[PATCH 01/16] arm/trusted-services: update TS version

[PATCH 01/16] arm/trusted-services: update TS version

[Gyorgy Szing]

This change updates to latest available version of Trusted Services.
List of changes:
  - adapt SP recipes to file structure changes and support for
    "configurations". In TS each SP can be built in various different
    setups to allow adapting to platform and integration specific
    differences.
  - MbedTLS dependency has been updated to v3.3.0.
      - This needs new python dependencies are required in the build
        environment.
      - psa-acs was updated to a matching version.
      - do_patch() has been updated to support the MbedTLS patch added
        in TS.
  - Update TS dependency patching method to use git instead of patch.
  - Downgrade nanopb to match up-stream dependency version.

Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
---
 .../trusted-services/trusted-services-src.inc | 27 +++++++++----------
 .../trusted-services/ts-demo_git.bb           |  1 +
 .../trusted-services/ts-newlib_4.1.0.bb       |  4 +--
 .../ts-psa-api-test-common_git.inc            |  4 ++-
 .../trusted-services/ts-sp-attestation_git.bb |  3 ++-
 .../trusted-services/ts-sp-crypto_git.bb      |  5 ++--
 .../trusted-services/ts-sp-env-test_git.bb    |  3 ++-
 .../trusted-services/ts-sp-its_git.bb         |  3 ++-
 .../trusted-services/ts-sp-se-proxy_git.bb    |  3 ++-
 .../trusted-services/ts-sp-smm-gateway_git.bb |  3 ++-
 .../trusted-services/ts-sp-storage_git.bb     |  3 ++-
 11 files changed, 32 insertions(+), 27 deletions(-)

diff --git a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
index dc295506..c3ab7867 100644
--- a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
+++ b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
@@ -5,8 +5,8 @@ LICENSE = "Apache-2.0 & BSD-3-Clause & BSD-2-Clause & Zlib"
 SRC_URI = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https;branch=integration;name=trusted-services;destsuffix=git/trusted-services \
 "
 
-#latest on 12.10.22.
-SRCREV_trusted-services = "3d4956770f89eb9ae0a73257901ae6277c078da6"
+#Latest on 2023 April 25
+SRCREV="0d292e7c879076ea36cc39e30e0ac930b71e8cd8"
 LIC_FILES_CHKSUM = "file://${S}/license.rst;md5=ea160bac7f690a069c608516b17997f4"
 
 S = "${WORKDIR}/git/trusted-services"
@@ -17,14 +17,14 @@ SRC_URI += "git://github.com/dgibson/dtc;name=dtc;protocol=https;branch=main;des
 SRCREV_dtc = "b6910bec11614980a21e46fbccc35934b671bd81"
 LIC_FILES_CHKSUM += "file://../dtc/README.license;md5=a1eb22e37f09df5b5511b8a278992d0e"
 
-# MbedTLS, tag "mbedtls-3.1.0"
+# MbedTLS, tag "mbedtls-3.3.0"
 SRC_URI += "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;branch=master;destsuffix=git/mbedtls"
-SRCREV_mbedtls = "d65aeb37349ad1a50e0f6c9b694d4b5290d60e49"
+SRCREV_mbedtls = "8c89224991adff88d53cd380f42a2baa36f91454"
 LIC_FILES_CHKSUM += "file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
 
-# Nanopb, tag "nanopb-0.4.6"
+# Nanopb, tag "nanopb-0.4.2"
 SRC_URI += "git://github.com/nanopb/nanopb.git;name=nanopb;protocol=https;branch=master;destsuffix=git/nanopb"
-SRCREV_nanopb = "afc499f9a410fc9bbf6c9c48cdd8d8b199d49eb4"
+SRCREV_nanopb = "df0e92f474f9cca704fe2b31483f0b4d1b1715a4"
 LIC_FILES_CHKSUM += "file://../nanopb/LICENSE.txt;md5=9db4b73a55a3994384112efcdb37c01f"
 
 # qcbor, tag "v1.0.0"
@@ -54,15 +54,12 @@ LIC_FILES_CHKSUM += "file://../openamp/LICENSE.md;md5=a8d8cf662ef6bf9936a1e14135
 
 # TS ships patches for external dependencies that needs to be applied
 apply_ts_patches() {
-    for p in ${S}/external/qcbor/*.patch; do
-        patch -p1 -N -d ${WORKDIR}/git/qcbor < ${p} || true
-    done
-    for p in ${S}/external/t_cose/*.patch; do
-        patch -p1 -N -d ${WORKDIR}/git/tcose < ${p} || true
-    done
-    for p in ${S}/external/CppUTest/*.patch; do
-        patch -p1 -d ${WORKDIR}/git/cpputest < ${p}
-    done
+    ( cd ${WORKDIR}/git/qcbor;    git stash; git branch -f bf_am; git am ${S}/external/qcbor/*.patch; git reset bf_am )
+    ( cd ${WORKDIR}/git/tcose;    git stash; git branch -f bf_am; git am ${S}/external/t_cose/*.patch; git reset bf_am )
+    ( cd ${WORKDIR}/git/mbedtls;  git stash; git branch -f bf_am; git am ${S}/external/MbedTLS/*.patch; git reset bf_am )
+    ( cd ${WORKDIR}/git/cpputest; git stash; git apply ${S}/external/CppUTest/*.patch )
+    ( cd ${WORKDIR}/git/dtc;      git stash; git apply ${S}/external/libfdt/*.patch )
+    ( cd ${WORKDIR}/git/nanopb;   git stash; git apply ${S}/external/nanopb/*.patch )
 }
 do_patch[postfuncs] += "apply_ts_patches"
 
diff --git a/meta-arm/recipes-security/trusted-services/ts-demo_git.bb b/meta-arm/recipes-security/trusted-services/ts-demo_git.bb
index a9f7b65f..668bde56 100644
--- a/meta-arm/recipes-security/trusted-services/ts-demo_git.bb
+++ b/meta-arm/recipes-security/trusted-services/ts-demo_git.bb
@@ -6,6 +6,7 @@ TS_ENV = "arm-linux"
 
 require trusted-services.inc
 
+DEPENDS        += "python3-jsonschema-native python3-jinja2-native"
 DEPENDS        += "libts"
 RDEPENDS:${PN} += "libts"
 
diff --git a/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb b/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb
index 408c7d3c..24a724a4 100644
--- a/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb
+++ b/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb
@@ -22,9 +22,7 @@ OECMAKE_SOURCEPATH = "${S}/deployments/newlib/${TS_ENV}/"
 
 # TS ships a patch that needs to be applied to newlib
 apply_ts_patch() {
-    for p in ${S}/external/newlib/*.patch; do
-        patch -p1 -d ${WORKDIR}/git/newlib < ${p}
-    done
+    ( cd ${WORKDIR}/git/newlib;    git stash; git branch -f bf_am; git am ${S}/external/newlib/*.patch; git reset bf_am )
 }
 do_patch[postfuncs] += "apply_ts_patch"
 
diff --git a/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc b/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc
index 41cb0c08..8a7b0e5c 100644
--- a/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc
+++ b/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc
@@ -4,6 +4,8 @@ TS_ENV = "arm-linux"
 
 require trusted-services.inc
 
+DEPENDS        += "python3-jsonschema-native python3-jinja2-native"
+
 DEPENDS        += "libts"
 RDEPENDS:${PN} += "libts"
 
@@ -11,7 +13,7 @@ SRC_URI += "git://github.com/ARM-software/psa-arch-tests.git;name=psatest;protoc
             file://0001-Pass-Yocto-build-settings-to-psa-arch-tests-native.patch;patchdir=../psatest \
            "
 
-SRCREV_psatest = "451aa087a40d02c7d04778235014c5619d126471"
+SRCREV_psatest = "38cb53a4d9e292435ddf7899960b15af62decfbe"
 LIC_FILES_CHKSUM += "file://../psatest/LICENSE.md;md5=2a944942e1496af1886903d274dedb13"
 
 EXTRA_OECMAKE += "\
diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb
index eef05fe3..6cddfb03 100644
--- a/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb
+++ b/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb
@@ -3,5 +3,6 @@ DESCRIPTION = "Trusted Services attestation service provider"
 require ts-sp-common.inc
 
 SP_UUID = "${ATTESTATION_UUID}"
+TS_SP_IAT_CONFIG ?= "default"
 
-OECMAKE_SOURCEPATH="${S}/deployments/attestation/${TS_ENV}"
+OECMAKE_SOURCEPATH="${S}/deployments/attestation/config/${TS_SP_IAT_CONFIG}-${TS_ENV}"
diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb
index 77a28557..867e4a81 100644
--- a/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb
+++ b/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb
@@ -3,7 +3,8 @@ DESCRIPTION = "Trusted Services crypto service provider"
 require ts-sp-common.inc
 
 SP_UUID = "${CRYPTO_UUID}"
+TS_SP_CRYPTO_CONFIG ?= "default"
 
-DEPENDS += "python3-protobuf-native"
+DEPENDS += "python3-protobuf-native python3-jsonschema-native python3-jinja2-native"
 
-OECMAKE_SOURCEPATH="${S}/deployments/crypto/${TS_ENV}"
+OECMAKE_SOURCEPATH="${S}/deployments/crypto/config/${TS_SP_CRYPTO_CONFIG}-${TS_ENV}"
diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-env-test_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-env-test_git.bb
index 040fd4d1..5551a4de 100644
--- a/meta-arm/recipes-security/trusted-services/ts-sp-env-test_git.bb
+++ b/meta-arm/recipes-security/trusted-services/ts-sp-env-test_git.bb
@@ -6,5 +6,6 @@ require ts-sp-common.inc
 COMPATIBLE_MACHINE ?= "invalid"
 
 SP_UUID = "${ENV_TEST_UUID}"
+TS_SP_ENVTEST_CONFIG ?= "baremetal-fvp_base_revc"
 
-OECMAKE_SOURCEPATH="${S}/deployments/env-test/${TS_ENV}"
+OECMAKE_SOURCEPATH="${S}/deployments/env-test/config/${TS_SP_ENVTEST_CONFIG}-${TS_ENV}"
diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb
index 4eb5dc5e..5472dbda 100644
--- a/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb
+++ b/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb
@@ -3,5 +3,6 @@ DESCRIPTION = "Trusted Services internal secure storage service provider"
 require ts-sp-common.inc
 
 SP_UUID = "${ITS_UUID}"
+TS_SP_ITS_CONFIG ?= "default"
 
-OECMAKE_SOURCEPATH="${S}/deployments/internal-trusted-storage/${TS_ENV}"
+OECMAKE_SOURCEPATH="${S}/deployments/internal-trusted-storage/config/${TS_SP_ITS_CONFIG}-${TS_ENV}"
diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb
index b9246418..26781434 100644
--- a/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb
+++ b/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb
@@ -3,7 +3,8 @@ DESCRIPTION = "Trusted Services proxy service providers"
 require ts-sp-common.inc
 
 SP_UUID = "${SE_PROXY_UUID}"
+TS_SP_SE_PROXY_CONFIG ?= "default"
 
 DEPENDS += "python3-protobuf-native"
 
-OECMAKE_SOURCEPATH="${S}/deployments/se-proxy/${TS_ENV}"
+OECMAKE_SOURCEPATH="${S}/deployments/se-proxy/config/${TS_SP_SE_PROXY_CONFIG}-${TS_ENV}"
diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb
index 06ca6bd1..752f7fe7 100644
--- a/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb
+++ b/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb
@@ -3,5 +3,6 @@ DESCRIPTION = "Trusted Services service provider for UEFI SMM services"
 require ts-sp-common.inc
 
 SP_UUID = "${SMM_GATEWAY_UUID}"
+TS_SP_SMM_GATEWAY_CONFIG ?= "default"
 
-OECMAKE_SOURCEPATH="${S}/deployments/smm-gateway/${TS_ENV}"
+OECMAKE_SOURCEPATH="${S}/deployments/smm-gateway/config/${TS_SP_SMM_GATEWAY_CONFIG}-${TS_ENV}"
diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb
index c8937546..5b2f47b3 100644
--- a/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb
+++ b/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb
@@ -3,5 +3,6 @@ DESCRIPTION = "Trusted Services secure storage service provider"
 require ts-sp-common.inc
 
 SP_UUID = "${STORAGE_UUID}"
+TS_SP_PS_CONFIG ?= "default"
 
-OECMAKE_SOURCEPATH="${S}/deployments/protected-storage/${TS_ENV}"
+OECMAKE_SOURCEPATH="${S}/deployments/protected-storage/config/${TS_SP_PS_CONFIG}-${TS_ENV}"
-- 
2.39.1.windows.1

[PATCH 02/16] optee-os: remove v3.18 pin of OP-TEE on qemuarm64-secureboot

[Gyorgy Szing]

To enable up-to date version of Trusted Services op-tee v3.20 or newer
is needed.

Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
---
 meta-arm/conf/machine/qemuarm64-secureboot.conf | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/meta-arm/conf/machine/qemuarm64-secureboot.conf b/meta-arm/conf/machine/qemuarm64-secureboot.conf
index 7277817d..55c4cab4 100644
--- a/meta-arm/conf/machine/qemuarm64-secureboot.conf
+++ b/meta-arm/conf/machine/qemuarm64-secureboot.conf
@@ -23,6 +23,3 @@ WKS_FILE_DEPENDS = "trusted-firmware-a"
 IMAGE_BOOT_FILES = "${KERNEL_IMAGETYPE}"
 
 MACHINE_FEATURES += "optee-ftpm"
-
-PREFERRED_VERSION_optee-os ?= "3.18.%"
-
-- 
2.39.1.windows.1

[PATCH 03/16] arm/oeqa: Make ts-service-test config match selected SPs

[Gyorgy Szing]

From: Anton Antonov <Anton.Antonov@arm.com>

Split tests to groups, and enable groups based on machine features set.
This allows limiting tests to testing deployed SPs only.

Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
---
 .../oeqa/runtime/cases/trusted_services.py    | 78 +++++++++++++++++--
 1 file changed, 71 insertions(+), 7 deletions(-)

diff --git a/meta-arm/lib/oeqa/runtime/cases/trusted_services.py b/meta-arm/lib/oeqa/runtime/cases/trusted_services.py
index a5f93760..1eeca205 100644
--- a/meta-arm/lib/oeqa/runtime/cases/trusted_services.py
+++ b/meta-arm/lib/oeqa/runtime/cases/trusted_services.py
@@ -3,25 +3,23 @@
 from oeqa.runtime.case import OERuntimeTestCase
 from oeqa.core.decorator.depends import OETestDepends
 from oeqa.runtime.decorator.package import OEHasPackage
+from oeqa.core.decorator.data import skipIfNotInDataVar
 
 class TrustedServicesTest(OERuntimeTestCase):
 
-    def run_test_tool(self, cmd, expected_status=0 ):
+    def run_test_tool(self, cmd, expected_status=0, expected_output=None ):
         """ Run a test utility """
 
         status, output = self.target.run(cmd)
         self.assertEqual(status, expected_status, msg='\n'.join([cmd, output]))
+        if expected_output is not None:
+            self.assertEqual(output, expected_output, msg='\n'.join([cmd, output]))
 
     @OEHasPackage(['ts-demo'])
     @OETestDepends(['ssh.SSHTest.test_ssh'])
     def test_00_ts_demo(self):
         self.run_test_tool('ts-demo')
 
-    @OEHasPackage(['ts-service-test'])
-    @OETestDepends(['ssh.SSHTest.test_ssh'])
-    def test_01_ts_service_test(self):
-        self.run_test_tool('ts-service-test')
-
     @OEHasPackage(['ts-uefi-test'])
     @OETestDepends(['ssh.SSHTest.test_ssh'])
     def test_02_ts_uefi_test(self):
@@ -30,7 +28,8 @@ class TrustedServicesTest(OERuntimeTestCase):
     @OEHasPackage(['ts-psa-crypto-api-test'])
     @OETestDepends(['ssh.SSHTest.test_ssh'])
     def test_03_psa_crypto_api_test(self):
-        # There are a few expected PSA Crypto tests failing
+        # There are a two expected PSA Crypto tests failures testing features
+        # TS will not support.
         self.run_test_tool('psa-crypto-api-test', expected_status=46)
 
     @OEHasPackage(['ts-psa-its-api-test'])
@@ -48,3 +47,68 @@ class TrustedServicesTest(OERuntimeTestCase):
     @OETestDepends(['ssh.SSHTest.test_ssh'])
     def test_06_psa_iat_api_test(self):
         self.run_test_tool('psa-iat-api-test')
+
+    @OEHasPackage(['ts-service-test'])
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
+    def test_09_ts_service_grp_check(self):
+        # If this test fails, available test groups in ts-service-test have changed and all
+        # tests using the test executable need to be double checked to ensure test group to
+        # TS SP mapping is still valid. 
+        test_grp_list="FwuServiceTests PsServiceTests ItsServiceTests AttestationProvisioningTests"
+        test_grp_list+=" AttestationServiceTests CryptoKeyDerivationServicePackedcTests"
+        test_grp_list+=" CryptoMacServicePackedcTests CryptoCipherServicePackedcTests"
+        test_grp_list+=" CryptoHashServicePackedcTests CryptoServicePackedcTests"
+        test_grp_list+=" CryptoServiceProtobufTests CryptoServiceLimitTests"
+        test_grp_list+=" DiscoveryServiceTests"
+        self.run_test_tool('ts-service-test -lg', expected_output=test_grp_list)
+
+    @OEHasPackage(['ts-service-test'])
+    @skipIfNotInDataVar('MACHINE_FEATURES', 'ts-fwu', 'FWU SP is not included')
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
+    def test_10_fwu_service_tests(self):
+        self.run_test_tool('ts-service-test -g FwuServiceTests')
+
+    @OEHasPackage(['ts-service-test'])
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
+    def test_11_ps_service_tests(self):
+        if 'ts-storage' not in self.tc.td['MACHINE_FEATURES'] and \
+           'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']:
+            self.skipTest('Storage SP is not included into OPTEE')
+        self.run_test_tool('ts-service-test -g PsServiceTests')
+
+    @OEHasPackage(['ts-service-test'])
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
+    def test_12_its_service_tests(self):
+        if 'ts-its' not in self.tc.td['MACHINE_FEATURES'] and \
+           'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']:
+            self.skipTest('Internal Storage SP is not included into OPTEE')
+        self.run_test_tool('ts-service-test -g ItsServiceTests')
+
+    @OEHasPackage(['ts-service-test'])
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
+    def test_14_attestation_service_tests(self):
+        if 'ts-attestation' not in self.tc.td['MACHINE_FEATURES'] and \
+           'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']:
+            self.skipTest('Attestation SP is not included into OPTEE')
+        for grp in ["AttestationProvisioningTests", "AttestationServiceTests"]:
+            self.run_test_tool('ts-service-test -g %s'%grp)
+
+    @OEHasPackage(['ts-service-test'])
+    @skipIfNotInDataVar('MACHINE_FEATURES', 'ts-crypto', 'Crypto SP is not included')
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
+    def test_15_crypto_service_tests(self):
+        if 'ts-crypto' not in self.tc.td['MACHINE_FEATURES'] and \
+           'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']:
+            self.skipTest('Crypto SP is not included into OPTEE')
+        for grp in ["CryptoKeyDerivationServicePackedcTests", "CryptoMacServicePackedcTests", \
+                    "CryptoCipherServicePackedcTests", "CryptoHashServicePackedcTests", \
+                    "CryptoServicePackedcTests", "CryptoServiceProtobufTests CryptoServiceLimitTests"]:
+            self.run_test_tool('ts-service-test -g %s'%grp)
+
+    @OEHasPackage(['ts-service-test'])
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
+    def test_16_discovery_service_test(self):
+        if 'ts-crypto' not in self.tc.td['MACHINE_FEATURES'] and \
+           'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']:
+            self.skipTest('Crypto SP is not included into OPTEE')
+        self.run_test_tool('ts-service-test -g DiscoveryServiceTests')
-- 
2.39.1.windows.1

[PATCH 04/16] optee-os: Add support for TOS_FW_CONFIG on qemu

[Gyorgy Szing]

OP-TEE SPMC v3.20 and TF-A v2.8 is incompatible on qemu, and OP-TEE
panics during boot because having an SPMC manifest passed to the SPMC is
mandatory since v3.20. TF-A and OP-TEE upstream already fixed this issue
by modifying the ABI between the SPMD and SPMC. Moreover qemu support in
TF-A has been extended to allow building an SPMC manifest DTS file, and
loading it from the FIP package.
This change adds the needed OP-TEE fixes as carried patches. The TF-A
change will be added in the next commit.

Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
---
 ...-core-arm-S-EL1-SPMC-boot-ABI-update.patch |  91 +++++++
 ...-core-ffa-add-TOS_FW_CONFIG-handling.patch | 249 ++++++++++++++++++
 .../recipes-security/optee/optee-os_3.20.0.bb |   3 +
 3 files changed, 343 insertions(+)
 create mode 100644 meta-arm/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch
 create mode 100644 meta-arm/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch

diff --git a/meta-arm/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch b/meta-arm/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch
new file mode 100644
index 00000000..4313a829
--- /dev/null
+++ b/meta-arm/recipes-security/optee/optee-os-3.20.0/0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch
@@ -0,0 +1,91 @@
+From 11f4ea86579bc1a58e4adde2849326f4213694f2 Mon Sep 17 00:00:00 2001
+From: Jens Wiklander <jens.wiklander@linaro.org>
+Date: Mon, 21 Nov 2022 18:17:33 +0100
+Subject: core: arm: S-EL1 SPMC: boot ABI update
+
+Updates the boot ABI for S-EL1 SPMC to align better with other SPMCs,
+like Hafnium, but also with the non-FF-A configuration.
+
+Register usage:
+X0 - TOS FW config [1] address, if not NULL
+X2 - System DTB, if not NULL
+
+Adds check in the default get_aslr_seed() to see if the system DTB is
+present before trying to read kaslr-seed from secure-chosen.
+
+Note that this is an incompatible change and requires corresponding
+change in TF-A ("feat(qemu): update abi between spmd and spmc") [2].
+
+[1] A TF-A concept: TOS_FW_CONFIG - Trusted OS Firmware configuration
+    file. Used by Trusted OS (BL32), that is, OP-TEE in this case
+Link: [2] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=25ae7ad1878244f78206cc7c91f7bdbd267331a1
+
+Upstream-Status: Accepted
+
+Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
+Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
+---
+ core/arch/arm/kernel/boot.c      |  8 +++++++-
+ core/arch/arm/kernel/entry_a64.S | 17 ++++++++---------
+ 2 files changed, 15 insertions(+), 10 deletions(-)
+
+diff --git a/core/arch/arm/kernel/boot.c b/core/arch/arm/kernel/boot.c
+index dd34173e8..e02c02b60 100644
+--- a/core/arch/arm/kernel/boot.c
++++ b/core/arch/arm/kernel/boot.c
+@@ -1502,11 +1502,17 @@ struct ns_entry_context *boot_core_hpen(void)
+ #if defined(CFG_DT)
+ unsigned long __weak get_aslr_seed(void *fdt)
+ {
+-	int rc = fdt_check_header(fdt);
++	int rc = 0;
+ 	const uint64_t *seed = NULL;
+ 	int offs = 0;
+ 	int len = 0;
+ 
++	if (!fdt) {
++		DMSG("No fdt");
++		goto err;
++	}
++
++	rc = fdt_check_header(fdt);
+ 	if (rc) {
+ 		DMSG("Bad fdt: %d", rc);
+ 		goto err;
+diff --git a/core/arch/arm/kernel/entry_a64.S b/core/arch/arm/kernel/entry_a64.S
+index 4c6e9d75c..047ae1f25 100644
+--- a/core/arch/arm/kernel/entry_a64.S
++++ b/core/arch/arm/kernel/entry_a64.S
+@@ -143,21 +143,20 @@
+ 	.endm
+ 
+ FUNC _start , :
+-#if defined(CFG_CORE_SEL1_SPMC)
+ 	/*
+-	 * With OP-TEE as SPMC at S-EL1 the SPMD (SPD_spmd) in TF-A passes
+-	 * the DTB in x0, pagaeble part in x1 and the rest of the registers
+-	 * are unused
++	 * If CFG_CORE_FFA is enabled, then x0 if non-NULL holds the TOS FW
++	 * config [1] address, else x0 if non-NULL holds the pagable part
++	 * address.
++	 *
++	 * [1] A TF-A concept: TOS_FW_CONFIG - Trusted OS Firmware
++	 * configuration file. Used by Trusted OS (BL32), that is, OP-TEE
++	 * here.
+ 	 */
+-	mov	x19, x1		/* Save pagable part */
+-	mov	x20, x0		/* Save DT address */
+-#else
+-	mov	x19, x0		/* Save pagable part address */
++	mov	x19, x0
+ #if defined(CFG_DT_ADDR)
+ 	ldr     x20, =CFG_DT_ADDR
+ #else
+ 	mov	x20, x2		/* Save DT address */
+-#endif
+ #endif
+ 
+ 	adr	x0, reset_vect_table
+-- 
+2.39.1.windows.1
+
diff --git a/meta-arm/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch b/meta-arm/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch
new file mode 100644
index 00000000..add39076
--- /dev/null
+++ b/meta-arm/recipes-security/optee/optee-os-3.20.0/0006-core-ffa-add-TOS_FW_CONFIG-handling.patch
@@ -0,0 +1,249 @@
+From 84f4ef4c4f2f45e2f54597f1afe80d8f8396cc57 Mon Sep 17 00:00:00 2001
+From: Balint Dobszay <balint.dobszay@arm.com>
+Date: Fri, 10 Feb 2023 11:07:27 +0100
+Subject: core: ffa: add TOS_FW_CONFIG handling
+
+At boot TF-A passes two DT addresses (HW_CONFIG and TOS_FW_CONFIG), but
+currently only the HW_CONFIG address is saved, the other one is dropped.
+This commit adds functionality to save the TOS_FW_CONFIG too, so we can
+retrieve it later. This is necessary for the CFG_CORE_SEL1_SPMC use
+case, because the SPMC manifest is passed in this DT.
+
+Upstream-Status: Accepted
+
+Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
+Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
+---
+ core/arch/arm/kernel/boot.c               | 60 ++++++++++++++++++++++-
+ core/arch/arm/kernel/entry_a32.S          |  3 +-
+ core/arch/arm/kernel/entry_a64.S          | 13 ++++-
+ core/arch/arm/kernel/link_dummies_paged.c |  4 +-
+ core/arch/arm/kernel/secure_partition.c   |  2 +-
+ core/include/kernel/boot.h                |  7 ++-
+ 6 files changed, 81 insertions(+), 8 deletions(-)
+
+diff --git a/core/arch/arm/kernel/boot.c b/core/arch/arm/kernel/boot.c
+index e02c02b60..98e13c072 100644
+--- a/core/arch/arm/kernel/boot.c
++++ b/core/arch/arm/kernel/boot.c
+@@ -1,6 +1,7 @@
+ // SPDX-License-Identifier: BSD-2-Clause
+ /*
+  * Copyright (c) 2015-2022, Linaro Limited
++ * Copyright (c) 2023, Arm Limited
+  */
+ 
+ #include <arm.h>
+@@ -83,6 +84,9 @@ struct dt_descriptor {
+ };
+ 
+ static struct dt_descriptor external_dt __nex_bss;
++#ifdef CFG_CORE_SEL1_SPMC
++static struct dt_descriptor tos_fw_config_dt __nex_bss;
++#endif
+ #endif
+ 
+ #ifdef CFG_SECONDARY_INIT_CNTFRQ
+@@ -1224,6 +1228,54 @@ static struct core_mmu_phys_mem *get_nsec_memory(void *fdt __unused,
+ #endif /*CFG_CORE_DYN_SHM*/
+ #endif /*!CFG_DT*/
+ 
++#if defined(CFG_CORE_SEL1_SPMC) && defined(CFG_DT)
++void *get_tos_fw_config_dt(void)
++{
++	if (!IS_ENABLED(CFG_MAP_EXT_DT_SECURE))
++		return NULL;
++
++	assert(cpu_mmu_enabled());
++
++	return tos_fw_config_dt.blob;
++}
++
++static void init_tos_fw_config_dt(unsigned long pa)
++{
++	struct dt_descriptor *dt = &tos_fw_config_dt;
++	void *fdt = NULL;
++	int ret = 0;
++
++	if (!IS_ENABLED(CFG_MAP_EXT_DT_SECURE))
++		return;
++
++	if (!pa)
++		panic("No TOS_FW_CONFIG DT found");
++
++	fdt = core_mmu_add_mapping(MEM_AREA_EXT_DT, pa, CFG_DTB_MAX_SIZE);
++	if (!fdt)
++		panic("Failed to map TOS_FW_CONFIG DT");
++
++	dt->blob = fdt;
++
++	ret = fdt_open_into(fdt, fdt, CFG_DTB_MAX_SIZE);
++	if (ret < 0) {
++		EMSG("Invalid Device Tree at %#lx: error %d", pa, ret);
++		panic();
++	}
++
++	IMSG("TOS_FW_CONFIG DT found");
++}
++#else
++void *get_tos_fw_config_dt(void)
++{
++	return NULL;
++}
++
++static void init_tos_fw_config_dt(unsigned long pa __unused)
++{
++}
++#endif /*CFG_CORE_SEL1_SPMC && CFG_DT*/
++
+ #ifdef CFG_CORE_DYN_SHM
+ static void discover_nsec_memory(void)
+ {
+@@ -1361,10 +1413,16 @@ static bool cpu_nmfi_enabled(void)
+  * Note: this function is weak just to make it possible to exclude it from
+  * the unpaged area.
+  */
+-void __weak boot_init_primary_late(unsigned long fdt)
++void __weak boot_init_primary_late(unsigned long fdt,
++				   unsigned long tos_fw_config)
+ {
+ 	init_external_dt(fdt);
++	init_tos_fw_config_dt(tos_fw_config);
++#ifdef CFG_CORE_SEL1_SPMC
++	tpm_map_log_area(get_tos_fw_config_dt());
++#else
+ 	tpm_map_log_area(get_external_dt());
++#endif
+ 	discover_nsec_memory();
+ 	update_external_dt();
+ 	configure_console_from_dt();
+diff --git a/core/arch/arm/kernel/entry_a32.S b/core/arch/arm/kernel/entry_a32.S
+index 0f14ca2f6..3758fd8b7 100644
+--- a/core/arch/arm/kernel/entry_a32.S
++++ b/core/arch/arm/kernel/entry_a32.S
+@@ -1,7 +1,7 @@
+ /* SPDX-License-Identifier: BSD-2-Clause */
+ /*
+  * Copyright (c) 2014, Linaro Limited
+- * Copyright (c) 2021, Arm Limited
++ * Copyright (c) 2021-2023, Arm Limited
+  */
+ 
+ #include <arm32_macros.S>
+@@ -560,6 +560,7 @@ shadow_stack_access_ok:
+ 	str	r0, [r8, #THREAD_CORE_LOCAL_FLAGS]
+ #endif
+ 	mov	r0, r6		/* DT address */
++	mov	r1, #0		/* unused */
+ 	bl	boot_init_primary_late
+ #ifndef CFG_VIRTUALIZATION
+ 	mov	r0, #THREAD_CLF_TMP
+diff --git a/core/arch/arm/kernel/entry_a64.S b/core/arch/arm/kernel/entry_a64.S
+index 047ae1f25..fa76437fb 100644
+--- a/core/arch/arm/kernel/entry_a64.S
++++ b/core/arch/arm/kernel/entry_a64.S
+@@ -1,7 +1,7 @@
+ /* SPDX-License-Identifier: BSD-2-Clause */
+ /*
+  * Copyright (c) 2015-2022, Linaro Limited
+- * Copyright (c) 2021, Arm Limited
++ * Copyright (c) 2021-2023, Arm Limited
+  */
+ 
+ #include <platform_config.h>
+@@ -320,7 +320,11 @@ clear_nex_bss:
+ 	bl	core_mmu_set_default_prtn_tbl
+ #endif
+ 
++#ifdef CFG_CORE_SEL1_SPMC
++	mov	x0, xzr		/* pager not used */
++#else
+ 	mov	x0, x19		/* pagable part address */
++#endif
+ 	mov	x1, #-1
+ 	bl	boot_init_primary_early
+ 
+@@ -337,7 +341,12 @@ clear_nex_bss:
+ 	mov	x22, x0
+ 	str	wzr, [x22, #THREAD_CORE_LOCAL_FLAGS]
+ #endif
+-	mov	x0, x20		/* DT address */
++	mov	x0, x20		/* DT address also known as HW_CONFIG */
++#ifdef CFG_CORE_SEL1_SPMC
++	mov	x1, x19		/* TOS_FW_CONFIG DT address */
++#else
++	mov	x1, xzr		/* unused */
++#endif
+ 	bl	boot_init_primary_late
+ #ifdef CFG_CORE_PAUTH
+ 	init_pauth_per_cpu
+diff --git a/core/arch/arm/kernel/link_dummies_paged.c b/core/arch/arm/kernel/link_dummies_paged.c
+index 3b8287e06..023a5f3f5 100644
+--- a/core/arch/arm/kernel/link_dummies_paged.c
++++ b/core/arch/arm/kernel/link_dummies_paged.c
+@@ -1,6 +1,7 @@
+ // SPDX-License-Identifier: BSD-2-Clause
+ /*
+  * Copyright (c) 2017-2021, Linaro Limited
++ * Copyright (c) 2023, Arm Limited
+  */
+ #include <compiler.h>
+ #include <initcall.h>
+@@ -27,7 +28,8 @@ void __section(".text.dummy.call_finalcalls") call_finalcalls(void)
+ }
+ 
+ void __section(".text.dummy.boot_init_primary_late")
+-boot_init_primary_late(unsigned long fdt __unused)
++boot_init_primary_late(unsigned long fdt __unused,
++		       unsigned long tos_fw_config __unused)
+ {
+ }
+ 
+diff --git a/core/arch/arm/kernel/secure_partition.c b/core/arch/arm/kernel/secure_partition.c
+index 1d36e90b1..d386f1e4d 100644
+--- a/core/arch/arm/kernel/secure_partition.c
++++ b/core/arch/arm/kernel/secure_partition.c
+@@ -1212,7 +1212,7 @@ static TEE_Result fip_sp_map_all(void)
+ 	int subnode = 0;
+ 	int root = 0;
+ 
+-	fdt = get_external_dt();
++	fdt = get_tos_fw_config_dt();
+ 	if (!fdt) {
+ 		EMSG("No SPMC manifest found");
+ 		return TEE_ERROR_GENERIC;
+diff --git a/core/include/kernel/boot.h b/core/include/kernel/boot.h
+index 260854473..941e093b2 100644
+--- a/core/include/kernel/boot.h
++++ b/core/include/kernel/boot.h
+@@ -1,7 +1,7 @@
+ /* SPDX-License-Identifier: BSD-2-Clause */
+ /*
+  * Copyright (c) 2015-2020, Linaro Limited
+- * Copyright (c) 2021, Arm Limited
++ * Copyright (c) 2021-2023, Arm Limited
+  */
+ #ifndef __KERNEL_BOOT_H
+ #define __KERNEL_BOOT_H
+@@ -46,7 +46,7 @@ extern const struct core_mmu_config boot_mmu_config;
+ /* @nsec_entry is unused if using CFG_WITH_ARM_TRUSTED_FW */
+ void boot_init_primary_early(unsigned long pageable_part,
+ 			     unsigned long nsec_entry);
+-void boot_init_primary_late(unsigned long fdt);
++void boot_init_primary_late(unsigned long fdt, unsigned long tos_fw_config);
+ void boot_init_memtag(void);
+ 
+ void __panic_at_smc_return(void) __noreturn;
+@@ -103,6 +103,9 @@ void *get_embedded_dt(void);
+ /* Returns external DTB if present, otherwise NULL */
+ void *get_external_dt(void);
+ 
++/* Returns TOS_FW_CONFIG DTB if present, otherwise NULL */
++void *get_tos_fw_config_dt(void);
++
+ /*
+  * get_aslr_seed() - return a random seed for core ASLR
+  * @fdt:	Pointer to a device tree if CFG_DT_ADDR=y
+-- 
+2.39.1.windows.1
+
diff --git a/meta-arm/recipes-security/optee/optee-os_3.20.0.bb b/meta-arm/recipes-security/optee/optee-os_3.20.0.bb
index 5f4b066a..661a807d 100644
--- a/meta-arm/recipes-security/optee/optee-os_3.20.0.bb
+++ b/meta-arm/recipes-security/optee/optee-os_3.20.0.bb
@@ -7,4 +7,7 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/optee-os-3.20.0:"
 SRCREV = "8e74d47616a20eaa23ca692f4bbbf917a236ed94"
 SRC_URI:append = " \
     file://0004-core-Define-section-attributes-for-clang.patch \
+    file://0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch \
+    file://0006-core-ffa-add-TOS_FW_CONFIG-handling.patch \
    "
+EXTRA_OEMAKE += " CFG_MAP_EXT_DT_SECURE=y"
-- 
2.39.1.windows.1

[PATCH 05/16] arm/trusted-firmware-a: Add TOS_FW_CONFIG handling for quemu

[Gyorgy Szing]

This change:
  - cherry-picks TF-A changes from master which implement passing
    TOS_FW_CONFIG DTB from the FIP package to the trusted OS.
  - add an OP-TEE SPMC specific SPMC manifest file
  - configures TF-A to build the manifest, add it to the FIP package
    and pass it to OP-TEE as a boot argument.

