Initial commit

2026-04-23 17:07:55 +08:00
commit b7e39e063b
16725 changed files with 1625565 additions and 0 deletions
@@ -0,0 +1,29 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+
+From cf84c933bb7b8a95742d1e723950cb2cde2d5320 Mon Sep 17 00:00:00 2001
+From: Vishnu Banavath <vishnu.banavath@arm.com>
+Date: Wed, 20 Jul 2022 16:37:10 +0100
+Subject: [PATCH] core: arm: add MPIDR affinity shift and mask for 32-bit
+
+This change is to add MPIDR affinity shift and mask for
+32-bit
+
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+
+diff --git a/core/arch/arm/include/arm.h b/core/arch/arm/include/arm.h
+index f59478af..2f6f82e7 100644
+--- a/core/arch/arm/include/arm.h
+++ b/core/arch/arm/include/arm.h
+@@ -63,6 +63,8 @@
+ #define MPIDR_AFF1_MASK		(MPIDR_AFFLVL_MASK << MPIDR_AFF1_SHIFT)
+ #define MPIDR_AFF2_SHIFT	U(16)
+ #define MPIDR_AFF2_MASK		(MPIDR_AFFLVL_MASK << MPIDR_AFF2_SHIFT)
+#define MPIDR_AFF3_SHIFT	U(32)
+#define MPIDR_AFF3_MASK		(MPIDR_AFFLVL_MASK << MPIDR_AFF3_SHIFT)
+ 
+ #define MPIDR_MT_SHIFT		U(24)
+ #define MPIDR_MT_MASK		BIT(MPIDR_MT_SHIFT)
+-- 
+2.17.1
+
@@ -0,0 +1,233 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+
+From 22ba7c7789082dbc179921962cdcadece4499c89 Mon Sep 17 00:00:00 2001
+From: Vishnu Banavath <vishnu.banavath@arm.com>
+Date: Thu, 30 Jun 2022 18:36:26 +0100
+Subject: [PATCH] plat-n1sdp: add N1SDP platform support
+
+These changes are to add N1SDP platform to optee-os
+
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+
+diff --git a/core/arch/arm/plat-n1sdp/conf.mk b/core/arch/arm/plat-n1sdp/conf.mk
+new file mode 100644
+index 00000000..06b4975a
+--- /dev/null
+++ b/core/arch/arm/plat-n1sdp/conf.mk
+@@ -0,0 +1,41 @@
+include core/arch/arm/cpu/cortex-armv8-0.mk
+
+CFG_DEBUG_INFO = y
+CFG_TEE_CORE_LOG_LEVEL = 4
+
+# Workaround 808870: Unconditional VLDM instructions might cause an
+# alignment fault even though the address is aligned
+# Either hard float must be disabled for AArch32 or strict alignment checks
+# must be disabled
+ifeq ($(CFG_SCTLR_ALIGNMENT_CHECK),y)
+$(call force,CFG_TA_ARM32_NO_HARD_FLOAT_SUPPORT,y)
+else
+$(call force,CFG_SCTLR_ALIGNMENT_CHECK,n)
+endif
+
+CFG_ARM64_core ?= y
+
+CFG_ARM_GICV3 = y
+
+# ARM debugger needs this
+platform-cflags-debug-info = -gdwarf-4
+platform-aflags-debug-info = -gdwarf-4
+
+CFG_CORE_SEL1_SPMC	= y
+CFG_WITH_ARM_TRUSTED_FW	= y
+
+$(call force,CFG_GIC,y)
+$(call force,CFG_PL011,y)
+$(call force,CFG_SECURE_TIME_SOURCE_CNTPCT,y)
+
+CFG_CORE_HEAP_SIZE = 0x32000 # 200kb
+
+CFG_TEE_CORE_NB_CORE = 4
+CFG_TZDRAM_START ?= 0x08000000
+CFG_TZDRAM_SIZE  ?= 0x02008000
+
+CFG_SHMEM_START  ?= 0x83000000
+CFG_SHMEM_SIZE   ?= 0x00210000
+# DRAM1 is defined above 4G
+$(call force,CFG_CORE_LARGE_PHYS_ADDR,y)
+$(call force,CFG_CORE_ARM64_PA_BITS,36)
+diff --git a/core/arch/arm/plat-n1sdp/main.c b/core/arch/arm/plat-n1sdp/main.c
+new file mode 100644
+index 00000000..cfb7f19b
+--- /dev/null
+++ b/core/arch/arm/plat-n1sdp/main.c
+@@ -0,0 +1,63 @@
+// SPDX-License-Identifier: BSD-2-Clause
+/*
+ * Copyright (c) 2022, Arm Limited.
+ */
+
+#include <arm.h>
+#include <console.h>
+#include <drivers/gic.h>
+#include <drivers/pl011.h>
+#include <drivers/tpm2_mmio.h>
+#include <drivers/tpm2_ptp_fifo.h>
+#include <drivers/tzc400.h>
+#include <initcall.h>
+#include <keep.h>
+#include <kernel/boot.h>
+#include <kernel/interrupt.h>
+#include <kernel/misc.h>
+#include <kernel/notif.h>
+#include <kernel/panic.h>
+#include <kernel/spinlock.h>
+#include <kernel/tee_time.h>
+#include <mm/core_memprot.h>
+#include <mm/core_mmu.h>
+#include <platform_config.h>
+#include <sm/psci.h>
+#include <stdint.h>
+#include <string.h>
+#include <trace.h>
+
+static struct gic_data gic_data __nex_bss;
+static struct pl011_data console_data __nex_bss;
+
+register_phys_mem_pgdir(MEM_AREA_IO_SEC, CONSOLE_UART_BASE, PL011_REG_SIZE);
+
+register_ddr(DRAM0_BASE, DRAM0_SIZE);
+
+register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICD_BASE, GIC_DIST_REG_SIZE);
+register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICC_BASE, GIC_DIST_REG_SIZE);
+register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICR_BASE, GIC_DIST_REG_SIZE);
+
+void main_init_gic(void)
+{
+	gic_init_base_addr(&gic_data, GICC_BASE,
+			   GICD_BASE);
+	itr_init(&gic_data.chip);
+}
+
+void main_secondary_init_gic(void)
+{
+	gic_cpu_init(&gic_data);
+}
+
+void itr_core_handler(void)
+{
+	gic_it_handle(&gic_data);
+}
+
+void console_init(void)
+{
+	pl011_init(&console_data, CONSOLE_UART_BASE, CONSOLE_UART_CLK_IN_HZ,
+		   CONSOLE_BAUDRATE);
+	register_serial_console(&console_data.chip);
+}
+diff --git a/core/arch/arm/plat-n1sdp/n1sdp_core_pos.S b/core/arch/arm/plat-n1sdp/n1sdp_core_pos.S
+new file mode 100644
+index 00000000..439d4e67
+--- /dev/null
+++ b/core/arch/arm/plat-n1sdp/n1sdp_core_pos.S
+@@ -0,0 +1,32 @@
+/* SPDX-License-Identifier: BSD-2-Clause */
+/*
+ * Copyright (c) 2022, Arm Limited
+ */
+
+#include <asm.S>
+#include <arm.h>
+#include "platform_config.h"
+
+FUNC get_core_pos_mpidr , :
+        mov     x4, x0
+
+        /*
+         * The MT bit in MPIDR is always set for n1sdp and the
+         * affinity level 0 corresponds to thread affinity level.
+         */
+
+        /* Extract individual affinity fields from MPIDR */
+        ubfx    x0, x4, #MPIDR_AFF0_SHIFT, #MPIDR_AFFINITY_BITS
+        ubfx    x1, x4, #MPIDR_AFF1_SHIFT, #MPIDR_AFFINITY_BITS
+        ubfx    x2, x4, #MPIDR_AFF2_SHIFT, #MPIDR_AFFINITY_BITS
+        ubfx    x3, x4, #MPIDR_AFF3_SHIFT, #MPIDR_AFFINITY_BITS
+
+        /* Compute linear position */
+        mov     x4, #N1SDP_MAX_CLUSTERS_PER_CHIP
+        madd    x2, x3, x4, x2
+        mov     x4, #N1SDP_MAX_CPUS_PER_CLUSTER
+        madd    x1, x2, x4, x1
+        mov     x4, #N1SDP_MAX_PE_PER_CPU
+        madd    x0, x1, x4, x0
+        ret
+END_FUNC get_core_pos_mpidr
+diff --git a/core/arch/arm/plat-n1sdp/platform_config.h b/core/arch/arm/plat-n1sdp/platform_config.h
+new file mode 100644
+index 00000000..81b99409
+--- /dev/null
+++ b/core/arch/arm/plat-n1sdp/platform_config.h
+@@ -0,0 +1,49 @@
+/* SPDX-License-Identifier: BSD-2-Clause */
+/*
+ * Copyright (c) 2022, Arm Limited
+ */
+
+#ifndef PLATFORM_CONFIG_H
+#define PLATFORM_CONFIG_H
+
+#include <mm/generic_ram_layout.h>
+#include <stdint.h>
+
+/* Make stacks aligned to data cache line length */
+#define STACK_ALIGNMENT		64
+
+ /* N1SDP topology related constants */
+#define N1SDP_MAX_CPUS_PER_CLUSTER              U(2)
+#define PLAT_ARM_CLUSTER_COUNT                  U(2)
+#define PLAT_N1SDP_CHIP_COUNT                   U(2)
+#define N1SDP_MAX_CLUSTERS_PER_CHIP             U(2)
+#define N1SDP_MAX_PE_PER_CPU                    U(1)
+
+#define PLATFORM_CORE_COUNT                     (PLAT_N1SDP_CHIP_COUNT *        \
+		                                PLAT_ARM_CLUSTER_COUNT *        \
+						N1SDP_MAX_CPUS_PER_CLUSTER *    \
+						N1SDP_MAX_PE_PER_CPU)
+
+#define GIC_BASE		0x2c010000
+
+#define UART1_BASE		0x1C0A0000
+#define UART1_CLK_IN_HZ		24000000  /*24MHz*/
+
+#define CONSOLE_UART_BASE	UART1_BASE
+#define CONSOLE_UART_CLK_IN_HZ	UART1_CLK_IN_HZ
+
+#define DRAM0_BASE		0x80000000
+#define DRAM0_SIZE		0x80000000
+
+#define GICD_BASE		0x30000000
+#define GICC_BASE		0x2C000000
+#define GICR_BASE		0x300C0000
+
+#ifndef UART_BAUDRATE
+#define UART_BAUDRATE		115200
+#endif
+#ifndef CONSOLE_BAUDRATE
+#define CONSOLE_BAUDRATE	UART_BAUDRATE
+#endif
+
+#endif /*PLATFORM_CONFIG_H*/
+diff --git a/core/arch/arm/plat-n1sdp/sub.mk b/core/arch/arm/plat-n1sdp/sub.mk
+new file mode 100644
+index 00000000..a0b49da1
+--- /dev/null
+++ b/core/arch/arm/plat-n1sdp/sub.mk
+@@ -0,0 +1,3 @@
+global-incdirs-y += .
+srcs-y += main.c
+srcs-y	+= n1sdp_core_pos.S
+-- 
+2.17.1
+
@@ -0,0 +1,46 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+
+From 0c3ce4c09cd7d2ff4cd2e62acab899dd88dc9514 Mon Sep 17 00:00:00 2001
+From: Vishnu Banavath <vishnu.banavath@arm.com>
+Date: Wed, 20 Jul 2022 16:45:59 +0100
+Subject: [PATCH] HACK: disable instruction cache and data cache.
+
+For some reason, n1sdp fails to boot with instruction cache and
+data cache enabled. This is a temporary change to disable I cache
+and D cache until a proper fix is found.
+
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+
+%% original patch: 0003-HACK-disable-instruction-cache-and-data-cache.patch
+
+diff --git a/core/arch/arm/kernel/entry_a64.S b/core/arch/arm/kernel/entry_a64.S
+index 875b6e69..594d6928 100644
+--- a/core/arch/arm/kernel/entry_a64.S
+++ b/core/arch/arm/kernel/entry_a64.S
+@@ -52,7 +52,7 @@
+ 
+ 	.macro set_sctlr_el1
+ 		mrs	x0, sctlr_el1
+-		orr	x0, x0, #SCTLR_I
+		bic	x0, x0, #SCTLR_I
+ 		orr	x0, x0, #SCTLR_SA
+ 		orr	x0, x0, #SCTLR_SPAN
+ #if defined(CFG_CORE_RWDATA_NOEXEC)
+@@ -490,11 +490,11 @@ LOCAL_FUNC enable_mmu , : , .identity_map
+ 	isb
+ 
+ 	/* Enable I and D cache */
+-	mrs	x1, sctlr_el1
+	/* mrs	x1, sctlr_el1
+ 	orr	x1, x1, #SCTLR_I
+ 	orr	x1, x1, #SCTLR_C
+ 	msr	sctlr_el1, x1
+-	isb
+	isb */
+ 
+ 	/* Adjust stack pointers and return address */
+ 	msr	spsel, #1
+-- 
+2.17.1
+
@@ -0,0 +1,33 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+
+From b3fde6c2e1a950214f760ab9f194f3a6572292a8 Mon Sep 17 00:00:00 2001
+From: Balint Dobszay <balint.dobszay@arm.com>
+Date: Fri, 15 Jul 2022 13:45:54 +0200
+Subject: [PATCH] Handle logging syscall
+
+Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
+Change-Id: Ib8151cc9c66aea8bcc8fe8b1ecdc3f9f9c5f14e4
+
+%% original patch: 0004-Handle-logging-syscall.patch
+
+diff --git a/core/arch/arm/kernel/spmc_sp_handler.c b/core/arch/arm/kernel/spmc_sp_handler.c
+index e0fa0aa6..c7a45387 100644
+--- a/core/arch/arm/kernel/spmc_sp_handler.c
+++ b/core/arch/arm/kernel/spmc_sp_handler.c
+@@ -1132,6 +1132,12 @@ void spmc_sp_msg_handler(struct thread_smc_args *args,
+ 			handle_mem_perm_set(args, caller_sp);
+ 			sp_enter(args, caller_sp);
+ 			break;
+		case 0xdeadbeef:
+			ts_push_current_session(&caller_sp->ts_sess);
+			IMSG("%s", (char *)args->a1);
+			ts_pop_current_session();
+			sp_enter(args, caller_sp);
+			break;
+ 		default:
+ 			EMSG("Unhandled FFA function ID %#"PRIx32,
+ 			     (uint32_t)args->a0);
+-- 
+2.17.1
+
@@ -0,0 +1,52 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+
+From 2eb1da30564428551ca687d456d848129105abac Mon Sep 17 00:00:00 2001
+From: Vishnu Banavath <vishnu.banavath@arm.com>
+Date: Tue, 25 Oct 2022 19:08:49 +0100
+Subject: [PATCH] plat-n1sdp: register DRAM1 to optee-os
+
+N1SDP supports two DRAM's. This change is to add 2nd DRAM
+starting at 0x8080000000 address.
+
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+
+diff --git a/core/arch/arm/plat-n1sdp/conf.mk b/core/arch/arm/plat-n1sdp/conf.mk
+index 06b4975a..5374e406 100644
+--- a/core/arch/arm/plat-n1sdp/conf.mk
+++ b/core/arch/arm/plat-n1sdp/conf.mk
+@@ -38,4 +38,4 @@ CFG_SHMEM_START  ?= 0x83000000
+ CFG_SHMEM_SIZE   ?= 0x00210000
+ # DRAM1 is defined above 4G
+ $(call force,CFG_CORE_LARGE_PHYS_ADDR,y)
+-$(call force,CFG_CORE_ARM64_PA_BITS,36)
+$(call force,CFG_CORE_ARM64_PA_BITS,42)
+diff --git a/core/arch/arm/plat-n1sdp/main.c b/core/arch/arm/plat-n1sdp/main.c
+index cfb7f19b..bb951ce6 100644
+--- a/core/arch/arm/plat-n1sdp/main.c
+++ b/core/arch/arm/plat-n1sdp/main.c
+@@ -33,6 +33,7 @@ static struct pl011_data console_data __nex_bss;
+ register_phys_mem_pgdir(MEM_AREA_IO_SEC, CONSOLE_UART_BASE, PL011_REG_SIZE);
+ 
+ register_ddr(DRAM0_BASE, DRAM0_SIZE);
+register_ddr(DRAM1_BASE, DRAM1_SIZE);
+ 
+ register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICD_BASE, GIC_DIST_REG_SIZE);
+ register_phys_mem_pgdir(MEM_AREA_IO_SEC, GICC_BASE, GIC_DIST_REG_SIZE);
+diff --git a/core/arch/arm/plat-n1sdp/platform_config.h b/core/arch/arm/plat-n1sdp/platform_config.h
+index 81b99409..bf0a3c83 100644
+--- a/core/arch/arm/plat-n1sdp/platform_config.h
+++ b/core/arch/arm/plat-n1sdp/platform_config.h
+@@ -35,6 +35,9 @@
+ #define DRAM0_BASE		0x80000000
+ #define DRAM0_SIZE		0x80000000
+ 
+#define DRAM1_BASE		0x8080000000ULL
+#define DRAM1_SIZE		0x80000000ULL
+
+ #define GICD_BASE		0x30000000
+ #define GICC_BASE		0x2C000000
+ #define GICR_BASE		0x300C0000
+-- 
+2.17.1
+
@@ -0,0 +1,44 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+
+From 1a9aeedda58228893add545e49d2d6cd4c316b4f Mon Sep 17 00:00:00 2001
+From: Emekcan <emekcan.aras@arm.com>
+Date: Tue, 13 Dec 2022 13:45:06 +0000
+Subject: [PATCH] plat-n1sdp: add external device tree base and size
+
+Adds external device tree address and size. It also
+register this physical memory so optee can read the device tree.
+---
+ core/arch/arm/plat-n1sdp/main.c            | 1 +
+ core/arch/arm/plat-n1sdp/platform_config.h | 3 +++
+ 2 files changed, 4 insertions(+)
+
+diff --git a/core/arch/arm/plat-n1sdp/main.c b/core/arch/arm/plat-n1sdp/main.c
+index bb951ce6b..ab76f60c6 100644
+--- a/core/arch/arm/plat-n1sdp/main.c
+++ b/core/arch/arm/plat-n1sdp/main.c
+@@ -31,6 +31,7 @@ static struct gic_data gic_data __nex_bss;
+ static struct pl011_data console_data __nex_bss;
+ 
+ register_phys_mem_pgdir(MEM_AREA_IO_SEC, CONSOLE_UART_BASE, PL011_REG_SIZE);
+register_phys_mem_pgdir(MEM_AREA_EXT_DT, EXT_DT_BASE, EXT_DT_SIZE);
+ 
+ register_ddr(DRAM0_BASE, DRAM0_SIZE);
+ register_ddr(DRAM1_BASE, DRAM1_SIZE);
+diff --git a/core/arch/arm/plat-n1sdp/platform_config.h b/core/arch/arm/plat-n1sdp/platform_config.h
+index bf0a3c834..8741a2503 100644
+--- a/core/arch/arm/plat-n1sdp/platform_config.h
+++ b/core/arch/arm/plat-n1sdp/platform_config.h
+@@ -42,6 +42,9 @@
+ #define GICC_BASE		0x2C000000
+ #define GICR_BASE		0x300C0000
+ 
+#define EXT_DT_BASE		0x04001600
+#define EXT_DT_SIZE		0x200
+
+ #ifndef UART_BAUDRATE
+ #define UART_BAUDRATE		115200
+ #endif
+-- 
+2.17.1
+
@@ -0,0 +1,122 @@
+From 34db1357ab3192f18629ceadf4ea33b948513fec Mon Sep 17 00:00:00 2001
+From: Olivier Deprez <olivier.deprez@arm.com>
+Date: Mon, 16 Nov 2020 10:14:02 +0100
+Subject: [PATCH 1/2] WIP: Enable managed exit
+
+This change declares OP-TEE SP as supporting managed exit in response to
+a NS interrupt triggering while the SWd runs.
+
+At init OP-TEE enables (HF_INTERRUPT_ENABLE) the managed exit virtual
+interrupt through the Hafnium para-virtualized interface.
+
+Physical interrupts are trapped to the SPMC which injects a managed exit
+interrupt to OP-TEE. The managed exit interrupt is acknowledged by
+OP-TEE by HF_INTERUPT_GET hvc call.
+
+Note: this code change is meant with in mind the SPMC runs at SEL2. It
+needs slight refactoring such that it does not break the SEL1 SPMC
+configuration.
+
+Change-Id: I9a95f36cf517c11048ff04680007f40259c4f636
+Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
+Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
+
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
+---
+ core/arch/arm/kernel/boot.c                          | 12 ++++++++++++
+ core/arch/arm/kernel/thread_a64.S                    | 11 ++++++++++-
+ core/arch/arm/kernel/thread_spmc.c                   | 11 +++++++++++
+ .../arm/plat-totalcompute/fdts/optee_sp_manifest.dts |  1 +
+ 4 files changed, 34 insertions(+), 1 deletion(-)
+
+diff --git a/core/arch/arm/kernel/boot.c b/core/arch/arm/kernel/boot.c
+index f173384d..466c042e 100644
+--- a/core/arch/arm/kernel/boot.c
+++ b/core/arch/arm/kernel/boot.c
+@@ -1350,6 +1350,18 @@ static void init_secondary_helper(unsigned long nsec_entry)
+ 	init_vfp_sec();
+ 	init_vfp_nsec();
+ 
+	/* Enable managed exit interrupt for secondary core. */
+	__asm__ volatile (
+		"mov x0, %0;"
+		"mov x1, %1;"
+		"mov x2, %2;"
+		"mov x3, %3;"
+		"hvc #0"
+		: : "i" (0xff03), "i" (4), "i" (1), "i" (1));
+
+	IMSG("%s core %lu: enabled managed exit interrupt.",
+		__func__, get_core_pos());
+
+ 	IMSG("Secondary CPU %zu switching to normal world boot", get_core_pos());
+ }
+ 
+diff --git a/core/arch/arm/kernel/thread_a64.S b/core/arch/arm/kernel/thread_a64.S
+index d6baee4d..1b0c8f37 100644
+--- a/core/arch/arm/kernel/thread_a64.S
+++ b/core/arch/arm/kernel/thread_a64.S
+@@ -1087,6 +1087,14 @@ END_FUNC el0_sync_abort
+ 	bl	dcache_op_louis
+ 	ic	iallu
+ #endif
+
+	/* HF_INTERRUPT_GET */
+	mov	x0, #0xff04
+	hvc	#0
+	/* Expect managed exit interrupt */
+	cmp	x0, #4
+	bne	.
+
+ 	/*
+ 	 * Mark current thread as suspended
+ 	 */
+@@ -1204,8 +1212,9 @@ LOCAL_FUNC elx_irq , :
+ #endif
+ END_FUNC elx_irq
+ 
+#define HF_MANAGED_EXIT		1
+ LOCAL_FUNC elx_fiq , :
+-#if defined(CFG_ARM_GICV3)
+#if defined(CFG_ARM_GICV3) || defined (HF_MANAGED_EXIT)
+ 	foreign_intr_handler	fiq
+ #else
+ 	native_intr_handler	fiq
+diff --git a/core/arch/arm/kernel/thread_spmc.c b/core/arch/arm/kernel/thread_spmc.c
+index ea9e8f03..15577e7e 100644
+--- a/core/arch/arm/kernel/thread_spmc.c
+++ b/core/arch/arm/kernel/thread_spmc.c
+@@ -1518,6 +1518,17 @@ static TEE_Result spmc_init(void)
+ 	my_endpoint_id = spmc_get_id();
+ 	DMSG("My endpoint ID %#x", my_endpoint_id);
+ 
+	/* Enable managed exit interrupt for boot core. */
+	__asm__ volatile (
+		"mov x0, %0;"
+		"mov x1, %1;"
+		"mov x2, %2;"
+		"mov x3, %3;"
+		"hvc #0"
+		: : "i" (0xff03), "i" (4), "i" (1), "i" (1));
+
+	IMSG("%s enabled managed exit interrupt.", __func__);
+
+ 	return TEE_SUCCESS;
+ }
+ #endif /* !defined(CFG_CORE_SEL1_SPMC) */
+diff --git a/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts b/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts
+index 0bfe33f3..00cfa5b2 100644
+--- a/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts
+++ b/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts
+@@ -24,6 +24,7 @@
+ 	xlat-granule = <0>; /* 4KiB */
+ 	boot-order = <0>;
+ 	messaging-method = <0x3>; /* Direct request/response supported */
+	managed-exit; /* Managed exit supported */
+ 
+ 	device-regions {
+ 		compatible = "arm,ffa-manifest-device-regions";
+-- 
+2.34.1
+
@@ -0,0 +1,50 @@
+From 35dba075593cb32c62b881e7763fcf0ea37908f7 Mon Sep 17 00:00:00 2001
+From: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
+Date: Mon, 23 May 2022 11:32:41 +0100
+Subject: [PATCH 2/2] plat-totalcompute: fix TZDRAM start and size
+
+- Fix TZDRAM_SIZE in TC platform
+- For CFG_CORE_SEL2_SPMC, manifest size is increased from 0x1000 to
+  0x4000 for boot protocol support.
