subtree updates

meta-openembedded: 0782ea454a..ce0b93fc12:
  Alex Kiernan (5):
        faad2: Upgrade 2.8.8 -> 2.10.0
        onig: Upgrade 6.9.4 -> 6.9.8
        jansson: Honour multilib paths
        jansson: Backport linker flag fixes
        jansson: Default to shared builds

  Beniamin Sandu (1):
        libnet: update to v1.2 release

  Daniel Gomez (4):
        gst-instruments: Update 0.2.3 -> 0.3.1+cb8977a
        libftdi: Add ftdi-eeprom support
        xf86-video-ati: Update 19.1.0 -> 19.1.0+7a6a34af
        v4l-utils: Update 1.22.1 -> 1.23.0+fd544473

  Gianluigi Spagnuolo (1):
        bpftool: add aarch64 to COMPATIBLE_HOST

  Hitomi Hasegawa (1):
        libsdl: add CVE-2019-14906 to allowlist

  Khem Raj (2):
        python3-gevent: Avoid building internal version of libev
        xterm: Add _GNU_SOURCE via CFLAGS

  Lukas Rusak (2):
        libwebsockets: add optional support for sd-event loop
        libwebsockets: add error check if PACKAGECONFIG contains systemd but DISTRO_FEATURES doesn't

  Ming Liu (1):
        plymouth: uprev to 22.02.122

  William A. Kennington III (2):
        gerbera: upgrade 1.9.2 -> 1.11.0
        fmt: upgrade 8.1.1 -> 9.1.0

  Yi Zhao (4):
        freeradius: fix daemon startup warnings
        frr: upgrade 8.2.2 -> 8.3.1
        libnftnl: upgrade 1.2.2 -> 1.2.3
        nftables: upgrade 1.0.4 -> 1.0.5

  onkelpit (1):
        tio: added tio version 2.0 and 1.47

  wangmy (1):
        xterm: upgrade 372 -> 373

meta-arm: 52f07a4b0b..0164b4ca7a:
  Abdellatif El Khlifi (12):
        arm-bsp/u-boot: corstone1000: update initramfs bundle size
        arm-bsp/u-boot: corstone1000: upgrade FF-A support
        arm-bsp/optee-os: corstone1000: upgrade to v3.18
        arm-bsp/optee-spdevkit: corstone1000: drop the support
        arm-bsp/corstone1000-initramfs-image: remove obsolete packages
        arm-bsp/trusted-services: corstone1000: add secure partitions support
        arm-bsp/machine: corstone1000: disable pulling the kernel into the initramfs
        arm-bsp/trusted-services: corstone1000: add MHU-driver
        arm-bsp/corstone1000-initramfs-image: add TS PSA API tests packages
        arm-bsp/linux: corstone1000: use arm-ffa machine feature
        arm/secure-partitions: drop use of the recipe
        arm/ffa-debugfs: drop use of the kernel module

  Adam Johnston (3):
        arm-bsp/edk2-firmware: Update edk2/edk2-platforms versions for N1SDP
        arm-bsp/edk2-firmware: Add edk2-platforms patches for N1SDP
        arm-bsp/trusted-firmware-a: Update TF-A version for N1SDP

  Andrei Gherzan (1):
        edk2-firmware: Fix configure sed typo

  Anton Antonov (1):
        Temporary use qemu 7.0.0 for TS CI pipelines

  Davidson K (6):
        arm-bsp/tc: upgrade version of trusted-firmware-a
        arm-bsp/tc: upgrade version of hafnium
        arm-bsp/tc: upgrade version of optee
        arm-bsp/u-boot: add gnutls-native as dependency
        arm-bsp/trusted-firmware-a: add firmware update support for TC
        arm-bsp/hafnium: enable Virtual Host Extension for TC

  Denys Dmytriyenko (1):
        arm-toolchain/gcc,external-arm-toolchain: resolve conflict with gcc headers

  Emekcan (8):
        arm-bsp/u-boot: Add external system driver to u-boot device tree
        arm-bsp/kernel: Add external device driver
        arm-bsp/u-boot: Add external system MHUs to u-boot device tree
        arm-bsp/kernel: Add rpmsg_arm_mailbox to corstone1000
        arm-bsp/test: Adding a test app for external system
        arm-bsp/images: Adding external system test to initramfs image
        arm-bsp/test: Changing the test app repository
        arm-bsp/external-system: Changing the RTX repo

  Jiacheng Tang (1):
        arm/fvp-base-r-aem: upgrade to version 11.19.14

  Joe Slater (1):
        arm/packagegroup-ts-tests: fix parse error

  Jon Mason (17):
        arm-bsp/optee-os: add 3.10 recipe for corstone1000
        arm-bsp/optee: rename corstone1000 files
        arm/optee-spdevkit: add version to file name
        arm/optee-os: add ARMv7 changes to clang patch and update patches
        arm/qemuarm-secureboot: remove optee-os version pin
        arm/optee: remove old versions
        arm/optee-client: move the 3.14 recipe to meta-arm-bsp
        arm/hafnium: update to 2.7
        arm-bsp/n1sdp: update linux-yocto patches
        arm/edk2-firmware: Work around clang issue
        arm-bsp/tc: remove hafnium clang patch
        layers: convert to langdale compatibility
        CI: Remove uniquely zephyr machines
        arm-bsp/fvp: move the fvp include file to the include directory
        ci: move features only needed by testimage from base
        CI: apply a patch so that meta-zephyr is compatible with langdale
        Revert "CI: apply a patch so that meta-zephyr is compatible with langdale"

  Khem Raj (6):
        optee-os: Extend clang pragma fixes to core_mmu_v7.c for 3.18
        trusted-services: Pin to use gcc
        ffa-debugfs-mod: Exclude from world builds
        linux-yocto: Add bbappend for 5.19
        hafnium: Add a fix for clang-15 errors
        hafnium: Exclude from world builds

  Mohamed Omar Asaker (1):
        arm-bsp/n1sdp-board-firmware: upgrade to N1SDP-2022.06.22

  Peter Hoyes (4):
        arm/lib: Specify the FVP environment variables explicitly
        arm-bsp/trusted-firmware-m: Make branch names configurable
        arm/classes: Migrate TF-M image signing to bbclass
        arm-bsp/corstone1000: Refactor image signing to use new bbclass

  Ross Burton (3):
        gem5/linux-yocto: upgrade to 5.4.205 and fix buildpaths in binaries
        Revert "Temporary use qemu 7.0.0 for TS CI pipelines"
        runfvp: pass-through environment variables need for GUI applications

  Rui Miguel Silva (1):
        arm-bsp: trusted-services: fix openamp build

  Vishnu Banavath (2):
        arm-bsp/ffa-debugfs: update git SHA for v2.1.0
        arm-bsp/external-system:corstone1000: build and install external-system

  Xueliang Zhong (1):
        arm-bsp/n1sdp: upgrade scp-firmware version

Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I7a07eab9e4aa0bdbdb50602050c3c4caf062acbf
diff --git a/meta-arm/.gitlab-ci.yml b/meta-arm/.gitlab-ci.yml
index 1fb21f6..7474e24 100644
--- a/meta-arm/.gitlab-ci.yml
+++ b/meta-arm/.gitlab-ci.yml
@@ -126,12 +126,6 @@
       - TOOLCHAINS: [gcc, clang]
         FIRMWARE: [uboot, edk2]
 
-microbit-v1:
-  extends: .build
-  parallel:
-    matrix:
-      - TESTING: testimage-zephyr
-
 musca-b1:
   extends: .build
 
@@ -144,18 +138,6 @@
     matrix:
       - TOOLCHAINS: [gcc, armgcc]
 
-qemu-cortex-a53:
-  extends: .build
-
-qemu-cortex-m3:
-  extends: .build
-  parallel:
-    matrix:
-      - TESTING: testimage-zephyr
-
-qemu-cortex-r5:
-  extends: .build
-
 qemu-generic-arm64:
   extends: .build
   parallel:
diff --git a/meta-arm/ci/base.yml b/meta-arm/ci/base.yml
index eff466e..3f644c1 100644
--- a/meta-arm/ci/base.yml
+++ b/meta-arm/ci/base.yml
@@ -38,14 +38,8 @@
     PACKAGECONFIG:append:pn-perf = " coresight"
     INHERIT += "rm_work"
     DISTRO_FEATURES:remove = "ptest"
-  kvm: |
-    QEMU_USE_KVM = ""
   perf: |
     CORE_IMAGE_EXTRA_INSTALL += "perf"
-  sshkeys: |
-    CORE_IMAGE_EXTRA_INSTALL += "ssh-pregen-hostkeys"
-  universally_failing_tests: |
-    TEST_SUITES:remove = "opkg"
 
