subtree updates

meta-arm: 14c7e5b336..3b7347cd67:
  Jon Mason (6):
        CI: Remove host bitbake variables
        arm: add Mickledore to layer compat string
        CI: Add packages for opencsd and gator-daemon to base build
        CI: add common fvp yml file
        arm/opencsd: update to version 1.3.1
        arm/gator-daemon: update to v7.8.0

  Jose Quaresma (2):
        optee-ftpm/optee-os: add missing space in EXTRA_OEMAKE
        optee-os-ts: avoid using escape chars in EXTRA_OEMAKE

  Mohamed Omar Asaker (4):
        Revert "arm-bsp/trusted-firmware-m: corstone1000: secure debug code checkout from yocto"
        Revert "arm-bsp/trusted-firmware-m: corstone1000: bump tfm SHA"
        arm-bsp/trusted-firmware-m: corstone1000 support FMP image info
        arm-bsp/corstone1000: add msd configs for fvp

  Ross Burton (5):
        arm/hafnium: add missing Upstream-Status
        arm-bsp/hafnium: add missing Upstream-Status
        arm-bsp/linux-arm64-ack: fix malformed Upstream-Status tag
        CI: add documentation job
        CI: track meta-openembedded's langdale branch

  Rui Miguel Silva (2):
        arm/trusted-services: port crypto config
        arm-bsp/corstone1000: apply ts patch to psa crypto api test

  Satish Kumar (1):
        arm-bsp/trusted-service: corstone1000: esrt support

  Vishnu Banavath (4):
        runfvp: corstone1000: add mmc card configuration
        meta-arm-bsp/doc: add readthedocs for corstone1000
        arm-bsp/optee: register DRAM1 for N1SDP target
        arm-bsp:optee: enable optee test for N1SDP target

meta-raspberrypi: 722c51647c..a305f4804b:
  Sung Gon Kim (1):
        libcamera: rename bbappend to match any version

meta-openembedded: 8073ec2275..6ebff843cc:
  Akash Hadke (1):
        audit: Fix compile error for audit_2.8.5

  Alex Kiernan (1):
        lldpd: Upgrade 1.0.14 -> 1.0.15

  Alexander Kanavin (3):
        sip3: remove the recipe
        python3-wxgtk4: skip the recipe
        python3-yappi: mark as incompatible with python 3.11

  Bhupesh Sharma (1):
        android-tools-conf-configfs: Allow handling two or more UDC controllers

  Eero Aaltonen (1):
        valijson: use install task from CMakeLists.txt

  Etienne Cordonnier (1):
        uutils-coreutils: upgrade 0.0.15 -> 0.0.16

  Gianfranco Costamagna (2):
        vboxguestdrivers: upgrade 6.1.38 -> 7.0.0
        vbxguestdrivers: upgrade 7.0.0 -> 7.0.2

  Joshua Watt (3):
        nginx: Add ipv6 support
        iniparser: Add native support
        libzip: Add native support

  Khem Raj (3):
        postfix: Upgrade to 3.7.3
        msktutil: Add recipe
        protobuf: Enable protoc binary in nativesdk

  Leon Anavi (7):
        python3-cheetah: Upgrade 3.2.6 -> 3.2.6.post1
        python3-dill: Upgrade 0.3.5.1 -> 0.3.6
        python3-pythonping: Upgrade 1.1.3 -> 1.1.4
        python3-colorama: Upgrade 0.4.5 -> 0.4.6
        python3-pint: Upgrade 0.19.2 -> 0.20
        python3-traitlets: Upgrade 5.4.0 -> 5.5.0
        python3-py-cpuinfo: Upgrade 8.0.0 -> 9.0.0

  Markus Volk (4):
        perfetto: build libperfetto
        libcamera: upgrade -> 0.0.1
        gtk-vnc: add recipe
        spice-gtk: add recipe

  Meier Boas (1):
        jwt-cpp: add recipe

  Ovidiu Panait (1):
        syzkaller: add recipe and selftest for syzkaller fuzzing

  Peter Marko (2):
        cpputest: remove dev package dependency
        cpputest: add possibility to build extensions

  Robert Joslyn (1):
        fwupd: Fix plugin_gpio PACKAGECONFIG

  Sebastian Trahm (1):
        Add recipe for python3-pytest-json-report

  Tim Orling (5):
        libmime-types-perl: upgrade 2.17 -> 2.22
        libcompress-raw*-perl: move from libio/compress-*
        libio-compress*-perl: cleanup; fixes
        libcompress-raw-*-perl: cleanup; fixes
        packagegroup-meta-perl: mv libcompress-raw-*-perl

  Vincent Davis Jr (2):
        libglvnd: add new recipe libglvnd v1.5.0
        xf86-video-amdgpu: add new recipe xf86-video-amdgpu

  Wang Mingyu (36):
        bats: upgrade 1.8.0 -> 1.8.2
        ctags: upgrade 5.9.20221009.0 -> 5.9.20221016.0
        fvwm: upgrade 2.6.9 -> 2.7.0
        makedumpfile: upgrade 1.7.1 -> 1.7.2
        sanlock: upgrade 3.8.4 -> 3.8.5
        python3-astroid: upgrade 2.12.11 -> 2.12.12
        python3-charset-normalizer: upgrade 2.1.1 -> 3.0.0
        python3-google-api-python-client: upgrade 2.64.0 -> 2.65.0
        python3-google-auth: upgrade 2.12.0 -> 2.13.0
        python3-grpcio-tools: upgrade 1.49.1 -> 1.50.0
        python3-grpcio: upgrade 1.49.1 -> 1.50.0
        python3-huey: upgrade 2.4.3 -> 2.4.4
        python3-incremental: upgrade 21.3.0 -> 22.10.0
        python3-luma-core: upgrade 2.3.1 -> 2.4.0
        python3-oauthlib: upgrade 3.2.1 -> 3.2.2
        python3-pandas: upgrade 1.5.0 -> 1.5.1
        python3-pastedeploy: upgrade 2.1.1 -> 3.0.1
        python3-pika: upgrade 1.3.0 -> 1.3.1
        python3-portalocker: upgrade 2.5.1 -> 2.6.0
        python3-protobuf: upgrade 4.21.7 -> 4.21.8
        python3-pyjwt: upgrade 2.5.0 -> 2.6.0
        python3-pymongo: upgrade 4.2.0 -> 4.3.2
        python3-pywbemtools: upgrade 1.0.0 -> 1.0.1
        python3-robotframework: upgrade 5.0.1 -> 6.0
        python3-socketio: upgrade 5.7.1 -> 5.7.2
        python3-sqlalchemy: upgrade 1.4.41 -> 1.4.42
        tracker-miners: upgrade 3.2.1 -> 3.4.1
        tracker: upgrade 3.4.0 -> 3.4.1
        wolfssl: upgrade 5.5.1 -> 5.5.2
        cglm: upgrade 0.8.5 -> 0.8.7
        ctags: upgrade 5.9.20221016.0 -> 5.9.20221023.0
        flatbuffers: upgrade 22.9.29 -> 22.10.26
        function2: upgrade 4.2.1 -> 4.2.2
        poco: upgrade 1.12.2 -> 1.12.3
        thingsboard-gateway: upgrade 3.1 -> 3.2
        grpc: upgrade 1.50.0 -> 1.50.1

  Xiangyu Chen (1):
        ipmitool: fix typo in .bb file's comments, using = instead of =?

  Zheng Qiu (1):
        jq: improve ptest and disable valgrind by default

  zhengruoqin (5):
        tcpslice: upgrade 1.5 -> 1.6
        tio: upgrade 2.1 -> 2.2
        python3-stevedore: upgrade 4.0.1 -> 4.1.0
        python3-xxhash: upgrade 3.0.0 -> 3.1.0
        python3-zeroconf: upgrade 0.39.1 -> 0.39.2

meta-security: e8e7318189..2aa48e6f4e:
  Armin Kuster (1):
        kas-security-base.yml: make work again

  Gowtham Suresh Kumar (1):
        Update PARSEC recipe to latest v1.1.0 release

  Michael Haener (1):
        tpm2-openssl: update to 1.1.1

poky: 95c802b0be..482c493cf6:
  Adrian Freihofer (3):
        own-mirrors: add crate
        buildconf: compare abspath
        ref-manual: add wic command bootloader ptable option

  Ahmad Fatoum (2):
        kernel-fitimage: mangle slashes to underscores as late as possible
        kernel-fitimage: skip FDT section creation for applicable symlinks

  Alex Kiernan (4):
        u-boot: Remove duplicate inherit of cml1
        u-boot: Add savedefconfig task
        rust: update 1.63.0 -> 1.64.0
        cargo_common.bbclass: Fix typos

  Alexander Kanavin (40):
        rust-target-config: match riscv target names with what rust expects
        rust: install rustfmt for riscv32 as well
        unfs3: correct upstream version check
        gnu-config: update to latest revision
        llvm: update 14.0.6 -> 15.0.1
        grep: update 3.7 -> 3.8
        hdparm: update 9.64 -> 9.65
        stress-ng: update 0.14.03 -> 0.14.06
        vulkan: update 1.3.216.0 -> 1.3.224.1
        wayland-utils: update 1.0.0 -> 1.1.0
        libxft: update 2.3.4 -> 2.3.6
        pinentry: update 1.2.0 -> 1.2.1
        ovmf: upgrade edk2-stable202205 -> edk2-stable202208
        cmake: update 3.24.0 -> 3.24.2
        jquery: upgrade 3.6.0 -> 3.6.1
        python3-dbus: upgrade 1.2.18 -> 1.3.2
        python3-hatch-fancy-pypi-readme: add a recipe
        python3-jsonschema: upgrade 4.9.1 -> 4.16.0
        shadow: update 4.12.1 -> 4.12.3
        lttng-modules: upgrade 2.13.4 -> 2.13.5
        libsoup: upgrade 3.0.7 -> 3.2.0
        libxslt: upgrade 1.1.35 -> 1.1.37
        quilt: backport a patch to address grep 3.8 failures
        python3: update 3.10.6 -> 3.11.0
        cargo-update-recipe-crates.bbclass: add a class to generate SRC_URI crate lists from Cargo.lock
        python3-bcrypt: convert to use cargo-update-recipe-crates class.
        python3-cryptography: convert to cargo-update-recipe-crates class
        groff: submit patches upstream
        tcl: correct patch status
        tcl: correct upstream version check
        lttng-tools: submit determinism.patch upstream
        cmake: drop qt4 patches
        kea: submit patch upstream
        argp-standalone: replace with a maintained fork
        ovmf: correct patches status
        go: submit patch upstream
        libffi: submit patch upstream
        go: update 1.19 -> 1.19.2
        rust-common.bbclass: use built-in rust targets for -native builds
        rust: submit a rewritten version of crossbeam_atomic.patch upstream

  Andrew Geissler (1):
        go: add support to build on ppc64le

  Bartosz Golaszewski (1):
        bluez5: add dbus to RDEPENDS

  Bernhard Rosenkränzer (1):
        cmake-native: Fix host tool contamination

  Bruce Ashfield (3):
        kern-tools: fix relative path processing
        linux-yocto/5.19: update to v5.19.14
        linux-yocto/5.15: update to v5.15.72

  Changhyeok Bae (2):
        ethtool: upgrade 5.19 -> 6.0
        iproute2: upgrade 5.19.0 -> 6.0.0

  Chen Qi (1):
        openssl: export necessary env vars in SDK

  Christian Eggers (1):
        linux-firmware: split rtl8761 firmware

  Claus Stovgaard (1):
        gstreamer1.0-libav: fix errors with ffmpeg 5.x

  Ed Tanous (1):
        openssl: Upgrade 3.0.5 -> 3.0.7

  Etienne Cordonnier (1):
        mirrors.bbclass: use shallow tarball for binutils-native

  Fabio Estevam (1):
        go-mod.bbclass: Remove repeated word

  Frank de Brabander (1):
        cve-update-db-native: add timeout to urlopen() calls

  Hitendra Prajapati (1):
        openssl: CVE-2022-3358 Using a Custom Cipher with NID_undef may lead to NULL encryption

  Jan-Simon Moeller (1):
        buildtools-tarball: export certificates to python and curl

  Jeremy Puhlman (1):
        qemu-native: Add PACKAGECONFIG option for jack

  Johan Korsnes (1):
        bitbake: bitbake: user-manual: inform about spaces in :remove

  Jon Mason (2):
        linux-yocto: add efi entry for machine features
        linux-yocto-dev: add qemuarmv5

  Jose Quaresma (3):
        kernel-yocto: improve fatal error messages of symbol_why.py
        oeqa/selftest/archiver: Add multiconfig test for shared recipes
        archiver: avoid using machine variable as it breaks multiconfig

  Joshua Watt (3):
        runqemu: Fix gl-es argument from causing other arguments to be ignored
        qemu-helper-native: Re-write bridge helper as C program
        runqemu: Do not perturb script environment

  Justin Bronder (1):
        bitbake: asyncrpc: serv: correct closed client socket detection

  Kai Kang (1):
        mesa: only apply patch to fix ALWAYS_INLINE for native

  Keiya Nobuta (2):
        gnutls: Unified package names to lower-case
        create-spdx: Remove ";name=..." for downloadLocation

  Khem Raj (3):
        perf: Depend on native setuptools3
        musl: Upgrade to latest master
        mesa: Add native patch via a variable

  Lee Chee Yang (2):
        migration-guides/release-notes-4.1.rst: update Repositories / Downloads
        migration-guides/release-notes-4.1.rst: update Repositories / Downloads

  Leon Anavi (1):
        python3-manifest.json: Move urllib to netclient

  Liam Beguin (1):
        meson: make wrapper options sub-command specific

  Luca Boccassi (1):
        systemd: add systemd-creds and systemd-cryptenroll to systemd-extra-utils

  Marek Vasut (1):
        bluez5: Point hciattach bcm43xx firmware search path to /lib/firmware

  Mark Asselstine (2):
        bitbake: tests: bb.tests.fetch.URLHandle: add 2 new tests
        bitbake: bitbake: bitbake-layers: checkout layer(s) branch when clone exists

  Mark Hatle (2):
        insane.bbclass: Allow hashlib version that only accepts on parameter
        bitbake: utils/ply: Update md5 to better report errors with hashlib

  Markus Volk (2):
        wayland-protocols: upgrade 1.26 -> 1.27
        mesa: update 22.2.0 -> 22.2.2

  Martin Jansa (3):
        vulkan-samples: add lfs=0 to SRC_URI to avoid git smudge errors in do_unpack
        externalsrc.bbclass: fix git repo detection
        cargo-update-recipe-crates: small improvements

  Maxim Uvarov (2):
        wic: add UEFI kernel as UEFI stub
        wic: bootimg-efi: implement --include-path

  Michael Opdenacker (11):
        manuals: updates for building on Windows (WSL 2)
        ref-manual: classes.rst: add links to all references to a class
        poky.conf: remove Ubuntu 21.10
        bitbake: doc: bitbake-user-manual: expand description of BB_PRESSURE_MAX variables
        bitbake: bitbake-user-manual: details about variable flags starting with underscore
        Documentation/README: formalize guidelines for external link syntax
        manuals: replace "_" by "__" in external links
        manuals: stop referring to the meta-openembedded repo from GitHub
        manuals: add missing references to SDKMACHINE and SDK_ARCH
        manuals: use references to the "Build Directory" term
        create-spdx.bbclass: remove unused SPDX_INCLUDE_PACKAGED

  Mikko Rapeli (6):
        os-release: replace DISTRO_CODENAME with VERSION_CODENAME
        os-release: add HOMEPAGE and link to documentation
        ref-manual: variables.rst: add documentation for CVE_VERSION
        ref-manual: classes.rst: improve documentation for cve-check.bbclass
        dev-manual: common-tasks.rst: add regular updates and CVE scans to security best practices
        dev-manual: common-tasks.rst: refactor and improve "Checking for Vulnerabilities" section

  Ming Liu (1):
        dropbear: add pam to PACKAGECONFIG

  Mingli Yu (1):
        grub: disable build on armv7ve/a with hardfp

  Oliver Lang (2):
        bitbake: cooker: fix a typo
        bitbake: runqueue: fix a typo

  Pablo Saavedra Rodi?o (1):
        weston: update 10.0.2 -> 11.0.0

  Paul Eggleton (2):
        install-buildtools: support buildtools-make-tarball and update to 4.1
        ref-manual: add info on buildtools-make-tarball

  Peter Bergin (1):
        gptfdisk: remove warning message from target system

  Peter Kjellerstedt (3):
        gcc: Allow -Wno-error=poison-system-directories to take effect
        base-passwd: Update to 3.6.1
        externalsrc.bbclass: Remove a trailing slash from ${B}

  Qiu, Zheng (2):
        tiff: fix a typo for CVE-2022-2953.patch
        valgrind: update to 3.20.0

  Quentin Schulz (1):
        docs: add support for langdale (4.1) release

  Richard Purdie (4):
        openssl: Fix SSL_CERT_FILE to match ca-certs location
        bitbake: tests/fetch: Allow handling of a file:// url within a submodule
        patchelf: upgrade 0.15.0 -> 0.16.1
        lttng-modules: upgrade 2.13.5 -> 2.13.7

  Robert Joslyn (1):
        curl: Update 7.85.0 to 7.86.0

  Ross Burton (26):
        populate_sdk_base: ensure ptest-pkgs pulls in ptest-runner
        scripts/oe-check-sstate: cleanup
        scripts/oe-check-sstate: force build to run for all targets, specifically populate_sysroot
        externalsrc: move back to classes
        opkg-utils: use a git clone, not a dynamic snapshot
        oe/packagemanager/rpm: don't leak file objects
        zlib: use .gz archive and set a PREMIRROR
        glib-2.0: fix rare GFileInfo test case failure
        lighttpd: fix CVE-2022-41556
        acpid: upgrade 2.0.33 -> 2.0.34
        python3-hatchling: upgrade 1.9.0 -> 1.10.0
        pango: upgrade 1.50.9 -> 1.50.10
        piglit: upgrade to latest revision
        lsof: upgrade 4.95.0 -> 4.96.3
        zlib: do out-of-tree builds
        zlib: upgrade 1.2.12 -> 1.2.13
        libx11: apply the fix for CVE-2022-3554
        xserver-xorg: ignore CVE-2022-3553 as it is XQuartz-specific
        xserver-xorg: backport fixes for CVE-2022-3550 and CVE-2022-3551
        tiff: fix a number of CVEs
        qemu: backport the fix for CVE-2022-3165
        bitbake: fetch2/git: don't set core.fsyncobjectfiles=0
        sanity: check for GNU tar specifically
        expat: upgrade to 2.5.0
        oeqa/target/ssh: add ignore_status argument to run()
        oeqa/runtime/dnf: rewrite test_dnf_installroot_usrmerge

  Sakib Sajal (1):
        go: update 1.19.2 -> 1.19.3

  Sean Anderson (6):
        uboot-sign: Fix using wrong KEY_REQ_ARGS
        kernel: Clear SYSROOT_DIRS instead of replacing sysroot_stage_all
        kernel-fitimage: Use KERNEL_OUTPUT_DIR where appropriate
        uboot-sign: Use bitbake variables directly
        uboot-sign: Split off kernel-fitimage variables
        u-boot: Rework signing to remove interdependencies

  Sergei Zhmylev (2):
        wic: implement binary repeatable disk identifiers
        wic: honor the SOURCE_DATE_EPOCH in case of updated fstab

  Teoh Jay Shen (1):
        vim: Upgrade 9.0.0598 -> 9.0.0614

  Thomas Perrot (2):
        psplash: add psplash-default in rdepends
        xserver-xorg: move some recommended dependencies in required

  Tim Orling (23):
        python3-cryptography: upgrade 37.0.4 -> 38.0.1
        python3-cryptography-vectors: upgrade 37.0.4 -> 38.0.1
        python3-certifi: upgrade 2022.9.14 -> 2022.9.24
        python3-hypothesis: upgrade 6.54.5 -> 6.56.1
        python3-pyopenssl: upgrade 22.0.0 -> 22.1.0
        python3-bcrypt: upgrade 3.2.2 -> 4.0.0
        python3-sphinx: upgrade 5.1.1 -> 5.2.3
        python3-setuptools-rust: upgrade 1.5.1 -> 1.5.2
        python3-iso8601: upgrade 1.0.2 -> 1.1.0
        python3-poetry-core: upgrade 1.0.8 -> 1.3.2
        git: upgrade 2.37.3 -> 2.38.1
        vim: upgrade 9.0.0614 -> 9.0.0820
        python3-mako: upgrade 1.2.2 -> 1.2.3
        python3-bcrypt: upgrade 4.0.0 -> 4.0.1
        python3-cryptography{-vectors}: 38.0.1 -> 38.0.3
        python3-psutil: upgrade 5.9.2 -> 5.9.3
        python3-pytest: upgrade 7.1.3 -> 7.2.0
        python3-pytest-subtests: upgrade 0.8.0 -> 0.9.0
        python3-hypothesis: upgrade 6.56.1 -> 6.56.4
        python3-more-itertools: upgrade 8.14.0 -> 9.0.0
        python3-pytz: upgrade 2022.4 -> 2022.6
        python3-zipp: upgrade 3.9.0 -> 3.10.0
        python3-sphinx: upgrade 5.2.3 -> 5.3.0

  Vincent Davis Jr (1):
        linux-firmware: package amdgpu firmware

  Vyacheslav Yurkov (1):
        overlayfs: Allow not used mount points

  Xiangyu Chen (1):
        linux-yocto-dev: add qemuarm64

  Yan Xinkuan (1):
        bc: Add ptest.