+
+Upstream-Status: Pending [Not submitted to upstream yet]
+
+Signed-off-by: Arunachalam Ganapathy <arunachalam.ganapathy@arm.com>
+Change-Id: Iff19c498e9edae961f469604d69419c1a32145f5
+---
+ core/arch/arm/plat-totalcompute/conf.mk                    | 5 +++--
+ core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts | 2 +-
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/core/arch/arm/plat-totalcompute/conf.mk b/core/arch/arm/plat-totalcompute/conf.mk
+index b39ac0f0..2f6c0ee1 100644
+--- a/core/arch/arm/plat-totalcompute/conf.mk
+++ b/core/arch/arm/plat-totalcompute/conf.mk
+@@ -32,8 +32,9 @@ ifeq ($(CFG_CORE_SEL1_SPMC),y)
+ CFG_TZDRAM_START ?= 0xfd000000
+ CFG_TZDRAM_SIZE  ?= 0x02000000
+ else ifeq ($(CFG_CORE_SEL2_SPMC),y)
+-CFG_TZDRAM_START ?= 0xfd281000
+-CFG_TZDRAM_SIZE  ?= 0x01d7f000
+CFG_TZDRAM_START ?= 0xfd284000
+# TZDRAM size 0x1980000 - 0x4000 manifest size
+CFG_TZDRAM_SIZE  ?= 0x0197c000
+ else
+ CFG_TZDRAM_START ?= 0xff000000
+ CFG_TZDRAM_SIZE  ?= 0x01000000
+diff --git a/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts b/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts
+index 00cfa5b2..56e69f37 100644
+--- a/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts
+++ b/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts
+@@ -20,7 +20,7 @@
+ 	exception-level = <2>; /* S-EL1 */
+ 	execution-state = <0>; /* AARCH64 */
+ 	load-address = <0xfd280000>;
+-	entrypoint-offset = <0x1000>;
+	entrypoint-offset = <0x4000>;
+ 	xlat-granule = <0>; /* 4KiB */
+ 	boot-order = <0>;
+ 	messaging-method = <0x3>; /* Direct request/response supported */
+-- 
+2.34.1
+
@@ -0,0 +1,6 @@
+{
+	"op-tee" : {
+		"image": "tee-pager_v2.bin",
+		"pm": "optee_sp_manifest.dts"
+	}
+}
@@ -0,0 +1,55 @@
+From 73bef38c5697cd6bd3ddbe9046681087f4f6454e Mon Sep 17 00:00:00 2001
+From: Ben Horgan <ben.horgan@arm.com>
+Date: Thu, 27 Jan 2022 10:33:04 +0000
+Subject: [PATCH] xtest: Limit tests to a single thread
+
+Signed-off-by: Ben Horgan <ben.horgan@arm.com>
+Upstream-Status: Inappropriate [Workaround for intermittent failures]
+---
+ host/xtest/regression_1000.c | 2 +-
+ host/xtest/regression_2000.c | 2 +-
+ host/xtest/regression_6000.c | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/host/xtest/regression_1000.c b/host/xtest/regression_1000.c
+index 9ee9d02..82d1def 100644
+--- a/host/xtest/regression_1000.c
+++ b/host/xtest/regression_1000.c
+@@ -1080,7 +1080,7 @@ static void *test_1013_thread(void *arg)
+ 	return NULL;
+ }
+ 
+-#define NUM_THREADS 3
+#define NUM_THREADS 1
+ 
+ static void xtest_tee_test_1013_single(ADBG_Case_t *c, double *mean_concurrency,
+ 				       const TEEC_UUID *uuid)
+diff --git a/host/xtest/regression_2000.c b/host/xtest/regression_2000.c
+index 0591a42..a9f4b95 100644
+--- a/host/xtest/regression_2000.c
+++ b/host/xtest/regression_2000.c
+@@ -499,7 +499,7 @@ out:
+ 	return NULL;
+ }
+ 
+-#define NUM_THREADS	3
+#define NUM_THREADS	1
+ 
+ static void xtest_tee_test_2002(ADBG_Case_t *c)
+ {
+diff --git a/host/xtest/regression_6000.c b/host/xtest/regression_6000.c
+index ca1c254..d67ea7f 100644
+--- a/host/xtest/regression_6000.c
+++ b/host/xtest/regression_6000.c
+@@ -1568,7 +1568,7 @@ exit:
+ }
+ 
+ 
+-#define NUM_THREADS 4
+#define NUM_THREADS 1
+ static void xtest_tee_test_6016_loop(ADBG_Case_t *c, uint32_t storage_id)
+ {
+ 	struct test_6016_thread_arg arg[NUM_THREADS] = { };
+-- 
+2.17.1
+
@@ -0,0 +1,10 @@
+[Unit]
+Description=TEE Supplicant
+
+[Service]
+User=root
+EnvironmentFile=-@sysconfdir@/default/tee-supplicant
+ExecStart=@sbindir@/tee-supplicant $OPTARGS
+
+[Install]
+WantedBy=basic.target
@@ -0,0 +1,46 @@
+#!/bin/sh
+
+# Source function library
+. /etc/init.d/functions
+
+NAME=tee-supplicant
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DESC="OP-TEE Supplicant"
+
+DAEMON=@sbindir@/$NAME
+
+test -f $DAEMON || exit 0
+
+test -f @sysconfdir@/default/$NAME && . @sysconfdir@/default/$NAME
+test -f @sysconfdir@/default/rcS && . @sysconfdir@/default/rcS
+
+SSD_OPTIONS="--oknodo --quiet --exec $DAEMON -- -d $OPTARGS"
+
+set -e
+
+case $1 in
+    start)
+	    echo -n "Starting $DESC: "
+	    start-stop-daemon --start $SSD_OPTIONS
+        echo "${DAEMON##*/}."
+        ;;
+    stop)
+	    echo -n "Stopping $DESC: "
+	    start-stop-daemon --stop $SSD_OPTIONS
+        echo "${DAEMON##*/}."
+        ;;
+    restart|force-reload)
+	    $0 stop
+	    sleep 1
+	    $0 start
+        ;;
+    status)
+        status ${DAEMON} || exit $?
+        ;;
+    *)
+        echo "Usage: $0 {start|stop|restart|force-reload|status}" >&2
+        exit 1
+        ;;
+esac
+
+exit 0
@@ -0,0 +1,3 @@
+require recipes-security/optee/optee-client.inc
+
+SRCREV = "e7cba71cc6e2ecd02f412c7e9ee104f0a5dffc6f"
@@ -0,0 +1,7 @@
+require recipes-security/optee/optee-client.inc
+
+SRCREV = "dd2d39b49975d2ada7870fe2b7f5a84d0d3860dc"
+
+inherit pkgconfig
+DEPENDS += "util-linux"
+EXTRA_OEMAKE += "PKG_CONFIG=pkg-config"
@@ -0,0 +1,3 @@
+require recipes-security/optee/optee-examples.inc
+
+SRCREV = "f301ee9df2129c0db683e726c91dc2cefe4cdb65"
@@ -0,0 +1,3 @@
+require recipes-security/optee/optee-examples.inc
+
+SRCREV = "a98d01e1b9168eaed96bcd0bac0df67c44a81081"
@@ -0,0 +1,34 @@
+From fed478758e495f35d18a9e2a89193e6577b06799 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Tue, 26 May 2020 14:38:02 -0500
+Subject: [PATCH] allow setting sysroot for libgcc lookup
+
+Explicitly pass the new variable LIBGCC_LOCATE_CFLAGS variable when searching
+for the compiler libraries as there's no easy way to reliably pass --sysroot
+otherwise.
+
+Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ mk/gcc.mk | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/mk/gcc.mk b/mk/gcc.mk
+index adc77a24f25e..81bfa78ad8d7 100644
+--- a/mk/gcc.mk
+++ b/mk/gcc.mk
+@@ -13,11 +13,11 @@ nostdinc$(sm)	:= -nostdinc -isystem $(shell $(CC$(sm)) \
+ 			-print-file-name=include 2> /dev/null)
+ 
+ # Get location of libgcc from gcc
+-libgcc$(sm)  	:= $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \
+libgcc$(sm)  	:= $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \
+ 			-print-libgcc-file-name 2> /dev/null)
+-libstdc++$(sm)	:= $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
+libstdc++$(sm)	:= $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
+ 			-print-file-name=libstdc++.a 2> /dev/null)
+-libgcc_eh$(sm)	:= $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
+libgcc_eh$(sm)	:= $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
+ 			-print-file-name=libgcc_eh.a 2> /dev/null)
+ 
+ # Define these to something to discover accidental use
@@ -0,0 +1,29 @@
+From f158e3af6633bd689a76d53be2c9c590c0385350 Mon Sep 17 00:00:00 2001
+From: Brett Warren <brett.warren@arm.com>
+Date: Wed, 23 Sep 2020 09:27:34 +0100
+Subject: [PATCH] optee: enable clang support
+
+When compiling with clang, the LIBGCC_LOCATE_CFLAG variable used
+to provide a sysroot wasn't included, which results in not locating
+compiler-rt. This is mitigated by including the variable as ammended.
+
+Upstream-Status: Pending
+ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701
+Signed-off-by: Brett Warren <brett.warren@arm.com>
+---
+ mk/clang.mk | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/mk/clang.mk b/mk/clang.mk
+index c141a3f2ed0b..7d067cc007fa 100644
+--- a/mk/clang.mk
+++ b/mk/clang.mk
+@@ -27,7 +27,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \
+ 
+ # Note, use the compiler runtime library (libclang_rt.builtins.*.a) instead of
+ # libgcc for clang
+-libgcc$(sm)	:= $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \
+libgcc$(sm)	:= $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \
+ 			-rtlib=compiler-rt -print-libgcc-file-name 2> /dev/null)
+ 
+ # Core ASLR relies on the executable being ready to run from its preferred load
@@ -0,0 +1,64 @@
+From fb69397234b1efe3528714b6c0c1921ce37ad6a6 Mon Sep 17 00:00:00 2001
+From: Jerome Forissier <jerome.forissier@linaro.org>
+Date: Fri, 5 Aug 2022 09:48:03 +0200
+Subject: [PATCH] core: link: add --no-warn-rwx-segments
+
+Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
+Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474]
+
+binutils ld.bfd generates one RWX LOAD segment by merging several sections
+with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it
+also warns by default when that happens [1], which breaks the build due to
+--fatal-warnings. The RWX segment is not a problem for the TEE core, since
+that information is not used to set memory permissions. Therefore, silence
+the warning.
+
+Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
+Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448
+Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
+Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
+Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
+---
+ core/arch/arm/kernel/link.mk | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
+index 7eed333a32de..c39d43cbfc5b 100644
+--- a/core/arch/arm/kernel/link.mk
+++ b/core/arch/arm/kernel/link.mk
+@@ -31,6 +31,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map
+ link-ldflags += --sort-section=alignment
+ link-ldflags += --fatal-warnings
+ link-ldflags += --gc-sections
+link-ldflags += $(call ld-option,--no-warn-rwx-segments)
+ 
+ link-ldadd  = $(LDADD)
+ link-ldadd += $(ldflags-external)
+@@ -55,6 +56,7 @@ link-script-cppflags := \
+ 		$(cppflagscore))
+ 
+ ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \
+		   $(call ld-option,--no-warn-rwx-segments) \
+ 		   $(link-objs) $(link-ldadd) $(libgcccore)
+ cleanfiles += $(link-out-dir)/all_objs.o
+ $(link-out-dir)/all_objs.o: $(objs) $(libdeps) $(MAKEFILE_LIST)
+@@ -67,7 +69,8 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o
+ 	$(q)$(NMcore) $< | \
+ 		$(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@
+ 
+-unpaged-ldargs = -T $(link-script-dummy) --no-check-sections --gc-sections
+unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
+		 $(call ld-option,--no-warn-rwx-segments)
+ unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore)
+ cleanfiles += $(link-out-dir)/unpaged.o
+ $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt
+@@ -95,7 +98,8 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o
+ 	$(q)$(NMcore) $< | \
+ 		$(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@
+ 
+-init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections
+init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
+	       $(call ld-option,--no-warn-rwx-segments)
+ init-ldadd := $(link-objs-init) $(link-out-dir)/version.o  $(link-ldadd) \
+ 	      $(libgcccore)
+ cleanfiles += $(link-out-dir)/init.o
@@ -0,0 +1,240 @@
+From 0690909f07779a8f35b1f3d0baf8d4c5c9305d14 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sat, 13 Aug 2022 19:24:55 -0700
+Subject: [PATCH] core: Define section attributes for clang
+
+Clang's attribute section is not same as gcc, here we need to add flags
+to sections so they can be eventually collected by linker into final
+output segments. Only way to do so with clang is to use
+
+pragma clang section ...
+
+The behavious is described here [1], this allows us to define names bss
+sections. This was not an issue until clang-15 where LLD linker starts
+to detect the section flags before merging them and throws the following
+errors
+
+| ld.lld: error: section type mismatch for .nozi.kdata_page
+| >>> /mnt/b/yoe/master/build/tmp/work/qemuarm64-yoe-linux/optee-os-tadevkit/3.17.0-r0/build/core/arch/arm/kernel/thread.o:(.nozi.kdata_page): SHT_PROGBITS
+| >>> output section .nozi: SHT_NOBITS
+|
+| ld.lld: error: section type mismatch for .nozi.mmu.l2
+| >>> /mnt/b/yoe/master/build/tmp/work/qemuarm64-yoe-linux/optee-os-tadevkit/3.17.0-r0/build/core/arch/arm/mm/core_mmu_lpae.o:(.nozi.mmu.l2): SHT_PROGBITS
+| >>> output section .nozi: SHT_NOBITS
+
+These sections should be carrying SHT_NOBITS but so far it was not
+possible to do so, this patch tries to use clangs pragma to get this
+going and match the functionality with gcc.
+
+[1] https://intel.github.io/llvm-docs/clang/LanguageExtensions.html#specifying-section-names-for-global-objects-pragma-clang-section
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ core/arch/arm/kernel/thread.c    | 19 +++++++++++++++--
+ core/arch/arm/mm/core_mmu_lpae.c | 35 +++++++++++++++++++++++++++----
+ core/arch/arm/mm/core_mmu_v7.c   | 36 +++++++++++++++++++++++++++++---
+ core/arch/arm/mm/pgt_cache.c     | 12 ++++++++++-
+ core/kernel/thread.c             | 13 +++++++++++-
+ 5 files changed, 104 insertions(+), 11 deletions(-)
+
+diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c
+index f083b159e969..432983c86c9f 100644
+--- a/core/arch/arm/kernel/thread.c
+++ b/core/arch/arm/kernel/thread.c
+@@ -44,15 +44,30 @@ static size_t thread_user_kcode_size __nex_bss;
+ #if defined(CFG_CORE_UNMAP_CORE_AT_EL0) && \
+ 	defined(CFG_CORE_WORKAROUND_SPECTRE_BP_SEC) && defined(ARM64)
+ long thread_user_kdata_sp_offset __nex_bss;
+#ifdef __clang__
+#ifndef CFG_VIRTUALIZATION
+#pragma clang section bss=".nozi.kdata_page"
+#else
+#pragma clang section bss=".nex_nozi.kdata_page"
+#endif
+#endif
+ static uint8_t thread_user_kdata_page[
+ 	ROUNDUP(sizeof(struct thread_core_local) * CFG_TEE_CORE_NB_CORE,
+ 		SMALL_PAGE_SIZE)]
+ 	__aligned(SMALL_PAGE_SIZE)
+#ifndef __clang__
+ #ifndef CFG_VIRTUALIZATION
+-	__section(".nozi.kdata_page");
+	__section(".nozi.kdata_page")
+ #else
+-	__section(".nex_nozi.kdata_page");
+	__section(".nex_nozi.kdata_page")
+ #endif
+#endif
+    ;
+#endif
+
+/* reset BSS section to default ( .bss ) */
+#ifdef __clang__
+#pragma clang section bss=""
+ #endif
+ 
+ #ifdef ARM32
+diff --git a/core/arch/arm/mm/core_mmu_lpae.c b/core/arch/arm/mm/core_mmu_lpae.c
+index 3f08eec623f3..e6dc9261c41e 100644
+--- a/core/arch/arm/mm/core_mmu_lpae.c
+++ b/core/arch/arm/mm/core_mmu_lpae.c
+@@ -233,19 +233,46 @@ typedef uint16_t l1_idx_t;
+ typedef uint64_t base_xlat_tbls_t[CFG_TEE_CORE_NB_CORE][NUM_BASE_LEVEL_ENTRIES];
+ typedef uint64_t xlat_tbl_t[XLAT_TABLE_ENTRIES];
+ 
+#ifdef __clang__
+#pragma clang section bss=".nozi.mmu.base_table"
+#endif
+ static base_xlat_tbls_t base_xlation_table[NUM_BASE_TABLES]
+ 	__aligned(NUM_BASE_LEVEL_ENTRIES * XLAT_ENTRY_SIZE)
+-	__section(".nozi.mmu.base_table");
+#ifndef __clang__
+	__section(".nozi.mmu.base_table")
+#endif
+;
+#ifdef __clang__
+#pragma clang section bss=""
+#endif
+ 
+#ifdef __clang__
+#pragma clang section bss=".nozi.mmu.l2"
+#endif
+ static xlat_tbl_t xlat_tables[MAX_XLAT_TABLES]
+-	__aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2");
+	__aligned(XLAT_TABLE_SIZE)
+#ifndef __clang__
+	__section(".nozi.mmu.l2")
+#endif
+;
+#ifdef __clang__
+#pragma clang section bss=""
+#endif
+ 
+ #define XLAT_TABLES_SIZE	(sizeof(xlat_tbl_t) * MAX_XLAT_TABLES)
+ 
+#ifdef __clang__
+#pragma clang section bss=".nozi.mmu.l2"
+#endif
+ /* MMU L2 table for TAs, one for each thread */
+ static xlat_tbl_t xlat_tables_ul1[CFG_NUM_THREADS]
+-	__aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2");
+-
+#ifndef __clang__
+	__aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2")
+#endif
+;
+#ifdef __clang__
+#pragma clang section bss=""
+#endif
+ /*
+  * TAs page table entry inside a level 1 page table.
+  *
+diff --git a/core/arch/arm/mm/core_mmu_v7.c b/core/arch/arm/mm/core_mmu_v7.c
+index cd85bd22d385..3e18f54f6cf8 100644
+--- a/core/arch/arm/mm/core_mmu_v7.c
+++ b/core/arch/arm/mm/core_mmu_v7.c
+@@ -204,16 +204,46 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_ENTRIES];
+ typedef uint32_t l2_xlat_tbl_t[NUM_L2_ENTRIES];
+ typedef uint32_t ul1_xlat_tbl_t[NUM_UL1_ENTRIES];
+ 
+#ifdef __clang__
+#pragma clang section bss=".nozi.mmu.l1"
+#endif
+ static l1_xlat_tbl_t main_mmu_l1_ttb
+-		__aligned(L1_ALIGNMENT) __section(".nozi.mmu.l1");
+		__aligned(L1_ALIGNMENT)
+#ifndef __clang__
+       __section(".nozi.mmu.l1")
+#endif
+;
+#ifdef __clang__
+#pragma clang section bss=""
+#endif
+ 
+ /* L2 MMU tables */
+#ifdef __clang__
+#pragma clang section bss=".nozi.mmu.l2"
+#endif
+ static l2_xlat_tbl_t main_mmu_l2_ttb[MAX_XLAT_TABLES]
+-		__aligned(L2_ALIGNMENT) __section(".nozi.mmu.l2");
+		__aligned(L2_ALIGNMENT)
+#ifndef __clang__
+       __section(".nozi.mmu.l2")
+#endif
+;
+#ifdef __clang__
+#pragma clang section bss=""
+#endif
+ 
+ /* MMU L1 table for TAs, one for each thread */
+#ifdef __clang__
+#pragma clang section bss=".nozi.mmu.ul1"
+#endif
+ static ul1_xlat_tbl_t main_mmu_ul1_ttb[CFG_NUM_THREADS]
+-		__aligned(UL1_ALIGNMENT) __section(".nozi.mmu.ul1");
+		__aligned(UL1_ALIGNMENT)
+#ifndef __clang__
+       __section(".nozi.mmu.ul1")
+#endif
+;
+#ifdef __clang__
+#pragma clang section bss=""
+#endif
+ 
+ struct mmu_partition {
+ 	l1_xlat_tbl_t *l1_table;
+diff --git a/core/arch/arm/mm/pgt_cache.c b/core/arch/arm/mm/pgt_cache.c
+index dee1d207943f..382cae1c3f30 100644
+--- a/core/arch/arm/mm/pgt_cache.c
+++ b/core/arch/arm/mm/pgt_cache.c
+@@ -104,8 +104,18 @@ void pgt_init(void)
+ 	 * has a large alignment, while .bss has a small alignment. The current
+ 	 * link script is optimized for small alignment in .bss
+ 	 */
+#ifdef __clang__
+#pragma clang section bss=".nozi.mmu.l2"
+#endif
+ 	static uint8_t pgt_tables[PGT_CACHE_SIZE][PGT_SIZE]
+-			__aligned(PGT_SIZE) __section(".nozi.pgt_cache");
+			__aligned(PGT_SIZE)
+#ifndef __clang__
+			__section(".nozi.pgt_cache")
+#endif
+			;
+#ifdef __clang__
+#pragma clang section bss=""
+#endif
+ 	size_t n;
+ 
+ 	for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) {
+diff --git a/core/kernel/thread.c b/core/kernel/thread.c
+index 18d34e6adfe2..086129e282bc 100644
+--- a/core/kernel/thread.c
+++ b/core/kernel/thread.c
+@@ -37,13 +37,24 @@ struct thread_core_local thread_core_local[CFG_TEE_CORE_NB_CORE] __nex_bss;
+ 	name[stack_num][sizeof(name[stack_num]) / sizeof(uint32_t) - 1]
+ #endif
+ 
+#define DO_PRAGMA(x) _Pragma (#x)
+
+#ifdef __clang__
+#define DECLARE_STACK(name, num_stacks, stack_size, linkage) \
+DO_PRAGMA (clang section bss=".nozi_stack." #name) \
+linkage uint32_t name[num_stacks] \
+		[ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \
+			 STACK_ALIGNMENT) / sizeof(uint32_t)] \
+		__attribute__((aligned(STACK_ALIGNMENT))); \
+DO_PRAGMA(clang section bss="")
+#else
+ #define DECLARE_STACK(name, num_stacks, stack_size, linkage) \
+ linkage uint32_t name[num_stacks] \
+ 		[ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \
+ 			 STACK_ALIGNMENT) / sizeof(uint32_t)] \
+ 		__attribute__((section(".nozi_stack." # name), \
+ 			       aligned(STACK_ALIGNMENT)))
+-
+#endif
+ #define GET_STACK(stack) ((vaddr_t)(stack) + STACK_SIZE(stack))
+ 
+ DECLARE_STACK(stack_tmp, CFG_TEE_CORE_NB_CORE,
@@ -0,0 +1,93 @@
+From 63445958678b58c5adc7eca476b216e5dc0f4195 Mon Sep 17 00:00:00 2001
+From: Jerome Forissier <jerome.forissier@linaro.org>
+Date: Tue, 23 Aug 2022 11:41:00 +0000
+Subject: [PATCH] core, ldelf: link: add -z execstack
+
+When building for arm32 with GNU binutils 2.39, the linker outputs
+warnings when generating some TEE core binaries (all_obj.o, init.o,
+unpaged.o and tee.elf) as well as ldelf.elf:
+
+ arm-poky-linux-gnueabi-ld.bfd: warning: atomic_a32.o: missing .note.GNU-stack section implies executable stack
+ arm-poky-linux-gnueabi-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
+
+The permissions used when mapping the TEE core stacks do not depend on
+any metadata found in the ELF file. Similarly when the TEE core loads
+ldelf it already creates a non-executable stack regardless of ELF
+information. Therefore we can safely ignore the warnings. This is done
+by adding the '-z execstack' option.