 machine: unset
 
diff --git a/meta-arm/ci/microbit-v1.yml b/meta-arm/ci/microbit-v1.yml
deleted file mode 100644
index b850148..0000000
--- a/meta-arm/ci/microbit-v1.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-header:
-  version: 11
-  includes:
-    - ci/base.yml
-    - ci/meta-zephyr.yml
-
-machine: microbit-v1
diff --git a/meta-arm/ci/qemu-cortex-a53.yml b/meta-arm/ci/qemu-cortex-a53.yml
deleted file mode 100644
index 3eec580..0000000
--- a/meta-arm/ci/qemu-cortex-a53.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-header:
-  version: 11
-  includes:
-    - ci/base.yml
-    - ci/meta-zephyr.yml
-
-# FIXME - testimage fails all tests currently, but all the tests build
-
-machine: qemu-cortex-a53
diff --git a/meta-arm/ci/qemu-cortex-m3.yml b/meta-arm/ci/qemu-cortex-m3.yml
deleted file mode 100644
index f45cb9e..0000000
--- a/meta-arm/ci/qemu-cortex-m3.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-header:
-  version: 11
-  includes:
-    - ci/base.yml
-    - ci/meta-zephyr.yml
-
-repos:
-  meta-zephyr:
-    layers:
-      meta-zephyr-bsp:
-
-local_conf_header:
-  tclibc: |
-    TCLIBC = "newlib"
-  nonbuilding_tests: |
-    ZEPHYRTESTS:remove = "common context pending poll sleep"
-  qemu_opts: |
-    QB_OPT_APPEND = "-icount shift=3,align=off,sleep=on -rtc clock=vm"
-
-machine: qemu-cortex-m3
diff --git a/meta-arm/ci/qemu-cortex-r5.yml b/meta-arm/ci/qemu-cortex-r5.yml
deleted file mode 100644
index cfcb7b9..0000000
--- a/meta-arm/ci/qemu-cortex-r5.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-header:
-  version: 11
-  includes:
-    - ci/base.yml
-    - ci/meta-zephyr.yml
-
-local_conf_header:
-  nonbuilding_tests: |
-    ZEPHYRTESTS:remove = "common poll sleep queue device"
-
-machine: qemu-cortex-r5
diff --git a/meta-arm/ci/testimage.yml b/meta-arm/ci/testimage.yml
index a26dcaf..d7de7d0 100644
--- a/meta-arm/ci/testimage.yml
+++ b/meta-arm/ci/testimage.yml
@@ -5,9 +5,15 @@
   testimage: |
     IMAGE_CLASSES += "testimage"
     TESTIMAGE_AUTO = "1"
+  kvm: |
+    QEMU_USE_KVM = ""
   slirp: |
     TEST_RUNQEMUPARAMS = "slirp"
     TEST_SERVER_IP = "127.0.0.1"
     QEMU_USE_SLIRP = "1"
   sshd: |
     IMAGE_FEATURES:append = " ssh-server-dropbear"
+  sshkeys: |
+    CORE_IMAGE_EXTRA_INSTALL += "ssh-pregen-hostkeys"
+  universally_failing_tests: |
+    TEST_SUITES:remove = "opkg"
diff --git a/meta-arm/documentation/runfvp.md b/meta-arm/documentation/runfvp.md
index c792f4e..01b1369 100644
--- a/meta-arm/documentation/runfvp.md
+++ b/meta-arm/documentation/runfvp.md
@@ -116,6 +116,14 @@
 FVP_EXTRA_ARGS = "--simlimit 60"
 ```
 
+### `FVP_ENV_PASSTHROUGH`
+
+The FVP is launched with an isolated set of environment variables. Add the name of a Bitbake variable to this list to pass it through to the FVP environment. For example:
+
+```
+FVP_ENV_PASSTHROUGH = "ARMLMD_LICENSE_FILE FM_TRACE_PLUGINS"
+```
+
 
 [AEM]: https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms/arm-ecosystem-models
 [FVP]: https://developer.arm.com/tools-and-software/simulation-models/fixed-virtual-platforms
diff --git a/meta-arm/meta-arm-bsp/conf/layer.conf b/meta-arm/meta-arm-bsp/conf/layer.conf
index a1e22c0..3df5613 100644
--- a/meta-arm/meta-arm-bsp/conf/layer.conf
+++ b/meta-arm/meta-arm-bsp/conf/layer.conf
@@ -9,7 +9,7 @@
 BBFILE_PATTERN_meta-arm-bsp = "^${LAYERDIR}/"
 BBFILE_PRIORITY_meta-arm-bsp = "5"
 
-LAYERSERIES_COMPAT_meta-arm-bsp = "kirkstone"
+LAYERSERIES_COMPAT_meta-arm-bsp = "langdale"
 
 LAYERDEPENDS_meta-arm-bsp = "core meta-arm"
 # This won't be used by layerindex-fetch, but works everywhere else
diff --git a/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf b/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf
index e79373d..4433f8b 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/corstone1000-fvp.conf
@@ -33,6 +33,9 @@
 # Boot image
 FVP_DATA ?= "board.flash0=${DEPLOY_DIR_IMAGE}/${IMAGE_NAME}.rootfs.wic.nopt@0x68100000"
 
+# External system (cortex-M3)
+FVP_CONFIG[extsys_harness0.extsys_flashloader.fname] ?= "${DEPLOY_DIR_IMAGE}/es_flashfw.bin"
+
 # FVP Terminals
 FVP_TERMINALS[host.host_terminal_0] ?= "Normal World Console"
 FVP_TERMINALS[host.host_terminal_1] ?= "Secure World Console"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-base-arm32.conf b/meta-arm/meta-arm-bsp/conf/machine/fvp-base-arm32.conf
index 7343aed..d3452b7 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/fvp-base-arm32.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/fvp-base-arm32.conf
@@ -4,7 +4,7 @@
 #@NAME: Armv7-A Base Platform FVP machine
 #@DESCRIPTION: Machine configuration for Armv7-A Base Platform FVP model
 
-require conf/machine/fvp-common.inc
+require conf/machine/include/fvp-common.inc
 require conf/machine/include/arm/arch-armv7a.inc
 
 # FVP u-boot configuration
diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf
index 04ec112..320e22c 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf
+++ b/meta-arm/meta-arm-bsp/conf/machine/fvp-base.conf
@@ -4,7 +4,7 @@
 #@NAME: Armv8-A Base Platform FVP machine
 #@DESCRIPTION: Machine configuration for Armv8-A Base Platform FVP model
 
-require conf/machine/fvp-common.inc
+require conf/machine/include/fvp-common.inc
 require conf/machine/include/arm/arch-armv8a.inc
 
 TUNE_FEATURES = "aarch64"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc
index ec48222..e4ef068 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000.inc
@@ -18,7 +18,7 @@
 TFA_FIP_RE_IMAGE_LOAD_ADDRESS = "0x68130000"
 TFA_FIP_RE_SIGN_BIN_SIZE = "0x00200000"
 RE_LAYOUT_WRAPPER_VERSION = "0.0.7"
-TFM_SIGN_PRIVATE_KEY = "${S}/bl2/ext/mcuboot/root-RSA-3072_1.pem"
+TFM_SIGN_PRIVATE_KEY = "${libdir}/tfm-scripts/root-RSA-3072_1.pem"
 RE_IMAGE_OFFSET = "0x1000"
 
 # u-boot
@@ -33,15 +33,19 @@
 UBOOT_ARCH = "arm"
 UBOOT_EXTLINUX = "0"
 
-# optee
-PREFERRED_VERSION_optee-os ?= "3.10.%"
-PREFERRED_VERSION_optee-client ?= "3.14.%"
+#optee
+PREFERRED_VERSION_optee-os ?= "3.18.%"
+PREFERRED_VERSION_optee-client ?= "3.18.%"
 EXTRA_IMAGEDEPENDS += "optee-os"
 OPTEE_ARCH = "arm64"
 OPTEE_BINARY = "tee-pager_v2.bin"
 
-# Trusted Services(TS)
-EXTRA_IMAGEDEPENDS += "secure-partitions"
+# Include smm-gateway and se-proxy SPs into optee-os binary
+MACHINE_FEATURES += "ts-smm-gateway ts-se-proxy"
+TS_PLATFORM = "arm/corstone1000"
+
+# External System(Cortex-M3)
+EXTRA_IMAGEDEPENDS += "external-system"
 
 # Linux kernel
 PREFERRED_PROVIDER_virtual/kernel:forcevariable = "linux-yocto"
@@ -53,6 +57,12 @@
 #telling the build system which image is responsible of the generation of the initramfs rootfs
 INITRAMFS_IMAGE = "corstone1000-initramfs-image"
 
+# add FF-A support in the kernel
+MACHINE_FEATURES += "arm-ffa"
+
+# prevent the kernel image from being included in the intramfs rootfs
+PACKAGE_EXCLUDE = "kernel-image-*"
+
 # enable this feature for kernel debugging
 # MACHINE_FEATURES += "corstone1000_kernel_debug"
 
diff --git a/meta-arm/meta-arm-bsp/conf/machine/fvp-common.inc b/meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc
similarity index 100%
rename from meta-arm/meta-arm-bsp/conf/machine/fvp-common.inc
rename to meta-arm/meta-arm-bsp/conf/machine/include/fvp-common.inc
diff --git a/meta-arm/meta-arm-bsp/conf/machine/include/tc.inc b/meta-arm/meta-arm-bsp/conf/machine/include/tc.inc
index 88eda55..d1fe97d 100644
--- a/meta-arm/meta-arm-bsp/conf/machine/include/tc.inc
+++ b/meta-arm/meta-arm-bsp/conf/machine/include/tc.inc
@@ -26,9 +26,9 @@
 PREFERRED_VERSION_linux-arm64-ack ?= "5.10"
 
 # OP-TEE
-PREFERRED_VERSION_optee-os ?= "3.14%"
-PREFERRED_VERSION_optee-client ?= "3.14%"
-PREFERRED_VERSION_optee-test ?= "3.14%"
+PREFERRED_VERSION_optee-os ?= "3.18%"
+PREFERRED_VERSION_optee-client ?= "3.18%"
+PREFERRED_VERSION_optee-test ?= "3.18%"
 
 # Cannot use the default zImage on arm64
 KERNEL_IMAGETYPE = "Image"
diff --git a/meta-arm/meta-arm-bsp/conf/machine/qemu-cortex-r5.conf b/meta-arm/meta-arm-bsp/conf/machine/qemu-cortex-r5.conf
deleted file mode 100644
index 5a0ea69..0000000
--- a/meta-arm/meta-arm-bsp/conf/machine/qemu-cortex-r5.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-#@TYPE: Machine
-#@NAME: qemu_cortex_r5
-#@DESCRIPTION: Machine for Zephyr BOARD qemu_cortex_r5
-
-require conf/machine/include/qemu.inc
-require conf/machine/include/arm/armv7r/tune-cortexr5.inc
-
-# GLIBC will not work with Cortex-R.
-TCLIBC = "newlib"
-
-# For runqemu
-QB_SYSTEM_NAME = "qemu-system-aarch64"
-QB_MACHINE = "-machine xlnx-zcu102"
-QB_CPU = "-cpu cortex-r5"
-QB_MEM = "-m 64k"
-QB_GRAPHICS = "-nographic -vga none"
-QB_RNG = ""
-
-# Zephyr RTOS settings
-ZEPHYR_BOARD = "qemu_cortex_r5"
-ZEPHYR_INHERIT_CLASSES += "zephyr-qemuboot"
-ARCH:qemu-cortex-r5 = "arm"
diff --git a/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md b/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md
index 6986afd..9127a6c 100644
--- a/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md
+++ b/meta-arm/meta-arm-bsp/documentation/fvp-baser-aemv8r64.md
@@ -27,7 +27,7 @@
 where either a standard or Real-Time Linux kernel (PREEMPT\_RT) can be built
 and run:
 
- - FVP_Base_AEMv8R: v11.18.16
+ - FVP_Base_AEMv8R: v11.19.14
  - boot-wrapper-aarch64: provides PSCI support
  - U-Boot: v2022.04 - provides UEFI services
  - Linux kernel: linux-yocto-5.15
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb
new file mode 100644
index 0000000..5bb8c37
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/external-system/external-system_0.1.0.bb
@@ -0,0 +1,47 @@
+SUMMARY = "External system Cortex-M3 Firmware"
+DESCRIPTION = "Firmware to be loaded and run in External System Harness in\
+               support to the main application CPU."
+HOMEPAGE = "https://git.linaro.org/landing-teams/working/arm/external-system.git"
+DEPENDS = "gcc-arm-none-eabi-native"
+INHIBIT_DEFAULT_DEPS="1"
+LICENSE = "BSD-3-Clause & Apache-2.0"
+LIC_FILES_CHKSUM = "file://license.md;md5=e44b2531cd6ffe9dece394dbe988d9a0 \
+                    file://cmsis/LICENSE.txt;md5=e3fc50a88d0a364313df4b21ef20c29e"
+
+SRC_URI = "gitsm://git.gitlab.arm.com/arm-reference-solutions/corstone1000/external_system/rtx.git;protocol=https;branch=master"
+SRCREV = "8c9dca74b104ff6c9722fb0738ba93dd3719c080"
+PV .= "+git${SRCPV}"
+
+COMPATIBLE_MACHINE = "(corstone1000)"
+
+# PRODUCT is passed to the Makefile to specify the platform to be used.
+PRODUCT = "corstone-1000"
+
+S = "${WORKDIR}/git"
+B = "${WORKDIR}/build"
+
+LDFLAGS[unexport] = "1"
+
+do_compile() {
+    oe_runmake -C ${S} V=y \
+        BUILD_PATH=${B} \
+	PRODUCT=${PRODUCT} \
+	CROSS_COMPILE=arm-none-eabi- \
+        all
+}
+
+do_compile[cleandirs] = "${B}"
+
+do_install() {
+    install -D -p -m 0644 ${B}/product/${PRODUCT}/firmware/release/bin/firmware.bin ${D}/firmware/es_flashfw.bin
+}
+
+FILES:${PN} = "/firmware"
+SYSROOT_DIRS += "/firmware"
+
+inherit deploy
+
+do_deploy() {
+    cp -rf ${D}/firmware/* ${DEPLOYDIR}/
+}
+addtask deploy after do_install
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0004-feat-emulate-interrupt-controller-register-access.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-feat-emulate-interrupt-controller-register-access.patch
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0004-feat-emulate-interrupt-controller-register-access.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-feat-emulate-interrupt-controller-register-access.patch
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-fix-ff-a-Use-FFA_INTERRUPT-to-signal-an-interrupted-.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-fix-ff-a-Use-FFA_INTERRUPT-to-signal-an-interrupted-.patch
deleted file mode 100644
index 2b57b23..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0002-fix-ff-a-Use-FFA_INTERRUPT-to-signal-an-interrupted-.patch
+++ /dev/null
@@ -1,152 +0,0 @@
-From e6bcc390749f0560b3bc92507ecbaaabc7145200 Mon Sep 17 00:00:00 2001
-From: Lucian Paul-Trifu <lucian.paul-trifu@arm.com>
-Date: Wed, 10 Mar 2021 11:31:02 +0000
-Subject: [PATCH 2/5] fix(ff-a): Use FFA_INTERRUPT to signal an interrupted
- FFA_MSG_WAIT
-
-Rather than FFA_ERROR(INTERRUPTED).
-
-Change-Id: I6b23a442714852b6183e0e46af6f0504ec0ee8f4
-Signed-off-by: Ben Horgan <ben.horgan@arm.com>
-Upstream-Status: Pending [Not submitted to upstream yet]
----
- src/api.c                                                  | 2 +-
- test/inc/test/vmapi/ffa.h                                  | 7 +++++++
- test/vmapi/arch/aarch64/gicv3/services/common.c            | 3 +--
- test/vmapi/arch/aarch64/gicv3/services/timer.c             | 2 +-
- test/vmapi/el0_partitions/services/interruptible.c         | 3 +--
- test/vmapi/el0_partitions/services/interruptible_echo.c    | 3 +--
- test/vmapi/el0_partitions/services/receive_block.c         | 2 +-
- .../primary_with_secondaries/services/interruptible.c      | 3 +--
- .../primary_with_secondaries/services/receive_block.c      | 2 +-
- 9 files changed, 15 insertions(+), 12 deletions(-)
-
-diff --git a/src/api.c b/src/api.c
-index b713b7c..00c4d44 100644
---- a/src/api.c
-+++ b/src/api.c
-@@ -1588,7 +1588,7 @@ struct ffa_value api_ffa_msg_recv(bool block, struct vcpu *current,
- 	 * received. If a message is received the return value will be set at
- 	 * that time to FFA_SUCCESS.
- 	 */
--	return_code = ffa_error(FFA_INTERRUPTED);
-+	return_code = (struct ffa_value){.func = FFA_INTERRUPT_32};
- 	if (api_ffa_msg_recv_block_interrupted(current)) {
- 		goto out;
- 	}
-diff --git a/test/inc/test/vmapi/ffa.h b/test/inc/test/vmapi/ffa.h
-index 8fc1223..f0f3e75 100644
---- a/test/inc/test/vmapi/ffa.h
-+++ b/test/inc/test/vmapi/ffa.h
-@@ -24,6 +24,13 @@
- 		EXPECT_EQ(ffa_error_code(v), (ffa_error)); \
- 	} while (0)
- 
-+#define EXPECT_FFA_INTERRUPT(value)                        \
-+	do {                                               \
-+		struct ffa_value v = (value);              \
-+		EXPECT_EQ(v.func, FFA_INTERRUPT_32);       \
-+	} while (0)
-+
-+
- /*
-  * The bit 15 of the FF-A ID indicates whether the partition is executing
-  * in the normal world, in case it is a Virtual Machine (VM); or in the
-diff --git a/test/vmapi/arch/aarch64/gicv3/services/common.c b/test/vmapi/arch/aarch64/gicv3/services/common.c
-index 06df28d..4ada9e2 100644
---- a/test/vmapi/arch/aarch64/gicv3/services/common.c
-+++ b/test/vmapi/arch/aarch64/gicv3/services/common.c
-@@ -22,8 +22,7 @@ struct ffa_value mailbox_receive_retry(void)
- 
- 	do {
- 		received = ffa_msg_wait();
--	} while (received.func == FFA_ERROR_32 &&
--		 received.arg2 == FFA_INTERRUPTED);
-+	} while (received.func == FFA_INTERRUPT_32);
- 
- 	return received;
- }
-diff --git a/test/vmapi/arch/aarch64/gicv3/services/timer.c b/test/vmapi/arch/aarch64/gicv3/services/timer.c
-index 156f160..d5d2816 100644
---- a/test/vmapi/arch/aarch64/gicv3/services/timer.c
-+++ b/test/vmapi/arch/aarch64/gicv3/services/timer.c
-@@ -104,7 +104,7 @@ TEST_SERVICE(timer)
- 		} else if (receive) {
- 			struct ffa_value res = ffa_msg_wait();
- 
--			EXPECT_FFA_ERROR(res, FFA_INTERRUPTED);
-+			EXPECT_FFA_INTERRUPT(res);
- 		} else {
- 			/* Busy wait until the timer fires. */
- 			while (!timer_fired) {
-diff --git a/test/vmapi/el0_partitions/services/interruptible.c b/test/vmapi/el0_partitions/services/interruptible.c
-index 0d00b16..4c9f099 100644
---- a/test/vmapi/el0_partitions/services/interruptible.c
-+++ b/test/vmapi/el0_partitions/services/interruptible.c
-@@ -50,8 +50,7 @@ static struct ffa_value mailbox_receive_retry()
- 	do {
- 		irq();
- 		received = ffa_msg_wait();
--	} while (received.func == FFA_ERROR_32 &&
--		 ffa_error_code(received) == FFA_INTERRUPTED);
-+	} while (received.func == FFA_INTERRUPT_32);
- 
- 	return received;
- }
-diff --git a/test/vmapi/el0_partitions/services/interruptible_echo.c b/test/vmapi/el0_partitions/services/interruptible_echo.c
-index b618cf2..a857783 100644
---- a/test/vmapi/el0_partitions/services/interruptible_echo.c
-+++ b/test/vmapi/el0_partitions/services/interruptible_echo.c
-@@ -39,8 +39,7 @@ static struct ffa_value mailbox_receive_retry()
- 	do {
- 		irq();
- 		received = ffa_msg_wait();
--	} while (received.func == FFA_ERROR_32 &&
--		 received.arg2 == FFA_INTERRUPTED);
-+	} while (received.func == FFA_INTERRUPT_32);
- 
- 	return received;
- }
-diff --git a/test/vmapi/el0_partitions/services/receive_block.c b/test/vmapi/el0_partitions/services/receive_block.c
-index 05a22f3..60da28b 100644
---- a/test/vmapi/el0_partitions/services/receive_block.c
-+++ b/test/vmapi/el0_partitions/services/receive_block.c
-@@ -27,7 +27,7 @@ TEST_SERVICE(receive_block)
- 
- 	for (i = 0; i < 10; ++i) {
- 		struct ffa_value res = ffa_msg_wait();
--		EXPECT_FFA_ERROR(res, FFA_INTERRUPTED);
-+		EXPECT_FFA_INTERRUPT(res);
- 	}
- 
- 	memcpy_s(SERVICE_SEND_BUFFER(), FFA_MSG_PAYLOAD_MAX, message,
-diff --git a/test/vmapi/primary_with_secondaries/services/interruptible.c b/test/vmapi/primary_with_secondaries/services/interruptible.c
-index cc1c1f9..005d1ff 100644
---- a/test/vmapi/primary_with_secondaries/services/interruptible.c
-+++ b/test/vmapi/primary_with_secondaries/services/interruptible.c
-@@ -46,8 +46,7 @@ struct ffa_value mailbox_receive_retry()
- 
- 	do {
- 		received = ffa_msg_wait();
--	} while (received.func == FFA_ERROR_32 &&
--		 ffa_error_code(received) == FFA_INTERRUPTED);
-+	} while (received.func == FFA_INTERRUPT_32);
- 
- 	return received;
- }
-diff --git a/test/vmapi/primary_with_secondaries/services/receive_block.c b/test/vmapi/primary_with_secondaries/services/receive_block.c
-index edb4e3c..a6805ae 100644
---- a/test/vmapi/primary_with_secondaries/services/receive_block.c
-+++ b/test/vmapi/primary_with_secondaries/services/receive_block.c
-@@ -40,7 +40,7 @@ TEST_SERVICE(receive_block)
- 
- 	for (i = 0; i < 10; ++i) {
- 		struct ffa_value res = ffa_msg_wait();
--		EXPECT_FFA_ERROR(res, FFA_INTERRUPTED);
-+		EXPECT_FFA_INTERRUPT(res);
- 	}
- 
- 	memcpy_s(SERVICE_SEND_BUFFER(), FFA_MSG_PAYLOAD_MAX, message,
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-fix-ff-a-Add-FFA_SECONDARY_EP_REGISTER_64-to-list-of.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-fix-ff-a-Add-FFA_SECONDARY_EP_REGISTER_64-to-list-of.patch
deleted file mode 100644
index 8d2cc13..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-fix-ff-a-Add-FFA_SECONDARY_EP_REGISTER_64-to-list-of.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From a6f466c2594b2f56d34fee72494fbd29ea9c7d21 Mon Sep 17 00:00:00 2001
-From: Ben Horgan <ben.horgan@arm.com>
-Date: Tue, 26 Apr 2022 12:59:42 +0000
-Subject: [PATCH 3/5] fix(ff-a): Add FFA_SECONDARY_EP_REGISTER_64 to list of
- features
-
-Signed-off-by: Ben Horgan <ben.horgan@arm.com>
-Change-Id: Ic1344eb2c982c195210dc2c86aa6845f3e037077
-Upstream-Status: Pending [Not submitted to upstream yet]
----
- src/api.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/api.c b/src/api.c
-index 00c4d44..33a9b42 100644
---- a/src/api.c
-+++ b/src/api.c
-@@ -2021,6 +2021,7 @@ struct ffa_value api_ffa_features(uint32_t feature_function_id)
- 	case FFA_MEM_PERM_SET_32:
- 	case FFA_MEM_PERM_GET_64:
- 	case FFA_MEM_PERM_SET_64:
-+	case FFA_SECONDARY_EP_REGISTER_64:
- #endif
- 		return (struct ffa_value){.func = FFA_SUCCESS_32};
- 
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0006-tc-increase-heap-pages.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-tc-increase-heap-pages.patch
similarity index 78%
rename from meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0006-tc-increase-heap-pages.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-tc-increase-heap-pages.patch
index 671f6a5..e867073 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0006-tc-increase-heap-pages.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0003-tc-increase-heap-pages.patch
@@ -5,13 +5,13 @@
 
 Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
 ---
- project/reference/BUILD.gn | 2 +-
+ /BUILD.gn | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/project/reference/BUILD.gn b/project/reference/BUILD.gn
+diff --git a//BUILD.gn b//BUILD.gn
 index 5d84d13..4ea0890 100644
---- a/project/reference/BUILD.gn
-+++ b/project/reference/BUILD.gn
+--- a//BUILD.gn
++++ b//BUILD.gn
 @@ -233,7 +233,7 @@ aarch64_toolchains("secure_tc") {
    gicd_base_address = "0x30000000"
    gicr_base_address = "0x30080000"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0004-feat-disable-alignment-check-for-EL0-partitions.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0004-feat-disable-alignment-check-for-EL0-partitions.patch
new file mode 100644
index 0000000..d1e10d0
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0004-feat-disable-alignment-check-for-EL0-partitions.patch
@@ -0,0 +1,320 @@
+From 1e24b45a8ff34af45dda45c57f8403452d384f99 Mon Sep 17 00:00:00 2001
+From: Olivier Deprez <olivier.deprez@arm.com>
+Date: Mon, 8 Aug 2022 19:14:23 +0200
+Subject: [PATCH] feat: disable alignment check for EL0 partitions
+
+Relax hw alignment check specifically for (S-)EL0 partitions when
+Hafnium runs with VHE enabled. EL1 partitions have a specific control
+for EL1 and EL0 with respect to alignment check.
+Create a hyp_state structure (from already defined flying registers)
+within the vCPU context to hold the Hypervisor EL2 static configuration
+applied when a vCPU runs. This state is switched back and forth when
+running the Hypervisor or the VM.
+Add SCTLR_EL2 to this context. An EL0 partition context is initialized
+with SCTLR_EL2.A=0 such that alignment check is disabled when EL0 runs
+in the EL2&0 translation regime. SCTLR_EL2.A is set back when returning
+to the Hypervisor such that Hypervisor execution runs with aligment
+check enabled at EL2.
+Remove HCR_EL2 saving from vCPU exit path provided this register state
+is static and doesn't change while a vCPU runs.
+The rationale for such change is to permit running upstream SW stacks
+such as the EDKII/StandaloneMm [1] for which default build assumes
+unaligned accesses are permitted. Similar query exists for running
+Trusted Services on top of Hafnium [2].
+
+[1] https://github.com/tianocore/edk2/tree/master/StandaloneMmPkg
+[2] https://trusted-services.readthedocs.io/en/integration/
+
+Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
+Change-Id: I2906f4c712425fcfb31adbf89e2e3b9ca293f181
+Upstream-Status: Submitted [https://review.trustedfirmware.org/c/hafnium/hafnium/+/16195]
+---
+ src/arch/aarch64/hypervisor/cpu.c        |  9 ++++---
+ src/arch/aarch64/hypervisor/exceptions.S | 32 ++++++++++++++++--------
+ src/arch/aarch64/hypervisor/feature_id.c |  6 ++---
+ src/arch/aarch64/hypervisor/handler.c    | 18 +++++++------
+ src/arch/aarch64/inc/hf/arch/types.h     |  9 +++++--
+ src/arch/aarch64/mm.c                    |  2 +-
+ src/arch/aarch64/sysregs.c               | 11 ++++++--
+ src/arch/aarch64/sysregs.h               |  2 +-
+ 8 files changed, 59 insertions(+), 30 deletions(-)
+
+diff --git a/src/arch/aarch64/hypervisor/cpu.c b/src/arch/aarch64/hypervisor/cpu.c
+index d2df77d..a000159 100644
+--- a/src/arch/aarch64/hypervisor/cpu.c
++++ b/src/arch/aarch64/hypervisor/cpu.c
+@@ -115,7 +115,9 @@ void arch_regs_reset(struct vcpu *vcpu)
+ 		}
+ 	}
+ 
+-	r->hcr_el2 = get_hcr_el2_value(vm_id, vcpu->vm->el0_partition);
++	r->hyp_state.hcr_el2 =
++		get_hcr_el2_value(vm_id, vcpu->vm->el0_partition);
++	r->hyp_state.sctlr_el2 = get_sctlr_el2_value(vcpu->vm->el0_partition);
+ 	r->lazy.cnthctl_el2 = cnthctl;
+ 	if (vcpu->vm->el0_partition) {
+ 		CHECK(has_vhe_support());
+@@ -125,10 +127,11 @@ void arch_regs_reset(struct vcpu *vcpu)
+ 		 * are ignored and treated as 0. There is no need to mask the
+ 		 * VMID (used as asid) to only 8 bits.
+ 		 */
+-		r->ttbr0_el2 = pa_addr(table) | ((uint64_t)vm_id << 48);
++		r->hyp_state.ttbr0_el2 =
++			pa_addr(table) | ((uint64_t)vm_id << 48);
+ 		r->spsr = PSR_PE_MODE_EL0T;
+ 	} else {
+-		r->ttbr0_el2 = read_msr(ttbr0_el2);
++		r->hyp_state.ttbr0_el2 = read_msr(ttbr0_el2);
+ 		r->lazy.vtcr_el2 = arch_mm_get_vtcr_el2();
+ 		r->lazy.vttbr_el2 = pa_addr(table) | ((uint64_t)vm_id << 48);
+ #if SECURE_WORLD == 1
+diff --git a/src/arch/aarch64/hypervisor/exceptions.S b/src/arch/aarch64/hypervisor/exceptions.S
+index 539e196..d3732f8 100644
+--- a/src/arch/aarch64/hypervisor/exceptions.S
++++ b/src/arch/aarch64/hypervisor/exceptions.S
+@@ -20,6 +20,9 @@
+ #define ID_AA64PFR0_SVE_SHIFT (32)
+ #define ID_AA64PFR0_SVE_LENGTH (4)
+ 
++#define SCTLR_EL2_A_SHIFT	(1)
++#define HCR_EL2_TGE_SHIFT	(27)
++
+ /**
+  * Saves the volatile registers into the register buffer of the current vCPU.
+  */
+@@ -51,8 +54,6 @@
+ 	mrs x1, elr_el2
+ 	mrs x2, spsr_el2
+ 	stp x1, x2, [x18, #VCPU_REGS + 8 * 31]
+-	mrs x1, hcr_el2
+-	str x1, [x18, #VCPU_REGS + 8 * 33]
+ .endm
+ 
+ /**
+@@ -871,12 +872,13 @@ vcpu_restore_volatile_and_run:
+ 	msr elr_el2, x1
+ 	msr spsr_el2, x2
+ 
+-	ldr x1, [x0, #VCPU_REGS + 8 * 33]
++	ldp x1, x2, [x0, #VCPU_REGS + 8 * 33]
+ 	msr hcr_el2, x1
++	msr ttbr0_el2, x2
+ 	isb
+ 
+-	ldr x1, [x0, #VCPU_REGS + 8 * 34]
+-	msr ttbr0_el2, x1
++	ldr x1, [x0, #VCPU_REGS + 8 * 35]
++	msr sctlr_el2, x1
+ 	isb
+ 
+ 	/* Restore x0..x3, which we have used as scratch before. */
+@@ -886,15 +888,17 @@ vcpu_restore_volatile_and_run:
+ 
+ #if ENABLE_VHE
+ enable_vhe_tge:
++	mrs x0, id_aa64mmfr1_el1
++	tst x0, #0xf00
++	b.eq 1f
++
+ 	/**
+ 	 * Switch to host mode ({E2H, TGE} = {1,1}) when VHE is enabled.
+ 	 * Note that E2H is always set when VHE is enabled.
+ 	 */
+-	mrs x0, id_aa64mmfr1_el1
+-	tst x0, #0xf00
+-	b.eq 1f
+-	orr x1, x1, #(1 << 27)
+-	msr hcr_el2, x1
++	mrs x0, hcr_el2
++	orr x0, x0, #(1 << HCR_EL2_TGE_SHIFT)
++	msr hcr_el2, x0
+ 	isb
+ 
+ 	/**
+@@ -905,6 +909,14 @@ enable_vhe_tge:
+ 	ldr x0, [x0]
+ 	msr ttbr0_el2, x0
+ 	isb
++
++	/**
++	 * Enable alignment check while Hypervisor runs.
++	 */
++	mrs x0, sctlr_el2
++	orr x0, x0, #(1 << SCTLR_EL2_A_SHIFT)
++	msr sctlr_el2, x0
++	isb
+ 1:
+ 	ret
+ #endif
+diff --git a/src/arch/aarch64/hypervisor/feature_id.c b/src/arch/aarch64/hypervisor/feature_id.c
+index ed3bf8f..57f3262 100644
+--- a/src/arch/aarch64/hypervisor/feature_id.c
++++ b/src/arch/aarch64/hypervisor/feature_id.c
+@@ -175,7 +175,7 @@ void feature_set_traps(struct vm *vm, struct arch_regs *regs)
+ 		~(ID_AA64MMFR1_EL1_VH_MASK << ID_AA64MMFR1_EL1_VH_SHIFT);
+ 
+ 	if (features & HF_FEATURE_RAS) {
+-		regs->hcr_el2 |= HCR_EL2_TERR;
++		regs->hyp_state.hcr_el2 |= HCR_EL2_TERR;
+ 		vm->arch.tid3_masks.id_aa64mmfr1_el1 &=
+ 			~ID_AA64MMFR1_EL1_SPEC_SEI;
+ 		vm->arch.tid3_masks.id_aa64pfr0_el1 &= ~ID_AA64PFR0_EL1_RAS;
+@@ -221,14 +221,14 @@ void feature_set_traps(struct vm *vm, struct arch_regs *regs)
+ 	}
+ 
+ 	if (features & HF_FEATURE_LOR) {
+-		regs->hcr_el2 |= HCR_EL2_TLOR;
++		regs->hyp_state.hcr_el2 |= HCR_EL2_TLOR;
+ 
+ 		vm->arch.tid3_masks.id_aa64mmfr1_el1 &= ~ID_AA64MMFR1_EL1_LO;
+ 	}
+ 
+ 	if (features & HF_FEATURE_PAUTH) {
+ 		/* APK and API bits *enable* trapping when cleared. */
+-		regs->hcr_el2 &= ~(HCR_EL2_APK | HCR_EL2_API);
++		regs->hyp_state.hcr_el2 &= ~(HCR_EL2_APK | HCR_EL2_API);
+ 
+ 		vm->arch.tid3_masks.id_aa64isar1_el1 &= ~ID_AA64ISAR1_EL1_GPI;
+ 		vm->arch.tid3_masks.id_aa64isar1_el1 &= ~ID_AA64ISAR1_EL1_GPA;
+diff --git a/src/arch/aarch64/hypervisor/handler.c b/src/arch/aarch64/hypervisor/handler.c
+index cd5146b..8a3d628 100644
+--- a/src/arch/aarch64/hypervisor/handler.c
++++ b/src/arch/aarch64/hypervisor/handler.c
+@@ -272,9 +272,9 @@ noreturn void sync_current_exception_noreturn(uintreg_t elr, uintreg_t spsr)
+ static void set_virtual_irq(struct arch_regs *r, bool enable)
+ {
+ 	if (enable) {
+-		r->hcr_el2 |= HCR_EL2_VI;
++		r->hyp_state.hcr_el2 |= HCR_EL2_VI;
+ 	} else {
+-		r->hcr_el2 &= ~HCR_EL2_VI;
++		r->hyp_state.hcr_el2 &= ~HCR_EL2_VI;
+ 	}
+ }
+ 
+@@ -283,14 +283,15 @@ static void set_virtual_irq(struct arch_regs *r, bool enable)
+  */
+ static void set_virtual_irq_current(bool enable)
+ {
+-	uintreg_t hcr_el2 = current()->regs.hcr_el2;
++	struct vcpu *vcpu = current();
++	uintreg_t hcr_el2 = vcpu->regs.hyp_state.hcr_el2;
+ 
+ 	if (enable) {
+ 		hcr_el2 |= HCR_EL2_VI;
+ 	} else {
+ 		hcr_el2 &= ~HCR_EL2_VI;
+ 	}
+-	current()->regs.hcr_el2 = hcr_el2;
++	vcpu->regs.hyp_state.hcr_el2 = hcr_el2;
+ }
+ 
+ /**
+@@ -300,9 +301,9 @@ static void set_virtual_irq_current(bool enable)
+ static void set_virtual_fiq(struct arch_regs *r, bool enable)
+ {
+ 	if (enable) {
+-		r->hcr_el2 |= HCR_EL2_VF;
++		r->hyp_state.hcr_el2 |= HCR_EL2_VF;
+ 	} else {
+-		r->hcr_el2 &= ~HCR_EL2_VF;
++		r->hyp_state.hcr_el2 &= ~HCR_EL2_VF;
+ 	}
+ }
+ 
+@@ -311,14 +312,15 @@ static void set_virtual_fiq(struct arch_regs *r, bool enable)
+  */
+ static void set_virtual_fiq_current(bool enable)
+ {
+-	uintreg_t hcr_el2 = current()->regs.hcr_el2;
++	struct vcpu *vcpu = current();
++	uintreg_t hcr_el2 = vcpu->regs.hyp_state.hcr_el2;
+ 
+ 	if (enable) {
+ 		hcr_el2 |= HCR_EL2_VF;
+ 	} else {
+ 		hcr_el2 &= ~HCR_EL2_VF;
+ 	}
+-	current()->regs.hcr_el2 = hcr_el2;
++	vcpu->regs.hyp_state.hcr_el2 = hcr_el2;
+ }
+ 
+ #if SECURE_WORLD == 1
+diff --git a/src/arch/aarch64/inc/hf/arch/types.h b/src/arch/aarch64/inc/hf/arch/types.h
+index 6379d73..6b8b24f 100644
+--- a/src/arch/aarch64/inc/hf/arch/types.h
++++ b/src/arch/aarch64/inc/hf/arch/types.h
+@@ -79,8 +79,13 @@ struct arch_regs {
+ 	uintreg_t r[NUM_GP_REGS];
+ 	uintreg_t pc;
+ 	uintreg_t spsr;
+-	uintreg_t hcr_el2;
+-	uintreg_t ttbr0_el2;
++
++	/* Hypervisor configuration while a vCPU runs. */
++	struct {
++		uintreg_t hcr_el2;
++		uintreg_t ttbr0_el2;
++		uintreg_t sctlr_el2;
++	} hyp_state;
+ 
+ 	/*
+ 	 * System registers.
+diff --git a/src/arch/aarch64/mm.c b/src/arch/aarch64/mm.c
+index 8ee65ca..487ae35 100644
+--- a/src/arch/aarch64/mm.c
++++ b/src/arch/aarch64/mm.c
+@@ -886,7 +886,7 @@ bool arch_mm_init(paddr_t table)
+ #endif
+ 				    (0xff << (8 * STAGE1_NORMALINDX)),
+ 
+-		.sctlr_el2 = get_sctlr_el2_value(),
++		.sctlr_el2 = get_sctlr_el2_value(false),
+ 		.vstcr_el2 = (1U << 31) |	    /* RES1. */
+ 			     (0 << 30) |	    /* SA. */
+ 			     (0 << 29) |	    /* SW. */
+diff --git a/src/arch/aarch64/sysregs.c b/src/arch/aarch64/sysregs.c
+index e8c154b..087ba4e 100644
+--- a/src/arch/aarch64/sysregs.c
++++ b/src/arch/aarch64/sysregs.c
+@@ -159,7 +159,7 @@ uintreg_t get_cptr_el2_value(void)
+ /**
+  * Returns the value for SCTLR_EL2 for the CPU.
+  */
+-uintreg_t get_sctlr_el2_value(void)
++uintreg_t get_sctlr_el2_value(bool is_el0_partition)
+ {
+ 	uintreg_t sctlr_el2_value = 0;
+ 
+@@ -173,7 +173,14 @@ uintreg_t get_sctlr_el2_value(void)
+ 
+ 	/* MMU-related bits. */
+ 	sctlr_el2_value |= SCTLR_EL2_M;
+-	sctlr_el2_value |= SCTLR_EL2_A;
++
++	/*
++	 * Alignment check enabled, but in the case of an EL0 partition
++	 * with VHE enabled.
++	 */
++	if (!(has_vhe_support() && is_el0_partition)) {
++		sctlr_el2_value |= SCTLR_EL2_A;
++	}
+ 	sctlr_el2_value |= SCTLR_EL2_C;
+ 	sctlr_el2_value |= SCTLR_EL2_SA;
+ 	sctlr_el2_value |= SCTLR_EL2_I;
+diff --git a/src/arch/aarch64/sysregs.h b/src/arch/aarch64/sysregs.h
+index babd237..6fdab58 100644
+--- a/src/arch/aarch64/sysregs.h
++++ b/src/arch/aarch64/sysregs.h
+@@ -668,7 +668,7 @@ uintreg_t get_mdcr_el2_value(void);
+ 
+ uintreg_t get_cptr_el2_value(void);
+ 
+-uintreg_t get_sctlr_el2_value(void);
++uintreg_t get_sctlr_el2_value(bool is_el0_partition);
+ 
+ /**
+  * Branch Target Identification mechanism support in AArch64 state.
+-- 
+2.34.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0005-Revert-fix-ff-a-check-receiver-s-attributes-on-memor.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0005-Revert-fix-ff-a-check-receiver-s-attributes-on-memor.patch
deleted file mode 100644
index e5f9489..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0005-Revert-fix-ff-a-check-receiver-s-attributes-on-memor.patch
+++ /dev/null
@@ -1,318 +0,0 @@
-From 64d5628c8439e4649e9c1da9b9e02ebd5c7fb8cf Mon Sep 17 00:00:00 2001
-From: Ben Horgan <ben.horgan@arm.com>
-Date: Thu, 28 Apr 2022 15:53:31 +0000
-Subject: [PATCH 5/5] Revert "fix(ff-a): check receiver's attributes on memory
- retrieve"
-
-This reverts commit a98603aa965e3ff3ca5383249213e2fd1a96d850.
-
-Change-Id: Ia71ce3ac52e9b2e85578372c24eb8d593b62435f
-Signed-off-by: Ben Horgan <ben.horgan@arm.com>
----
- src/ffa_memory.c                              | 76 ++++++-----------
- test/vmapi/el0_partitions/memory_sharing.c    | 81 -------------------
- .../primary_with_secondaries/memory_sharing.c | 81 -------------------
- 3 files changed, 25 insertions(+), 213 deletions(-)
-
-diff --git a/src/ffa_memory.c b/src/ffa_memory.c
-index ab47929..2fcc386 100644
---- a/src/ffa_memory.c
-+++ b/src/ffa_memory.c
-@@ -1344,42 +1344,6 @@ static struct ffa_value ffa_memory_send_complete(
- 	return ffa_mem_success(share_state->memory_region->handle);
- }
- 
--/**
-- * Check that the memory attributes match Hafnium expectations:
-- * Normal Memory, Inner shareable, Write-Back Read-Allocate
-- * Write-Allocate Cacheable.
-- */
--static struct ffa_value ffa_memory_attributes_validate(
--	ffa_memory_access_permissions_t attributes)
--{
--	enum ffa_memory_type memory_type;
--	enum ffa_memory_cacheability cacheability;
--	enum ffa_memory_shareability shareability;
--
--	memory_type = ffa_get_memory_type_attr(attributes);
--	if (memory_type != FFA_MEMORY_NORMAL_MEM) {
--		dlog_verbose("Invalid memory type %#x, expected %#x.\n",
--			     memory_type, FFA_MEMORY_NORMAL_MEM);
--		return ffa_error(FFA_DENIED);
--	}
--
--	cacheability = ffa_get_memory_cacheability_attr(attributes);
--	if (cacheability != FFA_MEMORY_CACHE_WRITE_BACK) {
--		dlog_verbose("Invalid cacheability %#x, expected %#x.\n",
--			     cacheability, FFA_MEMORY_CACHE_WRITE_BACK);
--		return ffa_error(FFA_DENIED);
--	}
--
--	shareability = ffa_get_memory_shareability_attr(attributes);
--	if (shareability != FFA_MEMORY_INNER_SHAREABLE) {
--		dlog_verbose("Invalid shareability %#x, expected #%x.\n",
--			     shareability, FFA_MEMORY_INNER_SHAREABLE);
--		return ffa_error(FFA_DENIED);
--	}
--
--	return (struct ffa_value){.func = FFA_SUCCESS_32};
--}
--
- /**
-  * Check that the given `memory_region` represents a valid memory send request
-  * of the given `share_func` type, return the clear flag and permissions via the
-@@ -1400,7 +1364,10 @@ static struct ffa_value ffa_memory_send_validate(
- 	uint32_t constituents_length;
- 	enum ffa_data_access data_access;
- 	enum ffa_instruction_access instruction_access;
--	struct ffa_value ret;
-+	ffa_memory_access_permissions_t attributes;
-+	enum ffa_memory_type memory_type;
-+	enum ffa_memory_cacheability memory_cacheability;
-+	enum ffa_memory_shareability memory_shareability;
- 
- 	assert(permissions != NULL);
- 
-@@ -1536,9 +1503,26 @@ static struct ffa_value ffa_memory_send_validate(
- 	 * Normal Memory, Inner shareable, Write-Back Read-Allocate
- 	 * Write-Allocate Cacheable.
- 	 */
--	ret = ffa_memory_attributes_validate(memory_region->attributes);
--	if (ret.func != FFA_SUCCESS_32) {
--		return ret;
-+	attributes = memory_region->attributes;
-+	memory_type = ffa_get_memory_type_attr(attributes);
-+	if (memory_type != FFA_MEMORY_NORMAL_MEM) {
-+		dlog_verbose("Invalid memory type %#x, expected %#x.\n",
-+			     memory_type, FFA_MEMORY_NORMAL_MEM);
-+		return ffa_error(FFA_INVALID_PARAMETERS);
-+	}
-+
-+	memory_cacheability = ffa_get_memory_cacheability_attr(attributes);
-+	if (memory_cacheability != FFA_MEMORY_CACHE_WRITE_BACK) {
-+		dlog_verbose("Invalid cacheability %#x, expected %#x.\n",
-+			     memory_cacheability, FFA_MEMORY_CACHE_WRITE_BACK);
-+		return ffa_error(FFA_INVALID_PARAMETERS);
-+	}
-+
-+	memory_shareability = ffa_get_memory_shareability_attr(attributes);
-+	if (memory_shareability != FFA_MEMORY_INNER_SHAREABLE) {
-+		dlog_verbose("Invalid shareability %#x, expected %#x.\n",
-+			     memory_shareability, FFA_MEMORY_INNER_SHAREABLE);
-+		return ffa_error(FFA_INVALID_PARAMETERS);
- 	}
- 
- 	return (struct ffa_value){.func = FFA_SUCCESS_32};
-@@ -2376,6 +2360,7 @@ struct ffa_value ffa_memory_retrieve(struct vm_locked to_locked,
- 	 * Check permissions from sender against permissions requested by
- 	 * receiver.
- 	 */
-+	/* TODO: Check attributes too. */
- 	sent_permissions =
- 		memory_region->receivers[0].receiver_permissions.permissions;
- 	sent_data_access = ffa_get_data_access_attr(sent_permissions);
-@@ -2453,17 +2438,6 @@ struct ffa_value ffa_memory_retrieve(struct vm_locked to_locked,
- 		panic("Got unexpected FFA_INSTRUCTION_ACCESS_RESERVED. Should "
- 		      "be checked before this point.");
- 	}
--
--	/*
--	 * Ensure receiver's attributes are compatible with how Hafnium maps
--	 * memory: Normal Memory, Inner shareable, Write-Back Read-Allocate
--	 * Write-Allocate Cacheable.
--	 */
--	ret = ffa_memory_attributes_validate(retrieve_request->attributes);
--	if (ret.func != FFA_SUCCESS_32) {
--		goto out;
--	}
--
- 	memory_to_attributes = ffa_memory_permissions_to_mode(
- 		permissions, share_state->sender_orig_mode);
- 	ret = ffa_retrieve_check_update(
-diff --git a/test/vmapi/el0_partitions/memory_sharing.c b/test/vmapi/el0_partitions/memory_sharing.c
-index 3756d7d..c29f029 100644
---- a/test/vmapi/el0_partitions/memory_sharing.c
-+++ b/test/vmapi/el0_partitions/memory_sharing.c
-@@ -2160,87 +2160,6 @@ TEST(memory_sharing, ffa_validate_retrieve_req_mbz)
- 	}
- }
- 
--/**
-- * Memory can't be shared with arbitrary attributes because Hafnium maps pages
-- * with hardcoded values and doesn't support custom mappings.
-- */
--TEST(memory_sharing, ffa_validate_retrieve_req_attributes)
--{
--	struct ffa_value ret;
--	struct mailbox_buffers mb = set_up_mailbox();
--	uint32_t msg_size;
--	ffa_memory_handle_t handle;
--
--	struct ffa_value (*send_function[])(uint32_t, uint32_t) = {
--		ffa_mem_share,
--		ffa_mem_lend,
--	};
--
--	struct ffa_memory_region_constituent constituents[] = {
--		{.address = (uint64_t)pages, .page_count = 2},
--		{.address = (uint64_t)pages + PAGE_SIZE * 3, .page_count = 1},
--	};
--
--	SERVICE_SELECT(SERVICE_VM1, "ffa_memory_share_fail", mb.send);
--
--	struct {
--		enum ffa_memory_type memory_type;
--		enum ffa_memory_cacheability memory_cacheability;
--		enum ffa_memory_shareability memory_shareability;
--	} invalid_attributes[] = {
--		/* Invalid memory type */
--		{FFA_MEMORY_DEVICE_MEM, FFA_MEMORY_CACHE_WRITE_BACK,
--		 FFA_MEMORY_INNER_SHAREABLE},
--		/* Invalid cacheability */
--		{FFA_MEMORY_NORMAL_MEM, FFA_MEMORY_CACHE_NON_CACHEABLE,
--		 FFA_MEMORY_INNER_SHAREABLE},
--		/* Invalid shareability */
--		{FFA_MEMORY_NORMAL_MEM, FFA_MEMORY_CACHE_WRITE_BACK,
--		 FFA_MEMORY_SHARE_NON_SHAREABLE},
--		{FFA_MEMORY_NORMAL_MEM, FFA_MEMORY_CACHE_WRITE_BACK,
--		 FFA_MEMORY_OUTER_SHAREABLE}};
--
--	for (uint32_t i = 0; i < ARRAY_SIZE(send_function); i++) {
--		/* Prepare memory region, and set all flags */
--		EXPECT_EQ(ffa_memory_region_init(
--				  mb.send, HF_MAILBOX_SIZE, HF_PRIMARY_VM_ID,
--				  SERVICE_VM1, constituents,
--				  ARRAY_SIZE(constituents), 0, 0,
--				  FFA_DATA_ACCESS_RW,
--				  FFA_INSTRUCTION_ACCESS_NOT_SPECIFIED,
--				  FFA_MEMORY_NORMAL_MEM,
--				  FFA_MEMORY_CACHE_WRITE_BACK,
--				  FFA_MEMORY_INNER_SHAREABLE, NULL, &msg_size),
--			  0);
--
--		ret = send_function[i](msg_size, msg_size);
--		EXPECT_EQ(ret.func, FFA_SUCCESS_32);
--
--		handle = ffa_mem_success_handle(ret);
--
--		for (uint32_t j = 0; j < ARRAY_SIZE(invalid_attributes); ++j) {
--			msg_size = ffa_memory_retrieve_request_init(
--				mb.send, handle, HF_PRIMARY_VM_ID, SERVICE_VM1,
--				0, 0, FFA_DATA_ACCESS_RW,
--				FFA_INSTRUCTION_ACCESS_NOT_SPECIFIED,
--				invalid_attributes[j].memory_type,
--				invalid_attributes[j].memory_cacheability,
--				invalid_attributes[j].memory_shareability);
--
--			EXPECT_LE(msg_size, HF_MAILBOX_SIZE);
--
--			EXPECT_EQ(ffa_msg_send(HF_PRIMARY_VM_ID, SERVICE_VM1,
--					       msg_size, 0)
--					  .func,
--				  FFA_SUCCESS_32);
--
--			ffa_run(SERVICE_VM1, 0);
--		}
--
--		EXPECT_EQ(ffa_mem_reclaim(handle, 0).func, FFA_SUCCESS_32);
--	}
--}
--
- /**
-  * If memory is shared can't request zeroing of memory at both send and
-  * relinquish.
-diff --git a/test/vmapi/primary_with_secondaries/memory_sharing.c b/test/vmapi/primary_with_secondaries/memory_sharing.c
-index 6080709..4bcf252 100644
---- a/test/vmapi/primary_with_secondaries/memory_sharing.c
-+++ b/test/vmapi/primary_with_secondaries/memory_sharing.c
-@@ -2307,87 +2307,6 @@ TEST(memory_sharing, ffa_validate_retrieve_req_mbz)
- 	}
- }
- 
--/**
-- * Memory can't be shared with arbitrary attributes because Hafnium maps pages
-- * with hardcoded values and doesn't support custom mappings.
-- */
--TEST(memory_sharing, ffa_validate_retrieve_req_attributes)
--{
--	struct ffa_value ret;
--	struct mailbox_buffers mb = set_up_mailbox();
--	uint32_t msg_size;
--	ffa_memory_handle_t handle;
--
--	struct ffa_value (*send_function[])(uint32_t, uint32_t) = {
--		ffa_mem_share,
--		ffa_mem_lend,
--	};
--
--	struct ffa_memory_region_constituent constituents[] = {
--		{.address = (uint64_t)pages, .page_count = 2},
--		{.address = (uint64_t)pages + PAGE_SIZE * 3, .page_count = 1},
--	};
--
--	SERVICE_SELECT(SERVICE_VM1, "ffa_memory_share_fail_denied", mb.send);
--
--	struct {
--		enum ffa_memory_type memory_type;
--		enum ffa_memory_cacheability memory_cacheability;
--		enum ffa_memory_shareability memory_shareability;
--	} invalid_attributes[] = {
--		/* Invalid memory type */
--		{FFA_MEMORY_DEVICE_MEM, FFA_MEMORY_CACHE_WRITE_BACK,
--		 FFA_MEMORY_INNER_SHAREABLE},
--		/* Invalid cacheability */
--		{FFA_MEMORY_NORMAL_MEM, FFA_MEMORY_CACHE_NON_CACHEABLE,
--		 FFA_MEMORY_INNER_SHAREABLE},
--		/* Invalid shareability */
--		{FFA_MEMORY_NORMAL_MEM, FFA_MEMORY_CACHE_WRITE_BACK,
--		 FFA_MEMORY_SHARE_NON_SHAREABLE},
--		{FFA_MEMORY_NORMAL_MEM, FFA_MEMORY_CACHE_WRITE_BACK,
--		 FFA_MEMORY_OUTER_SHAREABLE}};
--
--	for (uint32_t i = 0; i < ARRAY_SIZE(send_function); i++) {
--		/* Prepare memory region, and set all flags */
--		EXPECT_EQ(ffa_memory_region_init(
--				  mb.send, HF_MAILBOX_SIZE, HF_PRIMARY_VM_ID,
--				  SERVICE_VM1, constituents,
--				  ARRAY_SIZE(constituents), 0, 0,
--				  FFA_DATA_ACCESS_RW,
--				  FFA_INSTRUCTION_ACCESS_NOT_SPECIFIED,
--				  FFA_MEMORY_NORMAL_MEM,
--				  FFA_MEMORY_CACHE_WRITE_BACK,
--				  FFA_MEMORY_INNER_SHAREABLE, NULL, &msg_size),
--			  0);
--
--		ret = send_function[i](msg_size, msg_size);
--		EXPECT_EQ(ret.func, FFA_SUCCESS_32);
--
--		handle = ffa_mem_success_handle(ret);
--
--		for (uint32_t j = 0; j < ARRAY_SIZE(invalid_attributes); ++j) {
--			msg_size = ffa_memory_retrieve_request_init(
--				mb.send, handle, HF_PRIMARY_VM_ID, SERVICE_VM1,
--				0, 0, FFA_DATA_ACCESS_RW,
--				FFA_INSTRUCTION_ACCESS_NOT_SPECIFIED,
--				invalid_attributes[j].memory_type,
--				invalid_attributes[j].memory_cacheability,
--				invalid_attributes[j].memory_shareability);
--
--			EXPECT_LE(msg_size, HF_MAILBOX_SIZE);
--
--			EXPECT_EQ(ffa_msg_send(HF_PRIMARY_VM_ID, SERVICE_VM1,
--					       msg_size, 0)
--					  .func,
--				  FFA_SUCCESS_32);
--
--			ffa_run(SERVICE_VM1, 0);
--		}
--
--		EXPECT_EQ(ffa_mem_reclaim(handle, 0).func, FFA_SUCCESS_32);
--	}
--}
--
- /**
-  * If memory is shared can't request zeroing of memory at both send and
-  * relinquish.
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0005-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0005-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch
new file mode 100644
index 0000000..1808295
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0005-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch
@@ -0,0 +1,44 @@
+From 02c8afc4f7315b4e12098ffeb8bd5e64e4891e78 Mon Sep 17 00:00:00 2001
+From: Davidson K <davidson.kumaresan@arm.com>
+Date: Thu, 7 Oct 2021 12:20:08 +0530
+Subject: [PATCH] feat(vhe): set STAGE1_NS while mapping memory from NWd to SWd
+
+If the memory is shared by a VM executing in non secure world, attribute
+MM_MODE_NS had to be set while mapping that in a S-EL0 SP executing in
+secure world. It will not be needed for a S-EL1 SP since the NS bit is
+available only for the stage 1 translations and the stage 1 translations
+for a S-EL1 SP will be handled by a trusted OS running in S-EL1.
+
+Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
+Change-Id: I074e2d5a50a659bd3c097d797c4901f08d210b1b
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ src/ffa_memory.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/src/ffa_memory.c b/src/ffa_memory.c
+index 048cca9..8910cc7 100644
+--- a/src/ffa_memory.c
++++ b/src/ffa_memory.c
+@@ -2483,6 +2483,18 @@ struct ffa_value ffa_memory_retrieve(struct vm_locked to_locked,
+ 
+ 	memory_to_attributes = ffa_memory_permissions_to_mode(
+ 		permissions, share_state->sender_orig_mode);
++
++	if (to_locked.vm->el0_partition) {
++		/*
++		 * Get extra mapping attributes for the given VM ID.
++		 * If the memory is shared by a VM executing in non secure
++		 * world, attribute MM_MODE_NS had to be set while mapping
++		 * that in a SP executing in secure world.
++		 */
++		memory_to_attributes |= arch_mm_extra_attributes_from_vm(
++						retrieve_request->sender);
++	}
++
+ 	ret = ffa_retrieve_check_update(
+ 		to_locked, memory_region->sender, share_state->fragments,
+ 		share_state->fragment_constituent_counts,
+-- 
+2.34.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0006-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0006-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch
new file mode 100644
index 0000000..3139759
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/files/tc/0006-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch
@@ -0,0 +1,34 @@
+From c235511a06a54bcccec97b3067c1004d3957b1d8 Mon Sep 17 00:00:00 2001
+From: Davidson K <davidson.kumaresan@arm.com>
+Date: Thu, 8 Sep 2022 10:47:10 +0530
+Subject: [PATCH] feat(vhe): enable vhe and disable branch protection for TC
+
+Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
+Change-Id: I60cd607d9f2bf0114b482980e7ca68e24aaf4d1f
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ BUILD.gn | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/BUILD.gn b/BUILD.gn
+index 62ba763..f26ce03 100644
+--- a/BUILD.gn
++++ b/BUILD.gn
+@@ -238,7 +238,6 @@ aarch64_toolchains("secure_tc") {
+   heap_pages = 120
+   max_cpus = 8
+   max_vms = 16
+-  branch_protection = "standard"
+   toolchain_args = {
+     plat_ffa = "//src/arch/aarch64/plat/ffa:spmc"
+     plat_psci = "//src/arch/aarch64/plat/psci:spmc"
+@@ -247,5 +246,6 @@ aarch64_toolchains("secure_tc") {
+     secure_world = "1"
+     pl011_base_address = "0x7ff80000"
+     enable_mte = "1"
++    enable_vhe = "1"
+   }
+ }
+-- 
+2.34.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/hafnium-tc.inc b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/hafnium-tc.inc
index c8f77dc..6dd08ad 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/hafnium-tc.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/hafnium-tc.inc
@@ -3,20 +3,21 @@
 COMPATIBLE_MACHINE = "(tc?)"
 HAFNIUM_PLATFORM = "secure_tc"
 
-SRCREV = "4eb7b54348234d7f4bbac64bac28f683d6574ba9"
+# Intermediate SHA with 2.7 baseline version
+SRCREV = "dd0561820946fe23bcd57cc129140437f72102a5"
+PV = "2.7+git${SRCPV}"
+
 FILESEXTRAPATHS:prepend:tc := "${THISDIR}/files/tc:"
 
-SRC_URI:remove = " \
-    file://host-ld.patch \
-    file://native-dtc.patch"
+SRC_URI:remove = "file://0001-Fix-build-with-clang-15.patch"
 
 SRC_URI:append = " \
         file://0001-feat-emulate-cntp-timer-register-accesses-using-cnth.patch \
-        file://0002-fix-ff-a-Use-FFA_INTERRUPT-to-signal-an-interrupted-.patch \
-        file://0003-fix-ff-a-Add-FFA_SECONDARY_EP_REGISTER_64-to-list-of.patch \
-        file://0004-feat-emulate-interrupt-controller-register-access.patch \
-        file://0005-Revert-fix-ff-a-check-receiver-s-attributes-on-memor.patch \
-        file://0006-tc-increase-heap-pages.patch \
+        file://0002-feat-emulate-interrupt-controller-register-access.patch \
+        file://0003-tc-increase-heap-pages.patch;patchdir=project/reference \
+        file://0004-feat-disable-alignment-check-for-EL0-partitions.patch \
+        file://0005-feat-vhe-set-STAGE1_NS-while-mapping-memory-from-NWd.patch \
+        file://0006-feat-vhe-enable-vhe-and-disable-branch-protection-fo.patch;patchdir=project/reference \
         "
 
 do_compile() {
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb
index ad5ec95..76a7126 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-image.bb
@@ -6,8 +6,27 @@
 COMPATIBLE_MACHINE = "corstone1000"
 
 inherit image
-inherit wic_nopt
+inherit wic_nopt tfm_sign_image
 
 PACKAGE_INSTALL = ""
 
 IMAGE_FSTYPES += "wic wic.nopt"
+
+do_sign_images() {
+    # Sign TF-A BL2
+    sign_host_image ${RECIPE_SYSROOT}/firmware/${TFA_BL2_BINARY} \
+        ${TFA_BL2_RE_IMAGE_LOAD_ADDRESS} ${TFA_BL2_RE_SIGN_BIN_SIZE}
+
+    # Update BL2 in the FIP image
+    cp ${RECIPE_SYSROOT}/firmware/${TFA_FIP_BINARY} .
+    fiptool update --tb-fw ${TFM_IMAGE_SIGN_DIR}/signed_${TFA_BL2_BINARY} \
+        ${TFM_IMAGE_SIGN_DIR}/${TFA_FIP_BINARY}
+
+    # Sign the FIP image
+    sign_host_image ${TFM_IMAGE_SIGN_DIR}/${TFA_FIP_BINARY} \
+        ${TFA_FIP_RE_IMAGE_LOAD_ADDRESS} ${TFA_FIP_RE_SIGN_BIN_SIZE}
+}
+do_sign_images[depends] = "\
+    trusted-firmware-a:do_populate_sysroot \
+    fiptool-native:do_populate_sysroot \
+    "
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb
index b778a00..46427b7 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/corstone1000-initramfs-image.bb
@@ -23,8 +23,8 @@
 # all optee packages
 IMAGE_INSTALL += "optee-client"
 
-# FF-A Debugfs driver
-IMAGE_INSTALL += "ffa-debugfs-mod"
+# external system linux userspace test application
+IMAGE_INSTALL += "corstone1000-external-sys-tests"
 
-# psa-arch-tests linux userspace application
-IMAGE_INSTALL += "secure-partitions-psa-api-tests"
+# TS PSA API tests commands for crypto, its, ps and iat
+IMAGE_INSTALL += "packagegroup-ts-tests-psa"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/images/n1sdp-board-firmware_2021.10.12.bb b/meta-arm/meta-arm-bsp/recipes-bsp/images/n1sdp-board-firmware_2022.06.22.bb
similarity index 79%
rename from meta-arm/meta-arm-bsp/recipes-bsp/images/n1sdp-board-firmware_2021.10.12.bb
rename to meta-arm/meta-arm-bsp/recipes-bsp/images/n1sdp-board-firmware_2022.06.22.bb
index dda99e7..ef7a4fc 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/images/n1sdp-board-firmware_2021.10.12.bb
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/images/n1sdp-board-firmware_2022.06.22.bb
@@ -2,7 +2,7 @@
 SECTION = "firmware"
 
 LICENSE = "STM-SLA0044-Rev5"
-LIC_FILES_CHKSUM = "file://LICENSES/STM.TXT;md5=cd18335eff80d0a690a650f0e6748baf"
+LIC_FILES_CHKSUM = "file://LICENSES/MB/STM.TXT;md5=1b74d8c842307d03c116f2d71cbf868a"
 
 inherit deploy
 
@@ -13,7 +13,7 @@
 
 SRC_URI = "git://git.gitlab.arm.com/arm-reference-solutions/board-firmware.git;protocol=https;branch=n1sdp"
 
-SRCREV = "e6cd91c7a9733e501bc3b57ff6f9eb2461ffee54"
+SRCREV = "6d5253584a9c2fdc2edbdc39bf6f2436215d1382"
 
 S = "${WORKDIR}/git"
 
@@ -25,6 +25,7 @@
     cp -Rp --no-preserve=ownership ${S}/* ${D}${INSTALL_DIR}
 }
 
+FILES:${PN}-staticdev += " ${INSTALL_DIR}/LIB/sensor.a"
 FILES:${PN} = "${INSTALL_DIR}"
 SYSROOT_DIRS += "${INSTALL_DIR}"
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc
index e66469c..85f89a0 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-n1sdp.inc
@@ -3,14 +3,20 @@
 SCP_PLATFORM  = "n1sdp"
 SCP_LOG_LEVEL = "INFO"
 
-# master branch at n1sdp: Introduce trusted board boot
-SRCREV  = "3e4c34ceccc1c960eb3a4adaa922f2a0c6b36be3"
+SRCREV  = "de7e464ecd77130147103cf48328099c2d0e6289"
 PV .= "+git${SRCPV}"
 
 COMPATIBLE_MACHINE:n1sdp = "n1sdp"
 
 DEPENDS += "fiptool-native"
 DEPENDS += "trusted-firmware-a"
+DEPENDS += "n1sdp-board-firmware"
+
+# The n1sdp sensor library is needed for building SCP N1SDP Platform
+# https://github.com/ARM-software/SCP-firmware/tree/master/product/n1sdp
+EXTRA_OECMAKE:append = " \
+    -DSCP_N1SDP_SENSOR_LIB_PATH=${RECIPE_SYSROOT}/n1sdp-board-firmware_source/LIB/sensor.a \
+"
 
 do_install:append() {
    fiptool \
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0007-feat-arm-tc-Update-trusty-load-address-in-dts-files.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0007-feat-arm-tc-Update-trusty-load-address-in-dts-files.patch
new file mode 100644
index 0000000..c5a25e9
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0007-feat-arm-tc-Update-trusty-load-address-in-dts-files.patch
@@ -0,0 +1,44 @@
+From ea9556a14bec0249ac6e01e4a55cbb04fd15b51a Mon Sep 17 00:00:00 2001
+From: Rupinderjit Singh <rupinderjit.singh@arm.com>
+Date: Wed, 27 Jul 2022 09:23:58 +0100
+Subject: [PATCH] feat(arm/tc): Update trusty load-address in dts files.
+
+Change is required to align with sp header size change from 0x1000 to 0x4000
+
+Signed-off-by: Rupinderjit Singh <rupinderjit.singh@arm.com>
+Change-Id: Ieeaa7450196b33ecff1612cf3b55cf173a7941e0
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ plat/arm/board/tc/fdts/tc_spmc_trusty_sp_manifest.dts | 2 +-
+ plat/arm/board/tc/fdts/tc_tb_fw_config.dts            | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/plat/arm/board/tc/fdts/tc_spmc_trusty_sp_manifest.dts b/plat/arm/board/tc/fdts/tc_spmc_trusty_sp_manifest.dts
+index e2ea7b811..66a686c9a 100644
+--- a/plat/arm/board/tc/fdts/tc_spmc_trusty_sp_manifest.dts
++++ b/plat/arm/board/tc/fdts/tc_spmc_trusty_sp_manifest.dts
+@@ -25,7 +25,7 @@
+ 		vm1 {
+ 			is_ffa_partition;
+ 			debug_name = "trusty";
+-			load_address = <0xf901f000>;
++			load_address = <0xf901c000>;
+ 			vcpu_count = <8>;
+ 			mem_size = <0x3f00000>; /* 64MB TZC DRAM - 1MB align */
+ 		};
+diff --git a/plat/arm/board/tc/fdts/tc_tb_fw_config.dts b/plat/arm/board/tc/fdts/tc_tb_fw_config.dts
+index a72772fb3..a5bb520fe 100644
+--- a/plat/arm/board/tc/fdts/tc_tb_fw_config.dts
++++ b/plat/arm/board/tc/fdts/tc_tb_fw_config.dts
+@@ -50,7 +50,7 @@
+ #elif TRUSTY_SP_FW_CONFIG
+ 		trusty {
+ 		       uuid = "40ee25f0-a2bc-304c-8c4c-a173c57d8af1";
+-		       load-address = <0xf901f000>;
++		       load-address = <0xf901c000>;
+ 		};
+ #else
+ 		cactus-primary {
+-- 
+2.25.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0007-fix-plat-tc-disable-smmu.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0007-fix-plat-tc-disable-smmu.patch
deleted file mode 100644
index 91f5a9e..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0007-fix-plat-tc-disable-smmu.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 1a051bef6c63f6871edd8d87e969460f073820a7 Mon Sep 17 00:00:00 2001
-From: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
-Date: Wed, 27 Apr 2022 18:15:47 +0100
-Subject: [PATCH 7/7] fix(plat/tc): disable smmu
-
-Reserve static shared-dma-pool below 4GB. This removes dependency on
-SMMU driver. As there are stability issues in SMMU driver, it is
-disabled. This change is temporary and will be reverted upon proper
-fix and testing.
-
-Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
-Change-Id: I6b1b4c2a0acdf62df8c26007c7ca596774e13710
-Upstream-Status: Pending [Not submitted to upstream yet]
----
- fdts/tc.dts | 16 +++-------------
- 1 file changed, 3 insertions(+), 13 deletions(-)
-
-diff --git a/fdts/tc.dts b/fdts/tc.dts
-index dc86958bf..fbae3e3e8 100644
---- a/fdts/tc.dts
-+++ b/fdts/tc.dts
-@@ -209,12 +209,12 @@
- 		linux,cma {
- 			compatible = "shared-dma-pool";
- 			reusable;
--			size = <0x0 0x8000000>;
-+			reg = <0x0 0xf1000000 0x0 0x8000000>;
- 			linux,cma-default;
- 		};
- 
--		optee@0xf8e00000 {
--			reg = <0x00000000 0xf8e00000 0 0x00200000>;
-+		optee@0xf0e00000 {
-+			reg = <0x0 0xf0e00000 0 0x00200000>;
- 			no-map;
- 		};
- 	};
-@@ -460,13 +460,6 @@
- 		>;
- 	};
- 
--	smmu: smmu@2ce00000 {
--		#iommu-cells = <1>;
--		compatible = "arm,smmu-v3";
--		reg = <0x0 0x2ce00000 0x0 0x20000>;
--		status = "okay";
--	};
--
- 	dp0: display@2cc00000 {
- 		#address-cells = <1>;
- 		#size-cells = <0>;
-@@ -476,9 +469,6 @@
- 		interrupt-names = "DPU";
- 		clocks = <&scmi_clk 0>;
- 		clock-names = "aclk";
--		iommus = <&smmu 0>, <&smmu 1>, <&smmu 2>, <&smmu 3>,
--			<&smmu 4>, <&smmu 5>, <&smmu 6>, <&smmu 7>,
--			<&smmu 8>, <&smmu 9>;
- 		pl0: pipeline@0 {
- 			reg = <0>;
- 			clocks = <&scmi_clk 1>;
--- 
-2.30.2
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0008-feat-plat-tc-add-firmware-update-secure-partition.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0008-feat-plat-tc-add-firmware-update-secure-partition.patch
new file mode 100644
index 0000000..d36d959
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0008-feat-plat-tc-add-firmware-update-secure-partition.patch
@@ -0,0 +1,63 @@
+From 16f183e3c09d64fee92638ea9d0017ac7973ddf8 Mon Sep 17 00:00:00 2001
+From: Tudor Cretu <tudor.cretu@arm.com>
+Date: Fri, 24 Sep 2021 12:09:53 +0000
+Subject: [PATCH 1/2] feat(plat/tc): add firmware update secure partition
+
+Firmware update is a trusted service secure partition that implements
+the PSA firmware update specification. It executes in the secure world
+in total compute platform.
+
+Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
+Signed-off-by: Tudor Cretu <tudor.cretu@arm.com>
+Change-Id: I6223d247b078de8c03b068185bf120b3d502f500
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ plat/arm/board/tc/fdts/tc_spmc_optee_sp_manifest.dts | 9 ++++++++-
+ plat/arm/board/tc/fdts/tc_tb_fw_config.dts           | 4 ++++
+ 2 files changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/plat/arm/board/tc/fdts/tc_spmc_optee_sp_manifest.dts b/plat/arm/board/tc/fdts/tc_spmc_optee_sp_manifest.dts
+index 92e2ddda6..23ad06888 100644
+--- a/plat/arm/board/tc/fdts/tc_spmc_optee_sp_manifest.dts
++++ b/plat/arm/board/tc/fdts/tc_spmc_optee_sp_manifest.dts
+@@ -28,7 +28,7 @@
+ 			load_address = <0xfd280000>;
+ 			vcpu_count = <8>;
+ #ifdef TS_SP_FW_CONFIG
+-			mem_size = <26738688>; /* 25MB TZC DRAM */
++			mem_size = <20447232>; /* 19MB TZC DRAM */
+ #else
+ 			mem_size = <30928896>; /* 29MB TZC DRAM */
+ #endif
+@@ -48,6 +48,13 @@
+ 			vcpu_count = <1>;
+ 			mem_size = <2097152>; /* 2MB TZC DRAM */
+ 		};
++		vm4 {
++			is_ffa_partition;
++			debug_name = "firmware-update";
++			load_address = <0xfe600000>;
++			vcpu_count = <1>;
++			mem_size = <6291456>; /* 6MB TZC DRAM */
++		};
+ #endif
+ 	};
+ 
+diff --git a/plat/arm/board/tc/fdts/tc_tb_fw_config.dts b/plat/arm/board/tc/fdts/tc_tb_fw_config.dts
+index a5bb520fe..2c640b363 100644
+--- a/plat/arm/board/tc/fdts/tc_tb_fw_config.dts
++++ b/plat/arm/board/tc/fdts/tc_tb_fw_config.dts
+@@ -41,6 +41,10 @@
+ 		       uuid = "d9df52d5-16a2-4bb2-9aa4-d26d3b84e8c0";
+ 		       load-address = <0xfec00000>;
+ 		};
++		firmware-update {
++		       uuid = "6823a838-1b06-470e-9774-0cce8bfb53fd";
++		       load-address = <0xfe600000>;
++		};
+ #endif
+ #if OPTEE_SP_FW_CONFIG
+ 		op-tee {
+-- 
+2.34.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0009-feat-plat-tc-reserve-4-MB-for-stmm-communication-use.patch b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0009-feat-plat-tc-reserve-4-MB-for-stmm-communication-use.patch
new file mode 100644
index 0000000..f20f948
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/0009-feat-plat-tc-reserve-4-MB-for-stmm-communication-use.patch
@@ -0,0 +1,35 @@
+From a8cdd6c67d26c15642338a45279db5e39cf4e565 Mon Sep 17 00:00:00 2001
+From: Davidson K <davidson.kumaresan@arm.com>
+Date: Fri, 3 Jun 2022 18:16:31 +0530
+Subject: [PATCH 2/2] feat(plat/tc): reserve 4 MB for stmm communication used
+ for firmware update
+
+The firmware update secure partition and u-boot communicates using
+the stmm communication layer and it needs a dedicated memory region.
+
+Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
+Change-Id: I8d4da5c26843d225983dcaee0757694a6d43234c
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ fdts/tc.dts | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/fdts/tc.dts b/fdts/tc.dts
+index dc86958bf..cb504c4a2 100644
+--- a/fdts/tc.dts
++++ b/fdts/tc.dts
+@@ -217,6 +217,11 @@
+ 			reg = <0x00000000 0xf8e00000 0 0x00200000>;
+ 			no-map;
+ 		};
++
++		fwu_mm@0xfca00000 {
++			reg = <0x00000000 0xfca00000 0 0x00400000>;
++			no-map;
++		};
+ 	};
+ 
+ 	psci {
+-- 
+2.34.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
index 341c8a2..3034680 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc
@@ -37,6 +37,3 @@
                         BL32=${RECIPE_SYSROOT}/lib/firmware/tee-pager_v2.bin \
                         LOG_LEVEL=50 \
                         "
-
-# trigger TF-M build so TF-A binaries get signed
-do_deploy[depends]+= "virtual/trusted-firmware-m:do_prepare_recipe_sysroot"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc
index 034dac3..9fb567f 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc
@@ -1,6 +1,7 @@
 # N1SDP specific TFA support
 
-SRCREV_tfa  = "1d867c14cb41c1171d16fa7e395a4eaed3d572b2"
+# Align with post-N1SDP-2022.06.22 refresh
+SRCREV_tfa  = "1309c6c805190bd376c0561597653f3f8ecd0f58"
 PV .= "+git${SRCPV}"
 
 COMPATIBLE_MACHINE = "n1sdp"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-tc.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-tc.inc
index 8cb53de..301f97c 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-tc.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-tc.inc
@@ -1,5 +1,9 @@
 # TC0 specific TFA configuration
 
+# Intermediate SHA with 2.7 baseline version
+SRCREV_tfa = "e95abc4c01822ef43e9e874d63d6596dc0b57279"
+PV = "2.7+git${SRCPV}"
+
 DEPENDS += "scp-firmware util-linux-native gptfdisk-native"
 
 FILESEXTRAPATHS:prepend := "${THISDIR}/files/tc:"
@@ -10,7 +14,9 @@
     file://0004-fix-plat-tc-increase-tc_tzc_dram1_size.patch \
     file://0005-feat-plat-tc-add-spmc-manifest-with-trusty-sp.patch \
     file://0006-feat-plat-tc-update-dts-with-trusty-compatible-strin.patch \
-    file://0007-fix-plat-tc-disable-smmu.patch \
+    file://0007-feat-arm-tc-Update-trusty-load-address-in-dts-files.patch \
+    file://0008-feat-plat-tc-add-firmware-update-secure-partition.patch \
+    file://0009-feat-plat-tc-reserve-4-MB-for-stmm-communication-use.patch \
     file://generate_metadata.py \
     "
 
@@ -41,6 +47,7 @@
 EXTRA_OEMAKE += "TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
                      ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem"
 EXTRA_OEMAKE += "PSA_FWU_SUPPORT=1 ARM_GPT_SUPPORT=1"
+EXTRA_OEMAKE += "CTX_INCLUDE_MTE_REGS=1"
 
 do_generate_gpt() {
     gpt_image="${BUILD_DIR}/fip_gpt.bin"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
index eb400e5..95c49d0 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
@@ -25,25 +25,8 @@
 SRCREV_openamp = "347397decaa43372fc4d00f965640ebde042966d"
 EXTRA_OECMAKE += "-DLIBOPENAMP_SRC_PATH=${WORKDIR}/git/openamp -DLIBOPENAMP_BIN_PATH=${B}/libopenamp-build"
 
-DEPENDS += "trusted-firmware-a"
-
-# adding host images signing support
-require trusted-firmware-m-sign-host-images.inc
-
 do_install() {
   install -D -p -m 0644 ${B}/install/outputs/tfm_s_signed.bin ${D}/firmware/tfm_s_signed.bin
   install -D -p -m 0644 ${B}/install/outputs/bl2_signed.bin ${D}/firmware/bl2_signed.bin
   install -D -p -m 0644 ${B}/install/outputs/bl1.bin ${D}/firmware/bl1.bin
-
-  #
-  # Signing TF-A BL2 and the FIP image
-  #
-
-  sign_host_image ${TFA_BL2_BINARY} ${RECIPE_SYSROOT}/firmware ${TFA_BL2_RE_IMAGE_LOAD_ADDRESS} ${TFA_BL2_RE_SIGN_BIN_SIZE}
-
-  fiptool update \
-      --tb-fw ${D}/firmware/signed_${TFA_BL2_BINARY} \
-      ${RECIPE_SYSROOT}/firmware/${TFA_FIP_BINARY}
-
-  sign_host_image ${TFA_FIP_BINARY} ${RECIPE_SYSROOT}/firmware ${TFA_FIP_RE_IMAGE_LOAD_ADDRESS} ${TFA_FIP_RE_SIGN_BIN_SIZE}
 }
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-sign-host-images.inc b/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-sign-host-images.inc
deleted file mode 100644
index 49af356..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-sign-host-images.inc
+++ /dev/null
@@ -1,50 +0,0 @@
-# Signing host images using TF-M tools
-
-DEPENDS += "python3-imgtool-native fiptool-native"
-
-#
-# sign_host_image
-#
-# Description:
-#
-# A generic function that signs a host image
-# using MCUBOOT format
-#
-# Arguments:
-#
-# $1 ... host binary to sign
-# $2 ... host binary path
-# $3 ... load address of the given binary
-# $4 ... signed binary size
-#
-# Note: The signed binary is copied to ${D}/firmware
-#
-sign_host_image() {
-
-    host_binary_filename="`basename -s .bin ${1}`"
-    host_binary_layout="${host_binary_filename}_ns"
-
-    cat << EOF > ${B}/${host_binary_layout}
-enum image_attributes {
-    RE_IMAGE_LOAD_ADDRESS = ${3},
-    RE_SIGN_BIN_SIZE = ${4},
-};
-EOF
-
-    host_binary="${2}/`basename ${1}`"
-    host_binary_signed="${D}/firmware/signed_`basename ${1}`"
-
-    ${PYTHON} ${S}/bl2/ext/mcuboot/scripts/wrapper/wrapper.py \
-            -v ${RE_LAYOUT_WRAPPER_VERSION} \
-            --layout ${B}/${host_binary_layout} \
-            -k  ${TFM_SIGN_PRIVATE_KEY} \
-            --public-key-format full \
-            --align 1 \
-            --pad \
-            --pad-header \
-            -H ${RE_IMAGE_OFFSET} \
-            -s auto \
-            ${host_binary} \
-            ${host_binary_signed}
-
-}
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0001-cmd-load-add-load-command-for-memory-mapped.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0001-cmd-load-add-load-command-for-memory-mapped.patch
index dc64e3c..4d7c51f 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0001-cmd-load-add-load-command-for-memory-mapped.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0001-cmd-load-add-load-command-for-memory-mapped.patch
@@ -1,7 +1,7 @@
-From 7a1a84ea74fdd06a7f5f239f4c5f4b727d6cd232 Mon Sep 17 00:00:00 2001
+From 910760408430de32ad08b1e5ddf894cc9f2f3d0c Mon Sep 17 00:00:00 2001
 From: Rui Miguel Silva <rui.silva@linaro.org>
 Date: Thu, 24 Jun 2021 09:25:00 +0100
-Subject: [PATCH 01/24] cmd: load: add load command for memory mapped
+Subject: [PATCH 01/26] cmd: load: add load command for memory mapped
 
 cp.b is used a lot as a way to load binaries to memory and execute
 them, however we may need to integrate this with the efi subsystem to
@@ -16,6 +16,7 @@
 then subsequently booted with bootefi command.
 
 Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Upstream-Status: Accepted [2022.10-rc1]
 ---
  README                           |  1 +
  cmd/Kconfig                      |  6 ++++
@@ -26,7 +27,7 @@
  6 files changed, 78 insertions(+)
 
 diff --git a/README b/README
-index b7ab6e50708d..cd76f95e74c1 100644
+index b7ab6e5070..cd76f95e74 100644
 --- a/README
 +++ b/README
 @@ -2578,6 +2578,7 @@ rarpboot- boot image via network using RARP/TFTP protocol
@@ -38,7 +39,7 @@
  mm	- memory modify (auto-incrementing)
  nm	- memory modify (constant address)
 diff --git a/cmd/Kconfig b/cmd/Kconfig
-index 09193b61b95f..ba2f321ae989 100644
+index 09193b61b9..ba2f321ae9 100644
 --- a/cmd/Kconfig
 +++ b/cmd/Kconfig
 @@ -1143,6 +1143,12 @@ config CMD_LOADB
@@ -55,7 +56,7 @@
  	bool "loads"
  	default y
 diff --git a/cmd/bootefi.c b/cmd/bootefi.c
-index 827fcd97dfd8..37ce659fa123 100644
+index 827fcd97df..37ce659fa1 100644
 --- a/cmd/bootefi.c
 +++ b/cmd/bootefi.c
 @@ -34,6 +34,18 @@ static struct efi_device_path *bootefi_device_path;
@@ -78,7 +79,7 @@
   * efi_clear_bootdev() - clear boot device
   */
 diff --git a/cmd/load.c b/cmd/load.c
-index 7e4a552d90ef..1224a7f85bb3 100644
+index 7e4a552d90..1224a7f85b 100644
 --- a/cmd/load.c
 +++ b/cmd/load.c
 @@ -1063,6 +1063,44 @@ static ulong load_serial_ymodem(ulong offset, int mode)
@@ -141,7 +142,7 @@
 +);
 +#endif /* CONFIG_CMD_LOADM */
 diff --git a/include/efi_loader.h b/include/efi_loader.h
-index 11930fbea838..5b41985244e2 100644
+index 11930fbea8..5b41985244 100644
 --- a/include/efi_loader.h
 +++ b/include/efi_loader.h
 @@ -591,6 +591,8 @@ efi_status_t efi_load_pe(struct efi_loaded_image_obj *handle,
@@ -154,7 +155,7 @@
  void efi_add_handle(efi_handle_t obj);
  /* Create handle */
 diff --git a/lib/efi_loader/efi_device_path.c b/lib/efi_loader/efi_device_path.c
-index 171661b89727..2493d7432613 100644
+index 171661b897..2493d74326 100644
 --- a/lib/efi_loader/efi_device_path.c
 +++ b/lib/efi_loader/efi_device_path.c
 @@ -1158,6 +1158,8 @@ efi_status_t efi_dp_from_name(const char *dev, const char *devnr,
@@ -181,5 +182,5 @@
  		part = blk_get_device_part_str(dev, devnr, &desc, &fs_partition,
  					       1);
 -- 
-2.37.1
+2.17.1
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0002-arm-add-support-to-corstone1000-platform.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0002-arm-add-support-to-corstone1000-platform.patch
index 1863629..4c7c9b1 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0002-arm-add-support-to-corstone1000-platform.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0002-arm-add-support-to-corstone1000-platform.patch
@@ -1,7 +1,7 @@
-From c9a9a467bb335047812004dd022dcadf9514101f Mon Sep 17 00:00:00 2001
+From 3523b1bac430f10f02a31f7d013ea369e29656be Mon Sep 17 00:00:00 2001
 From: Rui Miguel Silva <rui.silva@linaro.org>
 Date: Tue, 15 Feb 2022 09:44:10 +0000
-Subject: [PATCH 02/24] arm: add support to corstone1000 platform
+Subject: [PATCH 02/26] arm: add support to corstone1000 platform
 
 Corstone1000 is a platform from arm, which includes pre
 verified Corstone SSE710 sub-system that combines Cortex-A and
@@ -18,6 +18,7 @@
 
 Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
 Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Upstream-Status: Accepted [2022.10-rc1]
 ---
  arch/arm/Kconfig                         |   8 ++
  arch/arm/dts/Makefile                    |   3 +
@@ -42,7 +43,7 @@
  create mode 100644 include/configs/corstone1000.h
 
 diff --git a/arch/arm/Kconfig b/arch/arm/Kconfig
-index 9898c7d68e1b..2fc2b7d20f12 100644
+index 9898c7d68e..2fc2b7d20f 100644
 --- a/arch/arm/Kconfig
 +++ b/arch/arm/Kconfig
 @@ -1347,6 +1347,12 @@ config ARCH_VEXPRESS64
@@ -68,7 +69,7 @@
  source "board/bosch/guardian/Kconfig"
  source "board/Marvell/octeontx/Kconfig"
 diff --git a/arch/arm/dts/Makefile b/arch/arm/dts/Makefile
-index a7e0d9f6c0e8..8c8f15b6a813 100644
+index a7e0d9f6c0..8c8f15b6a8 100644
 --- a/arch/arm/dts/Makefile
 +++ b/arch/arm/dts/Makefile
 @@ -1265,6 +1265,9 @@ dtb-$(CONFIG_TARGET_EA_LPC3250DEVKITV2) += lpc3250-ea3250.dtb
@@ -83,7 +84,7 @@
  targets += $(dtb-y)
 diff --git a/arch/arm/dts/corstone1000-fvp.dts b/arch/arm/dts/corstone1000-fvp.dts
 new file mode 100644
-index 000000000000..1fcc137a493c
+index 0000000000..1fcc137a49
 --- /dev/null
 +++ b/arch/arm/dts/corstone1000-fvp.dts
 @@ -0,0 +1,23 @@
@@ -112,7 +113,7 @@
 +};
 diff --git a/arch/arm/dts/corstone1000-mps3.dts b/arch/arm/dts/corstone1000-mps3.dts
 new file mode 100644
-index 000000000000..e3146747c2d9
+index 0000000000..e3146747c2
 --- /dev/null
 +++ b/arch/arm/dts/corstone1000-mps3.dts
 @@ -0,0 +1,32 @@
@@ -150,7 +151,7 @@
 +};
 diff --git a/arch/arm/dts/corstone1000.dtsi b/arch/arm/dts/corstone1000.dtsi
 new file mode 100644
-index 000000000000..d0194aa893f2
+index 0000000000..d0194aa893
 --- /dev/null
 +++ b/arch/arm/dts/corstone1000.dtsi
 @@ -0,0 +1,169 @@
@@ -325,7 +326,7 @@
 +};
 diff --git a/board/armltd/corstone1000/Kconfig b/board/armltd/corstone1000/Kconfig
 new file mode 100644
-index 000000000000..709674d4cf7d
+index 0000000000..709674d4cf
 --- /dev/null
 +++ b/board/armltd/corstone1000/Kconfig
 @@ -0,0 +1,12 @@
@@ -343,7 +344,7 @@
 +endif
 diff --git a/board/armltd/corstone1000/MAINTAINERS b/board/armltd/corstone1000/MAINTAINERS
 new file mode 100644
-index 000000000000..8c905686de76
+index 0000000000..8c905686de
 --- /dev/null
 +++ b/board/armltd/corstone1000/MAINTAINERS
 @@ -0,0 +1,7 @@
@@ -356,7 +357,7 @@
 +F:	configs/corstone1000_defconfig
 diff --git a/board/armltd/corstone1000/Makefile b/board/armltd/corstone1000/Makefile
 new file mode 100644
-index 000000000000..77a82c28929b
+index 0000000000..77a82c2892
 --- /dev/null
 +++ b/board/armltd/corstone1000/Makefile
 @@ -0,0 +1,7 @@
@@ -369,7 +370,7 @@
 +obj-y	:= corstone1000.o
 diff --git a/board/armltd/corstone1000/corstone1000.c b/board/armltd/corstone1000/corstone1000.c
 new file mode 100644
-index 000000000000..2fa485ff3799
+index 0000000000..2fa485ff37
 --- /dev/null
 +++ b/board/armltd/corstone1000/corstone1000.c
 @@ -0,0 +1,125 @@
@@ -500,7 +501,7 @@
 +}
 diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
 new file mode 100644
-index 000000000000..02f931b0d469
+index 0000000000..02f931b0d4
 --- /dev/null
 +++ b/configs/corstone1000_defconfig
 @@ -0,0 +1,80 @@
@@ -586,7 +587,7 @@
 +CONFIG_MISC=y
 diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h
 new file mode 100644
-index 000000000000..cf166f107efd
+index 0000000000..cf166f107e
 --- /dev/null
 +++ b/include/configs/corstone1000.h
 @@ -0,0 +1,86 @@
@@ -677,5 +678,5 @@
 +				"bootefi $kernel_addr_r $fdtcontroladdr;"
 +#endif
 -- 
-2.37.1
+2.17.1
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0003-usb-common-move-urb-code-to-common.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0003-usb-common-move-urb-code-to-common.patch
index 1cebd07..7e726fe 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0003-usb-common-move-urb-code-to-common.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0003-usb-common-move-urb-code-to-common.patch
@@ -1,12 +1,13 @@
-From 61c5fe3758a0febdee33429f5be16f69279045cc Mon Sep 17 00:00:00 2001
+From 178da5bee196f44c4c10e9804674fe5ac0bc1176 Mon Sep 17 00:00:00 2001
 From: Rui Miguel Silva <rui.silva@linaro.org>
 Date: Mon, 28 Jun 2021 23:20:55 +0100
-Subject: [PATCH 03/24] usb: common: move urb code to common
+Subject: [PATCH 03/26] usb: common: move urb code to common
 
 Move urb code from musb only use to a more common scope, so other
 drivers in the future can use the handling of urb in usb.
 
 Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Upstream-Status: Accepted [2022.10-rc1]
 ---
  drivers/usb/common/Makefile                   |   2 +
  drivers/usb/common/usb_urb.c                  | 160 ++++++++++++++++++
@@ -23,7 +24,7 @@
  rename drivers/usb/musb-new/usb-compat.h => include/linux/usb/usb_urb_compat.h (60%)
 
 diff --git a/drivers/usb/common/Makefile b/drivers/usb/common/Makefile
-index 3bedbf213f47..dc05cb0a5077 100644
+index 3bedbf213f..dc05cb0a50 100644
 --- a/drivers/usb/common/Makefile
 +++ b/drivers/usb/common/Makefile
 @@ -4,5 +4,7 @@
@@ -36,7 +37,7 @@
  obj-$(CONFIG_USB_XHCI_FSL) += fsl-dt-fixup.o fsl-errata.o
 diff --git a/drivers/usb/common/usb_urb.c b/drivers/usb/common/usb_urb.c
 new file mode 100644
-index 000000000000..be3b6b9f32e8
+index 0000000000..be3b6b9f32
 --- /dev/null
 +++ b/drivers/usb/common/usb_urb.c
 @@ -0,0 +1,160 @@
@@ -201,7 +202,7 @@
 +	return usb_urb_submit(hcd, urb);
 +}
 diff --git a/drivers/usb/host/r8a66597-hcd.c b/drivers/usb/host/r8a66597-hcd.c
-index f1fc93f3d403..3ccbc16da379 100644
+index f1fc93f3d4..3ccbc16da3 100644
 --- a/drivers/usb/host/r8a66597-hcd.c
 +++ b/drivers/usb/host/r8a66597-hcd.c
 @@ -14,6 +14,7 @@
@@ -249,7 +250,7 @@
  {
  	struct usb_device *parent = usb_dev_get_parent(dev);
 diff --git a/drivers/usb/musb-new/musb_core.c b/drivers/usb/musb-new/musb_core.c
-index 18d9bc805f8a..fc7af7484e4c 100644
+index 18d9bc805f..fc7af7484e 100644
 --- a/drivers/usb/musb-new/musb_core.c
 +++ b/drivers/usb/musb-new/musb_core.c
 @@ -89,9 +89,9 @@
@@ -264,7 +265,7 @@
  
  #include "musb_core.h"
 diff --git a/drivers/usb/musb-new/musb_host.c b/drivers/usb/musb-new/musb_host.c
-index acb2d40f3b5a..e5905d90d66f 100644
+index acb2d40f3b..e5905d90d6 100644
 --- a/drivers/usb/musb-new/musb_host.c
 +++ b/drivers/usb/musb-new/musb_host.c
 @@ -26,8 +26,8 @@
@@ -278,7 +279,7 @@
  
  #include "musb_core.h"
 diff --git a/drivers/usb/musb-new/musb_host.h b/drivers/usb/musb-new/musb_host.h
-index afc8fa35a738..5a604bdb0cf2 100644
+index afc8fa35a7..5a604bdb0c 100644
 --- a/drivers/usb/musb-new/musb_host.h
 +++ b/drivers/usb/musb-new/musb_host.h
 @@ -10,7 +10,7 @@
@@ -291,7 +292,7 @@
  
  static inline struct usb_hcd *musb_to_hcd(struct musb *musb)
 diff --git a/drivers/usb/musb-new/musb_uboot.c b/drivers/usb/musb-new/musb_uboot.c
-index 61ff68def2fa..d186facc7e02 100644
+index 61ff68def2..d186facc7e 100644
 --- a/drivers/usb/musb-new/musb_uboot.c
 +++ b/drivers/usb/musb-new/musb_uboot.c
 @@ -8,10 +8,10 @@
@@ -347,7 +348,7 @@
 -}
 -#endif
 diff --git a/drivers/usb/musb-new/musb_uboot.h b/drivers/usb/musb-new/musb_uboot.h
-index 18282efccc9d..6b162f03b19e 100644
+index 18282efccc..6b162f03b1 100644
 --- a/drivers/usb/musb-new/musb_uboot.h
 +++ b/drivers/usb/musb-new/musb_uboot.h
 @@ -8,8 +8,8 @@
@@ -364,7 +365,7 @@
 similarity index 60%
 rename from drivers/usb/musb-new/usb-compat.h
 rename to include/linux/usb/usb_urb_compat.h
-index df68c9220a7a..5ed96fa64e96 100644
+index df68c9220a..5ed96fa64e 100644
 --- a/drivers/usb/musb-new/usb-compat.h
 +++ b/include/linux/usb/usb_urb_compat.h
 @@ -1,16 +1,31 @@
@@ -439,7 +440,7 @@
 +
  #endif /* __USB_COMPAT_H__ */
 diff --git a/include/usb_defs.h b/include/usb_defs.h
-index 6dd2c997f9b3..ec00161710a5 100644
+index 6dd2c997f9..ec00161710 100644
 --- a/include/usb_defs.h
 +++ b/include/usb_defs.h
 @@ -81,6 +81,32 @@
@@ -493,5 +494,5 @@
  /*
   * Hub Status & Hub Change bit masks
 -- 
-2.37.1
+2.17.1
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0004-usb-add-isp1760-family-driver.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0004-usb-add-isp1760-family-driver.patch
index 1dd6f25..794389e 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0004-usb-add-isp1760-family-driver.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0004-usb-add-isp1760-family-driver.patch
@@ -1,12 +1,13 @@
-From 8abb9c6a342d750a3a3a66e674c3be6597fc9f66 Mon Sep 17 00:00:00 2001
+From 83ba88292211394ce6b3a21fbc0f702dae543290 Mon Sep 17 00:00:00 2001
 From: Rui Miguel Silva <rui.silva@linaro.org>
 Date: Mon, 28 Jun 2021 23:31:25 +0100
-Subject: [PATCH 04/24] usb: add isp1760 family driver
+Subject: [PATCH 04/26] usb: add isp1760 family driver
 
 ISP1760/61/63 are a family of usb controllers, blah, blah, more info
 here.
 
 Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Upstream-Status: Accepted [2022.10-rc1]
 ---
  Makefile                            |    1 +
  drivers/usb/Kconfig                 |    2 +
@@ -34,7 +35,7 @@
  create mode 100644 drivers/usb/isp1760/isp1760-uboot.h
 
 diff --git a/Makefile b/Makefile
-index 98867fbe06b4..67851020f5c1 100644
+index 98867fbe06..67851020f5 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -841,6 +841,7 @@ libs-y += drivers/usb/host/
@@ -46,7 +47,7 @@
  libs-y += drivers/usb/ulpi/
  ifdef CONFIG_POST
 diff --git a/drivers/usb/Kconfig b/drivers/usb/Kconfig
-index ab1d061bd0d5..bbe07be02cab 100644
+index ab1d061bd0..bbe07be02c 100644
 --- a/drivers/usb/Kconfig
 +++ b/drivers/usb/Kconfig
 @@ -78,6 +78,8 @@ source "drivers/usb/musb/Kconfig"
@@ -59,7 +60,7 @@
  
  source "drivers/usb/phy/Kconfig"
 diff --git a/drivers/usb/common/Makefile b/drivers/usb/common/Makefile
-index dc05cb0a5077..f08b064d2493 100644
+index dc05cb0a50..f08b064d24 100644
 --- a/drivers/usb/common/Makefile
 +++ b/drivers/usb/common/Makefile
 @@ -4,6 +4,7 @@
@@ -72,7 +73,7 @@
  obj-$(CONFIG_USB_EHCI_FSL) += fsl-dt-fixup.o fsl-errata.o
 diff --git a/drivers/usb/isp1760/Kconfig b/drivers/usb/isp1760/Kconfig
 new file mode 100644
-index 000000000000..993d71e74cd2
+index 0000000000..993d71e74c
 --- /dev/null
 +++ b/drivers/usb/isp1760/Kconfig
 @@ -0,0 +1,12 @@
@@ -90,7 +91,7 @@
 +	  capable bus.
 diff --git a/drivers/usb/isp1760/Makefile b/drivers/usb/isp1760/Makefile
 new file mode 100644
-index 000000000000..2c809c01b118
+index 0000000000..2c809c01b1
 --- /dev/null
 +++ b/drivers/usb/isp1760/Makefile
 @@ -0,0 +1,6 @@
@@ -102,7 +103,7 @@
 +obj-$(CONFIG_USB_ISP1760) += isp1760.o
 diff --git a/drivers/usb/isp1760/isp1760-core.c b/drivers/usb/isp1760/isp1760-core.c
 new file mode 100644
-index 000000000000..3080595549c5
+index 0000000000..3080595549
 --- /dev/null
 +++ b/drivers/usb/isp1760/isp1760-core.c
 @@ -0,0 +1,378 @@
@@ -486,7 +487,7 @@
 +}
 diff --git a/drivers/usb/isp1760/isp1760-core.h b/drivers/usb/isp1760/isp1760-core.h
 new file mode 100644
-index 000000000000..0a60e30b5fe7
+index 0000000000..0a60e30b5f
 --- /dev/null
 +++ b/drivers/usb/isp1760/isp1760-core.h
 @@ -0,0 +1,96 @@
@@ -588,7 +589,7 @@
 +#endif
 diff --git a/drivers/usb/isp1760/isp1760-hcd.c b/drivers/usb/isp1760/isp1760-hcd.c
 new file mode 100644
-index 000000000000..b1d86dd69b94
+index 0000000000..b1d86dd69b
 --- /dev/null
 +++ b/drivers/usb/isp1760/isp1760-hcd.c
 @@ -0,0 +1,2574 @@
@@ -3168,7 +3169,7 @@
 +}
 diff --git a/drivers/usb/isp1760/isp1760-hcd.h b/drivers/usb/isp1760/isp1760-hcd.h
 new file mode 100644
-index 000000000000..00f5ca8c1f75
+index 0000000000..00f5ca8c1f
 --- /dev/null
 +++ b/drivers/usb/isp1760/isp1760-hcd.h
 @@ -0,0 +1,82 @@
@@ -3256,7 +3257,7 @@
 +#endif /* _ISP1760_HCD_H_ */
 diff --git a/drivers/usb/isp1760/isp1760-if.c b/drivers/usb/isp1760/isp1760-if.c
 new file mode 100644
-index 000000000000..c610da6b23fb
+index 0000000000..c610da6b23
 --- /dev/null
 +++ b/drivers/usb/isp1760/isp1760-if.c
 @@ -0,0 +1,127 @@
@@ -3389,7 +3390,7 @@
 +};
 diff --git a/drivers/usb/isp1760/isp1760-regs.h b/drivers/usb/isp1760/isp1760-regs.h
 new file mode 100644
-index 000000000000..94ea60c20b2a
+index 0000000000..94ea60c20b
 --- /dev/null
 +++ b/drivers/usb/isp1760/isp1760-regs.h
 @@ -0,0 +1,292 @@
@@ -3687,7 +3688,7 @@
 +#endif
 diff --git a/drivers/usb/isp1760/isp1760-uboot.c b/drivers/usb/isp1760/isp1760-uboot.c
 new file mode 100644
-index 000000000000..7635210fe2b4
+index 0000000000..7635210fe2
 --- /dev/null
 +++ b/drivers/usb/isp1760/isp1760-uboot.c
 @@ -0,0 +1,76 @@
@@ -3769,7 +3770,7 @@
 +};
 diff --git a/drivers/usb/isp1760/isp1760-uboot.h b/drivers/usb/isp1760/isp1760-uboot.h
 new file mode 100644
-index 000000000000..2486de6f9e27
+index 0000000000..2486de6f9e
 --- /dev/null
 +++ b/drivers/usb/isp1760/isp1760-uboot.h
 @@ -0,0 +1,27 @@
@@ -3801,5 +3802,5 @@
 +
 +#endif
 -- 
-2.37.1
+2.17.1
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0005-corstone1000-enable-isp1763-usb-controller.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0005-corstone1000-enable-isp1763-usb-controller.patch
index c465455..6ebba56 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0005-corstone1000-enable-isp1763-usb-controller.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0005-corstone1000-enable-isp1763-usb-controller.patch
@@ -1,20 +1,21 @@
-From 5031fea320bb4ccc1ce7470193d8f4402ae819c9 Mon Sep 17 00:00:00 2001
+From 8717357eff3f4172c74f0b10078c31cdff9bcc41 Mon Sep 17 00:00:00 2001
 From: Rui Miguel Silva <rui.silva@linaro.org>
 Date: Thu, 3 Mar 2022 16:52:02 +0000
-Subject: [PATCH 05/24] corstone1000: enable isp1763 usb controller
+Subject: [PATCH 05/26] corstone1000: enable isp1763 usb controller
 
 MPS3 board have a ISP1763 usb controller, add the
 correspondent mmio area and enable it to be used for mass
 storage access for example.
 
 Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Upstream-Status: Accepted [2022.10-rc1]
 ---
  configs/corstone1000_defconfig | 1 +
  include/configs/corstone1000.h | 6 ++++++
  2 files changed, 7 insertions(+)
 
 diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
-index 02f931b0d469..e573fe6fe6a2 100644
+index 02f931b0d4..e573fe6fe6 100644
 --- a/configs/corstone1000_defconfig
 +++ b/configs/corstone1000_defconfig
 @@ -42,6 +42,7 @@ CONFIG_REGMAP=y
@@ -26,7 +27,7 @@
  CONFIG_EFI_MM_COMM_TEE=y
  # CONFIG_OPTEE is not set
 diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h
-index cf166f107efd..8ba0effb0ab2 100644
+index cf166f107e..8ba0effb0a 100644
 --- a/include/configs/corstone1000.h
 +++ b/include/configs/corstone1000.h
 @@ -55,7 +55,13 @@
@@ -44,5 +45,5 @@
  				"boot_bank_flag=0x08002000\0"				\
  				"kernel_addr_bank_0=0x083EE000\0"			\
 -- 
-2.37.1
+2.17.1
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-arm64-smccc-add-support-for-SMCCCv1.2-x0-x17-registe.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-arm64-smccc-add-support-for-SMCCCv1.2-x0-x17-registe.patch
new file mode 100644
index 0000000..01cd561
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-arm64-smccc-add-support-for-SMCCCv1.2-x0-x17-registe.patch
@@ -0,0 +1,204 @@
+From 7afe2370bc24b9003be8184fbd3169ebca03165a Mon Sep 17 00:00:00 2001
+From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Date: Fri, 29 Jul 2022 13:06:19 +0100
+Subject: [PATCH 06/26] arm64: smccc: add support for SMCCCv1.2 x0-x17
+ registers
+
+add support for x0-x17 registers used by the SMC calls
+
+In SMCCC v1.2 [1] arguments are passed in registers x1-x17.
+Results are returned in x0-x17.
+
+This work is inspired from the following kernel commit:
+
+arm64: smccc: Add support for SMCCCv1.2 extended input/output registers
+
+[1]: https://documentation-service.arm.com/static/5f8edaeff86e16515cdbe4c6?token=
+
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/]
+
+---
+
+Changelog:
+===============
+
+v4:
+
+* rename the commit title and improve description
+  new commit title: the current
+
+v3:
+
+* port x0-x17 registers support from linux kernel as defined by SMCCCv1.2
+  commit title:
+      arm64: smccc: add Xn registers support used by SMC calls
+
+ arch/arm/cpu/armv8/smccc-call.S | 53 +++++++++++++++++++++++++++++++++
+ arch/arm/lib/asm-offsets.c      | 13 ++++++++
+ include/linux/arm-smccc.h       | 43 ++++++++++++++++++++++++++
+ 3 files changed, 109 insertions(+)
+
+diff --git a/arch/arm/cpu/armv8/smccc-call.S b/arch/arm/cpu/armv8/smccc-call.S
+index dc92b28777..ec6f299bc9 100644
+--- a/arch/arm/cpu/armv8/smccc-call.S
++++ b/arch/arm/cpu/armv8/smccc-call.S
+@@ -1,6 +1,8 @@
+ /* SPDX-License-Identifier: GPL-2.0 */
+ /*
+  * Copyright (c) 2015, Linaro Limited
++ * (C) Copyright 2022 ARM Limited
++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+  */
+ #include <linux/linkage.h>
+ #include <linux/arm-smccc.h>
+@@ -45,3 +47,54 @@ ENDPROC(__arm_smccc_smc)
+ ENTRY(__arm_smccc_hvc)
+ 	SMCCC	hvc
+ ENDPROC(__arm_smccc_hvc)
++
++#ifdef CONFIG_ARM64
++
++	.macro SMCCC_1_2 instr
++	/* Save `res` and free a GPR that won't be clobbered */
++	stp     x1, x19, [sp, #-16]!
++
++	/* Ensure `args` won't be clobbered while loading regs in next step */
++	mov	x19, x0
++
++	/* Load the registers x0 - x17 from the struct arm_smccc_1_2_regs */
++	ldp	x0, x1, [x19, #ARM_SMCCC_1_2_REGS_X0_OFFS]
++	ldp	x2, x3, [x19, #ARM_SMCCC_1_2_REGS_X2_OFFS]
++	ldp	x4, x5, [x19, #ARM_SMCCC_1_2_REGS_X4_OFFS]
++	ldp	x6, x7, [x19, #ARM_SMCCC_1_2_REGS_X6_OFFS]
++	ldp	x8, x9, [x19, #ARM_SMCCC_1_2_REGS_X8_OFFS]
++	ldp	x10, x11, [x19, #ARM_SMCCC_1_2_REGS_X10_OFFS]
++	ldp	x12, x13, [x19, #ARM_SMCCC_1_2_REGS_X12_OFFS]
++	ldp	x14, x15, [x19, #ARM_SMCCC_1_2_REGS_X14_OFFS]
++	ldp	x16, x17, [x19, #ARM_SMCCC_1_2_REGS_X16_OFFS]
++
++	\instr #0
++
++	/* Load the `res` from the stack */
++	ldr	x19, [sp]
++
++	/* Store the registers x0 - x17 into the result structure */
++	stp	x0, x1, [x19, #ARM_SMCCC_1_2_REGS_X0_OFFS]
++	stp	x2, x3, [x19, #ARM_SMCCC_1_2_REGS_X2_OFFS]
++	stp	x4, x5, [x19, #ARM_SMCCC_1_2_REGS_X4_OFFS]
++	stp	x6, x7, [x19, #ARM_SMCCC_1_2_REGS_X6_OFFS]
++	stp	x8, x9, [x19, #ARM_SMCCC_1_2_REGS_X8_OFFS]
++	stp	x10, x11, [x19, #ARM_SMCCC_1_2_REGS_X10_OFFS]
++	stp	x12, x13, [x19, #ARM_SMCCC_1_2_REGS_X12_OFFS]
++	stp	x14, x15, [x19, #ARM_SMCCC_1_2_REGS_X14_OFFS]
++	stp	x16, x17, [x19, #ARM_SMCCC_1_2_REGS_X16_OFFS]
++
++	/* Restore original x19 */
++	ldp     xzr, x19, [sp], #16
++	ret
++	.endm
++
++/*
++ * void arm_smccc_1_2_smc(const struct arm_smccc_1_2_regs *args,
++ *			  struct arm_smccc_1_2_regs *res);
++ */
++ENTRY(arm_smccc_1_2_smc)
++	SMCCC_1_2 smc
++ENDPROC(arm_smccc_1_2_smc)
++
++#endif
+diff --git a/arch/arm/lib/asm-offsets.c b/arch/arm/lib/asm-offsets.c
+index 22fd541f9a..b6bd1b32b0 100644
+--- a/arch/arm/lib/asm-offsets.c
++++ b/arch/arm/lib/asm-offsets.c
+@@ -9,6 +9,8 @@
+  * generate asm statements containing #defines,
+  * compile this file to assembler, and then extract the
+  * #defines from the assembly-language output.
++ *
++ * (C) Copyright 2022 ARM Limited
+  */
+ 
+ #include <common.h>
+@@ -117,6 +119,17 @@ int main(void)
+ 	DEFINE(ARM_SMCCC_RES_X2_OFFS, offsetof(struct arm_smccc_res, a2));
+ 	DEFINE(ARM_SMCCC_QUIRK_ID_OFFS, offsetof(struct arm_smccc_quirk, id));
+ 	DEFINE(ARM_SMCCC_QUIRK_STATE_OFFS, offsetof(struct arm_smccc_quirk, state));
++	#ifdef CONFIG_ARM64
++		DEFINE(ARM_SMCCC_1_2_REGS_X0_OFFS,	offsetof(struct arm_smccc_1_2_regs, a0));
++		DEFINE(ARM_SMCCC_1_2_REGS_X2_OFFS,	offsetof(struct arm_smccc_1_2_regs, a2));
++		DEFINE(ARM_SMCCC_1_2_REGS_X4_OFFS,	offsetof(struct arm_smccc_1_2_regs, a4));
++		DEFINE(ARM_SMCCC_1_2_REGS_X6_OFFS,	offsetof(struct arm_smccc_1_2_regs, a6));
++		DEFINE(ARM_SMCCC_1_2_REGS_X8_OFFS,	offsetof(struct arm_smccc_1_2_regs, a8));
++		DEFINE(ARM_SMCCC_1_2_REGS_X10_OFFS,	offsetof(struct arm_smccc_1_2_regs, a10));
++		DEFINE(ARM_SMCCC_1_2_REGS_X12_OFFS,	offsetof(struct arm_smccc_1_2_regs, a12));
++		DEFINE(ARM_SMCCC_1_2_REGS_X14_OFFS,	offsetof(struct arm_smccc_1_2_regs, a14));
++		DEFINE(ARM_SMCCC_1_2_REGS_X16_OFFS,	offsetof(struct arm_smccc_1_2_regs, a16));
++	#endif
+ #endif
+ 
+ 	return 0;
+diff --git a/include/linux/arm-smccc.h b/include/linux/arm-smccc.h
+index 7f2be23394..dae58d3476 100644
+--- a/include/linux/arm-smccc.h
++++ b/include/linux/arm-smccc.h
+@@ -1,6 +1,8 @@
+ /* SPDX-License-Identifier: GPL-2.0 */
+ /*
+  * Copyright (c) 2015, Linaro Limited
++ * (C) Copyright 2022 ARM Limited
++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+  */
+ #ifndef __LINUX_ARM_SMCCC_H
+ #define __LINUX_ARM_SMCCC_H
+@@ -66,6 +68,47 @@ struct arm_smccc_res {
+ 	unsigned long a3;
+ };
+ 
++#ifdef CONFIG_ARM64
++/**
++ * struct arm_smccc_1_2_regs - Arguments for or Results from SMC call
++ * @a0-a17 argument values from registers 0 to 17
++ */
++struct arm_smccc_1_2_regs {
++	unsigned long a0;
++	unsigned long a1;
++	unsigned long a2;
++	unsigned long a3;
++	unsigned long a4;
++	unsigned long a5;
++	unsigned long a6;
++	unsigned long a7;
++	unsigned long a8;
++	unsigned long a9;
++	unsigned long a10;
++	unsigned long a11;
++	unsigned long a12;
++	unsigned long a13;
++	unsigned long a14;
++	unsigned long a15;
++	unsigned long a16;
++	unsigned long a17;
++};
++
++/**
++ * arm_smccc_1_2_smc() - make SMC calls
++ * @args: arguments passed via struct arm_smccc_1_2_regs
++ * @res: result values via struct arm_smccc_1_2_regs
++ *
++ * This function is used to make SMC calls following SMC Calling Convention
++ * v1.2 or above. The content of the supplied param are copied from the
++ * structure to registers prior to the SMC instruction. The return values
++ * are updated with the content from registers on return from the SMC
++ * instruction.
++ */
++asmlinkage void arm_smccc_1_2_smc(const struct arm_smccc_1_2_regs *args,
++				  struct arm_smccc_1_2_regs *res);
++#endif
++
+ /**
+  * struct arm_smccc_quirk - Contains quirk information
+  * @id: quirk identification
+-- 
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0007-arm64-smccc-clear-the-Xn-registers-after-SMC-calls.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0007-arm64-smccc-clear-the-Xn-registers-after-SMC-calls.patch
new file mode 100644
index 0000000..cedac06
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0007-arm64-smccc-clear-the-Xn-registers-after-SMC-calls.patch
@@ -0,0 +1,59 @@
+From 83f9da30247c2d021658bc1b595c59ecc35eadf5 Mon Sep 17 00:00:00 2001
+From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Date: Fri, 29 Jul 2022 13:07:43 +0100
+Subject: [PATCH 07/26] arm64: smccc: clear the Xn registers after SMC calls
+
+set to zero the x0-x17 registers
+
+As per the SMCCC v1.2 spec, unused result and scratch registers can leak
+information after an SMC call. We can mitigate against this risk by
+returning zero in each register.
+
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/]
+---
+
+Changelog:
+===============
+
+v4:
+
+* move the clearing code into a new macro: clear_gp_regs
+
+v3:
+
+* clear the Xn registers after SMC calls
+
+ arch/arm/cpu/armv8/smccc-call.S | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/arch/arm/cpu/armv8/smccc-call.S b/arch/arm/cpu/armv8/smccc-call.S
+index ec6f299bc9..32f3eb8eeb 100644
+--- a/arch/arm/cpu/armv8/smccc-call.S
++++ b/arch/arm/cpu/armv8/smccc-call.S
+@@ -50,6 +50,12 @@ ENDPROC(__arm_smccc_hvc)
+ 
+ #ifdef CONFIG_ARM64
+ 
++	.macro	clear_gp_regs
++	.irp	n,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17
++	mov	x\n, xzr
++	.endr
++	.endm
++
+ 	.macro SMCCC_1_2 instr
+ 	/* Save `res` and free a GPR that won't be clobbered */
+ 	stp     x1, x19, [sp, #-16]!
+@@ -84,6 +90,9 @@ ENDPROC(__arm_smccc_hvc)
+ 	stp	x14, x15, [x19, #ARM_SMCCC_1_2_REGS_X14_OFFS]
+ 	stp	x16, x17, [x19, #ARM_SMCCC_1_2_REGS_X16_OFFS]
+ 
++	/* x0-x17 registers can leak information after an SMC or HVC call. Let's clear them */
++	clear_gp_regs
++
+ 	/* Restore original x19 */
+ 	ldp     xzr, x19, [sp], #16
+ 	ret
+-- 
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-arm_ffa-introducing-MM-communication-with-FF-A.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-arm_ffa-introducing-MM-communication-with-FF-A.patch
deleted file mode 100644
index 3b82b41..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-arm_ffa-introducing-MM-communication-with-FF-A.patch
+++ /dev/null
@@ -1,383 +0,0 @@
-From ee7c0aee66db53b2372a3b4245a8754dceee804d Mon Sep 17 00:00:00 2001
-From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-Date: Wed, 13 Oct 2021 17:51:44 +0100
-Subject: [PATCH 08/24] arm_ffa: introducing MM communication with FF-A
-
-This commit allows to perform MM communication using FF-A transport.
-
-The MM SP (also called partition) can be StandAlonneMM or smm-gateway.
-Both partitions run in OP-TEE.
-
-When using the u-boot FF-A driver, StandAlonneMM and smm-gateway are
-supported.
-
-On EFI services such as GetVariable()/SetVariable(), the data
-is copied from the communication buffer to the MM shared buffer.
-
-Then, notifies the MM SP about data availability in the MM shared buffer.
-Communication with the MM SP is performed using FF-A transport.
-
-On such event, MM SP can read the data and updates the MM shared buffer
-with response data.
-
-The response data is copied back to the communication buffer.
-
-Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- lib/efi_loader/Kconfig            |  14 +-
- lib/efi_loader/efi_variable_tee.c | 265 +++++++++++++++++++++++++++++-
- 2 files changed, 273 insertions(+), 6 deletions(-)
-
-diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
-index e3f2402d0e8e..37131237af3f 100644
---- a/lib/efi_loader/Kconfig
-+++ b/lib/efi_loader/Kconfig
-@@ -60,13 +60,23 @@ config EFI_VARIABLE_FILE_STORE
- 	  stored as file /ubootefi.var on the EFI system partition.
- 
- config EFI_MM_COMM_TEE
--	bool "UEFI variables storage service via OP-TEE"
--	depends on OPTEE
-+	bool "UEFI variables storage service via the trusted world"
-+	depends on OPTEE || ARM_FFA_TRANSPORT
- 	help
-+         the MM SP (also called partition) can be StandAlonneMM or smm-gateway.
-+	  When using the u-boot OP-TEE driver, StandAlonneMM is supported.
-+	  When using the u-boot FF-A  driver, StandAlonneMM and smm-gateway are supported.
-+
- 	  If OP-TEE is present and running StandAloneMM, dispatch all UEFI
- 	  variable related operations to that. The application will verify,
- 	  authenticate and store the variables on an RPMB.
- 
-+	  When ARM_FFA_TRANSPORT is used, dispatch all UEFI variable related
-+	  operations to the MM SP running under Optee in the trusted world.
-+	  A door bell mechanism is used to notify the SP when there is data in the shared
-+	  MM buffer. The data is copied by u-boot to thea shared buffer before issuing
-+	  the door bell event.
-+
- config EFI_VARIABLE_NO_STORE
- 	bool "Don't persist non-volatile UEFI variables"
- 	help
-diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c
-index dfef18435dfa..9cb8cfb9c779 100644
---- a/lib/efi_loader/efi_variable_tee.c
-+++ b/lib/efi_loader/efi_variable_tee.c
-@@ -15,6 +15,28 @@
- #include <malloc.h>
- #include <mm_communication.h>
- 
-+#if (IS_ENABLED(CONFIG_OPTEE))
-+#define OPTEE_PAGE_SIZE BIT(12)
-+#endif
-+
-+#if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT))
-+
-+#include <arm_ffa_helper.h>
-+#include <mapmem.h>
-+
-+/* MM return codes */
-+#define MM_SUCCESS (0)
-+
-+#define ARM_SVC_ID_SP_EVENT_COMPLETE_AARCH64 (0xC4000061)
-+#define ARM_SVC_ID_SP_EVENT_COMPLETE ARM_SVC_ID_SP_EVENT_COMPLETE_AARCH64
-+
-+/* MM_SP_UUID_DATA defined by the platform */
-+union ffa_partition_uuid mm_sp_svc_uuid = {.bytes = {MM_SP_UUID_DATA}};
-+
-+static u16 __efi_runtime_data mm_sp_id;
-+
-+#endif
-+
- extern struct efi_var_file __efi_runtime_data *efi_var_buf;
- static efi_uintn_t max_buffer_size;	/* comm + var + func + data */
- static efi_uintn_t max_payload_size;	/* func + data */
-@@ -24,6 +46,7 @@ struct mm_connection {
- 	u32 session;
- };
- 
-+#if (IS_ENABLED(CONFIG_OPTEE))
- /**
-  * get_connection() - Retrieve OP-TEE session for a specific UUID.
-  *
-@@ -143,16 +166,229 @@ static efi_status_t optee_mm_communicate(void *comm_buf, ulong dsize)
- 
- 	return ret;
- }
-+#endif
-+
-+#if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT))
-+
-+/**
-+ * ffa_notify_mm_sp() - Announce there is data in the shared buffer
-+ *
-+ * Notifies the MM partition in the trusted world that
-+ * data is available in the shared buffer.
-+ * This is a blocking call during which trusted world has exclusive access
-+ * to the MM shared buffer.
-+ *
-+ * Return:
-+ *
-+ * 0 on success
-+ */
-+static int __efi_runtime ffa_notify_mm_sp(void)
-+{
-+	struct ffa_interface_data func_data = {0};
-+	struct ffa_send_direct_data msg = {0};
-+	int ret;
-+	u32 sp_event_complete;
-+	int sp_event_ret;
-+
-+	func_data.data0_size = sizeof(mm_sp_id);
-+	func_data.data0 = &mm_sp_id;
-+
-+	msg.a3 = FFA_SHARED_MM_BUFFER_ADDR;
-+	msg.a4 = FFA_SHARED_MM_BUFFER_SIZE;
-+	func_data.data1_size = sizeof(msg);
-+	func_data.data1 = &msg;
-+
-+	ret = ffa_helper_msg_send_direct_req(&func_data);
-+	if (ret != FFA_ERR_STAT_SUCCESS) {
-+		log_err("EFI: Failure to notify the MM SP , FF-A  error (%d)\n", ret);
-+		return ret;
-+	}
-+
-+	sp_event_complete = msg.a3;
-+	sp_event_ret = (int)msg.a4;
-+
-+	if (sp_event_complete == ARM_SVC_ID_SP_EVENT_COMPLETE && sp_event_ret == MM_SUCCESS)
-+		return 0;
-+
-+	log_err("EFI: Failure to notify the MM SP (0x%x , %d)\n",
-+		sp_event_complete,
-+		sp_event_ret);
-+
-+	return -EACCES;
-+}
-+
-+/**
-+ * ffa_discover_mm_sp_id() - Query the MM partition ID
-+ *
-+ * Use the FF-A driver to get the MM partition ID.
-+ * If multiple partitions are found, use the first one
-+ *
-+ * Return:
-+ *
-+ * 0 on success
-+ */
-+static int __efi_runtime ffa_discover_mm_sp_id(void)
-+{
-+	struct ffa_interface_data func_data = {0};
-+	u32 count = 0;
-+	int ret;
-+	struct ffa_partition_info *parts_info;
-+
-+	/*
-+	 * get from the driver the count of the SPs matching the UUID
-+	 */
-+	func_data.data0_size = sizeof(mm_sp_svc_uuid);
-+	func_data.data0 = &mm_sp_svc_uuid;
-+	func_data.data1_size = sizeof(count);
-+	func_data.data1 = &count;
-+
-+	ret = ffa_helper_get_partitions_info(&func_data);
-+	if (ret != FFA_ERR_STAT_SUCCESS) {
-+		log_err("EFI: Failure in querying partitions count (error code: %d)\n", ret);
-+		return ret;
-+	}
-+
-+	if (!count) {
-+		log_info("EFI: No MM partition found\n");
-+		return ret;
-+	}
-+
-+	/*
-+	 * pre-allocate a buffer to be filled by the driver
-+	 * with	 ffa_partition_info structs
-+	 */
-+
-+	parts_info = calloc(count, sizeof(struct ffa_partition_info));
-+	if (!parts_info)
-+		return -EINVAL;
-+
-+	log_info("EFI: Pre-allocating %d partition(s) info structures\n", count);
-+
-+	func_data.data1_size = count *
-+		sizeof(struct ffa_partition_info);
-+	func_data.data1 = parts_info;
-+
-+	/*
-+	 * ask the driver to fill the
-+	 * buffer with the SPs info
-+	 */
-+	ret = ffa_helper_get_partitions_info(&func_data);
-+	if (ret != FFA_ERR_STAT_SUCCESS) {
-+		log_err("EFI: Failure in querying partition(s) info (error code: %d)\n", ret);
-+		free(parts_info);
-+		return ret;
-+	}
-+
-+	/*
-+	 * MM SPs found , use the first one
-+	 */
-+
-+	mm_sp_id = parts_info[0].id;
-+
-+	log_info("EFI: MM partition ID 0x%x\n", mm_sp_id);
-+
-+	free(parts_info);
-+
-+	return 0;
-+}
- 
- /**
-- * mm_communicate() - Adjust the cmonnucation buffer to StandAlonneMM and send
-+ * ffa_mm_communicate() - Exchange EFI services data with  the MM partition using FF-A
-+ * @comm_buf:		locally allocated communication buffer used for for rx/tx
-+ * @dsize:				communication buffer size
-+ *
-+ * Issues a door bell event to notify the MM partition (SP) running in OP-TEE
-+ * that there is data to read from the shared buffer.
-+ * Communication with the MM SP is performed using FF-A transport.
-+ * On the event, MM SP can read the data from the buffer and
-+ * update the MM shared buffer with response data.
-+ * The response data is copied back to the communication buffer.
-+ *
-+ * Return:
-+ *
-+ * EFI status code
-+ */
-+static efi_status_t __efi_runtime ffa_mm_communicate(void *comm_buf, ulong comm_buf_size)
-+{
-+	ulong tx_data_size;
-+	int ffa_ret;
-+	struct efi_mm_communicate_header *mm_hdr;
-+	void *virt_shared_buf;
-+
-+	if (!comm_buf)
-+		return EFI_INVALID_PARAMETER;
-+
-+	/* Discover MM partition ID */
-+	if (!mm_sp_id && ffa_discover_mm_sp_id()  != FFA_ERR_STAT_SUCCESS) {
-+		log_err("EFI: Failure to discover MM partition ID\n");
-+		return EFI_UNSUPPORTED;
-+	}
-+
-+	mm_hdr = (struct efi_mm_communicate_header *)comm_buf;
-+	tx_data_size = mm_hdr->message_len + sizeof(efi_guid_t) + sizeof(size_t);
-+
-+	if (comm_buf_size != tx_data_size || tx_data_size > FFA_SHARED_MM_BUFFER_SIZE)
-+		return EFI_INVALID_PARAMETER;
-+
-+	/* Copy the data to the shared buffer */
-+
-+	virt_shared_buf = (void *)map_sysmem((phys_addr_t)FFA_SHARED_MM_BUFFER_ADDR, 0);
-+	efi_memcpy_runtime(virt_shared_buf, comm_buf, tx_data_size);
-+
-+	/* Announce there is data in the shared buffer */
-+
-+	ffa_ret = ffa_notify_mm_sp();
-+	if (ffa_ret)
-+		unmap_sysmem(virt_shared_buf);
-+
-+	switch (ffa_ret) {
-+	case 0:
-+	{
-+		ulong rx_data_size;
-+		/* Copy the MM SP response from the shared buffer to the communication buffer */
-+		rx_data_size = ((struct efi_mm_communicate_header *)virt_shared_buf)->message_len +
-+			sizeof(efi_guid_t) +
-+			sizeof(size_t);
-+
-+		if (rx_data_size > comm_buf_size) {
-+			unmap_sysmem(virt_shared_buf);
-+			return EFI_OUT_OF_RESOURCES;
-+		}
-+
-+		efi_memcpy_runtime(comm_buf, virt_shared_buf, rx_data_size);
-+		unmap_sysmem(virt_shared_buf);
-+
-+		return EFI_SUCCESS;
-+	}
-+	case -EINVAL:
-+		return EFI_DEVICE_ERROR;
-+	case -EPERM:
-+		return EFI_INVALID_PARAMETER;
-+	case -EACCES:
-+		return EFI_ACCESS_DENIED;
-+	case -EBUSY:
-+		return EFI_OUT_OF_RESOURCES;
-+	default:
-+		return EFI_ACCESS_DENIED;
-+	}
-+}
-+#endif
-+
-+/**
-+ * mm_communicate() - Adjust the communication buffer to the MM SP and send
-  * it to OP-TEE
-  *
-- * @comm_buf:		locally allocted communcation buffer
-+ * @comm_buf:		locally allocted communication buffer
-  * @dsize:		buffer size
-+ *
-+ * The MM SP (also called partition) can be StandAlonneMM or smm-gateway.
-+ * The comm_buf format is the same for both partitions.
-+ * When using the u-boot OP-TEE driver, StandAlonneMM is supported.
-+ * When using the u-boot FF-A  driver, StandAlonneMM and smm-gateway are supported.
-+ *
-  * Return:		status code
-  */
--static efi_status_t mm_communicate(u8 *comm_buf, efi_uintn_t dsize)
-+static efi_status_t __efi_runtime mm_communicate(u8 *comm_buf, efi_uintn_t dsize)
- {
- 	efi_status_t ret;
- 	struct efi_mm_communicate_header *mm_hdr;
-@@ -162,7 +398,11 @@ static efi_status_t mm_communicate(u8 *comm_buf, efi_uintn_t dsize)
- 	mm_hdr = (struct efi_mm_communicate_header *)comm_buf;
- 	var_hdr = (struct smm_variable_communicate_header *)mm_hdr->data;
- 
-+	#if (IS_ENABLED(CONFIG_OPTEE))
- 	ret = optee_mm_communicate(comm_buf, dsize);
-+	#elif (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT))
-+	ret = ffa_mm_communicate(comm_buf, dsize);
-+	#endif
- 	if (ret != EFI_SUCCESS) {
- 		log_err("%s failed!\n", __func__);
- 		return ret;
-@@ -258,6 +498,23 @@ efi_status_t EFIAPI get_max_payload(efi_uintn_t *size)
- 		goto out;
- 	}
- 	*size = var_payload->size;
-+
-+	#if (IS_ENABLED(CONFIG_OPTEE))
-+	/*
-+	 * Although the max payload is configurable on StMM, we only share a
-+	 * single page from OP-TEE for the non-secure buffer used to communicate
-+	 * with StMM. Since OP-TEE will reject to map anything bigger than that,
-+	 * make sure we are in bounds.
-+	 */
-+	if (*size > OPTEE_PAGE_SIZE)
-+		*size = OPTEE_PAGE_SIZE - MM_COMMUNICATE_HEADER_SIZE  -
-+			MM_VARIABLE_COMMUNICATE_SIZE;
-+	#elif (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT))
-+		if (*size > FFA_SHARED_MM_BUFFER_SIZE)
-+			*size = FFA_SHARED_MM_BUFFER_SIZE - MM_COMMUNICATE_HEADER_SIZE  -
-+				MM_VARIABLE_COMMUNICATE_SIZE;
-+	#endif
-+
- 	/*
- 	 * There seems to be a bug in EDK2 miscalculating the boundaries and
- 	 * size checks, so deduct 2 more bytes to fulfill this requirement. Fix
-@@ -697,7 +954,7 @@ void efi_variables_boot_exit_notify(void)
- 		ret = EFI_NOT_FOUND;
- 
- 	if (ret != EFI_SUCCESS)
--		log_err("Unable to notify StMM for ExitBootServices\n");
-+		log_err("Unable to notify the MM partition for ExitBootServices\n");
- 	free(comm_buf);
- 
- 	/*
--- 
-2.37.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-lib-uuid-introduce-be_uuid_str_to_le_bin-function.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-lib-uuid-introduce-be_uuid_str_to_le_bin-function.patch
new file mode 100644
index 0000000..769209b
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0008-lib-uuid-introduce-be_uuid_str_to_le_bin-function.patch
@@ -0,0 +1,127 @@
+From af17d357674393565c8be15f21c86cba972963e7 Mon Sep 17 00:00:00 2001
+From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Date: Thu, 4 Aug 2022 16:46:47 +0100
+Subject: [PATCH 08/26] lib: uuid: introduce be_uuid_str_to_le_bin function
+
+convert big endian UUID string to little endian buffer
+
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/]
+---
+
+Changelog:
+===============
+
+v4:
+
+* rename ffa_uuid_str_to_bin to be_uuid_str_to_le_bin and put in
+  a standalone commit (the current)
+
+v3:
+
+* introduce ffa_uuid_str_to_bin (provided by
+  arm_ffa: introduce Arm FF-A low-level driver)
+
+ include/uuid.h |  6 +++++
+ lib/uuid.c     | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 69 insertions(+)
+
+diff --git a/include/uuid.h b/include/uuid.h
+index 4a4883d3b5..5355230b5e 100644
+--- a/include/uuid.h
++++ b/include/uuid.h
+@@ -44,4 +44,10 @@ int uuid_guid_get_bin(const char *guid_str, unsigned char *guid_bin);
+ const char *uuid_guid_get_str(const unsigned char *guid_bin);
+ void gen_rand_uuid(unsigned char *uuid_bin);
+ void gen_rand_uuid_str(char *uuid_str, int str_format);
++
++/**
++ * be_uuid_str_to_le_bin - Converts a big endian UUID string to a little endian buffer
++ */
++int be_uuid_str_to_le_bin(const char *uuid_str, unsigned char *uuid_bin);
++
+ #endif
+diff --git a/lib/uuid.c b/lib/uuid.c
+index 284f8113ff..d0fa51d0bf 100644
+--- a/lib/uuid.c
++++ b/lib/uuid.c
+@@ -1,6 +1,7 @@
+ // SPDX-License-Identifier: GPL-2.0+
+ /*
+  * Copyright 2011 Calxeda, Inc.
++ * Copyright 2022 ARM Limited
+  */
+ 
+ #include <common.h>
+@@ -342,6 +343,68 @@ int uuid_str_to_bin(const char *uuid_str, unsigned char *uuid_bin,
+ 	return 0;
+ }
+ 
++/**
++ * be_uuid_str_to_le_bin - Converts a big endian UUID string to a little endian buffer
++ * @uuid_str:	UUID string in big endian format (36 bytes wide + '/0')
++ * @uuid_bin:	preallocated 16 bytes UUID buffer in little endian format
++ *
++ * UUID string is 36 characters (36 bytes):
++ *
++ * xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
++ * be		     be	     be	      be      be
++ *
++ * where x is a hexadecimal character. Fields are separated by '-'s.
++ * When converting to a binary UUID, these endianness rules apply:
++ *     be: means the field in the string is considered a big endian hex number
++ *	   and should be converted to little endian binary format
++ *
++ * Return:
++ *
++ *    uuid_bin filled with little endian UUID data
++ *    On success 0 is returned. Otherwise, failure code.
++ */
++int be_uuid_str_to_le_bin(const char *uuid_str, unsigned char *uuid_bin)
++{
++	u16 tmp16 = 0;
++	u32 tmp32 = 0;
++	u64 tmp64 = 0;
++
++	if (!uuid_str_valid(uuid_str) || !uuid_bin)
++		return -EINVAL;
++
++	/*
++	 * reverse bytes from big to little endian
++	 */
++	tmp32 = simple_strtoul(uuid_str, NULL, 16);
++	memcpy(uuid_bin, &tmp32, 4);
++
++	/*
++	 * reverse bytes from big to little endian
++	 */
++	tmp16 = simple_strtoul(uuid_str + 9, NULL, 16);
++	memcpy(uuid_bin + 4, &tmp16, 2);
++
++	/*
++	 * reverse bytes from big to little endian
++	 */
++	tmp16 = simple_strtoul(uuid_str + 14, NULL, 16);
++	memcpy(uuid_bin + 6, &tmp16, 2);
++
++	/*
++	 * reverse bytes from big to little endian
++	 */
++	tmp16 = simple_strtoul(uuid_str + 19, NULL, 16);
++	memcpy(uuid_bin + 8, &tmp16, 2);
++
++	/*
++	 * reverse bytes from big to little endian
++	 */
++	tmp64 = simple_strtoull(uuid_str + 24, NULL, 16);
++	memcpy(uuid_bin + 10, (char *)&tmp64, 6);
++
++	return 0;
++}
++
+ /*
+  * uuid_bin_to_str() - convert big endian binary data to string UUID or GUID.
+  *
+-- 
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-arm_ffa-introduce-Arm-FF-A-low-level-driver.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-arm_ffa-introduce-Arm-FF-A-low-level-driver.patch
new file mode 100644
index 0000000..64653b3
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-arm_ffa-introduce-Arm-FF-A-low-level-driver.patch
@@ -0,0 +1,2245 @@
+From 4729efd57e260b8c02d8cd1c30a443d29885dbd1 Mon Sep 17 00:00:00 2001
+From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Date: Mon, 15 Aug 2022 15:00:44 +0100
+Subject: [PATCH 09/26] arm_ffa: introduce Arm FF-A low-level driver
+
+Add the driver implementing Arm Firmware Framework for Armv8-A v1.0
+
+The Firmware Framework for Arm A-profile processors (FF-A)
+describes interfaces (ABIs) that standardize communication
+between the Secure World and Normal World leveraging TrustZone
+technology.
+
+This driver uses 64-bit registers as per SMCCCv1.2 spec and comes
+on top of the SMCCC layer. The driver provides the FF-A ABIs needed for
+querying the FF-A framework from the secure world.
+
+32-bit version of the ABIs is supported and 64-bit version of FFA_RXTX_MAP
+and FFA_MSG_SEND_DIRECT_{REQ, RESP}.
+
+In u-boot FF-A design, FF-A is considered as a discoverable bus.
+The Secure World is considered as one entity to communicate with
+using the FF-A bus. FF-A communication is handled by one device and
+one instance (the bus). This FF-A driver takes care of all the
+interactions between Normal world and Secure World.
+
+The driver exports its operations to be used by upper layers.
+
+Exported operations:
+
+- partition_info_get
+- sync_send_receive
+- rxtx_unmap
+
+This implementation provides an optional feature to copy the driver data
+to EFI runtime area.
+
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/]
+---
+
+Changelog:
+===============
+
+v4:
+
+* add doc/README.ffa.drv
+* moving the FF-A driver work to drivers/firmware/arm-ffa
+* use less #ifdefs in lib/efi_loader/efi_boottime.c and replace
+  #if defined by #if CONFIG_IS_ENABLED
+* improving error handling by mapping the FF-A errors to standard errors
+  and logs
+* replacing panics with an error log and returning an error code
+* improving features discovery in FFA_FEATURES by introducing
+  rxtx_min_pages private data field
+* add ffa_remove and ffa_bind functions
+* improve how the driver behaves when bus discovery is done more than
+  once
+
+v3:
+
+* align the interfaces of the u-boot FF-A driver with those in the linux
+  FF-A driver
+* remove the FF-A helper layer
+* make the u-boot FF-A driver independent from EFI
+* provide an optional config that enables copying the driver data to EFI
+  runtime section at ExitBootServices service
+* use 64-bit version of FFA_RXTX_MAP, FFA_MSG_SEND_DIRECT_{REQ, RESP}
+
+v2:
+
+* make FF-A bus discoverable using device_{bind, probe} APIs
+* remove device tree support
+
+v1:
+
+* introduce FF-A bus driver with device tree support
+
+ MAINTAINERS                                   |    7 +
+ common/board_r.c                              |    7 +
+ doc/README.ffa.drv                            |  160 ++
+ drivers/Kconfig                               |    2 +
+ drivers/Makefile                              |    1 +
+ drivers/firmware/arm-ffa/Kconfig              |   39 +
+ drivers/firmware/arm-ffa/Makefile             |    7 +
+ drivers/firmware/arm-ffa/arm-ffa-uclass.c     |   16 +
+ drivers/firmware/arm-ffa/arm_ffa_prv.h        |  196 +++
+ drivers/firmware/arm-ffa/core.c               | 1344 +++++++++++++++++
+ .../arm-ffa/efi_ffa_runtime_data_mgr.c        |   94 ++
+ include/arm_ffa.h                             |  127 ++
+ include/dm/uclass-id.h                        |    1 +
+ lib/efi_loader/efi_boottime.c                 |   12 +
+ 14 files changed, 2013 insertions(+)
+ create mode 100644 doc/README.ffa.drv
+ create mode 100644 drivers/firmware/arm-ffa/Kconfig
+ create mode 100644 drivers/firmware/arm-ffa/Makefile
+ create mode 100644 drivers/firmware/arm-ffa/arm-ffa-uclass.c
+ create mode 100644 drivers/firmware/arm-ffa/arm_ffa_prv.h
+ create mode 100644 drivers/firmware/arm-ffa/core.c
+ create mode 100644 drivers/firmware/arm-ffa/efi_ffa_runtime_data_mgr.c
+ create mode 100644 include/arm_ffa.h
+
+diff --git a/MAINTAINERS b/MAINTAINERS
+index 7f27ff4c20..e760b4ca3a 100644
+--- a/MAINTAINERS
++++ b/MAINTAINERS
+@@ -244,6 +244,13 @@ F:	board/CZ.NIC/
+ F:	configs/turris_*_defconfig
+ F:	include/configs/turris_*.h
+ 
++ARM FF-A
++M:	Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
++S:	Maintained
++F:	doc/README.ffa.drv
++F:	drivers/firmware/arm-ffa/
++F:	include/arm_ffa.h
++
+ ARM FREESCALE IMX
+ M:	Stefano Babic <sbabic@denx.de>
+ M:	Fabio Estevam <festevam@gmail.com>
+diff --git a/common/board_r.c b/common/board_r.c
+index 6f4aca2077..c75634286b 100644
+--- a/common/board_r.c
++++ b/common/board_r.c
+@@ -63,6 +63,10 @@
+ #include <efi_loader.h>
+ #include <relocate.h>
+ 
++#ifdef CONFIG_ARM_FFA_TRANSPORT
++#include <arm_ffa.h>
++#endif
++
+ DECLARE_GLOBAL_DATA_PTR;
+ 
+ ulong monitor_flash_len;
+@@ -779,6 +783,9 @@ static init_fnc_t init_sequence_r[] = {
+ 	INIT_FUNC_WATCHDOG_RESET
+ 	initr_net,
+ #endif
++#ifdef CONFIG_ARM_FFA_TRANSPORT
++	ffa_bus_discover,
++#endif
+ #ifdef CONFIG_POST
+ 	initr_post,
+ #endif
+diff --git a/doc/README.ffa.drv b/doc/README.ffa.drv
+new file mode 100644
+index 0000000000..1c0a33deb8
+--- /dev/null
++++ b/doc/README.ffa.drv
+@@ -0,0 +1,160 @@
++Arm FF-A Driver
++====================
++
++Introduction
++--------------------
++
++FF-A stands for Firmware Framework for Arm A-profile processors.
++
++FF-A specifies interfaces that enable a pair of software sandboxes to communicate with each other. A sandbox aka partition could
++be a VM in the Normal or Secure world, an application in S-EL0, or a Trusted OS in S-EL1.
++
++This FF-A driver implements the interfaces to communicate with partitions in the Secure world aka Secure partitions (SPs).
++
++The driver specifically focuses on communicating with SPs that isolate portions of EFI runtime services that must run in a
++protected environment which is inaccessible by the Host OS or Hypervisor. Examples of such services are set/get variables.
++
++FF-A driver uses the SMC ABIs defined by the FF-A specification to:
++
++- Discover the presence of SPs of interest.
++- Access an SP's service through communication protocols e.g. EFI MM communication protocol.
++
++FF-A and SMC specifications
++-------------------------------------------
++
++The current implementation of the driver relies on FF-A specification v1.0 and uses SMC32 calling convention.
++
++The driver has been tested with Optee OS which supports SMC32 for most of the SMC ABIs.
++
++For more details please refer to: https://developer.arm.com/documentation/den0077/a/?lang=en
++
++The FF-A driver uses 64-bit registers as per SMCCCv1.2 specification.
++
++For more details please refer to: https://documentation-service.arm.com/static/5f8edaeff86e16515cdbe4c6?token=
++
++Supported hardware
++--------------------------------
++
++Aarch64 plaforms
++
++Configuration
++----------------------
++
++CONFIG_ARM_FFA_TRANSPORT
++    Enables the FF-A bus driver. Turn this on if you want to use FF-A communication.
++
++CONFIG_ARM_FFA_EFI_RUNTIME_MODE
++    Optional config that enables EFI runtime support for FF-A data and code.
++    ffa_copy_runtime_data allows to copy the FF-A driver data structures to EFI runtime data section.
++    Turning the config on makes ffa_copy_runtime_data available for use and the driver code placed at EFI runtime code section.
++    Call ffa_copy_runtime_data at the event on which you want the FF-A data to be copied (example: at ExitBootServices).
++
++CONFIG_SANDBOX_FFA
++    Enables FF-A Sandbox driver. This emulates the FF-A ABIs handling under Sandbox and provides
++    functional tests for FF-A.
++
++FF-A ABIs under the hood
++---------------------------------------
++
++Invoking an FF-A ABI involves providing to the secure world/hypervisor the expected arguments from the ABI.
++
++The ABI arguments are stored in x0 to x7 registers. Then, an SMC instruction is executed.
++
++At the secure side level or hypervisor the ABI is handled at a higher exception level and the arguments are read and processed.
++
++The response is put back through x0 to x7 registers and control is giving back to the u-boot FF-A driver (non secure world).
++
++The driver reads the response and processes it accordingly.
++
++This methodology applies to all the FF-A ABIs in the driver.
++
++FF-A bus discovery in u-boot
++-------------------------------------------
++
++When CONFIG_ARM_FFA_TRANSPORT is enabled, the FF-A bus is automatically discovered at initcall level (after u-boot relocation).
++
++The function that triggers the discovery process is ffa_bus_discover.
++
++ffa_bus_discover creates, binds and probes the arm_ffa device using device_{bind, probe} APIs.
++
++When the device is probed, ffa_probe is called which tries to communicate with the secure world or hypervisor.
++
++The FF-A bus is usable when these checks succeed:
++
++- querying the FF-A framework version
++- querying from secure world the u-boot endpoint ID
++- querying from secure world the supported features of the specified FF-A calls
++- mapping the RX/TX buffers
++- querying from secure world all the partitions information
++
++Probing fails when any of these operations fail. The FF-A bus discovery succeeds when probing is successful.
++
++When discovery fails the arm_ffa device is destroyed.
++
++The bus driver layer
++------------------------------
++
++The driver comes on top of the SMCCC layer and is implemented in drivers/firmware/arm-ffa/core.c
++
++The driver provides the following features:
++
++- Support for the 32-bit version of the following ABIs:
++
++FFA_VERSION
++FFA_ID_GET
++FFA_FEATURES
++FFA_PARTITION_INFO_GET
++FFA_RXTX_UNMAP
++FFA_RX_RELEASE
++FFA_RUN
++FFA_ERROR
++FFA_SUCCESS
++FFA_INTERRUPT
++
++- Support for the 64-bit version of the following ABIs:
++
++FFA_RXTX_MAP
++FFA_MSG_SEND_DIRECT_REQ
++FFA_MSG_SEND_DIRECT_RESP
++
++- Processing the received data from the secure world/hypervisor and caching it
++
++- Hiding from upper layers the FF-A protocol and registers details. Upper layers focus on exchanged data,
++the driver takes care of how to transport that to the secure world/hypervisor using FF-A.
++
++- The driver provides callbacks to be used by clients to access the FF-A bus:
++
++partition_info_get
++sync_send_receive
++rxtx_unmap
++
++- FF-A bus discovery at initcalls level (after u-boot relocation). The bus is up and running if the FF-A framework is responsive and compatible with the driver.
++
++- When EFI is enabled, unmap the RX/TX buffers at ExitBootServices() level.
++
++- When CONFIG_ARM_FFA_EFI_RUNTIME_MODE enabled, ffa_copy_runtime_data function is available for use.
++
++Using armffa command
++-----------------------------------
++
++armffa is a command showcasing how to use the FF-A driver and how to invoke its operations.
++
++This provides a guidance to the client developers on how to call the FF-A bus interfaces.
++
++Usage:
++
++armffa <sub-command> <arguments>
++
++sub-commands:
++
++        getpart <partition UUID>
++
++            lists the partition(s) info
++
++        ping <partition ID>
++
++            sends a data pattern to the specified partition
++
++        devlist
++
++            displays the arm_ffa device info
+diff --git a/drivers/Kconfig b/drivers/Kconfig
+index b26ca8cf70..4a602517bf 100644
+--- a/drivers/Kconfig
++++ b/drivers/Kconfig
+@@ -6,6 +6,8 @@ source "drivers/core/Kconfig"
+ 
+ source "drivers/adc/Kconfig"
+ 
++source "drivers/firmware/arm-ffa/Kconfig"
++
+ source "drivers/ata/Kconfig"
+ 
+ source "drivers/axi/Kconfig"
+diff --git a/drivers/Makefile b/drivers/Makefile
+index 67c8af7442..77db8736e6 100644
+--- a/drivers/Makefile
++++ b/drivers/Makefile
+@@ -109,6 +109,7 @@ obj-y += iommu/
+ obj-y += smem/
+ obj-y += thermal/
+ obj-$(CONFIG_TEE) += tee/
++obj-$(CONFIG_ARM_FFA_TRANSPORT) += firmware/arm-ffa/
+ obj-y += axi/
+ obj-y += ufs/
+ obj-$(CONFIG_W1) += w1/
+diff --git a/drivers/firmware/arm-ffa/Kconfig b/drivers/firmware/arm-ffa/Kconfig
+new file mode 100644
+index 0000000000..aceb61cf49
+--- /dev/null
++++ b/drivers/firmware/arm-ffa/Kconfig
+@@ -0,0 +1,39 @@
++# SPDX-License-Identifier: GPL-2.0
++
++config ARM_FFA_TRANSPORT
++	bool "Enable Arm Firmware Framework for Armv8-A driver"
++	depends on DM && ARM64
++	select ARM_SMCCC
++	select LIB_UUID
++	select DEVRES
++	help
++	  The Firmware Framework for Arm A-profile processors (FF-A)
++	  describes interfaces (ABIs) that standardize communication
++	  between the Secure World and Normal World leveraging TrustZone
++	  technology.
++
++	  This driver is based on FF-A specification v1.0 and uses SMC32
++	  calling convention.
++
++	  FF-A specification:
++
++	  https://developer.arm.com/documentation/den0077/a/?lang=en
++
++	  In u-boot FF-A design, FF-A is considered as a discoverable bus.
++	  The Secure World is considered as one entity to communicate with
++	  using the FF-A bus.
++	  FF-A communication is handled by one device and one instance (the bus).
++	  This FF-A driver takes care of all the interactions between Normal world
++	  and Secure World.
++
++	  For more details about the FF-A driver, please refer to doc/README.ffa.drv
++
++config ARM_FFA_EFI_RUNTIME_MODE
++	bool "Enable EFI runtime support for FF-A data and code"
++	depends on ARM_FFA_TRANSPORT && EFI_LOADER
++	help
++	  Allows FF-A driver data structures and code to be accessible at EFI runtime.
++	  FF-A data is copied by ffa_copy_runtime_data function.
++	  The driver Code needed at runtime is placed at EFI runtime code section.
++	  Turning this on makes ffa_copy_runtime_data available for use and the driver
++	  code placed at EFI runtime code section.
+diff --git a/drivers/firmware/arm-ffa/Makefile b/drivers/firmware/arm-ffa/Makefile
+new file mode 100644
+index 0000000000..0b9b0a61b4
+--- /dev/null
++++ b/drivers/firmware/arm-ffa/Makefile
+@@ -0,0 +1,7 @@
++# SPDX-License-Identifier: GPL-2.0+
++#
++# (C) Copyright 2022 Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
++#
++
++obj-y += arm-ffa-uclass.o core.o
++obj-$(CONFIG_ARM_FFA_EFI_RUNTIME_MODE) += efi_ffa_runtime_data_mgr.o
+diff --git a/drivers/firmware/arm-ffa/arm-ffa-uclass.c b/drivers/firmware/arm-ffa/arm-ffa-uclass.c
+new file mode 100644
+index 0000000000..7d9695d289
+--- /dev/null
++++ b/drivers/firmware/arm-ffa/arm-ffa-uclass.c
+@@ -0,0 +1,16 @@
++// SPDX-License-Identifier: GPL-2.0+
++/*
++ * (C) Copyright 2022 ARM Limited
++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
++ */
++
++#include <common.h>
++#include <dm.h>
++#include <asm/global_data.h>
++
++DECLARE_GLOBAL_DATA_PTR;
++
++UCLASS_DRIVER(ffa) = {
++	.name		= "ffa",
++	.id		= UCLASS_FFA,
++};
+diff --git a/drivers/firmware/arm-ffa/arm_ffa_prv.h b/drivers/firmware/arm-ffa/arm_ffa_prv.h
+new file mode 100644
+index 0000000000..7bc90f7f66
+--- /dev/null
++++ b/drivers/firmware/arm-ffa/arm_ffa_prv.h
+@@ -0,0 +1,196 @@
++/* SPDX-License-Identifier: GPL-2.0+ */
++/*
++ * (C) Copyright 2022 ARM Limited
++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
++ */
++
++#ifndef __ARM_FFA_PRV_H
++#define __ARM_FFA_PRV_H
++
++#include <arm_ffa.h>
++#include <linux/bitfield.h>
++#include <linux/bitops.h>
++#include <linux/arm-smccc.h>
++
++/*
++ * This header is private. It is exclusively used by the FF-A driver
++ */
++
++/* FF-A core driver name */
++#define FFA_DRV_NAME "arm_ffa"
++
++/* FF-A driver version definitions */
++
++#define MAJOR_VERSION_MASK		GENMASK(30, 16)
++#define MINOR_VERSION_MASK		GENMASK(15, 0)
++#define GET_FFA_MAJOR_VERSION(x)		\
++				((u16)(FIELD_GET(MAJOR_VERSION_MASK, (x))))
++#define GET_FFA_MINOR_VERSION(x)		\
++				((u16)(FIELD_GET(MINOR_VERSION_MASK, (x))))
++#define PACK_VERSION_INFO(major, minor)			\
++	(FIELD_PREP(MAJOR_VERSION_MASK, (major)) |	\
++	 FIELD_PREP(MINOR_VERSION_MASK, (minor)))
++
++#define FFA_MAJOR_VERSION		(1)
++#define FFA_MINOR_VERSION		(0)
++#define FFA_VERSION_1_0		\
++			PACK_VERSION_INFO(FFA_MAJOR_VERSION, FFA_MINOR_VERSION)
++
++/* Endpoint ID mask (u-boot endpoint ID) */
++
++#define GET_SELF_ENDPOINT_ID_MASK		GENMASK(15, 0)
++#define GET_SELF_ENDPOINT_ID(x)		\
++			((u16)(FIELD_GET(GET_SELF_ENDPOINT_ID_MASK, (x))))
++
++#define PREP_SELF_ENDPOINT_ID_MASK		GENMASK(31, 16)
++#define PREP_SELF_ENDPOINT_ID(x)		\
++			(FIELD_PREP(PREP_SELF_ENDPOINT_ID_MASK, (x)))
++
++/* Partition endpoint ID mask  (partition with which u-boot communicates with) */
++
++#define PREP_PART_ENDPOINT_ID_MASK		GENMASK(15, 0)
++#define PREP_PART_ENDPOINT_ID(x)		\
++			(FIELD_PREP(PREP_PART_ENDPOINT_ID_MASK, (x)))
++
++/*
++ * Definitions of the Arm FF-A interfaces supported by the Arm FF-A driver
++ */
++
++#define FFA_SMC(calling_convention, func_num)				\
++	ARM_SMCCC_CALL_VAL(ARM_SMCCC_FAST_CALL, (calling_convention),	\
++			   ARM_SMCCC_OWNER_STANDARD, (func_num))
++
++#define FFA_SMC_32(func_num)				FFA_SMC(ARM_SMCCC_SMC_32, (func_num))
++#define FFA_SMC_64(func_num)				FFA_SMC(ARM_SMCCC_SMC_64, (func_num))
++
++enum ffa_abis {
++	FFA_ERROR					= 0x60,
++	FFA_SUCCESS					= 0x61,
++	FFA_INTERRUPT				= 0x62,
++	FFA_VERSION					= 0x63,
++	FFA_FEATURES				= 0x64,
++	FFA_RX_RELEASE				= 0x65,
++	FFA_RXTX_MAP				= 0x66,
++	FFA_RXTX_UNMAP			= 0x67,
++	FFA_PARTITION_INFO_GET		= 0x68,
++	FFA_ID_GET					= 0x69,
++	FFA_RUN						= 0x6D,
++	FFA_MSG_SEND_DIRECT_REQ	= 0x6F,
++	FFA_MSG_SEND_DIRECT_RESP	= 0x70,
++
++	/* to be updated when adding new FFA IDs */
++	FFA_FIRST_ID = FFA_ERROR, /* lowest number ID*/
++	FFA_LAST_ID = FFA_MSG_SEND_DIRECT_RESP, /* highest number ID*/
++};
++
++/* number of the errors supported by the FF-A specification */
++#define MAX_NUMBER_FFA_ERR 9
++
++/* container structure and helper macros to map between an FF-A error and relevant error log */
++struct ffa_abi_errmap {
++	char *err_str[MAX_NUMBER_FFA_ERR];
++};
++
++#define FFA_ERRMAP_COUNT (FFA_LAST_ID - FFA_FIRST_ID + 1)
++#define FFA_ID_TO_ERRMAP_ID(ffa_id) ((ffa_id) - FFA_FIRST_ID)
++
++/* The FF-A SMC function definitions */
++
++typedef struct arm_smccc_1_2_regs ffa_value_t;
++typedef void (*invoke_ffa_fn_t)(ffa_value_t args, ffa_value_t *res);
++
++/*
++ * struct ffa_partition_uuid - 16 bytes UUID transmitted by FFA_PARTITION_INFO_GET
++ * @a1-4:	32-bit words access to the UUID data
++ *
++ */
++struct ffa_partition_uuid {
++	u32 a1; /* w1 */
++	u32 a2; /* w2 */
++	u32 a3; /* w3 */
++	u32 a4; /* w4 */
++};
++
++/**
++ * enum ffa_rxtx_buf_sizes - minimum sizes supported
++ * for the RX/TX buffers
++ */
++enum ffa_rxtx_buf_sizes {
++	RXTX_4K,
++	RXTX_64K,
++	RXTX_16K
++};
++
++/**
++ * struct ffa_rxtxpair - structure hosting the RX/TX buffers virtual addresses
++ * @rxbuf:	virtual address of the RX buffer
++ * @txbuf:	virtual address of the TX buffer
++ * @rxtx_min_pages:	RX/TX buffers minimum size in pages
++ *
++ * Data structure hosting the virtual addresses of the mapped RX/TX buffers
++ * These addresses are used by the FF-A functions that use the RX/TX buffers
++ */
++struct ffa_rxtxpair {
++	u64 rxbuf; /* virtual address */
++	u64 txbuf; /* virtual address */
++	size_t rxtx_min_pages; /* minimum number of pages in each of the RX/TX buffers */
++};
++
++/**
++ * struct ffa_partition_desc - the secure partition descriptor
++ * @info:	partition information
++ * @sp_uuid:	the secure partition UUID
++ *
++ * Each partition has its descriptor containing the partitions information and the UUID
++ */
++struct ffa_partition_desc {
++	struct ffa_partition_info info;
++	struct ffa_partition_uuid sp_uuid;
++};
++
++/**
++ * struct ffa_partitions - descriptors for all secure partitions
++ * @count:	The number of partitions descriptors
++ * @descs	The partitions descriptors table
++ *
++ * This data structure contains the partitions descriptors table
++ */
++struct ffa_partitions {
++	u32 count;
++	struct ffa_partition_desc *descs; /* virtual address */
++};
++
++/**
++ * struct ffa_prvdata - the driver private data structure
++ *
++ * @dev:	The arm_ffa device under u-boot driver model
++ * @ffa_ops:	The driver operations structure
++ * @fwk_version:	FF-A framework version
++ * @id:	u-boot endpoint ID
++ * @partitions:	The partitions descriptors structure
++ * @pair:	The RX/TX buffers pair
++ * @invoke_ffa_fn:	The function executing the FF-A function
++ *
++ * The driver data structure hosting all resident data.
++ */
++struct ffa_prvdata {
++	struct udevice *dev;
++	struct ffa_bus_ops ffa_ops;
++	u32 fwk_version;
++	u16 id;
++	struct ffa_partitions partitions;
++	struct ffa_rxtxpair pair;
++	invoke_ffa_fn_t invoke_ffa_fn;
++};
++
++/**
++ * ffa_device_get - create, bind and probe the arm_ffa device
++ */
++int ffa_device_get(void);
++
++/**
++ * ffa_bus_prvdata_get - bus driver private data getter
++ */
++struct ffa_prvdata **ffa_bus_prvdata_get(void);
++
++#endif
+diff --git a/drivers/firmware/arm-ffa/core.c b/drivers/firmware/arm-ffa/core.c
+new file mode 100644
+index 0000000000..41c7b96e68
+--- /dev/null
++++ b/drivers/firmware/arm-ffa/core.c
+@@ -0,0 +1,1344 @@
++// SPDX-License-Identifier: GPL-2.0+
++/*
++ * (C) Copyright 2022 ARM Limited
++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
++ */
++
++#include "arm_ffa_prv.h"
++#include <asm/global_data.h>
++#include <common.h>
++#include <dm.h>
++#include <dm/device-internal.h>
++#include <dm/devres.h>
++#include <dm/root.h>
++#include <linux/errno.h>
++#include <linux/sizes.h>
++#include <log.h>
++#include <malloc.h>
++#include <string.h>
++#include <uuid.h>
++
++DECLARE_GLOBAL_DATA_PTR;
++
++/**
++ * The device private data structure containing all the resident
++ * data read from secure world
++ */
++__ffa_runtime_data struct ffa_prvdata *ffa_priv_data;
++
++/* Error mapping declarations */
++
++__ffa_runtime_data int ffa_to_std_errmap[MAX_NUMBER_FFA_ERR] = {
++	0,
++	-EOPNOTSUPP,	/* NOT_SUPPORTED */
++	-EINVAL,	/* INVALID_PARAMETERS */
++	-ENOMEM,	/* NO_MEMORY */
++	-EBUSY,		/* BUSY */
++	-EINTR,		/* INTERRUPTED */
++	-EACCES,	/* DENIED */
++	-EAGAIN,	/* RETRY */
++	-ECANCELED,	/* ABORTED */
++};
++
++struct ffa_abi_errmap err_msg_map[FFA_ERRMAP_COUNT] = {
++	[FFA_ID_TO_ERRMAP_ID(FFA_VERSION)] = {
++		{
++			"",
++			"NOT_SUPPORTED: A Firmware Framework implementation does not exist",
++			"", /* INVALID_PARAMETERS */
++			"", /* NO_MEMORY */
++			"", /* BUSY */
++			"", /* INTERRUPTED */
++			"", /* DENIED */
++			"", /* RETRY */
++			"", /* ABORTED */
++		},
++	},
++	[FFA_ID_TO_ERRMAP_ID(FFA_ID_GET)] = {
++		{
++			"",
++			"NOT_SUPPORTED: This function is not implemented at this FF-A instance",
++			"", /* INVALID_PARAMETERS */
++			"", /* NO_MEMORY */
++			"", /* BUSY */
++			"", /* INTERRUPTED */
++			"", /* DENIED */
++			"", /* RETRY */
++			"", /* ABORTED */
++		},
++	},
++	[FFA_ID_TO_ERRMAP_ID(FFA_FEATURES)] = {
++		{
++			"",
++			"NOT_SUPPORTED: FFA_RXTX_MAP is not implemented at this FF-A instance",
++			"", /* INVALID_PARAMETERS */
++			"", /* NO_MEMORY */
++			"", /* BUSY */
++			"", /* INTERRUPTED */
++			"", /* DENIED */
++			"", /* RETRY */
++			"", /* ABORTED */
++		},
++	},
++	[FFA_ID_TO_ERRMAP_ID(FFA_PARTITION_INFO_GET)] = {
++		{
++			"",
++			"NOT_SUPPORTED: This function is not implemented at this FF-A instance",
++			"INVALID_PARAMETERS: Unrecognized UUID",
++			"NO_MEMORY: Results cannot fit in RX buffer of the caller",
++			"BUSY: RX buffer of the caller is not free",
++			"", /* INTERRUPTED */
++			"DENIED: Callee is not in a state to handle this request",
++			"", /* RETRY */
++			"", /* ABORTED */
++		},
++	},
++	[FFA_ID_TO_ERRMAP_ID(FFA_RXTX_UNMAP)] = {
++			{
++			"",
++			"NOT_SUPPORTED: FFA_RXTX_UNMAP is not implemented at this FF-A instance",
++			"INVALID_PARAMETERS: No buffer pair registered on behalf of the caller",
++			"", /* NO_MEMORY */
++			"", /* BUSY */
++			"", /* INTERRUPTED */
++			"", /* DENIED */
++			"", /* RETRY */
++			"", /* ABORTED */
++		},
++	},
++	[FFA_ID_TO_ERRMAP_ID(FFA_RX_RELEASE)] = {
++			{
++			"",
++			"NOT_SUPPORTED: FFA_RX_RELEASE is not implemented at this FF-A instance",
++			"", /* INVALID_PARAMETERS */
++			"", /* NO_MEMORY */
++			"", /* BUSY */
++			"", /* INTERRUPTED */
++			"DENIED: Caller did not have ownership of the RX buffer",
++			"", /* RETRY */
++			"", /* ABORTED */
++		},
++	},
++	[FFA_ID_TO_ERRMAP_ID(FFA_RXTX_MAP)] = {
++			{
++			"",
++			"NOT_SUPPORTED: This function is not implemented at this FF-A instance",
++			"INVALID_PARAMETERS: Field(s) in input parameters incorrectly encoded",
++			"NO_MEMORY: Not enough memory",
++			"", /* BUSY */
++			"", /* INTERRUPTED */
++			"DENIED: Buffer pair already registered",
++			"", /* RETRY */
++			"", /* ABORTED */
++		},
++	},
++};
++
++/**
++ * ffa_to_std_errno - convert FF-A error code to standard error code
++ * @ffa_errno:	Error code returned by the FF-A ABI
++ *
++ * This runtime function maps the given FF-A error code as specified
++ * by the spec to a u-boot standard error code.
++ *
++ * Return:
++ *
++ * The standard error code on success. . Otherwise, failure
++ */
++__ffa_runtime int ffa_to_std_errno(int ffa_errno)
++{
++	int err_idx = -ffa_errno;
++
++	/* map the FF-A error code to the standard u-boot error code */
++	if (err_idx > 0 && err_idx < MAX_NUMBER_FFA_ERR)
++		return ffa_to_std_errmap[err_idx];
++	return -EINVAL;
++}
++
++/**
++ * ffa_print_error_log - print the error log corresponding to the selected FF-A ABI
++ * @ffa_id:	FF-A ABI ID
++ * @ffa_errno:	Error code returned by the FF-A ABI
++ *
++ * This boot time function maps the FF-A error code to the error log relevant to the
++ * selected FF-A ABI. Then the error log is printed.
++ *
++ * Return:
++ *
++ * 0 on success. . Otherwise, failure
++ */
++int ffa_print_error_log(u32 ffa_id, int ffa_errno)
++{
++	int err_idx = -ffa_errno, abi_idx = 0;
++
++	/* map the FF-A error code to the corresponding error log */
++
++	if (err_idx <= 0 || err_idx >= MAX_NUMBER_FFA_ERR)
++		return -EINVAL;
++
++	if (ffa_id < FFA_FIRST_ID || ffa_id > FFA_LAST_ID)
++		return -EINVAL;
++
++	abi_idx = FFA_ID_TO_ERRMAP_ID(ffa_id);
++	if (abi_idx < 0 || abi_idx >= FFA_ERRMAP_COUNT)
++		return -EINVAL;
++
++	if (!err_msg_map[abi_idx].err_str || !err_msg_map[abi_idx].err_str[err_idx])
++		return -EINVAL;
++
++	ffa_err("%s", err_msg_map[abi_idx].err_str[err_idx]);
++
++	return 0;
++}
++
++/*
++ * Driver core functions
++ */
++
++/**
++ * ffa_remove_device - removes the arm_ffa device
++ * @dev:	the device to be removed
++ *
++ * This boot time function makes sure the arm_ffa device is removed
++ * No need to free the kmalloced data when the device is destroyed.
++ * It's automatically done by devm management by
++ * device_remove() -> device_free() -> devres_release_probe().
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++int ffa_remove_device(struct udevice *dev)
++{
++	int ret;
++
++	if (!dev) {
++		ffa_err("no udevice found");
++		return -ENODEV;
++	}
++
++	ret = device_remove(dev, DM_REMOVE_NORMAL);
++	if (ret) {
++		ffa_err("unable to remove. err:%d\n", ret);
++		return ret;
++	}
++
++	ffa_info("device removed and freed");
++
++	ret = device_unbind(dev);
++	if (ret) {
++		ffa_err("unable to unbind. err:%d\n", ret);
++		return ret;
++	}
++
++	ffa_info("device unbound");
++
++	return 0;
++}
++
++/**
++ * ffa_device_get - create, bind and probe the arm_ffa device
++ *
++ * This boot time function makes sure the arm_ffa device is
++ * created, bound to this driver, probed and ready to use.
++ * Arm FF-A transport is implemented through a single u-boot
++ * device managing the FF-A bus (arm_ffa).
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++int ffa_device_get(void)
++{
++	int ret;
++	struct udevice *dev = NULL;
++
++	ret = device_bind(dm_root(),
++			  DM_DRIVER_GET(arm_ffa),
++			  FFA_DRV_NAME,
++			  NULL,
++			  ofnode_null(),
++			  &dev);
++	if (ret)
++		return ret;
++
++	/* The FF-A bus discovery succeeds when probing is successful */
++	ret = device_probe(dev);
++	if (ret) {
++		ffa_err("arm_ffa device probing failed");
++		ffa_remove_device(dev);
++		return ret;
++	}
++
++	return 0;
++}
++
++/**
++ * ffa_get_version - FFA_VERSION handler function
++ *
++ * This is the boot time function that implements FFA_VERSION FF-A function
++ * to get from the secure world the FF-A framework version
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++static int ffa_get_version(void)
++{
++	u16 major, minor;
++	ffa_value_t res = {0};
++	int ffa_errno;
++
++	ffa_priv_data->invoke_ffa_fn((ffa_value_t){
++			.a0 = FFA_SMC_32(FFA_VERSION),
++			.a1 = FFA_VERSION_1_0, .a2 = 0, .a3 = 0, .a4 = 0, .a5 = 0, .a6 = 0, .a7 = 0,
++			}, &res);
++
++	ffa_errno = (int)res.a0;
++	if (ffa_errno < 0) {
++		ffa_print_error_log(FFA_VERSION, ffa_errno);
++		return ffa_to_std_errno(ffa_errno);
++	}
++
++	major = GET_FFA_MAJOR_VERSION((u32)res.a0);
++	minor = GET_FFA_MINOR_VERSION((u32)res.a0);
++
++	ffa_info("FF-A driver %d.%d\nFF-A framework %d.%d",
++		 FFA_MAJOR_VERSION, FFA_MINOR_VERSION, major, minor);
++
++	if ((major == FFA_MAJOR_VERSION && minor >= FFA_MINOR_VERSION)) {
++		ffa_info("Versions are compatible ");
++
++		ffa_priv_data->fwk_version = (u32)res.a0;
++
++		return 0;
++	}
++
++	ffa_err("versions are incompatible\nExpected: %d.%d , Found: %d.%d\n",
++		FFA_MAJOR_VERSION, FFA_MINOR_VERSION, major, minor);
++
++	return -EPROTONOSUPPORT;
++}
++
++/**
++ * ffa_get_endpoint_id - FFA_ID_GET handler function
++ *
++ * This is the boot time function that implements FFA_ID_GET FF-A function
++ * to get from the secure world u-boot endpoint ID
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++static int ffa_get_endpoint_id(void)
++{
++	ffa_value_t res = {0};
++	int ffa_errno;
++
++	ffa_priv_data->invoke_ffa_fn((ffa_value_t){
++			.a0 = FFA_SMC_32(FFA_ID_GET),
++			.a1 = 0, .a2 = 0, .a3 = 0, .a4 = 0, .a5 = 0, .a6 = 0, .a7 = 0,
++			}, &res);
++
++	if (res.a0 == FFA_SMC_32(FFA_SUCCESS)) {
++		ffa_priv_data->id = GET_SELF_ENDPOINT_ID((u32)res.a2);
++		ffa_info("endpoint ID is %u", ffa_priv_data->id);
++
++		return 0;
++	}
++
++	ffa_errno = (int)res.a2;
++
++	ffa_print_error_log(FFA_ID_GET, ffa_errno);
++
++	return ffa_to_std_errno(ffa_errno);
++}
++
++/**
++ * ffa_set_rxtx_buffers_pages_cnt - sets the minimum number of pages in each of the RX/TX buffers
++ * @prop_field: properties field obtained from FFA_FEATURES ABI
++ *
++ * This boot time function sets the minimum number of pages
++ *  in each of the RX/TX buffers in the private data structure
++ *
++ * Return:
++ *
++ * buf_4k_pages points to the returned number of pages
++ * 0 on success. Otherwise, failure
++ */
++static int ffa_set_rxtx_buffers_pages_cnt(u32 prop_field)
++{
++	if (!ffa_priv_data)
++		return -EINVAL;
++
++	switch (prop_field) {
++	case RXTX_4K:
++		ffa_priv_data->pair.rxtx_min_pages = 1;
++		break;
++	case RXTX_16K:
++		ffa_priv_data->pair.rxtx_min_pages = 4;
++		break;
++	case RXTX_64K:
++		ffa_priv_data->pair.rxtx_min_pages = 16;
++		break;
++	default:
++		ffa_err("RX/TX buffer size not supported");
++		return -EINVAL;
++	}
++
++	return 0;
++}
++
++/**
++ * ffa_get_rxtx_map_features - FFA_FEATURES handler function with FFA_RXTX_MAP argument
++ *
++ * This is the boot time function that implements FFA_FEATURES FF-A function
++ * to retrieve the FFA_RXTX_MAP features
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++static int ffa_get_rxtx_map_features(void)
++{
++	ffa_value_t res = {0};
++	int ffa_errno;
++
++	ffa_priv_data->invoke_ffa_fn((ffa_value_t){
++			.a0 = FFA_SMC_32(FFA_FEATURES),
++			.a1 = FFA_SMC_64(FFA_RXTX_MAP),
++			.a2 = 0, .a3 = 0, .a4 = 0, .a5 = 0, .a6 = 0, .a7 = 0,
++			}, &res);
++
++	if (res.a0 == FFA_SMC_32(FFA_SUCCESS))
++		return ffa_set_rxtx_buffers_pages_cnt((u32)res.a2);
++
++	ffa_errno = (int)res.a2;
++	ffa_print_error_log(FFA_FEATURES, ffa_errno);
++
++	return ffa_to_std_errno(ffa_errno);
++}
++
++/**
++ * ffa_free_rxtx_buffers - frees the RX/TX buffers
++ *
++ * This is the boot time function used to free the RX/TX buffers
++ *
++ */
++static void ffa_free_rxtx_buffers(void)
++{
++	ffa_info("Freeing RX/TX buffers");
++
++	if (ffa_priv_data->pair.rxbuf) {
++		free((void *)ffa_priv_data->pair.rxbuf);
++		ffa_priv_data->pair.rxbuf = 0;
++	}
++
++	if (ffa_priv_data->pair.txbuf) {
++		free((void *)ffa_priv_data->pair.txbuf);
++		ffa_priv_data->pair.txbuf = 0;
++	}
++}
++
++/**
++ * ffa_alloc_rxtx_buffers - allocates the RX/TX buffers
++ *
++ * This is the boot time function used by ffa_map_rxtx_buffers to allocate
++ * the RX/TX buffers before mapping them. The allocated memory is physically
++ * contiguous since memalign ends up calling malloc which allocates
++ * contiguous memory in u-boot.
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++static int ffa_alloc_rxtx_buffers(void)
++{
++	u64 bytes;
++
++	ffa_info("Using %lu 4KB page(s) for RX/TX buffers size",
++		 ffa_priv_data->pair.rxtx_min_pages);
++
++	bytes = ffa_priv_data->pair.rxtx_min_pages * SZ_4K;
++
++	/* RX/TX buffers addresses should be PAGE_SIZE aligned */
++
++	ffa_priv_data->pair.rxbuf = (u64)memalign(PAGE_SIZE, bytes);
++	if (!ffa_priv_data->pair.rxbuf) {
++		ffa_err("failure to allocate RX buffer");
++		return -ENOBUFS;
++	}
++
++	ffa_info("RX buffer at virtual address 0x%llx", ffa_priv_data->pair.rxbuf);
++
++	ffa_priv_data->pair.txbuf = (u64)memalign(PAGE_SIZE, bytes);
++	if (!ffa_priv_data->pair.txbuf) {
++		free((void *)ffa_priv_data->pair.rxbuf);
++		ffa_priv_data->pair.rxbuf = 0;
++		ffa_err("failure to allocate the TX buffer");
++		return -ENOBUFS;
++	}
++
++	ffa_info("TX buffer at virtual address 0x%llx", ffa_priv_data->pair.txbuf);
++
++	/*
++	 * make sure the buffers are cleared before use
++	 */
++	memset((void *)ffa_priv_data->pair.rxbuf, 0, bytes);
++	memset((void *)ffa_priv_data->pair.txbuf, 0, bytes);
++
++	return 0;
++}
++
++/**
++ * ffa_map_rxtx_buffers - FFA_RXTX_MAP handler function
++ *
++ * This is the boot time function that implements FFA_RXTX_MAP FF-A function