  ciarancourtney (1):
        wic: swap partitions are not added to fstab

  wangmy (32):
        init-system-helpers: upgrade 1.64 -> 1.65.2
        meson: upgrade 0.63.2 -> 0.63.3
        mtools: upgrade 4.0.40 -> 4.0.41
        dbus: upgrade 1.14.0 -> 1.14.4
        ifupdown: upgrade 0.8.37 -> 0.8.39
        openssh: upgrade 9.0p1 -> 9.1p1
        python3-hatchling: upgrade 1.10.0 -> 1.11.0
        u-boot: upgrade 2022.07 -> 2022.10
        python3-git: upgrade 3.1.27 -> 3.1.28
        python3-importlib-metadata: upgrade 4.12.0 -> 5.0.0
        gnutls: upgrade 3.7.7 -> 3.7.8
        gsettings-desktop-schemas: upgrade 42.0 -> 43.0
        harfbuzz: upgrade 5.1.0 -> 5.3.0
        libcap: upgrade 2.65 -> 2.66
        libical: upgrade 3.0.14 -> 3.0.15
        libva: upgrade 2.15.0 -> 2.16.0
        libva-utils: upgrade 2.15.0 -> 2.16.0
        powertop: upgrade 2.14 -> 2.15
        numactl: upgrade 2.0.15 -> 2.0.16
        python3-pytz: upgrade 2022.2.1 -> 2022.4
        python3-zipp: upgrade 3.8.1 -> 3.9.0
        repo: upgrade 2.29.2 -> 2.29.3
        sqlite3: upgrade 3.39.3 -> 3.39.4
        wpebackend-fdo: upgrade 1.12.1 -> 1.14.0
        xkeyboard-config: upgrade 2.36 -> 2.37
        xz: upgrade 5.2.6 -> 5.2.7
        libksba: upgrade 1.6.0 -> 1.6.2
        libsdl2: upgrade 2.24.0 -> 2.24.1
        libwpe: upgrade 1.12.3 -> 1.14.0
        lttng-ust: upgrade 2.13.4 -> 2.13.5
        btrfs-tools: upgrade 5.19.1 -> 6.0
        lighttpd: upgrade 1.4.66 -> 1.4.67

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I3322dd0057da9f05bb2ba216fdcda3f569c0493b
diff --git a/meta-arm/meta-arm-bsp/conf/layer.conf b/meta-arm/meta-arm-bsp/conf/layer.conf
index 3df5613..75efe54 100644
--- a/meta-arm/meta-arm-bsp/conf/layer.conf
+++ b/meta-arm/meta-arm-bsp/conf/layer.conf
@@ -9,7 +9,7 @@
 BBFILE_PATTERN_meta-arm-bsp = "^${LAYERDIR}/"
 BBFILE_PRIORITY_meta-arm-bsp = "5"
 
-LAYERSERIES_COMPAT_meta-arm-bsp = "langdale"
+LAYERSERIES_COMPAT_meta-arm-bsp = "langdale mickledore"
 
 LAYERDEPENDS_meta-arm-bsp = "core meta-arm"
 # This won't be used by layerindex-fetch, but works everywhere else
diff --git a/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf b/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf
index 4433f8b..2a72f7f 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf
@@ -42,3 +42,9 @@
 FVP_TERMINALS[se.secenc_terminal] ?= "Secure Enclave Console"
 FVP_TERMINALS[extsys0.extsys_terminal] ?= "Cortex M3"
 
+# MMC card configuration
+FVP_CONFIG[board.msd_mmc.card_type] ?= "SDHC"
+FVP_CONFIG[board.msd_mmc.p_fast_access] ?= "0"
+FVP_CONFIG[board.msd_mmc.diagnostics] ?= "2"
+FVP_CONFIG[board.msd_mmc.p_max_block_count] ?= "0xFFFF"
+FVP_CONFIG[board.msd_config.pl180_fifo_depth] ?= "16"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc b/meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc
index c834f24..b10977c 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc
+++ b/meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc
@@ -25,12 +25,15 @@
 MACHINE_EXTRA_RRECOMMENDS += "ssh-pregen-hostkeys"
 
 TEST_TARGET = "OEFVPTarget"
+TEST_TARGET_IP = "127.0.0.1:8022"
 