+
+Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
+
+Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
+Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
+---
+ core/arch/arm/kernel/link.mk | 13 +++++++++----
+ ldelf/link.mk                |  3 +++
+ 2 files changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
+index c39d43cbfc5b..0e96e606cd9d 100644
+--- a/core/arch/arm/kernel/link.mk
+++ b/core/arch/arm/kernel/link.mk
+@@ -9,6 +9,11 @@ link-script-dep = $(link-out-dir)/.kern.ld.d
+ 
+ AWK	 = awk
+ 
+link-ldflags-common += $(call ld-option,--no-warn-rwx-segments)
+ifeq ($(CFG_ARM32_core),y)
+link-ldflags-common += $(call ld-option,--no-warn-execstack)
+endif
+
+ link-ldflags  = $(LDFLAGS)
+ ifeq ($(CFG_CORE_ASLR),y)
+ link-ldflags += -pie -Bsymbolic -z norelro $(ldflag-apply-dynamic-relocs)
+@@ -31,7 +36,7 @@ link-ldflags += -T $(link-script-pp) -Map=$(link-out-dir)/tee.map
+ link-ldflags += --sort-section=alignment
+ link-ldflags += --fatal-warnings
+ link-ldflags += --gc-sections
+-link-ldflags += $(call ld-option,--no-warn-rwx-segments)
+link-ldflags += $(link-ldflags-common)
+ 
+ link-ldadd  = $(LDADD)
+ link-ldadd += $(ldflags-external)
+@@ -56,7 +61,7 @@ link-script-cppflags := \
+ 		$(cppflagscore))
+ 
+ ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \
+-		   $(call ld-option,--no-warn-rwx-segments) \
+		   $(link-ldflags-common) \
+ 		   $(link-objs) $(link-ldadd) $(libgcccore)
+ cleanfiles += $(link-out-dir)/all_objs.o
+ $(link-out-dir)/all_objs.o: $(objs) $(libdeps) $(MAKEFILE_LIST)
+@@ -70,7 +75,7 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o
+ 		$(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@
+ 
+ unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
+-		 $(call ld-option,--no-warn-rwx-segments)
+		 $(link-ldflags-common)
+ unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore)
+ cleanfiles += $(link-out-dir)/unpaged.o
+ $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt
+@@ -99,7 +104,7 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o
+ 		$(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@
+ 
+ init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
+-	       $(call ld-option,--no-warn-rwx-segments)
+	       $(link-ldflags-common)
+ init-ldadd := $(link-objs-init) $(link-out-dir)/version.o  $(link-ldadd) \
+ 	      $(libgcccore)
+ cleanfiles += $(link-out-dir)/init.o
+diff --git a/ldelf/link.mk b/ldelf/link.mk
+index 64c8212a06fa..bd49551e7065 100644
+--- a/ldelf/link.mk
+++ b/ldelf/link.mk
+@@ -20,6 +20,9 @@ link-ldflags += -z max-page-size=4096 # OP-TEE always uses 4K alignment
+ ifeq ($(CFG_CORE_BTI),y)
+ link-ldflags += $(call ld-option,-z force-bti) --fatal-warnings
+ endif
+ifeq ($(CFG_ARM32_$(sm)), y)
+link-ldflags += $(call ld-option,--no-warn-execstack)
+endif
+ link-ldflags += $(link-ldflags$(sm))
+ 
+ link-ldadd  = $(addprefix -L,$(libdirs))
@@ -0,0 +1,127 @@
+From 1a991cbedf8647d5a1e7c312614f7867c3940968 Mon Sep 17 00:00:00 2001
+From: Jerome Forissier <jerome.forissier@linaro.org>
+Date: Tue, 23 Aug 2022 12:31:46 +0000
+Subject: [PATCH] arm32: libutils, libutee, ta: add .note.GNU-stack section to
+
+ .S files
+
+When building for arm32 with GNU binutils 2.39, the linker outputs
+warnings when linking Trusted Applications:
+
+ arm-unknown-linux-uclibcgnueabihf-ld.bfd: warning: utee_syscalls_a32.o: missing .note.GNU-stack section implies executable stack
+ arm-unknown-linux-uclibcgnueabihf-ld.bfd: NOTE: This behaviour is deprecated and will be removed in a future version of the linker
+
+We could silence the warning by adding the '-z execstack' option to the
+TA link flags, like we did in the parent commit for the TEE core and
+ldelf. Indeed, ldelf always allocates a non-executable piece of memory
+for the TA to use as a stack.
+
+However it seems preferable to comply with the common ELF practices in
+this case. A better fix is therefore to add the missing .note.GNU-stack
+sections in the assembler files.
+
+Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
+
+Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
+Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5499]
+---
+ lib/libutee/arch/arm/utee_syscalls_a32.S             | 2 ++
+ lib/libutils/ext/arch/arm/atomic_a32.S               | 2 ++
+ lib/libutils/ext/arch/arm/mcount_a32.S               | 2 ++
+ lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S  | 2 ++
+ lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S | 2 ++
+ lib/libutils/isoc/arch/arm/setjmp_a32.S              | 2 ++
+ ta/arch/arm/ta_entry_a32.S                           | 2 ++
+ 7 files changed, 14 insertions(+)
+
+diff --git a/lib/libutee/arch/arm/utee_syscalls_a32.S b/lib/libutee/arch/arm/utee_syscalls_a32.S
+index 6e621ca6e06d..af405f62723c 100644
+--- a/lib/libutee/arch/arm/utee_syscalls_a32.S
+++ b/lib/libutee/arch/arm/utee_syscalls_a32.S
+@@ -7,6 +7,8 @@
+ #include <tee_syscall_numbers.h>
+ #include <asm.S>
+ 
+	.section .note.GNU-stack,"",%progbits
+
+         .section .text
+         .balign 4
+         .code 32
+diff --git a/lib/libutils/ext/arch/arm/atomic_a32.S b/lib/libutils/ext/arch/arm/atomic_a32.S
+index eaef6914734e..2be73ffadcc9 100644
+--- a/lib/libutils/ext/arch/arm/atomic_a32.S
+++ b/lib/libutils/ext/arch/arm/atomic_a32.S
+@@ -5,6 +5,8 @@
+ 
+ #include <asm.S>
+ 
+	.section .note.GNU-stack,"",%progbits
+
+ /* uint32_t atomic_inc32(uint32_t *v); */
+ FUNC atomic_inc32 , :
+ 	ldrex	r1, [r0]
+diff --git a/lib/libutils/ext/arch/arm/mcount_a32.S b/lib/libutils/ext/arch/arm/mcount_a32.S
+index 51439a23014e..54dc3c02da66 100644
+--- a/lib/libutils/ext/arch/arm/mcount_a32.S
+++ b/lib/libutils/ext/arch/arm/mcount_a32.S
+@@ -7,6 +7,8 @@
+ 
+ #if defined(CFG_TA_GPROF_SUPPORT) || defined(CFG_FTRACE_SUPPORT)
+ 
+	.section .note.GNU-stack,"",%progbits
+
+ /*
+  * Convert return address to call site address by subtracting the size of the
+  * mcount call instruction (blx __gnu_mcount_nc).
+diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
+index a600c879668c..37ae9ec6f9f1 100644
+--- a/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_divmod_a32.S
+@@ -5,6 +5,8 @@
+ 
+ #include <asm.S>
+ 
+	.section .note.GNU-stack,"",%progbits
+
+ /*
+  * signed ret_idivmod_values(signed quot, signed rem);
+  * return quotient and remaining the EABI way (regs r0,r1)
+diff --git a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
+index 2dc50bc98bbf..5c3353e2c1ba 100644
+--- a/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
+++ b/lib/libutils/isoc/arch/arm/arm32_aeabi_ldivmod_a32.S
+@@ -5,6 +5,8 @@
+ 
+ #include <asm.S>
+ 
+	.section .note.GNU-stack,"",%progbits
+
+ /*
+  * __value_in_regs lldiv_t __aeabi_ldivmod( long long n, long long d)
+  */
+diff --git a/lib/libutils/isoc/arch/arm/setjmp_a32.S b/lib/libutils/isoc/arch/arm/setjmp_a32.S
+index 43ea593758c9..f8a0b70df705 100644
+--- a/lib/libutils/isoc/arch/arm/setjmp_a32.S
+++ b/lib/libutils/isoc/arch/arm/setjmp_a32.S
+@@ -51,6 +51,8 @@
+ #define SIZE(x)
+ #endif
+ 
+	.section .note.GNU-stack,"",%progbits
+
+ /* Arm/Thumb interworking support:
+ 
+    The interworking scheme expects functions to use a BX instruction
+diff --git a/ta/arch/arm/ta_entry_a32.S b/ta/arch/arm/ta_entry_a32.S
+index d2f8a69daa7f..cd9a12f9dbf9 100644
+--- a/ta/arch/arm/ta_entry_a32.S
+++ b/ta/arch/arm/ta_entry_a32.S
+@@ -5,6 +5,8 @@
+ 
+ #include <asm.S>
+ 
+	.section .note.GNU-stack,"",%progbits
+
+ /*
+  * This function is the bottom of the user call stack. Mark it as such so that
+  * the unwinding code won't try to go further down.
@@ -0,0 +1,34 @@
+From 843eb2ef918d5ae3d09de088110cb026ca25306b Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Tue, 26 May 2020 14:38:02 -0500
+Subject: [PATCH] allow setting sysroot for libgcc lookup
+
+Explicitly pass the new variable LIBGCC_LOCATE_CFLAGS variable when searching
+for the compiler libraries as there's no easy way to reliably pass --sysroot
+otherwise.
+
+Upstream-Status: Pending [https://github.com/OP-TEE/optee_os/issues/4188]
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ mk/gcc.mk | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/mk/gcc.mk b/mk/gcc.mk
+index adc77a24f25e..81bfa78ad8d7 100644
+--- a/mk/gcc.mk
+++ b/mk/gcc.mk
+@@ -13,11 +13,11 @@ nostdinc$(sm)	:= -nostdinc -isystem $(shell $(CC$(sm)) \
+ 			-print-file-name=include 2> /dev/null)
+ 
+ # Get location of libgcc from gcc
+-libgcc$(sm)  	:= $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \
+libgcc$(sm)  	:= $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \
+ 			-print-libgcc-file-name 2> /dev/null)
+-libstdc++$(sm)	:= $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
+libstdc++$(sm)	:= $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
+ 			-print-file-name=libstdc++.a 2> /dev/null)
+-libgcc_eh$(sm)	:= $(shell $(CXX$(sm)) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
+libgcc_eh$(sm)	:= $(shell $(CXX$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CXXFLAGS$(arch-bits-$(sm))) $(comp-cxxflags$(sm)) \
+ 			-print-file-name=libgcc_eh.a 2> /dev/null)
+ 
+ # Define these to something to discover accidental use
@@ -0,0 +1,29 @@
+From 0ca5ef7c8256dbd9690a01a82397bc16a123e179 Mon Sep 17 00:00:00 2001
+From: Brett Warren <brett.warren@arm.com>
+Date: Wed, 23 Sep 2020 09:27:34 +0100
+Subject: [PATCH] optee: enable clang support
+
+When compiling with clang, the LIBGCC_LOCATE_CFLAG variable used
+to provide a sysroot wasn't included, which results in not locating
+compiler-rt. This is mitigated by including the variable as ammended.
+
+Upstream-Status: Pending
+ChangeId: 8ba69a4b2eb8ebaa047cb266c9aa6c2c3da45701
+Signed-off-by: Brett Warren <brett.warren@arm.com>
+---
+ mk/clang.mk | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/mk/clang.mk b/mk/clang.mk
+index a045beee8482..1ebe2f702dcd 100644
+--- a/mk/clang.mk
+++ b/mk/clang.mk
+@@ -30,7 +30,7 @@ comp-cflags-warns-clang := -Wno-language-extension-token \
+ 
+ # Note, use the compiler runtime library (libclang_rt.builtins.*.a) instead of
+ # libgcc for clang
+-libgcc$(sm)	:= $(shell $(CC$(sm)) $(CFLAGS$(arch-bits-$(sm))) \
+libgcc$(sm)	:= $(shell $(CC$(sm)) $(LIBGCC_LOCATE_CFLAGS) $(CFLAGS$(arch-bits-$(sm))) \
+ 			-rtlib=compiler-rt -print-libgcc-file-name 2> /dev/null)
+ 
+ # Core ASLR relies on the executable being ready to run from its preferred load
@@ -0,0 +1,62 @@
+From 741df4df0ec7b69b0573cff265dc1ae7cb70b55c Mon Sep 17 00:00:00 2001
+From: Jerome Forissier <jerome.forissier@linaro.org>
+Date: Fri, 5 Aug 2022 09:48:03 +0200
+Subject: [PATCH] core: link: add --no-warn-rwx-segments
+
+Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
+Upstream-Status: Backport [https://github.com/OP-TEE/optee_os/pull/5474]
+
+binutils ld.bfd generates one RWX LOAD segment by merging several sections
+with mixed R/W/X attributes (.text, .rodata, .data). After version 2.38 it
+also warns by default when that happens [1], which breaks the build due to
+--fatal-warnings. The RWX segment is not a problem for the TEE core, since
+that information is not used to set memory permissions. Therefore, silence
+the warning.
+
+Link: [1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
+Link: https://sourceware.org/bugzilla/show_bug.cgi?id=29448
+Reported-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
+Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
+Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
+---
+ core/arch/arm/kernel/link.mk | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/core/arch/arm/kernel/link.mk b/core/arch/arm/kernel/link.mk
+index 0e96e606cd9d..3fbcb6804c6f 100644
+--- a/core/arch/arm/kernel/link.mk
+++ b/core/arch/arm/kernel/link.mk
+@@ -37,6 +37,7 @@ link-ldflags += --sort-section=alignment
+ link-ldflags += --fatal-warnings
+ link-ldflags += --gc-sections
+ link-ldflags += $(link-ldflags-common)
+link-ldflags += $(call ld-option,--no-warn-rwx-segments)
+ 
+ link-ldadd  = $(LDADD)
+ link-ldadd += $(ldflags-external)
+@@ -61,6 +62,7 @@ link-script-cppflags := \
+ 		$(cppflagscore))
+ 
+ ldargs-all_objs := -T $(link-script-dummy) --no-check-sections \
+		   $(call ld-option,--no-warn-rwx-segments) \
+ 		   $(link-ldflags-common) \
+ 		   $(link-objs) $(link-ldadd) $(libgcccore)
+ cleanfiles += $(link-out-dir)/all_objs.o
+@@ -75,7 +77,7 @@ $(link-out-dir)/unpaged_entries.txt: $(link-out-dir)/all_objs.o
+ 		$(AWK) '/ ____keep_pager/ { printf "-u%s ", $$3 }' > $@
+ 
+ unpaged-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
+-		 $(link-ldflags-common)
+		 $(link-ldflags-common) $(call ld-option,--no-warn-rwx-segments)
+ unpaged-ldadd := $(objs) $(link-ldadd) $(libgcccore)
+ cleanfiles += $(link-out-dir)/unpaged.o
+ $(link-out-dir)/unpaged.o: $(link-out-dir)/unpaged_entries.txt
+@@ -104,7 +106,7 @@ $(link-out-dir)/init_entries.txt: $(link-out-dir)/all_objs.o
+ 		$(AWK) '/ ____keep_init/ { printf "-u%s ", $$3 }' > $@
+ 
+ init-ldargs := -T $(link-script-dummy) --no-check-sections --gc-sections \
+-	       $(link-ldflags-common)
+	       $(link-ldflags-common) $(call ld-option,--no-warn-rwx-segments)
+ init-ldadd := $(link-objs-init) $(link-out-dir)/version.o  $(link-ldadd) \
+ 	      $(libgcccore)
+ cleanfiles += $(link-out-dir)/init.o
@@ -0,0 +1,240 @@
+From 162493e5b212b9d7391669a55be09b69b97a9cf8 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Wed, 21 Dec 2022 10:55:58 +0000
+Subject: [PATCH] core: Define section attributes for clang
+
+Clang's attribute section is not same as gcc, here we need to add flags
+to sections so they can be eventually collected by linker into final
+output segments. Only way to do so with clang is to use
+
+pragma clang section ...
+
+The behavious is described here [1], this allows us to define names bss
+sections. This was not an issue until clang-15 where LLD linker starts
+to detect the section flags before merging them and throws the following
+errors
+
+| ld.lld: error: section type mismatch for .nozi.kdata_page
+| >>> /mnt/b/yoe/master/build/tmp/work/qemuarm64-yoe-linux/optee-os-tadevkit/3.17.0-r0/build/core/arch/arm/kernel/thread.o:(.nozi.kdata_page): SHT_PROGBITS
+| >>> output section .nozi: SHT_NOBITS
+|
+| ld.lld: error: section type mismatch for .nozi.mmu.l2
+| >>> /mnt/b/yoe/master/build/tmp/work/qemuarm64-yoe-linux/optee-os-tadevkit/3.17.0-r0/build/core/arch/arm/mm/core_mmu_lpae.o:(.nozi.mmu.l2): SHT_PROGBITS
+| >>> output section .nozi: SHT_NOBITS
+
+These sections should be carrying SHT_NOBITS but so far it was not
+possible to do so, this patch tries to use clangs pragma to get this
+going and match the functionality with gcc.
+
+[1] https://intel.github.io/llvm-docs/clang/LanguageExtensions.html#specifying-section-names-for-global-objects-pragma-clang-section
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ core/arch/arm/kernel/thread.c    | 19 +++++++++++++++--
+ core/arch/arm/mm/core_mmu_lpae.c | 35 +++++++++++++++++++++++++++----
+ core/arch/arm/mm/core_mmu_v7.c   | 36 +++++++++++++++++++++++++++++---
+ core/arch/arm/mm/pgt_cache.c     | 12 ++++++++++-
+ core/kernel/thread.c             | 13 +++++++++++-
+ 5 files changed, 104 insertions(+), 11 deletions(-)
+
+diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c
+index 1cf76a0ca690..1e7f9f96b558 100644
+--- a/core/arch/arm/kernel/thread.c
+++ b/core/arch/arm/kernel/thread.c
+@@ -44,15 +44,30 @@ static size_t thread_user_kcode_size __nex_bss;
+ #if defined(CFG_CORE_UNMAP_CORE_AT_EL0) && \
+ 	defined(CFG_CORE_WORKAROUND_SPECTRE_BP_SEC) && defined(ARM64)
+ long thread_user_kdata_sp_offset __nex_bss;
+#ifdef __clang__
+#ifndef CFG_VIRTUALIZATION
+#pragma clang section bss=".nozi.kdata_page"
+#else
+#pragma clang section bss=".nex_nozi.kdata_page"
+#endif
+#endif
+ static uint8_t thread_user_kdata_page[
+ 	ROUNDUP(sizeof(struct thread_core_local) * CFG_TEE_CORE_NB_CORE,
+ 		SMALL_PAGE_SIZE)]
+ 	__aligned(SMALL_PAGE_SIZE)
+#ifndef __clang__
+ #ifndef CFG_VIRTUALIZATION
+-	__section(".nozi.kdata_page");
+	__section(".nozi.kdata_page")
+ #else
+-	__section(".nex_nozi.kdata_page");
+	__section(".nex_nozi.kdata_page")
+ #endif
+#endif
+    ;
+#endif
+
+/* reset BSS section to default ( .bss ) */
+#ifdef __clang__
+#pragma clang section bss=""
+ #endif
+ 
+ #ifdef ARM32
+diff --git a/core/arch/arm/mm/core_mmu_lpae.c b/core/arch/arm/mm/core_mmu_lpae.c
+index 3f08eec623f3..e6dc9261c41e 100644
+--- a/core/arch/arm/mm/core_mmu_lpae.c
+++ b/core/arch/arm/mm/core_mmu_lpae.c
+@@ -233,19 +233,46 @@ typedef uint16_t l1_idx_t;
+ typedef uint64_t base_xlat_tbls_t[CFG_TEE_CORE_NB_CORE][NUM_BASE_LEVEL_ENTRIES];
+ typedef uint64_t xlat_tbl_t[XLAT_TABLE_ENTRIES];
+ 
+#ifdef __clang__
+#pragma clang section bss=".nozi.mmu.base_table"
+#endif
+ static base_xlat_tbls_t base_xlation_table[NUM_BASE_TABLES]
+ 	__aligned(NUM_BASE_LEVEL_ENTRIES * XLAT_ENTRY_SIZE)
+-	__section(".nozi.mmu.base_table");
+#ifndef __clang__
+	__section(".nozi.mmu.base_table")
+#endif
+;
+#ifdef __clang__
+#pragma clang section bss=""
+#endif
+ 
+#ifdef __clang__
+#pragma clang section bss=".nozi.mmu.l2"
+#endif
+ static xlat_tbl_t xlat_tables[MAX_XLAT_TABLES]
+-	__aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2");
+	__aligned(XLAT_TABLE_SIZE)
+#ifndef __clang__
+	__section(".nozi.mmu.l2")
+#endif
+;
+#ifdef __clang__
+#pragma clang section bss=""
+#endif
+ 
+ #define XLAT_TABLES_SIZE	(sizeof(xlat_tbl_t) * MAX_XLAT_TABLES)
+ 
+#ifdef __clang__
+#pragma clang section bss=".nozi.mmu.l2"
+#endif
+ /* MMU L2 table for TAs, one for each thread */
+ static xlat_tbl_t xlat_tables_ul1[CFG_NUM_THREADS]
+-	__aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2");
+-
+#ifndef __clang__
+	__aligned(XLAT_TABLE_SIZE) __section(".nozi.mmu.l2")
+#endif
+;
+#ifdef __clang__
+#pragma clang section bss=""
+#endif
+ /*
+  * TAs page table entry inside a level 1 page table.
+  *
+diff --git a/core/arch/arm/mm/core_mmu_v7.c b/core/arch/arm/mm/core_mmu_v7.c
+index cd85bd22d385..3e18f54f6cf8 100644
+--- a/core/arch/arm/mm/core_mmu_v7.c
+++ b/core/arch/arm/mm/core_mmu_v7.c
+@@ -204,16 +204,46 @@ typedef uint32_t l1_xlat_tbl_t[NUM_L1_ENTRIES];
+ typedef uint32_t l2_xlat_tbl_t[NUM_L2_ENTRIES];
+ typedef uint32_t ul1_xlat_tbl_t[NUM_UL1_ENTRIES];
+ 
+#ifdef __clang__
+#pragma clang section bss=".nozi.mmu.l1"
+#endif
+ static l1_xlat_tbl_t main_mmu_l1_ttb
+-		__aligned(L1_ALIGNMENT) __section(".nozi.mmu.l1");
+		__aligned(L1_ALIGNMENT)
+#ifndef __clang__
+       __section(".nozi.mmu.l1")
+#endif
+;
+#ifdef __clang__
+#pragma clang section bss=""
+#endif
+ 
+ /* L2 MMU tables */
+#ifdef __clang__
+#pragma clang section bss=".nozi.mmu.l2"
+#endif
+ static l2_xlat_tbl_t main_mmu_l2_ttb[MAX_XLAT_TABLES]
+-		__aligned(L2_ALIGNMENT) __section(".nozi.mmu.l2");
+		__aligned(L2_ALIGNMENT)
+#ifndef __clang__
+       __section(".nozi.mmu.l2")
+#endif
+;
+#ifdef __clang__
+#pragma clang section bss=""
+#endif
+ 
+ /* MMU L1 table for TAs, one for each thread */
+#ifdef __clang__
+#pragma clang section bss=".nozi.mmu.ul1"
+#endif
+ static ul1_xlat_tbl_t main_mmu_ul1_ttb[CFG_NUM_THREADS]
+-		__aligned(UL1_ALIGNMENT) __section(".nozi.mmu.ul1");
+		__aligned(UL1_ALIGNMENT)
+#ifndef __clang__
+       __section(".nozi.mmu.ul1")
+#endif
+;
+#ifdef __clang__
+#pragma clang section bss=""
+#endif
+ 
+ struct mmu_partition {
+ 	l1_xlat_tbl_t *l1_table;
+diff --git a/core/arch/arm/mm/pgt_cache.c b/core/arch/arm/mm/pgt_cache.c
+index 79553c6d2183..b9efdf42780b 100644
+--- a/core/arch/arm/mm/pgt_cache.c
+++ b/core/arch/arm/mm/pgt_cache.c
+@@ -410,8 +410,18 @@ void pgt_init(void)
+ 	 * has a large alignment, while .bss has a small alignment. The current
+ 	 * link script is optimized for small alignment in .bss
+ 	 */
+#ifdef __clang__
+#pragma clang section bss=".nozi.mmu.l2"
+#endif
+ 	static uint8_t pgt_tables[PGT_CACHE_SIZE][PGT_SIZE]
+-			__aligned(PGT_SIZE) __section(".nozi.pgt_cache");
+			__aligned(PGT_SIZE)
+#ifndef __clang__
+			__section(".nozi.pgt_cache")
+#endif
+			;
+#ifdef __clang__
+#pragma clang section bss=""
+#endif
+ 	size_t n;
+ 
+ 	for (n = 0; n < ARRAY_SIZE(pgt_tables); n++) {
+diff --git a/core/kernel/thread.c b/core/kernel/thread.c
+index d1f2f3823be7..8de124ae5357 100644
+--- a/core/kernel/thread.c
+++ b/core/kernel/thread.c
+@@ -38,13 +38,24 @@ struct thread_core_local thread_core_local[CFG_TEE_CORE_NB_CORE] __nex_bss;
+ 	name[stack_num][sizeof(name[stack_num]) / sizeof(uint32_t) - 1]
+ #endif
+ 
+#define DO_PRAGMA(x) _Pragma (#x)
+
+#ifdef __clang__
+#define DECLARE_STACK(name, num_stacks, stack_size, linkage) \
+DO_PRAGMA (clang section bss=".nozi_stack." #name) \
+linkage uint32_t name[num_stacks] \
+		[ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \
+			 STACK_ALIGNMENT) / sizeof(uint32_t)] \
+		__attribute__((aligned(STACK_ALIGNMENT))); \
+DO_PRAGMA(clang section bss="")
+#else
+ #define DECLARE_STACK(name, num_stacks, stack_size, linkage) \
+ linkage uint32_t name[num_stacks] \
+ 		[ROUNDUP(stack_size + STACK_CANARY_SIZE + STACK_CHECK_EXTRA, \
+ 			 STACK_ALIGNMENT) / sizeof(uint32_t)] \
+ 		__attribute__((section(".nozi_stack." # name), \
+ 			       aligned(STACK_ALIGNMENT)))
+-
+#endif
+ #define GET_STACK(stack) ((vaddr_t)(stack) + STACK_SIZE(stack))
+ 
+ DECLARE_STACK(stack_tmp, CFG_TEE_CORE_NB_CORE, STACK_TMP_SIZE,
@@ -0,0 +1,88 @@
+From d0e32b6e202cde672c2b38dc568122a52be716b4 Mon Sep 17 00:00:00 2001
+From: Jens Wiklander <jens.wiklander@linaro.org>
+Date: Mon, 21 Nov 2022 18:17:33 +0100
+Subject: [PATCH] core: arm: S-EL1 SPMC: boot ABI update
+
+Updates the boot ABI for S-EL1 SPMC to align better with other SPMCs,
+like Hafnium, but also with the non-FF-A configuration.