This functionality needs matching changes in OPTEE (OP-TEE v3.21
or v3.20 + carried patches.)

Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
---
 .../files/add-spmc_manifest-for-qemu.patch    |  67 +++++
 ...emu-update-abi-between-spmd-and-spmc.patch | 263 ++++++++++++++++++
 .../trusted-firmware-a_%.bbappend             |   5 +-
 .../trusted-firmware-a_2.8.0.bb               |   6 +
 4 files changed, 340 insertions(+), 1 deletion(-)
 create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/files/add-spmc_manifest-for-qemu.patch
 create mode 100644 meta-arm/recipes-bsp/trusted-firmware-a/files/feat-qemu-update-abi-between-spmd-and-spmc.patch

diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/add-spmc_manifest-for-qemu.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/add-spmc_manifest-for-qemu.patch
new file mode 100644
index 00000000..50a57d61
--- /dev/null
+++ b/meta-arm/recipes-bsp/trusted-firmware-a/files/add-spmc_manifest-for-qemu.patch
@@ -0,0 +1,67 @@
+From e1cbb35ad4655fe13ccb89247c81e850f6392c92 Mon Sep 17 00:00:00 2001
+From: Gyorgy Szing <Gyorgy.Szing@arm.com>
+Date: Mon, 13 Mar 2023 21:15:59 +0100
+Subject: Add spmc_manifest for qemu
+
+This version only supports embedded packaging.
+
+Upstream-Status: Inappropriate [other]
+  - The SPMC manifest is integration specific and should live at an
+    integration spcific place. The manifest file is processed by TF-A
+    and I am adding the patch to TF-A to keep things simple.
+
+Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
+---
+ plat/qemu/fdts/optee_spmc_manifest.dts | 40 ++++++++++++++++++++++++++
+ 1 file changed, 40 insertions(+)
+ create mode 100644 plat/qemu/fdts/optee_spmc_manifest.dts
+
+diff --git a/plat/qemu/fdts/optee_spmc_manifest.dts b/plat/qemu/fdts/optee_spmc_manifest.dts
+new file mode 100644
+index 000000000..ae2ae3d95
+--- /dev/null
++++ b/plat/qemu/fdts/optee_spmc_manifest.dts
+@@ -0,0 +1,40 @@
++/* SPDX-License-Identifier: BSD-3-Clause */
++/*
++ * Copyright (c) 2023, Arm Limited. All rights reserved.
++ */
++
++/dts-v1/;
++
++/ {
++	compatible = "arm,ffa-core-manifest-1.0";
++	#address-cells = <2>;
++	#size-cells = <1>;
++
++	attribute {
++		spmc_id = <0x8000>;
++		maj_ver = <0x1>;
++		min_ver = <0x0>;
++		exec_state = <0x0>;
++		load_address = <0x0 0x0e100000>;
++		entrypoint = <0x0 0x0e100000>;
++		binary_size = <0x80000>;
++	};
++
++/*
++ * This file will be preprocessed by TF-A's build system. If Measured Boot is
++ * enabled in TF-A's config, the build system will add the MEASURED_BOOT=1 macro
++ * to the preprocessor arguments.
++ */
++#if MEASURED_BOOT
++	tpm_event_log {
++		compatible = "arm,tpm_event_log";
++		tpm_event_log_addr = <0x0 0x0>;
++		tpm_event_log_size = <0x0>;
++	};
++#endif
++
++/* If the ARM_BL2_SP_LIST_DTS is defined, SPs should be loaded from FIP */
++#ifdef ARM_BL2_SP_LIST_DTS
++	#error "FIP SP load addresses configuration is missing.
++#endif
++};
+-- 
+2.39.1.windows.1
+
diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/files/feat-qemu-update-abi-between-spmd-and-spmc.patch b/meta-arm/recipes-bsp/trusted-firmware-a/files/feat-qemu-update-abi-between-spmd-and-spmc.patch
new file mode 100644
index 00000000..7c851fd0
--- /dev/null
+++ b/meta-arm/recipes-bsp/trusted-firmware-a/files/feat-qemu-update-abi-between-spmd-and-spmc.patch
@@ -0,0 +1,263 @@
+From d215b0c08e51192baab96d75beaeacf3abf8724e Mon Sep 17 00:00:00 2001
+From: Jens Wiklander <jens.wiklander@linaro.org>
+Date: Fri, 18 Nov 2022 15:40:04 +0100
+Subject: feat(qemu): update abi between spmd and spmc
+
+Updates the ABI between SPMD and the SPMC at S-EL1 so that the hard
+coded SPMC manifest can be replaced by a proper manifest via TOS FW
+Config. TOS FW Config is provided via QEMU_TOS_FW_CONFIG_DTS as a DTS
+file when building.  The DTS is turned into a DTB which is added to the
+FIP.
+
+Note that this is an incompatible change and requires corresponding
+change in OP-TEE ("core: sel1 spmc: boot abi update").
+
+Upstream-Status: Accepted
+
+Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
+Change-Id: Ibabe78ef50a24f775492854ce5ac54e4d471e369
+---
+ plat/qemu/common/qemu_bl2_mem_params_desc.c | 18 +++++++++++-
+ plat/qemu/common/qemu_bl2_setup.c           | 32 +++++++++++++--------
+ plat/qemu/common/qemu_io_storage.c          | 16 ++++++++++-
+ plat/qemu/common/qemu_spmd_manifest.c       | 31 --------------------
+ plat/qemu/qemu/include/platform_def.h       |  3 ++
+ plat/qemu/qemu/platform.mk                  | 12 +++++++-
+ 6 files changed, 66 insertions(+), 46 deletions(-)
+ delete mode 100644 plat/qemu/common/qemu_spmd_manifest.c
+
+diff --git a/plat/qemu/common/qemu_bl2_mem_params_desc.c b/plat/qemu/common/qemu_bl2_mem_params_desc.c
+index 5af3a2264..8d8047c92 100644
+--- a/plat/qemu/common/qemu_bl2_mem_params_desc.c
++++ b/plat/qemu/common/qemu_bl2_mem_params_desc.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2017-2021, ARM Limited and Contributors. All rights reserved.
++ * Copyright (c) 2017-2022, ARM Limited and Contributors. All rights reserved.
+  *
+  * SPDX-License-Identifier: BSD-3-Clause
+  */
+@@ -122,6 +122,22 @@ static bl_mem_params_node_t bl2_mem_params_descs[] = {
+ #endif
+ 	   .next_handoff_image_id = INVALID_IMAGE_ID,
+ 	},
++
++#if defined(SPD_spmd)
++	/* Fill TOS_FW_CONFIG related information */
++	{
++	    .image_id = TOS_FW_CONFIG_ID,
++	    SET_STATIC_PARAM_HEAD(ep_info, PARAM_IMAGE_BINARY,
++		    VERSION_2, entry_point_info_t, SECURE | NON_EXECUTABLE),
++	    SET_STATIC_PARAM_HEAD(image_info, PARAM_IMAGE_BINARY,
++		    VERSION_2, image_info_t, 0),
++	    .image_info.image_base = TOS_FW_CONFIG_BASE,
++	    .image_info.image_max_size = TOS_FW_CONFIG_LIMIT -
++					 TOS_FW_CONFIG_BASE,
++	    .next_handoff_image_id = INVALID_IMAGE_ID,
++	},
++#endif
++
+ # endif /* QEMU_LOAD_BL32 */
+ 
+ 	/* Fill BL33 related information */
+diff --git a/plat/qemu/common/qemu_bl2_setup.c b/plat/qemu/common/qemu_bl2_setup.c
+index 2c0da15b9..6afa3a44d 100644
+--- a/plat/qemu/common/qemu_bl2_setup.c
++++ b/plat/qemu/common/qemu_bl2_setup.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
++ * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
+  *
+  * SPDX-License-Identifier: BSD-3-Clause
+  */
+@@ -149,8 +149,7 @@ static int qemu_bl2_handle_post_image_load(unsigned int image_id)
+ 	bl_mem_params_node_t *paged_mem_params = NULL;
+ #endif
+ #if defined(SPD_spmd)
+-	unsigned int mode_rw = MODE_RW_64;
+-	uint64_t pagable_part = 0;
++	bl_mem_params_node_t *bl32_mem_params = NULL;
+ #endif
+ 
+ 	assert(bl_mem_params);
+@@ -170,17 +169,18 @@ static int qemu_bl2_handle_post_image_load(unsigned int image_id)
+ 		if (err != 0) {
+ 			WARN("OPTEE header parse error.\n");
+ 		}
+-#if defined(SPD_spmd)
+-		mode_rw = bl_mem_params->ep_info.args.arg0;
+-		pagable_part = bl_mem_params->ep_info.args.arg1;
+-#endif
+ #endif
+ 
+-#if defined(SPD_spmd)
+-		bl_mem_params->ep_info.args.arg0 = ARM_PRELOADED_DTB_BASE;
+-		bl_mem_params->ep_info.args.arg1 = pagable_part;
+-		bl_mem_params->ep_info.args.arg2 = mode_rw;
+-		bl_mem_params->ep_info.args.arg3 = 0;
++#if defined(SPMC_OPTEE)
++		/*
++		 * Explicit zeroes to unused registers since they may have
++		 * been populated by parse_optee_header() above.
++		 *
++		 * OP-TEE expects system DTB in x2 and TOS_FW_CONFIG in x0,
++		 * the latter is filled in below for TOS_FW_CONFIG_ID and
++		 * applies to any other SPMC too.
++		 */
++		bl_mem_params->ep_info.args.arg2 = ARM_PRELOADED_DTB_BASE;
+ #elif defined(SPD_opteed)
+ 		/*
+ 		 * OP-TEE expect to receive DTB address in x2.
+@@ -224,6 +224,14 @@ static int qemu_bl2_handle_post_image_load(unsigned int image_id)
+ 
+ 		bl_mem_params->ep_info.spsr = qemu_get_spsr_for_bl33_entry();
+ 		break;
++#if defined(SPD_spmd)
++	case TOS_FW_CONFIG_ID:
++		/* An SPMC expects TOS_FW_CONFIG in x0/r0 */
++		bl32_mem_params = get_bl_mem_params_node(BL32_IMAGE_ID);
++		bl32_mem_params->ep_info.args.arg0 =
++					bl_mem_params->image_info.image_base;
++		break;
++#endif
+ 	default:
+ 		/* Do nothing in default case */
+ 		break;
+diff --git a/plat/qemu/common/qemu_io_storage.c b/plat/qemu/common/qemu_io_storage.c
+index 1107e443f..e2d4932c0 100644
+--- a/plat/qemu/common/qemu_io_storage.c
++++ b/plat/qemu/common/qemu_io_storage.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved.
++ * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
+  *
+  * SPDX-License-Identifier: BSD-3-Clause
+  */
+@@ -24,6 +24,7 @@
+ #define BL2_IMAGE_NAME			"bl2.bin"
+ #define BL31_IMAGE_NAME			"bl31.bin"
+ #define BL32_IMAGE_NAME			"bl32.bin"
++#define TOS_FW_CONFIG_NAME		"tos_fw_config.dtb"
+ #define BL32_EXTRA1_IMAGE_NAME		"bl32_extra1.bin"
+ #define BL32_EXTRA2_IMAGE_NAME		"bl32_extra2.bin"
+ #define BL33_IMAGE_NAME			"bl33.bin"
+@@ -78,6 +79,10 @@ static const io_uuid_spec_t bl32_extra2_uuid_spec = {
+ 	.uuid = UUID_SECURE_PAYLOAD_BL32_EXTRA2,
+ };
+ 
++static const io_uuid_spec_t tos_fw_config_uuid_spec = {
++	.uuid = UUID_TOS_FW_CONFIG,
++};
++
+ static const io_uuid_spec_t bl33_uuid_spec = {
+ 	.uuid = UUID_NON_TRUSTED_FIRMWARE_BL33,
+ };
+@@ -137,6 +142,10 @@ static const io_file_spec_t sh_file_spec[] = {
+ 		.path = BL32_EXTRA2_IMAGE_NAME,
+ 		.mode = FOPEN_MODE_RB
+ 	},
++	[TOS_FW_CONFIG_ID] = {
++		.path = TOS_FW_CONFIG_NAME,
++		.mode = FOPEN_MODE_RB
++	},
+ 	[BL33_IMAGE_ID] = {
+ 		.path = BL33_IMAGE_NAME,
+ 		.mode = FOPEN_MODE_RB
+@@ -252,6 +261,11 @@ static const struct plat_io_policy policies[] = {
+ 		open_fip
+ 	},
+ #endif
++	[TOS_FW_CONFIG_ID] = {
++		&fip_dev_handle,
++		(uintptr_t)&tos_fw_config_uuid_spec,
++		open_fip
++	},
+ 	[BL33_IMAGE_ID] = {
+ 		&fip_dev_handle,
+ 		(uintptr_t)&bl33_uuid_spec,
+diff --git a/plat/qemu/common/qemu_spmd_manifest.c b/plat/qemu/common/qemu_spmd_manifest.c
+deleted file mode 100644
+index fd46e2675..000000000
+--- a/plat/qemu/common/qemu_spmd_manifest.c
++++ /dev/null
+@@ -1,31 +0,0 @@
+-/*
+- * Copyright (c) 2021, ARM Limited and Contributors. All rights reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- */
+-
+-#include <assert.h>
+-
+-#include <services/spm_core_manifest.h>
+-
+-#include <plat/common/platform.h>
+-#include <platform_def.h>
+-
+-int plat_spm_core_manifest_load(spmc_manifest_attribute_t *manifest,
+-				const void *pm_addr)
+-{
+-	entry_point_info_t *ep_info = bl31_plat_get_next_image_ep_info(SECURE);
+-
+-	assert(ep_info != NULL);
+-	assert(manifest != NULL);
+-
+-	manifest->major_version = 1;
+-	manifest->minor_version = 0;
+-	manifest->exec_state = ep_info->args.arg2;
+-	manifest->load_address = BL32_BASE;
+-	manifest->entrypoint = BL32_BASE;
+-	manifest->binary_size = BL32_LIMIT - BL32_BASE;
+-	manifest->spmc_id = 0x8000;
+-
+-	return 0;
+-}
+diff --git a/plat/qemu/qemu/include/platform_def.h b/plat/qemu/qemu/include/platform_def.h
+index c9ed6409f..5c3239cb8 100644
+--- a/plat/qemu/qemu/include/platform_def.h
++++ b/plat/qemu/qemu/include/platform_def.h
+@@ -118,6 +118,9 @@
+ #define BL_RAM_BASE			(SHARED_RAM_BASE + SHARED_RAM_SIZE)
+ #define BL_RAM_SIZE			(SEC_SRAM_SIZE - SHARED_RAM_SIZE)
+ 
++#define TOS_FW_CONFIG_BASE		BL_RAM_BASE
++#define TOS_FW_CONFIG_LIMIT		(TOS_FW_CONFIG_BASE + PAGE_SIZE)
++
+ /*
+  * BL1 specific defines.
+  *
+diff --git a/plat/qemu/qemu/platform.mk b/plat/qemu/qemu/platform.mk
+index 6becc32fa..02493025a 100644
+--- a/plat/qemu/qemu/platform.mk
++++ b/plat/qemu/qemu/platform.mk
+@@ -212,7 +212,10 @@ BL31_SOURCES		+=	lib/cpus/aarch64/aem_generic.S		\
+ 				${QEMU_GIC_SOURCES}
+ 
+ ifeq (${SPD},spmd)
+-BL31_SOURCES		+=	plat/qemu/common/qemu_spmd_manifest.c
++BL31_SOURCES		+=	plat/common/plat_spmd_manifest.c	\
++				common/uuid.c				\
++				${LIBFDT_SRCS} 				\
++				${FDT_WRAPPERS_SOURCES}
+ endif
+ endif
+ 
+@@ -233,6 +236,13 @@ $(eval $(call TOOL_ADD_IMG,bl32_extra2,--tos-fw-extra2))
+ endif
+ endif
+ 
++ifneq ($(QEMU_TOS_FW_CONFIG_DTS),)
++FDT_SOURCES		+=	${QEMU_TOS_FW_CONFIG_DTS}
++QEMU_TOS_FW_CONFIG	:=	${BUILD_PLAT}/fdts/$(notdir $(basename ${QEMU_TOS_FW_CONFIG_DTS})).dtb
++# Add the TOS_FW_CONFIG to FIP
++$(eval $(call TOOL_ADD_PAYLOAD,${QEMU_TOS_FW_CONFIG},--tos-fw-config,${QEMU_TOS_FW_CONFIG}))
++endif
++
+ SEPARATE_CODE_AND_RODATA := 1
+ ENABLE_STACK_PROTECTOR	 := 0
+ ifneq ($(ENABLE_STACK_PROTECTOR), 0)
+-- 
+2.39.1.windows.1
+
diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
index 6cf55d69..e58a0902 100644
--- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
+++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
@@ -47,7 +47,10 @@ EXTRA_OEMAKE:append:arm:qemuall = " \
     BL32_RAM_LOCATION=tdram \
     AARCH32_SP=optee \
     "
-
+# When using OP-TEE SPMC specify the SPMC manifest file.
+EXTRA_OEMAKE:append:qemuarm64-secureboot = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', \
+    'QEMU_TOS_FW_CONFIG_DTS=${S}/plat/qemu/fdts/optee_spmc_manifest.dts', '', d)}"
+     
 do_compile:append:qemuarm64-secureboot() {
     # Create a secure flash image for booting AArch64 Qemu. See:
     # https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/docs/plat/qemu.rst
diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.0.bb b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.0.bb
index 3a5006e5..5830339c 100644
--- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.0.bb
+++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.8.0.bb
@@ -5,6 +5,12 @@ SRCREV_tfa = "9881bb93a3bc0a3ea37e9f093e09ab4b360a9e48"
 
 SRC_URI += "file://rwx-segments.patch"
 
+# Enable passing TOS_FW_CONFIG from FIP package to Trusted OS.
+SRC_URI:append:qemuarm64-secureboot = " \
+            file://add-spmc_manifest-for-qemu.patch \
+            file://feat-qemu-update-abi-between-spmd-and-spmc.patch \
+        "
+
 LIC_FILES_CHKSUM += "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde"
 
 # mbed TLS v2.28.2
-- 
2.39.1.windows.1

[PATCH 06/16] optee-test: backport SWd ABI compatibility changes

[Gyorgy Szing]

The ABI used by the arm-ffa-user driver to call into the SWd changed.
The change was driven by the MM over FF-A ABI implementation which is
used by SmmGW SP and uefi-test. uefi-test uses the same arm-ffa-user
driver as xtest hence xtest needs to be updated to use the new driver.
This xtest change is already merged up-stream but after v3.20, which is
used here.
This change adds backported xtest changes as carried patches.

Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
---
 ...pdate-arm_ffa_user-driver-dependency.patch |  39 +++++
 ..._ffa_user-driver-compatibility-check.patch | 163 ++++++++++++++++++
 .../optee/optee-test_3.20.0.bb                |   2 +
 3 files changed, 204 insertions(+)
 create mode 100644 meta-arm/recipes-security/optee/optee-test/Update-arm_ffa_user-driver-dependency.patch
 create mode 100644 meta-arm/recipes-security/optee/optee-test/ffa_spmc-Add-arm_ffa_user-driver-compatibility-check.patch

diff --git a/meta-arm/recipes-security/optee/optee-test/Update-arm_ffa_user-driver-dependency.patch b/meta-arm/recipes-security/optee/optee-test/Update-arm_ffa_user-driver-dependency.patch
new file mode 100644
index 00000000..e889f740
--- /dev/null
+++ b/meta-arm/recipes-security/optee/optee-test/Update-arm_ffa_user-driver-dependency.patch
@@ -0,0 +1,39 @@
+From 7e15470f3dd45c844f0e0901f0c85c46a0882b8b Mon Sep 17 00:00:00 2001
+From: Gabor Toth <gabor.toth2@arm.com>
+Date: Fri, 3 Mar 2023 12:23:45 +0100
+Subject: [PATCH 1/2] Update arm_ffa_user driver dependency
+
+Updating arm-ffa-user to v5.0.1 to get the following changes:
+ - move to 64 bit direct messages
+ - add Linux Kernel v6.1 compatibility
+The motivation is to update x-test to depend on the same driver
+version as TS uefi-test and thus to enable running these in a single
+configuration.
+Note: arm_ffa_user.h was copied from:
+ - URL:https://git.gitlab.arm.com/linux-arm/linux-trusted-services.git
+ - SHA:18e3be71f65a405dfb5d97603ae71b3c11759861
+
+Upstream-Status: Backport
+
+Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
+Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
+---
+ host/xtest/include/uapi/linux/arm_ffa_user.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/host/xtest/include/uapi/linux/arm_ffa_user.h b/host/xtest/include/uapi/linux/arm_ffa_user.h
+index 9ef0be3..0acde4f 100644
+--- a/host/xtest/include/uapi/linux/arm_ffa_user.h
++++ b/host/xtest/include/uapi/linux/arm_ffa_user.h
+@@ -33,7 +33,7 @@ struct ffa_ioctl_ep_desc {
+  * @dst_id:	[in] 16-bit ID of destination endpoint.
+  */
+ struct ffa_ioctl_msg_args {
+-	__u32 args[5];
++	__u64 args[5];
+ 	__u16 dst_id;
+ };
+ #define FFA_IOC_MSG_SEND	_IOWR(FFA_IOC_MAGIC, FFA_IOC_BASE + 1, \
+-- 
+2.39.1.windows.1
+
diff --git a/meta-arm/recipes-security/optee/optee-test/ffa_spmc-Add-arm_ffa_user-driver-compatibility-check.patch b/meta-arm/recipes-security/optee/optee-test/ffa_spmc-Add-arm_ffa_user-driver-compatibility-check.patch
new file mode 100644
index 00000000..d333e860
--- /dev/null
+++ b/meta-arm/recipes-security/optee/optee-test/ffa_spmc-Add-arm_ffa_user-driver-compatibility-check.patch
@@ -0,0 +1,163 @@
+From 6734d14cc249af37705129de7874533df9535cd3 Mon Sep 17 00:00:00 2001
+From: Gabor Toth <gabor.toth2@arm.com>
+Date: Fri, 3 Mar 2023 12:25:58 +0100
+Subject: [PATCH 2/2] ffa_spmc: Add arm_ffa_user driver compatibility check
+
+Check the version of the arm_ffa_user Kernel Driver and fail with a
+meaningful message if incompatible driver is detected.
+
+Upstream-Status: Backport
+
+Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
+Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
+---
+ host/xtest/ffa_spmc_1000.c | 68 ++++++++++++++++++++++++++++++++++----
+ 1 file changed, 61 insertions(+), 7 deletions(-)
+
+diff --git a/host/xtest/ffa_spmc_1000.c b/host/xtest/ffa_spmc_1000.c
+index 15f4a46..1839d03 100644
+--- a/host/xtest/ffa_spmc_1000.c
++++ b/host/xtest/ffa_spmc_1000.c
+@@ -1,11 +1,12 @@
+ // SPDX-License-Identifier: BSD-3-Clause
+ /*
+- * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.
++ * Copyright (c) 2022-2023, Arm Limited and Contributors. All rights reserved.
+  */
+ #include <fcntl.h>
+ #include <ffa.h>
+ #include <stdio.h>
+ #include <string.h>
++#include <errno.h>
+ #include <sys/ioctl.h>
+ #include <unistd.h>
+ #include "include/uapi/linux/arm_ffa_user.h"
+@@ -17,6 +18,10 @@
+ #define INCORRECT_ENDPOINT_ID 0xffff
+ #define NORMAL_WORLD_ENDPOINT_ID	0
+ 
++#define FFA_USER_REQ_VER_MAJOR 5
++#define FFA_USER_REQ_VER_MINOR 0
++#define FFA_USER_REQ_VER_PATCH 1
++
+ /* Get the 32 least significant bits of a handle.*/
+ #define MEM_SHARE_HANDLE_LOW(x) ((x) & 0xffffffff)
+ /* Get the 32 most significant bits of a handle.*/
+@@ -62,6 +67,50 @@ static struct ffa_ioctl_ep_desc test_endpoint3 = {
+ 	.uuid_ptr = (uint64_t)test_endpoint3_uuid,
+ };
+ 
++static bool check_ffa_user_version(void)
++{
++	FILE *f = NULL;
++	int ver_major = -1;
++	int ver_minor = -1;
++	int ver_patch = -1;
++	int scan_cnt = 0;
++
++	f = fopen("/sys/module/arm_ffa_user/version", "r");
++	if (f) {
++		scan_cnt = fscanf(f, "%d.%d.%d",
++				  &ver_major, &ver_minor, &ver_patch);
++		fclose(f);
++		if (scan_cnt != 3) {
++			printf("error: failed to parse arm_ffa_user version\n");
++			return false;
++		}
++	} else {
++		printf("error: failed to read arm_ffa_user module info - %s\n",
++		       strerror(errno));
++		return false;
++	}
++
++	if (ver_major != FFA_USER_REQ_VER_MAJOR)
++		goto err;
++
++	if (ver_minor < FFA_USER_REQ_VER_MINOR)
++		goto err;
++
++	if (ver_minor == FFA_USER_REQ_VER_MINOR)
++		if (ver_patch < FFA_USER_REQ_VER_PATCH)
++			goto err;
++
++	return true;
++
++err:
++	printf("error: Incompatible arm_ffa_user driver detected.");
++	printf("Found v%d.%d.%d wanted >= v%d.%d.%d)\n",
++	       ver_major, ver_minor, ver_patch, FFA_USER_REQ_VER_MAJOR,
++		   FFA_USER_REQ_VER_MINOR, FFA_USER_REQ_VER_PATCH);
++
++	return false;
++}
++
+ static void close_debugfs(void)
+ {
+ 	int err = 0;
+@@ -76,6 +125,9 @@ static void close_debugfs(void)
+ 
+ static bool init_sp_xtest(ADBG_Case_t *c)
+ {
++	if (!check_ffa_user_version())
++		return false;
++
+ 	if (ffa_fd < 0) {
+ 		ffa_fd = open(FFA_DRIVER_FS_PATH, O_RDWR);
+ 		if (ffa_fd < 0) {
+@@ -83,6 +135,7 @@ static bool init_sp_xtest(ADBG_Case_t *c)
+ 			return false;
+ 		}
+ 	}
++
+ 	return true;
+ }
+ 
+@@ -99,7 +152,7 @@ static uint16_t get_endpoint_id(uint64_t endp)
+ 	struct ffa_ioctl_ep_desc sid = { .uuid_ptr = endp };
+ 
+ 	/* Get ID of destination SP based on UUID */
+-	if(ioctl(ffa_fd, FFA_IOC_GET_PART_ID, &sid))
++	if (ioctl(ffa_fd, FFA_IOC_GET_PART_ID, &sid))
+ 		return INCORRECT_ENDPOINT_ID;
+ 
+ 	return sid.id;
+@@ -213,14 +266,15 @@ static int set_up_mem(struct ffa_ioctl_ep_desc *endp,
+ 	rc = share_mem(endpoint, handle);
+ 	ADBG_EXPECT_COMPARE_SIGNED(c, rc, ==, 0);
+ 
+-	if (!ADBG_EXPECT_TRUE(c, handle != NULL))
+-	     return TEEC_ERROR_GENERIC;
++	if (!ADBG_EXPECT_NOT_NULL(c, handle))
++		return TEEC_ERROR_GENERIC;
+ 
+ 	/* SP will retrieve the memory region. */
+ 	memset(args, 0, sizeof(*args));
+ 	args->dst_id = endpoint;
+ 	args->args[MEM_SHARE_HANDLE_LOW_INDEX] = MEM_SHARE_HANDLE_LOW(*handle);
+-	args->args[MEM_SHARE_HANDLE_HIGH_INDEX] = MEM_SHARE_HANDLE_HIGH(*handle);
++	args->args[MEM_SHARE_HANDLE_HIGH_INDEX] =
++		MEM_SHARE_HANDLE_HIGH(*handle);
+ 	args->args[MEM_SHARE_HANDLE_ENDPOINT_INDEX] = NORMAL_WORLD_ENDPOINT_ID;
+ 
+ 	rc = start_sp_test(endpoint, EP_RETRIEVE, args);
+@@ -254,7 +308,7 @@ static void xtest_ffa_spmc_test_1002(ADBG_Case_t *c)
+ 	rc = start_sp_test(endpoint1_id, EP_TEST_SP, &args);
+ 	ADBG_EXPECT_COMPARE_SIGNED(c, rc, ==, 0);
+ 	if (!ADBG_EXPECT_COMPARE_UNSIGNED(c, args.args[0], ==, SPMC_TEST_OK))
+-	     goto out;
++		goto out;
+ 
+ 	/* Set up memory and have the SP retrieve it. */
+ 	Do_ADBG_BeginSubCase(c, "Test memory set-up");
+@@ -469,7 +523,7 @@ static void xtest_ffa_spmc_test_1005(ADBG_Case_t *c)
+ 	memset(&args, 0, sizeof(args));
+ 	args.args[1] = endpoint2;
+ 	args.args[2] = endpoint3;
+-	rc = start_sp_test(endpoint1, EP_SP_MEM_SHARING_MULTI,&args);
++	rc = start_sp_test(endpoint1, EP_SP_MEM_SHARING_MULTI, &args);
+ 	ADBG_EXPECT_COMPARE_SIGNED(c, rc, ==, 0);
+ 	ADBG_EXPECT_COMPARE_UNSIGNED(c, args.args[0], ==, SPMC_TEST_OK);
+ 
+-- 
+2.39.1.windows.1
+
diff --git a/meta-arm/recipes-security/optee/optee-test_3.20.0.bb b/meta-arm/recipes-security/optee/optee-test_3.20.0.bb
index 95452b6a..50f5afe7 100644
--- a/meta-arm/recipes-security/optee/optee-test_3.20.0.bb
+++ b/meta-arm/recipes-security/optee/optee-test_3.20.0.bb
@@ -1,6 +1,8 @@
 require optee-test.inc
 
 SRC_URI:append = " \
+    file://Update-arm_ffa_user-driver-dependency.patch \
+    file://ffa_spmc-Add-arm_ffa_user-driver-compatibility-check.patch \
     file://musl-workaround.patch \
    "
 SRCREV = "5db8ab4c733d5b2f4afac3e9aef0a26634c4b444"
-- 
2.39.1.windows.1

[PATCH 07/16] optee-os: enable SPMC test

[Gyorgy Szing]

Add ta-devkit and optee-test. Change configuration to enable building
and deploying OP-TEE SPMC tests.

Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
---
 .../arm-ffa-user/arm-ffa-user_5.0.1.bb        | 14 +++--
 .../optee/optee-os-tadevkit_3.2%.bbappend     |  4 ++
 .../optee/optee-os-ts-3.18.inc                | 54 +++++++++++++++++++
 .../recipes-security/optee/optee-os-ts.inc    | 10 +++-
 .../optee/optee-os_3.1%.bbappend              |  5 ++
 ...e-os_%.bbappend => optee-os_3.2%.bbappend} |  0
 .../optee/optee-test_3.2%.bbappend            |  7 +++
 .../trusted-services/ts-sp-common.inc         |  4 +-
 .../ts-sp-spm-test-common.inc                 |  7 +++
 .../trusted-services/ts-sp-spm-test1_git.bb   |  5 ++
 .../trusted-services/ts-sp-spm-test2_git.bb   |  6 +++
 .../trusted-services/ts-sp-spm-test3_git.bb   |  6 +++
 .../trusted-services/ts-uuid.inc              |  3 ++
 13 files changed, 118 insertions(+), 7 deletions(-)
 create mode 100644 meta-arm/recipes-security/optee/optee-os-tadevkit_3.2%.bbappend
 create mode 100644 meta-arm/recipes-security/optee/optee-os-ts-3.18.inc
 create mode 100644 meta-arm/recipes-security/optee/optee-os_3.1%.bbappend
 rename meta-arm/recipes-security/optee/{optee-os_%.bbappend => optee-os_3.2%.bbappend} (100%)
 create mode 100644 meta-arm/recipes-security/optee/optee-test_3.2%.bbappend
 create mode 100644 meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc
 create mode 100644 meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb
 create mode 100644 meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb
 create mode 100644 meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb

diff --git a/meta-arm/recipes-kernel/arm-ffa-user/arm-ffa-user_5.0.1.bb b/meta-arm/recipes-kernel/arm-ffa-user/arm-ffa-user_5.0.1.bb
index 1261fa41..726a65bb 100644
--- a/meta-arm/recipes-kernel/arm-ffa-user/arm-ffa-user_5.0.1.bb
+++ b/meta-arm/recipes-kernel/arm-ffa-user/arm-ffa-user_5.0.1.bb
@@ -18,10 +18,16 @@ COMPATIBLE_HOST = "(arm|aarch64).*-linux"
 KERNEL_MODULE_AUTOLOAD += "arm-ffa-user"
 KERNEL_MODULE_PROBECONF += "arm-ffa-user"
 