 FVP_PROVIDER ?= "fvp-base-a-aem-native"
 FVP_EXE ?= "FVP_Base_RevC-2xAEMvA"
 FVP_CONFIG[bp.ve_sysregs.exit_on_shutdown] ?= "1"
 FVP_CONFIG[bp.virtio_net.enabled] ?= "1"
 FVP_CONFIG[bp.virtio_net.hostbridge.userNetworking] ?= "1"
+# Tell testimage to connect to localhost:8022, and forward that to SSH in the FVP.
+FVP_CONFIG[bp.virtio_net.hostbridge.userNetPorts] = "8022=22"
 FVP_CONFIG[cache_state_modelled] ?= "0"
 FVP_CONFIG[bp.secureflashloader.fname] ?= "${DEPLOY_DIR_IMAGE}/bl1-fvp.bin"
 FVP_CONFIG[bp.flashloader0.fname] ?= "${DEPLOY_DIR_IMAGE}/fip-fvp.bin"
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst
new file mode 100644
index 0000000..5d6493a
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst
@@ -0,0 +1,98 @@
+..
+ # Copyright (c) 2022, Arm Limited.
+ #
+ # SPDX-License-Identifier: MIT
+
+##########
+Change Log
+##########
+
+This document contains a summary of the new features, changes and
+fixes in each release of corstone1000 software stack.
+
+******************
+Version 2022.04.04
+******************
+
+Changes
+=======
+- Linux distro openSUSE, raw image installation and boot in the FVP.
+- SCT test support in FVP.
+- Manual capsule update support in FVP.
+
+******************
+Version 2022.02.25
+******************
+
+Changes
+=======
+- Building and running psa-arch-tests on corstone1000 FVP
+- Enabled smm-gateway partition in Trusted Service on corstone1000 FVP
+- Enabled MHU driver in Trusted Service on corstone1000 FVP
+- Enabled OpenAMP support in SE proxy SP on corstone1000 FVP
+
+******************
+Version 2022.02.21
+******************
+
+Changes
+=======
+- psa-arch-tests: recipe is dropped and merged into the secure-partitons recipe.
+- psa-arch-tests: The tests are align with latest tfm version for psa-crypto-api suite.
+
+******************
+Version 2022.01.18
+******************
+
+Changes
+=======
+- psa-arch-tests: change master to main for psa-arch-tests
+- U-Boot: fix null pointer exception for get_image_info
+- TF-M: fix capsule instability issue for corstone1000
+
+******************
+Version 2022.01.07
+******************
+
+Changes
+=======
+- corstone1000: fix SystemReady-IR ACS test (SCT, FWTS) failures.
+- U-Boot: send bootcomplete event to secure enclave.
+- U-Boot: support populating corstone1000 image_info to ESRT table.
+- U-Boot: add ethernet device and enable configs to support bootfromnetwork SCT.
+
+******************
+Version 2021.12.15
+******************
+
+Changes
+=======
+- Enabling corstone1000 FPGA support on:
+  - Linux 5.10
+  - OP-TEE 3.14
+  - Trusted Firmware-A 2.5
+  - Trusted Firmware-M 1.5
+- Building and running psa-arch-tests
+- Adding openamp support in SE proxy SP
+- OP-TEE: adding smm-gateway partition
+- U-Boot: introducing Arm FF-A and MM support
+
+******************
+Version 2021.10.29
+******************
+
+Changes
+=======
+- Enabling corstone1000 FVP support on:
+  - Linux 5.10
+  - OP-TEE 3.14
+  - Trusted Firmware-A 2.5
+  - Trusted Firmware-M 1.4
+- Linux kernel: enabling EFI, adding FF-A debugfs driver, integrating ARM_FFA_TRANSPORT.
+- U-Boot: Extending EFI support
+- python3-imgtool: adding recipe for Trusted-firmware-m
+- python3-imgtool: adding the Yocto recipe used in signing host images (based on MCUBOOT format)
+
+--------------
+
+*Copyright (c) 2021, Arm Limited. All rights reserved.*
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/conf.py b/meta-arm/meta-arm-bsp/documentation/corstone1000/conf.py
new file mode 100644
index 0000000..e9cab63
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/conf.py
@@ -0,0 +1,52 @@
+# Configuration file for the Sphinx documentation builder.
+#
+# This file only contains a selection of the most common options. For a full
+# list see the documentation:
+# https://www.sphinx-doc.org/en/master/usage/configuration.html
+
+# -- Path setup --------------------------------------------------------------
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+#
+# import os
+# import sys
+# sys.path.insert(0, os.path.abspath('.'))
+
+
+# -- Project information -----------------------------------------------------
+
+project = 'corstone1000'
+copyright = '2020-2022, Arm Limited'
+author = 'Arm Limited'
+
+
+# -- General configuration ---------------------------------------------------
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+extensions = [
+]
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ['_templates']
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+# This pattern also affects html_static_path and html_extra_path.
+exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store', 'docs/infra']
+
+
+# -- Options for HTML output -------------------------------------------------
+
+# The theme to use for HTML and HTML Help pages.  See the documentation for
+# a list of builtin themes.
+#
+html_theme = 'sphinx_rtd_theme'
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+#html_static_path = ['_static']
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/CorstoneSubsystems.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/CorstoneSubsystems.png
new file mode 100644
index 0000000..a41e721
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/CorstoneSubsystems.png
Binary files differ
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png
new file mode 100644
index 0000000..38407c0
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png
Binary files differ
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png
new file mode 100644
index 0000000..bc5b4ba
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png
Binary files differ
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureFirmwareUpdate.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureFirmwareUpdate.png
new file mode 100644
index 0000000..5fdae9d
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureFirmwareUpdate.png
Binary files differ
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png
new file mode 100644
index 0000000..b7631b0
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png
Binary files differ
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/images/UEFISupport.png b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/UEFISupport.png
new file mode 100644
index 0000000..f585317
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/images/UEFISupport.png
Binary files differ
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/index.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/index.rst
new file mode 100644
index 0000000..8626c42
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/index.rst
@@ -0,0 +1,16 @@
+..
+ # Copyright (c) 2022, Arm Limited.
+ #
+ # SPDX-License-Identifier: MIT
+
+################
+ARM Corstone1000
+################
+
+.. toctree::
+   :maxdepth: 1
+
+   software-architecture
+   user-guide
+   release-notes
+   change-log
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst
new file mode 100644
index 0000000..385331b
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst
@@ -0,0 +1,137 @@
+..
+ # Copyright (c) 2022, Arm Limited.
+ #
+ # SPDX-License-Identifier: MIT
+
+#############
+Release notes
+#############
+
+**************************
+Release notes - 2022.04.04
+**************************
+
+Known Issues or Limitations
+---------------------------
+ - FGPA support Linux distro install and boot through installer. However,
+   FVP only support openSUSE raw image installation and boot.
+ - Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide
+   cannot boot on corstone1000 (i.e. user may experience timeouts or boot hang).
+ - Below SCT FAILURE is a known issues in the FVP:
+   UEFI Compliant - Boot from network protocols must be implemented -- FAILURE
+
+Platform Support
+-----------------
+ - This software release is tested on corstone1000 FPGA version AN550_v1
+ - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.17_23
+   https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
+
+**************************
+Release notes - 2022.02.25
+**************************
+
+Known Issues or Limitations
+---------------------------
+ - The following tests only work on corstone1000 FPGA: ACS tests (SCT, FWTS,
+   BSA), manual capsule update test, Linux distro install and boot.
+
+Platform Support
+----------------
+ - This software release is tested on corstone1000 FPGA version AN550_v1
+ - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.17_23
+   https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
+
+Release notes - 2022.02.21
+--------------------------
+
+Known Issues or Limitations
+---------------------------
+ - The following tests only work on corstone1000 FPGA: ACS tests (SCT, FWTS,
+   BSA), manual capsule update test, Linux distro install and boot, psa-arch-test.
+
+Platform Support
+----------------
+ - This software release is tested on corstone1000 FPGA version AN550_v1
+ - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.16.21
+   https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
+
+Release notes - 2022.01.18
+--------------------------
+
+Known Issues or Limitations
+---------------------------
+
+ - Before running each SystemReady-IR tests: ACS tests (SCT, FWTS, BSA), manual
+   capsule update test, Linux distro install and boot, etc., the SecureEnclave
+   flash must be cleaned. See user-guide "Clean Secure Flash Before Testing"
+   section.
+
+Release notes - 2021.12.15
+--------------------------
+
+Software Features
+------------------
+The following components are present in the release:
+
+ - Yocto version Honister
+ - Linux kernel version 5.10
+ - U-Boot 2021.07
+ - OP-TEE version 3.14
+ - Trusted Firmware-A 2.5
+ - Trusted Firmware-M 1.5
+ - OpenAMP 347397decaa43372fc4d00f965640ebde042966d
+ - Trusted Services a365a04f937b9b76ebb2e0eeade226f208cbc0d2
+
+
+Platform Support
+----------------
+ - This software release is tested on corstone1000 FPGA version AN550_v1
+ - This software release is tested on corstone1000 Fast Model platform (FVP) version 11.16.21
+   https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
+
+Known Issues or Limitations
+---------------------------
+ - The following tests only work on corstone1000 FPGA: ACS tests (SCT, FWTS,
+   BSA), manual capsule update test, Linux distro install and boot, and
+   psa-arch-tests.
+ - Only the manual capsule update from UEFI shell is supported on FPGA.
+ - Due to flash size limitation and to support A/B banks,the wic image provided
+   by the user should be smaller than 15MB.
+ - The failures in PSA Arch Crypto Test are known limitations with crypto
+   library. It requires further investigation. The user can refer to `PSA Arch Crypto Test Failure Analysis In TF-M V1.5 Release <https://developer.trustedfirmware.org/w/tf_m/release/psa_arch_crypto_test_failure_analysis_in_tf-m_v1.5_release/>`__
+   for the reason for each failing test.
+
+
+Release notes - 2021.10.29
+--------------------------
+
+Software Features
+-----------------
+This initial release of corstone1000 supports booting Linux on the Cortex-A35
+and TF-M/MCUBOOT in the Secure Enclave. The following components are present in
+the release:
+
+ - Linux kernel version 5.10
+ - U-Boot 2021.07
+ - OP-TEE version 3.14
+ - Trusted Firmware-A 2.5
+ - Trusted Firmware-M 1.4
+
+Platform Support
+----------------
+ - This Software release is tested on corstone1000 Fast Model platform (FVP) version 11.16.21
+   https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
+
+Known Issues or Limitations
+---------------------------
+ - No software support for external system(Cortex M3)
+ - No communication established between A35 and M0+
+ - Very basic functionality of booting Secure Enclave, Trusted Firmware-A , OP-TEE , u-boot and Linux are performed
+
+Support
+-------
+For support email: support-subsystem-iot@arm.com
+
+--------------
+
+*Copyright (c) 2021, Arm Limited. All rights reserved.*
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst
new file mode 100644
index 0000000..a17f1b8
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst
@@ -0,0 +1,239 @@
+..
+ # Copyright (c) 2022, Arm Limited.
+ #
+ # SPDX-License-Identifier: MIT
+
+######################
+Software architecture
+######################
+
+
+*****************
+ARM corstone1000
+*****************
+
+ARM corstone1000 is a reference solution for IoT devices. It is part of
+Total Solution for IoT which consists of hardware and software reference
+implementation.
+
+Corstone1000 software plus hardware reference solution is PSA Level-2 ready
+certified (`PSA L2 Ready`_) as well as System Ready IR certified(`SRIR cert`_).
+More information on the corstone1000 subsystem product and design can be
+found at:
+`Arm corstone1000 Software`_ and `Arm corstone1000 Technical Overview`_.
+
+This readme explicitly focuses on the software part of the solution and
+provides internal details on the software components. The reference
+software package of the platform can be retrieved following instructions
+present in the user-guide document.
+
+***************
+Design Overview
+***************
+
+The software architecture of corstone1000 platform is a reference
+implementation of Platform Security Architecture (`PSA`_) which provides
+framework to build secure IoT devices.
+
+The base system architecture of the platform is created from three
+different tyes of systems: Secure Enclave, Host and External System.
+Each subsystem provides different functionality to overall SoC.
+
+
+.. image:: images/CorstoneSubsystems.png
+   :width: 720
+   :alt: CorstoneSubsystems
+
+
+The Secure Enclave System, provides PSA Root of Trust (RoT) and
+cryptographic functions. It is based on an Cortex-M0+ processor,
+CC312 Cryptographic Accelerator and peripherals, such as watchdog and
+secure flash. Software running on the Secure Enclave is isolated via
+hardware for enhanced security. Communication with the Secure Encalve
+is achieved using Message Hnadling Units (MHUs) and shared memory.
+On system power on, the Secure Enclaves boots first. Its software
+comprises of two boot loading stages, both based on mcuboot, and
+TrustedFirmware-M(`TF-M`_) as runtime software. The software design on 
+Secure Enclave follows Firmware Framework for M class
+processor (`FF-M`_) specification.
+
+The Host System is based on ARM Cotex-A35 processor with standardized
+peripherals to allow for the booting of a Linux OS. The Cortex-A35 has
+the TrustZone technology that allows secure and non-secure security
+states in the processor. The software design in the Host System follows
+Firmware Framework for A class procseeor (`FF-A`_) specification.
+The boot process follows Trusted Boot Base Requirement (`TBBR`_).
+The Host Subsystem is taken out of reset by the Secure Enclave system
+during its final stages of the initialization. The Host subsystem runs
+FF-A Secure Partitions(based on `Trusted Services`_) and OPTEE-OS
+(`OPTEE-OS`_) in the secure world, and u-boot(`u-boot repo`_) and
+linux (`linux repo`_) in the non-secure world. The communication between
+non-secure and the secure world is performed via FF-A messages.
+
+An external system is intended to implement use-case specific
+functionality. The system is based on Cortex-M3 and run RTX RTOS.
+Communictaion between external system and Host(cortex-A35) is performed
+using MHU as transport mechanism and rpmsg messaging system.
+
+Overall, the corstone1000 architecture is designed to cover a range
+of Power, Performance, and Area (PPA) applications, and enable extension
+for use-case specific applications, for example, sensors, cloud
+connectivitiy, and edge computing.
+
+*****************
+Secure Boot Chain
+*****************
+
+For the security of a device, it is essential that only authorized
+software should run on the device. The corstone1000 boot uses a
+Secure Boot Chain process where an already authenticated image verifies
+and loads the following software in the chain. For the boot chain
+process to work, the start of the chain should be trusted, forming the
+Root of Trust (RoT) of the device. The RoT of the device is immutable in
+nature and encoded into the device by the device owner before it
+is deployed into the field. In Corstone1000, the BL1 image of the secure
+enclave and content of the CC312 OTP (One Time Programmable) memory
+forms the RoT. The BL1 image exists in ROM (Read Only Memory).
+
+.. image:: images/SecureBootChain.png
+   :width: 870
+   :alt: SecureBootChain
+
+It is a lengthy chain to boot the software on corstone1000. On power on,
+the secure enclave starts executing BL1 code from the ROM which is the RoT
+of the device. Authentication of an image involves the steps listed below:
+
+- Load image from flash to dynamic RAM.
+- The public key present in the image header is validated by comparing with the hash. Depending on the image, the hash of the public key is either stored in the OTP or part of the software which is being already verfied in the previous stages.
+- The image is validated using the public key.
+
+In the secure enclave, BL1 authenticates the BL2 and passes the execution
+control. BL2 authenticates the initial boot loader of the host (Host BL2)
+and TF-M. The execution control is now passed to TF-M. TF-M being the run
+time executable of secure enclaves initializes itself and, in the end,
+brings the host CPU out of rest. The host follows the boot standard defined
+in the `TBBR`_ to authenticate the secure and non-secure software.
+
+***************
+Secure Services
+***************
+
+corstone1000 is unique in providing a secure environment to run a secure
+workload. The platform has Trustzone technology in the Host subsystem but
+it also has hardware isolated secure enclave environment to run such secure
+workloads. In corstone1000, known Secure Services such as Crypto, Protected
+Storage, Internal Trusted Storage and Attestation are available via PSA
+Functional APIs in TF-M. There is no difference for a user communicating to
+these services which are running on a secure enclave instead of the
+secure world of the host subsystem. The below diagram presents the data
+flow path for such calls.
+
+
+.. image:: images/SecureServices.png
+   :width: 930
+   :alt: SecureServices
+
+
+The SE Proxy SP (Secure Enclave Proxy Secure Partition) is a proxy partition
+managed by OPTEE which forwards such calls to the secure enclave. The
+solution relies on OpenAMP which uses shared memory and MHU interrupts as
+a doorbell for communication between two cores. corstone1000 implements
+isolation level 2. Cortex-M0+ MPU (Memory Protection Unit) is used to implement
+isolation level 2.
+
+For a user to define its own secure service, both the options of the host
+secure world or secure encalve are available. It's a trade-off between
+lower latency vs higher security. Services running on a secure enclave are
+secure by real hardware isolation but have a higher latency path. In the
+second scenario, the services running on the secure world of the host
+subsystem have lower latency but virtual hardware isolation created by
+Trustzone technology.
+
+
+**********************
+Secure Firmware Update
+**********************
+
+Apart from always booting the authorized images, it is also essential that
+the device only accepts the authorized images in the firmware update
+process. corstone1000 supports OTA (Over the Air) firmware updates and
+follows Platform Security Firmware Update sepcification (`FWU`_).
+
+As standardized into `FWU`_, the external flash is divided into two
+banks of which one bank has currently running images and the other bank is
+used for staging new images.  There are four updatable units, i.e. Secure
+Enclave's BL2 and TF-M, and Host's FIP (Firmware Image Package) and Kernel
+Image. The new images are accepted in the form of a UEFI capsule.
+
+
+.. image:: images/ExternalFlash.png
+   :width: 690
+   :alt: ExternalFlash
+
+
+The Metadata Block in the flash has the below firmware update state machine.
+TF-M runs an OTA service that is responsible for accepting and updating the
+images in the flash. The communication between the UEFI Capsule update
+subsystem and the OTA service follows the same data path explained above.
+The OTA service writes the new images to the passive bank after successful
+capsule verification. It changes the state of the system to trial state and
+triggers the reset. Boot loaders in Secure Enclave and Host read the Metadata
+block to get the information on the boot bank. In the successful trial stage,
+the acknowledgment from the host moves the state of the system from trial to
+regular. Any failure in the trial stage or system hangs leads to a system
+reset. This is made sure by the use of watchdog hardware. The Secure Enclave's
+BL1 has the logic to identify multiple resets and eventually switch back to the
+previous good bank. The ability to revert to the previous bank is crucial to
+guarantee the availability of the device.
+
+
+.. image:: images/SecureFirmwareUpdate.png
+   :width: 430
+   :alt: SecureFirmwareUpdate
+
+
+
+******************************
+UEFI Runtime Support in u-boot
+******************************
+
+Implementation of UEFI boottime and runtime APIs require variable storage.
+In corstone1000, these UEFI variables are stored in the Protected Storage
+service. The below diagram presents the data flow to store UEFI variables.
+The u-boot implementation of the UEFI subsystem uses the FF-A driver to
+communicate with the SMM Service in the secure world. The backend of the
+SMM service uses the proxy PS from the SE Proxy SP. From there on, the PS
+calls are forwarded to the secure enclave as explained above.
+
+
+.. image:: images/UEFISupport.png
+   :width: 590
+   :alt: UEFISupport
+
+
+***************
+References
+***************
+`ARM corstone1000 Search`_
+`Arm security features`_
+
+--------------
+
+*Copyright (c) 2022, Arm Limited. All rights reserved.*
+
+.. _Arm corstone1000 Technical Overview: https://developer.arm.com/documentation/102360/0000
+.. _Arm corstone1000 Software: https://developer.arm.com/Tools%20and%20Software/Corstone-1000%20Software
+.. _Arm corstone1000 Search: https://developer.arm.com/search#q=corstone-1000
+.. _Arm security features: https://www.arm.com/architecture/security-features/platform-security
+.. _linux repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/
+.. _FF-A: https://developer.arm.com/documentation/den0077/latest
+.. _FF-M: https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Architect/DEN0063-PSA_Firmware_Framework-1.0.0-2.pdf?revision=2d1429fa-4b5b-461a-a60e-4ef3d8f7f4b4&hash=3BFD6F3E687F324672F18E5BE9F08EDC48087C93
+.. _FWU: https://developer.arm.com/documentation/den0118/a/
+.. _OPTEE-OS: https://github.com/OP-TEE/optee_os
+.. _PSA: https://www.psacertified.org/
+.. _PSA L2 Ready: https://www.psacertified.org/products/corstone-1000/
+.. _SRIR cert: https://armkeil.blob.core.windows.net/developer/Files/pdf/certificate-list/arm-systemready-ir-certification-arm-corstone-1000.pdf
+.. _TBBR: https://developer.arm.com/documentation/den0006/latest
+.. _TF-M: https://www.trustedfirmware.org/projects/tf-m/
+.. _Trusted Services: https://www.trustedfirmware.org/projects/trusted-services/
+.. _u-boot repo: https://github.com/u-boot/u-boot.git
diff --git a/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst
new file mode 100644
index 0000000..d5930fc
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst
@@ -0,0 +1,685 @@
+..
+ # Copyright (c) 2022, Arm Limited.
+ #
+ # SPDX-License-Identifier: MIT
+
+##########
+User Guide
+##########
+
+Notice
+------
+The corstone1000 software stack uses the `Yocto Project <https://www.yoctoproject.org/>`__ to build
+a tiny Linux distribution suitable for the corstone1000 platform. The Yocto Project relies on the
+`Bitbake <https://docs.yoctoproject.org/bitbake.html#bitbake-documentation>`__
+tool as its build tool. Please see `Yocto Project documentation <https://docs.yoctoproject.org/>`__
+for more information.
+
+
+Prerequisites
+-------------
+These instructions assume your host PC is running Ubuntu Linux 18.04 or 20.04 LTS, with
+at least 32GB of free disk space and 16GB of RAM as minimum requirement. The
+following instructions expect that you are using a bash shell.
+
+The following prerequisites must be available on the host system. To resolve these dependencies, run:
+
+::
+
+    sudo apt-get update
+    sudo apt-get install gawk wget git-core diffstat unzip texinfo gcc-multilib \
+     build-essential chrpath socat cpio python3 python3-pip python3-pexpect \
+     xz-utils debianutils iputils-ping python3-git libegl1-mesa libsdl1.2-dev \
+     xterm zstd liblz4-tool picocom
+    sudo apt-get upgrade libstdc++6
+
+Provided components
+-------------------
+Within the Yocto Project, each component included in the corstone1000 software stack is specified as
+a `bitbake recipe <https://www.yoctoproject.org/docs/1.6/bitbake-user-manual/bitbake-user-manual.html#recipes>`__.
+The recipes specific to the corstone1000 BSP are located at:
+``<_workspace>/meta-arm/meta-arm-bsp/``.
+
+The Yocto machine config files for the corstone1000 FVP and FPGA are:
+
+ - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc``
+ - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf``
+ - ``<_workspace>/meta-arm/meta-arm-bsp/conf/machine/corstone1000-mps3.conf``
+
+*****************
+Software for Host
+*****************
+
+Trusted Firmware-A
+==================
+Based on `Trusted Firmware-A <https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git>`__
+
++----------+---------------------------------------------------------------------------------------------------+
+| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.bbappend |
++----------+---------------------------------------------------------------------------------------------------+
+| Recipe   | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.7.bb           |
++----------+---------------------------------------------------------------------------------------------------+
+
+OP-TEE
+======
+Based on `OP-TEE <https://git.trustedfirmware.org/OP-TEE/optee_os.git>`__
+
++----------+------------------------------------------------------------------------------------+
+| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend |
++----------+------------------------------------------------------------------------------------+
+| Recipe   | <_workspace>/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb           |
++----------+------------------------------------------------------------------------------------+
+
+U-Boot
+=======
+Based on `U-Boot <https://gitlab.com/u-boot>`__
+
++----------+---------------------------------------------------------------------+
+| bbappend | <_workspace>/meta-arm/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend |
++----------+---------------------------------------------------------------------+
+| Recipe   | <_workspace>/poky/meta/recipes-bsp/u-boot/u-boot_2022.07.bb         |
++----------+---------------------------------------------------------------------+
+
+Linux
+=====
+The distro is based on the `poky-tiny <https://wiki.yoctoproject.org/wiki/Poky-Tiny>`__
+distribution which is a Linux distribution stripped down to a minimal configuration.
+
+The provided distribution is based on busybox and built using muslibc. The
+recipe responsible for building a tiny version of linux is listed below.
+
++-----------+----------------------------------------------------------------------------------------------+
+| bbappend  | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend               |
++-----------+----------------------------------------------------------------------------------------------+
+| Recipe    | <_workspace>/poky/meta/recipes-kernel/linux/linux-yocto_5.19.bb                              |
++-----------+----------------------------------------------------------------------------------------------+
+| defconfig | <_workspace>/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig         |
++-----------+----------------------------------------------------------------------------------------------+
+
+**************************************************
+Software for Boot Processor (a.k.a Secure Enclave)
+**************************************************
+Based on `Trusted Firmware-M <https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git>`__
+
++----------+-------------------------------------------------------------------------------------------------+
+| bbappend | <_workspace>/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_%.bbappend |
++----------+-------------------------------------------------------------------------------------------------+
+| Recipe   | <_workspace>/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb       |
++----------+-------------------------------------------------------------------------------------------------+
+
+Building the software stack
+---------------------------
+Create a new folder that will be your workspace and will henceforth be referred
+to as ``<_workspace>`` in these instructions. To create the folder, run:
+
+::
+
+    mkdir <_workspace>
+    cd <_workspace>
+
+corstone1000 is a Bitbake based Yocto Project which uses kas and bitbake
+commands to build the stack. To install kas tool, run:
+
+::
+
+    pip3 install kas
+
+In the top directory of the workspace ``<_workspace>``, run:
+
+::
+
+    git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.04.07
+
+To build corstone1000 image for MPS3 FPGA, run:
+
+::
+
+    kas build meta-arm/kas/corstone1000-mps3.yml
+
+Alternatively, to build corstone1000 image for FVP, run:
+
+::
+
+    kas build meta-arm/kas/corstone1000-fvp.yml
+
+The initial clean build will be lengthy, given that all host utilities are to
+be built as well as the target images. This includes host executables (python,
+cmake, etc.) and the required toolchain(s).
+
+Once the build is successful, all output binaries will be placed in the following folders:
+ - ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/`` folder for FVP build;
+ - ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/`` folder for FPGA build.
+
+Everything apart from the ROM firmware is bundled into a single binary, the
+``corstone1000-image-corstone1000-{mps3,fvp}.wic.nopt`` file. The ROM firmware is the
+``bl1.bin`` file.
+
+The output binaries used by FVP are the following:
+ - The ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/bl1.bin``
+ - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.wic.nopt``
+
+The output binaries used by FPGA are the following:
+ - The ROM firmware: ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin``
+ - The flash image: ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt``
+
+Flash the firmware image on FPGA
+--------------------------------
+
+The user should download the FPGA bit file image from `this link <https://developer.arm.com/tools-and-software/development-boards/fpga-prototyping-boards/download-fpga-images>`__
+and under the section ``Arm® Corstone™-1000 for MPS3``.
+
+The directory structure of the FPGA bundle is shown below.
+
+::
+
+    Boardfiles
+    ├── MB
+    │   ├── BRD_LOG.TXT
+    │   ├── HBI0309B
+    │   │   ├── AN550
+    │   │   │   ├── AN550_v1.bit
+    │   │   │   ├── an550_v1.txt
+    │   │   │   └── images.txt
+    │   │   ├── board.txt
+    │   │   └── mbb_v210.ebf
+    │   └── HBI0309C
+    │       ├── AN550
+    │       │   ├── AN550_v1.bit
+    │       │   ├── an550_v1.txt
+    │       │   └── images.txt
+    │       ├── board.txt
+    │       └── mbb_v210.ebf
+    ├── SOFTWARE
+    │   ├── ES0.bin
+    │   ├── SE.bin
+    │   └── an550_st.axf
+    └── config.txt
+
+Depending upon the MPS3 board version (printed on the MPS3 board) you should update the images.txt file
+(in corresponding HBI0309x folder) so that the file points to the images under SOFTWARE directory.
+
+Here is an example
+
+::
+
+  ;************************************************
+  ;       Preload port mapping                    *
+  ;************************************************
+  ;  PORT 0 & ADDRESS: 0x00_0000_0000 QSPI Flash (XNVM) (32MB)
+  ;  PORT 0 & ADDRESS: 0x00_8000_0000 OCVM (DDR4 2GB)
+  ;  PORT 1        Secure Enclave (M0+) ROM (64KB)
+  ;  PORT 2        External System 0 (M3) Code RAM (256KB)
+  ;  PORT 3        Secure Enclave OTP memory (8KB)
+  ;  PORT 4        CVM (4MB)
+  ;************************************************
+
+  [IMAGES]
+  TOTALIMAGES: 2      ;Number of Images (Max: 32)
+
+  IMAGE0PORT: 1
+  IMAGE0ADDRESS: 0x00_0000_0000
+  IMAGE0UPDATE: RAM
+  IMAGE0FILE: \SOFTWARE\bl1.bin
+
+  IMAGE1PORT: 0
+  IMAGE1ADDRESS: 0x00_00010_0000
+  IMAGE1UPDATE: AUTOQSPI
+  IMAGE1FILE: \SOFTWARE\cs1000.bin
+
+OUTPUT_DIR = ``<_workspace>/build/tmp/deploy/images/corstone1000-mps3``
+
+1. Copy ``bl1.bin`` from OUTPUT_DIR directory to SOFTWARE directory of the FPGA bundle.
+2. Copy ``corstone1000-image-corstone1000-mps3.wic.nopt`` from OUTPUT_DIR directory to SOFTWARE
+   directory of the FPGA bundle and rename the wic image to ``cs1000.bin``.
+
+**NOTE:** Renaming of the images are required because MCC firmware has
+limitation of 8 characters before .(dot) and 3 characters after .(dot).
+
+Now, copy the entire folder to board's SDCard and reboot the board.
+
+Running the software on FPGA
+----------------------------
+
+On the host machine, open 3 minicom sessions. In case of Linux machine it will
+be ttyUSB0, ttyUSB1, ttyUSB2 and it might be different on Window machine.
+
+  - ttyUSB0 for MCC, OP-TEE and Secure Partition
+  - ttyUSB1 for Boot Processor (Cortex-M0+)
+  - ttyUSB2 for Host Processor (Cortex-A35)
+
+Run following commands to open minicom sessions on Linux:
+
+::
+
+  sudo picocom -b 115200 /dev/ttyUSB0  # in one terminal
+  sudo picocom -b 115200 /dev/ttyUSB1  # in another terminal
+  sudo picocom -b 115200 /dev/ttyUSB2  # in another terminal.
+
+Once the system boot is completed, you should see console
+logs on the minicom sessions. Once the HOST(Cortex-A35) is
+booted completely, user can login to the shell using
+**"root"** login.
+
+Running the software on FVP
+---------------------------
+An FVP (Fixed Virtual Platform) of the corstone1000 platform must be available to execute the
+included run script.
+
+The Fixed Virtual Platform (FVP) version 11.17_23 can be downloaded from the
+`Arm Ecosystem FVPs`_ page. On this page, navigate to "Corstone IoT FVPs"
+section to download the Corstone1000 platform FVP installer.  Follow the
+instructions of the installer and setup the FVP.
+
+<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf
+
+When the script is executed, three terminal instances will be launched, one for the boot processor
+(aka Secure Enclave) processing element and two for the Host processing element. Once the FVP is
+executing, the Boot Processor will start to boot, wherein the relevant memory contents of the .wic
+file are copied to their respective memory locations within the model, enforce firewall policies
+on memories and peripherals and then, bring the host out of reset.
+
+The host will boot trusted-firmware-a, OP-TEE, U-Boot and then Linux, and present a login prompt
+(FVP host_terminal_0):
+
+::
+    corstone1000-fvp login:
+
+Login using the username root.
+
+Running test applications
+-------------------------
+
+**NOTE**: Running the SystemReady-IR tests described below requires the user to
+work with USB sticks. In our testing, not all USB stick models work well with
+MPS3 FPGA. Here are the USB sticks models that are stable in our test
+environment.
+
+ - HP V165W 8 GB USB Flash Drive
+ - SanDisk Ultra 32GB Dual USB Flash Drive USB M3.0
+ - SanDisk Ultra 16GB Dual USB Flash Drive USB M3.0
+
+**NOTE**:
+Before running each of the tests in this chapter, the user should follow the
+steps described in following section "Clean Secure Flash Before Testing" to
+erase the SecureEnclave flash cleanly and prepare a clean board environment for
+the testing.
+
+Clean Secure Flash Before Testing (applicable to FPGA only)
+-----------------------------------------------------------
+To prepare a clean board environment with clean secure flash for the testing,
+the user should prepare an image that erases the secure flash cleanly during
+boot. Run following commands to build such image.
+
+::
+
+  cd <_workspace>
+  git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2022.02.18
+  git clone https://git.gitlab.arm.com/arm-reference-solutions/systemready-patch.git
+  cp -f systemready-patch/embedded-a/corstone1000/erase_flash/0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch meta-arm
+  cd meta-arm
+  git apply 0001-arm-bsp-trusted-firmware-m-corstone1000-Clean-Secure.patch
+  cd ..
+  kas build meta-arm/kas/corstone1000-mps3.yml
+
+Replace the bl1.bin and cs1000.bin files on the SD card with following files:
+  - The ROM firmware: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/bl1.bin
+  - The flash image: <_workspace>/build/tmp/deploy/images/corstone1000-mps3/corstone1000-image-corstone1000-mps3.wic.nopt
+
+Now reboot the board. This step erases the Corstone1000 SecureEnclave flash
+completely, the user should expect following message from TF-M log:
+
+::
+
+  !!!SECURE FLASH HAS BEEN CLEANED!!!
+  NOW YOU CAN FLASH THE ACTUAL CORSTONE1000 IMAGE
+  PLEASE REMOVE THE LATEST ERASE SECURE FLASH PATCH AND BUILD THE IMAGE AGAIN
+
+Then the user should follow "Building the software stack" to build a clean
+software stack and flash the FPGA as normal. And continue the testing.
+
+Run SystemReady-IR ACS tests
+-----------------------------
+
+ACS image contains two partitions. BOOT partition and RESULTS partition.
+Following packages are under BOOT partition
+
+ * SCT
+ * FWTS
+ * BSA uefi
+ * BSA linux
+ * grub
+ * uefi manual capsule application
+
+RESULTS partition is used to store the test results.
+PLEASE MAKE SURE THAT THE RESULTS PARTITION IS EMPTY BEFORE YOU START THE TESTING. OTHERWISE THE TEST RESULTS
+WILL NOT BE CONSISTENT
+
+FPGA instructions for ACS image
+-------------------------------
+
+This section describes how the user can build and run Architecture Compliance
+Suite (ACS) tests on Corstone1000.
+
+First, the user should download the `Arm SystemReady ACS repository <https://github.com/ARM-software/arm-systemready/>`__.
+This repository contains the infrastructure to build the Architecture
+Compliance Suite (ACS) and the bootable prebuilt images to be used for the
+certifications of SystemReady-IR. To download the repository, run command:
+
+::
+
+  cd <_workspace>
+  git clone https://github.com/ARM-software/arm-systemready.git -b v21.09_REL1.0
+
+Once the repository is successfully downloaded, the prebuilt ACS live image can be found in:
+ - ``<_workspace>/arm-systemready/IR/prebuilt_images/v21.07_0.9_BETA/ir_acs_live_image.img.xz``
+
+**NOTE**: This prebuilt ACS image includes v5.13 kernel, which doesn't provide
+USB driver support for Corstone1000. The ACS image with newer kernel version
+and with full USB support for Corstone1000 will be available in the next
+SystemReady release in this repository.
+
+Then, the user should prepare a USB stick with ACS image. In the given example here,
+we assume the USB device is ``/dev/sdb`` (the user should use ``lsblk`` command to
+confirm). Be cautious here and don't confuse your host PC's own hard drive with the
+USB drive. Run the following commands to prepare the ACS image in USB stick:
+
+::
+
+  cd <_workspace>/arm-systemready/IR/scripts/output/
+  unxz ir_acs_live_image.img.xz
+  sudo dd if=ir_acs_live_image.img of=/dev/sdb iflag=direct oflag=direct bs=1M status=progress; sync
+
+Once the USB stick with ACS image is prepared, the user should make sure that
+ensure that only the USB stick with the ACS image is connected to the board,
+and then boot the board.
+
+FVP instructions for ACS image and run
+---------------------------------------
+
+Download acs image from:
+ - ``https://gitlab.arm.com/systemready/acs/arm-systemready/-/tree/linux-5.17-rc7/IR/prebuilt_images/v22.04_1.0-Linux-v5.17-rc7``
+
+Use the below command to run the FVP with acs image support in the
+SD card.
+
+::
+
+  unxz ${<path-to-img>/ir_acs_live_image.img.xz}
+
+<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${<path-to-img>/ir_acs_live_image.img}" 
+
+The test results can be fetched using following commands:
+
+::
+
+  sudo mkdir /mnt/test
+  sudo mount -o rw,offset=<offset_2nd_partition> <path-to-img>/ir_acs_live_image.img /mnt/test/
+  fdisk -lu <path-to-img>/ir_acs_live_image.img
+  ->  Device                                                     Start     End Sectors  Size Type
+      /home/emeara01/Downloads/ir_acs_live_image_modified.img1    2048 1050622 1048575  512M Microsoft basic data
+      /home/emeara01/Downloads/ir_acs_live_image_modified.img2 1050624 1153022  102399   50M Microsoft basic data
+
+  ->   <offset_2nd_partition> = 1050624 * 512 (sector size) = 537919488
+
+The FVP will reset multiple times during the test, and it might take up to 1 day to finish
+the test. At the end of test, the FVP host terminal will halt showing a shell prompt.
+Once test is finished, the FVP can be stoped, and result can be copied following above
+instructions.
+
+Common to FVP and FPGA
+-----------------------
+
+U-Boot should be able to boot the grub bootloader from
+the 1st partition and if grub is not interrupted, tests are executed
+automatically in the following sequence:
+
+ - SCT
+ - UEFI BSA
+ - FWTS
+ - BSA Linux
+
+The results can be fetched from the ``acs_results`` partition of the USB stick (FPGA) / SD Card (FVP).
+
+Manual capsule update test
+--------------------------
+
+The following steps describe running manual capsule update with the ``direct``
+method.
+
+Check the "Run SystemReady-IR ACS tests" section above to download and unpack the acs image file
+ - ``ir_acs_live_image.img.xz``
+
+Download edk2 and generate capsule file:
+
+::
+
+  git clone https://github.com/tianocore/edk2.git
+  edk2/BaseTools/BinWrappers/PosixLike/GenerateCapsule -e -o \
+    cs1k_cap --fw-version 1 --lsv 0 --guid \
+    e2bb9c06-70e9-4b14-97a3-5a7913176e3f --verbose --update-image-index \
+    0 --verbose <binary_file>
+
+The <binary_file> here should be a corstone1000-image-corstone1000-fvp.wic.nopt image for FVP and
+corstone1000-image-corstone1000-mps3.wic.nopt for FPGA. And this input binary file
+(capsule) should be less than 15 MB.
+
+Based on the user's requirement, the user can change the firmware version
+number given to ``--fw-version`` option (the version number needs to be >= 1).
+
+Capsule Copy instructions for FPGA
+-----------------------------------
+
+The user should prepare a USB stick as explained in ACS image section (see above).
+Place the generated ``cs1k_cap`` file in the root directory of the boot partition
+in the USB stick. Note: As we are running the direct method, the ``cs1k_cap`` file
+should not be under the EFI/UpdateCapsule directory as this may or may not trigger
+the on disk method.
+
+Capsule Copy instructions for FVP
+---------------------------------
+
+Run below commands to copy capsule into the
+image file and run FVP software.
+
+::
+
+  sudo mkdir /mnt/test
+  sudo mount -o rw,offset=<offset_1st_partition> <path-to-img>/ir_acs_live_image.img /mnt/test/
+  sudo cp cs1k_cap /mnt/test/
+  sudo umount /mnt/test
+  exit
+
+<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C "board.msd_mmc.p_mmc_file ${<path-to-img>/ir_acs_live_image.img}" 
+
+Size of first partition in the image file is calculated in the following way. The data is
+just an example and might vary with different ir_acs_live_image.img files.
+
+::
+
+  fdisk -lu <path-to-img>/ir_acs_live_image.img
+  ->  Device                                                     Start     End Sectors  Size Type
+      /home/emeara01/Downloads/ir_acs_live_image_modified.img1    2048 1050622 1048575  512M Microsoft basic data
+      /home/emeara01/Downloads/ir_acs_live_image_modified.img2 1050624 1153022  102399   50M Microsoft basic data
+
+  ->  <offset_1st_partition> = 2048 * 512 (sector size) = 1048576
+
+Common to FVP and FPGA
+-----------------------
+Reach u-boot then interrupt shell to reach EFI shell. Use below command at EFI shell.
+
+::
+
+  FS0:
+  EFI/BOOT/app/CapsuleApp.efi cs1k_cap
+
+For this test, the user can provide two capsules for testing: a positive test
+case capsule which boots the board correctly, and a negative test case with an
+incorrect capsule which fails to boot the host software.
+
+In the positive case scenario, the user should see following log in TF-M log,
+indicating the new capsule image is successfully applied, and the board boots
+correctly.
+
+::
+
+  ...
+  SysTick_Handler: counted = 10, expiring on = 360
+  SysTick_Handler: counted = 20, expiring on = 360
+  SysTick_Handler: counted = 30, expiring on = 360
+  ...
+  metadata_write: success: active = 1, previous = 0
+  accept_full_capsule: exit: fwu state is changed to regular
+  ...
+
+
+In the negative case scenario, the user should see appropriate logs in
+the secure enclave terminal. If capsule pass initial verification, but fails
+verifications performed during boot time, secure enclave will try new images
+predetermined number of times (defined in the code), before reverting back to
+the previous good bank.
+
+::
+
+  ...
+  metadata_write: success: active = 0, previous = 1
+  fwu_select_previous: in regular state by choosing previous active bank
+  ...
+
+*******************************************************
+Linux distro install and boot (applicable to FPGA only)
+*******************************************************
+
+To test Linux distro install and boot, the user should prepare two empty USB sticks.
+
+Download one of following Linux distro images:
+ - Debian installer image: https://cdimage.debian.org/cdimage/weekly-builds/arm64/iso-dvd/
+ - OpenSUSE Tumbleweed installer image: http://download.opensuse.org/ports/aarch64/tumbleweed/iso/
+   - The user should look for a DVD Snapshot like openSUSE-Tumbleweed-DVD-aarch64-Snapshot20211125-Media.iso
+
+Once the .iso file is downloaded, the .iso file needs to be flashed to your USB drive.
+
+In the given example here, we assume the USB device is ``/dev/sdb`` (the user
+should use `lsblk` command to confirm). Be cautious here and don't confuse your
+host PC's own hard drive with the USB drive. Then copy the contents of an iso
+file into the first USB stick, run:
+
+::
+
+  sudo dd if=</path/to/iso_file> of=/dev/sdb iflag=direct oflag=direct status=progress bs=1M; sync;
+
+Boot the MSP3 board with the first USB stick connected. Open following minicom sessions:
+
+::
+
+  sudo picocom -b 115200 /dev/ttyUSB0  # in one terminal
+  sudo picocom -b 115200 /dev/ttyUSB2  # in another terminal.
+
+Press <Ctrl+x>.
+
+Now plug in the second USB stick, the distro installation process will start.
+
+**NOTE:** Due to the performance limitation of Corstone1000 MPS3 FPGA, the
+distro installation process can take up to 24 hours to complete.
+
+Once installation is complete, unplug the first USB stick and reboot the board.
+After successfully installing and booting the Linux distro, the user should see
+a login prompt:
+
+::
+
+  debian login:
+
+Login with the username root.
+
+Run psa-arch-test (applicable to both FPGA and FVP)
+---------------------------------------------------
+
+When running psa-arch-test on MPS3 FPGA, the user should make sure there is no
+USB stick connected to the board. Power on the board and boot the board to
+Linux. Then, the user should follow the steps below to run the psa_arch_tests.
+
+When running psa-arch-test on Corstone1000 FVP, the user should follow the
+instructions in `Running the software on FVP`_ section to boot Linux in FVP
+host_terminal_0, and login using the username ``root``.
+
+As a reference for the user's test results, the psa-arch-test report for `Corstone1000 software (CORSTONE1000-2022.02.18) <https://git.yoctoproject.org/meta-arm/tag/?h=CORSTONE1000-2022.02.18>`__
+can be found in `here <https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-test-report/-/tree/master/embedded-a/corstone1000>`__.
+
+First, create a file containing SE_PROXY_SP UUID. Run:
+
+::
+
+  echo 46bb39d1-b4d9-45b5-88ff-040027dab249 > sp_uuid_list.txt
+
+Then, load FFA driver module into Linux kernel. Run:
+
+::
+
+  load_ffa_debugfs.sh .
+
+Then, check whether the FFA driver loaded correctly by using the following command:
+
+::
+
+  cat /proc/modules | grep arm_ffa_user
+
+The output should be:
+
+::
+
+  arm_ffa_user 16384 - - Live 0xffffffc0084b0000 (O)
+
+Now, run the PSA arch tests with following commands. The user should run the
+tests in following order:
+
+::
+
+  psa-iat-api-test
+  psa-crypto-api-test
+  psa-its-api-test
+  psa-ps-api-test
+
+********************************************************
+Linux distro: OpenSUSE Raw image installation (FVP Only)
+********************************************************
+
+Steps to download openSUSE Tumbleweed raw image:
+  - Go to: http://download.opensuse.org/ports/aarch64/tumbleweed/appliances/
+  - The user should look for a Tumbleweed-ARM-JeOS-efi.aarch64-* Snapshot, for example, ``openSUSE-Tumbleweed-ARM-JeOS-efi.aarch64-2022.03.18-Snapshot20220331.raw.xz``
+
+Once the .raw.xz file is downloaded, the raw image file needs to be extracted:
+
+::
+
+       unxz <file-name.raw.xz>
+
+
+The above command will generate a file ending with extension .raw image. Now, use the following command
+to run FVP with raw image installation process.
+
+::
+
+<_workspace>/meta-arm/scripts/runfvp --terminals=xterm <_workspace>/build/tmp/deploy/images/corstone1000-fvp/corstone1000-image-corstone1000-fvp.fvpconf -- -C board.msd_mmc.p_mmc_file="${openSUSE raw image file path}" 
+
+After successfully installing and booting the Linux distro, the user should see
+a openSUSE login prompt.
+
+::
+
+      localhost login:
+
+Login with the username 'root' and password 'linux'.
+
+**************************************
+Running the software on FVP on Windows
+**************************************
+If the user needs to run the Corstone1000 software on FVP on Windows. The user
+should follow the build instructions in this document to build on Linux host
+PC, and copy the output binaries to the Windows PC where the FVP is located,
+and launch the FVP binary.
+
+--------------
+
+*Copyright (c) 2021, Arm Limited. All rights reserved.*
+
+.. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
diff --git a/meta-arm/meta-arm-bsp/documentation/requirements.txt b/meta-arm/meta-arm-bsp/documentation/requirements.txt
new file mode 100644
index 0000000..b82e5e0
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/documentation/requirements.txt
@@ -0,0 +1,12 @@
+# Copyright (c) 2022, Arm Limited.
+#
+# SPDX-License-Identifier: MIT
+
+# Read The Docs specific
+jinja2==3.1.1
+
+# Required to build the documentation
+sphinx==4.5.0
+sphinx_rtd_theme==1.0.0
+sphinx-copybutton==0.5.0
+docutils==0.17.1
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-tc-increase-heap-pages.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-tc-increase-heap-pages.patch
index e867073..dfec5d8 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-tc-increase-heap-pages.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-tc-increase-heap-pages.patch
@@ -3,6 +3,7 @@
 Date: Fri, 29 Apr 2022 20:07:50 +0100
 Subject: [PATCH] tc: increase heap pages
 