+
+Register usage:
+X0 - TOS FW config [1] address, if not NULL
+X2 - System DTB, if not NULL
+
+Adds check in the default get_aslr_seed() to see if the system DTB is
+present before trying to read kaslr-seed from secure-chosen.
+
+Note that this is an incompatible change and requires corresponding
+change in TF-A ("feat(qemu): update abi between spmd and spmc") [2].
+
+[1] A TF-A concept: TOS_FW_CONFIG - Trusted OS Firmware configuration
+    file. Used by Trusted OS (BL32), that is, OP-TEE in this case
+Link: [2] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=25ae7ad1878244f78206cc7c91f7bdbd267331a1
+
+Upstream-Status: Accepted
+
+Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
+Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
+---
+ core/arch/arm/kernel/boot.c      |  8 +++++++-
+ core/arch/arm/kernel/entry_a64.S | 17 ++++++++---------
+ 2 files changed, 15 insertions(+), 10 deletions(-)
+
+diff --git a/core/arch/arm/kernel/boot.c b/core/arch/arm/kernel/boot.c
+index dd34173e838d..e02c02b6097d 100644
+--- a/core/arch/arm/kernel/boot.c
+++ b/core/arch/arm/kernel/boot.c
+@@ -1502,11 +1502,17 @@ struct ns_entry_context *boot_core_hpen(void)
+ #if defined(CFG_DT)
+ unsigned long __weak get_aslr_seed(void *fdt)
+ {
+-	int rc = fdt_check_header(fdt);
+	int rc = 0;
+ 	const uint64_t *seed = NULL;
+ 	int offs = 0;
+ 	int len = 0;
+ 
+	if (!fdt) {
+		DMSG("No fdt");
+		goto err;
+	}
+
+	rc = fdt_check_header(fdt);
+ 	if (rc) {
+ 		DMSG("Bad fdt: %d", rc);
+ 		goto err;
+diff --git a/core/arch/arm/kernel/entry_a64.S b/core/arch/arm/kernel/entry_a64.S
+index 4c6e9d75ca45..047ae1f25cc9 100644
+--- a/core/arch/arm/kernel/entry_a64.S
+++ b/core/arch/arm/kernel/entry_a64.S
+@@ -143,21 +143,20 @@
+ 	.endm
+ 
+ FUNC _start , :
+-#if defined(CFG_CORE_SEL1_SPMC)
+ 	/*
+-	 * With OP-TEE as SPMC at S-EL1 the SPMD (SPD_spmd) in TF-A passes
+-	 * the DTB in x0, pagaeble part in x1 and the rest of the registers
+-	 * are unused
+	 * If CFG_CORE_FFA is enabled, then x0 if non-NULL holds the TOS FW
+	 * config [1] address, else x0 if non-NULL holds the pagable part
+	 * address.
+	 *
+	 * [1] A TF-A concept: TOS_FW_CONFIG - Trusted OS Firmware
+	 * configuration file. Used by Trusted OS (BL32), that is, OP-TEE
+	 * here.
+ 	 */
+-	mov	x19, x1		/* Save pagable part */
+-	mov	x20, x0		/* Save DT address */
+-#else
+-	mov	x19, x0		/* Save pagable part address */
+	mov	x19, x0
+ #if defined(CFG_DT_ADDR)
+ 	ldr     x20, =CFG_DT_ADDR
+ #else
+ 	mov	x20, x2		/* Save DT address */
+-#endif
+ #endif
+ 
+ 	adr	x0, reset_vect_table
@@ -0,0 +1,246 @@
+From 9da324001fd93e1b3d9bca076e4afddbb5cac289 Mon Sep 17 00:00:00 2001
+From: Balint Dobszay <balint.dobszay@arm.com>
+Date: Fri, 10 Feb 2023 11:07:27 +0100
+Subject: [PATCH] core: ffa: add TOS_FW_CONFIG handling
+
+At boot TF-A passes two DT addresses (HW_CONFIG and TOS_FW_CONFIG), but
+currently only the HW_CONFIG address is saved, the other one is dropped.
+This commit adds functionality to save the TOS_FW_CONFIG too, so we can
+retrieve it later. This is necessary for the CFG_CORE_SEL1_SPMC use
+case, because the SPMC manifest is passed in this DT.
+
+Upstream-Status: Accepted
+
+Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
+Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
+---
+ core/arch/arm/kernel/boot.c               | 60 ++++++++++++++++++++++-
+ core/arch/arm/kernel/entry_a32.S          |  3 +-
+ core/arch/arm/kernel/entry_a64.S          | 13 ++++-
+ core/arch/arm/kernel/link_dummies_paged.c |  4 +-
+ core/arch/arm/kernel/secure_partition.c   |  2 +-
+ core/include/kernel/boot.h                |  7 ++-
+ 6 files changed, 81 insertions(+), 8 deletions(-)
+
+diff --git a/core/arch/arm/kernel/boot.c b/core/arch/arm/kernel/boot.c
+index e02c02b6097d..98e13c072d8e 100644
+--- a/core/arch/arm/kernel/boot.c
+++ b/core/arch/arm/kernel/boot.c
+@@ -1,6 +1,7 @@
+ // SPDX-License-Identifier: BSD-2-Clause
+ /*
+  * Copyright (c) 2015-2022, Linaro Limited
+ * Copyright (c) 2023, Arm Limited
+  */
+ 
+ #include <arm.h>
+@@ -83,6 +84,9 @@ struct dt_descriptor {
+ };
+ 
+ static struct dt_descriptor external_dt __nex_bss;
+#ifdef CFG_CORE_SEL1_SPMC
+static struct dt_descriptor tos_fw_config_dt __nex_bss;
+#endif
+ #endif
+ 
+ #ifdef CFG_SECONDARY_INIT_CNTFRQ
+@@ -1224,6 +1228,54 @@ static struct core_mmu_phys_mem *get_nsec_memory(void *fdt __unused,
+ #endif /*CFG_CORE_DYN_SHM*/
+ #endif /*!CFG_DT*/
+ 
+#if defined(CFG_CORE_SEL1_SPMC) && defined(CFG_DT)
+void *get_tos_fw_config_dt(void)
+{
+	if (!IS_ENABLED(CFG_MAP_EXT_DT_SECURE))
+		return NULL;
+
+	assert(cpu_mmu_enabled());
+
+	return tos_fw_config_dt.blob;
+}
+
+static void init_tos_fw_config_dt(unsigned long pa)
+{
+	struct dt_descriptor *dt = &tos_fw_config_dt;
+	void *fdt = NULL;
+	int ret = 0;
+
+	if (!IS_ENABLED(CFG_MAP_EXT_DT_SECURE))
+		return;
+
+	if (!pa)
+		panic("No TOS_FW_CONFIG DT found");
+
+	fdt = core_mmu_add_mapping(MEM_AREA_EXT_DT, pa, CFG_DTB_MAX_SIZE);
+	if (!fdt)
+		panic("Failed to map TOS_FW_CONFIG DT");
+
+	dt->blob = fdt;
+
+	ret = fdt_open_into(fdt, fdt, CFG_DTB_MAX_SIZE);
+	if (ret < 0) {
+		EMSG("Invalid Device Tree at %#lx: error %d", pa, ret);
+		panic();
+	}
+
+	IMSG("TOS_FW_CONFIG DT found");
+}
+#else
+void *get_tos_fw_config_dt(void)
+{
+	return NULL;
+}
+
+static void init_tos_fw_config_dt(unsigned long pa __unused)
+{
+}
+#endif /*CFG_CORE_SEL1_SPMC && CFG_DT*/
+
+ #ifdef CFG_CORE_DYN_SHM
+ static void discover_nsec_memory(void)
+ {
+@@ -1361,10 +1413,16 @@ static bool cpu_nmfi_enabled(void)
+  * Note: this function is weak just to make it possible to exclude it from
+  * the unpaged area.
+  */
+-void __weak boot_init_primary_late(unsigned long fdt)
+void __weak boot_init_primary_late(unsigned long fdt,
+				   unsigned long tos_fw_config)
+ {
+ 	init_external_dt(fdt);
+	init_tos_fw_config_dt(tos_fw_config);
+#ifdef CFG_CORE_SEL1_SPMC
+	tpm_map_log_area(get_tos_fw_config_dt());
+#else
+ 	tpm_map_log_area(get_external_dt());
+#endif
+ 	discover_nsec_memory();
+ 	update_external_dt();
+ 	configure_console_from_dt();
+diff --git a/core/arch/arm/kernel/entry_a32.S b/core/arch/arm/kernel/entry_a32.S
+index 0f14ca2f6ad9..3758fd8b7674 100644
+--- a/core/arch/arm/kernel/entry_a32.S
+++ b/core/arch/arm/kernel/entry_a32.S
+@@ -1,7 +1,7 @@
+ /* SPDX-License-Identifier: BSD-2-Clause */
+ /*
+  * Copyright (c) 2014, Linaro Limited
+- * Copyright (c) 2021, Arm Limited
+ * Copyright (c) 2021-2023, Arm Limited
+  */
+ 
+ #include <arm32_macros.S>
+@@ -560,6 +560,7 @@ shadow_stack_access_ok:
+ 	str	r0, [r8, #THREAD_CORE_LOCAL_FLAGS]
+ #endif
+ 	mov	r0, r6		/* DT address */
+	mov	r1, #0		/* unused */
+ 	bl	boot_init_primary_late
+ #ifndef CFG_VIRTUALIZATION
+ 	mov	r0, #THREAD_CLF_TMP
+diff --git a/core/arch/arm/kernel/entry_a64.S b/core/arch/arm/kernel/entry_a64.S
+index 047ae1f25cc9..fa76437fb73c 100644
+--- a/core/arch/arm/kernel/entry_a64.S
+++ b/core/arch/arm/kernel/entry_a64.S
+@@ -1,7 +1,7 @@
+ /* SPDX-License-Identifier: BSD-2-Clause */
+ /*
+  * Copyright (c) 2015-2022, Linaro Limited
+- * Copyright (c) 2021, Arm Limited
+ * Copyright (c) 2021-2023, Arm Limited
+  */
+ 
+ #include <platform_config.h>
+@@ -320,7 +320,11 @@ clear_nex_bss:
+ 	bl	core_mmu_set_default_prtn_tbl
+ #endif
+ 
+#ifdef CFG_CORE_SEL1_SPMC
+	mov	x0, xzr		/* pager not used */
+#else
+ 	mov	x0, x19		/* pagable part address */
+#endif
+ 	mov	x1, #-1
+ 	bl	boot_init_primary_early
+ 
+@@ -337,7 +341,12 @@ clear_nex_bss:
+ 	mov	x22, x0
+ 	str	wzr, [x22, #THREAD_CORE_LOCAL_FLAGS]
+ #endif
+-	mov	x0, x20		/* DT address */
+	mov	x0, x20		/* DT address also known as HW_CONFIG */
+#ifdef CFG_CORE_SEL1_SPMC
+	mov	x1, x19		/* TOS_FW_CONFIG DT address */
+#else
+	mov	x1, xzr		/* unused */
+#endif
+ 	bl	boot_init_primary_late
+ #ifdef CFG_CORE_PAUTH
+ 	init_pauth_per_cpu
+diff --git a/core/arch/arm/kernel/link_dummies_paged.c b/core/arch/arm/kernel/link_dummies_paged.c
+index 3b8287e06a11..023a5f3f558b 100644
+--- a/core/arch/arm/kernel/link_dummies_paged.c
+++ b/core/arch/arm/kernel/link_dummies_paged.c
+@@ -1,6 +1,7 @@
+ // SPDX-License-Identifier: BSD-2-Clause
+ /*
+  * Copyright (c) 2017-2021, Linaro Limited
+ * Copyright (c) 2023, Arm Limited
+  */
+ #include <compiler.h>
+ #include <initcall.h>
+@@ -27,7 +28,8 @@ void __section(".text.dummy.call_finalcalls") call_finalcalls(void)
+ }
+ 
+ void __section(".text.dummy.boot_init_primary_late")
+-boot_init_primary_late(unsigned long fdt __unused)
+boot_init_primary_late(unsigned long fdt __unused,
+		       unsigned long tos_fw_config __unused)
+ {
+ }
+ 
+diff --git a/core/arch/arm/kernel/secure_partition.c b/core/arch/arm/kernel/secure_partition.c
+index 1d36e90b1cf7..d386f1e4d211 100644
+--- a/core/arch/arm/kernel/secure_partition.c
+++ b/core/arch/arm/kernel/secure_partition.c
+@@ -1212,7 +1212,7 @@ static TEE_Result fip_sp_map_all(void)
+ 	int subnode = 0;
+ 	int root = 0;
+ 
+-	fdt = get_external_dt();
+	fdt = get_tos_fw_config_dt();
+ 	if (!fdt) {
+ 		EMSG("No SPMC manifest found");
+ 		return TEE_ERROR_GENERIC;
+diff --git a/core/include/kernel/boot.h b/core/include/kernel/boot.h
+index 260854473b8b..941e093b29a1 100644
+--- a/core/include/kernel/boot.h
+++ b/core/include/kernel/boot.h
+@@ -1,7 +1,7 @@
+ /* SPDX-License-Identifier: BSD-2-Clause */
+ /*
+  * Copyright (c) 2015-2020, Linaro Limited
+- * Copyright (c) 2021, Arm Limited
+ * Copyright (c) 2021-2023, Arm Limited
+  */
+ #ifndef __KERNEL_BOOT_H
+ #define __KERNEL_BOOT_H
+@@ -46,7 +46,7 @@ extern const struct core_mmu_config boot_mmu_config;
+ /* @nsec_entry is unused if using CFG_WITH_ARM_TRUSTED_FW */
+ void boot_init_primary_early(unsigned long pageable_part,
+ 			     unsigned long nsec_entry);
+-void boot_init_primary_late(unsigned long fdt);
+void boot_init_primary_late(unsigned long fdt, unsigned long tos_fw_config);
+ void boot_init_memtag(void);
+ 
+ void __panic_at_smc_return(void) __noreturn;
+@@ -103,6 +103,9 @@ void *get_embedded_dt(void);
+ /* Returns external DTB if present, otherwise NULL */
+ void *get_external_dt(void);
+ 
+/* Returns TOS_FW_CONFIG DTB if present, otherwise NULL */
+void *get_tos_fw_config_dt(void);
+
+ /*
+  * get_aslr_seed() - return a random seed for core ASLR
+  * @fdt:	Pointer to a device tree if CFG_DT_ADDR=y
@@ -0,0 +1,275 @@
+From 18ad0cce24addd45271edf3172ab9ce873186d7a Mon Sep 17 00:00:00 2001
+From: Imre Kis <imre.kis@arm.com>
+Date: Tue, 18 Apr 2023 16:41:51 +0200
+Subject: [PATCH] core: spmc: handle non-secure interrupts
+
+Add FFA_INTERRUPT and FFA_RUN support for signaling non-secure
+interrupts and for resuming to the secure world. If a secure partition
+is preempted by a non-secure interrupt OP-TEE saves the SP's state and
+sends an FFA_INTERRUPT to the normal world. After handling the interrupt
+the normal world should send an FFA_RUN to OP-TEE so it can continue
+running the SP.
+If OP-TEE is the active FF-A endpoint (i.e. it is running TAs) the
+non-secure interrupts are signaled by the existing
+OPTEE_FFA_YIELDING_CALL_RETURN_INTERRUPT message instead of
+FFA_INTERRUPT.
+
+Upstream-Status: Submitted [https://github.com/OP-TEE/optee_os/pull/6002]
+
+Signed-off-by: Imre Kis <imre.kis@arm.com>
+Change-Id: I577ebe86d416ee494963216a66a3bfc8206921b4
+---
+ core/arch/arm/include/ffa.h                   |  2 +-
+ .../arch/arm/include/kernel/spmc_sp_handler.h | 11 +++++++
+ core/arch/arm/kernel/secure_partition.c       | 17 ++++++++++
+ core/arch/arm/kernel/spmc_sp_handler.c        | 26 ++++++++++++++++
+ core/arch/arm/kernel/thread.c                 |  7 +++++
+ core/arch/arm/kernel/thread_spmc.c            | 31 ++++++++++++++++++-
+ core/arch/arm/kernel/thread_spmc_a64.S        | 30 ++++++++++++++++++
+ 7 files changed, 122 insertions(+), 2 deletions(-)
+
+diff --git a/core/arch/arm/include/ffa.h b/core/arch/arm/include/ffa.h
+index 5a19fb0c7ff3..b3d1d354735d 100644
+--- a/core/arch/arm/include/ffa.h
+++ b/core/arch/arm/include/ffa.h
+@@ -50,7 +50,7 @@
+ #define FFA_ID_GET			U(0x84000069)
+ #define FFA_MSG_WAIT			U(0x8400006B)
+ #define FFA_MSG_YIELD			U(0x8400006C)
+-#define FFA_MSG_RUN			U(0x8400006D)
+#define FFA_RUN				U(0x8400006D)
+ #define FFA_MSG_SEND			U(0x8400006E)
+ #define FFA_MSG_SEND_DIRECT_REQ_32	U(0x8400006F)
+ #define FFA_MSG_SEND_DIRECT_REQ_64	U(0xC400006F)
+diff --git a/core/arch/arm/include/kernel/spmc_sp_handler.h b/core/arch/arm/include/kernel/spmc_sp_handler.h
+index f5bda7bfe7d0..30c1e4691273 100644
+--- a/core/arch/arm/include/kernel/spmc_sp_handler.h
+++ b/core/arch/arm/include/kernel/spmc_sp_handler.h
+@@ -25,6 +25,8 @@ void spmc_sp_start_thread(struct thread_smc_args *args);
+ int spmc_sp_add_share(struct ffa_rxtx *rxtx,
+ 		      size_t blen, uint64_t *global_handle,
+ 		      struct sp_session *owner_sp);
+void spmc_sp_set_to_preempted(struct ts_session *ts_sess);
+int spmc_sp_resume_from_preempted(uint16_t endpoint_id);
+ #else
+ static inline void spmc_sp_start_thread(struct thread_smc_args *args __unused)
+ {
+@@ -37,6 +39,15 @@ static inline int spmc_sp_add_share(struct ffa_rxtx *rxtx __unused,
+ {
+ 	return FFA_NOT_SUPPORTED;
+ }
+
+static inline void spmc_sp_set_to_preempted(struct ts_session *ts_sess __unused)
+{
+}
+
+static inline int spmc_sp_resume_from_preempted(uint16_t endpoint_id __unused)
+{
+	return FFA_NOT_SUPPORTED;
+}
+ #endif
+ 
+ #endif /* __KERNEL_SPMC_SP_HANDLER_H */
+diff --git a/core/arch/arm/kernel/secure_partition.c b/core/arch/arm/kernel/secure_partition.c
+index d386f1e4d211..740be6d22e47 100644
+--- a/core/arch/arm/kernel/secure_partition.c
+++ b/core/arch/arm/kernel/secure_partition.c
+@@ -999,6 +999,8 @@ static TEE_Result sp_enter_invoke_cmd(struct ts_session *s,
+ 	struct sp_session *sp_s = to_sp_session(s);
+ 	struct ts_session *sess = NULL;
+ 	struct thread_ctx_regs *sp_regs = NULL;
+	uint32_t thread_id = THREAD_ID_INVALID;
+	uint32_t rpc_target_info = 0;
+ 	uint32_t panicked = false;
+ 	uint32_t panic_code = 0;
+ 
+@@ -1011,8 +1013,23 @@ static TEE_Result sp_enter_invoke_cmd(struct ts_session *s,
+ 	sp_regs->cpsr = read_daif() & (SPSR_64_DAIF_MASK << SPSR_64_DAIF_SHIFT);
+ 
+ 	exceptions = thread_mask_exceptions(THREAD_EXCP_ALL);
+
+	/*
+	 * Store endpoint ID and thread ID in rpc_target_info. This will be used
+	 * as w1 in FFA_INTERRUPT in case of a NWd interrupt.
+	 */
+	rpc_target_info = thread_get_tsd()->rpc_target_info;
+	thread_id = thread_get_id();
+	assert((thread_id & ~0xffff) == 0);
+	thread_get_tsd()->rpc_target_info = (sp_s->endpoint_id << 16) |
+					    (thread_id & 0xffff);
+
+ 	__thread_enter_user_mode(sp_regs, &panicked, &panic_code);
+
+ 	sp_regs->cpsr = cpsr;
+	/* Restore rpc_target_info */
+	thread_get_tsd()->rpc_target_info = rpc_target_info;
+
+ 	thread_unmask_exceptions(exceptions);
+ 
+ 	thread_user_clear_vfp(&ctx->uctx);
+diff --git a/core/arch/arm/kernel/spmc_sp_handler.c b/core/arch/arm/kernel/spmc_sp_handler.c
+index 46a15646ecf0..12681151a796 100644
+--- a/core/arch/arm/kernel/spmc_sp_handler.c
+++ b/core/arch/arm/kernel/spmc_sp_handler.c
+@@ -366,6 +366,32 @@ cleanup:
+ 	return res;
+ }
+ 
+void spmc_sp_set_to_preempted(struct ts_session *ts_sess)
+{
+	if (ts_sess && is_sp_ctx(ts_sess->ctx)) {
+		struct sp_session *sp_sess = to_sp_session(ts_sess);
+
+		assert(sp_sess->state == sp_busy);
+
+		sp_sess->state = sp_preempted;
+	}
+}
+
+int spmc_sp_resume_from_preempted(uint16_t endpoint_id)
+{
+	struct sp_session *sp_sess = sp_get_session(endpoint_id);
+
+	if (!sp_sess)
+		return FFA_INVALID_PARAMETERS;
+
+	if (sp_sess->state != sp_preempted)
+		return FFA_DENIED;
+
+	sp_sess->state = sp_busy;
+
+	return FFA_OK;
+}
+
+ static bool check_rxtx(struct ffa_rxtx *rxtx)
+ {
+ 	return rxtx && rxtx->rx && rxtx->tx && rxtx->size > 0;
+diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c
+index 1e7f9f96b558..8cd4dc961b02 100644
+--- a/core/arch/arm/kernel/thread.c
+++ b/core/arch/arm/kernel/thread.c
+@@ -531,6 +531,13 @@ int thread_state_suspend(uint32_t flags, uint32_t cpsr, vaddr_t pc)
+ 		core_mmu_set_user_map(NULL);
+ 	}
+ 
+	if (IS_ENABLED(CFG_SECURE_PARTITION)) {
+		struct ts_session *ts_sess =
+			TAILQ_FIRST(&threads[ct].tsd.sess_stack);
+
+		spmc_sp_set_to_preempted(ts_sess);
+	}
+
+ 	l->curr_thread = THREAD_ID_INVALID;
+ 
+ 	if (IS_ENABLED(CFG_VIRTUALIZATION))
+diff --git a/core/arch/arm/kernel/thread_spmc.c b/core/arch/arm/kernel/thread_spmc.c
+index 3b4ac0b4e35c..bc4e7687d618 100644
+--- a/core/arch/arm/kernel/thread_spmc.c
+++ b/core/arch/arm/kernel/thread_spmc.c
+@@ -45,7 +45,7 @@ struct mem_frag_state {
+ #endif
+ 
+ /* Initialized in spmc_init() below */
+-static uint16_t my_endpoint_id;
+uint16_t my_endpoint_id;
+ 
+ /*
+  * If struct ffa_rxtx::size is 0 RX/TX buffers are not mapped or initialized.
+@@ -437,6 +437,32 @@ out:
+ 		      FFA_PARAM_MBZ, FFA_PARAM_MBZ);
+ 	cpu_spin_unlock(&rxtx->spinlock);
+ }
+
+static void spmc_handle_run(struct thread_smc_args *args)
+{
+	uint16_t endpoint = (args->a1 >> 16) & 0xffff;
+	uint16_t thread_id = (args->a1 & 0xffff);
+	uint32_t rc = 0;
+
+	if (endpoint != my_endpoint_id) {
+		/*
+		 * The endpoint should be an SP, try to resume the SP from
+		 * preempted into busy state.