-# This debugfs driver is used only by uefi-test for testing SmmGW SP
-# UUIDs = SMM Gateway SP
-FFA-USER-UUID-LIST ?= "ed32d533-99e6-4209-9cc0-2d72cdd998a7"
-module_conf_arm-ffa-user = "options arm-ffa-user uuid_str_list=${FFA-USER-UUID-LIST}"
+# SMM Gateway SP
+UUID_LIST = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \
+                                  'ed32d533-99e6-4209-9cc0-2d72cdd998a7', '' , d)}"
+# SPMC Tests SPs
+UUID_LIST:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
+                                  ',5c9edbc3-7b3a-4367-9f83-7c191ae86a37,7817164c-c40c-4d1a-867a-9bb2278cf41a,23eb0100-e32a-4497-9052-2f11e584afa6', '' , d)}"
+
+FFA_USER_UUID_LIST ?= "${@d.getVar('UUID_LIST').strip(',')}"
+
+module_conf_arm-ffa-user = "options arm-ffa-user uuid_str_list=${FFA_USER_UUID_LIST}"
 
 do_install:append() {
     install -d ${D}${includedir}
diff --git a/meta-arm/recipes-security/optee/optee-os-tadevkit_3.2%.bbappend b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.2%.bbappend
new file mode 100644
index 00000000..a9732e4c
--- /dev/null
+++ b/meta-arm/recipes-security/optee/optee-os-tadevkit_3.2%.bbappend
@@ -0,0 +1,4 @@
+# Include extra headers needed by SPMC tests to TA DEVKIT.
+# Supported after op-tee v3.20
+EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
+                                        ' CFG_SPMC_TESTS=y', '' , d)}"
diff --git a/meta-arm/recipes-security/optee/optee-os-ts-3.18.inc b/meta-arm/recipes-security/optee/optee-os-ts-3.18.inc
new file mode 100644
index 00000000..4dffc46d
--- /dev/null
+++ b/meta-arm/recipes-security/optee/optee-os-ts-3.18.inc
@@ -0,0 +1,54 @@
+# Include Trusted Services SPs accordingly to defined machine features
+
+# Please notice that OPTEE will load SPs in the order listed in this file.
+# If an SP requires another SP to be already loaded it must be listed lower.
+
+# TS SPs UUIDs definitions
+require recipes-security/trusted-services/ts-uuid.inc
+
+TS_ENV = "opteesp"
+TS_BIN = "${RECIPE_SYSROOT}/usr/${TS_ENV}/bin"
+
+# ITS SP
+DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \
+                                        ' ts-sp-its', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-its', \
+                                        ' ${TS_BIN}/${ITS_UUID}.stripped.elf', '', d)}"
+
+# Storage SP
+DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \
+                                        ' ts-sp-storage', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-storage', \
+                                        ' ${TS_BIN}/${STORAGE_UUID}.stripped.elf', '', d)}"
+
+# Crypto SP.
+DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \
+                                        ' ts-sp-crypto', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-crypto', \
+                                        ' ${TS_BIN}/${CRYPTO_UUID}.stripped.elf', '', d)}"
+
+# Attestation SP
+DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \
+                                        ' ts-sp-attestation', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', \
+                                        ' ${TS_BIN}/${ATTESTATION_UUID}.stripped.elf', '', d)}"
+
+# Env-test SP
+DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \
+                                        ' ts-sp-env-test', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-env-test', \
+                                        ' ${TS_BIN}/${ENV_TEST_UUID}.stripped.elf', '', d)}"
+
+# SE-Proxy SP
+DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \
+                                        ' ts-sp-se-proxy', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-se-proxy', \
+                                        ' ${TS_BIN}/${SE_PROXY_UUID}.stripped.elf', '', d)}"
+
+# SMM Gateway
+DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \
+                                        ' ts-sp-smm-gateway', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \
+                                        ' ${TS_BIN}/${SMM_GATEWAY_UUID}.stripped.elf', '', d)}"
+
+EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', ' CFG_MAP_EXT_DT_SECURE=y CFG_SECURE_PARTITION=y SP_PATHS="${SP_PATHS}" ', d)}"
diff --git a/meta-arm/recipes-security/optee/optee-os-ts.inc b/meta-arm/recipes-security/optee/optee-os-ts.inc
index 73b8c14f..057dde25 100644
--- a/meta-arm/recipes-security/optee/optee-os-ts.inc
+++ b/meta-arm/recipes-security/optee/optee-os-ts.inc
@@ -51,4 +51,12 @@ DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \
 SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \
                                         ' ${TS_BIN}/${SMM_GATEWAY_UUID}.stripped.elf', '', d)}"
 
-EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', ' CFG_SECURE_PARTITION=y SP_PATHS="${SP_PATHS}" ', d)}"
+# SPM test SPs
+DEPENDS:append  = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
+                                        ' ts-sp-spm-test1 ts-sp-spm-test2 ts-sp-spm-test3', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
+                                        ' ${TS_BIN}/${SPM_TEST1_UUID}.stripped.elf ${TS_BIN}/${SPM_TEST2_UUID}.stripped.elf ${TS_BIN}/${SPM_TEST3_UUID}.stripped.elf', '', d)}"
+EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
+                                        ' CFG_SPMC_TESTS=y', '' , d)}"
+
+EXTRA_OEMAKE:append = "${@oe.utils.conditional('SP_PATHS', '', '', ' CFG_MAP_EXT_DT_SECURE=y CFG_SECURE_PARTITION=y SP_PATHS="${SP_PATHS}" ', d)}"
diff --git a/meta-arm/recipes-security/optee/optee-os_3.1%.bbappend b/meta-arm/recipes-security/optee/optee-os_3.1%.bbappend
new file mode 100644
index 00000000..2ff1b834
--- /dev/null
+++ b/meta-arm/recipes-security/optee/optee-os_3.1%.bbappend
@@ -0,0 +1,5 @@
+# Include Trusted Services Secure Partitions
+require optee-os-ts-3.18.inc
+
+# Conditionally include platform specific Trusted Services related OPTEE build parameters
+EXTRA_OEMAKE:append:qemuarm64-secureboot = "${@oe.utils.conditional('SP_PATHS', '', '', ' CFG_CORE_HEAP_SIZE=131072 CFG_TEE_BENCHMARK=n CFG_TEE_CORE_LOG_LEVEL=4 CFG_CORE_SEL1_SPMC=y ', d)}"
diff --git a/meta-arm/recipes-security/optee/optee-os_%.bbappend b/meta-arm/recipes-security/optee/optee-os_3.2%.bbappend
similarity index 100%
rename from meta-arm/recipes-security/optee/optee-os_%.bbappend
rename to meta-arm/recipes-security/optee/optee-os_3.2%.bbappend
diff --git a/meta-arm/recipes-security/optee/optee-test_3.2%.bbappend b/meta-arm/recipes-security/optee/optee-test_3.2%.bbappend
new file mode 100644
index 00000000..c052774c
--- /dev/null
+++ b/meta-arm/recipes-security/optee/optee-test_3.2%.bbappend
@@ -0,0 +1,7 @@
+# Include ffa_spmc test group if the SPMC test is enabled.
+# Supported after op-tee v3.20
+EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
+                                        ' CFG_SPMC_TESTS=y CFG_SECURE_PARTITION=y', '' , d)}"
+
+RDEPENDS:${PN} += "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
+                                              ' arm-ffa-user', '' , d)}"
diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-common.inc b/meta-arm/recipes-security/trusted-services/ts-sp-common.inc
index 75ddab37..3d756015 100644
--- a/meta-arm/recipes-security/trusted-services/ts-sp-common.inc
+++ b/meta-arm/recipes-security/trusted-services/ts-sp-common.inc
@@ -17,8 +17,8 @@ do_install:append() {
     dtc -I dts -O dtb -o ${D}${TS_INSTALL}/manifest/${SP_UUID}.dtb ${SP_DTS_FILE}
 
     # We do not need libs and headers
-    rm -r --one-file-system ${D}${TS_INSTALL}/lib
-    rm -r --one-file-system ${D}${TS_INSTALL}/include
+    rm -rf --one-file-system ${D}${TS_INSTALL}/lib
+    rm -rf --one-file-system ${D}${TS_INSTALL}/include
 }
 
 # Use Yocto debug prefix maps for compiling assembler.
diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc
new file mode 100644
index 00000000..e357629b
--- /dev/null
+++ b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test-common.inc
@@ -0,0 +1,7 @@
+DESCRIPTION = "Trusted Services SPMC test SPs"
+
+require ts-sp-common.inc
+
+SP_UUID = "${SPM_TEST${SP_INDEX}_UUID}"
+SP_DTS_FILE ?= "${D}${TS_INSTALL}/manifest/${SP_UUID}.dts"
+OECMAKE_SOURCEPATH="${S}/deployments/spm-test${SP_INDEX}/${TS_ENV}"
diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb
new file mode 100644
index 00000000..4cbb970b
--- /dev/null
+++ b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test1_git.bb
@@ -0,0 +1,5 @@
+DESCRIPTION = "Trusted Services SPMC test SP1"
+
+SP_INDEX="1"
+
+require ts-sp-spm-test-common.inc
diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb
new file mode 100644
index 00000000..e6fb822b
--- /dev/null
+++ b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test2_git.bb
@@ -0,0 +1,6 @@
+DESCRIPTION = "Trusted Services SPMC test SP2"
+
+SP_INDEX="2"
+
+require ts-sp-spm-test-common.inc
+
diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb
new file mode 100644
index 00000000..ad3ee76e
--- /dev/null
+++ b/meta-arm/recipes-security/trusted-services/ts-sp-spm-test3_git.bb
@@ -0,0 +1,6 @@
+DESCRIPTION = "Trusted Services SPMC test SP3"
+
+SP_INDEX="3"
+
+require ts-sp-spm-test-common.inc
+
diff --git a/meta-arm/recipes-security/trusted-services/ts-uuid.inc b/meta-arm/recipes-security/trusted-services/ts-uuid.inc
index 7a39f733..c18ec5d7 100644
--- a/meta-arm/recipes-security/trusted-services/ts-uuid.inc
+++ b/meta-arm/recipes-security/trusted-services/ts-uuid.inc
@@ -7,3 +7,6 @@ ITS_UUID         = "dc1eef48-b17a-4ccf-ac8b-dfcff7711b14"
 SE_PROXY_UUID    = "46bb39d1-b4d9-45b5-88ff-040027dab249"
 SMM_GATEWAY_UUID = "ed32d533-99e6-4209-9cc0-2d72cdd998a7"
 STORAGE_UUID     = "751bf801-3dde-4768-a514-0f10aeed1790"
+SPM_TEST1_UUID   = "5c9edbc3-7b3a-4367-9f83-7c191ae86a37"
+SPM_TEST2_UUID   = "7817164c-c40c-4d1a-867a-9bb2278cf41a"
+SPM_TEST3_UUID   = "23eb0100-e32a-4497-9052-2f11e584afa6"
\ No newline at end of file
-- 
2.39.1.windows.1

[PATCH 08/16] arm/oeqa: enable OP-TEE SPMC tests

[Gyorgy Szing]

Run the ffa_spmc test group of xtest if the optee-spmc-test machine
feature is enabled.

Signed-off-by: Anton Antonov <Anton.Antonov@arm.com>
---
 meta-arm/lib/oeqa/runtime/cases/trusted_services.py | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/meta-arm/lib/oeqa/runtime/cases/trusted_services.py b/meta-arm/lib/oeqa/runtime/cases/trusted_services.py
index 1eeca205..88298956 100644
--- a/meta-arm/lib/oeqa/runtime/cases/trusted_services.py
+++ b/meta-arm/lib/oeqa/runtime/cases/trusted_services.py
@@ -62,6 +62,12 @@ class TrustedServicesTest(OERuntimeTestCase):
         test_grp_list+=" DiscoveryServiceTests"
         self.run_test_tool('ts-service-test -lg', expected_output=test_grp_list)
 
+    @OEHasPackage(['optee-test'])
+    @skipIfNotInDataVar('MACHINE_FEATURES', 'optee-spmc-test', 'SPMC Test SPs are not included')
+    @OETestDepends(['ssh.SSHTest.test_ssh'])
+    def test_07_spmc_test(self):
+        self.run_test_tool('xtest -t ffa_spmc')
+
     @OEHasPackage(['ts-service-test'])
     @skipIfNotInDataVar('MACHINE_FEATURES', 'ts-fwu', 'FWU SP is not included')
     @OETestDepends(['ssh.SSHTest.test_ssh'])
-- 
2.39.1.windows.1

[PATCH 09/16] arm-bsp/trusted-services:corstone1000: remove already merged patches

[Gyorgy Szing]

From: Rui Miguel Silva <rui.silva@linaro.org>

Remove already merged patches in trusted services integration
branch to avoid clash during apply patch stage and rebase the
remaining patches.

Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
 ...1-Add-openamp-to-SE-proxy-deployment.patch |  287 --
 ...b-capsule-update-service-components.patch} |   88 +-
 ...in-AEAD-for-psa-arch-test-54-and-58.patch} |    8 +-
 ...iver-and-the-OpenAmp-conversion-laye.patch | 1091 -------
 .../0003-Add-openamp-rpc-caller.patch         | 1196 --------
 ...=> 0003-FMP-Support-in-Corstone1000.patch} |    6 +-
 ...1.7-alignment-Align-PSA-Crypto-SIDs.patch} |   32 +-
 ...-add-psa-client-definitions-for-ff-m.patch |  298 --
 ...mon-service-component-to-ipc-support.patch |  295 --
 ...nment-Align-crypto-iovec-definition.patch} |  135 +-
 .../0006-Add-secure-storage-ipc-backend.patch |  523 ----
 ...gnment-PSA-crypto-client-in-out_vec.patch} |   39 +-
 ...storage-ipc-and-openamp-for-se_proxy.patch |   63 -
 .../corstone1000/0008-Run-psa-arch-test.patch |   72 -
 ...0009-Use-address-instead-of-pointers.patch |  168 --
 ...-Add-psa-ipc-attestation-to-se-proxy.patch |  323 ---
 ...d-as-openamp-rpc-using-secure-storag.patch |  163 --
 .../0012-add-psa-ipc-crypto-backend.patch     | 2570 -----------------
 .../0014-Configure-storage-size.patch         |   42 -
 ...face-structure-aligned-with-tf-m-cha.patch |   31 -
 ...egrate-remaining-psa-ipc-client-APIs.patch |  494 ----
 ...et_key_usage_flags-definition-to-the.patch |   40 -
 ...rstone1000-change-default-smm-values.patch |   37 -
 ...teway-add-checks-for-null-attributes.patch |   35 -
 .../0022-GetNextVariableName-Fix.patch        |   33 -
 ...3-Use-the-stateless-platform-service.patch |  140 -
 .../trusted-services/ts-arm-platforms.inc     |   32 +-
 27 files changed, 128 insertions(+), 8113 deletions(-)
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch
 rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0013-Add-stub-capsule-update-service-components.patch => 0001-Add-stub-capsule-update-service-components.patch} (78%)
 rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch => 0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch} (96%)
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch
 rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0020-FMP-Support-in-Corstone1000.patch => 0003-FMP-Support-in-Corstone1000.patch} (99%)
 rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch => 0004-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch} (95%)
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch
 rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch => 0005-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch} (90%)
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch
 rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch => 0006-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch} (80%)
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0023-Use-the-stateless-platform-service.patch

diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch
deleted file mode 100644
index c44885cf..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch
+++ /dev/null
@@ -1,287 +0,0 @@
-From 13de79cd4f0d25b812e5f4ad4a19bc075496be83 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 16:36:51 +0000
-Subject: [PATCH 01/20] Add openamp to SE proxy deployment
-
-Openamp is required to communicate between secure partitions(running on
-Cortex-A) and trusted-firmware-m(running on Cortex-M).
-These changes are to fetch libmetal and openamp from github repo's
-and build it.
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- deployments/se-proxy/opteesp/lse.S            | 28 ++++++++
- deployments/se-proxy/se-proxy.cmake           |  8 +++
- external/openamp/libmetal-init-cache.cmake.in | 20 ++++++
- external/openamp/libmetal.cmake               | 67 +++++++++++++++++++
- external/openamp/openamp-init-cache.cmake.in  | 20 ++++++
- external/openamp/openamp.cmake                | 66 ++++++++++++++++++
- 6 files changed, 209 insertions(+)
- create mode 100644 deployments/se-proxy/opteesp/lse.S
- create mode 100644 external/openamp/libmetal-init-cache.cmake.in
- create mode 100644 external/openamp/libmetal.cmake
- create mode 100644 external/openamp/openamp-init-cache.cmake.in
- create mode 100644 external/openamp/openamp.cmake
-
-diff --git a/deployments/se-proxy/opteesp/lse.S b/deployments/se-proxy/opteesp/lse.S
-new file mode 100644
-index 000000000000..8e466d65fc2b
---- /dev/null
-+++ b/deployments/se-proxy/opteesp/lse.S
-@@ -0,0 +1,28 @@
-+// SPDX-License-Identifier: BSD-3-Clause
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ */
-+
-+.text
-+.globl __aarch64_cas4_acq_rel
-+.globl __aarch64_cas4_sync
-+
-+__aarch64_cas4_acq_rel:
-+	mov	w16, w0
-+	ldaxr	w0, [x2]
-+	cmp	w0, w16
-+0:	bne	1f
-+
-+	stlxr	w17, w1, [x2]
-+	cbnz	w17, 0b
-+1:	ret
-+
-+__aarch64_cas4_sync:
-+	mov	w16, w0
-+	ldxr	w0, [x2]
-+	cmp	w0, w16
-+0:	bne	1f
-+
-+	stlxr	w17, w1, [x2]
-+	cbnz	w17, 0b
-+1:	ret
-diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
-index 426c66c05350..d39873a0fe81 100644
---- a/deployments/se-proxy/se-proxy.cmake
-+++ b/deployments/se-proxy/se-proxy.cmake
-@@ -61,6 +61,7 @@ add_components(TARGET "se-proxy"
- target_sources(se-proxy PRIVATE
- 	${CMAKE_CURRENT_LIST_DIR}/common/se_proxy_sp.c
- 	${CMAKE_CURRENT_LIST_DIR}/common/service_proxy_factory.c
-+	${CMAKE_CURRENT_LIST_DIR}/opteesp/lse.S
- )
- 
- #-------------------------------------------------------------------------------
-@@ -73,6 +74,13 @@ include(../../../external/nanopb/nanopb.cmake)
- target_link_libraries(se-proxy PRIVATE nanopb::protobuf-nanopb-static)
- protobuf_generate_all(TGT "se-proxy" NAMESPACE "protobuf" BASE_DIR "${TS_ROOT}/protocols")
- 
-+# libmetal
-+include(../../../external/openamp/libmetal.cmake)
-+
-+# OpenAMP
-+include(../../../external/openamp/openamp.cmake)
-+target_link_libraries(se-proxy PRIVATE openamp libmetal)
-+
- #################################################################
- 
- target_include_directories(se-proxy PRIVATE
-diff --git a/external/openamp/libmetal-init-cache.cmake.in b/external/openamp/libmetal-init-cache.cmake.in
-new file mode 100644
-index 000000000000..04c25fbde960
---- /dev/null
-+++ b/external/openamp/libmetal-init-cache.cmake.in
-@@ -0,0 +1,20 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-+# Copyright (c) 2021-2022, Linaro. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+
-+set(CMAKE_INSTALL_PREFIX "@BUILD_INSTALL_DIR@" CACHE STRING "")
-+set(CMAKE_TOOLCHAIN_FILE "@TS_EXTERNAL_LIB_TOOLCHAIN_FILE@" CACHE STRING "")
-+set(BUILD_SHARED_LIBS Off CACHE BOOL "")
-+set(BUILD_STATIC_LIBS On CACHE BOOL "")
-+
-+set(WITH_DOC OFF CACHE BOOL "")
-+set(WITH_TESTS OFF CACHE BOOL "")
-+set(WITH_EXAMPLES OFF CACHE BOOL "")
-+set(WITH_DEFAULT_LOGGER OFF CACHE BOOL "")
-+set(MACHINE "template" CACHE STRING "")
-+
-+@_cmake_fragment@
-diff --git a/external/openamp/libmetal.cmake b/external/openamp/libmetal.cmake
-new file mode 100644
-index 000000000000..6e5004ff555c
---- /dev/null
-+++ b/external/openamp/libmetal.cmake
-@@ -0,0 +1,67 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2022 Linaro Limited
-+# Copyright (c) 2022, Arm Limited. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+
-+set (LIBMETAL_URL "https://github.com/OpenAMP/libmetal.git"
-+		    CACHE STRING "libmetal repository URL")
-+set (LIBMETAL_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/libmetal_install"
-+		    CACHE DIR "libmetal installation directory")
-+set(LIBMETAL_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/libmetal"
-+		CACHE DIR "libmetal source-code")
-+set (LIBMETAL_PACKAGE_DIR "${LIBMETAL_INSTALL_DIR}/libmetal/cmake"
-+			    CACHE DIR "libmetal CMake package directory")
-+set (LIBMETAL_TARGET_NAME "libmetal")
-+set (LIBMETAL_REFSPEC "f252f0e007fbfb8b3a52b1d5901250ddac96baad"
-+			CACHE STRING "The version of libmetal to use")
-+set(LIBMETAL_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/libmetal-build")
-+
-+set(GIT_OPTIONS
-+    GIT_REPOSITORY ${LIBMETAL_URL}
-+    GIT_TAG ${LIBMETAL_REFSPEC}
-+    GIT_SHALLOW FALSE
-+)
-+
-+if(NOT LIBMETAL_DEBUG)
-+	set(LIBMETAL_BUILD_TYPE "Release")
-+else()
-+	set(LIBMETAL_BUILD_TYPE "Debug")
-+endif()
-+
-+include(FetchContent)
-+
-+# Checking git
-+find_program(GIT_COMMAND "git")
-+if (NOT GIT_COMMAND)
-+	message(FATAL_ERROR "Please install git")
-+endif()
-+
-+# Only pass libc settings to libmetal if needed. For environments where the
-+# standard library is not overridden, this is not needed.
-+if(TARGET stdlib::c)
-+	include(${TS_ROOT}/tools/cmake/common/PropertyCopy.cmake)
-+
-+	# Save libc settings
-+	save_interface_target_properties(TGT stdlib::c PREFIX LIBC)
-+	# Translate libc settings to cmake code fragment. Will be inserted into
-+	# libmetal-init-cache.cmake.in when LazyFetch configures the file.
-+	translate_interface_target_properties(PREFIX LIBC RES _cmake_fragment)
-+	unset_saved_properties(LIBC)
-+endif()
-+
-+include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED)
-+LazyFetch_MakeAvailable(DEP_NAME libmetal
-+    FETCH_OPTIONS "${GIT_OPTIONS}"
-+    INSTALL_DIR "${LIBMETAL_INSTALL_DIR}"
-+    CACHE_FILE "${TS_ROOT}/external/openamp/libmetal-init-cache.cmake.in"
-+    SOURCE_DIR "${LIBMETAL_SOURCE_DIR}"
-+)
-+unset(_cmake_fragment)
-+
-+#Create an imported target to have clean abstraction in the build-system.
-+add_library(libmetal STATIC IMPORTED)
-+set_property(TARGET libmetal PROPERTY IMPORTED_LOCATION "${LIBMETAL_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}metal${CMAKE_STATIC_LIBRARY_SUFFIX}")
-+set_property(TARGET libmetal PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${LIBMETAL_INSTALL_DIR}/include")
-diff --git a/external/openamp/openamp-init-cache.cmake.in b/external/openamp/openamp-init-cache.cmake.in
-new file mode 100644
-index 000000000000..302b80511bce
---- /dev/null
-+++ b/external/openamp/openamp-init-cache.cmake.in
-@@ -0,0 +1,20 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-+# Copyright (c) 2021-2022, Linaro. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+
-+set(CMAKE_INSTALL_PREFIX "@BUILD_INSTALL_DIR@" CACHE STRING "")
-+set(CMAKE_TOOLCHAIN_FILE "@TS_EXTERNAL_LIB_TOOLCHAIN_FILE@" CACHE STRING "")
-+set(BUILD_SHARED_LIBS Off CACHE BOOL "")
-+set(BUILD_STATIC_LIBS On CACHE BOOL "")
-+
-+set(LIBMETAL_INCLUDE_DIR "@CMAKE_CURRENT_BINARY_DIR@/libmetal_install/include" CACHE
-+    STRING "")
-+set(LIBMETAL_LIB "@CMAKE_CURRENT_BINARY_DIR@/libmetal_install/lib" CACHE STRING "")
-+set(RPMSG_BUFFER_SIZE "512" CACHE STRING "")
-+set(MACHINE "template" CACHE STRING "")
-+
-+@_cmake_fragment@
-diff --git a/external/openamp/openamp.cmake b/external/openamp/openamp.cmake
-new file mode 100644
-index 000000000000..449f35f4fda4
---- /dev/null
-+++ b/external/openamp/openamp.cmake
-@@ -0,0 +1,66 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2022 Linaro Limited
-+# Copyright (c) 2022, Arm Limited. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+
-+set (OPENAMP_URL "https://github.com/OpenAMP/open-amp.git"
-+		    CACHE STRING "OpenAMP repository URL")
-+set (OPENAMP_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/openamp_install"
-+			    CACHE DIR "OpenAMP installation directory")
-+set (OPENAMP_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/openamp"
-+			    CACHE DIR "OpenAMP source code directory")
-+set (OPENAMP_PACKAGE_DIR "${OPENAMP_INSTALL_DIR}/openamp/cmake"
-+			    CACHE DIR "OpenAMP CMake package directory")
-+set (OPENAMP_TARGET_NAME "openamp")
-+set (OPENAMP_REFSPEC "347397decaa43372fc4d00f965640ebde042966d"
-+			CACHE STRING "The version of openamp to use")
-+
-+set(GIT_OPTIONS
-+    GIT_REPOSITORY ${OPENAMP_URL}
-+    GIT_TAG ${OPENAMP_REFSPEC}
-+    GIT_SHALLOW FALSE
-+)
-+
-+if(NOT OPENAMP_DEBUG)
-+	set(OPENAMP_BUILD_TYPE "Release")
-+else()
-+	set(OPENAMP_BUILD_TYPE "Debug")
-+endif()
-+
-+include(FetchContent)
-+
-+# Checking git
-+find_program(GIT_COMMAND "git")
-+if (NOT GIT_COMMAND)
-+	message(FATAL_ERROR "Please install git")
-+endif()
-+
-+# Only pass libc settings to openamp if needed. For environments where the
-+# standard library is not overridden, this is not needed.
-+if(TARGET stdlib::c)
-+	include(${TS_ROOT}/tools/cmake/common/PropertyCopy.cmake)
-+
-+	# Save libc settings
-+	save_interface_target_properties(TGT stdlib::c PREFIX LIBC)
-+	# Translate libc settings to cmake code fragment. Will be inserted into
-+	# libmetal-init-cache.cmake.in when LazyFetch configures the file.
-+	translate_interface_target_properties(PREFIX LIBC RES _cmake_fragment)
-+	unset_saved_properties(LIBC)
-+endif()
-+
-+include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED)
-+LazyFetch_MakeAvailable(DEP_NAME openamp
-+    FETCH_OPTIONS "${GIT_OPTIONS}"
-+    INSTALL_DIR "${OPENAMP_INSTALL_DIR}"
-+    CACHE_FILE "${TS_ROOT}/external/openamp/openamp-init-cache.cmake.in"
-+    SOURCE_DIR "${OPENAMP_SOURCE_DIR}"
-+)
-+unset(_cmake_fragment)
-+
-+#Create an imported target to have clean abstraction in the build-system.
-+add_library(openamp STATIC IMPORTED)
-+set_property(TARGET openamp PROPERTY IMPORTED_LOCATION "${OPENAMP_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}open_amp${CMAKE_STATIC_LIBRARY_SUFFIX}")
-+set_property(TARGET openamp PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${OPENAMP_INSTALL_DIR}/include")
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch
similarity index 78%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch
index 0040e127..c1775b79 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch
+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch
@@ -1,7 +1,7 @@
-From 050be6fdfee656b0556766cc1db30f4c0ea87c79 Mon Sep 17 00:00:00 2001
+From a965129153a0cca340535fe2cf99dbfef9b557da Mon Sep 17 00:00:00 2001
 From: Julian Hall <julian.hall@arm.com>
 Date: Tue, 12 Oct 2021 15:45:41 +0100
-Subject: [PATCH 13/20] Add stub capsule update service components
+Subject: [PATCH 1/6] Add stub capsule update service components
 
 To facilitate development of a capsule update service provider,
 stub components are added to provide a starting point for an
@@ -18,15 +18,12 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
  .../provider/capsule_update_provider.c        | 133 ++++++++++++++++++
  .../provider/capsule_update_provider.h        |  51 +++++++
  .../capsule_update/provider/component.cmake   |  13 ++
- deployments/se-proxy/common/se_proxy_sp.c     |   3 +
- .../se-proxy/common/service_proxy_factory.c   |  16 +++
- .../se-proxy/common/service_proxy_factory.h   |   1 +
- deployments/se-proxy/se-proxy.cmake           |   1 +
+ .../se-proxy/infra/corstone1000/infra.cmake   |   1 +
  deployments/se-proxy/se_proxy_interfaces.h    |   9 +-
  .../capsule_update/capsule_update_proto.h     |  13 ++
  protocols/service/capsule_update/opcodes.h    |  17 +++
  protocols/service/capsule_update/parameters.h |  15 ++
- 12 files changed, 292 insertions(+), 4 deletions(-)
+ 9 files changed, 272 insertions(+), 4 deletions(-)
  create mode 100644 components/service/capsule_update/backend/capsule_update_backend.h
  create mode 100644 components/service/capsule_update/provider/capsule_update_provider.c
  create mode 100644 components/service/capsule_update/provider/capsule_update_provider.h
@@ -280,75 +277,18 @@ index 000000000000..1d412eb234d9
 +target_sources(${TGT} PRIVATE
 +	"${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c"
 +	)
-diff --git a/deployments/se-proxy/common/se_proxy_sp.c b/deployments/se-proxy/common/se_proxy_sp.c
-index a37396f4454b..a38ad6ca3f56 100644
---- a/deployments/se-proxy/common/se_proxy_sp.c
-+++ b/deployments/se-proxy/common/se_proxy_sp.c
-@@ -77,6 +77,9 @@ void __noreturn sp_main(struct ffa_init_info *init_info)
- 	}
- 	rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_ATTEST, rpc_iface);
- 
-+	rpc_iface = capsule_update_proxy_create();
-+	rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE, rpc_iface);
-+
- 	/* End of boot phase */
- 	result = sp_msg_wait(&req_msg);
- 	if (result != SP_RESULT_OK) {
-diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
-index 7edeef8b434a..591cc9eeb59e 100644
---- a/deployments/se-proxy/common/service_proxy_factory.c
-+++ b/deployments/se-proxy/common/service_proxy_factory.c
-@@ -13,6 +13,7 @@
- #include <service/crypto/factory/crypto_provider_factory.h>
- #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
- #include <trace.h>
-+#include <service/capsule_update/provider/capsule_update_provider.h>
- 
- /* Stub backends */
- #include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-@@ -93,3 +94,18 @@ struct rpc_interface *its_proxy_create(void)
-  
-         return secure_storage_provider_init(&its_provider, backend);
- }
-+
-+struct rpc_interface *capsule_update_proxy_create(void)
-+{
-+	static struct capsule_update_provider capsule_update_provider;
-+	static struct rpc_caller *capsule_update_caller;
-+
-+	capsule_update_caller = openamp_caller_init(&openamp);
-+
-+	if (!capsule_update_caller)
-+	return NULL;
-+
-+	capsule_update_provider.client.caller = capsule_update_caller;
-+
-+	return capsule_update_provider_init(&capsule_update_provider);
-+}
-diff --git a/deployments/se-proxy/common/service_proxy_factory.h b/deployments/se-proxy/common/service_proxy_factory.h
-index 298d407a2371..02aa7fe2550d 100644
---- a/deployments/se-proxy/common/service_proxy_factory.h
-+++ b/deployments/se-proxy/common/service_proxy_factory.h
-@@ -17,6 +17,7 @@ struct rpc_interface *attest_proxy_create(void);
- struct rpc_interface *crypto_proxy_create(void);
- struct rpc_interface *ps_proxy_create(void);
- struct rpc_interface *its_proxy_create(void);
-+struct rpc_interface *capsule_update_proxy_create(void);
- 
- #ifdef __cplusplus
- }
-diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
-index 3dbbc36c968d..f0db2d43f443 100644
---- a/deployments/se-proxy/se-proxy.cmake
-+++ b/deployments/se-proxy/se-proxy.cmake
-@@ -51,6 +51,7 @@ add_components(TARGET "se-proxy"
- 		"components/service/attestation/provider/serializer/packed-c"
+diff --git a/deployments/se-proxy/infra/corstone1000/infra.cmake b/deployments/se-proxy/infra/corstone1000/infra.cmake
+index 4e7e2bd58028..e60b5400617f 100644
+--- a/deployments/se-proxy/infra/corstone1000/infra.cmake
++++ b/deployments/se-proxy/infra/corstone1000/infra.cmake
+@@ -21,6 +21,7 @@ add_components(TARGET "se-proxy"
+ 		"components/service/attestation/key_mngr/local"
  		"components/service/attestation/reporter/psa_ipc"
- 		"components/service/attestation/client/psa_ipc"
+ 		"components/service/crypto/backend/psa_ipc"
 +		"components/service/capsule_update/provider"
- 		"components/rpc/openamp/caller/sp"
+ 		"components/service/secure_storage/backend/secure_storage_ipc"
+ )
  
- 		# Stub service provider backends
 diff --git a/deployments/se-proxy/se_proxy_interfaces.h b/deployments/se-proxy/se_proxy_interfaces.h
 index 48908f846990..3d4a7c204785 100644
 --- a/deployments/se-proxy/se_proxy_interfaces.h
@@ -432,5 +372,5 @@ index 000000000000..285d924186be
 +
 +#endif /* CAPSULE_UPDATE_PARAMETERS_H */
 -- 
-2.38.1
+2.40.0
 
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
similarity index 96%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
index c1598a9e..3f3800ce 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
@@ -1,7 +1,7 @@
-From 1a4d46fdc0b5745b9cfb0789e4b778111bd6dbbb Mon Sep 17 00:00:00 2001
+From 51a7024967187644011c5043ef0f733cf81b26be Mon Sep 17 00:00:00 2001
 From: Satish Kumar <satish.kumar01@arm.com>
 Date: Mon, 14 Feb 2022 08:22:25 +0000
-Subject: [PATCH 18/20] Fixes in AEAD for psa-arch test 54 and 58.
+Subject: [PATCH 2/6] Fixes in AEAD for psa-arch test 54 and 58.
 