+Upstream-Status: Pending
 Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
 ---
  /BUILD.gn | 2 +-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0001-corstone1000-platform-secure-test-framework.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0001-corstone1000-platform-secure-test-framework.patch
new file mode 100644
index 0000000..8f63319
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0001-corstone1000-platform-secure-test-framework.patch
@@ -0,0 +1,359 @@
+From 6ab17eeb8225cdf4afc6956c9a2774d60866c36d Mon Sep 17 00:00:00 2001
+From: Satish Kumar <satish.kumar01@arm.com>
+Date: Mon, 28 Mar 2022 05:16:50 +0100
+Subject: [PATCH 1/6] corstone1000: platform secure test framework
+
+Change-Id: Ib781927f0add93ec9c06515d251e79518ee1db6e
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+Upstream-Status: Accepted [TF-Mv1.7.0]
+---
+ .../arm/corstone1000/Native_Driver/firewall.c |  15 ++
+ .../arm/corstone1000/Native_Driver/firewall.h |   5 +
+ .../ci_regression_tests/CMakeLists.txt        |  45 +++++
+ .../corstone1000/ci_regression_tests/s_test.c | 186 ++++++++++++++++++
+ .../corstone1000/ci_regression_tests/s_test.h |  30 +++
+ .../ci_regression_tests/s_test_config.cmake   |   8 +
+ 6 files changed, 289 insertions(+)
+ create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt
+ create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c
+ create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.h
+ create mode 100644 platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake
+
+diff --git a/platform/ext/target/arm/corstone1000/Native_Driver/firewall.c b/platform/ext/target/arm/corstone1000/Native_Driver/firewall.c
+index 788cc3ec92..356b85e9d5 100755
+--- a/platform/ext/target/arm/corstone1000/Native_Driver/firewall.c
++++ b/platform/ext/target/arm/corstone1000/Native_Driver/firewall.c
+@@ -293,6 +293,21 @@ void fc_enable_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t mpl)
+         ptr->rgn_mpl3 |= (mpl & RGN_MPL_EN_MASK);
+ }
+ 
++void fc_read_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t* mpl)
++{
++    struct _firewall_pe_rwe_reg_map_t *ptr =
++         (struct _firewall_pe_rwe_reg_map_t *)fw_data.rwe_ptr;
++    if (mpe == RGN_MPE0)
++        *mpl = (ptr->rgn_mpl0 & RGN_MPL_EN_MASK);
++    else if (mpe == RGN_MPE1)
++        *mpl = (ptr->rgn_mpl1 & RGN_MPL_EN_MASK);
++    else if (mpe == RGN_MPE2)
++        *mpl = (ptr->rgn_mpl2 & RGN_MPL_EN_MASK);
++    else if (mpe == RGN_MPE3)
++        *mpl = (ptr->rgn_mpl3 & RGN_MPL_EN_MASK);
++}
++
++
+ void fc_disable_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t mpl)
+ {
+     struct _firewall_pe_rwe_reg_map_t *ptr =
+diff --git a/platform/ext/target/arm/corstone1000/Native_Driver/firewall.h b/platform/ext/target/arm/corstone1000/Native_Driver/firewall.h
+index 48c86725ef..17afe6a92f 100755
+--- a/platform/ext/target/arm/corstone1000/Native_Driver/firewall.h
++++ b/platform/ext/target/arm/corstone1000/Native_Driver/firewall.h
+@@ -247,6 +247,11 @@ void fc_init_mpl(enum rgn_mpe_t mpe);
+  */
+ void fc_enable_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t mpl);
+ 
++/**
++ * \brief Reads Master Permission List in the selected Firewall Component
++ */
++void fc_read_mpl(enum rgn_mpe_t mpe, enum rgn_mpl_t* mpl);
++
+ /**
+  * \brief Disables Master Permission List in the selected Firewall Component
+  */
+diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt b/platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt
+new file mode 100644
+index 0000000000..70e1c20e4e
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/CMakeLists.txt
+@@ -0,0 +1,45 @@
++#-------------------------------------------------------------------------------
++# Copyright (c) 2021-22, Arm Limited. All rights reserved.
++#
++# SPDX-License-Identifier: BSD-3-Clause
++#
++#-------------------------------------------------------------------------------
++
++cmake_policy(SET CMP0079 NEW)
++
++include(${CMAKE_CURRENT_SOURCE_DIR}/s_test_config.cmake)
++
++####################### Secure #################################################
++
++add_library(corstone1000_test_s STATIC EXCLUDE_FROM_ALL)
++
++target_sources(corstone1000_test_s
++    PRIVATE
++        ${CMAKE_CURRENT_SOURCE_DIR}/s_test.c
++        ../Native_Driver/firewall.c
++)
++
++target_include_directories(corstone1000_test_s
++    PRIVATE
++        ${CMAKE_CURRENT_SOURCE_DIR}
++        ../Device/Include
++        ../Native_Driver
++)
++
++# Example test links tfm_test_suite_extra_common to use related interface
++target_link_libraries(corstone1000_test_s
++    PRIVATE
++        tfm_test_suite_extra_common
++        tfm_log
++)
++
++target_compile_definitions(corstone1000_test_s
++    PRIVATE
++        $<$<BOOL:${PLATFORM_IS_FVP}>:PLATFORM_IS_FVP>
++)
++
++# The corstone1000_test_s library is linked by tfm_test_suite_extra_s
++target_link_libraries(tfm_test_suite_extra_s
++    PRIVATE
++        corstone1000_test_s
++)
+diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c
+new file mode 100644
+index 0000000000..963f46d2ab
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.c
+@@ -0,0 +1,186 @@
++/*
++ * Copyright (c) 2021-22, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#include "s_test.h"
++#include "platform_base_address.h"
++#include "firewall.h"
++#include "tfm_log_raw.h"
++
++#define DISABLED_TEST 0
++
++enum host_firewall_host_comp_id_t {
++  HOST_FCTRL = (0x00u),
++  COMP_SYSPERIPH,
++  COMP_DBGPERIPH,
++  COMP_AONPERIPH,
++  COMP_XNVM,
++  COMP_CVM,
++  COMP_HOSTCPU,
++  COMP_EXTSYS0,
++  COMP_EXTSYS1,
++  COMP_EXPSLV0,
++  COMP_EXPSLV1,
++  COMP_EXPMST0,
++  COMP_EXPMST1,
++  COMP_OCVM,
++  COMP_DEBUG,
++};
++
++const struct extra_tests_t plat_s_t = {
++    .test_entry = s_test,
++    .expected_ret = EXTRA_TEST_SUCCESS
++};
++
++static int test_host_firewall_status(void)
++{
++    enum fw_lockdown_status_t status;
++    uint32_t any_component_id = 2;
++
++    fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, any_component_id);
++    status = fw_get_lockdown_status();
++    if (status != FW_LOCKED) {
++        tfm_log_printf("FAIL: %s.\n\r", __func__);
++        return EXTRA_TEST_FAILED;
++    }
++
++    tfm_log_printf("PASS: %s\n\r", __func__);
++    return EXTRA_TEST_SUCCESS;
++}
++
++static int test_host_firewall_external_flash_configurations(void)
++{
++    enum rgn_mpl_t mpl_rights = 0;
++    enum rgn_mpl_t expected_rights = 0;
++
++#if !(PLATFORM_IS_FVP)
++    /* External flash */
++    fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_EXPMST0);
++    fc_select_region(3);
++    fc_read_mpl(RGN_MPE0, &mpl_rights);
++    expected_rights = (RGN_MPL_ANY_MST_MASK | RGN_MPL_SECURE_READ_MASK |
++                                              RGN_MPL_SECURE_WRITE_MASK);
++    if (mpl_rights != expected_rights) {
++        tfm_log_printf("FAIL1: %s.\n\r", __func__);
++        return EXTRA_TEST_FAILED;
++    }
++    /* XIP Permissions */
++    fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_XNVM);
++    fc_select_region(1);
++    fc_read_mpl(RGN_MPE0, &mpl_rights);
++    expected_rights = (RGN_MPL_ANY_MST_MASK |
++                              RGN_MPL_SECURE_READ_MASK |
++                              RGN_MPL_NONSECURE_READ_MASK);
++    if (mpl_rights != expected_rights) {
++        tfm_log_printf("FAIL2: %s.\n\r", __func__);
++        return EXTRA_TEST_FAILED;
++    }
++#else
++    /* Enable the below test when FVP Host Firewall is configured. */
++    /*
++    fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_XNVM);
++    fc_select_region(1);
++    fc_read_mpl(RGN_MPE0, &mpl_rights);
++    tfm_log_printf("mpl rights = %d\n\r", mpl_rights);
++    expected_rights = (RGN_MPL_ANY_MST_MASK |
++                  RGN_MPL_SECURE_READ_MASK |
++                  RGN_MPL_SECURE_WRITE_MASK |
++                  RGN_MPL_NONSECURE_READ_MASK |
++                  RGN_MPL_NONSECURE_WRITE_MASK);
++    if (mpl_rights != expected_rights) {
++        tfm_log_printf("FAIL1: %s.\n\r", __func__);
++        return EXTRA_TEST_FAILED;
++    }
++    */
++#endif
++
++    tfm_log_printf("PASS: %s\n\r", __func__);
++    return EXTRA_TEST_SUCCESS;
++}
++
++static int test_host_firewall_secure_flash_configurations(void)
++{
++    enum rgn_mpl_t mpl_rights = 0;
++    enum rgn_mpl_t expected_rights = 0;
++
++#if !(PLATFORM_IS_FVP)
++    /* External flash */
++    fc_select((void *)CORSTONE1000_HOST_FIREWALL_BASE, COMP_EXPMST1);
++    fc_select_region(1);
++    fc_read_mpl(RGN_MPE0, &mpl_rights);
++    expected_rights = (RGN_MPL_ANY_MST_MASK | RGN_MPL_SECURE_READ_MASK |
++                                              RGN_MPL_SECURE_WRITE_MASK);
++    if (mpl_rights != expected_rights) {
++        tfm_log_printf("FAIL: %s.\n\r", __func__);
++        return EXTRA_TEST_FAILED;
++    }
++#endif
++
++    tfm_log_printf("PASS: %s\n\r", __func__);
++    return EXTRA_TEST_SUCCESS;
++}
++
++static int test_bir_programming(void)
++{
++    /* BIR is expected to bhaive like write once register */
++
++    volatile uint32_t *bir_base = (uint32_t *)CORSTONE1000_HOST_BIR_BASE;
++
++    bir_base[0] = 0x1;
++    bir_base[0] = 0x2;
++    if (bir_base[0] != 0x1) {
++        tfm_log_printf("FAIL: %s : (%u)\n\r", __func__, bir_base[0]);
++        return EXTRA_TEST_FAILED;
++    }
++
++    tfm_log_printf("PASS: %s\n\r", __func__);
++    return EXTRA_TEST_SUCCESS;
++}
++
++int32_t s_test(void)
++{
++    int status;
++    int failures = 0;
++
++#if (DISABLED_TEST == 1)
++    status = test_host_firewall_status();
++    if (status) {
++        failures++;
++    }
++#endif
++
++    status = test_host_firewall_secure_flash_configurations();
++    if (status) {
++        failures++;
++    }
++
++    status = test_host_firewall_external_flash_configurations();
++    if (status) {
++        failures++;
++    }
++
++#if (DISABLED_TEST == 1)
++    status = test_bir_programming();
++    if (status) {
++        failures++;
++    }
++#endif
++
++    if (failures) {
++        tfm_log_printf("Not all platform test could pass: failures=%d\n\r", failures);
++        return EXTRA_TEST_FAILED;
++    }
++
++    tfm_log_printf("ALL_PASS: corstone1000 platform test cases passed.\n\r");
++    return EXTRA_TEST_SUCCESS;
++}
++
++int32_t extra_tests_init(struct extra_tests_t *internal_test_t)
++{
++    /* Add platform init code here. */
++
++    return register_extra_tests(internal_test_t, &plat_s_t);
++}
+diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.h b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.h
+new file mode 100644
+index 0000000000..8aff4d679c
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test.h
+@@ -0,0 +1,30 @@
++/*
++ * Copyright (c) 2021-22, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#ifndef __S_TESTS_H__
++#define __S_TESTS_H__
++
++#include "extra_tests_common.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++const struct extra_tests_t plat_s_t;
++
++/**
++ * \brief Platform specific secure test function.
++ *
++ * \returns Returns error code as specified in \ref int32_t
++ */
++int32_t s_test(void);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* __S_TESTS_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake
+new file mode 100644
+index 0000000000..bb8d26bf1c
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/ci_regression_tests/s_test_config.cmake
+@@ -0,0 +1,8 @@
++#-------------------------------------------------------------------------------
++# Copyright (c) 2021-22, Arm Limited. All rights reserved.
++#
++# SPDX-License-Identifier: BSD-3-Clause
++#
++#-------------------------------------------------------------------------------
++
++############ Define secure test specific cmake configurations here #############
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0002-corstone1000-make-external-system-support-optional.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0002-corstone1000-make-external-system-support-optional.patch
new file mode 100644
index 0000000..c6bacb4
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0002-corstone1000-make-external-system-support-optional.patch
@@ -0,0 +1,77 @@
+From 6fd49ab55c3419429e437845864c5bb2d731da29 Mon Sep 17 00:00:00 2001
+From: Satish Kumar <satish.kumar01@arm.com>
+Date: Mon, 25 Apr 2022 05:26:38 +0100
+Subject: [PATCH 2/6] corstone1000: make external system support optional
+
+The commits introduce build time variables to make
+external system support in the platform optional.
+
+Change-Id: I593014e0da4ac553c105c66ae55f6fd83ffe427e
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+Upstream-Status: Accepted [TF-Mv1.7.0]
+---
+ .../ext/target/arm/corstone1000/CMakeLists.txt    |  1 +
+ platform/ext/target/arm/corstone1000/config.cmake |  1 +
+ .../target/arm/corstone1000/tfm_hal_multi_core.c  | 15 +++++++++++++++
+ 3 files changed, 17 insertions(+)
+
+diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+index 16bc708964..39d7b03455 100644
+--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+@@ -97,6 +97,7 @@ target_compile_definitions(platform_s
+     PRIVATE
+         $<$<BOOL:${PLATFORM_IS_FVP}>:PLATFORM_IS_FVP>
+         $<$<BOOL:${TEST_S}>:TEST_S>
++        $<$<BOOL:${EXTERNAL_SYSTEM_SUPPORT}>:EXTERNAL_SYSTEM_SUPPORT>
+ )
+ 
+ #========================= Platform BL2 =======================================#
+diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake
+index e5f91108ee..a3399db318 100644
+--- a/platform/ext/target/arm/corstone1000/config.cmake
++++ b/platform/ext/target/arm/corstone1000/config.cmake
+@@ -21,6 +21,7 @@ set(CRYPTO_HW_ACCELERATOR               ON         CACHE BOOL     "Whether to en
+ set(CRYPTO_NV_SEED                      OFF        CACHE BOOL     "Use stored NV seed to provide entropy")
+ set(TFM_CRYPTO_TEST_ALG_CFB             OFF        CACHE BOOL     "Test CFB cryptography mode")
+ set(NS                                  FALSE      CACHE BOOL     "Whether to build NS app")
++set(EXTERNAL_SYSTEM_SUPPORT             OFF        CACHE BOOL     "Whether to include external system support.")
+ 
+ # FVP is not integrated/tested with CC312.
+ if (${PLATFORM_IS_FVP})
+diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c
+index 8e1b455086..8622844d91 100644
+--- a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c
++++ b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c
+@@ -16,6 +16,16 @@
+ #define HOST_CPU_PE0_CONFIG_OFFSET 0x010
+ #define AA64nAA32_MASK (1 << 3)
+ 
++#ifdef EXTERNAL_SYSTEM_SUPPORT
++void tfm_external_system_boot()
++{
++    volatile uint32_t *ext_sys_reset_ctl_reg = (uint32_t *)(CORSTONE1000_EXT_SYS_RESET_REG);
++
++    /* de-assert CPU_WAIT signal*/
++    *ext_sys_reset_ctl_reg = 0x0;
++}
++#endif
++
+ void tfm_hal_boot_ns_cpu(uintptr_t start_addr)
+ {
+     /* Switch the shared flash to XiP mode for the host */
+@@ -53,6 +63,11 @@ void tfm_hal_boot_ns_cpu(uintptr_t start_addr)
+     *reset_ctl_reg = 0;
+ 
+     (void) start_addr;
++
++#ifdef EXTERNAL_SYSTEM_SUPPORT
++    /*release EXT SYS out of reset*/
++    tfm_external_system_boot();
++#endif
+ }
+ 
+ void tfm_hal_wait_for_ns_cpu_ready(void)
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0003-corstone1000-enable-secure-enclave-run-without-host-.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0003-corstone1000-enable-secure-enclave-run-without-host-.patch
new file mode 100644
index 0000000..6422952
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0003-corstone1000-enable-secure-enclave-run-without-host-.patch
@@ -0,0 +1,298 @@
+From 2e56f2601249243f2fb3ba67caf9febe4bfc8371 Mon Sep 17 00:00:00 2001
+From: Satish Kumar <satish.kumar01@arm.com>
+Date: Tue, 26 Apr 2022 20:17:13 +0100
+Subject: [PATCH 3/6] corstone1000: enable secure enclave run without host
+ binaries
+
+In TEST_S configuration, the build disables part of the code which
+assumes that the host binaries are present in the flash. This change
+will allow secure enclave's part of the platforms software to build
+and run without the host support. The configuration can be used to run
+CI and test secure enclave software independently.
+
+Change-Id: I29325750a3bea270fe5b3b8b47932a7071a59482
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+Upstream-Status: Accepted [TF-Mv1.7.0]
+---
+ .../ext/target/arm/corstone1000/readme.rst    | 88 +++++++++++++++----
+ .../target/arm/corstone1000/CMakeLists.txt    |  8 +-
+ .../arm/corstone1000/bl1/CMakeLists.txt       |  2 +-
+ .../target/arm/corstone1000/bl2_flash_map.c   |  2 +
+ .../target/arm/corstone1000/boot_hal_bl2.c    |  2 +
+ .../ext/target/arm/corstone1000/config.cmake  | 11 ++-
+ .../arm/corstone1000/partition/flash_layout.h |  2 +-
+ .../arm/corstone1000/tfm_hal_multi_core.c     |  2 +
+ 8 files changed, 94 insertions(+), 23 deletions(-)
+
+diff --git a/docs/platform/ext/target/arm/corstone1000/readme.rst b/docs/platform/ext/target/arm/corstone1000/readme.rst
+index 94b58ac6fc..10c9c58f78 100644
+--- a/docs/platform/ext/target/arm/corstone1000/readme.rst
++++ b/docs/platform/ext/target/arm/corstone1000/readme.rst
+@@ -7,22 +7,27 @@ Introduction
+ ************
+ 
+ The ARM's Corstone-1000 platform is a reference implementation of PSA FF-M
+-architecture where NSPE and SPE environments are partitioned into
++architecture where NSPE and SPE environments are partitioned/isolated into
+ Cortex-A35 and Cortex-M0+ respectively.
+ 
+ Cortex-M0+ acting as Secure Enclave is the Root-of-trust of SoC. Its
+-software comprises of two boot loading stages, i.e. Bl1 and Bl2, based on
+-mcuboot, and TF-M as run time software. Cortex-A35, also referred as host,
+-is completely treated as non-secure from the Secure Enclave perspective.
++software comprises of two boot loading stages, i.e. Bl1 and Bl2 (based on
++mcuboot) and TF-M as run time software. Cortex-A35, also referred as host,
++is treated as non-secure from the Secure Enclave perspective.
+ The Cortex-A35 is brought out of rest by Secure Enclave in aarch64 bit mode,
+ and boots the software ecosystem based on linux, u-boot, UEFI run time
+-services, TF-A and Optee.
++services, TF-A, Secure Partitions and Optee.
+ 
+ The communication between NSPE and SPE is based on PSA IPC protocol running on
+-top of OpenAMP.
++top of FF-A/OpenAMP.
+ 
+ The secure enclave subsystem has ARM's CC-312 (Crypto Cell) hardware to
+-accelerate cryptographic operations.
++accelerate cryptographic operations. Additionaly, platform supports Secure Debug
++using SDC-600 as the communication interface between host debugger and platform
++target. The platform has the build option to enable secure debug protocol to
++unlock debug ports during boot time. The protocol is based on ARM's ADAC
++(Authenticated Debug Access Control) standard.
++
+ 
+ ***********
+ System boot
+@@ -33,23 +38,76 @@ System boot
+ - BL1 load, verifies and transfer execution to BL2 which is again based on mcuboot.
+ - BL2 loads and verifies TF-M and host's initial boot loader image.
+ - BL2 transfer the execution to the TF-M.
+-- During TF-M initialization, the host is reset.
++- During TF-M initialization, the host is taken out of rest.
++- Hashes of the keys used for image verification are stored in the OTP memory.
+ 
+ *****
+ Build
+ *****
+ 
+-.. code-block::
++Platform solution
++=================
++
++The platform binaries are build using Yocto. Below is the user guide:
++
++`Arm Corstone-1000 User Guide`_
++
++Secure Test
++===========
++
++This section can be used to test the secure enclave software indedendently from
++the host. The below configuration builds the secure enclave binaries with CI test
++frame integrated. On boot, secure enclave softwares stack is brought up, and
++CI tests starts executing at the end of the initialization process. In the
++below configuration, host software support is disabled, and meant only
++to test/verify the secure enclave softwares.
++
++FVP
++---
+ 
+-    cmake -B build/ -S <tf-m-root>/ -DCMAKE_BUILD_TYPE=Debug -DTFM_TOOLCHAIN_FILE=<tf-m-root>/toolchain_GNUARM.cmake -DTFM_PLATFORM=arm/corstone1000
++- Download Corstone-1000 FVP from : `Arm Ecosystem FVPs`_
++- Install FVP by running the shell script.
++- Running of the binary will boot secure enclave software stack and at the end all CI test
++  from tf-m-test along with platform specific tests are executed.
++
++.. code-block:: bash
++
++    cmake -B build/ -S <tf-m-root>/ -DCMAKE_BUILD_TYPE=Debug -DTFM_TOOLCHAIN_FILE=<tf-m-root>/toolchain_GNUARM.cmake -DTFM_PLATFORM=arm/corstone1000 -DPLATFORM_IS_FVP=TRUE -DTEST_NS=OFF -DTEST_S=ON -DEXTRA_S_TEST_SUITES_PATHS=<tf-m-root>/trusted-firmware-m/platform/ext/target/arm/corstone1000/ci_regression_tests/
+     cmake --build build -- install
++    cd ./build/install/outputs/
++    cat bl2_signed.bin bl2_signed.bin tfm_s_signed.bin > cs1000.bin
++    cd <path-to-FVP-installation>/models/Linux64_GCC-9.3/
++    ./FVP_Corstone-1000 -C board.flashloader0.fname="none" -C se.trustedBootROMloader.fname="./<path-to-build-dir>/install/outputs/bl1.bin" -C board.xnvm_size=64 -C se.trustedSRAM_config=6 -C se.BootROM_config="3" -C board.smsc_91c111.enabled=0  -C board.hostbridge.userNetworking=true --data board.flash0=./<path-to-build-dir>/install/outputs/cs1000.bin@0x68100000 -C diagnostics=4 -C disable_visualisation=true -C board.se_flash_size=8192 -C diagnostics=4  -C disable_visualisation=true
++
++FPGA
++----
+ 
+-The binaries will be installed inside:
++- Follow the above pointed platform user guide to setup the FPGA board.
++- Use the BL1 generated from the below commands to place it inside FPGA board SD Card.
++- Use the cs1000.bin created from the below commands to place it inside FPGA board SD Card.
++
++.. code-block:: bash
++
++    cmake -B build/ -S <tf-m-root>/ -DCMAKE_BUILD_TYPE=Debug -DTFM_TOOLCHAIN_FILE=<tf-m-root>/toolchain_GNUARM.cmake -DTFM_PLATFORM=arm/corstone1000 -DTEST_NS=OFF -DTEST_S=ON -DEXTRA_S_TEST_SUITES_PATHS=<tf-m-root>/trusted-firmware-m/platform/ext/target/arm/corstone1000/ci_regression_tests/ -DTEST_S_PS=OFF -DTEST_S_PLATFORM=OFF
++    cmake --build build -- install
++    cd ./build/install/outputs/
++    cat bl2_signed.bin bl2_signed.bin tfm_s_signed.bin > cs1000.bin
++    cp bl1.bin <path-to-FPGA-SD-CARD>/SOFTWARE/
++    cp cs1000.bin <path-to-FPGA-SD-CARD>/SOFTWARE/
+ 
+-.. code-block::
++FPGA build can not compile all the CI tests into a single build as it exceeds
++the available RAM size. So there is a need to select few tests but not all.
++The above configuration disable build of -DTEST_S_PS and -DTEST_S_PLATFORM.
++Other test configurations are:
+ 
+-    ./build/install/outputs/ARM/CORSTONE1000
++- -DTEST_S_ATTESTATION=ON/OFF
++- -DTEST_S_AUDIT=ON/OFF
++- -DTEST_S_CRYPTO=ON/OFF
++- -DTEST_S_ITS=ON/OFF
++- -DTEST_S_PS=ON/OFF
++- -DTEST_S_PLATFORM=ON/OFF
+ 
+---------------
++*Copyright (c) 2021-2022, Arm Limited. All rights reserved.*
+ 
+-*Copyright (c) 2021, Arm Limited. All rights reserved.*
++.. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
++.. _Arm Corstone-1000 User Guide: https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-docs/-/blob/CORSTONE1000-2022.04.19/docs/embedded-a/corstone1000/user-guide.rst
+diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+index 39d7b03455..81522c7cf0 100644
+--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+@@ -18,7 +18,7 @@ target_include_directories(platform_region_defs
+ 
+ target_compile_definitions(platform_region_defs
+     INTERFACE
+-        $<$<BOOL:${TEST_S}>:TEST_S>
++        $<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST>
+ )
+ #========================= Platform common defs ===============================#
+ 
+@@ -75,7 +75,7 @@ target_sources(platform_s
+         $<$<BOOL:TFM_PARTITION_PLATFORM>:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c>
+         fw_update_agent/uefi_capsule_parser.c
+         fw_update_agent/fwu_agent.c
+-        $<$<BOOL:${TEST_S}>:${CMAKE_CURRENT_SOURCE_DIR}/target_cfg.c>
++        $<$<BOOL:${TFM_S_REG_TEST}>:${CMAKE_CURRENT_SOURCE_DIR}/target_cfg.c>
+ )
+ 
+ if (PLATFORM_IS_FVP)
+@@ -96,7 +96,7 @@ endif()
+ target_compile_definitions(platform_s
+     PRIVATE
+         $<$<BOOL:${PLATFORM_IS_FVP}>:PLATFORM_IS_FVP>
+-        $<$<BOOL:${TEST_S}>:TEST_S>
++        $<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST>
+         $<$<BOOL:${EXTERNAL_SYSTEM_SUPPORT}>:EXTERNAL_SYSTEM_SUPPORT>
+ )
+ 
+@@ -136,7 +136,7 @@ endif()
+ target_compile_definitions(platform_bl2
+     PRIVATE
+         $<$<BOOL:${PLATFORM_IS_FVP}>:PLATFORM_IS_FVP>
+-        $<$<BOOL:${TEST_S}>:TEST_S>
++        $<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST>
+ )
+ 
+ # boot_hal_bl2.c is compiled as part of 'bl2' target and not inside
+diff --git a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt
+index 369695f148..d39c5ae91d 100644
+--- a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt
++++ b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt
+@@ -291,7 +291,7 @@ target_compile_definitions(signing_layout_for_bl2
+     PRIVATE
+         MCUBOOT_IMAGE_NUMBER=${BL1_IMAGE_NUMBER}
+         BL1
+-        $<$<BOOL:${TEST_S}>:TEST_S>
++        $<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST>
+ )
+ 
+ target_include_directories(signing_layout_for_bl2
+diff --git a/platform/ext/target/arm/corstone1000/bl2_flash_map.c b/platform/ext/target/arm/corstone1000/bl2_flash_map.c
+index 6bffa274df..0a6a592d94 100644
+--- a/platform/ext/target/arm/corstone1000/bl2_flash_map.c
++++ b/platform/ext/target/arm/corstone1000/bl2_flash_map.c
+@@ -38,6 +38,7 @@ struct flash_area flash_map[] = {
+         .fa_off = FLASH_AREA_1_OFFSET,
+         .fa_size = FLASH_AREA_1_SIZE,
+     },
++#ifndef TFM_S_REG_TEST
+     {
+         .fa_id = FLASH_AREA_2_ID,
+         .fa_device_id = FLASH_DEVICE_ID,
+@@ -52,6 +53,7 @@ struct flash_area flash_map[] = {
+         .fa_off = FLASH_INVALID_OFFSET,
+         .fa_size = FLASH_INVALID_SIZE,
+     },
++#endif
+ };
+ 
+ const int flash_map_entry_num = ARRAY_SIZE(flash_map);
+diff --git a/platform/ext/target/arm/corstone1000/boot_hal_bl2.c b/platform/ext/target/arm/corstone1000/boot_hal_bl2.c
+index 792e06f81e..134315a17b 100644
+--- a/platform/ext/target/arm/corstone1000/boot_hal_bl2.c
++++ b/platform/ext/target/arm/corstone1000/boot_hal_bl2.c
+@@ -100,10 +100,12 @@ int32_t boot_platform_init(void)
+         return 1;
+     }
+ 
++#ifndef TFM_S_REG_TEST
+     result = fill_bl2_flash_map_by_parsing_fips(BANK_0_PARTITION_OFFSET);
+     if (result) {
+         return 1;
+     }
++#endif
+ 
+     result = FLASH_DEV_NAME.Initialize(NULL);
+     if (result != ARM_DRIVER_OK) {
+diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake
+index a3399db318..a6a1a33c42 100644
+--- a/platform/ext/target/arm/corstone1000/config.cmake
++++ b/platform/ext/target/arm/corstone1000/config.cmake
+@@ -13,8 +13,15 @@ set(DEFAULT_MCUBOOT_FLASH_MAP           OFF        CACHE BOOL     "Whether to us
+ set(MCUBOOT_UPGRADE_STRATEGY            "RAM_LOAD" CACHE STRING   "Upgrade strategy when multiple boot images are loaded")
+ set(MCUBOOT_SECURITY_COUNTER_S          "1"      CACHE STRING    "Security counter for S image. auto sets it to IMAGE_VERSION_S")
+ 
+-set(TFM_ISOLATION_LEVEL                 2          CACHE STRING   "Isolation level")
+-set(MCUBOOT_IMAGE_NUMBER                2          CACHE STRING   "Whether to combine S and NS into either 1 image, or sign each separately")
++if (TEST_S OR TEST_S_ATTESTATION OR TEST_S_AUDIT OR TEST_S_CRYPTO OR TEST_S_ITS OR TEST_S_PS OR TEST_S_PLATFORM OR EXTRA_S_TEST_SUITES_PATHS)
++  # Test configuration: host images are not needed and work only with isolation level 1
++  set(MCUBOOT_IMAGE_NUMBER                1          CACHE STRING   "Whether to combine S and NS into either 1 image, or sign each separately")
++  set(TFM_ISOLATION_LEVEL                 1          CACHE STRING   "Isolation level")
++else()
++  set(MCUBOOT_IMAGE_NUMBER                2          CACHE STRING   "Whether to combine S and NS into either 1 image, or sign each separately")
++  set(TFM_ISOLATION_LEVEL                 2          CACHE STRING   "Isolation level")
++endif()
++
+ set(TFM_MULTI_CORE_TOPOLOGY             ON         CACHE BOOL     "Whether to build for a dual-cpu architecture")
+ set(TFM_PLAT_SPECIFIC_MULTI_CORE_COMM   ON         CACHE BOOL     "Whether to use a platform specific inter core communication instead of mailbox in dual-cpu topology")
+ set(CRYPTO_HW_ACCELERATOR               ON         CACHE BOOL     "Whether to enable the crypto hardware accelerator on supported platforms")
+diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
+index aa5a8fe463..b0319bb319 100644
+--- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h
++++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
+@@ -119,7 +119,7 @@
+  *
+  */
+ #define SE_BL2_PARTITION_SIZE           (0x19000)    /* 100 KB */
+-#ifdef TEST_S
++#ifdef TFM_S_REG_TEST
+ #define TFM_PARTITION_SIZE              (0x61C00)    /* 391 KB */
+ #else
+ #define TFM_PARTITION_SIZE              (0x5E000)    /* 376 KB */
+diff --git a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c
+index 8622844d91..1146ffe22a 100644
+--- a/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c
++++ b/platform/ext/target/arm/corstone1000/tfm_hal_multi_core.c
+@@ -31,6 +31,7 @@ void tfm_hal_boot_ns_cpu(uintptr_t start_addr)
+     /* Switch the shared flash to XiP mode for the host */
+     Select_XIP_Mode_For_Shared_Flash();
+ 
++#ifndef TFM_S_REG_TEST
+     volatile uint32_t *bir_base = (uint32_t *)CORSTONE1000_HOST_BIR_BASE;
+ 
+     /* Program Boot Instruction Register to jump to BL2 (TF-A) base address
+@@ -68,6 +69,7 @@ void tfm_hal_boot_ns_cpu(uintptr_t start_addr)
+     /*release EXT SYS out of reset*/
+     tfm_external_system_boot();
+ #endif
++#endif /* !TFM_S_REG_TEST */
+ }
+ 
+ void tfm_hal_wait_for_ns_cpu_ready(void)
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0004-Platform-Partition-Allow-configuration-of-input-and-.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0004-Platform-Partition-Allow-configuration-of-input-and-.patch
new file mode 100644
index 0000000..211fb9e
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0004-Platform-Partition-Allow-configuration-of-input-and-.patch
@@ -0,0 +1,72 @@
+From f3686dfb8fb97cb42c3d4f8ee2d7aa736d5cb760 Mon Sep 17 00:00:00 2001
+From: Satish Kumar <satish.kumar01@arm.com>
+Date: Wed, 3 Aug 2022 15:50:27 +0100
+Subject: [PATCH 4/6] Platform Partition: Allow configuration of input and
+ output buffer
+
+The change makes input and output buffer size macros used by
+the platform partition to be configured by cmake. This will
+allow platforms to set the buffer size accordingly.
+
+Change-Id: Ia492ce02f8744b0157228d9be51a9ec5b7c88ef6
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+Upstream-Status: Accepted [TF-Mv1.7.0]
+---
+ config/config_default.cmake                  | 2 ++
+ secure_fw/partitions/platform/CMakeLists.txt | 6 ++++++
+ secure_fw/partitions/platform/platform_sp.c  | 9 +++++++--
+ 3 files changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/config/config_default.cmake b/config/config_default.cmake
+index 3112b707bc..497c972dc9 100755
+--- a/config/config_default.cmake
++++ b/config/config_default.cmake
+@@ -141,6 +141,8 @@ set(ATTEST_INCLUDE_OPTIONAL_CLAIMS      ON          CACHE BOOL      "Include opt
+ set(ATTEST_INCLUDE_COSE_KEY_ID          OFF         CACHE BOOL      "Include COSE key-id in initial attestation token")
+ 
+ set(TFM_PARTITION_PLATFORM              ON          CACHE BOOL      "Enable Platform partition")
++set(PLATFORM_SERVICE_INPUT_BUFFER_SIZE  64          CACHE STRING    "Size of input buffer in platform service.")
++set(PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE 64          CACHE STRING    "Size of output buffer in platform service.")
+ 
+ set(TFM_PARTITION_AUDIT_LOG             OFF         CACHE BOOL      "Enable Audit Log partition")
+ 
+diff --git a/secure_fw/partitions/platform/CMakeLists.txt b/secure_fw/partitions/platform/CMakeLists.txt
+index 4b37cd780c..3070f89d6d 100644
+--- a/secure_fw/partitions/platform/CMakeLists.txt
++++ b/secure_fw/partitions/platform/CMakeLists.txt
+@@ -47,6 +47,12 @@ target_link_libraries(tfm_psa_rot_partition_platform
+         tfm_spm
+ )
+ 
++target_compile_definitions(tfm_psa_rot_partition_platform
++    PRIVATE
++        INPUT_BUFFER_SIZE=${PLATFORM_SERVICE_INPUT_BUFFER_SIZE}
++        OUTPUT_BUFFER_SIZE=${PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE}
++)
++
+ ############################ Secure API ########################################
+ 
+ target_sources(tfm_sprt
+diff --git a/secure_fw/partitions/platform/platform_sp.c b/secure_fw/partitions/platform/platform_sp.c
+index 673cb0ee06..87bd434720 100644
+--- a/secure_fw/partitions/platform/platform_sp.c
++++ b/secure_fw/partitions/platform/platform_sp.c
+@@ -38,8 +38,13 @@ static const int32_t nv_counter_access_map[NV_COUNTER_MAP_SIZE] = {
+ #include "psa/service.h"
+ #include "region_defs.h"
+ 
+-#define INPUT_BUFFER_SIZE  64
+-#define OUTPUT_BUFFER_SIZE 64
++#ifndef INPUT_BUFFER_SIZE
++#define INPUT_BUFFER_SIZE      64
++#endif
++
++#ifndef OUTPUT_BUFFER_SIZE
++#define OUTPUT_BUFFER_SIZE     64
++#endif
+ 
+ typedef enum tfm_platform_err_t (*plat_func_t)(const psa_msg_t *msg);
+ #endif /* TFM_PSA_API */
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0005-corstone1000-support-for-UEFI-FMP-image-Information.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0005-corstone1000-support-for-UEFI-FMP-image-Information.patch
new file mode 100644
index 0000000..14e4b7f
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0005-corstone1000-support-for-UEFI-FMP-image-Information.patch
@@ -0,0 +1,573 @@
+From 9d70628b7dc1dbc3c1ac7f4f3c0f6aa6b237510d Mon Sep 17 00:00:00 2001
+From: Satish Kumar <satish.kumar01@arm.com>
+Date: Wed, 6 Jul 2022 11:19:39 +0100
+Subject: [PATCH 5/6] corstone1000: support for UEFI FMP image Information
+
+The commit provides the support for UEFI FMP (Firmware Management
+Protocol) SET and GET Image info APIs.
+
+The APIs to SET and GET image info is implemented. In current design,
+SET is called by secure encalve and GET is called by the host.
+
+FMP image information is initialized on every boot and retained
+in SRAM. The updatable values of the FMP are stored in private
+metadata section of the flash.
+
+Change-Id: Iaf0b4a13a9c24f05e4a32509e61a8b96ee8e9e4b
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+Upstream-Status: Accepted [TF-Mv1.7.0]
+---
+ .../target/arm/corstone1000/CMakeLists.txt    |   2 +
+ .../ext/target/arm/corstone1000/config.cmake  |   8 +-
+ .../corstone1000/fw_update_agent/fwu_agent.c  |  61 ++++-
+ .../corstone1000/fw_update_agent/fwu_agent.h  |   3 +
+ .../corstone1000/fw_update_agent/uefi_fmp.c   | 240 ++++++++++++++++++
+ .../corstone1000/fw_update_agent/uefi_fmp.h   |  56 ++++
+ .../include/corstone1000_ioctl_requests.h     |  14 +-
+ .../services/src/tfm_platform_system.c        |   9 +
+ 8 files changed, 374 insertions(+), 19 deletions(-)
+ create mode 100644 platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.c
+ create mode 100644 platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.h
+
+diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+index 81522c7cf0..3602312a3a 100644
+--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+@@ -76,6 +76,8 @@ target_sources(platform_s
+         fw_update_agent/uefi_capsule_parser.c
+         fw_update_agent/fwu_agent.c
+         $<$<BOOL:${TFM_S_REG_TEST}>:${CMAKE_CURRENT_SOURCE_DIR}/target_cfg.c>
++        fw_update_agent/uefi_fmp.c
++        $<$<NOT:$<BOOL:${PLATFORM_DEFAULT_OTP}>>:${PLATFORM_DIR}/ext/accelerator/cc312/otp_cc312.c>
+ )
+ 
+ if (PLATFORM_IS_FVP)
+diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake
+index a6a1a33c42..ab0fe17ba8 100644
+--- a/platform/ext/target/arm/corstone1000/config.cmake
++++ b/platform/ext/target/arm/corstone1000/config.cmake
+@@ -50,7 +50,9 @@ else()
+     set(PLATFORM_PSA_ADAC_SECURE_DEBUG      FALSE        CACHE BOOL      "Whether to use psa-adac secure debug.")
+ endif()
+ 
+-set(DEFAULT_MCUBOOT_SECURITY_COUNTERS   OFF          CACHE BOOL      "Whether to use the default security counter configuration defined by TF-M project")
++set(DEFAULT_MCUBOOT_SECURITY_COUNTERS       OFF          CACHE BOOL      "Whether to use the default security counter configuration defined by TF-M project")
+ 
+-set(PS_ENCRYPTION                       OFF          CACHE BOOL      "Enable encryption for Protected Storage partition")
+-set(PS_ROLLBACK_PROTECTION              OFF          CACHE BOOL      "Enable rollback protection for Protected Storage partition")
++set(PS_ENCRYPTION                           OFF          CACHE BOOL      "Enable encryption for Protected Storage partition")
++set(PS_ROLLBACK_PROTECTION                  OFF          CACHE BOOL      "Enable rollback protection for Protected Storage partition")
++
++set(PLATFORM_SERVICE_OUTPUT_BUFFER_SIZE     256          CACHE STRING    "Size of output buffer in platform service.")
+diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
+index 3abb5dd0dc..72a5fc9c1d 100644
+--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.c
+@@ -18,6 +18,7 @@
+ #include "platform_description.h"
+ #include "tfm_plat_nv_counters.h"
+ #include "tfm_plat_defs.h"
++#include "uefi_fmp.h"
+ 
+ /* Properties of image in a bank */
+ struct fwu_image_properties {
+@@ -84,6 +85,11 @@ struct fwu_private_metadata {
+        /* staged nv_counter: temprary location before written to the otp */
+        uint32_t nv_counter[NR_OF_IMAGES_IN_FW_BANK];
+ 
++       /* FMP information */
++       uint32_t fmp_version;
++       uint32_t fmp_last_attempt_version;
++       uint32_t fmp_last_attempt_status;
++
+ } __packed;
+ 
+ #define MAX_BOOT_ATTEMPTS_PER_BANK 3
+@@ -278,7 +284,7 @@ enum fwu_agent_error_t fwu_metadata_provision(void)
+ {
+     enum fwu_agent_error_t ret;
+     struct fwu_private_metadata priv_metadata;
+-    uint32_t image_version = 0;
++    uint32_t image_version = FWU_IMAGE_INITIAL_VERSION;
+ 
+     FWU_LOG_MSG("%s: enter\n\r", __func__);
+ 
+@@ -302,8 +308,8 @@ enum fwu_agent_error_t fwu_metadata_provision(void)
+     memset(&_metadata, 0, sizeof(struct fwu_metadata));
+ 
+     _metadata.version = 1;
+-    _metadata.active_index = 0;
+-    _metadata.previous_active_index = 1;
++    _metadata.active_index = BANK_0;
++    _metadata.previous_active_index = BANK_1;
+ 
+     /* bank 0 is the place where images are located at the
+      * start of device lifecycle */
+@@ -339,6 +345,10 @@ enum fwu_agent_error_t fwu_metadata_provision(void)
+     priv_metadata.boot_index = BANK_0;
+     priv_metadata.boot_attempted = 0;
+ 
++    priv_metadata.fmp_version = FWU_IMAGE_INITIAL_VERSION;
++    priv_metadata.fmp_last_attempt_version = FWU_IMAGE_INITIAL_VERSION;
++    priv_metadata.fmp_last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS;
++
+     ret = private_metadata_write(&priv_metadata);
+     if (ret) {
+         return ret;
+@@ -540,9 +550,25 @@ enum fwu_agent_error_t corstone1000_fwu_flash_image(void)
+                                 &image_bank_offset);
+         switch(image_index) {
+             case IMAGE_ALL:
++
+                 ret = flash_full_capsule(&_metadata, capsule_info.image[i],
+                                          capsule_info.size[i],
+                                          capsule_info.version[i]);
++
++                if (ret != FWU_AGENT_SUCCESS) {
++
++                    priv_metadata.fmp_last_attempt_version = capsule_info.version[i];
++                    priv_metadata.fmp_last_attempt_status = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL;
++
++                    private_metadata_write(&priv_metadata);
++
++                    fmp_set_image_info(&full_capsule_image_guid,
++                            priv_metadata.fmp_version,
++                            priv_metadata.fmp_last_attempt_version,
++                            priv_metadata.fmp_last_attempt_status);
++                }
++
++
+                 break;
+             default:
+                 FWU_LOG_MSG("%s: sent image not recognized\n\r", __func__);
+@@ -866,17 +892,42 @@ enum fwu_agent_error_t corstone1000_fwu_host_ack(void)
+ 
+     current_state = get_fwu_agent_state(&_metadata, &priv_metadata);
+     if (current_state == FWU_AGENT_STATE_REGULAR) {
++
+         ret = FWU_AGENT_SUCCESS; /* nothing to be done */
++
++        fmp_set_image_info(&full_capsule_image_guid,
++                priv_metadata.fmp_version,
++                priv_metadata.fmp_last_attempt_version,
++                priv_metadata.fmp_last_attempt_status);
++
+         goto out;
++
+     } else if (current_state != FWU_AGENT_STATE_TRIAL) {
+         FWU_ASSERT(0);
+     }
+ 
+     if (_metadata.active_index != priv_metadata.boot_index) {
++
+         /* firmware update failed, revert back to previous bank */
++
++        priv_metadata.fmp_last_attempt_version =
++         _metadata.img_entry[IMAGE_0].img_props[_metadata.active_index].version;
++
++        priv_metadata.fmp_last_attempt_status = LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL;
++
+         ret = fwu_select_previous(&_metadata, &priv_metadata);
++
+     } else {
++
+         /* firmware update successful */
++
++        priv_metadata.fmp_version =
++         _metadata.img_entry[IMAGE_0].img_props[_metadata.active_index].version;
++        priv_metadata.fmp_last_attempt_version =
++         _metadata.img_entry[IMAGE_0].img_props[_metadata.active_index].version;
++
++        priv_metadata.fmp_last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS;
++
+         ret = fwu_accept_image(&full_capsule_image_guid, &_metadata,
+                                 &priv_metadata);
+         if (!ret) {
+@@ -886,6 +937,10 @@ enum fwu_agent_error_t corstone1000_fwu_host_ack(void)
+ 
+     if (ret == FWU_AGENT_SUCCESS) {
+         disable_host_ack_timer();
++        fmp_set_image_info(&full_capsule_image_guid,
++                priv_metadata.fmp_version,
++                priv_metadata.fmp_last_attempt_version,
++                priv_metadata.fmp_last_attempt_status);
+     }
+ 
+ out:
+diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h
+index 57b07e8d2c..aa18179024 100644
+--- a/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h
++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/fwu_agent.h
+@@ -30,6 +30,9 @@ enum fwu_agent_error_t {
+                 }                                                              \
+ 
+ 
++/* Version used for the very first image of the device. */
++#define FWU_IMAGE_INITIAL_VERSION 0
++
+ enum fwu_agent_error_t fwu_metadata_provision(void);
+ enum fwu_agent_error_t fwu_metadata_init(void);
+ 
+diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.c b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.c
+new file mode 100644
+index 0000000000..ce576e1794
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.c
+@@ -0,0 +1,240 @@
++/*
++ * Copyright (c) 2022, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#include <string.h>
++#include <stdbool.h>
++#include "cmsis.h"
++#include "uefi_fmp.h"
++
++/* The count will increase when partial update is supported.
++ * At present, only full WIC is considered as updatable image.
++ */
++#define NUMBER_OF_FMP_IMAGES 1
++#define NO_OF_FMP_VARIABLES_PER_IMAGE   6
++
++#define UEFI_ARCHITECTURE_64
++
++#ifdef UEFI_ARCHITECTURE_64
++typedef uint64_t uefi_ptr_t;
++typedef uint64_t efi_uintn_t;
++#else
++typedef uint32_t uefi_ptr_t;
++typedef uint32_t efi_uintn_t;
++#endif
++
++/* Below macro definations and struct declarations taken from UEFI spec 2.9 */
++
++/*
++ * Image Attribute Definitions
++ */
++#define IMAGE_ATTRIBUTE_IMAGE_UPDATABLE            0x00000001
++#define IMAGE_ATTRIBUTE_RESET_REQUIRED             0x00000002
++#define IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED    0x00000004
++#define IMAGE_ATTRIBUTE_IN_USE                     0x00000008
++#define IMAGE_ATTRIBUTE_UEFI_IMAGE                 0x00000010
++#define IMAGE_ATTRIBUTE_DEPENDENCY                 0x00000020
++
++typedef uint32_t DescriptorVersion_t;
++typedef uint32_t DescriptorSize_t;
++typedef uint8_t DescriptorCount_t;
++
++typedef __PACKED_STRUCT {
++    uint8_t ImageIndex;
++    struct efi_guid ImageTypeId;
++    uint64_t ImageId;
++    uefi_ptr_t PtrImageIdName;
++    uint32_t Version;
++    uefi_ptr_t PtrVersionName;
++    efi_uintn_t Size;
++    uint64_t AttributesSupported;
++    uint64_t AttributesSetting;
++    uint64_t Compatibilities;
++    /* Introduced with DescriptorVersion 2+ */
++    uint32_t LowestSupportedImageVersion;
++    /* Introduced with DescriptorVersion 3+ */
++    uint32_t LastAttemptVersion;
++    uint32_t LastAttemptStatus;
++    uint64_t HardwareInstance;
++    /* Introduced with DescriptorVersion 4+ */
++    uefi_ptr_t PtrDependencies;
++} EFI_FIRMWARE_IMAGE_DESCRIPTOR;
++
++typedef __PACKED_STRUCT {
++    DescriptorVersion_t DescriptorVersion;
++    DescriptorSize_t DescriptorsSize;
++    DescriptorCount_t DescriptorCount;
++    EFI_FIRMWARE_IMAGE_DESCRIPTOR ImageDescriptor;
++    uint16_t *ImageName;
++    uint32_t ImageNameSize;
++    uint16_t *ImageVersionName;
++    uint32_t ImageVersionNameSize;
++} EFI_FIRMWARE_MANAGEMENT_PROTOCOL_IMAGE_INFO;
++
++
++static uint16_t corstone_image_name0[] = { 'C', 'O', 'R', 'S', 'T', 'O', 'N', 'E', '1', '0', '0', '0', '_', 'W', 'I', 'C', '\0' };
++static uint16_t corstone_version_name0[] = { 'C', 'O', 'R', 'S', 'T', 'O', 'N', 'E', '1', '0', '0', '0', '_', 'B', 'E', 'S', 'T', '\0'};
++
++static EFI_FIRMWARE_MANAGEMENT_PROTOCOL_IMAGE_INFO fmp_info[NUMBER_OF_FMP_IMAGES];
++
++extern struct efi_guid full_capsule_image_guid;
++
++static bool is_fmp_info_initialized = false;
++
++static void init_fmp_info(void)
++{
++    memset(fmp_info, 0,
++     sizeof(EFI_FIRMWARE_MANAGEMENT_PROTOCOL_IMAGE_INFO) * NUMBER_OF_FMP_IMAGES);
++
++    /* Fill information for the WIC.
++     * Add further details when partial image is supported.
++     */
++
++    fmp_info[0].DescriptorVersion = 4;
++    fmp_info[0].DescriptorCount = NUMBER_OF_FMP_IMAGES;
++    fmp_info[0].DescriptorsSize =
++                 sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR) +
++                 sizeof(corstone_image_name0) + sizeof(corstone_version_name0);
++
++    fmp_info[0].ImageDescriptor.ImageIndex = 1;
++
++    memcpy(&fmp_info[0].ImageDescriptor.ImageTypeId, &full_capsule_image_guid,
++            sizeof(struct efi_guid));
++
++    fmp_info[0].ImageDescriptor.ImageId = 1;
++    fmp_info[0].ImageDescriptor.Version = FWU_IMAGE_INITIAL_VERSION;
++    fmp_info[0].ImageDescriptor.AttributesSupported = 1;
++    fmp_info[0].ImageDescriptor.AttributesSetting = (
++            IMAGE_ATTRIBUTE_IMAGE_UPDATABLE | IMAGE_ATTRIBUTE_RESET_REQUIRED);
++    fmp_info[0].ImageDescriptor.LowestSupportedImageVersion =
++            FWU_IMAGE_INITIAL_VERSION;
++    fmp_info[0].ImageDescriptor.LastAttemptVersion = FWU_IMAGE_INITIAL_VERSION;
++    fmp_info[0].ImageDescriptor.LastAttemptStatus = LAST_ATTEMPT_STATUS_SUCCESS;
++
++    fmp_info[0].ImageName = corstone_image_name0;
++    fmp_info[0].ImageNameSize = sizeof(corstone_image_name0);
++    fmp_info[0].ImageVersionName = corstone_version_name0;
++    fmp_info[0].ImageVersionNameSize = sizeof(corstone_version_name0);
++
++    is_fmp_info_initialized = true;
++
++    return;
++}
++
++enum fwu_agent_error_t fmp_set_image_info(struct efi_guid *guid,
++                     uint32_t current_version, uint32_t attempt_version,
++                     uint32_t last_attempt_status)
++{
++    enum fwu_agent_error_t status = FWU_AGENT_ERROR;
++
++    FWU_LOG_MSG("%s:%d Enter\n\r", __func__, __LINE__);
++
++    if (is_fmp_info_initialized == false) {
++        init_fmp_info();
++    }
++
++    for (int i = 0; i < NUMBER_OF_FMP_IMAGES; i++) {
++        if ((memcmp(guid, &fmp_info[i].ImageDescriptor.ImageTypeId,
++                        sizeof(struct efi_guid))) == 0)
++        {
++            FWU_LOG_MSG("FMP image update: image id = %u\n\r",
++                                    fmp_info[i].ImageDescriptor.ImageId);
++            fmp_info[i].ImageDescriptor.Version = current_version;
++            fmp_info[i].ImageDescriptor.LastAttemptVersion = attempt_version;
++            fmp_info[i].ImageDescriptor.LastAttemptStatus = last_attempt_status;
++            FWU_LOG_MSG("FMP image update: status = %u"
++                            "version=%u last_attempt_version=%u.\n\r",
++                            last_attempt_status, current_version,
++                            attempt_version);
++            status = FWU_AGENT_SUCCESS;
++            break;
++        }
++    }
++
++    FWU_LOG_MSG("%s:%d Exit.\n\r", __func__, __LINE__);
++    return status;
++}
++
++
++#define NO_OF_FMP_VARIABLES    (NUMBER_OF_FMP_IMAGES * NO_OF_FMP_VARIABLES_PER_IMAGE)
++
++static enum fwu_agent_error_t pack_image_info(void *buffer, uint32_t size)
++{
++    typedef __PACKED_STRUCT {
++        uint32_t variable_count;
++        uint32_t variable_size[NO_OF_FMP_VARIABLES];
++        uint8_t variable[];
++    } packed_buffer_t;
++
++    packed_buffer_t *packed_buffer = buffer;
++    int runner = 0;
++    int index = 0;
++    int current_size = sizeof(packed_buffer_t);
++    int size_requirement_1 = 0;
++    int size_requirement_2 = 0;
++
++    if (size < current_size) {
++        FWU_LOG_MSG("%s:%d Buffer too small.\n\r", __func__, __LINE__);
++        return FWU_AGENT_ERROR;
++    }
++
++    packed_buffer->variable_count = NO_OF_FMP_VARIABLES;
++
++    for (int i = 0; i < NUMBER_OF_FMP_IMAGES; i++) {
++
++       packed_buffer->variable_size[index++] = sizeof(DescriptorVersion_t);
++       packed_buffer->variable_size[index++] = sizeof(DescriptorSize_t);
++       packed_buffer->variable_size[index++] = sizeof(DescriptorCount_t);
++       packed_buffer->variable_size[index++] = sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR);
++       packed_buffer->variable_size[index++] = fmp_info[i].ImageNameSize;
++       packed_buffer->variable_size[index++] = fmp_info[i].ImageVersionNameSize;
++
++       size_requirement_1 = sizeof(DescriptorVersion_t) + sizeof(DescriptorSize_t) +
++              sizeof(DescriptorCount_t) + sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR);
++
++       size_requirement_2 = fmp_info[i].ImageNameSize + fmp_info[i].ImageVersionNameSize;
++
++       current_size += size_requirement_1 + size_requirement_2;
++
++       if (size < current_size) {
++           FWU_LOG_MSG("%s:%d Buffer too small.\n\r", __func__, __LINE__);
++           return FWU_AGENT_ERROR;
++       }
++
++       FWU_LOG_MSG("%s:%d ImageInfo size = %u, ImageName size = %u, "
++               "ImageVersionName size = %u\n\r", __func__, __LINE__,
++               sizeof(EFI_FIRMWARE_IMAGE_DESCRIPTOR), fmp_info[i].ImageNameSize,
++               fmp_info[i].ImageVersionNameSize);
++   
++       memcpy(&packed_buffer->variable[runner], &fmp_info[i], size_requirement_1);
++       runner += size_requirement_1;
++   
++       memcpy(&packed_buffer->variable[runner], fmp_info[i].ImageName,
++                                       fmp_info[i].ImageNameSize);
++       runner += fmp_info[i].ImageNameSize;
++   
++       memcpy(&packed_buffer->variable[runner], fmp_info[i].ImageVersionName,
++                                       fmp_info[i].ImageVersionNameSize);
++       runner += fmp_info[i].ImageVersionNameSize;
++
++    }
++
++    return FWU_AGENT_SUCCESS;
++}
++
++enum fwu_agent_error_t fmp_get_image_info(void *buffer, uint32_t size)
++{
++    enum fwu_agent_error_t status;
++
++    FWU_LOG_MSG("%s:%d Enter\n\r", __func__, __LINE__);
++
++    status = pack_image_info(buffer, size);
++
++    FWU_LOG_MSG("%s:%d Exit\n\r", __func__, __LINE__);
++
++    return status;
++}
++
+diff --git a/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.h b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.h
+new file mode 100644
+index 0000000000..d876bd7cff
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/fw_update_agent/uefi_fmp.h
+@@ -0,0 +1,56 @@
++/*
++ * Copyright (c) 2022, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#ifndef UEFI_FMP_H
++#define UEFI_FMP_H
++
++
++#include <stdint.h>
++#include "fwu_agent.h"
++#include "../fip_parser/external/uuid.h"
++
++/*
++ * Last Attempt Status Value
++ */
++
++#define LAST_ATTEMPT_STATUS_SUCCESS                                     0x00000000
++#define LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL                          0x00000001
++#define LAST_ATTEMPT_STATUS_ERROR_INSUFFICIENT_RESOURCES                0x00000002
++#define LAST_ATTEMPT_STATUS_ERROR_INCORRECT_VERSION                     0x00000003
++#define LAST_ATTEMPT_STATUS_ERROR_INVALID_FORMAT                        0x00000004
++#define LAST_ATTEMPT_STATUS_ERROR_AUTH_ERROR                            0x00000005
++#define LAST_ATTEMPT_STATUS_ERROR_PWR_EVT_AC                            0x00000006
++#define LAST_ATTEMPT_STATUS_ERROR_PWR_EVT_BATT                          0x00000007
++#define LAST_ATTEMPT_STATUS_ERROR_UNSATISFIED_DEPENDENCIES              0x00000008
++/* The LastAttemptStatus values of 0x1000 - 0x4000 are reserved for vendor usage. */
++#define LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL_VENDOR_RANGE_MIN         0x00001000
++#define LAST_ATTEMPT_STATUS_ERROR_UNSUCCESSFUL_VENDOR_RANGE_MAX         0x00004000
++
++
++
++/*
++ * Updates FMP information for the image matched by guid.
++ *
++ * guid : guid of the image
++ * current_version: current versions for the image
++ * attempt_version: attempted versions for the image
++ *
++ */
++enum fwu_agent_error_t fmp_set_image_info(struct efi_guid *guid,
++                     uint32_t current_version, uint32_t attempt_version,
++                     uint32_t last_attempt_status);
++
++/*
++ * Return fmp image information for all the updable images.
++ *
++ * buffer : pointer to the out buffer
++ * size : size of the buffer
++ *
++ */
++enum fwu_agent_error_t fmp_get_image_info(void *buffer, uint32_t size);
++
++#endif /* UEFI_FMP_H */
+diff --git a/platform/ext/target/arm/corstone1000/services/include/corstone1000_ioctl_requests.h b/platform/ext/target/arm/corstone1000/services/include/corstone1000_ioctl_requests.h
+index 8ac67346b6..c5f3537e9d 100644
+--- a/platform/ext/target/arm/corstone1000/services/include/corstone1000_ioctl_requests.h
++++ b/platform/ext/target/arm/corstone1000/services/include/corstone1000_ioctl_requests.h
+@@ -14,19 +14,7 @@
+ enum corstone1000_ioctl_id_t {
+    IOCTL_CORSTONE1000_FWU_FLASH_IMAGES = 0,
+    IOCTL_CORSTONE1000_FWU_HOST_ACK,
++   IOCTL_CORSTONE1000_FMP_GET_IMAGE_INFO,
+ };
+ 
+-
+-typedef struct corstone1000_ioctl_in_params {
+-
+-    uint32_t ioctl_id;
+-
+-} corstone1000_ioctl_in_params_t;
+-
+-typedef struct corstone1000_ioctl_out_params {
+-
+-    int32_t result;
+-
+-} corstone1000_ioctl_out_params_t;
+-
+ #endif /* CORSTONE1000_IOCTL_REQUESTS_H */
+diff --git a/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c b/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c
+index 5b3f3e14a2..41305ed966 100644
+--- a/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c
++++ b/platform/ext/target/arm/corstone1000/services/src/tfm_platform_system.c
+@@ -9,6 +9,7 @@
+ #include "platform_description.h"
+ #include "corstone1000_ioctl_requests.h"
+ #include "fwu_agent.h"
++#include "uefi_fmp.h"
+ 
+ void tfm_platform_hal_system_reset(void)
+ {
+@@ -36,6 +37,14 @@ enum tfm_platform_err_t tfm_platform_hal_ioctl(tfm_platform_ioctl_req_t request,
+             corstone1000_fwu_host_ack();
+             break;
+ 
++        case IOCTL_CORSTONE1000_FMP_GET_IMAGE_INFO:
++            if (out_vec == NULL) {
++                ret = TFM_PLATFORM_ERR_INVALID_PARAM;
++                break;
++            }
++            fmp_get_image_info(out_vec[0].base, out_vec[0].len);
++            break;
++
+         default:
+             ret = TFM_PLATFORM_ERR_NOT_SUPPORTED;
+             break;
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0006-corstone1000-remove-two-partition-configuration.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0006-corstone1000-remove-two-partition-configuration.patch
new file mode 100644
index 0000000..ade2c8c
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/corstone1000/0006-corstone1000-remove-two-partition-configuration.patch
@@ -0,0 +1,51 @@
+From 492c887c8dff97ea1b8a11b4e729620d3744ac38 Mon Sep 17 00:00:00 2001
+From: Satish Kumar <satish.kumar01@arm.com>
+Date: Mon, 30 May 2022 12:38:23 +0100
+Subject: [PATCH 6/6] corstone1000: remove two partition configuration
+
+Previously to run tf-m test, a larger partition was created
+which allowed all default test binaries to be included.
+The patch revert the change because any partition might
+not be enough to hold all test binaries in the future.
+So its better to run few test at a time instead of creating
+a larger partition.
+
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+Change-Id: I223fe45f2de014dbcadc6ac12c321c524701116a
+Upstream-Status: Accepted [TF-Mv1.7.0]
+---
+ platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt       | 1 -
+ platform/ext/target/arm/corstone1000/partition/flash_layout.h | 4 ----
+ 2 files changed, 5 deletions(-)
+
+diff --git a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt
+index d39c5ae91d..f1ae1ebd47 100644
+--- a/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt
++++ b/platform/ext/target/arm/corstone1000/bl1/CMakeLists.txt
+@@ -291,7 +291,6 @@ target_compile_definitions(signing_layout_for_bl2
+     PRIVATE
+         MCUBOOT_IMAGE_NUMBER=${BL1_IMAGE_NUMBER}
+         BL1
+-        $<$<BOOL:${TFM_S_REG_TEST}>:TFM_S_REG_TEST>
+ )
+ 
+ target_include_directories(signing_layout_for_bl2
+diff --git a/platform/ext/target/arm/corstone1000/partition/flash_layout.h b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
+index b0319bb319..50a0a11fc8 100644
+--- a/platform/ext/target/arm/corstone1000/partition/flash_layout.h
++++ b/platform/ext/target/arm/corstone1000/partition/flash_layout.h
+@@ -119,11 +119,7 @@
+  *
+  */
+ #define SE_BL2_PARTITION_SIZE           (0x19000)    /* 100 KB */
+-#ifdef TFM_S_REG_TEST
+-#define TFM_PARTITION_SIZE              (0x61C00)    /* 391 KB */
+-#else
+ #define TFM_PARTITION_SIZE              (0x5E000)    /* 376 KB */
+-#endif
+ #define FIP_PARTITION_SIZE              (0x200000)   /* 2 MB */
+ #define KERNEL_PARTITION_SIZE           (0xC00000)   /* 12 MB */
+ 
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
index dc57eac..341a594 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
@@ -11,22 +11,6 @@
 EXTRA_OECMAKE += "-DPLATFORM_IS_FVP=${TFM_PLATFORM_IS_FVP}"
 EXTRA_OECMAKE += "-DCC312_LEGACY_DRIVER_API_ENABLED=OFF"
 