++ * to map the RX/TX buffers
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++static int ffa_map_rxtx_buffers(void)
++{
++	int ret;
++	ffa_value_t res = {0};
++	int ffa_errno;
++
++	ret = ffa_alloc_rxtx_buffers();
++	if (ret)
++		return ret;
++
++	/*
++	 * we need to pass the physical addresses of the RX/TX buffers
++	 * in u-boot physical/virtual mapping is 1:1
++	 *no need to convert from virtual to physical
++	 */
++
++	ffa_priv_data->invoke_ffa_fn((ffa_value_t){
++			.a0 = FFA_SMC_64(FFA_RXTX_MAP),
++			.a1 = ffa_priv_data->pair.txbuf,
++			.a2 = ffa_priv_data->pair.rxbuf,
++			.a3 = ffa_priv_data->pair.rxtx_min_pages,
++			.a4 = 0, .a5 = 0, .a6 = 0, .a7 = 0,
++			}, &res);
++
++	if (res.a0 == FFA_SMC_32(FFA_SUCCESS)) {
++		ffa_info("RX/TX buffers mapped");
++		return 0;
++	}
++
++	ffa_errno = (int)res.a2;
++	ffa_print_error_log(FFA_RXTX_MAP, ffa_errno);
++
++	ffa_free_rxtx_buffers();
++
++	return ffa_to_std_errno(ffa_errno);
++}
++
++/**
++ * ffa_unmap_rxtx_buffers - FFA_RXTX_UNMAP handler function
++ *
++ * This is the boot time function that implements FFA_RXTX_UNMAP FF-A function
++ * to unmap the RX/TX buffers
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++static int ffa_unmap_rxtx_buffers(void)
++{
++	ffa_value_t res = {0};
++	int ffa_errno;
++
++	ffa_priv_data->invoke_ffa_fn((ffa_value_t){
++			.a0 = FFA_SMC_32(FFA_RXTX_UNMAP),
++			.a1 = PREP_SELF_ENDPOINT_ID(ffa_priv_data->id),
++			.a2 = 0, .a3 = 0, .a4 = 0, .a5 = 0, .a6 = 0, .a7 = 0,
++			}, &res);
++
++	if (res.a0 == FFA_SMC_32(FFA_SUCCESS)) {
++		ffa_free_rxtx_buffers();
++		return 0;
++	}
++
++	ffa_errno = (int)res.a2;
++	ffa_print_error_log(FFA_RXTX_UNMAP, ffa_errno);
++
++	return ffa_to_std_errno(ffa_errno);
++}
++
++/**
++ * ffa_release_rx_buffer - FFA_RX_RELEASE handler function
++ *
++ * This is the boot time function that invokes FFA_RX_RELEASE FF-A function
++ * to release the ownership of the RX buffer
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++static int ffa_release_rx_buffer(void)
++{
++	ffa_value_t res = {0};
++	int ffa_errno;
++
++	ffa_priv_data->invoke_ffa_fn((ffa_value_t){
++			.a0 = FFA_SMC_32(FFA_RX_RELEASE),
++			.a1 = 0, .a2 = 0, .a3 = 0, .a4 = 0, .a5 = 0, .a6 = 0, .a7 = 0,
++			}, &res);
++
++	if (res.a0 == FFA_SMC_32(FFA_SUCCESS))
++		return 0;
++
++	ffa_errno = (int)res.a2;
++	ffa_print_error_log(FFA_RX_RELEASE, ffa_errno);
++
++	return ffa_to_std_errno(ffa_errno);
++}
++
++/**
++ * ffa_uuid_are_identical - checks whether two given UUIDs are identical
++ * @uuid1: first UUID
++ * @uuid2: second UUID
++ *
++ * This is a boot time function used by ffa_read_partitions_info to search
++ * for a UUID in the partitions descriptors table
++ *
++ * Return:
++ *
++ * 1 when UUIDs match. Otherwise, 0
++ */
++int ffa_uuid_are_identical(const struct ffa_partition_uuid *uuid1,
++			   const struct ffa_partition_uuid *uuid2)
++{
++	if (!uuid1 || !uuid2)
++		return 0;
++
++	return (!memcmp(uuid1, uuid2, sizeof(struct ffa_partition_uuid)));
++}
++
++/**
++ * ffa_read_partitions_info - reads the data queried by FFA_PARTITION_INFO_GET
++ *							and saves it in the private structure
++ * @count: The number of partitions queried
++ * @part_uuid: Pointer to the partition(s) UUID
++ *
++ * This is the boot time function that reads the partitions information
++ * returned by the FFA_PARTITION_INFO_GET and saves it in the private
++ * data structure.
++ *
++ * Return:
++ *
++ * The private data structure is updated with the partition(s) information
++ * 0 is returned on success. Otherwise, failure
++ */
++static int ffa_read_partitions_info(u32 count, struct ffa_partition_uuid *part_uuid)
++{
++	if (!count) {
++		ffa_err("no partition detected");
++		return -ENODATA;
++	}
++
++	ffa_info("Reading partitions data from the RX buffer");
++
++	if (!part_uuid) {
++		/*
++		 * querying information of all partitions
++		 */
++		u64 buf_bytes;
++		u64 data_bytes;
++		u32 desc_idx;
++		struct ffa_partition_info *parts_info;
++
++		data_bytes = count * sizeof(struct ffa_partition_desc);
++
++		buf_bytes = ffa_priv_data->pair.rxtx_min_pages * SZ_4K;
++
++		if (data_bytes > buf_bytes) {
++			ffa_err("partitions data size exceeds the RX buffer size:");
++			ffa_err("    sizes in bytes: data %llu , RX buffer %llu ",
++				data_bytes,
++				buf_bytes);
++
++			return -ENOMEM;
++		}
++
++		ffa_priv_data->partitions.descs = (struct ffa_partition_desc *)
++			devm_kmalloc(ffa_priv_data->dev, data_bytes, __GFP_ZERO);
++		if (!ffa_priv_data->partitions.descs) {
++			ffa_err("cannot  allocate partitions data buffer");
++			return -ENOMEM;
++		}
++
++		parts_info = (struct ffa_partition_info *)ffa_priv_data->pair.rxbuf;
++
++		for (desc_idx = 0 ; desc_idx < count ; desc_idx++) {
++			ffa_priv_data->partitions.descs[desc_idx].info =
++				parts_info[desc_idx];
++
++			ffa_info("Partition ID %x : info cached",
++				 ffa_priv_data->partitions.descs[desc_idx].info.id);
++		}
++
++		ffa_priv_data->partitions.count = count;
++
++		ffa_info("%d partition(s) found and cached", count);
++
++	} else {
++		u32 rx_desc_idx, cached_desc_idx;
++		struct ffa_partition_info *parts_info;
++		u8 desc_found;
++
++		parts_info = (struct ffa_partition_info *)ffa_priv_data->pair.rxbuf;
++
++		/*
++		 * search for the SP IDs read from the RX buffer
++		 * in the already cached SPs.
++		 * Update the UUID when ID found.
++		 */
++		for (rx_desc_idx = 0; rx_desc_idx < count ; rx_desc_idx++) {
++			desc_found = 0;
++
++			/*
++			 * search the current ID in the cached partitions
++			 */
++			for (cached_desc_idx = 0;
++			     cached_desc_idx < ffa_priv_data->partitions.count;
++			     cached_desc_idx++) {
++				/*
++				 * save the UUID
++				 */
++				if (ffa_priv_data->partitions.descs[cached_desc_idx].info.id ==
++				    parts_info[rx_desc_idx].id) {
++					ffa_priv_data->partitions.descs[cached_desc_idx].sp_uuid =
++						*part_uuid;
++
++					desc_found = 1;
++					break;
++				}
++			}
++
++			if (!desc_found)
++				return -ENODATA;
++		}
++	}
++
++	return  0;
++}
++
++/**
++ * ffa_query_partitions_info - invokes FFA_PARTITION_INFO_GET and saves partitions data
++ *
++ * @part_uuid: Pointer to the partition(s) UUID
++ * @pcount: Pointer to the number of partitions variable filled when querying
++ *
++ * This is the boot time function that executes the FFA_PARTITION_INFO_GET
++ * to query the partitions data. Then, it calls ffa_read_partitions_info
++ * to save the data in the private data structure.
++ *
++ * After reading the data the RX buffer is released using ffa_release_rx_buffer
++ *
++ * Return:
++ *
++ * When part_uuid is NULL, all partitions data are retrieved from secure world
++ * When part_uuid is non NULL, data for partitions matching the given UUID are
++ * retrieved and the number of partitions is returned
++ * 0 is returned on success. Otherwise, failure
++ */
++static int ffa_query_partitions_info(struct ffa_partition_uuid *part_uuid,
++				     u32 *pcount)
++{
++	struct ffa_partition_uuid query_uuid = {0};
++	ffa_value_t res = {0};
++	int ffa_errno;
++
++	/*
++	 * If a UUID is specified. Information for one or more
++	 * partitions in the system is queried. Otherwise, information
++	 * for all installed partitions is queried
++	 */
++
++	if (part_uuid) {
++		if (!pcount)
++			return -EINVAL;
++
++		query_uuid = *part_uuid;
++	} else if (pcount) {
++		return -EINVAL;
++	}
++
++	ffa_priv_data->invoke_ffa_fn((ffa_value_t){
++			.a0 = FFA_SMC_32(FFA_PARTITION_INFO_GET),
++			.a1 = query_uuid.a1,
++			.a2 = query_uuid.a2,
++			.a3 = query_uuid.a3,
++			.a4 = query_uuid.a4,
++			.a5 = 0,
++			.a6 = 0,
++			.a7 = 0,
++			}, &res);
++
++	if (res.a0 == FFA_SMC_32(FFA_SUCCESS)) {
++		int ret;
++
++		/*
++		 * res.a2 contains the count of partition information descriptors
++		 * populated in the RX buffer
++		 */
++		if (res.a2) {
++			ret = ffa_read_partitions_info((u32)res.a2, part_uuid);
++			if (ret) {
++				ffa_err("failed to read partition(s) data , error (%d)", ret);
++				ffa_release_rx_buffer();
++				return -EINVAL;
++			}
++		}
++
++		/*
++		 * return the SP count (when querying using a UUID)
++		 */
++		if (pcount)
++			*pcount = (u32)res.a2;
++
++		/*
++		 * After calling FFA_PARTITION_INFO_GET the buffer ownership
++		 * is assigned to the consumer (u-boot). So, we need to give
++		 * the ownership back to the SPM or hypervisor
++		 */
++		ret = ffa_release_rx_buffer();
++
++		return ret;
++	}
++
++	ffa_errno = (int)res.a2;
++	ffa_print_error_log(FFA_PARTITION_INFO_GET, ffa_errno);
++
++	return ffa_to_std_errno(ffa_errno);
++}
++
++/**
++ * ffa_get_partitions_info - FFA_PARTITION_INFO_GET handler function
++ *
++ * The passed arguments:
++ * Mode 1: When getting from the driver the number of
++ *	secure partitions:
++ *	@uuid_str: pointer to the UUID string
++ *	@parts_size: pointer to the variable that contains the number of partitions
++ *			 The variable will be set by the driver
++ *	@buffer: NULL
++ *
++ * Mode 2: When requesting the driver to return the
++ *	partitions information:
++ *	@uuid_str: pointer to the UUID string
++ *	@parts_size: pointer to the size of the SPs information buffer in bytes
++ *	@buffer: pointer to SPs information buffer
++ *		(allocated by the client).
++ *		The buffer will be filled by the driver
++ *
++ * This is the boot time function that queries the secure partition data from
++ * the private data structure. If not found, it invokes FFA_PARTITION_INFO_GET
++ * FF-A function to query the partition information from secure world.
++ *
++ * A client of the FF-A driver should know the UUID of the service it wants to
++ * access. It should use the UUID to request the FF-A driver to provide the
++ * partition(s) information of the service. The FF-A driver uses
++ * PARTITION_INFO_GET to obtain this information. This is implemented through
++ * ffa_get_partitions_info function.
++ * A new FFA_PARTITION_INFO_GET call is issued (first one performed through
++ * ffa_cache_partitions_info) allowing to retrieve the partition(s) information.
++ * They are not saved (already done). We only update the UUID in the cached area.
++ * This assumes that partitions data does not change in the secure world.
++ * Otherwise u-boot will have an outdated partition data. The benefit of caching
++ * the information in the FF-A driver is to accommodate discovery after
++ * ExitBootServices().
++ *
++ * When invoked through a client request, ffa_get_partitions_info should be
++ * called twice. First call is to get from the driver the number of secure
++ * partitions (SPs) associated to a particular UUID.
++ * Then, the caller (client) allocates the buffer to host the SPs data and
++ * issues a 2nd call. Then, the driver fills the SPs data in the pre-allocated
++ * buffer.
++ *
++ * To achieve the mechanism described above, ffa_get_partitions_info uses the
++ * following functions:
++ *		ffa_read_partitions_info
++ *		ffa_query_partitions_info
++ *
++ * Return:
++ *
++ * @parts_size: When pointing to the number of partitions variable, the number is
++ * set by the driver.
++ * When pointing to the partitions information buffer size, the buffer will be
++ * filled by the driver.
++ *
++ * On success 0 is returned. Otherwise, failure
++ */
++static int ffa_get_partitions_info(const char *uuid_str,
++				   u32 *parts_size, struct ffa_partition_info *buffer)
++{
++	/*
++	 * fill_data:
++	 * 0: return the SP count
++	 * 1: fill SP data and return it to the caller
++	 * -1: undefined mode
++	 */
++	int fill_data = -1;
++	u32 desc_idx, client_desc_idx;
++	struct ffa_partition_uuid part_uuid = {0};
++	u32 client_desc_max_cnt;
++	u32 parts_found = 0;
++
++	if (!ffa_priv_data->partitions.count || !ffa_priv_data->partitions.descs) {
++		ffa_err("no partition installed");
++		return -EINVAL;
++	}
++
++	if (!uuid_str) {
++		ffa_err("no UUID provided");
++		return -EINVAL;
++	}
++
++	if (!parts_size) {
++		ffa_err("no size/count provided");
++		return -EINVAL;
++	}
++
++	if (be_uuid_str_to_le_bin(uuid_str, (unsigned char *)&part_uuid)) {
++		ffa_err("invalid UUID");
++		return -EINVAL;
++	}
++
++	if (!buffer) {
++		/* Mode 1: getting the number of secure partitions */
++
++		fill_data = 0;
++
++		ffa_info("Preparing for checking partitions count");
++
++	} else if ((*parts_size >= sizeof(struct ffa_partition_info)) &&
++		   !(*parts_size % sizeof(struct ffa_partition_info))) {
++		/* Mode 2: retrieving the partitions information */
++
++		fill_data = 1;
++
++		client_desc_idx = 0;
++
++		/*
++		 * number of empty descriptors preallocated by the caller
++		 */
++		client_desc_max_cnt = *parts_size / sizeof(struct ffa_partition_info);
++
++		ffa_info("Preparing for filling partitions info");
++
++	} else {
++		ffa_err("invalid function arguments provided");
++		return -EINVAL;
++	}
++
++	ffa_info("Searching partitions using the provided UUID");
++
++	/*
++	 * search in the cached partitions
++	 */
++	for (desc_idx = 0;
++	     desc_idx < ffa_priv_data->partitions.count;
++	     desc_idx++) {
++		if (ffa_uuid_are_identical(&ffa_priv_data->partitions.descs[desc_idx].sp_uuid,
++					   &part_uuid)) {
++			ffa_info("Partition ID %x matches the provided UUID",
++				 ffa_priv_data->partitions.descs[desc_idx].info.id);
++
++			parts_found++;
++
++			if (fill_data) {
++				/*
++				 * trying to fill the partition info in the input buffer
++				 */
++
++				if (client_desc_idx < client_desc_max_cnt) {
++					buffer[client_desc_idx++] =
++						ffa_priv_data->partitions.descs[desc_idx].info;
++					continue;
++				}
++
++				ffa_err("failed to fill the current descriptor client buffer full");
++				return -ENOBUFS;
++			}
++		}
++	}
++
++	if (!parts_found) {
++		int ret;
++
++		ffa_info("No partition found. Querying framework ...");
++
++		ret = ffa_query_partitions_info(&part_uuid, &parts_found);
++
++		if (ret == 0) {
++			if (!fill_data) {
++				*parts_size = parts_found;
++
++				ffa_info("Number of partition(s) found matching the UUID: %d",
++					 parts_found);
++			} else {
++				/*
++				 * If SPs data detected, they are already in the private data
++				 * structure, retry searching SP data again to return them
++				 *  to the caller
++				 */
++				if (parts_found)
++					ret = ffa_get_partitions_info(uuid_str, parts_size, buffer);
++				else
++					ret = -ENODATA;
++			}
++		}
++
++		return ret;
++	}
++
++	/* partition(s) found */
++	if (!fill_data)
++		*parts_size = parts_found;
++
++	return 0;
++}
++
++/**
++ * ffa_cache_partitions_info - Queries and saves all secure partitions data
++ *
++ * This is a boot time function that invokes FFA_PARTITION_INFO_GET FF-A
++ * function to query from secure world all partitions information.
++ *
++ * The FFA_PARTITION_INFO_GET call is issued with nil UUID as an argument.
++ * All installed partitions information are returned. We cache them in the
++ * resident private data structure and we keep the UUID field empty
++ * (in FF-A 1.0 UUID is not provided by the partition descriptor)
++ *
++ * This function is called at the device probing level.
++ * ffa_cache_partitions_info uses ffa_query_partitions_info to get the data
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++static int ffa_cache_partitions_info(void)
++{
++	return ffa_query_partitions_info(NULL, NULL);
++}
++
++/**
++ * ffa_msg_send_direct_req - FFA_MSG_SEND_DIRECT_{REQ,RESP} handler function
++ * @dst_part_id: destination partition ID
++ * @msg: pointer to the message data preallocated by the client (in/out)
++ *
++ * This is the runtime function that implements FFA_MSG_SEND_DIRECT_{REQ,RESP}
++ * FF-A functions.
++ *
++ * FFA_MSG_SEND_DIRECT_REQ is used to send the data to the secure partition.
++ * The response from the secure partition is handled by reading the
++ * FFA_MSG_SEND_DIRECT_RESP arguments.
++ *
++ * The maximum size of the data that can be exchanged is 40 bytes which is
++ * sizeof(struct ffa_send_direct_data) as defined by the FF-A specification 1.0
++ * in the section relevant to FFA_MSG_SEND_DIRECT_{REQ,RESP}
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++static int __ffa_runtime ffa_msg_send_direct_req(u16 dst_part_id, struct ffa_send_direct_data *msg)
++{
++	ffa_value_t res = {0};
++	int ffa_errno;
++
++	if (!ffa_priv_data || !ffa_priv_data->invoke_ffa_fn)
++		return -EINVAL;
++
++	/* No partition installed */
++	if (!ffa_priv_data->partitions.count || !ffa_priv_data->partitions.descs)
++		return -ENODEV;
++
++	ffa_priv_data->invoke_ffa_fn((ffa_value_t){
++			.a0 = FFA_SMC_64(FFA_MSG_SEND_DIRECT_REQ),
++			.a1 = PREP_SELF_ENDPOINT_ID(ffa_priv_data->id) |
++				PREP_PART_ENDPOINT_ID(dst_part_id),
++			.a2 = 0,
++			.a3 = msg->data0,
++			.a4 = msg->data1,
++			.a5 = msg->data2,
++			.a6 = msg->data3,
++			.a7 = msg->data4,
++			}, &res);
++
++	while (res.a0 == FFA_SMC_32(FFA_INTERRUPT))
++		ffa_priv_data->invoke_ffa_fn((ffa_value_t){
++			.a0 = FFA_SMC_32(FFA_RUN),
++			.a1 = res.a1, .a2 = 0, .a3 = 0, .a4 = 0, .a5 = 0, .a6 = 0, .a7 = 0,
++			}, &res);
++
++	if (res.a0 == FFA_SMC_32(FFA_SUCCESS)) {
++		/* Message sent with no response */
++		return 0;
++	}
++
++	if (res.a0 == FFA_SMC_64(FFA_MSG_SEND_DIRECT_RESP)) {
++		/*
++		 * Message sent with response
++		 * extract the return data
++		 */
++		msg->data0 = res.a3;
++		msg->data1 = res.a4;
++		msg->data2 = res.a5;
++		msg->data3 = res.a6;
++		msg->data4 = res.a7;
++
++		return 0;
++	}
++
++	ffa_errno = (int)res.a2;
++	return ffa_to_std_errno(ffa_errno);
++}
++
++/**
++ * __arm_ffa_fn_smc - SMC wrapper
++ * @args: FF-A ABI arguments to be copied to Xn registers
++ * @res: FF-A ABI return data to be copied from Xn registers
++ *
++ * Calls low level SMC assembly function
++ *
++ * Return: void
++ */
++void __ffa_runtime __arm_ffa_fn_smc(ffa_value_t args, ffa_value_t *res)
++{
++	arm_smccc_1_2_smc(&args, res);
++}
++
++/**
++ * ffa_set_smc_conduit - Set the SMC conduit
++ *
++ * This boot time function selects the SMC conduit by setting the driver invoke function
++ * to SMC assembly function
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++static int ffa_set_smc_conduit(void)
++{
++	ffa_priv_data->invoke_ffa_fn = __arm_ffa_fn_smc;
++
++	if (!ffa_priv_data->invoke_ffa_fn) {
++		ffa_err("failure to set the invoke function");
++		return -EINVAL;
++	}
++
++	ffa_info("Conduit is SMC");
++
++	return 0;
++}
++
++/**
++ * ffa_set_bus_ops - Set the bus driver operations
++ *
++ * Setting the driver callbacks.
++ *
++ */
++static void ffa_set_bus_ops(void)
++{
++	ffa_priv_data->ffa_ops.partition_info_get = ffa_get_partitions_info;
++	ffa_priv_data->ffa_ops.sync_send_receive = ffa_msg_send_direct_req;
++	ffa_priv_data->ffa_ops.rxtx_unmap = ffa_unmap_rxtx_buffers;
++}
++
++/**
++ * ffa_alloc_prvdata - allocate the driver main data structure and sets the device
++ * @dev:	the arm_ffa device
++ *
++ * This boot time function creates the main data structure embedding all the driver data.
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++static int ffa_alloc_prvdata(struct udevice *dev)
++{
++	if (!dev) {
++		ffa_err("no udevice found");
++		return -ENODEV;
++	}
++
++	/* The device is registered with the DM. Let's create the driver main data structure*/
++
++	ffa_priv_data = devm_kmalloc(dev, sizeof(struct ffa_prvdata), __GFP_ZERO);
++	if (!ffa_priv_data) {
++		ffa_err("can not allocate the driver main data structure");
++		return -ENOMEM;
++	}
++
++	ffa_priv_data->dev = dev;
++
++	return 0;
++}
++
++/**
++ * ffa_probe - The driver probe function
++ * @dev:	the arm_ffa device
++ *
++ * Probing is done at boot time and triggered by the uclass device discovery.
++ * At probe level the following actions are done:
++ *	- setting the conduit
++ *	- querying the FF-A framework version
++ *	- querying from secure world the u-boot endpoint ID
++ *	- querying from secure world the supported features of FFA_RXTX_MAP
++ *	- mapping the RX/TX buffers
++ *	- querying from secure world all the partitions information
++ *
++ * All data queried from secure world is saved in the resident private data structure.
++ *
++ * The probe will fail if either FF-A framework is not detected or the
++ * FF-A requests are not behaving correctly. This ensures that the
++ * driver is not installed and its operations are not exported to the clients.
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++static int ffa_probe(struct udevice *dev)
++{
++	int ret;
++
++	ret = ffa_alloc_prvdata(dev);
++	if (ret != 0)
++		return ret;
++
++	ffa_set_bus_ops();
++
++	ret = ffa_set_smc_conduit();
++	if (ret != 0)
++		return ret;
++
++	ret = ffa_get_version();
++	if (ret != 0)
++		return ret;
++
++	ret = ffa_get_endpoint_id();
++	if (ret != 0)
++		return ret;
++
++	ret = ffa_get_rxtx_map_features();
++	if (ret != 0)
++		return ret;
++
++	ret = ffa_map_rxtx_buffers();
++	if (ret != 0)
++		return ret;
++
++	ret = ffa_cache_partitions_info();
++	if (ret != 0) {
++		ffa_free_rxtx_buffers();
++		return ret;
++	}
++
++	return 0;
++}
++
++/**
++ * ffa_remove - The driver remove function
++ * @dev:	the arm_ffa device
++ * When the device is about to be removed ,  unmap the RX/TX buffers and free the memory
++ * Return:
++ *
++ * 0 on success.
++ */
++static int ffa_remove(struct udevice *dev)
++{
++	ffa_info("removing the device");
++
++	ffa_unmap_rxtx_buffers();
++
++	if (ffa_priv_data->pair.rxbuf || ffa_priv_data->pair.txbuf)
++		ffa_free_rxtx_buffers();
++
++	return 0;
++}
++
++/**
++ * ffa_unbind - The driver unbind function
++ * @dev:	the arm_ffa device
++ * After the device is removed and memory freed the device is unbound
++ * Return:
++ *
++ * 0 on success.
++ */
++static int ffa_unbind(struct udevice *dev)
++{
++	ffa_info("unbinding the device , private data already released");
++
++	ffa_priv_data = NULL;
++
++	return 0;
++}
++
++/**
++ * ffa_bus_ops_get - bus driver operations getter
++ *
++ * Return:
++ * This runtime function returns a pointer to the driver operations structure
++ */
++const struct ffa_bus_ops * __ffa_runtime ffa_bus_ops_get(void)
++{
++	return &ffa_priv_data->ffa_ops;
++}
++
++/**
++ * ffa_bus_prvdata_get - bus driver private data getter
++ *
++ * Return:
++ * This boot time function returns a pointer to the main private data structure
++ */
++struct ffa_prvdata **ffa_bus_prvdata_get(void)
++{
++	return &ffa_priv_data;
++}
++
++/**
++ * ffa_bus_discover - discover FF-A bus and probe the arm_ffa device
++ *
++ * This boot time function makes sure the FF-A bus is discoverable.
++ * Then, the arm_ffa device is probed and ready to use.
++ * This function is called automatically at initcalls
++ * level (after u-boot relocation).
++ *
++ * When the bus was already discovered successfully the discovery will not run again.
++ *
++ * Arm FF-A transport is implemented through arm_ffa u-boot device managing the FF-A
++ * communication.
++ * All FF-A clients should use the arm_ffa device to use the FF-A transport.
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++int ffa_bus_discover(void)
++{
++	int ret = 0;
++
++	if (!ffa_priv_data)
++		ret = ffa_device_get();
++
++	return ret;
++}
++
++/**
++ * Declaring the arm_ffa driver under UCLASS_FFA
++ */
++
++U_BOOT_DRIVER(arm_ffa) = {
++	.name		= FFA_DRV_NAME,
++	.id		= UCLASS_FFA,
++	.probe		= ffa_probe,
++	.remove		= ffa_remove,
++	.unbind		= ffa_unbind,
++};
+diff --git a/drivers/firmware/arm-ffa/efi_ffa_runtime_data_mgr.c b/drivers/firmware/arm-ffa/efi_ffa_runtime_data_mgr.c
+new file mode 100644
+index 0000000000..c76cf2147b
+--- /dev/null
++++ b/drivers/firmware/arm-ffa/efi_ffa_runtime_data_mgr.c
+@@ -0,0 +1,94 @@
++// SPDX-License-Identifier: GPL-2.0+
++/*
++ * (C) Copyright 2022 ARM Limited
++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
++ */
++
++#include "arm_ffa_prv.h"
++
++/**
++ * ffa_copy_runtime_data - copy the private data structure  to the runtime area
++ *
++ * This boot time function copies the arm_ffa driver data structures including
++ *  partitions data to the EFI runtime data section.
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++efi_status_t ffa_copy_runtime_data(void)
++{
++	efi_status_t efi_ret;
++	efi_uintn_t prvdata_pages;
++	efi_uintn_t descs_pages;
++	struct ffa_prvdata **prvdata = NULL; /* Pointer to the current structure */
++	struct ffa_prvdata *runtime_prvdata = NULL; /* Pointer to the structure runtime copy */
++	u64 runtime_descs = 0;
++
++	prvdata = ffa_bus_prvdata_get();
++
++	printf("INFO: EFI: FFA: prv data area at 0x%llx\n", (u64)prvdata);
++
++	/* allocate private data runtime area */
++
++	prvdata_pages = efi_size_in_pages(sizeof(struct ffa_prvdata));
++	efi_ret = efi_allocate_pages(EFI_ALLOCATE_ANY_PAGES,
++				     EFI_RUNTIME_SERVICES_DATA,
++				     prvdata_pages,
++				     (u64 *)&runtime_prvdata);
++
++	if (efi_ret != EFI_SUCCESS) {
++		printf("ERROR: EFI: FFA: allocating runtime data (err: 0x%lx, addr 0x%llx)\n",
++		       efi_ret, (u64)runtime_prvdata);
++
++		return efi_ret;
++	}
++
++	printf("INFO: EFI: FFA: runtime data area at 0x%llx\n", (u64)runtime_prvdata);
++
++	if (!runtime_prvdata)
++		return EFI_INVALID_PARAMETER;
++
++	/* allocate the partition data runtime area */
++
++	descs_pages = efi_size_in_pages((*prvdata)->partitions.count *
++					sizeof(struct ffa_partition_desc));
++	efi_ret = efi_allocate_pages(EFI_ALLOCATE_ANY_PAGES,
++				     EFI_RUNTIME_SERVICES_DATA,
++				     descs_pages,
++				     &runtime_descs);
++
++	if (efi_ret != EFI_SUCCESS) {
++		printf("ERROR: EFI: FFA: allocating runtime SPs data (err: 0x%lx, addr 0x%llx)\n",
++		       efi_ret, runtime_descs);
++
++		efi_free_pages((u64)runtime_prvdata, prvdata_pages);
++
++		return efi_ret;
++	}
++
++	printf("INFO: EFI: FFA: SPs runtime area at 0x%llx\n", (u64)runtime_descs);
++
++	if (!runtime_descs)
++		return EFI_INVALID_PARAMETER;
++
++	*runtime_prvdata = **prvdata;
++
++	runtime_prvdata->dev = NULL;
++	runtime_prvdata->ffa_ops.partition_info_get = NULL;
++	runtime_prvdata->ffa_ops.rxtx_unmap = NULL;
++	runtime_prvdata->partitions.descs = (struct ffa_partition_desc *)runtime_descs;
++	runtime_prvdata->pair.rxbuf = 0;
++	runtime_prvdata->pair.txbuf = 0;
++
++	/*
++	 * Update the private data structure pointer in the driver
++	 * no need to free the old structure. devm takes care of that
++	 */
++	*prvdata = runtime_prvdata;
++
++	printf("INFO: EFI: FFA: runtime prv data now at 0x%llx , SPs count %d\n",
++	       (u64)*prvdata, (*prvdata)->partitions.count);
++
++	return 0;
++}
+diff --git a/include/arm_ffa.h b/include/arm_ffa.h
+new file mode 100644
+index 0000000000..f17b100497
+--- /dev/null
++++ b/include/arm_ffa.h
+@@ -0,0 +1,127 @@
++/* SPDX-License-Identifier: GPL-2.0+ */
++/*
++ * (C) Copyright 2022 ARM Limited
++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
++ */
++
++#ifndef __ARM_FFA_H
++#define __ARM_FFA_H
++
++#include <linux/printk.h>
++
++/*
++ * This header is public. It can be used by clients to access
++ * data structures and definitions they need
++ */
++
++/*
++ * Macros for displaying logs
++ */
++
++#define ffa_info(fmt, ...)  pr_info("[FFA] " fmt "\n", ##__VA_ARGS__)
++#define ffa_err(fmt, ...)  pr_err("[FFA] " fmt "\n", ##__VA_ARGS__)
++
++/*
++ * struct ffa_partition_info - Partition information descriptor
++ * @id:	Partition ID
++ * @exec_ctxt:	Execution context count
++ * @properties:	Partition properties
++ *
++ * Data structure containing information about partitions instantiated in the system
++ * This structure is filled with the data queried by FFA_PARTITION_INFO_GET
++ */
++struct  __packed ffa_partition_info {
++	u16 id;
++	u16 exec_ctxt;
++/* partition supports receipt of direct requests */
++#define FFA_PARTITION_DIRECT_RECV	BIT(0)
++/* partition can send direct requests. */
++#define FFA_PARTITION_DIRECT_SEND	BIT(1)
++/* partition can send and receive indirect messages. */
++#define FFA_PARTITION_INDIRECT_MSG	BIT(2)
++	u32 properties;
++};
++
++/*
++ * struct ffa_send_direct_data - Data structure hosting the data
++ *                                       used by FFA_MSG_SEND_DIRECT_{REQ,RESP}
++ * @data0-4:	Data read/written from/to x3-x7 registers
++ *
++ * Data structure containing the data to be sent by FFA_MSG_SEND_DIRECT_REQ
++ * or read from FFA_MSG_SEND_DIRECT_RESP
++ */
++
++/* For use with FFA_MSG_SEND_DIRECT_{REQ,RESP} which pass data via registers */
++struct __packed ffa_send_direct_data {
++	unsigned long data0; /* w3/x3 */
++	unsigned long data1; /* w4/x4 */
++	unsigned long data2; /* w5/x5 */
++	unsigned long data3; /* w6/x6 */
++	unsigned long data4; /* w7/x7 */
++};
++
++#if CONFIG_IS_ENABLED(ARM_FFA_EFI_RUNTIME_MODE)
++
++#include <efi_loader.h>
++
++/*
++ *  __ffa_runtime - controls whether functions are
++ * available after calling the EFI ExitBootServices service.
++ * Functions tagged with these keywords are resident (available at boot time and
++ * at runtime)
++ */
++
++#define __ffa_runtime_data __efi_runtime_data
++#define __ffa_runtime __efi_runtime
++
++#else
++
++/*
++ *  The FF-A driver is independent from EFI
++ */
++
++#define __ffa_runtime_data
++#define __ffa_runtime
++
++#endif
++
++/**
++ * struct ffa_bus_ops - The driver operations structure
++ * @partition_info_get:	callback for the FFA_PARTITION_INFO_GET
++ * @sync_send_receive:	callback for the FFA_MSG_SEND_DIRECT_REQ
++ * @rxtx_unmap:	callback for the FFA_RXTX_UNMAP
++ *
++ * The data structure providing all the operations supported by the driver.
++ * This structure is EFI runtime resident.
++ */
++struct ffa_bus_ops {
++	int (*partition_info_get)(const char *uuid_str,
++				  u32 *parts_size, struct ffa_partition_info *buffer);
++	int (*sync_send_receive)(u16 dst_part_id, struct ffa_send_direct_data *msg);
++	int (*rxtx_unmap)(void);
++};
++
++/**
++ * The device driver and the Uclass driver public functions
++ */
++
++/**
++ * ffa_bus_ops_get - driver operations getter
++ */
++const struct ffa_bus_ops * __ffa_runtime ffa_bus_ops_get(void);
++
++/**
++ * ffa_bus_discover - discover FF-A bus and probes the arm_ffa device
++ */
++int ffa_bus_discover(void);
++
++#if CONFIG_IS_ENABLED(ARM_FFA_EFI_RUNTIME_MODE)
++
++/**
++ * ffa_copy_runtime_data - copy the private data structure and the SPs data to the runtime area
++ */
++efi_status_t ffa_copy_runtime_data(void);
++
++#endif
++
++#endif
+diff --git a/include/dm/uclass-id.h b/include/dm/uclass-id.h
+index 3ba69ad9a0..7324418245 100644
+--- a/include/dm/uclass-id.h
++++ b/include/dm/uclass-id.h
+@@ -55,6 +55,7 @@ enum uclass_id {
+ 	UCLASS_EFI_MEDIA,	/* Devices provided by UEFI firmware */
+ 	UCLASS_ETH,		/* Ethernet device */
+ 	UCLASS_ETH_PHY,		/* Ethernet PHY device */
++	UCLASS_FFA,		/* Arm Firmware Framework for Armv8-A */
+ 	UCLASS_FIRMWARE,	/* Firmware */
+ 	UCLASS_FS_FIRMWARE_LOADER,		/* Generic loader */
+ 	UCLASS_GPIO,		/* Bank of general-purpose I/O pins */
+diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c
+index 4da64b5d29..0ec002ac8b 100644
+--- a/lib/efi_loader/efi_boottime.c
++++ b/lib/efi_loader/efi_boottime.c
+@@ -23,6 +23,10 @@
+ #include <asm/setjmp.h>
+ #include <linux/libfdt_env.h>
+ 
++#if CONFIG_IS_ENABLED(ARM_FFA_TRANSPORT)
++#include <arm_ffa.h>
++#endif
++
+ DECLARE_GLOBAL_DATA_PTR;
+ 
+ /* Task priority level */
+@@ -2173,6 +2177,14 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle,
+ 		dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL);
+ 	}
+ 
++#if CONFIG_IS_ENABLED(ARM_FFA_TRANSPORT)
++		/* unmap FF-A RX/TX buffers */
++		if (ffa_bus_ops_get()->rxtx_unmap())
++			debug("[efi_boottime][ERROR]: can not unmap FF-A RX/TX buffers\n");
++		else
++			debug("[efi_boottime][INFO]: FF-A RX/TX buffers unmapped\n");
++#endif
++
+ 	/* Patch out unsupported runtime function */
+ 	efi_runtime_detach();
+ 
+-- 
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-arm_ffa-introducing-test-module-for-UCLASS_FFA.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-arm_ffa-introducing-test-module-for-UCLASS_FFA.patch
deleted file mode 100644
index ae4bb02..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0009-arm_ffa-introducing-test-module-for-UCLASS_FFA.patch
+++ /dev/null
@@ -1,132 +0,0 @@
-From 6f998a5e94e2562b5876b88864876c8b03b88f5a Mon Sep 17 00:00:00 2001
-From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-Date: Tue, 16 Nov 2021 12:38:48 +0000
-Subject: [PATCH 09/24] arm_ffa: introducing test module for UCLASS_FFA
-
-This is the test module for the UCLASS_FFA class.
-
-Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- MAINTAINERS      |  1 +
- test/dm/Makefile |  1 +
- test/dm/ffa.c    | 56 ++++++++++++++++++++++++++++++++++++++++++++++++
- test/dm/ffa.h    | 19 ++++++++++++++++
- 4 files changed, 77 insertions(+)
- create mode 100644 test/dm/ffa.c
- create mode 100644 test/dm/ffa.h
-
-diff --git a/MAINTAINERS b/MAINTAINERS
-index 32fc267fcf13..8209dc9319f1 100644
---- a/MAINTAINERS
-+++ b/MAINTAINERS
-@@ -252,6 +252,7 @@ F:	drivers/arm-ffa/
- F:	include/arm_ffa.h
- F:	include/arm_ffa_helper.h
- F:	lib/arm-ffa/
-+F:	test/dm/ffa.c
- 
- ARM FREESCALE IMX
- M:	Stefano Babic <sbabic@denx.de>
-diff --git a/test/dm/Makefile b/test/dm/Makefile
-index f0a7c97e3d17..09a3403d2f53 100644
---- a/test/dm/Makefile
-+++ b/test/dm/Makefile
-@@ -79,6 +79,7 @@ obj-$(CONFIG_POWER_DOMAIN) += power-domain.o
- obj-$(CONFIG_ACPI_PMC) += pmc.o
- obj-$(CONFIG_DM_PMIC) += pmic.o
- obj-$(CONFIG_DM_PWM) += pwm.o
-+obj-$(CONFIG_ARM_FFA_TRANSPORT) += ffa.o
- obj-$(CONFIG_QFW) += qfw.o
- obj-$(CONFIG_RAM) += ram.o
- obj-y += regmap.o
-diff --git a/test/dm/ffa.c b/test/dm/ffa.c
-new file mode 100644
-index 000000000000..b937cea57b80
---- /dev/null
-+++ b/test/dm/ffa.c
-@@ -0,0 +1,56 @@
-+// SPDX-License-Identifier: GPL-2.0+
-+/*
-+ * Test for UCLASS_FFA  class
-+ *
-+ * (C) Copyright 2021 ARM Limited
-+ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-+ */
-+
-+#include <common.h>
-+#include <dm.h>
-+#include <dm/test.h>
-+#include <test/test.h>
-+#include <test/ut.h>
-+#include <arm_ffa_helper.h>
-+#include "ffa.h"
-+
-+/* Basic test of 'armffa' command */
-+static int dm_test_armffa_cmd(struct unit_test_state *uts)
-+{
-+	ut_assertok(ffa_helper_init_device());
-+
-+	ut_assertok(console_record_reset_enable());
-+
-+	/* armffa getpart <UUID> */
-+	ut_assertok(run_command("armffa getpart " SE_PROXY_PARTITION_UUID, 0));
-+	ut_assert_console_end();
-+
-+	/* armffa ping <ID> */
-+	ut_assertok(run_command("armffa ping " SE_PROXY_PARTITION_ID, 0));
-+	ut_assert_console_end();
-+
-+	/* armffa devlist */
-+	ut_assertok(run_command("armffa devlist", 0));
-+	ut_assert_console_end();
-+
-+	return 0;
-+}
-+
-+DM_TEST(dm_test_armffa_cmd, UT_TESTF_SCAN_PDATA | UT_TESTF_SCAN_FDT | UT_TESTF_CONSOLE_REC);
-+
-+static int  test_ffa_msg_send_direct_req(void)
-+{
-+	char *const argv[1] = {SE_PROXY_PARTITION_ID}; /* Corstone1000 SE Proxy ID */
-+
-+	return do_ffa_msg_send_direct_req(NULL, 0, 1, argv);
-+}
-+
-+/* Basic test of the FFA uclass */
-+static int dm_test_ffa_uclass(struct unit_test_state *uts)
-+{
-+	ut_assertok(ffa_init_device());
-+	ut_assertok(test_ffa_msg_send_direct_req());
-+	return 0;
-+}
-+
-+DM_TEST(dm_test_ffa_uclass, UT_TESTF_SCAN_PDATA | UT_TESTF_SCAN_FDT);
-diff --git a/test/dm/ffa.h b/test/dm/ffa.h
-new file mode 100644
-index 000000000000..a0802bd6928a
---- /dev/null
-+++ b/test/dm/ffa.h
-@@ -0,0 +1,19 @@
-+/* SPDX-License-Identifier: GPL-2.0+ */
-+/*
-+ * (C) Copyright 2021 ARM Limited
-+ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-+ */
-+
-+#ifndef __TEST_DM_FFA_H
-+#define __TEST_DM_FFA_H
-+
-+#define SE_PROXY_PARTITION_ID "0x8002"
-+#define SE_PROXY_PARTITION_UUID "46bb39d1-b4d9-45b5-88ff-040027dab249"
-+
-+/**
-+ * do_ffa_msg_send_direct_req - implementation of the ping subcommand
-+ */
-+int  do_ffa_msg_send_direct_req(struct cmd_tbl *cmdtp, int flag, int argc,
-+				char *const argv[]);
-+
-+#endif /*__TEST_DM_FFA_H */
--- 
-2.37.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0007-arm_ffa-introducing-armffa-command.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0010-arm_ffa-introduce-armffa-command.patch
similarity index 72%
rename from meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0007-arm_ffa-introducing-armffa-command.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0010-arm_ffa-introduce-armffa-command.patch
index 582bc3e..f52f88d 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0007-arm_ffa-introducing-armffa-command.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0010-arm_ffa-introduce-armffa-command.patch
@@ -1,26 +1,48 @@
-From 58358f79d9f8abbdc8bcfc7d08bd0c7c4c90ec84 Mon Sep 17 00:00:00 2001
+From a09ed2542f4d991fef61bd51f87d373f44ad1ff3 Mon Sep 17 00:00:00 2001
 From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-Date: Tue, 16 Nov 2021 12:36:27 +0000
-Subject: [PATCH 07/24] arm_ffa: introducing armffa command
+Date: Mon, 6 Jun 2022 12:46:38 +0100
+Subject: [PATCH 10/26] arm_ffa: introduce armffa command
 
-A new armffa command is provided as an example of how to use
-the FF-A helper functions to communicate with secure world.
+Provide armffa command showcasing the use of the FF-A driver
 
 The armffa command allows to query secure partitions data from
 the secure world and exchanging messages with the partitions.
 
 Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/]
 ---
- MAINTAINERS  |   1 +
- cmd/Kconfig  |  10 ++
- cmd/Makefile |   2 +
- cmd/armffa.c | 266 +++++++++++++++++++++++++++++++++++++++++++++++++++
- 4 files changed, 279 insertions(+)
+
+Changelog:
+===============
+
+v4:
+
+* remove pattern data in do_ffa_msg_send_direct_req
+
+v3:
+
+* use the new driver interfaces (partition_info_get, sync_send_receive)
+  in armffa command
+
+v2:
+
+* replace use of ffa_helper_init_device function by
+ ffa_helper_bus_discover
+
+v1:
+
+* introduce armffa command
+
+ MAINTAINERS                      |   1 +
+ cmd/Kconfig                      |  10 ++
+ cmd/Makefile                     |   2 +
+ cmd/armffa.c                     | 242 +++++++++++++++++++++++++++++++
+ drivers/firmware/arm-ffa/Kconfig |   1 +
+ 5 files changed, 256 insertions(+)
  create mode 100644 cmd/armffa.c
 
 diff --git a/MAINTAINERS b/MAINTAINERS
-index d29d7e040764..32fc267fcf13 100644
+index e760b4ca3a..9f0a1b7387 100644
 --- a/MAINTAINERS
 +++ b/MAINTAINERS
 @@ -247,6 +247,7 @@ F:	include/configs/turris_*.h
@@ -28,11 +50,11 @@
  M:	Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
  S:	Maintained
 +F:	cmd/armffa.c
- F:	drivers/arm-ffa/
+ F:	doc/README.ffa.drv
+ F:	drivers/firmware/arm-ffa/
  F:	include/arm_ffa.h
- F:	include/arm_ffa_helper.h
 diff --git a/cmd/Kconfig b/cmd/Kconfig
-index ba2f321ae989..090e668125d5 100644
+index ba2f321ae9..090e668125 100644
 --- a/cmd/Kconfig
 +++ b/cmd/Kconfig
 @@ -873,6 +873,16 @@ endmenu
@@ -53,7 +75,7 @@
  	#depends on FLASH_CFI_DRIVER
  	bool "armflash"
 diff --git a/cmd/Makefile b/cmd/Makefile
-index 5e43a1e022e8..e40f52f1e416 100644
+index 5e43a1e022..e40f52f1e4 100644
 --- a/cmd/Makefile
 +++ b/cmd/Makefile
 @@ -12,6 +12,8 @@ obj-y += panic.o
@@ -67,17 +89,17 @@
  obj-$(CONFIG_CMD_AES) += aes.o
 diff --git a/cmd/armffa.c b/cmd/armffa.c
 new file mode 100644
-index 000000000000..71a6ebb656d1
+index 0000000000..9b56e8a830
 --- /dev/null
 +++ b/cmd/armffa.c
-@@ -0,0 +1,266 @@
+@@ -0,0 +1,242 @@
 +// SPDX-License-Identifier: GPL-2.0+
 +/*
-+ * (C) Copyright 2021 ARM Limited
++ * (C) Copyright 2022 ARM Limited
 + * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
 + */
 +
-+#include <arm_ffa_helper.h>
++#include <arm_ffa.h>
 +#include <asm/io.h>
 +#include <common.h>
 +#include <command.h>
@@ -93,7 +115,7 @@
 + * @argv:		arguments
 + *
 + * This function queries the secure partition information which the UUID is provided
-+ * as an argument. The function uses the arm_ffa driver helper function
++ * as an argument. The function uses the arm_ffa driver partition_info_get operation
 + * to retrieve the data.
 + * The input UUID string is expected to be in big endian format.
 + *
@@ -104,31 +126,17 @@
 +static int do_ffa_get_singular_partition_info(struct cmd_tbl *cmdtp, int flag, int argc,
 +					      char *const argv[])
 +{
-+	struct ffa_interface_data func_data = {0};
-+	u32 count = 0;
++	u32 count = 0, size = 0;
 +	int ret;
-+	union ffa_partition_uuid service_uuid = {0};
 +	struct ffa_partition_info *parts_info;
 +	u32 info_idx;
 +
 +	if (argc != 1)
 +		return -EINVAL;
 +
-+	if (ffa_uuid_str_to_bin(argv[0], (unsigned char *)&service_uuid)) {
-+		ffa_err("Invalid UUID");
-+		return -EINVAL;
-+	}
-+
-+	/*
-+	 * get from the driver the count of the SPs matching the UUID
-+	 */
-+	func_data.data0_size = sizeof(service_uuid);
-+	func_data.data0 = &service_uuid;
-+	func_data.data1_size = sizeof(count);
-+	func_data.data1 = &count;
-+
-+	ret = ffa_helper_get_partitions_info(&func_data);
-+	if (ret != FFA_ERR_STAT_SUCCESS) {
++	/* Mode 1: getting the number of secure partitions */
++	ret = ffa_bus_ops_get()->partition_info_get(argv[0], &count, NULL);
++	if (ret != 0) {
 +		ffa_err("Failure in querying partitions count (error code: %d)", ret);
 +		return ret;
 +	}
@@ -140,23 +148,23 @@
 +
 +	/*
 +	 * pre-allocate a buffer to be filled by the driver
-+	 * with	 ffa_partition_info structs
++	 * with ffa_partition_info structs
 +	 */
 +
++	ffa_info("Pre-allocating %d partition(s) info structures", count);
++
 +	parts_info = calloc(count, sizeof(struct ffa_partition_info));
 +	if (!parts_info)
 +		return -EINVAL;
 +
-+	ffa_info("Pre-allocating %d partition(s) info structures", count);
-+
-+	func_data.data1_size = count * sizeof(struct ffa_partition_info);
-+	func_data.data1 = parts_info;
++	size = count * sizeof(struct ffa_partition_info);
 +
 +	/*
 +	 * ask the driver to fill the buffer with the SPs info
 +	 */
-+	ret = ffa_helper_get_partitions_info(&func_data);
-+	if (ret != FFA_ERR_STAT_SUCCESS) {
++
++	ret = ffa_bus_ops_get()->partition_info_get(argv[0], &size, parts_info);
++	if (ret != 0) {
 +		ffa_err("Failure in querying partition(s) info (error code: %d)", ret);
 +		free(parts_info);
 +		return ret;
@@ -185,7 +193,7 @@
 + * @argv:		arguments
 + *
 + * This function sends data to the secure partition which the ID is provided
-+ * as an argument. The function uses the arm_ffa driver helper function
++ * as an argument. The function uses the arm_ffa driver sync_send_receive operation
 + * to send data.
 + *
 + * Return:
@@ -195,9 +203,13 @@
 +int  do_ffa_msg_send_direct_req(struct cmd_tbl *cmdtp, int flag, int argc,
 +				char *const argv[])
 +{
-+	struct ffa_interface_data func_data = {0};
-+	struct ffa_send_direct_data msg = {0};
-+	u32 pattern = 0xaabbccd0;
++	struct ffa_send_direct_data msg = {
++			.data0 = 0xaaaaaaaa,
++			.data1 = 0xbbbbbbbb,
++			.data2 = 0xcccccccc,
++			.data3 = 0xdddddddd,
++			.data4 = 0xeeeeeeee,
++	};
 +	u16 part_id;
 +	int ret;
 +
@@ -212,32 +224,15 @@
 +		return -EINVAL;
 +	}
 +
-+	/*
-+	 * telling the driver which partition to use
-+	 */
-+	func_data.data0_size = sizeof(part_id);
-+	func_data.data0 = &part_id;
-+
-+	/*
-+	 * filling the message data
-+	 */
-+	msg.a3 = ++pattern;
-+	msg.a4 = ++pattern;
-+	msg.a5 = ++pattern;
-+	msg.a6 = ++pattern;
-+	msg.a7 = ++pattern;
-+	func_data.data1_size = sizeof(msg);
-+	func_data.data1 = &msg;
-+
-+	ret = ffa_helper_msg_send_direct_req(&func_data);
-+	if (ret == FFA_ERR_STAT_SUCCESS) {
++	ret = ffa_bus_ops_get()->sync_send_receive(part_id, &msg);
++	if (ret == 0) {
 +		u8 cnt;
 +
 +		ffa_info("SP response:\n[LSB]");
 +		for (cnt = 0;
-+		     cnt < sizeof(struct ffa_send_direct_data) / sizeof(u32);
++		     cnt < sizeof(struct ffa_send_direct_data) / sizeof(u64);
 +		     cnt++)
-+			ffa_info("0x%x", ((u32 *)&msg)[cnt]);
++			ffa_info("0x%llx", ((u64 *)&msg)[cnt]);
 +	} else {
 +		ffa_err("Sending direct request error (%d)", ret);
 +	}
@@ -320,10 +315,13 @@
 +	if (!armffa_cmd || argc > armffa_cmd->maxargs)
 +		return CMD_RET_USAGE;
 +
-+	ret = ffa_helper_init_device();
-+	if (ret != FFA_ERR_STAT_SUCCESS)
++	ret = ffa_bus_discover();
++	if (ret != 0)
 +		return cmd_process_error(cmdtp, ret);
 +
++	if (!ffa_bus_ops_get())
++		return -EINVAL;
++
 +	ret = armffa_cmd->cmd(armffa_cmd, flag, argc, argv);
 +
 +	return cmd_process_error(armffa_cmd, ret);
@@ -337,6 +335,18 @@
 +	   "	 - sends a data pattern to the specified partition\n"
 +	   "devlist\n"
 +	   "	 - displays the arm_ffa device info\n");
+diff --git a/drivers/firmware/arm-ffa/Kconfig b/drivers/firmware/arm-ffa/Kconfig
+index aceb61cf49..40b467b0a5 100644
+--- a/drivers/firmware/arm-ffa/Kconfig
++++ b/drivers/firmware/arm-ffa/Kconfig
+@@ -4,6 +4,7 @@ config ARM_FFA_TRANSPORT
+ 	bool "Enable Arm Firmware Framework for Armv8-A driver"
+ 	depends on DM && ARM64
+ 	select ARM_SMCCC
++	select CMD_ARMFFA
+ 	select LIB_UUID
+ 	select DEVRES
+ 	help
 -- 
-2.37.1
+2.17.1
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0011-arm_ffa-introduce-the-FF-A-Sandbox-driver.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0011-arm_ffa-introduce-the-FF-A-Sandbox-driver.patch
new file mode 100644
index 0000000..739f781
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0011-arm_ffa-introduce-the-FF-A-Sandbox-driver.patch
@@ -0,0 +1,1185 @@
+From 553b57e39808ef04bc6aa54e0324f92b0175e476 Mon Sep 17 00:00:00 2001
+From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Date: Mon, 6 Jun 2022 12:55:08 +0100
+Subject: [PATCH 11/26] arm_ffa: introduce the FF-A Sandbox driver
+
+Provide a Sandbox driver to emulate the FF-A ABIs
+
+The emulated ABIs are those supported by the FF-A core driver
+and according to FF-A specification v1.0.
+
+The Sandbox driver provides operations allowing the test
+application to read the status of all the inspected ABIs
+and perform functional tests based on that.
+
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/]
+---
+
+Changelog:
+===============
+
+v4: align sandbox driver with the new FF-A driver interfaces
+ and new way of error handling
+
+v1: introduce the sandbox driver
+
+ MAINTAINERS                                   |   1 +
+ common/board_r.c                              |   2 +-
+ configs/sandbox64_defconfig                   |   2 +
+ configs/sandbox_defconfig                     |   2 +
+ doc/arch/sandbox.rst                          |   1 +
+ drivers/firmware/arm-ffa/Kconfig              |  10 +-
+ drivers/firmware/arm-ffa/Makefile             |   1 +
+ drivers/firmware/arm-ffa/arm_ffa_prv.h        |  15 +-
+ drivers/firmware/arm-ffa/core.c               |  24 +-
+ drivers/firmware/arm-ffa/sandbox.c            | 659 ++++++++++++++++++
+ .../firmware/arm-ffa/sandbox_arm_ffa_prv.h    | 144 ++++
+ include/arm_ffa.h                             |   2 +-
+ include/sandbox_arm_ffa.h                     |  91 +++
+ lib/efi_loader/efi_boottime.c                 |   2 +-
+ 14 files changed, 941 insertions(+), 15 deletions(-)
+ create mode 100644 drivers/firmware/arm-ffa/sandbox.c
+ create mode 100644 drivers/firmware/arm-ffa/sandbox_arm_ffa_prv.h
+ create mode 100644 include/sandbox_arm_ffa.h
+
+diff --git a/MAINTAINERS b/MAINTAINERS
+index 9f0a1b7387..96157db6b6 100644
+--- a/MAINTAINERS
++++ b/MAINTAINERS
+@@ -251,6 +251,7 @@ F:	cmd/armffa.c
+ F:	doc/README.ffa.drv
+ F:	drivers/firmware/arm-ffa/
+ F:	include/arm_ffa.h
++F:	include/sandbox_arm_ffa.h
+ 
+ ARM FREESCALE IMX
+ M:	Stefano Babic <sbabic@denx.de>
+diff --git a/common/board_r.c b/common/board_r.c
+index c75634286b..f838cd5958 100644
+--- a/common/board_r.c
++++ b/common/board_r.c
+@@ -783,7 +783,7 @@ static init_fnc_t init_sequence_r[] = {
+ 	INIT_FUNC_WATCHDOG_RESET
+ 	initr_net,
+ #endif
+-#ifdef CONFIG_ARM_FFA_TRANSPORT
++#if defined(CONFIG_ARM_FFA_TRANSPORT) && !defined(CONFIG_SANDBOX_FFA)
+ 	ffa_bus_discover,
+ #endif
+ #ifdef CONFIG_POST
+diff --git a/configs/sandbox64_defconfig b/configs/sandbox64_defconfig
+index d7f22b39ae..78bc5aaa96 100644
+--- a/configs/sandbox64_defconfig
++++ b/configs/sandbox64_defconfig
+@@ -250,3 +250,5 @@ CONFIG_TEST_FDTDEC=y
+ CONFIG_UNIT_TEST=y
+ CONFIG_UT_TIME=y
+ CONFIG_UT_DM=y
++CONFIG_ARM_FFA_TRANSPORT=y
++CONFIG_SANDBOX_FFA=y
+\ No newline at end of file
+diff --git a/configs/sandbox_defconfig b/configs/sandbox_defconfig
+index c509a924e6..8942aa7157 100644
+--- a/configs/sandbox_defconfig
++++ b/configs/sandbox_defconfig
+@@ -327,3 +327,5 @@ CONFIG_TEST_FDTDEC=y
+ CONFIG_UNIT_TEST=y
+ CONFIG_UT_TIME=y
+ CONFIG_UT_DM=y
++CONFIG_ARM_FFA_TRANSPORT=y
++CONFIG_SANDBOX_FFA=y
+\ No newline at end of file
+diff --git a/doc/arch/sandbox.rst b/doc/arch/sandbox.rst
+index 068d4a3be4..5d7e1b2c48 100644
+--- a/doc/arch/sandbox.rst
++++ b/doc/arch/sandbox.rst
+@@ -203,6 +203,7 @@ Supported Drivers
+ 
+ U-Boot sandbox supports these emulations:
+ 
++- Arm FF-A
+ - Block devices
+ - Chrome OS EC
+ - GPIO
+diff --git a/drivers/firmware/arm-ffa/Kconfig b/drivers/firmware/arm-ffa/Kconfig
+index 40b467b0a5..263481de96 100644
+--- a/drivers/firmware/arm-ffa/Kconfig
++++ b/drivers/firmware/arm-ffa/Kconfig
+@@ -2,8 +2,8 @@
+ 
+ config ARM_FFA_TRANSPORT
+ 	bool "Enable Arm Firmware Framework for Armv8-A driver"
+-	depends on DM && ARM64
+-	select ARM_SMCCC
++	depends on DM && (ARM64 || SANDBOX)
++	select ARM_SMCCC if !SANDBOX
+ 	select CMD_ARMFFA
+ 	select LIB_UUID
+ 	select DEVRES
+@@ -38,3 +38,9 @@ config ARM_FFA_EFI_RUNTIME_MODE
+ 	  The driver Code needed at runtime is placed at EFI runtime code section.
+ 	  Turning this on makes ffa_copy_runtime_data available for use and the driver
+ 	  code placed at EFI runtime code section.
++
++config SANDBOX_FFA
++	bool "FF-A Sandbox driver"
++	depends on ARM_FFA_TRANSPORT && SANDBOX
++	help
++	  This emulates the FF-A handling under Sandbox and allows to test the FF-A driver
+diff --git a/drivers/firmware/arm-ffa/Makefile b/drivers/firmware/arm-ffa/Makefile
+index 0b9b0a61b4..d50060b836 100644
+--- a/drivers/firmware/arm-ffa/Makefile
++++ b/drivers/firmware/arm-ffa/Makefile
+@@ -5,3 +5,4 @@
+ 
+ obj-y += arm-ffa-uclass.o core.o
+ obj-$(CONFIG_ARM_FFA_EFI_RUNTIME_MODE) += efi_ffa_runtime_data_mgr.o
++obj-$(CONFIG_SANDBOX_FFA) += sandbox.o
+diff --git a/drivers/firmware/arm-ffa/arm_ffa_prv.h b/drivers/firmware/arm-ffa/arm_ffa_prv.h
+index 7bc90f7f66..3e0d4c112c 100644
+--- a/drivers/firmware/arm-ffa/arm_ffa_prv.h
++++ b/drivers/firmware/arm-ffa/arm_ffa_prv.h
+@@ -19,6 +19,16 @@
+ /* FF-A core driver name */
+ #define FFA_DRV_NAME "arm_ffa"
+ 
++/* The FF-A SMC function definitions */
++
++#if CONFIG_IS_ENABLED(SANDBOX_FFA)
++#include "sandbox_arm_ffa.h"
++#else
++typedef struct arm_smccc_1_2_regs ffa_value_t;
++#endif
++
++typedef void (*invoke_ffa_fn_t)(ffa_value_t args, ffa_value_t *res);
++
+ /* FF-A driver version definitions */
+ 
+ #define MAJOR_VERSION_MASK		GENMASK(30, 16)
+@@ -94,11 +104,6 @@ struct ffa_abi_errmap {
+ #define FFA_ERRMAP_COUNT (FFA_LAST_ID - FFA_FIRST_ID + 1)
+ #define FFA_ID_TO_ERRMAP_ID(ffa_id) ((ffa_id) - FFA_FIRST_ID)
+ 
+-/* The FF-A SMC function definitions */
+-
+-typedef struct arm_smccc_1_2_regs ffa_value_t;
+-typedef void (*invoke_ffa_fn_t)(ffa_value_t args, ffa_value_t *res);
+-
+ /*
+  * struct ffa_partition_uuid - 16 bytes UUID transmitted by FFA_PARTITION_INFO_GET
+  * @a1-4:	32-bit words access to the UUID data
+diff --git a/drivers/firmware/arm-ffa/core.c b/drivers/firmware/arm-ffa/core.c
+index 41c7b96e68..caba10caae 100644
+--- a/drivers/firmware/arm-ffa/core.c
++++ b/drivers/firmware/arm-ffa/core.c
+@@ -1101,6 +1101,7 @@ static int __ffa_runtime ffa_msg_send_direct_req(u16 dst_part_id, struct ffa_sen
+ 	return ffa_to_std_errno(ffa_errno);
+ }
+ 
++#if !CONFIG_IS_ENABLED(SANDBOX_FFA)
+ /**
+  * __arm_ffa_fn_smc - SMC wrapper
+  * @args: FF-A ABI arguments to be copied to Xn registers
+@@ -1114,6 +1115,7 @@ void __ffa_runtime __arm_ffa_fn_smc(ffa_value_t args, ffa_value_t *res)
+ {
+ 	arm_smccc_1_2_smc(&args, res);
+ }
++#endif
+ 
+ /**
+  * ffa_set_smc_conduit - Set the SMC conduit
+@@ -1127,7 +1129,12 @@ void __ffa_runtime __arm_ffa_fn_smc(ffa_value_t args, ffa_value_t *res)
+  */
+ static int ffa_set_smc_conduit(void)
+ {
+-	ffa_priv_data->invoke_ffa_fn = __arm_ffa_fn_smc;
++#if CONFIG_IS_ENABLED(SANDBOX_FFA)
++		ffa_priv_data->invoke_ffa_fn = sandbox_arm_ffa_smccc_smc;
++		ffa_info("Using SMC emulation");
++#else
++		ffa_priv_data->invoke_ffa_fn = __arm_ffa_fn_smc;
++#endif
+ 
+ 	if (!ffa_priv_data->invoke_ffa_fn) {
+ 		ffa_err("failure to set the invoke function");
+@@ -1304,17 +1311,18 @@ struct ffa_prvdata **ffa_bus_prvdata_get(void)
+ }
+ 
+ /**
+- * ffa_bus_discover - discover FF-A bus and probe the arm_ffa device
++ * ffa_bus_discover - discover FF-A bus and probe arm_ffa and sandbox_arm_ffa devices
+  *
+  * This boot time function makes sure the FF-A bus is discoverable.
+- * Then, the arm_ffa device is probed and ready to use.
++ * Then, the arm_ffa and sandbox_arm_ffa devices are ready to use.
++ *
+  * This function is called automatically at initcalls
+  * level (after u-boot relocation).
+  *
+  * When the bus was already discovered successfully the discovery will not run again.
+  *
+  * Arm FF-A transport is implemented through arm_ffa u-boot device managing the FF-A
+- * communication.
++ * communication. In Sandbox mode sandbox_arm_ffa is used to test arm_ffa driver.
+  * All FF-A clients should use the arm_ffa device to use the FF-A transport.
+  *
+  * Return:
+@@ -1325,9 +1333,15 @@ int ffa_bus_discover(void)
+ {
+ 	int ret = 0;
+ 
+-	if (!ffa_priv_data)
++	if (!ffa_priv_data) {
+ 		ret = ffa_device_get();
+ 
++#if CONFIG_IS_ENABLED(SANDBOX_FFA)
++		if (ret == 0)
++			ret = sandbox_ffa_device_get();
++#endif
++	}
++
+ 	return ret;
+ }
+ 
+diff --git a/drivers/firmware/arm-ffa/sandbox.c b/drivers/firmware/arm-ffa/sandbox.c
+new file mode 100644
+index 0000000000..16e1fdc809
+--- /dev/null
++++ b/drivers/firmware/arm-ffa/sandbox.c
+@@ -0,0 +1,659 @@
++// SPDX-License-Identifier: GPL-2.0+
++/*
++ * (C) Copyright 2022 ARM Limited
++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
++ */
++
++#include "sandbox_arm_ffa_prv.h"
++#include <asm/global_data.h>
++#include <common.h>
++#include <dm.h>
++#include <dm/device-internal.h>
++#include <dm/root.h>
++#include <linux/errno.h>
++#include <linux/sizes.h>
++#include <mapmem.h>
++#include <string.h>
++
++DECLARE_GLOBAL_DATA_PTR;
++
++/**
++ * The device private data structure containing all the emulated secure world data
++ */
++static struct sandbox_ffa_prvdata  sandbox_ffa_priv_data = {0};
++
++/* The partitions (SPs) table */
++static struct ffa_partition_desc sandbox_partitions[SANDBOX_PARTITIONS_CNT] = {
++	{
++		.info = { .id = SANDBOX_SP1_ID, .exec_ctxt = 0x5687, .properties = 0x89325621 },
++		.sp_uuid = {
++			.a1 = SANDBOX_SERVICE1_UUID_A1,
++			.a2 = SANDBOX_SERVICE1_UUID_A2,
++			.a3 = SANDBOX_SERVICE1_UUID_A3,
++			.a4 = SANDBOX_SERVICE1_UUID_A4,
++		}
++	},
++	{
++		.info = { .id = SANDBOX_SP2_ID, .exec_ctxt = 0x9587, .properties = 0x45325621 },
++		.sp_uuid = {
++			.a1 = SANDBOX_SERVICE2_UUID_A1,
++			.a2 = SANDBOX_SERVICE2_UUID_A2,
++			.a3 = SANDBOX_SERVICE2_UUID_A3,
++			.a4 = SANDBOX_SERVICE2_UUID_A4,
++		}
++	},
++	{
++		.info = { .id = SANDBOX_SP3_ID, .exec_ctxt = 0x7687, .properties = 0x23325621 },
++		.sp_uuid = {
++			.a1 = SANDBOX_SERVICE1_UUID_A1,
++			.a2 = SANDBOX_SERVICE1_UUID_A2,
++			.a3 = SANDBOX_SERVICE1_UUID_A3,
++			.a4 = SANDBOX_SERVICE1_UUID_A4,
++		}
++	},
++	{
++		.info = { .id = SANDBOX_SP4_ID, .exec_ctxt = 0x1487, .properties = 0x70325621 },
++		.sp_uuid = {
++			.a1 = SANDBOX_SERVICE2_UUID_A1,
++			.a2 = SANDBOX_SERVICE2_UUID_A2,
++			.a3 = SANDBOX_SERVICE2_UUID_A3,
++			.a4 = SANDBOX_SERVICE2_UUID_A4,
++		}
++	}
++
++};
++
++/*
++ * Driver functions
++ */
++
++/**
++ * sandbox_ffa_get_device - probes the sandbox_arm_ffa device
++ *
++ * This function makes sure the sandbox_arm_ffa device is probed
++ * This function makes sure the sandbox_arm_ffa device is
++ * created, bound to this driver, probed and ready to use.
++ *
++ * sandbox_arm_ffa depends on arm_ffa device. This dependency is
++ * handled by ffa_bus_discover function. arm_ffa is probed first then
++ * sandbox_arm_ffa.
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++int sandbox_ffa_device_get(void)
++{
++	int ret;
++
++	if (sandbox_ffa_priv_data.dev)
++		return 0;
++
++	ret = device_bind(dm_root(),
++			  DM_DRIVER_GET(sandbox_arm_ffa),
++			  FFA_SANDBOX_DRV_NAME,
++			  NULL,
++			  ofnode_null(),
++			  &sandbox_ffa_priv_data.dev);
++	if (ret) {
++		sandbox_ffa_priv_data.dev = NULL;
++		return ret;
++	}
++
++	ret = device_probe(sandbox_ffa_priv_data.dev);
++	if (ret) {
++		ffa_err("[Sandbox] can not probe  the device");
++		device_unbind(sandbox_ffa_priv_data.dev);
++		sandbox_ffa_priv_data.dev = NULL;
++		return ret;
++	}
++
++	return 0;
++}
++
++/**
++ * sandbox_ffa_version - Emulated FFA_VERSION handler function
++ * @{a0-a7} , res: The SMC call arguments and return structure.
++ *
++ * This is the function that emulates FFA_VERSION FF-A function.
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++SANDBOX_SMC_FFA_ABI(ffa_version)
++{
++	sandbox_ffa_priv_data.fwk_version = FFA_VERSION_1_0;
++	res->a0 = sandbox_ffa_priv_data.fwk_version;
++
++	/* x1-x7 MBZ */
++	memset(FFA_X1X7_MBZ_REG_START, 0, FFA_X1X7_MBZ_CNT * sizeof(unsigned long));
++
++	return 0;
++}
++
++/**
++ * sandbox_ffa_id_get - Emulated FFA_ID_GET handler function
++ * @{a0-a7} , res: The SMC call arguments and return structure.
++ *
++ * This is the function that emulates FFA_ID_GET FF-A function.
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++SANDBOX_SMC_FFA_ABI(ffa_id_get)
++{
++	res->a0 = FFA_SMC_32(FFA_SUCCESS);
++	res->a1 = 0;
++
++	sandbox_ffa_priv_data.id = NS_PHYS_ENDPOINT_ID;
++	res->a2 = sandbox_ffa_priv_data.id;
++
++	/* x3-x7 MBZ */
++	memset(FFA_X3_MBZ_REG_START, 0, FFA_X3X7_MBZ_CNT * sizeof(unsigned long));
++
++	return 0;
++}
++
++/**
++ * sandbox_ffa_features - Emulated FFA_FEATURES handler function
++ * @{a0-a7} , res: The SMC call arguments and return structure.
++ *
++ * This is the function that emulates FFA_FEATURES FF-A function.
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++SANDBOX_SMC_FFA_ABI(ffa_features)
++{
++	if (pargs->a1 == FFA_SMC_64(FFA_RXTX_MAP)) {
++		res->a0 = FFA_SMC_32(FFA_SUCCESS);
++		res->a2 = RXTX_BUFFERS_MIN_SIZE;
++		res->a3 = 0;
++		/* x4-x7 MBZ */
++		memset(FFA_X4X7_MBZ_REG_START,
++		       0, FFA_X4X7_MBZ_CNT * sizeof(unsigned long));
++	} else {
++		res->a0 = FFA_SMC_32(FFA_ERROR);
++		res->a2 = FFA_ERR_STAT_NOT_SUPPORTED;
++		/* x3-x7 MBZ */
++		memset(FFA_X3_MBZ_REG_START,
++		       0, FFA_X3X7_MBZ_CNT * sizeof(unsigned long));
++		ffa_err("[Sandbox] FF-A interface 0x%lx not implemented", pargs->a1);
++	}
++
++	res->a1 = 0;
++
++	return 0;
++}
++
++/**
++ * sandbox_ffa_partition_info_get - Emulated FFA_PARTITION_INFO_GET handler function
++ * @{a0-a7} , res: The SMC call arguments and return structure.
++ *
++ * This is the function that emulates FFA_PARTITION_INFO_GET FF-A function.
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++SANDBOX_SMC_FFA_ABI(ffa_partition_info_get)
++{
++	struct ffa_partition_info *rxbuf_desc_info = NULL;
++	u32 descs_cnt;
++	u32 descs_size_bytes;
++
++	res->a0 = FFA_SMC_32(FFA_ERROR);
++
++	if (!sandbox_ffa_priv_data.pair.rxbuf) {
++		res->a2 = FFA_ERR_STAT_DENIED;
++		goto cleanup;
++	}
++
++	if (sandbox_ffa_priv_data.pair_info.rxbuf_owned) {
++		res->a2 = FFA_ERR_STAT_BUSY;
++		goto cleanup;
++	}
++
++	if (!sandbox_ffa_priv_data.partitions.descs) {
++		sandbox_ffa_priv_data.partitions.descs = sandbox_partitions;
++		sandbox_ffa_priv_data.partitions.count = SANDBOX_PARTITIONS_CNT;
++	}
++
++	descs_size_bytes = SANDBOX_PARTITIONS_CNT * sizeof(struct ffa_partition_desc);
++
++	/* Abort if the RX buffer size is smaller than the descriptors buffer size */
++	if ((sandbox_ffa_priv_data.pair_info.rxtx_buf_size * SZ_4K) < descs_size_bytes) {
++		res->a2 = FFA_ERR_STAT_NO_MEMORY;
++		goto cleanup;
++	}
++
++	rxbuf_desc_info = (struct ffa_partition_info *)sandbox_ffa_priv_data.pair.rxbuf;
++
++	/* No UUID specified. Return the information of all partitions */
++	if (!pargs->a1 && !pargs->a2 && !pargs->a3 && !pargs->a4) {
++		for (descs_cnt = 0 ; descs_cnt < SANDBOX_PARTITIONS_CNT ; descs_cnt++)
++			*(rxbuf_desc_info++) =
++				sandbox_ffa_priv_data.partitions.descs[descs_cnt].info;
++
++		res->a0 = FFA_SMC_32(FFA_SUCCESS);
++		res->a2 = SANDBOX_PARTITIONS_CNT;
++		/* transfer ownership to the consumer: the non secure world */
++		sandbox_ffa_priv_data.pair_info.rxbuf_owned = 1;
++
++		goto cleanup;
++	}
++
++	/*
++	 * A UUID is specified. Return the information of all partitions matching
++	 * the UUID
++	 */
++
++	for (descs_cnt = 0 ; descs_cnt < SANDBOX_PARTITIONS_CNT ; descs_cnt++)
++		if (pargs->a1 == sandbox_ffa_priv_data.partitions.descs[descs_cnt].sp_uuid.a1 &&
++		    pargs->a2 == sandbox_ffa_priv_data.partitions.descs[descs_cnt].sp_uuid.a2 &&
++		    pargs->a3 == sandbox_ffa_priv_data.partitions.descs[descs_cnt].sp_uuid.a3 &&
++		    pargs->a4 == sandbox_ffa_priv_data.partitions.descs[descs_cnt].sp_uuid.a4) {
++			*(rxbuf_desc_info++) =
++				sandbox_ffa_priv_data.partitions.descs[descs_cnt].info;
++		}
++
++	if (rxbuf_desc_info != ((struct ffa_partition_info *)sandbox_ffa_priv_data.pair.rxbuf)) {
++		res->a0 = FFA_SMC_32(FFA_SUCCESS);
++		/* store the partitions count */
++		res->a2 = (unsigned long)
++			(rxbuf_desc_info - (struct ffa_partition_info *)
++			 sandbox_ffa_priv_data.pair.rxbuf);
++
++		/* transfer ownership to the consumer: the non secure world */
++		sandbox_ffa_priv_data.pair_info.rxbuf_owned = 1;
++	} else {
++		/* Unrecognized UUID */
++		res->a2 = FFA_ERR_STAT_INVALID_PARAMETERS;
++	}
++
++cleanup:
++
++	ffa_err("[Sandbox] FFA_PARTITION_INFO_GET (%ld)", res->a2);
++
++	res->a1 = 0;
++
++	/* x3-x7 MBZ */
++	memset(FFA_X3_MBZ_REG_START, 0, FFA_X3X7_MBZ_CNT * sizeof(unsigned long));
++
++	return 0;
++}
++
++/**
++ * sandbox_ffa_rxtx_map - Emulated FFA_RXTX_MAP handler function
++ * @{a0-a7} , res: The SMC call arguments and return structure.
++ *
++ * This is the function that emulates FFA_RXTX_MAP FF-A function.
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++SANDBOX_SMC_FFA_ABI(ffa_rxtx_map)
++{
++	res->a0 = FFA_SMC_32(FFA_ERROR);
++
++	if (sandbox_ffa_priv_data.pair.txbuf && sandbox_ffa_priv_data.pair.rxbuf) {
++		res->a2 = FFA_ERR_STAT_DENIED;
++		goto feedback;
++	}
++
++	if (pargs->a3 >= RXTX_BUFFERS_MIN_PAGES && pargs->a1 && pargs->a2) {
++		sandbox_ffa_priv_data.pair.txbuf = pargs->a1;
++		sandbox_ffa_priv_data.pair.rxbuf = pargs->a2;
++		sandbox_ffa_priv_data.pair_info.rxtx_buf_size = pargs->a3;
++		sandbox_ffa_priv_data.pair_info.rxbuf_mapped = 1;
++		res->a0 = FFA_SMC_32(FFA_SUCCESS);
++		res->a2 = 0;
++		goto feedback;
++	}
++
++	if (!pargs->a1 || !pargs->a2)
++		res->a2 = FFA_ERR_STAT_INVALID_PARAMETERS;
++	else
++		res->a2 = FFA_ERR_STAT_NO_MEMORY;
++
++	ffa_err("[Sandbox] error in FFA_RXTX_MAP arguments (%d)", (int)res->a2);
++
++feedback:
++
++	res->a1 = 0;
++
++	/* x3-x7 MBZ */
++	memset(FFA_X3_MBZ_REG_START,
++	       0, FFA_X3X7_MBZ_CNT * sizeof(unsigned long));
++
++	return 0;
++}
++
++/**
++ * sandbox_ffa_rxtx_unmap - Emulated FFA_RXTX_UNMAP handler function
++ * @{a0-a7} , res: The SMC call arguments and return structure.
++ *
++ * This is the function that emulates FFA_RXTX_UNMAP FF-A function.
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++SANDBOX_SMC_FFA_ABI(ffa_rxtx_unmap)
++{
++	res->a0 = FFA_SMC_32(FFA_ERROR);
++	res->a2 = FFA_ERR_STAT_INVALID_PARAMETERS;
++
++	if (GET_NS_PHYS_ENDPOINT_ID(pargs->a1) != sandbox_ffa_priv_data.id)
++		goto feedback;
++
++	if (sandbox_ffa_priv_data.pair.txbuf && sandbox_ffa_priv_data.pair.rxbuf) {
++		sandbox_ffa_priv_data.pair.txbuf = 0;
++		sandbox_ffa_priv_data.pair.rxbuf = 0;
++		sandbox_ffa_priv_data.pair_info.rxtx_buf_size = 0;
++		sandbox_ffa_priv_data.pair_info.rxbuf_mapped = 0;
++		res->a0 = FFA_SMC_32(FFA_SUCCESS);
++		res->a2 = 0;
++		goto feedback;
++	}
++
++	ffa_err("[Sandbox] No buffer pair registered on behalf of the caller");
++
++feedback:
++
++	res->a1 = 0;
++
++	/* x3-x7 MBZ */
++	memset(FFA_X3_MBZ_REG_START,
++	       0, FFA_X3X7_MBZ_CNT * sizeof(unsigned long));
++
++	return 0;
++}
++
++/**
++ * sandbox_ffa_rx_release - Emulated FFA_RX_RELEASE handler function
++ * @{a0-a7} , res: The SMC call arguments and return structure.
++ *
++ * This is the function that emulates FFA_RX_RELEASE FF-A function.
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++SANDBOX_SMC_FFA_ABI(ffa_rx_release)
++{
++	if (!sandbox_ffa_priv_data.pair_info.rxbuf_owned) {
++		res->a0 = FFA_SMC_32(FFA_ERROR);
++		res->a2 = FFA_ERR_STAT_DENIED;
++	} else {
++		sandbox_ffa_priv_data.pair_info.rxbuf_owned = 0;
++		res->a0 = FFA_SMC_32(FFA_SUCCESS);
++		res->a2 = 0;
++	}
++
++	res->a1 = 0;
++
++	/* x3-x7 MBZ */
++	memset(FFA_X3_MBZ_REG_START,
++	       0, FFA_X3X7_MBZ_CNT * sizeof(unsigned long));
++
++	return 0;
++}
++
++/**
++ * sandbox_ffa_sp_valid - Checks SP validity
++ * @part_id: partition ID to check
++ *
++ * This is the function searches the input ID in the descriptors table.
++ *
++ * Return:
++ *
++ * 1 on success (Partition found). Otherwise, failure
++ */
++static int sandbox_ffa_sp_valid(u16 part_id)
++{
++	u32 descs_cnt;
++
++	for (descs_cnt = 0 ; descs_cnt < SANDBOX_PARTITIONS_CNT ; descs_cnt++)
++		if (sandbox_ffa_priv_data.partitions.descs[descs_cnt].info.id == part_id)
++			return 1;
++
++	return 0;
++}
++
++/**
++ * sandbox_ffa_msg_send_direct_req - Emulated FFA_MSG_SEND_DIRECT_{REQ,RESP} handler function
++ * @{a0-a7} , res: The SMC call arguments and return structure.
++ *
++ * This is the function that emulates FFA_MSG_SEND_DIRECT_{REQ,RESP}
++ * FF-A functions.
++ *
++ * Emulating interrupts is not supported. So, FFA_RUN and FFA_INTERRUPT are not supported.
++ * In case of success FFA_MSG_SEND_DIRECT_RESP is returned with default pattern data (0xff).
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++SANDBOX_SMC_FFA_ABI(ffa_msg_send_direct_req)
++{
++	u16 part_id;
++
++	part_id = GET_DST_SP_ID(pargs->a1);
++
++	if ((GET_NS_PHYS_ENDPOINT_ID(pargs->a1) != sandbox_ffa_priv_data.id) ||
++	    !sandbox_ffa_sp_valid(part_id) ||
++		pargs->a2) {
++		res->a0 = FFA_SMC_32(FFA_ERROR);
++		res->a1 = 0;
++		res->a2 = FFA_ERR_STAT_INVALID_PARAMETERS;
++
++		/* x3-x7 MBZ */
++		memset(FFA_X3_MBZ_REG_START,
++		       0, FFA_X3X7_MBZ_CNT * sizeof(unsigned long));
++
++		return 0;
++	}
++
++	res->a0 = FFA_SMC_64(FFA_MSG_SEND_DIRECT_RESP);
++
++	res->a1 = PREP_SRC_SP_ID(part_id) |
++		PREP_NS_PHYS_ENDPOINT_ID(sandbox_ffa_priv_data.id);
++
++	res->a2 = 0;
++
++	/*
++	 * return 0xff bytes as a response
++	 */
++	res->a3 = 0xffffffffffffffff;
++	res->a4 = 0xffffffffffffffff;
++	res->a5 = 0xffffffffffffffff;
++	res->a6 = 0xffffffffffffffff;
++	res->a7 = 0xffffffffffffffff;
++
++	return 0;
++}
++
++/**
++ * sandbox_ffa_get_prv_data - Returns the pointer to FF-A core pivate data
++ * @func_data:  Pointer to the FF-A function arguments container structure
++ *
++ * This is the handler that returns the address of the FF-A core pivate data.
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++static int sandbox_ffa_get_prv_data(struct ffa_sandbox_data *func_data)
++{
++	if (!func_data)
++		return -EINVAL;
++
++	if (!func_data->data0 || func_data->data0_size != sizeof(struct ffa_prvdata **))
++		return -EINVAL;
++
++	if (!func_data->data1 || func_data->data1_size != sizeof(struct sandbox_ffa_prvdata **))
++		return -EINVAL;
++
++	*((struct ffa_prvdata **)func_data->data0) = *(ffa_bus_prvdata_get());
++	*((struct sandbox_ffa_prvdata **)func_data->data1) = &sandbox_ffa_priv_data;
++
++	return 0;
++}
++
++/**
++ * sandbox_ffa_get_rxbuf_flags - Reading the mapping/ownership flags
++ * @queried_func_id:	The FF-A function to be queried
++ * @func_data:  Pointer to the FF-A function arguments container structure
++ *
++ * This is the handler that queries the status flags of the following emulated ABIs:
++ * FFA_RXTX_MAP, FFA_RXTX_UNMAP, FFA_RX_RELEASE
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++static int sandbox_ffa_get_rxbuf_flags(u32 queried_func_id, struct ffa_sandbox_data *func_data)
++{
++	if (!func_data)
++		return -EINVAL;
++
++	if (!func_data->data0 || func_data->data0_size != sizeof(u8))
++		return -EINVAL;
++
++	switch (queried_func_id) {
++	case FFA_RXTX_MAP:
++	case FFA_RXTX_UNMAP:
++		*((u8 *)func_data->data0) = sandbox_ffa_priv_data.pair_info.rxbuf_mapped;
++		return 0;
++	case FFA_RX_RELEASE:
++		*((u8 *)func_data->data0) = sandbox_ffa_priv_data.pair_info.rxbuf_owned;
++		return 0;
++	default:
++		ffa_err("[Sandbox] The querried  FF-A interface flag (%d) undefined",
++			queried_func_id);
++		return -EINVAL;
++	}
++}
++
++/**
++ * sandbox_ffa_query_core_state - The driver dispatcher function
++ * @queried_func_id:	The FF-A function to be queried
++ * @func_data:  Pointer to the FF-A function arguments container structure
++ *
++ * Queries the status of FF-A ABI specified in the input argument.
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++int sandbox_ffa_query_core_state(u32 queried_func_id, struct ffa_sandbox_data *func_data)
++{
++	switch (queried_func_id) {
++	case FFA_VERSION:
++	case FFA_ID_GET:
++	case FFA_FEATURES:
++		return sandbox_ffa_get_prv_data(func_data);
++	case FFA_RXTX_MAP:
++	case FFA_RXTX_UNMAP:
++	case FFA_RX_RELEASE:
++		return sandbox_ffa_get_rxbuf_flags(queried_func_id, func_data);
++	default:
++		ffa_err("[Sandbox] The querried  FF-A interface (%d) undefined", queried_func_id);
++		return -EINVAL;
++	}
++}
++
++/**
++ * sandbox_arm_ffa_smccc_smc - FF-A SMC call emulation
++ * @args:	the SMC call arguments
++ * @res:	the SMC call returned data
++ *
++ * Sandbox driver emulates the FF-A ABIs SMC call using this function.
++ * The emulated FF-A ABI is identified and invoked.
++ * FF-A emulation is based on the FF-A specification 1.0
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure.
++ * FF-A protocol error codes are returned using the registers arguments as described
++ * by the specification
++ */
++void sandbox_arm_ffa_smccc_smc(ffa_value_t args, ffa_value_t *res)
++{
++	int ret = 0;
++
++	switch (args.a0) {
++	case FFA_SMC_32(FFA_VERSION):
++		ret = sandbox_ffa_version(&args, res);
++		break;
++	case FFA_SMC_32(FFA_PARTITION_INFO_GET):
++		ret = sandbox_ffa_partition_info_get(&args, res);
++		break;
++	case FFA_SMC_32(FFA_RXTX_UNMAP):
++		ret = sandbox_ffa_rxtx_unmap(&args, res);
++		break;
++	case FFA_SMC_64(FFA_MSG_SEND_DIRECT_REQ):
++		ret = sandbox_ffa_msg_send_direct_req(&args, res);
++		break;
++	case FFA_SMC_32(FFA_ID_GET):
++		ret = sandbox_ffa_id_get(&args, res);
++		break;
++	case FFA_SMC_32(FFA_FEATURES):
++		ret = sandbox_ffa_features(&args, res);
++		break;
++	case FFA_SMC_64(FFA_RXTX_MAP):
++		ret = sandbox_ffa_rxtx_map(&args, res);
++		break;
++	case FFA_SMC_32(FFA_RX_RELEASE):
++		ret = sandbox_ffa_rx_release(&args, res);
++		break;
++	default:
++		ffa_err("[Sandbox] Undefined FF-A interface (0x%lx)", args.a0);
++	}
++
++	if (ret != 0)
++		ffa_err("[Sandbox] FF-A ABI internal failure  (%d)", ret);
++}
++
++/**
++ * sandbox_ffa_probe - The driver probe function
++ * @dev:	the sandbox_arm_ffa device
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++static int sandbox_ffa_probe(struct udevice *dev)
++{
++	return 0;
++}
++
++/**
++ * sandbox_ffa_remove - The driver remove function
++ * @dev:	the sandbox_arm_ffa device
++ *
++ * Return:
++ *
++ * 0 on success. Otherwise, failure
++ */
++static int sandbox_ffa_remove(struct udevice *dev)
++{
++	ffa_info("[Sandbox] removing the device");
++	memset(&sandbox_ffa_priv_data, 0, sizeof(sandbox_ffa_priv_data));
++	return 0;
++}
++
++/**
++ * Declaring the sandbox_arm_ffa driver under UCLASS_FFA
++ */
++U_BOOT_DRIVER(sandbox_arm_ffa) = {
++	.name		= FFA_SANDBOX_DRV_NAME,
++	.id		= UCLASS_FFA,
++	.probe		= sandbox_ffa_probe,
++	.remove		= sandbox_ffa_remove,
++};
+diff --git a/drivers/firmware/arm-ffa/sandbox_arm_ffa_prv.h b/drivers/firmware/arm-ffa/sandbox_arm_ffa_prv.h
+new file mode 100644
+index 0000000000..4db57f5092
+--- /dev/null
++++ b/drivers/firmware/arm-ffa/sandbox_arm_ffa_prv.h
+@@ -0,0 +1,144 @@
++/* SPDX-License-Identifier: GPL-2.0+ */
++/*
++ * (C) Copyright 2022 ARM Limited
++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
++ */
++
++#ifndef __SANDBOX_ARM_FFA_PRV_H
++#define __SANDBOX_ARM_FFA_PRV_H
++
++#include "arm_ffa_prv.h"
++#include <sandbox_arm_ffa.h>
++
++/*
++ * This header is private. It is exclusively used by the Sandbox FF-A driver
++ */
++
++/* FF-A core driver name */
++#define FFA_SANDBOX_DRV_NAME "sandbox_arm_ffa"
++
++/* FF-A ABIs internal error codes (as defined by the spec) */
++
++#define FFA_ERR_STAT_NOT_SUPPORTED	-1
++#define FFA_ERR_STAT_INVALID_PARAMETERS	-2
++#define FFA_ERR_STAT_NO_MEMORY	-3
++#define FFA_ERR_STAT_BUSY	-4
++#define FFA_ERR_STAT_DENIED	-6
++
++/* Providing Arm SMCCC declarations to sandbox */
++
++#define ARM_SMCCC_FAST_CALL		1UL
++#define ARM_SMCCC_OWNER_STANDARD	4
++#define ARM_SMCCC_SMC_32		0
++#define ARM_SMCCC_SMC_64		1
++#define ARM_SMCCC_TYPE_SHIFT		31
++#define ARM_SMCCC_CALL_CONV_SHIFT	30
++#define ARM_SMCCC_OWNER_MASK		0x3F
++#define ARM_SMCCC_OWNER_SHIFT		24
++#define ARM_SMCCC_FUNC_MASK		0xFFFF
++
++#define ARM_SMCCC_CALL_VAL(type, calling_convention, owner, func_num) \
++	(((type) << ARM_SMCCC_TYPE_SHIFT) | \
++	((calling_convention) << ARM_SMCCC_CALL_CONV_SHIFT) | \
++	(((owner) & ARM_SMCCC_OWNER_MASK) << ARM_SMCCC_OWNER_SHIFT) | \
++	((func_num) & ARM_SMCCC_FUNC_MASK))
++
++/* Non-secure physical FF-A instance */
++#define NS_PHYS_ENDPOINT_ID (0)
++
++#define GET_NS_PHYS_ENDPOINT_ID_MASK		GENMASK(31, 16)
++#define GET_NS_PHYS_ENDPOINT_ID(x)		\
++			((u16)(FIELD_GET(GET_NS_PHYS_ENDPOINT_ID_MASK, (x))))
++
++/* Helper macro for reading the destination partition ID */
++#define GET_DST_SP_ID_MASK		GENMASK(15, 0)
++#define GET_DST_SP_ID(x)		\
++			((u16)(FIELD_GET(GET_DST_SP_ID_MASK, (x))))
++
++/* Helper macro for setting the source partition ID */
++#define PREP_SRC_SP_ID_MASK		GENMASK(31, 16)
++#define PREP_SRC_SP_ID(x)		\
++			(FIELD_PREP(PREP_SRC_SP_ID_MASK, (x)))
++
++/* Helper macro for setting the destination endpoint ID */
++#define PREP_NS_PHYS_ENDPOINT_ID_MASK		GENMASK(15, 0)
++#define PREP_NS_PHYS_ENDPOINT_ID(x)		\
++			(FIELD_PREP(PREP_NS_PHYS_ENDPOINT_ID_MASK, (x)))
++
++/*  RX/TX buffers minimum size */
++#define RXTX_BUFFERS_MIN_SIZE (RXTX_4K)
++#define RXTX_BUFFERS_MIN_PAGES (1)
++
++/* MBZ registers info */
++
++/* x1-x7 MBZ */
++#define FFA_X1X7_MBZ_CNT (7)
++#define FFA_X1X7_MBZ_REG_START (&res->a1)
++
++/* x4-x7 MBZ */
++#define FFA_X4X7_MBZ_CNT (4)
++#define FFA_X4X7_MBZ_REG_START (&res->a4)
++
++/* x3-x7 MBZ */
++#define FFA_X3X7_MBZ_CNT (5)
++#define FFA_X3_MBZ_REG_START (&res->a3)
++
++/* secure partitions count */
++#define SANDBOX_PARTITIONS_CNT (4)
++
++/* service 1  UUID binary data (little-endian format) */
++#define SANDBOX_SERVICE1_UUID_A1	0xed32d533
++#define SANDBOX_SERVICE1_UUID_A2	0x99e64209
++#define SANDBOX_SERVICE1_UUID_A3	0x9cc02d72
++#define SANDBOX_SERVICE1_UUID_A4	0xcdd998a7
++
++/* service 2  UUID binary data (little-endian format) */
++#define SANDBOX_SERVICE2_UUID_A1	0xed32d544
++#define SANDBOX_SERVICE2_UUID_A2	0x99e64209
++#define SANDBOX_SERVICE2_UUID_A3	0x9cc02d72
++#define SANDBOX_SERVICE2_UUID_A4	0xcdd998a7
++
++/**
++ * struct ffa_rxtxpair_info - structure hosting the RX/TX buffers flags
++ * @rxbuf_owned:	RX buffer ownership flag (the owner is non secure world: the consumer)
++ * @rxbuf_mapped:	RX buffer mapping flag
++ * @txbuf_owned	TX buffer ownership flag
++ * @txbuf_mapped:	TX buffer mapping flag
++ * @rxtx_buf_size:	RX/TX buffers size as set by the FF-A core driver
++ *
++ * Data structure hosting the ownership/mapping flags of the RX/TX buffers
++ * When a buffer is owned/mapped its corresponding flag is set to 1 otherwise 0.
++ */
++struct ffa_rxtxpair_info {
++	u8 rxbuf_owned;
++	u8 rxbuf_mapped;
++	u8 txbuf_owned;
++	u8 txbuf_mapped;
++	u32 rxtx_buf_size;
++};
++
++/**
++ * struct sandbox_ffa_prvdata - the driver private data structure
++ *
++ * @dev:	The arm_ffa device under u-boot driver model
++ * @fwk_version:	FF-A framework version
++ * @id:	u-boot endpoint ID
++ * @partitions:	The partitions descriptors structure
++ * @pair:	The RX/TX buffers pair
++ * @pair_info:	The RX/TX buffers pair flags and size
++ * @conduit:	The selected conduit
++ *
++ * The driver data structure hosting all the emulated secure world data.
++ */
++struct sandbox_ffa_prvdata {
++	struct udevice *dev;
++	u32 fwk_version;
++	u16 id;
++	struct ffa_partitions partitions;
++	struct ffa_rxtxpair pair;
++	struct ffa_rxtxpair_info pair_info;
++};
++
++#define SANDBOX_SMC_FFA_ABI(ffabi) static int sandbox_##ffabi(ffa_value_t *pargs, ffa_value_t *res)
++
++#endif
+diff --git a/include/arm_ffa.h b/include/arm_ffa.h
+index f17b100497..665413a0c5 100644
+--- a/include/arm_ffa.h
++++ b/include/arm_ffa.h
+@@ -111,7 +111,7 @@ struct ffa_bus_ops {
+ const struct ffa_bus_ops * __ffa_runtime ffa_bus_ops_get(void);
+ 
+ /**
+- * ffa_bus_discover - discover FF-A bus and probes the arm_ffa device
++ * ffa_bus_discover - discover FF-A bus and probes the arm_ffa and sandbox_arm_ffa devices
+  */
+ int ffa_bus_discover(void);
+ 
+diff --git a/include/sandbox_arm_ffa.h b/include/sandbox_arm_ffa.h
+new file mode 100644
+index 0000000000..d5df16f282
+--- /dev/null
++++ b/include/sandbox_arm_ffa.h
+@@ -0,0 +1,91 @@
++/* SPDX-License-Identifier: GPL-2.0+ */
++/*
++ * (C) Copyright 2022 ARM Limited
++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
++ */
++
++#ifndef __SANDBOX_ARM_FFA_H
++#define __SANDBOX_ARM_FFA_H
++
++#include <arm_ffa.h>
++
++/**
++ * struct sandbox_smccc_1_2_regs - Arguments for or Results from emulated SMC call
++ * @a0-a17 argument values from registers 0 to 17
++ */
++struct sandbox_smccc_1_2_regs {
++	unsigned long a0;
++	unsigned long a1;
++	unsigned long a2;
++	unsigned long a3;
++	unsigned long a4;
++	unsigned long a5;
++	unsigned long a6;
++	unsigned long a7;
++	unsigned long a8;
++	unsigned long a9;
++	unsigned long a10;
++	unsigned long a11;
++	unsigned long a12;
++	unsigned long a13;
++	unsigned long a14;
++	unsigned long a15;
++	unsigned long a16;
++	unsigned long a17;
++};
++
++typedef struct sandbox_smccc_1_2_regs ffa_value_t;
++
++/* UUIDs of services supported by the sandbox driver */
++#define SANDBOX_SERVICE1_UUID	"ed32d533-4209-99e6-2d72-cdd998a79cc0"
++#define SANDBOX_SERVICE2_UUID	"ed32d544-4209-99e6-2d72-cdd998a79cc0"
++#define SANDBOX_SP1_ID 0x1245
++#define SANDBOX_SP2_ID 0x9836
++#define SANDBOX_SP3_ID 0x6452
++#define SANDBOX_SP4_ID 0x7814
++
++/* invalid service UUID (no matching SP) */
++#define SANDBOX_SERVICE3_UUID	"55d532ed-0942-e699-722d-c09ca798d9cd"
++
++/* invalid service UUID (invalid UUID string format) */
++#define SANDBOX_SERVICE4_UUID	"32ed-0942-e699-722d-c09ca798d9cd"
++
++#define SANDBOX_SP_COUNT_PER_VALID_SERVICE	2
++
++/**
++ * struct ffa_sandbox_data - generic data structure used to exchange
++ *						data between test cases and the sandbox driver
++ * @data0_size:	size of the first argument
++ * @data0:	pointer to the first argument
++ * @data1_size>:	size of the second argument
++ * @data1:	pointer to the second argument
++ *
++ * Using this structure sandbox test cases can pass various types of data with different sizes.
++ */
++struct ffa_sandbox_data {
++	u32 data0_size; /* size of the first argument */
++	void *data0; /* pointer to the first argument */
++	u32 data1_size; /* size of the second argument */
++	void *data1; /* pointer to the second argument */
++};
++
++/**
++ * The sandbox driver public functions
++ */
++
++/**
++ * sandbox_ffa_query_core_state - Queries the status of FF-A ABIs
++ */
++int sandbox_ffa_query_core_state(u32 queried_func_id, struct ffa_sandbox_data *func_data);
++
++/**
++ * sandbox_ffa_get_device - create, bind and probe the sandbox_arm_ffa device
++ */
++int sandbox_ffa_device_get(void);
++
++/**
++ * sandbox_arm_ffa_smccc_smc - FF-A SMC call emulation
++ */
++void sandbox_arm_ffa_smccc_smc(ffa_value_t args, ffa_value_t *res);
++
++#endif
+diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c
+index 0ec002ac8b..8fa9a58d76 100644
+--- a/lib/efi_loader/efi_boottime.c
++++ b/lib/efi_loader/efi_boottime.c
+@@ -2177,7 +2177,7 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle,
+ 		dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL);
+ 	}
+ 
+-#if CONFIG_IS_ENABLED(ARM_FFA_TRANSPORT)
++#if CONFIG_IS_ENABLED(ARM_FFA_TRANSPORT) && !CONFIG_IS_ENABLED(SANDBOX_FFA)
+ 		/* unmap FF-A RX/TX buffers */
+ 		if (ffa_bus_ops_get()->rxtx_unmap())
+ 			debug("[efi_boottime][ERROR]: can not unmap FF-A RX/TX buffers\n");
+-- 
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0012-arm_ffa-introduce-Sandbox-test-cases-for-UCLASS_FFA.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0012-arm_ffa-introduce-Sandbox-test-cases-for-UCLASS_FFA.patch
new file mode 100644
index 0000000..edc5ed6
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0012-arm_ffa-introduce-Sandbox-test-cases-for-UCLASS_FFA.patch
@@ -0,0 +1,455 @@
+From dbc51066367481b5a45ce24f91571f83a022576e Mon Sep 17 00:00:00 2001
+From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Date: Mon, 6 Jun 2022 17:26:06 +0100
+Subject: [PATCH 12/26] arm_ffa: introduce Sandbox test cases for UCLASS_FFA
+
+Add functional test cases for the FF-A core driver
+
+These tests rely on the FF-A Sandbox driver which helps in
+ inspecting the FF-A core driver.
+
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/]
+---
+
+Changelog:
+===============
+
+v4: align sandbox tests with the new FF-A driver interfaces
+ and new way of error handling
+
+v1: introduce sandbox tests
+
+ MAINTAINERS      |   1 +
+ test/dm/Makefile |   1 +
+ test/dm/ffa.c    | 394 +++++++++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 396 insertions(+)
+ create mode 100644 test/dm/ffa.c
+
+diff --git a/MAINTAINERS b/MAINTAINERS
+index 96157db6b6..e5b71b0ade 100644
+--- a/MAINTAINERS
++++ b/MAINTAINERS
+@@ -252,6 +252,7 @@ F:	doc/README.ffa.drv
+ F:	drivers/firmware/arm-ffa/
+ F:	include/arm_ffa.h
+ F:	include/sandbox_arm_ffa.h
++F:	test/dm/ffa.c
+ 
+ ARM FREESCALE IMX
+ M:	Stefano Babic <sbabic@denx.de>
+diff --git a/test/dm/Makefile b/test/dm/Makefile
+index f0a7c97e3d..f96f848046 100644
+--- a/test/dm/Makefile
++++ b/test/dm/Makefile
+@@ -79,6 +79,7 @@ obj-$(CONFIG_POWER_DOMAIN) += power-domain.o
+ obj-$(CONFIG_ACPI_PMC) += pmc.o
+ obj-$(CONFIG_DM_PMIC) += pmic.o
+ obj-$(CONFIG_DM_PWM) += pwm.o
++obj-$(CONFIG_SANDBOX_FFA) += ffa.o
+ obj-$(CONFIG_QFW) += qfw.o
+ obj-$(CONFIG_RAM) += ram.o
+ obj-y += regmap.o
+diff --git a/test/dm/ffa.c b/test/dm/ffa.c
+new file mode 100644
+index 0000000000..052d5fc3f4
+--- /dev/null
++++ b/test/dm/ffa.c
+@@ -0,0 +1,394 @@
++// SPDX-License-Identifier: GPL-2.0+
++/*
++ * Functional tests for UCLASS_FFA  class
++ *
++ * (C) Copyright 2022 ARM Limited
++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
++ */
++
++#include <common.h>
++#include <console.h>
++#include <dm.h>
++#include <dm/test.h>
++#include "../../drivers/firmware/arm-ffa/sandbox_arm_ffa_prv.h"
++#include <sandbox_arm_ffa.h>
++#include <test/test.h>
++#include <test/ut.h>
++
++/* Macros */
++
++#define LOG_MSG_SZ (100)
++#define LOG_CMD_SZ (LOG_MSG_SZ * 2)
++
++/* Functional tests for the UCLASS_FFA */
++
++static int dm_test_ffa_log(struct unit_test_state *uts, char *msg)
++{
++	char cmd[LOG_CMD_SZ] = {0};
++
++	console_record_reset();
++
++	snprintf(cmd, LOG_CMD_SZ, "echo \"%s\"", msg);
++	run_command(cmd, 0);
++
++	ut_assert_console_end();
++
++	return CMD_RET_SUCCESS;
++}
++
++static int check_fwk_version(struct ffa_prvdata *prvdata, struct sandbox_ffa_prvdata *sdx_prvdata,
++			     struct unit_test_state *uts)
++{
++	if (prvdata->fwk_version != sdx_prvdata->fwk_version) {
++		char msg[LOG_MSG_SZ] = {0};
++
++		snprintf(msg, LOG_MSG_SZ,
++			 "[%s]: Error: framework version: core = 0x%x , sandbox  = 0x%x", __func__,
++			 prvdata->fwk_version,
++			sdx_prvdata->fwk_version);
++
++		dm_test_ffa_log(uts, msg);
++		return CMD_RET_FAILURE;
++	}
++	return CMD_RET_SUCCESS;
++}
++
++static int check_endpoint_id(struct ffa_prvdata *prvdata, struct unit_test_state *uts)
++{
++	if (prvdata->id) {
++		char msg[LOG_MSG_SZ] = {0};
++
++		snprintf(msg, LOG_MSG_SZ,
++			 "[%s]: Error: endpoint id: core = 0x%x", __func__, prvdata->id);
++		dm_test_ffa_log(uts, msg);
++		return CMD_RET_FAILURE;
++	}
++	return CMD_RET_SUCCESS;
++}
++
++static int check_core_dev(struct ffa_prvdata *prvdata, struct unit_test_state *uts)
++{
++	if (!prvdata->dev) {
++		char msg[LOG_MSG_SZ] = {0};
++
++		snprintf(msg, LOG_MSG_SZ, "[%s]: Error: core device NULL", __func__);
++		dm_test_ffa_log(uts, msg);
++		return CMD_RET_FAILURE;
++	}
++	return CMD_RET_SUCCESS;
++}
++
++static int check_sandbox_dev(struct sandbox_ffa_prvdata *sdx_prvdata, struct unit_test_state *uts)
++{
++	if (!sdx_prvdata->dev) {
++		char msg[LOG_MSG_SZ] = {0};
++
++		snprintf(msg, LOG_MSG_SZ, "[%s]: Error: sandbox device NULL", __func__);
++		dm_test_ffa_log(uts, msg);
++		return CMD_RET_FAILURE;
++	}
++	return CMD_RET_SUCCESS;
++}
++
++static int check_rxtxbuf(struct ffa_prvdata *prvdata, struct unit_test_state *uts)
++{
++	if (!prvdata->pair.rxbuf && prvdata->pair.txbuf) {
++		char msg[LOG_MSG_SZ] = {0};
++
++		snprintf(msg, LOG_MSG_SZ, "[%s]: Error: rxbuf = 0x%llx txbuf = 0x%llx", __func__,
++			 prvdata->pair.rxbuf,
++			 prvdata->pair.txbuf);
++		dm_test_ffa_log(uts, msg);
++		return CMD_RET_FAILURE;
++	}
++	return CMD_RET_SUCCESS;
++}
++
++static int check_features(struct ffa_prvdata *prvdata, struct unit_test_state *uts)
++{
++	char msg[LOG_MSG_SZ] = {0};
++
++	if (prvdata->pair.rxtx_min_pages != RXTX_4K &&
++	    prvdata->pair.rxtx_min_pages != RXTX_16K &&
++	    prvdata->pair.rxtx_min_pages != RXTX_64K) {
++		snprintf(msg,
++			 LOG_MSG_SZ,
++			 "[%s]: Error: FFA_RXTX_MAP features = 0x%lx",
++			 __func__,
++			 prvdata->pair.rxtx_min_pages);
++		dm_test_ffa_log(uts, msg);
++		return CMD_RET_FAILURE;
++	}
++
++	return CMD_RET_SUCCESS;
++}
++
++static int check_rxbuf_mapped_flag(u32 queried_func_id,
++				   u8 rxbuf_mapped,
++				   struct unit_test_state *uts)
++{
++	char msg[LOG_MSG_SZ] = {0};
++
++	switch (queried_func_id) {
++	case FFA_RXTX_MAP:
++	{
++		if (rxbuf_mapped)
++			return CMD_RET_SUCCESS;
++		break;
++	}
++	case FFA_RXTX_UNMAP:
++	{
++		if (!rxbuf_mapped)
++			return CMD_RET_SUCCESS;
++		break;
++	}
++	default:
++		return CMD_RET_FAILURE;
++	}
++
++	snprintf(msg, LOG_MSG_SZ, "[%s]: Error: %s mapping issue", __func__,
++		 (queried_func_id == FFA_RXTX_MAP ? "FFA_RXTX_MAP" : "FFA_RXTX_UNMAP"));
++	dm_test_ffa_log(uts, msg);
++
++	return CMD_RET_FAILURE;
++}
++
++static int check_rxbuf_release_flag(u8 rxbuf_owned, struct unit_test_state *uts)
++{
++	if (rxbuf_owned) {
++		char msg[LOG_MSG_SZ] = {0};
++
++		snprintf(msg, LOG_MSG_SZ, "[%s]: Error: RX buffer not released", __func__);
++		dm_test_ffa_log(uts, msg);
++		return CMD_RET_FAILURE;
++	}
++	return CMD_RET_SUCCESS;
++}
++
++static int  test_ffa_msg_send_direct_req(u16 part_id, struct unit_test_state *uts)
++{
++	struct ffa_send_direct_data msg = {0};
++	u8 cnt;
++
++	ut_assertok(ffa_bus_ops_get()->sync_send_receive(part_id, &msg));
++
++	for (cnt = 0; cnt < sizeof(struct ffa_send_direct_data) / sizeof(u64); cnt++)
++		ut_assertok(((u64 *)&msg)[cnt] != 0xffffffffffffffff);
++
++	return CMD_RET_SUCCESS;
++}
++
++static int test_partitions_and_comms(const char *service_uuid,
++				     struct sandbox_ffa_prvdata *sdx_prvdata,
++				     struct unit_test_state *uts)
++{
++	u32 count = 0, size = 0;
++	struct ffa_partition_info *parts_info;
++	u32 info_idx, exp_info_idx;
++	int ret;
++
++	/*
++	 * get from the driver the count of the SPs matching the UUID
++	 */
++	ret = ffa_bus_ops_get()->partition_info_get(service_uuid, &count, NULL);
++	/* make sure partitions are detected */
++	ut_assertok(ret != 0);
++	ut_assertok(count != SANDBOX_SP_COUNT_PER_VALID_SERVICE);
++
++	/*
++	 * pre-allocate a buffer to be filled by the driver
++	 * with	 ffa_partition_info structs
++	 */
++
++	parts_info = calloc(count, sizeof(struct ffa_partition_info));
++	ut_assertok(!parts_info);
++
++	size = count * sizeof(struct ffa_partition_info);
++
++	/*
++	 * ask the driver to fill the buffer with the SPs info
++	 */
++	ret = ffa_bus_ops_get()->partition_info_get(service_uuid, &size, parts_info);
++	if (ret != 0) {
++		free(parts_info);
++		ut_assertok(ret != 0);
++	}
++
++	/*
++	 * SPs found , verify the partitions information
++	 */
++
++	ret = CMD_RET_FAILURE;
++
++	for (info_idx = 0; info_idx < count ; info_idx++) {
++		for (exp_info_idx = 0;
++		     exp_info_idx < sdx_prvdata->partitions.count;
++		     exp_info_idx++) {
++			if (parts_info[info_idx].id ==
++			   sdx_prvdata->partitions.descs[exp_info_idx].info.id) {
++				ret = memcmp(&parts_info[info_idx],
++					     &sdx_prvdata->partitions.descs[exp_info_idx]
++					     .info,
++					     sizeof(struct ffa_partition_info));
++				if (ret)
++					free(parts_info);
++				ut_assertok(ret != 0);
++				/* send and receive data from the current partition */
++				test_ffa_msg_send_direct_req(parts_info[info_idx].id, uts);
++			}
++			ret = CMD_RET_SUCCESS;
++		}
++	}
++
++	free(parts_info);
++
++	/* Verify  expected partitions found in the emulated secure world*/
++	ut_assertok(ret != CMD_RET_SUCCESS);
++
++	return CMD_RET_SUCCESS;
++}
++
++static int dm_test_ffa_ack(struct unit_test_state *uts)
++{
++	struct ffa_prvdata *prvdata = NULL;
++	struct sandbox_ffa_prvdata *sdx_prvdata = NULL;
++	struct ffa_sandbox_data func_data = {0};
++	u8 rxbuf_flag = 0;
++	const char *svc1_uuid = SANDBOX_SERVICE1_UUID;
++	const char *svc2_uuid = SANDBOX_SERVICE2_UUID;
++	int ret;
++
++	/*  test probing FF-A devices */
++	ut_assertok(ffa_bus_discover());
++
++	/* get a pointer to the FF-A core and sandbox drivers private data */
++	func_data.data0 = &prvdata;
++	func_data.data0_size = sizeof(prvdata);
++	func_data.data1 = &sdx_prvdata;
++	func_data.data1_size = sizeof(sdx_prvdata);
++
++	ut_assertok(sandbox_ffa_query_core_state(FFA_VERSION, &func_data));
++
++	/* make sure private data pointers are retrieved */
++	ut_assertok(prvdata == 0);
++	ut_assertok(sdx_prvdata == 0);
++
++	/* make sure dev devices created */
++	ut_assertok(check_core_dev(prvdata, uts));
++	ut_assertok(check_sandbox_dev(sdx_prvdata, uts));
++
++	/* test FFA_VERSION */
++	ut_assertok(check_fwk_version(prvdata, sdx_prvdata, uts));
++
++	/* test FFA_ID_GET */
++	ut_assertok(check_endpoint_id(prvdata, uts));
++
++	/* test FFA_FEATURES */
++	ut_assertok(check_features(prvdata, uts));
++
++	/*  test core RX/TX buffers */
++	ut_assertok(check_rxtxbuf(prvdata, uts));
++
++	/* test FFA_RXTX_MAP */
++	func_data.data0 = &rxbuf_flag;
++	func_data.data0_size = sizeof(rxbuf_flag);
++
++	rxbuf_flag = 0;
++	ut_assertok(sandbox_ffa_query_core_state(FFA_RXTX_MAP, &func_data));
++	ut_assertok(check_rxbuf_mapped_flag(FFA_RXTX_MAP, rxbuf_flag, uts));
++
++	/* FFA_PARTITION_INFO_GET / FFA_MSG_SEND_DIRECT_REQ */
++	ret = test_partitions_and_comms(svc1_uuid, sdx_prvdata, uts);
++	ut_assertok(ret != CMD_RET_SUCCESS);
++
++	/* test FFA_RX_RELEASE */
++	rxbuf_flag = 1;
++	ut_assertok(sandbox_ffa_query_core_state(FFA_RX_RELEASE, &func_data));
++	ut_assertok(check_rxbuf_release_flag(rxbuf_flag, uts));
++
++	/* FFA_PARTITION_INFO_GET / FFA_MSG_SEND_DIRECT_REQ */
++	ret = test_partitions_and_comms(svc2_uuid, sdx_prvdata, uts);
++	ut_assertok(ret != CMD_RET_SUCCESS);
++
++	/* test FFA_RX_RELEASE */
++	rxbuf_flag = 1;
++	ut_assertok(sandbox_ffa_query_core_state(FFA_RX_RELEASE, &func_data));
++	ut_assertok(check_rxbuf_release_flag(rxbuf_flag, uts));
++
++	/* test FFA_RXTX_UNMAP */
++	ut_assertok(ffa_bus_ops_get()->rxtx_unmap());
++
++	rxbuf_flag = 1;
++	ut_assertok(sandbox_ffa_query_core_state(FFA_RXTX_UNMAP, &func_data));
++	ut_assertok(check_rxbuf_mapped_flag(FFA_RXTX_UNMAP, rxbuf_flag, uts));
++
++	return CMD_RET_SUCCESS;
++}
++
++DM_TEST(dm_test_ffa_ack, UT_TESTF_SCAN_FDT | UT_TESTF_CONSOLE_REC);
++
++static int dm_test_ffa_nack(struct unit_test_state *uts)
++{
++	struct ffa_prvdata *prvdata = NULL;
++	struct sandbox_ffa_prvdata *sdx_prvdata = NULL;
++	struct ffa_sandbox_data func_data = {0};
++	const char *valid_svc_uuid = SANDBOX_SERVICE1_UUID;
++	const char *unvalid_svc_uuid = SANDBOX_SERVICE3_UUID;
++	const char *unvalid_svc_uuid_str = SANDBOX_SERVICE4_UUID;
++	struct ffa_send_direct_data msg = {0};
++	int ret;
++	u32 count = 0;
++	u16 part_id = 0;
++
++	/*  test probing FF-A devices */
++	ut_assertok(ffa_bus_discover());
++
++	/* get a pointer to the FF-A core and sandbox drivers private data */
++	func_data.data0 = &prvdata;
++	func_data.data0_size = sizeof(prvdata);
++	func_data.data1 = &sdx_prvdata;
++	func_data.data1_size = sizeof(sdx_prvdata);
++
++	ut_assertok(sandbox_ffa_query_core_state(FFA_VERSION, &func_data));
++
++	/* make sure private data pointers are retrieved */
++	ut_assertok(prvdata == 0);
++	ut_assertok(sdx_prvdata == 0);
++
++	/* make sure dev devices created */
++	ut_assertok(check_core_dev(prvdata, uts));
++	ut_assertok(check_sandbox_dev(sdx_prvdata, uts));
++
++	/* query partitions count using  invalid arguments  */
++	ret = ffa_bus_ops_get()->partition_info_get(unvalid_svc_uuid, NULL, NULL);
++	ut_assertok(ret != -EINVAL);
++
++	/* query partitions count using an invalid UUID  string */
++	ret = ffa_bus_ops_get()->partition_info_get(unvalid_svc_uuid_str, &count, NULL);
++	ut_assertok(ret != -EINVAL);
++
++	/* query partitions count using an invalid UUID (no matching SP) */
++	count = 0;
++	ret = ffa_bus_ops_get()->partition_info_get(unvalid_svc_uuid, &count, NULL);
++	ut_assertok(count != 0);
++
++	/* query partitions count using a valid UUID  */
++	count = 0;
++	ret = ffa_bus_ops_get()->partition_info_get(valid_svc_uuid, &count, NULL);
++	/* make sure partitions are detected */
++	ut_assertok(ret != 0);
++	ut_assertok(count != SANDBOX_SP_COUNT_PER_VALID_SERVICE);
++
++	/* send data to an invalid partition */
++	ret = ffa_bus_ops_get()->sync_send_receive(part_id, &msg);
++	ut_assertok(ret != -EINVAL);
++
++	/* send data to a valid partition */
++	part_id = prvdata->partitions.descs[0].info.id;
++	ret = ffa_bus_ops_get()->sync_send_receive(part_id, &msg);
++	ut_assertok(ret != 0);
++
++	return CMD_RET_SUCCESS;
++}
++
++DM_TEST(dm_test_ffa_nack, UT_TESTF_SCAN_FDT | UT_TESTF_CONSOLE_REC);
+-- 
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-arm_ffa-introduce-armffa-command-Sandbox-test.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-arm_ffa-introduce-armffa-command-Sandbox-test.patch
new file mode 100644
index 0000000..9722677
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-arm_ffa-introduce-armffa-command-Sandbox-test.patch
@@ -0,0 +1,94 @@
+From 5be8c1d52045cbdc1adf79299792a6a49fef66c3 Mon Sep 17 00:00:00 2001
+From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Date: Mon, 6 Jun 2022 17:30:44 +0100
+Subject: [PATCH 13/26] arm_ffa: introduce armffa command Sandbox test
+
+Add Sandbox test for the armffa command
+
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/]
+---
+
+Changelog:
+===============
+
+v4: drop use of helper APIs
+
+v1: introduce armffa command sandbox test
+
+ MAINTAINERS       |  1 +
+ test/cmd/Makefile |  1 +
+ test/cmd/armffa.c | 40 ++++++++++++++++++++++++++++++++++++++++
+ 3 files changed, 42 insertions(+)
+ create mode 100644 test/cmd/armffa.c
+
+diff --git a/MAINTAINERS b/MAINTAINERS
+index e5b71b0ade..505fffff14 100644
+--- a/MAINTAINERS
++++ b/MAINTAINERS
+@@ -252,6 +252,7 @@ F:	doc/README.ffa.drv
+ F:	drivers/firmware/arm-ffa/
+ F:	include/arm_ffa.h
+ F:	include/sandbox_arm_ffa.h
++F:	test/cmd/armffa.c
+ F:	test/dm/ffa.c
+ 
+ ARM FREESCALE IMX
+diff --git a/test/cmd/Makefile b/test/cmd/Makefile
+index a59adb1e6d..d9dc0809d6 100644
+--- a/test/cmd/Makefile
++++ b/test/cmd/Makefile
+@@ -11,3 +11,4 @@ obj-$(CONFIG_CMD_MEM_SEARCH) += mem_search.o
+ obj-$(CONFIG_CMD_PINMUX) += pinmux.o
+ obj-$(CONFIG_CMD_PWM) += pwm.o
+ obj-$(CONFIG_CMD_SETEXPR) += setexpr.o
++obj-$(CONFIG_SANDBOX_FFA) += armffa.o
+diff --git a/test/cmd/armffa.c b/test/cmd/armffa.c
+new file mode 100644
+index 0000000000..531f82066e
+--- /dev/null
++++ b/test/cmd/armffa.c
+@@ -0,0 +1,40 @@
++// SPDX-License-Identifier: GPL-2.0+
++/*
++ * Test for armffa command
++ *
++ * (C) Copyright 2022 ARM Limited
++ * Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
++ */
++
++#include <common.h>
++#include <dm.h>
++#include <dm/test.h>
++#include <sandbox_arm_ffa.h>
++#include <string.h>
++#include <test/test.h>
++#include <test/ut.h>
++
++#define PING_CMD_SIZE 19
++
++/* Basic test of 'armffa' command */
++static int dm_test_armffa_cmd(struct unit_test_state *uts)
++{
++	char ping_cmd[PING_CMD_SIZE] = {0};
++
++	ut_assertok(ffa_bus_discover());
++
++	/* armffa getpart <UUID> */
++	ut_assertok(run_command("armffa getpart " SANDBOX_SERVICE1_UUID, 0));
++
++	snprintf(ping_cmd, PING_CMD_SIZE, "armffa ping 0x%x", SANDBOX_SP1_ID);
++
++	/* armffa ping <ID> */
++	ut_assertok(run_command(ping_cmd, 0));
++
++	/* armffa devlist */
++	ut_assertok(run_command("armffa devlist", 0));
++
++	return CMD_RET_SUCCESS;
++}
++
++DM_TEST(dm_test_armffa_cmd, UT_TESTF_SCAN_FDT | UT_TESTF_CONSOLE_REC);
+-- 
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-corstone1000-Make-sure-shared-buffer-contents-are-no.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-corstone1000-Make-sure-shared-buffer-contents-are-no.patch
deleted file mode 100644
index 2caeb58..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0013-corstone1000-Make-sure-shared-buffer-contents-are-no.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 370422921b2a3f4f7b73ce5b08820c24e82bba19 Mon Sep 17 00:00:00 2001
-From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-Date: Thu, 18 Nov 2021 16:42:59 +0000
-Subject: [PATCH 13/24] corstone1000: Make sure shared buffer contents are not
- cached
-
-After updating the shared buffer, it is required to flush the cache
-to ensure that the secure world sees expected the shared buffer
-contents.
-
-The MM communication shared buffer is configured in device region of optee
-which has cache disabled. So we need to invalidate the cache every time we
-update the buffer on uboot otherwise the secure world does not see the
-accurate values.
-
-Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-%% original patch: 0027-Make-sure-shared-buffer-contents-are-not-cached.patch
-
-%% original patch: 0027-Make-sure-shared-buffer-contents-are-not-cached.patch
-
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- lib/efi_loader/efi_variable_tee.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c
-index 9cb8cfb9c779..b6be2b54a030 100644
---- a/lib/efi_loader/efi_variable_tee.c
-+++ b/lib/efi_loader/efi_variable_tee.c
-@@ -22,6 +22,7 @@
- #if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT))
- 
- #include <arm_ffa_helper.h>
-+#include <cpu_func.h>
- #include <mapmem.h>
- 
- /* MM return codes */
-@@ -335,6 +336,11 @@ static efi_status_t __efi_runtime ffa_mm_communicate(void *comm_buf, ulong comm_
- 	virt_shared_buf = (void *)map_sysmem((phys_addr_t)FFA_SHARED_MM_BUFFER_ADDR, 0);
- 	efi_memcpy_runtime(virt_shared_buf, comm_buf, tx_data_size);
- 
-+	/* The secure world has cache disabled for device region which we use for shared buffer
-+	So, the secure world reads the data from DDR. Let's flush the cache so the DDR is
-+	updated with the latest data */
-+	invalidate_dcache_all();
-+
- 	/* Announce there is data in the shared buffer */
- 
- 	ffa_ret = ffa_notify_mm_sp();
--- 
-2.37.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0014-arm_ffa-introduce-FF-A-MM-communication.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0014-arm_ffa-introduce-FF-A-MM-communication.patch
new file mode 100644
index 0000000..04e5557
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0014-arm_ffa-introduce-FF-A-MM-communication.patch
@@ -0,0 +1,540 @@
+From b3c7d84dcde6ee1cbc13e10664d24ffa220f5fb3 Mon Sep 17 00:00:00 2001
+From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Date: Mon, 15 Aug 2022 15:12:49 +0100
+Subject: [PATCH 14/26] arm_ffa: introduce FF-A MM communication
+
+Add MM communication support using FF-A transport
+
+Access an SP's service through EFI MM communication protocol.
+
+This feature allows accessing MM partitions services through
+EFI MM communication protocol. MM partitions such as StandAlonneMM
+or smm-gateway secure partitions which reside in secure world.
+
+An MM shared buffer and a door bell event are used to exchange
+the data.
+
+The data is used by EFI services such as GetVariable()/SetVariable()
+and copied from the communication buffer to the MM shared buffer.
+
+The secure partition is notified about availability of data in the
+MM shared buffer by an FF-A message (door bell).
+
+On such event, MM SP can read the data and updates the MM shared
+buffer with the response data.
+
+The response data is copied back to the communication buffer and
+consumed by the EFI subsystem.
+
+FF-A driver private data is copied to EFI runtime section at
+ExitBootServices(). This garantees secure world partitions data are
+available at EFI runtime level.
+
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
+Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/]
+---
+
+Changelog:
+===============
+
+v4:
+
+* use the new FF-A driver interfaces
+* discover MM partitions at runtime
+* copy FF-A driver private data to EFI runtime section at
+  ExitBootServices()
+* drop use of FFA_ERR_STAT_SUCCESS error code
+* replace EFI_BUFFER_TOO_SMALL by EFI_OUT_OF_RESOURCES
+  in ffa_mm_communicate(). No need for efi_memcpy_runtime() anymore
+* revert the error log in mm_communicate() in case of failure
+* remove packed attribute from efi_mm_communicate_header and
+  smm_variable_communicate_header
+
+v2:
+
+* set default values to 0 for FFA_SHARED_MM_BUFFER_SIZE, FFA_SHARED_MM_BUFFER_ADDR and MM_SP_UUID_DATA and add warnings
+
+v1:
+
+* introduce FF-A MM communication
+
+ arch/arm/cpu/armv8/cache.S        |  16 ++
+ arch/arm/cpu/armv8/cache_v8.c     |   3 +-
+ include/mm_communication.h        |   7 +-
+ lib/efi_loader/Kconfig            |  14 +-
+ lib/efi_loader/efi_boottime.c     |   7 +
+ lib/efi_loader/efi_variable_tee.c | 261 +++++++++++++++++++++++++++++-
+ 6 files changed, 299 insertions(+), 9 deletions(-)
+
+diff --git a/arch/arm/cpu/armv8/cache.S b/arch/arm/cpu/armv8/cache.S
+index d1cee23437..f69ef64ed6 100644
+--- a/arch/arm/cpu/armv8/cache.S
++++ b/arch/arm/cpu/armv8/cache.S
+@@ -21,7 +21,11 @@
+  * x1: 0 clean & invalidate, 1 invalidate only
+  * x2~x9: clobbered
+  */
++#ifdef CONFIG_EFI_LOADER
++.pushsection .text.efi_runtime, "ax"
++#else
+ .pushsection .text.__asm_dcache_level, "ax"
++#endif
+ ENTRY(__asm_dcache_level)
+ 	lsl	x12, x0, #1
+ 	msr	csselr_el1, x12		/* select cache level */
+@@ -65,7 +69,11 @@ ENDPROC(__asm_dcache_level)
+  *
+  * flush or invalidate all data cache by SET/WAY.
+  */
++#ifdef CONFIG_EFI_LOADER
++.pushsection .text.efi_runtime, "ax"
++#else
+ .pushsection .text.__asm_dcache_all, "ax"
++#endif
+ ENTRY(__asm_dcache_all)
+ 	mov	x1, x0
+ 	dsb	sy
+@@ -109,7 +117,11 @@ ENTRY(__asm_flush_dcache_all)
+ ENDPROC(__asm_flush_dcache_all)
+ .popsection
+ 
++#ifdef CONFIG_EFI_LOADER
++.pushsection .text.efi_runtime, "ax"
++#else
+ .pushsection .text.__asm_invalidate_dcache_all, "ax"
++#endif
+ ENTRY(__asm_invalidate_dcache_all)
+ 	mov	x0, #0x1
+ 	b	__asm_dcache_all
+@@ -182,7 +194,11 @@ ENTRY(__asm_invalidate_icache_all)
+ ENDPROC(__asm_invalidate_icache_all)
+ .popsection
+ 
++#ifdef CONFIG_EFI_LOADER
++.pushsection .text.efi_runtime, "ax"
++#else
+ .pushsection .text.__asm_invalidate_l3_dcache, "ax"
++#endif
+ WEAK(__asm_invalidate_l3_dcache)
+ 	mov	x0, #0			/* return status as success */
+ 	ret
+diff --git a/arch/arm/cpu/armv8/cache_v8.c b/arch/arm/cpu/armv8/cache_v8.c
+index e4736e5643..afbc487fa1 100644
+--- a/arch/arm/cpu/armv8/cache_v8.c
++++ b/arch/arm/cpu/armv8/cache_v8.c
+@@ -9,6 +9,7 @@
+ 
+ #include <common.h>
+ #include <cpu_func.h>
++#include <efi_loader.h>
+ #include <hang.h>
+ #include <log.h>
+ #include <asm/cache.h>
+@@ -445,7 +446,7 @@ __weak void mmu_setup(void)
+ /*
+  * Performs a invalidation of the entire data cache at all levels
+  */
+-void invalidate_dcache_all(void)
++void __efi_runtime invalidate_dcache_all(void)
+ {
+ 	__asm_invalidate_dcache_all();
+ 	__asm_invalidate_l3_dcache();
+diff --git a/include/mm_communication.h b/include/mm_communication.h
+index e65fbde60d..32dc5dbac8 100644
+--- a/include/mm_communication.h
++++ b/include/mm_communication.h
+@@ -13,6 +13,9 @@
+ 
+ #include <part_efi.h>
+ 
++/* MM service UUID string (big-endian format). This UUID is  common across all MM SPs */
++#define MM_SP_UUID	"33d532ed-e699-0942-c09c-a798d9cd722d"
++
+ /*
+  * Interface to the pseudo Trusted Application (TA), which provides a
+  * communication channel with the Standalone MM (Management Mode)
+@@ -43,7 +46,7 @@
+  * To avoid confusion in interpreting frames, the communication buffer should
+  * always begin with efi_mm_communicate_header.
+  */
+-struct __packed efi_mm_communicate_header {
++struct efi_mm_communicate_header {
+ 	efi_guid_t header_guid;
+ 	size_t     message_len;
+ 	u8         data[];
+@@ -145,7 +148,7 @@ struct smm_variable_communicate_header {
+  * Defined in EDK2 as SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE.
+  *
+  */
+-struct smm_variable_access {
++struct __packed smm_variable_access {
+ 	efi_guid_t  guid;
+ 	efi_uintn_t data_size;
+ 	efi_uintn_t name_size;
+diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
+index e3f2402d0e..2a6d70f862 100644
+--- a/lib/efi_loader/Kconfig
++++ b/lib/efi_loader/Kconfig
+@@ -60,13 +60,23 @@ config EFI_VARIABLE_FILE_STORE
+ 	  stored as file /ubootefi.var on the EFI system partition.
+ 
+ config EFI_MM_COMM_TEE
+-	bool "UEFI variables storage service via OP-TEE"
+-	depends on OPTEE
++	bool "UEFI variables storage service via the trusted world"
++	depends on OPTEE || ARM_FFA_TRANSPORT
+ 	help
++	  Allowing access to the MM SP services (SPs such as  StandAlonneMM, smm-gateway).
++	  When using the u-boot OP-TEE driver, StandAlonneMM is supported.
++	  When using the u-boot FF-A  driver any MM SP is supported.
++
+ 	  If OP-TEE is present and running StandAloneMM, dispatch all UEFI
+ 	  variable related operations to that. The application will verify,
+ 	  authenticate and store the variables on an RPMB.
+ 
++	  When ARM_FFA_TRANSPORT is used, dispatch all UEFI variable related
++	  operations to the MM SP running in the secure world.
++	  A door bell mechanism is used to notify the SP when there is data in the shared
++	  MM buffer. The data is copied by u-boot to the shared buffer before issuing
++	  the door bell event.
++
+ config EFI_VARIABLE_NO_STORE
+ 	bool "Don't persist non-volatile UEFI variables"
+ 	help
+diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c
+index 8fa9a58d76..cede7826bd 100644
+--- a/lib/efi_loader/efi_boottime.c
++++ b/lib/efi_loader/efi_boottime.c
+@@ -2185,6 +2185,13 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle,
+ 			debug("[efi_boottime][INFO]: FF-A RX/TX buffers unmapped\n");
+ #endif
+ 
++#if CONFIG_IS_ENABLED(ARM_FFA_EFI_RUNTIME_MODE) && !CONFIG_IS_ENABLED(SANDBOX_FFA)
++		if (ffa_copy_runtime_data())
++			printf("ERROR: EFI: FFA: copying runtime data\n");
++		else
++			printf("INFO: EFI: FFA: runtime data copied\n");
++#endif
++
+ 	/* Patch out unsupported runtime function */
+ 	efi_runtime_detach();
+ 
+diff --git a/lib/efi_loader/efi_variable_tee.c b/lib/efi_loader/efi_variable_tee.c
+index dfef18435d..7d9d577281 100644
+--- a/lib/efi_loader/efi_variable_tee.c
++++ b/lib/efi_loader/efi_variable_tee.c
+@@ -15,6 +15,36 @@
+ #include <malloc.h>
+ #include <mm_communication.h>
+ 
++#if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT))
++
++#include <arm_ffa.h>
++#include <cpu_func.h>
++#include <mapmem.h>
++
++#ifndef FFA_SHARED_MM_BUFFER_SIZE
++#warning "FFA_SHARED_MM_BUFFER_SIZE must be defined in include/configs/<board>.h"
++#define FFA_SHARED_MM_BUFFER_SIZE 0
++#endif
++
++#ifndef FFA_SHARED_MM_BUFFER_OFFSET
++#warning "FFA_SHARED_MM_BUFFER_OFFSET must be defined in include/configs/<board>.h"
++#define FFA_SHARED_MM_BUFFER_OFFSET 0
++#endif
++
++#ifndef FFA_SHARED_MM_BUFFER_ADDR
++#warning "FFA_SHARED_MM_BUFFER_ADDR must be defined in include/configs/<board>.h"
++#define FFA_SHARED_MM_BUFFER_ADDR 0
++#endif
++
++/* MM return codes */
++#define MM_SUCCESS (0)
++
++const char *mm_sp_svc_uuid = MM_SP_UUID;
++
++static __efi_runtime_data u16 mm_sp_id;
++
++#endif
++
+ extern struct efi_var_file __efi_runtime_data *efi_var_buf;
+ static efi_uintn_t max_buffer_size;	/* comm + var + func + data */
+ static efi_uintn_t max_payload_size;	/* func + data */
+@@ -24,6 +54,7 @@ struct mm_connection {
+ 	u32 session;
+ };
+ 
++#if (IS_ENABLED(CONFIG_OPTEE))
+ /**
+  * get_connection() - Retrieve OP-TEE session for a specific UUID.
+  *
+@@ -143,16 +174,227 @@ static efi_status_t optee_mm_communicate(void *comm_buf, ulong dsize)
+ 
+ 	return ret;
+ }
++#endif
++
++#if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT))
+ 
+ /**
+- * mm_communicate() - Adjust the cmonnucation buffer to StandAlonneMM and send
++ * ffa_notify_mm_sp() - Announce there is data in the shared buffer
++ *
++ * Notifies the MM partition in the trusted world that
++ * data is available in the shared buffer.
++ * This is a blocking call during which trusted world has exclusive access
++ * to the MM shared buffer.
++ *
++ * Return:
++ *
++ * 0 on success
++ */
++static int __efi_runtime ffa_notify_mm_sp(void)
++{
++	struct ffa_send_direct_data msg = {0};
++	int ret;
++	int sp_event_ret = -1;
++
++	if (!ffa_bus_ops_get())
++		return -EINVAL;
++
++	msg.data0 = FFA_SHARED_MM_BUFFER_OFFSET; /* x3 */
++
++	ret = ffa_bus_ops_get()->sync_send_receive(mm_sp_id, &msg);
++	if (ret != 0)
++		return ret;
++
++	sp_event_ret = msg.data0; /* x3 */
++
++	if (sp_event_ret == MM_SUCCESS)
++		return 0;
++
++	/*
++	 * Failure to notify the MM SP
++	 */
++
++	return -EACCES;
++}
++
++/**
++ * ffa_discover_mm_sp_id() - Query the MM partition ID
++ *
++ * Use the FF-A driver to get the MM partition ID.
++ * If multiple partitions are found, use the first one.
++ * This is a boot time function.
++ *
++ * Return:
++ *
++ * 0 on success
++ */
++static int ffa_discover_mm_sp_id(void)
++{
++	u32 count = 0, size = 0;
++	int ret;
++	struct ffa_partition_info *parts_info;
++
++	if (!ffa_bus_ops_get())
++		return -EINVAL;
++
++	/*
++	 * get from the driver the count of the SPs matching the UUID
++	 */
++	ret = ffa_bus_ops_get()->partition_info_get(mm_sp_svc_uuid, &count, NULL);
++	if (ret != 0) {
++		log_err("EFI: Failure in querying partitions count (error code: %d)\n", ret);
++		return ret;
++	}
++
++	if (!count) {
++		log_info("EFI: No MM partition found\n");
++		return ret;
++	}
++
++	/*
++	 * pre-allocate a buffer to be filled by the driver
++	 * with	 ffa_partition_info structs
++	 */
++
++	log_info("EFI: Pre-allocating %d partition(s) info structures\n", count);
++
++	parts_info = calloc(count, sizeof(struct ffa_partition_info));
++	if (!parts_info)
++		return -EINVAL;
++
++	size = count * sizeof(struct ffa_partition_info);
++
++	/*
++	 * ask the driver to fill the
++	 * buffer with the SPs info
++	 */
++	ret = ffa_bus_ops_get()->partition_info_get(mm_sp_svc_uuid, &size, parts_info);
++	if (ret != 0) {
++		log_err("EFI: Failure in querying partition(s) info (error code: %d)\n", ret);
++		free(parts_info);
++		return ret;
++	}
++
++	/*
++	 * MM SPs found , use the first one
++	 */
++
++	mm_sp_id = parts_info[0].id;
++
++	log_info("EFI: MM partition ID 0x%x\n", mm_sp_id);
++
++	free(parts_info);
++
++	return 0;
++}
++
++/**
++ * ffa_mm_communicate() - Exchange EFI services data with  the MM partition using FF-A
++ * @comm_buf:		locally allocated communication buffer used for rx/tx
++ * @dsize:				communication buffer size
++ *
++ * Issues a door bell event to notify the MM partition (SP) running in OP-TEE
++ * that there is data to read from the shared buffer.
++ * Communication with the MM SP is performed using FF-A transport.
++ * On the event, MM SP can read the data from the buffer and
++ * update the MM shared buffer with response data.
++ * The response data is copied back to the communication buffer.
++ *
++ * Return:
++ *
++ * EFI status code
++ */
++static efi_status_t __efi_runtime ffa_mm_communicate(void *comm_buf, ulong comm_buf_size)
++{
++	ulong tx_data_size;
++	int ffa_ret;
++	struct efi_mm_communicate_header *mm_hdr;
++	void *virt_shared_buf;
++
++	if (!comm_buf)
++		return EFI_INVALID_PARAMETER;
++
++	/* Discover MM partition ID at boot time */
++	if (!mm_sp_id && ffa_discover_mm_sp_id()  != 0) {
++		log_err("EFI: Failure to discover MM partition ID at boot time\n");
++		return EFI_UNSUPPORTED;
++	}
++
++	mm_hdr = (struct efi_mm_communicate_header *)comm_buf;
++	tx_data_size = mm_hdr->message_len + sizeof(efi_guid_t) + sizeof(size_t);
++
++	if (comm_buf_size != tx_data_size || tx_data_size > FFA_SHARED_MM_BUFFER_SIZE)
++		return EFI_INVALID_PARAMETER;
++
++	/* Copy the data to the shared buffer */
++
++	virt_shared_buf = (void *)map_sysmem((phys_addr_t)FFA_SHARED_MM_BUFFER_ADDR, 0);
++	efi_memcpy_runtime(virt_shared_buf, comm_buf, tx_data_size);
++
++	/*
++	 * The secure world might have cache disabled for
++	 * the device region used for shared buffer (which is the case for Optee).
++	 * In this case, the secure world reads the data from DRAM.
++	 * Let's flush the cache so the DRAM is updated with the latest data.
++	 */
++	#ifdef CONFIG_ARM64
++	invalidate_dcache_all();
++	#endif
++
++	/* Announce there is data in the shared buffer */
++
++	ffa_ret = ffa_notify_mm_sp();
++	if (ffa_ret)
++		unmap_sysmem(virt_shared_buf);
++
++	switch (ffa_ret) {
++	case 0:
++	{
++		ulong rx_data_size;
++		/* Copy the MM SP response from the shared buffer to the communication buffer */
++		rx_data_size = ((struct efi_mm_communicate_header *)virt_shared_buf)->message_len +
++			sizeof(efi_guid_t) +
++			sizeof(size_t);
++
++		if (rx_data_size > comm_buf_size) {
++			unmap_sysmem(virt_shared_buf);
++			return EFI_OUT_OF_RESOURCES;
++		}
++
++		efi_memcpy_runtime(comm_buf, virt_shared_buf, rx_data_size);
++		unmap_sysmem(virt_shared_buf);
++
++		return EFI_SUCCESS;
++	}
++	case -EINVAL:
++		return EFI_DEVICE_ERROR;
++	case -EPERM:
++		return EFI_INVALID_PARAMETER;
++	case -EACCES:
++		return EFI_ACCESS_DENIED;
++	case -EBUSY:
++		return EFI_OUT_OF_RESOURCES;
++	default:
++		return EFI_ACCESS_DENIED;
++	}
++}
++#endif
++
++/**
++ * mm_communicate() - Adjust the communication buffer to the MM SP and send
+  * it to OP-TEE
+  *
+- * @comm_buf:		locally allocted communcation buffer
++ * @comm_buf:		locally allocated communication buffer
+  * @dsize:		buffer size
++ *
++ * The MM SP (also called partition) can be StandAlonneMM or smm-gateway.
++ * The comm_buf format is the same for both partitions.
++ * When using the u-boot OP-TEE driver, StandAlonneMM is supported.
++ * When using the u-boot FF-A  driver, StandAlonneMM and smm-gateway are supported.
++ *
+  * Return:		status code
+  */
+-static efi_status_t mm_communicate(u8 *comm_buf, efi_uintn_t dsize)
++static efi_status_t __efi_runtime mm_communicate(u8 *comm_buf, efi_uintn_t dsize)
+ {
+ 	efi_status_t ret;
+ 	struct efi_mm_communicate_header *mm_hdr;
+@@ -162,7 +404,11 @@ static efi_status_t mm_communicate(u8 *comm_buf, efi_uintn_t dsize)
+ 	mm_hdr = (struct efi_mm_communicate_header *)comm_buf;
+ 	var_hdr = (struct smm_variable_communicate_header *)mm_hdr->data;
+ 
++	#if (IS_ENABLED(CONFIG_OPTEE))
+ 	ret = optee_mm_communicate(comm_buf, dsize);
++	#elif (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT))
++	ret = ffa_mm_communicate(comm_buf, dsize);
++	#endif
+ 	if (ret != EFI_SUCCESS) {
+ 		log_err("%s failed!\n", __func__);
+ 		return ret;
+@@ -258,6 +504,13 @@ efi_status_t EFIAPI get_max_payload(efi_uintn_t *size)
+ 		goto out;
+ 	}
+ 	*size = var_payload->size;
++
++	#if (IS_ENABLED(CONFIG_ARM_FFA_TRANSPORT))
++		if (*size > FFA_SHARED_MM_BUFFER_SIZE)
++			*size = FFA_SHARED_MM_BUFFER_SIZE - MM_COMMUNICATE_HEADER_SIZE	-
++				MM_VARIABLE_COMMUNICATE_SIZE;
++	#endif
++
+ 	/*
+ 	 * There seems to be a bug in EDK2 miscalculating the boundaries and
+ 	 * size checks, so deduct 2 more bytes to fulfill this requirement. Fix
+@@ -697,7 +950,7 @@ void efi_variables_boot_exit_notify(void)
+ 		ret = EFI_NOT_FOUND;
+ 
+ 	if (ret != EFI_SUCCESS)
+-		log_err("Unable to notify StMM for ExitBootServices\n");
++		log_err("Unable to notify the MM partition for ExitBootServices\n");
+ 	free(comm_buf);
+ 
+ 	/*
+-- 
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0010-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch
similarity index 65%
rename from meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0010-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch
index 8cab40c..dcc3ea7 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0010-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch
@@ -1,7 +1,7 @@
-From c0b01dff84d74f1b5aaff0d9b594e0aaec16c744 Mon Sep 17 00:00:00 2001
+From 01d1487cebc37834e2a5d259e0417a610539a0f5 Mon Sep 17 00:00:00 2001
 From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-Date: Tue, 2 Nov 2021 16:44:39 +0000
-Subject: [PATCH 10/24] arm_ffa: corstone1000: enable FF-A and MM support
+Date: Thu, 9 Jun 2022 12:47:35 +0100
+Subject: [PATCH 15/26] arm_ffa: corstone1000: enable FF-A and MM support
 
 This commit allows corstone1000 platform to perform
 MM communication between u-boot and the secure world
@@ -9,38 +9,33 @@
 
 Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
 Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Upstream-Status: Submitted [cover letter: https://lore.kernel.org/all/20220926101723.9965-1-abdellatif.elkhlifi@arm.com/]
 ---
- configs/corstone1000_defconfig |  1 +
- include/configs/corstone1000.h | 15 +++++++++++++++
- 2 files changed, 16 insertions(+)
+ configs/corstone1000_defconfig | 2 ++
+ include/configs/corstone1000.h | 9 +++++++++
+ 2 files changed, 11 insertions(+)
 
 diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
-index e573fe6fe6a2..b042d4e49419 100644
+index e573fe6fe6..c299dda49f 100644
 --- a/configs/corstone1000_defconfig
 +++ b/configs/corstone1000_defconfig
-@@ -44,6 +44,7 @@ CONFIG_USB=y
+@@ -44,6 +44,8 @@ CONFIG_USB=y
  CONFIG_DM_USB=y
  CONFIG_USB_ISP1760=y
  CONFIG_USB_STORAGE=y
 +CONFIG_ARM_FFA_TRANSPORT=y
++CONFIG_ARM_FFA_EFI_RUNTIME_MODE=y
  CONFIG_EFI_MM_COMM_TEE=y
  # CONFIG_OPTEE is not set
  # CONFIG_GENERATE_SMBIOS_TABLE is not set
 diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h
-index 8ba0effb0ab2..afc9ccfc192b 100644
+index 8ba0effb0a..5960c6b4be 100644
 --- a/include/configs/corstone1000.h
 +++ b/include/configs/corstone1000.h
-@@ -14,6 +14,21 @@
+@@ -14,6 +14,15 @@
  
  #include <linux/sizes.h>
  
-+/* MM SP UUID binary data (little-endian format) */
-+#define MM_SP_UUID_DATA	\
-+	0xed, 0x32, 0xd5, 0x33,	\
-+	0x99, 0xe6, 0x42, 0x09,	\
-+	0x9c, 0xc0, 0x2d, 0x72,	\
-+	0xcd, 0xd9, 0x98, 0xa7
-+
 +#define FFA_SHARED_MM_BUFFER_SIZE	SZ_4K /* 4 KB */
 +
 +/*
@@ -48,10 +43,11 @@
 + * u-boot and the MM SP
 + */
 +#define FFA_SHARED_MM_BUFFER_ADDR	(0x023F8000)
++#define FFA_SHARED_MM_BUFFER_OFFSET	(0)
 +
  #define CONFIG_SYS_INIT_SP_ADDR		(CONFIG_SYS_SDRAM_BASE + 0x03f00000)
  #define CONFIG_SKIP_LOWLEVEL_INIT
  
 -- 
-2.37.1
+2.17.1
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0011-efi-corstone1000-introduce-EFI-capsule-update.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-efi-corstone1000-introduce-EFI-capsule-update.patch
similarity index 82%
rename from meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0011-efi-corstone1000-introduce-EFI-capsule-update.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-efi-corstone1000-introduce-EFI-capsule-update.patch
index 0a829c4..291d15d 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0011-efi-corstone1000-introduce-EFI-capsule-update.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-efi-corstone1000-introduce-EFI-capsule-update.patch
@@ -1,7 +1,7 @@
-From 652259af2f795a5d69c628ae7b1e79d33c234abd Mon Sep 17 00:00:00 2001
+From 10e155a677192731481ebe7f302e2d9ad790346a Mon Sep 17 00:00:00 2001
 From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-Date: Thu, 11 Nov 2021 16:27:59 +0000
-Subject: [PATCH 11/24] efi: corstone1000: introduce EFI capsule update
+Date: Thu, 28 Jul 2022 15:01:55 +0100
+Subject: [PATCH 16/26] efi: corstone1000: introduce EFI capsule update
 
 This commit provides capsule update feature for Corstone1000.
 
@@ -20,16 +20,17 @@
 
 Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
 Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Upstream-Status: Pending [Not submitted to upstream yet]
 ---
  include/configs/corstone1000.h |  18 +++++
  include/efi_loader.h           |   4 +-
- lib/efi_loader/efi_boottime.c  |  47 ++++++++++++
- lib/efi_loader/efi_capsule.c   | 135 ++++++++++++++++++++++++++++++++-
+ lib/efi_loader/efi_boottime.c  |  36 ++++++++++
+ lib/efi_loader/efi_capsule.c   | 124 ++++++++++++++++++++++++++++++++-
  lib/efi_loader/efi_setup.c     |  15 ++++
- 5 files changed, 215 insertions(+), 4 deletions(-)
+ 5 files changed, 193 insertions(+), 4 deletions(-)
 
 diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h
-index afc9ccfc192b..a400cdef69d0 100644
+index 5960c6b4be..fe5ec0adcd 100644
 --- a/include/configs/corstone1000.h
 +++ b/include/configs/corstone1000.h
 @@ -14,6 +14,24 @@
@@ -54,11 +55,11 @@
 +	EFI_GUID(0x3a770ddc, 0x409b, 0x48b2, 0x81, 0x41, \
 +		 0x93, 0xb7, 0xc6, 0x0b, 0x20, 0x9e)
 +
- /* MM SP UUID binary data (little-endian format) */
- #define MM_SP_UUID_DATA	\
- 	0xed, 0x32, 0xd5, 0x33,	\
+ #define FFA_SHARED_MM_BUFFER_SIZE	SZ_4K /* 4 KB */
+ 
+ /*
 diff --git a/include/efi_loader.h b/include/efi_loader.h
-index 5b41985244e2..796419b69b40 100644
+index 5b41985244..796419b69b 100644
 --- a/include/efi_loader.h
 +++ b/include/efi_loader.h
 @@ -984,11 +984,11 @@ extern const struct efi_firmware_management_protocol efi_fmp_fit;
@@ -76,10 +77,10 @@
  		efi_uintn_t capsule_count,
  		u64 *maximum_capsule_size,
 diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c
-index c68d9ed4f0bd..f2b5c7834c01 100644
+index cede7826bd..9bf2596597 100644
 --- a/lib/efi_loader/efi_boottime.c
 +++ b/lib/efi_loader/efi_boottime.c
-@@ -2095,6 +2095,44 @@ static void efi_exit_caches(void)
+@@ -2095,6 +2095,33 @@ static void efi_exit_caches(void)
  #endif
  }
  
@@ -95,28 +96,17 @@
 + */
 +static int efi_corstone1000_kernel_started_event(void)
 +{
-+	struct ffa_interface_data func_data = {0};
 +	struct ffa_send_direct_data msg = {0};
-+	u16 part_id = CORSTONE1000_SEPROXY_PART_ID;
 +
 +	log_debug("[%s]\n", __func__);
 +
 +	/*
-+	 * telling the driver which partition to use
-+	 */
-+	func_data.data0_size = sizeof(part_id);
-+	func_data.data0 = &part_id;
-+
-+	/*
 +	 * setting the kernel started  event arguments
 +	 */
-+	msg.a3 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID;
-+	msg.a5 = CORSTONE1000_KERNEL_STARTED_EVT;
++	msg.data0 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID; /* x3 */
++	msg.data2 = CORSTONE1000_KERNEL_STARTED_EVT; /* x5 */
 +
-+	func_data.data1_size = sizeof(msg);
-+	func_data.data1 = &msg;
-+
-+	return ffa_helper_msg_send_direct_req(&func_data);
++	return ffa_bus_ops_get()->sync_send_receive(CORSTONE1000_SEPROXY_PART_ID, &msg);
 +}
 +
 +#endif
@@ -124,7 +114,7 @@
  /**
   * efi_exit_boot_services() - stop all boot services
   * @image_handle: handle of the loaded image
-@@ -2208,6 +2246,15 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle,
+@@ -2210,6 +2237,15 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle,
  	/* Recalculate CRC32 */
  	efi_update_table_header_crc32(&systab.hdr);
  
@@ -141,7 +131,7 @@
  	efi_set_watchdog(0);
  	WATCHDOG_RESET();
 diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
-index a6b98f066a0b..a0689ba912fc 100644
+index a6b98f066a..c0f3427a60 100644
 --- a/lib/efi_loader/efi_capsule.c
 +++ b/lib/efi_loader/efi_capsule.c
 @@ -25,6 +25,14 @@
@@ -149,7 +139,7 @@
  #include <linux/err.h>
  
 +#ifdef CONFIG_TARGET_CORSTONE1000
-+#include <arm_ffa_helper.h>
++#include <arm_ffa.h>
 +#include <cpu_func.h>
 +
 +void *__efi_runtime_data corstone1000_capsule_buf; /* capsule shared buffer virtual address */
@@ -159,7 +149,7 @@
  DECLARE_GLOBAL_DATA_PTR;
  
  const efi_guid_t efi_guid_capsule_report = EFI_CAPSULE_REPORT_GUID;
-@@ -512,6 +520,89 @@ static efi_status_t efi_capsule_update_firmware(
+@@ -512,6 +520,78 @@ static efi_status_t efi_capsule_update_firmware(
  }
  #endif /* CONFIG_EFI_CAPSULE_FIRMWARE_MANAGEMENT */
  
@@ -220,36 +210,25 @@
 + */
 +static int __efi_runtime efi_corstone1000_buffer_ready_event(u32 capsule_image_size)
 +{
-+	struct ffa_interface_data func_data = {0};
 +	struct ffa_send_direct_data msg = {0};
-+	u16 part_id = CORSTONE1000_SEPROXY_PART_ID;
 +
 +	log_debug("[%s]\n", __func__);
 +
 +	/*
-+	 * telling the driver which partition to use
-+	 */
-+	func_data.data0_size = sizeof(part_id);
-+	func_data.data0 = &part_id;
-+
-+	/*
 +	 * setting the buffer ready event arguments
 +	 */
-+	msg.a3 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID;
-+	msg.a4 = capsule_image_size;
-+	msg.a5 = CORSTONE1000_BUFFER_READY_EVT;
++	msg.data0 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID; /* x3 */
++	msg.data1 = capsule_image_size; /* x4 */
++	msg.data2 = CORSTONE1000_BUFFER_READY_EVT; /* x5 */
 +
-+	func_data.data1_size = sizeof(msg);
-+	func_data.data1 = &msg;
-+
-+	return ffa_helper_msg_send_direct_req(&func_data);
++	return ffa_bus_ops_get()->sync_send_receive(CORSTONE1000_SEPROXY_PART_ID, &msg);
 +}
 +#endif
 +
  /**
   * efi_update_capsule() - process information from operating system
   * @capsule_header_array:	Array of virtual address pointers
-@@ -525,7 +616,7 @@ static efi_status_t efi_capsule_update_firmware(
+@@ -525,7 +605,7 @@ static efi_status_t efi_capsule_update_firmware(
   *
   * Return:			status code
   */
@@ -258,7 +237,7 @@
  		struct efi_capsule_header **capsule_header_array,
  		efi_uintn_t capsule_count,
  		u64 scatter_gather_list)
-@@ -542,6 +633,13 @@ efi_status_t EFIAPI efi_update_capsule(
+@@ -542,6 +622,13 @@ efi_status_t EFIAPI efi_update_capsule(
  		goto out;
  	}
  
@@ -272,7 +251,7 @@
  	ret = EFI_SUCCESS;
  	for (i = 0, capsule = *capsule_header_array; i < capsule_count;
  	     i++, capsule = *(++capsule_header_array)) {
-@@ -554,6 +652,39 @@ efi_status_t EFIAPI efi_update_capsule(
+@@ -554,6 +641,39 @@ efi_status_t EFIAPI efi_update_capsule(
  
  		log_debug("Capsule[%d] (guid:%pUs)\n",
  			  i, &capsule->capsule_guid);
@@ -312,7 +291,7 @@
  		if (!guidcmp(&capsule->capsule_guid,
  			     &efi_guid_firmware_management_capsule_id)) {
  			ret  = efi_capsule_update_firmware(capsule);
-@@ -592,7 +723,7 @@ out:
+@@ -592,7 +712,7 @@ out:
   *
   * Return:			status code
   */
@@ -322,7 +301,7 @@
  		efi_uintn_t capsule_count,
  		u64 *maximum_capsule_size,
 diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c
-index 492ecf4cb15c..bfd4687e10b5 100644
+index 492ecf4cb1..bfd4687e10 100644
 --- a/lib/efi_loader/efi_setup.c
 +++ b/lib/efi_loader/efi_setup.c
 @@ -16,6 +16,13 @@
@@ -355,5 +334,5 @@
  		ret = efi_set_variable_int(u"CapsuleMax",
  					   &efi_guid_capsule_report,
 -- 
-2.37.1
+2.17.1
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0012-corstone1000-Update-FFA-shared-buffer-address.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-corstone1000-Update-FFA-shared-buffer-address.patch
similarity index 73%
rename from meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0012-corstone1000-Update-FFA-shared-buffer-address.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-corstone1000-Update-FFA-shared-buffer-address.patch
index d1e13f6..7f5464c 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0012-corstone1000-Update-FFA-shared-buffer-address.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-corstone1000-Update-FFA-shared-buffer-address.patch
@@ -1,7 +1,7 @@
-From 1ff229c8e02bdd3c859d581787636cfdf674eec1 Mon Sep 17 00:00:00 2001
+From a84f6be14f1bb31edea987fc02efd5a079a28db1 Mon Sep 17 00:00:00 2001
 From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
 Date: Wed, 17 Nov 2021 15:28:06 +0000
-Subject: [PATCH 12/24] corstone1000: Update FFA shared buffer address
+Subject: [PATCH 17/26] corstone1000: Update FFA shared buffer address
 
 FFA shared buffer address changed to 0x02000000.
 
@@ -10,28 +10,25 @@
 So the buffer is moved to 0x02000000.
 
 Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-%% original patch: 0025-Update-FFA-shared-buffer-address.patch
-
-%% original patch: 0025-Update-FFA-shared-buffer-address.patch
-
 Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Upstream-Status: Pending [Not submitted to upstream yet]
 ---
  include/configs/corstone1000.h | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h
-index a400cdef69d0..db0f91335cef 100644
+index fe5ec0adcd..2d89a8966e 100644
 --- a/include/configs/corstone1000.h
 +++ b/include/configs/corstone1000.h
-@@ -45,7 +45,7 @@
+@@ -38,7 +38,7 @@
   * shared buffer physical address used for communication between
   * u-boot and the MM SP
   */
 -#define FFA_SHARED_MM_BUFFER_ADDR	(0x023F8000)
 +#define FFA_SHARED_MM_BUFFER_ADDR	(0x02000000)
+ #define FFA_SHARED_MM_BUFFER_OFFSET	(0)
  
  #define CONFIG_SYS_INIT_SP_ADDR		(CONFIG_SYS_SDRAM_BASE + 0x03f00000)
- #define CONFIG_SKIP_LOWLEVEL_INIT
 -- 
-2.37.1
+2.17.1
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0014-arm-corstone1000-fix-unrecognized-filesystem-type.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0018-arm-corstone1000-fix-unrecognized-filesystem-type.patch
similarity index 76%
rename from meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0014-arm-corstone1000-fix-unrecognized-filesystem-type.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0018-arm-corstone1000-fix-unrecognized-filesystem-type.patch
index 3151741..1a28d6c 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0014-arm-corstone1000-fix-unrecognized-filesystem-type.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0018-arm-corstone1000-fix-unrecognized-filesystem-type.patch
@@ -1,18 +1,19 @@
-From 340ba3fbb0ea388578e30aede92695886f221eaf Mon Sep 17 00:00:00 2001
+From 3f8d35ccbb0d59d4820b81f7f939ada95b3cd92c Mon Sep 17 00:00:00 2001
 From: Rui Miguel Silva <rui.silva@linaro.org>
 Date: Fri, 4 Mar 2022 15:56:09 +0000
-Subject: [PATCH 14/24] arm: corstone1000: fix unrecognized filesystem type
+Subject: [PATCH 18/26] arm: corstone1000: fix unrecognized filesystem type
 
 Some usb sticks are not recognized by usb, just add a
 delay before checking status.
 
 Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Upstream-Status: Pending [Not submitted to upstream yet]
 ---
  common/usb_storage.c | 3 +++
  1 file changed, 3 insertions(+)
 
 diff --git a/common/usb_storage.c b/common/usb_storage.c
-index eaa31374ef73..79cf4297d4f4 100644
+index eaa31374ef..79cf4297d4 100644
 --- a/common/usb_storage.c
 +++ b/common/usb_storage.c
 @@ -784,6 +784,9 @@ static int usb_stor_BBB_transport(struct scsi_cmd *srb, struct us_data *us)
@@ -26,5 +27,5 @@
  	result = usb_bulk_msg(us->pusb_dev, pipein, csw, UMASS_BBB_CSW_SIZE,
  				&actlen, USB_CNTL_TIMEOUT*5);
 -- 
-2.37.1
+2.17.1
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0018-arm_ffa-removing-the-cast-when-using-binary-OR-on-FI.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0018-arm_ffa-removing-the-cast-when-using-binary-OR-on-FI.patch
deleted file mode 100644
index f858a26..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0018-arm_ffa-removing-the-cast-when-using-binary-OR-on-FI.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 460406b46b51b6c585788001147a8961c95cc73c Mon Sep 17 00:00:00 2001
-From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-Date: Sat, 11 Dec 2021 21:05:10 +0000
-Subject: [PATCH 18/24] arm_ffa: removing the cast when using binary OR on
- FIELD_PREP macros
-
-When the GENMASK used is above 16-bits wide a u16 cast will cause
-loss of data.
-
-This commit fixes that.
-
-Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- drivers/arm-ffa/arm_ffa_prv.h | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/drivers/arm-ffa/arm_ffa_prv.h b/drivers/arm-ffa/arm_ffa_prv.h
-index 38ea4ba83efc..d0db3ef508a1 100644
---- a/drivers/arm-ffa/arm_ffa_prv.h
-+++ b/drivers/arm-ffa/arm_ffa_prv.h
-@@ -40,13 +40,13 @@
- 
- #define PREP_SELF_ENDPOINT_ID_MASK		GENMASK(31, 16)
- #define PREP_SELF_ENDPOINT_ID(x)		\
--			((u16)(FIELD_PREP(PREP_SELF_ENDPOINT_ID_MASK, (x))))
-+			(FIELD_PREP(PREP_SELF_ENDPOINT_ID_MASK, (x)))
- 
- /* Partition endpoint ID mask  (partition with which u-boot communicates with) */
- 
- #define PREP_PART_ENDPOINT_ID_MASK		GENMASK(15, 0)
- #define PREP_PART_ENDPOINT_ID(x)		\
--			((u16)(FIELD_PREP(PREP_PART_ENDPOINT_ID_MASK, (x))))
-+			(FIELD_PREP(PREP_PART_ENDPOINT_ID_MASK, (x)))
- 
- /* The FF-A SMC function prototype definition */
- 
--- 
-2.37.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-Use-correct-buffer-size.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-Use-correct-buffer-size.patch
deleted file mode 100644
index af857f4..0000000
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-Use-correct-buffer-size.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 936c857add300f41bc58c300793a0e10b48ff69f Mon Sep 17 00:00:00 2001
-From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-Date: Mon, 13 Dec 2021 15:25:23 +0000
-Subject: [PATCH 19/24] Use correct buffer size
-
-The comm buffer created has additional 4 bytes length which
-needs to be trimmed. This change will reduce the size of the
-comm buffer to what is expected.
-
-Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- include/mm_communication.h | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/include/mm_communication.h b/include/mm_communication.h
-index e65fbde60d0a..bb9919095649 100644
---- a/include/mm_communication.h
-+++ b/include/mm_communication.h
-@@ -123,7 +123,7 @@ struct __packed efi_mm_communicate_header {
-  *
-  * Defined in EDK2 as SMM_VARIABLE_COMMUNICATE_HEADER.
-  */
--struct smm_variable_communicate_header {
-+struct __packed smm_variable_communicate_header {
- 	efi_uintn_t  function;
- 	efi_status_t ret_status;
- 	u8           data[];
-@@ -145,7 +145,7 @@ struct smm_variable_communicate_header {
-  * Defined in EDK2 as SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE.
-  *
-  */
--struct smm_variable_access {
-+struct __packed smm_variable_access {
- 	efi_guid_t  guid;
- 	efi_uintn_t data_size;
- 	efi_uintn_t name_size;
--- 
-2.37.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch
similarity index 73%
rename from meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch
index 4e3f237..3d8a6216 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0015-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0019-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch
@@ -1,7 +1,7 @@
-From 4c249de0915750b328e456c34f18546f92850afd Mon Sep 17 00:00:00 2001
+From 3bb5826af8e3891617d41a30419de0ce089f9fc3 Mon Sep 17 00:00:00 2001
 From: Vishnu Banavath <vishnu.banavath@arm.com>
 Date: Fri, 10 Dec 2021 20:03:35 +0000
-Subject: [PATCH 15/24] efi_capsule: corstone1000: pass interface id and buffer
+Subject: [PATCH 19/26] efi_capsule: corstone1000: pass interface id and buffer
  event id using register w4
 
 Initially the interface/event IDs are passed to the SP using register
@@ -16,13 +16,14 @@
 Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
 Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
 Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Upstream-Status: Pending [Not submitted to upstream yet]
 ---
  include/configs/corstone1000.h |  6 ++++++
  lib/efi_loader/efi_capsule.c   | 11 +++++++----
  2 files changed, 13 insertions(+), 4 deletions(-)
 
 diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h
-index db0f91335cef..a7445e61348b 100644
+index 2d89a8966e..4637dd5d5d 100644
 --- a/include/configs/corstone1000.h
 +++ b/include/configs/corstone1000.h
 @@ -24,6 +24,12 @@
@@ -39,20 +40,20 @@
  #define CORSTONE1000_CAPSULE_BUFFER_SIZE	(8192) /* 32 MB */
  
 diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
-index a0689ba912fc..e08e97cf3fb7 100644
+index c0f3427a60..bf8bd68256 100644
 --- a/lib/efi_loader/efi_capsule.c
 +++ b/lib/efi_loader/efi_capsule.c
 @@ -28,6 +28,8 @@
  #ifdef CONFIG_TARGET_CORSTONE1000
- #include <arm_ffa_helper.h>
+ #include <arm_ffa.h>
  #include <cpu_func.h>
 +#include <linux/bitfield.h>
 +#include <linux/bitops.h>
  
  void *__efi_runtime_data corstone1000_capsule_buf; /* capsule shared buffer virtual address */
  efi_guid_t corstone1000_capsule_guid = EFI_CORSTONE1000_CAPSULE_ID_GUID;
-@@ -590,11 +592,12 @@ static int __efi_runtime efi_corstone1000_buffer_ready_event(u32 capsule_image_s
- 	func_data.data0 = &part_id;
+@@ -582,11 +584,12 @@ static int __efi_runtime efi_corstone1000_buffer_ready_event(u32 capsule_image_s
+ 	log_debug("[%s]\n", __func__);
  
  	/*
 -	 * setting the buffer ready event arguments
@@ -60,14 +61,14 @@
 +	 * - capsule update interface ID (31:16)
 +	 * - the buffer ready event ID (15:0)
  	 */
--	msg.a3 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID;
--	msg.a4 = capsule_image_size;
--	msg.a5 = CORSTONE1000_BUFFER_READY_EVT;
-+	msg.a4 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) |
-+		PREP_SEPROXY_EVT(CORSTONE1000_BUFFER_READY_EVT);
+-	msg.data0 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID; /* x3 */
+-	msg.data1 = capsule_image_size; /* x4 */
+-	msg.data2 = CORSTONE1000_BUFFER_READY_EVT; /* x5 */
++	msg.data1 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) |
++		PREP_SEPROXY_EVT(CORSTONE1000_BUFFER_READY_EVT); /* w4 */
  
- 	func_data.data1_size = sizeof(msg);
- 	func_data.data1 = &msg;
+ 	return ffa_bus_ops_get()->sync_send_receive(CORSTONE1000_SEPROXY_PART_ID, &msg);
+ }
 -- 
-2.37.1
+2.17.1
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-efi_boottime-corstone1000-pass-interface-id-and-kern.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0020-efi_boottime-corstone1000-pass-interface-id-and-kern.patch
similarity index 65%
rename from meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-efi_boottime-corstone1000-pass-interface-id-and-kern.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0020-efi_boottime-corstone1000-pass-interface-id-and-kern.patch
index e134f23..db2ff32 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0016-efi_boottime-corstone1000-pass-interface-id-and-kern.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0020-efi_boottime-corstone1000-pass-interface-id-and-kern.patch
@@ -1,7 +1,7 @@
-From e5e1cf36cb7b77a5bb526f1744c0c77164374ca3 Mon Sep 17 00:00:00 2001
+From 668fe40ccb0db5542ef333cd4655511dbb8572f9 Mon Sep 17 00:00:00 2001
 From: Vishnu Banavath <vishnu.banavath@arm.com>
 Date: Fri, 10 Dec 2021 20:10:41 +0000
-Subject: [PATCH 16/24] efi_boottime: corstone1000: pass interface id and
+Subject: [PATCH 20/26] efi_boottime: corstone1000: pass interface id and
  kernel event id using register w4
 
 Initially the interface/event IDs are passed to the SP using register
@@ -16,16 +16,17 @@
 Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
 Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
 Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Upstream-Status: Pending [Not submitted to upstream yet]
 ---
  lib/efi_loader/efi_boottime.c | 13 ++++++++++---
  1 file changed, 10 insertions(+), 3 deletions(-)
 
 diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c
-index f2b5c7834c01..140d0f4f71da 100644
+index 9bf2596597..de815484d2 100644
 --- a/lib/efi_loader/efi_boottime.c
 +++ b/lib/efi_loader/efi_boottime.c
 @@ -27,6 +27,11 @@
- #include <arm_ffa_helper.h>
+ #include <arm_ffa.h>
  #endif
  
 +#if IS_ENABLED(CONFIG_TARGET_CORSTONE1000)
@@ -36,8 +37,8 @@
  DECLARE_GLOBAL_DATA_PTR;
  
  /* Task priority level */
-@@ -2120,10 +2125,12 @@ static int efi_corstone1000_kernel_started_event(void)
- 	func_data.data0 = &part_id;
+@@ -2112,10 +2117,12 @@ static int efi_corstone1000_kernel_started_event(void)
+ 	log_debug("[%s]\n", __func__);
  
  	/*
 -	 * setting the kernel started  event arguments
@@ -45,13 +46,13 @@
 +	 * setting capsule update interface ID(31:16)
 +	 * the kernel started event ID(15:0)
  	 */
--	msg.a3 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID;
--	msg.a5 = CORSTONE1000_KERNEL_STARTED_EVT;
-+	msg.a4 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) |
-+	PREP_SEPROXY_EVT(CORSTONE1000_KERNEL_STARTED_EVT);
+-	msg.data0 = CORSTONE1000_SEPROXY_UPDATE_SVC_ID; /* x3 */
+-	msg.data2 = CORSTONE1000_KERNEL_STARTED_EVT; /* x5 */
++	msg.data1 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) |
++		PREP_SEPROXY_EVT(CORSTONE1000_KERNEL_STARTED_EVT); /* w4 */
  
- 	func_data.data1_size = sizeof(msg);
- 	func_data.data1 = &msg;
+ 	return ffa_bus_ops_get()->sync_send_receive(CORSTONE1000_SEPROXY_PART_ID, &msg);
+ }
 -- 
-2.37.1
+2.17.1
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-efi_loader-corstone1000-remove-guid-check-from-corst.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0021-efi_loader-corstone1000-remove-guid-check-from-corst.patch
similarity index 80%
rename from meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-efi_loader-corstone1000-remove-guid-check-from-corst.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0021-efi_loader-corstone1000-remove-guid-check-from-corst.patch
index b5a1715..38ef1c0 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0017-efi_loader-corstone1000-remove-guid-check-from-corst.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0021-efi_loader-corstone1000-remove-guid-check-from-corst.patch
@@ -1,7 +1,7 @@
-From 596cf4d04580b191d2f4f6082000534bdab13791 Mon Sep 17 00:00:00 2001
+From 4d7fd850347dbea10a73cd5cf6eb518607118414 Mon Sep 17 00:00:00 2001
 From: Vishnu Banavath <vishnu.banavath@arm.com>
 Date: Sat, 11 Dec 2021 13:23:55 +0000
-Subject: [PATCH 17/24] efi_loader: corstone1000: remove guid check from
+Subject: [PATCH 21/26] efi_loader: corstone1000: remove guid check from
  corstone1000 config option
 
 Use generic fmp guid and no separte check is required for
@@ -9,15 +9,16 @@
 
 Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
 Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Upstream-Status: Pending [Not submitted to upstream yet]
 ---
  lib/efi_loader/efi_capsule.c | 16 +---------------
  1 file changed, 1 insertion(+), 15 deletions(-)
 
 diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
-index e08e97cf3fb7..891143c33909 100644
+index bf8bd68256..5db9d30d53 100644
 --- a/lib/efi_loader/efi_capsule.c
 +++ b/lib/efi_loader/efi_capsule.c
-@@ -657,12 +657,6 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule(
+@@ -646,12 +646,6 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule(
  			  i, &capsule->capsule_guid);
  
  #if CONFIG_IS_ENABLED(TARGET_CORSTONE1000)
@@ -30,7 +31,7 @@
  		if (efi_size_in_pages(capsule->capsule_image_size) >
  		    CORSTONE1000_CAPSULE_BUFFER_SIZE) {
  			log_err("Corstone1000: Capsule data size exceeds the shared buffer size\n");