 Upstream-Status: Pending [Not submitted to upstream yet]
 Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
@@ -29,7 +29,7 @@ index c4ffb20cf7f8..a91f66c14008 100644
  
  	/* Mandatory input data parameter */
 diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h
-index 4d7bf6e959b0..e3c4df2927b3 100644
+index 30aa102da581..130d27295878 100644
 --- a/components/service/crypto/include/psa/crypto_sizes.h
 +++ b/components/service/crypto/include/psa/crypto_sizes.h
 @@ -351,7 +351,7 @@
@@ -117,5 +117,5 @@ index 0be266b52403..435fd3b523ce 100644
  
  /* Variable length input parameter tags */
 -- 
-2.38.1
+2.40.0
 
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch
deleted file mode 100644
index 0371a7a4..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch
+++ /dev/null
@@ -1,1091 +0,0 @@
-From 28aedac78016e5063ebd675a43e6c3655f87b442 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 18:00:46 +0000
-Subject: [PATCH 02/20] Implement mhu driver and the OpenAmp conversion layer.
-
-This commit adds an mhu driver (v2.1 and v2) to the secure
-partition se_proxy and a conversion layer to communicate with
-the secure enclave using OpenAmp.
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../se-proxy/opteesp/default_se-proxy.dts.in  |  16 +
- .../drivers/arm/mhu_driver/component.cmake    |  12 +
- platform/drivers/arm/mhu_driver/mhu_v2.h      | 391 ++++++++++++
- platform/drivers/arm/mhu_driver/mhu_v2_x.c    | 602 ++++++++++++++++++
- .../providers/arm/corstone1000/platform.cmake |  10 +
- 5 files changed, 1031 insertions(+)
- create mode 100644 platform/drivers/arm/mhu_driver/component.cmake
- create mode 100644 platform/drivers/arm/mhu_driver/mhu_v2.h
- create mode 100644 platform/drivers/arm/mhu_driver/mhu_v2_x.c
- create mode 100644 platform/providers/arm/corstone1000/platform.cmake
-
-diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-index 5748d2f80f88..267b4f923540 100644
---- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-+++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-@@ -17,4 +17,20 @@
- 	xlat-granule = <0>; /* 4KiB */
- 	messaging-method = <3>; /* Direct messaging only */
- 	legacy-elf-format = <1>;
-+
-+	device-regions {
-+		compatible = "arm,ffa-manifest-device-regions";
-+		mhu-sender {
-+			/* Armv8 A Foundation Platform values */
-+			base-address = <0x00000000 0x1b820000>;
-+			pages-count = <16>;
-+			attributes = <0x3>; /* read-write */
-+		};
-+		mhu-receiver {
-+			/* Armv8 A Foundation Platform values */
-+			base-address = <0x00000000 0x1b830000>;
-+			pages-count = <16>;
-+			attributes = <0x3>; /* read-write */
-+		};
-+	};
- };
-diff --git a/platform/drivers/arm/mhu_driver/component.cmake b/platform/drivers/arm/mhu_driver/component.cmake
-new file mode 100644
-index 000000000000..77a5a50b67d1
---- /dev/null
-+++ b/platform/drivers/arm/mhu_driver/component.cmake
-@@ -0,0 +1,12 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+
-+# Add source files for using mhu driver
-+target_sources(${TGT}
-+	PRIVATE
-+	"${CMAKE_CURRENT_LIST_DIR}/mhu_v2_x.c"
-+)
-diff --git a/platform/drivers/arm/mhu_driver/mhu_v2.h b/platform/drivers/arm/mhu_driver/mhu_v2.h
-new file mode 100644
-index 000000000000..2e4ba80fab95
---- /dev/null
-+++ b/platform/drivers/arm/mhu_driver/mhu_v2.h
-@@ -0,0 +1,391 @@
-+/*
-+ * Copyright (c) 2021 Arm Limited
-+ *
-+ * Licensed under the Apache License, Version 2.0 (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ *
-+ *     http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+
-+/**
-+ * \file mhu_v2_x.h
-+ * \brief Driver for Arm MHU v2.0 and v2.1
-+ */
-+
-+#ifndef __MHU_V2_X_H__
-+#define __MHU_V2_X_H__
-+
-+#include <stdint.h>
-+#include <stdbool.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+#define MHU_2_X_INTR_NR2R_OFF             (0x0u)
-+#define MHU_2_X_INTR_R2NR_OFF             (0x1u)
-+#define MHU_2_1_INTR_CHCOMB_OFF           (0x2u)
-+
-+#define MHU_2_X_INTR_NR2R_MASK            (0x1u << MHU_2_X_INTR_NR2R_OFF)
-+#define MHU_2_X_INTR_R2NR_MASK            (0x1u << MHU_2_X_INTR_R2NR_OFF)
-+#define MHU_2_1_INTR_CHCOMB_MASK          (0x1u << MHU_2_1_INTR_CHCOMB_OFF)
-+
-+enum mhu_v2_x_frame_t {
-+    MHU_V2_X_SENDER_FRAME   = 0x0u,
-+    MHU_V2_X_RECEIVER_FRAME = 0x1u,
-+};
-+
-+enum mhu_v2_x_supported_revisions {
-+     MHU_REV_READ_FROM_HW = 0,
-+     MHU_REV_2_0,
-+     MHU_REV_2_1,
-+};
-+
-+struct mhu_v2_x_dev_t {
-+    uint32_t base;
-+    enum mhu_v2_x_frame_t frame;
-+    uint32_t subversion;    /*!< Hardware subversion: v2.X */
-+    bool is_initialized;    /*!< Indicates if the MHU driver
-+                             *   is initialized and enabled
-+                             */
-+};
-+
-+/**
-+ * \brief MHU v2 error enumeration types.
-+ */
-+enum mhu_v2_x_error_t {
-+    MHU_V_2_X_ERR_NONE                =  0,
-+    MHU_V_2_X_ERR_NOT_INIT            = -1,
-+    MHU_V_2_X_ERR_ALREADY_INIT        = -2,
-+    MHU_V_2_X_ERR_UNSUPPORTED_VERSION = -3,
-+    MHU_V_2_X_ERR_INVALID_ARG         = -4,
-+    MHU_V_2_X_ERR_GENERAL             = -5
-+};
-+
-+/**
-+ * \brief Initializes the driver
-+ *
-+ * \param[in] dev   MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] rev   MHU revision (if can't be identified from HW)
-+ *
-+ * Reads the MHU hardware version
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note MHU revision only has to be specified when versions can't be read
-+ *       from HW (ARCH_MAJOR_REV reg reads as 0x0).
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_driver_init(struct mhu_v2_x_dev_t *dev,
-+     enum mhu_v2_x_supported_revisions rev);
-+
-+/**
-+ * \brief Returns the number of channels implemented.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ *
-+ * Returns the number of channels implemented.
-+ *
-+ * \return Returns the number of channels implemented.
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+uint32_t mhu_v2_x_get_num_channel_implemented(
-+         const struct mhu_v2_x_dev_t *dev);
-+
-+/**
-+ * \brief Sends the value over a channel.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel     Channel to send the value over.
-+ * \param[in] val         Value to send.
-+ *
-+ * Sends the value over a channel.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_send(const struct mhu_v2_x_dev_t *dev,
-+     uint32_t channel, uint32_t val);
-+
-+/**
-+ * \brief Clears the channel after the value is send over it.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel     Channel to clear.
-+ *
-+ * Clears the channel after the value is send over it.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_clear(const struct mhu_v2_x_dev_t *dev,
-+     uint32_t channel);
-+
-+/**
-+ * \brief Receives the value over a channel.
-+ *
-+ * \param[in]  dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in]  channel     Channel to receive the value from.
-+ * \param[out] value       Pointer to variable that will store the value.
-+ *
-+ * Receives the value over a channel.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_receive(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t *value);
-+
-+/**
-+ * \brief Sets bits in the Channel Mask.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel     Which channel's mask to set.
-+ * \param[in] mask        Mask to be set over a receiver frame.
-+ *
-+ * Sets bits in the Channel Mask.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_set(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask);
-+
-+/**
-+ * \brief Clears bits in the Channel Mask.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel     Which channel's mask to clear.
-+ * \param[in] mask        Mask to be clear over a receiver frame.
-+ *
-+ * Clears bits in the Channel Mask.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_clear(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask);
-+
-+/**
-+ * \brief Enables the Channel interrupt.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel     Which channel's interrupt to enable.
-+ *
-+ * Enables the Channel clear interrupt.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_enable(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel);
-+
-+/**
-+ * \brief Disables the Channel interrupt.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel     Which channel's interrupt to disable.
-+ *
-+ * Disables the Channel interrupt.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_disable(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel);
-+
-+/**
-+ * \brief Cleares the Channel interrupt.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel     Which channel's interrupt to clear.
-+ *
-+ * Cleares the Channel interrupt.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_clear(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel);
-+
-+/**
-+ * \brief Initiates a MHU transfer with the handshake signals.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ *
-+ * Initiates a MHU transfer with the handshake signals in a blocking mode.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_initiate_transfer(
-+     const struct mhu_v2_x_dev_t *dev);
-+
-+/**
-+ * \brief Closes a MHU transfer with the handshake signals.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ *
-+ * Closes a MHU transfer with the handshake signals in a blocking mode.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_close_transfer(
-+     const struct mhu_v2_x_dev_t *dev);
-+
-+/**
-+ * \brief Returns the value of access request signal.
-+ *
-+ * \param[in]  dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[out] val         Pointer to variable that will store the value.
-+ *
-+ * For more information please read the MHU v2 user guide
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_get_access_request(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t *val);
-+
-+/**
-+ * \brief Sets the value of access request signal to high.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ *
-+ * For more information please read the MHU v2 user guide
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_set_access_request(
-+     const struct mhu_v2_x_dev_t *dev);
-+
-+/**
-+ * \brief Sets the value of access request signal to low.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ *
-+ * For more information please read the MHU v2 user guide
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_reset_access_request(
-+     const struct mhu_v2_x_dev_t *dev);
-+
-+/**
-+ * \brief Returns the value of access ready signal.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[out] val        Pointer to variable that will store the value.
-+ *
-+ * For more information please read the MHU v2 user guide
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_get_access_ready(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t *val);
-+
-+/**
-+ * \brief Returns the MHU interrupt status.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ *
-+ * \return Interrupt status register value. Masking is needed for individual
-+ *         interrupts.
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+uint32_t mhu_v2_x_get_interrupt_status(const struct mhu_v2_x_dev_t *dev);
-+
-+/**
-+ * \brief Enables MHU interrupts.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] mask        Bit mask for enabling/disabling interrupts
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_interrupt_enable(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t mask);
-+
-+/**
-+ * \brief Disables MHU interrupts.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] mask        Bit mask for enabling/disabling interrupts
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_interrupt_disable(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t mask);
-+
-+/**
-+ * \brief Clears MHU interrupts.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] mask        Bit mask for clearing interrupts
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_interrupt_clear(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t mask);
-+
-+/**
-+ * \brief Returns the first channel number whose interrupt bit is high.
-+ *
-+ * \param[in]  dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[out] channel     Pointer to variable that will have the channel value.
-+ *
-+ * \return Returns the first channel number whose interrupt bit is high.
-+ * \return Returns mhu_v2_x_error_t error code.
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_1_get_ch_interrupt_num(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t *channel);
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* __MHU_V2_X_H__ */
-diff --git a/platform/drivers/arm/mhu_driver/mhu_v2_x.c b/platform/drivers/arm/mhu_driver/mhu_v2_x.c
-new file mode 100644
-index 000000000000..01d8f659a73a
---- /dev/null
-+++ b/platform/drivers/arm/mhu_driver/mhu_v2_x.c
-@@ -0,0 +1,602 @@
-+/*
-+ * Copyright (c) 2021 Arm Limited
-+ *
-+ * Licensed under the Apache License, Version 2.0 (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ *
-+ *     http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+#include <stdint.h>
-+#include <stdbool.h>
-+#include "mhu_v2.h"
-+
-+#define _MHU_V2_X_MAX_CHANNELS    124
-+#define _MHU_V2_1_MAX_CHCOMB_INT  4
-+#define ENABLE                    0x1
-+#define DISABLE                   0x0
-+#define CLEAR_INTR                0x1
-+#define CH_PER_CH_COMB            0x20
-+#define SEND_FRAME(p_mhu)       ((struct _mhu_v2_x_send_frame_t *)p_mhu)
-+#define RECV_FRAME(p_mhu)       ((struct _mhu_v2_x_recv_frame_t *)p_mhu)
-+
-+#define MHU_MAJOR_REV_V2      0x1u
-+#define MHU_MINOR_REV_2_0     0x0u
-+#define MHU_MINOR_REV_2_1     0x1u
-+
-+struct _mhu_v2_x_send_ch_window_t {
-+    /* Offset: 0x00 (R/ ) Channel Status */
-+    volatile uint32_t ch_st;
-+    /* Offset: 0x04 (R/ ) Reserved */
-+    volatile uint32_t reserved_0;
-+    /* Offset: 0x08 (R/ ) Reserved */
-+    volatile uint32_t reserved_1;
-+    /* Offset: 0x0C ( /W) Channel Set */
-+    volatile uint32_t ch_set;
-+    /* Offset: 0x10 (R/ ) Channel Interrupt Status (Reserved in 2.0) */
-+    volatile uint32_t ch_int_st;
-+    /* Offset: 0x14 ( /W) Channel Interrupt Clear  (Reserved in 2.0) */
-+    volatile uint32_t ch_int_clr;
-+    /* Offset: 0x18 (R/W) Channel Interrupt Enable (Reserved in 2.0) */
-+    volatile uint32_t ch_int_en;
-+    /* Offset: 0x1C (R/ ) Reserved */
-+    volatile uint32_t reserved_2;
-+};
-+
-+struct _mhu_v2_x_send_frame_t {
-+    /* Offset: 0x000 ( / ) Sender Channel Window 0 -123 */
-+    struct _mhu_v2_x_send_ch_window_t send_ch_window[_MHU_V2_X_MAX_CHANNELS];
-+    /* Offset: 0xF80 (R/ ) Message Handling Unit Configuration */
-+    volatile uint32_t mhu_cfg;
-+    /* Offset: 0xF84 (R/W) Response Configuration */
-+    volatile uint32_t resp_cfg;
-+    /* Offset: 0xF88 (R/W) Access Request */
-+    volatile uint32_t access_request;
-+    /* Offset: 0xF8C (R/ ) Access Ready */
-+    volatile uint32_t access_ready;
-+    /* Offset: 0xF90 (R/ ) Interrupt Status */
-+    volatile uint32_t int_st;
-+    /* Offset: 0xF94 ( /W) Interrupt Clear */
-+    volatile uint32_t int_clr;
-+    /* Offset: 0xF98 (R/W) Interrupt Enable */
-+    volatile uint32_t int_en;
-+    /* Offset: 0xF9C (R/ ) Reserved */
-+    volatile uint32_t reserved_0;
-+    /* Offset: 0xFA0 (R/W) Channel Combined Interrupt Stat (Reserved in 2.0) */
-+    volatile uint32_t ch_comb_int_st[_MHU_V2_1_MAX_CHCOMB_INT];
-+    /* Offset: ‭0xFC4‬ (R/ ) Reserved */
-+    volatile uint32_t reserved_1[6];
-+    /* Offset: 0xFC8 (R/ ) Implementer Identification Register */
-+    volatile uint32_t iidr;
-+    /* Offset: 0xFCC (R/ ) Architecture Identification Register */
-+    volatile uint32_t aidr;
-+    /* Offset: 0xFD0 (R/ )  */
-+    volatile uint32_t pid_1[4];
-+    /* Offset: 0xFE0 (R/ )  */
-+    volatile uint32_t pid_0[4];
-+    /* Offset: 0xFF0 (R/ )  */
-+    volatile uint32_t cid[4];
-+};
-+
-+struct _mhu_v2_x_rec_ch_window_t {
-+    /* Offset: 0x00 (R/ ) Channel Status */
-+    volatile uint32_t ch_st;
-+    /* Offset: 0x04 (R/ ) Channel Status Masked */
-+    volatile uint32_t ch_st_msk;
-+    /* Offset: 0x08 ( /W) Channel Clear */
-+    volatile uint32_t ch_clr;
-+    /* Offset: 0x0C (R/ ) Reserved */
-+    volatile uint32_t reserved_0;
-+    /* Offset: 0x10 (R/ ) Channel Mask Status */
-+    volatile uint32_t ch_msk_st;
-+    /* Offset: 0x14 ( /W) Channel Mask Set */
-+    volatile uint32_t ch_msk_set;
-+    /* Offset: 0x18 ( /W) Channel Mask Clear */
-+    volatile uint32_t ch_msk_clr;
-+    /* Offset: 0x1C (R/ ) Reserved */
-+    volatile uint32_t reserved_1;
-+};
-+
-+struct _mhu_v2_x_recv_frame_t {
-+    /* Offset: 0x000 ( / ) Receiver Channel Window 0 -123 */
-+    struct _mhu_v2_x_rec_ch_window_t rec_ch_window[_MHU_V2_X_MAX_CHANNELS];
-+    /* Offset: 0xF80 (R/ ) Message Handling Unit Configuration */
-+    volatile uint32_t mhu_cfg;
-+    /* Offset: 0xF84 (R/ ) Reserved */
-+    volatile uint32_t reserved_0[3];
-+    /* Offset: 0xF90 (R/ ) Interrupt Status (Reserved in 2.0) */
-+    volatile uint32_t int_st;
-+    /* Offset: 0xF94 (R/ ) Interrupt Clear  (Reserved in 2.0) */
-+    volatile uint32_t int_clr;
-+    /* Offset: 0xF98 (R/W) Interrupt Enable (Reserved in 2.0) */
-+    volatile uint32_t int_en;
-+    /* Offset: 0xF9C (R/ ) Reserved  */
-+    volatile uint32_t reserved_1;
-+    /* Offset: 0xFA0 (R/ ) Channel Combined Interrupt Stat (Reserved in 2.0) */
-+    volatile uint32_t ch_comb_int_st[_MHU_V2_1_MAX_CHCOMB_INT];
-+    /* Offset: 0xFB0 (R/ ) Reserved */
-+    volatile uint32_t reserved_2[6];
-+    /* Offset: 0xFC8 (R/ ) Implementer Identification Register */
-+    volatile uint32_t iidr;
-+    /* Offset: 0xFCC (R/ ) Architecture Identification Register */
-+    volatile uint32_t aidr;
-+    /* Offset: 0xFD0 (R/ )  */
-+    volatile uint32_t pid_1[4];
-+    /* Offset: 0xFE0 (R/ )  */
-+    volatile uint32_t pid_0[4];
-+    /* Offset: 0xFF0 (R/ )  */
-+    volatile uint32_t cid[4];
-+};
-+
-+union _mhu_v2_x_frame_t {
-+    struct _mhu_v2_x_send_frame_t send_frame;
-+    struct _mhu_v2_x_recv_frame_t recv_frame;
-+};
-+
-+enum mhu_v2_x_error_t mhu_v2_x_driver_init(struct mhu_v2_x_dev_t *dev,
-+     enum mhu_v2_x_supported_revisions rev)
-+{
-+    uint32_t AIDR = 0;
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if (dev->is_initialized) {
-+        return MHU_V_2_X_ERR_ALREADY_INIT;
-+    }
-+
-+    if (rev == MHU_REV_READ_FROM_HW) {
-+        /* Read revision from HW */
-+        if (dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+            AIDR = p_mhu->recv_frame.aidr;
-+        } else {
-+            AIDR = p_mhu->send_frame.aidr;
-+        }
-+
-+        /* Get bits 7:4 to read major revision */
-+        if ( ((AIDR >> 4) & 0b1111) != MHU_MAJOR_REV_V2) {
-+            /* Unsupported MHU version */
-+            return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+        } /* No need to save major version, driver only supports MHUv2 */