+		 */
+		rc = spmc_sp_resume_from_preempted(endpoint);
+		if (rc)
+			goto out;
+	}
+
+	thread_resume_from_rpc(thread_id, 0, 0, 0, 0);
+
+	/* thread_resume_from_rpc return only of the thread_id is invalid */
+	rc = FFA_INVALID_PARAMETERS;
+
+out:
+	spmc_set_args(args, FFA_ERROR, FFA_PARAM_MBZ, rc, FFA_PARAM_MBZ,
+		      FFA_PARAM_MBZ, FFA_PARAM_MBZ);
+}
+ #endif /*CFG_CORE_SEL1_SPMC*/
+ 
+ static void handle_yielding_call(struct thread_smc_args *args)
+@@ -970,6 +996,9 @@ void thread_spmc_msg_recv(struct thread_smc_args *args)
+ 	case FFA_PARTITION_INFO_GET:
+ 		spmc_handle_partition_info_get(args, &nw_rxtx);
+ 		break;
+	case FFA_RUN:
+		spmc_handle_run(args);
+		break;
+ #endif /*CFG_CORE_SEL1_SPMC*/
+ 	case FFA_INTERRUPT:
+ 		itr_core_handler();
+diff --git a/core/arch/arm/kernel/thread_spmc_a64.S b/core/arch/arm/kernel/thread_spmc_a64.S
+index 21cb62513a42..7297005a6038 100644
+--- a/core/arch/arm/kernel/thread_spmc_a64.S
+++ b/core/arch/arm/kernel/thread_spmc_a64.S
+@@ -14,6 +14,20 @@
+ #include <kernel/thread.h>
+ #include <optee_ffa.h>
+ 
+#if CFG_SECURE_PARTITION
+LOCAL_FUNC thread_ffa_interrupt , :
+	mov_imm	x0, FFA_INTERRUPT		/* FID */
+	/* X1: Endpoint/vCPU IDs is set by caller */
+	mov	x2, #FFA_PARAM_MBZ		/* Param MBZ */
+	mov	x3, #FFA_PARAM_MBZ		/* Param MBZ */
+	mov	x4, #FFA_PARAM_MBZ		/* Param MBZ */
+	mov	x5, #FFA_PARAM_MBZ		/* Param MBZ */
+	mov	x6, #FFA_PARAM_MBZ		/* Param MBZ */
+	mov	x7, #FFA_PARAM_MBZ		/* Param MBZ */
+	b	.ffa_msg_loop
+END_FUNC thread_ffa_msg_wait
+#endif /* CFG_SECURE_PARTITION */
+
+ FUNC thread_ffa_msg_wait , :
+ 	mov_imm	x0, FFA_MSG_WAIT		/* FID */
+ 	mov	x1, #FFA_TARGET_INFO_MBZ	/* Target info MBZ */
+@@ -171,6 +185,14 @@ END_FUNC thread_rpc
+  * The current thread as indicated by @thread_index has just been
+  * suspended.  The job here is just to inform normal world the thread id to
+  * resume when returning.
+ * If the active FF-A endpoint is OP-TEE (or a TA) then an this function send an
+ * OPTEE_FFA_YIELDING_CALL_RETURN_INTERRUPT message to the normal world via the
+ * FFA_MSG_SEND_DIRECT_RESP interface. This is handled by the OP-TEE
+ * driver in Linux so it can schedule task to the thread.
+ * If the active endpoint is an SP the function sends an FFA_INTERRUPT. This is
+ * handled by the FF-A driver and after taking care of the NWd interrupts it
+ * returns via an FFA_RUN call.
+ * The active endpoint is determined by the upper 16 bits of rpc_target_info.
+  */
+ FUNC thread_foreign_intr_exit , :
+ 	/* load threads[w0].tsd.rpc_target_info into w1 */
+@@ -178,6 +200,14 @@ FUNC thread_foreign_intr_exit , :
+ 	adr_l	x2, threads
+ 	madd	x1, x1, x0, x2
+ 	ldr	w1, [x1, #THREAD_CTX_TSD_RPC_TARGET_INFO]
+#if CFG_SECURE_PARTITION
+	adr_l	x2, my_endpoint_id
+	ldrh	w2, [x2]
+	lsr	w3, w1, #16
+	cmp	w2, w3
+	/* (threads[w0].tsd.rpc_target_info >> 16) != my_endpoint_id */
+	bne	thread_ffa_interrupt
+#endif /* CFG_SECURE_PARTITION */
+ 	mov	x2, #FFA_PARAM_MBZ
+ 	mov	w3, #FFA_PARAM_MBZ
+ 	mov	w4, #OPTEE_FFA_YIELDING_CALL_RETURN_INTERRUPT
@@ -0,0 +1,148 @@
+From e7835c526aabd8e5b6db335619a0d86165c587ed Mon Sep 17 00:00:00 2001
+From: Imre Kis <imre.kis@arm.com>
+Date: Tue, 25 Apr 2023 14:19:14 +0200
+Subject: [PATCH] core: spmc: configure SP's NS interrupt action based on the
+ manifest
+
+Used mandatory ns-interrupts-action SP manifest property to configure
+signaled or queued non-secure interrupt handling.
+
+Upstream-Status: Submitted [https://github.com/OP-TEE/optee_os/pull/6002]
+
+Signed-off-by: Imre Kis <imre.kis@arm.com>
+Change-Id: I843e69e5dbb9613ecd8b95654e8ca1730a594ca6
+---
+ .../arm/include/kernel/secure_partition.h     |  2 +
+ core/arch/arm/kernel/secure_partition.c       | 66 +++++++++++++++++--
+ 2 files changed, 63 insertions(+), 5 deletions(-)
+
+diff --git a/core/arch/arm/include/kernel/secure_partition.h b/core/arch/arm/include/kernel/secure_partition.h
+index 24b0a8cc07d2..51f6b697e5eb 100644
+--- a/core/arch/arm/include/kernel/secure_partition.h
+++ b/core/arch/arm/include/kernel/secure_partition.h
+@@ -43,6 +43,8 @@ struct sp_session {
+ 	unsigned int spinlock;
+ 	const void *fdt;
+ 	bool is_initialized;
+	uint32_t ns_interrupts_action;
+	uint32_t ns_interrupts_action_inherited;
+ 	TAILQ_ENTRY(sp_session) link;
+ };
+ 
+diff --git a/core/arch/arm/kernel/secure_partition.c b/core/arch/arm/kernel/secure_partition.c
+index 740be6d22e47..b644e1c72e6a 100644
+--- a/core/arch/arm/kernel/secure_partition.c
+++ b/core/arch/arm/kernel/secure_partition.c
+@@ -46,6 +46,10 @@
+ 					 SP_MANIFEST_ATTR_WRITE | \
+ 					 SP_MANIFEST_ATTR_EXEC)
+ 
+#define SP_MANIFEST_NS_INT_QUEUED	(0x0)
+#define SP_MANIFEST_NS_INT_MANAGED_EXIT	(0x1)
+#define SP_MANIFEST_NS_INT_SIGNALED	(0x2)
+
+ #define SP_PKG_HEADER_MAGIC (0x474b5053)
+ #define SP_PKG_HEADER_VERSION_V1 (0x1)
+ #define SP_PKG_HEADER_VERSION_V2 (0x2)
+@@ -907,6 +911,30 @@ static TEE_Result sp_init_uuid(const TEE_UUID *uuid, const void * const fdt)
+ 		return res;
+ 	DMSG("endpoint is 0x%"PRIx16, sess->endpoint_id);
+ 
+	res = sp_dt_get_u32(fdt, 0, "ns-interrupts-action",
+			    &sess->ns_interrupts_action);
+
+	if (res) {
+		EMSG("Mandatory property is missing: ns-interrupts-action");
+		return res;
+	}
+
+	switch (sess->ns_interrupts_action) {
+	case SP_MANIFEST_NS_INT_QUEUED:
+	case SP_MANIFEST_NS_INT_SIGNALED:
+		/* OK */
+		break;
+
+	case SP_MANIFEST_NS_INT_MANAGED_EXIT:
+		EMSG("Managed exit is not implemented");
+		return TEE_ERROR_NOT_IMPLEMENTED;
+
+	default:
+		EMSG("Invalid ns-interrupts-action value: %d",
+		     sess->ns_interrupts_action);
+		return TEE_ERROR_BAD_PARAMETERS;
+	}
+
+ 	return TEE_SUCCESS;
+ }
+ 
+@@ -989,17 +1017,45 @@ TEE_Result sp_enter(struct thread_smc_args *args, struct sp_session *sp)
+ 	return res;
+ }
+ 
+/*
+ * According to FF-A v1.1 section 8.3.1.4 if a caller requires less permissive
+ * active on NS interrupt than the callee, the callee must inherit the caller's
+ * configuration.
+ * Each SP's own NS action setting is stored in ns_interrupts_action. The
+ * effective action will be MIN([self action], [caller's action]) which is
+ * stored in the ns_interrupts_action_inherited field.
+ */
+static void sp_cpsr_configure_foreing_interrupts(struct sp_session *s,
+						 struct ts_session *caller,
+						 uint64_t *cpsr)
+{
+	if (caller) {
+		struct sp_session *caller_sp = to_sp_session(caller);
+
+		s->ns_interrupts_action_inherited =
+			MIN(caller_sp->ns_interrupts_action_inherited,
+			    s->ns_interrupts_action);
+	} else {
+		s->ns_interrupts_action_inherited = s->ns_interrupts_action;
+	}
+
+	if (s->ns_interrupts_action_inherited == SP_MANIFEST_NS_INT_QUEUED)
+		*cpsr |= (THREAD_EXCP_FOREIGN_INTR << ARM32_CPSR_F_SHIFT);
+	else
+		*cpsr &= ~(THREAD_EXCP_FOREIGN_INTR << ARM32_CPSR_F_SHIFT);
+}
+
+ static TEE_Result sp_enter_invoke_cmd(struct ts_session *s,
+ 				      uint32_t cmd __unused)
+ {
+ 	struct sp_ctx *ctx = to_sp_ctx(s->ctx);
+ 	TEE_Result res = TEE_SUCCESS;
+ 	uint32_t exceptions = 0;
+-	uint64_t cpsr = 0;
+ 	struct sp_session *sp_s = to_sp_session(s);
+ 	struct ts_session *sess = NULL;
+ 	struct thread_ctx_regs *sp_regs = NULL;
+ 	uint32_t thread_id = THREAD_ID_INVALID;
+	struct ts_session *caller = NULL;
+ 	uint32_t rpc_target_info = 0;
+ 	uint32_t panicked = false;
+ 	uint32_t panic_code = 0;
+@@ -1009,11 +1065,12 @@ static TEE_Result sp_enter_invoke_cmd(struct ts_session *s,
+ 	sp_regs = &ctx->sp_regs;
+ 	ts_push_current_session(s);
+ 
+-	cpsr = sp_regs->cpsr;
+-	sp_regs->cpsr = read_daif() & (SPSR_64_DAIF_MASK << SPSR_64_DAIF_SHIFT);
+-
+ 	exceptions = thread_mask_exceptions(THREAD_EXCP_ALL);
+ 
+	/* Enable/disable foreign interrupts in CPSR/SPSR */
+	caller = ts_get_calling_session();
+	sp_cpsr_configure_foreing_interrupts(sp_s, caller, &sp_regs->cpsr);
+
+ 	/*
+ 	 * Store endpoint ID and thread ID in rpc_target_info. This will be used
+ 	 * as w1 in FFA_INTERRUPT in case of a NWd interrupt.
+@@ -1026,7 +1083,6 @@ static TEE_Result sp_enter_invoke_cmd(struct ts_session *s,
+ 
+ 	__thread_enter_user_mode(sp_regs, &panicked, &panic_code);
+ 
+-	sp_regs->cpsr = cpsr;
+ 	/* Restore rpc_target_info */
+ 	thread_get_tsd()->rpc_target_info = rpc_target_info;
+ 
@@ -0,0 +1,18 @@
+SRC_URI:remove = " \
+                  file://0003-core-link-add-no-warn-rwx-segments.patch \
+                  file://0007-core-spmc-handle-non-secure-interrupts.patch \
+                  file://0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch \
+                 "
+
+COMPATIBLE_MACHINE = "corstone1000"
+
+OPTEEMACHINE = "corstone1000"
+# Enable optee memory layout and boot logs
+EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4"
+
+# default disable latency benchmarks (over all OP-TEE layers)
+EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n"
+
+EXTRA_OEMAKE += " CFG_CORE_SEL1_SPMC=y CFG_CORE_FFA=y"
+
+EXTRA_OEMAKE += " CFG_WITH_SP=y"
@@ -0,0 +1,2 @@
+COMPATIBLE_MACHINE:n1sdp = "n1sdp"
+OPTEEMACHINE:n1sdp = "n1sdp"
@@ -0,0 +1,14 @@
+# Total Compute (tc) specific configuration for optee-os and optee-os-tadevkit
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/tc:"
+SRC_URI:append:tc = " \
+    file://sp_layout.json \
+    file://0001-WIP-Enable-managed-exit.patch \
+    file://0002-plat-totalcompute-fix-TZDRAM-start-and-size.patch \
+    "
+
+COMPATIBLE_MACHINE = "(tc?)"
+
+OPTEEMACHINE:tc0 = "totalcompute-tc0"
+OPTEEMACHINE:tc1 = "totalcompute-tc1"
+
@@ -0,0 +1,29 @@
+# N1 SDP specific configuration for optee-os
+
+require optee-os-generic-n1sdp.inc
+
+TS_INSTALL_PREFIX_PATH = "${RECIPE_SYSROOT}/firmware/sp/opteesp"
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-os/n1sdp:"
+SRC_URI:append = " \
+    file://0001-core-arm-add-MPIDR-affinity-shift-and-mask-for-32-bi.patch \
+    file://0002-plat-n1sdp-add-N1SDP-platform-support.patch \
+    file://0003-HACK-disable-instruction-cache-and-data-cache.patch \
+    file://0004-Handle-logging-syscall.patch \
+    file://0005-plat-n1sdp-register-DRAM1-to-optee-os.patch \
+    file://0006-plat-n1sdp-add-external-device-tree-base-and-size.patch \
+    "
+
+EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4"
+
+EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n"
+
+EXTRA_OEMAKE += " CFG_CORE_SEL1_SPMC=y CFG_CORE_FFA=y"
+
+EXTRA_OEMAKE += " CFG_WITH_SP=y"
+
+EXTRA_OEMAKE += " CFG_DT=y"
+
+EXTRA_OEMAKE += " CFG_SECURE_PARTITION=y"
+
+EXTRA_OEMAKE += " CFG_MAP_EXT_DT_SECURE=y"
@@ -0,0 +1,24 @@
+require optee-os_3.18.0.bb
+
+SUMMARY = "OP-TEE Trusted OS TA devkit"
+DESCRIPTION = "OP-TEE TA devkit for build TAs"
+HOMEPAGE = "https://www.op-tee.org/"
+
+DEPENDS += "python3-pycryptodome-native"
+
+do_install() {
+    #install TA devkit
+    install -d ${D}${includedir}/optee/export-user_ta/
+    for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do
+        cp -aR $f ${D}${includedir}/optee/export-user_ta/
+    done
+}
+
+do_deploy() {
+	echo "Do not inherit do_deploy from optee-os."
+}
+
+FILES:${PN} = "${includedir}/optee/"
+
+# Build paths are currently embedded
+INSANE_SKIP:${PN}-dev += "buildpaths"
@@ -0,0 +1,6 @@
+# Machine specific configurations
+
+MACHINE_OPTEE_OS_TADEVKIT_REQUIRE ?= ""
+MACHINE_OPTEE_OS_TADEVKIT_REQUIRE:tc = "optee-os-generic-tc.inc"
+
+require ${MACHINE_OPTEE_OS_TADEVKIT_REQUIRE}
@@ -0,0 +1,24 @@
+require optee-os_3.20.0.bb
+
+SUMMARY = "OP-TEE Trusted OS TA devkit"
+DESCRIPTION = "OP-TEE TA devkit for build TAs"
+HOMEPAGE = "https://www.op-tee.org/"
+
+DEPENDS += "python3-pycryptodome-native"
+
+do_install() {
+    #install TA devkit
+    install -d ${D}${includedir}/optee/export-user_ta/
+    for f in ${B}/export-ta_${OPTEE_ARCH}/* ; do
+        cp -aR $f ${D}${includedir}/optee/export-user_ta/
+    done
+}
+
+do_deploy() {
+	echo "Do not inherit do_deploy from optee-os."
+}
+
+FILES:${PN} = "${includedir}/optee/"
+
+# Build paths are currently embedded
+INSANE_SKIP:${PN}-dev += "buildpaths"
@@ -0,0 +1,6 @@
+# Machine specific configurations
+
+MACHINE_OPTEE_OS_TADEVKIT_REQUIRE ?= ""
+MACHINE_OPTEE_OS_TADEVKIT_REQUIRE:n1sdp = "optee-os-n1sdp.inc"
+
+require ${MACHINE_OPTEE_OS_TADEVKIT_REQUIRE}
@@ -0,0 +1,23 @@
+# TC0 specific configuration
+
+require optee-os-generic-tc.inc
+
+# Enable optee memory layout and boot logs
+EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=3"
+
+# default disable latency benchmarks (over all OP-TEE layers)
+EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n"
+
+# Enable stats
+EXTRA_OEMAKE += " CFG_WITH_STATS=y"
+
+EXTRA_OEMAKE += " CFG_CORE_SEL2_SPMC=y"
+
+# Copy optee manifest file
+do_install:append() {
+    install -d ${D}${nonarch_base_libdir}/firmware/
+    install -m 644 ${WORKDIR}/sp_layout.json ${D}${nonarch_base_libdir}/firmware/
+    install -m 644 \
+        ${S}/core/arch/arm/plat-totalcompute/fdts/optee_sp_manifest.dts \
+        ${D}${nonarch_base_libdir}/firmware/
+}
@@ -0,0 +1,54 @@
+# Include Trusted Services SPs accordingly to defined machine features
+
+# Please notice that OPTEE will load SPs in the order listed in this file.
+# If an SP requires another SP to be already loaded it must be listed lower.
+
+# TS SPs UUIDs definitions
+require recipes-security/trusted-services/ts-uuid.inc
+
+TS_ENV = "opteesp"
+TS_BIN = "${RECIPE_SYSROOT}/usr/${TS_ENV}/bin"
+
+# ITS SP
+DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \
+                                        ' ts-sp-its', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \
+                                        ' ${TS_BIN}/${ITS_UUID}.stripped.elf', '', d)}"
+
+# Storage SP
+DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \
+                                        ' ts-sp-storage', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \
+                                        ' ${TS_BIN}/${STORAGE_UUID}.stripped.elf', '', d)}"
+
+# Crypto SP.
+DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \
+                                        ' ts-sp-crypto', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \
+                                        ' ${TS_BIN}/${CRYPTO_UUID}.stripped.elf', '', d)}"
+
+# Attestation SP
+DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \
+                                        ' ts-sp-attestation', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \
+                                        ' ${TS_BIN}/${ATTESTATION_UUID}.stripped.elf', '', d)}"
+
+# Env-test SP
+DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \
+                                        ' ts-sp-env-test', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \
+                                        ' ${TS_BIN}/${ENV_TEST_UUID}.stripped.elf', '', d)}"
+
+# SE-Proxy SP
+DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \
+                                        ' ts-sp-se-proxy', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \
+                                        ' ${TS_BIN}/${SE_PROXY_UUID}.stripped.elf', '', d)}"
+
+# SMM Gateway
+DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \
+                                        ' ts-sp-smm-gateway', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \
+                                        ' ${TS_BIN}/${SMM_GATEWAY_UUID}.stripped.elf', '', d)}"
+
+EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', ' CFG_MAP_EXT_DT_SECURE=y CFG_SECURE_PARTITION=y SP_PATHS="${SP_PATHS}" ', d)}"
@@ -0,0 +1,15 @@
+require recipes-security/optee/optee-os.inc
+
+DEPENDS += "dtc-native"
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/${P}:"
+
+SRCREV = "1ee647035939e073a2e8dddb727c0f019cc035f1"
+SRC_URI += " \
+    file://0001-allow-setting-sysroot-for-libgcc-lookup.patch \
+    file://0002-optee-enable-clang-support.patch \
+    file://0003-core-link-add-no-warn-rwx-segments.patch \
+    file://0004-core-Define-section-attributes-for-clang.patch \
+    file://0005-core-ldelf-link-add-z-execstack.patch \
+    file://0006-arm32-libutils-libutee-ta-add-.note.GNU-stack-sectio.patch \
+   "
@@ -0,0 +1,6 @@
+# Machine specific configurations
+
+MACHINE_OPTEE_OS_REQUIRE ?= ""
+MACHINE_OPTEE_OS_REQUIRE:tc = "optee-os-tc.inc"
+
+require ${MACHINE_OPTEE_OS_REQUIRE}
@@ -0,0 +1,17 @@
+require recipes-security/optee/optee-os.inc
+
+DEPENDS += "dtc-native"
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/${P}:"
+
+SRCREV = "8e74d47616a20eaa23ca692f4bbbf917a236ed94"
+SRC_URI += " \
+    file://0001-allow-setting-sysroot-for-libgcc-lookup.patch \
+    file://0002-optee-enable-clang-support.patch \
+    file://0003-core-link-add-no-warn-rwx-segments.patch \
+    file://0004-core-Define-section-attributes-for-clang.patch \
+    file://0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch \
+    file://0006-core-ffa-add-TOS_FW_CONFIG-handling.patch \
+    file://0007-core-spmc-handle-non-secure-interrupts.patch \
+    file://0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch \
+   "
@@ -0,0 +1,7 @@
+# Machine specific configurations
+
+MACHINE_OPTEE_OS_REQUIRE ?= ""
+MACHINE_OPTEE_OS_REQUIRE:corstone1000 = "optee-os-corstone1000-common.inc"
+MACHINE_OPTEE_OS_REQUIRE:n1sdp = "optee-os-n1sdp.inc"
+
+require ${MACHINE_OPTEE_OS_REQUIRE}
@@ -0,0 +1,8 @@
+# TC specific configuration
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/files/optee-test/tc:"
+SRC_URI:append:tc = " \
+    file://0001-xtest-Limit-tests-to-a-single-thread.patch \
+    "
+
+COMPATIBLE_MACHINE = "(tc?)"
@@ -0,0 +1,39 @@
+From 7e15470f3dd45c844f0e0901f0c85c46a0882b8b Mon Sep 17 00:00:00 2001
+From: Gabor Toth <gabor.toth2@arm.com>
+Date: Fri, 3 Mar 2023 12:23:45 +0100
+Subject: [PATCH 1/2] Update arm_ffa_user driver dependency
+
+Updating arm-ffa-user to v5.0.1 to get the following changes:
+ - move to 64 bit direct messages
+ - add Linux Kernel v6.1 compatibility
+The motivation is to update x-test to depend on the same driver
+version as TS uefi-test and thus to enable running these in a single
+configuration.
+Note: arm_ffa_user.h was copied from:
+ - URL:https://git.gitlab.arm.com/linux-arm/linux-trusted-services.git
+ - SHA:18e3be71f65a405dfb5d97603ae71b3c11759861
+
+Upstream-Status: Backport
+
+Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
+Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
+---
+ host/xtest/include/uapi/linux/arm_ffa_user.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/host/xtest/include/uapi/linux/arm_ffa_user.h b/host/xtest/include/uapi/linux/arm_ffa_user.h
+index 9ef0be3..0acde4f 100644
+--- a/host/xtest/include/uapi/linux/arm_ffa_user.h
+++ b/host/xtest/include/uapi/linux/arm_ffa_user.h
+@@ -33,7 +33,7 @@ struct ffa_ioctl_ep_desc {
+  * @dst_id:	[in] 16-bit ID of destination endpoint.
+  */
+ struct ffa_ioctl_msg_args {
+-	__u32 args[5];
+	__u64 args[5];
+ 	__u16 dst_id;
+ };
+ #define FFA_IOC_MSG_SEND	_IOWR(FFA_IOC_MAGIC, FFA_IOC_BASE + 1, \
+-- 
+2.39.1.windows.1
+
@@ -0,0 +1,163 @@
+From 6734d14cc249af37705129de7874533df9535cd3 Mon Sep 17 00:00:00 2001
+From: Gabor Toth <gabor.toth2@arm.com>
+Date: Fri, 3 Mar 2023 12:25:58 +0100
+Subject: [PATCH 2/2] ffa_spmc: Add arm_ffa_user driver compatibility check
+
+Check the version of the arm_ffa_user Kernel Driver and fail with a
+meaningful message if incompatible driver is detected.
+
+Upstream-Status: Backport
+
+Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
+Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
+---
+ host/xtest/ffa_spmc_1000.c | 68 ++++++++++++++++++++++++++++++++++----
+ 1 file changed, 61 insertions(+), 7 deletions(-)
+
+diff --git a/host/xtest/ffa_spmc_1000.c b/host/xtest/ffa_spmc_1000.c
+index 15f4a46..1839d03 100644
+--- a/host/xtest/ffa_spmc_1000.c
+++ b/host/xtest/ffa_spmc_1000.c
+@@ -1,11 +1,12 @@
+ // SPDX-License-Identifier: BSD-3-Clause
+ /*
+- * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2022-2023, Arm Limited and Contributors. All rights reserved.