-@@ -688,15 +682,7 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule(
+@@ -677,15 +671,7 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule(
  		goto out;
  #endif
  
@@ -48,5 +49,5 @@
  			goto out;
  	}
 -- 
-2.37.1
+2.17.1
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0020-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0022-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch
similarity index 75%
rename from meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0020-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0022-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch
index 1204f2a..3cedaa7 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0020-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0022-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch
@@ -1,7 +1,7 @@
-From 5c57ef351882afebde479de430acf2c4f8fdefc8 Mon Sep 17 00:00:00 2001
+From 720e5ada733b0f7b019baaec57d74603a9dff67e Mon Sep 17 00:00:00 2001
 From: Vishnu Banavath <vishnu.banavath@arm.com>
 Date: Fri, 17 Dec 2021 19:49:02 +0000
-Subject: [PATCH 20/24] efi_loader: populate ESRT table if EFI_ESRT config
+Subject: [PATCH 22/26] efi_loader: populate ESRT table if EFI_ESRT config
  option is set
 
 This change is to call efi_esrt_populate function if CONFIG_EFI_ESRT
@@ -9,15 +9,16 @@
 
 Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
 Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Upstream-Status: Pending [Not submitted to upstream yet]
 ---
  lib/efi_loader/efi_capsule.c | 7 +++++++
  1 file changed, 7 insertions(+)
 
 diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
-index 891143c33909..7db78f1f7648 100644
+index 5db9d30d53..65e2fc8296 100644
 --- a/lib/efi_loader/efi_capsule.c
 +++ b/lib/efi_loader/efi_capsule.c
-@@ -679,6 +679,13 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule(
+@@ -668,6 +668,13 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule(
  			ret = EFI_SUCCESS;
  		}
  
@@ -32,5 +33,5 @@
  #endif
  
 -- 
-2.37.1
+2.17.1
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0021-efi_firmware-add-get_image_info-for-corstone1000.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0023-efi_firmware-add-get_image_info-for-corstone1000.patch
similarity index 94%
rename from meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0021-efi_firmware-add-get_image_info-for-corstone1000.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0023-efi_firmware-add-get_image_info-for-corstone1000.patch
index 8f86b65..f6aafa3 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0021-efi_firmware-add-get_image_info-for-corstone1000.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0023-efi_firmware-add-get_image_info-for-corstone1000.patch
@@ -1,22 +1,20 @@
-From fcd1dc670d83bd7e7528370d0d6f168bfb44054d Mon Sep 17 00:00:00 2001
+From 2cad562823976134f201d6e2ef187bf103e17d1e Mon Sep 17 00:00:00 2001
 From: Vishnu Banavath <vishnu.banavath@arm.com>
 Date: Fri, 17 Dec 2021 19:50:25 +0000
-Subject: [PATCH 21/24] efi_firmware: add get_image_info for corstone1000
+Subject: [PATCH 23/26] efi_firmware: add get_image_info for corstone1000
 
 This change is to populate get_image_info which eventually
 will be populated in ESRT table
 
 Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-%% original patch: 0047-efi_firmware-add-get_image_info-for-corstone1000.patch
-
 Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Upstream-Status: Pending [Not submitted to upstream yet]
 ---
  lib/efi_loader/efi_firmware.c | 71 ++++++++++++++++++++++++++++++++++-
  1 file changed, 70 insertions(+), 1 deletion(-)
 
 diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c
-index 30cafd15caac..af43d4502f92 100644
+index 30cafd15ca..af43d4502f 100644
 --- a/lib/efi_loader/efi_firmware.c
 +++ b/lib/efi_loader/efi_firmware.c
 @@ -17,11 +17,69 @@
@@ -120,5 +118,5 @@
  			     NULL, NULL))
  		return EFI_EXIT(EFI_DEVICE_ERROR);
 -- 
-2.37.1
+2.17.1
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0022-efi_loader-send-bootcomplete-message-to-secure-encla.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0024-efi_loader-send-bootcomplete-message-to-secure-encla.patch
similarity index 70%
rename from meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0022-efi_loader-send-bootcomplete-message-to-secure-encla.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0024-efi_loader-send-bootcomplete-message-to-secure-encla.patch
index 1dc0455..35f5cb2 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0022-efi_loader-send-bootcomplete-message-to-secure-encla.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0024-efi_loader-send-bootcomplete-message-to-secure-encla.patch
@@ -1,7 +1,7 @@
-From 902d5c499b6627a505986d298986a4ac430592b8 Mon Sep 17 00:00:00 2001
+From 709e5d8ff07474f840f1d34d3077135f77795452 Mon Sep 17 00:00:00 2001
 From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Wed, 5 Jan 2022 17:56:09 +0000
-Subject: [PATCH 22/24] efi_loader: send bootcomplete message to secure enclave
+Date: Mon, 15 Aug 2022 15:46:18 +0100
+Subject: [PATCH 24/26] efi_loader: send bootcomplete message to secure enclave
 
 On corstone1000 platform, Secure Enclave will be expecting
 an event from uboot when it performs capsule update. Previously,
@@ -11,15 +11,17 @@
 stage.
 
 Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
 ---
  include/configs/corstone1000.h |  2 +-
- lib/efi_loader/efi_boottime.c  | 49 ----------------------------------
+ lib/efi_loader/efi_boottime.c  | 43 ----------------------------------
  lib/efi_loader/efi_firmware.c  |  2 +-
- lib/efi_loader/efi_setup.c     | 48 +++++++++++++++++++++++++++++++++
- 4 files changed, 50 insertions(+), 51 deletions(-)
+ lib/efi_loader/efi_setup.c     | 39 ++++++++++++++++++++++++++++++
+ 4 files changed, 41 insertions(+), 45 deletions(-)
 
 diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h
-index a7445e61348b..06b605e43bdf 100644
+index 4637dd5d5d..333b1d93b6 100644
 --- a/include/configs/corstone1000.h
 +++ b/include/configs/corstone1000.h
 @@ -22,7 +22,7 @@
@@ -32,10 +34,22 @@
  #define PREP_SEPROXY_SVC_ID_MASK	GENMASK(31, 16)
  #define PREP_SEPROXY_SVC_ID(x)	 (FIELD_PREP(PREP_SEPROXY_SVC_ID_MASK, (x)))
 diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c
-index 140d0f4f71da..6b9f5cf272b8 100644
+index de815484d2..cede7826bd 100644
 --- a/lib/efi_loader/efi_boottime.c
 +++ b/lib/efi_loader/efi_boottime.c
-@@ -2100,46 +2100,6 @@ static void efi_exit_caches(void)
+@@ -27,11 +27,6 @@
+ #include <arm_ffa.h>
+ #endif
+ 
+-#if IS_ENABLED(CONFIG_TARGET_CORSTONE1000)
+-#include <linux/bitfield.h>
+-#include <linux/bitops.h>
+-#endif
+-
+ DECLARE_GLOBAL_DATA_PTR;
+ 
+ /* Task priority level */
+@@ -2100,35 +2095,6 @@ static void efi_exit_caches(void)
  #endif
  }
  
@@ -51,30 +65,19 @@
 - */
 -static int efi_corstone1000_kernel_started_event(void)
 -{
--	struct ffa_interface_data func_data = {0};
 -	struct ffa_send_direct_data msg = {0};
--	u16 part_id = CORSTONE1000_SEPROXY_PART_ID;
 -
 -	log_debug("[%s]\n", __func__);
 -
 -	/*
--	 * telling the driver which partition to use
--	 */
--	func_data.data0_size = sizeof(part_id);
--	func_data.data0 = &part_id;
--
--	/*
 -	 * setting the kernel started  event arguments:
 -	 * setting capsule update interface ID(31:16)
 -	 * the kernel started event ID(15:0)
 -	 */
--	msg.a4 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) |
--	PREP_SEPROXY_EVT(CORSTONE1000_KERNEL_STARTED_EVT);
+-	msg.data1 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) |
+-		PREP_SEPROXY_EVT(CORSTONE1000_KERNEL_STARTED_EVT); /* w4 */
 -
--	func_data.data1_size = sizeof(msg);
--	func_data.data1 = &msg;
--
--	return ffa_helper_msg_send_direct_req(&func_data);
+-	return ffa_bus_ops_get()->sync_send_receive(CORSTONE1000_SEPROXY_PART_ID, &msg);
 -}
 -
 -#endif
@@ -82,7 +85,7 @@
  /**
   * efi_exit_boot_services() - stop all boot services
   * @image_handle: handle of the loaded image
-@@ -2253,15 +2213,6 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle,
+@@ -2244,15 +2210,6 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle,
  	/* Recalculate CRC32 */
  	efi_update_table_header_crc32(&systab.hdr);
  
@@ -99,7 +102,7 @@
  	efi_set_watchdog(0);
  	WATCHDOG_RESET();
 diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c
-index af43d4502f92..25f427b93669 100644
+index af43d4502f..25f427b936 100644
 --- a/lib/efi_loader/efi_firmware.c
 +++ b/lib/efi_loader/efi_firmware.c
 @@ -47,7 +47,7 @@ static efi_status_t efi_corstone1000_img_info_get (
@@ -112,7 +115,7 @@
  	}
  
 diff --git a/lib/efi_loader/efi_setup.c b/lib/efi_loader/efi_setup.c
-index bfd4687e10b5..a20128e9b582 100644
+index bfd4687e10..6c9e14c37e 100644
 --- a/lib/efi_loader/efi_setup.c
 +++ b/lib/efi_loader/efi_setup.c
 @@ -17,6 +17,9 @@
@@ -121,11 +124,11 @@
  #if IS_ENABLED(CONFIG_TARGET_CORSTONE1000)
 +#include <linux/bitfield.h>
 +#include <linux/bitops.h>
-+#include <arm_ffa_helper.h>
++#include <arm_ffa.h>
  /**
   * efi_corstone1000_alloc_capsule_shared_buf - allocate capsule shared buffer
   */
-@@ -126,6 +129,44 @@ static efi_status_t efi_init_secure_boot(void)
+@@ -126,6 +129,34 @@ static efi_status_t efi_init_secure_boot(void)
  }
  #endif /* CONFIG_EFI_SECURE_BOOT */
  
@@ -141,42 +144,31 @@
 + * */
 +static int efi_corstone1000_uboot_efi_started_event(void)
 +{
-+	struct ffa_interface_data func_data = {0};
 +	struct ffa_send_direct_data msg = {0};
-+	u16 part_id = CORSTONE1000_SEPROXY_PART_ID;
 +
 +	log_debug("[%s]\n", __func__);
 +
 +	/*
-+	 * telling the driver which partition to use
-+	 */
-+	func_data.data0_size = sizeof(part_id);
-+	func_data.data0 = &part_id;
-+	/*
-+	 * setting the uboot efi subsystem started  event arguments:
++	 * setting the kernel started  event arguments:
 +	 * setting capsule update interface ID(31:16)
-+	 * the uboot efi subsystem started event ID(15:0)
++	 * the kernel started event ID(15:0)
 +	 */
-+	msg.a4 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) |
-+			PREP_SEPROXY_EVT(CORSTONE1000_UBOOT_EFI_STARTED_EVT);
++	msg.data1 = PREP_SEPROXY_SVC_ID(CORSTONE1000_SEPROXY_UPDATE_SVC_ID) |
++			PREP_SEPROXY_EVT(CORSTONE1000_UBOOT_EFI_STARTED_EVT); /* w4 */
 +
-+	func_data.data1_size = sizeof(msg);
-+	func_data.data1 = &msg;
-+
-+	return ffa_helper_msg_send_direct_req(&func_data);
++	return ffa_bus_ops_get()->sync_send_receive(CORSTONE1000_SEPROXY_PART_ID, &msg);
 +}
 +#endif
 +
  /**
   * efi_init_capsule - initialize capsule update state
   *
-@@ -134,8 +175,15 @@ static efi_status_t efi_init_secure_boot(void)
- static efi_status_t efi_init_capsule(void)
- {
+@@ -136,6 +167,14 @@ static efi_status_t efi_init_capsule(void)
  	efi_status_t ret = EFI_SUCCESS;
-+	int ffa_ret;
  
  #if IS_ENABLED(CONFIG_TARGET_CORSTONE1000)
++	int ffa_ret;
++
 +	ffa_ret = efi_corstone1000_uboot_efi_started_event();
 +	if (ffa_ret)
 +		debug("[efi_boottime][ERROR]: Failure to notify SE Proxy FW update service\n");
@@ -187,5 +179,5 @@
  	if (ret != EFI_SUCCESS) {
  		printf("EFI: Corstone-1000: cannot allocate caspsule shared buffer\n");
 -- 
-2.37.1
+2.17.1
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0023-efi_loader-fix-null-pointer-exception-with-get_image.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-efi_loader-fix-null-pointer-exception-with-get_image.patch
similarity index 89%
rename from meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0023-efi_loader-fix-null-pointer-exception-with-get_image.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-efi_loader-fix-null-pointer-exception-with-get_image.patch
index 165fac5..dc9063a 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0023-efi_loader-fix-null-pointer-exception-with-get_image.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-efi_loader-fix-null-pointer-exception-with-get_image.patch
@@ -1,7 +1,7 @@
-From 383078dde2fbf509dc3d24505f6b328316aee030 Mon Sep 17 00:00:00 2001
+From 456e616401b02a579e9ea5ec3e5ab1d1c884b389 Mon Sep 17 00:00:00 2001
 From: Vishnu Banavath <vishnu.banavath@arm.com>
 Date: Fri, 14 Jan 2022 15:24:18 +0000
-Subject: [PATCH 23/24] efi_loader: fix null pointer exception with
+Subject: [PATCH 25/26] efi_loader: fix null pointer exception with
  get_image_info
 
 get_img_info API implemented for corstone1000 target does not
@@ -11,12 +11,13 @@
 
 Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
 Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Upstream-Status: Pending [Not submitted to upstream yet]
 ---
  lib/efi_loader/efi_firmware.c | 19 +++++++++++--------
  1 file changed, 11 insertions(+), 8 deletions(-)
 
 diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c
-index 25f427b93669..28d9a19edb90 100644
+index 25f427b936..28d9a19edb 100644
 --- a/lib/efi_loader/efi_firmware.c
 +++ b/lib/efi_loader/efi_firmware.c
 @@ -38,26 +38,29 @@ static efi_status_t efi_corstone1000_img_info_get (
@@ -58,5 +59,5 @@
  					     IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED;
  	image_info[i].attributes_setting = IMAGE_ATTRIBUTE_IMAGE_UPDATABLE;
 -- 
-2.37.1
+2.17.1
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0024-arm-corstone1000-add-mmc-for-fvp.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0026-arm-corstone1000-add-mmc-for-fvp.patch
similarity index 92%
rename from meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0024-arm-corstone1000-add-mmc-for-fvp.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0026-arm-corstone1000-add-mmc-for-fvp.patch
index 2b9ca78..d4bf652 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0024-arm-corstone1000-add-mmc-for-fvp.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0026-arm-corstone1000-add-mmc-for-fvp.patch
@@ -1,12 +1,13 @@
-From cc3356c2a30b7aa85a25e9bc7b69a03537df3f27 Mon Sep 17 00:00:00 2001
+From 5e4c819c7ab0841429016c098106615b33486c8b Mon Sep 17 00:00:00 2001
 From: Rui Miguel Silva <rui.silva@linaro.org>
 Date: Tue, 5 Apr 2022 10:24:38 +0100
-Subject: [PATCH 24/24] arm:corstone1000: add mmc for fvp
+Subject: [PATCH 26/26] arm:corstone1000: add mmc for fvp
 
 Enable support mmc/sdcard for the corstone1000 FVP.
 
 Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
 Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Upstream-Status: Pending [Not submitted to upstream yet]
 ---
  arch/arm/dts/corstone1000-fvp.dts        | 28 +++++++++++++++
  board/armltd/corstone1000/corstone1000.c | 46 ++++++++++++++++--------
@@ -15,7 +16,7 @@
  4 files changed, 69 insertions(+), 17 deletions(-)
 
 diff --git a/arch/arm/dts/corstone1000-fvp.dts b/arch/arm/dts/corstone1000-fvp.dts
-index 1fcc137a493c..26b0f1b3cea6 100644
+index 1fcc137a49..26b0f1b3ce 100644
 --- a/arch/arm/dts/corstone1000-fvp.dts
 +++ b/arch/arm/dts/corstone1000-fvp.dts
 @@ -20,4 +20,32 @@
@@ -52,7 +53,7 @@
 +	};
  };
 diff --git a/board/armltd/corstone1000/corstone1000.c b/board/armltd/corstone1000/corstone1000.c
-index 2fa485ff3799..3d537d7a9052 100644
+index 2fa485ff37..3d537d7a90 100644
 --- a/board/armltd/corstone1000/corstone1000.c
 +++ b/board/armltd/corstone1000/corstone1000.c
 @@ -46,22 +46,38 @@ static struct mm_region corstone1000_mem_map[] = {
@@ -110,7 +111,7 @@
  		/* OCVM */
  		.virt = 0x80000000UL,
 diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
-index b042d4e49419..147c14c94865 100644
+index c299dda49f..76e07fc20c 100644
 --- a/configs/corstone1000_defconfig
 +++ b/configs/corstone1000_defconfig
 @@ -38,7 +38,13 @@ CONFIG_CMD_EFIDEBUG=y
@@ -129,10 +130,10 @@
  CONFIG_USB=y
  CONFIG_DM_USB=y
 diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h
-index 06b605e43bdf..d9855bf91ebf 100644
+index 333b1d93b6..815239590e 100644
 --- a/include/configs/corstone1000.h
 +++ b/include/configs/corstone1000.h
-@@ -95,7 +95,9 @@
+@@ -89,7 +89,9 @@
  #define CONFIG_SYS_MAXARGS	64	/* max command args */
  
  #define BOOT_TARGET_DEVICES(func) \
@@ -144,5 +145,5 @@
  #include <config_distro_bootcmd.h>
  
 -- 
-2.37.1
+2.17.1
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-corstone1000-use-a-compressed-kernel.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0027-corstone1000-use-a-compressed-kernel.patch
similarity index 66%
rename from meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-corstone1000-use-a-compressed-kernel.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0027-corstone1000-use-a-compressed-kernel.patch
index 4cc2498..59000cd 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0025-corstone1000-use-a-compressed-kernel.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0027-corstone1000-use-a-compressed-kernel.patch
@@ -1,7 +1,7 @@
-From df70c467c5d100f1522b4521f48da4c51e43688c Mon Sep 17 00:00:00 2001
+From 26c8a8528b794dbaba49bcf3e1bae8a1e15a8448 Mon Sep 17 00:00:00 2001
 From: Jon Mason <jon.mason@arm.com>
-Date: Thu, 25 Aug 2022 13:48:22 +0000
-Subject: [PATCH 25/25] corstone1000: use a compressed kernel
+Date: Thu, 25 Aug 2022 11:21:28 +0100
+Subject: [PATCH] corstone1000: add compressed kernel support
 
 The corstone1000 kernel has become too large to fit in the available
 storage.  Swtiching to a compressed kernel avoids the problem, but
@@ -9,24 +9,26 @@
 instructions.
 
 Signed-off-by: Jon Mason <jon.mason@arm.com>
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
 ---
  include/configs/corstone1000.h | 3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)
 
 diff --git a/include/configs/corstone1000.h b/include/configs/corstone1000.h
-index d9855bf91e..d0cbc40121 100644
+index 815239590e..a8aa105fe6 100644
 --- a/include/configs/corstone1000.h
 +++ b/include/configs/corstone1000.h
-@@ -126,7 +126,8 @@
+@@ -120,7 +120,8 @@
  #define CONFIG_BOOTCOMMAND								\
  				"run retrieve_kernel_load_addr;"			\
  				"echo Loading kernel from $kernel_addr to memory ... ;"	\
 -				"loadm $kernel_addr $kernel_addr_r 0xc00000;"		\
-+				"unzip $kernel_addr 0x90000000;"                        \
-+				"loadm 0x90000000 $kernel_addr_r 0xd00000;"		\
++				"unzip $kernel_addr 0x90000000;"	\
++				"loadm 0x90000000 $kernel_addr_r 0xf00000;"		\
  				"usb start; usb reset;"					\
  				"run distro_bootcmd;"					\
  				"bootefi $kernel_addr_r $fdtcontroladdr;"
 -- 
-2.30.2
+2.17.1
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0028-Introduce-external-sys-driver-to-device-tree.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0028-Introduce-external-sys-driver-to-device-tree.patch
new file mode 100644
index 0000000..bd9a6cf
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0028-Introduce-external-sys-driver-to-device-tree.patch
@@ -0,0 +1,35 @@
+From 83f16fe96a86b00f7a4b7c4c4f7416119b80eddd Mon Sep 17 00:00:00 2001
+From: Emekcan <emekcan.aras@arm.com>
+Date: Fri, 19 Aug 2022 16:04:48 +0100
+Subject: [PATCH] Introduce external sys driver to device-tree
+
+It adds external sys driver binding to u-boot
+device tree.
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ arch/arm/dts/corstone1000.dtsi | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/arch/arm/dts/corstone1000.dtsi b/arch/arm/dts/corstone1000.dtsi
+index d0194aa893..19b6e3ea72 100644
+--- a/arch/arm/dts/corstone1000.dtsi
++++ b/arch/arm/dts/corstone1000.dtsi
+@@ -160,6 +160,13 @@
+ 			secure-status = "okay";     /* secure-world-only */
+ 			status = "disabled";
+ 		};
++
++		extsys0: extsys@1A010310 {
++			compatible = "arm,extsys_ctrl";
++			reg = <0x1A010310 0x4>,
++			      <0x1A010314 0X4>;
++			reg-names = "rstreg", "streg";
++		};
+ 	};
+ 
+ 	arm_ffa: arm_ffa {
+-- 
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0029-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0029-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch
new file mode 100644
index 0000000..57bdef4
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0029-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch
@@ -0,0 +1,79 @@
+From a1b8b91a43cfa9dbaa2d907a6d9629da6f93fa3e Mon Sep 17 00:00:00 2001
+From: Emekcan <emekcan.aras@arm.com>
+Date: Mon, 12 Sep 2022 15:47:06 +0100
+Subject: [PATCH] Add mhu and rpmsg client to u-boot device tree
+
+Adds external system controller and mhu driver to u-boot
+device tree. This enables communication between host and
+the external system.
+
+Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ arch/arm/dts/corstone1000.dtsi | 50 ++++++++++++++++++++++++++++++++
+ 1 file changed, 50 insertions(+)
+
+diff --git a/arch/arm/dts/corstone1000.dtsi b/arch/arm/dts/corstone1000.dtsi
+index 19b6e3ea72..61dd6c432c 100644
+--- a/arch/arm/dts/corstone1000.dtsi
++++ b/arch/arm/dts/corstone1000.dtsi
+@@ -161,6 +161,56 @@
+ 			status = "disabled";
+ 		};
+ 
++		mbox_es0mhu0_tx: mhu@1b000000 {
++			compatible = "arm,mhuv2-tx","arm,primecell";
++			reg = <0x1b000000 0x1000>;
++			clocks = <&refclk100mhz>;
++			clock-names = "apb_pclk";
++			interrupts = <GIC_SPI 11 IRQ_TYPE_LEVEL_HIGH>;
++			#mbox-cells = <2>;
++			arm,mhuv2-protocols = <1 1>;
++			mbox-name = "arm-es0-mhu0_tx";
++		};
++
++		mbox_es0mhu0_rx: mhu@1b010000 {
++			compatible = "arm,mhuv2-rx","arm,primecell";
++			reg = <0x1b010000 0x1000>;
++			clocks = <&refclk100mhz>;
++			clock-names = "apb_pclk";
++			interrupts = <GIC_SPI 12 IRQ_TYPE_LEVEL_HIGH>;
++			#mbox-cells = <2>;
++			arm,mhuv2-protocols = <1 1>;
++			mbox-name = "arm-es0-mhu0_rx";
++		};
++
++		mbox_es0mhu1_tx: mhu@1b020000 {
++			compatible = "arm,mhuv2-tx","arm,primecell";
++			reg = <0x1b020000 0x1000>;
++			clocks = <&refclk100mhz>;
++			clock-names = "apb_pclk";
++			interrupts = <GIC_SPI 46 IRQ_TYPE_LEVEL_HIGH>;
++			#mbox-cells = <2>;
++			arm,mhuv2-protocols = <1 1>;
++			mbox-name = "arm-es0-mhu1_tx";
++		};
++
++		mbox_es0mhu1_rx: mhu@1b030000 {
++			compatible = "arm,mhuv2-rx","arm,primecell";
++			reg = <0x1b030000 0x1000>;
++			clocks = <&refclk100mhz>;
++			clock-names = "apb_pclk";
++			interrupts = <GIC_SPI 47 IRQ_TYPE_LEVEL_HIGH>;
++			#mbox-cells = <2>;
++			arm,mhuv2-protocols = <1 1>;
++			mbox-name = "arm-es0-mhu1_rx";
++		};
++
++		client {
++			compatible = "arm,client";
++			mboxes = <&mbox_es0mhu0_tx 0 0>, <&mbox_es0mhu1_tx 0 0>, <&mbox_es0mhu0_rx 0 0>, <&mbox_es0mhu1_rx 0 0>;
++			mbox-names = "es0mhu0_tx", "es0mhu1_tx", "es0mhu0_rx", "es0mhu1_rx";
++		};
++
+ 		extsys0: extsys@1A010310 {
+ 			compatible = "arm,extsys_ctrl";
+ 			reg = <0x1A010310 0x4>,
+-- 
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-arm_ffa-introducing-Arm-FF-A-low-level-driver.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0002-arm_ffa-introducing-Arm-FF-A-low-level-driver.patch
similarity index 97%
rename from meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-arm_ffa-introducing-Arm-FF-A-low-level-driver.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0002-arm_ffa-introducing-Arm-FF-A-low-level-driver.patch
index 617aaf7..7749858 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0006-arm_ffa-introducing-Arm-FF-A-low-level-driver.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0002-arm_ffa-introducing-Arm-FF-A-low-level-driver.patch
@@ -1,7 +1,7 @@
-From 968c86e8a6ed3e9e6621f0ae44977b5b13d90bfd Mon Sep 17 00:00:00 2001
+From 42fd69fb5ec0c441b3d31ec544ed03bedab28d45 Mon Sep 17 00:00:00 2001
 From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
 Date: Tue, 16 Nov 2021 12:34:52 +0000
-Subject: [PATCH 06/24] arm_ffa: introducing Arm FF-A low-level driver
+Subject: [PATCH 2/7] arm_ffa: introducing Arm FF-A low-level driver
 
 This driver implements Arm Firmware Framework for Armv8-A on u-boot
 
@@ -23,6 +23,7 @@
 
 Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
 Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+Upstream-Status: Submitted [https://patchwork.ozlabs.org/project/uboot/patch/20220801172053.20163-4-abdellatif.elkhlifi@arm.com/]
 ---
  MAINTAINERS                      |    8 +
  arch/arm/cpu/armv8/smccc-call.S  |   27 +
@@ -58,10 +59,10 @@
  create mode 100644 lib/arm-ffa/arm_ffa_helper.c
 
 diff --git a/MAINTAINERS b/MAINTAINERS
-index 7f27ff4c20fc..d29d7e040764 100644
+index 96582fc677..14307e6da6 100644
 --- a/MAINTAINERS
 +++ b/MAINTAINERS
-@@ -244,6 +244,14 @@ F:	board/CZ.NIC/
+@@ -232,6 +232,14 @@ F:	board/CZ.NIC/
  F:	configs/turris_*_defconfig
  F:	include/configs/turris_*.h
  
@@ -77,7 +78,7 @@
  M:	Stefano Babic <sbabic@denx.de>
  M:	Fabio Estevam <festevam@gmail.com>
 diff --git a/arch/arm/cpu/armv8/smccc-call.S b/arch/arm/cpu/armv8/smccc-call.S
-index dc92b28777c3..ffc39c9fefa2 100644
+index dc92b28777..ffc39c9fef 100644
 --- a/arch/arm/cpu/armv8/smccc-call.S
 +++ b/arch/arm/cpu/armv8/smccc-call.S
 @@ -1,6 +1,8 @@
@@ -119,7 +120,7 @@
 +
 +#endif
 diff --git a/arch/arm/lib/asm-offsets.c b/arch/arm/lib/asm-offsets.c
-index 22fd541f9a28..45eca83a473c 100644
+index 22fd541f9a..45eca83a47 100644
 --- a/arch/arm/lib/asm-offsets.c
 +++ b/arch/arm/lib/asm-offsets.c
 @@ -9,6 +9,8 @@
@@ -143,20 +144,20 @@
  	DEFINE(ARM_SMCCC_QUIRK_STATE_OFFS, offsetof(struct arm_smccc_quirk, state));
  #endif
 diff --git a/common/board_r.c b/common/board_r.c
-index 6f4aca2077d6..412a0ea9fac3 100644
+index c24d9b4e22..af20f38b10 100644
 --- a/common/board_r.c
 +++ b/common/board_r.c
-@@ -62,6 +62,9 @@
+@@ -61,6 +61,9 @@
+ #include <wdt.h>
  #include <asm-generic/gpio.h>
  #include <efi_loader.h>
- #include <relocate.h>
 +#ifdef CONFIG_ARM_FFA_TRANSPORT
 +#include <arm_ffa_helper.h>
 +#endif
  
  DECLARE_GLOBAL_DATA_PTR;
  
-@@ -779,6 +782,9 @@ static init_fnc_t init_sequence_r[] = {
+@@ -770,6 +773,9 @@ static init_fnc_t init_sequence_r[] = {
  	INIT_FUNC_WATCHDOG_RESET
  	initr_net,
  #endif
@@ -167,7 +168,7 @@
  	initr_post,
  #endif
 diff --git a/drivers/Kconfig b/drivers/Kconfig
-index b26ca8cf70c9..e83c23789d1b 100644
+index b26ca8cf70..e83c23789d 100644
 --- a/drivers/Kconfig
 +++ b/drivers/Kconfig
 @@ -6,6 +6,8 @@ source "drivers/core/Kconfig"
@@ -180,10 +181,10 @@
  
  source "drivers/axi/Kconfig"
 diff --git a/drivers/Makefile b/drivers/Makefile
-index 67c8af74424e..1be687b55d13 100644
+index 4e7cf28440..6671d2a604 100644
 --- a/drivers/Makefile
 +++ b/drivers/Makefile
-@@ -109,6 +109,7 @@ obj-y += iommu/
+@@ -107,6 +107,7 @@ obj-y += iommu/
  obj-y += smem/
  obj-y += thermal/
  obj-$(CONFIG_TEE) += tee/
@@ -193,7 +194,7 @@
  obj-$(CONFIG_W1) += w1/
 diff --git a/drivers/arm-ffa/Kconfig b/drivers/arm-ffa/Kconfig
 new file mode 100644
-index 000000000000..d71444c1fa90
+index 0000000000..d71444c1fa
 --- /dev/null
 +++ b/drivers/arm-ffa/Kconfig
 @@ -0,0 +1,26 @@
@@ -225,7 +226,7 @@
 +	  all the interactions between Normal world and Secure World.
 diff --git a/drivers/arm-ffa/Makefile b/drivers/arm-ffa/Makefile
 new file mode 100644
-index 000000000000..9fb5bea52299
+index 0000000000..9fb5bea522
 --- /dev/null
 +++ b/drivers/arm-ffa/Makefile
 @@ -0,0 +1,3 @@
@@ -234,7 +235,7 @@
 +obj-y += arm-ffa-uclass.o core.o
 diff --git a/drivers/arm-ffa/arm-ffa-uclass.c b/drivers/arm-ffa/arm-ffa-uclass.c
 new file mode 100644
-index 000000000000..43f6066281fe
+index 0000000000..43f6066281
 --- /dev/null
 +++ b/drivers/arm-ffa/arm-ffa-uclass.c
 @@ -0,0 +1,67 @@
@@ -307,7 +308,7 @@
 +}
 diff --git a/drivers/arm-ffa/arm_ffa_prv.h b/drivers/arm-ffa/arm_ffa_prv.h
 new file mode 100644
-index 000000000000..38ea4ba83efc
+index 0000000000..38ea4ba83e
 --- /dev/null
 +++ b/drivers/arm-ffa/arm_ffa_prv.h
 @@ -0,0 +1,199 @@
@@ -512,7 +513,7 @@
 +#endif
 diff --git a/drivers/arm-ffa/core.c b/drivers/arm-ffa/core.c
 new file mode 100644
-index 000000000000..98e2d2fa1767
+index 0000000000..98e2d2fa17
 --- /dev/null
 +++ b/drivers/arm-ffa/core.c
 @@ -0,0 +1,1484 @@
@@ -2002,7 +2003,7 @@
 +};
 diff --git a/include/arm_ffa.h b/include/arm_ffa.h
 new file mode 100644
-index 000000000000..313f46f74764
+index 0000000000..313f46f747
 --- /dev/null
 +++ b/include/arm_ffa.h
 @@ -0,0 +1,191 @@
@@ -2199,7 +2200,7 @@
 +#endif
 diff --git a/include/arm_ffa_helper.h b/include/arm_ffa_helper.h
 new file mode 100644
-index 000000000000..0e143e54511e
+index 0000000000..0e143e5451
 --- /dev/null
 +++ b/include/arm_ffa_helper.h
 @@ -0,0 +1,45 @@
@@ -2249,10 +2250,10 @@
 +int ffa_uuid_str_to_bin(const char *uuid_str, unsigned char *uuid_bin);
 +#endif
 diff --git a/include/dm/uclass-id.h b/include/dm/uclass-id.h
-index 3ba69ad9a084..732441824557 100644
+index 0e26e1d138..a1181b8f48 100644
 --- a/include/dm/uclass-id.h
 +++ b/include/dm/uclass-id.h
-@@ -55,6 +55,7 @@ enum uclass_id {
+@@ -52,6 +52,7 @@ enum uclass_id {
  	UCLASS_EFI_MEDIA,	/* Devices provided by UEFI firmware */
  	UCLASS_ETH,		/* Ethernet device */
  	UCLASS_ETH_PHY,		/* Ethernet PHY device */
@@ -2261,7 +2262,7 @@
  	UCLASS_FS_FIRMWARE_LOADER,		/* Generic loader */
  	UCLASS_GPIO,		/* Bank of general-purpose I/O pins */
 diff --git a/include/linux/arm-smccc.h b/include/linux/arm-smccc.h
-index 7f2be2339475..54980a130fdb 100644
+index 7f2be23394..54980a130f 100644
 --- a/include/linux/arm-smccc.h
 +++ b/include/linux/arm-smccc.h
 @@ -1,6 +1,8 @@
@@ -2320,10 +2321,10 @@
  
  #define arm_smccc_smc_quirk(...) __arm_smccc_smc(__VA_ARGS__)
 diff --git a/lib/Kconfig b/lib/Kconfig
-index acc0ac081a44..65db65c3c4cd 100644
+index 3c6fa99b1a..473821b882 100644
 --- a/lib/Kconfig
 +++ b/lib/Kconfig
-@@ -902,6 +902,7 @@ config SMBIOS_PARSER
+@@ -810,6 +810,7 @@ config SMBIOS_PARSER
  source lib/efi/Kconfig
  source lib/efi_loader/Kconfig
  source lib/optee/Kconfig
@@ -2332,7 +2333,7 @@
  config TEST_FDTDEC
  	bool "enable fdtdec test"
 diff --git a/lib/Makefile b/lib/Makefile
-index d9b1811f7506..4aa3e2ed2a7e 100644
+index 11b03d1cbe..8e6fad6130 100644
 --- a/lib/Makefile
 +++ b/lib/Makefile
 @@ -9,6 +9,7 @@ obj-$(CONFIG_EFI) += efi/
@@ -2345,7 +2346,7 @@
  obj-$(CONFIG_TIZEN) += tizen/
 diff --git a/lib/arm-ffa/Kconfig b/lib/arm-ffa/Kconfig
 new file mode 100644
-index 000000000000..79acbc5a8fe3
+index 0000000000..79acbc5a8f
 --- /dev/null
 +++ b/lib/arm-ffa/Kconfig
 @@ -0,0 +1,6 @@
@@ -2357,7 +2358,7 @@
 +	  pass the data and the FF-A function ID to the low level driver
 diff --git a/lib/arm-ffa/Makefile b/lib/arm-ffa/Makefile
 new file mode 100644
-index 000000000000..c30c0f398126
+index 0000000000..c30c0f3981
 --- /dev/null
 +++ b/lib/arm-ffa/Makefile
 @@ -0,0 +1,8 @@
@@ -2371,7 +2372,7 @@
 +obj-y += arm_ffa_helper.o
 diff --git a/lib/arm-ffa/arm_ffa_helper.c b/lib/arm-ffa/arm_ffa_helper.c
 new file mode 100644
-index 000000000000..623899d38044
+index 0000000000..623899d380
 --- /dev/null
 +++ b/lib/arm-ffa/arm_ffa_helper.c
 @@ -0,0 +1,188 @@
@@ -2564,7 +2565,7 @@
 +	return 0;
 +}
 diff --git a/lib/efi_loader/efi_boottime.c b/lib/efi_loader/efi_boottime.c
-index 4da64b5d2962..c68d9ed4f0bd 100644
+index 5bcb8253ed..cffa2c69d6 100644
 --- a/lib/efi_loader/efi_boottime.c
 +++ b/lib/efi_loader/efi_boottime.c
 @@ -23,6 +23,10 @@
@@ -2578,7 +2579,7 @@
  DECLARE_GLOBAL_DATA_PTR;
  
  /* Task priority level */
-@@ -2113,6 +2117,10 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle,
+@@ -2114,6 +2118,10 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle,
  	struct efi_event *evt, *next_event;
  	efi_status_t ret = EFI_SUCCESS;
  
@@ -2589,7 +2590,7 @@
  	EFI_ENTRY("%p, %zx", image_handle, map_key);
  
  	/* Check that the caller has read the current memory map */
-@@ -2173,6 +2181,15 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle,
+@@ -2174,6 +2182,15 @@ static efi_status_t EFIAPI efi_exit_boot_services(efi_handle_t image_handle,
  		dm_remove_devices_flags(DM_REMOVE_ACTIVE_ALL);
  	}
  
@@ -2606,5 +2607,5 @@
  	efi_runtime_detach();
  
 -- 
-2.37.1
+2.34.1
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0003-arm-total_compute-enable-psci.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0003-arm-total_compute-enable-psci.patch
new file mode 100644
index 0000000..da8d3f0
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0003-arm-total_compute-enable-psci.patch
@@ -0,0 +1,30 @@
+From 8dd3e03bd83939746b6a849dce37435ea7581032 Mon Sep 17 00:00:00 2001
+From: Davidson K <davidson.kumaresan@arm.com>
+Date: Thu, 14 Jul 2022 19:35:41 +0530
+Subject: [PATCH 3/7] arm: total_compute: enable psci
+
+psci is used for system reset
+
+Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
+Change-Id: Iff4f769dc5e64b6000e892d77a011102b090acfd
+Upstream-Status: Submitted [https://patchwork.ozlabs.org/project/uboot/patch/20220809102652.23776-1-davidson.kumaresan@arm.com/]
+---
+ arch/arm/dts/total_compute.dts | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/arch/arm/dts/total_compute.dts b/arch/arm/dts/total_compute.dts
+index 4399269a44..96edacda0b 100644
+--- a/arch/arm/dts/total_compute.dts
++++ b/arch/arm/dts/total_compute.dts
+@@ -45,4 +45,8 @@
+ 		clock-frequency = <24000000>;
+ 		clock-output-names = "bp:clock24mhz";
+ 	};
++	psci {
++		compatible = "arm,psci-1.0", "arm,psci-0.2";
++		method = "smc";
++	};
+ };
+-- 
+2.34.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0004-arm_ffa-rxtx_map-should-use-64-bit-calls.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0004-arm_ffa-rxtx_map-should-use-64-bit-calls.patch
new file mode 100644
index 0000000..fb1e9ea
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0004-arm_ffa-rxtx_map-should-use-64-bit-calls.patch
@@ -0,0 +1,37 @@
+From 6eee50e5376356b1faeb30507b411120a8b5c7d1 Mon Sep 17 00:00:00 2001
+From: Davidson K <davidson.kumaresan@arm.com>
+Date: Mon, 6 Jun 2022 15:13:15 +0530
+Subject: [PATCH 4/7] arm_ffa: rxtx_map should use 64 bit calls
+
+rxtx_map deals with the 64 bit addresses and hence the 64 bit calls
+should be used
+
+Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
+Change-Id: Iec1251266e61139767588d683d60bada1ed10abe
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ include/arm_ffa.h | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/include/arm_ffa.h b/include/arm_ffa.h
+index 313f46f747..9627107079 100644
+--- a/include/arm_ffa.h
++++ b/include/arm_ffa.h
+@@ -58,12 +58,13 @@
+ 			   ARM_SMCCC_OWNER_STANDARD, (func_num))
+ 
+ #define FFA_SMC_32(func_num)	FFA_SMC(ARM_SMCCC_SMC_32, (func_num))
++#define FFA_SMC_64(func_num)	FFA_SMC(ARM_SMCCC_SMC_64, (func_num))
+ 
+ #define FFA_VERSION				FFA_SMC_32(0x63)
+ #define FFA_ID_GET				FFA_SMC_32(0x69)
+ #define FFA_FEATURES				FFA_SMC_32(0x64)
+ #define FFA_PARTITION_INFO_GET				FFA_SMC_32(0x68)
+-#define FFA_RXTX_MAP				FFA_SMC_32(0x66)
++#define FFA_RXTX_MAP				FFA_SMC_64(0x66)
+ #define FFA_RXTX_UNMAP				FFA_SMC_32(0x67)
+ #define FFA_RX_RELEASE				FFA_SMC_32(0x65)
+ #define FFA_MSG_SEND_DIRECT_REQ				FFA_SMC_32(0x6F)
+-- 
+2.34.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0005-efi_firmware-add-new-fmp-driver-that-supports-arm-fw.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0005-efi_firmware-add-new-fmp-driver-that-supports-arm-fw.patch
new file mode 100644
index 0000000..159b048
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0005-efi_firmware-add-new-fmp-driver-that-supports-arm-fw.patch
@@ -0,0 +1,993 @@
+From 6d26058401bce6012173b5341cdf4de72772a1c2 Mon Sep 17 00:00:00 2001
+From: Davidson K <davidson.kumaresan@arm.com>
+Date: Mon, 6 Jun 2022 13:19:07 +0530
+Subject: [PATCH 5/7] efi_firmware: add new fmp driver that supports arm fwu
+ specification
+
+This fmp driver communicates to the firmware update secure partition
+executing in the secure world which is an implementation of the arm
+psa specification for the firmware update. The communication to the
+firmware update secure partition is based on stmm and arm ff-a framework.
+
+It implements only the get_image_info and set_image api.
+
+Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
+Change-Id: I94c2cad210c32a60a8a0594cacf530b68ab6a09d
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ include/efi_firmware_arm_psa.h        | 218 +++++++++++
+ include/efi_loader.h                  |   1 +
+ lib/efi_loader/Kconfig                |   9 +
+ lib/efi_loader/Makefile               |   1 +
+ lib/efi_loader/efi_capsule.c          |   8 +
+ lib/efi_loader/efi_firmware.c         | 134 +++++++
+ lib/efi_loader/efi_firmware_arm_psa.c | 520 ++++++++++++++++++++++++++
+ 7 files changed, 891 insertions(+)
+ create mode 100644 include/efi_firmware_arm_psa.h
+ create mode 100644 lib/efi_loader/efi_firmware_arm_psa.c
+
+diff --git a/include/efi_firmware_arm_psa.h b/include/efi_firmware_arm_psa.h
+new file mode 100644
+index 0000000000..82f932066c
+--- /dev/null
++++ b/include/efi_firmware_arm_psa.h
+@@ -0,0 +1,218 @@
++/* SPDX-License-Identifier: GPL-2.0+ */
++/*
++ * Copyright (C) 2022 Arm Limited
++ */
++
++#ifndef _EFI_FIRMWARE_ARM_PSA_H
++#define _EFI_FIRMWARE_ARM_PSA_H
++
++#include <efi_loader.h>
++#include <mm_communication.h>
++#include <stdint.h>
++
++#define PSA_FWU_DIRECTORY_UUID \
++	EFI_GUID(0xdeee58d9, 0x5147, 0x4ad3, \
++		 0xa2, 0x90, 0x77, 0x66, 0x6e, 0x23, 0x41, 0xa5)
++
++#define PSA_FWU_SP_UUID \
++	EFI_GUID(0x6823a838, 0x1b06, 0x470e, \
++		 0x97, 0x74, 0x0c, 0xce, 0x8b, 0xfb, 0x53, 0xfd)
++
++#define FFA_FWU_SP_UUID \
++	{0x68, 0x23, 0xa8, 0x38, 0x1b, 0x06, 0x47, \
++		0x0e, 0x97, 0x74, 0x0c, 0xce, 0x8b, 0xfb, 0x53, 0xfd}
++
++#define FWU_DISCOVER		0
++#define FWU_BEGIN_STAGING	1
++#define FWU_END_STAGING 	2
++#define FWU_CANCEL_STAGING	3
++#define FWU_OPEN		4
++#define FWU_WRITE_STREAM	5
++#define FWU_READ_STREAM 	6
++#define FWU_COMMIT		7
++#define FWU_ACCEPT_IMAGE	9
++#define FWU_SELECT_PREVIOUS	10
++
++#define FWU_SUCCESS		0
++#define FWU_UNKNOWN		((int32_t)-1)
++#define FWU_BUSY		((int32_t)-2)
++#define FWU_OUT_OF_BOUNDS	((int32_t)-3)
++#define FWU_AUTH_FAIL		((int32_t)-4)
++#define FWU_NO_PERMISSION	((int32_t)-5)
++#define FWU_DENIED		((int32_t)-6)
++#define FWU_RESUME		((int32_t)-7)
++
++#define MAX_IMAGES		5
++
++typedef int32_t fwu_status_t;
++
++struct fwu_image_info_entry {
++	efi_guid_t image_guid;
++	uint32_t client_permissions;
++	uint32_t img_max_size;
++	uint32_t lowest_acceptable_version;
++	uint32_t img_version;
++	uint32_t accepted;
++	uint32_t reserved;
++}__packed;
++
++struct fwu_image_directory {
++	uint32_t directory_version;
++	uint32_t num_images;
++	uint32_t active_index;
++	uint32_t boot_index;
++	struct fwu_image_info_entry entries[MAX_IMAGES];
++}__packed;
++
++int __efi_runtime arm_psa_get_image_info(
++	efi_uintn_t *image_info_size,
++	struct efi_firmware_image_descriptor *image_info,
++	u32 *descriptor_version,
++	u8 *descriptor_count,
++	efi_uintn_t *descriptor_size,
++	u32 *package_version,
++	u16 **package_version_name
++);
++
++int __efi_runtime arm_psa_update(
++	const void *image,
++	u8 image_index,
++	efi_uintn_t image_size
++);
++
++struct mm_fwu_discover_arg {
++	uint32_t func_id;
++}__packed;
++
++struct mm_fwu_discover_ret {
++	uint32_t status;
++	uint8_t version_major;
++	uint8_t version_minor;
++	uint16_t num_func;
++	uint8_t function_presence[];
++}__packed;
++
++struct mm_fwu_begin_staging_arg {
++	uint32_t func_id;
++}__packed;
++
++struct mm_fwu_begin_staging_ret {
++	uint32_t status;
++}__packed;
++
++struct mm_fwu_end_staging_arg {
++	uint32_t func_id;
++}__packed;
++
++struct mm_fwu_end_staging_ret {
++	uint32_t status;
++}__packed;
++
++struct mm_fwu_cancel_staging_arg {
++	uint32_t func_id;
++}__packed;
++
++struct mm_fwu_cancel_staging_ret {
++	uint32_t status;
++}__packed;
++
++struct mm_fwu_open_arg {
++	uint32_t func_id;
++	efi_guid_t image_guid;
++}__packed;
++
++struct mm_fwu_open_ret {
++	uint32_t status;
++	uint32_t handle;
++}__packed;
++
++struct mm_fwu_write_stream_arg {
++	uint32_t func_id;
++	uint32_t handle;
++	uint32_t data_len;
++	uint8_t payload[];
++}__packed;
++
++struct mm_fwu_write_stream_ret {
++	uint32_t status;
++};
++
++struct mm_fwu_read_stream_arg {
++	uint32_t func_id;
++	uint32_t handle;
++}__packed;
++
++struct mm_fwu_read_stream_ret {
++	uint32_t status;
++	uint32_t read_bytes;
++	uint32_t total_bytes;
++	uint8_t payload[];
++}__packed;
++
++struct mm_fwu_commit_arg {
++	uint32_t func_id;
++	uint32_t handle;
++	uint32_t acceptance_req;
++	uint32_t max_atomic_len;
++}__packed;
++
++struct mm_fwu_commit_ret {
++	uint32_t status;
++	uint32_t progress;
++	uint32_t total_work;
++}__packed;
++
++struct mm_fwu_accept_arg {
++	uint32_t func_id;
++	uint32_t reserved;
++	efi_guid_t image_type_uuid;
++}__packed;
++
++struct mm_fwu_accept_ret {
++	uint32_t status;
++};
++
++struct mm_fwu_select_previous_arg {
++	uint32_t func_id;
++}__packed;
++
++struct mm_fwu_select_previous_ret {
++	uint32_t status;
++}__packed;
++
++inline static void *get_fwu_hdr(struct efi_mm_communicate_header *mm_hdr)
++{
++	const efi_guid_t fwu_sp_guid = PSA_FWU_SP_UUID;
++	guidcpy(&mm_hdr->header_guid, &fwu_sp_guid);
++	return mm_hdr->data;
++}
++
++#define GET_HDR(name)						\
++static inline struct mm_fwu_##name *				\
++get_fwu_##name (struct efi_mm_communicate_header *mm_hdr)	\
++{								\
++	return (struct mm_fwu_##name *)get_fwu_hdr(mm_hdr);	\
++}								\
++
++GET_HDR(discover_arg)
++GET_HDR(discover_ret)
++GET_HDR(begin_staging_arg)
++GET_HDR(begin_staging_ret)
++GET_HDR(end_staging_arg)
++GET_HDR(end_staging_ret)
++GET_HDR(cancel_staging_arg)
++GET_HDR(cancel_staging_ret)
++GET_HDR(open_arg)
++GET_HDR(open_ret)
++GET_HDR(write_stream_arg)
++GET_HDR(write_stream_ret)
++GET_HDR(read_stream_arg)
++GET_HDR(read_stream_ret)
++GET_HDR(commit_arg)
++GET_HDR(commit_ret)
++GET_HDR(accept_arg)
++GET_HDR(accept_ret)
++GET_HDR(select_previous_arg)
++GET_HDR(select_previous_ret)
++
++#endif /* _EFI_FIRMWARE_ARM_PSA_H */
+diff --git a/include/efi_loader.h b/include/efi_loader.h
+index af36639ec6..7327c87497 100644
+--- a/include/efi_loader.h
++++ b/include/efi_loader.h
+@@ -961,6 +961,7 @@ u16 *efi_create_indexed_name(u16 *buffer, size_t buffer_size, const char *name,
+ 
+ extern const struct efi_firmware_management_protocol efi_fmp_fit;
+ extern const struct efi_firmware_management_protocol efi_fmp_raw;
++extern const struct efi_firmware_management_protocol efi_fmp_arm_psa;
+ 
+ /* Capsule update */
+ efi_status_t EFIAPI efi_update_capsule(
+diff --git a/lib/efi_loader/Kconfig b/lib/efi_loader/Kconfig
+index e5e35fe51f..f99d436f16 100644
+--- a/lib/efi_loader/Kconfig
++++ b/lib/efi_loader/Kconfig
+@@ -168,6 +168,15 @@ config EFI_CAPSULE_FIRMWARE_MANAGEMENT
+ 	  Select this option if you want to enable capsule-based
+ 	  firmware update using Firmware Management Protocol.
+ 
++config EFI_CAPSULE_FIRMWARE_ARM_PSA
++	bool "FMP driver for ARM PSA FWU specification"
++	depends on EFI_CAPSULE_FIRMWARE_MANAGEMENT
++	select EFI_CAPSULE_FIRMWARE
++	help
++	  Select this option if you want to enable firmware management protocol
++	  driver that supports the ARM PSA firmware update specification as
++	  mentioned in https://developer.arm.com/documentation/den0118/a/
++
+ config EFI_CAPSULE_FIRMWARE_FIT
+ 	bool "FMP driver for FIT images"
+ 	depends on FIT
+diff --git a/lib/efi_loader/Makefile b/lib/efi_loader/Makefile
+index 034d26cf01..f986ac6417 100644
+--- a/lib/efi_loader/Makefile
++++ b/lib/efi_loader/Makefile
+@@ -38,6 +38,7 @@ obj-y += efi_boottime.o
+ obj-y += efi_helper.o
+ obj-$(CONFIG_EFI_HAVE_CAPSULE_SUPPORT) += efi_capsule.o
+ obj-$(CONFIG_EFI_CAPSULE_FIRMWARE) += efi_firmware.o
++obj-$(CONFIG_EFI_CAPSULE_FIRMWARE_ARM_PSA) += efi_firmware_arm_psa.o
+ obj-y += efi_console.o
+ obj-y += efi_device_path.o
+ obj-$(CONFIG_EFI_DEVICE_PATH_TO_TEXT) += efi_device_path_to_text.o
+diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
+index f00440163d..3154fc51d3 100644
+--- a/lib/efi_loader/efi_capsule.c
++++ b/lib/efi_loader/efi_capsule.c
+@@ -1041,6 +1041,14 @@ efi_status_t __weak efi_load_capsule_drivers(void)
+ 				&efi_fmp_raw, NULL));
+ 	}
+ 
++	if (IS_ENABLED(CONFIG_EFI_CAPSULE_FIRMWARE_ARM_PSA)) {
++		handle = NULL;
++		ret = EFI_CALL(efi_install_multiple_protocol_interfaces(
++				&handle,
++				&efi_guid_firmware_management_protocol,
++				&efi_fmp_arm_psa, NULL));
++	}
++
+ 	return ret;
+ }
+ 
+diff --git a/lib/efi_loader/efi_firmware.c b/lib/efi_loader/efi_firmware.c
+index a5ff32f121..3356559af8 100644
+--- a/lib/efi_loader/efi_firmware.c
++++ b/lib/efi_loader/efi_firmware.c
+@@ -9,6 +9,7 @@
+ #include <common.h>
+ #include <charset.h>
+ #include <dfu.h>
++#include <efi_firmware_arm_psa.h>
+ #include <efi_loader.h>
+ #include <image.h>
+ #include <signatures.h>
+@@ -478,3 +479,136 @@ const struct efi_firmware_management_protocol efi_fmp_raw = {
+ 	.set_package_info = efi_firmware_set_package_info_unsupported,
+ };
+ #endif /* CONFIG_EFI_CAPSULE_FIRMWARE_RAW */
++
++#ifdef CONFIG_EFI_CAPSULE_FIRMWARE_ARM_PSA
++/*
++ * This FIRMWARE_MANAGEMENT_PROTOCOL driver provides a firmware update
++ * method that supports the arm psa firmware update specification.
++ */
++
++/**
++ * efi_firmware_arm_psa_get_image_info - return information about the
++ * 					 current firmware image
++ * @this:			Protocol instance
++ * @image_info_size:		Size of @image_info
++ * @image_info:			Image information
++ * @descriptor_version:		Pointer to version number
++ * @descriptor_count:		Pointer to number of descriptors
++ * @descriptor_size:		Pointer to descriptor size
++ * package_version:		Package version
++ * package_version_name:	Package version's name
++ *
++ * Return information bout the current firmware image in @image_info.
++ * @image_info will consist of a number of descriptors.
++ *
++ * Return		status code
++ */
++
++static
++efi_status_t EFIAPI efi_firmware_arm_psa_get_image_info(
++	struct efi_firmware_management_protocol *this,
++	efi_uintn_t *image_info_size,
++	struct efi_firmware_image_descriptor *image_info,
++	u32 *descriptor_version,
++	u8 *descriptor_count,
++	efi_uintn_t *descriptor_size,
++	u32 *package_version,
++	u16 **package_version_name)
++{
++	int ret;
++
++	EFI_ENTRY("%p %p %p %p %p %p %p %p\n", this,
++		  image_info_size, image_info,
++		  descriptor_version, descriptor_count, descriptor_size,
++		  package_version, package_version_name);
++
++	if (!image_info_size)
++		return EFI_EXIT(EFI_INVALID_PARAMETER);
++
++	if (*image_info_size &&
++	    (!image_info || !descriptor_version || !descriptor_count ||
++	     !descriptor_size || !package_version || !package_version_name))
++		return EFI_EXIT(EFI_INVALID_PARAMETER);
++
++	ret = arm_psa_get_image_info(image_info_size, image_info,
++				descriptor_version, descriptor_count,
++				descriptor_size,
++				package_version, package_version_name);
++
++	if (ret) {
++		if (ret == -ENOMEM)
++			return EFI_EXIT(EFI_BUFFER_TOO_SMALL);
++		else
++			return EFI_EXIT(EFI_DEVICE_ERROR);
++	}
++
++	return EFI_EXIT(EFI_SUCCESS);
++}
++
++/**
++ * efi_firmware_arm_psa_set_image - update the firmware image
++ * @this:		Protocol instance
++ * @image_index:	Image index number
++ * @image:		New image
++ * @image_size:		Size of new image
++ * @vendor_code:	Vendor-specific update policy
++ * @progress:		Function to report the progress of update
++ * @abort_reason:	Pointer to string of abort reason
++ *
++ * Update the firmware to new image, following the arm psa firmware
++ * update specification.
++ * @vendor_code, @progress and @abort_reason are not supported.
++ *
++ * Return:		status code
++ */
++static
++efi_status_t EFIAPI efi_firmware_arm_psa_set_image(
++	struct efi_firmware_management_protocol *this,
++	u8 image_index,
++	const void *image,
++	efi_uintn_t image_size,
++	const void *vendor_code,
++	efi_status_t (*progress)(efi_uintn_t completion),
++	u16 **abort_reason)
++{
++	u32 fmp_hdr_signature;
++	const struct fmp_payload_header *header;
++
++	EFI_ENTRY("%p %d %p %zd %p %p %p\n", this, image_index, image,
++		  image_size, vendor_code, progress, abort_reason);
++
++	if (!image)
++		return EFI_EXIT(EFI_INVALID_PARAMETER);
++
++	/* TODO: capsule authentication */
++
++	fmp_hdr_signature = FMP_PAYLOAD_HDR_SIGNATURE;
++	header = (void *)image;
++
++	if (!memcmp(&header->signature, &fmp_hdr_signature,
++		    sizeof(fmp_hdr_signature))) {
++		/*
++		 * When building the capsule with the scripts in
++		 * edk2, a FMP header is inserted above the capsule
++		 * payload. Compensate for this header to get the
++		 * actual payload that is to be updated.
++		 */
++		image = (unsigned char *)image + header->header_size;
++		image_size -= header->header_size;
++	}
++
++	if (arm_psa_update(image, image_index, image_size))
++		return EFI_EXIT(EFI_DEVICE_ERROR);
++
++	return EFI_EXIT(EFI_SUCCESS);
++}
++
++const struct efi_firmware_management_protocol efi_fmp_arm_psa = {
++	.get_image_info = efi_firmware_arm_psa_get_image_info,
++	.get_image = efi_firmware_get_image_unsupported,
++	.set_image = efi_firmware_arm_psa_set_image,
++	.check_image = efi_firmware_check_image_unsupported,
++	.get_package_info = efi_firmware_get_package_info_unsupported,
++	.set_package_info = efi_firmware_set_package_info_unsupported,
++};
++#endif /* CONFIG_EFI_CAPSULE_FIRMWARE_ARM_PSA */
+diff --git a/lib/efi_loader/efi_firmware_arm_psa.c b/lib/efi_loader/efi_firmware_arm_psa.c
+new file mode 100644
+index 0000000000..ab575f0124
+--- /dev/null
++++ b/lib/efi_loader/efi_firmware_arm_psa.c
+@@ -0,0 +1,520 @@
++/* SPDX-License-Identifier: GPL-2.0+ */
++/*
++ * Copyright (C) 2022 Arm Limited
++ */
++
++#include <arm_ffa_helper.h>
++#include <configs/total_compute.h>
++#include <efi_firmware_arm_psa.h>
++#include <efi_loader.h>
++#include <malloc.h>
++#include <mapmem.h>
++#include <mm_communication.h>
++
++/* MM return codes */
++#define MM_SUCCESS	0
++
++#define ARM_SVC_ID_SP_EVENT_COMPLETE_AARCH64	0xC4000061
++#define ARM_SVC_ID_SP_EVENT_COMPLETE		ARM_SVC_ID_SP_EVENT_COMPLETE_AARCH64
++
++__efi_runtime_data static u16 mm_sp_id;
++__efi_runtime_data static int fwu_initialized = 0;
++__efi_runtime_data struct fwu_image_directory cached_image_directory;
++__efi_runtime_data struct efi_mm_communicate_header *mm_hdr;
++__efi_runtime_data void *mm_comm_buf;
++
++/**
++ * ffa_discover_mm_sp_id() - Query the MM partition ID
++ *
++ * Use the FF-A driver to get the MM partition ID.
++ * If multiple partitions are found, use the first one
++ *
++ * Return:
++ *
++ * 0 on success
++ */
++static int __efi_runtime ffa_discover_mm_sp_id(void)
++{
++	struct ffa_interface_data func_data = {0};
++	u32 count = 0;
++	int ret;
++	struct ffa_partition_info *parts_info;
++	static union ffa_partition_uuid fwu_sp_uuid = {.bytes = FFA_FWU_SP_UUID};
++
++	/*
++	 * get from the driver the count of the SPs matching the UUID
++	 */
++	func_data.data0_size = sizeof(fwu_sp_uuid);
++	func_data.data0 = &fwu_sp_uuid;
++	func_data.data1_size = sizeof(count);
++	func_data.data1 = &count;
++
++	ret = ffa_helper_get_partitions_info(&func_data);
++	if (ret != FFA_ERR_STAT_SUCCESS) {
++		log_err("EFI: Failure in querying partitions count (error code: %d)\n", ret);
++		return ret;
++	}
++
++	if (!count) {
++		log_info("EFI: No MM partition found\n");
++		return ret;
++	}
++
++	/*
++	 * pre-allocate a buffer to be filled by the driver
++	 * with  ffa_partition_info structs
++	 */
++	parts_info = calloc(count, sizeof(struct ffa_partition_info));
++	if (!parts_info)
++		return -EINVAL;
++
++	log_info("EFI: Pre-allocating %d partition(s) info structures\n", count);
++
++	func_data.data1_size = count * sizeof(struct ffa_partition_info);
++	func_data.data1 = parts_info;
++
++	/*
++	 * ask the driver to fill the
++	 * buffer with the SPs info
++	 */
++	ret = ffa_helper_get_partitions_info(&func_data);
++	if (ret != FFA_ERR_STAT_SUCCESS) {
++		log_err("EFI: Failure in querying partition(s) info (error code: %d)\n", ret);
++		free(parts_info);
++		return ret;
++	}
++
++	/*
++	 * MM SPs found , use the first one
++	 */
++
++	mm_sp_id = parts_info[0].id;
++
++	log_info("EFI: MM partition ID 0x%x\n", mm_sp_id);
++
++	free(parts_info);
++
++	return 0;
++}
++
++/**
++ * ffa_notify_mm_sp() - Announce there is data in the shared buffer
++ *
++ * Notifies the MM partition in the trusted world that
++ * data is available in the shared buffer.
++ * This is a blocking call during which trusted world has exclusive access
++ * to the MM shared buffer.
++ *
++ * Return:
++ *
++ * 0 on success
++ */
++static int __efi_runtime ffa_notify_mm_sp(void)
++{
++	struct ffa_interface_data func_data = {0};
++	struct ffa_send_direct_data msg = {0};
++	int ret;
++	u32 sp_event_complete;
++	int sp_event_ret;
++
++	func_data.data0_size = sizeof(mm_sp_id);
++	func_data.data0 = &mm_sp_id;
++
++	msg.a3 = FFA_SHARED_MM_BUFFER_ADDR;
++	msg.a4 = FFA_SHARED_MM_BUFFER_SIZE;
++	func_data.data1_size = sizeof(msg);
++	func_data.data1 = &msg;
++
++	ret = ffa_helper_msg_send_direct_req(&func_data);
++	if (ret != FFA_ERR_STAT_SUCCESS) {
++		log_err("EFI: Failure to notify the MM SP , FF-A  error (%d)\n", ret);
++		return ret;
++	}
++
++	sp_event_complete = msg.a3;
++	sp_event_ret = (int)msg.a4;
++
++	if (sp_event_complete == ARM_SVC_ID_SP_EVENT_COMPLETE && sp_event_ret == MM_SUCCESS)
++		return 0;
++
++	log_err("EFI: Failure to notify the MM SP (0x%x , %d)\n",
++		sp_event_complete,
++		sp_event_ret);
++
++	return -EACCES;
++}
++
++static fwu_status_t __efi_runtime fwu_discover(void)
++{
++	int ret;
++	struct mm_fwu_discover_arg *discover_arg = get_fwu_discover_arg(mm_hdr);
++	struct mm_fwu_discover_ret *discover_ret = get_fwu_discover_ret(mm_hdr);
++
++	discover_arg->func_id = FWU_DISCOVER;
++
++	mm_hdr->message_len = sizeof(struct mm_fwu_discover_arg);
++
++	ret = ffa_notify_mm_sp();
++	if (ret)
++		return ret;
++
++	if (discover_ret->version_major != 1) {
++		log_err("FWU: Unsupported Update Agent version\n");
++		return -EINVAL;
++	}
++	/* TODO: check other parameters as well */
++
++	return discover_ret->status;
++}
++
++static fwu_status_t __efi_runtime fwu_begin_staging(void)
++{
++	int ret;
++	struct mm_fwu_begin_staging_arg *begin_staging_arg = get_fwu_begin_staging_arg(mm_hdr);
++	struct mm_fwu_begin_staging_ret *begin_staging_ret = get_fwu_begin_staging_ret(mm_hdr);
++
++	begin_staging_arg->func_id = FWU_BEGIN_STAGING;
++
++	mm_hdr->message_len = sizeof(struct mm_fwu_begin_staging_arg);
++
++	ret = ffa_notify_mm_sp();
++	if (ret)
++		return ret;
++
++	return begin_staging_ret->status;
++}
++
++static fwu_status_t __efi_runtime fwu_end_staging(void)
++{
++	int ret;
++	struct mm_fwu_end_staging_arg *end_staging_arg = get_fwu_end_staging_arg(mm_hdr);
++	struct mm_fwu_end_staging_ret *end_staging_ret = get_fwu_end_staging_ret(mm_hdr);
++
++	end_staging_arg->func_id = FWU_END_STAGING;
++
++	mm_hdr->message_len = sizeof(struct mm_fwu_end_staging_arg);
++
++	ret = ffa_notify_mm_sp();
++	if (ret)
++		return ret;
++
++	return end_staging_ret->status;
++}
++
++static fwu_status_t __efi_runtime fwu_cancel_staging(void)
++{
++	int ret;
++	struct mm_fwu_cancel_staging_arg *cancel_staging_arg = get_fwu_cancel_staging_arg(mm_hdr);
++	struct mm_fwu_cancel_staging_ret *cancel_staging_ret = get_fwu_cancel_staging_ret(mm_hdr);
++
++	cancel_staging_arg->func_id = FWU_CANCEL_STAGING;
++
++	mm_hdr->message_len = sizeof(struct mm_fwu_cancel_staging_arg);
++
++	ret = ffa_notify_mm_sp();
++	if (ret)
++		return ret;
++
++	return cancel_staging_ret->status;
++}
++
++static fwu_status_t __efi_runtime fwu_open(const efi_guid_t *img_uuid, uint32_t *handle)
++{
++	int ret;
++	struct mm_fwu_open_arg *open_hdr = get_fwu_open_arg(mm_hdr);
++	struct mm_fwu_open_ret *open_ret = get_fwu_open_ret(mm_hdr);
++
++	open_hdr->func_id = FWU_OPEN;
++	guidcpy(&open_hdr->image_guid, img_uuid);
++
++	mm_hdr->message_len = sizeof(struct mm_fwu_open_arg);
++
++	ret = ffa_notify_mm_sp();
++	if (ret)
++		return ret;
++
++	*handle = open_ret->handle;
++
++	return open_ret->status;
++}
++
++static fwu_status_t __efi_runtime fwu_read_stream(uint32_t handle, uint8_t *buffer, uint32_t buffer_size)
++{
++	int ret;
++	struct mm_fwu_read_stream_arg *read_stream_hdr = get_fwu_read_stream_arg(mm_hdr);
++	struct mm_fwu_read_stream_ret *read_stream_ret = get_fwu_read_stream_ret(mm_hdr);
++	uint32_t payload_size = FFA_SHARED_MM_BUFFER_SIZE - sizeof(struct mm_fwu_read_stream_ret)
++							- sizeof(struct efi_mm_communicate_header);
++	uint32_t read_offset = 0, read_size, total_size;
++
++	do {
++		read_stream_hdr->func_id = FWU_READ_STREAM;
++		read_stream_hdr->handle = handle;
++
++		mm_hdr->message_len = sizeof(struct mm_fwu_read_stream_arg);
++
++		ret = ffa_notify_mm_sp();
++		if (ret)
++			return ret;
++
++		if (read_stream_ret->status)
++			return read_stream_ret->status;
++
++		read_size = read_stream_ret->read_bytes;
++		total_size = read_stream_ret->total_bytes;
++
++		log_info("FWU: read bytes / total bytes : %d/%d\n", read_size, total_size);
++
++		if ((read_size <= payload_size) && (read_offset + read_size <= buffer_size))
++			memcpy(buffer + read_offset, read_stream_ret->payload, read_size);
++		else
++			return -EINVAL;
++
++		read_offset += read_size;
++
++		if (read_offset > total_size)
++			return -EINVAL;
++	} while (total_size != read_offset);
++
++	return read_stream_ret->status;
++}
++
++static fwu_status_t __efi_runtime fwu_write_stream(uint32_t handle, const uint8_t *buffer, uint32_t remaining_size)
++{
++	int ret;
++	struct mm_fwu_write_stream_arg *write_stream_arg = get_fwu_write_stream_arg(mm_hdr);
++	struct mm_fwu_write_stream_ret *write_stream_ret = get_fwu_write_stream_ret(mm_hdr);
++	uint32_t write_size;
++	uint32_t payload_size = FFA_SHARED_MM_BUFFER_SIZE - sizeof(struct mm_fwu_write_stream_arg)
++							- sizeof(struct efi_mm_communicate_header);
++
++	while (remaining_size) {
++		write_size = (remaining_size < payload_size) ? remaining_size :  payload_size;
++		write_stream_arg->func_id = FWU_WRITE_STREAM;
++		write_stream_arg->handle = handle;
++		write_stream_arg->data_len = write_size;
++		memcpy(write_stream_arg->payload, buffer, write_size);
++
++		mm_hdr->message_len = sizeof(struct mm_fwu_write_stream_arg) + write_size;
++
++		ret = ffa_notify_mm_sp();
++		if (ret)
++			return ret;
++
++		if(write_stream_ret->status)
++			return write_stream_ret->status;
++
++		remaining_size -= write_size;
++		buffer += write_size;
++
++		log_info("FWU: write size = %d, remaining size = %d\n",
++				write_size, remaining_size);
++	}
++
++	return write_stream_ret->status;
++}
++
++static fwu_status_t __efi_runtime fwu_commit(uint32_t handle, bool client_accept)
++{
++	int ret;
++	struct mm_fwu_commit_arg *commit_arg = get_fwu_commit_arg(mm_hdr);
++	struct mm_fwu_commit_ret *commit_ret = get_fwu_commit_ret(mm_hdr);
++
++	do {
++		commit_arg->func_id = FWU_COMMIT;
++		commit_arg->handle = handle;
++		commit_arg->acceptance_req = client_accept;
++		commit_arg->max_atomic_len = 0;
++
++		mm_hdr->message_len = sizeof(struct mm_fwu_commit_arg);
++
++		ret = ffa_notify_mm_sp();
++		if (ret)
++			return ret;
++
++		log_info("FWU: commit progress %d/%d (work/total_work)\n",
++			commit_ret->progress, commit_ret->total_work);
++
++	} while(commit_ret->status==FWU_RESUME);
++
++	return commit_ret->status;
++}
++
++int __efi_runtime arm_psa_update(
++	const void *image,
++	u8 image_index,
++	efi_uintn_t image_size
++)
++{
++	int ret = 0;
++	uint32_t handle;
++
++	if(image_index >= cached_image_directory.num_images)
++		return -EINVAL;
++
++	ret = fwu_begin_staging();
++	if (ret) {
++		log_err("FWU: begin staging failed, ret = %d\n", ret);
++		return ret;
++	}
++
++	ret = fwu_open(&cached_image_directory.entries[image_index].image_guid, &handle);
++	if (ret) {
++		log_err("FWU: firmware image open failed, ret = %d\n", ret);
++		goto cancel_staging;
++	}
++
++	ret = fwu_write_stream(handle, (uint8_t *)image, image_size);
++	if (ret) {
++		log_err("FWU: write stream failed, ret = %d\n", ret);
++		goto cancel_staging;
++	}
++
++	/* TODO: implement client driven image acceptance */
++	ret = fwu_commit(handle, 0);
++	if (ret) {
++		log_err("FWU: commit failed, ret = %d\n", ret);
++		goto cancel_staging;
++	}
++
++	ret = fwu_end_staging();
++	if (ret) {
++		log_err("FWU: end staging failed, ret = %d\n", ret);
++		goto cancel_staging;
++	}
++
++	log_info("successfully updated the image at index %d\n", image_index);
++	return ret;
++
++cancel_staging:
++	if (fwu_cancel_staging())
++		log_err("FWU: cancel staging failed, ret = %d\n", ret);
++
++	return ret;
++}
++
++static int __efi_runtime read_image_directory(void)
++{
++	int ret;
++	uint32_t handle;
++
++	const efi_guid_t fwu_directory_uuid = PSA_FWU_DIRECTORY_UUID;
++
++	ret = fwu_open(&fwu_directory_uuid, &handle);
++	if (ret) {
++		log_err("FWU: open image directory failed, ret = %d\n", ret);
++		return ret;
++	}
++
++	ret = fwu_read_stream(handle, (uint8_t *)&cached_image_directory, sizeof(cached_image_directory));
++	if (ret) {
++		log_err("FWU: read stream failed, ret = %d\n", ret);
++		return ret;
++	}
++
++	if(cached_image_directory.num_images > MAX_IMAGES) {
++		log_err("FWU: image limit exceeded.\n");
++		log_err("FWU: number of images present: %d, max number of images supported: %d\n",
++					cached_image_directory.num_images, MAX_IMAGES);
++		return -EINVAL;
++	}
++
++	return ret;
++}
++
++static int update_agent_init(void)
++{
++	int ret;
++
++	ret = ffa_discover_mm_sp_id();
++	if (ret) {
++		log_err("FWU: discover update agent failed, ret = %d\n", ret);
++		return ret;
++	}
++
++	mm_comm_buf = (void *)map_sysmem((phys_addr_t)FFA_SHARED_MM_BUFFER_ADDR, 0);
++	mm_hdr = (struct efi_mm_communicate_header *)mm_comm_buf;
++
++	ret = fwu_discover();
++	if (ret) {
++		log_err("FWU: discover failed, ret = %d\n", ret);
++		goto out;
++	}
++
++	ret = read_image_directory();
++	if (ret) {
++		log_err("FWU: reading image directory failed, ret = %d\n", ret);
++		goto out;
++	}
++
++	fwu_initialized = 1;
++	return ret;
++out:
++	unmap_sysmem(mm_comm_buf);
++	return ret;
++}
++
++int __efi_runtime arm_psa_get_image_info(
++        efi_uintn_t *image_info_size,
++        struct efi_firmware_image_descriptor *image_info,
++        u32 *descriptor_version,
++        u8 *descriptor_count,
++        efi_uintn_t *descriptor_size,
++        u32 *package_version,
++        u16 **package_version_name)
++{
++	int ret = 0;
++	int required_image_info_size;
++
++	if (!fwu_initialized) {
++		ret = update_agent_init();
++		if (ret) {
++			log_err("update agent init failed, ret = %d\n", ret);
++			return ret;
++		}
++	}
++
++	required_image_info_size = cached_image_directory.num_images *
++				sizeof(struct efi_firmware_image_descriptor);
++
++	if (*image_info_size < required_image_info_size) {
++		*image_info_size = required_image_info_size;
++		return -ENOMEM;
++	}
++
++	*descriptor_version = EFI_FIRMWARE_IMAGE_DESCRIPTOR_VERSION;
++	*descriptor_count = cached_image_directory.num_images;
++	*descriptor_size = required_image_info_size;
++	*package_version = 0xffffffff; /* not supported */
++	*package_version_name = NULL; /* not supported */
++
++	for (int i = 0; i < cached_image_directory.num_images; i++) {
++		image_info[i].image_index = i+1;
++		guidcpy(&image_info[i].image_type_id, &cached_image_directory.entries[i].image_guid);
++		image_info[i].image_id = i;
++		image_info[i].image_id_name = NULL; /* not supported */
++		image_info[i].version = cached_image_directory.entries[i].img_version;
++		image_info[i].version_name = NULL; /* not supported */
++		image_info[i].size = cached_image_directory.entries[i].img_max_size;
++
++		image_info[i].attributes_supported =
++			IMAGE_ATTRIBUTE_IMAGE_UPDATABLE |
++			IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED;
++		image_info[i].attributes_setting =
++				IMAGE_ATTRIBUTE_IMAGE_UPDATABLE;
++
++		/* Check if the capsule authentication is enabled */
++		if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE))
++			image_info[i].attributes_setting |=
++				IMAGE_ATTRIBUTE_AUTHENTICATION_REQUIRED;
++
++		image_info[i].lowest_supported_image_version =
++			cached_image_directory.entries[i].lowest_acceptable_version;
++		image_info[i].last_attempt_version = 0;
++		image_info[i].last_attempt_status = LAST_ATTEMPT_STATUS_SUCCESS;
++		image_info[i].hardware_instance = 1;
++		image_info[i].dependencies = NULL; /* not supported */
++	}
++
++	return ret;
++}
+-- 
+2.34.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0006-arm-total_compute-enable-capsule-update.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0006-arm-total_compute-enable-capsule-update.patch
new file mode 100644
index 0000000..bf2bfe8
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0006-arm-total_compute-enable-capsule-update.patch
@@ -0,0 +1,70 @@
+From 2ab887402b9e22842d07e5f2fe1ac54518555af5 Mon Sep 17 00:00:00 2001
+From: Davidson K <davidson.kumaresan@arm.com>
+Date: Mon, 6 Jun 2022 13:24:42 +0530
+Subject: [PATCH 6/7] arm: total_compute: enable capsule update
+
+It includes:
+* Enabling runtime capsule update
+* Enabling efidebug command line tool
+* Enabling the FMP driver that supports ARM PSA firmware update specification
+* Predefining the carved out memory to be used for MM communication
+* Enabling FF-A transport driver and adding an entry in dts
+
+Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
+Change-Id: I6d6c70c6fc386d6c40def800a7417c1ce4b8acf5
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ arch/arm/dts/total_compute.dts  | 7 +++++++
+ configs/total_compute_defconfig | 5 +++++
+ include/configs/total_compute.h | 4 ++++
+ 3 files changed, 16 insertions(+)
+
+diff --git a/arch/arm/dts/total_compute.dts b/arch/arm/dts/total_compute.dts
+index 96edacda0b..9b2cbfb452 100644
+--- a/arch/arm/dts/total_compute.dts
++++ b/arch/arm/dts/total_compute.dts
+@@ -45,8 +45,15 @@
+ 		clock-frequency = <24000000>;
+ 		clock-output-names = "bp:clock24mhz";
+ 	};
++
+ 	psci {
+ 		compatible = "arm,psci-1.0", "arm,psci-0.2";
+ 		method = "smc";
+ 	};
++
++	arm_ffa {
++		compatible = "arm,ffa";
++		method = "smc";
++		status = "okay";
++	};
+ };
+diff --git a/configs/total_compute_defconfig b/configs/total_compute_defconfig
+index 6a375543cd..531ce41cd3 100644
+--- a/configs/total_compute_defconfig
++++ b/configs/total_compute_defconfig
+@@ -52,3 +52,8 @@ CONFIG_SYS_FLASH_PROTECTION=y
+ CONFIG_SYS_FLASH_CFI=y
+ CONFIG_LIBAVB=y
+ CONFIG_OF_LIBFDT_OVERLAY=y
++CONFIG_ARM_FFA_TRANSPORT=y
++CONFIG_CMD_EFIDEBUG=y
++CONFIG_EFI_CAPSULE_FIRMWARE_ARM_PSA=y
++CONFIG_EFI_CAPSULE_ON_DISK=y
++CONFIG_EFI_RUNTIME_UPDATE_CAPSULE=y
+diff --git a/include/configs/total_compute.h b/include/configs/total_compute.h
+index 62bdb4f6a3..4b00f47ec6 100644
+--- a/include/configs/total_compute.h
++++ b/include/configs/total_compute.h
+@@ -59,4 +59,8 @@
+ #define CONFIG_SYS_FLASH_EMPTY_INFO	/* flinfo indicates empty blocks */
+ #define FLASH_MAX_SECTOR_SIZE		0x00040000
+ 
++/* Shared buffer used for communication between u-boot and the FWU SP */
++#define FFA_SHARED_MM_BUFFER_SIZE	4 * 1024 * 1024 /* 4 MB */
++#define FFA_SHARED_MM_BUFFER_ADDR	(0xFCA00000)
++
+ #endif /* __TOTAL_COMPUTE_H */
+-- 
+2.34.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0007-arm_ffa-unmap-rxtx-buffer-before-exiting-u-boot.patch b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0007-arm_ffa-unmap-rxtx-buffer-before-exiting-u-boot.patch
new file mode 100644
index 0000000..5c43723
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot/tc/0007-arm_ffa-unmap-rxtx-buffer-before-exiting-u-boot.patch
@@ -0,0 +1,51 @@
+From 47be0456ea1760837d2de857e57842e595e9ea5e Mon Sep 17 00:00:00 2001
+From: Davidson K <davidson.kumaresan@arm.com>
+Date: Mon, 27 Jun 2022 14:11:27 +0530
+Subject: [PATCH 7/7] arm_ffa: unmap rxtx buffer before exiting u-boot
+
+The linux kernel ffa driver will be used after the kernel boots. It
+will try to map its own rxtx buffer. But there can be only one rxtx
+buffer mapped from the non secure world. Since the rxtx buffer of
+the u-boot is no longer used and we have to map the rxtx buffer of
+the linux kernel, the rxtx buffer of the u-boot should be unmapped.
+
+This will not be needed after the efi runtime services are enabled
+
+Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
+Change-Id: I9deb6283d81f791185aa0a32d205b394d6d91f76
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ drivers/arm-ffa/core.c | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/drivers/arm-ffa/core.c b/drivers/arm-ffa/core.c
+index 98e2d2fa17..0c619439cb 100644
+--- a/drivers/arm-ffa/core.c
++++ b/drivers/arm-ffa/core.c
+@@ -1470,6 +1470,16 @@ static const struct udevice_id ffa_match_id[] = {
+ 	{},
+ };
+ 
++/**
++ * Unmap the rxtx buffer before exiting u-boot
++ * This avoids conflicts with the linux kernel ffa driver
++ */
++
++static int ffa_remove(struct udevice *dev)
++{
++	return ffa_unmap_rxtx_buffers();
++}
++
+ /**
+  * Declaring the arm_ffa driver under UCLASS_FFA
+  */
+@@ -1481,4 +1491,6 @@ U_BOOT_DRIVER(arm_ffa) = {
+ 	.of_to_plat	= ffa_of_to_plat,
+ 	.probe		= ffa_probe,
+ 	.plat_auto	= sizeof(struct ffa_pdata),
++	.remove		= ffa_remove,
++	.flags		= DM_FLAG_OS_PREPARE,
+ };
+-- 
+2.34.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
index a0a7284..420cee6 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
@@ -18,32 +18,36 @@
 SYSROOT_DIRS:append:corstone1000 = " /boot"
 
 SRC_URI:append:corstone1000 = " \
-        file://0001-cmd-load-add-load-command-for-memory-mapped.patch \
-        file://0002-arm-add-support-to-corstone1000-platform.patch \
-        file://0003-usb-common-move-urb-code-to-common.patch \
-        file://0004-usb-add-isp1760-family-driver.patch \
-        file://0005-corstone1000-enable-isp1763-usb-controller.patch \
-        file://0006-arm_ffa-introducing-Arm-FF-A-low-level-driver.patch \
-        file://0007-arm_ffa-introducing-armffa-command.patch \
-        file://0008-arm_ffa-introducing-MM-communication-with-FF-A.patch \
-        file://0009-arm_ffa-introducing-test-module-for-UCLASS_FFA.patch \
-        file://0010-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch \
-        file://0011-efi-corstone1000-introduce-EFI-capsule-update.patch \
-        file://0012-corstone1000-Update-FFA-shared-buffer-address.patch \
-        file://0013-corstone1000-Make-sure-shared-buffer-contents-are-no.patch \
-        file://0014-arm-corstone1000-fix-unrecognized-filesystem-type.patch \
-        file://0015-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch \
-        file://0016-efi_boottime-corstone1000-pass-interface-id-and-kern.patch \
-        file://0017-efi_loader-corstone1000-remove-guid-check-from-corst.patch \
-        file://0018-arm_ffa-removing-the-cast-when-using-binary-OR-on-FI.patch \
-        file://0019-Use-correct-buffer-size.patch \
-        file://0020-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch \
-        file://0021-efi_firmware-add-get_image_info-for-corstone1000.patch \
-        file://0022-efi_loader-send-bootcomplete-message-to-secure-encla.patch \
-        file://0023-efi_loader-fix-null-pointer-exception-with-get_image.patch \
-        file://0024-arm-corstone1000-add-mmc-for-fvp.patch \
-        file://0025-corstone1000-use-a-compressed-kernel.patch \
-      "
+        file://0001-cmd-load-add-load-command-for-memory-mapped.patch                 \
+        file://0002-arm-add-support-to-corstone1000-platform.patch		      \
+        file://0003-usb-common-move-urb-code-to-common.patch			      \
+        file://0004-usb-add-isp1760-family-driver.patch				      \
+        file://0005-corstone1000-enable-isp1763-usb-controller.patch		      \
+        file://0006-arm64-smccc-add-support-for-SMCCCv1.2-x0-x17-registe.patch	      \
+        file://0007-arm64-smccc-clear-the-Xn-registers-after-SMC-calls.patch	      \
+        file://0008-lib-uuid-introduce-be_uuid_str_to_le_bin-function.patch	      \
+        file://0009-arm_ffa-introduce-Arm-FF-A-low-level-driver.patch		      \
+        file://0010-arm_ffa-introduce-armffa-command.patch			      \
+        file://0011-arm_ffa-introduce-the-FF-A-Sandbox-driver.patch		      \
+        file://0012-arm_ffa-introduce-Sandbox-test-cases-for-UCLASS_FFA.patch	      \
+        file://0013-arm_ffa-introduce-armffa-command-Sandbox-test.patch		      \
+        file://0014-arm_ffa-introduce-FF-A-MM-communication.patch		      \
+        file://0015-arm_ffa-corstone1000-enable-FF-A-and-MM-support.patch	      \
+        file://0016-efi-corstone1000-introduce-EFI-capsule-update.patch		      \
+	file://0017-corstone1000-Update-FFA-shared-buffer-address.patch		      \
+	file://0018-arm-corstone1000-fix-unrecognized-filesystem-type.patch	      \
+	file://0019-efi_capsule-corstone1000-pass-interface-id-and-buffe.patch	      \
+	file://0020-efi_boottime-corstone1000-pass-interface-id-and-kern.patch	      \
+        file://0021-efi_loader-corstone1000-remove-guid-check-from-corst.patch	      \
+        file://0022-efi_loader-populate-ESRT-table-if-EFI_ESRT-config-op.patch	      \
+        file://0023-efi_firmware-add-get_image_info-for-corstone1000.patch	      \
+        file://0024-efi_loader-send-bootcomplete-message-to-secure-encla.patch	      \
+        file://0025-efi_loader-fix-null-pointer-exception-with-get_image.patch	      \
+        file://0026-arm-corstone1000-add-mmc-for-fvp.patch			      \
+        file://0027-corstone1000-use-a-compressed-kernel.patch \
+        file://0028-Introduce-external-sys-driver-to-device-tree.patch \
+        file://0029-Add-mhu-and-rpmsg-client-to-u-boot-device-tree.patch \
+        "
 
 #
 # FVP BASE
@@ -85,4 +89,10 @@
 SRC_URI:append:tc = " \
         file://bootargs.cfg \
         file://0001-arm-total_compute-update-secure-dram-size.patch \
+        file://0002-arm_ffa-introducing-Arm-FF-A-low-level-driver.patch \
+        file://0003-arm-total_compute-enable-psci.patch \
+        file://0004-arm_ffa-rxtx_map-should-use-64-bit-calls.patch \
+        file://0005-efi_firmware-add-new-fmp-driver-that-supports-arm-fw.patch \
+        file://0006-arm-total_compute-enable-capsule-update.patch \
+        file://0007-arm_ffa-unmap-rxtx-buffer-before-exiting-u-boot.patch \
         "
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2022.04.bb b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2022.04.bb
index bc2d6d4..46f9244 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2022.04.bb
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2022.04.bb
@@ -23,4 +23,4 @@
 
 require recipes-bsp/u-boot/u-boot.inc
 
-DEPENDS += "bc-native dtc-native"
+DEPENDS += "bc-native dtc-native gnutls-native"
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-n1sdp.inc b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-n1sdp.inc
index 90c3f2a..629ea04 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-n1sdp.inc
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-n1sdp.inc
@@ -1,3 +1,8 @@
+# Align with N1SDP-2022.06.22 release
+SRCREV_edk2           = "b24306f15daa2ff8510b06702114724b33895d3c"
+SRCREV_edk2-platforms = "fdaf4eb69a8b6839aecf6d3bdd938aa5c34a8a17"
+PV .= "+git${SRCPV}"
+
 # N1SDP specific EDK2 configurations
 EDK2_BUILD_RELEASE = "0"
 EDK2_PLATFORM      = "n1sdp"
@@ -14,7 +19,9 @@
 FILESEXTRAPATHS:prepend := "${THISDIR}/files/edk2-platforms:"
 
 SRC_URI:append = "\
-    file://add-nt-fw-config.patch;patchdir=edk2-platforms \
+    file://0001-Platform-ARM-N1sdp-Add-support-to-parse-NT_FW_CONFIG.patch;patchdir=edk2-platforms \
+    file://0002-Platform-ARM-N1Sdp-Fix-RemoteDdrSize-cast.patch;patchdir=edk2-platforms            \
+    file://0003-Platform-ARM-N1Sdp-Modify-the-IRQ-ID-of-Debug-UART-a.patch;patchdir=edk2-platforms \
 "
 
 do_deploy:append() {
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/edk2-platforms/add-nt-fw-config.patch b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/edk2-platforms/0001-Platform-ARM-N1sdp-Add-support-to-parse-NT_FW_CONFIG.patch
similarity index 96%
rename from meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/edk2-platforms/add-nt-fw-config.patch
rename to meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/edk2-platforms/0001-Platform-ARM-N1sdp-Add-support-to-parse-NT_FW_CONFIG.patch
index f6f1895..e5526dd 100644
--- a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/edk2-platforms/add-nt-fw-config.patch
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/edk2-platforms/0001-Platform-ARM-N1sdp-Add-support-to-parse-NT_FW_CONFIG.patch
@@ -1,7 +1,7 @@
-From cc58709b32d74273736886ccfc08e4723a436ea4 Mon Sep 17 00:00:00 2001
+From fa3fd24ffbc987e952a2e5610a7b02556afd2087 Mon Sep 17 00:00:00 2001
 From: sahil <sahil@arm.com>
 Date: Thu, 17 Mar 2022 16:28:05 +0530
-Subject: [PATCH] Platform/ARM/N1sdp: Add support to parse NT_FW_CONFIG
+Subject: [PATCH 1/3] Platform/ARM/N1sdp: Add support to parse NT_FW_CONFIG
 
 NT_FW_CONFIG DTB contains platform information passed by
 Tf-A boot stage.
@@ -11,6 +11,7 @@
 
 Upstream-Status: Pending
 Signed-off-by: Adam Johnston <adam.johnston@arm.com>
+Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
 Signed-off-by: sahil <sahil@arm.com>
 Change-Id: Ib82571280bf1ca5febe5766e618de09e7b70bb02
 
@@ -26,7 +27,7 @@
  8 files changed, 152 insertions(+), 25 deletions(-)
 
 diff --git a/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c b/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c
-index f50623ae3f..e023d47cfd 100644
+index f50623ae..e023d47c 100644
 --- a/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c
 +++ b/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c
 @@ -1,7 +1,7 @@
@@ -138,7 +139,7 @@
    // Configuration Manager Protocol

    Status = InitializePlatformRepository (

 diff --git a/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManagerDxe.inf b/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManagerDxe.inf
-index 4f8e7f1302..fb59c29501 100644
+index 4f8e7f13..fb59c295 100644
 --- a/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManagerDxe.inf
 +++ b/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManagerDxe.inf
 @@ -1,7 +1,7 @@
@@ -159,7 +160,7 @@
    UefiBootServicesTableLib

    UefiDriverEntryPoint

 diff --git a/Silicon/ARM/NeoverseN1Soc/Include/NeoverseN1Soc.h b/Silicon/ARM/NeoverseN1Soc/Include/NeoverseN1Soc.h
-index 097160c7e2..63cebaf0e0 100644
+index 097160c7..63cebaf0 100644
 --- a/Silicon/ARM/NeoverseN1Soc/Include/NeoverseN1Soc.h
 +++ b/Silicon/ARM/NeoverseN1Soc/Include/NeoverseN1Soc.h
 @@ -1,6 +1,6 @@
@@ -203,7 +204,7 @@
 +

  #endif

 diff --git a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/AArch64/Helper.S b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/AArch64/Helper.S
-index 8d2069dea8..88ed640d29 100644
+index 8d2069de..88ed640d 100644
 --- a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/AArch64/Helper.S
 +++ b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/AArch64/Helper.S
 @@ -1,6 +1,6 @@
@@ -224,7 +225,7 @@
  

  //

 diff --git a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.c b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.c
-index c0effd37f3..fabe902cd0 100644
+index c0effd37..fabe902c 100644
 --- a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.c
 +++ b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.c
 @@ -1,6 +1,6 @@
@@ -269,7 +270,7 @@
  };

  

 diff --git a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.inf b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.inf
-index 96e590cdd8..6f9c9d5ab6 100644
+index 96e590cd..6f9c9d5a 100644
 --- a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.inf
 +++ b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLib.inf
 @@ -1,7 +1,7 @@
@@ -307,7 +308,7 @@
    gArmMpCoreInfoPpiGuid

 +  gNtFwConfigDtInfoPpiGuid

 diff --git a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c
-index 339fa07b32..b58bda4b76 100644
+index 339fa07b..b58bda4b 100644
 --- a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c
 +++ b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c
 @@ -1,6 +1,6 @@
@@ -441,7 +442,7 @@
                               NEOVERSEN1SOC_DRAM_BLOCK1_SIZE / SIZE_1GB) *

                              (UINT64)SIZE_1GB);

 diff --git a/Silicon/ARM/NeoverseN1Soc/NeoverseN1Soc.dec b/Silicon/ARM/NeoverseN1Soc/NeoverseN1Soc.dec
-index d59f25a5b9..4dea8fe1e8 100644
+index d59f25a5..4dea8fe1 100644
 --- a/Silicon/ARM/NeoverseN1Soc/NeoverseN1Soc.dec
 +++ b/Silicon/ARM/NeoverseN1Soc/NeoverseN1Soc.dec
 @@ -1,7 +1,7 @@
@@ -470,5 +471,5 @@
 +[Ppis]

 +  gNtFwConfigDtInfoPpiGuid =  { 0xb50dee0e, 0x577f, 0x47fb, { 0x83, 0xd0, 0x41, 0x78, 0x61, 0x8b, 0x33, 0x8a } }

 -- 
-2.17.1
+2.37.2
 
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/edk2-platforms/0002-Platform-ARM-N1Sdp-Fix-RemoteDdrSize-cast.patch b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/edk2-platforms/0002-Platform-ARM-N1Sdp-Fix-RemoteDdrSize-cast.patch
new file mode 100644
index 0000000..1c097fc
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/edk2-platforms/0002-Platform-ARM-N1Sdp-Fix-RemoteDdrSize-cast.patch
@@ -0,0 +1,48 @@
+From 73aab76042ae34fa4b07414c1830129e572dcd65 Mon Sep 17 00:00:00 2001
+From: sahil <sahil@arm.com>
+Date: Wed, 20 Apr 2022 12:24:41 +0530
+Subject: [PATCH 2/3] Platform/ARM/N1Sdp: Fix RemoteDdrSize cast
+
+RemoteDdrSize calculation wraps around when booting N1Sdp in
+multichip mode. Casting it to UINT64 to fix the issue.
+
+Upstream-Status: Pending
+Signed-off-by: Adam Johnston <adam.johnston@arm.com>
+Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
+Signed-off-by: sahil <sahil@arm.com>
+Change-Id: I2c2a70c2ab046337236fba92d25dec5905ccd117
+
+---
+ .../ConfigurationManagerDxe/ConfigurationManager.c              | 2 +-
+ Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c  | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c b/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c
+index e023d47c..36b5fc9e 100644
+--- a/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c
++++ b/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c
+@@ -1254,7 +1254,7 @@ InitializePlatformRepository (
+   PlatRepoInfo->MemAffInfo[LOCAL_DDR_REGION2].Length = Dram2Size;

+ 

+   if (PlatInfo->MultichipMode == 1) {

+-    RemoteDdrSize = ((PlatInfo->RemoteDdrSize - 2) * SIZE_1GB);

++    RemoteDdrSize = ((UINT64)(PlatInfo->RemoteDdrSize - 2) * SIZE_1GB);

+ 

+     // Update Remote DDR Region1

+     PlatRepoInfo->MemAffInfo[REMOTE_DDR_REGION1].ProximityDomain = 1;

+diff --git a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c
+index b58bda4b..fbc9b05e 100644
+--- a/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c
++++ b/Silicon/ARM/NeoverseN1Soc/Library/PlatformLib/PlatformLibMem.c
+@@ -157,7 +157,7 @@ ArmPlatformGetVirtualMemoryMap (
+     DramBlock2Size);

+ 

+   if (PlatInfo->MultichipMode == 1) {

+-    RemoteDdrSize = ((PlatInfo->RemoteDdrSize - 2) * SIZE_1GB);

++    RemoteDdrSize = ((UINT64)(PlatInfo->RemoteDdrSize - 2) * SIZE_1GB);

+ 

+     BuildResourceDescriptorHob (

+       EFI_RESOURCE_SYSTEM_MEMORY,

+-- 
+2.37.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/edk2-platforms/0003-Platform-ARM-N1Sdp-Modify-the-IRQ-ID-of-Debug-UART-a.patch b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/edk2-platforms/0003-Platform-ARM-N1Sdp-Modify-the-IRQ-ID-of-Debug-UART-a.patch
new file mode 100644
index 0000000..f0de02e
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-bsp/uefi/files/edk2-platforms/0003-Platform-ARM-N1Sdp-Modify-the-IRQ-ID-of-Debug-UART-a.patch
@@ -0,0 +1,67 @@
+From adc66d99663f71ec97313c40b0d00a908f292c30 Mon Sep 17 00:00:00 2001
+From: Himanshu Sharma <Himanshu.Sharma@arm.com>
+Date: Mon, 30 May 2022 10:53:30 +0000
+Subject: [PATCH 3/3] Platform/ARM/N1Sdp: Modify the IRQ ID of Debug UART and
+ routing it to IOFPGA UART1
+
+In DBG2 table, IRQ ID was set as 0 for the UART. This overwrote the
+IPI0 trigger method to "level", which prevented SGI0 to be enabled
+again after a CPU offline/online cycle.
+
+This patch fixes the above issue by assigning a reserved IRQ ID
+for the Debug UART, other than 0 and also routing it to use IOFPGA
+UART1 by unsharing it from currently using serial terminal.
+
+Upstream-Status: Pending
+Signed-off-by: Adam Johnston <adam.johnston@arm.com>
+Signed-off-by: Xueliang Zhong <xueliang.zhong@arm.com>
+Signed-off-by: Himanshu Sharma <Himanshu.Sharma@arm.com>
+Change-Id: I6640c3c8f77afd233304ce9cb06dcf80a8659c16
+
+---
+ .../ConfigurationManagerDxe/ConfigurationManager.c        | 2 +-
+ Platform/ARM/N1Sdp/N1SdpPlatform.dsc                      | 8 ++++----
+ 2 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c b/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c
+index 36b5fc9e..e8873200 100644
+--- a/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c
++++ b/Platform/ARM/N1Sdp/ConfigurationManager/ConfigurationManagerDxe/ConfigurationManager.c
+@@ -320,7 +320,7 @@ EDKII_PLATFORM_REPOSITORY_INFO N1sdpRepositoryInfo = {
+   // Debug Serial Port

+   {

+     FixedPcdGet64 (PcdSerialDbgRegisterBase),               // BaseAddress

+-    0,                                                      // Interrupt -unused

++    250,                                                    // Interrupt (reserved)

+     FixedPcdGet64 (PcdSerialDbgUartBaudRate),               // BaudRate

+     FixedPcdGet32 (PcdSerialDbgUartClkInHz),                // Clock

+     EFI_ACPI_DBG2_PORT_SUBTYPE_SERIAL_ARM_PL011_UART        // Port subtype

+diff --git a/Platform/ARM/N1Sdp/N1SdpPlatform.dsc b/Platform/ARM/N1Sdp/N1SdpPlatform.dsc
+index 865dd04d..878c8f2f 100644
+--- a/Platform/ARM/N1Sdp/N1SdpPlatform.dsc
++++ b/Platform/ARM/N1Sdp/N1SdpPlatform.dsc
+@@ -4,7 +4,7 @@
+ # This provides platform specific component descriptions and libraries that

+ # conform to EFI/Framework standards.

+ #

+-# Copyright (c) 2018 - 2021, ARM Limited. All rights reserved.<BR>

++# Copyright (c) 2018 - 2022, ARM Limited. All rights reserved.<BR>

+ #

+ # SPDX-License-Identifier: BSD-2-Clause-Patent

+ #

+@@ -136,9 +136,9 @@
+   gArmPlatformTokenSpaceGuid.PL011UartInterrupt|95

+ 

+   # PL011 Serial Debug UART (DBG2)

+-  gArmPlatformTokenSpaceGuid.PcdSerialDbgRegisterBase|gEfiMdeModulePkgTokenSpaceGuid.PcdSerialRegisterBase

+-  gArmPlatformTokenSpaceGuid.PcdSerialDbgUartBaudRate|gEfiMdePkgTokenSpaceGuid.PcdUartDefaultBaudRate

+-  gArmPlatformTokenSpaceGuid.PcdSerialDbgUartClkInHz|50000000

++  gArmPlatformTokenSpaceGuid.PcdSerialDbgRegisterBase|0x1C0A0000

++  gArmPlatformTokenSpaceGuid.PcdSerialDbgUartBaudRate|115200

++  gArmPlatformTokenSpaceGuid.PcdSerialDbgUartClkInHz|24000000

+ 

+   # SBSA Watchdog

+   gArmTokenSpaceGuid.PcdGenericWatchdogEl2IntrNum|93

+-- 
+2.37.2
+
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0002-Add-external-system-driver.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0002-Add-external-system-driver.patch
new file mode 100644
index 0000000..ae69090
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0002-Add-external-system-driver.patch
@@ -0,0 +1,223 @@
+Upstream-Status: Pending[Not submitted to upstream yet]
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+
+From 97509e82b51c57935fc8e918b33c09c4f6648ed7 Mon Sep 17 00:00:00 2001
+From: Emekcan <emekcan.aras@arm.com>
+Date: Fri, 19 Aug 2022 14:51:08 +0100
+Subject: [PATCH] Add external system driver
+
+Adds external system driver to control it
+from user-space. It provides run and reset
+functionality at the moment.
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+---
+ drivers/misc/Kconfig           |   2 +
+ drivers/misc/Makefile          |   1 +
+ drivers/misc/arm/Kconfig       |   5 ++
+ drivers/misc/arm/Makefile      |   1 +
+ drivers/misc/arm/extsys_ctrl.c | 151 +++++++++++++++++++++++++++++++++
+ 5 files changed, 160 insertions(+)
+ create mode 100644 drivers/misc/arm/Kconfig
+ create mode 100644 drivers/misc/arm/Makefile
+ create mode 100644 drivers/misc/arm/extsys_ctrl.c
+
+diff --git a/drivers/misc/Kconfig b/drivers/misc/Kconfig
+index 0f5a49fc7c9e..5ca195110b3f 100644
+--- a/drivers/misc/Kconfig
++++ b/drivers/misc/Kconfig
+@@ -487,4 +487,6 @@ source "drivers/misc/cardreader/Kconfig"
+ source "drivers/misc/habanalabs/Kconfig"
+ source "drivers/misc/uacce/Kconfig"
+ source "drivers/misc/pvpanic/Kconfig"
++source "drivers/misc/arm/Kconfig"
++
+ endmenu
+diff --git a/drivers/misc/Makefile b/drivers/misc/Makefile
+index a086197af544..f5c1bd5747f7 100644
+--- a/drivers/misc/Makefile
++++ b/drivers/misc/Makefile
+@@ -59,3 +59,4 @@ obj-$(CONFIG_UACCE)		+= uacce/
+ obj-$(CONFIG_XILINX_SDFEC)	+= xilinx_sdfec.o
+ obj-$(CONFIG_HISI_HIKEY_USB)	+= hisi_hikey_usb.o
+ obj-$(CONFIG_HI6421V600_IRQ)	+= hi6421v600-irq.o
++obj-y				+= arm/
+diff --git a/drivers/misc/arm/Kconfig b/drivers/misc/arm/Kconfig
+new file mode 100644
+index 000000000000..3c4b3f08e6b4
+--- /dev/null
++++ b/drivers/misc/arm/Kconfig
+@@ -0,0 +1,5 @@
++config EXTSYS_CTRL
++	tristate "Arm External System control driver"
++	help
++	  Say y here to enable support for external system control
++	  driver for the Arm Corstone-700 and Corstone1000 platform
+\ No newline at end of file
+diff --git a/drivers/misc/arm/Makefile b/drivers/misc/arm/Makefile
+new file mode 100644
+index 000000000000..1ca3084cf8a0
+--- /dev/null
++++ b/drivers/misc/arm/Makefile
+@@ -0,0 +1 @@
++obj-$(CONFIG_EXTSYS_CTRL)	+= extsys_ctrl.o
+diff --git a/drivers/misc/arm/extsys_ctrl.c b/drivers/misc/arm/extsys_ctrl.c
+new file mode 100644
+index 000000000000..1c6ef14a32ae
+--- /dev/null
++++ b/drivers/misc/arm/extsys_ctrl.c
+@@ -0,0 +1,151 @@
++// SPDX-License-Identifier: GPL-2.0
++/*
++ * Arm Corstone700 and Corstone1000 external system reset control driver
++ *
++ * Copyright (C) 2019 Arm Ltd.
++ *
++ */
++
++#include <linux/fs.h>
++#include <linux/clk.h>
++#include <linux/err.h>
++#include <linux/interrupt.h>
++#include <linux/io.h>
++#include <linux/kernel.h>
++#include <linux/mod_devicetable.h>
++#include <linux/module.h>
++#include <linux/platform_device.h>
++#include <linux/miscdevice.h>
++#include <linux/init.h>
++
++#define EXTSYS_DRV_NAME		"extsys_ctrl"
++#define EXTSYS_MAX_DEVS		 4
++
++#define EXTSYS_RST_SIZE		U(0x8)
++#define EXTSYS_RST_CTRL_OFF	U(0x0)
++#define EXTSYS_RST_ST_OFF	U(0x4)
++
++/* External system reset control indexes */
++#define EXTSYS_CPU_WAIT		(0x0)
++#define EXTSYS_RST_REQ		(0x1)
++
++/* External system reset status masks */
++#define EXTSYS_RST_ST_ACK_OFF	U(0x1)
++
++/* No Reset Requested */
++#define EXTSYS_RST_ST_ACK_NRR	(0x0 << EXTSYS_RST_ST_ACK_OFF)
++
++/* Reset Request Complete */
++#define EXTSYS_RST_ST_ACK_RRC	(0x2 << EXTSYS_RST_ST_ACK_OFF)
++
++/* Reset Request Unable to Complete */
++#define EXTSYS_RST_ST_ACK_RRUC	(0x3 << EXTSYS_RST_ST_ACK_OFF)
++
++/* IOCTL commands */
++#define EXTSYS_CPU_WAIT_DISABLE	0x0
++#define EXTSYS_RESET_REQ_ENABLE	0x1
++
++struct extsys_ctrl {
++	struct miscdevice miscdev;
++	void __iomem *reset_reg;
++	void __iomem *set_reg;
++};
++
++#define CLEAR_BIT(addr, index) writel(readl(addr) & ~(1UL << index), addr)
++#define SET_BIT(addr, index) writel(readl(addr) | (1UL << index), addr)
++
++static long extsys_ctrl_ioctl(struct file *f, unsigned int cmd,
++			      unsigned long arg)
++{
++	struct extsys_ctrl *extsys;
++
++	extsys = container_of(f->private_data, struct extsys_ctrl, miscdev);
++
++	switch (cmd) {
++	case EXTSYS_CPU_WAIT_DISABLE:
++		CLEAR_BIT(extsys->reset_reg, EXTSYS_CPU_WAIT);
++		break;
++	case EXTSYS_RESET_REQ_ENABLE:
++		SET_BIT(extsys->reset_reg, EXTSYS_RST_REQ);
++		break;
++	default:
++		break;
++	}
++
++	return 0;
++}
++
++static const struct file_operations extsys_ctrl_fops = {
++	.owner = THIS_MODULE,
++	.unlocked_ioctl = extsys_ctrl_ioctl,
++};
++
++static int extsys_ctrl_probe(struct platform_device *pdev)
++{
++	struct device *dev = &pdev->dev;
++	struct extsys_ctrl *extsys;
++	struct resource *res;
++	void __iomem *reset_reg;
++	void __iomem *set_reg;
++	int ret;
++
++	res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "rstreg");
++	reset_reg = devm_ioremap_resource(dev, res);
++	if (IS_ERR(reset_reg))
++		return PTR_ERR(reset_reg);
++
++	res = platform_get_resource_byname(pdev, IORESOURCE_MEM, "streg");
++	set_reg = devm_ioremap_resource(dev, res);
++	if (IS_ERR(set_reg))
++		return PTR_ERR(set_reg);
++
++	extsys = devm_kzalloc(dev, sizeof(*extsys), GFP_KERNEL);
++	if (!extsys)
++		return -ENOMEM;
++
++	extsys->reset_reg = reset_reg;
++	extsys->set_reg = set_reg;
++
++	extsys->miscdev.minor = MISC_DYNAMIC_MINOR;
++	extsys->miscdev.name = EXTSYS_DRV_NAME;
++	extsys->miscdev.fops = &extsys_ctrl_fops;
++	extsys->miscdev.parent = dev;
++
++	ret = misc_register(&extsys->miscdev);
++	if (ret)
++		return ret;
++
++	dev_info(dev, "external system controller ready\n");
++
++	return 0;
++}
++
++static int extsys_ctrl_remove(struct platform_device *pdev)
++{
++	struct extsys_ctrl *extsys = dev_get_drvdata(&pdev->dev);
++
++	misc_deregister(&extsys->miscdev);
++
++	return 0;
++}
++
++static const struct of_device_id extsys_ctrl_match[] = {
++	{ .compatible = "arm,extsys_ctrl" },
++	{ },
++};
++MODULE_DEVICE_TABLE(of, extsys_ctrl_match);
++
++static struct platform_driver extsys_ctrl_driver = {
++	.driver = {
++		.name = EXTSYS_DRV_NAME,
++		.of_match_table = extsys_ctrl_match,
++	},
++	.probe = extsys_ctrl_probe,
++	.remove = extsys_ctrl_remove,
++};
++module_platform_driver(extsys_ctrl_driver);
++
++MODULE_LICENSE("GPL v2");
++MODULE_DESCRIPTION("Arm External System Control Driver");
++MODULE_AUTHOR("Morten Borup Petersen");
++MODULE_AUTHOR("Rui Miguel Silva <rui.silva@arm.com>");
+-- 
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0003-Add-rpsmg-driver-for-corstone1000.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0003-Add-rpsmg-driver-for-corstone1000.patch
new file mode 100644
index 0000000..d88acfc
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/0003-Add-rpsmg-driver-for-corstone1000.patch
@@ -0,0 +1,222 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+
+From e683c37ee51717e625c8a598056cf4bb1bdadcbc Mon Sep 17 00:00:00 2001
+From: Emekcan <emekcan.aras@arm.com>
+Date: Wed, 17 Aug 2022 14:21:42 +0100
+Subject: [PATCH] Add rpsmg driver for corstone1000
+
+Adds rpsmg driver to communicate with external
+system in corstone1000 platform.
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+---
+ drivers/rpmsg/Kconfig             |  10 ++
+ drivers/rpmsg/Makefile            |   1 +
+ drivers/rpmsg/rpmsg_arm_mailbox.c | 164 ++++++++++++++++++++++
+ 3 files changed, 175 insertions(+)
+ create mode 100644 drivers/rpmsg/rpmsg_arm_mailbox.c
+
+diff --git a/drivers/rpmsg/Kconfig b/drivers/rpmsg/Kconfig
+index 0b4407abdf13..c276bd17bffe 100644
+--- a/drivers/rpmsg/Kconfig
++++ b/drivers/rpmsg/Kconfig
+@@ -73,4 +73,14 @@ config RPMSG_VIRTIO
+ 	select RPMSG_NS
+ 	select VIRTIO
+ 
++config RPMSG_ARM
++	tristate "ARM RPMSG driver"
++	select     RPMSG
++	depends on HAS_IOMEM
++	depends on MAILBOX
++	help
++	  Say y here to enable support for rpmsg lient driver which is built
++	  around mailbox client using Arm MHUv2.1 as physical medium.This
++	  driver enables communication which remote processor using MHU.
++
+ endmenu
+diff --git a/drivers/rpmsg/Makefile b/drivers/rpmsg/Makefile
+index 8d452656f0ee..34e9c146cd64 100644
+--- a/drivers/rpmsg/Makefile
++++ b/drivers/rpmsg/Makefile
+@@ -1,5 +1,6 @@
+ # SPDX-License-Identifier: GPL-2.0
+ obj-$(CONFIG_RPMSG)		+= rpmsg_core.o
++obj-$(CONFIG_RPMSG_ARM)		+= rpmsg_arm_mailbox.o
+ obj-$(CONFIG_RPMSG_CHAR)	+= rpmsg_char.o
+ obj-$(CONFIG_RPMSG_NS)		+= rpmsg_ns.o
+ obj-$(CONFIG_RPMSG_MTK_SCP)	+= mtk_rpmsg.o
+diff --git a/drivers/rpmsg/rpmsg_arm_mailbox.c b/drivers/rpmsg/rpmsg_arm_mailbox.c
+new file mode 100644
+index 000000000000..4a80102669f6
+--- /dev/null
++++ b/drivers/rpmsg/rpmsg_arm_mailbox.c
+@@ -0,0 +1,164 @@
++// SPDX-License-Identifier: GPL-2.0
++/*
++ * rpmsg client driver using mailbox client interface
++ *
++ * Copyright (C) 2019 ARM Ltd.
++ *
++ */
++
++#include <linux/bitmap.h>
++#include <linux/export.h>
++#include <linux/io.h>
++#include <linux/kernel.h>
++#include <linux/ktime.h>
++#include <linux/mailbox_client.h>
++#include <linux/module.h>
++#include <linux/of_address.h>
++#include <linux/of_device.h>
++#include <linux/processor.h>
++#include <linux/semaphore.h>
++#include <linux/slab.h>
++#include <linux/rpmsg.h>
++#include "rpmsg_internal.h"
++#include <linux/mailbox/arm_mhuv2_message.h>
++
++#define RPMSG_NAME	"arm_rpmsg"
++#define RPMSG_ADDR_ANY	0xFFFFFFFF
++
++struct arm_channel {
++	struct rpmsg_endpoint ept;
++	struct mbox_client cl;
++	struct mbox_chan *mbox;
++};
++
++#define arm_channel_from_rpmsg(_ept) container_of(_ept, struct arm_channel, ept)
++#define arm_channel_from_mbox(_ept) container_of(_ept, struct arm_channel, cl)
++
++
++static void arm_msg_rx_handler(struct mbox_client *cl, void *mssg)
++{
++	struct arm_mhuv2_mbox_msg *msg = mssg;
++	struct arm_channel* channel = arm_channel_from_mbox(cl);
++	int err = channel->ept.cb(channel->ept.rpdev, msg->data, 4, channel->ept.priv, RPMSG_ADDR_ANY);
++	if(err) {
++		printk("ARM Mailbox: Endpoint callback failed with error: %d", err);
++	}
++}
++
++
++static void arm_destroy_ept(struct rpmsg_endpoint *ept)
++{
++	struct arm_channel *channel = arm_channel_from_rpmsg(ept);
++	mbox_free_channel(channel->mbox);
++	kfree(channel);
++}
++
++static int arm_send(struct rpmsg_endpoint *ept, void *data, int len)
++{
++	struct arm_channel *channel = arm_channel_from_rpmsg(ept);
++
++	mbox_send_message(channel->mbox, data);
++	return 0;
++}
++
++static int arm_sendto(struct rpmsg_endpoint *ept, void *data, int len, u32 dest)
++{
++	struct arm_mhuv2_mbox_msg msg;
++	struct arm_channel *channel = arm_channel_from_rpmsg(ept);
++	msg.data = data;
++	msg.len = len;
++	mbox_send_message(channel->mbox, &msg);
++	return 0;
++}
++
++
++static const struct rpmsg_endpoint_ops arm_endpoint_ops = {
++	.destroy_ept = arm_destroy_ept,
++	.send = arm_send,
++	.sendto = arm_sendto,
++};
++
++
++static struct rpmsg_endpoint *arm_create_ept(struct rpmsg_device *rpdev,
++		rpmsg_rx_cb_t cb, void *priv, struct rpmsg_channel_info chinfo)
++{
++	struct arm_channel *channel;
++
++	channel = kzalloc(sizeof(*channel), GFP_KERNEL);
++
++	// Initialize rpmsg endpoint
++	kref_init(&channel->ept.refcount);
++	channel->ept.rpdev = rpdev;
++	channel->ept.cb = cb;
++	channel->ept.priv = priv;
++	channel->ept.ops = &arm_endpoint_ops;
++
++	// Initialize mailbox client
++	channel->cl.dev = rpdev->dev.parent;
++	channel->cl.rx_callback = arm_msg_rx_handler;
++	channel->cl.tx_done = NULL; /* operate in blocking mode */
++	channel->cl.tx_block = true;
++	channel->cl.tx_tout = 500; /* by half a second */
++	channel->cl.knows_txdone = false; /* depending upon protocol */
++
++	channel->mbox = mbox_request_channel_byname(&channel->cl, chinfo.name);
++	if (IS_ERR_OR_NULL(channel->mbox)) {
++		printk("RPMsg ARM: Cannot get channel by name: '%s'\n", chinfo.name);
++		return -1;
++	}
++
++	return &channel->ept;
++}
++
++static const struct rpmsg_device_ops arm_device_ops = {
++	.create_ept = arm_create_ept,
++};
++
++
++static void arm_release_device(struct device *dev)
++{
++	struct rpmsg_device *rpdev = to_rpmsg_device(dev);
++
++	kfree(rpdev);
++}
++
++
++static int client_probe(struct platform_device *pdev)
++{
++	struct device *dev = &pdev->dev;
++	struct rpmsg_device *rpdev;
++
++	rpdev = kzalloc(sizeof(*rpdev), GFP_KERNEL);
++	if (!rpdev)
++		return -ENOMEM;
++
++	/* Assign callbacks for rpmsg_device */
++	rpdev->ops = &arm_device_ops;
++
++	/* Assign public information to the rpmsg_device */
++	memcpy(rpdev->id.name, RPMSG_NAME, strlen(RPMSG_NAME));
++
++	rpdev->dev.parent = dev;
++	rpdev->dev.release = arm_release_device;
++
++	return rpmsg_chrdev_register_device(rpdev);
++}
++
++static const struct of_device_id client_of_match[] = {
++	{ .compatible = "arm,client", .data = NULL },
++	{ /* Sentinel */ },
++};
++
++static struct platform_driver client_driver = {
++	.driver = {
++		.name = "arm-mhu-client",
++		.of_match_table = client_of_match,
++	},
++	.probe = client_probe,
++};
++
++module_platform_driver(client_driver);
++
++MODULE_LICENSE("GPL v2");
++MODULE_DESCRIPTION("ARM RPMSG Driver");
++MODULE_AUTHOR("Tushar Khandelwal <tushar.khandelwal@arm.com>");
+-- 
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig
index 5f0a7e9..3fe7a03 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig
@@ -10,7 +10,6 @@
 CONFIG_CMDLINE="console=ttyAMA0 loglevel=9"
 CONFIG_EFI=y
 # CONFIG_SUSPEND is not set
-CONFIG_ARM_FFA_TRANSPORT=y
 CONFIG_EFI_BOOTLOADER_CONTROL=y
 CONFIG_EFI_CAPSULE_LOADER=y
 CONFIG_EFI_TEST=y
@@ -92,3 +91,9 @@
 CONFIG_DEBUG_FS=y
 CONFIG_PANIC_TIMEOUT=5
 CONFIG_STACKTRACE=y
+CONFIG_EXTSYS_CTRL=y
+CONFIG_MAILBOX=y
+CONFIG_ARM_MHU_V2=y
+CONFIG_RPMSG=y
+CONFIG_RPMSG_CHAR=y
+CONFIG_RPMSG_ARM=y
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc
index 7bb4a92..0d1017a 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc
@@ -32,6 +32,7 @@
 # Corstone1000 KMACHINE
 #
 FILESEXTRAPATHS:prepend:corstone1000 := "${ARMBSPFILESPATHS}"
+FILESEXTRAPATHS:prepend:corstone1000 := "${ARMFILESPATHS}"
 COMPATIBLE_MACHINE:corstone1000 = "${MACHINE}"
 KCONFIG_MODE:corstone1000 = "--alldefconfig"
 KMACHINE:corstone1000 = "corstone1000"
@@ -41,6 +42,8 @@
 SRC_URI:append:corstone1000 = " \
            file://defconfig  \
            file://0001-UPSTREAM-firmware-arm_ffa-Handle-compatibility-with-.patch  \
+           file://0002-Add-external-system-driver.patch \
+           file://0003-Add-rpsmg-driver-for-corstone1000.patch \
         "
 
 SRC_URI:append:corstone1000 = " ${@bb.utils.contains('MACHINE_FEATURES', \
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch
index a75ca24..e1cbb80 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0001-iommu-arm-smmu-v3-workaround-for-ATC_INV_SIZE_ALL-in.patch
@@ -1,11 +1,7 @@
-Upstream-Status: Inappropriate [Workaround]
-Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
-
-From 949ba3f12ec1f3177a82a9228dc402ab5d8c9d60 Mon Sep 17 00:00:00 2001
+From f88153a427046f92d52694708adc5ee0eefa8d55 Mon Sep 17 00:00:00 2001
 From: Manoj Kumar <manoj.kumar3@arm.com>
 Date: Mon, 1 Feb 2021 21:36:43 +0530
-Subject: [PATCH 1/5] iommu/arm-smmu-v3: workaround for ATC_INV_SIZE_ALL in
- N1SDP
+Subject: [PATCH] iommu/arm-smmu-v3: workaround for ATC_INV_SIZE_ALL in N1SDP
 
 ATC_INV_SIZE_ALL request should automatically translate to ATS
 address which is not happening in SMMUv3 version gone into
@@ -15,16 +11,19 @@
 Change-Id: If89465be94720a62be85e1e6612f17e93fa9b8a5
 Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
 Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com>
+
+Upstream-Status: Inappropriate [Workaround]
+Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
 ---
  drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c | 1 +
  drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.h | 1 +
  2 files changed, 2 insertions(+)
 
 diff --git a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
-index a388e318f86e..ceca576b0bf6 100644
+index 79edfdca6607..ded17e199ee4 100644
 --- a/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
 +++ b/drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c
-@@ -1724,6 +1724,7 @@ arm_smmu_atc_inv_to_cmd(int ssid, unsigned long iova, size_t size,
+@@ -1725,6 +1725,7 @@ arm_smmu_atc_inv_to_cmd(int ssid, unsigned long iova, size_t size,
  	};
  
  	if (!size) {
@@ -44,6 +43,3 @@
  		struct {
  			u32			sid;
  			u32			ssid;
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch
index a628409..b4e2a8c 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0002-n1sdp-pci_quirk-add-acs-override-for-PCI-devices.patch
@@ -1,26 +1,26 @@
-Upstream-Status: Inappropriate [will not be submitted as its a workaround to address hardware issue]
-Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com>
-
-From e47ab593ee36b2480f8c2196722cded42749629a Mon Sep 17 00:00:00 2001
+From 478d96ce8a4d30ef80975271a2ad89a77012c1b8 Mon Sep 17 00:00:00 2001
 From: Manoj Kumar <manoj.kumar3@arm.com>
 Date: Tue, 31 Aug 2021 16:15:38 +0000
-Subject: [PATCH 2/5] n1sdp: pci_quirk: add acs override for PCI devices
+Subject: [PATCH] n1sdp: pci_quirk: add acs override for PCI devices
 
 Patch taken from:
 https://gitlab.com/Queuecumber/linux-acs-override/raw/master/workspaces/5.4/acso.patch
 
 Change-Id: Ib926bf50524ce9990fbaa2f2f8670fe84bd571f9
 Signed-off-by: Manoj Kumar <manoj.kumar3@arm.com>
+
+Upstream-Status: Inappropriate [will not be submitted as its a workaround to address hardware issue]
+Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com>
 ---
  .../admin-guide/kernel-parameters.txt         |   8 ++
  drivers/pci/quirks.c                          | 102 ++++++++++++++++++
  2 files changed, 110 insertions(+)
 
 diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
-index 43dc35fe5bc0..a60e454854d7 100644
+index 4445baac48c1..ee90aeeb1dbb 100644
 --- a/Documentation/admin-guide/kernel-parameters.txt
 +++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -3892,6 +3892,14 @@
+@@ -3935,6 +3935,14 @@
  		nomsi		[MSI] If the PCI_MSI kernel config parameter is
  				enabled, this kernel boot option can be used to
  				disable the use of MSI interrupts system-wide.
@@ -36,10 +36,10 @@
  				Safety option to keep boot IRQs enabled. This
  				should never be necessary.
 diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c
-index 4537d1ea14fd..984f30d25a6d 100644
+index a531064233f9..ebe192134a97 100644
 --- a/drivers/pci/quirks.c
 +++ b/drivers/pci/quirks.c
-@@ -3588,6 +3588,107 @@ static void quirk_no_bus_reset(struct pci_dev *dev)
+@@ -3600,6 +3600,107 @@ static void quirk_no_bus_reset(struct pci_dev *dev)
  	dev->dev_flags |= PCI_DEV_FLAGS_NO_BUS_RESET;
  }
  
@@ -147,7 +147,7 @@
  /*
   * Some NVIDIA GPU devices do not work with bus reset, SBR needs to be
   * prevented for those affected devices.
-@@ -4949,6 +5050,7 @@ static const struct pci_dev_acs_enabled {
+@@ -4968,6 +5069,7 @@ static const struct pci_dev_acs_enabled {
  	{ PCI_VENDOR_ID_NXP, 0x8d9b, pci_quirk_nxp_rp_acs },
  	/* Zhaoxin Root/Downstream Ports */
  	{ PCI_VENDOR_ID_ZHAOXIN, PCI_ANY_ID, pci_quirk_zhaoxin_pcie_ports_acs },
@@ -155,6 +155,3 @@
  	{ 0 }
  };
  
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0003-pcie-Add-quirk-for-the-Arm-Neoverse-N1SDP-platform.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0003-pcie-Add-quirk-for-the-Arm-Neoverse-N1SDP-platform.patch
index f0184a0..4ffe347 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0003-pcie-Add-quirk-for-the-Arm-Neoverse-N1SDP-platform.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0003-pcie-Add-quirk-for-the-Arm-Neoverse-N1SDP-platform.patch
@@ -1,10 +1,7 @@
-Upstream-Status: Inappropriate [will not be submitted as its a workaround to address hardware issue]
-Signed-off-by: Deepak Pandey <Deepak.Pandey@arm.com>
-
-From 63ee3a71eeb778a632f5683f3b9e404a70760e75 Mon Sep 17 00:00:00 2001
+From 4877796976647a24a3a9102facd0577586f5ac9a Mon Sep 17 00:00:00 2001
 From: Deepak Pandey <Deepak.Pandey@arm.com>
 Date: Fri, 31 May 2019 16:42:43 +0100
-Subject: [PATCH 3/5] pcie: Add quirk for the Arm Neoverse N1SDP platform
+Subject: [PATCH] pcie: Add quirk for the Arm Neoverse N1SDP platform
 
 The Arm N1SDP SoC suffers from some PCIe integration issues, most
 prominently config space accesses to not existing BDFs being answered
@@ -27,6 +24,9 @@
 Signed-off-by: Sudipto Paul <sudipto.paul@arm.com>
 [Andre: fix coding style issues, rewrite some parts, add DT support]
 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
+
+Upstream-Status: Inappropriate [will not be submitted as its a workaround to address hardware issue]
+Signed-off-by: Deepak Pandey <Deepak.Pandey@arm.com>
 ---
  arch/arm64/configs/defconfig        |   1 +
  drivers/acpi/pci_mcfg.c             |   7 +
@@ -38,10 +38,10 @@
  create mode 100644 drivers/pci/controller/pcie-n1sdp.c
 
 diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig
-index 545197bc0501..57ae850ccdf0 100644
+index c27d0fed2ce2..70ed38cecee9 100644
 --- a/arch/arm64/configs/defconfig
 +++ b/arch/arm64/configs/defconfig
-@@ -212,6 +212,7 @@ CONFIG_NFC_NCI=m
+@@ -209,6 +209,7 @@ CONFIG_NFC_NCI=m
  CONFIG_NFC_S3FWRN5_I2C=m
  CONFIG_PCI=y
  CONFIG_PCIEPORTBUS=y
@@ -50,23 +50,23 @@
  CONFIG_PCI_PASID=y
  CONFIG_HOTPLUG_PCI=y
 diff --git a/drivers/acpi/pci_mcfg.c b/drivers/acpi/pci_mcfg.c
-index 53cab975f612..f31727da21ac 100644
+index 63b98eae5e75..67c34e6c24a7 100644
 --- a/drivers/acpi/pci_mcfg.c
 +++ b/drivers/acpi/pci_mcfg.c
-@@ -169,6 +169,13 @@ static struct mcfg_fixup mcfg_quirks[] = {
- 	ALTRA_ECAM_QUIRK(1, 13),
- 	ALTRA_ECAM_QUIRK(1, 14),
- 	ALTRA_ECAM_QUIRK(1, 15),
-+
+@@ -152,6 +152,13 @@ static struct mcfg_fixup mcfg_quirks[] = {
+ 	XGENE_V2_ECAM_MCFG(4, 1),
+ 	XGENE_V2_ECAM_MCFG(4, 2),
+ 
 +#define N1SDP_ECAM_MCFG(rev, seg, ops) \
 +	{"ARMLTD", "ARMN1SDP", rev, seg, MCFG_BUS_ANY, ops }
 +
 +	/* N1SDP SoC with v1 PCIe controller */
 +	N1SDP_ECAM_MCFG(0x20181101, 0, &pci_n1sdp_pcie_ecam_ops),
 +	N1SDP_ECAM_MCFG(0x20181101, 1, &pci_n1sdp_ccix_ecam_ops),
- };
++
+ #define ALTRA_ECAM_QUIRK(rev, seg) \
+ 	{ "Ampere", "Altra   ", rev, seg, MCFG_BUS_ANY, &pci_32b_read_ops }
  
- static char mcfg_oem_id[ACPI_OEM_ID_SIZE];
 diff --git a/drivers/pci/controller/Kconfig b/drivers/pci/controller/Kconfig
 index 326f7d13024f..f9700d037c46 100644
 --- a/drivers/pci/controller/Kconfig
@@ -318,6 +318,3 @@
  #endif
  
  #if IS_ENABLED(CONFIG_PCI_HOST_COMMON)
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0004-n1sdp-pcie-add-quirk-support-enabling-remote-chip-PC.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0004-n1sdp-pcie-add-quirk-support-enabling-remote-chip-PC.patch
index c15b464..bd88fa4 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0004-n1sdp-pcie-add-quirk-support-enabling-remote-chip-PC.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0004-n1sdp-pcie-add-quirk-support-enabling-remote-chip-PC.patch
@@ -1,10 +1,7 @@
-Upstream-Status: Inappropriate [will not be submitted as its an hack required to fix the hardware issue]
-Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
-
-From 4d69e38213bf52a48f2f0239da8c7b76501428b2 Mon Sep 17 00:00:00 2001
+From 7a5147f51f2eb80ecb6f62a28b8bd86aa5ceebf7 Mon Sep 17 00:00:00 2001
 From: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
 Date: Wed, 9 Feb 2022 20:37:43 +0530
-Subject: [PATCH 4/5] n1sdp: pcie: add quirk support enabling remote chip PCIe
+Subject: [PATCH] n1sdp: pcie: add quirk support enabling remote chip PCIe
 
 Base address mapping for remote chip Root PCIe ECAM space.
 
@@ -19,6 +16,9 @@
 Signed-off-by: Khasim Syed Mohammed <khasim.mohammed@arm.com>
 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
 Signed-off-by: sahil <sahil@arm.com>
+
+Upstream-Status: Inappropriate [will not be submitted as its an hack required to fix the hardware issue]
+Signed-off-by: Sayanta Pattanayak <sayanta.pattanayak@arm.com>
 ---
  drivers/acpi/pci_mcfg.c             |  1 +
  drivers/pci/controller/pcie-n1sdp.c | 32 +++++++++++++++++++++++++----
@@ -26,17 +26,17 @@
  3 files changed, 30 insertions(+), 4 deletions(-)
 
 diff --git a/drivers/acpi/pci_mcfg.c b/drivers/acpi/pci_mcfg.c
-index f31727da21ac..58f59b5fffa2 100644
+index 67c34e6c24a7..4584a5a2ca20 100644
 --- a/drivers/acpi/pci_mcfg.c
 +++ b/drivers/acpi/pci_mcfg.c
-@@ -176,6 +176,7 @@ static struct mcfg_fixup mcfg_quirks[] = {
+@@ -158,6 +158,7 @@ static struct mcfg_fixup mcfg_quirks[] = {
  	/* N1SDP SoC with v1 PCIe controller */
  	N1SDP_ECAM_MCFG(0x20181101, 0, &pci_n1sdp_pcie_ecam_ops),
  	N1SDP_ECAM_MCFG(0x20181101, 1, &pci_n1sdp_ccix_ecam_ops),
 +	N1SDP_ECAM_MCFG(0x20181101, 2, &pci_n1sdp_remote_pcie_ecam_ops),
- };
  
- static char mcfg_oem_id[ACPI_OEM_ID_SIZE];
+ #define ALTRA_ECAM_QUIRK(rev, seg) \
+ 	{ "Ampere", "Altra   ", rev, seg, MCFG_BUS_ANY, &pci_32b_read_ops }
 diff --git a/drivers/pci/controller/pcie-n1sdp.c b/drivers/pci/controller/pcie-n1sdp.c
 index 408699b9dcb1..a03665dd056a 100644
 --- a/drivers/pci/controller/pcie-n1sdp.c
@@ -121,17 +121,14 @@
  	{ .compatible = "arm,n1sdp-pcie", .data = &pci_n1sdp_pcie_ecam_ops },
  	{ },
 diff --git a/include/linux/pci-ecam.h b/include/linux/pci-ecam.h
-index e6bbc037cef8..7bd8c1d702ee 100644
+index e6bbc037cef8..d936d3f14bce 100644
 --- a/include/linux/pci-ecam.h
 +++ b/include/linux/pci-ecam.h
-@@ -89,6 +89,7 @@ extern const struct pci_ecam_ops al_pcie_ops;	/* Amazon Annapurna Labs PCIe */
- extern const struct pci_ecam_ops tegra194_pcie_ops; /* Tegra194 PCIe */
- extern const struct pci_ecam_ops pci_n1sdp_pcie_ecam_ops; /* Arm N1SDP PCIe */
+@@ -91,6 +91,7 @@ extern const struct pci_ecam_ops pci_n1sdp_pcie_ecam_ops; /* Arm N1SDP PCIe */
  extern const struct pci_ecam_ops pci_n1sdp_ccix_ecam_ops; /* Arm N1SDP PCIe */
-+extern const struct pci_ecam_ops pci_n1sdp_remote_pcie_ecam_ops; /* Arm N1SDP PCIe */
  #endif
  
++extern const struct pci_ecam_ops pci_n1sdp_remote_pcie_ecam_ops; /* Arm N1SDP PCIe */
  #if IS_ENABLED(CONFIG_PCI_HOST_COMMON)
--- 
-2.17.1
-
+ /* for DT-based PCI controllers that support ECAM */
+ int pci_host_common_probe(struct platform_device *pdev);
diff --git a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0005-arm64-kpti-Whitelist-early-Arm-Neoverse-N1-revisions.patch b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0005-arm64-kpti-Whitelist-early-Arm-Neoverse-N1-revisions.patch
index 0404086..b89c598 100644
--- a/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0005-arm64-kpti-Whitelist-early-Arm-Neoverse-N1-revisions.patch
+++ b/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto-5.15/n1sdp/0005-arm64-kpti-Whitelist-early-Arm-Neoverse-N1-revisions.patch
@@ -1,10 +1,7 @@
-Upstream-Status: Inappropriate
-Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
-From d20f5afffadcdbaca7032f547cce80720d8a414a Mon Sep 17 00:00:00 2001
+From 85581abbfc7e3df12091c5004788b0729cfd99f1 Mon Sep 17 00:00:00 2001
 From: Andre Przywara <andre.przywara@arm.com>
 Date: Fri, 17 May 2019 17:39:27 +0100
-Subject: [PATCH 5/5] arm64: kpti: Whitelist early Arm Neoverse N1 revisions
+Subject: [PATCH] arm64: kpti: Whitelist early Arm Neoverse N1 revisions
 
 Early revisions (r1p0) of the Neoverse N1 core did not feature the
 CSV3 field in ID_AA64PFR0_EL1 to advertise they are not affected by
@@ -13,15 +10,18 @@
 Add this particular revision to the whitelist to avoid enabling KPTI.
 
 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
+
+Upstream-Status: Inappropriate
+Signed-off-by: Andre Przywara <andre.przywara@arm.com>
 ---
  arch/arm64/kernel/cpufeature.c | 1 +
  1 file changed, 1 insertion(+)
 
 diff --git a/arch/arm64/kernel/cpufeature.c b/arch/arm64/kernel/cpufeature.c
-index 6ec7036ef7e1..ceba98773608 100644
+index 3e52a9e8b50b..2e64bc4689a0 100644
 --- a/arch/arm64/kernel/cpufeature.c
 +++ b/arch/arm64/kernel/cpufeature.c
-@@ -1509,6 +1509,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
+@@ -1530,6 +1530,7 @@ static bool unmap_kernel_at_el0(const struct arm64_cpu_capabilities *entry,
  		MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_2XX_SILVER),
  		MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_3XX_SILVER),
  		MIDR_ALL_VERSIONS(MIDR_QCOM_KRYO_4XX_SILVER),
@@ -29,6 +29,3 @@
  		{ /* sentinel */ }
  	};
  	char const *str = "kpti command line option";
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/0006-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/0006-allow-setting-sysroot-for-libgcc-lookup.patch
new file mode 100644
index 0000000..b838335
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/0006-allow-setting-sysroot-for-libgcc-lookup.patch
@@ -0,0 +1,35 @@
+From 4b2c1a31efe0c5514ae27e696e75659b55e41259 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Tue, 26 May 2020 14:38:02 -0500
+Subject: [PATCH] allow setting sysroot for libgcc lookup
+
+Explicitly pass the new variable LIBGCC_LOCATE_CFLAGS variable when searching
+for the compiler libraries as there's no easy way to reliably pass --sysroot
+otherwise.
+
+Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+---
+ mk/gcc.mk | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/mk/gcc.mk b/mk/gcc.mk
+index adc77a24..81bfa78a 100644
+--- a/mk/gcc.mk
++++ b/mk/gcc.mk
+@@ -13,11 +13,11 @@ nostdinc$(sm)	:= -nostdinc -isystem $(shell $(CC$(sm)) \
+ 			-print-file-name=include 2> /dev/null)
+ 
+ # Get location of libgcc from gcc
+-libgcc$(sm)  	:= $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \
++libgcc$(sm)  	:= $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \
+ 			-print-libgcc-file-name 2> /dev/null)
+-libstdc++$(sm)	:= $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
++libstdc++$(sm)	:= $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
+ 			-print-file-name=libstdc++.a 2> /dev/null)
+-libgcc_eh$(sm)	:= $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
++libgcc_eh$(sm)	:= $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
+ 			-print-file-name=libgcc_eh.a 2> /dev/null)
+ 
+ # Define these to something to discover accidental use
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/0007-allow-setting-sysroot-for-clang.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/0007-allow-setting-sysroot-for-clang.patch
new file mode 100644
index 0000000..d5e3694
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/0007-allow-setting-sysroot-for-clang.patch
@@ -0,0 +1,30 @@
+From 992bed8a62c75aab034fe53d6329fa7c15cf06ee Mon Sep 17 00:00:00 2001
+From: Brett Warren <brett.warren@arm.com>
+Date: Wed, 23 Sep 2020 09:27:34 +0100
+Subject: [PATCH] optee: enable clang support
+
+When compiling with clang, the LIBGCC_LOCATE_CFLAG variable used
+to provide a sysroot wasn't included, which results in not locating
+compiler-rt. This is mitigated by including the variable as ammended.
+
+Upstream-Status: Pending
+ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701
+Signed-off-by: Brett Warren <brett.warren@arm.com>
+
+---
+ mk/clang.mk | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/mk/clang.mk b/mk/clang.mk
+index 0f48c836..47465523 100644
+--- a/mk/clang.mk
++++ b/mk/clang.mk
+@@ -27,7 +27,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \
+ 
+ # Note, use the compiler runtime library (libclang_rt.builtins.*.a) instead of
+ # libgcc for clang
+-libgcc$(sm)	:= $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \
++libgcc$(sm)	:= $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \
+ 			-rtlib=compiler-rt -print-libgcc-file-name 2> /dev/null)
+ 
+ # Core ASLR relies on the executable being ready to run from its preferred load
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/0008-no-warn-rwx-segments.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/0008-no-warn-rwx-segments.patch
new file mode 100644
index 0000000..4048228
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/0008-no-warn-rwx-segments.patch
@@ -0,0 +1,65 @@
+From 3126adccaf9c9dc669bb7e1f96326c03da4b570d Mon Sep 17 00:00:00 2001
+From: Jerome Forissier <jerome.forissier@linaro.org>
+Date: Fri, 5 Aug 2022 09:48:03 +0200
+Subject: [PATCH] core: link: add --no-warn-rwx-segments
+
+Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
+Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474]
+
+binutils ld.bfd generates one RWX LOAD segment by merging several sections
+with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it
+also warns by default when that happens [1], which breaks the build due to
+--fatal-warnings. The RWX segment is not a problem for the TEE core, since
+that information is not used to set memory permissions. Therefore, silence
+the warning.
+
+Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
+Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448
+Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
+Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
+Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
+
+---
+ core/arch/arm/kernel/link.mk | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
+index 69375ad6..bea239cf 100644
+--- a/core/arch/arm/kernel/link.mk
++++ b/core/arch/arm/kernel/link.mk
+@@ -17,6 +17,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map
+ link-ldflags += --sort-section=alignment
+ link-ldflags += --fatal-warnings
+ link-ldflags += --gc-sections
++link-ldflags += $(call ld-option,--no-warn-rwx-segments)
+ 
+ link-ldadd  = $(LDADD)
+ link-ldadd += $(libdeps)
+@@ -37,6 +38,7 @@ link-script-cppflags := \
+ 		$(cppflagscore))
+ 
+ ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \
++		   $(call ld-option,--no-warn-rwx-segments) \
+ 		   $(link-objs) $(link-ldadd) $(libgcccore)
+ cleanfiles += $(link-out-dir)/all_objs.o
+ $(link-out-dir)/all_objs.o: $(objs) $(libdeps) $(MAKEFILE_LIST)
+@@ -49,7 +51,8 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o
+ 	$(q)$(NMcore) $< | \
+ 		$(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@
+ 
+-unpaged-ldargs = -T $(link-script-dummy) --no-check-sections --gc-sections
++unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
++		 $(call ld-option,--no-warn-rwx-segments)
+ unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore)
+ cleanfiles += $(link-out-dir)/unpaged.o
+ $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt
+@@ -77,7 +80,8 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o
+ 	$(q)$(NMcore) $< | \
+ 		$(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@
+ 
+-init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections
++init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
++	       $(call ld-option,--no-warn-rwx-segments)
+ init-ldadd := $(link-objs-init) $(link-out-dir)/version.o  $(link-ldadd) \
+ 	      $(libgcccore)
+ cleanfiles += $(link-out-dir)/init.o
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-plat-corstone1000-add-corstone1000-platform.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-plat-corstone1000-add-corstone1000-platform.patch
deleted file mode 100644
index 7666486..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0001-plat-corstone1000-add-corstone1000-platform.patch
+++ /dev/null
@@ -1,201 +0,0 @@
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Arpita S.K <arpita.s.k@arm.com>
-
-From 439a87df6a9f60f2b29afd988ad58a67e6f0b603 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Tue, 22 Jun 2021 22:09:28 +0100
-Subject: [PATCH] plat-corstone1000: add corstone1000 platform
-
-These changes are to add corstone1000 platform to optee core
-
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-diff --git a/core/arch/arm/plat-corstone1000/conf.mk b/core/arch/arm/plat-corstone1000/conf.mk
-new file mode 100644
-index 00000000..b14dd442
---- /dev/null
-+++ b/core/arch/arm/plat-corstone1000/conf.mk
-@@ -0,0 +1,37 @@
-+PLATFORM_FLAVOR ?= mps3
-+
-+$(call force,CFG_HWSUPP_MEM_PERM_WXN,y)
-+$(call force,CFG_HWSUPP_MEM_PERM_PXN,y)
-+$(call force,CFG_ENABLE_SCTLR_RR,n)
-+$(call force,CFG_ENABLE_SCTLR_Z,n)
-+
-+arm64-platform-cpuarch := cortex-a35
-+arm64-platform-cflags += -mcpu=$(arm64-platform-cpuarch)
-+arm64-platform-aflags += -mcpu=$(arm64-platform-cpuarch)
-+platform-flavor-armv8 := 1
-+
-+$(call force,CFG_GIC,y)
-+$(call force,CFG_PL011,y)
-+$(call force,CFG_SECURE_TIME_SOURCE_CNTPCT,y)
-+
-+$(call force,CFG_ARM64_core,y)
-+
-+CFG_WITH_STATS ?= y
-+
-+CFG_WITH_ARM_TRUSTED_FW ?= y
-+CFG_WITH_LPAE ?=y
-+
-+CFG_TEE_CORE_NB_CORE = 1
-+CFG_TZDRAM_START ?= 0x02002000
-+CFG_TZDRAM_SIZE  ?= 0x000FE000
-+CFG_TEE_RAM_VA_SIZE ?= 0x00AF000
-+CFG_SHMEM_START  ?= 0x86000000
-+CFG_SHMEM_SIZE   ?= 0x00200000
-+
-+CFG_DDR_SIZE ?= 0x80000000
-+CFG_DT_ADDR ?= 0x82100000
-+CFG_DTB_MAX_SIZE ?= 0x100000
-+
-+$(call force,CFG_PSCI_ARM64,y)
-+$(call force,CFG_DT,y)
-+$(call force,CFG_EXTERNAL_DTB_OVERLAY,y)
-diff --git a/core/arch/arm/plat-corstone1000/main.c b/core/arch/arm/plat-corstone1000/main.c
-new file mode 100644
-index 00000000..35d89535
---- /dev/null
-+++ b/core/arch/arm/plat-corstone1000/main.c
-@@ -0,0 +1,77 @@
-+// SPDX-License-Identifier: BSD-2-Clause
-+/*
-+ * Copyright (c) 2020, Linaro Limited
-+ */
-+
-+#include <arm64.h>
-+#include <console.h>
-+#include <drivers/gic.h>
-+#include <drivers/pl011.h>
-+#include <drivers/tzc400.h>
-+#include <initcall.h>
-+#include <keep.h>
-+#include <kernel/boot.h>
-+#include <kernel/interrupt.h>
-+#include <kernel/misc.h>
-+#include <kernel/panic.h>
-+#include <kernel/tee_time.h>
-+#include <mm/core_memprot.h>
-+#include <mm/core_mmu.h>
-+#include <platform_config.h>
-+#include <sm/psci.h>
-+#include <stdint.h>
-+#include <string.h>
-+#include <trace.h>
-+
-+static struct gic_data gic_data __nex_bss;
-+static struct pl011_data console_data __nex_bss;
-+
-+register_phys_mem_pgdir(MEM_AREA_IO_SEC, CONSOLE_UART_BASE, PL011_REG_SIZE);
-+#ifdef DRAM0_BASE
-+register_ddr(DRAM0_BASE, DRAM0_SIZE);
-+#endif
-+
-+#ifdef GIC_BASE
-+register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICD_BASE, GIC_DIST_REG_SIZE);
-+register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICC_BASE, GIC_DIST_REG_SIZE);
-+
-+void main_init_gic(void)
-+{
-+	vaddr_t gicc_base;
-+	vaddr_t gicd_base;
-+
-+	gicc_base = core_mmu_get_va(GICC_BASE, MEM_AREA_IO_SEC);
-+	gicd_base = core_mmu_get_va(GICD_BASE, MEM_AREA_IO_SEC);
-+
-+	if (!gicc_base || !gicd_base)
-+		panic();
-+
-+	/* Initialize GIC */
-+	gic_init(&gic_data, gicc_base, gicd_base);
-+	itr_init(&gic_data.chip);
-+
-+}
-+
-+void main_secondary_init_gic(void)
-+{
-+	gic_cpu_init(&gic_data);
-+}
-+
-+void itr_core_handler(void)
-+{
-+	gic_it_handle(&gic_data);
-+}
-+#endif
-+
-+void console_init(void)
-+{
-+	pl011_init(&console_data, CONSOLE_UART_BASE, CONSOLE_UART_CLK_IN_HZ,
-+		   CONSOLE_BAUDRATE);
-+	register_serial_console(&console_data.chip);
-+}
-+
-+void ffa_secondary_cpu_boot_req(vaddr_t secondary_ep, uint64_t cookie)
-+{
-+	DMSG("This is single core platform\n");
-+}
-+
-diff --git a/core/arch/arm/plat-corstone1000/platform_config.h b/core/arch/arm/plat-corstone1000/platform_config.h
-new file mode 100644
-index 00000000..cfee6fa4
---- /dev/null
-+++ b/core/arch/arm/plat-corstone1000/platform_config.h
-@@ -0,0 +1,46 @@
-+/* SPDX-License-Identifier: BSD-2-Clause */
-+/*
-+ * Copyright (c) 2020, Linaro Limited
-+ */
-+
-+#ifndef PLATFORM_CONFIG_H
-+#define PLATFORM_CONFIG_H
-+
-+#include <mm/generic_ram_layout.h>
-+#include <stdint.h>
-+
-+/* Make stacks aligned to data cache line length */
-+#define STACK_ALIGNMENT		64
-+
-+
-+#define GIC_BASE		0x1c000000
-+#define UART0_BASE		0x1a510000
-+#define UART1_BASE		0x1a520000
-+
-+#define CONSOLE_UART_BASE	UART1_BASE
-+
-+#define DRAM0_BASE		0x80000000
-+#define DRAM0_SIZE		0x7f000000
-+
-+#define GICD_OFFSET		0x10000
-+#define GICC_OFFSET		0x2f000
-+
-+#ifdef GIC_BASE
-+#define GICD_BASE		(GIC_BASE + GICD_OFFSET)
-+#define GICC_BASE		(GIC_BASE + GICC_OFFSET)
-+#endif
-+
-+#ifndef UART_BAUDRATE
-+#define UART_BAUDRATE		115200
-+#endif
-+#ifndef CONSOLE_BAUDRATE
-+#define CONSOLE_BAUDRATE	UART_BAUDRATE
-+#endif
-+
-+#ifndef SYS_COUNTER_FREQ_IN_TICKS
-+#define SYS_COUNTER_FREQ_IN_TICKS	UL(50000000) /* 32MHz */
-+#endif
-+
-+#define CONSOLE_UART_CLK_IN_HZ	UL(50000000) /* 32MHz*/
-+
-+#endif /*PLATFORM_CONFIG_H*/
-diff --git a/core/arch/arm/plat-corstone1000/sub.mk b/core/arch/arm/plat-corstone1000/sub.mk
-new file mode 100644
-index 00000000..8ddc2fd4
---- /dev/null
-+++ b/core/arch/arm/plat-corstone1000/sub.mk
-@@ -0,0 +1,2 @@
-+global-incdirs-y += .
-+srcs-y += main.c
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch
deleted file mode 100644
index ea60fee..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Arpita S.K <arpita.s.k@arm.com>
-
-From dbaf7a11e686d362eb09e63841eb718ea777dd03 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Wed, 1 Sep 2021 16:46:42 +0100
-Subject: [PATCH] plat-corstone1000: reserve 3MB CVM memory for optee
-
-optee requires 3MB CVM memory to include SecurePartition's into
-it's image
-
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-diff --git a/core/arch/arm/plat-corstone1000/conf.mk b/core/arch/arm/plat-corstone1000/conf.mk
-index b14dd442..7a4aa13c 100644
---- a/core/arch/arm/plat-corstone1000/conf.mk
-+++ b/core/arch/arm/plat-corstone1000/conf.mk
-@@ -23,8 +23,7 @@ CFG_WITH_LPAE ?=y
- 
- CFG_TEE_CORE_NB_CORE = 1
- CFG_TZDRAM_START ?= 0x02002000
--CFG_TZDRAM_SIZE  ?= 0x000FE000
--CFG_TEE_RAM_VA_SIZE ?= 0x00AF000
-+CFG_TZDRAM_SIZE  ?= 0x300000 # OPTEE CODE + DATA +TA_RAM = 3MB
- CFG_SHMEM_START  ?= 0x86000000
- CFG_SHMEM_SIZE   ?= 0x00200000
- 
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0003-plat-corstone1000-add-a-rule-in-Makefile-to-SP_MAKEF.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0003-plat-corstone1000-add-a-rule-in-Makefile-to-SP_MAKEF.patch
deleted file mode 100644
index 9aec829..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0003-plat-corstone1000-add-a-rule-in-Makefile-to-SP_MAKEF.patch
+++ /dev/null
@@ -1,38 +0,0 @@
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-From 327290faefe16440c4975c9539b11d43c92bcf48 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Thu, 25 Nov 2021 06:20:48 +0000
-Subject: [PATCH] plat-corstone1000: add a rule in Makefile to SP_MAKEFILE_PATH
-
-This change is to provide an option to user to include
-secure manifest into optee-os Makefile so that the secure
-partition is part of optee-os image
-
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-diff --git a/Makefile b/Makefile
-index f6fcea8b..21722939 100644
---- a/Makefile
-+++ b/Makefile
-@@ -18,6 +18,16 @@ unexport MAKEFILE_LIST
- # nonzero status). Useful since a few recipes use shell redirection.
- .DELETE_ON_ERROR:
- 
-+# include secure partition make file and manifest file
-+ifdef CFG_SP_MKFILE_PATH
-+ifdef CFG_EMBED_DTB_SOURCE_FILE
-+include $(CFG_SP_MKFILE_PATH)
-+$(info Loading secure partitions manifest ${CFG_EMBED_DTB_SOURCE_FILE})
-+CFG_EMBED_DTB_SOURCE_FILE :=${CFG_EMBED_DTB_SOURCE_FILE}
-+OPTEE_OS_COMMON_EXTRA_FLAGS+=${CFG_EMBED_DTB_SOURCE_FILE}
-+endif
-+endif
-+
- include mk/checkconf.mk
- 
- .PHONY: all
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0004-plat-corstone1000-increase-OPTEE-core-heap-size.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0004-plat-corstone1000-increase-OPTEE-core-heap-size.patch
deleted file mode 100644
index 42babb1..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0004-plat-corstone1000-increase-OPTEE-core-heap-size.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-From 5fdf7792ead29784718d30d8a8a5383a994e2fef Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Thu, 2 Dec 2021 12:51:11 +0000
-Subject: [PATCH] plat-corstone1000: increase OPTEE core heap size
-
-This change is to increase optee core heap size to 131072
-from its default value to fit openAMP and smm-gateway
-in SEL0
-
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-diff --git a/core/arch/arm/plat-corstone1000/conf.mk b/core/arch/arm/plat-corstone1000/conf.mk
-index 7a4aa13c..65d652a4 100644
---- a/core/arch/arm/plat-corstone1000/conf.mk
-+++ b/core/arch/arm/plat-corstone1000/conf.mk
-@@ -31,6 +31,7 @@ CFG_DDR_SIZE ?= 0x80000000
- CFG_DT_ADDR ?= 0x82100000
- CFG_DTB_MAX_SIZE ?= 0x100000
- 
-+CFG_CORE_HEAP_SIZE ?= 131072
- $(call force,CFG_PSCI_ARM64,y)
- $(call force,CFG_DT,y)
- $(call force,CFG_EXTERNAL_DTB_OVERLAY,y)
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0005-Fix-add-missing-error-check-during-SP-init.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0005-Fix-add-missing-error-check-during-SP-init.patch
deleted file mode 100644
index 852067b..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/0005-Fix-add-missing-error-check-during-SP-init.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-From 4617f85b70c7e4206b244f3eaffdc62ac3744a17 Mon Sep 17 00:00:00 2001
-From: Jelle Sels <jelle.sels@arm.com>
-Date: Mon, 10 May 2021 11:37:23 +0200
-Subject: [PATCH] Fix: add missing error check during SP init
-
-Error checking during SP initialization (sp_init_uuid()) was lacking.
-As a result an out of CORE HEAP situation resulted in a panic. This was
-due to lack of memory in the inflate() function of zlib.
-
-Signed-off-by: Jelle Sels <jelle.sels@arm.com>
-Change-Id: I287e2e2dd507feb45991b32ed264b3b6ad6fcd39
-
-diff --git a/core/arch/arm/kernel/sp.c b/core/arch/arm/kernel/sp.c
-index 4acbc2e2..23532a01 100644
---- a/core/arch/arm/kernel/sp.c
-+++ b/core/arch/arm/kernel/sp.c
-@@ -383,10 +383,14 @@ static TEE_Result __attribute__((unused)) sp_init_uuid(const TEE_UUID *uuid)
- 				  cancel_req_to,
- 				  &param);
- 
--	args.a0 = sp_get_session(sess->id)->sp_regs.x[0];
--	sp_thread(sess->id, FFA_NW_ID, &args);
-+	if (res == TEE_SUCCESS) {
-+		args.a0 = sp_get_session(sess->id)->sp_regs.x[0];
-+		sp_thread(sess->id, FFA_NW_ID, &args);
- 
--	thread_spmc_msg_recv(&args, sess->id);
-+		thread_spmc_msg_recv(&args, sess->id);
-+	} else {
-+		EMSG("SP initialization failed, try increasing CFG_CORE_HEAP_SIZE");
-+	}
- 
- 	return res;
- }
--- 
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/sp_manifest_combined_se.dts b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/sp_manifest_combined_se.dts
deleted file mode 100644
index b09018e..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/corstone1000/sp_manifest_combined_se.dts
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
-* Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-*
-* SPDX-License-Identifier: BSD-3-Clause
-*/
-
-/dts-v1/;
-
-/ {
-    se-proxy{
-        compatible = "arm,ffa-manifest-1.0";
-        ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */
-        uuid = <0x46bb39d1 0xb4d945b5 0x88ff0400 0x27dab249>;
-        description = "SE Proxy";
-        execution-ctx-count = <1>;
-        exception-level = <1>; /* S-EL0 */
-        execution-state = <0>; /* AArch64 */
-        xlat-granule = <0>; /* 4KiB */
-        messaging-method = <0>; /* Direct messaging only */
-	device-regions {
-		compatible = "arm,ffa-manifest-device-regions";
-		mhu-sender {
-			/* Armv8 A Foundation Platform values */
-			base-address = <0x00000000 0x1b820000>;
-			pages-count = <16>;
-			attributes = <0x3>; /* read-write */
-		};
-		mhu-receiver {
-			/* Armv8 A Foundation Platform values */
-			base-address = <0x00000000 0x1b830000>;
-			pages-count = <16>;
-			attributes = <0x3>; /* read-write */
-		};
-		openamp-virtio {
-			/* Armv8 A Foundation Platform values */
-			base-address = <0x00000000 0x88000000>;
-			pages-count = <256>;
-			attributes = <0x3>; /* read-write */
-		};
-	};
-    };
-    smm-gateway{
-        compatible = "arm,ffa-manifest-1.0";
-        ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */
-        uuid = <0xed32d533 0x99e64209 0x9cc02d72 0xcdd998a7>;
-        description = "SMM Gateway";
-        execution-ctx-count = <1>;
-        exception-level = <1>; /* S-EL0 */
-        execution-state = <0>; /* AArch64 */
-        xlat-granule = <0>; /* 4KiB */
-        messaging-method = <0>; /* Direct messaging only */
-		device-regions {
-          compatible = "arm,ffa-manifest-device-regions";
-          mm-comm-buffer {
-              /* Armv8 A Foundation Platform values */
-              base-address = <0x00000000 0x02000000>;
-              pages-count = <1>;
-              attributes = <0x3>; /* read-write */
-              };
-		};
-    };
-};
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0001-WIP-Enable-managed-exit.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0001-WIP-Enable-managed-exit.patch
index 3a21b39..0f0a76e 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0001-WIP-Enable-managed-exit.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0001-WIP-Enable-managed-exit.patch
@@ -1,7 +1,7 @@
-From 14b84786e85483bf3c737ef8b392204e307c0ff1 Mon Sep 17 00:00:00 2001
+From 34db1357ab3192f18629ceadf4ea33b948513fec Mon Sep 17 00:00:00 2001
 From: Olivier Deprez <olivier.deprez@arm.com>
 Date: Mon, 16 Nov 2020 10:14:02 +0100
-Subject: [PATCH] WIP: Enable managed exit
+Subject: [PATCH 1/2] WIP: Enable managed exit
 
 This change declares OP-TEE SP as supporting managed exit in response to
 a NS interrupt triggering while the SWd runs.
@@ -27,14 +27,14 @@
  core/arch/arm/kernel/boot.c                          | 12 ++++++++++++
  core/arch/arm/kernel/thread_a64.S                    | 11 ++++++++++-
  core/arch/arm/kernel/thread_spmc.c                   | 11 +++++++++++
- .../arm/plat-totalcompute/fdts/optee_sp_manifest.dts |  2 +-
- 4 files changed, 34 insertions(+), 2 deletions(-)
+ .../arm/plat-totalcompute/fdts/optee_sp_manifest.dts |  1 +
+ 4 files changed, 34 insertions(+), 1 deletion(-)
 
 diff --git a/core/arch/arm/kernel/boot.c b/core/arch/arm/kernel/boot.c
-index 09c1b811..d130107f 100644
+index f173384d..466c042e 100644
 --- a/core/arch/arm/kernel/boot.c
 +++ b/core/arch/arm/kernel/boot.c
-@@ -1279,6 +1279,18 @@ static void init_secondary_helper(unsigned long nsec_entry)
+@@ -1350,6 +1350,18 @@ static void init_secondary_helper(unsigned long nsec_entry)
  	init_vfp_sec();
  	init_vfp_nsec();
  
@@ -54,10 +54,10 @@
  }
  
 diff --git a/core/arch/arm/kernel/thread_a64.S b/core/arch/arm/kernel/thread_a64.S
-index 3e0f5115..63bf396a 100644
+index d6baee4d..1b0c8f37 100644
 --- a/core/arch/arm/kernel/thread_a64.S
 +++ b/core/arch/arm/kernel/thread_a64.S
-@@ -904,6 +904,14 @@ END_FUNC el0_sync_abort
+@@ -1087,6 +1087,14 @@ END_FUNC el0_sync_abort
  	bl	dcache_op_louis
  	ic	iallu
  #endif
@@ -72,7 +72,7 @@
  	/*
  	 * Mark current thread as suspended
  	 */
-@@ -1021,8 +1029,9 @@ LOCAL_FUNC elx_irq , :
+@@ -1204,8 +1212,9 @@ LOCAL_FUNC elx_irq , :
  #endif
  END_FUNC elx_irq
  
@@ -84,10 +84,10 @@
  #else
  	native_intr_handler	fiq
 diff --git a/core/arch/arm/kernel/thread_spmc.c b/core/arch/arm/kernel/thread_spmc.c
-index bd7930e7..89ff82bc 100644
+index ea9e8f03..15577e7e 100644
 --- a/core/arch/arm/kernel/thread_spmc.c
 +++ b/core/arch/arm/kernel/thread_spmc.c
-@@ -1394,6 +1394,17 @@ static TEE_Result spmc_init(void)
+@@ -1518,6 +1518,17 @@ static TEE_Result spmc_init(void)
  	my_endpoint_id = spmc_get_id();
  	DMSG("My endpoint ID %#x", my_endpoint_id);
  
@@ -104,21 +104,19 @@
 +
  	return TEE_SUCCESS;
  }
- #endif /*CFG_CORE_SEL2_SPMC*/
+ #endif /* !defined(CFG_CORE_SEL1_SPMC) */
 diff --git a/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts b/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts
-index 4b8b3681..04847c4d 100644
+index 0bfe33f3..00cfa5b2 100644
 --- a/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts
 +++ b/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts
-@@ -23,7 +23,8 @@
- 	entrypoint-offset = <0x1000>;
+@@ -24,6 +24,7 @@
  	xlat-granule = <0>; /* 4KiB */
  	boot-order = <0>;
--	messaging-method = <0>; /* Direct messaging only */
-+	messaging-method = <3>; /* Direct request/response supported */
+ 	messaging-method = <0x3>; /* Direct request/response supported */
 +	managed-exit; /* Managed exit supported */
-
+ 
  	device-regions {
  		compatible = "arm,ffa-manifest-device-regions";
 -- 
-2.29.2
+2.34.1
 
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0002-ffa-Update-function-ID-according-to-FFA-v1.1-spec.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0002-ffa-Update-function-ID-according-to-FFA-v1.1-spec.patch
deleted file mode 100644
index 44138cb..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0002-ffa-Update-function-ID-according-to-FFA-v1.1-spec.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 3a240f6b6c58d70471fd0752b8854c43c7c4df72 Mon Sep 17 00:00:00 2001
-From: Usama Arif <usama.arif@arm.com>
-Date: Wed, 11 Aug 2021 11:00:52 +0100
-Subject: [PATCH 2/2] ffa: Update function ID according to FFA v1.1 spec
-
-This updates function ID FFA_SECONDARY_EP_REGISTER_64.
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Usama Arif <usama.arif@arm.com>
----
- core/arch/arm/include/ffa.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/core/arch/arm/include/ffa.h b/core/arch/arm/include/ffa.h
-index 20a009ca..b0d68173 100644
---- a/core/arch/arm/include/ffa.h
-+++ b/core/arch/arm/include/ffa.h
-@@ -69,7 +69,7 @@
- #define FFA_MEM_RECLAIM			U(0x84000077)
- #define FFA_MEM_FRAG_RX			U(0x8400007A)
- #define FFA_MEM_FRAG_TX			U(0x8400007B)
--#define FFA_SECONDARY_EP_REGISTER_64	U(0xC4000084)
-+#define FFA_SECONDARY_EP_REGISTER_64	U(0xC4000087)
- 
- /* Special value for traffic targeted to the Hypervisor or SPM */
- #define FFA_TARGET_INFO_MBZ		U(0x0)
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0002-plat-totalcompute-fix-TZDRAM-start-and-size.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0002-plat-totalcompute-fix-TZDRAM-start-and-size.patch
new file mode 100644
index 0000000..ff7f513
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0002-plat-totalcompute-fix-TZDRAM-start-and-size.patch
@@ -0,0 +1,50 @@
+From 35dba075593cb32c62b881e7763fcf0ea37908f7 Mon Sep 17 00:00:00 2001
+From: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
+Date: Mon, 23 May 2022 11:32:41 +0100
+Subject: [PATCH 2/2] plat-totalcompute: fix TZDRAM start and size
+
+- Fix TZDRAM_SIZE in TC platform
+- For CFG_CORE_SEL2_SPMC, manifest size is increased from 0x1000 to
+  0x4000 for boot protocol support.
+
+Upstream-Status: Pending [Not submitted to upstream yet]
+
+Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
+Change-Id: Iff19c498e9edae961f469604d69419c1a32145f5
+---
+ core/arch/arm/plat-totalcompute/conf.mk                    | 5 +++--
+ core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts | 2 +-
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/core/arch/arm/plat-totalcompute/conf.mk b/core/arch/arm/plat-totalcompute/conf.mk
+index b39ac0f0..2f6c0ee1 100644
+--- a/core/arch/arm/plat-totalcompute/conf.mk
++++ b/core/arch/arm/plat-totalcompute/conf.mk
+@@ -32,8 +32,9 @@ ifeq ($(CFG_CORE_SEL1_SPMC),y)
+ CFG_TZDRAM_START ?= 0xfd000000
+ CFG_TZDRAM_SIZE  ?= 0x02000000
+ else ifeq ($(CFG_CORE_SEL2_SPMC),y)
+-CFG_TZDRAM_START ?= 0xfd281000
+-CFG_TZDRAM_SIZE  ?= 0x01d7f000
++CFG_TZDRAM_START ?= 0xfd284000
++# TZDRAM size 0x1980000 - 0x4000 manifest size
++CFG_TZDRAM_SIZE  ?= 0x0197c000
+ else
+ CFG_TZDRAM_START ?= 0xff000000
+ CFG_TZDRAM_SIZE  ?= 0x01000000
+diff --git a/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts b/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts
+index 00cfa5b2..56e69f37 100644
+--- a/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts
++++ b/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts
+@@ -20,7 +20,7 @@
+ 	exception-level = <2>; /* S-EL1 */
+ 	execution-state = <0>; /* AARCH64 */
+ 	load-address = <0xfd280000>;
+-	entrypoint-offset = <0x1000>;
++	entrypoint-offset = <0x4000>;
+ 	xlat-granule = <0>; /* 4KiB */
+ 	boot-order = <0>;
+ 	messaging-method = <0x3>; /* Direct request/response supported */
+-- 
+2.34.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0003-Fix-optee-UUID.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0003-Fix-optee-UUID.patch
deleted file mode 100644
index 5374c02..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0003-Fix-optee-UUID.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 37fd6f3c18015bcad2c099bf9269e72140e55557 Mon Sep 17 00:00:00 2001
-From: Davidson K <davidson.kumaresan@arm.com>
-Date: Wed, 12 Jan 2022 17:14:03 +0530
-Subject: [PATCH] Fix optee UUID
-
-Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/commit/a9a8e483b6ff7f6e40c5ed95310a18e0bd1993c3#diff-2a310f8cc43d961b2efc05ac1619521653ba8977ff5e6dc5bb89754fd60fe954]
-Signed-off-by: Davidson K <davidson.kumaresan@arm.com>
----
- core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts b/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts
-index 04847c4d..3b76fc7d 100644
---- a/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts
-+++ b/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts
-@@ -14,7 +14,7 @@
- 	/* Properties */
- 	description = "op-tee";
- 	ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */
--	uuid = <0x486178e0 0xe7f811e3 0xbc5e0002 0xa5d5c51b>;
-+	uuid = <0xe0786148 0xe311f8e7 0x02005ebc 0x1bc5d5a5>;
- 	id = <1>;
- 	execution-ctx-count = <8>;
- 	exception-level = <2>; /* S-EL1 */
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0004-plat-totalcompute-add-support-for-higher-DRAM.patch b/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0004-plat-totalcompute-add-support-for-higher-DRAM.patch