-SRCBRANCH_tfm = "master"
-SRC_URI  = "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https;branch=${SRCBRANCH_tfm};name=tfm;destsuffix=git/tfm \
-            git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https;branch=master;name=tfm-tests;destsuffix=git/tf-m-tests \
-            git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=master;name=mbedtls;destsuffix=git/mbedtls \
-            git://github.com/mcu-tools/mcuboot.git;protocol=https;branch=main;name=mcuboot;destsuffix=git/mcuboot \
-            "
-
-# Bumping the SHA of TFM is required as multiple changes are needed in the TFM to support the ESRT 
-# The most crucial change needed is TFM support for UEFI FMP Image Information 
-SRCREV_tfm = "b065a6b28cc6c692b99e4f7e9387d96f51bf4d07"
-SRCREV_mbedtls = "869298bffeea13b205343361b7a7daf2b210e33d"
-SRCREV_mcuboot = "c657cbea75f2bb1faf1fceacf972a0537a8d26dd"
-SRCREV_tfm-tests = "3e6c52b4b255e4b1343ba6a257a77fa7a976e8fb"
-PV .= "+git${SRCPV}"
-SRCREV_FORMAT ?= "tfm"
-
 # libmetal
 LICENSE += "& BSD-3-Clause"
 LIC_FILES_CHKSUM += "file://../libmetal/LICENSE.md;md5=fe0b8a4beea8f0813b606d15a3df3d3c"
@@ -41,16 +25,16 @@
 SRCREV_openamp = "347397decaa43372fc4d00f965640ebde042966d"
 EXTRA_OECMAKE += "-DLIBOPENAMP_SRC_PATH=${S}/../openamp -DLIBOPENAMP_BIN_PATH=${B}/libopenamp-build"
 