+  */
+ #include <fcntl.h>
+ #include <ffa.h>
+ #include <stdio.h>
+ #include <string.h>
+#include <errno.h>
+ #include <sys/ioctl.h>
+ #include <unistd.h>
+ #include "include/uapi/linux/arm_ffa_user.h"
+@@ -17,6 +18,10 @@
+ #define INCORRECT_ENDPOINT_ID 0xffff
+ #define NORMAL_WORLD_ENDPOINT_ID	0
+ 
+#define FFA_USER_REQ_VER_MAJOR 5
+#define FFA_USER_REQ_VER_MINOR 0
+#define FFA_USER_REQ_VER_PATCH 1
+
+ /* Get the 32 least significant bits of a handle.*/
+ #define MEM_SHARE_HANDLE_LOW(x) ((x) & 0xffffffff)
+ /* Get the 32 most significant bits of a handle.*/
+@@ -62,6 +67,50 @@ static struct ffa_ioctl_ep_desc test_endpoint3 = {
+ 	.uuid_ptr = (uint64_t)test_endpoint3_uuid,
+ };
+ 
+static bool check_ffa_user_version(void)
+{
+	FILE *f = NULL;
+	int ver_major = -1;
+	int ver_minor = -1;
+	int ver_patch = -1;
+	int scan_cnt = 0;
+
+	f = fopen("/sys/module/arm_ffa_user/version", "r");
+	if (f) {
+		scan_cnt = fscanf(f, "%d.%d.%d",
+				  &ver_major, &ver_minor, &ver_patch);
+		fclose(f);
+		if (scan_cnt != 3) {
+			printf("error: failed to parse arm_ffa_user version\n");
+			return false;
+		}
+	} else {
+		printf("error: failed to read arm_ffa_user module info - %s\n",
+		       strerror(errno));
+		return false;
+	}
+
+	if (ver_major != FFA_USER_REQ_VER_MAJOR)
+		goto err;
+
+	if (ver_minor < FFA_USER_REQ_VER_MINOR)
+		goto err;
+
+	if (ver_minor == FFA_USER_REQ_VER_MINOR)
+		if (ver_patch < FFA_USER_REQ_VER_PATCH)
+			goto err;
+
+	return true;
+
+err:
+	printf("error: Incompatible arm_ffa_user driver detected.");
+	printf("Found v%d.%d.%d wanted >= v%d.%d.%d)\n",
+	       ver_major, ver_minor, ver_patch, FFA_USER_REQ_VER_MAJOR,
+		   FFA_USER_REQ_VER_MINOR, FFA_USER_REQ_VER_PATCH);
+
+	return false;
+}
+
+ static void close_debugfs(void)
+ {
+ 	int err = 0;
+@@ -76,6 +125,9 @@ static void close_debugfs(void)
+ 
+ static bool init_sp_xtest(ADBG_Case_t *c)
+ {
+	if (!check_ffa_user_version())
+		return false;
+
+ 	if (ffa_fd < 0) {
+ 		ffa_fd = open(FFA_DRIVER_FS_PATH, O_RDWR);
+ 		if (ffa_fd < 0) {
+@@ -83,6 +135,7 @@ static bool init_sp_xtest(ADBG_Case_t *c)
+ 			return false;
+ 		}
+ 	}
+
+ 	return true;
+ }
+ 
+@@ -99,7 +152,7 @@ static uint16_t get_endpoint_id(uint64_t endp)
+ 	struct ffa_ioctl_ep_desc sid = { .uuid_ptr = endp };
+ 
+ 	/* Get ID of destination SP based on UUID */
+-	if(ioctl(ffa_fd, FFA_IOC_GET_PART_ID, &sid))
+	if (ioctl(ffa_fd, FFA_IOC_GET_PART_ID, &sid))
+ 		return INCORRECT_ENDPOINT_ID;
+ 
+ 	return sid.id;
+@@ -213,14 +266,15 @@ static int set_up_mem(struct ffa_ioctl_ep_desc *endp,
+ 	rc = share_mem(endpoint, handle);
+ 	ADBG_EXPECT_COMPARE_SIGNED(c, rc, ==, 0);
+ 
+-	if (!ADBG_EXPECT_TRUE(c, handle != NULL))
+-	     return TEEC_ERROR_GENERIC;
+	if (!ADBG_EXPECT_NOT_NULL(c, handle))
+		return TEEC_ERROR_GENERIC;
+ 
+ 	/* SP will retrieve the memory region. */
+ 	memset(args, 0, sizeof(*args));
+ 	args->dst_id = endpoint;
+ 	args->args[MEM_SHARE_HANDLE_LOW_INDEX] = MEM_SHARE_HANDLE_LOW(*handle);
+-	args->args[MEM_SHARE_HANDLE_HIGH_INDEX] = MEM_SHARE_HANDLE_HIGH(*handle);
+	args->args[MEM_SHARE_HANDLE_HIGH_INDEX] =
+		MEM_SHARE_HANDLE_HIGH(*handle);
+ 	args->args[MEM_SHARE_HANDLE_ENDPOINT_INDEX] = NORMAL_WORLD_ENDPOINT_ID;
+ 
+ 	rc = start_sp_test(endpoint, EP_RETRIEVE, args);
+@@ -254,7 +308,7 @@ static void xtest_ffa_spmc_test_1002(ADBG_Case_t *c)
+ 	rc = start_sp_test(endpoint1_id, EP_TEST_SP, &args);
+ 	ADBG_EXPECT_COMPARE_SIGNED(c, rc, ==, 0);
+ 	if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, args.args[0], ==, SPMC_TEST_OK))
+-	     goto out;
+		goto out;
+ 
+ 	/* Set up memory and have the SP retrieve it. */
+ 	Do_ADBG_BeginSubCase(c, "Test memory set-up");
+@@ -469,7 +523,7 @@ static void xtest_ffa_spmc_test_1005(ADBG_Case_t *c)
+ 	memset(&args, 0, sizeof(args));
+ 	args.args[1] = endpoint2;
+ 	args.args[2] = endpoint3;
+-	rc = start_sp_test(endpoint1, EP_SP_MEM_SHARING_MULTI,&args);
+	rc = start_sp_test(endpoint1, EP_SP_MEM_SHARING_MULTI, &args);
+ 	ADBG_EXPECT_COMPARE_SIGNED(c, rc, ==, 0);
+ 	ADBG_EXPECT_COMPARE_UNSIGNED(c, args.args[0], ==, SPMC_TEST_OK);
+ 
+-- 
+2.39.1.windows.1
+
@@ -0,0 +1,24 @@
+Hack to work around musl compile error:
+ In file included from optee-test/3.17.0-r0/recipe-sysroot/usr/include/sys/stat.h:23,
+                  from optee-test/3.17.0-r0/git/host/xtest/regression_1000.c:25:
+ optee-test/3.17.0-r0/recipe-sysroot/usr/include/bits/stat.h:17:26: error: expected identifier or '(' before '[' token
+    17 |         unsigned __unused[2];
+       |                          ^
+
+stat.h is not needed, since it is not being used in this file.  So removing it.
+
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Jon Mason <jon.mason@arm.com>
+
+diff --git a/host/xtest/regression_1000.c b/host/xtest/regression_1000.c
+index 4264884..7f1baca 100644
+--- a/host/xtest/regression_1000.c
+++ b/host/xtest/regression_1000.c
+@@ -22,7 +22,6 @@
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+-#include <sys/stat.h>
+ #include <sys/types.h>
+ #include <ta_arm_bti.h>
+ #include <ta_concurrent.h>
@@ -0,0 +1,52 @@
+#!/bin/sh
+xtest | awk '
+
+    # Escapes the special characters in a string so that, when
+    # included in a regex, it represents a literal match
+    function regx_escape_literal(str,    ret) {
+        ret = str
+        gsub(/[\[\]\^\$\.\*\?\+\{\}\\\(\)\|]/ , "\\\\&", str)
+        return str
+    }
+
+    # Returns the simple test formatted name
+    function name(n,    ret) {
+        ret = n
+        gsub(/\./, " ", ret)
+        return ret
+    }
+
+    # Returns the simple test formatted result
+    function result(res) {
+        if(res ~ /OK/) {
+            return "PASS"
+        } else if(res ~ /FAILED/) {
+            return "FAIL"
+        }
+    }
+
+    function parse(name, description,     has_subtests, result_line) {
+        has_subtests = 0
+
+        # Consume every line up to the result line
+        result_line = "  " regx_escape_literal(name) " (OK|FAILED)"
+        do {
+            getline
+
+            # If this is a subtest (denoted by an "o" bullet) then subparse
+            if($0 ~ /^o /) {
+                parse($2, description " : " substr($0, index($0, $3)))
+                has_subtests = 1
+            }
+        } while ($0 !~ result_line)
+
+        # Only print the results for the deepest nested subtests
+        if(!has_subtests) {
+            print result($2) ": " name(name) " - " description
+        }
+    }
+
+    # Start parsing at the beginning of every test (denoted by a "*" bullet)
+    /^\* / { parse($2, substr($0, index($0, $3))) }
+
+'
@@ -0,0 +1,10 @@
+require recipes-security/optee/optee-test.inc
+
+SRC_URI += " \
+    file://musl-workaround.patch \
+   "
+SRCREV = "da5282a011b40621a2cf7a296c11a35c833ed91b"
+
+EXTRA_OEMAKE:append:libc-musl = " OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}"
+DEPENDS:append:libc-musl = " openssl"
+CFLAGS:append:libc-musl = " -Wno-error=deprecated-declarations"
@@ -0,0 +1,7 @@
+# Machine specific configurations
+
+MACHINE_OPTEE_TEST_REQUIRE ?= ""
+MACHINE_OPTEE_TEST_REQUIRE:tc = "optee-test-tc.inc"
+MACHINE_OPTEE_TEST_REQUIRE:n1sdp = "optee-os-generic-n1sdp.inc"
+
+require ${MACHINE_OPTEE_TEST_REQUIRE}
@@ -0,0 +1,12 @@
+require recipes-security/optee/optee-test.inc
+
+SRC_URI += " \
+    file://Update-arm_ffa_user-driver-dependency.patch \
+    file://ffa_spmc-Add-arm_ffa_user-driver-compatibility-check.patch \
+    file://musl-workaround.patch \
+   "
+SRCREV = "5db8ab4c733d5b2f4afac3e9aef0a26634c4b444"
+
+EXTRA_OEMAKE:append = " OPTEE_OPENSSL_EXPORT=${STAGING_INCDIR}"
+DEPENDS:append = " openssl"
+CFLAGS:append = " -Wno-error=deprecated-declarations"
@@ -0,0 +1,2 @@
+COMPATIBLE_MACHINE:corstone1000 = "corstone1000"
+COMPATIBLE_MACHINE:n1sdp = "n1sdp"
@@ -0,0 +1,376 @@
+From a965129153a0cca340535fe2cf99dbfef9b557da Mon Sep 17 00:00:00 2001
+From: Julian Hall <julian.hall@arm.com>
+Date: Tue, 12 Oct 2021 15:45:41 +0100
+Subject: [PATCH 1/6] Add stub capsule update service components
+
+To facilitate development of a capsule update service provider,
+stub components are added to provide a starting point for an
+implementation. The capsule update service provider is integrated
+into the se-proxy/common deployment.
+
+Upstream-Status: Pending
+Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
+Signed-off-by: Julian Hall <julian.hall@arm.com>
+Change-Id: I0d4049bb4de5af7ca80806403301692507085d28
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ .../backend/capsule_update_backend.h          |  24 ++++
+ .../provider/capsule_update_provider.c        | 133 ++++++++++++++++++
+ .../provider/capsule_update_provider.h        |  51 +++++++
+ .../capsule_update/provider/component.cmake   |  13 ++
+ .../se-proxy/infra/corstone1000/infra.cmake   |   1 +
+ deployments/se-proxy/se_proxy_interfaces.h    |   9 +-
+ .../capsule_update/capsule_update_proto.h     |  13 ++
+ protocols/service/capsule_update/opcodes.h    |  17 +++
+ protocols/service/capsule_update/parameters.h |  15 ++
+ 9 files changed, 272 insertions(+), 4 deletions(-)
+ create mode 100644 components/service/capsule_update/backend/capsule_update_backend.h
+ create mode 100644 components/service/capsule_update/provider/capsule_update_provider.c
+ create mode 100644 components/service/capsule_update/provider/capsule_update_provider.h
+ create mode 100644 components/service/capsule_update/provider/component.cmake
+ create mode 100644 protocols/service/capsule_update/capsule_update_proto.h
+ create mode 100644 protocols/service/capsule_update/opcodes.h
+ create mode 100644 protocols/service/capsule_update/parameters.h
+
+diff --git a/components/service/capsule_update/backend/capsule_update_backend.h b/components/service/capsule_update/backend/capsule_update_backend.h
+new file mode 100644
+index 000000000000..f3144ff1d7d5
+--- /dev/null
+++ b/components/service/capsule_update/backend/capsule_update_backend.h
+@@ -0,0 +1,24 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CAPSULE_UPDATE_BACKEND_H
+#define CAPSULE_UPDATE_BACKEND_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * Defines the common capsule update backend interface.  Concrete backends
+ * implement this interface for different types of platform.
+ */
+
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* CAPSULE_UPDATE_BACKEND_H */
+diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
+new file mode 100644
+index 000000000000..e133753f8560
+--- /dev/null
+++ b/components/service/capsule_update/provider/capsule_update_provider.c
+@@ -0,0 +1,133 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <psa/client.h>
+#include <psa/sid.h>
+#include <trace.h>
+
+#include <protocols/service/capsule_update/capsule_update_proto.h>
+#include <protocols/rpc/common/packed-c/status.h>
+#include "capsule_update_provider.h"
+
+
+#define CAPSULE_UPDATE_REQUEST (0x1)
+#define KERNEL_STARTED_EVENT   (0x2)
+
+enum corstone1000_ioctl_id_t {
+	IOCTL_CORSTONE1000_FWU_FLASH_IMAGES = 0,
+	IOCTL_CORSTONE1000_FWU_HOST_ACK,
+};
+
+/* Service request handlers */
+static rpc_status_t update_capsule_handler(void *context, struct call_req *req);
+static rpc_status_t boot_confirmed_handler(void *context, struct call_req *req);
+
+/* Handler mapping table for service */
+static const struct service_handler handler_table[] = {
+	{CAPSULE_UPDATE_OPCODE_UPDATE_CAPSULE,			update_capsule_handler},
+	{CAPSULE_UPDATE_OPCODE_BOOT_CONFIRMED,			boot_confirmed_handler}
+};
+
+struct rpc_interface *capsule_update_provider_init(
+	struct capsule_update_provider *context)
+{
+	struct rpc_interface *rpc_interface = NULL;
+
+	if (context) {
+
+		service_provider_init(
+			&context->base_provider,
+			context,
+			handler_table,
+			sizeof(handler_table)/sizeof(struct service_handler));
+
+		rpc_interface = service_provider_get_rpc_interface(&context->base_provider);
+	}
+
+	return rpc_interface;
+}
+
+void capsule_update_provider_deinit(struct capsule_update_provider *context)
+{
+	(void)context;
+}
+
+static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
+{
+	uint32_t ioctl_id;
+	psa_handle_t handle;
+	rpc_status_t rpc_status = TS_RPC_CALL_ACCEPTED;
+
+	struct psa_invec in_vec[] = {
+			{ .base = &ioctl_id, .len = sizeof(ioctl_id) }
+	};
+
+	if(!caller) {
+		EMSG("event_handler rpc_caller is NULL");
+		rpc_status = TS_RPC_ERROR_RESOURCE_FAILURE;
+		return rpc_status;
+	}
+
+	IMSG("event handler opcode %x", opcode);
+	switch(opcode) {
+		case CAPSULE_UPDATE_REQUEST:
+		/* Openamp call with IOCTL for firmware update*/
+		ioctl_id = IOCTL_CORSTONE1000_FWU_FLASH_IMAGES;
+		handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
+				TFM_SP_PLATFORM_IOCTL_VERSION);
+		if (handle <= 0) {
+			EMSG("%s Invalid handle", __func__);
+			rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
+			return rpc_status;
+		}
+		psa_call(caller,handle, PSA_IPC_CALL,
+			in_vec,IOVEC_LEN(in_vec), NULL, 0);
+		break;
+
+		case KERNEL_STARTED_EVENT:
+		ioctl_id = IOCTL_CORSTONE1000_FWU_HOST_ACK;
+		/*openamp call with IOCTL for kernel start*/
+		handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
+				TFM_SP_PLATFORM_IOCTL_VERSION);
+		if (handle <= 0) {
+			EMSG("%s Invalid handle", __func__);
+			rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
+			return rpc_status;
+		}
+		psa_call(caller,handle, PSA_IPC_CALL,
+			in_vec,IOVEC_LEN(in_vec), NULL, 0);
+		break;
+		default:
+			EMSG("%s unsupported opcode", __func__);
+			rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
+			return rpc_status;
+	}
+	return rpc_status;
+
+}
+
+static rpc_status_t update_capsule_handler(void *context, struct call_req *req)
+{
+	struct capsule_update_provider *this_instance = (struct capsule_update_provider*)context;
+	struct rpc_caller *caller = this_instance->client.caller;
+	uint32_t opcode = req->opcode;
+	rpc_status_t rpc_status = TS_RPC_ERROR_NOT_READY;
+
+	rpc_status = event_handler(opcode, caller);
+	return rpc_status;
+}
+
+static rpc_status_t boot_confirmed_handler(void *context, struct call_req *req)
+{
+	struct capsule_update_provider *this_instance = (struct capsule_update_provider*)context;
+	struct rpc_caller *caller = this_instance->client.caller;
+	uint32_t opcode = req->opcode;
+	rpc_status_t rpc_status = TS_RPC_ERROR_NOT_READY;
+
+	rpc_status = event_handler(opcode, caller);
+
+	return rpc_status;
+}
+diff --git a/components/service/capsule_update/provider/capsule_update_provider.h b/components/service/capsule_update/provider/capsule_update_provider.h
+new file mode 100644
+index 000000000000..3de49854ea90
+--- /dev/null
+++ b/components/service/capsule_update/provider/capsule_update_provider.h
+@@ -0,0 +1,51 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CAPSULE_UPDATE_PROVIDER_H
+#define CAPSULE_UPDATE_PROVIDER_H
+
+#include <rpc/common/endpoint/rpc_interface.h>
+#include <service/common/provider/service_provider.h>
+#include <service/common/client/service_client.h>
+#include <service/capsule_update/backend/capsule_update_backend.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * The capsule_update_provider is a service provider that accepts update capsule
+ * requests and delegates them to a suitable backend that applies the update.
+ */
+struct capsule_update_provider
+{
+	struct service_provider base_provider;
+	struct service_client client;
+};
+
+/**
+ * \brief Initialize an instance of the capsule update service provider
+ *
+ * @param[in] context The instance to initialize
+ *
+ * \return An rpc_interface or NULL on failure
+ */
+struct rpc_interface *capsule_update_provider_init(
+	struct capsule_update_provider *context);
+
+/**
+ * \brief Cleans up when the instance is no longer needed
+ *
+ * \param[in] context   The instance to de-initialize
+ */
+void capsule_update_provider_deinit(
+	struct capsule_update_provider *context);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* CAPSULE_UPDATE_PROVIDER_H */
+diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake
+new file mode 100644
+index 000000000000..1d412eb234d9
+--- /dev/null
+++ b/components/service/capsule_update/provider/component.cmake
+@@ -0,0 +1,13 @@
+#-------------------------------------------------------------------------------
+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#-------------------------------------------------------------------------------
+if (NOT DEFINED TGT)
+	message(FATAL_ERROR "mandatory parameter TGT is not defined.")
+endif()
+
+target_sources(${TGT} PRIVATE
+	"${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c"
+	)
+diff --git a/deployments/se-proxy/infra/corstone1000/infra.cmake b/deployments/se-proxy/infra/corstone1000/infra.cmake
+index 4e7e2bd58028..e60b5400617f 100644
+--- a/deployments/se-proxy/infra/corstone1000/infra.cmake
+++ b/deployments/se-proxy/infra/corstone1000/infra.cmake
+@@ -21,6 +21,7 @@ add_components(TARGET "se-proxy"
+ 		"components/service/attestation/key_mngr/local"
+ 		"components/service/attestation/reporter/psa_ipc"
+ 		"components/service/crypto/backend/psa_ipc"
+		"components/service/capsule_update/provider"
+ 		"components/service/secure_storage/backend/secure_storage_ipc"
+ )
+ 
+diff --git a/deployments/se-proxy/se_proxy_interfaces.h b/deployments/se-proxy/se_proxy_interfaces.h
+index 48908f846990..3d4a7c204785 100644
+--- a/deployments/se-proxy/se_proxy_interfaces.h
+++ b/deployments/se-proxy/se_proxy_interfaces.h
+@@ -8,9 +8,10 @@
+ #define SE_PROXY_INTERFACES_H
+ 
+ /* Interface IDs from service endpoints available from an se-proxy deployment */
+-#define SE_PROXY_INTERFACE_ID_ITS			(0)
+-#define SE_PROXY_INTERFACE_ID_PS			(1)
+-#define SE_PROXY_INTERFACE_ID_CRYPTO		(2)
+-#define SE_PROXY_INTERFACE_ID_ATTEST		(3)
+#define SE_PROXY_INTERFACE_ID_ITS			    (0)
+#define SE_PROXY_INTERFACE_ID_PS			    (1)
+#define SE_PROXY_INTERFACE_ID_CRYPTO		    (2)
+#define SE_PROXY_INTERFACE_ID_ATTEST		    (3)
+#define SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE    (4)
+ 
+ #endif /* SE_PROXY_INTERFACES_H */
+diff --git a/protocols/service/capsule_update/capsule_update_proto.h b/protocols/service/capsule_update/capsule_update_proto.h
+new file mode 100644
+index 000000000000..8f326cd387fb
+--- /dev/null
+++ b/protocols/service/capsule_update/capsule_update_proto.h
+@@ -0,0 +1,13 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CAPSULE_UPDATE_PROTO_H
+#define CAPSULE_UPDATE_PROTO_H
+
+#include <protocols/service/capsule_update/opcodes.h>
+#include <protocols/service/capsule_update/parameters.h>
+
+#endif /* CAPSULE_UPDATE_PROTO_H */
+diff --git a/protocols/service/capsule_update/opcodes.h b/protocols/service/capsule_update/opcodes.h
+new file mode 100644
+index 000000000000..8185a0902378
+--- /dev/null
+++ b/protocols/service/capsule_update/opcodes.h
+@@ -0,0 +1,17 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CAPSULE_UPDATE_OPCODES_H
+#define CAPSULE_UPDATE_OPCODES_H
+
+/**
+ * Opcode definitions for the capsule update service
+ */
+
+#define CAPSULE_UPDATE_OPCODE_UPDATE_CAPSULE		1
+#define CAPSULE_UPDATE_OPCODE_BOOT_CONFIRMED		2
+
+#endif /* CAPSULE_UPDATE_OPCODES_H */
+diff --git a/protocols/service/capsule_update/parameters.h b/protocols/service/capsule_update/parameters.h
+new file mode 100644
+index 000000000000..285d924186be
+--- /dev/null
+++ b/protocols/service/capsule_update/parameters.h
+@@ -0,0 +1,15 @@
+/*
+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CAPSULE_UPDATE_PARAMETERS_H
+#define CAPSULE_UPDATE_PARAMETERS_H
+
+/**
+ * Operation parameter definitions for the capsule update service access protocol.
+ */
+
+
+#endif /* CAPSULE_UPDATE_PARAMETERS_H */
+-- 
+2.40.0
+
@@ -0,0 +1,121 @@
+From 51a7024967187644011c5043ef0f733cf81b26be Mon Sep 17 00:00:00 2001
+From: Satish Kumar <satish.kumar01@arm.com>
+Date: Mon, 14 Feb 2022 08:22:25 +0000
+Subject: [PATCH 2/6] Fixes in AEAD for psa-arch test 54 and 58.
+
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ .../crypto/client/caller/packed-c/crypto_caller_aead.h    | 1 +
+ components/service/crypto/include/psa/crypto_sizes.h      | 2 +-
+ .../crypto/provider/extension/aead/aead_provider.c        | 8 ++++++--
+ .../extension/aead/serializer/aead_provider_serializer.h  | 1 +
+ .../packed-c/packedc_aead_provider_serializer.c           | 2 ++
+ protocols/service/crypto/packed-c/aead.h                  | 1 +
+ 6 files changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
+index c4ffb20cf7f8..a91f66c14008 100644
+--- a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
+++ b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
+@@ -309,6 +309,7 @@ static inline psa_status_t crypto_caller_aead_update(struct service_client *cont
+ 	size_t req_len = req_fixed_len;
+ 
+ 	*output_length = 0;
+        req_msg.output_size = output_size;
+ 	req_msg.op_handle = op_handle;
+ 
+ 	/* Mandatory input data parameter */
+diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h
+index 30aa102da581..130d27295878 100644
+--- a/components/service/crypto/include/psa/crypto_sizes.h
+++ b/components/service/crypto/include/psa/crypto_sizes.h
+@@ -351,7 +351,7 @@
+  *       just the largest size that may be generated by
+  *       #psa_aead_generate_nonce().
+  */
+-#define PSA_AEAD_NONCE_MAX_SIZE 12
+#define PSA_AEAD_NONCE_MAX_SIZE 16
+ 
+ /** A sufficient output buffer size for psa_aead_update().
