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-test_3.20.0.bb
index 95452b6..50f5afe 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-test_3.20.0.bb
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-test_3.20.0.bb
@@ -1,6 +1,8 @@
require optee-test.inc
SRC_URI:append = " \
+ file://Update-arm_ffa_user-driver-dependency.patch \
+ file://ffa_spmc-Add-arm_ffa_user-driver-compatibility-check.patch \
file://musl-workaround.patch \
"
SRCREV = "5db8ab4c733d5b2f4afac3e9aef0a26634c4b444"
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/files/0001-Limit-nanopb-build-to-single-process.patch b/meta-arm/meta-arm/recipes-security/trusted-services/files/0001-Limit-nanopb-build-to-single-process.patch
new file mode 100644
index 0000000..28e041b
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/files/0001-Limit-nanopb-build-to-single-process.patch
@@ -0,0 +1,41 @@
+From aca9f9ae26235e9da2bc9adef49f9f5578f3e1e7 Mon Sep 17 00:00:00 2001
+From: Gyorgy Szing <Gyorgy.Szing@arm.com>
+Date: Tue, 25 Apr 2023 15:03:46 +0000
+Subject: [PATCH 1/1] Limit nanopb build to single process
+
+Sometimes in yocto the nanopb build step fails. The reason seems
+to be a race condition. This fix disables parallel build as
+a workaround.
+
+Upstream-Status: Inappropriate [yocto specific]
+
+Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
+---
+ external/nanopb/nanopb.cmake | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/external/nanopb/nanopb.cmake b/external/nanopb/nanopb.cmake
+index 36465f61..94f8048c 100644
+--- a/external/nanopb/nanopb.cmake
++++ b/external/nanopb/nanopb.cmake
+@@ -65,6 +65,8 @@ if(TARGET stdlib::c)
+ unset_saved_properties(LIBC)
+ endif()
+
++set(_PROCESSOR_COUNT ${PROCESSOR_COUNT})
++set(PROCESSOR_COUNT 1)
+ include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED)
+ LazyFetch_MakeAvailable(DEP_NAME nanopb
+ FETCH_OPTIONS ${GIT_OPTIONS}
+@@ -73,6 +75,8 @@ LazyFetch_MakeAvailable(DEP_NAME nanopb
+ CACHE_FILE "${TS_ROOT}/external/nanopb/nanopb-init-cache.cmake.in"
+ SOURCE_DIR "${NANOPB_SOURCE_DIR}"
+ )
++set(PROCESSOR_COUNT ${_PROCESSOR_COUNT})
++
+ unset(_cmake_fragment)
+
+ if(TARGET stdlib::c)
+--
+2.34.1
+
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services-src.inc b/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
index dc29550..2bb4a8a 100644
--- a/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
@@ -5,8 +5,14 @@
SRC_URI = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https;branch=integration;name=trusted-services;destsuffix=git/trusted-services \
"
-#latest on 12.10.22.
-SRCREV_trusted-services = "3d4956770f89eb9ae0a73257901ae6277c078da6"
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+
+SRC_URI:append = "\
+ file://0001-Limit-nanopb-build-to-single-process.patch \
+"
+
+#Latest on 2023 April 28
+SRCREV="08b3d39471f4914186bd23793dc920e83b0e3197"
LIC_FILES_CHKSUM = "file://${S}/license.rst;md5=ea160bac7f690a069c608516b17997f4"
S = "${WORKDIR}/git/trusted-services"
@@ -17,14 +23,14 @@
SRCREV_dtc = "b6910bec11614980a21e46fbccc35934b671bd81"
LIC_FILES_CHKSUM += "file://../dtc/README.license;md5=a1eb22e37f09df5b5511b8a278992d0e"
-# MbedTLS, tag "mbedtls-3.1.0"
+# MbedTLS, tag "mbedtls-3.3.0"
SRC_URI += "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;branch=master;destsuffix=git/mbedtls"
-SRCREV_mbedtls = "d65aeb37349ad1a50e0f6c9b694d4b5290d60e49"
+SRCREV_mbedtls = "8c89224991adff88d53cd380f42a2baa36f91454"
LIC_FILES_CHKSUM += "file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
-# Nanopb, tag "nanopb-0.4.6"