-# Secure Debug ADAC
-LICENSE += "& BSD-3-Clause"
-LIC_FILES_CHKSUM += "file://../psa-adac/license.rst;md5=07f368487da347f3c7bd0fc3085f3afa"
-SRC_URI += "git://git.trustedfirmware.org/shared/psa-adac.git;protocol=https;branch=master;name=psa-adac;destsuffix=git/psa-adac"
-SRCREV_psa-adac = "427923cc0152578d536fb2065154d5d0dd874910"
-# Secure debug is disabled by default
-EXTRA_OECMAKE += "-DPLATFORM_PSA_ADAC_SECURE_DEBUG=OFF"
-EXTRA_OECMAKE += "-DPLATFORM_PSA_ADAC_SOURCE_PATH=${S}/../psa-adac -DPLATFORM_PSA_ADAC_BUILD_PATH=${B}/libpsa-adac-build"
-
-DEPENDS += "trusted-firmware-a"
+# Apply the necessary changes for supporting FMP image info
+FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:"
+SRC_URI:append:corstone1000 = " \
+        file://0001-corstone1000-platform-secure-test-framework.patch             \
+        file://0002-corstone1000-make-external-system-support-optional.patch      \
+        file://0003-corstone1000-enable-secure-enclave-run-without-host-.patch    \
+        file://0004-Platform-Partition-Allow-configuration-of-input-and-.patch    \
+        file://0005-corstone1000-support-for-UEFI-FMP-image-Information.patch     \
+        file://0006-corstone1000-remove-two-partition-configuration.patch         \
+      "
 