+  *
+diff --git a/components/service/crypto/provider/extension/aead/aead_provider.c b/components/service/crypto/provider/extension/aead/aead_provider.c
+index 14a25436b3f6..6b144db821de 100644
+--- a/components/service/crypto/provider/extension/aead/aead_provider.c
+++ b/components/service/crypto/provider/extension/aead/aead_provider.c
+@@ -283,10 +283,11 @@ static rpc_status_t aead_update_handler(void *context, struct call_req *req)
+ 	uint32_t op_handle;
+ 	const uint8_t *input;
+ 	size_t input_len;
+        uint32_t recv_output_size;
+ 
+ 	if (serializer)
+ 		rpc_status = serializer->deserialize_aead_update_req(req_buf, &op_handle,
+-			&input, &input_len);
+			&recv_output_size, &input, &input_len);
+ 
+ 	if (rpc_status == TS_RPC_CALL_ACCEPTED) {
+ 
+@@ -300,9 +301,12 @@ static rpc_status_t aead_update_handler(void *context, struct call_req *req)
+ 		if (crypto_context) {
+ 
+ 			size_t output_len = 0;
+-			size_t output_size = PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_len);
+			size_t output_size = PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(24);
+ 			uint8_t *output = malloc(output_size);
+ 
+                        if (recv_output_size < output_size) {
+                            output_size = recv_output_size;
+                        }
+ 			if (output) {
+ 
+ 				psa_status = psa_aead_update(&crypto_context->op.aead,
+diff --git a/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h b/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h
+index bb1a2a97e4b7..0156aaba3fe3 100644
+--- a/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h
+++ b/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h
+@@ -51,6 +51,7 @@ struct aead_provider_serializer {
+ 	/* Operation: aead_update */
+ 	rpc_status_t (*deserialize_aead_update_req)(const struct call_param_buf *req_buf,
+ 		uint32_t *op_handle,
+                uint32_t *output_size,
+ 		const uint8_t **input, size_t *input_len);
+ 
+ 	rpc_status_t (*serialize_aead_update_resp)(struct call_param_buf *resp_buf,
+diff --git a/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c b/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c
+index 6f00b3e3f6f1..45c739abcbb4 100644
+--- a/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c
+++ b/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c
+@@ -192,6 +192,7 @@ static rpc_status_t deserialize_aead_update_ad_req(const struct call_param_buf *
+ /* Operation: aead_update */
+ static rpc_status_t deserialize_aead_update_req(const struct call_param_buf *req_buf,
+ 	uint32_t *op_handle,
+        uint32_t *output_size,
+ 	const uint8_t **input, size_t *input_len)
+ {
+ 	rpc_status_t rpc_status = TS_RPC_ERROR_INVALID_REQ_BODY;
+@@ -208,6 +209,7 @@ static rpc_status_t deserialize_aead_update_req(const struct call_param_buf *req
+ 		memcpy(&recv_msg, req_buf->data, expected_fixed_len);
+ 
+ 		*op_handle = recv_msg.op_handle;
+                *output_size = recv_msg.output_size;
+ 
+ 		tlv_const_iterator_begin(&req_iter,
+ 			(uint8_t*)req_buf->data + expected_fixed_len,
+diff --git a/protocols/service/crypto/packed-c/aead.h b/protocols/service/crypto/packed-c/aead.h
+index 0be266b52403..435fd3b523ce 100644
+--- a/protocols/service/crypto/packed-c/aead.h
+++ b/protocols/service/crypto/packed-c/aead.h
+@@ -98,6 +98,7 @@ enum
+ struct __attribute__ ((__packed__)) ts_crypto_aead_update_in
+ {
+   uint32_t op_handle;
+  uint32_t output_size;
+ };
+ 
+ /* Variable length input parameter tags */
+-- 
+2.40.0
+
@@ -0,0 +1,418 @@
+From 5c8ac10337ac853d8a82992fb6e1d91b122b99d2 Mon Sep 17 00:00:00 2001
+From: Satish Kumar <satish.kumar01@arm.com>
+Date: Fri, 8 Jul 2022 09:48:06 +0100
+Subject: [PATCH 3/6] FMP Support in Corstone1000.
+
+The FMP support is used by u-boot to pupolate ESRT information
+for the kernel.
+
+The solution is platform specific and needs to be revisted.
+
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+
+Upstream-Status: Inappropriate [The solution is platform specific and needs to be revisted]
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ .../provider/capsule_update_provider.c        |   5 +
+ .../capsule_update/provider/component.cmake   |   1 +
+ .../provider/corstone1000_fmp_service.c       | 307 ++++++++++++++++++
+ .../provider/corstone1000_fmp_service.h       |  26 ++
+ 4 files changed, 339 insertions(+)
+ create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.c
+ create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.h
+
+diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
+index e133753f8560..991a2235cd73 100644
+--- a/components/service/capsule_update/provider/capsule_update_provider.c
+++ b/components/service/capsule_update/provider/capsule_update_provider.c
+@@ -11,6 +11,7 @@
+ #include <protocols/service/capsule_update/capsule_update_proto.h>
+ #include <protocols/rpc/common/packed-c/status.h>
+ #include "capsule_update_provider.h"
+#include "corstone1000_fmp_service.h"
+ 
+ 
+ #define CAPSULE_UPDATE_REQUEST (0x1)
+@@ -47,6 +48,8 @@ struct rpc_interface *capsule_update_provider_init(
+ 		rpc_interface = service_provider_get_rpc_interface(&context->base_provider);
+ 	}
+ 
+	provision_fmp_variables_metadata(context->client.caller);
+
+ 	return rpc_interface;
+ }
+ 
+@@ -85,6 +88,7 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
+ 		}
+ 		psa_call(caller,handle, PSA_IPC_CALL,
+ 			in_vec,IOVEC_LEN(in_vec), NULL, 0);
+		set_fmp_image_info(caller, handle);
+ 		break;
+ 
+ 		case KERNEL_STARTED_EVENT:
+@@ -99,6 +103,7 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
+ 		}
+ 		psa_call(caller,handle, PSA_IPC_CALL,
+ 			in_vec,IOVEC_LEN(in_vec), NULL, 0);
+		set_fmp_image_info(caller, handle);
+ 		break;
+ 		default:
+ 			EMSG("%s unsupported opcode", __func__);
+diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake
+index 1d412eb234d9..6b0601494938 100644
+--- a/components/service/capsule_update/provider/component.cmake
+++ b/components/service/capsule_update/provider/component.cmake
+@@ -10,4 +10,5 @@ endif()
+ 
+ target_sources(${TGT} PRIVATE
+ 	"${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c"
+	"${CMAKE_CURRENT_LIST_DIR}/corstone1000_fmp_service.c"
+ 	)
+diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
+new file mode 100644
+index 000000000000..6a7a47a7ed99
+--- /dev/null
+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
+@@ -0,0 +1,307 @@
+/*
+ * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include "corstone1000_fmp_service.h"
+#include <psa/client.h>
+#include <psa/sid.h>
+#include <psa/storage_common.h>
+#include <trace.h>
+
+#include <service/smm_variable/backend/variable_index.h>
+
+#define VARIABLE_INDEX_STORAGE_UID			(0x787)
+
+/**
+ * Variable attributes
+ */
+#define	EFI_VARIABLE_NON_VOLATILE				(0x00000001)
+#define	EFI_VARIABLE_BOOTSERVICE_ACCESS				(0x00000002)
+#define	EFI_VARIABLE_RUNTIME_ACCESS				(0x00000004)
+#define	EFI_VARIABLE_HARDWARE_ERROR_RECORD			(0x00000008)
+#define	EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS			(0x00000010)
+#define	EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS	(0x00000020)
+#define	EFI_VARIABLE_APPEND_WRITE				(0x00000040)
+#define	EFI_VARIABLE_MASK \
+	(EFI_VARIABLE_NON_VOLATILE | \
+	 EFI_VARIABLE_BOOTSERVICE_ACCESS | \
+	 EFI_VARIABLE_RUNTIME_ACCESS | \
+	 EFI_VARIABLE_HARDWARE_ERROR_RECORD | \
+	 EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \
+	 EFI_VARIABLE_APPEND_WRITE)
+
+#define FMP_VARIABLES_COUNT	6
+
+static struct variable_metadata fmp_variables_metadata[FMP_VARIABLES_COUNT] = {
+    {
+	{ 0x86c77a67, 0x0b97, 0x4633, \
+		{ 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
+	/* name size = (variable_name + \0) * sizeof(u16) */
+	.name_size = 42, { 'F', 'm', 'p', 'D', 'e', 's', 'c', 'r', 'i', 'p', 't', 'o', 'r', 'V', 'e', 'r', 's', 'i', 'o', 'n' },
+	.attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
+    },
+    {
+	{ 0x86c77a67, 0x0b97, 0x4633, \
+		{ 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
+	/* name size = (variable_name + \0) * sizeof(u16) */
+	.name_size = 34, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'I', 'n', 'f', 'o', 'S', 'i', 'z', 'e' },
+	.attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
+    },
+    {
+	{ 0x86c77a67, 0x0b97, 0x4633, \
+		{ 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
+	/* name size = (variable_name + \0) * sizeof(u16) */
+	.name_size = 38, { 'F', 'm', 'p', 'D', 'e', 's', 'c', 'r', 'i', 'p', 't', 'o', 'r', 'C', 'o', 'u', 'n', 't' },
+	.attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
+    },
+    {
+	{ 0x86c77a67, 0x0b97, 0x4633, \
+		{ 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
+	/* name size = (variable_name + \0) * sizeof(u16) */
+	.name_size = 26, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'I', 'n', 'f', 'o' },
+	.attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
+    },
+    {
+	{ 0x86c77a67, 0x0b97, 0x4633, \
+		{ 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
+	/* name size = (variable_name + \0) * sizeof(u16) */
+	.name_size = 28, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'N', 'a', 'm', 'e', '1' },
+	.attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
+    },
+    {
+	{ 0x86c77a67, 0x0b97, 0x4633, \
+		{ 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
+	/* name size = (variable_name + \0) * sizeof(u16) */
+	.name_size = 32, { 'F', 'm', 'p', 'V', 'e', 'r', 's', 'i', 'o', 'n',  'N', 'a', 'm', 'e', '1' },
+	.attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
+    },
+};
+
+static psa_status_t protected_storage_set(struct rpc_caller *caller,
+	psa_storage_uid_t uid, size_t data_length, const void *p_data)
+{
+	psa_status_t psa_status;
+	psa_storage_create_flags_t create_flags = PSA_STORAGE_FLAG_NONE;
+
+	struct psa_invec in_vec[] = {
+		{ .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
+		{ .base = psa_ptr_const_to_u32(p_data), .len = data_length },
+		{ .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) },
+	};
+
+	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_ITS_SET,
+			      in_vec, IOVEC_LEN(in_vec), NULL, 0);
+	if (psa_status < 0)
+		EMSG("ipc_set: psa_call failed: %d", psa_status);
+
+	return psa_status;
+}
+
+static psa_status_t protected_storage_get(struct rpc_caller *caller,
+	psa_storage_uid_t uid, size_t data_size, void *p_data)
+{
+	psa_status_t psa_status;
+	uint32_t offset = 0;
+
+	struct psa_invec in_vec[] = {
+		{ .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
+		{ .base = psa_ptr_to_u32(&offset), .len = sizeof(offset) },
+	};
+
+	struct psa_outvec out_vec[] = {
+		{ .base = psa_ptr_to_u32(p_data), .len = data_size },
+	};
+
+	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
+			      TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec),
+			      out_vec, IOVEC_LEN(out_vec));
+
+	if (psa_status == PSA_SUCCESS && out_vec[0].len != data_size) {
+	    EMSG("Return size does not match with expected size.");
+	    return PSA_ERROR_BUFFER_TOO_SMALL;
+	}
+
+	return psa_status;
+}	
+
+static uint64_t name_hash(EFI_GUID *guid, size_t name_size,
+	const int16_t *name)
+{
+	/* Using djb2 hash by Dan Bernstein */
+	uint64_t hash = 5381;
+
+	/* Calculate hash over GUID */
+	hash = ((hash << 5) + hash) + guid->Data1;
+	hash = ((hash << 5) + hash) + guid->Data2;
+	hash = ((hash << 5) + hash) + guid->Data3;
+
+	for (int i = 0; i < 8; ++i) {
+
+		hash = ((hash << 5) + hash) + guid->Data4[i];
+	}   
+
+	/* Extend to cover name up to but not including null terminator */
+	for (int i = 0; i < name_size / sizeof(int16_t); ++i) {
+
+		if (!name[i]) break;
+		hash = ((hash << 5) + hash) + name[i];
+	}
+
+	return hash;
+}
+
+
+static void initialize_metadata(void)
+{
+    for (int i = 0; i < FMP_VARIABLES_COUNT; i++) {
+
+	fmp_variables_metadata[i].uid = name_hash(
+					&fmp_variables_metadata[i].guid,
+					fmp_variables_metadata[i].name_size,
+					fmp_variables_metadata[i].name);
+    }
+}
+
+
+void provision_fmp_variables_metadata(struct rpc_caller *caller)
+{
+    struct variable_metadata metadata;
+    psa_status_t status;
+    uint32_t dummy_values = 0xDEAD;
+
+    EMSG("Provisioning FMP metadata.");
+
+    initialize_metadata();
+
+    status = protected_storage_get(caller, VARIABLE_INDEX_STORAGE_UID,
+		sizeof(struct variable_metadata), &metadata);
+
+    if (status == PSA_SUCCESS) {
+	EMSG("UEFI variables store is already provisioned.");
+	return;
+    }
+
+    /* Provision FMP variables with dummy values. */
+    for (int i = 0; i < FMP_VARIABLES_COUNT; i++) {
+	protected_storage_set(caller, fmp_variables_metadata[i].uid,
+				sizeof(dummy_values), &dummy_values);
+    }
+
+    status = protected_storage_set(caller, VARIABLE_INDEX_STORAGE_UID,
+		    sizeof(struct variable_metadata) * FMP_VARIABLES_COUNT,
+		    fmp_variables_metadata);
+
+    if (status != EFI_SUCCESS) {
+	return;
+    }
+
+    EMSG("FMP metadata is provisioned");
+}
+
+typedef struct {
+    void *base;
+    int len;
+} variable_data_t;
+
+static variable_data_t fmp_variables_data[FMP_VARIABLES_COUNT];
+
+#define IMAGE_INFO_BUFFER_SIZE	256
+static char image_info_buffer[IMAGE_INFO_BUFFER_SIZE];
+#define IOCTL_CORSTONE1000_FMP_IMAGE_INFO	2
+
+static psa_status_t unpack_image_info(void *buffer, uint32_t size)
+{
+    typedef struct __attribute__ ((__packed__)) {
+	uint32_t variable_count;
+	uint32_t variable_size[FMP_VARIABLES_COUNT];
+	uint8_t variable[];
+    } packed_buffer_t;
+
+    packed_buffer_t *packed_buffer = buffer;
+    int runner = 0;
+
+    if (packed_buffer->variable_count != FMP_VARIABLES_COUNT) {
+	EMSG("Expected fmp varaibles = %u, but received = %u",
+		FMP_VARIABLES_COUNT, packed_buffer->variable_count);
+	return PSA_ERROR_PROGRAMMER_ERROR;
+    }
+
+    for (int i = 0; i < packed_buffer->variable_count; i++) {
+	EMSG("FMP variable %d : size %u", i, packed_buffer->variable_size[i]);
+	fmp_variables_data[i].base = &packed_buffer->variable[runner];
+	fmp_variables_data[i].len= packed_buffer->variable_size[i];
+	runner += packed_buffer->variable_size[i];
+    }
+
+    return PSA_SUCCESS;
+}
+
+static psa_status_t get_image_info(struct rpc_caller *caller,
+			   psa_handle_t platform_service_handle)
+{
+    psa_status_t status;
+    psa_handle_t handle;
+    uint32_t ioctl_id = IOCTL_CORSTONE1000_FMP_IMAGE_INFO;
+
+    struct psa_invec in_vec[] = {
+	{ .base = &ioctl_id, .len = sizeof(ioctl_id) },
+    };
+
+    struct psa_outvec out_vec[] = {
+	{ .base = image_info_buffer, .len = IMAGE_INFO_BUFFER_SIZE },
+    };
+
+    memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE);
+
+    psa_call(caller, platform_service_handle, PSA_IPC_CALL,
+	     in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
+
+    status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE);
+    if (status != PSA_SUCCESS) {
+	return status;
+    }
+
+    return PSA_SUCCESS;
+}
+
+static psa_status_t set_image_info(struct rpc_caller *caller)
+{
+    psa_status_t status;
+
+    for (int i = 0; i < FMP_VARIABLES_COUNT; i++) {
+	
+	status = protected_storage_set(caller,
+			fmp_variables_metadata[i].uid,
+			fmp_variables_data[i].len, fmp_variables_data[i].base);
+
+	if (status != PSA_SUCCESS) {
+
+            EMSG("FMP variable %d set unsuccessful", i);
+	    return status;
+	}
+
+        EMSG("FMP variable %d set success", i);
+    }
+
+    return PSA_SUCCESS;
+}
+
+void set_fmp_image_info(struct rpc_caller *caller,
+			psa_handle_t platform_service_handle)
+{
+    psa_status_t status;
+
+    status = get_image_info(caller, platform_service_handle);
+    if (status != PSA_SUCCESS) {
+	return;
+    }
+
+    status = set_image_info(caller);
+    if (status != PSA_SUCCESS) {
+	return;
+    }
+
+    return;
+}
+diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h
+new file mode 100644
+index 000000000000..95fba2a04d5c
+--- /dev/null
+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h
+@@ -0,0 +1,26 @@
+/*
+ * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CORSTONE1000_FMP_SERVICE_H
+#define CORSTONE1000_FMP_SERVICE_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <rpc_caller.h>
+#include <psa/client.h>
+
+void provision_fmp_variables_metadata(struct rpc_caller *caller);
+
+void set_fmp_image_info(struct rpc_caller *caller,
+		psa_handle_t platform_service_handle);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* CORSTONE1000_FMP_SERVICE_H */
+-- 
+2.40.0
+
@@ -0,0 +1,33 @@
+From 2aa665ad2cb13bc79b645db41686449a47593aab Mon Sep 17 00:00:00 2001
+From: Emekcan <emekcan.aras@arm.com>
+Date: Thu, 3 Nov 2022 17:43:40 +0000
+Subject: [PATCH] smm_gateway: GetNextVariableName Fix
+
+GetNextVariableName() should return EFI_BUFFER_TOO_SMALL 
+when NameSize is smaller than the actual NameSize. It 
+currently returns EFI_BUFFER_OUT_OF_RESOURCES due to setting
+max_name_len incorrectly. This fixes max_name_len error by
+replacing it with actual NameSize request by u-boot.
+
+Upstream-Status: Pending
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+---
+ .../service/smm_variable/provider/smm_variable_provider.c       | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/components/service/smm_variable/provider/smm_variable_provider.c b/components/service/smm_variable/provider/smm_variable_provider.c
+index a9679b7e..6a4b6fa7 100644
+--- a/components/service/smm_variable/provider/smm_variable_provider.c
+++ b/components/service/smm_variable/provider/smm_variable_provider.c
+@@ -197,7 +197,7 @@ static rpc_status_t get_next_variable_name_handler(void *context, struct call_re
+ 			efi_status = uefi_variable_store_get_next_variable_name(
+ 				&this_instance->variable_store,
+ 				(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data,
+-				max_name_len,
+				((SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data)->NameSize,
+ 				&resp_buf->data_len);
+ 		}
+ 		else {
+-- 
+2.17.1
+
@@ -0,0 +1,29 @@
+From 041d30bb9cc6857f5ef26ded154ff7126dafaa20 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Fri, 16 Jun 2023 10:47:48 +0100
+Subject: [PATCH] plat: corstone1000: add compile definitions for
+ ECP_DP_SECP512R1
+
+Corstone1000 runs PSA-API tests which requires this ECC algorithm.
+Without setting this, corstone1000 fails psa-api-crypto-test no 243.
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Upstream-Status: Pending
+
+---
+ platform/providers/arm/corstone1000/platform.cmake | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
+index dbdf1097..e7a295dd 100644
+--- a/platform/providers/arm/corstone1000/platform.cmake
+++ b/platform/providers/arm/corstone1000/platform.cmake
+@@ -14,3 +14,5 @@ target_compile_definitions(${TGT} PRIVATE
+ 	SMM_VARIABLE_INDEX_STORAGE_UID=0x787
+ 	SMM_GATEWAY_MAX_UEFI_VARIABLES=100
+ )
+
+add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+-- 
+2.17.1
+
@@ -0,0 +1,141 @@
+From a71e99045996c57a4f80509ae8b770aa4f73f6c0 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Sun, 18 Jun 2023 14:38:42 +0100
+Subject: [PATCH] plat: corstone1000: Use the stateless platform service calls
+ Calls to psa_connect is not needed and psa_call can be called directly with a
+ pre defined handle.
+
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+
+Upstream-Status: Inappropriate [Design is to revisted]
+---
+ .../provider/capsule_update_provider.c        | 24 ++++---------------
+ .../provider/corstone1000_fmp_service.c       | 10 ++++----
+ .../provider/corstone1000_fmp_service.h       |  3 +--
+ components/service/common/include/psa/sid.h   |  7 ++++++
+ 4 files changed, 17 insertions(+), 27 deletions(-)
+
+diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
+index 991a2235..6809249f 100644
+--- a/components/service/capsule_update/provider/capsule_update_provider.c
+++ b/components/service/capsule_update/provider/capsule_update_provider.c
+@@ -61,7 +61,6 @@ void capsule_update_provider_deinit(struct capsule_update_provider *context)
+ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
+ {
+ 	uint32_t ioctl_id;
+-	psa_handle_t handle;
+ 	rpc_status_t rpc_status = TS_RPC_CALL_ACCEPTED;
+ 
+ 	struct psa_invec in_vec[] = {
+@@ -79,31 +78,18 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
+ 		case CAPSULE_UPDATE_REQUEST:
+ 		/* Openamp call with IOCTL for firmware update*/
+ 		ioctl_id = IOCTL_CORSTONE1000_FWU_FLASH_IMAGES;
+-		handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
+-				TFM_SP_PLATFORM_IOCTL_VERSION);
+-		if (handle <= 0) {
+-			EMSG("%s Invalid handle", __func__);
+-			rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
+-			return rpc_status;
+-		}
+-		psa_call(caller,handle, PSA_IPC_CALL,
+		psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
+ 			in_vec,IOVEC_LEN(in_vec), NULL, 0);
+-		set_fmp_image_info(caller, handle);
+		set_fmp_image_info(caller);
+ 		break;
+ 
+ 		case KERNEL_STARTED_EVENT:
+ 		ioctl_id = IOCTL_CORSTONE1000_FWU_HOST_ACK;
+ 		/*openamp call with IOCTL for kernel start*/
+-		handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
+-				TFM_SP_PLATFORM_IOCTL_VERSION);
+-		if (handle <= 0) {
+-			EMSG("%s Invalid handle", __func__);
+-			rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
+-			return rpc_status;
+-		}
+-		psa_call(caller,handle, PSA_IPC_CALL,
+		
+		psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
+ 			in_vec,IOVEC_LEN(in_vec), NULL, 0);
+-		set_fmp_image_info(caller, handle);
+		set_fmp_image_info(caller);
+ 		break;
+ 		default:
+ 			EMSG("%s unsupported opcode", __func__);
+diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
+index 6a7a47a7..d811af9f 100644
+--- a/components/service/capsule_update/provider/corstone1000_fmp_service.c
+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
+@@ -238,8 +238,7 @@ static psa_status_t unpack_image_info(void *buffer, uint32_t size)
+     return PSA_SUCCESS;
+ }
+ 
+-static psa_status_t get_image_info(struct rpc_caller *caller,
+-			   psa_handle_t platform_service_handle)
+static psa_status_t get_image_info(struct rpc_caller *caller)
+ {
+     psa_status_t status;
+     psa_handle_t handle;
+@@ -255,7 +254,7 @@ static psa_status_t get_image_info(struct rpc_caller *caller,
+ 
+     memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE);
+ 
+-    psa_call(caller, platform_service_handle, PSA_IPC_CALL,
+    psa_call(caller, TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
+ 	     in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
+ 
+     status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE);
+@@ -288,12 +287,11 @@ static psa_status_t set_image_info(struct rpc_caller *caller)
+     return PSA_SUCCESS;
+ }
+ 
+-void set_fmp_image_info(struct rpc_caller *caller,
+-			psa_handle_t platform_service_handle)
+void set_fmp_image_info(struct rpc_caller *caller)
+ {
+     psa_status_t status;
+ 
+-    status = get_image_info(caller, platform_service_handle);
+    status = get_image_info(caller);
+     if (status != PSA_SUCCESS) {
+ 	return;
+     }
+diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h
+index 95fba2a0..963223e8 100644
+--- a/components/service/capsule_update/provider/corstone1000_fmp_service.h
+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h
+@@ -16,8 +16,7 @@ extern "C" {
+ 
+ void provision_fmp_variables_metadata(struct rpc_caller *caller);
+ 
+-void set_fmp_image_info(struct rpc_caller *caller,
+-		psa_handle_t platform_service_handle);
+void set_fmp_image_info(struct rpc_caller *caller);
+ 
+ #ifdef __cplusplus
+ } /* extern "C" */
+diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
+index 5aaa659d..fc3a4fb0 100644
+--- a/components/service/common/include/psa/sid.h
+++ b/components/service/common/include/psa/sid.h
+@@ -40,6 +40,13 @@ extern "C" {
+ #define TFM_CRYPTO_VERSION                                         (1U)
+ #define TFM_CRYPTO_HANDLE                                          (0x40000100U)
+ 
+/******** TFM_PLATFORM_SERVICE *******/
+#define TFM_PLATFORM_API_ID_IOCTL         (1013)
+#define TFM_PLATFORM_SERVICE_HANDLE       (0x40000105U)
+
+/**
+ * \brief Define a progressive numerical value for each SID which can be used
+ *        when dispatching the requests to the service
+ /******** TFM_SP_PLATFORM ********/
+ #define TFM_SP_PLATFORM_SYSTEM_RESET_SID                           (0x00000040U)
+ #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION                       (1U)
+-- 
+2.17.1
+
@@ -0,0 +1,78 @@
+From b5b31064959665f4cc616733be3d989ae4356636 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Sun, 18 Jun 2023 16:05:27 +0100
+Subject: [PATCH] plat: corstone1000: Initialize capsule update provider
+
+Initializes the capsule update service provider in se-proxy-sp.c deployment
+for corstone1000.