deleted file mode 100644
index 293ea7d..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/files/optee-os/tc/0004-plat-totalcompute-add-support-for-higher-DRAM.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From 7fb6d720a285b6135a9247b2adde833ea90e2549 Mon Sep 17 00:00:00 2001
-From: Usama Arif <usama.arif@arm.com>
-Date: Mon, 27 Sep 2021 19:58:56 +0100
-Subject: [PATCH] plat-totalcompute: add support for higher DRAM
-
-The new 6GB DRAM bank starts at 0x8080000000.
-
-Signed-off-by: Usama Arif <usama.arif@arm.com>
-Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
-
-Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/commit/6d8430f943e091282849b188fbc0847c159e5de4]
-Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
----
- core/arch/arm/plat-totalcompute/conf.mk           | 2 ++
- core/arch/arm/plat-totalcompute/main.c            | 1 +
- core/arch/arm/plat-totalcompute/platform_config.h | 3 +++
- 3 files changed, 6 insertions(+)
-
-diff --git a/core/arch/arm/plat-totalcompute/conf.mk b/core/arch/arm/plat-totalcompute/conf.mk
-index 558b7889..e894b1e1 100644
---- a/core/arch/arm/plat-totalcompute/conf.mk
-+++ b/core/arch/arm/plat-totalcompute/conf.mk
-@@ -24,6 +24,8 @@ platform-cflags-debug-info = -gdwarf-2
- platform-aflags-debug-info = -gdwarf-2
- endif
- 
-+$(call force,CFG_CORE_ARM64_PA_BITS,40)
-+
- ifneq (,$(filter ${PLATFORM_FLAVOR},tc0 tc1))
- CFG_TEE_CORE_NB_CORE = 8
- 
-diff --git a/core/arch/arm/plat-totalcompute/main.c b/core/arch/arm/plat-totalcompute/main.c
-index 42acf8dd..eab237bf 100644
---- a/core/arch/arm/plat-totalcompute/main.c
-+++ b/core/arch/arm/plat-totalcompute/main.c
-@@ -27,6 +27,7 @@ register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICD_BASE, GIC_DIST_REG_SIZE);
- #endif
- 
- register_ddr(DRAM0_BASE, DRAM0_SIZE);
-+register_ddr(DRAM1_BASE, DRAM1_SIZE);
- 
- #ifndef CFG_CORE_SEL2_SPMC
- void main_init_gic(void)
-diff --git a/core/arch/arm/plat-totalcompute/platform_config.h b/core/arch/arm/plat-totalcompute/platform_config.h
-index 4255abca..b474a899 100644
---- a/core/arch/arm/plat-totalcompute/platform_config.h
-+++ b/core/arch/arm/plat-totalcompute/platform_config.h
-@@ -26,6 +26,9 @@
- #define DRAM0_BASE		0x80000000
- #define DRAM0_SIZE		0x7d000000
- 
-+#define DRAM1_BASE		0x8080000000ULL
-+#define DRAM1_SIZE		0x180000000ULL
-+
- #define TZCDRAM_BASE		0xff000000
- #define TZCDRAM_SIZE		0x01000000
- 
--- 
-2.30.2
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service
new file mode 100644
index 0000000..c273832
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.service
@@ -0,0 +1,10 @@
+[Unit]
+Description=TEE Supplicant
+
+[Service]
+User=root
+EnvironmentFile=-@sysconfdir@/default/tee-supplicant
+ExecStart=@sbindir@/tee-supplicant $OPTARGS
+
+[Install]
+WantedBy=basic.target
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.sh b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.sh
new file mode 100644
index 0000000..b4d2195
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client/tee-supplicant.sh
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+# Source function library
+. /etc/init.d/functions
+
+NAME=tee-supplicant
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DESC="OP-TEE Supplicant"
+
+DAEMON=@sbindir@/$NAME
+
+test -f $DAEMON || exit 0
+
+test -f @sysconfdir@/default/$NAME && . @sysconfdir@/default/$NAME
+test -f @sysconfdir@/default/rcS && . @sysconfdir@/default/rcS
+
+SSD_OPTIONS="--oknodo --quiet --exec $DAEMON -- -d $OPTARGS"
+
+set -e
+
+case $1 in
+    start)
+	    echo -n "Starting $DESC: "
+	    start-stop-daemon --start $SSD_OPTIONS
+        echo "${DAEMON##*/}."
+        ;;
+    stop)
+	    echo -n "Stopping $DESC: "
+	    start-stop-daemon --stop $SSD_OPTIONS
+        echo "${DAEMON##*/}."
+        ;;
+    restart|force-reload)
+	    $0 stop
+	    sleep 1
+	    $0 start
+        ;;
+    status)
+        status ${DAEMON} || exit $?
+        ;;
+    *)
+        echo "Usage: $0 {start|stop|restart|force-reload|status}" >&2
+        exit 1
+        ;;
+esac
+
+exit 0
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bb
new file mode 100644
index 0000000..641fb0a
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-client_3.14.0.bb
@@ -0,0 +1,3 @@
+require recipes-security/optee/optee-client.inc
+
+SRCREV = "06e1b32f6a7028e039c625b07cfc25fda0c17d53"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc
new file mode 100644
index 0000000..1aca3a9
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc
@@ -0,0 +1,17 @@
+SRCREV = "42f6617108fa43712652ef52f9d5b4ec5b2665f8"
+PV = "3.18.0+git${SRCPV}"
+
+SRC_URI:remove = " \
+                  file://0008-no-warn-rwx-segments.patch \
+                 "
+
+COMPATIBLE_MACHINE = "corstone1000"
+
+OPTEEMACHINE = "corstone1000"
+# Enable optee memory layout and boot logs
+EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4"
+
+# default disable latency benchmarks (over all OP-TEE layers)
+EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n"
+
+EXTRA_OEMAKE += " CFG_CORE_SEL1_SPMC=y CFG_CORE_FFA=y"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-generic-tc.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-generic-tc.inc
index eeaa59a..31f1915 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-generic-tc.inc
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-generic-tc.inc
@@ -1,17 +1,10 @@
 # Total Compute (tc) specific configuration for optee-os and optee-os-tadevkit
 
-# Intermediate SHA with 3.14 baseline version
-# This has TC0 and TC1 platform support
-SRCREV = "e4f34e786135079160697d88212591105a65fbce"
-PV = "3.14.0+git${SRCPV}"
-
 FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/tc:"
 SRC_URI:append:tc = " \
     file://sp_layout.json \
     file://0001-WIP-Enable-managed-exit.patch \
-    file://0002-ffa-Update-function-ID-according-to-FFA-v1.1-spec.patch \
-    file://0003-Fix-optee-UUID.patch \
-    file://0004-plat-totalcompute-add-support-for-higher-DRAM.patch \
+    file://0002-plat-totalcompute-fix-TZDRAM-start-and-size.patch \
     "
 
 COMPATIBLE_MACHINE = "(tc?)"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bbappend
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.14.0.bbappend
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_3.18.0.bbappend
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.10.0.bb b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.10.0.bb
new file mode 100644
index 0000000..19beaa7
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.10.0.bb
@@ -0,0 +1,3 @@
+require recipes-security/optee/optee-os.inc
+
+SRCREV = "d1c635434c55b7d75eadf471bde04926bd1e50a7"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend
deleted file mode 100644
index 7834b64..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.14.0.bbappend
+++ /dev/null
@@ -1,7 +0,0 @@
-# Machine specific configurations
-
-MACHINE_OPTEE_OS_REQUIRE ?= ""
-MACHINE_OPTEE_OS_REQUIRE:corstone1000 = "optee-os_corstone1000.inc"
-MACHINE_OPTEE_OS_REQUIRE:tc = "optee-os-tc.inc"
-
-require ${MACHINE_OPTEE_OS_REQUIRE}
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend
index f80e09f..4b03985 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_3.18.0.bbappend
@@ -2,5 +2,7 @@
 
 MACHINE_OPTEE_OS_REQUIRE ?= ""
 MACHINE_OPTEE_OS_REQUIRE:n1sdp = "optee-os-n1sdp.inc"
+MACHINE_OPTEE_OS_REQUIRE:tc = "optee-os-tc.inc"
+MACHINE_OPTEE_OS_REQUIRE:corstone1000 = "optee-os-corstone1000-common.inc"
 
 require ${MACHINE_OPTEE_OS_REQUIRE}
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000.inc
deleted file mode 100644
index eb5f6df..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000.inc
+++ /dev/null
@@ -1,20 +0,0 @@
-require optee-os_corstone1000_common.inc
-
-DEPENDS += " secure-partitions"
-EXTRA_OEMAKE +="'SP_PACKAGING_METHOD=embedded'"
-
-TS_INSTALL_PREFIX_PATH="${RECIPE_SYSROOT}/firmware/sp/opteesp"
-EXTRA_OEMAKE += "'TS_INSTALL_PREFIX=${TS_INSTALL_PREFIX_PATH}'"
-
-# se-proxy secure partition
-SP_MKFILE_PATH="${TS_INSTALL_PREFIX}/lib/make/se-proxy.mk"
-
-# smm-gateway secure partition
-SP_MKFILE_PATH += "${TS_INSTALL_PREFIX}/lib/make/smm-gateway.mk"
-
-EXTRA_OEMAKE += "'CFG_SP_MKFILE_PATH=${SP_MKFILE_PATH}'"
-
-EXTRA_OEMAKE += "CFG_EMBED_DTB_SOURCE_FILE=${EMBED_DTB_SOURCE_FILE}"
-
-SRC_URI:append = " file://sp_manifest_combined_se.dts;"
-EMBED_DTB_SOURCE_FILE = "${WORKDIR}/sp_manifest_combined_se.dts"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000_common.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000_common.inc
deleted file mode 100644
index 9f37241..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_corstone1000_common.inc
+++ /dev/null
@@ -1,31 +0,0 @@
-SRC_URI = "git://git.trustedfirmware.org/OP-TEE/optee_os.git;protocol=https;branch=psa-development"
-SRCREV = "f9de2c9520ed97b89760cc4c99424aae440b63f4"
-PV = "3.10.0+git${SRCPV}"
-
-DEPENDS += "python3-pycryptodomex-native dtc-native"
-
-FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/corstone1000:"
-
-SRC_URI:append = " \
-                  file://0001-plat-corstone1000-add-corstone1000-platform.patch \
-                  file://0002-plat-corstone1000-reserve-3MB-CVM-memory-for-optee.patch \
-                  file://0003-plat-corstone1000-add-a-rule-in-Makefile-to-SP_MAKEF.patch \
-                  file://0004-plat-corstone1000-increase-OPTEE-core-heap-size.patch \
-                  file://0005-Fix-add-missing-error-check-during-SP-init.patch \
-                   "
-
-COMPATIBLE_MACHINE = "corstone1000"
-
-OPTEEMACHINE = "corstone1000"
-# Enable optee memory layout and boot logs
-EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4"
-
-# default disable latency benchmarks (over all OP-TEE layers)
-EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n"
-
-EXTRA_OEMAKE += " CFG_CORE_SEL1_SPMC=y CFG_CORE_FFA=y"
-
-EXTRA_OEMAKE += " CFG_WITH_SP=y"
-
-EXTRA_OEMAKE += " HOST_PREFIX=${HOST_PREFIX}"
-EXTRA_OEMAKE += " CROSS_COMPILE64=${HOST_PREFIX}"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-spdevkit_3.10.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-spdevkit_3.10.0.bbappend
new file mode 100644
index 0000000..cfc3023
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-spdevkit_3.10.0.bbappend
@@ -0,0 +1,5 @@
+# Machine specific configurations
+
+MACHINE_OPTEE_SPDEVKIT_REQUIRE ?= ""
+
+require ${MACHINE_OPTEE_SPDEVKIT_REQUIRE}
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-spdevkit_corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-spdevkit_corstone1000.inc
deleted file mode 100644
index 363b0ed..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-spdevkit_corstone1000.inc
+++ /dev/null
@@ -1 +0,0 @@
-require optee-os_corstone1000_common.inc
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-spdevkit_git.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-spdevkit_git.bbappend
deleted file mode 100644
index 13e109c..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-spdevkit_git.bbappend
+++ /dev/null
@@ -1,6 +0,0 @@
-# Machine specific configurations
-
-MACHINE_OPTEE_SPDEVKIT_REQUIRE ?= ""
-MACHINE_OPTEE_SPDEVKIT_REQUIRE:corstone1000 = "optee-spdevkit_corstone1000.inc"
-
-require ${MACHINE_OPTEE_SPDEVKIT_REQUIRE}
diff --git a/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend b/meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.18.0.bbappend
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.14.0.bbappend
rename to meta-arm/meta-arm-bsp/recipes-security/optee/optee-test_3.18.0.bbappend
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-plat-add-corstone1000-platform-to-drivers-arm.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-plat-add-corstone1000-platform-to-drivers-arm.patch
new file mode 100644
index 0000000..3b15c72
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-plat-add-corstone1000-platform-to-drivers-arm.patch
@@ -0,0 +1,36 @@
+From d262ab277a87c1cda4f71137f6bb963066ba6997 Mon Sep 17 00:00:00 2001
+From: Vishnu Banavath <vishnu.banavath@arm.com>
+Date: Tue, 13 Sep 2022 16:46:14 +0100
+Subject: [PATCH 26/27] plat: add corstone1000 platform to drivers/arm
+
+This change is to add corstone1000 platform cmake. Smm gateway
+uses SE proxy to route the calls for any NV storage.
+
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ platform/providers/arm/corstone1000/platform.cmake | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+ create mode 100644 platform/providers/arm/corstone1000/platform.cmake
+
+diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
+new file mode 100644
+index 00000000..14a9f6b0
+--- /dev/null
++++ b/platform/providers/arm/corstone1000/platform.cmake
+@@ -0,0 +1,12 @@
++#-------------------------------------------------------------------------------
++# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
++#
++# SPDX-License-Identifier: BSD-3-Clause
++#
++# Platform definition for the corstone1000 platform.
++#-------------------------------------------------------------------------------
++
++target_compile_definitions(${TGT} PRIVATE
++	SMM_GATEWAY_NV_STORE_SN="sn:ffa:46bb39d1-b4d9-45b5-88ff-040027dab249:1"
++)
++
+-- 
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0008-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0027-Add-MHU-driver.patch
similarity index 93%
rename from meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0008-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch
rename to meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0027-Add-MHU-driver.patch
index 47ca59f..77be7f3 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0008-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0027-Add-MHU-driver.patch
@@ -1,57 +1,24 @@
-From 993a3c3cb08a723f5b5eb07cf38d70e9acf52e7f Mon Sep 17 00:00:00 2001
+From 9e6f16c236fbf5d8631ebc53a79c80b85042b736 Mon Sep 17 00:00:00 2001
 From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 18:00:46 +0000
-Subject: [PATCH] Implement mhu driver and the OpenAmp conversion layer.
+Date: Tue, 27 Sep 2022 18:47:36 +0100
+Subject: [PATCH 27/27] Add MHU driver
 
-This commit adds an mhu driver (v2.1 and v2) to the secure
-partition se_proxy and a conversion layer to communicate with
-the secure enclave using OpenAmp.
+This change is to add MHU driver. This is required to communicate
+between cortex-A and cortex-M
 
-Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
 Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
+Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
 Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-
 ---
- .../se-proxy/opteesp/default_se-proxy.dts.in  |  16 +
  .../drivers/arm/mhu_driver/component.cmake    |  12 +
  platform/drivers/arm/mhu_driver/mhu_v2.h      | 391 ++++++++++++
  platform/drivers/arm/mhu_driver/mhu_v2_x.c    | 602 ++++++++++++++++++
- .../providers/arm/corstone1000/platform.cmake |  10 +
- 5 files changed, 1031 insertions(+)
+ .../providers/arm/corstone1000/platform.cmake |   3 +
+ 4 files changed, 1008 insertions(+)
  create mode 100644 platform/drivers/arm/mhu_driver/component.cmake
  create mode 100644 platform/drivers/arm/mhu_driver/mhu_v2.h
  create mode 100644 platform/drivers/arm/mhu_driver/mhu_v2_x.c
- create mode 100644 platform/providers/arm/corstone1000/platform.cmake
 
-diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-index 9f5cf712..f351a592 100644
---- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-+++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-@@ -17,5 +17,21 @@
- 		execution-state = <0>; /* AArch64 */
- 		xlat-granule = <0>; /* 4KiB */
- 		messaging-method = <0>; /* Direct messaging only */
-+
-+		device-regions {
-+			compatible = "arm,ffa-manifest-device-regions";
-+			mhu-sender {
-+				/* Armv8 A Foundation Platform values */
-+				base-address = <0x00000000 0x1b820000>;
-+				pages-count = <16>;
-+				attributes = <0x3>; /* read-write */
-+			};
-+			mhu-receiver {
-+				/* Armv8 A Foundation Platform values */
-+				base-address = <0x00000000 0x1b830000>;
-+				pages-count = <16>;
-+				attributes = <0x3>; /* read-write */
-+			};
-+		};
- 	};
- };
 diff --git a/platform/drivers/arm/mhu_driver/component.cmake b/platform/drivers/arm/mhu_driver/component.cmake
 new file mode 100644
 index 00000000..77a5a50b
@@ -1076,18 +1043,19 @@
 +    return MHU_V_2_X_ERR_GENERAL;
 +}
 diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
-new file mode 100644
-index 00000000..bb778bb9
---- /dev/null
+index 14a9f6b0..df9cab71 100644
+--- a/platform/providers/arm/corstone1000/platform.cmake
 +++ b/platform/providers/arm/corstone1000/platform.cmake
-@@ -0,0 +1,10 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+# Platform definition for the 'fvp_base_revc-2xaem8a' virtual platform.
-+#-------------------------------------------------------------------------------
-+
+@@ -6,6 +6,9 @@
+ # Platform definition for the corstone1000 platform.
+ #-------------------------------------------------------------------------------
+ 
 +# include MHU driver
 +include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake)
++
+ target_compile_definitions(${TGT} PRIVATE
+ 	SMM_GATEWAY_NV_STORE_SN="sn:ffa:46bb39d1-b4d9-45b5-88ff-040027dab249:1"
+ )
+-- 
+2.17.1
+
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0001-tools-cmake-common-applying-lowercase-project-conven.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0001-tools-cmake-common-applying-lowercase-project-conven.patch
deleted file mode 100644
index 83c7b54..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0001-tools-cmake-common-applying-lowercase-project-conven.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 73c27b917e15eb04f39eedac9b79e5011e8a754f Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Sat, 13 Nov 2021 07:47:44 +0000
-Subject: [PATCH] tools/cmake/common: applying lowercase project convention
-
-Lowercase convention should only apply on the paths inside TS
-source-code.
-Host build paths should not be lowercased. Otherwise, builds
-with uppercase paths will break.
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-
-
----
- tools/cmake/common/AddPlatform.cmake | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/tools/cmake/common/AddPlatform.cmake b/tools/cmake/common/AddPlatform.cmake
-index ae34c6e4..31bcd8ca 100644
---- a/tools/cmake/common/AddPlatform.cmake
-+++ b/tools/cmake/common/AddPlatform.cmake
-@@ -37,8 +37,8 @@ function(add_platform)
- 	set(TGT ${MY_PARAMS_TARGET} CACHE STRING "")
- 
- 	# Ensure file path conforms to lowercase project convention
--	string(TOLOWER "${TS_PLATFORM_ROOT}/${TS_PLATFORM}/platform.cmake" _platdef)
--	include(${_platdef})
-+	string(TOLOWER "${TS_PLATFORM}/platform.cmake" _platdef)
-+	include(${TS_PLATFORM_ROOT}/${_platdef})
- 	set(CMAKE_CONFIGURE_DEPENDS ${_platdef})
- 
- 	unset(TGT CACHE)
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0002-fix-EARLY_TA_PATHS-env-variable.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0002-fix-EARLY_TA_PATHS-env-variable.patch
deleted file mode 100644
index f56b455..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0002-fix-EARLY_TA_PATHS-env-variable.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 146f4dfa73aa316d611188f63e3530cffe9200af Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Sat, 13 Nov 2021 07:51:53 +0000
-Subject: [PATCH] fix EARLY_TA_PATHS env variable
-
-Yocto cleans up environment varaibles at build time.
-EARLY_TA_PATHS should be set a separate rule for securepartitions
-to be included into optee-os image
-
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-
-
----
- environments/opteesp/sp.mk.in | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/environments/opteesp/sp.mk.in b/environments/opteesp/sp.mk.in
-index c44ad59e..d67e2dca 100644
---- a/environments/opteesp/sp.mk.in
-+++ b/environments/opteesp/sp.mk.in
-@@ -14,7 +14,8 @@ ifeq (,${@EXPORT_SP_UUID@-included})
- endif
- 
- ifeq (embedded,${SP_PACKAGING_METHOD})
--OPTEE_OS_COMMON_EXTRA_FLAGS+=EARLY_TA_PATHS+=${TS_INSTALL_PREFIX}/opteesp/bin/@EXPORT_SP_UUID@.stripped.elf
-+EARLY_TA_PATHS+=${TS_INSTALL_PREFIX}/bin/@EXPORT_SP_UUID@.stripped.elf
-+OPTEE_OS_COMMON_EXTRA_FLAGS+=${EARLY_TA_PATHS}
- TS_SP_DTSI_LIST+="\\n\#include \"${TS_INSTALL_PREFIX}/opteesp/manifest/@EXPORT_SP_UUID@.dtsi\""
- else ifeq (fip,${SP_PACKAGING_METHOD})
- TS_SP_JSON_LIST+=${TS_INSTALL_PREFIX}/opteesp/json/@EXPORT_SP_NAME@.json
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0003-corstone1000-port-crypto-config.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0003-corstone1000-port-crypto-config.patch
deleted file mode 100644
index 3b26b77..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0003-corstone1000-port-crypto-config.patch
+++ /dev/null
@@ -1,234 +0,0 @@
-From f86f5b42d853d2a65f6753362361bbb95aac1800 Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Sat, 11 Dec 2021 11:06:57 +0000
-Subject: [PATCH] corstone1000: port crypto config
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
-
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-
-%% original patch: 0003-corstone1000-port-crypto-config.patch
----
- .../nspe/pal_crypto_config.h                  | 83 +++++++++++++++----
- 1 file changed, 66 insertions(+), 17 deletions(-)
-
-diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
-index 844cd2e..c936bdd 100755
---- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
-+++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
-@@ -1,5 +1,5 @@
- /** @file
-- * Copyright (c) 2021, Arm Limited or its affiliates. All rights reserved.
-+ * Copyright (c) 2019-2020, Arm Limited or its affiliates. All rights reserved.
-  * SPDX-License-Identifier : Apache-2.0
-  *
-  * Licensed under the Apache License, Version 2.0 (the "License");
-@@ -34,10 +34,14 @@
-  *
-  * Comment macros to disable the types
-  */
-+#ifndef TF_M_PROFILE_SMALL
-+#ifndef TF_M_PROFILE_MEDIUM
- #define ARCH_TEST_RSA
- #define ARCH_TEST_RSA_1024
- #define ARCH_TEST_RSA_2048
- #define ARCH_TEST_RSA_3072
-+#endif
-+#endif
- 
- /**
-  * \def  ARCH_TEST_ECC
-@@ -50,11 +54,17 @@
-  * Requires: ARCH_TEST_ECC
-  * Comment macros to disable the curve
-  */
-+#ifndef TF_M_PROFILE_SMALL
- #define ARCH_TEST_ECC
- #define ARCH_TEST_ECC_CURVE_SECP192R1
-+#ifndef TF_M_PROFILE_MEDIUM
- #define ARCH_TEST_ECC_CURVE_SECP224R1
-+#endif
- #define ARCH_TEST_ECC_CURVE_SECP256R1
-+#ifndef TF_M_PROFILE_MEDIUM
- #define ARCH_TEST_ECC_CURVE_SECP384R1
-+#endif
-+#endif
- 
- /**
-  * \def ARCH_TEST_AES
-@@ -78,10 +88,10 @@
-  *
-  * Comment macros to disable the types
-  */
--#define ARCH_TEST_DES
--#define ARCH_TEST_DES_1KEY
--#define ARCH_TEST_DES_2KEY
--#define ARCH_TEST_DES_3KEY
-+//#define ARCH_TEST_DES
-+//#define ARCH_TEST_DES_1KEY
-+//#define ARCH_TEST_DES_2KEY
-+//#define ARCH_TEST_DES_3KEY
- 
- /**
-  * \def  ARCH_TEST_RAW
-@@ -104,7 +114,7 @@
-  *
-  * Enable the ARC4 key type.
-  */
--#define ARCH_TEST_ARC4
-+//#define ARCH_TEST_ARC4
- 
- /**
-  * \def ARCH_TEST_CIPHER_MODE_CTR
-@@ -113,7 +123,11 @@
-  *
-  * Requires: ARCH_TEST_CIPHER
-  */
-+#ifndef TF_M_PROFILE_SMALL
-+#ifndef TF_M_PROFILE_MEDIUM
- #define ARCH_TEST_CIPHER_MODE_CTR
-+#endif
-+#endif
- 
- /**
-  * \def ARCH_TEST_CIPHER_MODE_CFB
-@@ -138,7 +152,11 @@
-  *
-  * Requires: ARCH_TEST_CIPHER, ARCH_TEST_AES, ARCH_TEST_CIPHER_MODE_CTR
-  */
-+#ifndef TF_M_PROFILE_SMALL
-+#ifndef TF_M_PROFILE_MEDIUM
- #define ARCH_TEST_CTR_AES
-+#endif
-+#endif
- 
- /**
-  * \def ARCH_TEST_CBC_AES
-@@ -157,7 +175,11 @@
-  *
-  * Comment macros to disable the types
-  */
-+#ifndef TF_M_PROFILE_SMALL
-+#ifndef TF_M_PROFILE_MEDIUM
- #define ARCH_TEST_CBC_NO_PADDING
-+#endif
-+#endif
- 
- /**
-  * \def ARCH_TEST_CFB_AES
-@@ -177,11 +199,15 @@
-  *
-  * Comment macros to disable the types
-  */
-+#ifndef TF_M_PROFILE_SMALL
-+#ifndef TF_M_PROFILE_MEDIUM
- #define ARCH_TEST_PKCS1V15
- #define ARCH_TEST_RSA_PKCS1V15_SIGN
- #define ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
- #define ARCH_TEST_RSA_PKCS1V15_CRYPT
- #define ARCH_TEST_RSA_OAEP
-+#endif
-+#endif
- 
- /**
-  * \def ARCH_TEST_CBC_PKCS7
-@@ -190,7 +216,11 @@
-  *
-  * Comment macros to disable the types
-  */
-+#ifndef TF_M_PROFILE_SMALL
-+#ifndef TF_M_PROFILE_MEDIUM
- #define ARCH_TEST_CBC_PKCS7
-+#endif
-+#endif
- 
- /**
-  * \def ARCH_TEST_ASYMMETRIC_ENCRYPTION
-@@ -227,21 +257,27 @@
-  *
-  * Comment macros to disable the types
-  */
--// #define ARCH_TEST_MD2
--// #define ARCH_TEST_MD4
--#define ARCH_TEST_MD5
--#define ARCH_TEST_RIPEMD160
--#define ARCH_TEST_SHA1
-+//#define ARCH_TEST_MD2
-+//#define ARCH_TEST_MD4
-+//#define ARCH_TEST_MD5
-+//#define ARCH_TEST_RIPEMD160
-+//#define ARCH_TEST_SHA1
-+#ifndef TF_M_PROFILE_SMALL
- #define ARCH_TEST_SHA224
-+#endif
- #define ARCH_TEST_SHA256
-+#ifndef TF_M_PROFILE_SMALL
-+#ifndef TF_M_PROFILE_MEDIUM
- #define ARCH_TEST_SHA384
- #define ARCH_TEST_SHA512
--// #define ARCH_TEST_SHA512_224
--// #define ARCH_TEST_SHA512_256
--// #define ARCH_TEST_SHA3_224
--// #define ARCH_TEST_SHA3_256
--// #define ARCH_TEST_SHA3_384
--// #define ARCH_TEST_SHA3_512
-+#endif
-+#endif
-+//#define ARCH_TEST_SHA512_224
-+//#define ARCH_TEST_SHA512_256
-+//#define ARCH_TEST_SHA3_224
-+//#define ARCH_TEST_SHA3_256
-+//#define ARCH_TEST_SHA3_384
-+//#define ARCH_TEST_SHA3_512
- 
- /**
-  * \def ARCH_TEST_HKDF
-@@ -261,7 +297,12 @@
-  *
-  * Comment macros to disable the types
-  */
-+#ifndef TF_M_PROFILE_SMALL
-+#ifndef TF_M_PROFILE_MEDIUM
- #define ARCH_TEST_CMAC
-+#endif
-+#endif
-+//#define ARCH_TEST_GMAC
- #define ARCH_TEST_HMAC
- 
- /**
-@@ -281,7 +322,11 @@
-  * Requires: ARCH_TEST_AES
-  *
-  */
-+#ifndef TF_M_PROFILE_SMALL
-+#ifndef TF_M_PROFILE_MEDIUM
- #define ARCH_TEST_GCM
-+#endif
-+#endif
- 
- /**
-  * \def ARCH_TEST_TRUNCATED_MAC
-@@ -300,7 +345,9 @@
-  *
-  * Requires: ARCH_TEST_ECC
-  */
-+#ifndef TF_M_PROFILE_SMALL
- #define ARCH_TEST_ECDH
-+#endif
- 
- /**
-  * \def ARCH_TEST_ECDSA
-@@ -308,7 +355,9 @@
-  * Enable the elliptic curve DSA library.
-  * Requires: ARCH_TEST_ECC
-  */
-+#ifndef TF_M_PROFILE_SMALL
- #define ARCH_TEST_ECDSA
-+#endif
- 
- /**
-  * \def ARCH_TEST_DETERMINISTIC_ECDSA
--- 
-2.25.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0003-se-proxy-dts-add-se-proxy-as-child-node.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0003-se-proxy-dts-add-se-proxy-as-child-node.patch
deleted file mode 100644
index bb4fc82..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0003-se-proxy-dts-add-se-proxy-as-child-node.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 0ec1b3d20d612325b9c55baa2539d080eb6a72a8 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Sat, 13 Nov 2021 08:34:42 +0000
-Subject: [PATCH] se-proxy:dts: add se-proxy as child node
-
-se-proxy sp string should be added for se-proxy node to be
-read properly.
-
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-
-
----
- .../se-proxy/opteesp/default_se-proxy.dts.in  | 20 ++++++++++---------
- 1 file changed, 11 insertions(+), 9 deletions(-)
-
-diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-index 961071ad..9f5cf712 100644
---- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-+++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-@@ -7,13 +7,15 @@
- @DTS_TAG@
- 
- @DTS_NODE@ {
--	compatible = "arm,ffa-manifest-1.0";
--	ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */
--	uuid = <@EXPORT_SP_UUID_DT@>;
--	description = "SE Proxy";
--	execution-ctx-count = <1>;
--	exception-level = <1>; /* S-EL0 */
--	execution-state = <0>; /* AArch64 */
--	xlat-granule = <0>; /* 4KiB */
--	messaging-method = <0>; /* Direct messaging only */
-+	se-proxy {
-+		compatible = "arm,ffa-manifest-1.0";
-+		ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */
-+		uuid = <@EXPORT_SP_UUID_DT@>;
-+		description = "SE Proxy";
-+		execution-ctx-count = <1>;
-+		exception-level = <1>; /* S-EL0 */
-+		execution-state = <0>; /* AArch64 */
-+		xlat-granule = <0>; /* 4KiB */
-+		messaging-method = <0>; /* Direct messaging only */
-+	};
- };
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0004-Update-mm-comm-buffer-region-in-dts-file.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0004-Update-mm-comm-buffer-region-in-dts-file.patch
deleted file mode 100644
index 9ceb176..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0004-Update-mm-comm-buffer-region-in-dts-file.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 97b4f3cd0216c30c39f6ece4f68d8faf3901fded Mon Sep 17 00:00:00 2001
-From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-Date: Wed, 17 Nov 2021 15:31:09 +0000
-Subject: [PATCH] Update mm-comm-buffer region in dts file
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-
-
----
- .../opteesp/default_smm-gateway.dts.in        | 35 ++++++++++---------
- 1 file changed, 18 insertions(+), 17 deletions(-)
-
-diff --git a/deployments/smm-gateway/opteesp/default_smm-gateway.dts.in b/deployments/smm-gateway/opteesp/default_smm-gateway.dts.in
-index 0ad7878b..183c38a7 100644
---- a/deployments/smm-gateway/opteesp/default_smm-gateway.dts.in
-+++ b/deployments/smm-gateway/opteesp/default_smm-gateway.dts.in
-@@ -7,23 +7,24 @@
- @DTS_TAG@
- 
- @DTS_NODE@ {
--	compatible = "arm,ffa-manifest-1.0";
--	ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */
--	uuid = <@EXPORT_SP_UUID_DT@>;
--	description = "SMM Gateway";
--	execution-ctx-count = <1>;
--	exception-level = <1>; /* S-EL0 */
--	execution-state = <0>; /* AArch64 */
--	xlat-granule = <0>; /* 4KiB */
--	messaging-method = <0>; /* Direct messaging only */
--
--	memory-regions {
--		compatible = "arm,ffa-manifest-memory-regions";
--
--		mm-comm-buffer {
--			base-address = <@MM_COMM_BUFFER_ADDRESS@>;
--			pages-count = <@MM_COMM_BUFFER_PAGE_COUNT@>;
--			attributes = <0xb>;  /* ns access-read-write */
-+	smm-gateway{
-+		compatible = "arm,ffa-manifest-1.0";
-+		ffa-version = <0x00010000>; /* 31:16 - Major, 15:0 - Minor */
-+		uuid = <@EXPORT_SP_UUID_DT@>;
-+		description = "SMM Gateway";
-+		execution-ctx-count = <1>;
-+		exception-level = <1>; /* S-EL0 */
-+		execution-state = <0>; /* AArch64 */
-+		xlat-granule = <0>; /* 4KiB */
-+		messaging-method = <0>; /* Direct messaging only */
-+		device-regions {
-+          compatible = "arm,ffa-manifest-device-regions";
-+          mm-comm-buffer {
-+              /* Armv8 A Foundation Platform values */
-+              base-address = <0x00000000 0x02000000>;
-+              pages-count = <1>;
-+              attributes = <0x3>; /* read-write */
-+              };
- 		};
- 	};
- };
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0005-Configure-NV-storage-macro.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0005-Configure-NV-storage-macro.patch
deleted file mode 100644
index 8d2d62b..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0005-Configure-NV-storage-macro.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From a11b23dd5f0c4124a5c6c2fcab0ea623bc76f4ba Mon Sep 17 00:00:00 2001
-From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-Date: Wed, 17 Nov 2021 15:32:04 +0000
-Subject: [PATCH] Configure NV storage macro
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-
-
----
- deployments/smm-gateway/smm_gateway.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/deployments/smm-gateway/smm_gateway.c b/deployments/smm-gateway/smm_gateway.c
-index 4884a040..7828b3af 100644
---- a/deployments/smm-gateway/smm_gateway.c
-+++ b/deployments/smm-gateway/smm_gateway.c
-@@ -13,6 +13,8 @@
- 
- /* Build-time default configuration */
- 
-+#define SMM_GATEWAY_NV_STORE_SN "sn:ffa:46bb39d1-b4d9-45b5-88ff-040027dab249:1"
-+
- /* Default to using the Protected Storage SP */
- #ifndef SMM_GATEWAY_NV_STORE_SN
- #define SMM_GATEWAY_NV_STORE_SN		"sn:ffa:751bf801-3dde-4768-a514-0f10aeed1790:0"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0006-Use-device-region.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0006-Use-device-region.patch
deleted file mode 100644
index eba1338..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0006-Use-device-region.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From ae22f5077d35e6acf3feb8a84a8ef7f599261b00 Mon Sep 17 00:00:00 2001
-From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-Date: Wed, 17 Nov 2021 15:32:46 +0000
-Subject: [PATCH] Use device region
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-
-
----
- deployments/smm-gateway/opteesp/smm_gateway_sp.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/deployments/smm-gateway/opteesp/smm_gateway_sp.c b/deployments/smm-gateway/opteesp/smm_gateway_sp.c
-index 6f138850..0bc09023 100644
---- a/deployments/smm-gateway/opteesp/smm_gateway_sp.c
-+++ b/deployments/smm-gateway/opteesp/smm_gateway_sp.c
-@@ -10,7 +10,7 @@
- #include <config/loader/sp/sp_config_loader.h>
- #include "components/rpc/mm_communicate/endpoint/sp/mm_communicate_call_ep.h"
- #include "components/service/smm_variable/frontend/mm_communicate/smm_variable_mm_service.h"
--#include "platform/interface/memory_region.h"
-+#include "platform/interface/device_region.h"
- #include <ffa_api.h>
- #include <sp_api.h>
- #include <sp_messaging.h>
-@@ -25,7 +25,7 @@ static int sp_init(uint16_t *own_sp_id);
- 
- void __noreturn sp_main(struct ffa_init_info *init_info)
- {
--	struct memory_region mm_comm_buffer_region = { 0 };
-+	struct device_region mm_comm_buffer_region = { 0 };
- 	struct rpc_interface *gateway_iface = NULL;
- 	struct smm_variable_mm_service smm_var_service = { 0 };
- 	struct mm_service_interface *smm_var_service_interface = NULL;
-@@ -42,7 +42,7 @@ void __noreturn sp_main(struct ffa_init_info *init_info)
- 	config_ramstore_init();
- 	sp_config_load(init_info);
- 
--	if (!config_store_query(CONFIG_CLASSIFIER_MEMORY_REGION, CONFIG_NAME_MM_COMM_BUFFER_REGION,
-+	if (!config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION, CONFIG_NAME_MM_COMM_BUFFER_REGION,
- 				0, &mm_comm_buffer_region, sizeof(mm_comm_buffer_region))) {
- 		EMSG(CONFIG_NAME_MM_COMM_BUFFER_REGION " is not set in SP configuration");
- 		goto fatal_error;
-@@ -57,7 +57,7 @@ void __noreturn sp_main(struct ffa_init_info *init_info)
- 	/* Initialize MM communication layer */
- 	if (!mm_communicate_call_ep_init(&mm_communicate_call_ep,
- 					 (void *)mm_comm_buffer_region.base_addr,
--					 mm_comm_buffer_region.region_size))
-+					 mm_comm_buffer_region.io_region_size))
- 		goto fatal_error;
- 
- 	/* Attach SMM variable service to MM communication layer */
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0007-Add-openamp-to-SE-proxy-deployment.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0007-Add-openamp-to-SE-proxy-deployment.patch
deleted file mode 100644
index eb51ef7..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0007-Add-openamp-to-SE-proxy-deployment.patch
+++ /dev/null
@@ -1,259 +0,0 @@
-From 90712f624c7b676e5b9a2d95cbe97d2b63fddcc9 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 16:36:51 +0000
-Subject: [PATCH] Add openamp to SE proxy deployment
-
-Openamp is required to communicate between secure partitions(running on
-Cortex-A) and trusted-firmware-m(running on Cortex-M).
-These changes are to fetch libmetal and openamp from github repo's
-and build it.
-
-Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-
----
- deployments/se-proxy/opteesp/CMakeLists.txt | 14 ++++
- deployments/se-proxy/opteesp/lse.S          | 19 +++++
- external/openamp/libmetal.cmake             | 81 ++++++++++++++++++++
- external/openamp/openamp.cmake              | 82 +++++++++++++++++++++
- 4 files changed, 196 insertions(+)
- create mode 100644 deployments/se-proxy/opteesp/lse.S
- create mode 100644 external/openamp/libmetal.cmake
- create mode 100644 external/openamp/openamp.cmake
-
-diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt
-index 4e2069a5..248bd7e3 100644
---- a/deployments/se-proxy/opteesp/CMakeLists.txt
-+++ b/deployments/se-proxy/opteesp/CMakeLists.txt
-@@ -89,6 +89,7 @@ add_components(TARGET "se-proxy"
- target_sources(se-proxy PRIVATE
- 	se_proxy_sp.c
- 	service_proxy_factory.c
-+	lse.S
- )
- 
- #-------------------------------------------------------------------------------
-@@ -108,6 +109,19 @@ include(../../../external/nanopb/nanopb.cmake)
- target_link_libraries(se-proxy PRIVATE nanopb::protobuf-nanopb-static)
- protobuf_generate_all(TGT "se-proxy" NAMESPACE "protobuf" BASE_DIR "${TS_ROOT}/protocols")
- 
-+# libmetal
-+list(APPEND LIBMETAL_EXTERNAL_INCLUDE_PATHS ${SP_DEV_KIT_INCLUDE_DIR})
-+set(LIBMETAL_EXTRA_INCLUDE_PATHS ${LIBMETAL_EXTRA_INCLUDE_PATHS}
-+	CACHE STRING "" FORCE)
-+include(../../../external/openamp/libmetal.cmake)
-+
-+# OpenAMP
-+list(APPEND OPENAMP_EXTERNAL_INCLUDE_PATHS ${SP_DEV_KIT_INCLUDE_DIR})
-+set(OPENAMP_EXTRA_INCLUDE_PATHS ${OPENAMP_EXTRA_INCLUDE_PATHS}
-+	CACHE STRING "" FORCE)
-+include(../../../external/openamp/openamp.cmake)
-+target_link_libraries(se-proxy PRIVATE openamp libmetal)
-+
- #################################################################
- 
- target_compile_definitions(se-proxy PRIVATE
-diff --git a/deployments/se-proxy/opteesp/lse.S b/deployments/se-proxy/opteesp/lse.S
-new file mode 100644
-index 00000000..840683a6
---- /dev/null
-+++ b/deployments/se-proxy/opteesp/lse.S
-@@ -0,0 +1,19 @@
-+// SPDX-License-Identifier: BSD-3-Clause
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ */
-+
-+.text
-+.globl __aarch64_cas4_acq_rel
-+
-+__aarch64_cas4_acq_rel:
-+	mov	w16, w0
-+	ldaxr	w0, [x2]
-+	cmp	w0, w16
-+0:	bne	1f
-+
-+	stlxr	w17, w1, [x2]
-+	cbnz	w17, 0b
-+1:	ret
-+
-+
-diff --git a/external/openamp/libmetal.cmake b/external/openamp/libmetal.cmake
-new file mode 100644
-index 00000000..3a647e69
---- /dev/null
-+++ b/external/openamp/libmetal.cmake
-@@ -0,0 +1,81 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021 Linaro Limited
-+# Copyright (c) 2021, Arm Limited. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+
-+set (LIBMETAL_URL "https://github.com/OpenAMP/libmetal.git" CACHE STRING "libmetal repository URL")
-+set (LIBMETAL_INSTALL_PATH "${CMAKE_CURRENT_BINARY_DIR}/libmetal_install" CACHE PATH "libmetal installation directory")
-+set (LIBMETAL_PACKAGE_PATH "${LIBMETAL_INSTALL_PATH}/libmetal/cmake" CACHE PATH "libmetal CMake package directory")
-+set (LIBMETAL_TARGET_NAME "libmetal")
-+set (LIBMETAL_VERSION "f252f0e007fbfb8b3a52b1d5901250ddac96baad"  CACHE STRING "The version of libmetal to use")
-+
-+if(NOT LIBMETAL_DEBUG)
-+	set(LIBMETAL_BUILD_TYPE "Release")
-+else()
-+	set(LIBMETAL_BUILD_TYPE "Debug")
-+endif()
-+
-+include(FetchContent)
-+
-+# Checking git
-+find_program(GIT_COMMAND "git")
-+if (NOT GIT_COMMAND)
-+	message(FATAL_ERROR "Please install git")
-+endif()
-+
-+FetchContent_Declare(
-+	libmetal
-+	GIT_REPOSITORY ${LIBMETAL_URL}
-+	GIT_TAG ${LIBMETAL_VERSION}
-+)
-+
-+# FetchContent_GetProperties exports libmetal_SOURCE_DIR and libmetal_BINARY_DIR variables
-+FetchContent_GetProperties(libmetal)
-+if(NOT libmetal_POPULATED)
-+	message(STATUS "Fetching libmetal")
-+	FetchContent_Populate(libmetal)
-+endif()
-+
-+# Ensure list of include paths is separated correctly
-+string(REPLACE ";" "\\;" LIBMETAL_EXTERNAL_INCLUDE_PATHS "${LIBMETAL_EXTERNAL_INCLUDE_PATHS}")
-+
-+#Configure the library
-+execute_process(COMMAND
-+	${CMAKE_COMMAND}
-+			-DCMAKE_BUILD_TYPE=${LIBMETAL_BUILD_TYPE}
-+			-DCMAKE_C_COMPILER=${CMAKE_C_COMPILER}
-+			-DCMAKE_C_COMPILER_ID=${CMAKE_C_COMPILER_ID}
-+			-DCMAKE_TOOLCHAIN_FILE=${TS_EXTERNAL_LIB_TOOLCHAIN_FILE}
-+			-DCMAKE_INSTALL_PREFIX=${LIBMETAL_INSTALL_PATH}
-+			-DCMAKE_C_FLAGS_DEBUG=${CMAKE_C_FLAGS_DEBUG}
-+			-DCMAKE_C_FLAGS=${CMAKE_C_FLAGS}
-+			-DCMAKE_C_OUTPUT_EXTENSION=.o
-+			-DCMAKE_C_COMPILER_WORKS=true
-+			-DCMAKE_SYSTEM_PROCESSOR=arm
-+			-DWITH_DOC=off
-+			-DWITH_TESTS=off
-+			-DWITH_EXAMPLES=off
-+			-DWITH_DEFAULT_LOGGER=off
-+			-DEXTERNAL_INCLUDE_PATHS=${LIBMETAL_EXTERNAL_INCLUDE_PATHS}
-+			-DMACHINE=template
-+			${libmetal_SOURCE_DIR}
-+	WORKING_DIRECTORY
-+			${libmetal_BINARY_DIR}
-+)
-+
-+# Build the library
-+execute_process(COMMAND
-+    ${CMAKE_COMMAND} --build ${libmetal_BINARY_DIR} -- install
-+		RESULT_VARIABLE _exec_error
-+	)
-+if (_exec_error)
-+	message(FATAL_ERROR "Build step of libmetal failed with ${_exec_error}.")
-+endif()
-+
-+#Create an imported target to have clean abstraction in the build-system.
-+add_library(libmetal STATIC IMPORTED)
-+set_property(TARGET libmetal PROPERTY IMPORTED_LOCATION "${LIBMETAL_INSTALL_PATH}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}metal${CMAKE_STATIC_LIBRARY_SUFFIX}")
-+set_property(TARGET libmetal PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${LIBMETAL_INSTALL_PATH}/include")
-diff --git a/external/openamp/openamp.cmake b/external/openamp/openamp.cmake
-new file mode 100644
-index 00000000..aae13bad
---- /dev/null
-+++ b/external/openamp/openamp.cmake
-@@ -0,0 +1,82 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021 Linaro Limited
-+# Copyright (c) 2021, Arm Limited. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+
-+set (OPENAMP_URL "https://github.com/OpenAMP/open-amp.git" CACHE STRING "OpenAMP repository URL")
-+set (OPENAMP_INSTALL_PATH "${CMAKE_CURRENT_BINARY_DIR}/openamp_install" CACHE PATH "OpenAMP installation directory")
-+set (OPENAMP_PACKAGE_PATH "${OPENAMP_INSTALL_PATH}/openamp/cmake" CACHE PATH "OpenAMP CMake package directory")
-+set (OPENAMP_TARGET_NAME "openamp")
-+set (OPENAMP_VERSION "347397decaa43372fc4d00f965640ebde042966d"  CACHE STRING "The version of openamp to use")
-+
-+
-+if(NOT OPENAMP_DEBUG)
-+	set(OPENAMP_BUILD_TYPE "Release")
-+else()
-+	set(OPENAMP_BUILD_TYPE "Debug")
-+endif()
-+
-+include(FetchContent)
-+
-+# Checking git
-+find_program(GIT_COMMAND "git")
-+if (NOT GIT_COMMAND)
-+	message(FATAL_ERROR "Please install git")
-+endif()
-+
-+FetchContent_Declare(
-+	openamp
-+	GIT_REPOSITORY ${OPENAMP_URL}
-+	GIT_TAG ${OPENAMP_VERSION}
-+)
-+
-+# FetchContent_GetProperties exports openamp_SOURCE_DIR and openamp_BINARY_DIR variables
-+FetchContent_GetProperties(openamp)
-+if(NOT openamp_POPULATED)
-+	message(STATUS "Fetching openamp")
-+	FetchContent_Populate(openamp)
-+endif()
-+
-+# Ensure list of include paths is separated correctly
-+get_target_property(_libmetal_inc libmetal INTERFACE_INCLUDE_DIRECTORIES)
-+set (_openam_external_include_paths ${_libmetal_inc} ${OPENAMP_EXTERNAL_INCLUDE_PATHS})
-+string(REPLACE ";" "\\;" OPENAMP_EXTERNAL_INCLUDE_PATHS "${_openam_external_include_paths}")
-+
-+#Configure the library
-+execute_process(COMMAND
-+	${CMAKE_COMMAND}
-+			-DCMAKE_BUILD_TYPE=${OPENAMP_BUILD_TYPE}
-+			-DCMAKE_C_COMPILER=${CMAKE_C_COMPILER}
-+			-DCMAKE_C_COMPILER_ID=${CMAKE_C_COMPILER_ID}
-+			-DCMAKE_TOOLCHAIN_FILE=${TS_EXTERNAL_LIB_TOOLCHAIN_FILE}
-+			-DCMAKE_INSTALL_PREFIX=${OPENAMP_INSTALL_PATH}
-+			-DCMAKE_C_FLAGS_DEBUG=${CMAKE_C_FLAGS_DEBUG}
-+			-DLIBMETAL_INCLUDE_DIR=${CMAKE_CURRENT_BINARY_DIR}/libmetal/lib/include
-+			-DLIBMETAL_LIB=${CMAKE_CURRENT_BINARY_DIR}/libmetal/lib
-+			-DCMAKE_C_OUTPUT_EXTENSION=.o
-+			-DCMAKE_C_COMPILER_WORKS=true
-+			-DCMAKE_SYSTEM_PROCESSOR=arm
-+			-DEXTERNAL_INCLUDE_PATHS=${OPENAMP_EXTERNAL_INCLUDE_PATHS}
-+			-DMACHINE=template
-+			-DRPMSG_BUFFER_SIZE=512
-+			${openamp_SOURCE_DIR}
-+	WORKING_DIRECTORY
-+			${openamp_BINARY_DIR}
-+)
-+
-+# Build the library
-+execute_process(COMMAND
-+    ${CMAKE_COMMAND} --build ${openamp_BINARY_DIR} -- install
-+		RESULT_VARIABLE _exec_error
-+	)
-+if (_exec_error)
-+	message(FATAL_ERROR "Build step of OpenAMP failed with ${_exec_error}.")
-+endif()
-+
-+#Create an imported target to have clean abstraction in the build-system.
-+add_library(openamp STATIC IMPORTED)
-+set_property(TARGET openamp PROPERTY IMPORTED_LOCATION "${OPENAMP_INSTALL_PATH}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}open_amp${CMAKE_STATIC_LIBRARY_SUFFIX}")
-+set_property(TARGET openamp PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${OPENAMP_INSTALL_PATH}/include")
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0009-Add-openamp-rpc-caller.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0009-Add-openamp-rpc-caller.patch
deleted file mode 100644
index 0f3f2c6..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0009-Add-openamp-rpc-caller.patch
+++ /dev/null
@@ -1,1197 +0,0 @@
-From a6721cc391397f5f999db84e4ebec4c20985996a Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 19:00:54 +0000
-Subject: [PATCH] Add openamp rpc caller
-
-Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-
----
- components/rpc/common/caller/rpc_caller.c     |  10 +
- components/rpc/common/interface/rpc_caller.h  |   8 +
- .../rpc/openamp/caller/sp/component.cmake     |  15 +
- .../rpc/openamp/caller/sp/openamp_caller.c    | 203 +++++++
- .../rpc/openamp/caller/sp/openamp_caller.h    |  43 ++
- .../rpc/openamp/caller/sp/openamp_mhu.c       | 191 ++++++
- .../rpc/openamp/caller/sp/openamp_mhu.h       |  19 +
- .../rpc/openamp/caller/sp/openamp_virtio.c    | 554 ++++++++++++++++++
- .../rpc/openamp/caller/sp/openamp_virtio.h    |  24 +
- deployments/se-proxy/opteesp/CMakeLists.txt   |   1 +
- .../se-proxy/opteesp/default_se-proxy.dts.in  |   6 +
- 11 files changed, 1074 insertions(+)
- create mode 100644 components/rpc/openamp/caller/sp/component.cmake
- create mode 100644 components/rpc/openamp/caller/sp/openamp_caller.c
- create mode 100644 components/rpc/openamp/caller/sp/openamp_caller.h
- create mode 100644 components/rpc/openamp/caller/sp/openamp_mhu.c
- create mode 100644 components/rpc/openamp/caller/sp/openamp_mhu.h
- create mode 100644 components/rpc/openamp/caller/sp/openamp_virtio.c
- create mode 100644 components/rpc/openamp/caller/sp/openamp_virtio.h
-
-diff --git a/components/rpc/common/caller/rpc_caller.c b/components/rpc/common/caller/rpc_caller.c
-index 2dceabeb..20d889c1 100644
---- a/components/rpc/common/caller/rpc_caller.c
-+++ b/components/rpc/common/caller/rpc_caller.c
-@@ -37,3 +37,13 @@ void rpc_caller_end(struct rpc_caller *s, rpc_call_handle handle)
- {
- 	s->call_end(s->context, handle);
- }
-+
-+void *rpc_caller_virt_to_phys(struct rpc_caller *s, void *va)
-+{
-+	return s->virt_to_phys(s->context, va);
-+}
-+
-+void *rpc_caller_phys_to_virt(struct rpc_caller *s, void *pa)
-+{
-+	return s->phys_to_virt(s->context, pa);
-+}
-diff --git a/components/rpc/common/interface/rpc_caller.h b/components/rpc/common/interface/rpc_caller.h
-index 387489cd..ef9bb649 100644
---- a/components/rpc/common/interface/rpc_caller.h
-+++ b/components/rpc/common/interface/rpc_caller.h
-@@ -45,6 +45,10 @@ struct rpc_caller
- 		     	rpc_opstatus_t *opstatus, uint8_t **resp_buf, size_t *resp_len);
- 
- 	void (*call_end)(void *context, rpc_call_handle handle);
-+
-+	void *(*virt_to_phys)(void *context, void *va);
-+
-+	void *(*phys_to_virt)(void *context, void *pa);
- };
- 
- /*
-@@ -87,6 +91,10 @@ RPC_CALLER_EXPORTED rpc_status_t rpc_caller_invoke(struct rpc_caller *s, rpc_cal
-  */
- RPC_CALLER_EXPORTED void rpc_caller_end(struct rpc_caller *s, rpc_call_handle handle);
- 
-+RPC_CALLER_EXPORTED void *rpc_caller_virt_to_phys(struct rpc_caller *s, void *va);
-+
-+RPC_CALLER_EXPORTED void *rpc_caller_phys_to_virt(struct rpc_caller *s, void *pa);
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/components/rpc/openamp/caller/sp/component.cmake b/components/rpc/openamp/caller/sp/component.cmake
-new file mode 100644
-index 00000000..fc919529
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/component.cmake
-@@ -0,0 +1,15 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+	message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+	"${CMAKE_CURRENT_LIST_DIR}/openamp_caller.c"
-+	"${CMAKE_CURRENT_LIST_DIR}/openamp_virtio.c"
-+	"${CMAKE_CURRENT_LIST_DIR}/openamp_mhu.c"
-+	)
-diff --git a/components/rpc/openamp/caller/sp/openamp_caller.c b/components/rpc/openamp/caller/sp/openamp_caller.c
-new file mode 100644
-index 00000000..6cdfb756
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_caller.c
-@@ -0,0 +1,203 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <stddef.h>
-+#include <trace.h>
-+#include "openamp_caller.h"
-+#include "openamp_mhu.h"
-+#include "openamp_virtio.h"
-+#include <protocols/rpc/common/packed-c/status.h>
-+
-+#define OPENAMP_TRANSACTION_IDLE	0x0
-+#define OPENAMP_TRANSACTION_INPROGRESS	0x1
-+#define OPENAMP_TRANSACTION_INVOKED	0x2
-+
-+static rpc_call_handle openamp_call_begin(void *context, uint8_t **req_buf,
-+					  size_t req_len)
-+{
-+	struct openamp_caller *openamp = context;
-+	const struct openamp_platform_ops *ops = openamp->platform_ops;
-+	rpc_call_handle handle;
-+	int ret;
-+
-+	if (!req_buf) {
-+		EMSG("openamp: call_begin: not req_buf");
-+		return NULL;
-+	}
-+
-+	if (req_len > UINT32_MAX || req_len == 0) {
-+		EMSG("openamp: call_begin: resp_len invalid: %lu", req_len);
-+		return NULL;
-+	}
-+
-+	if (openamp->status != OPENAMP_TRANSACTION_IDLE) {
-+		EMSG("openamp: call_begin: transaction not idle");
-+		return NULL;
-+	}
-+
-+	ret = ops->platform_call_begin(openamp, req_buf, req_len);
-+	if (ret < 0) {
-+		EMSG("openamp: call_begin: platform begin failed: %d", ret);
-+		return NULL;
-+	}
-+
-+	openamp->status = OPENAMP_TRANSACTION_INPROGRESS;
-+	handle = openamp;
-+
-+	return handle;
-+}
-+
-+static rpc_status_t openamp_call_invoke(void *context, rpc_call_handle handle,
-+					uint32_t opcode, int *opstatus,
-+					uint8_t **resp_buf, size_t *resp_len)
-+{
-+	struct openamp_caller *openamp = context;
-+	const struct openamp_platform_ops *ops = openamp->platform_ops;
-+	rpc_status_t status;
-+	int ret;
-+
-+	(void)opcode;
-+
-+	if ((handle != openamp) || !opstatus || !resp_buf || !resp_len) {
-+		EMSG("openamp: call_invoke: invalid arguments");
-+		return TS_RPC_ERROR_INVALID_PARAMETER;
-+	}
-+
-+	if (openamp->status != OPENAMP_TRANSACTION_INPROGRESS) {
-+		EMSG("openamp: call_invoke: transaction needed to be started");
-+		return TS_RPC_ERROR_NOT_READY;
-+	}
-+
-+	ret = ops->platform_call_invoke(openamp, opstatus, resp_buf, resp_len);
-+	if (ret < 0)
-+		return TS_RPC_ERROR_INTERNAL;
-+
-+	openamp->status = OPENAMP_TRANSACTION_INVOKED;
-+	*opstatus = 0;
-+
-+	return TS_RPC_CALL_ACCEPTED;
-+}
-+
-+static void openamp_call_end(void *context, rpc_call_handle handle)
-+{
-+	struct openamp_caller *openamp = context;
-+	const struct openamp_platform_ops *ops = openamp->platform_ops;
-+
-+	if (handle != openamp) {
-+		EMSG("openamp: call_end: invalid arguments");
-+		return;
-+	}
-+
-+	if (openamp->status == OPENAMP_TRANSACTION_IDLE) {
-+		EMSG("openamp: call_end: transaction idle");
-+		return;
-+	}
-+
-+	ops->platform_call_end(openamp);
-+
-+	openamp->status = OPENAMP_TRANSACTION_IDLE;
-+}
-+
-+static void *openamp_virt_to_phys(void *context, void *va)
-+{
-+	struct openamp_caller *openamp = context;
-+	const struct openamp_platform_ops *ops = openamp->platform_ops;
-+
-+	return ops->platform_virt_to_phys(openamp, va);
-+}
-+
-+static void *openamp_phys_to_virt(void *context, void *pa)
-+{
-+	struct openamp_caller *openamp = context;
-+	const struct openamp_platform_ops *ops = openamp->platform_ops;
-+
-+	return ops->platform_phys_to_virt(openamp, pa);
-+}
-+
-+static int openamp_init(struct openamp_caller *openamp)
-+{
-+	const struct openamp_platform_ops *ops = openamp->platform_ops;
-+	int ret;
-+
-+	ret = ops->transport_init(openamp);
-+	if (ret < 0)
-+		return ret;
-+
-+	ret = ops->platform_init(openamp);
-+	if (ret < 0)
-+		goto denit_transport;
-+
-+	return 0;
-+
-+denit_transport:
-+	ops->transport_deinit(openamp);
-+
-+	return ret;
-+}
-+
-+static const struct openamp_platform_ops openamp_virtio_ops = {
-+	.transport_init = openamp_mhu_init,
-+	.transport_deinit = openamp_mhu_deinit,
-+	.transport_notify = openamp_mhu_notify_peer,
-+	.transport_receive = openamp_mhu_receive,
-+	.platform_init = openamp_virtio_init,
-+	.platform_call_begin = openamp_virtio_call_begin,
-+	.platform_call_invoke = openamp_virtio_call_invoke,
-+	.platform_call_end = openamp_virtio_call_end,
-+	.platform_virt_to_phys = openamp_virtio_virt_to_phys,
-+	.platform_phys_to_virt = openamp_virtio_phys_to_virt,
-+};
-+
-+struct rpc_caller *openamp_caller_init(struct openamp_caller *openamp)
-+{
-+	struct rpc_caller *rpc = &openamp->rpc_caller;
-+	int ret;
-+
-+	if (openamp->ref_count)
-+		return rpc;
-+
-+	rpc_caller_init(rpc, openamp);
-+
-+	rpc->call_begin = openamp_call_begin;
-+	rpc->call_invoke = openamp_call_invoke;
-+	rpc->call_end = openamp_call_end;
-+	rpc->virt_to_phys = openamp_virt_to_phys;
-+	rpc->phys_to_virt = openamp_phys_to_virt;
-+	openamp->platform_ops = &openamp_virtio_ops;
-+
-+	ret = openamp_init(openamp);
-+	if (ret < 0) {
-+		EMSG("openamp_init: failed to start: %d", ret);
-+		return rpc;
-+	}
-+	openamp->ref_count++;
-+
-+	return rpc;
-+}
-+
-+void openamp_caller_deinit(struct openamp_caller *openamp)
-+{
-+	struct rpc_caller *rpc = &openamp->rpc_caller;
-+
-+	if (--openamp->ref_count)
-+		return;
-+
-+	rpc->context = NULL;
-+	rpc->call_begin = NULL;
-+	rpc->call_invoke = NULL;
-+	rpc->call_end = NULL;
-+}
-+
-+int openamp_caller_discover(struct openamp_caller *openamp)
-+{
-+	return openamp_init(openamp);
-+}
-+
-+int openamp_caller_open(struct openamp_caller *openamp)
-+{
-+
-+}
-diff --git a/components/rpc/openamp/caller/sp/openamp_caller.h b/components/rpc/openamp/caller/sp/openamp_caller.h
-new file mode 100644
-index 00000000..3fb67c56
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_caller.h
-@@ -0,0 +1,43 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+#ifndef OPENAMP_CALLER_H
-+#define OPENAMP_CALLER_H
-+
-+#include <stddef.h>
-+#include <rpc_caller.h>
-+
-+struct openamp_caller {
-+	struct rpc_caller rpc_caller;
-+	const struct openamp_platform_ops *platform_ops;
-+	uint32_t ref_count;
-+	uint8_t status;
-+
-+	void *transport;
-+	void *platform;
-+};
-+
-+struct openamp_platform_ops {
-+	int (*transport_init)(struct openamp_caller *openamp);
-+	int (*transport_deinit)(struct openamp_caller *openamp);
-+	int (*transport_notify)(struct openamp_caller *openamp);
-+	int (*transport_receive)(struct openamp_caller *openamp);
-+	int (*platform_init)(struct openamp_caller *openamp);
-+	int (*platform_deinit)(struct openamp_caller *openamp);
-+	int (*platform_call_begin)(struct openamp_caller *openamp,
-+				   uint8_t **req_buf, size_t req_len);
-+	int (*platform_call_invoke)(struct openamp_caller *openamp,
-+				    int *opstatus, uint8_t **resp_buf,
-+				    size_t *resp_len);
-+	int (*platform_call_end)(struct openamp_caller *openamp);
-+	void *(*platform_virt_to_phys)(struct openamp_caller *openamp, void *va);
-+	void *(*platform_phys_to_virt)(struct openamp_caller *openamp, void *pa);
-+};
-+
-+struct rpc_caller *openamp_caller_init(struct openamp_caller *openamp);
-+void openamp_caller_deinit(struct openamp_caller *openamp);
-+
-+#endif
-diff --git a/components/rpc/openamp/caller/sp/openamp_mhu.c b/components/rpc/openamp/caller/sp/openamp_mhu.c
-new file mode 100644
-index 00000000..ffdadaf8
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_mhu.c
-@@ -0,0 +1,191 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <config/interface/config_store.h>
-+#include <config/interface/config_blob.h>
-+#include <platform/interface/device_region.h>
-+#include <platform/drivers/arm/mhu_driver/mhu_v2.h>
-+#include <trace.h>
-+#include <errno.h>
-+#include <stdlib.h>
-+#include <stdint.h>
-+#include <stddef.h>
-+#include <limits.h>
-+
-+#include "openamp_caller.h"
-+
-+#define MHU_V_2_NOTIFY_CHANNEL	0
-+#define MHU_V_2_NOTIFY_VALUE	0xff
-+
-+struct openamp_mhu {
-+	struct device_region rx_region;
-+	struct device_region tx_region;
-+	struct mhu_v2_x_dev_t rx_dev;
-+	struct mhu_v2_x_dev_t tx_dev;
-+};
-+
-+static int openamp_mhu_device_get(const char *dev,
-+				  struct device_region *dev_region)
-+{
-+	bool found;
-+
-+	found = config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION, dev, 0,
-+				   dev_region, sizeof(*dev_region));
-+	if (!found)
-+		return -EINVAL;
-+
-+	if (!dev_region->base_addr)
-+		return -EINVAL;
-+
-+	IMSG("mhu: device region found: %s addr: 0x%x size: %d", dev,
-+	     dev_region->base_addr, dev_region->io_region_size);
-+
-+	return 0;
-+}
-+
-+int openamp_mhu_receive(struct openamp_caller *openamp)
-+{
-+	struct mhu_v2_x_dev_t *rx_dev;
-+	enum mhu_v2_x_error_t ret;
-+	struct openamp_mhu *mhu;
-+	uint32_t channel = 0;
-+	uint32_t irq_status;
-+
-+	if (!openamp->transport) {
-+		EMSG("openamp: mhu: receive transport not initialized");
-+		return -EINVAL;
-+	}
-+
-+	mhu = openamp->transport;
-+	rx_dev = &mhu->rx_dev;
-+
-+	irq_status = 0;
-+
-+	do {
-+		irq_status = mhu_v2_x_get_interrupt_status(rx_dev);
-+	} while(!irq_status);
-+
-+	ret = mhu_v2_1_get_ch_interrupt_num(rx_dev, &channel);
-+
-+	ret = mhu_v2_x_channel_clear(rx_dev, channel);
-+	if (ret != MHU_V_2_X_ERR_NONE) {
-+		EMSG("openamp: mhu: failed to clear channel: %d", channel);
-+		return -EPROTO;
-+	}
-+
-+	return 0;
-+}
-+
-+int openamp_mhu_notify_peer(struct openamp_caller *openamp)
-+{
-+	struct mhu_v2_x_dev_t *tx_dev;
-+	enum mhu_v2_x_error_t ret;
-+	struct openamp_mhu *mhu;
-+	uint32_t access_ready;
-+
-+	if (!openamp->transport) {
-+		EMSG("openamp: mhu: notify transport not initialized");
-+		return -EINVAL;
-+	}
-+
-+	mhu = openamp->transport;
-+	tx_dev = &mhu->tx_dev;
-+
-+	ret = mhu_v2_x_set_access_request(tx_dev);
-+	if (ret != MHU_V_2_X_ERR_NONE) {
-+		EMSG("openamp: mhu: set access request failed");
-+		return -EPROTO;
-+	}
-+
-+	do {
-+		ret = mhu_v2_x_get_access_ready(tx_dev, &access_ready);
-+		if (ret != MHU_V_2_X_ERR_NONE) {
-+			EMSG("openamp: mhu: failed to get access_ready");
-+			return -EPROTO;
-+		}
-+	} while (!access_ready);
-+
-+	ret = mhu_v2_x_channel_send(tx_dev, MHU_V_2_NOTIFY_CHANNEL,
-+				    MHU_V_2_NOTIFY_VALUE);
-+	if (ret != MHU_V_2_X_ERR_NONE) {
-+		EMSG("openamp: mhu: failed send over channel");
-+		return -EPROTO;
-+	}
-+
-+	ret = mhu_v2_x_reset_access_request(tx_dev);
-+	if (ret != MHU_V_2_X_ERR_NONE) {
-+		EMSG("openamp: mhu: failed reset access request");
-+		return -EPROTO;
-+	}
-+
-+	return 0;
-+}
-+
-+int openamp_mhu_init(struct openamp_caller *openamp)
-+{
-+	struct mhu_v2_x_dev_t *rx_dev;
-+	struct mhu_v2_x_dev_t *tx_dev;
-+	struct openamp_mhu *mhu;
-+	int ret;
-+
-+	/* if we already have initialized skip this */
-+	if (openamp->transport)
-+		return 0;
-+
-+	mhu = malloc(sizeof(*mhu));
-+	if (!mhu)
-+		return -1;
-+
-+	ret = openamp_mhu_device_get("mhu-sender", &mhu->tx_region);
-+	if (ret < 0)
-+		goto free_mhu;
-+
-+	ret = openamp_mhu_device_get("mhu-receiver", &mhu->rx_region);
-+	if (ret < 0)
-+		goto free_mhu;
-+
-+	rx_dev = &mhu->rx_dev;
-+	tx_dev = &mhu->tx_dev;
-+
-+	rx_dev->base =  (unsigned int)mhu->rx_region.base_addr;
-+	rx_dev->frame = MHU_V2_X_RECEIVER_FRAME;
-+
-+	tx_dev->base =  (unsigned int)mhu->tx_region.base_addr;
-+	tx_dev->frame = MHU_V2_X_SENDER_FRAME;
-+
-+	ret = mhu_v2_x_driver_init(rx_dev, MHU_REV_READ_FROM_HW);
-+	if (ret < 0)
-+		goto free_mhu;
-+
-+	ret = mhu_v2_x_driver_init(tx_dev, MHU_REV_READ_FROM_HW);
-+	if (ret < 0)
-+		goto free_mhu;
-+
-+	openamp->transport = (void *)mhu;
-+
-+	return 0;
-+
-+free_mhu:
-+	free(mhu);
-+
-+	return ret;
-+}
-+
-+int openamp_mhu_deinit(struct openamp_caller *openamp)
-+{
-+	struct openamp_mhu *mhu;
-+
-+	if (!openamp->transport)
-+		return 0;
-+
-+	mhu = openamp->transport;
-+	free(mhu);
-+
-+	openamp->transport = NULL;
-+
-+	return 0;
-+}
-diff --git a/components/rpc/openamp/caller/sp/openamp_mhu.h b/components/rpc/openamp/caller/sp/openamp_mhu.h
-new file mode 100644
-index 00000000..2ae5cb8e
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_mhu.h
-@@ -0,0 +1,19 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+#ifndef OPENAMP_MHU_H
-+#define OPENAMP_MHU_H
-+
-+#include <stddef.h>
-+#include "openamp_caller.h"
-+
-+int openamp_mhu_init(struct openamp_caller *openamp);
-+int openamp_mhu_deinit(struct openamp_caller *openamp);
-+
-+int openamp_mhu_notify_peer(struct openamp_caller *openamp);
-+int openamp_mhu_receive(struct openamp_caller *openamp);
-+
-+#endif
-diff --git a/components/rpc/openamp/caller/sp/openamp_virtio.c b/components/rpc/openamp/caller/sp/openamp_virtio.c
-new file mode 100644
-index 00000000..06e0735b
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_virtio.c
-@@ -0,0 +1,554 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <metal/device.h>
-+#include <metal/spinlock.h>
-+#include <openamp/open_amp.h>
-+#include <platform/interface/device_region.h>
-+#include <config/interface/config_store.h>
-+
-+#include <stddef.h>
-+#include "openamp_caller.h"
-+
-+#define OPENAMP_SHEM_DEVICE_NAME "openamp-virtio"
-+#define OPENAMP_RPMSG_ENDPOINT_NAME OPENAMP_SHEM_DEVICE_NAME
-+#define OPENAMP_RPMSG_ENDPOINT_ADDR 1024
-+
-+#define OPENAMP_SHEM_PHYS 0x88000000
-+#define OPENAMP_SHEM_PHYS_PAGES 1
-+#define OPENAMP_SHEM_SE_PHYS 0xa8000000
-+
-+#define OPENAMP_SHEM_VDEV_SIZE (4 * 1024)
-+#define OPENAMP_SHEM_VRING_SIZE (4 * 1024)
-+
-+#define OPENAMP_BUFFER_NO_WAIT  0
-+#define OPENAMP_BUFFER_WAIT     1
-+
-+#define VIRTQUEUE_NR            2
-+#define VQ_TX                   0
-+#define VQ_RX                   1
-+
-+#define VRING_DESCRIPTORS       16
-+#define VRING_ALIGN             4
-+
-+#define container_of(ptr, type, member) \
-+	((type *)((char *)(ptr) - (unsigned long)(&((type *)0)->member)))
-+
-+struct openamp_virtio_shm {
-+	uintptr_t base_addr;
-+	size_t size;
-+	uintptr_t vdev_status;
-+	size_t vdev_status_size;
-+	uintptr_t payload_addr;
-+	size_t payload_size;
-+	uintptr_t vring_tx;
-+	size_t vring_tx_size;
-+	uintptr_t vring_rx;
-+	size_t vring_rx_size;
-+
-+	metal_phys_addr_t shm_physmap[OPENAMP_SHEM_PHYS_PAGES];
-+};
-+
-+struct openamp_virtio_metal {
-+	struct metal_spinlock lock;
-+	struct metal_device shm_dev;
-+	struct metal_device *io_dev;
-+
-+	struct metal_io_region *io;
-+	struct openamp_virtio_shm shm;
-+};
-+
-+struct openamp_virtio_device {
-+	struct virtio_device virtio_dev;
-+	struct virtqueue *vq[VIRTQUEUE_NR];
-+	struct virtio_vring_info rvrings[VIRTQUEUE_NR];
-+};
-+
-+struct openamp_virtio_rpmsg {
-+	struct rpmsg_virtio_device rpmsg_vdev;
-+	struct rpmsg_endpoint ep;
-+	uint8_t *req_buf;
-+	uint32_t req_len;
-+	uint8_t *resp_buf;
-+	size_t resp_len;
-+};
-+
-+struct openamp_virtio {
-+	struct openamp_caller *openamp;
-+	struct openamp_virtio_rpmsg rpmsg;
-+	struct openamp_virtio_device vdev;
-+	struct openamp_virtio_metal metal;
-+};
-+
-+static struct openamp_virtio *openamp_virtio_from_dev(struct virtio_device *vdev)
-+{
-+	struct openamp_virtio_device *openamp_vdev;
-+
-+	openamp_vdev = container_of(vdev, struct openamp_virtio_device,
-+			    virtio_dev);
-+
-+	return container_of(openamp_vdev, struct openamp_virtio, vdev);
-+}
-+
-+static struct openamp_virtio_rpmsg *openamp_virtio_rpmsg_from_dev(struct rpmsg_device *rdev)
-+{
-+	struct rpmsg_virtio_device *rvdev;
-+
-+	rvdev = container_of(rdev, struct rpmsg_virtio_device, rdev);
-+
-+	return container_of(rvdev, struct openamp_virtio_rpmsg, rpmsg_vdev);
-+
-+}
-+
-+static void openamp_virtio_metal_device_setup(struct metal_device *shm_dev,
-+					      struct openamp_virtio_shm *shm)
-+{
-+	struct metal_io_region *shm_region;
-+
-+	shm_region = &shm_dev->regions[0];
-+
-+	shm_dev->name = OPENAMP_SHEM_DEVICE_NAME;
-+	shm_dev->num_regions = 1;
-+
-+	shm_region->virt = (void *)shm->payload_addr;
-+	shm_region->size = shm->payload_size;
-+
-+	shm_region->physmap = &shm->shm_physmap;
-+	shm_region->page_shift = (metal_phys_addr_t)(-1);
-+	shm_region->page_mask = (metal_phys_addr_t)(-1);
-+}
-+
-+static int openamp_virtio_metal_init(struct openamp_virtio_metal *metal)
-+{
-+	struct metal_init_params params = METAL_INIT_DEFAULTS;
-+	struct metal_device *shm_dev = &metal->shm_dev;
-+	int ret;
-+
-+	openamp_virtio_metal_device_setup(shm_dev, &metal->shm);
-+
-+	metal_spinlock_init(&metal->lock);
-+
-+	ret = metal_init(&params);
-+	if (ret < 0)
-+		return ret;
-+
-+	ret = metal_register_generic_device(shm_dev);
-+	if (ret < 0)
-+		goto metal_finish;
-+
-+	ret = metal_device_open("generic", OPENAMP_SHEM_DEVICE_NAME,
-+				&metal->io_dev);
-+	if (ret < 0)
-+		goto metal_finish;
-+
-+	metal->io = metal_device_io_region(metal->io_dev, 0);
-+	if (!metal->io) {
-+		EMSG("openamp: virtio: failed to init metal io");
-+		ret = -EPROTO;
-+		goto metal_finish;
-+	}
-+
-+	return 0;
-+
-+metal_finish:
-+	metal_finish();
-+	return ret;
-+}
-+
-+static unsigned char openamp_virtio_status_get(struct virtio_device *vdev)
-+{
-+	struct openamp_virtio *virtio = openamp_virtio_from_dev(vdev);
-+	struct openamp_virtio_shm *shm = &virtio->metal.shm;
-+
-+	uint32_t status = *(volatile uint32_t *)shm->vdev_status;
-+
-+	return status;
-+}
-+
-+static void openamp_virtio_status_set(struct virtio_device *vdev,
-+				      unsigned char status)
-+{
-+	struct openamp_virtio *virtio = openamp_virtio_from_dev(vdev);
-+	struct openamp_virtio_shm *shm = &virtio->metal.shm;
-+
-+	*(volatile uint32_t *)shm->vdev_status = status;
-+}
-+
-+static int count;
-+
-+static uint32_t openamp_virtio_features_get(struct virtio_device *vdev)
-+{
-+	return 1 << VIRTIO_RPMSG_F_NS;
-+}
-+
-+static void openamp_virtio_notify(struct virtqueue *vq)
-+{
-+	struct openamp_virtio_device *openamp_vdev;
-+	struct openamp_caller *openamp;
-+	struct openamp_virtio *virtio;
-+	int ret;
-+
-+	openamp_vdev = container_of(vq->vq_dev, struct openamp_virtio_device, virtio_dev);
-+	virtio = container_of(openamp_vdev, struct openamp_virtio, vdev);
-+	openamp = virtio->openamp;
-+
-+	ret = openamp->platform_ops->transport_notify(openamp);
-+	if (ret < 0)
-+		EMSG("openamp: virtio: erro in transport_notify: %d", ret);
-+}
-+
-+const static struct virtio_dispatch openamp_virtio_dispatch = {
-+	.get_status = openamp_virtio_status_get,
-+	.set_status = openamp_virtio_status_set,
-+	.get_features = openamp_virtio_features_get,
-+	.notify = openamp_virtio_notify,
-+};
-+
-+static int openamp_virtio_device_setup(struct openamp_virtio *virtio)
-+{
-+	struct openamp_virtio_metal *metal = &virtio->metal;
-+	struct openamp_virtio_device *openamp_vdev = &virtio->vdev;
-+	struct virtio_device *vdev = &openamp_vdev->virtio_dev;
-+	struct openamp_virtio_shm *shm = &metal->shm;
-+	struct virtio_vring_info *rvring;
-+
-+	rvring = &openamp_vdev->rvrings[0];
-+
-+	vdev->role = RPMSG_REMOTE;
-+	vdev->vrings_num = VIRTQUEUE_NR;
-+	vdev->func = &openamp_virtio_dispatch;
-+
-+	openamp_vdev->vq[VQ_TX] = virtqueue_allocate(VRING_DESCRIPTORS);
-+	if (!openamp_vdev->vq[VQ_TX]) {
-+		EMSG("openamp: virtio: failed to allocate virtqueue 0");
-+		return -ENOMEM;
-+	}
-+	rvring->io = metal->io;
-+	rvring->info.vaddr = (void *)shm->vring_tx;
-+	rvring->info.num_descs = VRING_DESCRIPTORS;
-+	rvring->info.align = VRING_ALIGN;
-+	rvring->vq = openamp_vdev->vq[VQ_TX];
-+
-+	openamp_vdev->vq[VQ_RX] = virtqueue_allocate(VRING_DESCRIPTORS);
-+	if (!openamp_vdev->vq[VQ_RX]) {
-+		EMSG("openamp: virtio: failed to allocate virtqueue 1");
-+		goto free_vq;
-+	}
-+	rvring = &openamp_vdev->rvrings[VQ_RX];
-+	rvring->io = metal->io;
-+	rvring->info.vaddr = (void *)shm->vring_rx;
-+	rvring->info.num_descs = VRING_DESCRIPTORS;
-+	rvring->info.align = VRING_ALIGN;
-+	rvring->vq = openamp_vdev->vq[VQ_RX];
-+
-+	vdev->vrings_info = &openamp_vdev->rvrings[0];
-+
-+	return 0;
-+
-+free_vq:
-+	virtqueue_free(openamp_vdev->vq[VQ_TX]);
-+	virtqueue_free(openamp_vdev->vq[VQ_RX]);
-+
-+	return -ENOMEM;
-+}
-+
-+static int openamp_virtio_rpmsg_endpoint_callback(struct rpmsg_endpoint *ep,
-+						  void *data, size_t len,
-+						  uint32_t src, void *priv)
-+{
-+	struct openamp_virtio_rpmsg *vrpmsg;
-+	struct rpmsg_device *rdev;
-+	struct openamp_virtio *virtio;
-+
-+	rdev = ep->rdev;
-+	vrpmsg = openamp_virtio_rpmsg_from_dev(rdev);
-+	virtio = container_of(vrpmsg, struct openamp_virtio, rpmsg);
-+
-+	rpmsg_hold_rx_buffer(ep, data);
-+	vrpmsg->resp_buf = data;
-+	vrpmsg->resp_len = len;
-+
-+	return 0;
-+}
-+
-+static void openamp_virtio_rpmsg_service_unbind(struct rpmsg_endpoint *ep)
-+{
-+	struct openamp_virtio_rpmsg *vrpmsg;
-+	struct rpmsg_device *rdev;
-+
-+	rdev = container_of(ep, struct rpmsg_device, ns_ept);
-+	vrpmsg = openamp_virtio_rpmsg_from_dev(rdev);
-+
-+	rpmsg_destroy_ept(&vrpmsg->ep);
-+}
-+
-+static void openamp_virtio_rpmsg_endpoint_bind(struct rpmsg_device *rdev,
-+					       const char *name,
-+					       unsigned int dest)
-+{
-+	struct openamp_virtio_rpmsg *vrpmsg;
-+
-+	vrpmsg = openamp_virtio_rpmsg_from_dev(rdev);
-+
-+	rpmsg_create_ept(&vrpmsg->ep, rdev, name, RPMSG_ADDR_ANY, dest,
-+			 openamp_virtio_rpmsg_endpoint_callback,
-+			 openamp_virtio_rpmsg_service_unbind);
-+}
-+
-+static int openamp_virtio_rpmsg_device_setup(struct openamp_virtio *virtio,
-+					     struct device_region *virtio_dev)
-+{
-+	struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg;
-+	struct rpmsg_virtio_device *rpmsg_vdev = &vrpmsg->rpmsg_vdev;
-+	struct openamp_virtio_device *openamp_vdev = &virtio->vdev;
-+	struct virtio_device *vdev = &openamp_vdev->virtio_dev;
-+	struct openamp_virtio_metal *metal = &virtio->metal;
-+	int ret;
-+
-+	/*
-+	 * we assume here that we are the client side and do not need to
-+	 * initialize the share memory poll (this is done at server side).
-+	 */
-+	ret = rpmsg_init_vdev(rpmsg_vdev, vdev,
-+			      openamp_virtio_rpmsg_endpoint_bind, metal->io,
-+			      NULL);
-+	if (ret < 0) {
-+		EMSG("openamp: virtio: init vdev failed: %d", ret);
-+		return ret;
-+	}
-+
-+
-+	ret = rpmsg_create_ept(&vrpmsg->ep, &rpmsg_vdev->rdev,
-+			       OPENAMP_RPMSG_ENDPOINT_NAME, RPMSG_ADDR_ANY,
-+			       RPMSG_ADDR_ANY,
-+			       openamp_virtio_rpmsg_endpoint_callback,
-+			       openamp_virtio_rpmsg_service_unbind);
-+	if (ret < 0) {
-+		EMSG("openamp: virtio: failed to create endpoint: %d", ret);
-+		return ret;
-+	}
-+
-+	/* set default remote addr */
-+	vrpmsg->ep.dest_addr = OPENAMP_RPMSG_ENDPOINT_ADDR;
-+
-+	return 0;
-+}
-+
-+static void openamp_virtio_shm_set(struct openamp_virtio *virtio,
-+				   struct device_region *virtio_region)
-+{
-+	struct openamp_virtio_shm *shm = &virtio->metal.shm;
-+
-+	shm->base_addr = virtio_region->base_addr;
-+	shm->size = virtio_region->io_region_size;
-+
-+	shm->vdev_status = shm->base_addr;
-+	shm->vdev_status_size = OPENAMP_SHEM_VDEV_SIZE;
-+
-+	shm->vring_rx = shm->base_addr + shm->size -
-+		(2 * OPENAMP_SHEM_VRING_SIZE);
-+	shm->vring_rx_size = OPENAMP_SHEM_VRING_SIZE;
-+
-+	shm->vring_tx = shm->vring_rx + shm->vring_rx_size;
-+	shm->vring_tx_size = OPENAMP_SHEM_VRING_SIZE;
-+
-+	shm->payload_addr = shm->vdev_status + shm->vdev_status_size;
-+	shm->payload_size = shm->size - shm->vdev_status_size -
-+		shm->vring_rx_size - shm->vring_tx_size;
-+
-+	shm->shm_physmap[0] = OPENAMP_SHEM_PHYS + shm->vdev_status_size;
-+
-+	IMSG("SHEM: base: 0x%0x size: 0x%0x size: %d",
-+	     shm->base_addr, shm->size, shm->size);
-+	IMSG("VDEV: base: 0x%0x size: 0x%0x size: %d",
-+	     shm->vdev_status, shm->vdev_status_size, shm->vdev_status_size);
-+	IMSG("PAYLOAD: base: 0x%0x size: 0x%0x size: %d",
-+	     shm->payload_addr, shm->payload_size, shm->payload_size);
-+	IMSG("VRING_TX: base: 0x%0x size: 0x%0x size: %d",
-+	     shm->vring_tx, shm->vring_tx_size, shm->vring_tx_size);
-+	IMSG("VRING_RX: base: 0x%0x size: 0x%0x size: %d",
-+	     shm->vring_rx, shm->vring_rx_size, shm->vring_rx_size);
-+	IMSG("PHYMAP: base: 0x%0x", shm->shm_physmap[0]);
-+}
-+
-+static int openamp_virtio_device_get(const char *dev,
-+				     struct device_region *dev_region)
-+{
-+	bool found;
-+
-+	found = config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION, dev, 0,
-+				   dev_region, sizeof(*dev_region));
-+	if (!found) {
-+		EMSG("openamp: virtio: device region not found: %s", dev);
-+		return -EINVAL;
-+	}
-+
-+	if (dev_region->base_addr == 0 || dev_region->io_region_size == 0) {
-+		EMSG("openamp: virtio: device region not valid");
-+		return -EINVAL;
-+	}
-+
-+	IMSG("openamp: virtio: device region found: %s addr: 0x%x size: %d",
-+	     dev, dev_region->base_addr, dev_region->io_region_size);
-+
-+	return  0;
-+}
-+
-+int openamp_virtio_call_begin(struct openamp_caller *openamp, uint8_t **req_buf,
-+			      size_t req_len)
-+{
-+	struct openamp_virtio *virtio = openamp->platform;
-+	struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg;
-+	struct rpmsg_endpoint *ep = &vrpmsg->ep;
-+
-+
-+	*req_buf = rpmsg_get_tx_payload_buffer(ep, &vrpmsg->req_len,
-+					       OPENAMP_BUFFER_WAIT);
-+	if (*req_buf == NULL)
-+		return -EINVAL;
-+
-+	if (vrpmsg->req_len < req_len)
-+		return -E2BIG;
-+
-+	vrpmsg->req_buf = *req_buf;
-+
-+	return 0;
-+}
-+
-+int openamp_virtio_call_invoke(struct openamp_caller *openamp, int *opstatus,
-+			       uint8_t **resp_buf, size_t *resp_len)
-+{
-+	const struct openamp_platform_ops *ops = openamp->platform_ops;
-+	struct openamp_virtio *virtio = openamp->platform;
-+	struct openamp_virtio_device *openamp_vdev = &virtio->vdev;
-+	struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg;
-+	struct rpmsg_endpoint *ep = &vrpmsg->ep;
-+	int ret;
-+
-+	ret = rpmsg_send_nocopy(ep, vrpmsg->req_buf, vrpmsg->req_len);
-+	if (ret < 0) {
-+		EMSG("openamp: virtio: send nocopy failed: %d", ret);
-+		return -EIO;
-+	}
-+
-+	if (ret != vrpmsg->req_len) {
-+		EMSG("openamp: virtio: send less bytes %d than requested %d",
-+		     ret, vrpmsg->req_len);
-+		return -EIO;
-+	}
-+
-+	if (!ops->transport_receive)
-+		return 0;
-+
-+	ret = ops->transport_receive(openamp);
-+	if (ret < 0) {
-+		EMSG("openamp: virtio: failed transport_receive");
-+		return -EIO;
-+	}
-+
-+	virtqueue_notification(openamp_vdev->vq[VQ_RX]);
-+
-+	*resp_buf = vrpmsg->resp_buf;
-+	*resp_len = vrpmsg->resp_len;
-+
-+	return  0;
-+}
-+
-+void openamp_virtio_call_end(struct openamp_caller *openamp)
-+{
-+	struct openamp_virtio *virtio = openamp->platform;
-+	struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg;
-+
-+	rpmsg_release_rx_buffer(&vrpmsg->ep, vrpmsg->resp_buf);
-+
-+	vrpmsg->req_buf = NULL;
-+	vrpmsg->req_len = 0;
-+	vrpmsg->resp_buf = NULL;
-+	vrpmsg->resp_len = 0;
-+}
-+
-+void *openamp_virtio_virt_to_phys(struct openamp_caller *openamp, void *va)
-+{
-+	struct openamp_virtio *virtio = openamp->platform;
-+	struct openamp_virtio_metal *metal = &virtio->metal;
-+
-+	return metal_io_virt_to_phys(metal->io, va);
-+}
-+
-+void *openamp_virtio_phys_to_virt(struct openamp_caller *openamp, void *pa)
-+{
-+	struct openamp_virtio *virtio = openamp->platform;
-+	struct openamp_virtio_metal *metal = &virtio->metal;
-+
-+	return metal_io_phys_to_virt(metal->io, pa);
-+}
-+
-+int openamp_virtio_init(struct openamp_caller *openamp)
-+{
-+	struct device_region virtio_dev;
-+	struct openamp_virtio *virtio;
-+	int ret;
-+
-+	if (openamp->platform)
-+		return 0;
-+
-+
-+	virtio = malloc(sizeof(*virtio));
-+	if (!virtio)
-+		return -ENOMEM;
-+
-+	virtio->openamp = openamp;
-+
-+	ret = openamp_virtio_device_get(OPENAMP_SHEM_DEVICE_NAME, &virtio_dev);
-+	if (ret < 0)
-+		goto free_virtio;
-+
-+	openamp_virtio_shm_set(virtio, &virtio_dev);
-+
-+	ret = openamp_virtio_metal_init(&virtio->metal);
-+	if (ret < 0)
-+		goto free_virtio;
-+
-+	ret = openamp_virtio_device_setup(virtio);
-+	if (ret < 0)
-+		goto finish_metal;
-+
-+	ret = openamp_virtio_rpmsg_device_setup(virtio, &virtio_dev);
-+	if (ret < 0) {
-+		EMSG("openamp: virtio: rpmsg device setup failed: %d", ret);
-+		goto finish_metal;
-+	}
-+
-+	openamp->platform = virtio;
-+
-+	return 0;
-+
-+finish_metal:
-+	metal_finish();
-+
-+free_virtio:
-+	free(virtio);
-+
-+	return ret;
-+}
-+
-+int openamp_virtio_deinit(struct openamp_caller *openamp)
-+{
-+	struct openamp_virtio *virtio;
-+
-+	if (!openamp->platform)
-+		return 0;
-+
-+	virtio = openamp->platform;
-+
-+	metal_finish();
-+	free(virtio);
-+
-+	openamp->platform = NULL;
-+
-+	return 0;
-+}
-diff --git a/components/rpc/openamp/caller/sp/openamp_virtio.h b/components/rpc/openamp/caller/sp/openamp_virtio.h
-new file mode 100644
-index 00000000..915128ff
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_virtio.h
-@@ -0,0 +1,24 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+#ifndef OPENAMP_VIRTIO_H
-+#define OPENAMP_VIRTIO_H
-+
-+#include <stddef.h>
-+#include "openamp_caller.h"
-+
-+int openamp_virtio_call_begin(struct openamp_caller *openamp, uint8_t **req_buf,
-+			      size_t req_len);
-+int openamp_virtio_call_invoke(struct openamp_caller *openamp, int *opstatus,
-+			       uint8_t **resp_buf, size_t *resp_len);
-+int openamp_virtio_call_end(struct openamp_caller *openamp);
-+void *openamp_virtio_virt_to_phys(struct openamp_caller *openamp, void *va);
-+void *openamp_virtio_phys_to_virt(struct openamp_caller *openamp, void *pa);
-+
-+int openamp_virtio_init(struct openamp_caller *openamp);
-+int openamp_virtio_deinit(struct openamp_caller *openamp);
-+
-+#endif
-diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt
-index 248bd7e3..1511bbad 100644
---- a/deployments/se-proxy/opteesp/CMakeLists.txt
-+++ b/deployments/se-proxy/opteesp/CMakeLists.txt
-@@ -75,6 +75,7 @@ add_components(TARGET "se-proxy"
- 		"components/service/attestation/include"
- 		"components/service/attestation/provider"
- 		"components/service/attestation/provider/serializer/packed-c"
-+		"components/rpc/openamp/caller/sp"
- 
- 		# Stub service provider backends
- 		"components/rpc/dummy"
-diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-index f351a592..55d49b31 100644
---- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-+++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-@@ -32,6 +32,12 @@
- 				pages-count = <16>;
- 				attributes = <0x3>; /* read-write */
- 			};
-+			openamp-virtio {
-+				/* Armv8 A Foundation Platform values */
-+				base-address = <0x00000000 0x88000000>;
-+				pages-count = <256>;
-+				attributes = <0x3>; /* read-write */
-+			};
- 		};
- 	};
- };
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0010-add-psa-client-definitions-for-ff-m.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0010-add-psa-client-definitions-for-ff-m.patch
deleted file mode 100644
index f41556a..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0010-add-psa-client-definitions-for-ff-m.patch
+++ /dev/null
@@ -1,299 +0,0 @@
-From 791a1302d7b779f3aeee7d6f7c9fac00b4244c1b Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 19:05:18 +0000
-Subject: [PATCH] add psa client definitions for ff-m
-
-Add PSA client definitions in common include to add future
-ff-m support.
-
-Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-
----
- .../service/common/include/psa/client.h       | 194 ++++++++++++++++++
- components/service/common/include/psa/sid.h   |  71 +++++++
- 2 files changed, 265 insertions(+)
- create mode 100644 components/service/common/include/psa/client.h
- create mode 100644 components/service/common/include/psa/sid.h
-
-diff --git a/components/service/common/include/psa/client.h b/components/service/common/include/psa/client.h
-new file mode 100644
-index 00000000..69ccf14f
---- /dev/null
-+++ b/components/service/common/include/psa/client.h
-@@ -0,0 +1,194 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef SERVICE_PSA_IPC_H
-+#define SERVICE_PSA_IPC_H
-+
-+#include <stddef.h>
-+#include <stdint.h>
-+
-+#include <rpc_caller.h>
-+#include <psa/error.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+#ifndef IOVEC_LEN
-+#define IOVEC_LEN(arr) ((uint32_t)(sizeof(arr)/sizeof(arr[0])))
-+#endif
-+
-+/*********************** PSA Client Macros and Types *************************/
-+
-+typedef int32_t psa_handle_t;
-+
-+/**
-+ * The version of the PSA Framework API that is being used to build the calling
-+ * firmware. Only part of features of FF-M v1.1 have been implemented. FF-M v1.1
-+ * is compatible with v1.0.
-+ */
-+#define PSA_FRAMEWORK_VERSION       (0x0101u)
-+
-+/**
-+ * Return value from psa_version() if the requested RoT Service is not present
-+ * in the system.
-+ */
-+#define PSA_VERSION_NONE            (0u)
-+
-+/**
-+ * The zero-value null handle can be assigned to variables used in clients and
-+ * RoT Services, indicating that there is no current connection or message.
-+ */
-+#define PSA_NULL_HANDLE             ((psa_handle_t)0)
-+
-+/**
-+ * Tests whether a handle value returned by psa_connect() is valid.
-+ */
-+#define PSA_HANDLE_IS_VALID(handle) ((psa_handle_t)(handle) > 0)
-+
-+/**
-+ * Converts the handle value returned from a failed call psa_connect() into
-+ * an error code.
-+ */
-+#define PSA_HANDLE_TO_ERROR(handle) ((psa_status_t)(handle))
-+
-+/**
-+ * Maximum number of input and output vectors for a request to psa_call().
-+ */
-+#define PSA_MAX_IOVEC               (4u)
-+
-+/**
-+ * An IPC message type that indicates a generic client request.
-+ */
-+#define PSA_IPC_CALL                (0)
-+
-+/**
-+ * A read-only input memory region provided to an RoT Service.
-+ */
-+struct __attribute__ ((__packed__)) psa_invec {
-+    uint32_t base;           /*!< the start address of the memory buffer */
-+    uint32_t len;                 /*!< the size in bytes                      */
-+};
-+
-+/**
-+ * A writable output memory region provided to an RoT Service.
-+ */
-+struct __attribute__ ((__packed__)) psa_outvec {
-+    uint32_t base;                 /*!< the start address of the memory buffer */
-+    uint32_t len;                 /*!< the size in bytes                      */
-+};
-+
-+/*************************** PSA Client API **********************************/
-+
-+/**
-+ * \brief Retrieve the version of the PSA Framework API that is implemented.
-+ *
-+ * \param[in] rpc_caller        RPC caller to use
-+ * \return version              The version of the PSA Framework implementation
-+ *                              that is providing the runtime services to the
-+ *                              caller. The major and minor version are encoded
-+ *                              as follows:
-+ * \arg                           version[15:8] -- major version number.
-+ * \arg                           version[7:0]  -- minor version number.
-+ */
-+uint32_t psa_framework_version(struct rpc_caller *caller);
-+
-+/**
-+ * \brief Retrieve the version of an RoT Service or indicate that it is not
-+ *        present on this system.
-+ *
-+ * \param[in] rpc_caller        RPC caller to use
-+ * \param[in] sid               ID of the RoT Service to query.
-+ *
-+ * \retval PSA_VERSION_NONE     The RoT Service is not implemented, or the
-+ *                              caller is not permitted to access the service.
-+ * \retval > 0                  The version of the implemented RoT Service.
-+ */
-+uint32_t psa_version(struct rpc_caller *caller, uint32_t sid);
-+
-+/**
-+ * \brief Connect to an RoT Service by its SID.
-+ *
-+ * \param[in] rpc_caller        RPC caller to use
-+ * \param[in] sid               ID of the RoT Service to connect to.
-+ * \param[in] version           Requested version of the RoT Service.
-+ *
-+ * \retval > 0                  A handle for the connection.
-+ * \retval PSA_ERROR_CONNECTION_REFUSED The SPM or RoT Service has refused the
-+ *                              connection.
-+ * \retval PSA_ERROR_CONNECTION_BUSY The SPM or RoT Service cannot make the
-+ *                              connection at the moment.
-+ * \retval "PROGRAMMER ERROR"   The call is a PROGRAMMER ERROR if one or more
-+ *                              of the following are true:
-+ * \arg                           The RoT Service ID is not present.
-+ * \arg                           The RoT Service version is not supported.
-+ * \arg                           The caller is not allowed to access the RoT
-+ *                                service.
-+ */
-+psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
-+			 uint32_t version);
-+
-+/**
-+ * \brief Call an RoT Service on an established connection.
-+ *
-+ * \note  FF-M 1.0 proposes 6 parameters for psa_call but the secure gateway ABI
-+ *        support at most 4 parameters. TF-M chooses to encode 'in_len',
-+ *        'out_len', and 'type' into a 32-bit integer to improve efficiency.
-+ *        Compared with struct-based encoding, this method saves extra memory
-+ *        check and memory copy operation. The disadvantage is that the 'type'
-+ *        range has to be reduced into a 16-bit integer. So with this encoding,
-+ *        the valid range for 'type' is 0-32767.
-+ *
-+ * \param[in] rpc_caller        RPC caller to use
-+ * \param[in] handle            A handle to an established connection.
-+ * \param[in] type              The request type.
-+ *                              Must be zero( \ref PSA_IPC_CALL) or positive.
-+ * \param[in] in_vec            Array of input \ref psa_invec structures.
-+ * \param[in] in_len            Number of input \ref psa_invec structures.
-+ * \param[in,out] out_vec       Array of output \ref psa_outvec structures.
-+ * \param[in] out_len           Number of output \ref psa_outvec structures.
-+ *
-+ * \retval >=0                  RoT Service-specific status value.
-+ * \retval <0                   RoT Service-specific error code.
-+ * \retval PSA_ERROR_PROGRAMMER_ERROR The connection has been terminated by the
-+ *                              RoT Service. The call is a PROGRAMMER ERROR if
-+ *                              one or more of the following are true:
-+ * \arg                           An invalid handle was passed.
-+ * \arg                           The connection is already handling a request.
-+ * \arg                           type < 0.
-+ * \arg                           An invalid memory reference was provided.
-+ * \arg                           in_len + out_len > PSA_MAX_IOVEC.
-+ * \arg                           The message is unrecognized by the RoT
-+ *                                Service or incorrectly formatted.
-+ */
-+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle,
-+		      int32_t type, const struct psa_invec *in_vec,
-+		      size_t in_len, struct psa_outvec *out_vec, size_t out_len);
-+
-+/**
-+ * \brief Close a connection to an RoT Service.
-+ *
-+ * \param[in] rpc_caller        RPC caller to use
-+ * \param[in] handle            A handle to an established connection, or the
-+ *                              null handle.
-+ *
-+ * \retval void                 Success.
-+ * \retval "PROGRAMMER ERROR"   The call is a PROGRAMMER ERROR if one or more
-+ *                              of the following are true:
-+ * \arg                           An invalid handle was provided that is not
-+ *                                the null handle.
-+ * \arg                           The connection is currently handling a
-+ *                                request.
-+ */
-+void psa_close(struct rpc_caller *caller, psa_handle_t handle);
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* SERVICE_PSA_IPC_H */
-+
-+
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-new file mode 100644
-index 00000000..aaa973c6
---- /dev/null
-+++ b/components/service/common/include/psa/sid.h
-@@ -0,0 +1,71 @@
-+/*
-+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ *
-+ */
-+
-+#ifndef __PSA_MANIFEST_SID_H__
-+#define __PSA_MANIFEST_SID_H__
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/******** TFM_SP_PS ********/
-+#define TFM_PROTECTED_STORAGE_SERVICE_SID                          (0x00000060U)
-+#define TFM_PROTECTED_STORAGE_SERVICE_VERSION                      (1U)
-+#define TFM_PROTECTED_STORAGE_SERVICE_HANDLE                       (0x40000101U)
-+
-+/* Invalid UID */
-+#define TFM_PS_INVALID_UID 0
-+
-+/* PS message types that distinguish PS services. */
-+#define TFM_PS_SET                1001
-+#define TFM_PS_GET                1002
-+#define TFM_PS_GET_INFO           1003
-+#define TFM_PS_REMOVE             1004
-+#define TFM_PS_GET_SUPPORT        1005
-+
-+/******** TFM_SP_ITS ********/
-+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SID                   (0x00000070U)
-+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_VERSION               (1U)
-+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE                (0x40000102U)
-+
-+/******** TFM_SP_CRYPTO ********/
-+#define TFM_CRYPTO_SID                                             (0x00000080U)
-+#define TFM_CRYPTO_VERSION                                         (1U)
-+#define TFM_CRYPTO_HANDLE                                          (0x40000100U)
-+
-+/******** TFM_SP_PLATFORM ********/
-+#define TFM_SP_PLATFORM_SYSTEM_RESET_SID                           (0x00000040U)
-+#define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION                       (1U)
-+#define TFM_SP_PLATFORM_IOCTL_SID                                  (0x00000041U)
-+#define TFM_SP_PLATFORM_IOCTL_VERSION                              (1U)
-+#define TFM_SP_PLATFORM_NV_COUNTER_SID                             (0x00000042U)
-+#define TFM_SP_PLATFORM_NV_COUNTER_VERSION                         (1U)
-+
-+/******** TFM_SP_INITIAL_ATTESTATION ********/
-+#define TFM_ATTESTATION_SERVICE_SID                                (0x00000020U)
-+#define TFM_ATTESTATION_SERVICE_VERSION                            (1U)
-+#define TFM_ATTESTATION_SERVICE_HANDLE                             (0x40000103U)
-+
-+/******** TFM_SP_FWU ********/
-+#define TFM_FWU_WRITE_SID                                          (0x000000A0U)
-+#define TFM_FWU_WRITE_VERSION                                      (1U)
-+#define TFM_FWU_INSTALL_SID                                        (0x000000A1U)
-+#define TFM_FWU_INSTALL_VERSION                                    (1U)
-+#define TFM_FWU_ABORT_SID                                          (0x000000A2U)
-+#define TFM_FWU_ABORT_VERSION                                      (1U)
-+#define TFM_FWU_QUERY_SID                                          (0x000000A3U)
-+#define TFM_FWU_QUERY_VERSION                                      (1U)
-+#define TFM_FWU_REQUEST_REBOOT_SID                                 (0x000000A4U)
-+#define TFM_FWU_REQUEST_REBOOT_VERSION                             (1U)
-+#define TFM_FWU_ACCEPT_SID                                         (0x000000A5U)
-+#define TFM_FWU_ACCEPT_VERSION                                     (1U)
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* __PSA_MANIFEST_SID_H__ */
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0011-Add-common-service-component-to-ipc-support.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0011-Add-common-service-component-to-ipc-support.patch
deleted file mode 100644
index 7ecb60f..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0011-Add-common-service-component-to-ipc-support.patch
+++ /dev/null
@@ -1,295 +0,0 @@
-From b7e9e6fc59263f5daf4ae79eb758fa7647058338 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 19:13:03 +0000
-Subject: [PATCH] Add common service component to ipc support
-
-Add support for inter processor communication for PSA
-including, the openamp client side structures lib.
-
-Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-
----
- .../service/common/psa_ipc/component.cmake    |  13 ++
- .../service/common/psa_ipc/service_psa_ipc.c  |  97 +++++++++++++
- .../psa_ipc/service_psa_ipc_openamp_lib.h     | 131 ++++++++++++++++++
- deployments/se-proxy/opteesp/CMakeLists.txt   |   1 +
- 4 files changed, 242 insertions(+)
- create mode 100644 components/service/common/psa_ipc/component.cmake
- create mode 100644 components/service/common/psa_ipc/service_psa_ipc.c
- create mode 100644 components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h
-
-diff --git a/components/service/common/psa_ipc/component.cmake b/components/service/common/psa_ipc/component.cmake
-new file mode 100644
-index 00000000..5a1c9e62
---- /dev/null
-+++ b/components/service/common/psa_ipc/component.cmake
-@@ -0,0 +1,13 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+	message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+	"${CMAKE_CURRENT_LIST_DIR}/service_psa_ipc.c"
-+	)
-diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
-new file mode 100644
-index 00000000..e8093c20
---- /dev/null
-+++ b/components/service/common/psa_ipc/service_psa_ipc.c
-@@ -0,0 +1,97 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <stddef.h>
-+#include <stdint.h>
-+#include <string.h>
-+#include <trace.h>
-+
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <psa/error.h>
-+#include <rpc_caller.h>
-+
-+#include <psa/client.h>
-+#include "service_psa_ipc_openamp_lib.h"
-+
-+psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
-+			 uint32_t version)
-+{
-+	psa_status_t psa_status = PSA_SUCCESS;
-+	struct s_openamp_msg *resp_msg = NULL;
-+	struct ns_openamp_msg *req_msg;
-+	rpc_call_handle rpc_handle;
-+	size_t resp_len;
-+	uint8_t *resp;
-+	uint8_t *req;
-+	int ret;
-+
-+	rpc_handle = rpc_caller_begin(caller, &req,
-+				      sizeof(struct ns_openamp_msg));
-+	if (!rpc_handle) {
-+		EMSG("psa_connect: could not get handle");
-+		return PSA_ERROR_GENERIC_ERROR;
-+	}
-+
-+	req_msg = (struct ns_openamp_msg *)req;
-+
-+	req_msg->call_type = OPENAMP_PSA_CONNECT;
-+	req_msg->params.psa_connect_params.sid = sid;
-+	req_msg->params.psa_connect_params.version = version;
-+
-+	ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
-+				&resp_len);
-+	if (ret != TS_RPC_CALL_ACCEPTED) {
-+		EMSG("psa_connect: invoke failed: %d", ret);
-+		return PSA_ERROR_GENERIC_ERROR;
-+	}
-+
-+	if (psa_status == PSA_SUCCESS)
-+		resp_msg = (struct s_openamp_msg *)resp;
-+
-+	rpc_caller_end(caller, rpc_handle);
-+
-+	return resp_msg ? (psa_handle_t)resp_msg->reply : PSA_NULL_HANDLE;
-+}
-+
-+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle,
-+		      int32_t type, const struct psa_invec *in_vec,
-+		      size_t in_len, struct psa_outvec *out_vec, size_t out_len)
-+{
-+
-+}
-+
-+void psa_close(struct rpc_caller *caller, psa_handle_t handle)
-+{
-+	psa_status_t psa_status = PSA_SUCCESS;
-+	struct s_openamp_msg *resp_msg = NULL;
-+	struct ns_openamp_msg *req_msg;
-+	rpc_call_handle rpc_handle;
-+	size_t resp_len;
-+	uint8_t *resp;
-+	uint8_t *req;
-+	int ret;
-+
-+	rpc_handle = rpc_caller_begin(caller, &req,
-+				      sizeof(struct ns_openamp_msg));
-+	if (!rpc_handle) {
-+		EMSG("psa_close: could not get handle");
-+		return;
-+	}
-+
-+	req_msg = (struct ns_openamp_msg *)req;
-+
-+	req_msg->call_type = OPENAMP_PSA_CLOSE;
-+	req_msg->params.psa_close_params.handle = handle;
-+
-+	ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
-+				&resp_len);
-+	if (ret != TS_RPC_CALL_ACCEPTED) {
-+		EMSG("psa_close: invoke failed: %d", ret);
-+		return;
-+	}
-+
-+	rpc_caller_end(caller, rpc_handle);
-+}
-diff --git a/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h b/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h
-new file mode 100644
-index 00000000..33ea9666
---- /dev/null
-+++ b/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h
-@@ -0,0 +1,131 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef SERVICE_PSA_IPC_OPENAMP_LIB_H
-+#define SERVICE_PSA_IPC_OPENAMP_LIB_H
-+
-+#include <stddef.h>
-+#include <stdint.h>
-+
-+#include <compiler.h>
-+#include <psa/error.h>
-+
-+#include <stdint.h>
-+#include <psa/client.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/* PSA client call type value */
-+#define OPENAMP_PSA_FRAMEWORK_VERSION       (0x1)
-+#define OPENAMP_PSA_VERSION                 (0x2)
-+#define OPENAMP_PSA_CONNECT                 (0x3)
-+#define OPENAMP_PSA_CALL                    (0x4)
-+#define OPENAMP_PSA_CLOSE                   (0x5)
-+
-+/* Return code of openamp APIs */
-+#define OPENAMP_SUCCESS                     (0)
-+#define OPENAMP_MAP_FULL                    (INT32_MIN + 1)
-+#define OPENAMP_MAP_ERROR                   (INT32_MIN + 2)
-+#define OPENAMP_INVAL_PARAMS                (INT32_MIN + 3)
-+#define OPENAMP_NO_PERMS                    (INT32_MIN + 4)
-+#define OPENAMP_NO_PEND_EVENT               (INT32_MIN + 5)
-+#define OPENAMP_CHAN_BUSY                   (INT32_MIN + 6)
-+#define OPENAMP_CALLBACK_REG_ERROR          (INT32_MIN + 7)
-+#define OPENAMP_INIT_ERROR                  (INT32_MIN + 8)
-+
-+#define HOLD_INPUT_BUFFER (1) /* IF true, TF-M Library will hold the openamp
-+			       * buffer so that openamp shared memory buffer
-+			       * does not get freed.
-+			       */
-+
-+/*
-+ * This structure holds the parameters used in a PSA client call.
-+ */
-+typedef struct __packed psa_client_in_params {
-+	union {
-+		struct __packed {
-+			uint32_t        sid;
-+		} psa_version_params;
-+
-+		struct __packed {
-+			uint32_t        sid;
-+			uint32_t        version;
-+		} psa_connect_params;
-+
-+		struct __packed {
-+			psa_handle_t     handle;
-+			int32_t          type;
-+			uint32_t         in_vec;
-+			uint32_t         in_len;
-+			uint32_t         out_vec;
-+			uint32_t         out_len;
-+		} psa_call_params;
-+
-+		struct __packed {
-+			psa_handle_t    handle;
-+		} psa_close_params;
-+	};
-+} psa_client_in_params_t;
-+
-+/* Openamp message passed from NSPE to SPE to deliver a PSA client call */
-+struct __packed ns_openamp_msg {
-+	uint32_t                      call_type;   /* PSA client call type */
-+	struct psa_client_in_params   params;      /* Contain parameters used in PSA
-+						  * client call
-+						  */
-+
-+	int32_t                     client_id;   /* Optional client ID of the
-+						  * non-secure caller.
-+						  * It is required to identify the
-+						  * non-secure task when NSPE OS
-+						  * enforces non-secure task
-+						  * isolation
-+						  */
-+	int32_t                     request_id;  /* This is the unique ID for a
-+						  * request send to TF-M by the
-+						  * non-secure core. TF-M forward
-+						  * the ID back to non-secure on the
-+						  * reply to a given request. Using
-+						  * this id, the non-secure library
-+						  * can identify the request for
-+						  * which the reply has received.
-+						  */
-+};
-+
-+/*
-+ * This structure holds the location of the out data of the PSA client call.
-+ */
-+struct __packed psa_client_out_params {
-+	uint32_t              out_vec;
-+	uint32_t              out_len;
-+};
-+
-+
-+/* Openamp message from SPE to NSPE delivering the reply back for a PSA client
-+ * call.
-+ */
-+struct __packed s_openamp_msg {
-+	int32_t                     request_id;  /* Using this id, the non-secure
-+						  * library identifies the request.
-+						  * TF-M forwards the same
-+						  * request-id received on the
-+						  * initial request.
-+						  */
-+	int32_t                     reply;       /* Reply of the PSA client call */
-+	struct psa_client_out_params     params;      /* Contain out data result of the
-+						       * PSA client call.
-+						       */
-+};
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* SERVICE_PSA_IPC_OPENAMP_LIB_H */
-+
-+
-diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt
-index 1511bbad..e0e0e12b 100644
---- a/deployments/se-proxy/opteesp/CMakeLists.txt
-+++ b/deployments/se-proxy/opteesp/CMakeLists.txt
-@@ -54,6 +54,7 @@ add_components(TARGET "se-proxy"
- 		"components/service/common/include"
- 		"components/service/common/serializer/protobuf"
- 		"components/service/common/client"
-+		"components/service/common/psa_ipc"
- 		"components/service/common/provider"
- 		"components/service/discovery/provider"
- 		"components/service/discovery/provider/serializer/packed-c"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0012-Add-secure-storage-ipc-backend.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0012-Add-secure-storage-ipc-backend.patch
deleted file mode 100644
index 068468b..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0012-Add-secure-storage-ipc-backend.patch
+++ /dev/null
@@ -1,523 +0,0 @@
-From 962056a9c8115e9228719d46b09da983678ab024 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 19:19:24 +0000
-Subject: [PATCH] Add secure storage ipc backend
-
-Add secure storage ipc ff-m implementation which may use
-openamp as rpc to communicate with other processor.
-
-Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-
----
- .../service/common/psa_ipc/service_psa_ipc.c  | 143 +++++++++++-
- .../secure_storage_ipc/component.cmake        |  14 ++
- .../secure_storage_ipc/secure_storage_ipc.c   | 214 ++++++++++++++++++
- .../secure_storage_ipc/secure_storage_ipc.h   |  52 +++++
- deployments/se-proxy/opteesp/CMakeLists.txt   |   1 +
- 5 files changed, 420 insertions(+), 4 deletions(-)
- create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/component.cmake
- create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
- create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-
-diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
-index e8093c20..95a07c13 100644
---- a/components/service/common/psa_ipc/service_psa_ipc.c
-+++ b/components/service/common/psa_ipc/service_psa_ipc.c
-@@ -16,6 +16,52 @@
- #include <psa/client.h>
- #include "service_psa_ipc_openamp_lib.h"
- 
-+static struct psa_invec *psa_call_in_vec_param(uint8_t *req)
-+{
-+	return (struct psa_invec *)(req + sizeof(struct ns_openamp_msg));
-+}
-+
-+static struct psa_outvec *psa_call_out_vec_param(uint8_t *req, size_t in_len)
-+{
-+	return (struct psa_outvec *)(req + sizeof(struct ns_openamp_msg) +
-+				     (in_len * sizeof(struct psa_invec)));
-+}
-+
-+static size_t psa_call_header_len(const struct psa_invec *in_vec, size_t in_len,
-+				  struct psa_outvec *out_vec, size_t out_len)
-+{
-+	return sizeof(struct ns_openamp_msg) + (in_len * sizeof(*in_vec)) +
-+		(out_len * sizeof(*out_vec));
-+}
-+
-+static size_t psa_call_in_vec_len(const struct psa_invec *in_vec, size_t in_len)
-+{
-+	size_t req_len = 0;
-+	int i;
-+
-+	if (!in_vec || !in_len)
-+		return 0;
-+
-+	for (i = 0; i < in_len; i++)
-+		req_len += in_vec[i].len;
-+
-+	return req_len;
-+}
-+
-+static size_t psa_call_out_vec_len(const struct psa_outvec *out_vec, size_t out_len)
-+{
-+	size_t resp_len = 0;
-+	int i;
-+
-+	if (!out_vec || !out_len)
-+		return 0;
-+
-+	for (i = 0; i < out_len; i++)
-+		resp_len += out_vec[i].len;
-+
-+	return resp_len;
-+}
-+
- psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
- 			 uint32_t version)
- {
-@@ -31,7 +77,7 @@ psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
- 	rpc_handle = rpc_caller_begin(caller, &req,
- 				      sizeof(struct ns_openamp_msg));
- 	if (!rpc_handle) {
--		EMSG("psa_connect: could not get handle");
-+		EMSG("psa_connect: could not get rpc handle");
- 		return PSA_ERROR_GENERIC_ERROR;
- 	}
- 
-@@ -56,14 +102,100 @@ psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
- 	return resp_msg ? (psa_handle_t)resp_msg->reply : PSA_NULL_HANDLE;
- }
- 
--psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle,
-+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
- 		      int32_t type, const struct psa_invec *in_vec,
- 		      size_t in_len, struct psa_outvec *out_vec, size_t out_len)
- {
-+	psa_status_t psa_status = PSA_SUCCESS;
-+	struct s_openamp_msg *resp_msg = NULL;
-+	struct psa_outvec *out_vec_param;
-+	struct psa_invec *in_vec_param;
-+	struct ns_openamp_msg *req_msg;
-+	rpc_call_handle rpc_handle;
-+	size_t out_vec_len;
-+	size_t in_vec_len;
-+	size_t header_len;
-+	uint8_t *payload;
-+	size_t resp_len;
-+	uint8_t *resp;
-+	uint8_t *req;
-+	int ret;
-+	int i;
-+
-+	if ((psa_handle == PSA_NULL_HANDLE) || !caller)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	header_len = psa_call_header_len(in_vec, in_len, out_vec, out_len);
-+	in_vec_len = psa_call_in_vec_len(in_vec, in_len);
-+	out_vec_len = psa_call_out_vec_len(out_vec, out_len);
- 
-+	rpc_handle = rpc_caller_begin(caller, &req, header_len + in_vec_len);
-+	if (!rpc_handle) {
-+		EMSG("psa_call: could not get handle");
-+		return PSA_ERROR_GENERIC_ERROR;
-+	}
-+
-+	payload = req + header_len;
-+
-+	out_vec_param = psa_call_out_vec_param(req, in_len);
-+	in_vec_param = psa_call_in_vec_param(req);
-+
-+	req_msg = (struct ns_openamp_msg *)req;
-+
-+	req_msg->call_type = OPENAMP_PSA_CALL;
-+	req_msg->request_id = 1234;
-+	req_msg->params.psa_call_params.handle = psa_handle;
-+	req_msg->params.psa_call_params.type = type;
-+	req_msg->params.psa_call_params.in_len = in_len;
-+	req_msg->params.psa_call_params.in_vec = rpc_caller_virt_to_phys(caller, in_vec_param);
-+	req_msg->params.psa_call_params.out_len = out_len;
-+	req_msg->params.psa_call_params.out_vec = rpc_caller_virt_to_phys(caller, out_vec_param);
-+
-+	for (i = 0; i < in_len; i++) {
-+		in_vec_param[i].base = rpc_caller_virt_to_phys(caller, payload);
-+		in_vec_param[i].len = in_vec[i].len;
-+
-+		memcpy(payload, in_vec[i].base, in_vec[i].len);
-+		payload += in_vec[i].len;
-+	}
-+
-+	for (i = 0; i < out_len; i++) {
-+		out_vec_param[i].base = NULL;
-+		out_vec_param[i].len = out_vec[i].len;
-+	}
-+
-+	ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
-+				&resp_len);
-+	if (ret != TS_RPC_CALL_ACCEPTED) {
-+		EMSG("psa_call: invoke failed: %d", ret);
-+		return PSA_ERROR_GENERIC_ERROR;
-+	}
-+
-+	if (psa_status != PSA_SUCCESS) {
-+		EMSG("psa_call: psa_status invoke failed: %d", psa_status);
-+		return PSA_ERROR_GENERIC_ERROR;
-+	}
-+
-+	resp_msg = (struct s_openamp_msg *)resp;
-+
-+	if (!resp_msg || !out_len || resp_msg->reply != PSA_SUCCESS)
-+		goto caller_end;
-+
-+	out_vec_param = (struct psa_outvec *)rpc_caller_phys_to_virt(caller,
-+						     resp_msg->params.out_vec);
-+
-+	for (i = 0; i < resp_msg->params.out_len; i++) {
-+		memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base),
-+		       out_vec[i].len);
-+	}
-+
-+caller_end:
-+	rpc_caller_end(caller, rpc_handle);
-+
-+	return resp_msg ? resp_msg->reply : PSA_ERROR_COMMUNICATION_FAILURE;
- }
- 
--void psa_close(struct rpc_caller *caller, psa_handle_t handle)
-+void psa_close(struct rpc_caller *caller, psa_handle_t psa_handle)
- {
- 	psa_status_t psa_status = PSA_SUCCESS;
- 	struct s_openamp_msg *resp_msg = NULL;
-@@ -74,6 +206,9 @@ void psa_close(struct rpc_caller *caller, psa_handle_t handle)
- 	uint8_t *req;
- 	int ret;
- 
-+	if ((psa_handle == PSA_NULL_HANDLE) || !caller)
-+		return;
-+
- 	rpc_handle = rpc_caller_begin(caller, &req,
- 				      sizeof(struct ns_openamp_msg));
- 	if (!rpc_handle) {
-@@ -84,7 +219,7 @@ void psa_close(struct rpc_caller *caller, psa_handle_t handle)
- 	req_msg = (struct ns_openamp_msg *)req;
- 
- 	req_msg->call_type = OPENAMP_PSA_CLOSE;
--	req_msg->params.psa_close_params.handle = handle;
-+	req_msg->params.psa_close_params.handle = psa_handle;
- 
- 	ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
- 				&resp_len);
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/component.cmake b/components/service/secure_storage/backend/secure_storage_ipc/component.cmake
-new file mode 100644
-index 00000000..5d8f6714
---- /dev/null
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/component.cmake
-@@ -0,0 +1,14 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+	message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+	"${CMAKE_CURRENT_LIST_DIR}/secure_storage_ipc.c"
-+	)
-+
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-new file mode 100644
-index 00000000..9b55f77d
---- /dev/null
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-@@ -0,0 +1,214 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include "secure_storage_ipc.h"
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <rpc_caller.h>
-+#include <string.h>
-+#include <trace.h>
-+
-+
-+static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
-+			 psa_storage_uid_t uid, size_t data_length,
-+			 const void *p_data, psa_storage_create_flags_t create_flags)
-+{
-+	struct secure_storage_ipc *ipc = context;
-+	struct rpc_caller *caller = ipc->client.caller;
-+	psa_handle_t psa_handle;
-+	psa_status_t psa_status;
-+	struct psa_invec in_vec[] = {
-+		{ .base = &uid, .len = sizeof(uid) },
-+		{ .base = p_data, .len = data_length },
-+		{ .base = &create_flags, .len = sizeof(create_flags) },
-+	};
-+
-+	(void)client_id;
-+
-+	ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED;
-+
-+	/* Validating input parameters */
-+	if (p_data == NULL)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-+			      TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0);
-+	if (psa_status < 0)
-+		EMSG("ipc_set: psa_call failed: %d", psa_status);
-+
-+	return psa_status;
-+}
-+
-+static psa_status_t secure_storage_ipc_get(void *context,
-+					   uint32_t client_id,
-+					   psa_storage_uid_t uid,
-+					   size_t data_offset,
-+					   size_t data_size,
-+					   void *p_data,
-+					   size_t *p_data_length)
-+{
-+	struct secure_storage_ipc *ipc = context;
-+	struct rpc_caller *caller = ipc->client.caller;
-+	psa_handle_t psa_handle;
-+	psa_status_t psa_status;
-+	uint32_t offset = (uint32_t)data_offset;
-+	struct psa_invec in_vec[] = {
-+		{ .base = &uid, .len = sizeof(uid) },
-+		{ .base = &offset, .len = sizeof(offset) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = p_data, .len = data_size },
-+	};
-+
-+	if (!p_data_length) {
-+		EMSG("ipc_get: p_data_length not defined");
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+	}
-+
-+	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-+			      TFM_PS_GET, in_vec, IOVEC_LEN(in_vec),
-+			      out_vec, IOVEC_LEN(out_vec));
-+	if (psa_status == PSA_SUCCESS)
-+		*p_data_length = out_vec[0].len;
-+
-+	return psa_status;
-+}
-+
-+static psa_status_t secure_storage_ipc_get_info(void *context,
-+						uint32_t client_id,
-+						psa_storage_uid_t uid,
-+						struct psa_storage_info_t *p_info)
-+{
-+	struct secure_storage_ipc *ipc = context;
-+	struct rpc_caller *caller = ipc->client.caller;
-+	psa_handle_t psa_handle;
-+	psa_status_t psa_status;
-+	struct psa_invec in_vec[] = {
-+		{ .base = &uid, .len = sizeof(uid) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = p_info, .len = sizeof(*p_info) },
-+	};
-+
-+	(void)client_id;
-+
-+	/* Validating input parameters */
-+	if (!p_info)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-+			      TFM_PS_GET_INFO, in_vec,
-+			      IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+	if (psa_status != PSA_SUCCESS)
-+		EMSG("ipc_get_info: failed to psa_call: %d", psa_status);
-+
-+	return psa_status;
-+}
-+
-+static psa_status_t secure_storage_ipc_remove(void *context,
-+						uint32_t client_id,
-+						psa_storage_uid_t uid)
-+{
-+	struct secure_storage_ipc *ipc = context;
-+	struct rpc_caller *caller = ipc->client.caller;
-+	psa_handle_t psa_handle;
-+	psa_status_t psa_status;
-+	struct psa_invec in_vec[] = {
-+		{ .base = &uid, .len = sizeof(uid) },
-+	};
-+
-+	(void)client_id;
-+
-+	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-+			      TFM_PS_REMOVE, in_vec,
-+			      IOVEC_LEN(in_vec), NULL, 0);
-+	if (psa_status != PSA_SUCCESS)
-+		EMSG("ipc_remove: failed to psa_call: %d", psa_status);
-+
-+	return psa_status;
-+}
-+
-+static psa_status_t secure_storage_ipc_create(void *context,
-+					      uint32_t client_id,
-+					      uint64_t uid,
-+					      size_t capacity,
-+					      uint32_t create_flags)
-+{
-+	(void)context;
-+	(void)uid;
-+	(void)client_id;
-+	(void)capacity;
-+	(void)create_flags;
-+
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static psa_status_t secure_storage_set_extended(void *context,
-+						uint32_t client_id,
-+						uint64_t uid,
-+						size_t data_offset,
-+						size_t data_length,
-+						const void *p_data)
-+{
-+	(void)context;
-+	(void)uid;
-+	(void)client_id;
-+	(void)data_offset;
-+	(void)data_length;
-+	(void)p_data;
-+
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static uint32_t secure_storage_get_support(void *context, uint32_t client_id)
-+{
-+	struct secure_storage_ipc *ipc = context;
-+	struct rpc_caller *caller = ipc->client.caller;
-+	psa_handle_t psa_handle;
-+	psa_status_t psa_status;
-+	uint32_t support_flags;
-+	struct psa_outvec out_vec[] = {
-+		{ .base = &support_flags, .len =  sizeof(support_flags) },
-+	};
-+
-+	(void)client_id;
-+
-+	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-+			      TFM_PS_GET_SUPPORT, NULL, 0,
-+			      out_vec, IOVEC_LEN(out_vec));
-+	if (psa_status != PSA_SUCCESS)
-+		EMSG("ipc_get_support: failed to psa_call: %d", psa_status);
-+
-+	return psa_status;
-+}
-+
-+struct storage_backend *secure_storage_ipc_init(struct secure_storage_ipc *context,
-+						struct rpc_caller *caller)
-+{
-+	service_client_init(&context->client, caller);
-+
-+	static const struct storage_backend_interface interface =
-+	{
-+		.set = secure_storage_ipc_set,
-+		.get = secure_storage_ipc_get,
-+		.get_info = secure_storage_ipc_get_info,
-+		.remove = secure_storage_ipc_remove,
-+		.create = secure_storage_ipc_create,
-+		.set_extended = secure_storage_set_extended,
-+		.get_support = secure_storage_get_support,
-+	};
-+
-+	context->backend.context = context;
-+	context->backend.interface = &interface;
-+
-+	return &context->backend;
-+}
-+
-+void secure_storage_ipc_deinit(struct secure_storage_ipc *context)
-+{
-+	service_client_deinit(&context->client);
-+}
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-new file mode 100644
-index 00000000..e8c1e8fd
---- /dev/null
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-@@ -0,0 +1,52 @@
-+/*
-+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef SECURE_STORAGE_IPC_H
-+#define SECURE_STORAGE_IPC_H
-+
-+#include <service/secure_storage/backend/storage_backend.h>
-+#include <service/common/client/service_client.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/**
-+ * @brief      Secure storage ipc instance
-+ */
-+struct secure_storage_ipc
-+{
-+    struct storage_backend backend;
-+    struct service_client client;
-+};
-+
-+/**
-+ * @brief      Initialize a secure storage ipc client
-+ *
-+ * A secure storage client is a storage backend that makes RPC calls
-+ * to a remote secure storage provider.
-+ *
-+ * @param[in]  context    Instance data
-+ * @param[in]  rpc_caller RPC caller instance
-+ *
-+ *
-+ * @return     Pointer to inialized storage backend or NULL on failure
-+ */
-+struct storage_backend *secure_storage_ipc_init(struct secure_storage_ipc *context,
-+						struct rpc_caller *caller);
-+
-+/**
-+ * @brief      Deinitialize a secure storage ipc client
-+ *
-+ * @param[in]  context   Instance data
-+ */
-+void secure_storage_ipc_deinit(struct secure_storage_ipc *context);
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* SECURE_STORAGE_IPC_H */
-diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt
-index e0e0e12b..663177b7 100644
---- a/deployments/se-proxy/opteesp/CMakeLists.txt
-+++ b/deployments/se-proxy/opteesp/CMakeLists.txt
-@@ -73,6 +73,7 @@ add_components(TARGET "se-proxy"
- 		"components/service/crypto/factory/full"
- 		"components/service/secure_storage/include"
- 		"components/service/secure_storage/frontend/secure_storage_provider"
-+		"components/service/secure_storage/backend/secure_storage_ipc"
- 		"components/service/attestation/include"
- 		"components/service/attestation/provider"
- 		"components/service/attestation/provider/serializer/packed-c"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0013-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0013-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch
deleted file mode 100644
index 56964b5..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0013-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From 12b8b8bb28c96e6f121122939b7d23e6c7055f0f Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 19:25:34 +0000
-Subject: [PATCH] Use secure storage ipc and openamp for se_proxy
-
-Remove mock up backend for secure storage in se proxy
-deployment and use instead the secure storage ipc backend with
-openamp as rpc to secure enclave side.
-
-Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-
----
- .../se-proxy/opteesp/service_proxy_factory.c     | 16 +++++++++++++---
- 1 file changed, 13 insertions(+), 3 deletions(-)
-
-diff --git a/deployments/se-proxy/opteesp/service_proxy_factory.c b/deployments/se-proxy/opteesp/service_proxy_factory.c
-index acfb6e88..57290056 100644
---- a/deployments/se-proxy/opteesp/service_proxy_factory.c
-+++ b/deployments/se-proxy/opteesp/service_proxy_factory.c
-@@ -6,15 +6,20 @@
- 
- #include <stddef.h>
- #include <rpc/common/endpoint/rpc_interface.h>
-+#include <rpc/openamp/caller/sp/openamp_caller.h>
- #include <service/attestation/provider/attest_provider.h>
- #include <service/attestation/provider/serializer/packed-c/packedc_attest_provider_serializer.h>
- #include <service/crypto/factory/crypto_provider_factory.h>
- #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
-+#include <trace.h>
- 
- /* Stub backends */
- #include <service/crypto/backend/stub/stub_crypto_backend.h>
-+#include <service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h>
- #include <service/secure_storage/backend/mock_store/mock_store.h>
- 
-+struct openamp_caller openamp;
-+
- struct rpc_interface *attest_proxy_create(void)
- {
- 	struct rpc_interface *attest_iface;
-@@ -47,10 +52,15 @@ struct rpc_interface *crypto_proxy_create(void)
- 
- struct rpc_interface *ps_proxy_create(void)
- {
--	static struct mock_store ps_backend;
- 	static struct secure_storage_provider ps_provider;
--
--	struct storage_backend *backend = mock_store_init(&ps_backend);
-+	static struct secure_storage_ipc ps_backend;
-+	static struct rpc_caller *storage_caller;
-+	struct storage_backend *backend;
-+
-+	storage_caller = openamp_caller_init(&openamp);
-+	if (!storage_caller)
-+		return NULL;
-+	backend = secure_storage_ipc_init(&ps_backend, &openamp.rpc_caller);
- 
- 	return secure_storage_provider_init(&ps_provider, backend);
- }
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0014-Add-uefi-variable-append-write-support.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0014-Add-uefi-variable-append-write-support.patch
deleted file mode 100644
index cf7357e..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0014-Add-uefi-variable-append-write-support.patch
+++ /dev/null
@@ -1,1162 +0,0 @@
-From 254f564c76320478e7b509faf279c0c493470657 Mon Sep 17 00:00:00 2001
-From: Julian Hall <julian.hall@arm.com>
-Date: Thu, 2 Dec 2021 10:15:54 +0000
-Subject: [PATCH] Add uefi variable append write support
-
-Adds support for extending UEFI variable data handled by the
-smm_variable service provider using the EFI_VARIABLE_APPEND_WRITE
-attribute.
-
-Signed-off-by: Julian Hall <julian.hall@arm.com>
-Change-Id: I7a6562327bc0a5ce5cd0e85276325227b83e9f9e
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-
----
- .../backend/test/variable_index_tests.cpp     |  90 +++---
- .../backend/test/variable_store_tests.cpp     |  40 ++-
- .../backend/uefi_variable_store.c             | 263 +++++++++++-------
- .../smm_variable/backend/variable_index.c     |  95 +++----
- .../smm_variable/backend/variable_index.h     |  58 ++--
- .../backend/variable_index_iterator.c         |   4 +-
- .../backend/variable_index_iterator.h         |   2 +-
- .../service/smm_variable_service_tests.cpp    |  48 ++++
- protocols/service/smm_variable/parameters.h   |   3 +
- 9 files changed, 364 insertions(+), 239 deletions(-)
-
-diff --git a/components/service/smm_variable/backend/test/variable_index_tests.cpp b/components/service/smm_variable/backend/test/variable_index_tests.cpp
-index c8bacf97..8edc0e70 100644
---- a/components/service/smm_variable/backend/test/variable_index_tests.cpp
-+++ b/components/service/smm_variable/backend/test/variable_index_tests.cpp
-@@ -69,34 +69,37 @@ TEST_GROUP(UefiVariableIndexTests)
- 
- 	void create_variables()
- 	{
--		const struct variable_info *info = NULL;
-+		struct variable_info *info = NULL;
- 
--		info = variable_index_add_variable(
-+		info = variable_index_add_entry(
- 			&m_variable_index,
- 			&guid_1,
- 			name_1.size() * sizeof(int16_t),
--			name_1.data(),
--			EFI_VARIABLE_BOOTSERVICE_ACCESS);
--
-+			name_1.data());
- 		CHECK_TRUE(info);
-+		variable_index_set_variable(
-+			info,
-+			EFI_VARIABLE_BOOTSERVICE_ACCESS);
- 
--		info = variable_index_add_variable(
-+		info = variable_index_add_entry(
- 			&m_variable_index,
- 			&guid_2,
- 			name_2.size() * sizeof(int16_t),
--			name_2.data(),
--			EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS);
--
-+			name_2.data());
- 		CHECK_TRUE(info);
-+		variable_index_set_variable(
-+			info,
-+			EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS);
- 
--		info = variable_index_add_variable(
-+		info = variable_index_add_entry(
- 			&m_variable_index,
- 			&guid_1,
- 			name_3.size() * sizeof(int16_t),
--			name_3.data(),
--			EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS);
--
-+			name_3.data());
- 		CHECK_TRUE(info);
-+		variable_index_set_variable(
-+			info,
-+			EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS);
- 	}
- 
- 	static const size_t MAX_VARIABLES = 10;
-@@ -111,7 +114,7 @@ TEST_GROUP(UefiVariableIndexTests)
- 
- TEST(UefiVariableIndexTests, emptyIndexOperations)
- {
--	const struct variable_info *info = NULL;
-+	struct variable_info *info = NULL;
- 
- 	/* Expect not to find a variable */
- 	info = variable_index_find(
-@@ -130,36 +133,34 @@ TEST(UefiVariableIndexTests, emptyIndexOperations)
- 	POINTERS_EQUAL(NULL, info);
- 
- 	/* Remove should silently return */
--	variable_index_remove_variable(
-+	variable_index_clear_variable(
- 		&m_variable_index,
- 		info);
- }
- 
- TEST(UefiVariableIndexTests, addWithOversizedName)
- {
--	const struct variable_info *info = NULL;
-+	struct variable_info *info = NULL;
- 	std::vector<int16_t> name;
- 
- 	name = to_variable_name(L"a long variable name that exceeds the length limit");
- 
--	info = variable_index_add_variable(
-+	info = variable_index_add_entry(
- 		&m_variable_index,
- 		&guid_1,
- 		name.size() * sizeof(int16_t),
--		name.data(),
--		EFI_VARIABLE_BOOTSERVICE_ACCESS);
-+		name.data());
- 
- 	/* Expect the add to fail because of an oversized name */
- 	POINTERS_EQUAL(NULL, info);
- 
- 	name = to_variable_name(L"a long variable name that fits!");
- 
--	info = variable_index_add_variable(
-+	info = variable_index_add_entry(
- 		&m_variable_index,
- 		&guid_1,
- 		name.size() * sizeof(int16_t),
--		name.data(),
--		EFI_VARIABLE_BOOTSERVICE_ACCESS);
-+		name.data());
- 
- 	/* Expect the add succeed */
- 	CHECK_TRUE(info);
-@@ -167,18 +168,17 @@ TEST(UefiVariableIndexTests, addWithOversizedName)
- 
- TEST(UefiVariableIndexTests, variableIndexFull)
- {
--	const struct variable_info *info = NULL;
-+	struct variable_info *info = NULL;
- 	EFI_GUID guid = guid_1;
- 
- 	/* Expect to be able to fill the index */
- 	for (size_t i = 0; i < MAX_VARIABLES; ++i) {
- 
--		info = variable_index_add_variable(
-+		info = variable_index_add_entry(
- 			&m_variable_index,
- 			&guid,
- 			name_1.size() * sizeof(int16_t),
--			name_1.data(),
--			EFI_VARIABLE_BOOTSERVICE_ACCESS);
-+			name_1.data());
- 
- 		CHECK_TRUE(info);
- 
-@@ -187,12 +187,11 @@ TEST(UefiVariableIndexTests, variableIndexFull)
- 	}
- 
- 	/* Variable index should now be full */
--	info = variable_index_add_variable(
-+	info = variable_index_add_entry(
- 		&m_variable_index,
- 		&guid,
- 		name_1.size() * sizeof(int16_t),
--		name_1.data(),
--		EFI_VARIABLE_BOOTSERVICE_ACCESS);
-+		name_1.data());
- 
- 	POINTERS_EQUAL(NULL, info);
- }
-@@ -323,7 +322,7 @@ TEST(UefiVariableIndexTests, dumpBufferTooSmall)
- TEST(UefiVariableIndexTests, removeVariable)
- {
- 	uint8_t buffer[MAX_VARIABLES * sizeof(struct variable_metadata)];
--	const struct variable_info *info = NULL;
-+	struct variable_info *info = NULL;
- 
- 	create_variables();
- 
-@@ -334,7 +333,7 @@ TEST(UefiVariableIndexTests, removeVariable)
- 		name_2.size() * sizeof(int16_t),
- 		name_2.data());
- 
--	variable_index_remove_variable(
-+	variable_index_clear_variable(
- 		&m_variable_index,
- 		info);
- 
-@@ -352,7 +351,7 @@ TEST(UefiVariableIndexTests, removeVariable)
- 		name_1.size() * sizeof(int16_t),
- 		name_1.data());
- 
--	variable_index_remove_variable(
-+	variable_index_clear_variable(
- 		&m_variable_index,
- 		info);
- 
-@@ -370,7 +369,7 @@ TEST(UefiVariableIndexTests, removeVariable)
- 		name_3.size() * sizeof(int16_t),
- 		name_3.data());
- 
--	variable_index_remove_variable(
-+	variable_index_clear_variable(
- 		&m_variable_index,
- 		info);
- 
-@@ -395,7 +394,7 @@ TEST(UefiVariableIndexTests, removeVariable)
- 
- TEST(UefiVariableIndexTests, checkIterator)
- {
--	const struct variable_info *info = NULL;
-+	struct variable_info *info = NULL;
- 
- 	create_variables();
- 
-@@ -419,7 +418,7 @@ TEST(UefiVariableIndexTests, checkIterator)
- 	UNSIGNED_LONGS_EQUAL(name_2.size() * sizeof(int16_t), info->metadata.name_size);
- 	MEMCMP_EQUAL(name_2.data(), info->metadata.name, info->metadata.name_size);
- 
--	const struct variable_info *info_to_remove = info;
-+	struct variable_info *info_to_remove = info;
- 
- 	variable_index_iterator_next(&iter);
- 	CHECK_FALSE(variable_index_iterator_is_done(&iter));
-@@ -435,7 +434,8 @@ TEST(UefiVariableIndexTests, checkIterator)
- 	CHECK_TRUE(variable_index_iterator_is_done(&iter));
- 
- 	/* Now remove the middle entry */
--	variable_index_remove_variable(&m_variable_index, info_to_remove);
-+	variable_index_clear_variable(&m_variable_index, info_to_remove);
-+	variable_index_remove_unused_entry(&m_variable_index, info_to_remove);
- 
- 	/* Iterate again but this time there should only be two entries */
- 	variable_index_iterator_first(&iter, &m_variable_index);
-@@ -478,7 +478,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsExistingVar)
- 	constraints.max_size = 100;
- 
- 	/* Set check constraints on one of the variables */
--	const struct variable_info *info = variable_index_find(
-+	struct variable_info *info = variable_index_find(
- 		&m_variable_index,
- 		&guid_2,
- 		name_2.size() * sizeof(int16_t),
-@@ -488,7 +488,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsExistingVar)
- 	CHECK_TRUE(info->is_variable_set);
- 	CHECK_FALSE(info->is_constraints_set);
- 
--	variable_index_update_constraints(info, &constraints);
-+	variable_index_set_constraints(info, &constraints);
- 
- 	CHECK_TRUE(info->is_constraints_set);
- 	CHECK_TRUE(info->is_variable_set);
-@@ -496,7 +496,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsExistingVar)
- 	/* Remove the variable but still expect the variable to be indexed
- 	 * because of the set constraints.
- 	 */
--	variable_index_remove_variable(
-+	variable_index_clear_variable(
- 		&m_variable_index,
- 		info);
- 
-@@ -588,7 +588,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsNonExistingVar)
- 	constraints.max_size = 100;
- 
- 	/* Initially expect no variable_info */
--	const struct variable_info *info = variable_index_find(
-+	struct variable_info *info = variable_index_find(
- 		&m_variable_index,
- 		&guid_2,
- 		name_2.size() * sizeof(int16_t),
-@@ -597,19 +597,19 @@ TEST(UefiVariableIndexTests, setCheckConstraintsNonExistingVar)
- 	CHECK_FALSE(info);
- 
- 	/* Adding the check constraints should result in an entry being added */
--	info = variable_index_add_constraints(
-+	info = variable_index_add_entry(
- 		&m_variable_index,
- 		&guid_2,
- 		name_2.size() * sizeof(int16_t),
--		name_2.data(),
--		&constraints);
--
-+		name_2.data());
- 	CHECK_TRUE(info);
-+
-+	variable_index_set_constraints(info, &constraints);
- 	CHECK_FALSE(info->is_variable_set);
- 	CHECK_TRUE(info->is_constraints_set);
- 
- 	/* Updating the variable should cause the variable to be marked as set */
--	variable_index_update_variable(info, EFI_VARIABLE_RUNTIME_ACCESS);
-+	variable_index_set_variable(info, EFI_VARIABLE_RUNTIME_ACCESS);
- 
- 	CHECK_TRUE(info->is_variable_set);
- 	CHECK_TRUE(info->is_constraints_set);
-diff --git a/components/service/smm_variable/backend/test/variable_store_tests.cpp b/components/service/smm_variable/backend/test/variable_store_tests.cpp
-index f6aba13a..578f118f 100644
---- a/components/service/smm_variable/backend/test/variable_store_tests.cpp
-+++ b/components/service/smm_variable/backend/test/variable_store_tests.cpp
-@@ -250,6 +250,21 @@ TEST(UefiVariableStoreTests, setGetRoundtrip)
- 	/* Expect got variable data to be the same as the set value */
- 	UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size());
- 	LONGS_EQUAL(0, input_data.compare(output_data));
-+
-+	/* Extend the variable using an append write */
-+	std::string input_data2 = " jumps over the lazy dog";
-+
-+	status = set_variable(var_name, input_data2, EFI_VARIABLE_APPEND_WRITE);
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
-+
-+	status = get_variable(var_name, output_data);
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
-+
-+	std::string expected_output = input_data + input_data2;
-+
-+	/* Expect the append write operation to have extended the variable */
-+	UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size());
-+	LONGS_EQUAL(0, expected_output.compare(output_data));
- }
- 
- TEST(UefiVariableStoreTests, persistentSetGet)
-@@ -259,7 +274,8 @@ TEST(UefiVariableStoreTests, persistentSetGet)
- 	std::string input_data = "quick brown fox";
- 	std::string output_data;
- 
--	status = set_variable(var_name, input_data, EFI_VARIABLE_NON_VOLATILE);
-+	status = set_variable(var_name, input_data,
-+		EFI_VARIABLE_NON_VOLATILE);
- 	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
- 
- 	status = get_variable(var_name, output_data);
-@@ -269,6 +285,22 @@ TEST(UefiVariableStoreTests, persistentSetGet)
- 	UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size());
- 	LONGS_EQUAL(0, input_data.compare(output_data));
- 
-+	/* Extend the variable using an append write */
-+	std::string input_data2 = " jumps over the lazy dog";
-+
-+	status = set_variable(var_name, input_data2,
-+		EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_APPEND_WRITE);
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
-+
-+	status = get_variable(var_name, output_data);
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
-+
-+	std::string expected_output = input_data + input_data2;
-+
-+	/* Expect the append write operation to have extended the variable */
-+	UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size());
-+	LONGS_EQUAL(0, expected_output.compare(output_data));
-+
- 	/* Expect the variable to survive a power cycle */
- 	power_cycle();
- 
-@@ -277,8 +309,8 @@ TEST(UefiVariableStoreTests, persistentSetGet)
- 	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
- 
- 	/* Still expect got variable data to be the same as the set value */
--	UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size());
--	LONGS_EQUAL(0, input_data.compare(output_data));
-+	UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size());
-+	LONGS_EQUAL(0, expected_output.compare(output_data));
- }
- 
- TEST(UefiVariableStoreTests, removeVolatile)
-@@ -317,7 +349,7 @@ TEST(UefiVariableStoreTests, removePersistent)
- 	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
- 
- 	/* Remove by setting with zero data length */
--	status = set_variable(var_name, std::string(), 0);
-+	status = set_variable(var_name, std::string(), EFI_VARIABLE_NON_VOLATILE);
- 	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
- 
- 	/* Expect variable to no loger exist */
-diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
-index b7091d75..bcb85995 100644
---- a/components/service/smm_variable/backend/uefi_variable_store.c
-+++ b/components/service/smm_variable/backend/uefi_variable_store.c
-@@ -46,6 +46,13 @@ static efi_status_t load_variable_data(
- 	SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var,
- 	size_t max_data_len);
- 
-+static psa_status_t append_write(
-+	struct storage_backend *storage_backend,
-+	uint32_t client_id,
-+	uint64_t uid,
-+	size_t data_length,
-+	const void *data);
-+
- static void purge_orphan_index_entries(
- 	struct uefi_variable_store *context);
- 
-@@ -113,40 +120,45 @@ efi_status_t uefi_variable_store_set_variable(
- 	struct uefi_variable_store *context,
- 	const SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var)
- {
-+	bool should_sync_index = false;
-+
-+	/* Validate incoming request */
- 	efi_status_t status = check_name_terminator(var->Name, var->NameSize);
- 	if (status != EFI_SUCCESS) return status;
- 
- 	status = check_capabilities(var);
--	bool should_sync_index = false;
--
- 	if (status != EFI_SUCCESS) return status;
- 
--	/* Find in index */
--	const struct variable_info *info = variable_index_find(
-+	/* Find an existing entry in the variable index or add a new one */
-+	struct variable_info *info = variable_index_find(
- 		&context->variable_index,
- 		&var->Guid,
- 		var->NameSize,
- 		var->Name);
- 
--	if (info) {
-+	if (!info) {
- 
--		/* Variable info already exists */
--		status = check_access_permitted_on_set(context, info, var);
-+		info = variable_index_add_entry(
-+			&context->variable_index,
-+			&var->Guid,
-+			var->NameSize,
-+			var->Name);
- 
--		if (status == EFI_SUCCESS) {
-+		if (!info) return EFI_OUT_OF_RESOURCES;
-+	}
- 
--			should_sync_index =
--				(var->Attributes & EFI_VARIABLE_NON_VOLATILE) ||
--				(info->is_variable_set && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE));
-+	/* Control access */
-+	status = check_access_permitted_on_set(context, info, var);
- 
--			if (var->DataSize) {
-+	if (status == EFI_SUCCESS) {
- 
--				/* It's a set rather than a remove operation */
--				variable_index_update_variable(
--					info,
--					var->Attributes);
--			}
--			else {
-+		/* Access permitted */
-+		if (info->is_variable_set) {
-+
-+			/* It's a request to update to an existing variable */
-+			if (!(var->Attributes &
-+				(EFI_VARIABLE_APPEND_WRITE | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS_MASK)) &&
-+				!var->DataSize) {
- 
- 				/* It's a remove operation - for a remove, the variable
- 				 * data must be removed from the storage backend before
-@@ -155,30 +167,29 @@ efi_status_t uefi_variable_store_set_variable(
- 				 * the storage backend without a corresponding index entry.
- 				 */
- 				remove_variable_data(context, info);
--				variable_index_remove_variable(&context->variable_index, info);
-+				variable_index_clear_variable(&context->variable_index, info);
- 
--				/* Variable info no longer valid */
--				info = NULL;
-+				should_sync_index = (var->Attributes & EFI_VARIABLE_NON_VOLATILE);
-+			}
-+			else {
-+
-+				/* It's a set operation where variable data is potentially
-+				 * being overwritten or extended.
-+				 */
-+				if ((var->Attributes & ~EFI_VARIABLE_APPEND_WRITE) != info->metadata.attributes) {
-+
-+					/* Modifying attributes is forbidden */
-+					return EFI_INVALID_PARAMETER;
-+				}
- 			}
- 		}
- 		else {
- 
--			/* Access forbidden */
--			info = NULL;
--		}
--	}
--	else if (var->DataSize) {
-+			/*  It's a request to create a new variable */
-+			variable_index_set_variable(info, var->Attributes);
- 
--		/* It's a new variable */
--		info = variable_index_add_variable(
--			&context->variable_index,
--			&var->Guid,
--			var->NameSize,
--			var->Name,
--			var->Attributes);
--
--		if (!info) status = EFI_OUT_OF_RESOURCES;
--		should_sync_index = info && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE);
-+			should_sync_index = (var->Attributes & EFI_VARIABLE_NON_VOLATILE);
-+		}
- 	}
- 
- 	/* The order of these operations is important. For an update
-@@ -195,11 +206,13 @@ efi_status_t uefi_variable_store_set_variable(
- 	}
- 
- 	/* Store any variable data to the storage backend */
--	if (info && (status == EFI_SUCCESS)) {
-+	if (info->is_variable_set && (status == EFI_SUCCESS)) {
- 
- 		status = store_variable_data(context, info, var);
- 	}
- 
-+	variable_index_remove_unused_entry(&context->variable_index, info);
-+
- 	return status;
- }
- 
-@@ -293,54 +306,42 @@ efi_status_t uefi_variable_store_set_var_check_property(
- 	efi_status_t status = check_name_terminator(property->Name, property->NameSize);
- 	if (status != EFI_SUCCESS) return status;
- 
--	/* Find in index */
--	const struct variable_info *info = variable_index_find(
-+	/* Find in index or create a new entry */
-+	struct variable_info *info = variable_index_find(
- 		&context->variable_index,
- 		&property->Guid,
- 		property->NameSize,
- 		property->Name);
- 
--	if (info) {
-+	if (!info) {
- 
--		/* Applying check constraints to an existing variable that may have
--		 * constraints already set.  These could constrain the setting of
--		 * the constraints.
--		 */
--		struct variable_constraints constraints = info->check_constraints;
--
--		status = variable_checker_set_constraints(
--			&constraints,
--			info->is_constraints_set,
--			&property->VariableProperty);
--
--		if (status == EFI_SUCCESS) {
-+		info = variable_index_add_entry(
-+			&context->variable_index,
-+			&property->Guid,
-+			property->NameSize,
-+			property->Name);
- 
--			variable_index_update_constraints(info, &constraints);
--		}
-+		if (!info) return EFI_OUT_OF_RESOURCES;
- 	}
--	else {
--
--		/* Applying check constraints for a new variable */
--		struct variable_constraints constraints;
- 
--		status = variable_checker_set_constraints(
--			&constraints,
--			false,
--			&property->VariableProperty);
-+	/* Applying check constraints to an existing variable that may have
-+	 * constraints already set.  These could constrain the setting of
-+	 * the constraints.
-+	 */
-+	struct variable_constraints constraints = info->check_constraints;
- 
--		if (status == EFI_SUCCESS) {
-+	status = variable_checker_set_constraints(
-+		&constraints,
-+		info->is_constraints_set,
-+		&property->VariableProperty);
- 
--			info = variable_index_add_constraints(
--				&context->variable_index,
--				&property->Guid,
--				property->NameSize,
--				property->Name,
--				&constraints);
-+	if (status == EFI_SUCCESS) {
- 
--			if (!info) status = EFI_OUT_OF_RESOURCES;
--		}
-+		variable_index_set_constraints(info, &constraints);
- 	}
- 
-+	variable_index_remove_unused_entry(&context->variable_index, info);
-+
- 	return status;
- }
- 
-@@ -440,7 +441,8 @@ static efi_status_t check_capabilities(
- 	if (var->Attributes & ~(
- 		EFI_VARIABLE_NON_VOLATILE |
- 		EFI_VARIABLE_BOOTSERVICE_ACCESS |
--		EFI_VARIABLE_RUNTIME_ACCESS)) {
-+		EFI_VARIABLE_RUNTIME_ACCESS |
-+		EFI_VARIABLE_APPEND_WRITE)) {
- 
- 		/* An unsupported attribute has been requested */
- 		status = EFI_UNSUPPORTED;
-@@ -486,17 +488,6 @@ static efi_status_t check_access_permitted_on_set(
- 			var->DataSize);
- 	}
- 
--	if ((status == EFI_SUCCESS) && var->DataSize) {
--
--		/* Restrict which attributes can be modified for an existing variable */
--		if ((var->Attributes & EFI_VARIABLE_NON_VOLATILE) !=
--			(info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) {
--
--			/* Don't permit change of storage class */
--			status = EFI_INVALID_PARAMETER;
--		}
--	}
--
- 	return status;
- }
- 
-@@ -518,20 +509,34 @@ static efi_status_t store_variable_data(
- 
- 	if (storage_backend) {
- 
--		psa_status = storage_backend->interface->set(
--			storage_backend->context,
--			context->owner_id,
--			info->metadata.uid,
--			data_len,
--			data,
--			PSA_STORAGE_FLAG_NONE);
-+		if (!(var->Attributes & EFI_VARIABLE_APPEND_WRITE)) {
-+
-+			/* Create or overwrite variable data */
-+			psa_status = storage_backend->interface->set(
-+				storage_backend->context,
-+				context->owner_id,
-+				info->metadata.uid,
-+				data_len,
-+				data,
-+				PSA_STORAGE_FLAG_NONE);
-+		}
-+		else {
-+
-+			/* Append new data to existing variable data */
-+			psa_status = append_write(
-+				storage_backend,
-+				context->owner_id,
-+				info->metadata.uid,
-+				data_len,
-+				data);
-+		}
- 	}
- 
- 	if ((psa_status != PSA_SUCCESS) && is_nv) {
- 
- 		/* A storage failure has occurred so attempt to fix any
--		* mismatch between the variable index and stored NV variables.
--		*/
-+		 * mismatch between the variable index and stored NV variables.
-+		 */
- 		purge_orphan_index_entries(context);
- 	}
- 
-@@ -598,6 +603,76 @@ static efi_status_t load_variable_data(
- 	return psa_to_efi_storage_status(psa_status);
- }
- 
-+static psa_status_t append_write(
-+	struct storage_backend *storage_backend,
-+	uint32_t client_id,
-+	uint64_t uid,
-+	size_t data_length,
-+	const void *data)
-+{
-+	struct psa_storage_info_t storage_info;
-+
-+	if (data_length == 0) return PSA_SUCCESS;
-+
-+	psa_status_t psa_status = storage_backend->interface->get_info(
-+		storage_backend->context,
-+		client_id,
-+		uid,
-+		&storage_info);
-+
-+	if (psa_status != PSA_SUCCESS) return psa_status;
-+
-+	/* Determine size of appended variable */
-+	size_t new_size = storage_info.size + data_length;
-+
-+	/* Defend against integer overflow */
-+	if (new_size < storage_info.size) return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	/* Storage backend doesn't support an append operation so we need
-+	 * need to read the current variable data, extend it and write it back.
-+	 */
-+	uint8_t *rw_buf = malloc(new_size);
-+	if (!rw_buf) return PSA_ERROR_INSUFFICIENT_MEMORY;
-+
-+	size_t old_size = 0;
-+	psa_status = storage_backend->interface->get(
-+		storage_backend->context,
-+		client_id,
-+		uid,
-+		0,
-+		new_size,
-+		rw_buf,
-+		&old_size);
-+
-+	if (psa_status == PSA_SUCCESS) {
-+
-+		if ((old_size + data_length) <= new_size) {
-+
-+			/* Extend the variable data */
-+			memcpy(&rw_buf[old_size], data, data_length);
-+
-+			psa_status = storage_backend->interface->set(
-+				storage_backend->context,
-+				client_id,
-+				uid,
-+				old_size + data_length,
-+				rw_buf,
-+				storage_info.flags);
-+		}
-+		else {
-+
-+			/* There's a mismatch between the length obtained from
-+			 * get_info() and the subsequent length returned by get().
-+			 */
-+			psa_status = PSA_ERROR_STORAGE_FAILURE;
-+		}
-+	}
-+
-+	free(rw_buf);
-+
-+	return psa_status;
-+}
-+
- static void purge_orphan_index_entries(
- 	struct uefi_variable_store *context)
- {
-@@ -612,7 +687,7 @@ static void purge_orphan_index_entries(
- 	 */
- 	while (!variable_index_iterator_is_done(&iter)) {
- 
--		const struct variable_info *info = variable_index_iterator_current(&iter);
-+		struct variable_info *info = variable_index_iterator_current(&iter);
- 
- 		if (info->is_variable_set && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) {
- 
-@@ -628,7 +703,7 @@ static void purge_orphan_index_entries(
- 			if (psa_status != PSA_SUCCESS) {
- 
- 				/* Detected a mismatch between the index and storage */
--				variable_index_remove_variable(&context->variable_index, info);
-+				variable_index_clear_variable(&context->variable_index, info);
- 				any_orphans = true;
- 			}
- 		}
-diff --git a/components/service/smm_variable/backend/variable_index.c b/components/service/smm_variable/backend/variable_index.c
-index 99d7c97a..a8a55753 100644
---- a/components/service/smm_variable/backend/variable_index.c
-+++ b/components/service/smm_variable/backend/variable_index.c
-@@ -132,13 +132,13 @@ size_t variable_index_max_dump_size(
- 	return sizeof(struct variable_metadata) * context->max_variables;
- }
- 
--const struct variable_info *variable_index_find(
--	const struct variable_index *context,
-+struct variable_info *variable_index_find(
-+	struct variable_index *context,
- 	const EFI_GUID *guid,
- 	size_t name_size,
- 	const int16_t *name)
- {
--	const struct variable_info *result = NULL;
-+	struct variable_info *result = NULL;
- 	int pos = find_variable(context, guid, name_size, name);
- 
- 	if (pos >= 0) {
-@@ -149,13 +149,13 @@ const struct variable_info *variable_index_find(
- 	return result;
- }
- 
--const struct variable_info *variable_index_find_next(
-+struct variable_info *variable_index_find_next(
- 	const struct variable_index *context,
- 	const EFI_GUID *guid,
- 	size_t name_size,
- 	const int16_t *name)
- {
--	const struct variable_info *result = NULL;