 do_install() {
   install -D -p -m 0644 ${B}/install/outputs/tfm_s_signed.bin ${D}/firmware/tfm_s_signed.bin
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0025-perf-arm-cmn-Support-new-IP-features.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0025-perf-arm-cmn-Support-new-IP-features.patch
index fc9e583..8c3c7c1 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0025-perf-arm-cmn-Support-new-IP-features.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm64-ack-5.15/tc/0025-perf-arm-cmn-Support-new-IP-features.patch
@@ -13,7 +13,8 @@
 Signed-off-by: Robin Murphy <robin.murphy@arm.com>
 Link: https://lore.kernel.org/r/e58b495bcc7deec3882be4bac910ed0bf6979674.1638530442.git.robin.murphy@arm.com
 Signed-off-by: Will Deacon <will@kernel.org>
-Upstream-Status = Backport [https://lore.kernel.org/r/e58b495bcc7deec3882be4bac910ed0bf6979674.1638530442.git.robin.murphy@arm.com]
+
+Upstream-Status: Backport [https://lore.kernel.org/r/e58b495bcc7deec3882be4bac910ed0bf6979674.1638530442.git.robin.murphy@arm.com]
 Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
 Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
 ---
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0005-plat-n1sdp-register-DRAM1-to-optee-os.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0005-plat-n1sdp-register-DRAM1-to-optee-os.patch
new file mode 100644
index 0000000..d9e20f8
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/n1sdp/0005-plat-n1sdp-register-DRAM1-to-optee-os.patch
@@ -0,0 +1,52 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+
+From 2eb1da30564428551ca687d456d848129105abac Mon Sep 17 00:00:00 2001
+From: Vishnu Banavath <vishnu.banavath@arm.com>
+Date: Tue, 25 Oct 2022 19:08:49 +0100
+Subject: [PATCH] plat-n1sdp: register DRAM1 to optee-os
+
+N1SDP supports two DRAM's. This change is to add 2nd DRAM
+starting at 0x8080000000 address.
+
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+
+diff --git a/core/arch/arm/plat-n1sdp/conf.mk b/core/arch/arm/plat-n1sdp/conf.mk
+index 06b4975a..5374e406 100644
+--- a/core/arch/arm/plat-n1sdp/conf.mk
++++ b/core/arch/arm/plat-n1sdp/conf.mk
+@@ -38,4 +38,4 @@ CFG_SHMEM_START  ?= 0x83000000
+ CFG_SHMEM_SIZE   ?= 0x00210000
+ # DRAM1 is defined above 4G
+ $(call force,CFG_CORE_LARGE_PHYS_ADDR,y)
+-$(call force,CFG_CORE_ARM64_PA_BITS,36)
++$(call force,CFG_CORE_ARM64_PA_BITS,42)
+diff --git a/core/arch/arm/plat-n1sdp/main.c b/core/arch/arm/plat-n1sdp/main.c
+index cfb7f19b..bb951ce6 100644
+--- a/core/arch/arm/plat-n1sdp/main.c
++++ b/core/arch/arm/plat-n1sdp/main.c
+@@ -33,6 +33,7 @@ static struct pl011_data console_data __nex_bss;
+ register_phys_mem_pgdir(MEM_AREA_IO_SEC, CONSOLE_UART_BASE, PL011_REG_SIZE);
+ 
+ register_ddr(DRAM0_BASE, DRAM0_SIZE);
++register_ddr(DRAM1_BASE, DRAM1_SIZE);
+ 
+ register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICD_BASE, GIC_DIST_REG_SIZE);
+ register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICC_BASE, GIC_DIST_REG_SIZE);
+diff --git a/core/arch/arm/plat-n1sdp/platform_config.h b/core/arch/arm/plat-n1sdp/platform_config.h
+index 81b99409..bf0a3c83 100644
+--- a/core/arch/arm/plat-n1sdp/platform_config.h
++++ b/core/arch/arm/plat-n1sdp/platform_config.h
+@@ -35,6 +35,9 @@
+ #define DRAM0_BASE		0x80000000
+ #define DRAM0_SIZE		0x80000000
+ 
++#define DRAM1_BASE		0x8080000000ULL
++#define DRAM1_SIZE		0x80000000ULL
++
+ #define GICD_BASE		0x30000000
+ #define GICC_BASE		0x2C000000
+ #define GICR_BASE		0x300C0000
+-- 
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-generic-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-generic-n1sdp.inc
new file mode 100644
index 0000000..c090834
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-generic-n1sdp.inc
@@ -0,0 +1,2 @@
+COMPATIBLE_MACHINE:n1sdp = "n1sdp"
+OPTEEMACHINE:n1sdp = "n1sdp"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc
index 219f08b..2719e4c 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc
@@ -1,7 +1,6 @@
 # N1 SDP specific configuration for optee-os
 
-COMPATIBLE_MACHINE:n1sdp = "n1sdp"
-OPTEEMACHINE:n1sdp = "n1sdp"
+require optee-os-generic-n1sdp.inc
 
 TS_INSTALL_PREFIX_PATH = "${RECIPE_SYSROOT}/firmware/sp/opteesp"
 
@@ -11,6 +10,7 @@
     file://0002-plat-n1sdp-add-N1SDP-platform-support.patch \
     file://0003-HACK-disable-instruction-cache-and-data-cache.patch \
     file://0004-Handle-logging-syscall.patch \
+    file://0005-plat-n1sdp-register-DRAM1-to-optee-os.patch \
     "
 
 EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bbappend
index 6a22d47..9a21083 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bbappend
@@ -2,5 +2,6 @@
 
 MACHINE_OPTEE_OS_TADEVKIT_REQUIRE ?= ""
 MACHINE_OPTEE_OS_TADEVKIT_REQUIRE:tc = "optee-os-generic-tc.inc"
+MACHINE_OPTEE_OS_TADEVKIT_REQUIRE:n1sdp = "optee-os-n1sdp.inc"
 
 require ${MACHINE_OPTEE_OS_TADEVKIT_REQUIRE}
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.18.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.18.0.bbappend
index 490b350..9318a07 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.18.0.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.18.0.bbappend
@@ -2,5 +2,6 @@
 
 MACHINE_OPTEE_TEST_REQUIRE ?= ""
 MACHINE_OPTEE_TEST_REQUIRE:tc = "optee-test-tc.inc"
+MACHINE_OPTEE_TEST_REQUIRE:n1sdp = "optee-os-generic-n1sdp.inc"
 
 require ${MACHINE_OPTEE_TEST_REQUIRE}
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
index 0fdb254..9ab1157 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
@@ -1,9 +1,11 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
+
 From a1da63a8c4d55d52321608a72129af49e0a498b2 Mon Sep 17 00:00:00 2001
 From: Satish Kumar <satish.kumar01@arm.com>
 Date: Mon, 14 Feb 2022 08:22:25 +0000
 Subject: [PATCH 18/19] Fixes in AEAD for psa-arch test 54 and 58.
 