+# Nanopb, tag "nanopb-0.4.2"
SRC_URI += "git://github.com/nanopb/nanopb.git;name=nanopb;protocol=https;branch=master;destsuffix=git/nanopb"
-SRCREV_nanopb = "afc499f9a410fc9bbf6c9c48cdd8d8b199d49eb4"
+SRCREV_nanopb = "df0e92f474f9cca704fe2b31483f0b4d1b1715a4"
LIC_FILES_CHKSUM += "file://../nanopb/LICENSE.txt;md5=9db4b73a55a3994384112efcdb37c01f"
# qcbor, tag "v1.0.0"
@@ -54,15 +60,12 @@
# TS ships patches for external dependencies that needs to be applied
apply_ts_patches() {
- for p in ${S}/external/qcbor/*.patch; do
- patch -p1 -N -d ${WORKDIR}/git/qcbor < ${p} || true
- done
- for p in ${S}/external/t_cose/*.patch; do
- patch -p1 -N -d ${WORKDIR}/git/tcose < ${p} || true
- done
- for p in ${S}/external/CppUTest/*.patch; do
- patch -p1 -d ${WORKDIR}/git/cpputest < ${p}
- done
+ ( cd ${WORKDIR}/git/qcbor; git stash; git branch -f bf_am; git am ${S}/external/qcbor/*.patch; git reset bf_am )
+ ( cd ${WORKDIR}/git/tcose; git stash; git branch -f bf_am; git am ${S}/external/t_cose/*.patch; git reset bf_am )
+ ( cd ${WORKDIR}/git/mbedtls; git stash; git branch -f bf_am; git am ${S}/external/MbedTLS/*.patch; git reset bf_am )
+ ( cd ${WORKDIR}/git/cpputest; git stash; git apply ${S}/external/CppUTest/*.patch )
+ ( cd ${WORKDIR}/git/dtc; git stash; git apply ${S}/external/libfdt/*.patch )
+ ( cd ${WORKDIR}/git/nanopb; git stash; git apply ${S}/external/nanopb/*.patch )
}
do_patch[postfuncs] += "apply_ts_patches"
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-demo_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/ts-demo_git.bb
index a9f7b65..668bde5 100644
--- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-demo_git.bb
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-demo_git.bb
@@ -6,6 +6,7 @@
require trusted-services.inc
+DEPENDS += "python3-jsonschema-native python3-jinja2-native"
DEPENDS += "libts"
RDEPENDS:${PN} += "libts"
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb b/meta-arm/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb
index 408c7d3..24a724a 100644
--- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb
@@ -22,9 +22,7 @@
# TS ships a patch that needs to be applied to newlib
apply_ts_patch() {
- for p in ${S}/external/newlib/*.patch; do
- patch -p1 -d ${WORKDIR}/git/newlib < ${p}
- done
+ ( cd ${WORKDIR}/git/newlib; git stash; git branch -f bf_am; git am ${S}/external/newlib/*.patch; git reset bf_am )
}
do_patch[postfuncs] += "apply_ts_patch"
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc b/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc
index 41cb0c0..8a7b0e5 100644
--- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc
@@ -4,6 +4,8 @@
require trusted-services.inc
+DEPENDS += "python3-jsonschema-native python3-jinja2-native"
+
DEPENDS += "libts"
RDEPENDS:${PN} += "libts"
@@ -11,7 +13,7 @@
file://0001-Pass-Yocto-build-settings-to-psa-arch-tests-native.patch;patchdir=../psatest \
"
-SRCREV_psatest = "451aa087a40d02c7d04778235014c5619d126471"
+SRCREV_psatest = "38cb53a4d9e292435ddf7899960b15af62decfbe"
LIC_FILES_CHKSUM += "file://../psatest/LICENSE.md;md5=2a944942e1496af1886903d274dedb13"
EXTRA_OECMAKE += "\
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb
index eef05fe..6cddfb0 100644
--- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb
@@ -3,5 +3,6 @@
require ts-sp-common.inc
SP_UUID = "${ATTESTATION_UUID}"
+TS_SP_IAT_CONFIG ?= "default"
-OECMAKE_SOURCEPATH="${S}/deployments/attestation/${TS_ENV}"
+OECMAKE_SOURCEPATH="${S}/deployments/attestation/config/${TS_SP_IAT_CONFIG}-${TS_ENV}"