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Upstream-Status: Inappropriate [Design is to revisted]
+
+---
+ deployments/se-proxy/env/commonsp/se_proxy_sp.c |  3 +++
+ .../infra/corstone1000/service_proxy_factory.c  | 17 +++++++++++++++++
+ .../se-proxy/infra/service_proxy_factory.h      |  1 +
+ 3 files changed, 21 insertions(+)
+
+diff --git a/deployments/se-proxy/env/commonsp/se_proxy_sp.c b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
+index 45fcb385..dc2a9d49 100644
+--- a/deployments/se-proxy/env/commonsp/se_proxy_sp.c
+++ b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
+@@ -77,6 +77,9 @@ void __noreturn sp_main(struct ffa_init_info *init_info)
+ 	}
+ 	rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_ATTEST, rpc_iface);
+ 
+	rpc_iface = capsule_update_proxy_create();
+	rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE, rpc_iface);
+
+ 	/* End of boot phase */
+ 	result = sp_msg_wait(&req_msg);
+ 	if (result != SP_RESULT_OK) {
+diff --git a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
+index bacab1de..32d88c97 100644
+--- a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
+++ b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
+@@ -14,6 +14,7 @@
+ #include <service/crypto/factory/crypto_provider_factory.h>
+ #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
+ #include <trace.h>
+#include <service/capsule_update/provider/capsule_update_provider.h>
+ 
+ /* backends */
+ #include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
+@@ -94,3 +95,19 @@ struct rpc_interface *its_proxy_create(void)
+ 
+ 	return secure_storage_provider_init(&its_provider, backend);
+ }
+
+struct rpc_interface *capsule_update_proxy_create(void)
+{
+	static struct capsule_update_provider capsule_update_provider;
+	static struct rpc_caller *capsule_update_caller;
+
+	capsule_update_caller = psa_ipc_caller_init(&psa_ipc);
+
+	if (!capsule_update_caller)
+	return NULL;
+
+	capsule_update_provider.client.caller = capsule_update_caller;
+
+	return capsule_update_provider_init(&capsule_update_provider);
+}
+
+diff --git a/deployments/se-proxy/infra/service_proxy_factory.h b/deployments/se-proxy/infra/service_proxy_factory.h
+index 298d407a..02aa7fe2 100644
+--- a/deployments/se-proxy/infra/service_proxy_factory.h
+++ b/deployments/se-proxy/infra/service_proxy_factory.h
+@@ -17,6 +17,7 @@ struct rpc_interface *attest_proxy_create(void);
+ struct rpc_interface *crypto_proxy_create(void);
+ struct rpc_interface *ps_proxy_create(void);
+ struct rpc_interface *its_proxy_create(void);
+struct rpc_interface *capsule_update_proxy_create(void);
+ 
+ #ifdef __cplusplus
+ }
+-- 
+2.17.1
+
@@ -0,0 +1,230 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
+
+From c1bcab09bb5b73e0f7131d9433f5e23c3943f007 Mon Sep 17 00:00:00 2001
+From: Satish Kumar <satish.kumar01@arm.com>
+Date: Sat, 11 Dec 2021 11:06:57 +0000
+Subject: [PATCH] corstone1000: port crypto config
+
+
+Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
+
+%% original patch: 0002-corstone1000-port-crypto-config.patch
+
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ .../nspe/pal_crypto_config.h                  | 81 +++++++++++++++----
+ 1 file changed, 65 insertions(+), 16 deletions(-)
+
+diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
+index 218a94c69502..c6d4aadd8476 100755
+--- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
+++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
+@@ -34,10 +34,14 @@
+  *
+  * Comment macros to disable the types
+  */
+#ifndef TF_M_PROFILE_SMALL
+#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_RSA
+ #define ARCH_TEST_RSA_1024
+ #define ARCH_TEST_RSA_2048
+ #define ARCH_TEST_RSA_3072
+#endif
+#endif
+ 
+ /**
+  * \def  ARCH_TEST_ECC
+@@ -50,11 +54,17 @@
+  * Requires: ARCH_TEST_ECC
+  * Comment macros to disable the curve
+  */
+#ifndef TF_M_PROFILE_SMALL
+ #define ARCH_TEST_ECC
+ #define ARCH_TEST_ECC_CURVE_SECP192R1
+#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_ECC_CURVE_SECP224R1
+#endif
+ #define ARCH_TEST_ECC_CURVE_SECP256R1
+#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_ECC_CURVE_SECP384R1
+#endif
+#endif
+ 
+ /**
+  * \def ARCH_TEST_AES
+@@ -78,10 +88,10 @@
+  *
+  * Comment macros to disable the types
+  */
+-#define ARCH_TEST_DES
+-#define ARCH_TEST_DES_1KEY
+-#define ARCH_TEST_DES_2KEY
+-#define ARCH_TEST_DES_3KEY
+//#define ARCH_TEST_DES
+//#define ARCH_TEST_DES_1KEY
+//#define ARCH_TEST_DES_2KEY
+//#define ARCH_TEST_DES_3KEY
+ 
+ /**
+  * \def  ARCH_TEST_RAW
+@@ -104,7 +114,7 @@
+  *
+  * Enable the ARC4 key type.
+  */
+-#define ARCH_TEST_ARC4
+//#define ARCH_TEST_ARC4
+ 
+ /**
+  * \def ARCH_TEST_CIPHER_MODE_CTR
+@@ -113,7 +123,11 @@
+  *
+  * Requires: ARCH_TEST_CIPHER
+  */
+#ifndef TF_M_PROFILE_SMALL
+#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_CIPHER_MODE_CTR
+#endif
+#endif
+ 
+ /**
+  * \def ARCH_TEST_CIPHER_MODE_CFB
+@@ -138,7 +152,11 @@
+  *
+  * Requires: ARCH_TEST_CIPHER, ARCH_TEST_AES, ARCH_TEST_CIPHER_MODE_CTR
+  */
+#ifndef TF_M_PROFILE_SMALL
+#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_CTR_AES
+#endif
+#endif
+ 
+ /**
+  * \def ARCH_TEST_CBC_AES
+@@ -157,7 +175,11 @@
+  *
+  * Comment macros to disable the types
+  */
+#ifndef TF_M_PROFILE_SMALL
+#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_CBC_NO_PADDING
+#endif
+#endif
+ 
+ /**
+  * \def ARCH_TEST_CFB_AES
+@@ -177,11 +199,15 @@
+  *
+  * Comment macros to disable the types
+  */
+#ifndef TF_M_PROFILE_SMALL
+#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_PKCS1V15
+ #define ARCH_TEST_RSA_PKCS1V15_SIGN
+ #define ARCH_TEST_RSA_PKCS1V15_SIGN_RAW
+ #define ARCH_TEST_RSA_PKCS1V15_CRYPT
+ #define ARCH_TEST_RSA_OAEP
+#endif
+#endif
+ 
+ /**
+  * \def ARCH_TEST_CBC_PKCS7
+@@ -190,7 +216,11 @@
+  *
+  * Comment macros to disable the types
+  */
+#ifndef TF_M_PROFILE_SMALL
+#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_CBC_PKCS7
+#endif
+#endif
+ 
+ /**
+  * \def ARCH_TEST_ASYMMETRIC_ENCRYPTION
+@@ -227,21 +257,27 @@
+  *
+  * Comment macros to disable the types
+  */
+-// #define ARCH_TEST_MD2
+-// #define ARCH_TEST_MD4
+-#define ARCH_TEST_MD5
+-#define ARCH_TEST_RIPEMD160
+-#define ARCH_TEST_SHA1
+//#define ARCH_TEST_MD2
+//#define ARCH_TEST_MD4
+//#define ARCH_TEST_MD5
+//#define ARCH_TEST_RIPEMD160
+//#define ARCH_TEST_SHA1
+#ifndef TF_M_PROFILE_SMALL
+ #define ARCH_TEST_SHA224
+#endif
+ #define ARCH_TEST_SHA256
+#ifndef TF_M_PROFILE_SMALL
+#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_SHA384
+ #define ARCH_TEST_SHA512
+-// #define ARCH_TEST_SHA512_224
+-// #define ARCH_TEST_SHA512_256
+-// #define ARCH_TEST_SHA3_224
+-// #define ARCH_TEST_SHA3_256
+-// #define ARCH_TEST_SHA3_384
+-// #define ARCH_TEST_SHA3_512
+#endif
+#endif
+//#define ARCH_TEST_SHA512_224
+//#define ARCH_TEST_SHA512_256
+//#define ARCH_TEST_SHA3_224
+//#define ARCH_TEST_SHA3_256
+//#define ARCH_TEST_SHA3_384
+//#define ARCH_TEST_SHA3_512
+ 
+ /**
+  * \def ARCH_TEST_HKDF
+@@ -270,7 +306,12 @@
+  *
+  * Comment macros to disable the types
+  */
+#ifndef TF_M_PROFILE_SMALL
+#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_CMAC
+#endif
+#endif
+//#define ARCH_TEST_GMAC
+ #define ARCH_TEST_HMAC
+ 
+ /**
+@@ -290,7 +331,11 @@
+  * Requires: ARCH_TEST_AES
+  *
+  */
+#ifndef TF_M_PROFILE_SMALL
+#ifndef TF_M_PROFILE_MEDIUM
+ #define ARCH_TEST_GCM
+#endif
+#endif
+ 
+ /**
+  * \def ARCH_TEST_TRUNCATED_MAC
+@@ -309,7 +354,9 @@
+  *
+  * Requires: ARCH_TEST_ECC
+  */
+#ifndef TF_M_PROFILE_SMALL
+ #define ARCH_TEST_ECDH
+#endif
+ 
+ /**
+  * \def ARCH_TEST_ECDSA
+@@ -317,7 +364,9 @@
+  * Enable the elliptic curve DSA library.
+  * Requires: ARCH_TEST_ECC
+  */
+#ifndef TF_M_PROFILE_SMALL
+ #define ARCH_TEST_ECDSA
+#endif
+ 
+ /**
+  * \def ARCH_TEST_DETERMINISTIC_ECDSA
+-- 
+2.38.0
+
@@ -0,0 +1,32 @@
+From 1bc041813df89a1be953d0ba3471e608f6fa7ed8 Mon Sep 17 00:00:00 2001
+From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Date: Thu, 9 Feb 2023 20:54:40 +0000
+Subject: [PATCH] corstone1000: Disable obsolete algorithms
+
+curves of size <255 are obsolete algorithms
+
+Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Upstream-Status: Inappropriate [Discussions of having these configs
+                                in a separate target is ongoing]
+---
+ .../targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h       | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
+index c6d4aad..1d9b356 100755
+--- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
+++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
+@@ -66,6 +66,10 @@
+ #endif
+ #endif
+ 
+/* curves of size <255 are obsolete algorithms, should be disabled. */
+#undef ARCH_TEST_ECC_CURVE_SECP192R1
+#undef ARCH_TEST_ECC_CURVE_SECP224R1
+
+ /**
+  * \def ARCH_TEST_AES
+  *
+-- 
+2.25.1
+
@@ -0,0 +1,32 @@
+From abdea43f1de61a0e76b13890cb403f7955998b02 Mon Sep 17 00:00:00 2001
+From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Date: Thu, 9 Feb 2023 21:06:22 +0000
+Subject: [PATCH] corstone1000: Disable SHA512/384
+
+SHA512 and SHA384 is not available on Cryptocell (hardware accelerator)
+
+Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+Upstream-Status: Inappropriate [Discussions of having these configs
+                                in a separate target is ongoing]
+---
+ .../targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h       | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
+index 1d9b356..d6d552a 100755
+--- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
+++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_crypto_config.h
+@@ -272,8 +272,8 @@
+ #define ARCH_TEST_SHA256
+ #ifndef TF_M_PROFILE_SMALL
+ #ifndef TF_M_PROFILE_MEDIUM
+-#define ARCH_TEST_SHA384
+-#define ARCH_TEST_SHA512
+// #define ARCH_TEST_SHA384
+// #define ARCH_TEST_SHA512
+ #endif
+ #endif
+ //#define ARCH_TEST_SHA512_224
+-- 
+2.25.1
+
@@ -0,0 +1,210 @@
+From 03d97c104f2d68cffd1bfc48cd62727e13a64712 Mon Sep 17 00:00:00 2001
+From: Rui Miguel Silva <rui.silva@linaro.org>
+Date: Fri, 14 Oct 2022 17:42:52 +0100
+Subject: [PATCH] newlib: memcpy: remove optimized version
+
+When creating messages packed to send over openamp we may need
+to do some copy in unaligned address, because of that we may
+not always use the assembler optimized version, which will
+trough a data-abort on aligned address exception.
+
+So, we may just use the version in string.h (the same used in
+optee-os) that will take care to check and use different
+optimization based on given source or destination address's.
+
+Upstream-Status: Pending
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
+---
+ newlib/libc/machine/aarch64/memcpy-stub.c |   2 +-
+ newlib/libc/machine/aarch64/memcpy.S      | 166 ----------------------
+ 2 files changed, 1 insertion(+), 167 deletions(-)
+
+diff --git a/newlib/libc/machine/aarch64/memcpy-stub.c b/newlib/libc/machine/aarch64/memcpy-stub.c
+index cd6d72a8b8af..5f2b7968c7fc 100644
+--- a/newlib/libc/machine/aarch64/memcpy-stub.c
+++ b/newlib/libc/machine/aarch64/memcpy-stub.c
+@@ -27,5 +27,5 @@
+ #if (defined (__OPTIMIZE_SIZE__) || defined (PREFER_SIZE_OVER_SPEED))
+ # include "../../string/memcpy.c"
+ #else
+-/* See memcpy.S  */
+# include "../../string/memcpy.c"
+ #endif
+diff --git a/newlib/libc/machine/aarch64/memcpy.S b/newlib/libc/machine/aarch64/memcpy.S
+index 463bad0a1816..2a1460546374 100644
+--- a/newlib/libc/machine/aarch64/memcpy.S
+++ b/newlib/libc/machine/aarch64/memcpy.S
+@@ -61,170 +61,4 @@
+ #if (defined (__OPTIMIZE_SIZE__) || defined (PREFER_SIZE_OVER_SPEED))
+ /* See memcpy-stub.c  */
+ #else
+-
+-#define dstin	x0
+-#define src	x1
+-#define count	x2
+-#define dst	x3
+-#define srcend	x4
+-#define dstend	x5
+-#define A_l	x6
+-#define A_lw	w6
+-#define A_h	x7
+-#define A_hw	w7
+-#define B_l	x8
+-#define B_lw	w8
+-#define B_h	x9
+-#define C_l	x10
+-#define C_h	x11
+-#define D_l	x12
+-#define D_h	x13
+-#define E_l	src
+-#define E_h	count
+-#define F_l	srcend
+-#define F_h	dst
+-#define tmp1	x9
+-
+-#define L(l) .L ## l
+-
+-	.macro def_fn f p2align=0
+-	.text
+-	.p2align \p2align
+-	.global \f
+-	.type \f, %function
+-\f:
+-	.endm
+-
+-/* Copies are split into 3 main cases: small copies of up to 16 bytes,
+-   medium copies of 17..96 bytes which are fully unrolled. Large copies
+-   of more than 96 bytes align the destination and use an unrolled loop
+-   processing 64 bytes per iteration.
+-   Small and medium copies read all data before writing, allowing any
+-   kind of overlap, and memmove tailcalls memcpy for these cases as
+-   well as non-overlapping copies.
+-*/
+-
+-def_fn memcpy p2align=6
+-	prfm	PLDL1KEEP, [src]
+-	add	srcend, src, count
+-	add	dstend, dstin, count
+-	cmp	count, 16
+-	b.ls	L(copy16)
+-	cmp	count, 96
+-	b.hi	L(copy_long)
+-
+-	/* Medium copies: 17..96 bytes.  */
+-	sub	tmp1, count, 1
+-	ldp	A_l, A_h, [src]
+-	tbnz	tmp1, 6, L(copy96)
+-	ldp	D_l, D_h, [srcend, -16]
+-	tbz	tmp1, 5, 1f
+-	ldp	B_l, B_h, [src, 16]
+-	ldp	C_l, C_h, [srcend, -32]
+-	stp	B_l, B_h, [dstin, 16]
+-	stp	C_l, C_h, [dstend, -32]
+-1:
+-	stp	A_l, A_h, [dstin]
+-	stp	D_l, D_h, [dstend, -16]
+-	ret
+-
+-	.p2align 4
+-	/* Small copies: 0..16 bytes.  */
+-L(copy16):
+-	cmp	count, 8
+-	b.lo	1f
+-	ldr	A_l, [src]
+-	ldr	A_h, [srcend, -8]
+-	str	A_l, [dstin]
+-	str	A_h, [dstend, -8]
+-	ret
+-	.p2align 4
+-1:
+-	tbz	count, 2, 1f
+-	ldr	A_lw, [src]
+-	ldr	A_hw, [srcend, -4]
+-	str	A_lw, [dstin]
+-	str	A_hw, [dstend, -4]
+-	ret
+-
+-	/* Copy 0..3 bytes.  Use a branchless sequence that copies the same
+-	   byte 3 times if count==1, or the 2nd byte twice if count==2.  */
+-1:
+-	cbz	count, 2f
+-	lsr	tmp1, count, 1
+-	ldrb	A_lw, [src]
+-	ldrb	A_hw, [srcend, -1]
+-	ldrb	B_lw, [src, tmp1]
+-	strb	A_lw, [dstin]
+-	strb	B_lw, [dstin, tmp1]
+-	strb	A_hw, [dstend, -1]
+-2:	ret
+-
+-	.p2align 4
+-	/* Copy 64..96 bytes.  Copy 64 bytes from the start and
+-	   32 bytes from the end.  */
+-L(copy96):
+-	ldp	B_l, B_h, [src, 16]
+-	ldp	C_l, C_h, [src, 32]
+-	ldp	D_l, D_h, [src, 48]
+-	ldp	E_l, E_h, [srcend, -32]
+-	ldp	F_l, F_h, [srcend, -16]
+-	stp	A_l, A_h, [dstin]
+-	stp	B_l, B_h, [dstin, 16]
+-	stp	C_l, C_h, [dstin, 32]
+-	stp	D_l, D_h, [dstin, 48]
+-	stp	E_l, E_h, [dstend, -32]
+-	stp	F_l, F_h, [dstend, -16]
+-	ret
+-
+-	/* Align DST to 16 byte alignment so that we don't cross cache line
+-	   boundaries on both loads and stores.	 There are at least 96 bytes
+-	   to copy, so copy 16 bytes unaligned and then align.	The loop
+-	   copies 64 bytes per iteration and prefetches one iteration ahead.  */
+-
+-	.p2align 4
+-L(copy_long):
+-	and	tmp1, dstin, 15
+-	bic	dst, dstin, 15
+-	ldp	D_l, D_h, [src]
+-	sub	src, src, tmp1
+-	add	count, count, tmp1	/* Count is now 16 too large.  */
+-	ldp	A_l, A_h, [src, 16]
+-	stp	D_l, D_h, [dstin]
+-	ldp	B_l, B_h, [src, 32]
+-	ldp	C_l, C_h, [src, 48]
+-	ldp	D_l, D_h, [src, 64]!
+-	subs	count, count, 128 + 16	/* Test and readjust count.  */
+-	b.ls	2f
+-1:
+-	stp	A_l, A_h, [dst, 16]
+-	ldp	A_l, A_h, [src, 16]
+-	stp	B_l, B_h, [dst, 32]
+-	ldp	B_l, B_h, [src, 32]
+-	stp	C_l, C_h, [dst, 48]
+-	ldp	C_l, C_h, [src, 48]
+-	stp	D_l, D_h, [dst, 64]!
+-	ldp	D_l, D_h, [src, 64]!
+-	subs	count, count, 64
+-	b.hi	1b
+-
+-	/* Write the last full set of 64 bytes.	 The remainder is at most 64
+-	   bytes, so it is safe to always copy 64 bytes from the end even if
+-	   there is just 1 byte left.  */
+-2:
+-	ldp	E_l, E_h, [srcend, -64]
+-	stp	A_l, A_h, [dst, 16]
+-	ldp	A_l, A_h, [srcend, -48]
+-	stp	B_l, B_h, [dst, 32]
+-	ldp	B_l, B_h, [srcend, -32]
+-	stp	C_l, C_h, [dst, 48]
+-	ldp	C_l, C_h, [srcend, -16]
+-	stp	D_l, D_h, [dst, 64]
+-	stp	E_l, E_h, [dstend, -64]
+-	stp	A_l, A_h, [dstend, -48]
+-	stp	B_l, B_h, [dstend, -32]
+-	stp	C_l, C_h, [dstend, -16]
+-	ret
+-
+-	.size	memcpy, . - memcpy
+ #endif
+-- 
+2.38.0
+
@@ -0,0 +1,5 @@
+require ts-arm-platforms.inc
+
+EXTRA_OECMAKE:append:corstone1000 = "-DMM_COMM_BUFFER_ADDRESS=0x02000000 \
+                                     -DMM_COMM_BUFFER_PAGE_COUNT=1 \
+                                    "
@@ -0,0 +1,15 @@
+FILESEXTRAPATHS:prepend:corstone1000 := "${THISDIR}/corstone1000:"
+
+COMPATIBLE_MACHINE:corstone1000 = "corstone1000"
+SRC_URI:append:corstone1000  = " \
+    file://0001-Add-stub-capsule-update-service-components.patch;patchdir=../trusted-services \
+    file://0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \
+    file://0003-FMP-Support-in-Corstone1000.patch;patchdir=../trusted-services \
+    file://0004-GetNextVariableName-Fix.patch;patchdir=../trusted-services     \
+    file://0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch;patchdir=../trusted-services \
+    file://0006-plat-corstone1000-Use-the-stateless-platform-service.patch;patchdir=../trusted-services \
+    file://0007-plat-corstone1000-Initialize-capsule-update-provider.patch;patchdir=../trusted-services \
+    "
+
+
+COMPATIBLE_MACHINE:n1sdp = "n1sdp"
@@ -0,0 +1 @@
+require ts-arm-platforms.inc
@@ -0,0 +1,8 @@
+FILESEXTRAPATHS:prepend:corstone1000 := "${THISDIR}/corstone1000/${PN}:"
+
+COMPATIBLE_MACHINE:corstone1000 = "corstone1000"
+SRC_URI:append:corstone1000 = " \
+  file://0001-newlib-memcpy-remove-optimized-version.patch;patchdir=../newlib \
+"
+
+COMPATIBLE_MACHINE:n1sdp = "n1sdp"
@@ -0,0 +1,9 @@
+FILESEXTRAPATHS:prepend:corstone1000 := "${THISDIR}/corstone1000/psa-apitest:"
+
+include ts-arm-platforms.inc
+
+SRC_URI:append:corstone1000  = " \
+    file://0001-corstone1000-port-crypto-config.patch;patchdir=../psatest \
+    file://0002-corstone1000-Disable-obsolete-algorithms.patch;patchdir=../psatest \
+    file://0003-corstone1000-Disable-SHA512-384.patch;patchdir=../psatest \
+    "
@@ -0,0 +1 @@
+require ts-psa-api-test.inc
@@ -0,0 +1 @@
+require ts-psa-api-test.inc
@@ -0,0 +1 @@
+require ts-psa-api-test.inc
@@ -0,0 +1 @@
+require ts-psa-api-test.inc
@@ -0,0 +1 @@
+require ts-arm-platforms.inc
@@ -0,0 +1 @@
+require ts-arm-platforms.inc
@@ -0,0 +1 @@
+require ts-arm-platforms.inc
@@ -0,0 +1 @@
+require ts-arm-platforms.inc
@@ -0,0 +1,5 @@
+require ts-arm-platforms.inc
+
+EXTRA_OECMAKE:append:corstone1000 = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x02000000" \
+    -DMM_COMM_BUFFER_PAGE_COUNT="1" \
+    "
@@ -0,0 +1,5 @@
+require ts-arm-platforms.inc
+
+EXTRA_OECMAKE:append:corstone1000 = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x02000000" \
+    -DMM_COMM_BUFFER_PAGE_COUNT="1" \
+    "
@@ -0,0 +1 @@
+require ts-arm-platforms.inc
@@ -0,0 +1 @@
+require ts-arm-platforms.inc