-+	struct variable_info *result = NULL;
- 
- 	if (name_size >= sizeof(int16_t)) {
- 
-@@ -263,12 +263,11 @@ static struct variable_entry *add_entry(
- 	return entry;
- }
- 
--const struct variable_info *variable_index_add_variable(
-+struct variable_info *variable_index_add_entry(
- 	struct variable_index *context,
- 	const EFI_GUID *guid,
- 	size_t name_size,
--	const int16_t *name,
--	uint32_t attributes)
-+	const int16_t *name)
- {
- 	struct variable_info *info = NULL;
- 	struct variable_entry *entry = add_entry(context, guid, name_size, name);
-@@ -276,40 +275,41 @@ const struct variable_info *variable_index_add_variable(
- 	if (entry) {
- 
- 		info = &entry->info;
--
--		info->metadata.attributes = attributes;
--		info->is_variable_set = true;
--
--		mark_dirty(entry);
- 	}
- 
- 	return info;
- }
- 
--const struct variable_info *variable_index_add_constraints(
-+void variable_index_remove_unused_entry(
- 	struct variable_index *context,
--	const EFI_GUID *guid,
--	size_t name_size,
--	const int16_t *name,
--	const struct variable_constraints *constraints)
-+	struct variable_info *info)
- {
--	struct variable_info *info = NULL;
--	struct variable_entry *entry = add_entry(context, guid, name_size, name);
--
--	if (entry) {
-+	if (info &&
-+		!info->is_constraints_set &&
-+		!info->is_variable_set) {
- 
--		info = &entry->info;
-+		struct variable_entry *entry = containing_entry(info);
-+		entry->in_use = false;
- 
--		info->check_constraints = *constraints;
--		info->is_constraints_set = true;
-+		memset(info, 0, sizeof(struct variable_info));
- 	}
-+}
- 
--	return info;
-+void variable_index_set_variable(
-+	struct variable_info *info,
-+	uint32_t attributes)
-+{
-+	struct variable_entry *entry = containing_entry(info);
-+
-+	info->metadata.attributes = attributes;
-+	info->is_variable_set = true;
-+
-+	mark_dirty(entry);
- }
- 
--void variable_index_remove_variable(
-+void variable_index_clear_variable(
- 	struct variable_index *context,
--	const struct variable_info *info)
-+	struct variable_info *info)
- {
- 	if (info) {
- 
-@@ -318,48 +318,17 @@ void variable_index_remove_variable(
- 
- 		/* Mark variable as no longer set */
- 		entry->info.is_variable_set = false;
--
--		/* Entry may still be needed if check constraints were set */
--		entry->in_use = info->is_constraints_set;
--
--		if (!entry->in_use) {
--
--			/* Entry not needed so wipe */
--			memset(&entry->info, 0, sizeof(struct variable_info));
--		}
- 	}
- }
- 
--void variable_index_update_variable(
--	const struct variable_info *info,
--	uint32_t attributes)
--{
--	if (info) {
--
--		struct variable_info *modified_info = (struct variable_info*)info;
--		struct variable_entry *entry = containing_entry(modified_info);
--
--		if (!modified_info->is_variable_set ||
--			(attributes != modified_info->metadata.attributes)) {
--
--			/* The update changes the variable_info state */
--			modified_info->is_variable_set = true;
--			modified_info->metadata.attributes = attributes;
--			mark_dirty(entry);
--		}
--	}
--}
--
--void variable_index_update_constraints(
--	const struct variable_info *info,
-+void variable_index_set_constraints(
-+	struct variable_info *info,
- 	const struct variable_constraints *constraints)
- {
- 	if (info) {
- 
--		struct variable_info *modified_info = (struct variable_info*)info;
--
--		modified_info->check_constraints = *constraints;
--		modified_info->is_constraints_set = true;
-+		info->check_constraints = *constraints;
-+		info->is_constraints_set = true;
- 	}
- }
- 
-diff --git a/components/service/smm_variable/backend/variable_index.h b/components/service/smm_variable/backend/variable_index.h
-index e109d0d1..63f42ab6 100644
---- a/components/service/smm_variable/backend/variable_index.h
-+++ b/components/service/smm_variable/backend/variable_index.h
-@@ -119,8 +119,8 @@ size_t variable_index_max_dump_size(
-  *
-  * @return     Pointer to variable_info or NULL
-  */
--const struct variable_info *variable_index_find(
--	const struct variable_index *context,
-+struct variable_info *variable_index_find(
-+	struct variable_index *context,
- 	const EFI_GUID *guid,
- 	size_t name_size,
- 	const int16_t *name);
-@@ -135,78 +135,76 @@ const struct variable_info *variable_index_find(
-  *
-  * @return     Pointer to variable_info or NULL
-  */
--const struct variable_info *variable_index_find_next(
-+struct variable_info *variable_index_find_next(
- 	const struct variable_index *context,
- 	const EFI_GUID *guid,
- 	size_t name_size,
- 	const int16_t *name);
- 
- /**
-- * @brief      Add a new variable to the index
-+ * @brief      Add a new entry to the index
-+ *
-+ * An entry is needed either when a new variable is created or
-+ * when variable constraints are set for a variable that doesn't
-+ * yet exist.
-  *
-  * @param[in]  context variable_index
-  * @param[in]  guid The variable's guid
-  * @param[in]  name_size The name parameter's size
-  * @param[in]  name The variable's name
-- * @param[in]  attributes The variable's attributes
-  *
-  * @return     Pointer to variable_info or NULL
-  */
--const struct variable_info *variable_index_add_variable(
-+struct variable_info *variable_index_add_entry(
- 	struct variable_index *context,
- 	const EFI_GUID *guid,
- 	size_t name_size,
--	const int16_t *name,
--	uint32_t attributes);
-+	const int16_t *name);
- 
- /**
-- * @brief      Remove a variable from the index
-+ * @brief      Remove an unused entry from the index
-  *
-- * Removes a variable from the index if it exists.
-+ * Removes an entry if it is not in use.
-  *
-  * @param[in]  context variable_index
-  * @param[in]  info The variable info corresponding to the entry to remove
-  */
--void variable_index_remove_variable(
-+void variable_index_remove_unused_entry(
- 	struct variable_index *context,
--	const struct variable_info *info);
-+	struct variable_info *info);
- 
- /**
-- * @brief      Update a variable that's already in the index
-+ * @brief      Set a variable to the index
-+ *
-+ * An entry for the variable must already exist.
-  *
-  * @param[in]  info variable info
-  * @param[in]  attributes The variable's attributes
-  */
--void variable_index_update_variable(
--	const struct variable_info *info,
-+void variable_index_set_variable(
-+	struct variable_info *info,
- 	uint32_t attributes);
- 
- /**
-- * @brief      Add a new check constraints object to the index
-+ * @brief      Clear a variable from the index
-  *
-- * @param[in]  context variable_index
-- * @param[in]  guid The variable's guid
-- * @param[in]  name_size The name parameter's size
-- * @param[in]  name The variable's name
-- * @param[in]  constraints The check constraints
-+ * Clears a variable from the index
-  *
-- * @return     Pointer to variable_info or NULL
-+ * @param[in]  context variable_index
-+ * @param[in]  info The variable info corresponding to the variable to clear
-  */
--const struct variable_info *variable_index_add_constraints(
-+void variable_index_clear_variable(
- 	struct variable_index *context,
--	const EFI_GUID *guid,
--	size_t name_size,
--	const int16_t *name,
--	const struct variable_constraints *constraints);
-+	struct variable_info *info);
- 
- /**
-- * @brief      Update variable constraints that are already in the index
-+ * @brief      Set a check constraints object associated with a variavle
-  *
-  * @param[in]  info variable info
-  * @param[in]  constraints The check constraints
-  */
--void variable_index_update_constraints(
--	const struct variable_info *info,
-+void variable_index_set_constraints(
-+	struct variable_info *info,
- 	const struct variable_constraints *constraints);
- 
- /**
-diff --git a/components/service/smm_variable/backend/variable_index_iterator.c b/components/service/smm_variable/backend/variable_index_iterator.c
-index 7cc6dc7a..8f8fc741 100644
---- a/components/service/smm_variable/backend/variable_index_iterator.c
-+++ b/components/service/smm_variable/backend/variable_index_iterator.c
-@@ -31,10 +31,10 @@ bool variable_index_iterator_is_done(
- 	return iter->current_pos >= iter->variable_index->max_variables;
- }
- 
--const struct variable_info *variable_index_iterator_current(
-+struct variable_info *variable_index_iterator_current(
- 	const struct variable_index_iterator *iter)
- {
--	const struct variable_info *current = NULL;
-+	struct variable_info *current = NULL;
- 
- 	if (!variable_index_iterator_is_done(iter)) {
- 
-diff --git a/components/service/smm_variable/backend/variable_index_iterator.h b/components/service/smm_variable/backend/variable_index_iterator.h
-index f64a2c49..7ff77c50 100644
---- a/components/service/smm_variable/backend/variable_index_iterator.h
-+++ b/components/service/smm_variable/backend/variable_index_iterator.h
-@@ -54,7 +54,7 @@ bool variable_index_iterator_is_done(
-  *
-  * @return     Pointer to variable_info or NULL
-  */
--const struct variable_info *variable_index_iterator_current(
-+struct variable_info *variable_index_iterator_current(
- 	const struct variable_index_iterator *iter);
- 
- /**
-diff --git a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp
-index d76d9cce..088940a8 100644
---- a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp
-+++ b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp
-@@ -249,6 +249,30 @@ TEST(SmmVariableServiceTests, setAndGet)
- 	UNSIGNED_LONGS_EQUAL(set_data.size(), get_data.size());
- 	LONGS_EQUAL(0, get_data.compare(set_data));
- 
-+	/* Extend the variable using an append write */
-+	std::string append_data = " values added with append write";
-+
-+	efi_status = m_client->set_variable(
-+		m_common_guid,
-+		var_name,
-+		append_data,
-+		EFI_VARIABLE_APPEND_WRITE);
-+
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
-+
-+	efi_status = m_client->get_variable(
-+		m_common_guid,
-+		var_name,
-+		get_data);
-+
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
-+
-+	std::string appended_data = set_data + append_data;
-+
-+	/* Expect the append write operation to have extended the variable */
-+	UNSIGNED_LONGLONGS_EQUAL(appended_data.size(), get_data.size());
-+	LONGS_EQUAL(0, appended_data.compare(get_data));
-+
- 	/* Expect remove to be permitted */
- 	efi_status = m_client->remove_variable(m_common_guid, var_name);
- 	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
-@@ -279,6 +303,30 @@ TEST(SmmVariableServiceTests, setAndGetNv)
- 	UNSIGNED_LONGS_EQUAL(set_data.size(), get_data.size());
- 	LONGS_EQUAL(0, get_data.compare(set_data));
- 
-+	/* Extend the variable using an append write */
-+	std::string append_data = " values added with append write";
-+
-+	efi_status = m_client->set_variable(
-+		m_common_guid,
-+		var_name,
-+		append_data,
-+		EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_APPEND_WRITE);
-+
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
-+
-+	efi_status = m_client->get_variable(
-+		m_common_guid,
-+		var_name,
-+		get_data);
-+
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
-+
-+	std::string appended_data = set_data + append_data;
-+
-+	/* Expect the append write operation to have extended the variable */
-+	UNSIGNED_LONGLONGS_EQUAL(appended_data.size(), get_data.size());
-+	LONGS_EQUAL(0, appended_data.compare(get_data));
-+
- 	/* Expect remove to be permitted */
- 	efi_status = m_client->remove_variable(m_common_guid, var_name);
- 	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
-diff --git a/protocols/service/smm_variable/parameters.h b/protocols/service/smm_variable/parameters.h
-index 1f795a9b..233f301b 100644
---- a/protocols/service/smm_variable/parameters.h
-+++ b/protocols/service/smm_variable/parameters.h
-@@ -47,6 +47,9 @@ typedef struct {
- 	 EFI_VARIABLE_HARDWARE_ERROR_RECORD | \
- 	 EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \
- 	 EFI_VARIABLE_APPEND_WRITE)
-+#define	EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS_MASK \
-+	(EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \
-+	 EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)
- 
- /**
-  * Parameter structure for SetVariable and GetVariable.
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0015-Add-UEFI-variable-support-for-QueryVariableInfo.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0015-Add-UEFI-variable-support-for-QueryVariableInfo.patch
deleted file mode 100644
index 978600d..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0015-Add-UEFI-variable-support-for-QueryVariableInfo.patch
+++ /dev/null
@@ -1,830 +0,0 @@
-From c4eaf83548eed4ed6194ff9e1368d6ae65f4ebf9 Mon Sep 17 00:00:00 2001
-From: Julian Hall <julian.hall@arm.com>
-Date: Thu, 2 Dec 2021 17:27:55 +0000
-Subject: [PATCH] Add UEFI variable support for QueryVariableInfo
-
-Adds support for the UEFI QueryVariableInfo operation. The total
-store size currently relies on pre-configured values, set for a
-particular deployment. Ideally, this information would be read
-from the storage backend. This facility is not however yet
-supported by the storage backend interface or by any PSA
-storage backend storage providers.
-
-Signed-off-by: Julian Hall <julian.hall@arm.com>
-Change-Id: I971252831f7e478914d736c672d184a371e64502
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-
----
- .../backend/test/variable_store_tests.cpp     |  89 +++++++-
- .../backend/uefi_variable_store.c             | 213 ++++++++++++++----
- .../backend/uefi_variable_store.h             |  39 +++-
- .../client/cpp/smm_variable_client.cpp        |  66 ++++++
- .../client/cpp/smm_variable_client.h          |   7 +
- .../provider/smm_variable_provider.c          |  31 ++-
- .../service/smm_variable_service_tests.cpp    |  55 ++++-
- 7 files changed, 445 insertions(+), 55 deletions(-)
-
-diff --git a/components/service/smm_variable/backend/test/variable_store_tests.cpp b/components/service/smm_variable/backend/test/variable_store_tests.cpp
-index 578f118f..e90c1067 100644
---- a/components/service/smm_variable/backend/test/variable_store_tests.cpp
-+++ b/components/service/smm_variable/backend/test/variable_store_tests.cpp
-@@ -27,6 +27,18 @@ TEST_GROUP(UefiVariableStoreTests)
- 
- 		UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
- 
-+		uefi_variable_store_set_storage_limits(
-+			&m_uefi_variable_store,
-+			EFI_VARIABLE_NON_VOLATILE,
-+			STORE_CAPACITY,
-+			MAX_VARIABLE_SIZE);
-+
-+		uefi_variable_store_set_storage_limits(
-+			&m_uefi_variable_store,
-+			0,
-+			STORE_CAPACITY,
-+			MAX_VARIABLE_SIZE);
-+
- 		setup_common_guid();
- 	}
- 
-@@ -152,6 +164,33 @@ TEST_GROUP(UefiVariableStoreTests)
- 		return status;
- 	}
- 
-+	efi_status_t query_variable_info(
-+		uint32_t attributes,
-+		size_t *max_variable_storage_size,
-+		size_t *remaining_variable_storage_size,
-+		size_t *max_variable_size)
-+	{
-+		SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO query;
-+
-+		query.MaximumVariableStorageSize = 0;
-+		query.RemainingVariableStorageSize = 0;
-+		query.MaximumVariableSize = 0;
-+		query.Attributes = attributes;
-+
-+		efi_status_t status = uefi_variable_store_query_variable_info(
-+			&m_uefi_variable_store,
-+			&query);
-+
-+		if (status == EFI_SUCCESS) {
-+
-+			*max_variable_storage_size = query.MaximumVariableStorageSize;
-+			*remaining_variable_storage_size = query.RemainingVariableStorageSize;
-+			*max_variable_size = query.MaximumVariableSize;
-+		}
-+
-+		return status;
-+	}
-+
- 	efi_status_t set_check_var_property(
- 		const std::wstring &name,
- 		const VAR_CHECK_VARIABLE_PROPERTY &check_property)
-@@ -195,7 +234,8 @@ TEST_GROUP(UefiVariableStoreTests)
- 
- 		if (info && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) {
- 
--			struct storage_backend *storage_backend = m_uefi_variable_store.persistent_store;
-+			struct storage_backend *storage_backend =
-+				m_uefi_variable_store.persistent_store.storage_backend;
- 
- 			storage_backend->interface->remove(
- 				storage_backend->context,
-@@ -220,9 +260,24 @@ TEST_GROUP(UefiVariableStoreTests)
- 			m_volatile_backend);
- 
- 		UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
-+
-+		uefi_variable_store_set_storage_limits(
-+			&m_uefi_variable_store,
-+			EFI_VARIABLE_NON_VOLATILE,
-+			STORE_CAPACITY,
-+			MAX_VARIABLE_SIZE);
-+
-+		uefi_variable_store_set_storage_limits(
-+			&m_uefi_variable_store,
-+			0,
-+			STORE_CAPACITY,
-+			MAX_VARIABLE_SIZE);
- 	}
- 
- 	static const size_t MAX_VARIABLES = 10;
-+	static const size_t MAX_VARIABLE_SIZE = 100;
-+	static const size_t STORE_CAPACITY = 1000;
-+
- 	static const uint32_t OWNER_ID = 100;
- 	static const size_t VARIABLE_BUFFER_SIZE = 1024;
- 
-@@ -265,6 +320,22 @@ TEST(UefiVariableStoreTests, setGetRoundtrip)
- 	/* Expect the append write operation to have extended the variable */
- 	UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size());
- 	LONGS_EQUAL(0, expected_output.compare(output_data));
-+
-+	/* Expect query_variable_info to return consistent values */
-+	size_t max_variable_storage_size = 0;
-+	size_t remaining_variable_storage_size = 0;
-+	size_t max_variable_size = 0;
-+
-+	status = query_variable_info(
-+		0,
-+		&max_variable_storage_size,
-+		&remaining_variable_storage_size,
-+		&max_variable_size);
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
-+
-+	UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY, max_variable_storage_size);
-+	UNSIGNED_LONGLONGS_EQUAL(MAX_VARIABLE_SIZE, max_variable_size);
-+	UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY - expected_output.size(), remaining_variable_storage_size);
- }
- 
- TEST(UefiVariableStoreTests, persistentSetGet)
-@@ -311,6 +382,22 @@ TEST(UefiVariableStoreTests, persistentSetGet)
- 	/* Still expect got variable data to be the same as the set value */
- 	UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size());
- 	LONGS_EQUAL(0, expected_output.compare(output_data));
-+
-+	/* Expect query_variable_info to return consistent values */
-+	size_t max_variable_storage_size = 0;
-+	size_t remaining_variable_storage_size = 0;
-+	size_t max_variable_size = 0;
-+
-+	status = query_variable_info(
-+		EFI_VARIABLE_NON_VOLATILE,
-+		&max_variable_storage_size,
-+		&remaining_variable_storage_size,
-+		&max_variable_size);
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
-+
-+	UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY, max_variable_storage_size);
-+	UNSIGNED_LONGLONGS_EQUAL(MAX_VARIABLE_SIZE, max_variable_size);
-+	UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY - expected_output.size(), remaining_variable_storage_size);
- }
- 
- TEST(UefiVariableStoreTests, removeVolatile)
-diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
-index bcb85995..ed50eaf9 100644
---- a/components/service/smm_variable/backend/uefi_variable_store.c
-+++ b/components/service/smm_variable/backend/uefi_variable_store.c
-@@ -46,8 +46,15 @@ static efi_status_t load_variable_data(
- 	SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var,
- 	size_t max_data_len);
- 
--static psa_status_t append_write(
--	struct storage_backend *storage_backend,
-+static psa_status_t store_overwrite(
-+	struct delegate_variable_store *delegate_store,
-+	uint32_t client_id,
-+	uint64_t uid,
-+	size_t data_length,
-+	const void *data);
-+
-+static psa_status_t store_append_write(
-+	struct delegate_variable_store *delegate_store,
- 	uint32_t client_id,
- 	uint64_t uid,
- 	size_t data_length,
-@@ -56,6 +63,15 @@ static psa_status_t append_write(
- static void purge_orphan_index_entries(
- 	struct uefi_variable_store *context);
- 
-+static struct delegate_variable_store *select_delegate_store(
-+	struct uefi_variable_store *context,
-+	uint32_t attributes);
-+
-+static size_t space_used(
-+	struct uefi_variable_store *context,
-+	uint32_t attributes,
-+	struct storage_backend *storage_backend);
-+
- static efi_status_t psa_to_efi_storage_status(
- 	psa_status_t psa_status);
- 
-@@ -66,6 +82,10 @@ static efi_status_t check_name_terminator(
- /* Private UID for storing the variable index */
- #define VARIABLE_INDEX_STORAGE_UID			(1)
- 
-+/* Default maximum variable size -
-+ * may be overridden using uefi_variable_store_set_storage_limits()
-+ */
-+#define DEFAULT_MAX_VARIABLE_SIZE			(2048)
- 
- efi_status_t uefi_variable_store_init(
- 	struct uefi_variable_store *context,
-@@ -76,8 +96,17 @@ efi_status_t uefi_variable_store_init(
- {
- 	efi_status_t status = EFI_SUCCESS;
- 
--	context->persistent_store = persistent_store;
--	context->volatile_store = volatile_store;
-+	/* Initialise persistent store defaults */
-+	context->persistent_store.is_nv = true;
-+	context->persistent_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE;
-+	context->persistent_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables;
-+	context->persistent_store.storage_backend = persistent_store;
-+
-+	/* Initialise volatile store defaults */
-+	context->volatile_store.is_nv = false;
-+	context->volatile_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE;
-+	context->volatile_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables;
-+	context->volatile_store.storage_backend = volatile_store;
- 
- 	context->owner_id = owner_id;
- 	context->is_boot_service = true;
-@@ -116,6 +145,20 @@ void uefi_variable_store_deinit(
- 	context->index_sync_buffer = NULL;
- }
- 
-+void uefi_variable_store_set_storage_limits(
-+	struct uefi_variable_store *context,
-+	uint32_t attributes,
-+	size_t total_capacity,
-+	size_t max_variable_size)
-+{
-+	struct delegate_variable_store *delegate_store = select_delegate_store(
-+		context,
-+		attributes);
-+
-+	delegate_store->total_capacity = total_capacity;
-+	delegate_store->max_variable_size = max_variable_size;
-+}
-+
- efi_status_t uefi_variable_store_set_variable(
- 	struct uefi_variable_store *context,
- 	const SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var)
-@@ -284,12 +327,24 @@ efi_status_t uefi_variable_store_get_next_variable_name(
- 
- efi_status_t uefi_variable_store_query_variable_info(
- 	struct uefi_variable_store *context,
--	SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *cur)
-+	SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *var_info)
- {
--	efi_status_t status = EFI_UNSUPPORTED;
-+	struct delegate_variable_store *delegate_store = select_delegate_store(
-+		context,
-+		var_info->Attributes);
- 
-+	size_t total_used = space_used(
-+		context,
-+		var_info->Attributes,
-+		delegate_store->storage_backend);
- 
--	return status;
-+	var_info->MaximumVariableSize = delegate_store->max_variable_size;
-+	var_info->MaximumVariableStorageSize = delegate_store->total_capacity;
-+	var_info->RemainingVariableStorageSize = (total_used < delegate_store->total_capacity) ?
-+		delegate_store->total_capacity - total_used :
-+		0;
-+
-+	return EFI_SUCCESS;
- }
- 
- efi_status_t uefi_variable_store_exit_boot_service(
-@@ -375,7 +430,7 @@ efi_status_t uefi_variable_store_get_var_check_property(
- static void load_variable_index(
- 	struct uefi_variable_store *context)
- {
--	struct storage_backend *persistent_store = context->persistent_store;
-+	struct storage_backend *persistent_store = context->persistent_store.storage_backend;
- 
- 	if (persistent_store) {
- 
-@@ -413,7 +468,7 @@ static efi_status_t sync_variable_index(
- 
- 	if (is_dirty) {
- 
--		struct storage_backend *persistent_store = context->persistent_store;
-+		struct storage_backend *persistent_store = context->persistent_store.storage_backend;
- 
- 		if (persistent_store) {
- 
-@@ -501,30 +556,27 @@ static efi_status_t store_variable_data(
- 	const uint8_t *data = (const uint8_t*)var +
- 		SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(var);
- 
--	bool is_nv = (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE);
--
--	struct storage_backend *storage_backend = (is_nv) ?
--		context->persistent_store :
--		context->volatile_store;
-+	struct delegate_variable_store *delegate_store = select_delegate_store(
-+		context,
-+		info->metadata.attributes);
- 
--	if (storage_backend) {
-+	if (delegate_store->storage_backend) {
- 
- 		if (!(var->Attributes & EFI_VARIABLE_APPEND_WRITE)) {
- 
- 			/* Create or overwrite variable data */
--			psa_status = storage_backend->interface->set(
--				storage_backend->context,
-+			psa_status = store_overwrite(
-+				delegate_store,
- 				context->owner_id,
- 				info->metadata.uid,
- 				data_len,
--				data,
--				PSA_STORAGE_FLAG_NONE);
-+				data);
- 		}
- 		else {
- 
- 			/* Append new data to existing variable data */
--			psa_status = append_write(
--				storage_backend,
-+			psa_status = store_append_write(
-+				delegate_store,
- 				context->owner_id,
- 				info->metadata.uid,
- 				data_len,
-@@ -532,7 +584,7 @@ static efi_status_t store_variable_data(
- 		}
- 	}
- 
--	if ((psa_status != PSA_SUCCESS) && is_nv) {
-+	if ((psa_status != PSA_SUCCESS) && delegate_store->is_nv) {
- 
- 		/* A storage failure has occurred so attempt to fix any
- 		 * mismatch between the variable index and stored NV variables.
-@@ -551,16 +603,14 @@ static efi_status_t remove_variable_data(
- 
- 	if (info->is_variable_set) {
- 
--		bool is_nv = (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE);
-+		struct delegate_variable_store *delegate_store = select_delegate_store(
-+			context,
-+			info->metadata.attributes);
- 
--		struct storage_backend *storage_backend = (is_nv) ?
--			context->persistent_store :
--			context->volatile_store;
-+		if (delegate_store->storage_backend) {
- 
--		if (storage_backend) {
--
--			psa_status = storage_backend->interface->remove(
--				storage_backend->context,
-+			psa_status = delegate_store->storage_backend->interface->remove(
-+				delegate_store->storage_backend->context,
- 				context->owner_id,
- 				info->metadata.uid);
- 		}
-@@ -580,16 +630,14 @@ static efi_status_t load_variable_data(
- 	uint8_t *data = (uint8_t*)var +
- 		SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(var);
- 
--	bool is_nv = (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE);
-+	struct delegate_variable_store *delegate_store = select_delegate_store(
-+		context,
-+		info->metadata.attributes);
- 
--	struct storage_backend *storage_backend = (is_nv) ?
--		context->persistent_store :
--		context->volatile_store;
-+	if (delegate_store->storage_backend) {
- 
--	if (storage_backend) {
--
--		psa_status = storage_backend->interface->get(
--			storage_backend->context,
-+		psa_status = delegate_store->storage_backend->interface->get(
-+			delegate_store->storage_backend->context,
- 			context->owner_id,
- 			info->metadata.uid,
- 			0,
-@@ -603,8 +651,29 @@ static efi_status_t load_variable_data(
- 	return psa_to_efi_storage_status(psa_status);
- }
- 
--static psa_status_t append_write(
--	struct storage_backend *storage_backend,
-+static psa_status_t store_overwrite(
-+	struct delegate_variable_store *delegate_store,
-+	uint32_t client_id,
-+	uint64_t uid,
-+	size_t data_length,
-+	const void *data)
-+{
-+	/* Police maximum variable size limit */
-+	if (data_length > delegate_store->max_variable_size) return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	psa_status_t psa_status = delegate_store->storage_backend->interface->set(
-+		delegate_store->storage_backend->context,
-+		client_id,
-+		uid,
-+		data_length,
-+		data,
-+		PSA_STORAGE_FLAG_NONE);
-+
-+	return psa_status;
-+}
-+
-+static psa_status_t store_append_write(
-+	struct delegate_variable_store *delegate_store,
- 	uint32_t client_id,
- 	uint64_t uid,
- 	size_t data_length,
-@@ -614,8 +683,8 @@ static psa_status_t append_write(
- 
- 	if (data_length == 0) return PSA_SUCCESS;
- 
--	psa_status_t psa_status = storage_backend->interface->get_info(
--		storage_backend->context,
-+	psa_status_t psa_status = delegate_store->storage_backend->interface->get_info(
-+		delegate_store->storage_backend->context,
- 		client_id,
- 		uid,
- 		&storage_info);
-@@ -628,6 +697,9 @@ static psa_status_t append_write(
- 	/* Defend against integer overflow */
- 	if (new_size < storage_info.size) return PSA_ERROR_INVALID_ARGUMENT;
- 
-+		/* Police maximum variable size limit */
-+	if (new_size > delegate_store->max_variable_size) return PSA_ERROR_INVALID_ARGUMENT;
-+
- 	/* Storage backend doesn't support an append operation so we need
- 	 * need to read the current variable data, extend it and write it back.
- 	 */
-@@ -635,8 +707,8 @@ static psa_status_t append_write(
- 	if (!rw_buf) return PSA_ERROR_INSUFFICIENT_MEMORY;
- 
- 	size_t old_size = 0;
--	psa_status = storage_backend->interface->get(
--		storage_backend->context,
-+	psa_status = delegate_store->storage_backend->interface->get(
-+		delegate_store->storage_backend->context,
- 		client_id,
- 		uid,
- 		0,
-@@ -651,8 +723,8 @@ static psa_status_t append_write(
- 			/* Extend the variable data */
- 			memcpy(&rw_buf[old_size], data, data_length);
- 
--			psa_status = storage_backend->interface->set(
--				storage_backend->context,
-+			psa_status = delegate_store->storage_backend->interface->set(
-+				delegate_store->storage_backend->context,
- 				client_id,
- 				uid,
- 				old_size + data_length,
-@@ -692,7 +764,7 @@ static void purge_orphan_index_entries(
- 		if (info->is_variable_set && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) {
- 
- 			struct psa_storage_info_t storage_info;
--			struct storage_backend *storage_backend = context->persistent_store;
-+			struct storage_backend *storage_backend = context->persistent_store.storage_backend;
- 
- 			psa_status_t psa_status = storage_backend->interface->get_info(
- 				storage_backend->context,
-@@ -714,6 +786,53 @@ static void purge_orphan_index_entries(
- 	if (any_orphans) sync_variable_index(context);
- }
- 
-+static struct delegate_variable_store *select_delegate_store(
-+	struct uefi_variable_store *context,
-+	uint32_t attributes)
-+{
-+	bool is_nv = (attributes & EFI_VARIABLE_NON_VOLATILE);
-+
-+	return (is_nv) ?
-+		&context->persistent_store :
-+		&context->volatile_store;
-+}
-+
-+static size_t space_used(
-+	struct uefi_variable_store *context,
-+	uint32_t attributes,
-+	struct storage_backend *storage_backend)
-+{
-+	if (!storage_backend) return 0;
-+
-+	size_t total_used = 0;
-+	struct variable_index_iterator iter;
-+	variable_index_iterator_first(&iter, &context->variable_index);
-+
-+	while (!variable_index_iterator_is_done(&iter)) {
-+
-+		struct variable_info *info = variable_index_iterator_current(&iter);
-+
-+		if (info->is_variable_set &&
-+		    ((info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE) ==
-+			 (attributes & EFI_VARIABLE_NON_VOLATILE))) {
-+
-+			struct psa_storage_info_t storage_info;
-+
-+			psa_status_t psa_status = storage_backend->interface->get_info(
-+				storage_backend->context,
-+				context->owner_id,
-+				info->metadata.uid,
-+				&storage_info);
-+
-+			if (psa_status == PSA_SUCCESS) total_used += storage_info.size;
-+		}
-+
-+		variable_index_iterator_next(&iter);
-+	}
-+
-+	return total_used;
-+}
-+
- static efi_status_t psa_to_efi_storage_status(
- 	psa_status_t psa_status)
- {
-diff --git a/components/service/smm_variable/backend/uefi_variable_store.h b/components/service/smm_variable/backend/uefi_variable_store.h
-index fe0f24af..cc992067 100644
---- a/components/service/smm_variable/backend/uefi_variable_store.h
-+++ b/components/service/smm_variable/backend/uefi_variable_store.h
-@@ -20,6 +20,20 @@
- extern "C" {
- #endif
- 
-+/**
-+ * \brief delegate_variable_store structure definition
-+ *
-+ * A delegate_variable_store combines an association with a concrete
-+ * storage backend and a set of limits parameters.
-+ */
-+struct delegate_variable_store
-+{
-+	bool is_nv;
-+	size_t total_capacity;
-+	size_t max_variable_size;
-+	struct storage_backend *storage_backend;
-+};
-+
- /**
-  * \brief uefi_variable_store structure definition
-  *
-@@ -35,8 +49,8 @@ struct uefi_variable_store
- 	uint8_t *index_sync_buffer;
- 	size_t index_sync_buffer_size;
- 	struct variable_index variable_index;
--	struct storage_backend *persistent_store;
--	struct storage_backend *volatile_store;
-+	struct delegate_variable_store persistent_store;
-+	struct delegate_variable_store volatile_store;
- };
- 
- /**
-@@ -69,6 +83,23 @@ efi_status_t uefi_variable_store_init(
- void uefi_variable_store_deinit(
- 	struct uefi_variable_store *context);
- 
-+/**
-+ * @brief      Set storage limits
-+ *
-+ * Overrides the default limits for the specified storage space. These
-+ * values are reflected in the values returned by QueryVariableInfo.
-+ *
-+ * @param[in]  context uefi_variable_store instance
-+ * @param[in]  attributes EFI_VARIABLE_NON_VOLATILE or 0
-+ * @param[in]  total_capacity The total storage capacity in bytes
-+ * @param[in]  max_variable_size Variable size limit
-+ */
-+void uefi_variable_store_set_storage_limits(
-+	struct uefi_variable_store *context,
-+	uint32_t attributes,
-+	size_t total_capacity,
-+	size_t max_variable_size);
-+
- /**
-  * @brief      Set variable
-  *
-@@ -123,13 +154,13 @@ efi_status_t uefi_variable_store_get_next_variable_name(
-  * @brief      Query for variable info
-  *
-  * @param[in]  context uefi_variable_store instance
-- * @param[out] info Returns info
-+ * @param[inout] var_info Returns info
-  *
-  * @return     EFI_SUCCESS if succesful
-  */
- efi_status_t uefi_variable_store_query_variable_info(
- 	struct uefi_variable_store *context,
--	SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *cur);
-+	SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *var_info);
- 
- /**
-  * @brief      Exit boot service
-diff --git a/components/service/smm_variable/client/cpp/smm_variable_client.cpp b/components/service/smm_variable/client/cpp/smm_variable_client.cpp
-index a68b7ace..8438285b 100644
---- a/components/service/smm_variable/client/cpp/smm_variable_client.cpp
-+++ b/components/service/smm_variable/client/cpp/smm_variable_client.cpp
-@@ -219,6 +219,72 @@ efi_status_t smm_variable_client::get_next_variable_name(
- 		0);
- }
- 
-+efi_status_t smm_variable_client::query_variable_info(
-+	uint32_t attributes,
-+	size_t *max_variable_storage_size,
-+	size_t *remaining_variable_storage_size,
-+	size_t *max_variable_size)
-+{
-+	efi_status_t efi_status = EFI_NOT_READY;
-+
-+	size_t req_len = sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO);
-+	rpc_call_handle call_handle;
-+	uint8_t *req_buf;
-+
-+	call_handle = rpc_caller_begin(m_caller, &req_buf, req_len);
-+
-+	if (call_handle) {
-+
-+		uint8_t *resp_buf;
-+        size_t resp_len;
-+		rpc_opstatus_t opstatus;
-+
-+		SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *query =
-+			(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO*)req_buf;
-+
-+		query->Attributes = attributes;
-+		query->MaximumVariableSize = 0;
-+		query->MaximumVariableStorageSize = 0;
-+		query->RemainingVariableStorageSize = 0;
-+
-+		m_err_rpc_status = rpc_caller_invoke(m_caller, call_handle,
-+			SMM_VARIABLE_FUNCTION_QUERY_VARIABLE_INFO, &opstatus, &resp_buf, &resp_len);
-+
-+		if (m_err_rpc_status == TS_RPC_CALL_ACCEPTED) {
-+
-+			efi_status = opstatus;
-+
-+			if (efi_status == EFI_SUCCESS) {
-+
-+				if (resp_len >= sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO)) {
-+
-+					query = (SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO*)resp_buf;
-+
-+					*max_variable_storage_size = query->MaximumVariableStorageSize;
-+					*remaining_variable_storage_size = query->RemainingVariableStorageSize;
-+					*max_variable_size = query->MaximumVariableSize;
-+				}
-+				else {
-+
-+					efi_status = EFI_PROTOCOL_ERROR;
-+				}
-+			}
-+			else {
-+
-+				efi_status = EFI_PROTOCOL_ERROR;
-+			}
-+		}
-+		else {
-+
-+			efi_status = rpc_to_efi_status();
-+		}
-+
-+		rpc_caller_end(m_caller, call_handle);
-+	}
-+
-+	return efi_status;
-+}
-+
- efi_status_t smm_variable_client::get_next_variable_name(
- 	EFI_GUID &guid,
- 	std::wstring &name,
-diff --git a/components/service/smm_variable/client/cpp/smm_variable_client.h b/components/service/smm_variable/client/cpp/smm_variable_client.h
-index 9c36c4eb..c7973916 100644
---- a/components/service/smm_variable/client/cpp/smm_variable_client.h
-+++ b/components/service/smm_variable/client/cpp/smm_variable_client.h
-@@ -63,6 +63,13 @@ public:
- 		const EFI_GUID &guid,
- 		const std::wstring &name);
- 
-+	/* Query variable info */
-+	efi_status_t query_variable_info(
-+		uint32_t attributes,
-+		size_t *max_variable_storage_size,
-+		size_t *remaining_variable_storage_size,
-+		size_t *max_variable_size);
-+
- 	/* Get the next variable name - for enumerating store contents */
- 	efi_status_t get_next_variable_name(
- 		EFI_GUID &guid,
-diff --git a/components/service/smm_variable/provider/smm_variable_provider.c b/components/service/smm_variable/provider/smm_variable_provider.c
-index d239a428..52e68d09 100644
---- a/components/service/smm_variable/provider/smm_variable_provider.c
-+++ b/components/service/smm_variable/provider/smm_variable_provider.c
-@@ -252,11 +252,38 @@ static rpc_status_t set_variable_handler(void *context, struct call_req* req)
- 
- static rpc_status_t query_variable_info_handler(void *context, struct call_req* req)
- {
-+	efi_status_t efi_status = EFI_INVALID_PARAMETER;
- 	struct smm_variable_provider *this_instance = (struct smm_variable_provider*)context;
- 
--	/* todo */
-+	const struct call_param_buf *req_buf = call_req_get_req_buf(req);
-+
-+	if (req_buf->data_len >= sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO)) {
-+
-+		struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
-+
-+		if (resp_buf->size >= req_buf->data_len) {
- 
--	return TS_RPC_ERROR_NOT_READY;
-+			memmove(resp_buf->data, req_buf->data, req_buf->data_len);
-+
-+			efi_status = uefi_variable_store_query_variable_info(
-+				&this_instance->variable_store,
-+				(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO*)resp_buf->data);
-+
-+			if (efi_status == EFI_SUCCESS) {
-+
-+				resp_buf->data_len = sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO);
-+			}
-+		}
-+		else {
-+
-+			/* Reponse buffer not big enough */
-+			efi_status = EFI_BAD_BUFFER_SIZE;
-+		}
-+	}
-+
-+	call_req_set_opstatus(req, efi_status);
-+
-+	return TS_RPC_CALL_ACCEPTED;
- }
- 
- static rpc_status_t exit_boot_service_handler(void *context, struct call_req* req)
-diff --git a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp
-index 088940a8..15556e9d 100644
---- a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp
-+++ b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp
-@@ -335,12 +335,38 @@ TEST(SmmVariableServiceTests, setAndGetNv)
- TEST(SmmVariableServiceTests, enumerateStoreContents)
- {
- 	efi_status_t efi_status = EFI_SUCCESS;
-+
-+	/* Query information about the empty variable store */
-+	size_t nv_max_variable_storage_size = 0;
-+	size_t nv_max_variable_size = 0;
-+	size_t nv_remaining_variable_storage_size = 0;
-+
-+	efi_status = m_client->query_variable_info(
-+		EFI_VARIABLE_NON_VOLATILE,
-+		&nv_max_variable_storage_size,
-+		&nv_remaining_variable_storage_size,
-+		&nv_max_variable_size);
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
-+	UNSIGNED_LONGLONGS_EQUAL(nv_max_variable_storage_size, nv_remaining_variable_storage_size);
-+
-+	size_t v_max_variable_storage_size = 0;
-+	size_t v_max_variable_size = 0;
-+	size_t v_remaining_variable_storage_size = 0;
-+
-+	efi_status = m_client->query_variable_info(
-+		0,
-+		&v_max_variable_storage_size,
-+		&v_remaining_variable_storage_size,
-+		&v_max_variable_size);
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
-+	UNSIGNED_LONGLONGS_EQUAL(v_max_variable_storage_size, v_remaining_variable_storage_size);
-+
-+	/* Add some variables to the store */
- 	std::wstring var_name_1 = L"varibale_1";
- 	std::wstring var_name_2 = L"varibale_2";
- 	std::wstring var_name_3 = L"varibale_3";
- 	std::string set_data = "Some variable data";
- 
--	/* Add some variables to the store */
- 	efi_status = m_client->set_variable(
- 		m_common_guid,
- 		var_name_1,
-@@ -365,6 +391,33 @@ TEST(SmmVariableServiceTests, enumerateStoreContents)
- 
- 	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
- 
-+	/* Query variable info again and check it's as expected */
-+	size_t max_variable_storage_size = 0;
-+	size_t max_variable_size = 0;
-+	size_t remaining_variable_storage_size = 0;
-+
-+	/* Check non-volatile - two variables have been added */
-+	efi_status = m_client->query_variable_info(
-+		EFI_VARIABLE_NON_VOLATILE,
-+		&max_variable_storage_size,
-+		&remaining_variable_storage_size,
-+		&max_variable_size);
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
-+	UNSIGNED_LONGLONGS_EQUAL(
-+		(nv_remaining_variable_storage_size - set_data.size() * 2),
-+		remaining_variable_storage_size);
-+
-+	/* Check volatile - one variables have been added */
-+	efi_status = m_client->query_variable_info(
-+		0,
-+		&max_variable_storage_size,
-+		&remaining_variable_storage_size,
-+		&max_variable_size);
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
-+	UNSIGNED_LONGLONGS_EQUAL(
-+		(v_remaining_variable_storage_size - set_data.size() * 1),
-+		remaining_variable_storage_size);
-+
- 	/* Enumerate store contents - expect the values we added */
- 	std::wstring var_name;
- 	EFI_GUID guid = {0};
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0016-Add-uefi-test-deployment.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0016-Add-uefi-test-deployment.patch
deleted file mode 100644
index 66a4499..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0016-Add-uefi-test-deployment.patch
+++ /dev/null
@@ -1,248 +0,0 @@
-From 22120b4bd64da232e5a4e04a9a15376f34a933a3 Mon Sep 17 00:00:00 2001
-From: Julian Hall <julian.hall@arm.com>
-Date: Mon, 6 Dec 2021 15:20:12 +0000
-Subject: [PATCH] Add uefi-test deployment
-
-Adds a new deployment for building and running service level tests
-for UEFI SMM services. Tests may be run against StMM, smm-gateway
-or any other similar secure-world uefi service provider.
-
-Signed-off-by: Julian Hall <julian.hall@arm.com>
-Change-Id: Ic0e16dff51ef76ddd1f4dea37a4a55b029edd696
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-
----
- .../ts-service-test/arm-linux/CMakeLists.txt  |  3 -
- .../uefi-test/arm-linux/CMakeLists.txt        | 43 +++++++++++
- deployments/uefi-test/linux-pc/CMakeLists.txt | 76 +++++++++++++++++++
- deployments/uefi-test/uefi-test.cmake         | 52 +++++++++++++
- tools/b-test/test_data.yaml                   | 10 +++
- 5 files changed, 181 insertions(+), 3 deletions(-)
- create mode 100644 deployments/uefi-test/arm-linux/CMakeLists.txt
- create mode 100644 deployments/uefi-test/linux-pc/CMakeLists.txt
- create mode 100644 deployments/uefi-test/uefi-test.cmake
-
-diff --git a/deployments/ts-service-test/arm-linux/CMakeLists.txt b/deployments/ts-service-test/arm-linux/CMakeLists.txt
-index 6a01d38a..e902cd2f 100644
---- a/deployments/ts-service-test/arm-linux/CMakeLists.txt
-+++ b/deployments/ts-service-test/arm-linux/CMakeLists.txt
-@@ -23,9 +23,6 @@ add_components(
- 	BASE_DIR ${TS_ROOT}
- 	COMPONENTS
- 		"components/app/test-runner"
--# Running smm_variable tests currently requires kernel built with CONFIG_STRICT_DEVMEM=n
--#		"components/service/smm_variable/client/cpp"
--#		"components/service/smm_variable/test/service"
-  )
- 
- include(${TS_ROOT}/external/CppUTest/CppUTest.cmake)
-diff --git a/deployments/uefi-test/arm-linux/CMakeLists.txt b/deployments/uefi-test/arm-linux/CMakeLists.txt
-new file mode 100644
-index 00000000..053041ad
---- /dev/null
-+++ b/deployments/uefi-test/arm-linux/CMakeLists.txt
-@@ -0,0 +1,43 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+cmake_minimum_required(VERSION 3.16)
-+include(../../deployment.cmake REQUIRED)
-+
-+#-------------------------------------------------------------------------------
-+#  The CMakeLists.txt for building the uefi-test deployment for arm-linux
-+#
-+#  Used for building and running service level tests from Linux user-space
-+#  on an Arm platform with real deployments of UEFI SMM services
-+#-------------------------------------------------------------------------------
-+include(${TS_ROOT}/environments/arm-linux/env.cmake)
-+project(trusted-services LANGUAGES CXX C)
-+add_executable(uefi-test)
-+target_include_directories(uefi-test PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}")
-+
-+add_components(
-+	TARGET "uefi-test"
-+	BASE_DIR ${TS_ROOT}
-+	COMPONENTS
-+		"components/app/test-runner"
-+ )
-+
-+include(${TS_ROOT}/external/CppUTest/CppUTest.cmake)
-+target_link_libraries(uefi-test PRIVATE CppUTest)
-+
-+#-------------------------------------------------------------------------------
-+#  Extend with components that are common across all deployments of
-+#  uefi-test
-+#
-+#-------------------------------------------------------------------------------
-+include(../uefi-test.cmake REQUIRED)
-+
-+#-------------------------------------------------------------------------------
-+#  Define library options and dependencies.
-+#
-+#-------------------------------------------------------------------------------
-+env_set_link_options(TGT uefi-test)
-+target_link_libraries(uefi-test PRIVATE stdc++ gcc m)
-diff --git a/deployments/uefi-test/linux-pc/CMakeLists.txt b/deployments/uefi-test/linux-pc/CMakeLists.txt
-new file mode 100644
-index 00000000..be6e9840
---- /dev/null
-+++ b/deployments/uefi-test/linux-pc/CMakeLists.txt
-@@ -0,0 +1,76 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+cmake_minimum_required(VERSION 3.16)
-+include(../../deployment.cmake REQUIRED)
-+
-+#-------------------------------------------------------------------------------
-+#  The CMakeLists.txt for building the uefi-test deployment for linux-pc
-+#
-+#  Used for building and running service level tests in a native PC enviroment.
-+#  Tests can be run by running the built executable called "uefi-test"
-+#-------------------------------------------------------------------------------
-+include(${TS_ROOT}/environments/linux-pc/env.cmake)
-+project(trusted-services LANGUAGES CXX C)
-+
-+# Prevents symbols in the uefi-test executable overriding symbols with
-+# with same name in libts during dynamic linking performed by the program
-+# loader.
-+set(CMAKE_C_VISIBILITY_PRESET hidden)
-+
-+# Preparing firmware-test-build by including it
-+include(${TS_ROOT}/external/firmware_test_builder/FirmwareTestBuilder.cmake)
-+
-+include(CTest)
-+include(UnitTest)
-+
-+set(COVERAGE FALSE CACHE BOOL "Enable code coverage measurement")
-+set(UNIT_TEST_PROJECT_PATH ${TS_ROOT} CACHE PATH "Path of the project directory")
-+set(CMAKE_CXX_STANDARD 11)
-+
-+unit_test_init_cpputest()
-+
-+if (COVERAGE)
-+	include(Coverage)
-+
-+	set(COVERAGE_FILE "coverage.info")
-+	set(TS_SERVICE_TEST_COVERAGE_FILE "uefi-test-coverage.info" CACHE PATH "Path of coverage info file")
-+	set(TS_SERVICE_TEST_COVERAGE_REPORT_DIR "${CMAKE_CURRENT_BINARY_DIR}/ts-service-coverage-report" CACHE PATH "Directory of coverage report")
-+
-+	# Collecting coverage
-+	coverage_generate(
-+		NAME "ts-service test"
-+		SOURCE_DIR ${TS_ROOT}
-+		BINARY_DIR ${CMAKE_CURRENT_BINARY_DIR}
-+		OUTPUT_FILE ${COVERAGE_FILE}
-+	)
-+
-+	# Filtering project file coverage
-+	coverage_filter(
-+		INPUT_FILE ${COVERAGE_FILE}
-+		OUTPUT_FILE ${TS_SERVICE_TEST_COVERAGE_FILE}
-+		INCLUDE_DIRECTORY ${UNIT_TEST_PROJECT_PATH}/components
-+	)
-+
-+	# Coverage report
-+	coverage_generate_report(
-+		INPUT_FILE ${TS_SERVICE_TEST_COVERAGE_FILE}
-+		OUTPUT_DIRECTORY ${TS_SERVICE_TEST_COVERAGE_REPORT_DIR}
-+	)
-+endif()
-+
-+unit_test_add_suite(
-+	NAME uefi-test
-+)
-+
-+target_include_directories(uefi-test PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}")
-+
-+#-------------------------------------------------------------------------------
-+#  Extend with components that are common across all deployments of
-+#  uefi-test
-+#
-+#-------------------------------------------------------------------------------
-+include(../uefi-test.cmake REQUIRED)
-diff --git a/deployments/uefi-test/uefi-test.cmake b/deployments/uefi-test/uefi-test.cmake
-new file mode 100644
-index 00000000..ea678d0e
---- /dev/null
-+++ b/deployments/uefi-test/uefi-test.cmake
-@@ -0,0 +1,52 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+
-+#-------------------------------------------------------------------------------
-+#  The base build file shared between deployments of 'uefi-test' for
-+#  different environments.  Used for running end-to-end service-level tests
-+#  against SMM service providers that implement UEFI services such as smm
-+#  variable.
-+#-------------------------------------------------------------------------------
-+
-+#-------------------------------------------------------------------------------
-+#  Use libts for locating and accessing services. An appropriate version of
-+#  libts will be imported for the enviroment in which service tests are
-+#  deployed.
-+#-------------------------------------------------------------------------------
-+include(${TS_ROOT}/deployments/libts/libts-import.cmake)
-+target_link_libraries(uefi-test PRIVATE libts)
-+
-+#-------------------------------------------------------------------------------
-+#  Components that are common accross all deployments
-+#
-+#-------------------------------------------------------------------------------
-+add_components(
-+	TARGET "uefi-test"
-+	BASE_DIR ${TS_ROOT}
-+	COMPONENTS
-+		"components/service/smm_variable/client/cpp"
-+		"components/service/smm_variable/test/service"
-+)
-+
-+#-------------------------------------------------------------------------------
-+#  Components used from external projects
-+#
-+#-------------------------------------------------------------------------------
-+
-+# Nanopb
-+include(${TS_ROOT}/external/nanopb/nanopb.cmake)
-+target_link_libraries(uefi-test PRIVATE nanopb::protobuf-nanopb-static)
-+protobuf_generate_all(TGT "uefi-test" NAMESPACE "protobuf" BASE_DIR "${TS_ROOT}/protocols")
-+
-+#-------------------------------------------------------------------------------
-+#  Define install content.
-+#
-+#-------------------------------------------------------------------------------
-+if (CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
-+	set(CMAKE_INSTALL_PREFIX ${CMAKE_BINARY_DIR}/install CACHE PATH "location to install build output to." FORCE)
-+endif()
-+install(TARGETS uefi-test RUNTIME DESTINATION ${TS_ENV}/bin)
-diff --git a/tools/b-test/test_data.yaml b/tools/b-test/test_data.yaml
-index 11f8f633..33a85b12 100644
---- a/tools/b-test/test_data.yaml
-+++ b/tools/b-test/test_data.yaml
-@@ -163,3 +163,13 @@ data:
-       os_id : "GNU/Linux"
-       params:
-           - "-GUnix Makefiles"
-+    - name: "uefi-test-pc-linux"
-+      src: "$TS_ROOT/deployments/uefi-test/linux-pc"
-+      os_id : "GNU/Linux"
-+      params:
-+          - "-GUnix Makefiles"
-+    - name: "uefi-test-arm-linux"
-+      src: "$TS_ROOT/deployments/uefi-test/arm-linux"
-+      os_id : "GNU/Linux"
-+      params:
-+          - "-GUnix Makefiles"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0017-Fix-interface-ID-parameter-setting-in-sp-ffarpc_call.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0017-Fix-interface-ID-parameter-setting-in-sp-ffarpc_call.patch
deleted file mode 100644
index 9ad506b..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0017-Fix-interface-ID-parameter-setting-in-sp-ffarpc_call.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 289bec4cacac80cb43c19e4ca7b2c50fc932712e Mon Sep 17 00:00:00 2001
-From: Julian Hall <julian.hall@arm.com>
-Date: Wed, 8 Dec 2021 11:48:28 +0000
-Subject: [PATCH] Fix interface ID parameter setting in sp/ffarpc_caller
-
-When making FFA based RPC calls from one SP to another, the
-destination interface ID parameter was not being set correctly.
-This change fixes this issue.
-
-Signed-off-by: Julian Hall <julian.hall@arm.com>
-Change-Id: Iab520e4c7dc63ee1f5d3bf1bd1de702e4cc6f093
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-
----
- components/rpc/ffarpc/caller/sp/ffarpc_caller.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/components/rpc/ffarpc/caller/sp/ffarpc_caller.c b/components/rpc/ffarpc/caller/sp/ffarpc_caller.c
-index 250b1781..dabcd90c 100644
---- a/components/rpc/ffarpc/caller/sp/ffarpc_caller.c
-+++ b/components/rpc/ffarpc/caller/sp/ffarpc_caller.c
-@@ -81,7 +81,7 @@ static rpc_status_t call_invoke(void *context, rpc_call_handle handle, uint32_t
- 	req.destination_id = this_context->dest_partition_id;
- 	req.source_id = own_id;
- 	req.args[SP_CALL_ARGS_IFACE_ID_OPCODE] =
--		FFA_CALL_ARGS_COMBINE_IFACE_ID_OPCODE(this_context->dest_partition_id, opcode);
-+		FFA_CALL_ARGS_COMBINE_IFACE_ID_OPCODE(this_context->dest_iface_id, opcode);
- 	//TODO: downcast problem?
- 	req.args[SP_CALL_ARGS_REQ_DATA_LEN] = (uint32_t)this_context->req_len;
- 	req.args[SP_CALL_ARGS_ENCODING] = this_context->rpc_caller.encoding;
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0018-Support-FFARPC-call-requests-with-no-shared-buffer.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0018-Support-FFARPC-call-requests-with-no-shared-buffer.patch
deleted file mode 100644
index 6ea473b..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0018-Support-FFARPC-call-requests-with-no-shared-buffer.patch
+++ /dev/null
@@ -1,109 +0,0 @@
-From 18b20dea7cf7e8afc26c5d49d5368d3180bd54d7 Mon Sep 17 00:00:00 2001
-From: Julian Hall <julian.hall@arm.com>
-Date: Wed, 8 Dec 2021 16:05:22 +0000
-Subject: [PATCH] Support FFARPC call requests with no shared buffer
-
-To allow simple clients to make RPC calls for service operations
-that take no request parameters and return no response parameters,
-the ffarpc_call_ep.c has been modified to accept call requests
-when no shared buffer exists, as long as there is no request data.
-
-Signed-off-by: Julian Hall <julian.hall@arm.com>
-Change-Id: I83b1bfb719a005922d6394887492d2d272b74907
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-
----
- .../rpc/ffarpc/endpoint/ffarpc_call_ep.c      | 52 ++++++++++---------
- 1 file changed, 27 insertions(+), 25 deletions(-)
-
-diff --git a/components/rpc/ffarpc/endpoint/ffarpc_call_ep.c b/components/rpc/ffarpc/endpoint/ffarpc_call_ep.c
-index 17f957c2..a08a250c 100644
---- a/components/rpc/ffarpc/endpoint/ffarpc_call_ep.c
-+++ b/components/rpc/ffarpc/endpoint/ffarpc_call_ep.c
-@@ -150,29 +150,43 @@ out:
- static void handle_service_msg(struct ffa_call_ep *call_ep, uint16_t source_id,
- 			       const uint32_t *req_args, uint32_t *resp_args)
- {
--	rpc_status_t rpc_status = TS_RPC_ERROR_INTERNAL;
-+	rpc_status_t rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
- 	struct call_req call_req;
- 
- 	uint32_t ifaceid_opcode = req_args[SP_CALL_ARGS_IFACE_ID_OPCODE];
- 	int idx = find_shm(call_ep, source_id);
- 
--	if (idx < 0) {
--		EMSG("handle service msg error");
--		goto out;
--	}
--
- 	call_req.caller_id = source_id;
- 	call_req.interface_id = FFA_CALL_ARGS_EXTRACT_IFACE(ifaceid_opcode);
- 	call_req.opcode = FFA_CALL_ARGS_EXTRACT_OPCODE(ifaceid_opcode);
- 	call_req.encoding = req_args[SP_CALL_ARGS_ENCODING];
- 
--	call_req.req_buf.data = call_ep->shmem_buf[idx];
- 	call_req.req_buf.data_len = req_args[SP_CALL_ARGS_REQ_DATA_LEN];
--	call_req.req_buf.size = call_ep->shmem_buf_size[idx];
--
--	call_req.resp_buf.data = call_ep->shmem_buf[idx];
- 	call_req.resp_buf.data_len = 0;
--	call_req.resp_buf.size = call_ep->shmem_buf_size[idx];
-+
-+	if (idx >= 0 && call_ep->shmem_buf[idx]) {
-+		/* A shared buffer is available for call parameters */
-+		call_req.req_buf.data = call_ep->shmem_buf[idx];
-+		call_req.req_buf.size = call_ep->shmem_buf_size[idx];
-+
-+		call_req.resp_buf.data = call_ep->shmem_buf[idx];
-+		call_req.resp_buf.size = call_ep->shmem_buf_size[idx];
-+	}
-+	else if (call_req.req_buf.data_len == 0) {
-+		/* No shared buffer so only allow calls with no request data */
-+		call_req.req_buf.data = NULL;
-+		call_req.req_buf.size = 0;
-+
-+		call_req.resp_buf.data = NULL;
-+		call_req.resp_buf.size = 0;
-+	}
-+	else {
-+		/*
-+		 * Caller has specified non-zero length request data but there is
-+		 * no shared buffer to carry the request data.
-+		 */
-+		goto out;
-+	}
- 
- 	rpc_status = rpc_interface_receive(call_ep->iface, &call_req);
- 
-@@ -223,7 +237,6 @@ void ffa_call_ep_receive(struct ffa_call_ep *call_ep,
- {
- 	const uint32_t *req_args = req_msg->args;
- 	uint32_t *resp_args = resp_msg->args;
--	int idx;
- 
- 	uint16_t source_id = req_msg->source_id;
- 	uint32_t ifaceid_opcode = req_args[SP_CALL_ARGS_IFACE_ID_OPCODE];
-@@ -232,18 +245,7 @@ void ffa_call_ep_receive(struct ffa_call_ep *call_ep,
- 		/* It's an RPC layer management request */
- 		handle_mgmt_msg(call_ep, source_id, req_args, resp_args);
- 	} else {
--		/*
--		 * Assume anything else is a service request. Service requests
--		 * rely on a buffer being shared from the requesting client.
--		 * If it hasn't been set-up, fail the request.
--		 */
--		idx = find_shm(call_ep, source_id);
--
--		if (idx >= 0 && call_ep->shmem_buf[idx]) {
--			handle_service_msg(call_ep, source_id, req_args, resp_args);
--		} else {
--			EMSG("shared buffer not found or NULL");
--			set_mgmt_resp_args(resp_args, ifaceid_opcode, TS_RPC_ERROR_NOT_READY);
--		}
-+		/* Assume anything else is a service request */
-+		handle_service_msg(call_ep, source_id, req_args, resp_args);
- 	}
- }
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0019-Run-psa-arch-test.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0019-Run-psa-arch-test.patch
deleted file mode 100644
index 4f54215..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0019-Run-psa-arch-test.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From a496978dcf82494c69e600f65adf061f15e565f4 Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Sun, 12 Dec 2021 10:43:48 +0000
-Subject: [PATCH] Run psa-arch-test
-
-Fixes needed to run psa-arch-test
-
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-
-
----
- components/service/common/psa_ipc/service_psa_ipc.c       | 1 +
- .../backend/secure_storage_ipc/secure_storage_ipc.c       | 8 --------
- .../service/secure_storage/include/psa/storage_common.h   | 4 ++--
- external/openamp/openamp.cmake                            | 2 +-
- 4 files changed, 4 insertions(+), 11 deletions(-)
-
-diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
-index 95a07c13..5e5815db 100644
---- a/components/service/common/psa_ipc/service_psa_ipc.c
-+++ b/components/service/common/psa_ipc/service_psa_ipc.c
-@@ -185,6 +185,7 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
- 						     resp_msg->params.out_vec);
- 
- 	for (i = 0; i < resp_msg->params.out_len; i++) {
-+                out_vec[i].len = out_vec_param[i].len;
- 		memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base),
- 		       out_vec[i].len);
- 	}
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-index 9b55f77d..a1f369db 100644
---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-@@ -31,10 +31,6 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
- 
- 	ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED;
- 
--	/* Validating input parameters */
--	if (p_data == NULL)
--		return PSA_ERROR_INVALID_ARGUMENT;
--
- 	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
- 			      TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0);
- 	if (psa_status < 0)
-@@ -96,10 +92,6 @@ static psa_status_t secure_storage_ipc_get_info(void *context,
- 
- 	(void)client_id;
- 
--	/* Validating input parameters */
--	if (!p_info)
--		return PSA_ERROR_INVALID_ARGUMENT;
--
- 	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
- 			      TFM_PS_GET_INFO, in_vec,
- 			      IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-diff --git a/components/service/secure_storage/include/psa/storage_common.h b/components/service/secure_storage/include/psa/storage_common.h
-index 4f6ba2a7..1fd6b40d 100644
---- a/components/service/secure_storage/include/psa/storage_common.h
-+++ b/components/service/secure_storage/include/psa/storage_common.h
-@@ -20,8 +20,8 @@ typedef uint64_t psa_storage_uid_t;
- typedef uint32_t psa_storage_create_flags_t;
- 
- struct psa_storage_info_t {
--	size_t capacity;
--	size_t size;
-+	uint32_t capacity;
-+	uint32_t size;
- 	psa_storage_create_flags_t flags;
- };
- 
-diff --git a/external/openamp/openamp.cmake b/external/openamp/openamp.cmake
-index aae13bad..75ab2290 100644
---- a/external/openamp/openamp.cmake
-+++ b/external/openamp/openamp.cmake
-@@ -61,7 +61,7 @@ execute_process(COMMAND
- 			-DCMAKE_SYSTEM_PROCESSOR=arm
- 			-DEXTERNAL_INCLUDE_PATHS=${OPENAMP_EXTERNAL_INCLUDE_PATHS}
- 			-DMACHINE=template
--			-DRPMSG_BUFFER_SIZE=512
-+			-DRPMSG_BUFFER_SIZE=8192
- 			${openamp_SOURCE_DIR}
- 	WORKING_DIRECTORY
- 			${openamp_BINARY_DIR}
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0020-Use-address-instead-of-pointers.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0020-Use-address-instead-of-pointers.patch
deleted file mode 100644
index 844bca3..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0020-Use-address-instead-of-pointers.patch
+++ /dev/null
@@ -1,169 +0,0 @@
-From b417c1124af9d4569ba8871dfd1e43e626dddf12 Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Sun, 12 Dec 2021 10:57:17 +0000
-Subject: [PATCH] Use address instead of pointers
-
-Since secure enclave is 32bit and we 64bit there is an issue
-in the protocol communication design that force us to handle
-on our side the manipulation of address and pointers to make
-this work.
-
-Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-
-
----
- .../service/common/include/psa/client.h       | 15 ++++++++++++++
- .../service/common/psa_ipc/service_psa_ipc.c  | 20 ++++++++++++-------
- .../secure_storage_ipc/secure_storage_ipc.c   | 20 +++++++++----------
- 3 files changed, 38 insertions(+), 17 deletions(-)
-
-diff --git a/components/service/common/include/psa/client.h b/components/service/common/include/psa/client.h
-index 69ccf14f..12dcd68f 100644
---- a/components/service/common/include/psa/client.h
-+++ b/components/service/common/include/psa/client.h
-@@ -81,6 +81,21 @@ struct __attribute__ ((__packed__)) psa_outvec {
-     uint32_t len;                 /*!< the size in bytes                      */
- };
- 
-+static void *psa_u32_to_ptr(uint32_t addr)
-+{
-+	return (void *)(uintptr_t)addr;
-+}
-+
-+static uint32_t psa_ptr_to_u32(void *ptr)
-+{
-+	return (uintptr_t)ptr;
-+}
-+
-+static uint32_t psa_ptr_const_to_u32(const void *ptr)
-+{
-+	return (uintptr_t)ptr;
-+}
-+
- /*************************** PSA Client API **********************************/
- 
- /**
-diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
-index 5e5815db..435c6c0a 100644
---- a/components/service/common/psa_ipc/service_psa_ipc.c
-+++ b/components/service/common/psa_ipc/service_psa_ipc.c
-@@ -62,6 +62,11 @@ static size_t psa_call_out_vec_len(const struct psa_outvec *out_vec, size_t out_
- 	return resp_len;
- }
- 
-+static uint32_t psa_virt_to_phys_u32(struct rpc_caller *caller, void *va)
-+{
-+	return (uintptr_t)rpc_caller_virt_to_phys(caller, va);
-+}
-+
- psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
- 			 uint32_t version)
- {
-@@ -147,20 +152,20 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
- 	req_msg->params.psa_call_params.handle = psa_handle;
- 	req_msg->params.psa_call_params.type = type;
- 	req_msg->params.psa_call_params.in_len = in_len;
--	req_msg->params.psa_call_params.in_vec = rpc_caller_virt_to_phys(caller, in_vec_param);
-+	req_msg->params.psa_call_params.in_vec = psa_virt_to_phys_u32(caller, in_vec_param);
- 	req_msg->params.psa_call_params.out_len = out_len;
--	req_msg->params.psa_call_params.out_vec = rpc_caller_virt_to_phys(caller, out_vec_param);
-+	req_msg->params.psa_call_params.out_vec = psa_virt_to_phys_u32(caller, out_vec_param);
- 
- 	for (i = 0; i < in_len; i++) {
--		in_vec_param[i].base = rpc_caller_virt_to_phys(caller, payload);
-+		in_vec_param[i].base = psa_virt_to_phys_u32(caller, payload);
- 		in_vec_param[i].len = in_vec[i].len;
- 
--		memcpy(payload, in_vec[i].base, in_vec[i].len);
-+		memcpy(payload, psa_u32_to_ptr(in_vec[i].base), in_vec[i].len);
- 		payload += in_vec[i].len;
- 	}
- 
- 	for (i = 0; i < out_len; i++) {
--		out_vec_param[i].base = NULL;
-+		out_vec_param[i].base = 0;
- 		out_vec_param[i].len = out_vec[i].len;
- 	}
- 
-@@ -182,11 +187,12 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
- 		goto caller_end;
- 
- 	out_vec_param = (struct psa_outvec *)rpc_caller_phys_to_virt(caller,
--						     resp_msg->params.out_vec);
-+				psa_u32_to_ptr(resp_msg->params.out_vec));
- 
- 	for (i = 0; i < resp_msg->params.out_len; i++) {
-                 out_vec[i].len = out_vec_param[i].len;
--		memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base),
-+		memcpy(psa_u32_to_ptr(out_vec[i].base),
-+		       rpc_caller_phys_to_virt(caller,	psa_u32_to_ptr(out_vec_param[i].base)),
- 		       out_vec[i].len);
- 	}
- 
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-index a1f369db..bda442a6 100644
---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-@@ -22,9 +22,9 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
- 	psa_handle_t psa_handle;
- 	psa_status_t psa_status;
- 	struct psa_invec in_vec[] = {
--		{ .base = &uid, .len = sizeof(uid) },
--		{ .base = p_data, .len = data_length },
--		{ .base = &create_flags, .len = sizeof(create_flags) },
-+		{ .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
-+		{ .base = psa_ptr_const_to_u32(p_data), .len = data_length },
-+		{ .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) },
- 	};
- 
- 	(void)client_id;
-@@ -53,11 +53,11 @@ static psa_status_t secure_storage_ipc_get(void *context,
- 	psa_status_t psa_status;
- 	uint32_t offset = (uint32_t)data_offset;
- 	struct psa_invec in_vec[] = {
--		{ .base = &uid, .len = sizeof(uid) },
--		{ .base = &offset, .len = sizeof(offset) },
-+		{ .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
-+		{ .base = psa_ptr_to_u32(&offset), .len = sizeof(offset) },
- 	};
- 	struct psa_outvec out_vec[] = {
--		{ .base = p_data, .len = data_size },
-+		{ .base = psa_ptr_to_u32(p_data), .len = data_size },
- 	};
- 
- 	if (!p_data_length) {
-@@ -84,10 +84,10 @@ static psa_status_t secure_storage_ipc_get_info(void *context,
- 	psa_handle_t psa_handle;
- 	psa_status_t psa_status;
- 	struct psa_invec in_vec[] = {
--		{ .base = &uid, .len = sizeof(uid) },
-+		{ .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
- 	};
- 	struct psa_outvec out_vec[] = {
--		{ .base = p_info, .len = sizeof(*p_info) },
-+		{ .base = psa_ptr_to_u32(p_info), .len = sizeof(*p_info) },
- 	};
- 
- 	(void)client_id;
-@@ -110,7 +110,7 @@ static psa_status_t secure_storage_ipc_remove(void *context,
- 	psa_handle_t psa_handle;
- 	psa_status_t psa_status;
- 	struct psa_invec in_vec[] = {
--		{ .base = &uid, .len = sizeof(uid) },
-+		{ .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
- 	};
- 
- 	(void)client_id;
-@@ -164,7 +164,7 @@ static uint32_t secure_storage_get_support(void *context, uint32_t client_id)
- 	psa_status_t psa_status;
- 	uint32_t support_flags;
- 	struct psa_outvec out_vec[] = {
--		{ .base = &support_flags, .len =  sizeof(support_flags) },
-+		{ .base = psa_ptr_to_u32(&support_flags), .len =  sizeof(support_flags) },
- 	};
- 
- 	(void)client_id;
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0021-Add-psa-ipc-attestation-to-se-proxy.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0021-Add-psa-ipc-attestation-to-se-proxy.patch
deleted file mode 100644
index 5376bb2..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0021-Add-psa-ipc-attestation-to-se-proxy.patch
+++ /dev/null
@@ -1,267 +0,0 @@
-From 259300dc81b95ff65cd2e95e0fecd140d76e4b5e Mon Sep 17 00:00:00 2001
-From: Rui Miguel Silva <rui.silva@linaro.org>
-Date: Tue, 7 Dec 2021 11:50:00 +0000
-Subject: [PATCH] Add psa ipc attestation to se proxy
-
-Implement attestation client API as psa ipc and include it to
-se proxy deployment.
-
-Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
-
-
----
- .../client/psa_ipc/component.cmake            | 13 +++
- .../client/psa_ipc/iat_ipc_client.c           | 86 +++++++++++++++++++
- .../reporter/psa_ipc/component.cmake          | 13 +++
- .../reporter/psa_ipc/psa_ipc_attest_report.c  | 45 ++++++++++
- components/service/common/include/psa/sid.h   |  4 +
- deployments/se-proxy/opteesp/CMakeLists.txt   |  3 +-
- .../se-proxy/opteesp/service_proxy_factory.c  |  6 ++
- 7 files changed, 169 insertions(+), 1 deletion(-)
- create mode 100644 components/service/attestation/client/psa_ipc/component.cmake
- create mode 100644 components/service/attestation/client/psa_ipc/iat_ipc_client.c
- create mode 100644 components/service/attestation/reporter/psa_ipc/component.cmake
- create mode 100644 components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c
-
-diff --git a/components/service/attestation/client/psa_ipc/component.cmake b/components/service/attestation/client/psa_ipc/component.cmake
-new file mode 100644
-index 00000000..a5bc6b4a
---- /dev/null
-+++ b/components/service/attestation/client/psa_ipc/component.cmake
-@@ -0,0 +1,13 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+	message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+	"${CMAKE_CURRENT_LIST_DIR}/iat_ipc_client.c"
-+	)
-diff --git a/components/service/attestation/client/psa_ipc/iat_ipc_client.c b/components/service/attestation/client/psa_ipc/iat_ipc_client.c
-new file mode 100644
-index 00000000..30bd0a13
---- /dev/null
-+++ b/components/service/attestation/client/psa_ipc/iat_ipc_client.c
-@@ -0,0 +1,86 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <stddef.h>
-+#include <string.h>
-+
-+#include "../psa/iat_client.h"
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <psa/initial_attestation.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+
-+/**
-+ * @brief      The singleton psa_iat_client instance
-+ *
-+ * The psa attestation C API assumes a single backend service provider.
-+ */
-+static struct service_client instance;
-+
-+
-+psa_status_t psa_iat_client_init(struct rpc_caller *caller)
-+{
-+	return service_client_init(&instance, caller);
-+}
-+
-+void psa_iat_client_deinit(void)
-+{
-+	service_client_deinit(&instance);
-+}
-+
-+int psa_iat_client_rpc_status(void)
-+{
-+	return instance.rpc_status;
-+}
-+
-+psa_status_t psa_initial_attest_get_token(const uint8_t *auth_challenge,
-+					  size_t challenge_size,
-+					  uint8_t *token_buf,
-+					  size_t token_buf_size,
-+					  size_t *token_size)
-+{
-+	psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
-+	struct rpc_caller *caller = instance.caller;
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_const_to_u32(auth_challenge), .len = challenge_size},
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(token_buf), .len = token_buf_size},
-+	};
-+
-+	if (!token_buf || !token_buf_size)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	status = psa_call(caller, TFM_ATTESTATION_SERVICE_HANDLE,
-+			  TFM_ATTEST_GET_TOKEN, in_vec, IOVEC_LEN(in_vec),
-+			  out_vec, IOVEC_LEN(out_vec));
-+	if (status == PSA_SUCCESS) {
-+		*token_size = out_vec[0].len;
-+	}
-+
-+	return status;
-+}
-+
-+psa_status_t psa_initial_attest_get_token_size(size_t challenge_size,
-+						size_t *token_size)
-+{
-+	struct rpc_caller *caller = instance.caller;
-+	psa_status_t status;
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&challenge_size), .len = sizeof(uint32_t)}
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(token_size), .len = sizeof(uint32_t)}
-+	};
-+
-+	status = psa_call(caller, TFM_ATTESTATION_SERVICE_HANDLE,
-+			  TFM_ATTEST_GET_TOKEN_SIZE,
-+			  in_vec, IOVEC_LEN(in_vec),
-+			  out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-diff --git a/components/service/attestation/reporter/psa_ipc/component.cmake b/components/service/attestation/reporter/psa_ipc/component.cmake
-new file mode 100644
-index 00000000..b37830c6
---- /dev/null
-+++ b/components/service/attestation/reporter/psa_ipc/component.cmake
-@@ -0,0 +1,13 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+	message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+	"${CMAKE_CURRENT_LIST_DIR}/psa_ipc_attest_report.c"
-+	)
-diff --git a/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c b/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c
-new file mode 100644
-index 00000000..15805e8e
---- /dev/null
-+++ b/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c
-@@ -0,0 +1,45 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+/**
-+ * A attestation reporter for psa ipc
-+ */
-+
-+#include <stddef.h>
-+#include <psa/error.h>
-+#include <service/attestation/reporter/attest_report.h>
-+#include <psa/initial_attestation.h>
-+
-+#define TOKEN_BUF_SIZE	1024
-+
-+static uint8_t token_buf[TOKEN_BUF_SIZE];
-+
-+int attest_report_create(int32_t client_id, const uint8_t *auth_challenge_data,
-+			 size_t auth_challenge_len, const uint8_t **report,
-+			 size_t *report_len)
-+{
-+	*report = token_buf;
-+	psa_status_t ret;
-+	size_t token_size = 0;
-+
-+	ret = psa_initial_attest_get_token(auth_challenge_data,
-+					   auth_challenge_len, token_buf,
-+					   TOKEN_BUF_SIZE, &token_size);
-+	if (ret != PSA_SUCCESS) {
-+		*report = NULL;
-+		*report_len = 0;
-+		return ret;
-+	}
-+
-+	*report_len = token_size;
-+
-+	return PSA_SUCCESS;
-+}
-+
-+void attest_report_destroy(const uint8_t *report)
-+{
-+	(void)report;
-+}
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index aaa973c6..833f5039 100644
---- a/components/service/common/include/psa/sid.h
-+++ b/components/service/common/include/psa/sid.h
-@@ -50,6 +50,10 @@ extern "C" {
- #define TFM_ATTESTATION_SERVICE_VERSION                            (1U)
- #define TFM_ATTESTATION_SERVICE_HANDLE                             (0x40000103U)
- 
-+/* Initial Attestation message types that distinguish Attest services. */
-+#define TFM_ATTEST_GET_TOKEN       1001
-+#define TFM_ATTEST_GET_TOKEN_SIZE  1002
-+
- /******** TFM_SP_FWU ********/
- #define TFM_FWU_WRITE_SID                                          (0x000000A0U)
- #define TFM_FWU_WRITE_VERSION                                      (1U)
-diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt
-index 663177b7..af2225e7 100644
---- a/deployments/se-proxy/opteesp/CMakeLists.txt
-+++ b/deployments/se-proxy/opteesp/CMakeLists.txt
-@@ -77,12 +77,13 @@ add_components(TARGET "se-proxy"
- 		"components/service/attestation/include"
- 		"components/service/attestation/provider"
- 		"components/service/attestation/provider/serializer/packed-c"
-+		"components/service/attestation/reporter/psa_ipc"
-+		"components/service/attestation/client/psa_ipc"
- 		"components/rpc/openamp/caller/sp"
- 
- 		# Stub service provider backends
- 		"components/rpc/dummy"
- 		"components/rpc/common/caller"
--		"components/service/attestation/reporter/stub"
- 		"components/service/attestation/key_mngr/stub"
- 		"components/service/crypto/backend/stub"
- 		"components/service/crypto/client/psa"
-diff --git a/deployments/se-proxy/opteesp/service_proxy_factory.c b/deployments/se-proxy/opteesp/service_proxy_factory.c
-index 57290056..4b8ccecc 100644
---- a/deployments/se-proxy/opteesp/service_proxy_factory.c
-+++ b/deployments/se-proxy/opteesp/service_proxy_factory.c
-@@ -23,12 +23,18 @@ struct openamp_caller openamp;
- struct rpc_interface *attest_proxy_create(void)
- {
- 	struct rpc_interface *attest_iface;
-+	struct rpc_caller *attest_caller;
- 
- 	/* Static objects for proxy instance */
- 	static struct attest_provider attest_provider;
- 
-+	attest_caller = openamp_caller_init(&openamp);
-+	if (!attest_caller)
-+		return NULL;
-+
- 	/* Initialize the service provider */
- 	attest_iface = attest_provider_init(&attest_provider);
-+	psa_iat_client_init(&openamp.rpc_caller);
- 
- 	attest_provider_register_serializer(&attest_provider,
- 		TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance());
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0022-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0022-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch
deleted file mode 100644
index aa389d8..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0022-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch
+++ /dev/null
@@ -1,164 +0,0 @@
-From 90006cecbbba58afee5f51e6bd72f7027a257b5e Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Thu, 9 Dec 2021 14:11:06 +0000
-Subject: [PATCH] Setup its backend as openamp rpc using secure storage ipc
- implementation.
-
-Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-
-
----
- components/service/common/include/psa/sid.h   | 12 +++++-----
- .../secure_storage_ipc/secure_storage_ipc.c   | 20 ++++++++---------
- .../secure_storage_ipc/secure_storage_ipc.h   |  1 +
- .../se-proxy/opteesp/service_proxy_factory.c  | 22 +++++++++++++------
- 4 files changed, 32 insertions(+), 23 deletions(-)
-
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index 833f5039..4a951d4a 100644
---- a/components/service/common/include/psa/sid.h
-+++ b/components/service/common/include/psa/sid.h
-@@ -20,12 +20,12 @@ extern "C" {
- /* Invalid UID */
- #define TFM_PS_INVALID_UID 0
- 
--/* PS message types that distinguish PS services. */
--#define TFM_PS_SET                1001
--#define TFM_PS_GET                1002
--#define TFM_PS_GET_INFO           1003
--#define TFM_PS_REMOVE             1004
--#define TFM_PS_GET_SUPPORT        1005
-+/* PS / ITS message types that distinguish PS services. */
-+#define TFM_PS_ITS_SET                1001
-+#define TFM_PS_ITS_GET                1002
-+#define TFM_PS_ITS_GET_INFO           1003
-+#define TFM_PS_ITS_REMOVE             1004
-+#define TFM_PS_ITS_GET_SUPPORT        1005
- 
- /******** TFM_SP_ITS ********/
- #define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SID                   (0x00000070U)
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-index bda442a6..0e1b48c0 100644
---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-@@ -31,8 +31,8 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
- 
- 	ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED;
- 
--	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
--			      TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0);
-+	psa_status = psa_call(caller, ipc->service_handle, TFM_PS_ITS_SET,
-+			      in_vec, IOVEC_LEN(in_vec), NULL, 0);
- 	if (psa_status < 0)
- 		EMSG("ipc_set: psa_call failed: %d", psa_status);
- 
-@@ -65,8 +65,8 @@ static psa_status_t secure_storage_ipc_get(void *context,
- 		return PSA_ERROR_INVALID_ARGUMENT;
- 	}
- 
--	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
--			      TFM_PS_GET, in_vec, IOVEC_LEN(in_vec),
-+	psa_status = psa_call(caller, ipc->service_handle,
-+			      TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec),
- 			      out_vec, IOVEC_LEN(out_vec));
- 	if (psa_status == PSA_SUCCESS)
- 		*p_data_length = out_vec[0].len;
-@@ -92,8 +92,8 @@ static psa_status_t secure_storage_ipc_get_info(void *context,
- 
- 	(void)client_id;
- 
--	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
--			      TFM_PS_GET_INFO, in_vec,
-+	psa_status = psa_call(caller, ipc->service_handle,
-+			      TFM_PS_ITS_GET_INFO, in_vec,
- 			      IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
- 	if (psa_status != PSA_SUCCESS)
- 		EMSG("ipc_get_info: failed to psa_call: %d", psa_status);
-@@ -115,8 +115,8 @@ static psa_status_t secure_storage_ipc_remove(void *context,
- 
- 	(void)client_id;
- 
--	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
--			      TFM_PS_REMOVE, in_vec,
-+	psa_status = psa_call(caller, ipc->service_handle,
-+			      TFM_PS_ITS_REMOVE, in_vec,
- 			      IOVEC_LEN(in_vec), NULL, 0);
- 	if (psa_status != PSA_SUCCESS)
- 		EMSG("ipc_remove: failed to psa_call: %d", psa_status);
-@@ -169,8 +169,8 @@ static uint32_t secure_storage_get_support(void *context, uint32_t client_id)
- 
- 	(void)client_id;
- 
--	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
--			      TFM_PS_GET_SUPPORT, NULL, 0,
-+	psa_status = psa_call(caller, ipc->service_handle,
-+			      TFM_PS_ITS_GET_SUPPORT, NULL, 0,
- 			      out_vec, IOVEC_LEN(out_vec));
- 	if (psa_status != PSA_SUCCESS)
- 		EMSG("ipc_get_support: failed to psa_call: %d", psa_status);
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-index e8c1e8fd..d9949f6a 100644
---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-@@ -21,6 +21,7 @@ struct secure_storage_ipc
- {
-     struct storage_backend backend;
-     struct service_client client;
-+    int32_t service_handle;
- };
- 
- /**
-diff --git a/deployments/se-proxy/opteesp/service_proxy_factory.c b/deployments/se-proxy/opteesp/service_proxy_factory.c
-index 4b8ccecc..1110ac46 100644
---- a/deployments/se-proxy/opteesp/service_proxy_factory.c
-+++ b/deployments/se-proxy/opteesp/service_proxy_factory.c
-@@ -5,6 +5,7 @@
-  */
- 
- #include <stddef.h>
-+#include <psa/sid.h>
- #include <rpc/common/endpoint/rpc_interface.h>
- #include <rpc/openamp/caller/sp/openamp_caller.h>
- #include <service/attestation/provider/attest_provider.h>
-@@ -60,23 +61,30 @@ struct rpc_interface *ps_proxy_create(void)
- {
- 	static struct secure_storage_provider ps_provider;
- 	static struct secure_storage_ipc ps_backend;
--	static struct rpc_caller *storage_caller;
-+	struct rpc_caller *storage_caller;
- 	struct storage_backend *backend;
- 
- 	storage_caller = openamp_caller_init(&openamp);
- 	if (!storage_caller)
- 		return NULL;
- 	backend = secure_storage_ipc_init(&ps_backend, &openamp.rpc_caller);
-+	ps_backend.service_handle = TFM_PROTECTED_STORAGE_SERVICE_HANDLE;
- 
- 	return secure_storage_provider_init(&ps_provider, backend);
- }
- 
- struct rpc_interface *its_proxy_create(void)
- {
--	static struct mock_store its_backend;
--	static struct secure_storage_provider its_provider;
--
--	struct storage_backend *backend = mock_store_init(&its_backend);
--
--	return secure_storage_provider_init(&its_provider, backend);
-+        static struct secure_storage_provider its_provider;
-+        static struct secure_storage_ipc its_backend;
-+        struct rpc_caller *storage_caller;
-+        struct storage_backend *backend;
-+ 
-+        storage_caller = openamp_caller_init(&openamp);
-+        if (!storage_caller)
-+        	return NULL;
-+        backend = secure_storage_ipc_init(&its_backend, &openamp.rpc_caller);
-+        its_backend.service_handle = TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE;
-+ 
-+        return secure_storage_provider_init(&its_provider, backend);
- }
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0023-add-psa-ipc-crypto-backend.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0023-add-psa-ipc-crypto-backend.patch
deleted file mode 100644
index a20a6a4..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0023-add-psa-ipc-crypto-backend.patch
+++ /dev/null
@@ -1,2586 +0,0 @@
-From 5af98a77887c2aa60bc93dbdddb174e03501b733 Mon Sep 17 00:00:00 2001
-From: Rui Miguel Silva <rui.silva@linaro.org>
-Date: Thu, 9 Dec 2021 14:17:39 +0000
-Subject: [PATCH] add psa ipc crypto backend
-
-Add psa ipc crypto backend and attach it to se proxy
-deployment.
-
-Signed-off-by: Rui Miguel Silva <rui.silva@arm.com>
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
-
-
----
- components/service/common/include/psa/sid.h   |  73 +++++
- .../crypto/backend/psa_ipc/component.cmake    |  21 ++
- .../backend/psa_ipc/crypto_ipc_backend.c      |  26 ++
- .../backend/psa_ipc/crypto_ipc_backend.h      |  70 ++++
- .../client/caller/psa_ipc/crypto_caller.h     |  34 ++
- .../caller/psa_ipc/crypto_caller_aead.h       | 252 +++++++++++++++
- .../crypto_caller_asymmetric_decrypt.h        |  76 +++++
- .../crypto_caller_asymmetric_encrypt.h        |  76 +++++
- .../caller/psa_ipc/crypto_caller_cipher.h     | 246 +++++++++++++++
- .../caller/psa_ipc/crypto_caller_copy_key.h   |  57 ++++
- .../psa_ipc/crypto_caller_destroy_key.h       |  51 +++
- .../caller/psa_ipc/crypto_caller_export_key.h |  59 ++++
- .../psa_ipc/crypto_caller_export_public_key.h |  59 ++++
- .../psa_ipc/crypto_caller_generate_key.h      |  55 ++++
- .../psa_ipc/crypto_caller_generate_random.h   |  57 ++++
- .../crypto_caller_get_key_attributes.h        |  56 ++++
- .../caller/psa_ipc/crypto_caller_hash.h       | 220 +++++++++++++
- .../caller/psa_ipc/crypto_caller_import_key.h |  57 ++++
- .../psa_ipc/crypto_caller_key_attributes.h    |  51 +++
- .../psa_ipc/crypto_caller_key_derivation.h    | 298 ++++++++++++++++++
- .../client/caller/psa_ipc/crypto_caller_mac.h | 207 ++++++++++++
- .../caller/psa_ipc/crypto_caller_purge_key.h  |  51 +++
- .../caller/psa_ipc/crypto_caller_sign_hash.h  |  64 ++++
- .../psa_ipc/crypto_caller_verify_hash.h       |  59 ++++
- .../crypto/include/psa/crypto_client_struct.h |   8 +-
- .../service/crypto/include/psa/crypto_sizes.h |   2 +-
- deployments/se-proxy/opteesp/CMakeLists.txt   |   2 +-
- .../se-proxy/opteesp/service_proxy_factory.c  |  15 +-
- .../providers/arm/corstone1000/platform.cmake |   2 +
- 29 files changed, 2293 insertions(+), 11 deletions(-)
- create mode 100644 components/service/crypto/backend/psa_ipc/component.cmake
- create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c
- create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index 4a951d4a..7a29cc25 100644
---- a/components/service/common/include/psa/sid.h
-+++ b/components/service/common/include/psa/sid.h
-@@ -37,6 +37,79 @@ extern "C" {
- #define TFM_CRYPTO_VERSION                                         (1U)
- #define TFM_CRYPTO_HANDLE                                          (0x40000100U)
- 
-+/**
-+ * \brief Define a progressive numerical value for each SID which can be used
-+ *        when dispatching the requests to the service
-+ */
-+enum {
-+    TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID = (0u),
-+    TFM_CRYPTO_RESET_KEY_ATTRIBUTES_SID,
-+    TFM_CRYPTO_OPEN_KEY_SID,
-+    TFM_CRYPTO_CLOSE_KEY_SID,
-+    TFM_CRYPTO_IMPORT_KEY_SID,
-+    TFM_CRYPTO_DESTROY_KEY_SID,
-+    TFM_CRYPTO_EXPORT_KEY_SID,
-+    TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
-+    TFM_CRYPTO_PURGE_KEY_SID,
-+    TFM_CRYPTO_COPY_KEY_SID,
-+    TFM_CRYPTO_HASH_COMPUTE_SID,
-+    TFM_CRYPTO_HASH_COMPARE_SID,
-+    TFM_CRYPTO_HASH_SETUP_SID,
-+    TFM_CRYPTO_HASH_UPDATE_SID,
-+    TFM_CRYPTO_HASH_FINISH_SID,
-+    TFM_CRYPTO_HASH_VERIFY_SID,
-+    TFM_CRYPTO_HASH_ABORT_SID,
-+    TFM_CRYPTO_HASH_CLONE_SID,
-+    TFM_CRYPTO_MAC_COMPUTE_SID,
-+    TFM_CRYPTO_MAC_VERIFY_SID,
-+    TFM_CRYPTO_MAC_SIGN_SETUP_SID,
-+    TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
-+    TFM_CRYPTO_MAC_UPDATE_SID,
-+    TFM_CRYPTO_MAC_SIGN_FINISH_SID,
-+    TFM_CRYPTO_MAC_VERIFY_FINISH_SID,
-+    TFM_CRYPTO_MAC_ABORT_SID,
-+    TFM_CRYPTO_CIPHER_ENCRYPT_SID,
-+    TFM_CRYPTO_CIPHER_DECRYPT_SID,
-+    TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
-+    TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
-+    TFM_CRYPTO_CIPHER_GENERATE_IV_SID,
-+    TFM_CRYPTO_CIPHER_SET_IV_SID,
-+    TFM_CRYPTO_CIPHER_UPDATE_SID,
-+    TFM_CRYPTO_CIPHER_FINISH_SID,
-+    TFM_CRYPTO_CIPHER_ABORT_SID,
-+    TFM_CRYPTO_AEAD_ENCRYPT_SID,
-+    TFM_CRYPTO_AEAD_DECRYPT_SID,
-+    TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
-+    TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
-+    TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
-+    TFM_CRYPTO_AEAD_SET_NONCE_SID,
-+    TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
-+    TFM_CRYPTO_AEAD_UPDATE_AD_SID,
-+    TFM_CRYPTO_AEAD_UPDATE_SID,
-+    TFM_CRYPTO_AEAD_FINISH_SID,
-+    TFM_CRYPTO_AEAD_VERIFY_SID,
-+    TFM_CRYPTO_AEAD_ABORT_SID,
-+    TFM_CRYPTO_SIGN_MESSAGE_SID,
-+    TFM_CRYPTO_VERIFY_MESSAGE_SID,
-+    TFM_CRYPTO_SIGN_HASH_SID,
-+    TFM_CRYPTO_VERIFY_HASH_SID,
-+    TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
-+    TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_SETUP_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_ABORT_SID,
-+    TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
-+    TFM_CRYPTO_GENERATE_RANDOM_SID,
-+    TFM_CRYPTO_GENERATE_KEY_SID,
-+    TFM_CRYPTO_SID_MAX,
-+};
-+
- /******** TFM_SP_PLATFORM ********/
- #define TFM_SP_PLATFORM_SYSTEM_RESET_SID                           (0x00000040U)
- #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION                       (1U)
-diff --git a/components/service/crypto/backend/psa_ipc/component.cmake b/components/service/crypto/backend/psa_ipc/component.cmake
-new file mode 100644
-index 00000000..93c297a8
---- /dev/null
-+++ b/components/service/crypto/backend/psa_ipc/component.cmake
-@@ -0,0 +1,21 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+	message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+	"${CMAKE_CURRENT_LIST_DIR}/crypto_ipc_backend.c"
-+	)
-+
-+# The ipc crypto backend uses the psa crypto client to realize the
-+# psa crypto API that the crypto provider depends on.  This define
-+# configures the psa crypto client to be built with the ipc crypto
-+# caller.
-+target_compile_definitions(${TGT} PRIVATE
-+	PSA_CRYPTO_CLIENT_CALLER_SELECTION_H="service/crypto/client/caller/psa_ipc/crypto_caller.h"
-+)
-diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c
-new file mode 100644
-index 00000000..e47cd4ff
---- /dev/null
-+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c
-@@ -0,0 +1,26 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <stddef.h>
-+#include <psa/crypto.h>
-+#include <service/crypto/client/psa/psa_crypto_client.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include "crypto_ipc_backend.h"
-+
-+psa_status_t crypto_ipc_backend_init(struct rpc_caller *caller)
-+{
-+	psa_status_t status = psa_crypto_client_init(caller);
-+
-+	if (status == PSA_SUCCESS)
-+		status = psa_crypto_init();
-+
-+	return status;
-+}
-+
-+void crypto_ipc_backend_deinit(void)
-+{
-+	psa_crypto_client_deinit();
-+}
-diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-new file mode 100644
-index 00000000..c13c20e8
---- /dev/null
-+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-@@ -0,0 +1,70 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef CRYPTO_IPC_BACKEND_H
-+#define CRYPTO_IPC_BACKEND_H
-+
-+#include <service/crypto/client/psa/psa_crypto_client.h>
-+#include <psa/error.h>
-+#include <rpc_caller.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/**
-+ * \brief This type is used to overcome a limitation in the number of maximum
-+ *        IOVECs that can be used especially in psa_aead_encrypt and
-+ *        psa_aead_decrypt. To be removed in case the AEAD APIs number of
-+ *        parameters passed gets restructured
-+ */
-+#define TFM_CRYPTO_MAX_NONCE_LENGTH (16u)
-+struct psa_ipc_crypto_aead_pack_input {
-+	uint8_t nonce[TFM_CRYPTO_MAX_NONCE_LENGTH];
-+	uint32_t nonce_length;
-+};
-+
-+struct psa_ipc_crypto_pack_iovec {
-+	uint32_t sfn_id;             /*!< Secure function ID used to dispatch the
-+				      *   request
-+				      */
-+	uint16_t step;               /*!< Key derivation step */
-+	psa_key_id_t key_id;         /*!< Key id */
-+	psa_algorithm_t alg;         /*!< Algorithm */
-+	uint32_t op_handle;          /*!< Frontend context handle associated to a
-+				      *   multipart operation
-+				      */
-+	uint32_t capacity;             /*!< Key derivation capacity */
-+
-+	struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for
-+							    *   AEAD until the API is
-+							    *   restructured
-+							    */
-+};
-+
-+#define iov_size sizeof(struct psa_ipc_crypto_pack_iovec)
-+
-+/**
-+ * \brief Initialize the psa ipc crypto backend
-+ *
-+ * Initializes a crypto backend that uses the psa API client with a
-+ * psa_ipc_backend caller to realize the PSA crypto API used by the crypto
-+ * service proviser.
-+ *
-+ * \return PSA_SUCCESS if backend initialized successfully
-+ */
-+psa_status_t crypto_ipc_backend_init(struct rpc_caller *caller);
-+
-+/**
-+ * \brief Clean-up to free any resource used by the crypto backend
-+ */
-+void crypto_ipc_backend_deinit(void);
-+
-+#ifdef __cplusplus
-+} /* extern "C" */
-+#endif
-+
-+#endif /* CRYPTO_IPC_BACKEND_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller.h
-new file mode 100644
-index 00000000..0a972187
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller.h
-@@ -0,0 +1,34 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_H
-+#define PSA_IPC_CRYPTO_CALLER_H
-+
-+/**
-+ * Includes all header files that form the psa ipc crypto caller
-+ * interface.  May be used by a client that needs to call operations
-+ * provided by a crypto service instance using the psa ipc interface.
-+ */
-+#include "crypto_caller_aead.h"
-+#include "crypto_caller_asymmetric_decrypt.h"
-+#include "crypto_caller_asymmetric_encrypt.h"
-+#include "crypto_caller_cipher.h"
-+#include "crypto_caller_copy_key.h"
-+#include "crypto_caller_destroy_key.h"
-+#include "crypto_caller_export_key.h"
-+#include "crypto_caller_export_public_key.h"
-+#include "crypto_caller_generate_key.h"
-+#include "crypto_caller_generate_random.h"
-+#include "crypto_caller_get_key_attributes.h"
-+#include "crypto_caller_hash.h"
-+#include "crypto_caller_import_key.h"
-+#include "crypto_caller_key_derivation.h"
-+#include "crypto_caller_mac.h"
-+#include "crypto_caller_purge_key.h"
-+#include "crypto_caller_sign_hash.h"
-+#include "crypto_caller_verify_hash.h"
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-new file mode 100644
-index 00000000..78517fe3
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-@@ -0,0 +1,252 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_AEAD_H
-+#define PSA_IPC_CRYPTO_CALLER_AEAD_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_aead_encrypt(
-+					      struct service_client *context,
-+					      psa_key_id_t key,
-+					      psa_algorithm_t alg,
-+					      const uint8_t *nonce,
-+					      size_t nonce_length,
-+					      const uint8_t *additional_data,
-+					      size_t additional_data_length,
-+					      const uint8_t *plaintext,
-+					      size_t plaintext_length,
-+					      uint8_t *aeadtext,
-+					      size_t aeadtext_size,
-+					      size_t *aeadtext_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	size_t in_len;
-+	int i;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SID,
-+		.key_id = key,
-+		.alg = alg,
-+		.aead_in = { .nonce = {0}, .nonce_length = nonce_length },
-+	};
-+
-+	if (!additional_data && additional_data_length)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(plaintext),
-+			.len = plaintext_length },
-+		{ .base = psa_ptr_const_to_u32(additional_data),
-+			.len = additional_data_length},
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(aeadtext), .len = aeadtext_size },
-+	};
-+
-+	if (nonce_length > TFM_CRYPTO_MAX_NONCE_LENGTH)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	if (nonce) {
-+		for (i = 0; i < nonce_length; i++)
-+			iov.aead_in.nonce[i] = nonce[i];
-+	}
-+
-+	in_len = IOVEC_LEN(in_vec);
-+
-+	if (!additional_data)
-+		in_len--;
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  in_len, out_vec, IOVEC_LEN(out_vec));
-+
-+	*aeadtext_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_decrypt(
-+					      struct service_client *context,
-+					      psa_key_id_t key,
-+					      psa_algorithm_t alg,
-+					      const uint8_t *nonce,
-+					      size_t nonce_length,
-+					      const uint8_t *additional_data,
-+					      size_t additional_data_length,
-+					      const uint8_t *aeadtext,
-+					      size_t aeadtext_length,
-+					      uint8_t *plaintext,
-+					      size_t plaintext_size,
-+					      size_t *plaintext_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	size_t in_len;
-+	int i;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SID,
-+		.key_id = key,
-+		.alg = alg,
-+		.aead_in = { .nonce = {0}, .nonce_length = nonce_length },
-+	};
-+
-+	if (!additional_data && additional_data_length)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(aeadtext),
-+			.len = aeadtext_length },
-+		{ .base = psa_ptr_const_to_u32(additional_data),
-+			.len = additional_data_length},
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(plaintext), .len = plaintext_size },
-+	};
-+
-+	if (nonce_length > TFM_CRYPTO_MAX_NONCE_LENGTH)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	if (nonce) {
-+		for (i = 0; i < nonce_length; i++)
-+			iov.aead_in.nonce[i] = nonce[i];
-+	}
-+
-+	in_len = IOVEC_LEN(in_vec);
-+
-+	if (!additional_data)
-+		in_len--;
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  in_len, out_vec, IOVEC_LEN(out_vec));
-+
-+	*plaintext_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_encrypt_setup(
-+					    struct service_client *context,
-+					    uint32_t *op_handle,
-+					    psa_key_id_t key,
-+					    psa_algorithm_t alg)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_decrypt_setup(
-+					    struct service_client *context,
-+					    uint32_t *op_handle,
-+					    psa_key_id_t key,
-+					    psa_algorithm_t alg)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_generate_nonce(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     uint8_t *nonce,
-+					     size_t nonce_size,
-+					     size_t *nonce_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_set_nonce(
-+						struct service_client *context,
-+						uint32_t op_handle,
-+						const uint8_t *nonce,
-+						size_t nonce_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_set_lengths(
-+					  struct service_client *context,
-+					  uint32_t op_handle,
-+					  size_t ad_length,
-+					  size_t plaintext_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_update_ad(
-+						struct service_client *context,
-+						uint32_t op_handle,
-+						const uint8_t *input,
-+						size_t input_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_update(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     const uint8_t *input,
-+					     size_t input_length,
-+					     uint8_t *output,
-+					     size_t output_size,
-+					     size_t *output_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_finish(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     uint8_t *aeadtext,
-+					     size_t aeadtext_size,
-+					     size_t *aeadtext_length,
-+					     uint8_t *tag,
-+					     size_t tag_size,
-+					     size_t *tag_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_verify(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     uint8_t *plaintext,
-+					     size_t plaintext_size,
-+					     size_t *plaintext_length,
-+					     const uint8_t *tag,
-+					     size_t tag_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_abort(
-+					    struct service_client *context,
-+					    uint32_t op_handle)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_AEAD_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
-new file mode 100644
-index 00000000..ff01815c
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
-@@ -0,0 +1,76 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H
-+#define PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_asymmetric_decrypt(
-+				    struct service_client *context,
-+				    psa_key_id_t id,
-+				    psa_algorithm_t alg,
-+				    const uint8_t *input, size_t input_length,
-+				    const uint8_t *salt, size_t salt_length,
-+				    uint8_t *output, size_t output_size,
-+				    size_t *output_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	size_t in_len;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
-+		.key_id = id,
-+		.alg = alg,
-+	};
-+
-+	/* Sanitize optional input */
-+	if (!salt && salt_length)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(input), .len = input_length },
-+		{ .base = psa_ptr_const_to_u32(salt), .len = salt_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(output), .len = output_size },
-+	};
-+
-+
-+	in_len = IOVEC_LEN(in_vec);
-+	if (!salt)
-+		in_len--;
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  in_len, out_vec, IOVEC_LEN(out_vec));
-+
-+	*output_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
-new file mode 100644
-index 00000000..1daf1689
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
-@@ -0,0 +1,76 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H
-+#define PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_asymmetric_encrypt(
-+				    struct service_client *context,
-+				    psa_key_id_t id,
-+				    psa_algorithm_t alg,
-+				    const uint8_t *input, size_t input_length,
-+				    const uint8_t *salt, size_t salt_length,
-+				    uint8_t *output, size_t output_size,
-+				    size_t *output_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	size_t in_len;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
-+		.key_id = id,
-+		.alg = alg,
-+	};
-+
-+	/* Sanitize optional input */
-+	if (!salt && salt_length)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(input), .len = input_length },
-+		{ .base = psa_ptr_const_to_u32(salt), .len = salt_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(output), .len = output_size },
-+	};
-+
-+
-+	in_len = IOVEC_LEN(in_vec);
-+	if (!salt)
-+		in_len--;
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  in_len, out_vec, IOVEC_LEN(out_vec));
-+
-+	*output_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-new file mode 100644
-index 00000000..fbefb28d
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-@@ -0,0 +1,246 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_CIPHER_H
-+#define PSA_IPC_CRYPTO_CALLER_CIPHER_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_cipher_encrypt_setup(
-+					      struct service_client *context,
-+					      uint32_t *op_handle,
-+					      psa_key_id_t key,
-+					      psa_algorithm_t alg)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
-+		.key_id = key,
-+		.alg = alg,
-+		.op_handle = *op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_decrypt_setup(
-+					      struct service_client *context,
-+					      uint32_t *op_handle,
-+					      psa_key_id_t key,
-+					      psa_algorithm_t alg)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
-+		.key_id = key,
-+		.alg = alg,
-+		.op_handle = *op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_generate_iv(
-+					    struct service_client *context,
-+					    uint32_t op_handle,
-+					    uint8_t *iv,
-+					    size_t iv_size,
-+					    size_t *iv_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+		{ .base = psa_ptr_to_u32(iv), .len = iv_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*iv_length = out_vec[1].len;
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_set_iv(
-+					       struct service_client *context,
-+					       uint32_t op_handle,
-+					       const uint8_t *iv,
-+					       size_t iv_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_CIPHER_SET_IV_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(iv), .len = iv_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_update(
-+					       struct service_client *context,
-+					       uint32_t op_handle,
-+					       const uint8_t *input,
-+					       size_t input_length,
-+					       uint8_t *output,
-+					       size_t output_size,
-+					       size_t *output_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_CIPHER_UPDATE_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(input), .len = input_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+		{ .base = psa_ptr_to_u32(output), .len = output_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*output_length = out_vec[1].len;
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_finish(
-+					       struct service_client *context,
-+					       uint32_t op_handle,
-+					       uint8_t *output,
-+					       size_t output_size,
-+					       size_t *output_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_CIPHER_FINISH_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+		{ .base = psa_ptr_to_u32(output), .len = output_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*output_length = out_vec[1].len;
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_abort(
-+					      struct service_client *context,
-+					      uint32_t op_handle)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_CIPHER_ABORT_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline size_t crypto_caller_cipher_max_update_size(const struct service_client *context)
-+{
-+	/* Returns the maximum number of bytes that may be
-+	 * carried as a parameter of the cipher_update operation
-+	 * using the ipc encoding.
-+	 */
-+	size_t payload_space = context->service_info.max_payload;
-+	size_t overhead = iov_size;
-+
-+	/* Allow for output to be a whole number of blocks */
-+	overhead += PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE;
-+
-+	return (payload_space > overhead) ? payload_space - overhead : 0;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_CIPHER_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
-new file mode 100644
-index 00000000..9a988171
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
-@@ -0,0 +1,57 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_COPY_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_COPY_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_copy_key(struct service_client *context,
-+						  psa_key_id_t source_key,
-+						  const psa_key_attributes_t *attributes,
-+						  psa_key_id_t *target_key)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_COPY_KEY_SID,
-+		.key_id = source_key,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+		{ .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(target_key), .len = sizeof(psa_key_id_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_COPY_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
-new file mode 100644
-index 00000000..d00f4faa
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
-@@ -0,0 +1,51 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_destroy_key(struct service_client *context,
-+						     psa_key_id_t id)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_DESTROY_KEY_SID,
-+		.key_id = id,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), NULL, 0);
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
-new file mode 100644
-index 00000000..8ac5477f
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
-@@ -0,0 +1,59 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_export_key(struct service_client *context,
-+						    psa_key_id_t id,
-+						    uint8_t *data,
-+						    size_t data_size,
-+						    size_t *data_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_EXPORT_KEY_SID,
-+		.key_id = id,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(data), .len = data_size }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*data_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
-new file mode 100644
-index 00000000..b24c47f1
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
-@@ -0,0 +1,59 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_export_public_key(struct service_client *context,
-+							   psa_key_id_t id,
-+							   uint8_t *data,
-+							   size_t data_size,
-+							   size_t *data_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
-+		.key_id = id,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(data), .len = data_size }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*data_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
-new file mode 100644
-index 00000000..1b66ed40
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
-@@ -0,0 +1,55 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_generate_key(struct service_client *context,
-+						      const psa_key_attributes_t *attributes,
-+						      psa_key_id_t *id)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_GENERATE_KEY_SID,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+		{ .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(id), .len = sizeof(psa_key_id_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
-new file mode 100644
-index 00000000..7c538237
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
-@@ -0,0 +1,57 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H
-+#define PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_generate_random(struct service_client *context,
-+							 uint8_t *output,
-+							 size_t output_size)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_GENERATE_RANDOM_SID,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(output), .len = output_size }
-+	};
-+
-+	if (!output_size)
-+		return PSA_SUCCESS;
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
-new file mode 100644
-index 00000000..22f1d18f
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
-@@ -0,0 +1,56 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H
-+#define PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_get_key_attributes(
-+					    struct service_client *context,
-+					    psa_key_id_t key,
-+					    psa_key_attributes_t *attributes)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID,
-+		.key_id = key,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(attributes), .len = sizeof(psa_key_attributes_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-new file mode 100644
-index 00000000..9f37908a
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-@@ -0,0 +1,220 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_HASH_H
-+#define PSA_IPC_CRYPTO_CALLER_HASH_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_hash_setup(
-+					    struct service_client *context,
-+					    uint32_t *op_handle,
-+					    psa_algorithm_t alg)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_HASH_SETUP_SID,
-+		.alg = alg,
-+		.op_handle = *op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_update(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     const uint8_t *input,
-+					     size_t input_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_HASH_UPDATE_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(input), .len = input_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_finish(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     uint8_t *hash,
-+					     size_t hash_size,
-+					     size_t *hash_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_HASH_FINISH_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+		{ .base = psa_ptr_to_u32(hash), .len = hash_size},
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*hash_length = out_vec[1].len;
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_abort(
-+					    struct service_client *context,
-+					    uint32_t op_handle)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_HASH_ABORT_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_verify(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     const uint8_t *hash,
-+					     size_t hash_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_HASH_VERIFY_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(hash), .len = hash_length},
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_clone(
-+					    struct service_client *context,
-+					    uint32_t source_op_handle,
-+					    uint32_t *target_op_handle)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_HASH_CLONE_SID,
-+		.op_handle = source_op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(target_op_handle),
-+			.len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_suspend(struct service_client *context,
-+	uint32_t op_handle,
-+	uint8_t *hash_state,
-+	size_t hash_state_size,
-+	size_t *hash_state_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_resume(struct service_client *context,
-+	uint32_t op_handle,
-+	const uint8_t *hash_state,
-+	size_t hash_state_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline size_t crypto_caller_hash_max_update_size(const struct service_client *context)
-+{
-+	/* Returns the maximum number of bytes that may be
-+	 * carried as a parameter of the hash_update operation
-+	 * using the packed-c encoding.
-+	 */
-+	size_t payload_space = context->service_info.max_payload;
-+	size_t overhead = iov_size;
-+
-+	return (payload_space > overhead) ? payload_space - overhead : 0;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_HASH_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
-new file mode 100644
-index 00000000..d4703366
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
-@@ -0,0 +1,57 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_IMPORT_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_IMPORT_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_import_key(struct service_client *context,
-+				    const psa_key_attributes_t *attributes,
-+				    const uint8_t *data, size_t data_length,
-+				    psa_key_id_t *id)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_IMPORT_KEY_SID,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+		{ .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) },
-+		{ .base = psa_ptr_const_to_u32(data), .len = data_length }
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(id), .len = sizeof(psa_key_id_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PACKEDC_CRYPTO_CALLER_IMPORT_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h
-new file mode 100644
-index 00000000..2fad2f0a
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h
-@@ -0,0 +1,51 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H
-+#define PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H
-+
-+#include <psa/crypto.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline void packedc_crypto_caller_translate_key_attributes_to_proto(
-+	struct ts_crypto_key_attributes *proto_attributes,
-+	const psa_key_attributes_t *psa_attributes)
-+{
-+	proto_attributes->type = psa_get_key_type(psa_attributes);
-+	proto_attributes->key_bits = psa_get_key_bits(psa_attributes);
-+	proto_attributes->lifetime = psa_get_key_lifetime(psa_attributes);
-+	proto_attributes->id = psa_get_key_id(psa_attributes);
-+
-+	proto_attributes->policy.usage = psa_get_key_usage_flags(psa_attributes);
-+	proto_attributes->policy.alg = psa_get_key_algorithm(psa_attributes);
-+ }
-+
-+static inline void packedc_crypto_caller_translate_key_attributes_from_proto(
-+	psa_key_attributes_t *psa_attributes,
-+	const struct ts_crypto_key_attributes *proto_attributes)
-+{
-+	psa_set_key_type(psa_attributes, proto_attributes->type);
-+	psa_set_key_bits(psa_attributes, proto_attributes->key_bits);
-+	psa_set_key_lifetime(psa_attributes, proto_attributes->lifetime);
-+
-+	if (proto_attributes->lifetime == PSA_KEY_LIFETIME_PERSISTENT) {
-+
-+		psa_set_key_id(psa_attributes, proto_attributes->id);
-+	}
-+
-+	psa_set_key_usage_flags(psa_attributes, proto_attributes->policy.usage);
-+	psa_set_key_algorithm(psa_attributes, proto_attributes->policy.alg);
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
-new file mode 100644
-index 00000000..5ce4fb6c
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
-@@ -0,0 +1,298 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H
-+#define PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_key_derivation_setup(
-+					      struct service_client *context,
-+					      uint32_t *op_handle,
-+					      psa_algorithm_t alg)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID,
-+		.alg = alg,
-+		.op_handle = *op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_get_capacity(
-+					     struct service_client *context,
-+					     const uint32_t op_handle,
-+					     size_t *capacity)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(capacity), .len = sizeof(uint32_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_set_capacity(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     size_t capacity)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID,
-+		.capacity = capacity,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), NULL, 0);
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_input_bytes(
-+					    struct service_client *context,
-+					    uint32_t op_handle,
-+					    psa_key_derivation_step_t step,
-+					    const uint8_t *data,
-+					    size_t data_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID,
-+		.step = step,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(data), .len = data_length },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), NULL, 0);
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_input_key(
-+					  struct service_client *context,
-+					  uint32_t op_handle,
-+					  psa_key_derivation_step_t step,
-+					  psa_key_id_t key)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
-+		.key_id = key,
-+		.step = step,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), NULL, 0);
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_output_bytes(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     uint8_t *output,
-+					     size_t output_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(output), .len = output_length },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_output_key(
-+				   struct service_client *context,
-+				   const psa_key_attributes_t *attributes,
-+				   uint32_t op_handle,
-+				   psa_key_id_t *key)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(attributes),
-+			.len = sizeof(psa_key_attributes_t) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(key), .len = sizeof(psa_key_id_t)},
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_abort(
-+					      struct service_client *context,
-+					      uint32_t op_handle)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_key_agreement(
-+				      struct service_client *context,
-+				      uint32_t op_handle,
-+				      psa_key_derivation_step_t step,
-+				      psa_key_id_t private_key,
-+				      const uint8_t *peer_key,
-+				      size_t peer_key_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
-+		.key_id = private_key,
-+		.step = step,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(peer_key),
-+			.len = peer_key_length},
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), NULL, 0);
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_raw_key_agreement(
-+					   struct service_client *context,
-+					   psa_algorithm_t alg,
-+					   psa_key_id_t private_key,
-+					   const uint8_t *peer_key,
-+					   size_t peer_key_length,
-+					   uint8_t *output,
-+					   size_t output_size,
-+					   size_t *output_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
-+		.alg = alg,
-+		.key_id = private_key,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(peer_key),
-+			.len = peer_key_length},
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(output), .len = output_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*output_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
-new file mode 100644
-index 00000000..3a820192
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
-@@ -0,0 +1,207 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_MAC_H
-+#define PSA_IPC_CRYPTO_CALLER_MAC_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_mac_sign_setup(
-+						struct service_client *context,
-+						uint32_t *op_handle,
-+						psa_key_id_t key,
-+						psa_algorithm_t alg)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID,
-+		.key_id = key,
-+		.alg = alg,
-+		.op_handle = *op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_mac_verify_setup(
-+					  struct service_client *context,
-+					  uint32_t *op_handle,
-+					  psa_key_id_t key,
-+					  psa_algorithm_t alg)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
-+		.key_id = key,
-+		.alg = alg,
-+		.op_handle = *op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_mac_update(
-+					    struct service_client *context,
-+					    uint32_t op_handle,
-+					    const uint8_t *input,
-+					    size_t input_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_MAC_UPDATE_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(input), .len = input_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_mac_sign_finish(
-+						 struct service_client *context,
-+						 uint32_t op_handle,
-+						 uint8_t *mac,
-+						 size_t mac_size,
-+						 size_t *mac_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+		{ .base = psa_ptr_to_u32(mac), .len = mac_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*mac_length = out_vec[1].len;
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_mac_verify_finish(
-+					   struct service_client *context,
-+					   uint32_t op_handle,
-+					   const uint8_t *mac,
-+					   size_t mac_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(mac), .len = mac_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_mac_abort(
-+					   struct service_client *context,
-+					   uint32_t op_handle)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_MAC_ABORT_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline size_t crypto_caller_mac_max_update_size(const struct service_client *context)
-+{
-+	/* Returns the maximum number of bytes that may be
-+	 * carried as a parameter of the mac_update operation
-+	 * using the packed-c encoding.
-+	 */
-+	size_t payload_space = context->service_info.max_payload;
-+	size_t overhead = iov_size;
-+
-+	return (payload_space > overhead) ? payload_space - overhead : 0;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_MAC_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
-new file mode 100644
-index 00000000..a3a796e2
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
-@@ -0,0 +1,51 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PACKEDC_CRYPTO_CALLER_PURGE_KEY_H
-+#define PACKEDC_CRYPTO_CALLER_PURGE_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_purge_key(struct service_client *context,
-+						   psa_key_id_t id)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_PURGE_KEY_SID,
-+		.key_id = id,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), NULL, 0);
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PACKEDC_CRYPTO_CALLER_PURGE_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-new file mode 100644
-index 00000000..71d88ced
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-@@ -0,0 +1,64 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H
-+#define PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_sign_hash(struct service_client *context,
-+						   psa_key_id_t id,
-+						   psa_algorithm_t alg,
-+						   const uint8_t *hash,
-+						   size_t hash_length,
-+						   uint8_t *signature,
-+						   size_t signature_size,
-+						   size_t *signature_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_SIGN_HASH_SID,
-+		.key_id = id,
-+		.alg = alg,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(hash), .len = hash_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(signature), .len = signature_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*signature_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-new file mode 100644
-index 00000000..e16f6e54
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-@@ -0,0 +1,59 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H
-+#define PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_verify_hash(struct service_client *context,
-+						     psa_key_id_t id,
-+						     psa_algorithm_t alg,
-+						     const uint8_t *hash,
-+						     size_t hash_length,
-+						     const uint8_t *signature,
-+						     size_t signature_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_VERIFY_HASH_SID,
-+		.key_id = id,
-+		.alg = alg,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+		{ .base = psa_ptr_const_to_u32(hash), .len = hash_length },
-+		{ .base = psa_ptr_const_to_u32(signature), .len = signature_length},
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), NULL, 0);
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H */
-diff --git a/components/service/crypto/include/psa/crypto_client_struct.h b/components/service/crypto/include/psa/crypto_client_struct.h
-index abd420c8..bf95c982 100644
---- a/components/service/crypto/include/psa/crypto_client_struct.h
-+++ b/components/service/crypto/include/psa/crypto_client_struct.h
-@@ -31,12 +31,12 @@ extern "C" {
-  * data structure internally. */
- struct psa_client_key_attributes_s
- {
-+    uint16_t type;
-+    uint16_t bits;
-     uint32_t lifetime;
--    uint32_t id;
--    uint32_t alg;
-+    psa_key_id_t id;
-     uint32_t usage;
--    size_t bits;
--    uint16_t type;
-+    uint32_t alg;
- };
- 
- #define PSA_CLIENT_KEY_ATTRIBUTES_INIT {0, 0, 0, 0, 0, 0}
-diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h
-index 7a0149bb..4d7bf6e9 100644
---- a/components/service/crypto/include/psa/crypto_sizes.h
-+++ b/components/service/crypto/include/psa/crypto_sizes.h
-@@ -81,7 +81,7 @@
- #define PSA_HASH_MAX_SIZE 64
- #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
- #else
--#define PSA_HASH_MAX_SIZE 32
-+#define PSA_HASH_MAX_SIZE 64
- #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
- #endif
- 
-diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt
-index af2225e7..21904283 100644
---- a/deployments/se-proxy/opteesp/CMakeLists.txt
-+++ b/deployments/se-proxy/opteesp/CMakeLists.txt
-@@ -85,7 +85,7 @@ add_components(TARGET "se-proxy"
- 		"components/rpc/dummy"
- 		"components/rpc/common/caller"
- 		"components/service/attestation/key_mngr/stub"
--		"components/service/crypto/backend/stub"
-+		"components/service/crypto/backend/psa_ipc"
- 		"components/service/crypto/client/psa"
- 		"components/service/secure_storage/backend/mock_store"
- )
-diff --git a/deployments/se-proxy/opteesp/service_proxy_factory.c b/deployments/se-proxy/opteesp/service_proxy_factory.c
-index 1110ac46..7edeef8b 100644
---- a/deployments/se-proxy/opteesp/service_proxy_factory.c
-+++ b/deployments/se-proxy/opteesp/service_proxy_factory.c
-@@ -15,7 +15,7 @@
- #include <trace.h>
- 
- /* Stub backends */
--#include <service/crypto/backend/stub/stub_crypto_backend.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
- #include <service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h>
- #include <service/secure_storage/backend/mock_store/mock_store.h>
- 
-@@ -47,12 +47,17 @@ struct rpc_interface *crypto_proxy_create(void)
- {
- 	struct rpc_interface *crypto_iface = NULL;
- 	struct crypto_provider *crypto_provider;
-+	struct rpc_caller *crypto_caller;
- 
--	if (stub_crypto_backend_init() == PSA_SUCCESS) {
-+	crypto_caller = openamp_caller_init(&openamp);
-+	if (!crypto_caller)
-+		return NULL;
-+
-+	if (crypto_ipc_backend_init(&openamp.rpc_caller) != PSA_SUCCESS)
-+		return NULL;
- 
--		crypto_provider = crypto_provider_factory_create();
--		crypto_iface = service_provider_get_rpc_interface(&crypto_provider->base_provider);
--	}
-+	crypto_provider = crypto_provider_factory_create();
-+	crypto_iface = service_provider_get_rpc_interface(&crypto_provider->base_provider);
- 
- 	return crypto_iface;
- }
-diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
-index bb778bb9..51e5faa3 100644
---- a/platform/providers/arm/corstone1000/platform.cmake
-+++ b/platform/providers/arm/corstone1000/platform.cmake
-@@ -8,3 +8,5 @@
- 
- # include MHU driver
- include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake)
-+
-+add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0024-Increase-SMM-gateway-UEFI-variable-macro-value.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0024-Increase-SMM-gateway-UEFI-variable-macro-value.patch
deleted file mode 100644
index 91207bd..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0024-Increase-SMM-gateway-UEFI-variable-macro-value.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 8fca2a8eed6ebc1cbf9f7972c6a9bb137ebafe1a Mon Sep 17 00:00:00 2001
-From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-Date: Sun, 12 Dec 2021 17:07:03 +0000
-Subject: [PATCH] Increase SMM gateway UEFI variable macro value
-
-The maximum number of UEFI variables that be supported by SMM
-gateway is currently 40. When more than 40 variables are written,
-or read SMM gateway returns error code. Currently this value is
-increased to 100 to support more UEFI variables.
-
-Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-
-
----
- deployments/smm-gateway/smm_gateway.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/deployments/smm-gateway/smm_gateway.c b/deployments/smm-gateway/smm_gateway.c
-index 7828b3af..7e6729ee 100644
---- a/deployments/smm-gateway/smm_gateway.c
-+++ b/deployments/smm-gateway/smm_gateway.c
-@@ -20,6 +20,9 @@
- #define SMM_GATEWAY_NV_STORE_SN		"sn:ffa:751bf801-3dde-4768-a514-0f10aeed1790:0"
- #endif
- 
-+/* Maximum number of UEFI variables set to 100 */
-+#define SMM_GATEWAY_MAX_UEFI_VARIABLES		(100)
-+
- /* Default maximum number of UEFI variables */
- #ifndef SMM_GATEWAY_MAX_UEFI_VARIABLES
- #define SMM_GATEWAY_MAX_UEFI_VARIABLES		(40)
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0025-Add-stub-capsule-update-service-components.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0025-Add-stub-capsule-update-service-components.patch
deleted file mode 100644
index 943568c..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0025-Add-stub-capsule-update-service-components.patch
+++ /dev/null
@@ -1,436 +0,0 @@
-From eb1beb0f4f3a0d97a1ee941b068fb1f3b7ba7d7b Mon Sep 17 00:00:00 2001
-From: Julian Hall <julian.hall@arm.com>
-Date: Tue, 12 Oct 2021 15:45:41 +0100
-Subject: [PATCH] Add stub capsule update service components
-
-To facilitate development of a capsule update service provider,
-stub components are added to provide a starting point for an
-implementation. The capsule update service provider is integrated
-into the se-proxy/opteesp deployment.
-
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Julian Hall <julian.hall@arm.com>
-Change-Id: I0d4049bb4de5af7ca80806403301692507085d28
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-
----
- .../backend/capsule_update_backend.h          |  24 ++++
- .../provider/capsule_update_provider.c        | 133 ++++++++++++++++++
- .../provider/capsule_update_provider.h        |  51 +++++++
- .../capsule_update/provider/component.cmake   |  13 ++
- deployments/se-proxy/opteesp/CMakeLists.txt   |   1 +
- deployments/se-proxy/opteesp/se_proxy_sp.c    |   3 +
- .../se-proxy/opteesp/service_proxy_factory.c  |  16 +++
- .../se-proxy/opteesp/service_proxy_factory.h  |   1 +
- deployments/se-proxy/se_proxy_interfaces.h    |   9 +-
- .../capsule_update/capsule_update_proto.h     |  13 ++
- protocols/service/capsule_update/opcodes.h    |  17 +++
- protocols/service/capsule_update/parameters.h |  15 ++
- 12 files changed, 292 insertions(+), 4 deletions(-)
- create mode 100644 components/service/capsule_update/backend/capsule_update_backend.h
- create mode 100644 components/service/capsule_update/provider/capsule_update_provider.c
- create mode 100644 components/service/capsule_update/provider/capsule_update_provider.h
- create mode 100644 components/service/capsule_update/provider/component.cmake
- create mode 100644 protocols/service/capsule_update/capsule_update_proto.h
- create mode 100644 protocols/service/capsule_update/opcodes.h
- create mode 100644 protocols/service/capsule_update/parameters.h
-
-diff --git a/components/service/capsule_update/backend/capsule_update_backend.h b/components/service/capsule_update/backend/capsule_update_backend.h
-new file mode 100644
-index 00000000..f3144ff1
---- /dev/null
-+++ b/components/service/capsule_update/backend/capsule_update_backend.h
-@@ -0,0 +1,24 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef CAPSULE_UPDATE_BACKEND_H
-+#define CAPSULE_UPDATE_BACKEND_H
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/**
-+ * Defines the common capsule update backend interface.  Concrete backends
-+ * implement this interface for different types of platform.
-+ */
-+
-+
-+#ifdef __cplusplus
-+} /* extern "C" */
-+#endif
-+
-+#endif /* CAPSULE_UPDATE_BACKEND_H */
-diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
-new file mode 100644
-index 00000000..9bbd7abc
---- /dev/null
-+++ b/components/service/capsule_update/provider/capsule_update_provider.c
-@@ -0,0 +1,133 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <trace.h>
-+
-+#include <protocols/service/capsule_update/capsule_update_proto.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include "capsule_update_provider.h"
-+
-+
-+#define CAPSULE_UPDATE_REQUEST (0x1)
-+#define KERNEL_STARTED_EVENT   (0x2)
-+
-+enum corstone1000_ioctl_id_t {
-+	IOCTL_CORSTONE1000_FWU_FLASH_IMAGES = 0,
-+	IOCTL_CORSTONE1000_FWU_HOST_ACK,
-+};
-+
-+/* Service request handlers */
-+static rpc_status_t update_capsule_handler(void *context, struct call_req *req);
-+static rpc_status_t boot_confirmed_handler(void *context, struct call_req *req);
-+
-+/* Handler mapping table for service */
-+static const struct service_handler handler_table[] = {
-+	{CAPSULE_UPDATE_OPCODE_UPDATE_CAPSULE,			update_capsule_handler},
-+	{CAPSULE_UPDATE_OPCODE_BOOT_CONFIRMED,			boot_confirmed_handler}
-+};
-+
-+struct rpc_interface *capsule_update_provider_init(
-+	struct capsule_update_provider *context)
-+{
-+	struct rpc_interface *rpc_interface = NULL;
-+
-+	if (context) {
-+
-+		service_provider_init(
-+			&context->base_provider,
-+			context,
-+			handler_table,
-+			sizeof(handler_table)/sizeof(struct service_handler));
-+
-+		rpc_interface = service_provider_get_rpc_interface(&context->base_provider);
-+	}
-+
-+	return rpc_interface;
-+}
-+
-+void capsule_update_provider_deinit(struct capsule_update_provider *context)
-+{
-+	(void)context;
-+}
-+
-+static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
-+{
-+	uint32_t ioctl_id;
-+	psa_handle_t handle;
-+	rpc_status_t rpc_status = TS_RPC_CALL_ACCEPTED;
-+
-+	struct psa_invec in_vec[] = {
-+			{ .base = &ioctl_id, .len = sizeof(ioctl_id) }
-+	};
-+
-+	if(!caller) {
-+		EMSG("event_handler rpc_caller is NULL");
-+		rpc_status = TS_RPC_ERROR_RESOURCE_FAILURE;
-+		return rpc_status;
-+	}
-+
-+	MSG("event handler opcode %x", opcode);
-+	switch(opcode) {
-+		case CAPSULE_UPDATE_REQUEST:
-+		/* Openamp call with IOCTL for firmware update*/
-+		ioctl_id = IOCTL_CORSTONE1000_FWU_FLASH_IMAGES;
-+		handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
-+				TFM_SP_PLATFORM_IOCTL_VERSION);
-+		if (handle <= 0) {
-+			EMSG("%s Invalid handle", __func__);
-+			rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
-+			return rpc_status;
-+		}
-+		psa_call(caller,handle, PSA_IPC_CALL,
-+			in_vec,IOVEC_LEN(in_vec), NULL, 0);
-+		break;
-+
-+		case KERNEL_STARTED_EVENT:
-+		ioctl_id = IOCTL_CORSTONE1000_FWU_HOST_ACK;
-+		/*openamp call with IOCTL for kernel start*/
-+		handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
-+				TFM_SP_PLATFORM_IOCTL_VERSION);
-+		if (handle <= 0) {
-+			EMSG("%s Invalid handle", __func__);
-+			rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
-+			return rpc_status;
-+		}
-+		psa_call(caller,handle, PSA_IPC_CALL,
-+			in_vec,IOVEC_LEN(in_vec), NULL, 0);
-+		break;
-+		default:
-+			EMSG("%s unsupported opcode", __func__);
-+			rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
-+			return rpc_status;
-+	}
-+	return rpc_status;
-+
-+}
-+
-+static rpc_status_t update_capsule_handler(void *context, struct call_req *req)
-+{
-+	struct capsule_update_provider *this_instance = (struct capsule_update_provider*)context;
-+	struct rpc_caller *caller = this_instance->client.caller;
-+	uint32_t opcode = req->opcode;
-+	rpc_status_t rpc_status = TS_RPC_ERROR_NOT_READY;
-+
-+	rpc_status = event_handler(opcode, caller);
-+	return rpc_status;
-+}
-+
-+static rpc_status_t boot_confirmed_handler(void *context, struct call_req *req)
-+{
-+	struct capsule_update_provider *this_instance = (struct capsule_update_provider*)context;
-+	struct rpc_caller *caller = this_instance->client.caller;
-+	uint32_t opcode = req->opcode;
-+	rpc_status_t rpc_status = TS_RPC_ERROR_NOT_READY;
-+
-+	rpc_status = event_handler(opcode, caller);
-+
-+	return rpc_status;
-+}
-diff --git a/components/service/capsule_update/provider/capsule_update_provider.h b/components/service/capsule_update/provider/capsule_update_provider.h
-new file mode 100644
-index 00000000..3de49854
---- /dev/null
-+++ b/components/service/capsule_update/provider/capsule_update_provider.h
-@@ -0,0 +1,51 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef CAPSULE_UPDATE_PROVIDER_H
-+#define CAPSULE_UPDATE_PROVIDER_H
-+
-+#include <rpc/common/endpoint/rpc_interface.h>
-+#include <service/common/provider/service_provider.h>
-+#include <service/common/client/service_client.h>
-+#include <service/capsule_update/backend/capsule_update_backend.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/**
-+ * The capsule_update_provider is a service provider that accepts update capsule
-+ * requests and delegates them to a suitable backend that applies the update.
-+ */
-+struct capsule_update_provider
-+{
-+	struct service_provider base_provider;
-+	struct service_client client;
-+};
-+
-+/**
-+ * \brief Initialize an instance of the capsule update service provider
-+ *
-+ * @param[in] context The instance to initialize
-+ *
-+ * \return An rpc_interface or NULL on failure
-+ */
-+struct rpc_interface *capsule_update_provider_init(
-+	struct capsule_update_provider *context);
-+
-+/**
-+ * \brief Cleans up when the instance is no longer needed
-+ *
-+ * \param[in] context   The instance to de-initialize
-+ */
-+void capsule_update_provider_deinit(
-+	struct capsule_update_provider *context);
-+
-+#ifdef __cplusplus
-+} /* extern "C" */
-+#endif
-+
-+#endif /* CAPSULE_UPDATE_PROVIDER_H */
-diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake
-new file mode 100644
-index 00000000..1d412eb2
---- /dev/null
-+++ b/components/service/capsule_update/provider/component.cmake
-@@ -0,0 +1,13 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+	message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+	"${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c"
-+	)
-diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt
-index 21904283..953bb716 100644
---- a/deployments/se-proxy/opteesp/CMakeLists.txt
-+++ b/deployments/se-proxy/opteesp/CMakeLists.txt
-@@ -80,6 +80,7 @@ add_components(TARGET "se-proxy"
- 		"components/service/attestation/reporter/psa_ipc"
- 		"components/service/attestation/client/psa_ipc"
- 		"components/rpc/openamp/caller/sp"
-+		"components/service/capsule_update/provider"
- 
- 		# Stub service provider backends
- 		"components/rpc/dummy"
-diff --git a/deployments/se-proxy/opteesp/se_proxy_sp.c b/deployments/se-proxy/opteesp/se_proxy_sp.c
-index ef90d9ee..11b014b2 100644
---- a/deployments/se-proxy/opteesp/se_proxy_sp.c
-+++ b/deployments/se-proxy/opteesp/se_proxy_sp.c
-@@ -48,6 +48,9 @@ void __noreturn sp_main(struct ffa_init_info *init_info)
- 	rpc_iface = attest_proxy_create();
- 	rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_ATTEST, rpc_iface);
- 
-+	rpc_iface = capsule_update_proxy_create();
-+	rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE, rpc_iface);
-+
- 	/* End of boot phase */
- 	sp_msg_wait(&req_msg);
- 
-diff --git a/deployments/se-proxy/opteesp/service_proxy_factory.c b/deployments/se-proxy/opteesp/service_proxy_factory.c
-index 7edeef8b..591cc9ee 100644
---- a/deployments/se-proxy/opteesp/service_proxy_factory.c
-+++ b/deployments/se-proxy/opteesp/service_proxy_factory.c
-@@ -13,6 +13,7 @@
- #include <service/crypto/factory/crypto_provider_factory.h>
- #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
- #include <trace.h>
-+#include <service/capsule_update/provider/capsule_update_provider.h>
- 
- /* Stub backends */
- #include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-@@ -93,3 +94,18 @@ struct rpc_interface *its_proxy_create(void)
-  
-         return secure_storage_provider_init(&its_provider, backend);
- }
-+
-+struct rpc_interface *capsule_update_proxy_create(void)
-+{
-+	static struct capsule_update_provider capsule_update_provider;
-+	static struct rpc_caller *capsule_update_caller;
-+
-+	capsule_update_caller = openamp_caller_init(&openamp);
-+
-+	if (!capsule_update_caller)
-+	return NULL;
-+
-+	capsule_update_provider.client.caller = capsule_update_caller;
-+
-+	return capsule_update_provider_init(&capsule_update_provider);
-+}
-diff --git a/deployments/se-proxy/opteesp/service_proxy_factory.h b/deployments/se-proxy/opteesp/service_proxy_factory.h
-index 298d407a..02aa7fe2 100644
---- a/deployments/se-proxy/opteesp/service_proxy_factory.h
-+++ b/deployments/se-proxy/opteesp/service_proxy_factory.h
-@@ -17,6 +17,7 @@ struct rpc_interface *attest_proxy_create(void);
- struct rpc_interface *crypto_proxy_create(void);
- struct rpc_interface *ps_proxy_create(void);
- struct rpc_interface *its_proxy_create(void);
-+struct rpc_interface *capsule_update_proxy_create(void);
- 
- #ifdef __cplusplus
- }
-diff --git a/deployments/se-proxy/se_proxy_interfaces.h b/deployments/se-proxy/se_proxy_interfaces.h
-index 48908f84..3d4a7c20 100644
---- a/deployments/se-proxy/se_proxy_interfaces.h
-+++ b/deployments/se-proxy/se_proxy_interfaces.h
-@@ -8,9 +8,10 @@
- #define SE_PROXY_INTERFACES_H
- 
- /* Interface IDs from service endpoints available from an se-proxy deployment */
--#define SE_PROXY_INTERFACE_ID_ITS			(0)
--#define SE_PROXY_INTERFACE_ID_PS			(1)
--#define SE_PROXY_INTERFACE_ID_CRYPTO		(2)
--#define SE_PROXY_INTERFACE_ID_ATTEST		(3)
-+#define SE_PROXY_INTERFACE_ID_ITS			    (0)
-+#define SE_PROXY_INTERFACE_ID_PS			    (1)
-+#define SE_PROXY_INTERFACE_ID_CRYPTO		    (2)
-+#define SE_PROXY_INTERFACE_ID_ATTEST		    (3)
-+#define SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE    (4)
- 
- #endif /* SE_PROXY_INTERFACES_H */
-diff --git a/protocols/service/capsule_update/capsule_update_proto.h b/protocols/service/capsule_update/capsule_update_proto.h
-new file mode 100644
-index 00000000..8f326cd3
---- /dev/null
-+++ b/protocols/service/capsule_update/capsule_update_proto.h
-@@ -0,0 +1,13 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef CAPSULE_UPDATE_PROTO_H
-+#define CAPSULE_UPDATE_PROTO_H
-+
-+#include <protocols/service/capsule_update/opcodes.h>
-+#include <protocols/service/capsule_update/parameters.h>
-+
-+#endif /* CAPSULE_UPDATE_PROTO_H */
-diff --git a/protocols/service/capsule_update/opcodes.h b/protocols/service/capsule_update/opcodes.h
-new file mode 100644
-index 00000000..8185a090
---- /dev/null
-+++ b/protocols/service/capsule_update/opcodes.h
-@@ -0,0 +1,17 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef CAPSULE_UPDATE_OPCODES_H
-+#define CAPSULE_UPDATE_OPCODES_H
-+
-+/**
-+ * Opcode definitions for the capsule update service
-+ */
-+
-+#define CAPSULE_UPDATE_OPCODE_UPDATE_CAPSULE		1
-+#define CAPSULE_UPDATE_OPCODE_BOOT_CONFIRMED		2
-+
-+#endif /* CAPSULE_UPDATE_OPCODES_H */
-diff --git a/protocols/service/capsule_update/parameters.h b/protocols/service/capsule_update/parameters.h
-new file mode 100644
-index 00000000..285d9241
---- /dev/null
-+++ b/protocols/service/capsule_update/parameters.h
-@@ -0,0 +1,15 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef CAPSULE_UPDATE_PARAMETERS_H
-+#define CAPSULE_UPDATE_PARAMETERS_H
-+
-+/**
-+ * Operation parameter definitions for the capsule update service access protocol.
-+ */
-+
-+
-+#endif /* CAPSULE_UPDATE_PARAMETERS_H */
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0026-Add-logs-to-functions-in-SMM-gateway-SP.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0026-Add-logs-to-functions-in-SMM-gateway-SP.patch
deleted file mode 100644
index 38ce243..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0026-Add-logs-to-functions-in-SMM-gateway-SP.patch
+++ /dev/null
@@ -1,248 +0,0 @@
-From c9188e59fd27d208a975187da285a9b5938bb00d Mon Sep 17 00:00:00 2001