-Upstream-Status: Pending
 Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
 Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
 ---
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch
new file mode 100644
index 0000000..79429c7
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch
@@ -0,0 +1,417 @@
+From 6430bf31a25a1ef67e9141f85dbd070feb0d1a1e Mon Sep 17 00:00:00 2001
+From: Satish Kumar <satish.kumar01@arm.com>
+Date: Fri, 8 Jul 2022 09:48:06 +0100
+Subject: [PATCH] FMP Support in Corstone1000.
+
+The FMP support is used by u-boot to pupolate ESRT information
+for the kernel.
+
+The solution is platform specific and needs to be revisted.
+
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+
+Upstream-Status: Inappropriate [The solution is platform specific and needs to be revisted]
+---
+ .../provider/capsule_update_provider.c        |   5 +
+ .../capsule_update/provider/component.cmake   |   1 +
+ .../provider/corstone1000_fmp_service.c       | 307 ++++++++++++++++++
+ .../provider/corstone1000_fmp_service.h       |  26 ++
+ 4 files changed, 339 insertions(+)
+ create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.c
+ create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.h
+
+diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
+index 9bbd7abc..871d6bcf 100644
+--- a/components/service/capsule_update/provider/capsule_update_provider.c
++++ b/components/service/capsule_update/provider/capsule_update_provider.c
+@@ -11,6 +11,7 @@
+ #include <protocols/service/capsule_update/capsule_update_proto.h>
+ #include <protocols/rpc/common/packed-c/status.h>
+ #include "capsule_update_provider.h"
++#include "corstone1000_fmp_service.h"
+ 
+ 
+ #define CAPSULE_UPDATE_REQUEST (0x1)
+@@ -47,6 +48,8 @@ struct rpc_interface *capsule_update_provider_init(
+ 		rpc_interface = service_provider_get_rpc_interface(&context->base_provider);
+ 	}
+ 
++	provision_fmp_variables_metadata(context->client.caller);
++
+ 	return rpc_interface;
+ }
+ 
+@@ -85,6 +88,7 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
+ 		}
+ 		psa_call(caller,handle, PSA_IPC_CALL,
+ 			in_vec,IOVEC_LEN(in_vec), NULL, 0);
++		set_fmp_image_info(caller, handle);
+ 		break;
+ 
+ 		case KERNEL_STARTED_EVENT:
+@@ -99,6 +103,7 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
+ 		}
+ 		psa_call(caller,handle, PSA_IPC_CALL,
+ 			in_vec,IOVEC_LEN(in_vec), NULL, 0);
++		set_fmp_image_info(caller, handle);
+ 		break;
+ 		default:
+ 			EMSG("%s unsupported opcode", __func__);
+diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake
+index 1d412eb2..6b060149 100644
+--- a/components/service/capsule_update/provider/component.cmake
++++ b/components/service/capsule_update/provider/component.cmake
+@@ -10,4 +10,5 @@ endif()
+ 
+ target_sources(${TGT} PRIVATE
+ 	"${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c"
++	"${CMAKE_CURRENT_LIST_DIR}/corstone1000_fmp_service.c"
+ 	)
+diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
+new file mode 100644
+index 00000000..6a7a47a7
+--- /dev/null
++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
+@@ -0,0 +1,307 @@
++/*
++ * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#include "corstone1000_fmp_service.h"
++#include <psa/client.h>
++#include <psa/sid.h>
++#include <psa/storage_common.h>
++#include <trace.h>
++
++#include <service/smm_variable/backend/variable_index.h>
++
++#define VARIABLE_INDEX_STORAGE_UID			(0x787)
++
++/**
++ * Variable attributes
++ */
++#define	EFI_VARIABLE_NON_VOLATILE				(0x00000001)
++#define	EFI_VARIABLE_BOOTSERVICE_ACCESS				(0x00000002)
++#define	EFI_VARIABLE_RUNTIME_ACCESS				(0x00000004)
++#define	EFI_VARIABLE_HARDWARE_ERROR_RECORD			(0x00000008)
++#define	EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS			(0x00000010)
++#define	EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS	(0x00000020)
++#define	EFI_VARIABLE_APPEND_WRITE				(0x00000040)
++#define	EFI_VARIABLE_MASK \
++	(EFI_VARIABLE_NON_VOLATILE | \
++	 EFI_VARIABLE_BOOTSERVICE_ACCESS | \
++	 EFI_VARIABLE_RUNTIME_ACCESS | \
++	 EFI_VARIABLE_HARDWARE_ERROR_RECORD | \
++	 EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \
++	 EFI_VARIABLE_APPEND_WRITE)
++
++#define FMP_VARIABLES_COUNT	6
++
++static struct variable_metadata fmp_variables_metadata[FMP_VARIABLES_COUNT] = {
++    {
++	{ 0x86c77a67, 0x0b97, 0x4633, \
++		{ 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
++	/* name size = (variable_name + \0) * sizeof(u16) */
++	.name_size = 42, { 'F', 'm', 'p', 'D', 'e', 's', 'c', 'r', 'i', 'p', 't', 'o', 'r', 'V', 'e', 'r', 's', 'i', 'o', 'n' },
++	.attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
++    },
++    {
++	{ 0x86c77a67, 0x0b97, 0x4633, \
++		{ 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
++	/* name size = (variable_name + \0) * sizeof(u16) */
++	.name_size = 34, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'I', 'n', 'f', 'o', 'S', 'i', 'z', 'e' },
++	.attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
++    },
++    {
++	{ 0x86c77a67, 0x0b97, 0x4633, \
++		{ 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
++	/* name size = (variable_name + \0) * sizeof(u16) */
++	.name_size = 38, { 'F', 'm', 'p', 'D', 'e', 's', 'c', 'r', 'i', 'p', 't', 'o', 'r', 'C', 'o', 'u', 'n', 't' },
++	.attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
++    },
++    {
++	{ 0x86c77a67, 0x0b97, 0x4633, \
++		{ 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
++	/* name size = (variable_name + \0) * sizeof(u16) */
++	.name_size = 26, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'I', 'n', 'f', 'o' },
++	.attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
++    },
++    {
++	{ 0x86c77a67, 0x0b97, 0x4633, \
++		{ 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
++	/* name size = (variable_name + \0) * sizeof(u16) */
++	.name_size = 28, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'N', 'a', 'm', 'e', '1' },
++	.attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
++    },
++    {
++	{ 0x86c77a67, 0x0b97, 0x4633, \
++		{ 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
++	/* name size = (variable_name + \0) * sizeof(u16) */
++	.name_size = 32, { 'F', 'm', 'p', 'V', 'e', 'r', 's', 'i', 'o', 'n',  'N', 'a', 'm', 'e', '1' },
++	.attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
++    },
++};
++
++static psa_status_t protected_storage_set(struct rpc_caller *caller,
++	psa_storage_uid_t uid, size_t data_length, const void *p_data)
++{
++	psa_status_t psa_status;
++	psa_storage_create_flags_t create_flags = PSA_STORAGE_FLAG_NONE;
++
++	struct psa_invec in_vec[] = {
++		{ .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
++		{ .base = psa_ptr_const_to_u32(p_data), .len = data_length },
++		{ .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) },
++	};
++
++	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_ITS_SET,
++			      in_vec, IOVEC_LEN(in_vec), NULL, 0);
++	if (psa_status < 0)
++		EMSG("ipc_set: psa_call failed: %d", psa_status);
++
++	return psa_status;
++}
++
++static psa_status_t protected_storage_get(struct rpc_caller *caller,
++	psa_storage_uid_t uid, size_t data_size, void *p_data)
++{
++	psa_status_t psa_status;
++	uint32_t offset = 0;
++
++	struct psa_invec in_vec[] = {
++		{ .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
++		{ .base = psa_ptr_to_u32(&offset), .len = sizeof(offset) },
++	};
++
++	struct psa_outvec out_vec[] = {
++		{ .base = psa_ptr_to_u32(p_data), .len = data_size },
++	};
++
++	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
++			      TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec),
++			      out_vec, IOVEC_LEN(out_vec));
++
++	if (psa_status == PSA_SUCCESS && out_vec[0].len != data_size) {
++	    EMSG("Return size does not match with expected size.");
++	    return PSA_ERROR_BUFFER_TOO_SMALL;
++	}
++
++	return psa_status;
++}	
++
++static uint64_t name_hash(EFI_GUID *guid, size_t name_size,
++	const int16_t *name)
++{
++	/* Using djb2 hash by Dan Bernstein */
++	uint64_t hash = 5381;
++
++	/* Calculate hash over GUID */
++	hash = ((hash << 5) + hash) + guid->Data1;
++	hash = ((hash << 5) + hash) + guid->Data2;
++	hash = ((hash << 5) + hash) + guid->Data3;
++
++	for (int i = 0; i < 8; ++i) {
++
++		hash = ((hash << 5) + hash) + guid->Data4[i];
++	}   
++
++	/* Extend to cover name up to but not including null terminator */
++	for (int i = 0; i < name_size / sizeof(int16_t); ++i) {
++
++		if (!name[i]) break;
++		hash = ((hash << 5) + hash) + name[i];
++	}
++
++	return hash;
++}
++
++
++static void initialize_metadata(void)
++{
++    for (int i = 0; i < FMP_VARIABLES_COUNT; i++) {
++
++	fmp_variables_metadata[i].uid = name_hash(
++					&fmp_variables_metadata[i].guid,
++					fmp_variables_metadata[i].name_size,
++					fmp_variables_metadata[i].name);
++    }
++}
++
++
++void provision_fmp_variables_metadata(struct rpc_caller *caller)
++{
++    struct variable_metadata metadata;
++    psa_status_t status;
++    uint32_t dummy_values = 0xDEAD;
++
++    EMSG("Provisioning FMP metadata.");
++
++    initialize_metadata();
++
++    status = protected_storage_get(caller, VARIABLE_INDEX_STORAGE_UID,
++		sizeof(struct variable_metadata), &metadata);
++
++    if (status == PSA_SUCCESS) {
++	EMSG("UEFI variables store is already provisioned.");
++	return;
++    }
++
++    /* Provision FMP variables with dummy values. */
++    for (int i = 0; i < FMP_VARIABLES_COUNT; i++) {
++	protected_storage_set(caller, fmp_variables_metadata[i].uid,
++				sizeof(dummy_values), &dummy_values);
++    }
++
++    status = protected_storage_set(caller, VARIABLE_INDEX_STORAGE_UID,
++		    sizeof(struct variable_metadata) * FMP_VARIABLES_COUNT,
++		    fmp_variables_metadata);
++
++    if (status != EFI_SUCCESS) {
++	return;
++    }
++
++    EMSG("FMP metadata is provisioned");
++}
++
++typedef struct {
++    void *base;
++    int len;
++} variable_data_t;
++
++static variable_data_t fmp_variables_data[FMP_VARIABLES_COUNT];
++
++#define IMAGE_INFO_BUFFER_SIZE	256
++static char image_info_buffer[IMAGE_INFO_BUFFER_SIZE];
++#define IOCTL_CORSTONE1000_FMP_IMAGE_INFO	2
++
++static psa_status_t unpack_image_info(void *buffer, uint32_t size)
++{
++    typedef struct __attribute__ ((__packed__)) {
++	uint32_t variable_count;
++	uint32_t variable_size[FMP_VARIABLES_COUNT];
++	uint8_t variable[];
++    } packed_buffer_t;
++
++    packed_buffer_t *packed_buffer = buffer;
++    int runner = 0;
++
++    if (packed_buffer->variable_count != FMP_VARIABLES_COUNT) {
++	EMSG("Expected fmp varaibles = %u, but received = %u",
++		FMP_VARIABLES_COUNT, packed_buffer->variable_count);
++	return PSA_ERROR_PROGRAMMER_ERROR;
++    }
++
++    for (int i = 0; i < packed_buffer->variable_count; i++) {
++	EMSG("FMP variable %d : size %u", i, packed_buffer->variable_size[i]);
++	fmp_variables_data[i].base = &packed_buffer->variable[runner];
++	fmp_variables_data[i].len= packed_buffer->variable_size[i];
++	runner += packed_buffer->variable_size[i];
++    }
++
++    return PSA_SUCCESS;
++}
++
++static psa_status_t get_image_info(struct rpc_caller *caller,
++			   psa_handle_t platform_service_handle)
++{
++    psa_status_t status;
++    psa_handle_t handle;
++    uint32_t ioctl_id = IOCTL_CORSTONE1000_FMP_IMAGE_INFO;
++
++    struct psa_invec in_vec[] = {
++	{ .base = &ioctl_id, .len = sizeof(ioctl_id) },
++    };
++
++    struct psa_outvec out_vec[] = {
++	{ .base = image_info_buffer, .len = IMAGE_INFO_BUFFER_SIZE },
++    };
++
++    memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE);
++
++    psa_call(caller, platform_service_handle, PSA_IPC_CALL,
++	     in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
++
++    status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE);
++    if (status != PSA_SUCCESS) {
++	return status;
++    }
++
++    return PSA_SUCCESS;
++}
++
++static psa_status_t set_image_info(struct rpc_caller *caller)
++{
++    psa_status_t status;
++
++    for (int i = 0; i < FMP_VARIABLES_COUNT; i++) {
++	
++	status = protected_storage_set(caller,
++			fmp_variables_metadata[i].uid,
++			fmp_variables_data[i].len, fmp_variables_data[i].base);
++
++	if (status != PSA_SUCCESS) {
++
++            EMSG("FMP variable %d set unsuccessful", i);
++	    return status;
++	}
++
++        EMSG("FMP variable %d set success", i);
++    }
++
++    return PSA_SUCCESS;
++}
++
++void set_fmp_image_info(struct rpc_caller *caller,
++			psa_handle_t platform_service_handle)
++{
++    psa_status_t status;
++
++    status = get_image_info(caller, platform_service_handle);
++    if (status != PSA_SUCCESS) {
++	return;
++    }
++
++    status = set_image_info(caller);
++    if (status != PSA_SUCCESS) {
++	return;
++    }
++
++    return;
++}
+diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h
+new file mode 100644
+index 00000000..95fba2a0
+--- /dev/null
++++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h
+@@ -0,0 +1,26 @@
++/*
++ * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ */
++
++#ifndef CORSTONE1000_FMP_SERVICE_H
++#define CORSTONE1000_FMP_SERVICE_H
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++#include <rpc_caller.h>
++#include <psa/client.h>
++
++void provision_fmp_variables_metadata(struct rpc_caller *caller);
++
++void set_fmp_image_info(struct rpc_caller *caller,
++		psa_handle_t platform_service_handle);
++
++#ifdef __cplusplus
++} /* extern "C" */
++#endif
++
++#endif /* CORSTONE1000_FMP_SERVICE_H */
+-- 
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch
new file mode 100644
index 0000000..c728956
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/ts-psa-crypto-api-test/0001-corstone1000-port-crypto-config.patch
@@ -0,0 +1,230 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
+
+From c1bcab09bb5b73e0f7131d9433f5e23c3943f007 Mon Sep 17 00:00:00 2001
+From: Satish Kumar <satish.kumar01@arm.com>
+Date: Sat, 11 Dec 2021 11:06:57 +0000
+Subject: [PATCH] corstone1000: port crypto config
+
+
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+
+%% original patch: 0002-corstone1000-port-crypto-config.patch
+
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ .../nspe/pal_crypto_config.h                  | 81 +++++++++++++++----
+ 1 file changed, 65 insertions(+), 16 deletions(-)
+
+diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
+index 218a94c69502..c6d4aadd8476 100755
+--- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
++++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
+@@ -34,10 +34,14 @@
+  *
+  * Comment macros to disable the types
+  */
++#ifndef TF_M_PROFILE_SMALL
++#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_RSA
+ #define ARCH_TEST_RSA_1024
+ #define ARCH_TEST_RSA_2048
+ #define ARCH_TEST_RSA_3072
++#endif
++#endif
+ 
+ /**
+  * \def  ARCH_TEST_ECC
+@@ -50,11 +54,17 @@
+  * Requires: ARCH_TEST_ECC
+  * Comment macros to disable the curve
+  */
++#ifndef TF_M_PROFILE_SMALL
+ #define ARCH_TEST_ECC
+ #define ARCH_TEST_ECC_CURVE_SECP192R1
++#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_ECC_CURVE_SECP224R1
++#endif
+ #define ARCH_TEST_ECC_CURVE_SECP256R1
++#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_ECC_CURVE_SECP384R1
++#endif
++#endif
+ 
+ /**
+  * \def ARCH_TEST_AES
+@@ -78,10 +88,10 @@
+  *
+  * Comment macros to disable the types
+  */
+-#define ARCH_TEST_DES
+-#define ARCH_TEST_DES_1KEY
+-#define ARCH_TEST_DES_2KEY
+-#define ARCH_TEST_DES_3KEY
++//#define ARCH_TEST_DES
++//#define ARCH_TEST_DES_1KEY
++//#define ARCH_TEST_DES_2KEY
++//#define ARCH_TEST_DES_3KEY
+ 
+ /**
+  * \def  ARCH_TEST_RAW
+@@ -104,7 +114,7 @@
+  *
+  * Enable the ARC4 key type.
+  */
+-#define ARCH_TEST_ARC4
++//#define ARCH_TEST_ARC4
+ 
+ /**
+  * \def ARCH_TEST_CIPHER_MODE_CTR
+@@ -113,7 +123,11 @@
+  *
+  * Requires: ARCH_TEST_CIPHER
+  */
++#ifndef TF_M_PROFILE_SMALL
++#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_CIPHER_MODE_CTR
++#endif
++#endif
+ 
+ /**
+  * \def ARCH_TEST_CIPHER_MODE_CFB
+@@ -138,7 +152,11 @@
+  *
+  * Requires: ARCH_TEST_CIPHER, ARCH_TEST_AES, ARCH_TEST_CIPHER_MODE_CTR
+  */
++#ifndef TF_M_PROFILE_SMALL
++#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_CTR_AES
++#endif
++#endif
+ 
+ /**
+  * \def ARCH_TEST_CBC_AES
+@@ -157,7 +175,11 @@
+  *
+  * Comment macros to disable the types
+  */
++#ifndef TF_M_PROFILE_SMALL
++#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_CBC_NO_PADDING
++#endif
++#endif
+ 
+ /**
+  * \def ARCH_TEST_CFB_AES
+@@ -177,11 +199,15 @@
+  *
+  * Comment macros to disable the types
+  */
++#ifndef TF_M_PROFILE_SMALL
++#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_PKCS1V15
+ #define ARCH_TEST_RSA_PKCS1V15_SIGN
+ #define ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+ #define ARCH_TEST_RSA_PKCS1V15_CRYPT
+ #define ARCH_TEST_RSA_OAEP
++#endif
++#endif
+ 
+ /**
+  * \def ARCH_TEST_CBC_PKCS7
+@@ -190,7 +216,11 @@
+  *
+  * Comment macros to disable the types
+  */
++#ifndef TF_M_PROFILE_SMALL
++#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_CBC_PKCS7
++#endif
++#endif
+ 
+ /**
+  * \def ARCH_TEST_ASYMMETRIC_ENCRYPTION
+@@ -227,21 +257,27 @@
+  *
+  * Comment macros to disable the types
+  */
+-// #define ARCH_TEST_MD2
+-// #define ARCH_TEST_MD4
+-#define ARCH_TEST_MD5
+-#define ARCH_TEST_RIPEMD160
+-#define ARCH_TEST_SHA1
++//#define ARCH_TEST_MD2
++//#define ARCH_TEST_MD4
++//#define ARCH_TEST_MD5
++//#define ARCH_TEST_RIPEMD160
++//#define ARCH_TEST_SHA1
++#ifndef TF_M_PROFILE_SMALL
+ #define ARCH_TEST_SHA224
++#endif
+ #define ARCH_TEST_SHA256
++#ifndef TF_M_PROFILE_SMALL
++#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_SHA384
+ #define ARCH_TEST_SHA512
+-// #define ARCH_TEST_SHA512_224
+-// #define ARCH_TEST_SHA512_256
+-// #define ARCH_TEST_SHA3_224
+-// #define ARCH_TEST_SHA3_256
+-// #define ARCH_TEST_SHA3_384
+-// #define ARCH_TEST_SHA3_512
++#endif
++#endif
++//#define ARCH_TEST_SHA512_224
++//#define ARCH_TEST_SHA512_256
++//#define ARCH_TEST_SHA3_224
++//#define ARCH_TEST_SHA3_256
++//#define ARCH_TEST_SHA3_384
++//#define ARCH_TEST_SHA3_512
+ 
+ /**
+  * \def ARCH_TEST_HKDF
+@@ -270,7 +306,12 @@
+  *
+  * Comment macros to disable the types
+  */
++#ifndef TF_M_PROFILE_SMALL
++#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_CMAC
++#endif
++#endif
++//#define ARCH_TEST_GMAC
+ #define ARCH_TEST_HMAC
+ 
+ /**
+@@ -290,7 +331,11 @@
+  * Requires: ARCH_TEST_AES
+  *
+  */
++#ifndef TF_M_PROFILE_SMALL
++#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_GCM
++#endif
++#endif
+ 
+ /**
+  * \def ARCH_TEST_TRUNCATED_MAC
+@@ -309,7 +354,9 @@
+  *
+  * Requires: ARCH_TEST_ECC
+  */
++#ifndef TF_M_PROFILE_SMALL
+ #define ARCH_TEST_ECDH
++#endif
+ 
+ /**
+  * \def ARCH_TEST_ECDSA
+@@ -317,7 +364,9 @@
+  * Enable the elliptic curve DSA library.
+  * Requires: ARCH_TEST_ECC
+  */
++#ifndef TF_M_PROFILE_SMALL
+ #define ARCH_TEST_ECDSA
++#endif
+ 
+ /**
+  * \def ARCH_TEST_DETERMINISTIC_ECDSA
+-- 
+2.38.0
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc
index aa8f271..03f7dff 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc
@@ -20,6 +20,7 @@
     file://0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch \
     file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch \
     file://0019-plat-corstone1000-change-default-smm-values.patch \
+    file://0020-FMP-Support-in-Corstone1000.patch \
     "
 
 
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend
new file mode 100644
index 0000000..6595c92
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bbappend
@@ -0,0 +1,7 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:"
+FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000/${PN}:"
+
+SRC_URI:append:corstone1000 = " \
+            file://0001-corstone1000-port-crypto-config.patch;patchdir=../psatest \
+            file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \
+           "