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc
index 75ddab3..3d75601 100644
--- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-common.inc
@@ -17,8 +17,8 @@
dtc -I dts -O dtb -o ${D}${TS_INSTALL}/manifest/${SP_UUID}.dtb ${SP_DTS_FILE}
# We do not need libs and headers
- rm -r --one-file-system ${D}${TS_INSTALL}/lib
- rm -r --one-file-system ${D}${TS_INSTALL}/include
+ rm -rf --one-file-system ${D}${TS_INSTALL}/lib
+ rm -rf --one-file-system ${D}${TS_INSTALL}/include
}
# Use Yocto debug prefix maps for compiling assembler.
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb
index 77a2855..867e4a8 100644
--- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb
@@ -3,7 +3,8 @@
require ts-sp-common.inc
SP_UUID = "${CRYPTO_UUID}"
+TS_SP_CRYPTO_CONFIG ?= "default"
-DEPENDS += "python3-protobuf-native"
+DEPENDS += "python3-protobuf-native python3-jsonschema-native python3-jinja2-native"
-OECMAKE_SOURCEPATH="${S}/deployments/crypto/${TS_ENV}"
+OECMAKE_SOURCEPATH="${S}/deployments/crypto/config/${TS_SP_CRYPTO_CONFIG}-${TS_ENV}"
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-env-test_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-env-test_git.bb
index 040fd4d..5551a4d 100644
--- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-env-test_git.bb
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-env-test_git.bb
@@ -6,5 +6,6 @@
COMPATIBLE_MACHINE ?= "invalid"
SP_UUID = "${ENV_TEST_UUID}"
+TS_SP_ENVTEST_CONFIG ?= "baremetal-fvp_base_revc"
-OECMAKE_SOURCEPATH="${S}/deployments/env-test/${TS_ENV}"
+OECMAKE_SOURCEPATH="${S}/deployments/env-test/config/${TS_SP_ENVTEST_CONFIG}-${TS_ENV}"
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb
index 4eb5dc5..5472dbd 100644
--- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb
@@ -3,5 +3,6 @@
require ts-sp-common.inc
SP_UUID = "${ITS_UUID}"
+TS_SP_ITS_CONFIG ?= "default"
-OECMAKE_SOURCEPATH="${S}/deployments/internal-trusted-storage/${TS_ENV}"
+OECMAKE_SOURCEPATH="${S}/deployments/internal-trusted-storage/config/${TS_SP_ITS_CONFIG}-${TS_ENV}"
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb
index b924641..2678143 100644
--- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb
@@ -3,7 +3,8 @@
require ts-sp-common.inc
SP_UUID = "${SE_PROXY_UUID}"
+TS_SP_SE_PROXY_CONFIG ?= "default"
DEPENDS += "python3-protobuf-native"
-OECMAKE_SOURCEPATH="${S}/deployments/se-proxy/${TS_ENV}"
+OECMAKE_SOURCEPATH="${S}/deployments/se-proxy/config/${TS_SP_SE_PROXY_CONFIG}-${TS_ENV}"
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb
index 06ca6bd..752f7fe 100644
--- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb
@@ -3,5 +3,6 @@
require ts-sp-common.inc
SP_UUID = "${SMM_GATEWAY_UUID}"
+TS_SP_SMM_GATEWAY_CONFIG ?= "default"
-OECMAKE_SOURCEPATH="${S}/deployments/smm-gateway/${TS_ENV}"
+OECMAKE_SOURCEPATH="${S}/deployments/smm-gateway/config/${TS_SP_SMM_GATEWAY_CONFIG}-${TS_ENV}"
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc
new file mode 100644
index 0000000..e357629
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc
@@ -0,0 +1,7 @@
+DESCRIPTION = "Trusted Services SPMC test SPs"
+
+require ts-sp-common.inc
+
+SP_UUID = "${SPM_TEST${SP_INDEX}_UUID}"
+SP_DTS_FILE ?= "${D}${TS_INSTALL}/manifest/${SP_UUID}.dts"
+OECMAKE_SOURCEPATH="${S}/deployments/spm-test${SP_INDEX}/${TS_ENV}"
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb
new file mode 100644
index 0000000..4cbb970
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb
@@ -0,0 +1,5 @@
+DESCRIPTION = "Trusted Services SPMC test SP1"
+
+SP_INDEX="1"
+
+require ts-sp-spm-test-common.inc
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb
new file mode 100644
index 0000000..e6fb822
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb
@@ -0,0 +1,6 @@
+DESCRIPTION = "Trusted Services SPMC test SP2"
+
+SP_INDEX="2"
+
+require ts-sp-spm-test-common.inc
+
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb
new file mode 100644
index 0000000..ad3ee76
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb
@@ -0,0 +1,6 @@
+DESCRIPTION = "Trusted Services SPMC test SP3"
+
+SP_INDEX="3"
+
+require ts-sp-spm-test-common.inc
+
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb
index c893754..5b2f47b 100644
--- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb
@@ -3,5 +3,6 @@
require ts-sp-common.inc
SP_UUID = "${STORAGE_UUID}"
+TS_SP_PS_CONFIG ?= "default"
-OECMAKE_SOURCEPATH="${S}/deployments/protected-storage/${TS_ENV}"
+OECMAKE_SOURCEPATH="${S}/deployments/protected-storage/config/${TS_SP_PS_CONFIG}-${TS_ENV}"
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/ts-uuid.inc b/meta-arm/meta-arm/recipes-security/trusted-services/ts-uuid.inc
index 7a39f73..c18ec5d 100644
--- a/meta-arm/meta-arm/recipes-security/trusted-services/ts-uuid.inc
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/ts-uuid.inc
@@ -7,3 +7,6 @@
SE_PROXY_UUID = "46bb39d1-b4d9-45b5-88ff-040027dab249"
SMM_GATEWAY_UUID = "ed32d533-99e6-4209-9cc0-2d72cdd998a7"
STORAGE_UUID = "751bf801-3dde-4768-a514-0f10aeed1790"
+SPM_TEST1_UUID = "5c9edbc3-7b3a-4367-9f83-7c191ae86a37"
+SPM_TEST2_UUID = "7817164c-c40c-4d1a-867a-9bb2278cf41a"
+SPM_TEST3_UUID = "23eb0100-e32a-4497-9052-2f11e584afa6"
\ No newline at end of file