-From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-Date: Thu, 16 Dec 2021 13:29:58 +0000
-Subject: [PATCH] Add logs to functions in SMM gateway SP
-
-Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-
-
----
- .../backend/uefi_variable_store.c             | 29 +++++++++++++++++--
- .../provider/smm_variable_provider.c          |  7 +++--
- 2 files changed, 32 insertions(+), 4 deletions(-)
-
-diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
-index ed50eaf9..0c371e94 100644
---- a/components/service/smm_variable/backend/uefi_variable_store.c
-+++ b/components/service/smm_variable/backend/uefi_variable_store.c
-@@ -11,6 +11,7 @@
- #include "uefi_variable_store.h"
- #include "variable_index_iterator.h"
- #include "variable_checker.h"
-+#include <trace.h>
- 
- /* Private functions */
- static void load_variable_index(
-@@ -151,12 +152,15 @@ void uefi_variable_store_set_storage_limits(
- 	size_t total_capacity,
- 	size_t max_variable_size)
- {
-+	EMSG("In func %s\n", __func__);
- 	struct delegate_variable_store *delegate_store = select_delegate_store(
- 		context,
- 		attributes);
- 
- 	delegate_store->total_capacity = total_capacity;
- 	delegate_store->max_variable_size = max_variable_size;
-+	EMSG("In func %s total_capacity is %d\n", __func__, total_capacity);
-+	EMSG("In func %s max_variable_size is %d\n", __func__, max_variable_size);
- }
- 
- efi_status_t uefi_variable_store_set_variable(
-@@ -265,6 +269,7 @@ efi_status_t uefi_variable_store_get_variable(
- 	size_t max_data_len,
- 	size_t *total_length)
- {
-+	EMSG("In func %s\n", __func__);
- 	efi_status_t status = check_name_terminator(var->Name, var->NameSize);
- 	if (status != EFI_SUCCESS) return status;
- 
-@@ -299,6 +304,7 @@ efi_status_t uefi_variable_store_get_next_variable_name(
- 	size_t max_name_len,
- 	size_t *total_length)
- {
-+	EMSG("In func %s\n", __func__);
- 	efi_status_t status = check_name_terminator(cur->Name, cur->NameSize);
- 	if (status != EFI_SUCCESS) return status;
- 
-@@ -329,6 +335,8 @@ efi_status_t uefi_variable_store_query_variable_info(
- 	struct uefi_variable_store *context,
- 	SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO *var_info)
- {
-+
-+	EMSG("In func %s\n", __func__);
- 	struct delegate_variable_store *delegate_store = select_delegate_store(
- 		context,
- 		var_info->Attributes);
-@@ -337,13 +345,15 @@ efi_status_t uefi_variable_store_query_variable_info(
- 		context,
- 		var_info->Attributes,
- 		delegate_store->storage_backend);
--
-+	EMSG("In func %s total_used is %d\n", __func__, total_used);
- 	var_info->MaximumVariableSize = delegate_store->max_variable_size;
- 	var_info->MaximumVariableStorageSize = delegate_store->total_capacity;
- 	var_info->RemainingVariableStorageSize = (total_used < delegate_store->total_capacity) ?
- 		delegate_store->total_capacity - total_used :
- 		0;
--
-+	EMSG("In func %s var_info->MaximumVariableSize is %d\n", __func__, var_info->MaximumVariableSize);
-+	EMSG("In func %s var_info->MaximumVariableStorageSize is %d\n", __func__, var_info->MaximumVariableStorageSize);
-+	EMSG("In func %s var_info->RemainingVariableStorageSize is %d\n", __func__, var_info->RemainingVariableStorageSize);
- 	return EFI_SUCCESS;
- }
- 
-@@ -358,6 +368,7 @@ efi_status_t uefi_variable_store_set_var_check_property(
- 	struct uefi_variable_store *context,
- 	const SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *property)
- {
-+	EMSG("In func %s\n", __func__);
- 	efi_status_t status = check_name_terminator(property->Name, property->NameSize);
- 	if (status != EFI_SUCCESS) return status;
- 
-@@ -404,6 +415,7 @@ efi_status_t uefi_variable_store_get_var_check_property(
- 	struct uefi_variable_store *context,
- 	SMM_VARIABLE_COMMUNICATE_VAR_CHECK_VARIABLE_PROPERTY *property)
- {
-+	EMSG("In func %s\n", __func__);
- 	efi_status_t status = check_name_terminator(property->Name, property->NameSize);
- 	if (status != EFI_SUCCESS) return status;
- 
-@@ -430,6 +442,7 @@ efi_status_t uefi_variable_store_get_var_check_property(
- static void load_variable_index(
- 	struct uefi_variable_store *context)
- {
-+	EMSG("In func %s\n", __func__);
- 	struct storage_backend *persistent_store = context->persistent_store.storage_backend;
- 
- 	if (persistent_store) {
-@@ -444,6 +457,7 @@ static void load_variable_index(
- 			context->index_sync_buffer_size,
- 			context->index_sync_buffer,
- 			&data_len);
-+		EMSG("In func %s get status is %d\n", __func__, psa_status);
- 
- 		if (psa_status == PSA_SUCCESS) {
- 
-@@ -455,6 +469,7 @@ static void load_variable_index(
- static efi_status_t sync_variable_index(
- 	struct uefi_variable_store *context)
- {
-+	EMSG("In func %s\n", __func__);
- 	efi_status_t status = EFI_SUCCESS;
- 
- 	/* Sync the varibale index to storage if anything is dirty */
-@@ -479,6 +494,7 @@ static efi_status_t sync_variable_index(
- 				data_len,
- 				context->index_sync_buffer,
- 				PSA_STORAGE_FLAG_NONE);
-+			EMSG("In func %s set status is %d\n", __func__, psa_status);
- 
- 			status = psa_to_efi_storage_status(psa_status);
- 		}
-@@ -490,6 +506,7 @@ static efi_status_t sync_variable_index(
- static efi_status_t check_capabilities(
- 	const SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var)
- {
-+	EMSG("In func %s\n", __func__);
- 	efi_status_t status = EFI_SUCCESS;
- 
- 	/* Check if any unsupported variable attributes have been requested */
-@@ -551,6 +568,7 @@ static efi_status_t store_variable_data(
- 	const struct variable_info *info,
- 	const SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var)
- {
-+	EMSG("In func %s\n", __func__);
- 	psa_status_t psa_status = PSA_SUCCESS;
- 	size_t data_len = var->DataSize;
- 	const uint8_t *data = (const uint8_t*)var +
-@@ -599,6 +617,7 @@ static efi_status_t remove_variable_data(
- 	struct uefi_variable_store *context,
- 	const struct variable_info *info)
- {
-+	EMSG("In func %s\n", __func__);
- 	psa_status_t psa_status = PSA_SUCCESS;
- 
- 	if (info->is_variable_set) {
-@@ -613,6 +632,7 @@ static efi_status_t remove_variable_data(
- 				delegate_store->storage_backend->context,
- 				context->owner_id,
- 				info->metadata.uid);
-+			EMSG("In func %s status is %d\n", __func__, psa_status);
- 		}
- 	}
- 
-@@ -625,6 +645,7 @@ static efi_status_t load_variable_data(
- 	SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var,
- 	size_t max_data_len)
- {
-+	EMSG("In func %s\n", __func__);
- 	psa_status_t psa_status = PSA_SUCCESS;
- 	size_t data_len = 0;
- 	uint8_t *data = (uint8_t*)var +
-@@ -644,6 +665,7 @@ static efi_status_t load_variable_data(
- 			max_data_len,
- 			data,
- 			&data_len);
-+		EMSG("In func %s get status is %d\n", __func__, psa_status);
- 
- 		var->DataSize = data_len;
- 	}
-@@ -771,6 +793,7 @@ static void purge_orphan_index_entries(
- 				context->owner_id,
- 				info->metadata.uid,
- 				&storage_info);
-+			EMSG("In func %s get status is %d\n", __func__, psa_status);
- 
- 			if (psa_status != PSA_SUCCESS) {
- 
-@@ -802,6 +825,7 @@ static size_t space_used(
- 	uint32_t attributes,
- 	struct storage_backend *storage_backend)
- {
-+	EMSG("In func %s\n", __func__);
- 	if (!storage_backend) return 0;
- 
- 	size_t total_used = 0;
-@@ -823,6 +847,7 @@ static size_t space_used(
- 				context->owner_id,
- 				info->metadata.uid,
- 				&storage_info);
-+			EMSG("In func %s get status is %d\n", __func__, psa_status);
- 
- 			if (psa_status == PSA_SUCCESS) total_used += storage_info.size;
- 		}
-diff --git a/components/service/smm_variable/provider/smm_variable_provider.c b/components/service/smm_variable/provider/smm_variable_provider.c
-index 52e68d09..1f362c17 100644
---- a/components/service/smm_variable/provider/smm_variable_provider.c
-+++ b/components/service/smm_variable/provider/smm_variable_provider.c
-@@ -9,6 +9,7 @@
- #include <protocols/service/smm_variable/smm_variable_proto.h>
- #include <protocols/rpc/common/packed-c/status.h>
- #include "smm_variable_provider.h"
-+#include <trace.h>
- 
- /* Service request handlers */
- static rpc_status_t get_variable_handler(void *context, struct call_req *req);
-@@ -252,17 +253,18 @@ static rpc_status_t set_variable_handler(void *context, struct call_req* req)
- 
- static rpc_status_t query_variable_info_handler(void *context, struct call_req* req)
- {
-+	EMSG("In func %s \n", __func__);
- 	efi_status_t efi_status = EFI_INVALID_PARAMETER;
- 	struct smm_variable_provider *this_instance = (struct smm_variable_provider*)context;
- 
- 	const struct call_param_buf *req_buf = call_req_get_req_buf(req);
--
-+	EMSG("In func %s sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO) is %d\n", __func__, sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO));
- 	if (req_buf->data_len >= sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO)) {
- 
- 		struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
- 
- 		if (resp_buf->size >= req_buf->data_len) {
--
-+			
- 			memmove(resp_buf->data, req_buf->data, req_buf->data_len);
- 
- 			efi_status = uefi_variable_store_query_variable_info(
-@@ -272,6 +274,7 @@ static rpc_status_t query_variable_info_handler(void *context, struct call_req*
- 			if (efi_status == EFI_SUCCESS) {
- 
- 				resp_buf->data_len = sizeof(SMM_VARIABLE_COMMUNICATE_QUERY_VARIABLE_INFO);
-+				EMSG("In func %s resp_buf->data_len is %d\n", __func__, resp_buf->data_len);
- 			}
- 		}
- 		else {
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0027-Configure-storage-size.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0027-Configure-storage-size.patch
deleted file mode 100644
index ddf9503..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0027-Configure-storage-size.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 3e472452bca64ed90071b61416460f1a69382293 Mon Sep 17 00:00:00 2001
-From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-Date: Thu, 16 Dec 2021 21:31:40 +0000
-Subject: [PATCH] Configure storage size
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-
-
----
- .../service/smm_variable/backend/uefi_variable_store.c       | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
-index 0c371e94..b7cfff40 100644
---- a/components/service/smm_variable/backend/uefi_variable_store.c
-+++ b/components/service/smm_variable/backend/uefi_variable_store.c
-@@ -87,6 +87,7 @@ static efi_status_t check_name_terminator(
-  * may be overridden using uefi_variable_store_set_storage_limits()
-  */
- #define DEFAULT_MAX_VARIABLE_SIZE			(2048)
-+#define CONFIGURE_STORAGE_SIZE			    (50)
- 
- efi_status_t uefi_variable_store_init(
- 	struct uefi_variable_store *context,
-@@ -100,13 +101,13 @@ efi_status_t uefi_variable_store_init(
- 	/* Initialise persistent store defaults */
- 	context->persistent_store.is_nv = true;
- 	context->persistent_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE;
--	context->persistent_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables;
-+	context->persistent_store.total_capacity = CONFIGURE_STORAGE_SIZE * max_variables;
- 	context->persistent_store.storage_backend = persistent_store;
- 
- 	/* Initialise volatile store defaults */
- 	context->volatile_store.is_nv = false;
- 	context->volatile_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE;
--	context->volatile_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables;
-+	context->volatile_store.total_capacity = CONFIGURE_STORAGE_SIZE * max_variables;
- 	context->volatile_store.storage_backend = volatile_store;
- 
- 	context->owner_id = owner_id;
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0028-Revert-Add-uefi-variable-append-write-support.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0028-Revert-Add-uefi-variable-append-write-support.patch
deleted file mode 100644
index 9bb3f91..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0028-Revert-Add-uefi-variable-append-write-support.patch
+++ /dev/null
@@ -1,1219 +0,0 @@
-From da3bd0721f2403562b6ae6d1939f5f331fd141bb Mon Sep 17 00:00:00 2001
-From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-Date: Wed, 15 Dec 2021 17:23:25 +0000
-Subject: [PATCH] Revert "Add uefi variable append write support"
-
-This reverts commit e8758d9aff0eddae81a74b0191cd027bcdc92c04.
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-
-
----
- .../backend/test/variable_index_tests.cpp     |  90 +++---
- .../backend/test/variable_store_tests.cpp     |  72 +----
- .../backend/uefi_variable_store.c             | 293 ++++++------------
- .../smm_variable/backend/variable_index.c     |  95 ++++--
- .../smm_variable/backend/variable_index.h     |  58 ++--
- .../backend/variable_index_iterator.c         |   4 +-
- .../backend/variable_index_iterator.h         |   2 +-
- .../service/smm_variable_service_tests.cpp    |  48 ---
- protocols/service/smm_variable/parameters.h   |   3 -
- 9 files changed, 239 insertions(+), 426 deletions(-)
-
-diff --git a/components/service/smm_variable/backend/test/variable_index_tests.cpp b/components/service/smm_variable/backend/test/variable_index_tests.cpp
-index 8edc0e70..c8bacf97 100644
---- a/components/service/smm_variable/backend/test/variable_index_tests.cpp
-+++ b/components/service/smm_variable/backend/test/variable_index_tests.cpp
-@@ -69,37 +69,34 @@ TEST_GROUP(UefiVariableIndexTests)
- 
- 	void create_variables()
- 	{
--		struct variable_info *info = NULL;
-+		const struct variable_info *info = NULL;
- 
--		info = variable_index_add_entry(
-+		info = variable_index_add_variable(
- 			&m_variable_index,
- 			&guid_1,
- 			name_1.size() * sizeof(int16_t),
--			name_1.data());
--		CHECK_TRUE(info);
--		variable_index_set_variable(
--			info,
-+			name_1.data(),
- 			EFI_VARIABLE_BOOTSERVICE_ACCESS);
- 
--		info = variable_index_add_entry(
-+		CHECK_TRUE(info);
-+
-+		info = variable_index_add_variable(
- 			&m_variable_index,
- 			&guid_2,
- 			name_2.size() * sizeof(int16_t),
--			name_2.data());
--		CHECK_TRUE(info);
--		variable_index_set_variable(
--			info,
-+			name_2.data(),
- 			EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS);
- 
--		info = variable_index_add_entry(
-+		CHECK_TRUE(info);
-+
-+		info = variable_index_add_variable(
- 			&m_variable_index,
- 			&guid_1,
- 			name_3.size() * sizeof(int16_t),
--			name_3.data());
--		CHECK_TRUE(info);
--		variable_index_set_variable(
--			info,
-+			name_3.data(),
- 			EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_RUNTIME_ACCESS);
-+
-+		CHECK_TRUE(info);
- 	}
- 
- 	static const size_t MAX_VARIABLES = 10;
-@@ -114,7 +111,7 @@ TEST_GROUP(UefiVariableIndexTests)
- 
- TEST(UefiVariableIndexTests, emptyIndexOperations)
- {
--	struct variable_info *info = NULL;
-+	const struct variable_info *info = NULL;
- 
- 	/* Expect not to find a variable */
- 	info = variable_index_find(
-@@ -133,34 +130,36 @@ TEST(UefiVariableIndexTests, emptyIndexOperations)
- 	POINTERS_EQUAL(NULL, info);
- 
- 	/* Remove should silently return */
--	variable_index_clear_variable(
-+	variable_index_remove_variable(
- 		&m_variable_index,
- 		info);
- }
- 
- TEST(UefiVariableIndexTests, addWithOversizedName)
- {
--	struct variable_info *info = NULL;
-+	const struct variable_info *info = NULL;
- 	std::vector<int16_t> name;
- 
- 	name = to_variable_name(L"a long variable name that exceeds the length limit");
- 
--	info = variable_index_add_entry(
-+	info = variable_index_add_variable(
- 		&m_variable_index,
- 		&guid_1,
- 		name.size() * sizeof(int16_t),
--		name.data());
-+		name.data(),
-+		EFI_VARIABLE_BOOTSERVICE_ACCESS);
- 
- 	/* Expect the add to fail because of an oversized name */
- 	POINTERS_EQUAL(NULL, info);
- 
- 	name = to_variable_name(L"a long variable name that fits!");
- 
--	info = variable_index_add_entry(
-+	info = variable_index_add_variable(
- 		&m_variable_index,
- 		&guid_1,
- 		name.size() * sizeof(int16_t),
--		name.data());
-+		name.data(),
-+		EFI_VARIABLE_BOOTSERVICE_ACCESS);
- 
- 	/* Expect the add succeed */
- 	CHECK_TRUE(info);
-@@ -168,17 +167,18 @@ TEST(UefiVariableIndexTests, addWithOversizedName)
- 
- TEST(UefiVariableIndexTests, variableIndexFull)
- {
--	struct variable_info *info = NULL;
-+	const struct variable_info *info = NULL;
- 	EFI_GUID guid = guid_1;
- 
- 	/* Expect to be able to fill the index */
- 	for (size_t i = 0; i < MAX_VARIABLES; ++i) {
- 
--		info = variable_index_add_entry(
-+		info = variable_index_add_variable(
- 			&m_variable_index,
- 			&guid,
- 			name_1.size() * sizeof(int16_t),
--			name_1.data());
-+			name_1.data(),
-+			EFI_VARIABLE_BOOTSERVICE_ACCESS);
- 
- 		CHECK_TRUE(info);
- 
-@@ -187,11 +187,12 @@ TEST(UefiVariableIndexTests, variableIndexFull)
- 	}
- 
- 	/* Variable index should now be full */
--	info = variable_index_add_entry(
-+	info = variable_index_add_variable(
- 		&m_variable_index,
- 		&guid,
- 		name_1.size() * sizeof(int16_t),
--		name_1.data());
-+		name_1.data(),
-+		EFI_VARIABLE_BOOTSERVICE_ACCESS);
- 
- 	POINTERS_EQUAL(NULL, info);
- }
-@@ -322,7 +323,7 @@ TEST(UefiVariableIndexTests, dumpBufferTooSmall)
- TEST(UefiVariableIndexTests, removeVariable)
- {
- 	uint8_t buffer[MAX_VARIABLES * sizeof(struct variable_metadata)];
--	struct variable_info *info = NULL;
-+	const struct variable_info *info = NULL;
- 
- 	create_variables();
- 
-@@ -333,7 +334,7 @@ TEST(UefiVariableIndexTests, removeVariable)
- 		name_2.size() * sizeof(int16_t),
- 		name_2.data());
- 
--	variable_index_clear_variable(
-+	variable_index_remove_variable(
- 		&m_variable_index,
- 		info);
- 
-@@ -351,7 +352,7 @@ TEST(UefiVariableIndexTests, removeVariable)
- 		name_1.size() * sizeof(int16_t),
- 		name_1.data());
- 
--	variable_index_clear_variable(
-+	variable_index_remove_variable(
- 		&m_variable_index,
- 		info);
- 
-@@ -369,7 +370,7 @@ TEST(UefiVariableIndexTests, removeVariable)
- 		name_3.size() * sizeof(int16_t),
- 		name_3.data());
- 
--	variable_index_clear_variable(
-+	variable_index_remove_variable(
- 		&m_variable_index,
- 		info);
- 
-@@ -394,7 +395,7 @@ TEST(UefiVariableIndexTests, removeVariable)
- 
- TEST(UefiVariableIndexTests, checkIterator)
- {
--	struct variable_info *info = NULL;
-+	const struct variable_info *info = NULL;
- 
- 	create_variables();
- 
-@@ -418,7 +419,7 @@ TEST(UefiVariableIndexTests, checkIterator)
- 	UNSIGNED_LONGS_EQUAL(name_2.size() * sizeof(int16_t), info->metadata.name_size);
- 	MEMCMP_EQUAL(name_2.data(), info->metadata.name, info->metadata.name_size);
- 
--	struct variable_info *info_to_remove = info;
-+	const struct variable_info *info_to_remove = info;
- 
- 	variable_index_iterator_next(&iter);
- 	CHECK_FALSE(variable_index_iterator_is_done(&iter));
-@@ -434,8 +435,7 @@ TEST(UefiVariableIndexTests, checkIterator)
- 	CHECK_TRUE(variable_index_iterator_is_done(&iter));
- 
- 	/* Now remove the middle entry */
--	variable_index_clear_variable(&m_variable_index, info_to_remove);
--	variable_index_remove_unused_entry(&m_variable_index, info_to_remove);
-+	variable_index_remove_variable(&m_variable_index, info_to_remove);
- 
- 	/* Iterate again but this time there should only be two entries */
- 	variable_index_iterator_first(&iter, &m_variable_index);
-@@ -478,7 +478,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsExistingVar)
- 	constraints.max_size = 100;
- 
- 	/* Set check constraints on one of the variables */
--	struct variable_info *info = variable_index_find(
-+	const struct variable_info *info = variable_index_find(
- 		&m_variable_index,
- 		&guid_2,
- 		name_2.size() * sizeof(int16_t),
-@@ -488,7 +488,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsExistingVar)
- 	CHECK_TRUE(info->is_variable_set);
- 	CHECK_FALSE(info->is_constraints_set);
- 
--	variable_index_set_constraints(info, &constraints);
-+	variable_index_update_constraints(info, &constraints);
- 
- 	CHECK_TRUE(info->is_constraints_set);
- 	CHECK_TRUE(info->is_variable_set);
-@@ -496,7 +496,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsExistingVar)
- 	/* Remove the variable but still expect the variable to be indexed
- 	 * because of the set constraints.
- 	 */
--	variable_index_clear_variable(
-+	variable_index_remove_variable(
- 		&m_variable_index,
- 		info);
- 
-@@ -588,7 +588,7 @@ TEST(UefiVariableIndexTests, setCheckConstraintsNonExistingVar)
- 	constraints.max_size = 100;
- 
- 	/* Initially expect no variable_info */
--	struct variable_info *info = variable_index_find(
-+	const struct variable_info *info = variable_index_find(
- 		&m_variable_index,
- 		&guid_2,
- 		name_2.size() * sizeof(int16_t),
-@@ -597,19 +597,19 @@ TEST(UefiVariableIndexTests, setCheckConstraintsNonExistingVar)
- 	CHECK_FALSE(info);
- 
- 	/* Adding the check constraints should result in an entry being added */
--	info = variable_index_add_entry(
-+	info = variable_index_add_constraints(
- 		&m_variable_index,
- 		&guid_2,
- 		name_2.size() * sizeof(int16_t),
--		name_2.data());
--	CHECK_TRUE(info);
-+		name_2.data(),
-+		&constraints);
- 
--	variable_index_set_constraints(info, &constraints);
-+	CHECK_TRUE(info);
- 	CHECK_FALSE(info->is_variable_set);
- 	CHECK_TRUE(info->is_constraints_set);
- 
- 	/* Updating the variable should cause the variable to be marked as set */
--	variable_index_set_variable(info, EFI_VARIABLE_RUNTIME_ACCESS);
-+	variable_index_update_variable(info, EFI_VARIABLE_RUNTIME_ACCESS);
- 
- 	CHECK_TRUE(info->is_variable_set);
- 	CHECK_TRUE(info->is_constraints_set);
-diff --git a/components/service/smm_variable/backend/test/variable_store_tests.cpp b/components/service/smm_variable/backend/test/variable_store_tests.cpp
-index e90c1067..235642e6 100644
---- a/components/service/smm_variable/backend/test/variable_store_tests.cpp
-+++ b/components/service/smm_variable/backend/test/variable_store_tests.cpp
-@@ -305,37 +305,6 @@ TEST(UefiVariableStoreTests, setGetRoundtrip)
- 	/* Expect got variable data to be the same as the set value */
- 	UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size());
- 	LONGS_EQUAL(0, input_data.compare(output_data));
--
--	/* Extend the variable using an append write */
--	std::string input_data2 = " jumps over the lazy dog";
--
--	status = set_variable(var_name, input_data2, EFI_VARIABLE_APPEND_WRITE);
--	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
--
--	status = get_variable(var_name, output_data);
--	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
--
--	std::string expected_output = input_data + input_data2;
--
--	/* Expect the append write operation to have extended the variable */
--	UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size());
--	LONGS_EQUAL(0, expected_output.compare(output_data));
--
--	/* Expect query_variable_info to return consistent values */
--	size_t max_variable_storage_size = 0;
--	size_t remaining_variable_storage_size = 0;
--	size_t max_variable_size = 0;
--
--	status = query_variable_info(
--		0,
--		&max_variable_storage_size,
--		&remaining_variable_storage_size,
--		&max_variable_size);
--	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
--
--	UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY, max_variable_storage_size);
--	UNSIGNED_LONGLONGS_EQUAL(MAX_VARIABLE_SIZE, max_variable_size);
--	UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY - expected_output.size(), remaining_variable_storage_size);
- }
- 
- TEST(UefiVariableStoreTests, persistentSetGet)
-@@ -345,8 +314,7 @@ TEST(UefiVariableStoreTests, persistentSetGet)
- 	std::string input_data = "quick brown fox";
- 	std::string output_data;
- 
--	status = set_variable(var_name, input_data,
--		EFI_VARIABLE_NON_VOLATILE);
-+	status = set_variable(var_name, input_data, EFI_VARIABLE_NON_VOLATILE);
- 	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
- 
- 	status = get_variable(var_name, output_data);
-@@ -356,22 +324,6 @@ TEST(UefiVariableStoreTests, persistentSetGet)
- 	UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size());
- 	LONGS_EQUAL(0, input_data.compare(output_data));
- 
--	/* Extend the variable using an append write */
--	std::string input_data2 = " jumps over the lazy dog";
--
--	status = set_variable(var_name, input_data2,
--		EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_APPEND_WRITE);
--	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
--
--	status = get_variable(var_name, output_data);
--	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
--
--	std::string expected_output = input_data + input_data2;
--
--	/* Expect the append write operation to have extended the variable */
--	UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size());
--	LONGS_EQUAL(0, expected_output.compare(output_data));
--
- 	/* Expect the variable to survive a power cycle */
- 	power_cycle();
- 
-@@ -380,24 +332,8 @@ TEST(UefiVariableStoreTests, persistentSetGet)
- 	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
- 
- 	/* Still expect got variable data to be the same as the set value */
--	UNSIGNED_LONGLONGS_EQUAL(expected_output.size(), output_data.size());
--	LONGS_EQUAL(0, expected_output.compare(output_data));
--
--	/* Expect query_variable_info to return consistent values */
--	size_t max_variable_storage_size = 0;
--	size_t remaining_variable_storage_size = 0;
--	size_t max_variable_size = 0;
--
--	status = query_variable_info(
--		EFI_VARIABLE_NON_VOLATILE,
--		&max_variable_storage_size,
--		&remaining_variable_storage_size,
--		&max_variable_size);
--	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
--
--	UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY, max_variable_storage_size);
--	UNSIGNED_LONGLONGS_EQUAL(MAX_VARIABLE_SIZE, max_variable_size);
--	UNSIGNED_LONGLONGS_EQUAL(STORE_CAPACITY - expected_output.size(), remaining_variable_storage_size);
-+	UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size());
-+	LONGS_EQUAL(0, input_data.compare(output_data));
- }
- 
- TEST(UefiVariableStoreTests, removeVolatile)
-@@ -436,7 +372,7 @@ TEST(UefiVariableStoreTests, removePersistent)
- 	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
- 
- 	/* Remove by setting with zero data length */
--	status = set_variable(var_name, std::string(), EFI_VARIABLE_NON_VOLATILE);
-+	status = set_variable(var_name, std::string(), 0);
- 	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
- 
- 	/* Expect variable to no loger exist */
-diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
-index b7cfff40..6a90f46a 100644
---- a/components/service/smm_variable/backend/uefi_variable_store.c
-+++ b/components/service/smm_variable/backend/uefi_variable_store.c
-@@ -47,20 +47,6 @@ static efi_status_t load_variable_data(
- 	SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var,
- 	size_t max_data_len);
- 
--static psa_status_t store_overwrite(
--	struct delegate_variable_store *delegate_store,
--	uint32_t client_id,
--	uint64_t uid,
--	size_t data_length,
--	const void *data);
--
--static psa_status_t store_append_write(
--	struct delegate_variable_store *delegate_store,
--	uint32_t client_id,
--	uint64_t uid,
--	size_t data_length,
--	const void *data);
--
- static void purge_orphan_index_entries(
- 	struct uefi_variable_store *context);
- 
-@@ -168,45 +154,40 @@ efi_status_t uefi_variable_store_set_variable(
- 	struct uefi_variable_store *context,
- 	const SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var)
- {
--	bool should_sync_index = false;
--
--	/* Validate incoming request */
- 	efi_status_t status = check_name_terminator(var->Name, var->NameSize);
- 	if (status != EFI_SUCCESS) return status;
- 
- 	status = check_capabilities(var);
-+	bool should_sync_index = false;
-+
- 	if (status != EFI_SUCCESS) return status;
- 
--	/* Find an existing entry in the variable index or add a new one */
--	struct variable_info *info = variable_index_find(
-+	/* Find in index */
-+	const struct variable_info *info = variable_index_find(
- 		&context->variable_index,
- 		&var->Guid,
- 		var->NameSize,
- 		var->Name);
- 
--	if (!info) {
-+	if (info) {
- 
--		info = variable_index_add_entry(
--			&context->variable_index,
--			&var->Guid,
--			var->NameSize,
--			var->Name);
-+		/* Variable info already exists */
-+		status = check_access_permitted_on_set(context, info, var);
- 
--		if (!info) return EFI_OUT_OF_RESOURCES;
--	}
-+		if (status == EFI_SUCCESS) {
- 
--	/* Control access */
--	status = check_access_permitted_on_set(context, info, var);
-+			should_sync_index =
-+				(var->Attributes & EFI_VARIABLE_NON_VOLATILE) ||
-+				(info->is_variable_set && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE));
- 
--	if (status == EFI_SUCCESS) {
-+			if (var->DataSize) {
- 
--		/* Access permitted */
--		if (info->is_variable_set) {
--
--			/* It's a request to update to an existing variable */
--			if (!(var->Attributes &
--				(EFI_VARIABLE_APPEND_WRITE | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS_MASK)) &&
--				!var->DataSize) {
-+				/* It's a set rather than a remove operation */
-+				variable_index_update_variable(
-+					info,
-+					var->Attributes);
-+			}
-+			else {
- 
- 				/* It's a remove operation - for a remove, the variable
- 				 * data must be removed from the storage backend before
-@@ -215,30 +196,31 @@ efi_status_t uefi_variable_store_set_variable(
- 				 * the storage backend without a corresponding index entry.
- 				 */
- 				remove_variable_data(context, info);
--				variable_index_clear_variable(&context->variable_index, info);
-+				variable_index_remove_variable(&context->variable_index, info);
- 
--				should_sync_index = (var->Attributes & EFI_VARIABLE_NON_VOLATILE);
--			}
--			else {
--
--				/* It's a set operation where variable data is potentially
--				 * being overwritten or extended.
--				 */
--				if ((var->Attributes & ~EFI_VARIABLE_APPEND_WRITE) != info->metadata.attributes) {
--
--					/* Modifying attributes is forbidden */
--					return EFI_INVALID_PARAMETER;
--				}
-+				/* Variable info no longer valid */
-+				info = NULL;
- 			}
- 		}
- 		else {
- 
--			/*  It's a request to create a new variable */
--			variable_index_set_variable(info, var->Attributes);
--
--			should_sync_index = (var->Attributes & EFI_VARIABLE_NON_VOLATILE);
-+			/* Access forbidden */
-+			info = NULL;
- 		}
- 	}
-+	else if (var->DataSize) {
-+
-+		/* It's a new variable */
-+		info = variable_index_add_variable(
-+			&context->variable_index,
-+			&var->Guid,
-+			var->NameSize,
-+			var->Name,
-+			var->Attributes);
-+
-+		if (!info) status = EFI_OUT_OF_RESOURCES;
-+		should_sync_index = info && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE);
-+	}
- 
- 	/* The order of these operations is important. For an update
- 	 * or create operation, The variable index is always synchronized
-@@ -254,13 +236,11 @@ efi_status_t uefi_variable_store_set_variable(
- 	}
- 
- 	/* Store any variable data to the storage backend */
--	if (info->is_variable_set && (status == EFI_SUCCESS)) {
-+	if (info && (status == EFI_SUCCESS)) {
- 
- 		status = store_variable_data(context, info, var);
- 	}
- 
--	variable_index_remove_unused_entry(&context->variable_index, info);
--
- 	return status;
- }
- 
-@@ -373,41 +353,53 @@ efi_status_t uefi_variable_store_set_var_check_property(
- 	efi_status_t status = check_name_terminator(property->Name, property->NameSize);
- 	if (status != EFI_SUCCESS) return status;
- 
--	/* Find in index or create a new entry */
--	struct variable_info *info = variable_index_find(
-+	/* Find in index */
-+	const struct variable_info *info = variable_index_find(
- 		&context->variable_index,
- 		&property->Guid,
- 		property->NameSize,
- 		property->Name);
- 
--	if (!info) {
-+	if (info) {
- 
--		info = variable_index_add_entry(
--			&context->variable_index,
--			&property->Guid,
--			property->NameSize,
--			property->Name);
-+		/* Applying check constraints to an existing variable that may have
-+		 * constraints already set.  These could constrain the setting of
-+		 * the constraints.
-+		 */
-+		struct variable_constraints constraints = info->check_constraints;
-+
-+		status = variable_checker_set_constraints(
-+			&constraints,
-+			info->is_constraints_set,
-+			&property->VariableProperty);
-+
-+		if (status == EFI_SUCCESS) {
- 
--		if (!info) return EFI_OUT_OF_RESOURCES;
-+			variable_index_update_constraints(info, &constraints);
-+		}
- 	}
-+	else {
- 
--	/* Applying check constraints to an existing variable that may have
--	 * constraints already set.  These could constrain the setting of
--	 * the constraints.
--	 */
--	struct variable_constraints constraints = info->check_constraints;
-+		/* Applying check constraints for a new variable */
-+		struct variable_constraints constraints;
- 
--	status = variable_checker_set_constraints(
--		&constraints,
--		info->is_constraints_set,
--		&property->VariableProperty);
-+		status = variable_checker_set_constraints(
-+			&constraints,
-+			false,
-+			&property->VariableProperty);
- 
--	if (status == EFI_SUCCESS) {
-+		if (status == EFI_SUCCESS) {
- 
--		variable_index_set_constraints(info, &constraints);
--	}
-+			info = variable_index_add_constraints(
-+				&context->variable_index,
-+				&property->Guid,
-+				property->NameSize,
-+				property->Name,
-+				&constraints);
- 
--	variable_index_remove_unused_entry(&context->variable_index, info);
-+			if (!info) status = EFI_OUT_OF_RESOURCES;
-+		}
-+	}
- 
- 	return status;
- }
-@@ -514,8 +506,7 @@ static efi_status_t check_capabilities(
- 	if (var->Attributes & ~(
- 		EFI_VARIABLE_NON_VOLATILE |
- 		EFI_VARIABLE_BOOTSERVICE_ACCESS |
--		EFI_VARIABLE_RUNTIME_ACCESS |
--		EFI_VARIABLE_APPEND_WRITE)) {
-+		EFI_VARIABLE_RUNTIME_ACCESS)) {
- 
- 		/* An unsupported attribute has been requested */
- 		status = EFI_UNSUPPORTED;
-@@ -561,6 +552,17 @@ static efi_status_t check_access_permitted_on_set(
- 			var->DataSize);
- 	}
- 
-+	if ((status == EFI_SUCCESS) && var->DataSize) {
-+
-+		/* Restrict which attributes can be modified for an existing variable */
-+		if ((var->Attributes & EFI_VARIABLE_NON_VOLATILE) !=
-+			(info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) {
-+
-+			/* Don't permit change of storage class */
-+			status = EFI_INVALID_PARAMETER;
-+		}
-+	}
-+
- 	return status;
- }
- 
-@@ -581,33 +583,20 @@ static efi_status_t store_variable_data(
- 
- 	if (delegate_store->storage_backend) {
- 
--		if (!(var->Attributes & EFI_VARIABLE_APPEND_WRITE)) {
--
--			/* Create or overwrite variable data */
--			psa_status = store_overwrite(
--				delegate_store,
--				context->owner_id,
--				info->metadata.uid,
--				data_len,
--				data);
--		}
--		else {
--
--			/* Append new data to existing variable data */
--			psa_status = store_append_write(
--				delegate_store,
--				context->owner_id,
--				info->metadata.uid,
--				data_len,
--				data);
--		}
-+		psa_status = delegate_store->storage_backend->interface->set(
-+			delegate_store->storage_backend->context,
-+			context->owner_id,
-+			info->metadata.uid,
-+			data_len,
-+			data,
-+			PSA_STORAGE_FLAG_NONE);
- 	}
- 
- 	if ((psa_status != PSA_SUCCESS) && delegate_store->is_nv) {
- 
- 		/* A storage failure has occurred so attempt to fix any
--		 * mismatch between the variable index and stored NV variables.
--		 */
-+		* mismatch between the variable index and stored NV variables.
-+		*/
- 		purge_orphan_index_entries(context);
- 	}
- 
-@@ -674,100 +663,6 @@ static efi_status_t load_variable_data(
- 	return psa_to_efi_storage_status(psa_status);
- }
- 
--static psa_status_t store_overwrite(
--	struct delegate_variable_store *delegate_store,
--	uint32_t client_id,
--	uint64_t uid,
--	size_t data_length,
--	const void *data)
--{
--	/* Police maximum variable size limit */
--	if (data_length > delegate_store->max_variable_size) return PSA_ERROR_INVALID_ARGUMENT;
--
--	psa_status_t psa_status = delegate_store->storage_backend->interface->set(
--		delegate_store->storage_backend->context,
--		client_id,
--		uid,
--		data_length,
--		data,
--		PSA_STORAGE_FLAG_NONE);
--
--	return psa_status;
--}
--
--static psa_status_t store_append_write(
--	struct delegate_variable_store *delegate_store,
--	uint32_t client_id,
--	uint64_t uid,
--	size_t data_length,
--	const void *data)
--{
--	struct psa_storage_info_t storage_info;
--
--	if (data_length == 0) return PSA_SUCCESS;
--
--	psa_status_t psa_status = delegate_store->storage_backend->interface->get_info(
--		delegate_store->storage_backend->context,
--		client_id,
--		uid,
--		&storage_info);
--
--	if (psa_status != PSA_SUCCESS) return psa_status;
--
--	/* Determine size of appended variable */
--	size_t new_size = storage_info.size + data_length;
--
--	/* Defend against integer overflow */
--	if (new_size < storage_info.size) return PSA_ERROR_INVALID_ARGUMENT;
--
--		/* Police maximum variable size limit */
--	if (new_size > delegate_store->max_variable_size) return PSA_ERROR_INVALID_ARGUMENT;
--
--	/* Storage backend doesn't support an append operation so we need
--	 * need to read the current variable data, extend it and write it back.
--	 */
--	uint8_t *rw_buf = malloc(new_size);
--	if (!rw_buf) return PSA_ERROR_INSUFFICIENT_MEMORY;
--
--	size_t old_size = 0;
--	psa_status = delegate_store->storage_backend->interface->get(
--		delegate_store->storage_backend->context,
--		client_id,
--		uid,
--		0,
--		new_size,
--		rw_buf,
--		&old_size);
--
--	if (psa_status == PSA_SUCCESS) {
--
--		if ((old_size + data_length) <= new_size) {
--
--			/* Extend the variable data */
--			memcpy(&rw_buf[old_size], data, data_length);
--
--			psa_status = delegate_store->storage_backend->interface->set(
--				delegate_store->storage_backend->context,
--				client_id,
--				uid,
--				old_size + data_length,
--				rw_buf,
--				storage_info.flags);
--		}
--		else {
--
--			/* There's a mismatch between the length obtained from
--			 * get_info() and the subsequent length returned by get().
--			 */
--			psa_status = PSA_ERROR_STORAGE_FAILURE;
--		}
--	}
--
--	free(rw_buf);
--
--	return psa_status;
--}
--
- static void purge_orphan_index_entries(
- 	struct uefi_variable_store *context)
- {
-@@ -782,7 +677,7 @@ static void purge_orphan_index_entries(
- 	 */
- 	while (!variable_index_iterator_is_done(&iter)) {
- 
--		struct variable_info *info = variable_index_iterator_current(&iter);
-+		const struct variable_info *info = variable_index_iterator_current(&iter);
- 
- 		if (info->is_variable_set && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) {
- 
-@@ -799,7 +694,7 @@ static void purge_orphan_index_entries(
- 			if (psa_status != PSA_SUCCESS) {
- 
- 				/* Detected a mismatch between the index and storage */
--				variable_index_clear_variable(&context->variable_index, info);
-+				variable_index_remove_variable(&context->variable_index, info);
- 				any_orphans = true;
- 			}
- 		}
-diff --git a/components/service/smm_variable/backend/variable_index.c b/components/service/smm_variable/backend/variable_index.c
-index a8a55753..99d7c97a 100644
---- a/components/service/smm_variable/backend/variable_index.c
-+++ b/components/service/smm_variable/backend/variable_index.c
-@@ -132,13 +132,13 @@ size_t variable_index_max_dump_size(
- 	return sizeof(struct variable_metadata) * context->max_variables;
- }
- 
--struct variable_info *variable_index_find(
--	struct variable_index *context,
-+const struct variable_info *variable_index_find(
-+	const struct variable_index *context,
- 	const EFI_GUID *guid,
- 	size_t name_size,
- 	const int16_t *name)
- {
--	struct variable_info *result = NULL;
-+	const struct variable_info *result = NULL;
- 	int pos = find_variable(context, guid, name_size, name);
- 
- 	if (pos >= 0) {
-@@ -149,13 +149,13 @@ struct variable_info *variable_index_find(
- 	return result;
- }
- 
--struct variable_info *variable_index_find_next(
-+const struct variable_info *variable_index_find_next(
- 	const struct variable_index *context,
- 	const EFI_GUID *guid,
- 	size_t name_size,
- 	const int16_t *name)
- {
--	struct variable_info *result = NULL;
-+	const struct variable_info *result = NULL;
- 
- 	if (name_size >= sizeof(int16_t)) {
- 
-@@ -263,11 +263,12 @@ static struct variable_entry *add_entry(
- 	return entry;
- }
- 
--struct variable_info *variable_index_add_entry(
-+const struct variable_info *variable_index_add_variable(
- 	struct variable_index *context,
- 	const EFI_GUID *guid,
- 	size_t name_size,
--	const int16_t *name)
-+	const int16_t *name,
-+	uint32_t attributes)
- {
- 	struct variable_info *info = NULL;
- 	struct variable_entry *entry = add_entry(context, guid, name_size, name);
-@@ -275,41 +276,40 @@ struct variable_info *variable_index_add_entry(
- 	if (entry) {
- 
- 		info = &entry->info;
-+
-+		info->metadata.attributes = attributes;
-+		info->is_variable_set = true;
-+
-+		mark_dirty(entry);
- 	}
- 
- 	return info;
- }
- 
--void variable_index_remove_unused_entry(
-+const struct variable_info *variable_index_add_constraints(
- 	struct variable_index *context,
--	struct variable_info *info)
-+	const EFI_GUID *guid,
-+	size_t name_size,
-+	const int16_t *name,
-+	const struct variable_constraints *constraints)
- {
--	if (info &&
--		!info->is_constraints_set &&
--		!info->is_variable_set) {
--
--		struct variable_entry *entry = containing_entry(info);
--		entry->in_use = false;
-+	struct variable_info *info = NULL;
-+	struct variable_entry *entry = add_entry(context, guid, name_size, name);
- 
--		memset(info, 0, sizeof(struct variable_info));
--	}
--}
-+	if (entry) {
- 
--void variable_index_set_variable(
--	struct variable_info *info,
--	uint32_t attributes)
--{
--	struct variable_entry *entry = containing_entry(info);
-+		info = &entry->info;
- 
--	info->metadata.attributes = attributes;
--	info->is_variable_set = true;
-+		info->check_constraints = *constraints;
-+		info->is_constraints_set = true;
-+	}
- 
--	mark_dirty(entry);
-+	return info;
- }
- 
--void variable_index_clear_variable(
-+void variable_index_remove_variable(
- 	struct variable_index *context,
--	struct variable_info *info)
-+	const struct variable_info *info)
- {
- 	if (info) {
- 
-@@ -318,17 +318,48 @@ void variable_index_clear_variable(
- 
- 		/* Mark variable as no longer set */
- 		entry->info.is_variable_set = false;
-+
-+		/* Entry may still be needed if check constraints were set */
-+		entry->in_use = info->is_constraints_set;
-+
-+		if (!entry->in_use) {
-+
-+			/* Entry not needed so wipe */
-+			memset(&entry->info, 0, sizeof(struct variable_info));
-+		}
- 	}
- }
- 
--void variable_index_set_constraints(
--	struct variable_info *info,
-+void variable_index_update_variable(
-+	const struct variable_info *info,
-+	uint32_t attributes)
-+{
-+	if (info) {
-+
-+		struct variable_info *modified_info = (struct variable_info*)info;
-+		struct variable_entry *entry = containing_entry(modified_info);
-+
-+		if (!modified_info->is_variable_set ||
-+			(attributes != modified_info->metadata.attributes)) {
-+
-+			/* The update changes the variable_info state */
-+			modified_info->is_variable_set = true;
-+			modified_info->metadata.attributes = attributes;
-+			mark_dirty(entry);
-+		}
-+	}
-+}
-+
-+void variable_index_update_constraints(
-+	const struct variable_info *info,
- 	const struct variable_constraints *constraints)
- {
- 	if (info) {
- 
--		info->check_constraints = *constraints;
--		info->is_constraints_set = true;
-+		struct variable_info *modified_info = (struct variable_info*)info;
-+
-+		modified_info->check_constraints = *constraints;
-+		modified_info->is_constraints_set = true;
- 	}
- }
- 
-diff --git a/components/service/smm_variable/backend/variable_index.h b/components/service/smm_variable/backend/variable_index.h
-index 63f42ab6..e109d0d1 100644
---- a/components/service/smm_variable/backend/variable_index.h
-+++ b/components/service/smm_variable/backend/variable_index.h
-@@ -119,8 +119,8 @@ size_t variable_index_max_dump_size(
-  *
-  * @return     Pointer to variable_info or NULL
-  */
--struct variable_info *variable_index_find(
--	struct variable_index *context,
-+const struct variable_info *variable_index_find(
-+	const struct variable_index *context,
- 	const EFI_GUID *guid,
- 	size_t name_size,
- 	const int16_t *name);
-@@ -135,76 +135,78 @@ struct variable_info *variable_index_find(
-  *
-  * @return     Pointer to variable_info or NULL
-  */
--struct variable_info *variable_index_find_next(
-+const struct variable_info *variable_index_find_next(
- 	const struct variable_index *context,
- 	const EFI_GUID *guid,
- 	size_t name_size,
- 	const int16_t *name);
- 
- /**
-- * @brief      Add a new entry to the index
-- *
-- * An entry is needed either when a new variable is created or
-- * when variable constraints are set for a variable that doesn't
-- * yet exist.
-+ * @brief      Add a new variable to the index
-  *
-  * @param[in]  context variable_index
-  * @param[in]  guid The variable's guid
-  * @param[in]  name_size The name parameter's size
-  * @param[in]  name The variable's name
-+ * @param[in]  attributes The variable's attributes
-  *
-  * @return     Pointer to variable_info or NULL
-  */
--struct variable_info *variable_index_add_entry(
-+const struct variable_info *variable_index_add_variable(
- 	struct variable_index *context,
- 	const EFI_GUID *guid,
- 	size_t name_size,
--	const int16_t *name);
-+	const int16_t *name,
-+	uint32_t attributes);
- 
- /**
-- * @brief      Remove an unused entry from the index
-+ * @brief      Remove a variable from the index
-  *
-- * Removes an entry if it is not in use.
-+ * Removes a variable from the index if it exists.
-  *
-  * @param[in]  context variable_index
-  * @param[in]  info The variable info corresponding to the entry to remove
-  */
--void variable_index_remove_unused_entry(
-+void variable_index_remove_variable(
- 	struct variable_index *context,
--	struct variable_info *info);
-+	const struct variable_info *info);
- 
- /**
-- * @brief      Set a variable to the index
-- *
-- * An entry for the variable must already exist.
-+ * @brief      Update a variable that's already in the index
-  *
-  * @param[in]  info variable info
-  * @param[in]  attributes The variable's attributes
-  */
--void variable_index_set_variable(
--	struct variable_info *info,
-+void variable_index_update_variable(
-+	const struct variable_info *info,
- 	uint32_t attributes);
- 
- /**
-- * @brief      Clear a variable from the index
-- *
-- * Clears a variable from the index
-+ * @brief      Add a new check constraints object to the index
-  *
-  * @param[in]  context variable_index
-- * @param[in]  info The variable info corresponding to the variable to clear
-+ * @param[in]  guid The variable's guid
-+ * @param[in]  name_size The name parameter's size
-+ * @param[in]  name The variable's name
-+ * @param[in]  constraints The check constraints
-+ *
-+ * @return     Pointer to variable_info or NULL
-  */
--void variable_index_clear_variable(
-+const struct variable_info *variable_index_add_constraints(
- 	struct variable_index *context,
--	struct variable_info *info);
-+	const EFI_GUID *guid,
-+	size_t name_size,
-+	const int16_t *name,
-+	const struct variable_constraints *constraints);
- 
- /**
-- * @brief      Set a check constraints object associated with a variavle
-+ * @brief      Update variable constraints that are already in the index
-  *
-  * @param[in]  info variable info
-  * @param[in]  constraints The check constraints
-  */
--void variable_index_set_constraints(
--	struct variable_info *info,
-+void variable_index_update_constraints(
-+	const struct variable_info *info,
- 	const struct variable_constraints *constraints);
- 
- /**
-diff --git a/components/service/smm_variable/backend/variable_index_iterator.c b/components/service/smm_variable/backend/variable_index_iterator.c
-index 8f8fc741..7cc6dc7a 100644
---- a/components/service/smm_variable/backend/variable_index_iterator.c
-+++ b/components/service/smm_variable/backend/variable_index_iterator.c
-@@ -31,10 +31,10 @@ bool variable_index_iterator_is_done(
- 	return iter->current_pos >= iter->variable_index->max_variables;
- }
- 
--struct variable_info *variable_index_iterator_current(
-+const struct variable_info *variable_index_iterator_current(
- 	const struct variable_index_iterator *iter)
- {
--	struct variable_info *current = NULL;
-+	const struct variable_info *current = NULL;
- 
- 	if (!variable_index_iterator_is_done(iter)) {
- 
-diff --git a/components/service/smm_variable/backend/variable_index_iterator.h b/components/service/smm_variable/backend/variable_index_iterator.h
-index 7ff77c50..f64a2c49 100644
---- a/components/service/smm_variable/backend/variable_index_iterator.h
-+++ b/components/service/smm_variable/backend/variable_index_iterator.h
-@@ -54,7 +54,7 @@ bool variable_index_iterator_is_done(
-  *
-  * @return     Pointer to variable_info or NULL
-  */
--struct variable_info *variable_index_iterator_current(
-+const struct variable_info *variable_index_iterator_current(
- 	const struct variable_index_iterator *iter);
- 
- /**
-diff --git a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp
-index 15556e9d..38c08ebe 100644
---- a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp
-+++ b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp
-@@ -249,30 +249,6 @@ TEST(SmmVariableServiceTests, setAndGet)
- 	UNSIGNED_LONGS_EQUAL(set_data.size(), get_data.size());
- 	LONGS_EQUAL(0, get_data.compare(set_data));
- 
--	/* Extend the variable using an append write */
--	std::string append_data = " values added with append write";
--
--	efi_status = m_client->set_variable(
--		m_common_guid,
--		var_name,
--		append_data,
--		EFI_VARIABLE_APPEND_WRITE);
--
--	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
--
--	efi_status = m_client->get_variable(
--		m_common_guid,
--		var_name,
--		get_data);
--
--	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
--
--	std::string appended_data = set_data + append_data;
--
--	/* Expect the append write operation to have extended the variable */
--	UNSIGNED_LONGLONGS_EQUAL(appended_data.size(), get_data.size());
--	LONGS_EQUAL(0, appended_data.compare(get_data));
--
- 	/* Expect remove to be permitted */
- 	efi_status = m_client->remove_variable(m_common_guid, var_name);
- 	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
-@@ -303,30 +279,6 @@ TEST(SmmVariableServiceTests, setAndGetNv)
- 	UNSIGNED_LONGS_EQUAL(set_data.size(), get_data.size());
- 	LONGS_EQUAL(0, get_data.compare(set_data));
- 
--	/* Extend the variable using an append write */
--	std::string append_data = " values added with append write";
--
--	efi_status = m_client->set_variable(
--		m_common_guid,
--		var_name,
--		append_data,
--		EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_APPEND_WRITE);
--
--	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
--
--	efi_status = m_client->get_variable(
--		m_common_guid,
--		var_name,
--		get_data);
--
--	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
--
--	std::string appended_data = set_data + append_data;
--
--	/* Expect the append write operation to have extended the variable */
--	UNSIGNED_LONGLONGS_EQUAL(appended_data.size(), get_data.size());
--	LONGS_EQUAL(0, appended_data.compare(get_data));
--
- 	/* Expect remove to be permitted */
- 	efi_status = m_client->remove_variable(m_common_guid, var_name);
- 	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
-diff --git a/protocols/service/smm_variable/parameters.h b/protocols/service/smm_variable/parameters.h
-index 233f301b..1f795a9b 100644
---- a/protocols/service/smm_variable/parameters.h
-+++ b/protocols/service/smm_variable/parameters.h
-@@ -47,9 +47,6 @@ typedef struct {
- 	 EFI_VARIABLE_HARDWARE_ERROR_RECORD | \
- 	 EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \
- 	 EFI_VARIABLE_APPEND_WRITE)
--#define	EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS_MASK \
--	(EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \
--	 EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS)
- 
- /**
-  * Parameter structure for SetVariable and GetVariable.
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0029-Change-UID-of-variable-index-in-SMM.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0029-Change-UID-of-variable-index-in-SMM.patch
deleted file mode 100644
index caa1d9a..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0029-Change-UID-of-variable-index-in-SMM.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 12e9b977e4c7515ce90fecc62630be394fd7da62 Mon Sep 17 00:00:00 2001
-From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-Date: Mon, 20 Dec 2021 19:54:39 +0000
-Subject: [PATCH] Change UID of variable index in SMM
-
-This patch fixes the os_indications setVariable() failure. The variable
-index UID in SMM gateway which was 1 is changed in this patch. TFM has a
-special usage for variable with UID 1, which makes it write once only.
-This is not required for SMM variable index.
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-
-
----
- components/service/smm_variable/backend/uefi_variable_store.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
-index 6a90f46a..1bb869ae 100644
---- a/components/service/smm_variable/backend/uefi_variable_store.c
-+++ b/components/service/smm_variable/backend/uefi_variable_store.c
-@@ -67,7 +67,7 @@ static efi_status_t check_name_terminator(
- 	size_t name_size);
- 
- /* Private UID for storing the variable index */
--#define VARIABLE_INDEX_STORAGE_UID			(1)
-+#define VARIABLE_INDEX_STORAGE_UID			(0x787)
- 
- /* Default maximum variable size -
-  * may be overridden using uefi_variable_store_set_storage_limits()
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0030-Add-missing-features-to-setVariable.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0030-Add-missing-features-to-setVariable.patch
deleted file mode 100644
index 244146a..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0030-Add-missing-features-to-setVariable.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From 55fc3dbfb0ec21b1239808d0dddae14fbb8bb5f3 Mon Sep 17 00:00:00 2001
-From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-Date: Mon, 20 Dec 2021 19:56:30 +0000
-Subject: [PATCH] Add missing features to setVariable()
-
-This patch resolves the failing tests in SCT related to
-setVariable() function. The existing implementation is
-missing few cases where error codes are returned when called
-with certain paramters. These conditions are implemented in
-this patch based on the explanation provided in uefi spec.
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-
-
----
- .../backend/uefi_variable_store.c             | 29 ++++++++++++++++---
- 1 file changed, 25 insertions(+), 4 deletions(-)
-
-diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
-index 1bb869ae..a1671074 100644
---- a/components/service/smm_variable/backend/uefi_variable_store.c
-+++ b/components/service/smm_variable/backend/uefi_variable_store.c
-@@ -161,6 +161,17 @@ efi_status_t uefi_variable_store_set_variable(
- 	bool should_sync_index = false;
- 
- 	if (status != EFI_SUCCESS) return status;
-+	
-+	/*
-+	* Runtime access to a data variable implies boot service access. Attributes that have
-+	* EFI_VARIABLE_RUNTIME_ACCESS set must also have EFI_VARIABLE_BOOTSERVICE_ACCESS set.
-+	* The caller is responsible for following this rule.
-+	*/
-+	if((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS))
-+	{
-+			if((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) != EFI_VARIABLE_BOOTSERVICE_ACCESS )
-+			return EFI_INVALID_PARAMETER;
-+	}
- 
- 	/* Find in index */
- 	const struct variable_info *info = variable_index_find(
-@@ -221,6 +232,13 @@ efi_status_t uefi_variable_store_set_variable(
- 		if (!info) status = EFI_OUT_OF_RESOURCES;
- 		should_sync_index = info && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE);
- 	}
-+	else 
-+    {
-+		/* Return EFI_NOT_FOUND when a remove operation is performed
-+		 * on variable that is not existing.
-+		*/
-+        status = EFI_NOT_FOUND;
-+    }
- 
- 	/* The order of these operations is important. For an update
- 	 * or create operation, The variable index is always synchronized
-@@ -555,10 +573,13 @@ static efi_status_t check_access_permitted_on_set(
- 	if ((status == EFI_SUCCESS) && var->DataSize) {
- 
- 		/* Restrict which attributes can be modified for an existing variable */
--		if ((var->Attributes & EFI_VARIABLE_NON_VOLATILE) !=
--			(info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) {
--
--			/* Don't permit change of storage class */
-+        if (((var->Attributes & EFI_VARIABLE_NON_VOLATILE) !=
-+            (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) ||
-+            ((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) !=
-+            (info->metadata.attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) ||
-+            ((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) !=
-+            (info->metadata.attributes & EFI_VARIABLE_RUNTIME_ACCESS))) {
-+			/* Don't permit change of attributes */
- 			status = EFI_INVALID_PARAMETER;
- 		}
- 	}
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0031-Add-invalid-parameter-check-in-getNextVariableName.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0031-Add-invalid-parameter-check-in-getNextVariableName.patch
deleted file mode 100644
index 3990d82..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0031-Add-invalid-parameter-check-in-getNextVariableName.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From dc3f134436ad6852f1bad9542232e84166843a7e Mon Sep 17 00:00:00 2001
-From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-Date: Mon, 20 Dec 2021 20:01:10 +0000
-Subject: [PATCH] Add invalid parameter check in getNextVariableName()
-
-This patch resolves the failing tests in SCT related to
-getNextVariableName() function. The existing implementation is
-missing few cases where error codes are returned when called
-with certain paramters. These conditions are implemented in
-this patch based on the explanation provided in uefi spec.
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-
-
----
- .../smm_variable/backend/uefi_variable_store.c | 18 +++++++++++++++++-
- 1 file changed, 17 insertions(+), 1 deletion(-)
-
-diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
-index a1671074..a57b3346 100644
---- a/components/service/smm_variable/backend/uefi_variable_store.c
-+++ b/components/service/smm_variable/backend/uefi_variable_store.c
-@@ -161,7 +161,7 @@ efi_status_t uefi_variable_store_set_variable(
- 	bool should_sync_index = false;
- 
- 	if (status != EFI_SUCCESS) return status;
--	
-+
- 	/*
- 	* Runtime access to a data variable implies boot service access. Attributes that have
- 	* EFI_VARIABLE_RUNTIME_ACCESS set must also have EFI_VARIABLE_BOOTSERVICE_ACCESS set.
-@@ -310,6 +310,22 @@ efi_status_t uefi_variable_store_get_next_variable_name(
- 	status = EFI_NOT_FOUND;
- 	*total_length = 0;
- 
-+	/*
-+	 *	If input values of VariableName and VendorGuid are not a name and GUID of an 
-+	 *	existing variable, EFI_INVALID_PARAMETER is returned.	
-+	 */
-+	if (cur->NameSize >= sizeof(int16_t)) {
-+		/*
-+		* Name must be at least one character long to accommodate
-+		* the mandatory null terminator.
-+		*/
-+		if (cur->Name[0] != 0) {
-+			const struct variable_info *var_info = variable_index_find(&context->variable_index,&cur->Guid,cur->NameSize,cur->Name);
-+			if(var_info == NULL)
-+					return EFI_INVALID_PARAMETER;
-+		}
-+	}
-+
- 	const struct variable_info *info = variable_index_find_next(
- 		&context->variable_index,
- 		&cur->Guid,
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0032-smm_gateway-add-checks-for-null-attributes.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0032-smm_gateway-add-checks-for-null-attributes.patch
deleted file mode 100644
index da3ddaf..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0032-smm_gateway-add-checks-for-null-attributes.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From 571ddac16048dfba4b25b04fe5cbd706c392b5ba Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 24 Dec 2021 19:17:17 +0000
-Subject: [PATCH] smm_gateway: add checks for null attributes
-
-As par EDK-2 and EDK-2 test code, when a user issue's
-setVariable() with 0 in attributes field, it means a variable
-delete request. Currently, smm gatway doesn't handle this scenario.
-This change is to add that support
-
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-
-
----
- .../backend/uefi_variable_store.c             | 28 ++++++++++++-------
- 1 file changed, 18 insertions(+), 10 deletions(-)
-
-diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
-index a57b3346..e8771c21 100644
---- a/components/service/smm_variable/backend/uefi_variable_store.c
-+++ b/components/service/smm_variable/backend/uefi_variable_store.c
-@@ -167,7 +167,9 @@ efi_status_t uefi_variable_store_set_variable(
- 	* EFI_VARIABLE_RUNTIME_ACCESS set must also have EFI_VARIABLE_BOOTSERVICE_ACCESS set.
- 	* The caller is responsible for following this rule.
- 	*/
--	if((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS))
-+	if (!var->Attributes)
-+		EMSG("It might be a delete variable request\n");
-+	else if((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS))
- 	{
- 			if((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) != EFI_VARIABLE_BOOTSERVICE_ACCESS )
- 			return EFI_INVALID_PARAMETER;
-@@ -191,7 +193,7 @@ efi_status_t uefi_variable_store_set_variable(
- 				(var->Attributes & EFI_VARIABLE_NON_VOLATILE) ||
- 				(info->is_variable_set && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE));
- 
--			if (var->DataSize) {
-+			if (var->DataSize && var->Attributes) {
- 
- 				/* It's a set rather than a remove operation */
- 				variable_index_update_variable(
-@@ -206,7 +208,9 @@ efi_status_t uefi_variable_store_set_variable(
- 				 * that it's never possible for an object to exist within
- 				 * the storage backend without a corresponding index entry.
- 				 */
--				remove_variable_data(context, info);
-+				EMSG("  deleting variable %s \n",var->Name);
-+				if (remove_variable_data(context, info) != PSA_SUCCESS)
-+					EMSG("  deleting variable %s FAILED\n",var->Name);
- 				variable_index_remove_variable(&context->variable_index, info);
- 
- 				/* Variable info no longer valid */
-@@ -587,14 +591,18 @@ static efi_status_t check_access_permitted_on_set(
- 	}
- 
- 	if ((status == EFI_SUCCESS) && var->DataSize) {
--
-+		/* Delete the variable with Attributes is 0 */
-+		if (!var->Attributes) {
-+			EMSG("Null attributes, may be a delete variable request\n");
-+			status = EFI_SUCCESS;
-+		}
- 		/* Restrict which attributes can be modified for an existing variable */
--        if (((var->Attributes & EFI_VARIABLE_NON_VOLATILE) !=
--            (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) ||
--            ((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) !=
--            (info->metadata.attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) ||
--            ((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) !=
--            (info->metadata.attributes & EFI_VARIABLE_RUNTIME_ACCESS))) {
-+		else if (((var->Attributes & EFI_VARIABLE_NON_VOLATILE) !=
-+			(info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) ||
-+			((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) !=
-+			(info->metadata.attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) ||
-+			((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) !=
-+			(info->metadata.attributes & EFI_VARIABLE_RUNTIME_ACCESS))) {
- 			/* Don't permit change of attributes */
- 			status = EFI_INVALID_PARAMETER;
- 		}
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0033-Enhance-mbedtls-fetch-process.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0033-Enhance-mbedtls-fetch-process.patch
deleted file mode 100644
index 02130b5..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0033-Enhance-mbedtls-fetch-process.patch
+++ /dev/null
@@ -1,258 +0,0 @@
-From 47db072e9ec749c6be7c0a27d64d7fbd75748d60 Mon Sep 17 00:00:00 2001
-From: Gyorgy Szing <Gyorgy.Szing@arm.com>
-Date: Wed, 8 Dec 2021 04:20:34 +0100
-Subject: [PATCH] Enhance mbedtls fetch process
-
-Update management of MbedTLS external component to be optimized
-for download speed insted of availability.
-The updated process is:
-  - check if binary is available. If yes configure build to use it
-    and stop.
-  - if not, check is source is available. If yes, build it and use
-    the resulting binary.
-  - if not, then download the source using git, compile it and use
-    the resulting binary
-
-The following variables can be set on the command line to alter the
-behavior of the module:
-  - MBEDTLS_URL git repo URL to fetch from.
-  - MBEDTLS_REFSPEC revision to fetch
-  - MBEDTLS_SOURCE_DIR to specify location of source code in
-    local file syetem.
-  - MBEDTLS_INSTALL_DIR to specify location of binary.
-
-I.e. cmake -S <...> -B <...> -DMBEDTLS_INSTALL_DIR=~/mbedtls
-will make the resulting binary installed to ~/mbedtls. This can be
-used later to speed up a clean build an use the prebuilt binary.
-
-Change-Id: I8a9ad8b3303e6dfa0a7c9c3d7e4b4787b94d925a
-Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
-
-
----
- external/MbedTLS/MbedTLS.cmake | 192 ++++++++++++++++++++-------------
- 1 file changed, 119 insertions(+), 73 deletions(-)
-
-diff --git a/external/MbedTLS/MbedTLS.cmake b/external/MbedTLS/MbedTLS.cmake
-index 3cbaed15..935be765 100644
---- a/external/MbedTLS/MbedTLS.cmake
-+++ b/external/MbedTLS/MbedTLS.cmake
-@@ -1,96 +1,142 @@
- #-------------------------------------------------------------------------------
--# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+# Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.
- #
- # SPDX-License-Identifier: BSD-3-Clause
- #
- #-------------------------------------------------------------------------------
- 
--# Determine the number of processes to run while running parallel builds.
--# Pass -DPROCESSOR_COUNT=<n> to cmake to override.
--if(NOT DEFINED PROCESSOR_COUNT)
--	include(ProcessorCount)
--	ProcessorCount(PROCESSOR_COUNT)
--	set(PROCESSOR_COUNT ${PROCESSOR_COUNT} CACHE STRING "Number of cores to use for parallel builds.")
--endif()
-+set(MBEDTLS_URL "https://github.com/ARMmbed/mbedtls.git"
-+		CACHE STRING "Mbed TLS repository URL")
-+set(MBEDTLS_REFSPEC "mbedtls-3.0.0"
-+		CACHE STRING "Mbed TLS git refspec")
-+set(MBEDTLS_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/mbedtls-src"
-+		CACHE PATH "MbedTLS source directory")
-+set(MBEDTLS_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/mbedtls_install"
-+		CACHE PATH "Mbed TLS installation directory")
- 
--set(MBEDTLS_URL "https://github.com/ARMmbed/mbedtls.git" CACHE STRING "Mbed TLS repository URL")
--set(MBEDTLS_REFSPEC "mbedtls-3.0.0" CACHE STRING "Mbed TLS git refspec")
--set(MBEDTLS_INSTALL_PATH "${CMAKE_CURRENT_BINARY_DIR}/mbedtls_install" CACHE PATH "Mbed TLS installation directory")
--set(MBEDTLS_PACKAGE_PATH "${MBEDTLS_INSTALL_PATH}/lib/mbedtls/cmake" CACHE PATH "Mbed TLS CMake package directory")
-+find_library(MBEDCRYPTO_LIB_FILE
-+				NAMES libmbedcrypto.a mbedcrypto.a libmbedcrypto.lib mbedcrypto.lib
-+				PATHS ${MBEDTLS_INSTALL_DIR}
-+				PATH_SUFFIXES "lib"
-+				DOC "Location of mberdrypto library."
-+				NO_DEFAULT_PATH
-+)
- 
--include(FetchContent)
-+set(MBEDCRYPTO_LIB_FILE ${MBEDCRYPTO_LIB_FILE})
-+unset(MBEDCRYPTO_LIB_FILE CACHE)
- 
--# Checking git
--find_program(GIT_COMMAND "git")
--if (NOT GIT_COMMAND)
--	message(FATAL_ERROR "Please install git")
--endif()
-+set(MBEDTLS_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/mbedtls-build")
- 
--# Fetching Mbed TLS
--FetchContent_Declare(
--	mbedtls
--	GIT_REPOSITORY ${MBEDTLS_URL}
--	GIT_TAG ${MBEDTLS_REFSPEC}
--	GIT_SHALLOW TRUE
--)
-+# Binary not found and it needs to be built.
-+if (NOT MBEDCRYPTO_LIB_FILE)
-+	# Determine the number of processes to run while running parallel builds.
-+	# Pass -DPROCESSOR_COUNT=<n> to cmake to override.
-+	if(NOT DEFINED PROCESSOR_COUNT)
-+		include(ProcessorCount)
-+		ProcessorCount(PROCESSOR_COUNT)
-+		set(PROCESSOR_COUNT ${PROCESSOR_COUNT}
-+				CACHE STRING "Number of cores to use for parallel builds.")
-+	endif()
- 
--# FetchContent_GetProperties exports mbedtls_SOURCE_DIR and mbedtls_BINARY_DIR variables
--FetchContent_GetProperties(mbedtls)
--if(NOT mbedtls_POPULATED)
--	message(STATUS "Fetching Mbed TLS")
--	FetchContent_Populate(mbedtls)
--endif()
-+	# See if the source is available locally
-+	find_file(MBEDCRYPTO_HEADER_FILE
-+		NAMES crypto.h
-+		PATHS ${MBEDTLS_SOURCE_DIR}
-+		PATH_SUFFIXES "include/psa"
-+		NO_DEFAULT_PATH
-+	)
-+	set(MBEDCRYPTO_HEADER_FILE ${MBEDCRYPTO_HEADER_FILE})
-+	unset(MBEDCRYPTO_HEADER_FILE CACHE)
- 
--# Convert the include path list to a string. Needed to make parameter passing to
--# Mbed TLS build work fine.
--string(REPLACE ";" "\\;" MBEDTLS_EXTRA_INCLUDES "${MBEDTLS_EXTRA_INCLUDES}")
-+	# Source not found, fetch it.
-+	if (NOT MBEDCRYPTO_HEADER_FILE)
-+		include(FetchContent)
- 
--find_package(Python3 COMPONENTS Interpreter)
--if (NOT Python3_Interpreter_FOUND)
--	message(FATAL_ERROR "Python 3 interpreter not found.")
--endif()
-+		# Checking git
-+		find_program(GIT_COMMAND "git")
-+		if (NOT GIT_COMMAND)
-+			message(FATAL_ERROR "Please install git")
-+		endif()
- 
--#Configure Mbed TLS to build only mbedcrypto lib
--execute_process(COMMAND ${Python3_EXECUTABLE} scripts/config.py crypto WORKING_DIRECTORY ${mbedtls_SOURCE_DIR})
--
--# Advertise Mbed TLS as the provider of the psa crypto API
--set(PSA_CRYPTO_API_INCLUDE "${MBEDTLS_INSTALL_PATH}/include" CACHE STRING "PSA Crypto API include path")
--
--#Configure the library
--execute_process(COMMAND
--	${CMAKE_COMMAND}
--		-DENABLE_PROGRAMS=OFF
--		-DENABLE_TESTING=OFF
--		-DUNSAFE_BUILD=ON
--		-DCMAKE_INSTALL_PREFIX=${MBEDTLS_INSTALL_PATH}
--		-DCMAKE_TOOLCHAIN_FILE=${TS_EXTERNAL_LIB_TOOLCHAIN_FILE}
--		-DCMAKE_TRY_COMPILE_TARGET_TYPE=STATIC_LIBRARY
--		-DEXTERNAL_DEFINITIONS=-DMBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}"
--		-DEXTERNAL_INCLUDE_PATHS=${MBEDTLS_EXTRA_INCLUDES}
--		-GUnix\ Makefiles
--		${mbedtls_SOURCE_DIR}
--	WORKING_DIRECTORY
--		${mbedtls_BINARY_DIR}
--	RESULT_VARIABLE _exec_error
--)
-+		# Fetching Mbed TLS
-+		FetchContent_Declare(
-+			mbedtls
-+			SOURCE_DIR ${MBEDTLS_SOURCE_DIR}
-+			BINARY_DIR ${MBEDTLS_BINARY_DIR}
-+			GIT_REPOSITORY ${MBEDTLS_URL}
-+			GIT_TAG ${MBEDTLS_REFSPEC}
-+			GIT_SHALLOW TRUE
-+		)
- 
--if (_exec_error)
--	message(FATAL_ERROR "Configuration step of Mbed TLS failed with ${_exec_error}.")
--endif()
-+		# FetchContent_GetProperties exports mbedtls_SOURCE_DIR and mbedtls_BINARY_DIR variables
-+		FetchContent_GetProperties(mbedtls)
-+		# FetchContent_Populate will fail if the source directory is removed since it will try to
-+		# do an "update" and not a "populate" action. As a workaround, remove the subbuild directory.
-+		# Note: this fix assumes, the default subbuild location is used.
-+		file(REMOVE_RECURSE "${CMAKE_CURRENT_BINARY_DIR}/_deps/mbedtls-subbuild")
-+
-+		# If the source directory has been moved, the binary dir must be regenerated from scratch.
-+		file(REMOVE_RECURSE "${MBEDTLS_BINARY_DIR}")
- 
--#TODO: add dependency to generated project on this file!
--#TODO: add custom target to rebuild Mbed TLS
-+		if (NOT mbedtls_POPULATED)
-+			message(STATUS "Fetching Mbed TLS")
-+			FetchContent_Populate(mbedtls)
-+		endif()
-+		set_property(DIRECTORY APPEND PROPERTY CMAKE_CONFIGURE_DEPENDS ${MBEDTLS_SOURCE_DIR})
-+	endif()
- 
--#Build the library
--execute_process(COMMAND
--		${CMAKE_COMMAND} --build ${mbedtls_BINARY_DIR} --parallel ${PROCESSOR_COUNT} --target install
-+	# Build mbedcrypto library
-+
-+	# Convert the include path list to a string. Needed to make parameter passing to
-+	# Mbed TLS build work fine.
-+	string(REPLACE ";" "\\;" MBEDTLS_EXTRA_INCLUDES "${MBEDTLS_EXTRA_INCLUDES}")
-+
-+	find_package(Python3 REQUIRED COMPONENTS Interpreter)
-+
-+	#Configure Mbed TLS to build only mbedcrypto lib
-+	execute_process(COMMAND ${Python3_EXECUTABLE} scripts/config.py crypto WORKING_DIRECTORY ${MBEDTLS_SOURCE_DIR})
-+
-+	# Advertise Mbed TLS as the provider of the psa crypto API
-+	set(PSA_CRYPTO_API_INCLUDE "${MBEDTLS_INSTALL_DIR}/include" CACHE STRING "PSA Crypto API include path")
-+
-+	#Configure the library
-+	execute_process(COMMAND
-+		${CMAKE_COMMAND} -E env CROSS_COMPILE=${CROSS_COMPILE}
-+			${CMAKE_COMMAND}
-+				-DENABLE_PROGRAMS=OFF
-+				-DENABLE_TESTING=OFF
-+				-DUNSAFE_BUILD=ON
-+				-DCMAKE_INSTALL_PREFIX=${MBEDTLS_INSTALL_DIR}
-+				-DCMAKE_TOOLCHAIN_FILE=${TS_EXTERNAL_LIB_TOOLCHAIN_FILE}
-+				-DCMAKE_TRY_COMPILE_TARGET_TYPE=STATIC_LIBRARY
-+				-DEXTERNAL_DEFINITIONS=-DMBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}"
-+				-DEXTERNAL_INCLUDE_PATHS=${MBEDTLS_EXTRA_INCLUDES}
-+				-GUnix\ Makefiles
-+				${MBEDTLS_SOURCE_DIR}
-+		WORKING_DIRECTORY
-+			${MBEDTLS_BINARY_DIR}
- 		RESULT_VARIABLE _exec_error
- 	)
--if (_exec_error)
--	message(FATAL_ERROR "Build step of Mbed TLS failed with ${_exec_error}.")
-+
-+	if (_exec_error)
-+		message(FATAL_ERROR "Configuration step of Mbed TLS failed with ${_exec_error}.")
-+	endif()
-+
-+	#Build the library
-+	execute_process(COMMAND
-+			${CMAKE_COMMAND} --build ${MBEDTLS_BINARY_DIR} --parallel ${PROCESSOR_COUNT} --target install
-+			RESULT_VARIABLE _exec_error
-+		)
-+
-+	if (_exec_error)
-+		message(FATAL_ERROR "Build step of Mbed TLS failed with ${_exec_error}.")
-+	endif()
-+
-+	set(MBEDCRYPTO_LIB_FILE "${MBEDTLS_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}mbedcrypto${CMAKE_STATIC_LIBRARY_SUFFIX}")
- endif()
- 
- #Create an imported target to have clean abstraction in the build-system.
- add_library(mbedcrypto STATIC IMPORTED)
--set_property(TARGET mbedcrypto PROPERTY IMPORTED_LOCATION "${MBEDTLS_INSTALL_PATH}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}mbedcrypto${CMAKE_STATIC_LIBRARY_SUFFIX}")
--set_property(TARGET mbedcrypto PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${MBEDTLS_INSTALL_PATH}/include")
-+set_property(DIRECTORY ${CMAKE_SOURCE_DIR} APPEND PROPERTY CMAKE_CONFIGURE_DEPENDS ${MBEDCRYPTO_LIB_FILE})
-+set_property(TARGET mbedcrypto PROPERTY IMPORTED_LOCATION ${MBEDCRYPTO_LIB_FILE})
-+set_property(TARGET mbedcrypto PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${MBEDTLS_INSTALL_DIR}/include")
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0034-Fix-format-specifier-in-logging_caller.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0034-Fix-format-specifier-in-logging_caller.patch
deleted file mode 100644
index 75fa7c2..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0034-Fix-format-specifier-in-logging_caller.patch
+++ /dev/null
@@ -1,41 +0,0 @@
-From 131bb3c577fff93ff9ba6f5e7d450f727fec0e62 Mon Sep 17 00:00:00 2001
-From: Julian Hall <julian.hall@arm.com>
-Date: Fri, 11 Feb 2022 12:30:45 +0000
-Subject: [PATCH] Fix format specifier in logging_caller
-
-A previous change increased the width of the opstatus value
-returned by an rpc endpoint from 32 to 64 bits. This change
-corrects the printf format specifier in the rpc logging_caller
-that corresponds to logging the opstatus value.
-
-Signed-off-by: Julian Hall <julian.hall@arm.com>
-Change-Id: Ie695a6bf8cf8014317b85196d7b933d344782b2c
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
-
-
----
- components/rpc/common/logging/logging_caller.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/components/rpc/common/logging/logging_caller.c b/components/rpc/common/logging/logging_caller.c
-index 07c33de5..cac03f2f 100644
---- a/components/rpc/common/logging/logging_caller.c
-+++ b/components/rpc/common/logging/logging_caller.c
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -87,7 +87,7 @@ static rpc_status_t call_invoke(void *context, rpc_call_handle handle, uint32_t
- 
- 	if (status == TS_RPC_CALL_ACCEPTED) {
- 
--		fprintf(this_instance->log_file, "op_status: %d\n", *opstatus);
-+		fprintf(this_instance->log_file, "op_status: %ld\n", *opstatus);
- 		fprintf(this_instance->log_file, "resp_len: %ld\n", *resp_len);
- 	}
- 
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0035-Update-refspecs-for-mbedtls-and-psa-arch-tests-for-v.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0035-Update-refspecs-for-mbedtls-and-psa-arch-tests-for-v.patch
deleted file mode 100644
index 01b99d3..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0035-Update-refspecs-for-mbedtls-and-psa-arch-tests-for-v.patch
+++ /dev/null
@@ -1,64 +0,0 @@
-From 7aa9796020487ce32746c25934ce20829acc462c Mon Sep 17 00:00:00 2001
-From: Julian Hall <julian.hall@arm.com>
-Date: Fri, 11 Feb 2022 13:42:59 +0000
-Subject: [PATCH] Update refspecs for mbedtls and psa-arch-tests for v3.1.0
-
-Updates external component refspecs to use mbedtls 3.1.0 and
-compatible API tests from psa-arch-test.
-
-Signed-off-by: Julian Hall <julian.hall@arm.com>
-Change-Id: I1b5cebd7de3c1885f5f8a8ea21ba5e4c52aefaf4
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
-
-
----
- external/MbedTLS/MbedTLS.cmake               |  2 +-
- external/psa_arch_tests/psa_arch_tests.cmake | 17 ++++++-----------
- 2 files changed, 7 insertions(+), 12 deletions(-)
-
-diff --git a/external/MbedTLS/MbedTLS.cmake b/external/MbedTLS/MbedTLS.cmake
-index 935be765..3350d8a0 100644
---- a/external/MbedTLS/MbedTLS.cmake
-+++ b/external/MbedTLS/MbedTLS.cmake
-@@ -7,7 +7,7 @@
- 
- set(MBEDTLS_URL "https://github.com/ARMmbed/mbedtls.git"
- 		CACHE STRING "Mbed TLS repository URL")
--set(MBEDTLS_REFSPEC "mbedtls-3.0.0"
-+set(MBEDTLS_REFSPEC "mbedtls-3.1.0"
- 		CACHE STRING "Mbed TLS git refspec")
- set(MBEDTLS_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/mbedtls-src"
- 		CACHE PATH "MbedTLS source directory")
-diff --git a/external/psa_arch_tests/psa_arch_tests.cmake b/external/psa_arch_tests/psa_arch_tests.cmake
-index e6ab73f7..f6d2fb9f 100644
---- a/external/psa_arch_tests/psa_arch_tests.cmake
-+++ b/external/psa_arch_tests/psa_arch_tests.cmake
-@@ -5,20 +5,15 @@
- #
- #-------------------------------------------------------------------------------
- 
--# Determine the number of processes to run while running parallel builds.
--# Pass -DPROCESSOR_COUNT=<n> to cmake to override.
--if(NOT DEFINED PROCESSOR_COUNT)
--	include(ProcessorCount)
--	ProcessorCount(PROCESSOR_COUNT)
--	set(PROCESSOR_COUNT ${PROCESSOR_COUNT} CACHE STRING "Number of cores to use for parallel builds.")
--endif()
-+# Temporarily using modified tests used for tf-m verification
-+set(PSA_ARCH_TESTS_URL "https://github.com/bensze01/psa-arch-tests.git" CACHE STRING "psa-arch-tests repository URL")
-+set(PSA_ARCH_TESTS_REFSPEC "fix-multipart-aead" CACHE STRING "psa-arch-tests git refspec")
- 
--set(PSA_ARCH_TESTS_URL "https://github.com/ARM-software/psa-arch-tests.git" CACHE STRING "psa-arch-tests repository URL")
--set(PSA_ARCH_TESTS_REFSPEC "master" CACHE STRING "psa-arch-tests git refspec")
-+#set(PSA_ARCH_TESTS_URL "https://github.com/ARM-software/psa-arch-tests.git" CACHE STRING "psa-arch-tests repository URL")
-+#set(PSA_ARCH_TESTS_REFSPEC "2a1852252a9b9af655cbe02d5d3c930952d0d798" CACHE STRING "psa-arch-tests v22.01_API1.4_ADAC_BETA")
- set(PSA_ARCH_TESTS_INSTALL_PATH "${CMAKE_CURRENT_BINARY_DIR}/psa-arch-tests_install" CACHE PATH "psa-arch-tests installation directory")
- set(PSA_ARCH_TESTS_PACKAGE_PATH "${PSA_ARCH_TESTS_INSTALL_PATH}/libpsa-arch-tests/cmake" CACHE PATH "psa-arch-tests CMake package directory")
--
--include(FetchContent)
-+set(PSA_ARCH_TESTS_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/psa_arch_tests-src" CACHE PATH "psa-arch-tests source.")
- 
- # Checking git
- find_program(GIT_COMMAND "git")
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0036-Separate-sign-verify-message-and-hash-operations.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0036-Separate-sign-verify-message-and-hash-operations.patch
deleted file mode 100644
index ae78f41..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0036-Separate-sign-verify-message-and-hash-operations.patch
+++ /dev/null
@@ -1,1080 +0,0 @@
-From b160f734006f4959d92377dc3aa8eabc3ac7c1da Mon Sep 17 00:00:00 2001
-From: Julian Hall <julian.hall@arm.com>
-Date: Fri, 11 Feb 2022 14:08:13 +0000
-Subject: [PATCH] Separate sign/verify message and hash operations
-
-Previous versions of mbedtls didn't distinguish between
-asymmetric sign and verify operations on a hash or message.
-They are now treated as separate operations from a usage
-control perspective. This change makes the corresponding
-hash/message sepration in client and service provider
-components.
-
-Signed-off-by: Julian Hall <julian.hall@arm.com>
-Change-Id: Ic0041c694c026522c9b00c974d22261e9e2feadd
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
-
-
----
- .../caller/packed-c/crypto_caller_sign_hash.h | 29 +++++++-
- .../packed-c/crypto_caller_verify_hash.h      | 33 ++++++++-
- .../caller/stub/crypto_caller_sign_hash.h     | 11 ++-
- .../caller/stub/crypto_caller_verify_hash.h   | 11 ++-
- .../service/crypto/client/cpp/crypto_client.h | 17 ++++-
- .../packed-c/packedc_crypto_client.cpp        | 22 +++++-
- .../protocol/packed-c/packedc_crypto_client.h | 17 ++++-
- .../protobuf/protobuf_crypto_client.cpp       | 43 ++++++++++-
- .../protobuf/protobuf_crypto_client.h         | 27 ++++++-
- .../crypto/client/psa/psa_sign_message.c      | 24 +++---
- .../crypto/client/psa/psa_verify_message.c    | 24 +++---
- .../service/crypto/provider/crypto_provider.c | 40 ++++++----
- .../serializer/crypto_provider_serializer.h   |  6 +-
- .../packedc_crypto_provider_serializer.c      | 12 +--
- .../protobuf/pb_crypto_provider_serializer.c  | 74 +++++++++----------
- .../check_crypto_opcode_alignment.cpp         | 25 ++++---
- .../test/service/crypto_service_scenarios.cpp | 56 +++++++++++++-
- .../test/service/crypto_service_scenarios.h   |  3 +-
- .../packed-c/crypto_service_packedc_tests.cpp |  7 +-
- .../crypto_service_protobuf_tests.cpp         |  7 +-
- protocols/service/crypto/packed-c/opcodes.h   |  4 +-
- .../service/crypto/protobuf/opcodes.proto     |  4 +-
- 22 files changed, 366 insertions(+), 130 deletions(-)
-
-diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/packed-c/crypto_caller_sign_hash.h
-index e807773e..4a9ed20d 100644
---- a/components/service/crypto/client/caller/packed-c/crypto_caller_sign_hash.h
-+++ b/components/service/crypto/client/caller/packed-c/crypto_caller_sign_hash.h
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -20,7 +20,8 @@
- extern "C" {
- #endif
- 
--static inline psa_status_t crypto_caller_sign_hash(struct service_client *context,
-+static inline psa_status_t crypto_caller_asym_sign_commom(struct service_client *context,
-+	uint32_t opcode,
- 	psa_key_id_t id,
- 	psa_algorithm_t alg,
- 	const uint8_t *hash, size_t hash_length,
-@@ -60,7 +61,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex
- 
- 		context->rpc_status =
- 			rpc_caller_invoke(context->caller, call_handle,
--						TS_CRYPTO_OPCODE_SIGN_HASH, &opstatus, &resp_buf, &resp_len);
-+						opcode, &opstatus, &resp_buf, &resp_len);
- 
- 		if (context->rpc_status == TS_RPC_CALL_ACCEPTED) {
- 
-@@ -98,6 +99,28 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex
- 	return psa_status;
- }
- 
-+static inline psa_status_t crypto_caller_sign_hash(struct service_client *context,
-+	psa_key_id_t id,
-+	psa_algorithm_t alg,
-+	const uint8_t *hash, size_t hash_length,
-+	uint8_t *signature, size_t signature_size, size_t *signature_length)
-+{
-+	return crypto_caller_asym_sign_commom(context, TS_CRYPTO_OPCODE_SIGN_HASH,
-+		id, alg, hash, hash_length,
-+		signature, signature_size, signature_length);
-+}
-+
-+static inline psa_status_t crypto_caller_sign_message(struct service_client *context,
-+	psa_key_id_t id,
-+	psa_algorithm_t alg,
-+	const uint8_t *hash, size_t hash_length,
-+	uint8_t *signature, size_t signature_size, size_t *signature_length)
-+{
-+	return crypto_caller_asym_sign_commom(context, TS_CRYPTO_OPCODE_SIGN_MESSAGE,
-+		id, alg, hash, hash_length,
-+		signature, signature_size, signature_length);
-+}
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/packed-c/crypto_caller_verify_hash.h
-index 47152946..daa11330 100644
---- a/components/service/crypto/client/caller/packed-c/crypto_caller_verify_hash.h
-+++ b/components/service/crypto/client/caller/packed-c/crypto_caller_verify_hash.h
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -20,7 +20,8 @@
- extern "C" {
- #endif
- 
--static inline psa_status_t crypto_caller_verify_hash(struct service_client *context,
-+static inline psa_status_t crypto_caller_asym_verify_common(struct service_client *context,
-+	uint32_t opcode,
- 	psa_key_id_t id,
- 	psa_algorithm_t alg,
- 	const uint8_t *hash, size_t hash_length,
-@@ -65,7 +66,7 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont
- 
- 		context->rpc_status =
- 			rpc_caller_invoke(context->caller, call_handle,
--					TS_CRYPTO_OPCODE_VERIFY_HASH, &opstatus, &resp_buf, &resp_len);
-+					opcode, &opstatus, &resp_buf, &resp_len);
- 
- 		if (context->rpc_status == TS_RPC_CALL_ACCEPTED) psa_status = opstatus;
- 
-@@ -75,6 +76,32 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont
- 	return psa_status;
- }
- 
-+static inline psa_status_t crypto_caller_verify_hash(struct service_client *context,
-+	psa_key_id_t id,
-+	psa_algorithm_t alg,
-+	const uint8_t *hash, size_t hash_length,
-+	const uint8_t *signature, size_t signature_length)
-+{
-+	return crypto_caller_asym_verify_common(context,
-+		TS_CRYPTO_OPCODE_VERIFY_HASH,
-+		id, alg,
-+		hash, hash_length,
-+		signature, signature_length);
-+}
-+
-+static inline psa_status_t crypto_caller_verify_message(struct service_client *context,
-+	psa_key_id_t id,
-+	psa_algorithm_t alg,
-+	const uint8_t *input, size_t input_length,
-+	const uint8_t *signature, size_t signature_length)
-+{
-+	return crypto_caller_asym_verify_common(context,
-+		TS_CRYPTO_OPCODE_VERIFY_MESSAGE,
-+		id, alg,
-+		input, input_length,
-+		signature, signature_length);
-+}
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/components/service/crypto/client/caller/stub/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/stub/crypto_caller_sign_hash.h
-index d09369a2..09049f5c 100644
---- a/components/service/crypto/client/caller/stub/crypto_caller_sign_hash.h
-+++ b/components/service/crypto/client/caller/stub/crypto_caller_sign_hash.h
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -23,6 +23,15 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex
- 	return PSA_ERROR_NOT_SUPPORTED;
- }
- 
-+static inline psa_status_t crypto_caller_sign_message(struct service_client *context,
-+	psa_key_id_t id,
-+	psa_algorithm_t alg,
-+	const uint8_t *hash, size_t hash_length,
-+	uint8_t *signature, size_t signature_size, size_t *signature_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/components/service/crypto/client/caller/stub/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/stub/crypto_caller_verify_hash.h
-index 20d11dcf..3f3eb878 100644
---- a/components/service/crypto/client/caller/stub/crypto_caller_verify_hash.h
-+++ b/components/service/crypto/client/caller/stub/crypto_caller_verify_hash.h
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -23,6 +23,15 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont
- 	return PSA_ERROR_NOT_SUPPORTED;
- }
- 
-+static inline psa_status_t crypto_caller_verify_message(struct service_client *context,
-+	psa_key_id_t id,
-+	psa_algorithm_t alg,
-+	const uint8_t *input, size_t input_length,
-+	const uint8_t *signature, size_t signature_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/components/service/crypto/client/cpp/crypto_client.h b/components/service/crypto/client/cpp/crypto_client.h
-index 2a5e5b99..ccb0714a 100644
---- a/components/service/crypto/client/cpp/crypto_client.h
-+++ b/components/service/crypto/client/cpp/crypto_client.h
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -57,7 +57,7 @@ public:
- 		psa_key_id_t id,
- 		uint8_t *data, size_t data_size, size_t *data_length) = 0;
- 
--	/* Sign/verify methods */
-+	/* Sign/verify hash methods */
- 	virtual psa_status_t sign_hash(
- 		psa_key_id_t id,
- 		psa_algorithm_t alg,
-@@ -70,6 +70,19 @@ public:
- 		const uint8_t *hash, size_t hash_length,
- 		const uint8_t *signature, size_t signature_length) = 0;
- 
-+	/* Sign/verify message methods */
-+	virtual psa_status_t sign_message(
-+		psa_key_id_t id,
-+		psa_algorithm_t alg,
-+		const uint8_t *message, size_t message_length,
-+		uint8_t *signature, size_t signature_size, size_t *signature_length) = 0;
-+
-+	virtual psa_status_t verify_message(
-+		psa_key_id_t id,
-+		psa_algorithm_t alg,
-+		const uint8_t *message, size_t message_length,
-+		const uint8_t *signature, size_t signature_length) = 0;
-+
- 	/* Asymmetric encrypt/decrypt */
- 	virtual psa_status_t asymmetric_encrypt(
- 		psa_key_id_t id,
-diff --git a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp
-index 4d9d8f41..4e10f9be 100644
---- a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp
-+++ b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.cpp
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -107,6 +107,26 @@ psa_status_t packedc_crypto_client::verify_hash(
- 		signature, signature_length);
- }
- 
-+psa_status_t packedc_crypto_client::sign_message(
-+	psa_key_id_t id, psa_algorithm_t alg,
-+	const uint8_t *message, size_t message_length,
-+	uint8_t *signature, size_t signature_size, size_t *signature_length)
-+{
-+	return crypto_caller_sign_message(&m_client, id, alg,
-+		message, message_length,
-+		signature, signature_size, signature_length);
-+}
-+
-+psa_status_t packedc_crypto_client::verify_message(
-+	psa_key_id_t id, psa_algorithm_t alg,
-+	const uint8_t *message, size_t message_length,
-+	const uint8_t *signature, size_t signature_length)
-+{
-+	return crypto_caller_verify_message(&m_client, id, alg,
-+		message, message_length,
-+		signature, signature_length);
-+}
-+
- psa_status_t packedc_crypto_client::asymmetric_encrypt(
- 	psa_key_id_t id, psa_algorithm_t alg,
- 	const uint8_t *input, size_t input_length,
-diff --git a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h
-index 377b51d1..d74ba609 100644
---- a/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h
-+++ b/components/service/crypto/client/cpp/protocol/packed-c/packedc_crypto_client.h
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -54,7 +54,7 @@ public:
- 		psa_key_id_t id,
- 		uint8_t *data, size_t data_size, size_t *data_length);
- 
--	/* Sign/verify methods */
-+	/* Sign/verify hash methods */
- 	psa_status_t sign_hash(
- 		psa_key_id_t id,
- 		psa_algorithm_t alg,
-@@ -67,6 +67,19 @@ public:
- 		const uint8_t *hash, size_t hash_length,
- 		const uint8_t *signature, size_t signature_length);
- 
-+	/* Sign/verify message methods */
-+	psa_status_t sign_message(
-+		psa_key_id_t id,
-+		psa_algorithm_t alg,
-+		const uint8_t *message, size_t message_length,
-+		uint8_t *signature, size_t signature_size, size_t *signature_length);
-+
-+	psa_status_t verify_message(
-+		psa_key_id_t id,
-+		psa_algorithm_t alg,
-+		const uint8_t *message, size_t message_length,
-+		const uint8_t *signature, size_t signature_length);
-+
- 	/* Asymmetric encrypt/decrypt */
- 	psa_status_t asymmetric_encrypt(
- 		psa_key_id_t id,
-diff --git a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp
-index 17780351..28c8f6fb 100644
---- a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp
-+++ b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.cpp
-@@ -386,6 +386,25 @@ psa_status_t protobuf_crypto_client::export_public_key(psa_key_id_t id,
- psa_status_t protobuf_crypto_client::sign_hash(psa_key_id_t id, psa_algorithm_t alg,
- 							const uint8_t *hash, size_t hash_length,
- 							uint8_t *signature, size_t signature_size, size_t *signature_length)
-+{
-+	return asym_sign(ts_crypto_Opcode_SIGN_HASH, id, alg,
-+				hash, hash_length,
-+				signature, signature_size, signature_length);
-+}
-+
-+psa_status_t protobuf_crypto_client::sign_message(psa_key_id_t id, psa_algorithm_t alg,
-+							const uint8_t *message, size_t message_length,
-+							uint8_t *signature, size_t signature_size, size_t *signature_length)
-+{
-+	return asym_sign(ts_crypto_Opcode_SIGN_MESSAGE, id, alg,
-+				message, message_length,
-+				signature, signature_size, signature_length);
-+}
-+
-+psa_status_t protobuf_crypto_client::asym_sign(uint32_t opcode,
-+							psa_key_id_t id, psa_algorithm_t alg,
-+							const uint8_t *hash, size_t hash_length,
-+							uint8_t *signature, size_t signature_size, size_t *signature_length)
- {
- 	size_t req_len;
- 	pb_bytes_array_t *hash_byte_array =
-@@ -416,7 +435,7 @@ psa_status_t protobuf_crypto_client::sign_hash(psa_key_id_t id, psa_algorithm_t
- 			pb_encode(&ostream, ts_crypto_SignHashIn_fields, &req_msg);
- 
- 			m_client.rpc_status = rpc_caller_invoke(m_client.caller, call_handle,
--						ts_crypto_Opcode_SIGN_HASH, &opstatus, &resp_buf, &resp_len);
-+						opcode, &opstatus, &resp_buf, &resp_len);
- 
- 			if (m_client.rpc_status == TS_RPC_CALL_ACCEPTED) {
- 
-@@ -462,10 +481,28 @@ psa_status_t protobuf_crypto_client::sign_hash(psa_key_id_t id, psa_algorithm_t
- 	return psa_status;
- }
- 
--
- psa_status_t protobuf_crypto_client::verify_hash(psa_key_id_t id, psa_algorithm_t alg,
- 						const uint8_t *hash, size_t hash_length,
- 						const uint8_t *signature, size_t signature_length)
-+{
-+	return asym_verify(ts_crypto_Opcode_VERIFY_HASH, id, alg,
-+				hash, hash_length,
-+				signature, signature_length);
-+}
-+
-+psa_status_t protobuf_crypto_client::verify_message(psa_key_id_t id, psa_algorithm_t alg,
-+						const uint8_t *message, size_t message_length,
-+						const uint8_t *signature, size_t signature_length)
-+{
-+	return asym_verify(ts_crypto_Opcode_VERIFY_MESSAGE, id, alg,
-+				message, message_length,
-+				signature, signature_length);
-+}
-+
-+psa_status_t protobuf_crypto_client::asym_verify(uint32_t opcode,
-+						psa_key_id_t id, psa_algorithm_t alg,
-+						const uint8_t *hash, size_t hash_length,
-+						const uint8_t *signature, size_t signature_length)
- {
- 	size_t req_len;
- 	pb_bytes_array_t *hash_byte_array =
-@@ -497,7 +534,7 @@ psa_status_t protobuf_crypto_client::verify_hash(psa_key_id_t id, psa_algorithm_
- 			pb_encode(&ostream, ts_crypto_VerifyHashIn_fields, &req_msg);
- 
- 			m_client.rpc_status = rpc_caller_invoke(m_client.caller, call_handle,
--						ts_crypto_Opcode_VERIFY_HASH, &opstatus, &resp_buf, &resp_len);
-+						opcode, &opstatus, &resp_buf, &resp_len);
- 
- 			if (m_client.rpc_status == TS_RPC_CALL_ACCEPTED) psa_status = opstatus;
- 
-diff --git a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h
-index 085d9cfa..abe4439e 100644
---- a/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h
-+++ b/components/service/crypto/client/cpp/protocol/protobuf/protobuf_crypto_client.h
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -54,7 +54,7 @@ public:
- 		psa_key_id_t id,
- 		uint8_t *data, size_t data_size, size_t *data_length);
- 
--	/* Sign/verify methods */
-+	/* Sign/verify hash methods */
- 	psa_status_t sign_hash(
- 		psa_key_id_t id,
- 		psa_algorithm_t alg,
-@@ -67,6 +67,19 @@ public:
- 		const uint8_t *hash, size_t hash_length,
- 		const uint8_t *signature, size_t signature_length);
- 
-+	/* Sign/verify message methods */
-+	psa_status_t sign_message(
-+		psa_key_id_t id,
-+		psa_algorithm_t alg,
-+		const uint8_t *message, size_t message_length,
-+		uint8_t *signature, size_t signature_size, size_t *signature_length);
-+
-+	psa_status_t verify_message(
-+		psa_key_id_t id,
-+		psa_algorithm_t alg,
-+		const uint8_t *message, size_t message_length,
-+		const uint8_t *signature, size_t signature_length);
-+
- 	/* Asymmetric encrypt/decrypt */
- 	psa_status_t asymmetric_encrypt(
- 		psa_key_id_t id,
-@@ -221,6 +234,16 @@ public:
- 
- private:
- 
-+	psa_status_t asym_sign(uint32_t opcode,
-+		psa_key_id_t id, psa_algorithm_t alg,
-+		const uint8_t *hash, size_t hash_length,
-+		uint8_t *signature, size_t signature_size, size_t *signature_length);
-+
-+	psa_status_t asym_verify(uint32_t opcode,
-+		psa_key_id_t id, psa_algorithm_t alg,
-+		const uint8_t *hash, size_t hash_length,
-+		const uint8_t *signature, size_t signature_length);
-+
- 	void translate_key_attributes(
- 		ts_crypto_KeyAttributes &proto_attributes,
- 		const psa_key_attributes_t &psa_attributes);
-diff --git a/components/service/crypto/client/psa/psa_sign_message.c b/components/service/crypto/client/psa/psa_sign_message.c
-index dc2f7e80..b6446253 100644
---- a/components/service/crypto/client/psa/psa_sign_message.c
-+++ b/components/service/crypto/client/psa/psa_sign_message.c
-@@ -1,13 +1,15 @@
- /*
-- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
- 
- #include <psa/crypto.h>
-+#include "psa_crypto_client.h"
-+#include "crypto_caller_selector.h"
- 
- psa_status_t psa_sign_message(
--	psa_key_id_t key,
-+	psa_key_id_t id,
- 	psa_algorithm_t alg,
- 	const uint8_t *input,
- 	size_t input_length,
-@@ -15,19 +17,11 @@ psa_status_t psa_sign_message(
- 	size_t signature_size,
- 	size_t *signature_length)
- {
--	size_t hash_len;
--	uint8_t hash[PSA_HASH_MAX_SIZE];
-+	if (psa_crypto_client_instance.init_status != PSA_SUCCESS)
-+		return psa_crypto_client_instance.init_status;
- 
--	psa_status_t psa_status = psa_hash_compute(PSA_ALG_SIGN_GET_HASH(alg),
-+	return crypto_caller_sign_message(&psa_crypto_client_instance.base,
-+		id, alg,
- 		input, input_length,
--		hash, sizeof(hash), &hash_len);
--
--	if (psa_status == PSA_SUCCESS) {
--
--		psa_status = psa_sign_hash(key, alg,
--			hash, hash_len,
--			signature, signature_size, signature_length);
--	}
--
--	return psa_status;
-+		signature, signature_size, signature_length);
- }
-diff --git a/components/service/crypto/client/psa/psa_verify_message.c b/components/service/crypto/client/psa/psa_verify_message.c
-index d0fbc7c8..57c2c5e8 100644
---- a/components/service/crypto/client/psa/psa_verify_message.c
-+++ b/components/service/crypto/client/psa/psa_verify_message.c
-@@ -1,32 +1,26 @@
- /*
-- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
- 
- #include <psa/crypto.h>
-+#include "psa_crypto_client.h"
-+#include "crypto_caller_selector.h"
- 
- psa_status_t psa_verify_message(
--	psa_key_id_t key,
-+	psa_key_id_t id,
- 	psa_algorithm_t alg,
- 	const uint8_t *input,
- 	size_t input_length,
- 	const uint8_t * signature,
- 	size_t signature_length)
- {
--	size_t hash_len;
--	uint8_t hash[PSA_HASH_MAX_SIZE];
-+	if (psa_crypto_client_instance.init_status != PSA_SUCCESS)
-+		return psa_crypto_client_instance.init_status;
- 
--	psa_status_t psa_status = psa_hash_compute(PSA_ALG_SIGN_GET_HASH(alg),
-+	return crypto_caller_verify_message(&psa_crypto_client_instance.base,
-+		id, alg,
- 		input, input_length,
--		hash, sizeof(hash), &hash_len);
--
--	if (psa_status == PSA_SUCCESS) {
--
--		psa_status = psa_verify_hash(key, alg,
--			hash, hash_len,
--			signature, signature_length);
--	}
--
--	return psa_status;
-+		signature, signature_length);
- }
-diff --git a/components/service/crypto/provider/crypto_provider.c b/components/service/crypto/provider/crypto_provider.c
-index d0fc7cac..67a5b340 100644
---- a/components/service/crypto/provider/crypto_provider.c
-+++ b/components/service/crypto/provider/crypto_provider.c
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -16,8 +16,8 @@ static rpc_status_t destroy_key_handler(void *context, struct call_req* req);
- static rpc_status_t export_key_handler(void *context, struct call_req* req);
- static rpc_status_t export_public_key_handler(void *context, struct call_req* req);
- static rpc_status_t import_key_handler(void *context, struct call_req* req);
--static rpc_status_t sign_hash_handler(void *context, struct call_req* req);
--static rpc_status_t verify_hash_handler(void *context, struct call_req* req);
-+static rpc_status_t asymmetric_sign_handler(void *context, struct call_req* req);
-+static rpc_status_t asymmetric_verify_handler(void *context, struct call_req* req);
- static rpc_status_t asymmetric_decrypt_handler(void *context, struct call_req* req);
- static rpc_status_t asymmetric_encrypt_handler(void *context, struct call_req* req);
- static rpc_status_t generate_random_handler(void *context, struct call_req* req);
-@@ -32,14 +32,16 @@ static const struct service_handler handler_table[] = {
- 	{TS_CRYPTO_OPCODE_EXPORT_KEY,           export_key_handler},
- 	{TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY,    export_public_key_handler},
- 	{TS_CRYPTO_OPCODE_IMPORT_KEY,           import_key_handler},
--	{TS_CRYPTO_OPCODE_SIGN_HASH,            sign_hash_handler},
--	{TS_CRYPTO_OPCODE_VERIFY_HASH,          verify_hash_handler},
-+	{TS_CRYPTO_OPCODE_SIGN_HASH,            asymmetric_sign_handler},
-+	{TS_CRYPTO_OPCODE_VERIFY_HASH,          asymmetric_verify_handler},
- 	{TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT,   asymmetric_decrypt_handler},
- 	{TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT,   asymmetric_encrypt_handler},
- 	{TS_CRYPTO_OPCODE_GENERATE_RANDOM,      generate_random_handler},
- 	{TS_CRYPTO_OPCODE_COPY_KEY,          	copy_key_handler},
- 	{TS_CRYPTO_OPCODE_PURGE_KEY,          	purge_key_handler},
- 	{TS_CRYPTO_OPCODE_GET_KEY_ATTRIBUTES, 	get_key_attributes_handler},
-+	{TS_CRYPTO_OPCODE_SIGN_MESSAGE,         asymmetric_sign_handler},
-+	{TS_CRYPTO_OPCODE_VERIFY_MESSAGE,       asymmetric_verify_handler},
- };
- 
- struct rpc_interface *crypto_provider_init(struct crypto_provider *context)
-@@ -272,7 +274,7 @@ static rpc_status_t import_key_handler(void *context, struct call_req* req)
- 	return rpc_status;
- }
- 
--static rpc_status_t sign_hash_handler(void *context, struct call_req* req)
-+static rpc_status_t asymmetric_sign_handler(void *context, struct call_req* req)
- {
- 	rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED;
- 	struct call_param_buf *req_buf = call_req_get_req_buf(req);
-@@ -284,7 +286,7 @@ static rpc_status_t sign_hash_handler(void *context, struct call_req* req)
- 	uint8_t hash_buffer[PSA_HASH_MAX_SIZE];
- 
- 	if (serializer)
--		rpc_status = serializer->deserialize_sign_hash_req(req_buf, &id, &alg, hash_buffer, &hash_len);
-+		rpc_status = serializer->deserialize_asymmetric_sign_req(req_buf, &id, &alg, hash_buffer, &hash_len);
- 
- 	if (rpc_status == TS_RPC_CALL_ACCEPTED) {
- 
-@@ -292,14 +294,16 @@ static rpc_status_t sign_hash_handler(void *context, struct call_req* req)
- 		size_t sig_len;
- 		uint8_t sig_buffer[PSA_SIGNATURE_MAX_SIZE];
- 
--		psa_status = psa_sign_hash(id, alg,
--					hash_buffer, hash_len,
--					sig_buffer, sizeof(sig_buffer), &sig_len);
-+		psa_status = (call_req_get_opcode(req) == TS_CRYPTO_OPCODE_SIGN_HASH) ?
-+			psa_sign_hash(id, alg, hash_buffer, hash_len,
-+				sig_buffer, sizeof(sig_buffer), &sig_len) :
-+			psa_sign_message(id, alg, hash_buffer, hash_len,
-+				sig_buffer, sizeof(sig_buffer), &sig_len);
- 
- 		if (psa_status == PSA_SUCCESS) {
- 
- 			struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
--			rpc_status = serializer->serialize_sign_hash_resp(resp_buf, sig_buffer, sig_len);
-+			rpc_status = serializer->serialize_asymmetric_sign_resp(resp_buf, sig_buffer, sig_len);
- 		}
- 
- 		call_req_set_opstatus(req, psa_status);
-@@ -308,7 +312,7 @@ static rpc_status_t sign_hash_handler(void *context, struct call_req* req)
- 	return rpc_status;
- }
- 
--static rpc_status_t verify_hash_handler(void *context, struct call_req* req)
-+static rpc_status_t asymmetric_verify_handler(void *context, struct call_req* req)
- {
- 	rpc_status_t rpc_status = TS_RPC_ERROR_SERIALIZATION_NOT_SUPPORTED;
- 	struct call_param_buf *req_buf = call_req_get_req_buf(req);
-@@ -322,7 +326,7 @@ static rpc_status_t verify_hash_handler(void *context, struct call_req* req)
- 	uint8_t sig_buffer[PSA_SIGNATURE_MAX_SIZE];
- 
- 	if (serializer)
--		rpc_status = serializer->deserialize_verify_hash_req(req_buf, &id, &alg,
-+		rpc_status = serializer->deserialize_asymmetric_verify_req(req_buf, &id, &alg,
- 											hash_buffer, &hash_len,
- 											sig_buffer, &sig_len);
- 
-@@ -330,9 +334,13 @@ static rpc_status_t verify_hash_handler(void *context, struct call_req* req)
- 
- 		psa_status_t psa_status;
- 
--		psa_status = psa_verify_hash(id, alg,
--					hash_buffer, hash_len,
--					sig_buffer, sig_len);
-+		psa_status = (call_req_get_opcode(req) == TS_CRYPTO_OPCODE_VERIFY_HASH) ?
-+			psa_verify_hash(id, alg,
-+				hash_buffer, hash_len,
-+				sig_buffer, sig_len) :
-+			psa_verify_message(id, alg,
-+				hash_buffer, hash_len,
-+				sig_buffer, sig_len);
- 
- 		call_req_set_opstatus(req, psa_status);
- 	}
-diff --git a/components/service/crypto/provider/serializer/crypto_provider_serializer.h b/components/service/crypto/provider/serializer/crypto_provider_serializer.h
-index 68940cae..57364f24 100644
---- a/components/service/crypto/provider/serializer/crypto_provider_serializer.h
-+++ b/components/service/crypto/provider/serializer/crypto_provider_serializer.h
-@@ -79,15 +79,15 @@ struct crypto_provider_serializer {
-                                         const psa_key_attributes_t *attributes);
- 
-     /* Operation: sign_hash */
--    rpc_status_t (*deserialize_sign_hash_req)(const struct call_param_buf *req_buf,
-+    rpc_status_t (*deserialize_asymmetric_sign_req)(const struct call_param_buf *req_buf,
-                                         psa_key_id_t *id, psa_algorithm_t *alg,
-                                         uint8_t *hash, size_t *hash_len);
- 
--    rpc_status_t (*serialize_sign_hash_resp)(struct call_param_buf *resp_buf,
-+    rpc_status_t (*serialize_asymmetric_sign_resp)(struct call_param_buf *resp_buf,
-                                         const uint8_t *sig, size_t sig_len);
- 
-     /* Operation: verify_hash */
--    rpc_status_t (*deserialize_verify_hash_req)(const struct call_param_buf *req_buf,
-+    rpc_status_t (*deserialize_asymmetric_verify_req)(const struct call_param_buf *req_buf,
-                                         psa_key_id_t *id, psa_algorithm_t *alg,
-                                         uint8_t *hash, size_t *hash_len,
-                                         uint8_t *sig, size_t *sig_len);
-diff --git a/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c b/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c
-index c70db865..4a7e59f0 100644
---- a/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c
-+++ b/components/service/crypto/provider/serializer/packed-c/packedc_crypto_provider_serializer.c
-@@ -333,7 +333,7 @@ static rpc_status_t serialize_get_key_attributes_resp(struct call_param_buf *res
- }
- 
- /* Operation: sign_hash */
--static rpc_status_t deserialize_sign_hash_req(const struct call_param_buf *req_buf,
-+static rpc_status_t deserialize_asymmetric_sign_req(const struct call_param_buf *req_buf,
-                             psa_key_id_t *id, psa_algorithm_t *alg,
-                             uint8_t *hash, size_t *hash_len)
- {
-@@ -378,7 +378,7 @@ static rpc_status_t deserialize_sign_hash_req(const struct call_param_buf *req_b
-     return rpc_status;
- }
- 
--static rpc_status_t serialize_sign_hash_resp(struct call_param_buf *resp_buf,
-+static rpc_status_t serialize_asymmetric_sign_resp(struct call_param_buf *resp_buf,
-                             const uint8_t *sig, size_t sig_len)
- {
-     rpc_status_t rpc_status = TS_RPC_ERROR_INTERNAL;
-@@ -401,7 +401,7 @@ static rpc_status_t serialize_sign_hash_resp(struct call_param_buf *resp_buf,
- }
- 
- /* Operation: verify_hash */
--static rpc_status_t deserialize_verify_hash_req(const struct call_param_buf *req_buf,
-+static rpc_status_t deserialize_asymmetric_verify_req(const struct call_param_buf *req_buf,
-                                 psa_key_id_t *id, psa_algorithm_t *alg,
-                                 uint8_t *hash, size_t *hash_len,
-                                 uint8_t *sig, size_t *sig_len)
-@@ -695,9 +695,9 @@ const struct crypto_provider_serializer *packedc_crypto_provider_serializer_inst
-         deserialize_purge_key_req,
-         deserialize_get_key_attributes_req,
-         serialize_get_key_attributes_resp,
--        deserialize_sign_hash_req,
--        serialize_sign_hash_resp,
--        deserialize_verify_hash_req,
-+        deserialize_asymmetric_sign_req,
-+        serialize_asymmetric_sign_resp,
-+        deserialize_asymmetric_verify_req,
-         deserialize_asymmetric_decrypt_req,
-         serialize_asymmetric_decrypt_resp,
-         deserialize_asymmetric_encrypt_req,
-diff --git a/components/service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.c b/components/service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.c
-index 7767d20a..083a581a 100644
---- a/components/service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.c
-+++ b/components/service/crypto/provider/serializer/protobuf/pb_crypto_provider_serializer.c
-@@ -267,9 +267,9 @@ static rpc_status_t serialize_get_key_attributes_resp(struct call_param_buf *res
- }
- 
- /* Operation: sign_hash */
--static rpc_status_t deserialize_sign_hash_req(const struct call_param_buf *req_buf,
--                            psa_key_id_t *id, psa_algorithm_t *alg,
--                            uint8_t *hash, size_t *hash_len)
-+static rpc_status_t deserialize_asymmetric_sign_req(const struct call_param_buf *req_buf,
-+							psa_key_id_t *id, psa_algorithm_t *alg,
-+							uint8_t *hash, size_t *hash_len)
- {
-     rpc_status_t rpc_status = TS_RPC_ERROR_INVALID_REQ_BODY;
-     ts_crypto_SignHashIn recv_msg = ts_crypto_SignHashIn_init_default;
-@@ -295,8 +295,8 @@ static rpc_status_t deserialize_sign_hash_req(const struct call_param_buf *req_b
-     return rpc_status;
- }
- 
--static rpc_status_t serialize_sign_hash_resp(struct call_param_buf *resp_buf,
--                            const uint8_t *sig, size_t sig_len)
-+static rpc_status_t serialize_asymmetric_sign_resp(struct call_param_buf *resp_buf,
-+							const uint8_t *sig, size_t sig_len)
- {
-     size_t packed_resp_size;
-     rpc_status_t rpc_status = TS_RPC_ERROR_INTERNAL;
-@@ -323,10 +323,10 @@ static rpc_status_t serialize_sign_hash_resp(struct call_param_buf *resp_buf,
- }
- 
- /* Operation: verify_hash */
--static rpc_status_t deserialize_verify_hash_req(const struct call_param_buf *req_buf,
--                                psa_key_id_t *id, psa_algorithm_t *alg,
--                                uint8_t *hash, size_t *hash_len,
--                                uint8_t *sig, size_t *sig_len)
-+static rpc_status_t deserialize_asymmetric_verify_req(const struct call_param_buf *req_buf,
-+								psa_key_id_t *id, psa_algorithm_t *alg,
-+								uint8_t *hash, size_t *hash_len,
-+								uint8_t *sig, size_t *sig_len)
- {
-     rpc_status_t rpc_status = TS_RPC_ERROR_INVALID_REQ_BODY;
-     ts_crypto_VerifyHashIn recv_msg = ts_crypto_VerifyHashIn_init_default;
-@@ -538,32 +538,32 @@ static rpc_status_t serialize_generate_random_resp(struct call_param_buf *resp_b
- /* Singleton method to provide access to the serializer instance */
- const struct crypto_provider_serializer *pb_crypto_provider_serializer_instance(void)
- {
--    static const struct crypto_provider_serializer instance = {
--        max_deserialised_parameter_size,
--        deserialize_generate_key_req,
--        serialize_generate_key_resp,
--        deserialize_destroy_key_req,
--        deserialize_export_key_req,
--        serialize_export_key_resp,
--        deserialize_export_public_key_req,
--        serialize_export_public_key_resp,
--        deserialize_import_key_req,
--        serialize_import_key_resp,
--        deserialize_copy_key_req,
--        serialize_copy_key_resp,
--        deserialize_purge_key_req,
--        deserialize_get_key_attributes_req,
--        serialize_get_key_attributes_resp,
--        deserialize_sign_hash_req,
--        serialize_sign_hash_resp,
--        deserialize_verify_hash_req,
--        deserialize_asymmetric_decrypt_req,
--        serialize_asymmetric_decrypt_resp,
--        deserialize_asymmetric_encrypt_req,
--        serialize_asymmetric_encrypt_resp,
--        deserialize_generate_random_req,
--        serialize_generate_random_resp
--    };
--
--    return &instance;
-+	static const struct crypto_provider_serializer instance = {
-+		max_deserialised_parameter_size,
-+		deserialize_generate_key_req,
-+		serialize_generate_key_resp,
-+		deserialize_destroy_key_req,
-+		deserialize_export_key_req,
-+		serialize_export_key_resp,
-+		deserialize_export_public_key_req,
-+		serialize_export_public_key_resp,
-+		deserialize_import_key_req,
-+		serialize_import_key_resp,
-+		deserialize_copy_key_req,
-+		serialize_copy_key_resp,
-+		deserialize_purge_key_req,
-+		deserialize_get_key_attributes_req,
-+		serialize_get_key_attributes_resp,
-+		deserialize_asymmetric_sign_req,
-+		serialize_asymmetric_sign_resp,
-+		deserialize_asymmetric_verify_req,
-+		deserialize_asymmetric_decrypt_req,
-+		serialize_asymmetric_decrypt_resp,
-+		deserialize_asymmetric_encrypt_req,
-+		serialize_asymmetric_encrypt_resp,
-+		deserialize_generate_random_req,
-+		serialize_generate_random_resp
-+	};
-+
-+	return &instance;
- }
-diff --git a/components/service/crypto/test/protocol/check_crypto_opcode_alignment.cpp b/components/service/crypto/test/protocol/check_crypto_opcode_alignment.cpp
-index bd6c66ee..da01abf4 100644
---- a/components/service/crypto/test/protocol/check_crypto_opcode_alignment.cpp
-+++ b/components/service/crypto/test/protocol/check_crypto_opcode_alignment.cpp
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -18,15 +18,16 @@ TEST_GROUP(CryptoProtocolOpcodeChecks)
- 
- TEST(CryptoProtocolOpcodeChecks, checkPackedcToProtobuf)
- {
--    CHECK_EQUAL(TS_CRYPTO_OPCODE_GENERATE_KEY, ts_crypto_Opcode_GENERATE_KEY);
--    CHECK_EQUAL(TS_CRYPTO_OPCODE_DESTROY_KEY, ts_crypto_Opcode_DESTROY_KEY);
--    CHECK_EQUAL(TS_CRYPTO_OPCODE_EXPORT_KEY, ts_crypto_Opcode_EXPORT_KEY);
--    CHECK_EQUAL(TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, ts_crypto_Opcode_EXPORT_PUBLIC_KEY);
--    CHECK_EQUAL(TS_CRYPTO_OPCODE_IMPORT_KEY, ts_crypto_Opcode_IMPORT_KEY);
--    CHECK_EQUAL(TS_CRYPTO_OPCODE_SIGN_HASH, ts_crypto_Opcode_SIGN_HASH);
--    CHECK_EQUAL(TS_CRYPTO_OPCODE_VERIFY_HASH, ts_crypto_Opcode_VERIFY_HASH);
--    CHECK_EQUAL(TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, ts_crypto_Opcode_ASYMMETRIC_DECRYPT);
--    CHECK_EQUAL(TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, ts_crypto_Opcode_ASYMMETRIC_ENCRYPT);
--    CHECK_EQUAL(TS_CRYPTO_OPCODE_GENERATE_RANDOM, ts_crypto_Opcode_GENERATE_RANDOM);
-+	CHECK_EQUAL(TS_CRYPTO_OPCODE_GENERATE_KEY, ts_crypto_Opcode_GENERATE_KEY);
-+	CHECK_EQUAL(TS_CRYPTO_OPCODE_DESTROY_KEY, ts_crypto_Opcode_DESTROY_KEY);
-+	CHECK_EQUAL(TS_CRYPTO_OPCODE_EXPORT_KEY, ts_crypto_Opcode_EXPORT_KEY);
-+	CHECK_EQUAL(TS_CRYPTO_OPCODE_EXPORT_PUBLIC_KEY, ts_crypto_Opcode_EXPORT_PUBLIC_KEY);
-+	CHECK_EQUAL(TS_CRYPTO_OPCODE_IMPORT_KEY, ts_crypto_Opcode_IMPORT_KEY);
-+	CHECK_EQUAL(TS_CRYPTO_OPCODE_SIGN_HASH, ts_crypto_Opcode_SIGN_HASH);
-+	CHECK_EQUAL(TS_CRYPTO_OPCODE_VERIFY_HASH, ts_crypto_Opcode_VERIFY_HASH);
-+	CHECK_EQUAL(TS_CRYPTO_OPCODE_ASYMMETRIC_DECRYPT, ts_crypto_Opcode_ASYMMETRIC_DECRYPT);
-+	CHECK_EQUAL(TS_CRYPTO_OPCODE_ASYMMETRIC_ENCRYPT, ts_crypto_Opcode_ASYMMETRIC_ENCRYPT);
-+	CHECK_EQUAL(TS_CRYPTO_OPCODE_GENERATE_RANDOM, ts_crypto_Opcode_GENERATE_RANDOM);
-+	CHECK_EQUAL(TS_CRYPTO_OPCODE_SIGN_MESSAGE, ts_crypto_Opcode_SIGN_MESSAGE);
-+	CHECK_EQUAL(TS_CRYPTO_OPCODE_VERIFY_MESSAGE, ts_crypto_Opcode_VERIFY_MESSAGE);
- }
--
-diff --git a/components/service/crypto/test/service/crypto_service_scenarios.cpp b/components/service/crypto/test/service/crypto_service_scenarios.cpp
-index ec2c6736..b3345551 100644
---- a/components/service/crypto/test/service/crypto_service_scenarios.cpp
-+++ b/components/service/crypto/test/service/crypto_service_scenarios.cpp
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -290,6 +290,56 @@ void crypto_service_scenarios::signAndVerifyHash()
- 	CHECK_EQUAL(PSA_SUCCESS, status);
- }
- 
-+void crypto_service_scenarios::signAndVerifyMessage()
-+{
-+	psa_status_t status;
-+	psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-+	psa_key_id_t key_id;
-+
-+	psa_set_key_id(&attributes, 14);
-+	psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE);
-+	psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256));
-+	psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
-+	psa_set_key_bits(&attributes, 256);
-+
-+	/* Generate a key */
-+	status = m_crypto_client->generate_key(&attributes, &key_id);
-+	CHECK_EQUAL(PSA_SUCCESS, status);
-+
-+	psa_reset_key_attributes(&attributes);
-+
-+	/* Sign a message */
-+	uint8_t message[21];
-+	uint8_t signature[PSA_SIGNATURE_MAX_SIZE];
-+	size_t signature_length;
-+
-+	memset(message, 0x99, sizeof(message));
-+
-+	status = m_crypto_client->sign_message(key_id,
-+		PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), message, sizeof(message),
-+		signature, sizeof(signature), &signature_length);
-+
-+	CHECK_EQUAL(PSA_SUCCESS, status);
-+	CHECK(signature_length > 0);
-+
-+	/* Verify the signature */
-+	status = m_crypto_client->verify_message(key_id,
-+		PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), message, sizeof(message),
-+		signature, signature_length);
-+	CHECK_EQUAL(PSA_SUCCESS, status);
-+
-+	/* Change the message and expect verify to fail */
-+	message[0] = 0x72;
-+	status = m_crypto_client->verify_message(key_id,
-+		PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256), message, sizeof(message),
-+		signature, signature_length);
-+	CHECK_EQUAL(PSA_ERROR_INVALID_SIGNATURE, status);
-+
-+	/* Remove the key */
-+	status = m_crypto_client->destroy_key(key_id);
-+	CHECK_EQUAL(PSA_SUCCESS, status);
-+}
-+
- void crypto_service_scenarios::signAndVerifyEat()
- {
- 	/* Sign and verify a hash using EAT key type and algorithm */
-@@ -348,7 +398,7 @@ void crypto_service_scenarios::asymEncryptDecrypt()
- 	psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- 	psa_key_id_t key_id;
- 
--	psa_set_key_id(&attributes, 14);
-+	psa_set_key_id(&attributes, 15);
- 	psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
- 	psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_CRYPT);
- 	psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
-@@ -394,7 +444,7 @@ void crypto_service_scenarios::asymEncryptDecryptWithSalt()
- 	psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- 	psa_key_id_t key_id;
- 
--	psa_set_key_id(&attributes, 15);
-+	psa_set_key_id(&attributes, 16);
- 	psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT);
- 	psa_set_key_algorithm(&attributes,  PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256));
- 	psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
-diff --git a/components/service/crypto/test/service/crypto_service_scenarios.h b/components/service/crypto/test/service/crypto_service_scenarios.h
-index c65eba26..23671644 100644
---- a/components/service/crypto/test/service/crypto_service_scenarios.h
-+++ b/components/service/crypto/test/service/crypto_service_scenarios.h
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -24,6 +24,7 @@ public:
- 	void asymEncryptDecrypt();
- 	void asymEncryptDecryptWithSalt();
- 	void signAndVerifyHash();
-+	void signAndVerifyMessage();
- 	void signAndVerifyEat();
- 	void exportAndImportKeyPair();
- 	void exportPublicKey();
-diff --git a/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp b/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp
-index 79eddfbb..ea238432 100644
---- a/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp
-+++ b/components/service/crypto/test/service/packed-c/crypto_service_packedc_tests.cpp
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -87,6 +87,11 @@ TEST(CryptoServicePackedcTests, signAndVerifyHash)
- 	m_scenarios->signAndVerifyHash();
- }
- 
-+TEST(CryptoServicePackedcTests, signAndVerifyMessage)
-+{
-+	m_scenarios->signAndVerifyMessage();
-+}
-+
- TEST(CryptoServicePackedcTests, signAndVerifyEat)
- {
- 	m_scenarios->signAndVerifyEat();
-diff --git a/components/service/crypto/test/service/protobuf/crypto_service_protobuf_tests.cpp b/components/service/crypto/test/service/protobuf/crypto_service_protobuf_tests.cpp
-index 1230752c..c172ad4a 100644
---- a/components/service/crypto/test/service/protobuf/crypto_service_protobuf_tests.cpp
-+++ b/components/service/crypto/test/service/protobuf/crypto_service_protobuf_tests.cpp
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -77,6 +77,11 @@ TEST(CryptoServiceProtobufTests, signAndVerifyHash)
-     m_scenarios->signAndVerifyHash();
- }
- 
-+TEST(CryptoServiceProtobufTests, signAndVerifyMessage)
-+{
-+    m_scenarios->signAndVerifyMessage();
-+}
-+
- TEST(CryptoServiceProtobufTests, asymEncryptDecrypt)
- {
-     m_scenarios->asymEncryptDecrypt();
-diff --git a/protocols/service/crypto/packed-c/opcodes.h b/protocols/service/crypto/packed-c/opcodes.h
-index a07bd57e..5aebf2fa 100644
---- a/protocols/service/crypto/packed-c/opcodes.h
-+++ b/protocols/service/crypto/packed-c/opcodes.h
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -25,6 +25,8 @@
- #define TS_CRYPTO_OPCODE_COPY_KEY               (TS_CRYPTO_OPCODE_BASE + 13)
- #define TS_CRYPTO_OPCODE_PURGE_KEY              (TS_CRYPTO_OPCODE_BASE + 14)
- #define TS_CRYPTO_OPCODE_GET_KEY_ATTRIBUTES     (TS_CRYPTO_OPCODE_BASE + 15)
-+#define TS_CRYPTO_OPCODE_SIGN_MESSAGE           (TS_CRYPTO_OPCODE_BASE + 16)
-+#define TS_CRYPTO_OPCODE_VERIFY_MESSAGE         (TS_CRYPTO_OPCODE_BASE + 17)
- 
- /* Hash operations */
- #define TS_CRYPTO_OPCODE_HASH_BASE              (0x0200)
-diff --git a/protocols/service/crypto/protobuf/opcodes.proto b/protocols/service/crypto/protobuf/opcodes.proto
-index 094d3a02..ef64d044 100644
---- a/protocols/service/crypto/protobuf/opcodes.proto
-+++ b/protocols/service/crypto/protobuf/opcodes.proto
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
- syntax = "proto3";
-@@ -18,4 +18,6 @@ enum Opcode {
-   ASYMMETRIC_DECRYPT  = 0x010a;
-   ASYMMETRIC_ENCRYPT  = 0x010b;
-   GENERATE_RANDOM     = 0x010c;
-+  SIGN_MESSAGE        = 0x0110;
-+  VERIFY_MESSAGE      = 0x0111;
- }
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0037-Add-defence-against-uninitialised-multi-part-transac.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0037-Add-defence-against-uninitialised-multi-part-transac.patch
deleted file mode 100644
index a56e0f8..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0037-Add-defence-against-uninitialised-multi-part-transac.patch
+++ /dev/null
@@ -1,123 +0,0 @@
-From 9a83c32964ee2b1ecb7b36b4c08466202efd3bf2 Mon Sep 17 00:00:00 2001
-From: Julian Hall <julian.hall@arm.com>
-Date: Fri, 11 Feb 2022 14:19:26 +0000
-Subject: [PATCH] Add defence against uninitialised multi-part transaction
-
-Adds checks for the condition where there is an attempt to
-setup a multi-part transaction without first initialising
-transaction state.
-
-Signed-off-by: Julian Hall <julian.hall@arm.com>
-Change-Id: I754479260fed0490d8f32b41a077d26028dc9903
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
-
-
----
- components/service/crypto/client/psa/psa_cipher.c | 14 +++++++++++++-
- components/service/crypto/client/psa/psa_hash.c   |  8 +++++++-
- components/service/crypto/client/psa/psa_mac.c    | 10 ++++++++--
- 3 files changed, 28 insertions(+), 4 deletions(-)
-
-diff --git a/components/service/crypto/client/psa/psa_cipher.c b/components/service/crypto/client/psa/psa_cipher.c
-index 70836ea6..3ab8ea21 100644
---- a/components/service/crypto/client/psa/psa_cipher.c
-+++ b/components/service/crypto/client/psa/psa_cipher.c
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -13,6 +13,12 @@ psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
- 	psa_key_id_t key,
- 	psa_algorithm_t alg)
- {
-+	if (psa_crypto_client_instance.init_status != PSA_SUCCESS)
-+		return psa_crypto_client_instance.init_status;
-+
-+	if (operation->handle)
-+		return PSA_ERROR_BAD_STATE;
-+
- 	return crypto_caller_cipher_encrypt_setup(&psa_crypto_client_instance.base,
- 		&operation->handle,
- 		key, alg);
-@@ -22,6 +28,12 @@ psa_status_t psa_cipher_decrypt_setup(psa_cipher_operation_t *operation,
- 	psa_key_id_t key,
- 	psa_algorithm_t alg)
- {
-+	if (psa_crypto_client_instance.init_status != PSA_SUCCESS)
-+		return psa_crypto_client_instance.init_status;
-+
-+	if (operation->handle)
-+		return PSA_ERROR_BAD_STATE;
-+
- 	return crypto_caller_cipher_decrypt_setup(&psa_crypto_client_instance.base,
- 		&operation->handle,
- 		key, alg);
-diff --git a/components/service/crypto/client/psa/psa_hash.c b/components/service/crypto/client/psa/psa_hash.c
-index 7005c390..83278de6 100644
---- a/components/service/crypto/client/psa/psa_hash.c
-+++ b/components/service/crypto/client/psa/psa_hash.c
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -14,6 +14,9 @@ psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
- 	if (psa_crypto_client_instance.init_status != PSA_SUCCESS)
- 		return psa_crypto_client_instance.init_status;
- 
-+	if (operation->handle)
-+		return PSA_ERROR_BAD_STATE;
-+
- 	return crypto_caller_hash_setup(&psa_crypto_client_instance.base,
- 		&operation->handle, alg);
- }
-@@ -55,6 +58,9 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
- psa_status_t psa_hash_clone(const psa_hash_operation_t *source_operation,
- 	psa_hash_operation_t *target_operation)
- {
-+	if (target_operation->handle)
-+		return PSA_ERROR_BAD_STATE;
-+
- 	return crypto_caller_hash_clone(&psa_crypto_client_instance.base,
- 		source_operation->handle,
- 		&target_operation->handle);
-diff --git a/components/service/crypto/client/psa/psa_mac.c b/components/service/crypto/client/psa/psa_mac.c
-index 5efa1c4d..5c5eb32a 100644
---- a/components/service/crypto/client/psa/psa_mac.c
-+++ b/components/service/crypto/client/psa/psa_mac.c
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -16,6 +16,9 @@ psa_status_t psa_mac_sign_setup(psa_mac_operation_t *operation,
- 	if (psa_crypto_client_instance.init_status != PSA_SUCCESS)
- 		return psa_crypto_client_instance.init_status;
- 
-+	if (operation->handle)
-+		return PSA_ERROR_BAD_STATE;
-+
- 	return crypto_caller_mac_sign_setup(&psa_crypto_client_instance.base,
- 		&operation->handle,
- 		key, alg);
-@@ -28,7 +31,10 @@ psa_status_t psa_mac_verify_setup(psa_mac_operation_t *operation,
- 	if (psa_crypto_client_instance.init_status != PSA_SUCCESS)
- 		return psa_crypto_client_instance.init_status;
- 
--	return crypto_caller_mac_sign_setup(&psa_crypto_client_instance.base,
-+	if (operation->handle)
-+		return PSA_ERROR_BAD_STATE;
-+
-+	return crypto_caller_mac_verify_setup(&psa_crypto_client_instance.base,
- 		&operation->handle,
- 		key, alg);
- }
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0038-Integrate-AEAD-operation-support.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0038-Integrate-AEAD-operation-support.patch
deleted file mode 100644
index 2ad1efb..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0038-Integrate-AEAD-operation-support.patch
+++ /dev/null
@@ -1,521 +0,0 @@
-From 00b4f777b377c69f948f5a9d68cbfc8fa8c38a86 Mon Sep 17 00:00:00 2001
-From: Julian Hall <julian.hall@arm.com>
-Date: Fri, 11 Feb 2022 14:24:53 +0000
-Subject: [PATCH] Integrate AEAD operation support
-
-Resolves issues and integrates AEAD support into the crypto service
-provider and clients.
-
-Signed-off-by: Julian Hall <julian.hall@arm.com>
-Change-Id: I5fbe78a2dd825f592e26fd665f60c18b576f9de9
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
-
-
----
- .../caller/packed-c/crypto_caller_aead.h      |  70 +++---
- .../client/caller/stub/crypto_caller_aead.h   |  12 +-
- .../service/crypto/client/psa/psa_aead.c      | 221 +++++++++++++++---
- .../factory/full/crypto_provider_factory.c    |  16 +-
- .../component-test/component-test.cmake       |   4 +-
- deployments/crypto/opteesp/CMakeLists.txt     |   4 +-
- deployments/libts/linux-pc/CMakeLists.txt     |   4 +-
- deployments/se-proxy/opteesp/CMakeLists.txt   |   4 +-
- 8 files changed, 263 insertions(+), 72 deletions(-)
-
-diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
-index 3d9947d5..c4ffb20c 100644
---- a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
-+++ b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -20,38 +20,6 @@
- extern "C" {
- #endif
- 
--static inline psa_status_t crypto_caller_aead_encrypt(struct service_client *context,
--	psa_key_id_t key,
--	psa_algorithm_t alg,
--	const uint8_t *nonce,
--	size_t nonce_length,
--	const uint8_t *additional_data,
--	size_t additional_data_length,
--	const uint8_t *plaintext,
--	size_t plaintext_length,
--	uint8_t *aeadtext,
--	size_t aeadtext_size,
--	size_t *aeadtext_length)
--{
--	return PSA_ERROR_NOT_SUPPORTED;
--}
--
--static inline psa_status_t crypto_caller_aead_decrypt(struct service_client *context,
--	psa_key_id_t key,
--	psa_algorithm_t alg,
--	const uint8_t *nonce,
--	size_t nonce_length,
--	const uint8_t *additional_data,
--	size_t additional_data_length,
--	const uint8_t *aeadtext,
--	size_t aeadtext_length,
--	uint8_t *plaintext,
--	size_t plaintext_size,
--	size_t *plaintext_length)
--{
--	return PSA_ERROR_NOT_SUPPORTED;
--}
--
- static inline psa_status_t common_aead_setup(struct service_client *context,
- 	uint32_t *op_handle,
- 	psa_key_id_t key,
-@@ -247,7 +215,7 @@ static inline psa_status_t crypto_caller_aead_set_lengths(struct service_client
- {
- 	psa_status_t psa_status = PSA_ERROR_GENERIC_ERROR;
- 	struct ts_crypto_aead_set_lengths_in req_msg;
--	size_t req_fixed_len = sizeof(struct ts_crypto_aead_abort_in);
-+	size_t req_fixed_len = sizeof(struct ts_crypto_aead_set_lengths_in);
- 	size_t req_len = req_fixed_len;
- 
- 	req_msg.op_handle = op_handle;
-@@ -611,6 +579,40 @@ static inline psa_status_t crypto_caller_aead_abort(struct service_client *conte
- 	return psa_status;
- }
- 
-+/**
-+ * The maximum data length that may be carried in an update operation will be
-+ * constrained by the maximum call payload capacity imposed by the end-to-end
-+ * RPC call path. These functions return the maximum update size when serialization
-+ * overheads are considered. This allows large paylaods to be processed in
-+ * maximum size chunks.
-+ */
-+static inline size_t crypto_caller_aead_max_update_ad_size(const struct service_client *context)
-+{
-+	/* Returns the maximum number of bytes of additional data that may be
-+	 * carried as a parameter of the aead_update_ad operation
-+	 * using the packed-c encoding.
-+	 */
-+	size_t payload_space = context->service_info.max_payload;
-+	size_t overhead = sizeof(struct ts_crypto_aead_update_ad_in) + TLV_HDR_LEN;
-+
-+	return (payload_space > overhead) ? payload_space - overhead : 0;
-+}
-+
-+static inline size_t crypto_caller_aead_max_update_size(const struct service_client *context)
-+{
-+	/* Returns the maximum number of bytes that may be
-+	 * carried as a parameter of the aead_update operation
-+	 * using the packed-c encoding.
-+	 */
-+	size_t payload_space = context->service_info.max_payload;
-+	size_t overhead = sizeof(struct ts_crypto_aead_update_in) + TLV_HDR_LEN;
-+
-+	/* Allow for output to be a whole number of blocks */
-+	overhead += PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE;
-+
-+	return (payload_space > overhead) ? payload_space - overhead : 0;
-+}
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/components/service/crypto/client/caller/stub/crypto_caller_aead.h b/components/service/crypto/client/caller/stub/crypto_caller_aead.h
-index 18aa8cec..455e7ac1 100644
---- a/components/service/crypto/client/caller/stub/crypto_caller_aead.h
-+++ b/components/service/crypto/client/caller/stub/crypto_caller_aead.h
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -135,6 +135,16 @@ static inline psa_status_t crypto_caller_aead_abort(struct service_client *conte
- 	return PSA_ERROR_NOT_SUPPORTED;
- }
- 
-+static inline size_t crypto_caller_aead_max_update_ad_size(const struct service_client *context)
-+{
-+	return 0;
-+}
-+
-+static inline size_t crypto_caller_aead_max_update_size(const struct service_client *context)
-+{
-+	return 0;
-+}
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/components/service/crypto/client/psa/psa_aead.c b/components/service/crypto/client/psa/psa_aead.c
-index 22fd3da1..e4579e63 100644
---- a/components/service/crypto/client/psa/psa_aead.c
-+++ b/components/service/crypto/client/psa/psa_aead.c
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -8,37 +8,6 @@
- #include "psa_crypto_client.h"
- #include "crypto_caller_selector.h"
- 
--
--psa_status_t psa_aead_encrypt(psa_key_id_t key,
--	psa_algorithm_t alg,
--	const uint8_t *nonce,
--	size_t nonce_length,
--	const uint8_t *additional_data,
--	size_t additional_data_length,
--	const uint8_t *plaintext,
--	size_t plaintext_length,
--	uint8_t *aeadtext,
--	size_t aeadtext_size,
--	size_t *aeadtext_length)
--{
--	return PSA_ERROR_NOT_SUPPORTED;
--}
--
--psa_status_t psa_aead_decrypt(psa_key_id_t key,
--	psa_algorithm_t alg,
--	const uint8_t *nonce,
--	size_t nonce_length,
--	const uint8_t *additional_data,
--	size_t additional_data_length,
--	const uint8_t *aeadtext,
--	size_t aeadtext_length,
--	uint8_t *plaintext,
--	size_t plaintext_size,
--	size_t *plaintext_length)
--{
--	return PSA_ERROR_NOT_SUPPORTED;
--}
--
- psa_status_t psa_aead_encrypt_setup(psa_aead_operation_t *operation,
- 	psa_key_id_t key,
- 	psa_algorithm_t alg)
-@@ -143,3 +112,191 @@ psa_status_t psa_aead_abort(psa_aead_operation_t *operation)
- 	return crypto_caller_aead_abort(&psa_crypto_client_instance.base,
- 		operation->handle);
- }
-+
-+static psa_status_t multi_aead_update_ad(psa_aead_operation_t *operation,
-+	const uint8_t *input,
-+	size_t input_length)
-+{
-+	psa_status_t psa_status = PSA_SUCCESS;
-+	size_t max_update_size =
-+		crypto_caller_aead_max_update_ad_size(&psa_crypto_client_instance.base);
-+	size_t bytes_input = 0;
-+
-+	if (!max_update_size) {
-+
-+		/* Don't know the max update size so assume that the entire
-+		 * input and output can be handled in a single update.  If
-+		 * this isn't true, the first aead update operation will fail
-+		 * safely.
-+		 */
-+		max_update_size = input_length;
-+	}
-+
-+	while (bytes_input < input_length) {
-+
-+		size_t bytes_remaining = input_length - bytes_input;
-+		size_t update_len = (bytes_remaining < max_update_size) ?
-+			bytes_remaining :
-+			max_update_size;
-+
-+		psa_status = psa_aead_update_ad(operation,
-+			&input[bytes_input], update_len);
-+
-+		if (psa_status != PSA_SUCCESS) break;
-+
-+		bytes_input += update_len;
-+	}
-+
-+	return psa_status;
-+}
-+
-+static psa_status_t multi_aead_update(psa_aead_operation_t *operation,
-+	const uint8_t *input,
-+	size_t input_length,
-+	uint8_t *output,
-+	size_t output_size,
-+	size_t *output_length)
-+{
-+	psa_status_t psa_status = PSA_SUCCESS;
-+	size_t max_update_size =
-+		crypto_caller_aead_max_update_size(&psa_crypto_client_instance.base);
-+	size_t bytes_input = 0;
-+	size_t bytes_output = 0;
-+
-+	*output_length = 0;
-+
-+	if (!max_update_size) {
-+
-+		/* Don't know the max update size so assume that the entire
-+		 * input and output can be handled in a single update.  If
-+		 * this isn't true, the first aead update operation will fail
-+		 * safely.
-+		 */
-+		max_update_size = input_length;
-+	}
-+
-+	while ((bytes_input < input_length) && (bytes_output < output_size)) {
-+
-+		size_t update_output_len = 0;
-+		size_t bytes_remaining = input_length - bytes_input;
-+		size_t update_len = (bytes_remaining < max_update_size) ?
-+			bytes_remaining :
-+			max_update_size;
-+
-+		psa_status = psa_aead_update(operation,
-+			&input[bytes_input], update_len,
-+			&output[bytes_output], output_size - bytes_output, &update_output_len);
-+
-+		if (psa_status != PSA_SUCCESS) break;
-+
-+		bytes_input += update_len;
-+		bytes_output += update_output_len;
-+	}
-+
-+	if (psa_status == PSA_SUCCESS) {
-+
-+		*output_length = bytes_output;
-+	}
-+
-+	return psa_status;
-+}
-+
-+psa_status_t psa_aead_encrypt(psa_key_id_t key,
-+	psa_algorithm_t alg,
-+	const uint8_t *nonce,
-+	size_t nonce_length,
-+	const uint8_t *additional_data,
-+	size_t additional_data_length,
-+	const uint8_t *plaintext,
-+	size_t plaintext_length,
-+	uint8_t *aeadtext,
-+	size_t aeadtext_size,
-+	size_t *aeadtext_length)
-+{
-+	psa_aead_operation_t operation = psa_aead_operation_init();
-+	size_t bytes_output = 0;
-+	*aeadtext_length = 0;
-+
-+	psa_status_t psa_status = psa_aead_encrypt_setup(&operation, key, alg);
-+	if (psa_status != PSA_SUCCESS) return psa_status;
-+
-+	if ((psa_status = psa_aead_set_lengths(&operation, additional_data_length, plaintext_length),
-+			psa_status == PSA_SUCCESS) &&
-+		(psa_status = psa_aead_set_nonce(&operation, nonce, nonce_length),
-+			psa_status == PSA_SUCCESS) &&
-+		(psa_status = multi_aead_update_ad(&operation, additional_data, additional_data_length),
-+			psa_status == PSA_SUCCESS) &&
-+		(psa_status = multi_aead_update(&operation, plaintext, plaintext_length,
-+			aeadtext, aeadtext_size, &bytes_output),
-+			psa_status == PSA_SUCCESS))
-+	{
-+		size_t remaining_aead_len = 0;
-+		size_t tag_len = 0;
-+
-+		psa_status = psa_aead_finish(&operation,
-+			NULL, 0, &remaining_aead_len,
-+			&aeadtext[bytes_output], aeadtext_size - bytes_output, &tag_len);
-+
-+		if (psa_status == PSA_SUCCESS) {
-+
-+			*aeadtext_length = bytes_output + remaining_aead_len + tag_len;
-+		}
-+	}
-+	else {
-+
-+		psa_aead_abort(&operation);
-+	}
-+
-+	return psa_status;
-+}
-+
-+psa_status_t psa_aead_decrypt(psa_key_id_t key,
-+	psa_algorithm_t alg,
-+	const uint8_t *nonce,
-+	size_t nonce_length,
-+	const uint8_t *additional_data,
-+	size_t additional_data_length,
-+	const uint8_t *aeadtext,
-+	size_t aeadtext_length,
-+	uint8_t *plaintext,
-+	size_t plaintext_size,
-+	size_t *plaintext_length)
-+{
-+	psa_aead_operation_t operation = psa_aead_operation_init();
-+	size_t bytes_output = 0;
-+	*plaintext_length = 0;
-+
-+	psa_status_t psa_status = psa_aead_decrypt_setup(&operation, key, alg);
-+	if (psa_status != PSA_SUCCESS) return psa_status;
-+
-+	size_t tag_len = PSA_ALG_AEAD_GET_TAG_LENGTH(alg);
-+	size_t ciphertext_len = (aeadtext_length > tag_len) ? aeadtext_length - tag_len : 0;
-+
-+	if ((psa_status = psa_aead_set_lengths(&operation, additional_data_length, ciphertext_len),
-+			psa_status == PSA_SUCCESS) &&
-+		(psa_status = psa_aead_set_nonce(&operation, nonce, nonce_length),
-+			psa_status == PSA_SUCCESS) &&
-+		(psa_status = multi_aead_update_ad(&operation, additional_data, additional_data_length),
-+			psa_status == PSA_SUCCESS) &&
-+		(psa_status = multi_aead_update(&operation, aeadtext, ciphertext_len,
-+			plaintext, plaintext_size, &bytes_output),
-+			psa_status == PSA_SUCCESS))
-+	{
-+		size_t remaining_plaintext_len = 0;
-+
-+		psa_status = psa_aead_verify(&operation,
-+			NULL, 0, &remaining_plaintext_len,
-+			&aeadtext[bytes_output], aeadtext_length - bytes_output);
-+
-+		if (psa_status == PSA_SUCCESS) {
-+
-+			*plaintext_length = bytes_output + remaining_plaintext_len;
-+		}
-+	}
-+	else {
-+
-+		psa_aead_abort(&operation);
-+	}
-+
-+	return psa_status;
-+}
-diff --git a/components/service/crypto/factory/full/crypto_provider_factory.c b/components/service/crypto/factory/full/crypto_provider_factory.c
-index 2d926eb6..ee2b4473 100644
---- a/components/service/crypto/factory/full/crypto_provider_factory.c
-+++ b/components/service/crypto/factory/full/crypto_provider_factory.c
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2021, Arm Limited. All rights reserved.
-+ * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  *
-@@ -17,6 +17,8 @@
- #include <service/crypto/provider/extension/key_derivation/serializer/packed-c/packedc_key_derivation_provider_serializer.h>
- #include <service/crypto/provider/extension/mac/mac_provider.h>
- #include <service/crypto/provider/extension/mac/serializer/packed-c/packedc_mac_provider_serializer.h>
-+#include <service/crypto/provider/extension/aead/aead_provider.h>
-+#include <service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.h>
- #include <service/discovery/provider/discovery_provider.h>
- #include <service/discovery/provider/serializer/packed-c/packedc_discovery_provider_serializer.h>
- 
-@@ -34,6 +36,7 @@ static struct full_crypto_provider
- 	struct cipher_provider cipher_provider;
- 	struct key_derivation_provider key_derivation_provider;
- 	struct mac_provider mac_provider;
-+	struct aead_provider aead_provider;
- 
- } instance;
- 
-@@ -98,6 +101,17 @@ struct crypto_provider *crypto_provider_factory_create(void)
- 	crypto_provider_extend(&instance.crypto_provider,
- 		&instance.mac_provider.base_provider);
- 
-+	/**
-+	 * Extend with aead operations
-+	 */
-+	aead_provider_init(&instance.aead_provider);
-+
-+	aead_provider_register_serializer(&instance.aead_provider,
-+		TS_RPC_ENCODING_PACKED_C, packedc_aead_provider_serializer_instance());
-+
-+	crypto_provider_extend(&instance.crypto_provider,
-+		&instance.aead_provider.base_provider);
-+
- 	return &instance.crypto_provider;
- }
- 
-diff --git a/deployments/component-test/component-test.cmake b/deployments/component-test/component-test.cmake
-index a0233c34..c3b015ab 100644
---- a/deployments/component-test/component-test.cmake
-+++ b/deployments/component-test/component-test.cmake
-@@ -1,5 +1,5 @@
- #-------------------------------------------------------------------------------
--# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+# Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.
- #
- # SPDX-License-Identifier: BSD-3-Clause
- #
-@@ -85,6 +85,8 @@ add_components(
- 		"components/service/crypto/provider/extension/key_derivation/serializer/packed-c"
- 		"components/service/crypto/provider/extension/mac"
- 		"components/service/crypto/provider/extension/mac/serializer/packed-c"
-+		"components/service/crypto/provider/extension/aead"
-+		"components/service/crypto/provider/extension/aead/serializer/packed-c"
- 		"components/service/crypto/provider/test"
- 		"components/service/crypto/backend/mbedcrypto"
- 		"components/service/crypto/factory/full"
-diff --git a/deployments/crypto/opteesp/CMakeLists.txt b/deployments/crypto/opteesp/CMakeLists.txt
-index 8ada74e9..eb5d0847 100644
---- a/deployments/crypto/opteesp/CMakeLists.txt
-+++ b/deployments/crypto/opteesp/CMakeLists.txt
-@@ -1,5 +1,5 @@
- #-------------------------------------------------------------------------------
--# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+# Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.
- #
- # SPDX-License-Identifier: BSD-3-Clause
- #
-@@ -62,6 +62,8 @@ add_components(TARGET "crypto-sp"
- 		"components/service/crypto/provider/extension/key_derivation/serializer/packed-c"
- 		"components/service/crypto/provider/extension/mac"
- 		"components/service/crypto/provider/extension/mac/serializer/packed-c"
-+		"components/service/crypto/provider/extension/aead"
-+		"components/service/crypto/provider/extension/aead/serializer/packed-c"
- 		"components/service/crypto/factory/full"
- 		"components/service/crypto/backend/mbedcrypto"
- 		"components/service/crypto/backend/mbedcrypto/trng_adapter/platform"
-diff --git a/deployments/libts/linux-pc/CMakeLists.txt b/deployments/libts/linux-pc/CMakeLists.txt
-index fc98407c..97eaaa73 100644
---- a/deployments/libts/linux-pc/CMakeLists.txt
-+++ b/deployments/libts/linux-pc/CMakeLists.txt
-@@ -1,5 +1,5 @@
- #-------------------------------------------------------------------------------
--# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+# Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.
- #
- # SPDX-License-Identifier: BSD-3-Clause
- #
-@@ -71,6 +71,8 @@ add_components(
- 		"components/service/crypto/provider/extension/key_derivation/serializer/packed-c"
- 		"components/service/crypto/provider/extension/mac"
- 		"components/service/crypto/provider/extension/mac/serializer/packed-c"
-+		"components/service/crypto/provider/extension/aead"
-+		"components/service/crypto/provider/extension/aead/serializer/packed-c"
- 		"components/service/crypto/factory/full"
- 		"components/service/crypto/backend/mbedcrypto"
- 		"components/service/crypto/backend/mbedcrypto/trng_adapter/linux"
-diff --git a/deployments/se-proxy/opteesp/CMakeLists.txt b/deployments/se-proxy/opteesp/CMakeLists.txt
-index 953bb716..24a8ca65 100644
---- a/deployments/se-proxy/opteesp/CMakeLists.txt
-+++ b/deployments/se-proxy/opteesp/CMakeLists.txt
-@@ -1,5 +1,5 @@
- #-------------------------------------------------------------------------------
--# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+# Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
- #
- # SPDX-License-Identifier: BSD-3-Clause
- #
-@@ -70,6 +70,8 @@ add_components(TARGET "se-proxy"
- 		"components/service/crypto/provider/extension/key_derivation/serializer/packed-c"
- 		"components/service/crypto/provider/extension/mac"
- 		"components/service/crypto/provider/extension/mac/serializer/packed-c"
-+		"components/service/crypto/provider/extension/aead"
-+		"components/service/crypto/provider/extension/aead/serializer/packed-c"
- 		"components/service/crypto/factory/full"
- 		"components/service/secure_storage/include"
- 		"components/service/secure_storage/frontend/secure_storage_provider"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0039-Add-IV-generation-to-one-shot-cipher-operation.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0039-Add-IV-generation-to-one-shot-cipher-operation.patch
deleted file mode 100644
index 0c93a26..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0039-Add-IV-generation-to-one-shot-cipher-operation.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From 43388a8e071980d9146f935f486a859d0a04322b Mon Sep 17 00:00:00 2001
-From: Julian Hall <julian.hall@arm.com>
-Date: Tue, 15 Feb 2022 15:46:58 +0000
-Subject: [PATCH] Add IV generation to one-shot cipher operation
-
-The functions psa_cipher_encrypt and psa_cipher_decrypt are
-one-shot operations that can take an arbitrary sized input.
-These operations are implemented as client-side functions
-that use multi-part cipher operations to allow large inputs
-to be handled. The existing implementations were missing the
-generation and setting of the IV at the start of the data.
-This was leading to PSA Arch test failures (248 & 249). This
-commit adds the missing IV handling and resolves the test
-failures.
-
-Signed-off-by: Julian Hall <julian.hall@arm.com>
-Change-Id: I4afb555ee7062ebb387e5bb27fb1e082288ad8c7
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
-
-
----
- .../service/crypto/client/psa/psa_cipher.c    | 40 +++++++++++++++----
- 1 file changed, 33 insertions(+), 7 deletions(-)
-
-diff --git a/components/service/crypto/client/psa/psa_cipher.c b/components/service/crypto/client/psa/psa_cipher.c
-index 3ab8ea21..111af829 100644
---- a/components/service/crypto/client/psa/psa_cipher.c
-+++ b/components/service/crypto/client/psa/psa_cipher.c
-@@ -8,7 +8,6 @@
- #include "psa_crypto_client.h"
- #include "crypto_caller_selector.h"
- 
--
- psa_status_t psa_cipher_encrypt_setup(psa_cipher_operation_t *operation,
- 	psa_key_id_t key,
- 	psa_algorithm_t alg)
-@@ -171,9 +170,16 @@ psa_status_t psa_cipher_encrypt(psa_key_id_t key,
- 
- 	if (psa_status == PSA_SUCCESS) {
- 
-+		size_t ciphertext_len = 0;
-+		size_t iv_len = 0;
-+
-+		psa_cipher_generate_iv(&operation, output, output_size, &iv_len);
-+
- 		psa_status = multi_cipher_update(&operation,
- 			input, input_length,
--			output, output_size, output_length);
-+			&output[iv_len], output_size - iv_len, &ciphertext_len);
-+
-+		*output_length = iv_len + ciphertext_len;
- 	}
- 
- 	return psa_status;
-@@ -187,14 +193,34 @@ psa_status_t psa_cipher_decrypt(psa_key_id_t key,
- 	size_t output_size,
- 	size_t *output_length)
- {
--	psa_cipher_operation_t operation = psa_cipher_operation_init();
--	psa_status_t psa_status = psa_cipher_decrypt_setup(&operation, key, alg);
-+	psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-+	psa_status_t psa_status = psa_get_key_attributes(key, &attributes);
- 
- 	if (psa_status == PSA_SUCCESS) {
- 
--		psa_status = multi_cipher_update(&operation,
--			input, input_length,
--			output, output_size, output_length);
-+		psa_cipher_operation_t operation = psa_cipher_operation_init();
-+		psa_status = psa_cipher_decrypt_setup(&operation, key, alg);
-+
-+		if (psa_status == PSA_SUCCESS) {
-+
-+			size_t iv_len = PSA_CIPHER_IV_LENGTH(psa_get_key_type(&attributes), alg);
-+
-+			if (input_length >= iv_len) {
-+
-+				psa_cipher_set_iv(&operation, input, iv_len);
-+
-+				psa_status = multi_cipher_update(&operation,
-+					&input[iv_len], input_length - iv_len,
-+					output, output_size, output_length);
-+			}
-+			else {
-+
-+				psa_cipher_abort(&operation);
-+				psa_status = PSA_ERROR_INVALID_ARGUMENT;
-+			}
-+		}
-+
-+		psa_reset_key_attributes(&attributes);
- 	}
- 
- 	return psa_status;
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0040-Fix-multi-part-termination-on-error.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0040-Fix-multi-part-termination-on-error.patch
deleted file mode 100644
index bdafcea..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0040-Fix-multi-part-termination-on-error.patch
+++ /dev/null
@@ -1,241 +0,0 @@
-From 07277e2ab4b54e5844c28f0cb33e64a91aa5f492 Mon Sep 17 00:00:00 2001
-From: Julian Hall <julian.hall@arm.com>
-Date: Wed, 16 Feb 2022 10:37:04 +0000
-Subject: [PATCH] Fix multi-part termination on error
-
-For multi-part operations, the PSA Crypto API specifies that if
-the final operation does not return PSA_SUCCESS, the abort
-operaion must be called by a client to clean-up the operation.
-This change modifies behaviour in-line with the API definition.
-
-Signed-off-by: Julian Hall <julian.hall@arm.com>
-Change-Id: Ia3d3ec004164647a7ab5988cac45c39c22e76e9a
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
-
-
----
- components/service/crypto/client/psa/psa_aead.c       |  8 ++++++++
- components/service/crypto/client/psa/psa_cipher.c     |  4 ++++
- components/service/crypto/client/psa/psa_hash.c       | 10 ++++++++++
- components/service/crypto/client/psa/psa_mac.c        | 10 ++++++++++
- .../crypto/provider/extension/aead/aead_provider.c    | 10 +++++-----
- .../provider/extension/cipher/cipher_provider.c       |  6 +++---
- .../crypto/provider/extension/hash/hash_provider.c    |  6 +++---
- .../crypto/provider/extension/mac/mac_provider.c      | 11 +++++++----
- 8 files changed, 50 insertions(+), 15 deletions(-)
-
-diff --git a/components/service/crypto/client/psa/psa_aead.c b/components/service/crypto/client/psa/psa_aead.c
-index e4579e63..559eb6a3 100644
---- a/components/service/crypto/client/psa/psa_aead.c
-+++ b/components/service/crypto/client/psa/psa_aead.c
-@@ -241,6 +241,10 @@ psa_status_t psa_aead_encrypt(psa_key_id_t key,
- 
- 			*aeadtext_length = bytes_output + remaining_aead_len + tag_len;
- 		}
-+		else {
-+
-+			psa_aead_abort(&operation);
-+		}
- 	}
- 	else {
- 
-@@ -292,6 +296,10 @@ psa_status_t psa_aead_decrypt(psa_key_id_t key,
- 
- 			*plaintext_length = bytes_output + remaining_plaintext_len;
- 		}
-+		else {
-+
-+			psa_aead_abort(&operation);
-+		}
- 	}
- 	else {
- 
-diff --git a/components/service/crypto/client/psa/psa_cipher.c b/components/service/crypto/client/psa/psa_cipher.c
-index 111af829..4e4264b6 100644
---- a/components/service/crypto/client/psa/psa_cipher.c
-+++ b/components/service/crypto/client/psa/psa_cipher.c
-@@ -146,6 +146,10 @@ static psa_status_t multi_cipher_update(psa_cipher_operation_t *operation,
- 
- 				*output_length = bytes_output + finish_output_len;
- 			}
-+			else {
-+
-+				psa_cipher_abort(operation);
-+			}
- 		}
- 		else {
- 
-diff --git a/components/service/crypto/client/psa/psa_hash.c b/components/service/crypto/client/psa/psa_hash.c
-index 83278de6..e5dd0030 100644
---- a/components/service/crypto/client/psa/psa_hash.c
-+++ b/components/service/crypto/client/psa/psa_hash.c
-@@ -137,6 +137,11 @@ psa_status_t psa_hash_compare(psa_algorithm_t alg,
- 	if (psa_status == PSA_SUCCESS) {
- 
- 		psa_status = psa_hash_verify(&operation, hash, hash_length);
-+
-+		if (psa_status != PSA_SUCCESS) {
-+
-+			psa_hash_abort(&operation);
-+		}
- 	}
- 
- 	return psa_status;
-@@ -155,6 +160,11 @@ psa_status_t psa_hash_compute(psa_algorithm_t alg,
- 	if (psa_status == PSA_SUCCESS) {
- 
- 		psa_status = psa_hash_finish(&operation, hash, hash_size, hash_length);
-+
-+		if (psa_status != PSA_SUCCESS) {
-+
-+			psa_hash_abort(&operation);
-+		}
- 	}
- 
- 	return psa_status;
-diff --git a/components/service/crypto/client/psa/psa_mac.c b/components/service/crypto/client/psa/psa_mac.c
-index 5c5eb32a..a3db8644 100644
---- a/components/service/crypto/client/psa/psa_mac.c
-+++ b/components/service/crypto/client/psa/psa_mac.c
-@@ -129,6 +129,11 @@ psa_status_t psa_mac_verify(psa_key_id_t key,
- 	if (psa_status == PSA_SUCCESS) {
- 
- 		psa_status = psa_mac_verify_finish(&operation, mac, mac_length);
-+
-+		if (psa_status != PSA_SUCCESS) {
-+
-+			psa_mac_abort(&operation);
-+		}
- 	}
- 
- 	return psa_status;
-@@ -153,6 +158,11 @@ psa_status_t psa_mac_compute(psa_key_id_t key,
- 	if (psa_status == PSA_SUCCESS) {
- 
- 		psa_status = psa_mac_sign_finish(&operation, mac, mac_size, mac_length);
-+
-+		if (psa_status != PSA_SUCCESS) {
-+
-+			psa_mac_abort(&operation);
-+		}
- 	}
- 
- 	return psa_status;
-diff --git a/components/service/crypto/provider/extension/aead/aead_provider.c b/components/service/crypto/provider/extension/aead/aead_provider.c
-index f4e81a03..14a25436 100644
---- a/components/service/crypto/provider/extension/aead/aead_provider.c
-+++ b/components/service/crypto/provider/extension/aead/aead_provider.c
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -369,9 +369,9 @@ static rpc_status_t aead_finish_handler(void *context, struct call_req *req)
- 				rpc_status = serializer->serialize_aead_finish_resp(resp_buf,
- 					ciphertext, ciphertext_len,
- 					tag, tag_len);
--			}
- 
--			crypto_context_pool_free(&this_instance->context_pool, crypto_context);
-+				crypto_context_pool_free(&this_instance->context_pool, crypto_context);
-+			}
- 		}
- 
- 		call_req_set_opstatus(req, psa_status);
-@@ -418,9 +418,9 @@ static rpc_status_t aead_verify_handler(void *context, struct call_req *req)
- 				struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
- 				rpc_status = serializer->serialize_aead_verify_resp(resp_buf,
- 					plaintext, plaintext_len);
--			}
- 
--			crypto_context_pool_free(&this_instance->context_pool, crypto_context);
-+				crypto_context_pool_free(&this_instance->context_pool, crypto_context);
-+			}
- 		}
- 
- 		call_req_set_opstatus(req, psa_status);
-diff --git a/components/service/crypto/provider/extension/cipher/cipher_provider.c b/components/service/crypto/provider/extension/cipher/cipher_provider.c
-index 8e7a86de..a5dd0371 100644
---- a/components/service/crypto/provider/extension/cipher/cipher_provider.c
-+++ b/components/service/crypto/provider/extension/cipher/cipher_provider.c
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -283,9 +283,9 @@ static rpc_status_t cipher_finish_handler(void *context, struct call_req* req)
- 
- 				struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
- 				rpc_status = serializer->serialize_cipher_finish_resp(resp_buf, output, output_len);
--			}
- 
--			crypto_context_pool_free(&this_instance->context_pool, crypto_context);
-+				crypto_context_pool_free(&this_instance->context_pool, crypto_context);
-+			}
- 		}
- 
- 		call_req_set_opstatus(req, psa_status);
-diff --git a/components/service/crypto/provider/extension/hash/hash_provider.c b/components/service/crypto/provider/extension/hash/hash_provider.c
-index 2c560513..fd39d440 100644
---- a/components/service/crypto/provider/extension/hash/hash_provider.c
-+++ b/components/service/crypto/provider/extension/hash/hash_provider.c
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -179,9 +179,9 @@ static rpc_status_t hash_finish_handler(void *context, struct call_req* req)
- 
- 				struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
- 				rpc_status = serializer->serialize_hash_finish_resp(resp_buf, hash, hash_len);
--			}
- 
--			crypto_context_pool_free(&this_instance->context_pool, crypto_context);
-+				crypto_context_pool_free(&this_instance->context_pool, crypto_context);
-+			}
- 		}
- 
- 		call_req_set_opstatus(req, psa_status);
-diff --git a/components/service/crypto/provider/extension/mac/mac_provider.c b/components/service/crypto/provider/extension/mac/mac_provider.c
-index 96fe4cf3..eef55586 100644
---- a/components/service/crypto/provider/extension/mac/mac_provider.c
-+++ b/components/service/crypto/provider/extension/mac/mac_provider.c
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -181,9 +181,9 @@ static rpc_status_t mac_sign_finish_handler(void *context, struct call_req* req)
- 
- 				struct call_param_buf *resp_buf = call_req_get_resp_buf(req);
- 				rpc_status = serializer->serialize_mac_sign_finish_resp(resp_buf, mac, mac_len);
--			}
- 
--			crypto_context_pool_free(&this_instance->context_pool, crypto_context);
-+				crypto_context_pool_free(&this_instance->context_pool, crypto_context);
-+			}
- 		}
- 
- 		call_req_set_opstatus(req, psa_status);
-@@ -220,7 +220,10 @@ static rpc_status_t mac_verify_finish_handler(void *context, struct call_req* re
- 
- 			psa_status = psa_mac_verify_finish(&crypto_context->op.mac, mac, mac_len);
- 
--			crypto_context_pool_free(&this_instance->context_pool, crypto_context);
-+			if (psa_status == PSA_SUCCESS) {
-+
-+				crypto_context_pool_free(&this_instance->context_pool, crypto_context);
-+			}
- 		}
- 
- 		call_req_set_opstatus(req, psa_status);
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0041-Abort-AEAD-operation-if-client-provided-buffer-is-to.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0041-Abort-AEAD-operation-if-client-provided-buffer-is-to.patch
deleted file mode 100644
index 6a11552..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0041-Abort-AEAD-operation-if-client-provided-buffer-is-to.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 92987ec20beedb44d08d429947958c1c068d815c Mon Sep 17 00:00:00 2001
-From: Julian Hall <julian.hall@arm.com>
-Date: Wed, 16 Feb 2022 11:36:09 +0000
-Subject: [PATCH] Abort AEAD operation if client provided buffer is too small
-
-To enable PSA Arch test c258 to pass, handling is added in the
-PSA API client adaptor for AEAD (psa_aead.c) to abort an AEAD
-operation if an update operation is performed but the client
-provided buffer for the output is too small.
-
-Signed-off-by: Julian Hall <julian.hall@arm.com>
-Change-Id: Ib4b26ebc0a83a8928e1b643fba4becd935f6deb0
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
-
-
----
- components/service/crypto/client/psa/psa_aead.c | 14 +++++++++++++-
- 1 file changed, 13 insertions(+), 1 deletion(-)
-
-diff --git a/components/service/crypto/client/psa/psa_aead.c b/components/service/crypto/client/psa/psa_aead.c
-index 559eb6a3..c820d222 100644
---- a/components/service/crypto/client/psa/psa_aead.c
-+++ b/components/service/crypto/client/psa/psa_aead.c
-@@ -74,10 +74,22 @@ psa_status_t psa_aead_update(psa_aead_operation_t *operation,
- 	size_t output_size,
- 	size_t *output_length)
- {
--	return crypto_caller_aead_update(&psa_crypto_client_instance.base,
-+	psa_status_t status = crypto_caller_aead_update(&psa_crypto_client_instance.base,
- 		operation->handle,
- 		input, input_length,
- 		output, output_size, output_length);
-+
-+	/*
-+	 * If too small a buffer has been provided for the output, the operation
-+	 * state will have been updated but the result can't be put anywhere. This
-+	 * is an unrecoveral condition so abort the operation.
-+	 */
-+	if (status == PSA_ERROR_BUFFER_TOO_SMALL) {
-+
-+		psa_aead_abort(operation);
-+	}
-+
-+	return status;
- }
- 
- psa_status_t psa_aead_finish(psa_aead_operation_t *operation,
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0042-Peg-to-updated-t_cose-version-fc3a4b2c.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0042-Peg-to-updated-t_cose-version-fc3a4b2c.patch
deleted file mode 100644
index fedb79c..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0042-Peg-to-updated-t_cose-version-fc3a4b2c.patch
+++ /dev/null
@@ -1,94 +0,0 @@
-From 75c0689513e7da7fb26bf23c1da4e1aa49783d46 Mon Sep 17 00:00:00 2001
-From: Julian Hall <julian.hall@arm.com>
-Date: Tue, 11 Jan 2022 09:43:52 +0000
-Subject: [PATCH] Peg to updated t_cose version fc3a4b2c
-
-The current version of TS fails to build due to a regression introduced
-by a new t_cose version in the upstream project.
-The issue is caused by the t_cose external component incorrectly using
-tip of master as the upstream version id, which makes strict dependency
-control impossible. Change the upstream version id to an SHA, to enable
-controlling compatibility issues introduced by future upstream updates.
-
-At the same time update the dependency to the current latest version.
-The upstream project is now compatile with mbedtls 3.0.0 API changes
-so the previously required compatibility patch has been removed.
-
-Signed-off-by: Julian Hall <julian.hall@arm.com>
-Change-Id: I9491a5210904cc369846da2af45b0f7e5913bed8
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
-
-
----
- .../0002-add-tls3_0_0-compatibility.patch     | 31 -------------------
- external/t_cose/t_cose.cmake                  |  5 ++-
- 2 files changed, 2 insertions(+), 34 deletions(-)
- delete mode 100644 external/t_cose/0002-add-tls3_0_0-compatibility.patch
-
-diff --git a/external/t_cose/0002-add-tls3_0_0-compatibility.patch b/external/t_cose/0002-add-tls3_0_0-compatibility.patch
-deleted file mode 100644
-index 20a7d131..00000000
---- a/external/t_cose/0002-add-tls3_0_0-compatibility.patch
-+++ /dev/null
-@@ -1,31 +0,0 @@
--diff --git a/crypto_adapters/t_cose_psa_crypto.c b/crypto_adapters/t_cose_psa_crypto.c
--index 49c5b60..3aa7b58 100644
----- a/crypto_adapters/t_cose_psa_crypto.c
--+++ b/crypto_adapters/t_cose_psa_crypto.c
--@@ -99,7 +99,7 @@ static enum t_cose_err_t psa_status_to_t_cose_error_signing(psa_status_t err)
--            err == PSA_ERROR_INVALID_SIGNATURE   ? T_COSE_ERR_SIG_VERIFY :
--            err == PSA_ERROR_NOT_SUPPORTED       ? T_COSE_ERR_UNSUPPORTED_SIGNING_ALG:
--            err == PSA_ERROR_INSUFFICIENT_MEMORY ? T_COSE_ERR_INSUFFICIENT_MEMORY :
---           err == PSA_ERROR_TAMPERING_DETECTED  ? T_COSE_ERR_TAMPERING_DETECTED :
--+           err == PSA_ERROR_CORRUPTION_DETECTED ? T_COSE_ERR_TAMPERING_DETECTED :
--                                                   T_COSE_ERR_SIG_FAIL;
-- }
-- 
--@@ -152,7 +152,7 @@ t_cose_crypto_pub_key_verify(int32_t               cose_algorithm_id,
--      * Crypto ceases providing backwards compatibility then this code
--      * has to be changed to use psa_verify_hash().
--      */
---    psa_result = psa_asymmetric_verify(verification_key_psa,
--+    psa_result = psa_verify_hash(verification_key_psa,
--                                        psa_alg_id,
--                                        hash_to_verify.ptr,
--                                        hash_to_verify.len,
--@@ -212,7 +212,7 @@ t_cose_crypto_pub_key_sign(int32_t                cose_algorithm_id,
--      * providing backwards compatibility then this code has to be
--      * changed to use psa_sign_hash().
--      */
---    psa_result = psa_asymmetric_sign(signing_key_psa,
--+    psa_result = psa_sign_hash(signing_key_psa,
--                                      psa_alg_id,
--                                      hash_to_sign.ptr,
--                                      hash_to_sign.len,
-diff --git a/external/t_cose/t_cose.cmake b/external/t_cose/t_cose.cmake
-index 660824bd..9321466f 100644
---- a/external/t_cose/t_cose.cmake
-+++ b/external/t_cose/t_cose.cmake
-@@ -1,5 +1,5 @@
- #-------------------------------------------------------------------------------
--# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+# Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
- #
- # SPDX-License-Identifier: BSD-3-Clause
- #
-@@ -16,7 +16,7 @@ endif()
- 
- # External component details
- set(T_COSE_URL "https://github.com/laurencelundblade/t_cose.git" CACHE STRING "t_cose repository URL")
--set(T_COSE_REFSPEC "master" CACHE STRING "t_cose git refspec")
-+set(T_COSE_REFSPEC "fc3a4b2c7196ff582e8242de8bd4a1bc4eec577f" CACHE STRING "t_cose git refspec")
- set(T_COSE_INSTALL_PATH "${CMAKE_CURRENT_BINARY_DIR}/t_cose_install" CACHE PATH "t_cose installation directory")
- set(T_COSE_PACKAGE_PATH "${T_COSE_INSTALL_PATH}/libt_cose/cmake" CACHE PATH "t_cose CMake package directory")
- 
-@@ -37,7 +37,6 @@ FetchContent_Declare(
- 
- 	PATCH_COMMAND git stash
- 		COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0001-add-install-definition.patch
--		COMMAND git apply ${CMAKE_CURRENT_LIST_DIR}/0002-add-tls3_0_0-compatibility.patch
- 		COMMAND git reset HEAD~1
- 
- )
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0043-pass-sysroot_yocto.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0043-pass-sysroot_yocto.patch
deleted file mode 100644
index 64ac094..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0043-pass-sysroot_yocto.patch
+++ /dev/null
@@ -1,110 +0,0 @@
-From 24436d459ddde697c89ff947c821cec9c5e0906e Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Wed, 16 Feb 2022 15:55:55 +0000
-Subject: [PATCH] pass sysroot_yocto
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
-
-
----
- deployments/libts/libts-import.cmake         |  3 +++
- external/MbedTLS/MbedTLS.cmake               |  1 +
- external/psa_arch_tests/psa_arch_tests.cmake | 25 +++++++++++++-------
- 3 files changed, 20 insertions(+), 9 deletions(-)
-
-diff --git a/deployments/libts/libts-import.cmake b/deployments/libts/libts-import.cmake
-index 792ba86c..b900ce3f 100644
---- a/deployments/libts/libts-import.cmake
-+++ b/deployments/libts/libts-import.cmake
-@@ -27,9 +27,12 @@ set(LIBTS_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/libts-build" CACHE PATH
- 
- file(MAKE_DIRECTORY ${LIBTS_BINARY_DIR})
- 
-+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --sysroot=${SYSROOT_YOCTO}")
-+
- #Configure the library
- execute_process(COMMAND
- 	${CMAKE_COMMAND}
-+                -DCMAKE_SYSROOT=${SYSROOT_YOCTO}
- 		-DCMAKE_INSTALL_PREFIX=${LIBTS_INSTALL_PATH}
- 		-GUnix\ Makefiles
- 		${LIBTS_SOURCE_DIR}
-diff --git a/external/MbedTLS/MbedTLS.cmake b/external/MbedTLS/MbedTLS.cmake
-index 3350d8a0..33467cf0 100644
---- a/external/MbedTLS/MbedTLS.cmake
-+++ b/external/MbedTLS/MbedTLS.cmake
-@@ -103,6 +103,7 @@ if (NOT MBEDCRYPTO_LIB_FILE)
- 	execute_process(COMMAND
- 		${CMAKE_COMMAND} -E env CROSS_COMPILE=${CROSS_COMPILE}
- 			${CMAKE_COMMAND}
-+                                -DCMAKE_SYSROOT=${SYSROOT_YOCTO}
- 				-DENABLE_PROGRAMS=OFF
- 				-DENABLE_TESTING=OFF
- 				-DUNSAFE_BUILD=ON
-diff --git a/external/psa_arch_tests/psa_arch_tests.cmake b/external/psa_arch_tests/psa_arch_tests.cmake
-index f6d2fb9f..42f73a37 100644
---- a/external/psa_arch_tests/psa_arch_tests.cmake
-+++ b/external/psa_arch_tests/psa_arch_tests.cmake
-@@ -5,30 +5,33 @@
- #
- #-------------------------------------------------------------------------------
- 
--# Temporarily using modified tests used for tf-m verification
-+# Determine the number of processes to run while running parallel builds.
-+# Pass -DPROCESSOR_COUNT=<n> to cmake to override.
-+if(NOT DEFINED PROCESSOR_COUNT)
-+	include(ProcessorCount)
-+	ProcessorCount(PROCESSOR_COUNT)
-+	set(PROCESSOR_COUNT ${PROCESSOR_COUNT} CACHE STRING "Number of cores to use for parallel builds.")
-+endif()
-+
- set(PSA_ARCH_TESTS_URL "https://github.com/bensze01/psa-arch-tests.git" CACHE STRING "psa-arch-tests repository URL")
- set(PSA_ARCH_TESTS_REFSPEC "fix-multipart-aead" CACHE STRING "psa-arch-tests git refspec")
--
--#set(PSA_ARCH_TESTS_URL "https://github.com/ARM-software/psa-arch-tests.git" CACHE STRING "psa-arch-tests repository URL")
--#set(PSA_ARCH_TESTS_REFSPEC "2a1852252a9b9af655cbe02d5d3c930952d0d798" CACHE STRING "psa-arch-tests v22.01_API1.4_ADAC_BETA")
- set(PSA_ARCH_TESTS_INSTALL_PATH "${CMAKE_CURRENT_BINARY_DIR}/psa-arch-tests_install" CACHE PATH "psa-arch-tests installation directory")
- set(PSA_ARCH_TESTS_PACKAGE_PATH "${PSA_ARCH_TESTS_INSTALL_PATH}/libpsa-arch-tests/cmake" CACHE PATH "psa-arch-tests CMake package directory")
--set(PSA_ARCH_TESTS_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/psa_arch_tests-src" CACHE PATH "psa-arch-tests source.")
-+
-+include(FetchContent)
- 
- # Checking git
- find_program(GIT_COMMAND "git")
- if (NOT GIT_COMMAND)
- 	message(FATAL_ERROR "Please install git")
- endif()
--
-+if ("${PSA_ARCH_TESTS_PATH}" STREQUAL "DOWNLOAD")
- # Fetching psa-arch-tests
- FetchContent_Declare(
- 	psa-arch-tests
- 	GIT_REPOSITORY ${PSA_ARCH_TESTS_URL}
- 	GIT_TAG ${PSA_ARCH_TESTS_REFSPEC}
- 	GIT_SHALLOW TRUE
--	PATCH_COMMAND git stash
--		COMMAND git apply ${CMAKE_CURRENT_LIST_DIR}/modify_attest_config.patch
- )
- 
- # FetchContent_GetProperties exports psa-arch-tests_SOURCE_DIR and psa-arch-tests_BINARY_DIR variables
-@@ -37,7 +40,10 @@ if(NOT psa-arch-tests_POPULATED)
- 	message(STATUS "Fetching psa-arch-tests")
- 	FetchContent_Populate(psa-arch-tests)
- endif()
--
-+else()
-+    set(psa-arch-tests_SOURCE_DIR "${TS_ROOT}/../psa-arch-tests")
-+    set(psa-arch-tests_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}")
-+endif()
- # Ensure list of include paths is separated correctly
- string(REPLACE ";" "\\;" PSA_ARCH_TESTS_EXTERNAL_INCLUDE_PATHS "${PSA_ARCH_TESTS_EXTERNAL_INCLUDE_PATHS}")
- 
-@@ -47,6 +53,7 @@ string(REPLACE ";" " " PSA_ARCH_TEST_EXTERNAL_DEFS "${PSA_ARCH_TEST_EXTERNAL_DEF
- # Configure the psa-arch-test library
- execute_process(COMMAND
- 	${CMAKE_COMMAND}
-+			-DCMAKE_SYSROOT=${SYSROOT_YOCTO}
- 			-DTOOLCHAIN=INHERIT
- 			-DCMAKE_TOOLCHAIN_FILE=${TS_EXTERNAL_LIB_TOOLCHAIN_FILE}
- 			-DPSA_INCLUDE_PATHS=${PSA_ARCH_TESTS_EXTERNAL_INCLUDE_PATHS}
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0044-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0044-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch
deleted file mode 100644
index 68d0a97..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0044-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 0a0007d594db2fceed413cd73e7f08dd8d8ddd57 Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Sun, 13 Feb 2022 09:01:10 +0000
-Subject: [PATCH] Fix: Crypto interface structure aligned with tf-m change.
-
-NO NEED TO RAISE PR: The PR for this FIX  is raied by Emek.
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
-
-
----
- components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-index c13c20e8..ec25eaf8 100644
---- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-@@ -38,7 +38,8 @@ struct psa_ipc_crypto_pack_iovec {
- 				      *   multipart operation
- 				      */
- 	uint32_t capacity;             /*!< Key derivation capacity */
--
-+	uint32_t ad_length;            /*!< Additional Data length for multipart AEAD */
-+	uint32_t plaintext_length;     /*!< Plaintext length for multipart AEAD */
- 	struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for
- 							    *   AEAD until the API is
- 							    *   restructured
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0045-Integrate-remaining-psa-ipc-client-APIs.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0045-Integrate-remaining-psa-ipc-client-APIs.patch
deleted file mode 100644
index a08ab32..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0045-Integrate-remaining-psa-ipc-client-APIs.patch
+++ /dev/null
@@ -1,494 +0,0 @@
-From b8060d9e15b1b910cf9b466a3f43088c71d7a38f Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Sun, 13 Feb 2022 09:49:51 +0000
-Subject: [PATCH] Integrate remaining psa-ipc client APIs.
-
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
-
-
----
- .../caller/psa_ipc/crypto_caller_aead.h       | 297 +++++++++++++++++-
- .../caller/psa_ipc/crypto_caller_sign_hash.h  |  35 +++
- .../psa_ipc/crypto_caller_verify_hash.h       |  33 +-
- 3 files changed, 352 insertions(+), 13 deletions(-)
-
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-index 78517fe3..f6aadd8b 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-@@ -152,7 +152,27 @@ static inline psa_status_t crypto_caller_aead_encrypt_setup(
- 					    psa_key_id_t key,
- 					    psa_algorithm_t alg)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
-+	    .key_id = key,
-+	    .alg = alg,
-+	    .op_handle = (*op_handle),
-+	};
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t)}
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_decrypt_setup(
-@@ -161,7 +181,26 @@ static inline psa_status_t crypto_caller_aead_decrypt_setup(
- 					    psa_key_id_t key,
- 					    psa_algorithm_t alg)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
-+	    .key_id = key,
-+	    .alg = alg,
-+	    .op_handle = (*op_handle),
-+	};
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t)}
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_generate_nonce(
-@@ -171,7 +210,27 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
- 					     size_t nonce_size,
- 					     size_t *nonce_length)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
-+	    .op_handle = op_handle,
-+	};
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
-+	    {.base = psa_ptr_to_u32(nonce), .len = nonce_size}
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*nonce_length = out_vec[1].len;
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_set_nonce(
-@@ -180,7 +239,25 @@ static inline psa_status_t crypto_caller_aead_set_nonce(
- 						const uint8_t *nonce,
- 						size_t nonce_length)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
-+	    .op_handle = op_handle,
-+	};
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	    {.base = psa_ptr_to_u32(nonce), .len = nonce_length}
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_set_lengths(
-@@ -189,7 +266,27 @@ static inline psa_status_t crypto_caller_aead_set_lengths(
- 					  size_t ad_length,
- 					  size_t plaintext_length)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
-+	    .ad_length = ad_length,
-+	    .plaintext_length = plaintext_length,
-+	    .op_handle = op_handle,
-+	};
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_update_ad(
-@@ -198,7 +295,35 @@ static inline psa_status_t crypto_caller_aead_update_ad(
- 						const uint8_t *input,
- 						size_t input_length)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
-+	    .op_handle = op_handle,
-+	};
-+
-+	/* Sanitize the optional input */
-+	if ((input == NULL) && (input_length != 0)) {
-+	    return PSA_ERROR_INVALID_ARGUMENT;
-+	}
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	    {.base = psa_ptr_const_to_u32(input), .len = input_length}
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}
-+	};
-+
-+	size_t in_len = IOVEC_LEN(in_vec);
-+
-+	if (input == NULL) {
-+	    in_len--;
-+	}
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   in_len, out_vec, IOVEC_LEN(out_vec));
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_update(
-@@ -210,7 +335,38 @@ static inline psa_status_t crypto_caller_aead_update(
- 					     size_t output_size,
- 					     size_t *output_length)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID,
-+	    .op_handle = op_handle,
-+	};
-+
-+	/* Sanitize the optional input */
-+	if ((input == NULL) && (input_length != 0)) {
-+	    return PSA_ERROR_INVALID_ARGUMENT;
-+	}
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	    {.base = psa_ptr_const_to_u32(input), .len = input_length}
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
-+	    {.base = psa_ptr_const_to_u32(output), .len = output_size},
-+	};
-+
-+	size_t in_len = IOVEC_LEN(in_vec);
-+
-+	if (input == NULL) {
-+	    in_len--;
-+	}
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   in_len, out_vec, IOVEC_LEN(out_vec));
-+
-+	*output_length = out_vec[1].len;
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_finish(
-@@ -223,7 +379,48 @@ static inline psa_status_t crypto_caller_aead_finish(
- 					     size_t tag_size,
- 					     size_t *tag_length)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_FINISH_SID,
-+	    .op_handle = op_handle,
-+	};
-+
-+	/* Sanitize the optional output */
-+	if ((aeadtext == NULL) && (aeadtext_size != 0)) {
-+	    return PSA_ERROR_INVALID_ARGUMENT;
-+	}
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
-+	    {.base = psa_ptr_const_to_u32(tag), .len = tag_size},
-+	    {.base = psa_ptr_const_to_u32(aeadtext), .len = aeadtext_size}
-+	};
-+
-+	size_t out_len = IOVEC_LEN(out_vec);
-+
-+	if (aeadtext == NULL || aeadtext_size == 0) {
-+	    out_len--;
-+	}
-+	if ((out_len == 3) && (aeadtext_length == NULL)) {
-+	    return PSA_ERROR_INVALID_ARGUMENT;
-+	}
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, out_len);
-+
-+	*tag_length = out_vec[1].len;
-+
-+	if (out_len == 3) {
-+	    *aeadtext_length = out_vec[2].len;
-+	} else {
-+	    *aeadtext_length = 0;
-+	}
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_verify(
-@@ -235,14 +432,94 @@ static inline psa_status_t crypto_caller_aead_verify(
- 					     const uint8_t *tag,
- 					     size_t tag_length)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID,
-+	    .op_handle = op_handle,
-+	};
-+
-+	/* Sanitize the optional output */
-+	if ((plaintext == NULL) && (plaintext_size != 0)) {
-+	    return PSA_ERROR_INVALID_ARGUMENT;
-+	}
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	    {.base = psa_ptr_const_to_u32(tag), .len = tag_length}
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
-+	    {.base = psa_ptr_const_to_u32(plaintext), .len = plaintext_size},
-+	};
-+
-+	size_t out_len = IOVEC_LEN(out_vec);
-+
-+	if (plaintext == NULL || plaintext_size == 0) {
-+	    out_len--;
-+	}
-+	if ((out_len == 2) && (plaintext_length == NULL)) {
-+	    return PSA_ERROR_INVALID_ARGUMENT;
-+	}
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, out_len);
-+
-+	if (out_len == 2) {
-+	    *plaintext_length = out_vec[1].len;
-+	} else {
-+	    *plaintext_length = 0;
-+	}
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_abort(
- 					    struct service_client *context,
- 					    uint32_t op_handle)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_ABORT_SID,
-+	    .op_handle = op_handle,
-+	};
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+	return status;
-+}
-+
-+static inline size_t crypto_caller_aead_max_update_size(const struct service_client *context)
-+{
-+       /* Returns the maximum number of bytes that may be
-+        * carried as a parameter of the mac_update operation
-+        *  using the packed-c encoding.
-+        */
-+       size_t payload_space = context->service_info.max_payload;
-+       size_t overhead = iov_size;
-+
-+       return (payload_space > overhead) ? payload_space - overhead : 0;
-+}
-+
-+static inline size_t crypto_caller_aead_max_update_ad_size(const struct service_client *context)
-+{
-+	/* Returns the maximum number of bytes that may be
-+	 * carried as a parameter of the mac_update operation
-+	 *  using the packed-c encoding.
-+	 */
-+	size_t payload_space = context->service_info.max_payload;
-+	size_t overhead = iov_size;
-+
-+	return (payload_space > overhead) ? payload_space - overhead : 0;
- }
- 
- #ifdef __cplusplus
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-index 71d88ced..e4a2b167 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-@@ -57,6 +57,41 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex
- 	return status;
- }
- 
-+static inline psa_status_t crypto_caller_sign_message(struct service_client *context,
-+						   psa_key_id_t id,
-+						   psa_algorithm_t alg,
-+						   const uint8_t *hash,
-+						   size_t hash_length,
-+						   uint8_t *signature,
-+						   size_t signature_size,
-+						   size_t *signature_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_SIGN_MESSAGE_SID,
-+		.key_id = id,
-+		.alg = alg,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(hash), .len = hash_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(signature), .len = signature_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*signature_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-index e16f6e54..cc9279ee 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-@@ -24,19 +24,20 @@
- extern "C" {
- #endif
- 
--static inline psa_status_t crypto_caller_verify_hash(struct service_client *context,
-+static inline psa_status_t crypto_caller_common(struct service_client *context,
- 						     psa_key_id_t id,
- 						     psa_algorithm_t alg,
- 						     const uint8_t *hash,
- 						     size_t hash_length,
- 						     const uint8_t *signature,
--						     size_t signature_length)
-+						     size_t signature_length,
-+						     uint32_t sfn_id)
- {
- 	struct service_client *ipc = context;
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_VERIFY_HASH_SID,
-+		.sfn_id = sfn_id,
- 		.key_id = id,
- 		.alg = alg,
- 	};
-@@ -52,6 +53,32 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont
- 	return status;
- }
- 
-+static inline psa_status_t crypto_caller_verify_hash(struct service_client *context,
-+						     psa_key_id_t id,
-+						     psa_algorithm_t alg,
-+						     const uint8_t *hash,
-+						     size_t hash_length,
-+						     const uint8_t *signature,
-+						     size_t signature_length)
-+{
-+
-+	return crypto_caller_common(context,id,alg,hash,hash_length,
-+			signature,signature_length, TFM_CRYPTO_VERIFY_HASH_SID);
-+}
-+
-+static inline psa_status_t crypto_caller_verify_message(struct service_client *context,
-+						     psa_key_id_t id,
-+						     psa_algorithm_t alg,
-+						     const uint8_t *hash,
-+						     size_t hash_length,
-+						     const uint8_t *signature,
-+						     size_t signature_length)
-+{
-+
-+	return crypto_caller_common(context,id,alg,hash,hash_length,
-+			signature,signature_length, TFM_CRYPTO_VERIFY_MESSAGE_SID);
-+}
-+
- #ifdef __cplusplus
- }
- #endif
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0046-Fix-update-psa_set_key_usage_flags-definition-to-the.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0046-Fix-update-psa_set_key_usage_flags-definition-to-the.patch
deleted file mode 100644
index 4bd846d..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0046-Fix-update-psa_set_key_usage_flags-definition-to-the.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From a037ef21c0334117ad0741776a4b7b6e1a428d19 Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Mon, 14 Feb 2022 17:52:00 +0000
-Subject: [PATCH] Fix : update psa_set_key_usage_flags definition to the latest
- from the tf-m
-
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
-
-
----
- components/service/crypto/include/psa/crypto_struct.h | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/components/service/crypto/include/psa/crypto_struct.h b/components/service/crypto/include/psa/crypto_struct.h
-index 1bc55e37..b4a7ed4b 100644
---- a/components/service/crypto/include/psa/crypto_struct.h
-+++ b/components/service/crypto/include/psa/crypto_struct.h
-@@ -155,9 +155,19 @@ static inline psa_key_lifetime_t psa_get_key_lifetime(
-     return( attributes->lifetime );
- }
- 
-+static inline void psa_extend_key_usage_flags( psa_key_usage_t *usage_flags )
-+{
-+    if( *usage_flags & PSA_KEY_USAGE_SIGN_HASH )
-+        *usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE;
-+
-+    if( *usage_flags & PSA_KEY_USAGE_VERIFY_HASH )
-+        *usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE;
-+}
-+
- static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
-                                            psa_key_usage_t usage_flags)
- {
-+    psa_extend_key_usage_flags( &usage_flags );
-     attributes->usage = usage_flags;
- }
- 
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0047-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0047-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
deleted file mode 100644
index 4ad4be0..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0047-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
+++ /dev/null
@@ -1,120 +0,0 @@
-From 55463b12cca39d2c6a3fd18bbd3d28ae95dff8cf Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Mon, 14 Feb 2022 08:22:25 +0000
-Subject: [PATCH] Fixes in AEAD for psa-arch test 54 and 58.
-
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
-
-
----
- .../crypto/client/caller/packed-c/crypto_caller_aead.h    | 1 +
- components/service/crypto/include/psa/crypto_sizes.h      | 2 +-
- .../crypto/provider/extension/aead/aead_provider.c        | 8 ++++++--
- .../extension/aead/serializer/aead_provider_serializer.h  | 1 +
- .../packed-c/packedc_aead_provider_serializer.c           | 2 ++
- protocols/service/crypto/packed-c/aead.h                  | 1 +
- 6 files changed, 12 insertions(+), 3 deletions(-)
-
-diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
-index c4ffb20c..a91f66c1 100644
---- a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
-+++ b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
-@@ -309,6 +309,7 @@ static inline psa_status_t crypto_caller_aead_update(struct service_client *cont
- 	size_t req_len = req_fixed_len;
- 
- 	*output_length = 0;
-+        req_msg.output_size = output_size;
- 	req_msg.op_handle = op_handle;
- 
- 	/* Mandatory input data parameter */
-diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h
-index 4d7bf6e9..e3c4df29 100644
---- a/components/service/crypto/include/psa/crypto_sizes.h
-+++ b/components/service/crypto/include/psa/crypto_sizes.h
-@@ -351,7 +351,7 @@
-  *       just the largest size that may be generated by
-  *       #psa_aead_generate_nonce().
-  */
--#define PSA_AEAD_NONCE_MAX_SIZE 12
-+#define PSA_AEAD_NONCE_MAX_SIZE 16
- 
- /** A sufficient output buffer size for psa_aead_update().
-  *
-diff --git a/components/service/crypto/provider/extension/aead/aead_provider.c b/components/service/crypto/provider/extension/aead/aead_provider.c
-index 14a25436..6b144db8 100644
---- a/components/service/crypto/provider/extension/aead/aead_provider.c
-+++ b/components/service/crypto/provider/extension/aead/aead_provider.c
-@@ -283,10 +283,11 @@ static rpc_status_t aead_update_handler(void *context, struct call_req *req)
- 	uint32_t op_handle;
- 	const uint8_t *input;
- 	size_t input_len;
-+        uint32_t recv_output_size;
- 
- 	if (serializer)
- 		rpc_status = serializer->deserialize_aead_update_req(req_buf, &op_handle,
--			&input, &input_len);
-+			&recv_output_size, &input, &input_len);
- 
- 	if (rpc_status == TS_RPC_CALL_ACCEPTED) {
- 
-@@ -300,9 +301,12 @@ static rpc_status_t aead_update_handler(void *context, struct call_req *req)
- 		if (crypto_context) {
- 
- 			size_t output_len = 0;
--			size_t output_size = PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_len);
-+			size_t output_size = PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(24);
- 			uint8_t *output = malloc(output_size);
- 
-+                        if (recv_output_size < output_size) {
-+                            output_size = recv_output_size;
-+                        }
- 			if (output) {
- 
- 				psa_status = psa_aead_update(&crypto_context->op.aead,
-diff --git a/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h b/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h
-index bb1a2a97..0156aaba 100644
---- a/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h
-+++ b/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h
-@@ -51,6 +51,7 @@ struct aead_provider_serializer {
- 	/* Operation: aead_update */
- 	rpc_status_t (*deserialize_aead_update_req)(const struct call_param_buf *req_buf,
- 		uint32_t *op_handle,
-+                uint32_t *output_size,
- 		const uint8_t **input, size_t *input_len);
- 
- 	rpc_status_t (*serialize_aead_update_resp)(struct call_param_buf *resp_buf,
-diff --git a/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c b/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c
-index 6f00b3e3..45c739ab 100644
---- a/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c
-+++ b/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c
-@@ -192,6 +192,7 @@ static rpc_status_t deserialize_aead_update_ad_req(const struct call_param_buf *
- /* Operation: aead_update */
- static rpc_status_t deserialize_aead_update_req(const struct call_param_buf *req_buf,
- 	uint32_t *op_handle,
-+        uint32_t *output_size,
- 	const uint8_t **input, size_t *input_len)
- {
- 	rpc_status_t rpc_status = TS_RPC_ERROR_INVALID_REQ_BODY;
-@@ -208,6 +209,7 @@ static rpc_status_t deserialize_aead_update_req(const struct call_param_buf *req
- 		memcpy(&recv_msg, req_buf->data, expected_fixed_len);
- 
- 		*op_handle = recv_msg.op_handle;
-+                *output_size = recv_msg.output_size;
- 
- 		tlv_const_iterator_begin(&req_iter,
- 			(uint8_t*)req_buf->data + expected_fixed_len,
-diff --git a/protocols/service/crypto/packed-c/aead.h b/protocols/service/crypto/packed-c/aead.h
-index 0be266b5..435fd3b5 100644
---- a/protocols/service/crypto/packed-c/aead.h
-+++ b/protocols/service/crypto/packed-c/aead.h
-@@ -98,6 +98,7 @@ enum
- struct __attribute__ ((__packed__)) ts_crypto_aead_update_in
- {
-   uint32_t op_handle;
-+  uint32_t output_size;
- };
- 
- /* Variable length input parameter tags */
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0048-Fix-UEFI-get_variable-with-small-buffer.patch b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0048-Fix-UEFI-get_variable-with-small-buffer.patch
deleted file mode 100644
index e4573a5..0000000
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions/corstone1000/0048-Fix-UEFI-get_variable-with-small-buffer.patch
+++ /dev/null
@@ -1,407 +0,0 @@
-Upstream-Status: Pending 
-Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-
-From 2d975e5ec5df6f81d6c35fe927f72d49181142f8 Mon Sep 17 00:00:00 2001
-From: Julian Hall <julian.hall@arm.com>
-Date: Tue, 19 Jul 2022 12:43:30 +0100
-Subject: [PATCH] Fix UEFI get_variable with small buffer
-
-The handling of the UEFI get_variable operation was incorrect when
-a small or zero data length was specified by a requester. A zero
-length data length is a legitimate way to discover the size of a
-variable without actually retrieving its data. This change adds
-test cases that reproduce the problem and a fix.
-
-Signed-off-by: Julian Hall <julian.hall@arm.com>
-Change-Id: Iec087fbf9305746d1438888e871602ec0ce15824
----
- .../backend/test/variable_store_tests.cpp     | 60 ++++++++++++++++--
- .../backend/uefi_variable_store.c             | 46 +++++++++++---
- .../client/cpp/smm_variable_client.cpp        | 33 +++++-----
- .../client/cpp/smm_variable_client.h          |  8 ++-
- .../provider/smm_variable_provider.c          |  2 +-
- .../service/smm_variable_service_tests.cpp    | 62 +++++++++++++++++++
- 6 files changed, 179 insertions(+), 32 deletions(-)
-
-diff --git a/components/service/smm_variable/backend/test/variable_store_tests.cpp b/components/service/smm_variable/backend/test/variable_store_tests.cpp
-index 235642e6..98faf761 100644
---- a/components/service/smm_variable/backend/test/variable_store_tests.cpp
-+++ b/components/service/smm_variable/backend/test/variable_store_tests.cpp
-@@ -128,7 +128,8 @@ TEST_GROUP(UefiVariableStoreTests)
- 
- 	efi_status_t get_variable(
- 		const std::wstring &name,
--		std::string &data)
-+		std::string &data,
-+		size_t data_len_clamp = VARIABLE_BUFFER_SIZE)
- 	{
- 		std::vector<int16_t> var_name = to_variable_name(name);
- 		size_t name_size = var_name.size() * sizeof(int16_t);
-@@ -144,21 +145,40 @@ TEST_GROUP(UefiVariableStoreTests)
- 		access_variable->NameSize = name_size;
- 		memcpy(access_variable->Name, var_name.data(), name_size);
- 
--		access_variable->DataSize = 0;
-+		size_t max_data_len = (data_len_clamp == VARIABLE_BUFFER_SIZE) ?
-+			VARIABLE_BUFFER_SIZE -
-+				SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(access_variable) :
-+			data_len_clamp;
-+
-+		access_variable->DataSize = max_data_len;
- 
- 		efi_status_t status = uefi_variable_store_get_variable(
- 			&m_uefi_variable_store,
- 			access_variable,
--			VARIABLE_BUFFER_SIZE -
--				SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(access_variable),
-+			max_data_len,
- 			&total_size);
- 
-+		data.clear();
-+
- 		if (status == EFI_SUCCESS) {
- 
- 			const char *data_start = (const char*)(msg_buffer +
- 				SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(access_variable));
- 
- 			data = std::string(data_start, access_variable->DataSize);
-+
-+			UNSIGNED_LONGLONGS_EQUAL(
-+				SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_TOTAL_SIZE(access_variable),
-+				total_size);
-+		}
-+		else if (status == EFI_BUFFER_TOO_SMALL) {
-+
-+			/* String length set to reported variable length */
-+			data.insert(0, access_variable->DataSize, '!');
-+
-+			UNSIGNED_LONGLONGS_EQUAL(
-+				SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(access_variable),
-+				total_size);
- 		}
- 
- 		return status;
-@@ -336,6 +356,38 @@ TEST(UefiVariableStoreTests, persistentSetGet)
- 	LONGS_EQUAL(0, input_data.compare(output_data));
- }
- 
-+TEST(UefiVariableStoreTests, getWithSmallBuffer)
-+{
-+	efi_status_t status = EFI_SUCCESS;
-+	std::wstring var_name = L"test_variable";
-+	std::string input_data = "quick brown fox";
-+	std::string output_data;
-+
-+	/* A get with a zero length buffer is a legitimate way to
-+	 * discover the variable size. This test performs GetVariable
-+	 * operations with various buffer small buffer sizes. */
-+	status = set_variable(var_name, input_data, 0);
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
-+
-+	/* First get the variable without a constrained buffer */
-+	status = get_variable(var_name, output_data);
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
-+
-+	/* Expect got variable data to be the same as the set value */
-+	UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size());
-+	LONGS_EQUAL(0, input_data.compare(output_data));
-+
-+	/* Now try with a zero length buffer */
-+	status = get_variable(var_name, output_data, 0);
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_BUFFER_TOO_SMALL, status);
-+	UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size());
-+
-+	/* Try with a non-zero length but too small buffer */
-+	status = get_variable(var_name, output_data, input_data.size() -1);
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_BUFFER_TOO_SMALL, status);
-+	UNSIGNED_LONGLONGS_EQUAL(input_data.size(), output_data.size());
-+}
-+
- TEST(UefiVariableStoreTests, removeVolatile)
- {
- 	efi_status_t status = EFI_SUCCESS;
-diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
-index e8771c21..90d648de 100644
---- a/components/service/smm_variable/backend/uefi_variable_store.c
-+++ b/components/service/smm_variable/backend/uefi_variable_store.c
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2021, Arm Limited. All rights reserved.
-+ * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  *
-@@ -294,7 +294,10 @@ efi_status_t uefi_variable_store_get_variable(
- 
- 			status = load_variable_data(context, info, var, max_data_len);
- 			var->Attributes = info->metadata.attributes;
--			*total_length = SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_TOTAL_SIZE(var);
-+
-+			*total_length = (status == EFI_SUCCESS) ?
-+				SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_TOTAL_SIZE(var) :
-+				SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(var);
- 		}
- 	}
- 
-@@ -682,7 +685,6 @@ static efi_status_t load_variable_data(
- {
- 	EMSG("In func %s\n", __func__);
- 	psa_status_t psa_status = PSA_SUCCESS;
--	size_t data_len = 0;
- 	uint8_t *data = (uint8_t*)var +
- 		SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(var);
- 
-@@ -692,17 +694,41 @@ static efi_status_t load_variable_data(
- 
- 	if (delegate_store->storage_backend) {
- 
--		psa_status = delegate_store->storage_backend->interface->get(
-+		struct psa_storage_info_t storage_info;
-+
-+		psa_status = delegate_store->storage_backend->interface->get_info(
- 			delegate_store->storage_backend->context,
- 			context->owner_id,
- 			info->metadata.uid,
--			0,
--			max_data_len,
--			data,
--			&data_len);
--		EMSG("In func %s get status is %d\n", __func__, psa_status);
-+			&storage_info);
-+
-+		if (psa_status == PSA_SUCCESS) {
- 
--		var->DataSize = data_len;
-+			size_t get_limit = (var->DataSize < max_data_len) ?
-+				var->DataSize :
-+				max_data_len;
-+
-+			if (get_limit >= storage_info.size) {
-+
-+				size_t got_len = 0;
-+
-+				psa_status = delegate_store->storage_backend->interface->get(
-+					delegate_store->storage_backend->context,
-+					context->owner_id,
-+					info->metadata.uid,
-+					0,
-+					max_data_len,
-+					data,
-+					&got_len);
-+
-+				var->DataSize = got_len;
-+			}
-+			else {
-+
-+				var->DataSize = storage_info.size;
-+				psa_status = PSA_ERROR_BUFFER_TOO_SMALL;
-+			}
-+		}
- 	}
- 
- 	return psa_to_efi_storage_status(psa_status);
-diff --git a/components/service/smm_variable/client/cpp/smm_variable_client.cpp b/components/service/smm_variable/client/cpp/smm_variable_client.cpp
-index 8438285b..b6b4ed90 100644
---- a/components/service/smm_variable/client/cpp/smm_variable_client.cpp
-+++ b/components/service/smm_variable/client/cpp/smm_variable_client.cpp
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -122,21 +122,22 @@ efi_status_t smm_variable_client::get_variable(
- 		guid,
- 		name,
- 		data,
--		0);
-+		0,
-+		MAX_VAR_DATA_SIZE);
- }
- 
- efi_status_t smm_variable_client::get_variable(
- 	const EFI_GUID &guid,
- 	const std::wstring &name,
- 	std::string &data,
--	size_t override_name_size)
-+	size_t override_name_size,
-+	size_t max_data_size)
- {
- 	efi_status_t efi_status = EFI_NOT_READY;
- 
- 	std::vector<int16_t> var_name = to_variable_name(name);
- 	size_t name_size = var_name.size() * sizeof(int16_t);
--	size_t data_size = 0;
--	size_t req_len = SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_SIZE(name_size, data_size);
-+	size_t req_len = SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_SIZE(name_size, 0);
- 
- 	rpc_call_handle call_handle;
- 	uint8_t *req_buf;
-@@ -154,7 +155,7 @@ efi_status_t smm_variable_client::get_variable(
- 
- 		access_var->Guid = guid;
- 		access_var->NameSize = name_size;
--		access_var->DataSize = data_size;
-+		access_var->DataSize = max_data_size;
- 
- 		memcpy(access_var->Name, var_name.data(), name_size);
- 
-@@ -168,26 +169,28 @@ efi_status_t smm_variable_client::get_variable(
- 
- 			efi_status = opstatus;
- 
--			if (efi_status == EFI_SUCCESS) {
--
--				efi_status = EFI_PROTOCOL_ERROR;
-+			if (resp_len >= SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET) {
- 
--				if (resp_len >= SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_NAME_OFFSET) {
-+				access_var = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE*)resp_buf;
-+				size_t data_size = access_var->DataSize;
- 
--					access_var = (SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE*)resp_buf;
-+				if (resp_len >=
-+					SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_TOTAL_SIZE(access_var)) {
- 
--					if (resp_len >=
--						SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_TOTAL_SIZE(access_var)) {
-+					if (efi_status == EFI_SUCCESS) {
- 
--						data_size = access_var->DataSize;
- 						const char *data_start = (const char*)
- 						&resp_buf[
- 							SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE_DATA_OFFSET(access_var)];
- 
- 						data.assign(data_start, data_size);
--						efi_status = EFI_SUCCESS;
- 					}
- 				}
-+				else if (efi_status == EFI_BUFFER_TOO_SMALL) {
-+
-+					data.clear();
-+					data.insert(0, data_size, '!');
-+				}
- 			}
- 		}
- 		else {
-diff --git a/components/service/smm_variable/client/cpp/smm_variable_client.h b/components/service/smm_variable/client/cpp/smm_variable_client.h
-index c7973916..3d2371a8 100644
---- a/components/service/smm_variable/client/cpp/smm_variable_client.h
-+++ b/components/service/smm_variable/client/cpp/smm_variable_client.h
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  */
-@@ -56,7 +56,8 @@ public:
- 		const EFI_GUID &guid,
- 		const std::wstring &name,
- 		std::string &data,
--		size_t override_name_size);
-+		size_t override_name_size,
-+		size_t max_data_size = MAX_VAR_DATA_SIZE);
- 
- 	/* Remove a variable */
- 	efi_status_t remove_variable(
-@@ -113,6 +114,9 @@ public:
- 
- 
- private:
-+
-+	static const size_t MAX_VAR_DATA_SIZE = 65536;
-+
- 	efi_status_t rpc_to_efi_status() const;
- 
- 	static std::vector<int16_t> to_variable_name(const std::wstring &string);
-diff --git a/components/service/smm_variable/provider/smm_variable_provider.c b/components/service/smm_variable/provider/smm_variable_provider.c
-index 1f362c17..95c4fdc9 100644
---- a/components/service/smm_variable/provider/smm_variable_provider.c
-+++ b/components/service/smm_variable/provider/smm_variable_provider.c
-@@ -165,7 +165,7 @@ static rpc_status_t get_variable_handler(void *context, struct call_req *req)
- 		}
- 		else {
- 
--			/* Reponse buffer not big enough */
-+			/* Response buffer not big enough */
- 			efi_status = EFI_BAD_BUFFER_SIZE;
- 		}
- 	}
-diff --git a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp
-index 38c08ebe..989a3e63 100644
---- a/components/service/smm_variable/test/service/smm_variable_service_tests.cpp
-+++ b/components/service/smm_variable/test/service/smm_variable_service_tests.cpp
-@@ -284,6 +284,68 @@ TEST(SmmVariableServiceTests, setAndGetNv)
- 	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
- }
- 
-+TEST(SmmVariableServiceTests, getVarSize)
-+{
-+	efi_status_t efi_status = EFI_SUCCESS;
-+	std::wstring var_name = L"test_variable";
-+	std::string set_data = "UEFI variable data string";
-+	std::string get_data;
-+
-+	efi_status = m_client->set_variable(
-+		m_common_guid,
-+		var_name,
-+		set_data,
-+		0);
-+
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
-+
-+	/* Get with the data size set to zero. This is the standard way
-+	 * to discover the variable size. */
-+	efi_status = m_client->get_variable(
-+		m_common_guid,
-+		var_name,
-+		get_data,
-+		0, 0);
-+
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_BUFFER_TOO_SMALL, efi_status);
-+	UNSIGNED_LONGS_EQUAL(set_data.size(), get_data.size());
-+
-+	/* Expect remove to be permitted */
-+	efi_status = m_client->remove_variable(m_common_guid, var_name);
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
-+}
-+
-+TEST(SmmVariableServiceTests, getVarSizeNv)
-+{
-+	efi_status_t efi_status = EFI_SUCCESS;
-+	std::wstring var_name = L"test_variable";
-+	std::string set_data = "UEFI variable data string";
-+	std::string get_data;
-+
-+	efi_status = m_client->set_variable(
-+		m_common_guid,
-+		var_name,
-+		set_data,
-+		EFI_VARIABLE_NON_VOLATILE);
-+
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
-+
-+	/* Get with the data size set to zero. This is the standard way
-+	 * to discover the variable size. */
-+	efi_status = m_client->get_variable(
-+		m_common_guid,
-+		var_name,
-+		get_data,
-+		0, 0);
-+
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_BUFFER_TOO_SMALL, efi_status);
-+	UNSIGNED_LONGS_EQUAL(set_data.size(), get_data.size());
-+
-+	/* Expect remove to be permitted */
-+	efi_status = m_client->remove_variable(m_common_guid, var_name);
-+	UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
-+}
-+
- TEST(SmmVariableServiceTests, enumerateStoreContents)
- {
- 	efi_status_t efi_status = EFI_SUCCESS;
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc
index b04863f..12d300a 100644
--- a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc
+++ b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-corstone1000.inc
@@ -1,127 +1,11 @@
-FILESEXTRAPATHS:prepend := "${THISDIR}/secure-partitions/corstone1000:"
-
-COMPATIBLE_MACHINE = "corstone1000"
-
-LIC_FILES_CHKSUM += "file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57 \
-                     file://../nanopb/LICENSE.txt;md5=9db4b73a55a3994384112efcdb37c01f \
-                     file://../openamp/LICENSE.md;md5=a8d8cf662ef6bf9936a1e1413585ecbf \
-		     file://../libmetal/LICENSE.md;md5=fe0b8a4beea8f0813b606d15a3df3d3c \
-		     file://../psa-arch-tests/LICENSE.md;md5=2a944942e1496af1886903d274dedb13 \
-		     "
+FILESEXTRAPATHS:prepend := "${THISDIR}/corstone1000:"
 
 SRC_URI:append = " \
-                  ${SRC_URI_MBEDTLS} ${SRC_URI_NANOPB} ${SRC_URI_OPENAMP} ${SRC_URI_LIBMETAL} ${SRC_URI_ARCH-TESTS}\
-                  file://0001-tools-cmake-common-applying-lowercase-project-conven.patch \
-                  file://0002-fix-EARLY_TA_PATHS-env-variable.patch \
-                  file://0003-se-proxy-dts-add-se-proxy-as-child-node.patch \
-                  file://0004-Update-mm-comm-buffer-region-in-dts-file.patch \
-                  file://0005-Configure-NV-storage-macro.patch \
-                  file://0006-Use-device-region.patch \
-                  file://0007-Add-openamp-to-SE-proxy-deployment.patch \
-                  file://0008-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch \
-                  file://0009-Add-openamp-rpc-caller.patch \
-                  file://0010-add-psa-client-definitions-for-ff-m.patch \
-                  file://0011-Add-common-service-component-to-ipc-support.patch \
-                  file://0012-Add-secure-storage-ipc-backend.patch \
-                  file://0013-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch \
-                  file://0014-Add-uefi-variable-append-write-support.patch \
-                  file://0015-Add-UEFI-variable-support-for-QueryVariableInfo.patch \
-                  file://0016-Add-uefi-test-deployment.patch \
-                  file://0017-Fix-interface-ID-parameter-setting-in-sp-ffarpc_call.patch \
-                  file://0018-Support-FFARPC-call-requests-with-no-shared-buffer.patch \
-                  file://0019-Run-psa-arch-test.patch \
-                  file://0020-Use-address-instead-of-pointers.patch \
-                  file://0021-Add-psa-ipc-attestation-to-se-proxy.patch \
-                  file://0022-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch \
-                  file://0023-add-psa-ipc-crypto-backend.patch \
-                  file://0024-Increase-SMM-gateway-UEFI-variable-macro-value.patch \
-                  file://0025-Add-stub-capsule-update-service-components.patch \
-                  file://0026-Add-logs-to-functions-in-SMM-gateway-SP.patch \
-                  file://0027-Configure-storage-size.patch \
-                  file://0028-Revert-Add-uefi-variable-append-write-support.patch \
-                  file://0029-Change-UID-of-variable-index-in-SMM.patch \
-                  file://0030-Add-missing-features-to-setVariable.patch \
-                  file://0031-Add-invalid-parameter-check-in-getNextVariableName.patch \
-                  file://0032-smm_gateway-add-checks-for-null-attributes.patch \
-		  file://0033-Enhance-mbedtls-fetch-process.patch \
-		  file://0034-Fix-format-specifier-in-logging_caller.patch \
-		  file://0035-Update-refspecs-for-mbedtls-and-psa-arch-tests-for-v.patch \
-		  file://0036-Separate-sign-verify-message-and-hash-operations.patch \
-		  file://0037-Add-defence-against-uninitialised-multi-part-transac.patch \
-		  file://0038-Integrate-AEAD-operation-support.patch \
-		  file://0039-Add-IV-generation-to-one-shot-cipher-operation.patch \
-		  file://0040-Fix-multi-part-termination-on-error.patch \
-		  file://0041-Abort-AEAD-operation-if-client-provided-buffer-is-to.patch \
-		  file://0042-Peg-to-updated-t_cose-version-fc3a4b2c.patch \
-		  file://0043-pass-sysroot_yocto.patch \
-		  file://0044-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch \
-		  file://0045-Integrate-remaining-psa-ipc-client-APIs.patch \
-		  file://0046-Fix-update-psa_set_key_usage_flags-definition-to-the.patch \
-		  file://0047-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch \
-		  file://0003-corstone1000-port-crypto-config.patch;patchdir=../psa-arch-tests \
-                  file://0048-Fix-UEFI-get_variable-with-small-buffer.patch \
-                  "
+                  file://0026-plat-add-corstone1000-platform-to-drivers-arm.patch \
+                  file://0027-Add-MHU-driver.patch \
+		  "
 
-SRC_URI_MBEDTLS = "git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=development;name=mbedtls;destsuffix=git/mbedtls"
-SRCREV_mbedtls = "d65aeb37349ad1a50e0f6c9b694d4b5290d60e49"
 
-SRC_URI_NANOPB = "git://github.com/nanopb/nanopb.git;name=nanopb;protocol=https;branch=master;destsuffix=git/nanopb"
-SRCREV_nanopb = "df0e92f474f9cca704fe2b31483f0b4d1b1715a4"
-
-SRC_URI_OPENAMP = "git://github.com/OpenAMP/open-amp.git;name=openamp;protocol=https;branch=main;destsuffix=git/openamp"
-SRCREV_openamp = "347397decaa43372fc4d00f965640ebde042966d"
-
-SRC_URI_LIBMETAL = "git://github.com/OpenAMP/libmetal.git;name=libmetal;protocol=https;branch=main;destsuffix=git/libmetal"
-SRCREV_libmetal = "f252f0e007fbfb8b3a52b1d5901250ddac96baad"
-
-SRC_URI_ARCH-TESTS = "git://github.com/bensze01/psa-arch-tests.git;name=psa-arch-tests;protocol=https;nobranch=1;destsuffix=git/psa-arch-tests"
-SRCREV_psa-arch-tests = "5d1a87f9c0a82e1632a3145687b4c8d7cbbeed2d"
-
-TS_ENVIRONMENT_LINUX = "arm-linux"
-TS_PLATFORM = "arm/corstone1000"
-TS_ENVIRONMENT = "opteesp"
-SP_PACKAGING_METHOD = "embedded"
-
-# Secure Enclave proxy secure partition
-TS_DEPLOYMENTS += "'deployments/se-proxy/${TS_ENVIRONMENT}'"
-
-# smm-gateway secure partition
-TS_DEPLOYMENTS += "'deployments/smm-gateway/${TS_ENVIRONMENT}'"
-
-PSA_API_TESTS = "deployments/psa-api-test/protected_storage/${TS_ENVIRONMENT_LINUX}"
-PSA_API_TESTS += "deployments/psa-api-test/internal_trusted_storage/${TS_ENVIRONMENT_LINUX}"
-PSA_API_TESTS += "deployments/psa-api-test/initial_attestation/${TS_ENVIRONMENT_LINUX}"
-PSA_API_TESTS += "deployments/psa-api-test/crypto/${TS_ENVIRONMENT_LINUX}"
-
-# ffa-debugfs-mod provides arm_ffa_user.h needed by psa-arch-tests source-code
-DEPENDS += "ffa-debugfs-mod"
-
-do_configure:append() {
-    for PSA_API_TEST in ${PSA_API_TESTS}; do
-        cmake \
-	    -DSYSROOT_YOCTO=${RECIPE_SYSROOT} \
-	    -S ${S}/$PSA_API_TEST -B "${B}/$PSA_API_TEST"
-    done
-}
-
-do_compile:append() {
-    for PSA_API_TEST in ${PSA_API_TESTS}; do
-        cmake --build "${B}/$PSA_API_TEST"
-    done
-}
-
-do_install:append() {
-    for PSA_API_TEST in ${PSA_API_TESTS}; do
-        install -d -m 0755 ${D}${libdir}/${PSA_API_TEST}
-        install -d -m 0755 ${D}${includedir}/${PSA_API_TEST}
-        psafile_fullpath=`ls ${B}/${PSA_API_TEST}/psa-*`
-        psafile_filename="`basename -s .bin ${psafile_fullpath}`"
-        install -D -p -m 0755 ${psafile_fullpath} ${D}/${bindir}/${psafile_filename}
-   done
-   cp -rf ${B}/${PSA_API_TEST}/libts_install/arm-linux/lib/*.so* ${D}/${libdir}
-}
-
-FILES:${PN}-dev = "${includedir}/deployments/psa-api-test/"
-INSANE_SKIP:${PN}-psa-api-tests += "rpaths dev-so buildpaths"
-PACKAGES += "${PN}-psa-api-tests"
-FILES:${PN}-psa-api-tests = "${libdir} ${bindir}"
+EXTRA_OECMAKE:append = "-DMM_COMM_BUFFER_ADDRESS="0x00000000 0x02000000" \
+                                             -DMM_COMM_BUFFER_PAGE_COUNT="1" \
+"
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend
similarity index 100%
rename from meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions_%.bbappend
rename to meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend
diff --git a/meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions_%.bbappend b/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend
similarity index 100%
copy from meta-arm/meta-arm-bsp/recipes-security/trusted-services/secure-partitions_%.bbappend
copy to meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend
diff --git a/meta-arm/meta-arm-bsp/recipes-test/corstone1000-external-sys-tests/corstone1000-external-sys-tests_1.0.bb b/meta-arm/meta-arm-bsp/recipes-test/corstone1000-external-sys-tests/corstone1000-external-sys-tests_1.0.bb
new file mode 100644
index 0000000..4743420
--- /dev/null
+++ b/meta-arm/meta-arm-bsp/recipes-test/corstone1000-external-sys-tests/corstone1000-external-sys-tests_1.0.bb
@@ -0,0 +1,21 @@
+SUMMARY = "CORSTONE1000 external systems communications tests"
+DESCRIPTION = "This is a Linux userspace tool to test the communication between Corstone1000 cores"
+HOMEPAGE = "https://git.linaro.org/landing-teams/working/arm/test-apps.git"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://license.md;md5=e44b2531cd6ffe9dece394dbe988d9a0"
+
+SRC_URI = "git://git.gitlab.arm.com/arm-reference-solutions/corstone1000/applications.git;protocol=https;branch=master"
+SRCREV = "2945cd92f7c6dbe4999ee72cd5cf1e2615eedba7"
+PV .= "+git${SRCPV}"
+
+COMPATIBLE_MACHINE = "corstone1000"
+
+S = "${WORKDIR}/git"
+
+do_compile() {
+    ${CC} ${S}/test-app.c ${CFLAGS} ${LDFLAGS} -o ${S}/systems-comms-tests
+}
+
+do_install() {
+    install -D -p -m 0755 ${S}/systems-comms-tests ${D}${bindir}/systems-comms-tests
+}
diff --git a/meta-arm/meta-arm-toolchain/conf/layer.conf b/meta-arm/meta-arm-toolchain/conf/layer.conf
index 3cb8b06..f21fa6f 100644
--- a/meta-arm/meta-arm-toolchain/conf/layer.conf
+++ b/meta-arm/meta-arm-toolchain/conf/layer.conf
@@ -9,4 +9,4 @@
 BBFILE_PRIORITY_arm-toolchain = "5"
 
 LAYERDEPENDS_arm-toolchain = "core"
-LAYERSERIES_COMPAT_arm-toolchain = "kirkstone"
+LAYERSERIES_COMPAT_arm-toolchain = "langdale"
diff --git a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/external-arm-toolchain.bb b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/external-arm-toolchain.bb
index dcc8ebf..fab1761 100644
--- a/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/external-arm-toolchain.bb
+++ b/meta-arm/meta-arm-toolchain/recipes-devtools/external-arm-toolchain/external-arm-toolchain.bb
@@ -75,7 +75,7 @@
 	install -d ${D}${includedir}
 	install -d ${D}/include
 	install -d ${D}${libdir}/${TARGET_SYS}/${EAT_VER_GCC}
-	install -d ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}
+	install -d ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include
 
 	CP_ARGS="-Prf --preserve=mode,timestamps --no-preserve=ownership"
 	cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/${EAT_TARGET_SYS}/${EAT_LIBDIR}/*  ${D}${base_libdir}
@@ -104,7 +104,11 @@
 	cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/crt*.o ${D}${libdir}/${TARGET_SYS}/${EAT_VER_GCC}/
 	cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/libgcc* ${D}${libdir}/${TARGET_SYS}/${EAT_VER_GCC}/
 	cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/libgcov* ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/
-	cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/
+	cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include/ssp ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include || true
+	cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include/sanitizers ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include || true
+	cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include/quadmath* ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include || true
+	cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include/omp.h ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include || true
+	cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include/openacc.h ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include || true
 	cp ${CP_ARGS} ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/finclude ${D}${libdir}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/
 
 	# fix up the copied symlinks (they are still pointing to the multiarch directory)
@@ -495,7 +499,6 @@
     ${@oe.utils.conditional('BASETARGET_SYS', '${TARGET_SYS}', '', '${libdir}/${BASETARGET_SYS}', d)} \
     ${libdir}/${TARGET_SYS}/${BINV}* \
     ${libdir}/${TARGET_ARCH}${TARGET_VENDOR}* \
-    ${libdir}/gcc/${TARGET_SYS}/${BINV}/include \
 "
 
 FILES:linux-libc-headers = ""
diff --git a/meta-arm/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-common.inc b/meta-arm/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-common.inc
index d7cc4e7..fa23e84 100644
--- a/meta-arm/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-common.inc
+++ b/meta-arm/meta-arm-toolchain/recipes-devtools/gcc/gcc-arm-common.inc
@@ -12,7 +12,7 @@
 do_install:prepend:class-target () {
 	if [ "${TCMODE}" = "external-arm" -a ! -f ${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/gcc/${TARGET_SYS}/${BINV}/include/unwind.h ]; then
 		install -d ${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/gcc/${TARGET_SYS}/${BINV}/include/
-		install ${STAGING_LIBDIR}/gcc/${TARGET_SYS}/${EAT_VER_GCC}/include/unwind.h ${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/gcc/${TARGET_SYS}/${BINV}/include/
+		install ${EXTERNAL_TOOLCHAIN}/lib/gcc/${EAT_TARGET_SYS}/${EAT_VER_GCC}/include/unwind.h ${STAGING_LIBDIR_NATIVE}/${TARGET_SYS}/gcc/${TARGET_SYS}/${BINV}/include/
 	fi
 }
 
diff --git a/meta-arm/meta-arm/classes/fvpboot.bbclass b/meta-arm/meta-arm/classes/fvpboot.bbclass
index fbdfa96..78dabd7 100644
--- a/meta-arm/meta-arm/classes/fvpboot.bbclass
+++ b/meta-arm/meta-arm/classes/fvpboot.bbclass
@@ -23,6 +23,8 @@
 FVP_CONSOLES[default] ?= "${FVP_CONSOLE}"
 # Arbitrary extra arguments
 FVP_EXTRA_ARGS ?= ""
+# Bitbake variables to pass to the FVP environment
+FVP_ENV_PASSTHROUGH ?= ""
 
 EXTRA_IMAGEDEPENDS += "${FVP_PROVIDER}"
 
@@ -66,6 +68,10 @@
     data["terminals"] = getFlags("FVP_TERMINALS")
     data["args"] = shlex.split(d.getVar("FVP_EXTRA_ARGS") or "")
 
+    data["env"] = {}
+    for var in d.getVar("FVP_ENV_PASSTHROUGH").split():
+        data["env"][var] = d.getVar(var)
+
     os.makedirs(os.path.dirname(conffile), exist_ok=True)
     with open(conffile, "wt") as f:
         json.dump(data, f)
diff --git a/meta-arm/meta-arm/classes/tfm_sign_image.bbclass b/meta-arm/meta-arm/classes/tfm_sign_image.bbclass
new file mode 100644
index 0000000..542b708
--- /dev/null
+++ b/meta-arm/meta-arm/classes/tfm_sign_image.bbclass
@@ -0,0 +1,79 @@
+# Functionality to sign binary images using the wrapper script bundled with
+# TF-M. Signed images are written to the deploy directory by default.
+# To use:
+#  * Inherit this class
+#  * Override the do_sign_images task
+#  * Write the signing logic, which may call the function sign_host_image,
+#    described below
+
+inherit python3native deploy
+
+# The output and working directory
+TFM_IMAGE_SIGN_DIR = "${WORKDIR}/tfm-signed-images"
+
+tfm_sign_image_do_sign_images() {
+    :
+}
+addtask sign_images after do_configure before do_compile
+do_sign_images[dirs] = "${TFM_IMAGE_SIGN_DIR}"
+
+tfm_sign_image_do_deploy() {
+    :
+}
+addtask deploy after do_sign_images
+
+deploy_signed_images() {
+    cp ${TFM_IMAGE_SIGN_DIR}/signed_* ${DEPLOYDIR}/
+}
+do_deploy[postfuncs] += "deploy_signed_images"
+
+EXPORT_FUNCTIONS do_sign_images do_deploy
+
+DEPENDS += "trusted-firmware-m-scripts-native"
+
+# python3-cryptography needs the legacy provider, so set OPENSSL_MODULES to the
+# right path until this is relocated automatically.
+export OPENSSL_MODULES="${STAGING_LIBDIR_NATIVE}/ossl-modules"
+
+#
+# sign_host_image
+#
+# Description:
+#
+# A generic function that signs a host image
+# using MCUBOOT format
+#
+# Arguments:
+#
+# $1 ... path of binary to sign
+# $2 ... load address of the given binary
+# $3 ... signed binary size
+#
+# Note: The signed binary is copied to ${TFM_IMAGE_SIGN_DIR}
+#
+sign_host_image() {
+    host_binary_filename="$(basename -s .bin "${1}")"
+    host_binary_layout="${host_binary_filename}_ns"
+
+    cat << EOF > ${TFM_IMAGE_SIGN_DIR}/${host_binary_layout}
+enum image_attributes {
+    RE_IMAGE_LOAD_ADDRESS = ${2},
+    RE_SIGN_BIN_SIZE = ${3},
+};
+EOF
+
+    host_binary_signed="${TFM_IMAGE_SIGN_DIR}/signed_$(basename "${1}")"
+
+    ${PYTHON} "${STAGING_LIBDIR_NATIVE}/tfm-scripts/wrapper/wrapper.py" \
+            -v ${RE_LAYOUT_WRAPPER_VERSION} \
+            --layout "${TFM_IMAGE_SIGN_DIR}/${host_binary_layout}" \
+            -k  "${RECIPE_SYSROOT_NATIVE}/${TFM_SIGN_PRIVATE_KEY}" \
+            --public-key-format full \
+            --align 1 \
+            --pad \
+            --pad-header \
+            -H ${RE_IMAGE_OFFSET} \
+            -s auto \
+            "${1}" \
+            "${host_binary_signed}"
+}
diff --git a/meta-arm/meta-arm/conf/layer.conf b/meta-arm/meta-arm/conf/layer.conf
index c23ea56..af8c4cc 100644
--- a/meta-arm/meta-arm/conf/layer.conf
+++ b/meta-arm/meta-arm/conf/layer.conf
@@ -13,7 +13,7 @@
     core \
     arm-toolchain \
 "
-LAYERSERIES_COMPAT_meta-arm = "kirkstone"
+LAYERSERIES_COMPAT_meta-arm = "langdale"
 
 # runfvp --console needs telnet, so pull this in for testimage.
 HOSTTOOLS_NONFATAL += "telnet"
diff --git a/meta-arm/meta-arm/conf/machine/microbit-v1.conf b/meta-arm/meta-arm/conf/machine/microbit-v1.conf
deleted file mode 100644
index ef3872f..0000000
--- a/meta-arm/meta-arm/conf/machine/microbit-v1.conf
+++ /dev/null
@@ -1,24 +0,0 @@
-#@TYPE: Machine
-#@NAME: microbit_v1
-#@DESCRIPTION: Machine for BBC Microbit v1, Zephyr BOARD qemu_cortex_m0
-
-require conf/machine/include/qemu.inc
-require conf/machine/include/arm/armv6m/tune-cortexm0.inc
-
-MACHINEOVERRIDES =. "nordic:"
-
-# GLIBC will not work with Cortex-M.
-TCLIBC = "newlib"
-
-# For runqemu
-QB_SYSTEM_NAME = "qemu-system-arm"
-QB_MACHINE = "-machine microbit"
-QB_CPU = "-cpu cortex-m0"
-QB_GRAPHICS = "-nographic -vga none"
-QB_RNG = ""
-QB_OPT_APPEND = "-icount shift=6,align=off,sleep=on -rtc clock=vm"
-
-# Zephyr RTOS settings
-ZEPHYR_BOARD = "qemu_cortex_m0"
-ZEPHYR_INHERIT_CLASSES += "zephyr-qemuboot"
-ARCH:qemu-cortex-m0 = "arm"
diff --git a/meta-arm/meta-arm/conf/machine/qemu-cortex-a53.conf b/meta-arm/meta-arm/conf/machine/qemu-cortex-a53.conf
deleted file mode 100644
index 7147fac..0000000
--- a/meta-arm/meta-arm/conf/machine/qemu-cortex-a53.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-#@TYPE: Machine
-#@NAME: qemu-cortex-a53
-#@DESCRIPTION: Machine for Zephyr BOARD qemu_cortex_a53
-
-require conf/machine/include/qemu.inc
-require conf/machine/include/arm/armv8a/tune-cortexa53.inc
-
-TCLIBC = "newlib"
-
-# For runqemu
-QB_SYSTEM_NAME = "qemu-system-aarch64"
-QB_MACHINE = "-machine virt"
-QB_CPU = "-cpu cortex-a53"
-QB_GRAPHICS = "-nographic -vga none"
-
-# Zephyr RTOS settings
-ZEPHYR_BOARD = "qemu_cortex_a53"
-ZEPHYR_INHERIT_CLASSES += "zephyr-qemuboot"
-ARCH:qemu-cortex-a53 = "aarch64"
diff --git a/meta-arm/meta-arm/conf/machine/qemuarm-secureboot.conf b/meta-arm/meta-arm/conf/machine/qemuarm-secureboot.conf
index e48d964..f08b84f 100644
--- a/meta-arm/meta-arm/conf/machine/qemuarm-secureboot.conf
+++ b/meta-arm/meta-arm/conf/machine/qemuarm-secureboot.conf
@@ -21,6 +21,3 @@
 IMAGE_BOOT_FILES = "${KERNEL_IMAGETYPE}"
 
 MACHINE_FEATURES += "optee-ftpm"
-
-# FIXME - CPUs 2-4 don't start in the newer OPTEE
-PREFERRED_VERSION_optee-os ?= "3.14%"
diff --git a/meta-arm/meta-arm/lib/fvp/conffile.py b/meta-arm/meta-arm/lib/fvp/conffile.py
index acede40..603851d 100644
--- a/meta-arm/meta-arm/lib/fvp/conffile.py
+++ b/meta-arm/meta-arm/lib/fvp/conffile.py
@@ -51,6 +51,7 @@
     sanitise("terminals", {})
     sanitise("args", [])
     sanitise("consoles", {})
+    sanitise("env", {})
 
     if not config["exe"]:
         raise ValueError("Required value FVP_EXE not set in machine configuration")
diff --git a/meta-arm/meta-arm/lib/fvp/runner.py b/meta-arm/meta-arm/lib/fvp/runner.py
index 7641cd6..c5c795d 100644
--- a/meta-arm/meta-arm/lib/fvp/runner.py
+++ b/meta-arm/meta-arm/lib/fvp/runner.py
@@ -59,8 +59,19 @@
     async def start(self, config, extra_args=[], terminal_choice="none"):
         cli = cli_from_config(config, terminal_choice)
         cli += extra_args
+
+        # Pass through environment variables needed for GUI applications, such
+        # as xterm, to work.
+        env = config['env']
+        for name in ('DISPLAY', 'WAYLAND_DISPLAY'):
+            if name in os.environ:
+                env[name] = os.environ[name]
+
         self._logger.debug(f"Constructed FVP call: {cli}")
-        self._fvp_process = await asyncio.create_subprocess_exec(*cli, stdin=subprocess.DEVNULL, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
+        self._fvp_process = await asyncio.create_subprocess_exec(
+            *cli,
+            stdin=subprocess.DEVNULL, stdout=subprocess.PIPE, stderr=subprocess.STDOUT,
+            env=env)
 
         def detect_terminals(line):
             m = re.match(r"^(\S+): Listening for serial connection on port (\d+)$", line)
diff --git a/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py b/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py
index d1e452f..cf8a3c5 100644
--- a/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py
+++ b/meta-arm/meta-arm/lib/oeqa/selftest/cases/runfvp.py
@@ -20,11 +20,10 @@
         on exit code 0 or fail the test, otherwise return the CompletedProcess
         instance.
         """
-        # Put the test directory in PATH so that any mock FVPs are found first
-        newenv = {"PATH": str(testdir) + ":" + os.environ["PATH"]}
         cli = [runfvp,] + list(args)
         print(f"Calling {cli}")
-        ret = subprocess.run(cli, env=newenv, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, universal_newlines=True)
+        # Set cwd to testdir so that any mock FVPs are found
+        ret = subprocess.run(cli, cwd=testdir, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, universal_newlines=True)
         if should_succeed:
             self.assertEqual(ret.returncode, 0, f"runfvp exit {ret.returncode}, output: {ret.stdout}")
             return ret.stdout
@@ -40,8 +39,6 @@
         self.run_fvp("--this-is-an-invalid-option", should_succeed=False)
 
     def test_run_auto_tests(self):
-        newenv = {"PATH": str(testdir) + ":" + os.environ["PATH"]}
-
         cases = list(testdir.glob("auto-*.json"))
         if not cases:
             self.fail("No tests found")
@@ -79,6 +76,7 @@
             self.assertTrue("terminals" in conf)
             self.assertTrue("args" in conf)
             self.assertTrue("consoles" in conf)
+            self.assertTrue("env" in conf)
 
 
 class RunnerTests(OESelftestTestCase):
@@ -97,6 +95,7 @@
                 "applications": {'a1': 'file'},
                 "terminals": {},
                 "args": ['--extra-arg'],
+                "env": {"FOO": "BAR"}
             }))
 
             m.assert_called_once_with('/usr/bin/FVP_Binary',
@@ -106,4 +105,27 @@
                 '--extra-arg',
                 stdin=unittest.mock.ANY,
                 stdout=unittest.mock.ANY,
-                stderr=unittest.mock.ANY)
+                stderr=unittest.mock.ANY,
+                env={"FOO":"BAR"})
+
+    @unittest.mock.patch.dict(os.environ, {"DISPLAY": ":42", "WAYLAND_DISPLAY": "wayland-42"})
+    def test_env_passthrough(self):
+        from fvp import runner
+        with self.create_mock() as m:
+            fvp = runner.FVPRunner(self.logger)
+            asyncio.run(fvp.start({
+                "fvp-bindir": "/usr/bin",
+                "exe": "FVP_Binary",
+                "parameters": {},
+                "data": [],
+                "applications": {},
+                "terminals": {},
+                "args": [],
+                "env": {"FOO": "BAR"}
+            }))
+
+            m.assert_called_once_with('/usr/bin/FVP_Binary',
+                stdin=unittest.mock.ANY,
+                stdout=unittest.mock.ANY,
+                stderr=unittest.mock.ANY,
+                env={"DISPLAY":":42", "FOO": "BAR", "WAYLAND_DISPLAY": "wayland-42"})
diff --git a/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-basic.json b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-basic.json
index 476eb57..a476ac1 100644
--- a/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-basic.json
+++ b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-basic.json
@@ -1,3 +1,4 @@
 {
+    "fvp-bindir": ".",
     "exe": "auto-basic.sh"
 }
diff --git a/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-parameters.json b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-parameters.json
index 0c7d4ef..a60abac 100644
--- a/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-parameters.json
+++ b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/auto-parameters.json
@@ -1,4 +1,5 @@
 {
+    "fvp-bindir": ".",
     "exe": "test-parameters.py",
     "parameters": {
         "board.cow": "moo",
diff --git a/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/test-parameter.json b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/test-parameter.json
index 9b565f2..031ef66 100644
--- a/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/test-parameter.json
+++ b/meta-arm/meta-arm/lib/oeqa/selftest/cases/tests/test-parameter.json
@@ -1,4 +1,5 @@
 {
+    "fvp-bindir": ".",
     "exe": "test-parameters.py",
     "parameters": {
         "board.cow": "moo"
diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-Fix-build-with-clang-15.patch b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-Fix-build-with-clang-15.patch
new file mode 100644
index 0000000..f037d2b
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-Fix-build-with-clang-15.patch
@@ -0,0 +1,116 @@
+From d96f696244e0869654004f49586b53811037db30 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Thu, 22 Sep 2022 19:13:49 -0700
+Subject: [PATCH] Fix build with clang-15
+
+Clang-15 warns about prototypes a bit harder
+Remove unused variable suites_in_image
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+---
+ test/hftest/common.c                                         | 2 --
+ test/vmapi/arch/aarch64/gicv3/gicv3.c                        | 2 +-
+ test/vmapi/arch/aarch64/gicv3/inc/gicv3.h                    | 2 +-
+ test/vmapi/arch/aarch64/gicv3/timer_secondary.c              | 2 +-
+ test/vmapi/el0_partitions/services/interruptible.c           | 2 +-
+ test/vmapi/el0_partitions/services/interruptible_echo.c      | 2 +-
+ test/vmapi/primary_with_secondaries/services/interruptible.c | 2 +-
+ 7 files changed, 6 insertions(+), 8 deletions(-)
+
+diff --git a/test/hftest/common.c b/test/hftest/common.c
+index 344ff24..175230a 100644
+--- a/test/hftest/common.c
++++ b/test/hftest/common.c
+@@ -67,7 +67,6 @@ void hftest_json(void)
+ {
+ 	const char *suite = NULL;
+ 	size_t i;
+-	size_t suites_in_image = 0;
+ 	size_t tests_in_suite = 0;
+ 
+ 	HFTEST_LOG("{");
+@@ -81,7 +80,6 @@ void hftest_json(void)
+ 				HFTEST_LOG("    },");
+ 			}
+ 			/* Move onto new suite. */
+-			++suites_in_image;
+ 			suite = test->suite;
+ 			tests_in_suite = 0;
+ 			HFTEST_LOG("    {");
+diff --git a/test/vmapi/arch/aarch64/gicv3/gicv3.c b/test/vmapi/arch/aarch64/gicv3/gicv3.c
+index 682bc4e..82582f0 100644
+--- a/test/vmapi/arch/aarch64/gicv3/gicv3.c
++++ b/test/vmapi/arch/aarch64/gicv3/gicv3.c
+@@ -42,7 +42,7 @@ static void irq(void)
+ 	dlog("primary IRQ %d ended\n", interrupt_id);
+ }
+ 
+-void system_setup()
++void system_setup(void)
+ {
+ 	const uint32_t mode = MM_MODE_R | MM_MODE_W | MM_MODE_D;
+ 	hftest_mm_identity_map((void *)GICD_BASE, PAGE_SIZE, mode);
+diff --git a/test/vmapi/arch/aarch64/gicv3/inc/gicv3.h b/test/vmapi/arch/aarch64/gicv3/inc/gicv3.h
+index 5faf3a8..f681e58 100644
+--- a/test/vmapi/arch/aarch64/gicv3/inc/gicv3.h
++++ b/test/vmapi/arch/aarch64/gicv3/inc/gicv3.h
+@@ -30,4 +30,4 @@ extern void *recv_buffer;
+ 
+ extern volatile uint32_t last_interrupt_id;
+ 
+-void system_setup();
++void system_setup(void);
+diff --git a/test/vmapi/arch/aarch64/gicv3/timer_secondary.c b/test/vmapi/arch/aarch64/gicv3/timer_secondary.c
+index ebc4db3..8260e10 100644
+--- a/test/vmapi/arch/aarch64/gicv3/timer_secondary.c
++++ b/test/vmapi/arch/aarch64/gicv3/timer_secondary.c
+@@ -55,7 +55,7 @@ TEAR_DOWN(timer_secondary_ffa)
+ 	EXPECT_FFA_ERROR(ffa_rx_release(), FFA_DENIED);
+ }
+ 
+-static void timer_busywait_secondary()
++static void timer_busywait_secondary(void)
+ {
+ 	const char message[] = "loop 0099999";
+ 	const char expected_response[] = "Got IRQ 03.";
+diff --git a/test/vmapi/el0_partitions/services/interruptible.c b/test/vmapi/el0_partitions/services/interruptible.c
+index 0d00b16..3c3250d 100644
+--- a/test/vmapi/el0_partitions/services/interruptible.c
++++ b/test/vmapi/el0_partitions/services/interruptible.c
+@@ -43,7 +43,7 @@ static void irq(void)
+  * Try to receive a message from the mailbox, blocking if necessary, and
+  * retrying if interrupted.
+  */
+-static struct ffa_value mailbox_receive_retry()
++static struct ffa_value mailbox_receive_retry(void)
+ {
+ 	struct ffa_value received;
+ 
+diff --git a/test/vmapi/el0_partitions/services/interruptible_echo.c b/test/vmapi/el0_partitions/services/interruptible_echo.c
+index b618cf2..636ebc9 100644
+--- a/test/vmapi/el0_partitions/services/interruptible_echo.c
++++ b/test/vmapi/el0_partitions/services/interruptible_echo.c
+@@ -32,7 +32,7 @@ static void irq(void)
+  * Try to receive a message from the mailbox, blocking if necessary, and
+  * retrying if interrupted.
+  */
+-static struct ffa_value mailbox_receive_retry()
++static struct ffa_value mailbox_receive_retry(void)
+ {
+ 	struct ffa_value received;
+ 
+diff --git a/test/vmapi/primary_with_secondaries/services/interruptible.c b/test/vmapi/primary_with_secondaries/services/interruptible.c
+index cc1c1f9..c94093b 100644
+--- a/test/vmapi/primary_with_secondaries/services/interruptible.c
++++ b/test/vmapi/primary_with_secondaries/services/interruptible.c
+@@ -40,7 +40,7 @@ static void irq(void)
+  * Try to receive a message from the mailbox, blocking if necessary, and
+  * retrying if interrupted.
+  */
+-struct ffa_value mailbox_receive_retry()
++struct ffa_value mailbox_receive_retry(void)
+ {
+ 	struct ffa_value received;
+ 
diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-define-_Noreturn-if-needed.patch b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-define-_Noreturn-if-needed.patch
index b73c533..6f61177 100644
--- a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-define-_Noreturn-if-needed.patch
+++ b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/0001-define-_Noreturn-if-needed.patch
@@ -1,4 +1,4 @@
-From 0d941ba32a082023575fd0d14d52a12b7547b367 Mon Sep 17 00:00:00 2001
+From a433727e0fe8424db984f3afa2bda898dd517e9d Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Tue, 19 Apr 2022 22:32:56 -0700
 Subject: [PATCH] define _Noreturn if needed
@@ -11,12 +11,13 @@
 ^
 
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
 ---
  inc/hf/panic.h | 4 ++++
  1 file changed, 4 insertions(+)
 
 diff --git a/inc/hf/panic.h b/inc/hf/panic.h
-index ec864e4f..588f1193 100644
+index ec864e4..588f119 100644
 --- a/inc/hf/panic.h
 +++ b/inc/hf/panic.h
 @@ -10,4 +10,8 @@
@@ -28,6 +29,3 @@
 +#endif
 +
  noreturn void panic(const char *fmt, ...);
--- 
-2.36.0
-
diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/host-ld.patch b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/host-ld.patch
index 040d61b..2a34239 100644
--- a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/host-ld.patch
+++ b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/host-ld.patch
@@ -1,3 +1,8 @@
+From 9b1b93184c365a07b340c9404a6a0581e971bd54 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Tue, 9 Nov 2021 23:31:22 +0000
+Subject: [PATCH] arm/hafnium: fix kernel tool linking
+
 We need to be sure that the host linker flags are passed to the kernel build,
 as otherwise it is possible that binaries are incorrectly linked. For example:
 
@@ -7,8 +12,12 @@
 Upstream-Status: Inappropriate
 Signed-off-by: Ross Burton <ross.burton@arm.com>
 
+---
+ build/linux/linux.gni | 1 +
+ 1 file changed, 1 insertion(+)
+
 diff --git a/build/linux/linux.gni b/build/linux/linux.gni
-index 65cc9df..19adbfb 100644
+index 45860fa..b010254 100644
 --- a/build/linux/linux.gni
 +++ b/build/linux/linux.gni
 @@ -60,6 +60,7 @@ template("linux_kernel") {
@@ -16,6 +25,6 @@
      "LLVM_IAS=1",
      "CROSS_COMPILE=aarch64-linux-gnu-",
 +    "HOSTLDFLAGS=" + getenv("BUILD_LDFLAGS"),
-
+ 
      # Build out-of-tree in `target_out_dir`.
      "O=" + rebase_path(target_out_dir),
diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/native-dtc.patch b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/native-dtc.patch
deleted file mode 100644
index 840c0bc..0000000
--- a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/native-dtc.patch
+++ /dev/null
@@ -1,16 +0,0 @@
-Use our dtc tools instead of the prebuilt (x86-64-only) binaries.
-
-Upstream-Status: Pending [part of a larger effort to remove prebuilt]
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-
-diff --git a/build/image/dtc.py b/build/image/dtc.py
-index d077818..1513120 100755
---- a/build/image/dtc.py
-+++ b/build/image/dtc.py
-@@ -16,4 +16,2 @@ import sys
--HF_ROOT = os.path.dirname(os.path.dirname(os.path.dirname(__file__)))
--DTC_ROOT = os.path.join(HF_ROOT, "prebuilts", "linux-x64", "dtc")
--DTC = os.path.join(DTC_ROOT, "dtc")
--FDTOVERLAY = os.path.join(DTC_ROOT, "fdtoverlay")
-+DTC = "dtc"
-+FDTOVERLAY = "fdtoverlay"
diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/pkg-config-native.patch b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/pkg-config-native.patch
index bc03195..40129ac 100644
--- a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/pkg-config-native.patch
+++ b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium/pkg-config-native.patch
@@ -1,20 +1,29 @@
-Use pkg-config-native to find the libssl headers.
+From b0405e0e25740ca0ea8b75d9b3b4f35b39d82e0e Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Sat, 17 Jul 2021 14:38:02 -0500
+Subject: [PATCH] Use pkg-config-native to find the libssl headers.
 
 Upstream-Status: Inappropriate
 Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ scripts/Makefile | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/scripts/Makefile b/scripts/Makefile
-index b4b7d8b58..26a5160ee 100644
---- a/third_party/linux/scripts/Makefile
-+++ b/third_party/linux/scripts/Makefile
-@@ -10,8 +10,8 @@
-
- HOST_EXTRACFLAGS += -I$(srctree)/tools/include
-
+index 9adb6d247..5fe371c7d 100644
+--- a/scripts/Makefile
++++ b/scripts/Makefile
+@@ -3,8 +3,8 @@
+ # scripts contains sources for various helper programs used throughout
+ # the kernel for the build process.
+ 
 -CRYPTO_LIBS = $(shell pkg-config --libs libcrypto 2> /dev/null || echo -lcrypto)
 -CRYPTO_CFLAGS = $(shell pkg-config --cflags libcrypto 2> /dev/null)
 +CRYPTO_LIBS = $(shell pkg-config-native --libs libcrypto 2> /dev/null || echo -lcrypto)
 +CRYPTO_CFLAGS = $(shell pkg-config-native --cflags libcrypto 2> /dev/null)
+ 
+ hostprogs-always-$(CONFIG_BUILD_BIN2C)			+= bin2c
+ hostprogs-always-$(CONFIG_KALLSYMS)			+= kallsyms
+-- 
+2.30.2
 
- hostprogs-$(CONFIG_BUILD_BIN2C)  += bin2c
- hostprogs-$(CONFIG_KALLSYMS)     += kallsyms
diff --git a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.6.bb b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.7.bb
similarity index 85%
rename from meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.6.bb
rename to meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.7.bb
index ae89e8d..0c4e294 100644
--- a/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.6.bb
+++ b/meta-arm/meta-arm/recipes-bsp/hafnium/hafnium_2.7.bb
@@ -7,14 +7,19 @@
 
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 
-inherit deploy python3native pkgconfig
+
+CLANGNATIVE = ""
+CLANGNATIVE:runtime-llvm = "clang-native"
+
+inherit deploy python3native pkgconfig ${CLANGNATIVE}
 
 SRC_URI = "gitsm://git.trustedfirmware.org/hafnium/hafnium.git;protocol=https;branch=master \
            file://0001-define-_Noreturn-if-needed.patch \
            file://host-ld.patch \
-           file://pkg-config-native.patch \
-           file://native-dtc.patch"
-SRCREV = "55b74f893948dd08d2782dd8fa9e903c143a6704"
+           file://pkg-config-native.patch;patchdir=third_party/linux \
+           file://0001-Fix-build-with-clang-15.patch \
+          "
+SRCREV = "79e9522d26fc2a88a44af149034acc27312b73a1"
 S = "${WORKDIR}/git"
 B = "${WORKDIR}/build"
 
@@ -72,3 +77,5 @@
     if d.getVar("BUILD_ARCH") != "x86_64":
         raise bb.parse.SkipRecipe("Cannot be built on non-x86-64 hosts")
 }
+
+EXCLUDE_FROM_WORLD = "1"
diff --git a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb
index bda2771..c10efd5 100644
--- a/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb
+++ b/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_1.6.0.bb
@@ -16,20 +16,23 @@
                     file://../mcuboot/LICENSE;md5=b6ee33f1d12a5e6ee3de1e82fb51eeb8"
 
 SRC_URI  = "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https;branch=${SRCBRANCH_tfm};name=tfm;destsuffix=git/tfm \
-            git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https;branch=release/1.6.x;name=tfm-tests;destsuffix=git/tf-m-tests \
-            git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=master;name=mbedtls;destsuffix=git/mbedtls \
-            git://github.com/mcu-tools/mcuboot.git;protocol=https;branch=main;name=mcuboot;destsuffix=git/mcuboot \
+            git://git.trustedfirmware.org/TF-M/tf-m-tests.git;protocol=https;branch=${SRCBRANCH_tfm-tests};name=tfm-tests;destsuffix=git/tf-m-tests \
+            git://github.com/ARMmbed/mbedtls.git;protocol=https;branch=${SRCBRANCH_mbedtls};name=mbedtls;destsuffix=git/mbedtls \
+            git://github.com/mcu-tools/mcuboot.git;protocol=https;branch=${SRCBRANCH_mcuboot};name=mcuboot;destsuffix=git/mcuboot \
             "
 
 # The required dependencies are documented in tf-m/config/config_default.cmake
 # TF-Mv1.6.0
-SRCBRANCH_tfm = "release/1.6.x"
+SRCBRANCH_tfm ?= "release/1.6.x"
 SRCREV_tfm = "7387d88158701a3c51ad51c90a05326ee12847a8"
 # mbedtls-3.1.0
+SRCBRANCH_mbedtls ?= "master"
 SRCREV_mbedtls = "d65aeb37349ad1a50e0f6c9b694d4b5290d60e49"
 # TF-Mv1.6.0
+SRCBRANCH_tfm-tests ?= "release/1.6.x"
 SRCREV_tfm-tests = "723905d46019596f3f2df66d79b5d6bff6f3f213"
 # v1.9.0
+SRCBRANCH_mcuboot ?= "main"
 SRCREV_mcuboot = "c657cbea75f2bb1faf1fceacf972a0537a8d26dd"
 
 UPSTREAM_CHECK_GITTAGREGEX = "^TF-Mv(?P<pver>\d+(\.\d+)+)$"
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware.inc b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware.inc
index e0dfa28..c9f1f1d 100644
--- a/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware.inc
+++ b/meta-arm/meta-arm/recipes-bsp/uefi/edk2-firmware.inc
@@ -81,7 +81,7 @@
 TOOLCHAIN:arm = "gcc"
 
 do_configure:prepend() {
-    sed -i -e "s#-target ${HOST_ARCH}-linux-gnu*#-target ${HOST_SYS}#" ${S}/BaseTools/Conf/tools_def.template
+    sed -i -e "s#-target ${HOST_ARCH}-linux-gnu.*#-target ${HOST_SYS}#" ${S}/BaseTools/Conf/tools_def.template
 }
 
 do_compile() {
diff --git a/meta-arm/meta-arm/recipes-bsp/uefi/files/unaligned.patch b/meta-arm/meta-arm/recipes-bsp/uefi/files/unaligned.patch
index fa13956..783b764 100644
--- a/meta-arm/meta-arm/recipes-bsp/uefi/files/unaligned.patch
+++ b/meta-arm/meta-arm/recipes-bsp/uefi/files/unaligned.patch
@@ -1,4 +1,8 @@
-Latest clang is causing build failures because -Werror is used:
+From 17f490101f51b03c1ffc7151cc35e9fbd42b6060 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Tue, 22 Feb 2022 10:38:13 +0000
+Subject: [PATCH] Latest clang is causing build failures because -Werror is
+ used
 
   edk2/MdeModulePkg/Include/Guid/ExtendedFirmwarePerformance.h:78:47:
   error: field Guid within 'FPDT_GUID_EVENT_RECORD' is less aligned than 'EFI_GUID'
@@ -11,11 +15,20 @@
 
 Upstream-Status: Pending
 Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ BaseTools/Conf/tools_def.template | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/BaseTools/Conf/tools_def.template b/BaseTools/Conf/tools_def.template
-index f2bb6247e8..ca2b449f0a 100755
+index 5ed19810b7..9b4f173519 100755
 --- a/BaseTools/Conf/tools_def.template
 +++ b/BaseTools/Conf/tools_def.template
-@@ -2570 +2570 @@ DEFINE CLANG38_X64_TARGET           = -target x86_64-pc-linux-gnu
+@@ -2548,7 +2548,7 @@ DEFINE CLANG38_X64_PREFIX           = ENV(CLANG38_BIN)
+ DEFINE CLANG38_IA32_TARGET          = -target i686-pc-linux-gnu

+ DEFINE CLANG38_X64_TARGET           = -target x86_64-pc-linux-gnu

+ 

 -DEFINE CLANG38_WARNING_OVERRIDES    = -Wno-parentheses-equality -Wno-tautological-compare -Wno-tautological-constant-out-of-range-compare -Wno-empty-body -Wno-unused-const-variable -Wno-varargs -Wno-unknown-warning-option -Wno-unused-but-set-variable -Wno-unused-const-variable

-+DEFINE CLANG38_WARNING_OVERRIDES    = -Wno-parentheses-equality -Wno-tautological-compare -Wno-tautological-constant-out-of-range-compare -Wno-empty-body -Wno-unused-const-variable -Wno-varargs -Wno-unknown-warning-option -Wno-unused-but-set-variable -Wno-unused-const-variable -Wno-error=unaligned-access

++DEFINE CLANG38_WARNING_OVERRIDES    = -Wno-parentheses-equality -Wno-tautological-compare -Wno-tautological-constant-out-of-range-compare -Wno-empty-body -Wno-unused-const-variable -Wno-varargs -Wno-unknown-warning-option -Wno-unused-but-set-variable -Wno-unused-const-variable -Wno-error=unaligned-access -Wno-unused-command-line-argument 

+ DEFINE CLANG38_ALL_CC_FLAGS         = DEF(GCC48_ALL_CC_FLAGS) DEF(CLANG38_WARNING_OVERRIDES) -fno-stack-protector -mms-bitfields -Wno-address -Wno-shift-negative-value -Wno-unknown-pragmas -Wno-incompatible-library-redeclaration -fno-asynchronous-unwind-tables -mno-sse -mno-mmx -msoft-float -mno-implicit-float  -ftrap-function=undefined_behavior_has_been_optimized_away_by_clang -funsigned-char -fno-ms-extensions -Wno-null-dereference

+ 

+ ###########################

diff --git a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.18.16.bb b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.19.14.bb
similarity index 85%
rename from meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.18.16.bb
rename to meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.19.14.bb
index e8704c2..3ef0891 100644
--- a/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.18.16.bb
+++ b/meta-arm/meta-arm/recipes-devtools/fvp/fvp-base-r-aem_11.19.14.bb
@@ -5,6 +5,6 @@
                     file://license_terms/third_party_licenses/third_party_licenses.txt;md5=34a1ba318d745f05e6197def68ea5411 \
                     file://license_terms/third_party_licenses/arm_license_management_utilities/third_party_licenses.txt;md5=2e53bda6ff2db4c35d69944b93926c9f"
 
-SRC_URI[sha256sum] = "a7a5ee0b7f3b84a2e98e136a6f3ab648e4b6b5ad365186a397595f3f7c69f558"
+SRC_URI[sha256sum] = "788ede659414af36a2d09489e400c4d822c859b726565f1f171bc3102a9413d0"
 
 MODEL_CODE = "FVP_Base_AEMv8R"
diff --git a/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb b/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb
new file mode 100644
index 0000000..453d456
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-devtools/trusted-firmware-m-scripts/trusted-firmware-m-scripts-native_1.6.0.bb
@@ -0,0 +1,24 @@
+
+SRC_URI = "git://git.trustedfirmware.org/TF-M/trusted-firmware-m.git;protocol=https;branch=${SRCBRANCH}"
+# Use the wrapper script from TF-Mv1.6.0
+SRCBRANCH ?= "release/1.6.x"
+SRCREV = "7387d88158701a3c51ad51c90a05326ee12847a8"
+
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://license.rst;md5=07f368487da347f3c7bd0fc3085f3afa"
+
+S = "${WORKDIR}/git"
+
+inherit native
+
+RDEPENDS:${PN} = "python3-imgtool-native python3-click-native"
+
+do_configure[noexec] = "1"
+do_compile[noexec] = "1"
+
+do_install() {
+    install -d ${D}/${libdir}
+    cp -rf ${S}/bl2/ext/mcuboot/scripts/ ${D}/${libdir}/tfm-scripts
+    cp -rf ${S}/bl2/ext/mcuboot/*.pem ${D}/${libdir}/tfm-scripts
+}
+FILES:${PN} = "${libdir}/tfm-scripts"
diff --git a/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/ffa-debugfs-mod_2.1.0.bb b/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/ffa-debugfs-mod_2.1.0.bb
deleted file mode 100644
index 4051c34..0000000
--- a/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/ffa-debugfs-mod_2.1.0.bb
+++ /dev/null
@@ -1,39 +0,0 @@
-SUMMARY = "FF-A Debugfs Linux kernel module"
-DESCRIPTION = "This out-of-tree kernel module exposes FF-A operations to user space \
-used for development purposes"
-LICENSE = "GPL-2.0-only"
-LIC_FILES_CHKSUM = "file://arm_ffa_user.c;beginline=1;endline=1;md5=fcab174c20ea2e2bc0be64b493708266"
-
-SRC_URI = "git://git.gitlab.arm.com/linux-arm/linux-trusted-services.git;branch=main;protocol=https"
-
-# ffa-debugfs v2.1.0
-SRCREV = "77967912d033144aff2695cecbd52d3be450deaa"
-
-S = "${WORKDIR}/git"
-
-inherit module
-
-SRC_URI:append = " \
-    file://0001-build-add-Yocto-support.patch   \
-    file://0002-script-loading-the-driver-in-a-generic-way.patch \
-  "
-
-FILES:${PN} += "${bindir}/load_ffa_debugfs.sh"
-FILES:${PN}-dev += "${includedir}/arm_ffa_user.h"
-
-do_install:append() {
-  install -D -p -m 0755 ${B}/load_ffa_debugfs.sh ${D}/${bindir}/load_ffa_debugfs.sh
-  install -m 0644 ${S}/arm_ffa_user.h ${D}/${includedir}/arm_ffa_user.h
-}
-
-COMPATIBLE_HOST = "(arm|aarch64).*-linux"
-
-# Kernel modules currently RDEPEND on the kernel, which is troublesome when you want to put a
-# kernel module into a initramfs without pulling the kernel into the initramfs, which would be
-# silly.  Until this is a recommends the easiest way to handle this is to remove the dependency
-# in this recipe.
-PACKAGESPLITFUNCS:append = " remove_kernel_dependency"
-python remove_kernel_dependency() {
-  key = "RDEPENDS:kernel-module-arm-ffa-user-" + d.getVar("KERNEL_VERSION")
-  d.delVar(key)
-}
diff --git a/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/files/0001-build-add-Yocto-support.patch b/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/files/0001-build-add-Yocto-support.patch
deleted file mode 100644
index 5d7e977..0000000
--- a/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/files/0001-build-add-Yocto-support.patch
+++ /dev/null
@@ -1,79 +0,0 @@
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Arpita S.K <arpita.s.k@arm.com>
-
-From 8a7bea4e7d08395036ffc2fde57c4fb44315e181 Mon Sep 17 00:00:00 2001
-From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-Date: Mon, 25 Oct 2021 13:12:11 +0100
-Subject: [PATCH 1/2] build: add Yocto support
-
-This commit allows to build the driver under Yocto
-
-Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
----
- Kbuild   |  4 ----
- Makefile | 40 +++++++++++-----------------------------
- 2 files changed, 11 insertions(+), 33 deletions(-)
- delete mode 100644 Kbuild
-
-diff --git a/Kbuild b/Kbuild
-deleted file mode 100644
-index 330b019..0000000
---- a/Kbuild
-+++ /dev/null
-@@ -1,4 +0,0 @@
--# SPDX-License-Identifier: GPL-2.0-only
--
--arm-ffa-user-objs := arm_ffa_user.o
--obj-m := arm-ffa-user.o
-diff --git a/Makefile b/Makefile
-index 62dbfb1..90dfaef 100644
---- a/Makefile
-+++ b/Makefile
-@@ -1,33 +1,15 @@
--# SPDX-License-Identifier: GPL-2.0-only
-+arm-ffa-user-objs := arm_ffa_user.o
-+obj-m := arm-ffa-user.o
- 
--ARCH			:= arm64
--CROSS_COMPILE		?= aarch64-linux-gnu-
-+SRC := $(shell pwd)
- 
--ROOT			?= $(CURDIR)/..
--KDIR			?= $(ROOT)/linux
--TARGET_DIR		?= $(ROOT)/shared
--BUILD_DIR		?= $(CURDIR)/build
--BUILD_DIR_MAKEFILE 	?= $(BUILD_DIR)/Makefile
-+all:
-+	$(MAKE) -C $(KERNEL_SRC) M=$(SRC)
- 
--all: module
-+modules_install:
-+	$(MAKE) -C $(KERNEL_SRC) M=$(SRC) modules_install
- 
--clean: module-clean
--
--install: all
--	cp $(BUILD_DIR)/arm-ffa-user.ko $(TARGET_DIR)/
--	cp load_module.sh $(TARGET_DIR)/
--
--module: $(BUILD_DIR_MAKEFILE)
--	$(MAKE) -C $(KDIR) M=$(BUILD_DIR) src=$(CURDIR) modules \
--		ARCH=$(ARCH) CROSS_COMPILE="$(CROSS_COMPILE)"
--
--module-clean:
--	$(MAKE) -C $(KDIR) M=$(BUILD_DIR) src=$(CURDIR) clean \
--		ARCH=$(ARCH) CROSS_COMPILE="$(CROSS_COMPILE)"
--	rm $(BUILD_DIR_MAKEFILE)
--
--$(BUILD_DIR):
--	mkdir -p "$@"
--
--$(BUILD_DIR_MAKEFILE): $(BUILD_DIR)
--	touch "$@"
-+clean:
-+	rm -f *.o *~ core .depend .*.cmd *.ko *.mod.c
-+	rm -f Module.markers Module.symvers modules.order
-+	rm -rf .tmp_versions Modules.symvers
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/files/0002-script-loading-the-driver-in-a-generic-way.patch b/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/files/0002-script-loading-the-driver-in-a-generic-way.patch
deleted file mode 100644
index e2469d9..0000000
--- a/meta-arm/meta-arm/recipes-kernel/ffa-debugfs/files/0002-script-loading-the-driver-in-a-generic-way.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-Upstream-Status: Pending [Not submitted to upstream yet]
-Signed-off-by: Arpita S.K <arpita.s.k@arm.com>
-
-From e5d9dfa703a5a57e535b5dab4eda47a9707972d3 Mon Sep 17 00:00:00 2001
-From: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
-Date: Mon, 25 Oct 2021 12:51:37 +0100
-Subject: [PATCH 2/2] script: loading the driver in a generic way
-
-Use the kernel module from the modules path.
-
-Signed-off-by: Abdellatif El Khlifi <abdellatif.elkhlifi@arm.com>
----
- load_module.sh => load_ffa_debugfs.sh | 8 ++++++--
- 1 file changed, 6 insertions(+), 2 deletions(-)
- rename load_module.sh => load_ffa_debugfs.sh (50%)
- mode change 100755 => 100644
-
-diff --git a/load_module.sh b/load_ffa_debugfs.sh
-old mode 100755
-new mode 100644
-similarity index 50%
-rename from load_module.sh
-rename to load_ffa_debugfs.sh
-index 2137245..4f31ff3
---- a/load_module.sh
-+++ b/load_ffa_debugfs.sh
-@@ -1,10 +1,14 @@
- #!/bin/sh
-+#
-+# Use:
-+# load_ffa_debugfs.sh <folder containing sp_uuid_list.txt>
-+#
- 
--[ ! -f $(dirname "$0")/sp_uuid_list.txt ] && \
-+[ ! -f "$1"/sp_uuid_list.txt ] && \
- 	{ echo "Error: missing SP UUID list"; exit 1; }
- 
- if ! grep -qs 'arm-ffa-user' /proc/modules; then
--	insmod $(dirname "$0")/arm-ffa-user.ko uuid_str_list=$(cat $(dirname "$0")/sp_uuid_list.txt)
-+	insmod /lib/modules/$(uname -r)/extra/arm-ffa-user.ko uuid_str_list=$(cat "$1"/sp_uuid_list.txt)
- fi
- 
- if ! grep -qs 'debugfs' /proc/mounts; then
--- 
-2.17.1
-
diff --git a/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_5.19%.bbappend b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_5.19%.bbappend
new file mode 100644
index 0000000..7dec2f5
--- /dev/null
+++ b/meta-arm/meta-arm/recipes-kernel/linux/linux-yocto_5.19%.bbappend
@@ -0,0 +1,9 @@
+# enable arm_ffa regardless on 5.19
+SRC_URI:append:qemuarm = " \
+    file://tee.cfg \
+    file://arm-ffa-transport.cfg \
+"
+SRC_URI:append:qemuarm64 = " \
+    file://tee.cfg \
+    file://arm-ffa-transport.cfg \
+"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-client_3.14.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-client_3.14.0.bb
deleted file mode 100644
index be78b88..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-client_3.14.0.bb
+++ /dev/null
@@ -1,3 +0,0 @@
-require optee-client.inc
-
-SRCREV = "06e1b32f6a7028e039c625b07cfc25fda0c17d53"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
deleted file mode 100644
index f2b5f7d..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-examples_3.14.0.bb
+++ /dev/null
@@ -1,4 +0,0 @@
-require optee-examples.inc
-
-SRCREV = "e9c870525af8f7e7fccf575a0ca5394ce55adcec"
-
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
deleted file mode 100644
index 0d37a52..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os-tadevkit_3.14.0.bb
+++ /dev/null
@@ -1,20 +0,0 @@
-FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os:"
-require optee-os_3.14.0.bb
-
-SUMMARY = "OP-TEE Trusted OS TA devkit"
-DESCRIPTION = "OP-TEE TA devkit for build TAs"
-HOMEPAGE = "https://www.op-tee.org/"
-
-do_install() {
-    #install TA devkit
-    install -d ${D}${includedir}/optee/export-user_ta/
-    for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do
-        cp -aR $f ${D}${includedir}/optee/export-user_ta/
-    done
-}
-
-do_deploy() {
-	echo "Do not inherit do_deploy from optee-os."
-}
-
-FILES:${PN} = "${includedir}/optee/"
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/0001-core-Define-section-attributes-for-clang.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0001-core-Define-section-attributes-for-clang.patch
index db88e7f..a69d777 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os/0001-core-Define-section-attributes-for-clang.patch
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0001-core-Define-section-attributes-for-clang.patch
@@ -37,11 +37,9 @@
  core/kernel/thread.c             | 13 +++++++++++-
  4 files changed, 71 insertions(+), 8 deletions(-)
 
-diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c
-index f083b159e..432983c86 100644
 --- a/core/arch/arm/kernel/thread.c
 +++ b/core/arch/arm/kernel/thread.c
-@@ -44,15 +44,30 @@ static size_t thread_user_kcode_size __nex_bss;
+@@ -44,16 +44,31 @@ static size_t thread_user_kcode_size __n
  #if defined(CFG_CORE_UNMAP_CORE_AT_EL0) && \
  	defined(CFG_CORE_WORKAROUND_SPECTRE_BP_SEC) && defined(ARM64)
  long thread_user_kdata_sp_offset __nex_bss;
@@ -64,21 +62,20 @@
 -	__section(".nex_nozi.kdata_page");
 +	__section(".nex_nozi.kdata_page")
  #endif
-+#endif
+ #endif
 +    ;
 +#endif
 +
 +/* reset BSS section to default ( .bss ) */
 +#ifdef __clang__
 +#pragma clang section bss=""
- #endif
++#endif
  
  #ifdef ARM32
-diff --git a/core/arch/arm/mm/core_mmu_lpae.c b/core/arch/arm/mm/core_mmu_lpae.c
-index 19cd7b61b..78f5910c5 100644
+ uint32_t __nostackcheck thread_get_exceptions(void)
 --- a/core/arch/arm/mm/core_mmu_lpae.c
 +++ b/core/arch/arm/mm/core_mmu_lpae.c
-@@ -230,19 +230,46 @@ typedef uint16_t l1_idx_t;
+@@ -233,19 +233,46 @@ typedef uint16_t l1_idx_t;
  typedef uint64_t base_xlat_tbls_t[CFG_TEE_CORE_NB_CORE][NUM_BASE_LEVEL_ENTRIES];
  typedef uint64_t xlat_tbl_t[XLAT_TABLE_ENTRIES];
  
@@ -129,8 +126,6 @@
  /*
   * TAs page table entry inside a level 1 page table.
   *
-diff --git a/core/arch/arm/mm/pgt_cache.c b/core/arch/arm/mm/pgt_cache.c
-index d658b3e68..6c36706c0 100644
 --- a/core/arch/arm/mm/pgt_cache.c
 +++ b/core/arch/arm/mm/pgt_cache.c
 @@ -104,8 +104,18 @@ void pgt_init(void)
@@ -153,11 +148,9 @@
  	size_t n;
  
  	for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) {
-diff --git a/core/kernel/thread.c b/core/kernel/thread.c
-index 18d34e6ad..086129e28 100644
 --- a/core/kernel/thread.c
 +++ b/core/kernel/thread.c
-@@ -37,13 +37,24 @@ struct thread_core_local thread_core_local[CFG_TEE_CORE_NB_CORE] __nex_bss;
+@@ -37,13 +37,24 @@ struct thread_core_local thread_core_loc
  	name[stack_num][sizeof(name[stack_num]) / sizeof(uint32_t) - 1]
  #endif
  
@@ -183,6 +176,55 @@
  #define GET_STACK(stack) ((vaddr_t)(stack) + STACK_SIZE(stack))
  
  DECLARE_STACK(stack_tmp, CFG_TEE_CORE_NB_CORE,
--- 
-2.37.2
-
+--- a/core/arch/arm/mm/core_mmu_v7.c
++++ b/core/arch/arm/mm/core_mmu_v7.c
+@@ -204,16 +204,46 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_EN
+ typedef uint32_t l2_xlat_tbl_t[NUM_L2_ENTRIES];
+ typedef uint32_t ul1_xlat_tbl_t[NUM_UL1_ENTRIES];
+ 
++#ifdef __clang__
++#pragma clang section bss=".nozi.mmu.l1"
++#endif
+ static l1_xlat_tbl_t main_mmu_l1_ttb
+-		__aligned(L1_ALIGNMENT) __section(".nozi.mmu.l1");
++		__aligned(L1_ALIGNMENT)
++#ifndef __clang__
++       __section(".nozi.mmu.l1")
++#endif
++;
++#ifdef __clang__
++#pragma clang section bss=""
++#endif
+ 
+ /* L2 MMU tables */
++#ifdef __clang__
++#pragma clang section bss=".nozi.mmu.l2"
++#endif
+ static l2_xlat_tbl_t main_mmu_l2_ttb[MAX_XLAT_TABLES]
+-		__aligned(L2_ALIGNMENT) __section(".nozi.mmu.l2");
++		__aligned(L2_ALIGNMENT)
++#ifndef __clang__
++       __section(".nozi.mmu.l2")
++#endif
++;
++#ifdef __clang__
++#pragma clang section bss=""
++#endif
+ 
+ /* MMU L1 table for TAs, one for each thread */
++#ifdef __clang__
++#pragma clang section bss=".nozi.mmu.ul1"
++#endif
+ static ul1_xlat_tbl_t main_mmu_ul1_ttb[CFG_NUM_THREADS]
+-		__aligned(UL1_ALIGNMENT) __section(".nozi.mmu.ul1");
++		__aligned(UL1_ALIGNMENT)
++#ifndef __clang__
++       __section(".nozi.mmu.ul1")
++#endif
++;
++#ifdef __clang__
++#pragma clang section bss=""
++#endif
+ 
+ struct mmu_partition {
+ 	l1_xlat_tbl_t *l1_table;
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch
index 1700539..ab4a6db 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0006-allow-setting-sysroot-for-libgcc-lookup.patch
@@ -1,4 +1,4 @@
-From 0bab935695ebcf0c533b49896ab18ff33d4a47d1 Mon Sep 17 00:00:00 2001
+From 528aeb42652a3159c1bfd51d6c1442c3ff27b84c Mon Sep 17 00:00:00 2001
 From: Ross Burton <ross.burton@arm.com>
 Date: Tue, 26 May 2020 14:38:02 -0500
 Subject: [PATCH] allow setting sysroot for libgcc lookup
@@ -9,6 +9,7 @@
 
 Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188]
 Signed-off-by: Ross Burton <ross.burton@arm.com>
+
 ---
  mk/gcc.mk | 6 +++---
  1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch
index 5c0d0a5..067ba6e 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0007-allow-setting-sysroot-for-clang.patch
@@ -1,4 +1,4 @@
-From 3167f2c0dba4db59d61b60a8fe66f969d20aafa9 Mon Sep 17 00:00:00 2001
+From db9e44af75c7cfd3316cab15aaa387383df3e57e Mon Sep 17 00:00:00 2001
 From: Brett Warren <brett.warren@arm.com>
 Date: Wed, 23 Sep 2020 09:27:34 +0100
 Subject: [PATCH] optee: enable clang support
@@ -10,12 +10,13 @@
 Upstream-Status: Pending
 ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701
 Signed-off-by: Brett Warren <brett.warren@arm.com>
+
 ---
  mk/clang.mk | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/mk/clang.mk b/mk/clang.mk
-index 0f48c836..47465523 100644
+index c141a3f2..7d067cc0 100644
 --- a/mk/clang.mk
 +++ b/mk/clang.mk
 @@ -27,7 +27,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch
index 1dd70b3..6d48a76 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0008-no-warn-rwx-segments.patch
@@ -1,11 +1,11 @@
-Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
-Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474]
-
-From 0b8a917fa51a366806edc0f04b88cd23b24098c4 Mon Sep 17 00:00:00 2001
+From cf2a2451f4e9300532d677bb3a8315494a3b3a82 Mon Sep 17 00:00:00 2001
 From: Jerome Forissier <jerome.forissier@linaro.org>
 Date: Fri, 5 Aug 2022 09:48:03 +0200
 Subject: [PATCH] core: link: add --no-warn-rwx-segments
 
+Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
+Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474]
+
 binutils ld.bfd generates one RWX LOAD segment by merging several sections
 with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it
 also warns by default when that happens [1], which breaks the build due to
@@ -18,12 +18,13 @@
 Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
 Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
 Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
+
 ---
  core/arch/arm/kernel/link.mk | 8 ++++++--
  1 file changed, 6 insertions(+), 2 deletions(-)
 
 diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
-index 7eed333a32..c39d43cbfc 100644
+index 7eed333a..c39d43cb 100644
 --- a/core/arch/arm/kernel/link.mk
 +++ b/core/arch/arm/kernel/link.mk
 @@ -31,6 +31,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.18/0009-add-z-execstack.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0009-add-z-execstack.patch
similarity index 94%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os/3.18/0009-add-z-execstack.patch
rename to meta-arm/meta-arm/recipes-security/optee/optee-os/0009-add-z-execstack.patch
index 5463a34..3ba6c4e 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.18/0009-add-z-execstack.patch
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0009-add-z-execstack.patch
@@ -1,4 +1,4 @@
-From a9d099d17ef0af6deac4c3b4d15ad0555d258ec8 Mon Sep 17 00:00:00 2001
+From ea932656461865ab9ac4036245c756c082aeb3e1 Mon Sep 17 00:00:00 2001
 From: Jerome Forissier <jerome.forissier@linaro.org>
 Date: Tue, 23 Aug 2022 11:41:00 +0000
 Subject: [PATCH] core, ldelf: link: add -z execstack
@@ -22,6 +22,10 @@
 Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
 
 ---
+ core/arch/arm/kernel/link.mk | 13 +++++++++----
+ ldelf/link.mk                |  3 +++
+ 2 files changed, 12 insertions(+), 4 deletions(-)
+
 diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
 index c39d43cb..0e96e606 100644
 --- a/core/arch/arm/kernel/link.mk
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.18/0010-add-note-GNU-stack-section.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/0010-add-note-GNU-stack-section.patch
similarity index 98%
rename from meta-arm/meta-arm/recipes-security/optee/optee-os/3.18/0010-add-note-GNU-stack-section.patch
rename to meta-arm/meta-arm/recipes-security/optee/optee-os/0010-add-note-GNU-stack-section.patch
index 95d5e67..4ea65d8 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.18/0010-add-note-GNU-stack-section.patch
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os/0010-add-note-GNU-stack-section.patch
@@ -1,4 +1,4 @@
-From 38bf606653ee08b10db6bb298e369cb3a9cdcda9 Mon Sep 17 00:00:00 2001
+From ec30e84671aac9a2e9549754eb7bc6201728db4c Mon Sep 17 00:00:00 2001
 From: Jerome Forissier <jerome.forissier@linaro.org>
 Date: Tue, 23 Aug 2022 12:31:46 +0000
 Subject: [PATCH] arm32: libutils, libutee, ta: add .note.GNU-stack section to
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0009-add-z-execstack.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0009-add-z-execstack.patch
deleted file mode 100644
index 616a0ff..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0009-add-z-execstack.patch
+++ /dev/null
@@ -1,95 +0,0 @@
-From cb4349edce6ce360436f10da8b6aa32e68fb778d Mon Sep 17 00:00:00 2001
-From: Jerome Forissier <jerome.forissier@linaro.org>
-Date: Tue, 23 Aug 2022 11:41:00 +0000
-Subject: [PATCH] core, ldelf: link: add -z execstack
-
-When building for arm32 with GNU binutils 2.39, the linker outputs
-warnings when generating some TEE core binaries (all_obj.o, init.o,
-unpaged.o and tee.elf) as well as ldelf.elf:
-
- arm-poky-linux-gnueabi-ld.bfd: warning: atomic_a32.o: missing .note.GNU-stack section implies executable stack
- arm-poky-linux-gnueabi-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
-
-The permissions used when mapping the TEE core stacks do not depend on
-any metadata found in the ELF file. Similarly when the TEE core loads
-ldelf it already creates a non-executable stack regardless of ELF
-information. Therefore we can safely ignore the warnings. This is done
-by adding the '-z execstack' option.
-
-Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
-
-Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
-Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
-
----
- core/arch/arm/kernel/link.mk | 13 +++++++++----
- ldelf/link.mk                |  4 ++++
- 2 files changed, 13 insertions(+), 4 deletions(-)
-
-diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
-index 3dc459d6..85cde58e 100644
---- a/core/arch/arm/kernel/link.mk
-+++ b/core/arch/arm/kernel/link.mk
-@@ -9,6 +9,11 @@ link-script-dep = $(link-out-dir)/.kern.ld.d
- 
- AWK	 = awk
- 
-+link-ldflags-common += $(call ld-option,--no-warn-rwx-segments)
-+ifeq ($(CFG_ARM32_core),y)
-+link-ldflags-common += $(call ld-option,--no-warn-execstack)
-+endif
-+
- link-ldflags  = $(LDFLAGS)
- ifeq ($(CFG_CORE_ASLR),y)
- link-ldflags += -pie -Bsymbolic -z notext -z norelro $(ldflag-apply-dynamic-relocs)
-@@ -17,7 +22,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map
- link-ldflags += --sort-section=alignment
- link-ldflags += --fatal-warnings
- link-ldflags += --gc-sections
--link-ldflags += $(call ld-option,--no-warn-rwx-segments)
-+link-ldflags += $(link-ldflags-common)
- 
- link-ldadd  = $(LDADD)
- link-ldadd += $(ldflags-external)
-@@ -39,7 +44,7 @@ link-script-cppflags := \
- 		$(cppflagscore))
- 
- ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \
--		   $(call ld-option,--no-warn-rwx-segments) \
-+		   $(link-ldflags-common) \
- 		   $(link-objs) $(link-ldadd) $(libgcccore)
- cleanfiles += $(link-out-dir)/all_objs.o
- $(link-out-dir)/all_objs.o: $(objs) $(libdeps) $(MAKEFILE_LIST)
-@@ -53,7 +58,7 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o
- 		$(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@
- 
- unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
--		 $(call ld-option,--no-warn-rwx-segments)
-+		 $(link-ldflags-common)
- unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore)
- cleanfiles += $(link-out-dir)/unpaged.o
- $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt
-@@ -82,7 +87,7 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o
- 		$(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@
- 
- init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
--	       $(call ld-option,--no-warn-rwx-segments)
-+	       $(link-ldflags-common)
- init-ldadd := $(link-objs-init) $(link-out-dir)/version.o  $(link-ldadd) \
- 	      $(libgcccore)
- cleanfiles += $(link-out-dir)/init.o
-diff --git a/ldelf/link.mk b/ldelf/link.mk
-index 8fafc879..d8a05ea6 100644
---- a/ldelf/link.mk
-+++ b/ldelf/link.mk
-@@ -19,6 +19,10 @@ link-ldflags += --sort-section=alignment
- link-ldflags += -z max-page-size=4096 # OP-TEE always uses 4K alignment
- link-ldflags += $(link-ldflags$(sm))
- 
-+ifeq ($(CFG_ARM32_$(sm)), y)
-+link-ldflags += $(call ld-option,--no-warn-execstack)
-+endif
-+
- link-ldadd  = $(addprefix -L,$(libdirs))
- link-ldadd += --start-group $(addprefix -l,$(libnames)) --end-group
- ldargs-ldelf.elf := $(link-ldflags) $(objs) $(link-ldadd) $(libgcc$(sm))
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0010-add-note-GNU-stack-section.patch b/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0010-add-note-GNU-stack-section.patch
deleted file mode 100644
index c0330b9..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os/3.14/0010-add-note-GNU-stack-section.patch
+++ /dev/null
@@ -1,128 +0,0 @@
-From f99a0278ad5e26772b3dcf8c74b5bf986ecfbe1e Mon Sep 17 00:00:00 2001
-From: Jerome Forissier <jerome.forissier@linaro.org>
-Date: Tue, 23 Aug 2022 12:31:46 +0000
-Subject: [PATCH] arm32: libutils, libutee, ta: add .note.GNU-stack section to
-
- .S files
-
-When building for arm32 with GNU binutils 2.39, the linker outputs
-warnings when linking Trusted Applications:
-
- arm-unknown-linux-uclibcgnueabihf-ld.bfd: warning: utee_syscalls_a32.o: missing .note.GNU-stack section implies executable stack
- arm-unknown-linux-uclibcgnueabihf-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
-
-We could silence the warning by adding the '-z execstack' option to the
-TA link flags, like we did in the parent commit for the TEE core and
-ldelf. Indeed, ldelf always allocates a non-executable piece of memory
-for the TA to use as a stack.
-
-However it seems preferable to comply with the common ELF practices in
-this case. A better fix is therefore to add the missing .note.GNU-stack
-sections in the assembler files.
-
-Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
-
-Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
-Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
-
----
- lib/libutee/arch/arm/utee_syscalls_a32.S             | 2 ++
- lib/libutils/ext/arch/arm/atomic_a32.S               | 2 ++
- lib/libutils/ext/arch/arm/mcount_a32.S               | 2 ++
- lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S  | 2 ++
- lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S | 2 ++
- lib/libutils/isoc/arch/arm/setjmp_a32.S              | 2 ++
- ta/arch/arm/ta_entry_a32.S                           | 2 ++
- 7 files changed, 14 insertions(+)
-
-diff --git a/lib/libutee/arch/arm/utee_syscalls_a32.S b/lib/libutee/arch/arm/utee_syscalls_a32.S
-index 6e621ca6..af405f62 100644
---- a/lib/libutee/arch/arm/utee_syscalls_a32.S
-+++ b/lib/libutee/arch/arm/utee_syscalls_a32.S
-@@ -7,6 +7,8 @@
- #include <tee_syscall_numbers.h>
- #include <asm.S>
- 
-+	.section .note.GNU-stack,"",%progbits
-+
-         .section .text
-         .balign 4
-         .code 32
-diff --git a/lib/libutils/ext/arch/arm/atomic_a32.S b/lib/libutils/ext/arch/arm/atomic_a32.S
-index eaef6914..2be73ffa 100644
---- a/lib/libutils/ext/arch/arm/atomic_a32.S
-+++ b/lib/libutils/ext/arch/arm/atomic_a32.S
-@@ -5,6 +5,8 @@
- 
- #include <asm.S>
- 
-+	.section .note.GNU-stack,"",%progbits
-+
- /* uint32_t atomic_inc32(uint32_t *v); */
- FUNC atomic_inc32 , :
- 	ldrex	r1, [r0]
-diff --git a/lib/libutils/ext/arch/arm/mcount_a32.S b/lib/libutils/ext/arch/arm/mcount_a32.S
-index 51439a23..54dc3c02 100644
---- a/lib/libutils/ext/arch/arm/mcount_a32.S
-+++ b/lib/libutils/ext/arch/arm/mcount_a32.S
-@@ -7,6 +7,8 @@
- 
- #if defined(CFG_TA_GPROF_SUPPORT) || defined(CFG_FTRACE_SUPPORT)
- 
-+	.section .note.GNU-stack,"",%progbits
-+
- /*
-  * Convert return address to call site address by subtracting the size of the
-  * mcount call instruction (blx __gnu_mcount_nc).
-diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
-index a600c879..37ae9ec6 100644
---- a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
-+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
-@@ -5,6 +5,8 @@
- 
- #include <asm.S>
- 
-+	.section .note.GNU-stack,"",%progbits
-+
- /*
-  * signed ret_idivmod_values(signed quot, signed rem);
-  * return quotient and remaining the EABI way (regs r0,r1)
-diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
-index 2dc50bc9..5c3353e2 100644
---- a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
-+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
-@@ -5,6 +5,8 @@
- 
- #include <asm.S>
- 
-+	.section .note.GNU-stack,"",%progbits
-+
- /*
-  * __value_in_regs lldiv_t __aeabi_ldivmod( long long n, long long d)
-  */
-diff --git a/lib/libutils/isoc/arch/arm/setjmp_a32.S b/lib/libutils/isoc/arch/arm/setjmp_a32.S
-index 43ea5937..f8a0b70d 100644
---- a/lib/libutils/isoc/arch/arm/setjmp_a32.S
-+++ b/lib/libutils/isoc/arch/arm/setjmp_a32.S
-@@ -51,6 +51,8 @@
- #define SIZE(x)
- #endif
- 
-+	.section .note.GNU-stack,"",%progbits
-+
- /* Arm/Thumb interworking support:
- 
-    The interworking scheme expects functions to use a BX instruction
-diff --git a/ta/arch/arm/ta_entry_a32.S b/ta/arch/arm/ta_entry_a32.S
-index d2f8a69d..cd9a12f9 100644
---- a/ta/arch/arm/ta_entry_a32.S
-+++ b/ta/arch/arm/ta_entry_a32.S
-@@ -5,6 +5,8 @@
- 
- #include <asm.S>
- 
-+	.section .note.GNU-stack,"",%progbits
-+
- /*
-  * This function is the bottom of the user call stack. Mark it as such so that
-  * the unwinding code won't try to go further down.
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.14.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.14.0.bb
deleted file mode 100644
index 6400ac2..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.14.0.bb
+++ /dev/null
@@ -1,10 +0,0 @@
-require optee-os.inc
-
-SRCREV = "d21befa5e53eae9db469eba1685f5aa5c6f92c2f"
-
-DEPENDS = "python3-pycryptodome-native python3-pyelftools-native"
-
-SRC_URI:append = " \
-    file://3.14/0009-add-z-execstack.patch \
-    file://3.14/0010-add-note-GNU-stack-section.patch \
-   "
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb
index f459efc..59e58ed 100644
--- a/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb
+++ b/meta-arm/meta-arm/recipes-security/optee/optee-os_3.18.0.bb
@@ -5,6 +5,6 @@
 SRCREV = "1ee647035939e073a2e8dddb727c0f019cc035f1"
 SRC_URI:append = " \
     file://0001-core-Define-section-attributes-for-clang.patch \
-    file://3.18/0009-add-z-execstack.patch \
-    file://3.18/0010-add-note-GNU-stack-section.patch \
+    file://0009-add-z-execstack.patch \
+    file://0010-add-note-GNU-stack-section.patch \
    "
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-spdevkit_git.bb b/meta-arm/meta-arm/recipes-security/optee/optee-spdevkit_3.10.0.bb
similarity index 100%
rename from meta-arm/meta-arm/recipes-security/optee/optee-spdevkit_git.bb
rename to meta-arm/meta-arm/recipes-security/optee/optee-spdevkit_3.10.0.bb
diff --git a/meta-arm/meta-arm/recipes-security/optee/optee-test_3.14.0.bb b/meta-arm/meta-arm/recipes-security/optee/optee-test_3.14.0.bb
deleted file mode 100644
index 6367c27..0000000
--- a/meta-arm/meta-arm/recipes-security/optee/optee-test_3.14.0.bb
+++ /dev/null
@@ -1,3 +0,0 @@
-require optee-test.inc
-
-SRCREV = "f2eb88affbb7f028561b4fd5cbd049d5d704f741"
diff --git a/meta-arm/meta-arm/recipes-security/packagegroups/packagegroup-ts-tests.bb b/meta-arm/meta-arm/recipes-security/packagegroups/packagegroup-ts-tests.bb
index 72ba33f..b9c6507 100644
--- a/meta-arm/meta-arm/recipes-security/packagegroups/packagegroup-ts-tests.bb
+++ b/meta-arm/meta-arm/recipes-security/packagegroups/packagegroup-ts-tests.bb
@@ -1,11 +1,11 @@
 SUMMARY = "Trusted Services test/demo linux tools"
 
+PACKAGE_ARCH = "${MACHINE_ARCH}"
+
 inherit packagegroup
 
 COMPATIBLE_HOST = "aarch64.*-linux"
 
-PACKAGE_ARCH = "${MACHINE_ARCH}"
-
 PACKAGES = "${PN} ${PN}-psa"
 
 RDEPENDS:${PN} = "\
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions.inc b/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions.inc
deleted file mode 100644
index 1df7409..0000000
--- a/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions.inc
+++ /dev/null
@@ -1,27 +0,0 @@
-LICENSE = "Apache-2.0 & BSD-3-Clause & Zlib"
-LIC_FILES_CHKSUM = "file://license.rst;md5=ea160bac7f690a069c608516b17997f4"
-
-SRC_URI = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https;branch=integration;name=ts;destsuffix=git/ts"
-
-SRCREV_ts ?= "a365a04f937b9b76ebb2e0eeade226f208cbc0d2"
-
-S = "${WORKDIR}/git/ts"
-B = "${WORKDIR}/build"
-
-export CROSS_COMPILE="${TARGET_PREFIX}"
-
-CFLAGS[unexport] = "1"
-CPPFLAGS[unexport] = "1"
-AS[unexport] = "1"
-LD[unexport] = "1"
-
-# setting the linker options used to build the secure partitions
-SECURITY_LDFLAGS = ""
-TARGET_LDFLAGS = "-Wl,--build-id=none -Wl,--hash-style=both"
-
-do_configure[cleandirs] = "${B}"
-
-# Currently trusted-services and psa-arch-tests use FetchContent to download
-# more sources during do_configure. Until this is resolved we need to allow
-# network operations.
-do_configure[network] = "1"
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions_git.bb b/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions_git.bb
deleted file mode 100644
index fca6d9d..0000000
--- a/meta-arm/meta-arm/recipes-security/trusted-services/secure-partitions_git.bb
+++ /dev/null
@@ -1,74 +0,0 @@
-SUMMARY = "Trusted Services secure partitions"
-HOMEPAGE = "https://trusted-services.readthedocs.io/en/latest/index.html"
-
-COMPATIBLE_MACHINE ?= "invalid"
-
-PACKAGE_ARCH = "${MACHINE_ARCH}"
-
-require secure-partitions.inc
-
-SRCREV_FORMAT = "ts"
-PV = "0.0+git${SRCPV}"
-
-# Which environment to create the secure partions for (opteesp or shim)
-TS_ENVIRONMENT ?= "opteesp"
-
-inherit deploy python3native
-
-DEPENDS = "python3-pycryptodome-native python3-pycryptodomex-native \
-           python3-pyelftools-native python3-grpcio-tools-native \
-           python3-protobuf-native protobuf-native cmake-native \
-           "
-
-DEPENDS:append = " ${@bb.utils.contains('TS_ENVIRONMENT', 'opteesp', 'optee-spdevkit', '', d)}"
-
-export CROSS_COMPILE="${TARGET_PREFIX}"
-
-CFLAGS[unexport] = "1"
-CPPFLAGS[unexport] = "1"
-AS[unexport] = "1"
-LD[unexport] = "1"
-
-# only used if TS_ENVIRONMENT is opteesp
-SP_DEV_KIT_DIR = "${@bb.utils.contains('TS_ENVIRONMENT', 'opteesp', '${STAGING_INCDIR}/optee/export-user_sp', '', d)}"
-
-# SP images are embedded into optee os image
-SP_PACKAGING_METHOD ?= "embedded"
-
-do_configure() {
-    for TS_DEPLOYMENT in ${TS_DEPLOYMENTS}; do
-        cmake \
-          -DCMAKE_INSTALL_PREFIX=${D}/firmware/sp \
-          -DSP_DEV_KIT_DIR=${SP_DEV_KIT_DIR} \
-          -DSP_PACKAGING_METHOD=${SP_PACKAGING_METHOD} \
-	  -DTS_PLATFORM="${TS_PLATFORM}" \
-          -S ${S}/$TS_DEPLOYMENT -B "${B}/$TS_DEPLOYMENT"
-    done
-}
-
-do_compile() {
-    for TS_DEPLOYMENT in ${TS_DEPLOYMENTS}; do
-        cmake --build "${B}/$TS_DEPLOYMENT"
-    done
-}
-
-do_install () {
-    if [ "${TS_ENVIRONMENT}" = "opteesp" ]; then
-        for TS_DEPLOYMENT in ${TS_DEPLOYMENTS}; do
-            cmake --install "${B}/$TS_DEPLOYMENT"
-        done
-    fi
-}
-
-SYSROOT_DIRS = "/firmware"
-
-do_deploy() {
-    cp -rf ${D}/firmware/* ${DEPLOYDIR}/
-}
-addtask deploy after do_install
-
-FILES:${PN} = "/firmware/sp/opteesp*"
-
-# Build paths are currently embedded
-INSANE_SKIP:${PN} += "buildpaths"
-INSANE_SKIP:${PN}-dbg += "buildpaths"
diff --git a/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc b/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc
index 80c0849..a8f49a5 100644
--- a/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc
+++ b/meta-arm/meta-arm/recipes-security/trusted-services/trusted-services.inc
@@ -50,3 +50,5 @@
 EXTRA_OECMAKE += "-Dlibts_DIR=${STAGING_DIR_HOST}${TS_INSTALL}/lib/cmake/ \
                   -DNEWLIB_INSTALL_DIR=${STAGING_DIR_HOST}${TS_INSTALL}/newlib_install \
                  "
+# Newlib does not compile with clang
+TOOLCHAIN = "gcc"
diff --git a/meta-arm/meta-atp/conf/layer.conf b/meta-arm/meta-atp/conf/layer.conf
index 3ec36e8..191a8e8 100644
--- a/meta-arm/meta-atp/conf/layer.conf
+++ b/meta-arm/meta-atp/conf/layer.conf
@@ -6,4 +6,4 @@
 BBFILE_PATTERN_meta-atp = "^${LAYERDIR}/"
 
 LAYERDEPENDS_meta-atp = "core openembedded-layer meta-gem5"
-LAYERSERIES_COMPAT_meta-atp = "kirkstone"
+LAYERSERIES_COMPAT_meta-atp = "langdale"
diff --git a/meta-arm/meta-gem5/conf/layer.conf b/meta-arm/meta-gem5/conf/layer.conf
index d329bd0..1d129bc 100644
--- a/meta-arm/meta-gem5/conf/layer.conf
+++ b/meta-arm/meta-gem5/conf/layer.conf
@@ -10,7 +10,7 @@
 BBFILE_PRIORITY_meta-gem5 = "5"
 
 LAYERDEPENDS_meta-gem5 = "core openembedded-layer meta-arm"
-LAYERSERIES_COMPAT_meta-gem5 = "kirkstone"
+LAYERSERIES_COMPAT_meta-gem5 = "langdale"
 
 BBFILES_DYNAMIC += " \
     virtualization-layer:${LAYERDIR}/dynamic-layers/meta-virtualization/*/*/*.bbappend \
diff --git a/meta-arm/meta-gem5/recipes-kernel/linux/files/0001-lib-build_OID_registry-fix-reproducibility-issues.patch b/meta-arm/meta-gem5/recipes-kernel/linux/files/0001-lib-build_OID_registry-fix-reproducibility-issues.patch
new file mode 100644
index 0000000..4c95a41
--- /dev/null
+++ b/meta-arm/meta-gem5/recipes-kernel/linux/files/0001-lib-build_OID_registry-fix-reproducibility-issues.patch
@@ -0,0 +1,46 @@
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From f678d79b3bede48c9e095e6e9c46bd3542f23077 Mon Sep 17 00:00:00 2001
+From: Bruce Ashfield <bruce.ashfield@gmail.com>
+Date: Sun, 10 Jul 2022 22:56:53 -0400
+Subject: [PATCH 1/2] lib/build_OID_registry: fix reproducibility issues
+
+The script build_OID_registry captures the full path of itself
+in the generated data. This causes reproduciblity issues as the
+path is captured and packaged.
+
+We use the basename of the script instead, and that allows us
+to be reprodicible, with slightly less information captured in
+the output data (but the generating script can still easily
+be found).
+
+Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
+---
+ lib/build_OID_registry | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/lib/build_OID_registry b/lib/build_OID_registry
+index d7fc32ea8ac2..f6de0a7f7457 100755
+--- a/lib/build_OID_registry
++++ b/lib/build_OID_registry
+@@ -8,6 +8,7 @@
+ #
+ 
+ use strict;
++use File::Basename;
+ 
+ my @names = ();
+ my @oids = ();
+@@ -35,7 +36,7 @@ close IN_FILE || die;
+ #
+ open C_FILE, ">$ARGV[1]" or die;
+ print C_FILE "/*\n";
+-print C_FILE " * Automatically generated by ", $0, ".  Do not edit\n";
++print C_FILE " * Automatically generated by ", basename $0, ".  Do not edit\n";
+ print C_FILE " */\n";
+ 
+ #
+-- 
+2.34.1
+
diff --git a/meta-arm/meta-gem5/recipes-kernel/linux/files/0002-vt-conmakehash-improve-reproducibility.patch b/meta-arm/meta-gem5/recipes-kernel/linux/files/0002-vt-conmakehash-improve-reproducibility.patch
new file mode 100644
index 0000000..74156af
--- /dev/null
+++ b/meta-arm/meta-gem5/recipes-kernel/linux/files/0002-vt-conmakehash-improve-reproducibility.patch
@@ -0,0 +1,56 @@
+Upstream-Status: Backport
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+
+From 10a09290f97d0435b9b304d3ef980b0cafa87bd2 Mon Sep 17 00:00:00 2001
+From: Bruce Ashfield <bruce.ashfield@gmail.com>
+Date: Sun, 10 Jul 2022 21:37:07 -0400
+Subject: [PATCH 2/2] vt/conmakehash: improve reproducibility
+
+The file generated by conmakehash capture the application
+path used to generate the file. While that can be informative,
+it varies based on where the kernel was built, as the full
+path is captured.
+
+We tweak the application to use a second input as the "capture
+name", and then modify the Makefile to pass the basename of
+the source, making it reproducible.
+
+This could be improved by using some sort of path mapping,
+or the application manipualing argv[1] itself, but for now
+this solves the reprodicibility issue.
+
+Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
+---
+ drivers/tty/vt/Makefile | 2 +-
+ scripts/conmakehash.c   | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/tty/vt/Makefile b/drivers/tty/vt/Makefile
+index edbbe0ccdb83..19e21968f8de 100644
+--- a/drivers/tty/vt/Makefile
++++ b/drivers/tty/vt/Makefile
+@@ -13,7 +13,7 @@ obj-$(CONFIG_HW_CONSOLE)		+= vt.o defkeymap.o
+ clean-files := consolemap_deftbl.c defkeymap.c
+ 
+ quiet_cmd_conmk = CONMK   $@
+-      cmd_conmk = scripts/conmakehash $< > $@
++      cmd_conmk = scripts/conmakehash $< $(shell basename $<) > $@
+ 
+ $(obj)/consolemap_deftbl.c: $(src)/$(FONTMAPFILE)
+ 	$(call cmd,conmk)
+diff --git a/scripts/conmakehash.c b/scripts/conmakehash.c
+index cddd789fe46e..d62510b280e9 100644
+--- a/scripts/conmakehash.c
++++ b/scripts/conmakehash.c
+@@ -253,7 +253,7 @@ int main(int argc, char *argv[])
+ #include <linux/types.h>\n\
+ \n\
+ u8 dfont_unicount[%d] = \n\
+-{\n\t", argv[1], fontlen);
++{\n\t", argv[2], fontlen);
+ 
+   for ( i = 0 ; i < fontlen ; i++ )
+     {
+-- 
+2.34.1
+
diff --git a/meta-arm/meta-gem5/recipes-kernel/linux/linux-yocto_5.4.bb b/meta-arm/meta-gem5/recipes-kernel/linux/linux-yocto_5.4.bb
index 99a1669..a1a301c 100644
--- a/meta-arm/meta-gem5/recipes-kernel/linux/linux-yocto_5.4.bb
+++ b/meta-arm/meta-gem5/recipes-kernel/linux/linux-yocto_5.4.bb
@@ -2,14 +2,17 @@
 
 require recipes-kernel/linux/linux-yocto.inc
 
-SRCREV_machine ?= "e2020dbe2ccaef50d7e8f37a5bf08c68a006a064"
+SRCREV_machine ?= "8a59dfded81659402005acfb06fbb00b71c8ce86"
 SRCREV_meta ?= "e8c675c7e11fbd96cd812dfb9f4f6fb6f92b6abb"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;name=machine;branch=${KBRANCH}; \
-           git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA}"
+           git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-5.4;destsuffix=${KMETA} \
+           file://0001-lib-build_OID_registry-fix-reproducibility-issues.patch \
+           file://0002-vt-conmakehash-improve-reproducibility.patch \
+           "
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=bbea815ee2795b2f4230826c0c6b8814"
-LINUX_VERSION ?= "5.4.178"
+LINUX_VERSION ?= "5.4.205"
 
 DEPENDS += "openssl-native util-linux-native"