-+
-+        /* Get bits 3:0 to read minor revision */
-+        dev->subversion = AIDR & 0b1111;
-+
-+        if (dev->subversion != MHU_MINOR_REV_2_0 &&
-+            dev->subversion != MHU_MINOR_REV_2_1) {
-+            /* Unsupported subversion */
-+            return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+        }
-+    } else {
-+        /* Revisions were provided by caller */
-+        if (rev == MHU_REV_2_0) {
-+            dev->subversion = MHU_MINOR_REV_2_0;
-+        } else if (rev == MHU_REV_2_1) {
-+            dev->subversion = MHU_MINOR_REV_2_1;
-+        } else {
-+            /* Unsupported subversion */
-+            return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+        }/* No need to save major version, driver only supports MHUv2 */
-+    }
-+
-+    dev->is_initialized = true;
-+
-+    return MHU_V_2_X_ERR_NONE;
-+}
-+
-+uint32_t mhu_v2_x_get_num_channel_implemented(const struct mhu_v2_x_dev_t *dev)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+        return (SEND_FRAME(p_mhu))->mhu_cfg;
-+    } else {
-+        return (RECV_FRAME(p_mhu))->mhu_cfg;
-+    }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_send(const struct mhu_v2_x_dev_t *dev,
-+     uint32_t channel, uint32_t val)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+        (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_set = val;
-+        return MHU_V_2_X_ERR_NONE;
-+    } else {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_clear(const struct mhu_v2_x_dev_t *dev,
-+     uint32_t channel)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+        (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_clr = UINT32_MAX;
-+        return MHU_V_2_X_ERR_NONE;
-+    } else {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_receive(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t *value)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+        *value = (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_st;
-+        return MHU_V_2_X_ERR_NONE;
-+    } else {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_set(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+        (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_msk_set = mask;
-+        return MHU_V_2_X_ERR_NONE;
-+    } else {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_clear(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+        (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_msk_clr = mask;
-+        return MHU_V_2_X_ERR_NONE;
-+    } else {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_enable(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if (dev->subversion == MHU_MINOR_REV_2_1) {
-+        return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+    }
-+
-+    if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+        (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_en = ENABLE;
-+        return MHU_V_2_X_ERR_NONE;
-+    } else {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_disable(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if (dev->subversion == MHU_MINOR_REV_2_1) {
-+        return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+    }
-+
-+    if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+        (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_en = DISABLE;
-+        return MHU_V_2_X_ERR_NONE;
-+    } else {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_clear(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if (dev->subversion == MHU_MINOR_REV_2_1) {
-+        return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+    }
-+
-+    if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+        (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_clr = CLEAR_INTR;
-+        return MHU_V_2_X_ERR_NONE;
-+    } else {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_initiate_transfer(
-+     const struct mhu_v2_x_dev_t *dev)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame != MHU_V2_X_SENDER_FRAME) {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+
-+    (SEND_FRAME(p_mhu))->access_request = ENABLE;
-+
-+    while ( !((SEND_FRAME(p_mhu))->access_ready) ) {
-+        /* Wait in a loop for access ready signal to be high */
-+        ;
-+    }
-+
-+    return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_close_transfer(const struct mhu_v2_x_dev_t *dev)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame != MHU_V2_X_SENDER_FRAME) {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+
-+    (SEND_FRAME(p_mhu))->access_request = DISABLE;
-+
-+    return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_get_access_request(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t *val)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame != MHU_V2_X_SENDER_FRAME) {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+
-+    *val = (SEND_FRAME(p_mhu))->access_request;
-+
-+    return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_set_access_request(
-+     const struct mhu_v2_x_dev_t *dev)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame != MHU_V2_X_SENDER_FRAME) {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+
-+    (SEND_FRAME(p_mhu))->access_request = ENABLE;
-+
-+    return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_reset_access_request(
-+     const struct mhu_v2_x_dev_t *dev)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame != MHU_V2_X_SENDER_FRAME) {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+
-+    (SEND_FRAME(p_mhu))->access_request = DISABLE;
-+
-+    return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_get_access_ready(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t *val)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame != MHU_V2_X_SENDER_FRAME) {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+
-+    *val = (SEND_FRAME(p_mhu))->access_ready;
-+
-+    return MHU_V_2_X_ERR_NONE;
-+}
-+
-+uint32_t mhu_v2_x_get_interrupt_status(const struct mhu_v2_x_dev_t *dev)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+        return (SEND_FRAME(p_mhu))->int_st;
-+    } else {
-+        return (RECV_FRAME(p_mhu))->int_st;
-+    }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_interrupt_enable(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t mask)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if (dev->subversion == MHU_MINOR_REV_2_0) {
-+        if (mask & MHU_2_1_INTR_CHCOMB_MASK) {
-+            /* Combined channel IRQ is not present in v2.0 */
-+            return MHU_V_2_X_ERR_INVALID_ARG;
-+        }
-+
-+        if (dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+            /* Only sender frame has these registers */
-+            return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+        }
-+    }
-+
-+    if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+        (SEND_FRAME(p_mhu))->int_en |= mask;
-+    } else {
-+        (RECV_FRAME(p_mhu))->int_en |= mask;
-+    }
-+
-+    return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_interrupt_disable(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t mask)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if (dev->subversion == MHU_MINOR_REV_2_0) {
-+        if (mask & MHU_2_1_INTR_CHCOMB_MASK) {
-+            /* Combined channel IRQ is not present in v2.0 */
-+            return MHU_V_2_X_ERR_INVALID_ARG;
-+        }
-+
-+        if (dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+            /* Only sender frame has these registers */
-+            return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+        }
-+    }
-+
-+    if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+        (SEND_FRAME(p_mhu))->int_en &= ~mask;
-+    } else {
-+        (RECV_FRAME(p_mhu))->int_en &= ~mask;
-+    }
-+
-+    return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_interrupt_clear(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t mask)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if (dev->subversion == MHU_MINOR_REV_2_0) {
-+        if (mask & MHU_2_1_INTR_CHCOMB_MASK) {
-+            /* Combined channel IRQ is not present in v2.0 */
-+            return MHU_V_2_X_ERR_INVALID_ARG;
-+        }
-+
-+        if (dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+            /* Only sender frame has these registers */
-+            return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+        }
-+    }
-+
-+    if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+        (SEND_FRAME(p_mhu))->int_clr = mask;
-+    } else {
-+        (RECV_FRAME(p_mhu))->int_clr = mask;
-+    }
-+
-+    return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_1_get_ch_interrupt_num(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t *channel)
-+{
-+    uint32_t i, j, status;
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if (dev->subversion != MHU_MINOR_REV_2_1) {
-+        /* Feature is only supported in MHU v2.1 */
-+        return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+    }
-+
-+    for(i = 0; i < _MHU_V2_1_MAX_CHCOMB_INT; i++) {
-+        if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+            status = (SEND_FRAME(p_mhu))->ch_comb_int_st[i];
-+        } else {
-+            status = (RECV_FRAME(p_mhu))->ch_comb_int_st[i];
-+        }
-+
-+        for(j = 0; j < CH_PER_CH_COMB; j++) {
-+            if ((status >> CH_PER_CH_COMB - j - 1) & (ENABLE)) {
-+                *channel = (CH_PER_CH_COMB - j -1 + (i * CH_PER_CH_COMB));
-+                return MHU_V_2_X_ERR_NONE;
-+            }
-+        }
-+    }
-+
-+    return MHU_V_2_X_ERR_GENERAL;
-+}
-diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
-new file mode 100644
-index 000000000000..bb778bb9719b
---- /dev/null
-+++ b/platform/providers/arm/corstone1000/platform.cmake
-@@ -0,0 +1,10 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+# Platform definition for the 'fvp_base_revc-2xaem8a' virtual platform.
-+#-------------------------------------------------------------------------------
-+
-+# include MHU driver
-+include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake)
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch
deleted file mode 100644
index 5686face..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch
+++ /dev/null
@@ -1,1196 +0,0 @@
-From 55394c4c9681af71b1ed7f7ebc7c44b2e1737113 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 19:00:54 +0000
-Subject: [PATCH 03/20] Add openamp rpc caller
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- components/rpc/common/caller/rpc_caller.c     |  10 +
- components/rpc/common/interface/rpc_caller.h  |   8 +
- .../rpc/openamp/caller/sp/component.cmake     |  15 +
- .../rpc/openamp/caller/sp/openamp_caller.c    | 203 +++++++
- .../rpc/openamp/caller/sp/openamp_caller.h    |  43 ++
- .../rpc/openamp/caller/sp/openamp_mhu.c       | 191 ++++++
- .../rpc/openamp/caller/sp/openamp_mhu.h       |  19 +
- .../rpc/openamp/caller/sp/openamp_virtio.c    | 555 ++++++++++++++++++
- .../rpc/openamp/caller/sp/openamp_virtio.h    |  24 +
- .../se-proxy/opteesp/default_se-proxy.dts.in  |   6 +
- deployments/se-proxy/se-proxy.cmake           |   1 +
- 11 files changed, 1075 insertions(+)
- create mode 100644 components/rpc/openamp/caller/sp/component.cmake
- create mode 100644 components/rpc/openamp/caller/sp/openamp_caller.c
- create mode 100644 components/rpc/openamp/caller/sp/openamp_caller.h
- create mode 100644 components/rpc/openamp/caller/sp/openamp_mhu.c
- create mode 100644 components/rpc/openamp/caller/sp/openamp_mhu.h
- create mode 100644 components/rpc/openamp/caller/sp/openamp_virtio.c
- create mode 100644 components/rpc/openamp/caller/sp/openamp_virtio.h
-
-diff --git a/components/rpc/common/caller/rpc_caller.c b/components/rpc/common/caller/rpc_caller.c
-index 2dceabeb8967..20d889c162b0 100644
---- a/components/rpc/common/caller/rpc_caller.c
-+++ b/components/rpc/common/caller/rpc_caller.c
-@@ -37,3 +37,13 @@ void rpc_caller_end(struct rpc_caller *s, rpc_call_handle handle)
- {
- 	s->call_end(s->context, handle);
- }
-+
-+void *rpc_caller_virt_to_phys(struct rpc_caller *s, void *va)
-+{
-+	return s->virt_to_phys(s->context, va);
-+}
-+
-+void *rpc_caller_phys_to_virt(struct rpc_caller *s, void *pa)
-+{
-+	return s->phys_to_virt(s->context, pa);
-+}
-diff --git a/components/rpc/common/interface/rpc_caller.h b/components/rpc/common/interface/rpc_caller.h
-index 387489cdb1b2..ef9bb64905ed 100644
---- a/components/rpc/common/interface/rpc_caller.h
-+++ b/components/rpc/common/interface/rpc_caller.h
-@@ -45,6 +45,10 @@ struct rpc_caller
- 		     	rpc_opstatus_t *opstatus, uint8_t **resp_buf, size_t *resp_len);
- 
- 	void (*call_end)(void *context, rpc_call_handle handle);
-+
-+	void *(*virt_to_phys)(void *context, void *va);
-+
-+	void *(*phys_to_virt)(void *context, void *pa);
- };
- 
- /*
-@@ -87,6 +91,10 @@ RPC_CALLER_EXPORTED rpc_status_t rpc_caller_invoke(struct rpc_caller *s, rpc_cal
-  */
- RPC_CALLER_EXPORTED void rpc_caller_end(struct rpc_caller *s, rpc_call_handle handle);
- 
-+RPC_CALLER_EXPORTED void *rpc_caller_virt_to_phys(struct rpc_caller *s, void *va);
-+
-+RPC_CALLER_EXPORTED void *rpc_caller_phys_to_virt(struct rpc_caller *s, void *pa);
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/components/rpc/openamp/caller/sp/component.cmake b/components/rpc/openamp/caller/sp/component.cmake
-new file mode 100644
-index 000000000000..fc919529d731
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/component.cmake
-@@ -0,0 +1,15 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+	message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+	"${CMAKE_CURRENT_LIST_DIR}/openamp_caller.c"
-+	"${CMAKE_CURRENT_LIST_DIR}/openamp_virtio.c"
-+	"${CMAKE_CURRENT_LIST_DIR}/openamp_mhu.c"
-+	)
-diff --git a/components/rpc/openamp/caller/sp/openamp_caller.c b/components/rpc/openamp/caller/sp/openamp_caller.c
-new file mode 100644
-index 000000000000..6cdfb756568f
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_caller.c
-@@ -0,0 +1,203 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <stddef.h>
-+#include <trace.h>
-+#include "openamp_caller.h"
-+#include "openamp_mhu.h"
-+#include "openamp_virtio.h"
-+#include <protocols/rpc/common/packed-c/status.h>
-+
-+#define OPENAMP_TRANSACTION_IDLE	0x0
-+#define OPENAMP_TRANSACTION_INPROGRESS	0x1
-+#define OPENAMP_TRANSACTION_INVOKED	0x2
-+
-+static rpc_call_handle openamp_call_begin(void *context, uint8_t **req_buf,
-+					  size_t req_len)
-+{
-+	struct openamp_caller *openamp = context;
-+	const struct openamp_platform_ops *ops = openamp->platform_ops;
-+	rpc_call_handle handle;
-+	int ret;
-+
-+	if (!req_buf) {
-+		EMSG("openamp: call_begin: not req_buf");
-+		return NULL;
-+	}
-+
-+	if (req_len > UINT32_MAX || req_len == 0) {
-+		EMSG("openamp: call_begin: resp_len invalid: %lu", req_len);
-+		return NULL;
-+	}
-+
-+	if (openamp->status != OPENAMP_TRANSACTION_IDLE) {
-+		EMSG("openamp: call_begin: transaction not idle");
-+		return NULL;
-+	}
-+
-+	ret = ops->platform_call_begin(openamp, req_buf, req_len);
-+	if (ret < 0) {
-+		EMSG("openamp: call_begin: platform begin failed: %d", ret);
-+		return NULL;
-+	}
-+
-+	openamp->status = OPENAMP_TRANSACTION_INPROGRESS;
-+	handle = openamp;
-+
-+	return handle;
-+}
-+
-+static rpc_status_t openamp_call_invoke(void *context, rpc_call_handle handle,
-+					uint32_t opcode, int *opstatus,
-+					uint8_t **resp_buf, size_t *resp_len)
-+{
-+	struct openamp_caller *openamp = context;
-+	const struct openamp_platform_ops *ops = openamp->platform_ops;
-+	rpc_status_t status;
-+	int ret;
-+
-+	(void)opcode;
-+
-+	if ((handle != openamp) || !opstatus || !resp_buf || !resp_len) {
-+		EMSG("openamp: call_invoke: invalid arguments");
-+		return TS_RPC_ERROR_INVALID_PARAMETER;
-+	}
-+
-+	if (openamp->status != OPENAMP_TRANSACTION_INPROGRESS) {
-+		EMSG("openamp: call_invoke: transaction needed to be started");
-+		return TS_RPC_ERROR_NOT_READY;
-+	}
-+
-+	ret = ops->platform_call_invoke(openamp, opstatus, resp_buf, resp_len);
-+	if (ret < 0)
-+		return TS_RPC_ERROR_INTERNAL;
-+
-+	openamp->status = OPENAMP_TRANSACTION_INVOKED;
-+	*opstatus = 0;
-+
-+	return TS_RPC_CALL_ACCEPTED;
-+}
-+
-+static void openamp_call_end(void *context, rpc_call_handle handle)
-+{
-+	struct openamp_caller *openamp = context;
-+	const struct openamp_platform_ops *ops = openamp->platform_ops;
-+
-+	if (handle != openamp) {
-+		EMSG("openamp: call_end: invalid arguments");
-+		return;
-+	}
-+
-+	if (openamp->status == OPENAMP_TRANSACTION_IDLE) {
-+		EMSG("openamp: call_end: transaction idle");
-+		return;
-+	}
-+
-+	ops->platform_call_end(openamp);
-+
-+	openamp->status = OPENAMP_TRANSACTION_IDLE;
-+}
-+
-+static void *openamp_virt_to_phys(void *context, void *va)
-+{
-+	struct openamp_caller *openamp = context;
-+	const struct openamp_platform_ops *ops = openamp->platform_ops;
-+
-+	return ops->platform_virt_to_phys(openamp, va);
-+}
-+
-+static void *openamp_phys_to_virt(void *context, void *pa)
-+{
-+	struct openamp_caller *openamp = context;
-+	const struct openamp_platform_ops *ops = openamp->platform_ops;
-+
-+	return ops->platform_phys_to_virt(openamp, pa);
-+}
-+
-+static int openamp_init(struct openamp_caller *openamp)
-+{
-+	const struct openamp_platform_ops *ops = openamp->platform_ops;
-+	int ret;
-+
-+	ret = ops->transport_init(openamp);
-+	if (ret < 0)
-+		return ret;
-+
-+	ret = ops->platform_init(openamp);
-+	if (ret < 0)
-+		goto denit_transport;
-+
-+	return 0;
-+
-+denit_transport:
-+	ops->transport_deinit(openamp);
-+
-+	return ret;
-+}
-+
-+static const struct openamp_platform_ops openamp_virtio_ops = {
-+	.transport_init = openamp_mhu_init,
-+	.transport_deinit = openamp_mhu_deinit,
-+	.transport_notify = openamp_mhu_notify_peer,
-+	.transport_receive = openamp_mhu_receive,
-+	.platform_init = openamp_virtio_init,
-+	.platform_call_begin = openamp_virtio_call_begin,
-+	.platform_call_invoke = openamp_virtio_call_invoke,
-+	.platform_call_end = openamp_virtio_call_end,
-+	.platform_virt_to_phys = openamp_virtio_virt_to_phys,
-+	.platform_phys_to_virt = openamp_virtio_phys_to_virt,
-+};
-+
-+struct rpc_caller *openamp_caller_init(struct openamp_caller *openamp)
-+{
-+	struct rpc_caller *rpc = &openamp->rpc_caller;
-+	int ret;
-+
-+	if (openamp->ref_count)
-+		return rpc;
-+
-+	rpc_caller_init(rpc, openamp);
-+
-+	rpc->call_begin = openamp_call_begin;
-+	rpc->call_invoke = openamp_call_invoke;
-+	rpc->call_end = openamp_call_end;
-+	rpc->virt_to_phys = openamp_virt_to_phys;
-+	rpc->phys_to_virt = openamp_phys_to_virt;
-+	openamp->platform_ops = &openamp_virtio_ops;
-+
-+	ret = openamp_init(openamp);
-+	if (ret < 0) {
-+		EMSG("openamp_init: failed to start: %d", ret);
-+		return rpc;
-+	}
-+	openamp->ref_count++;
-+
-+	return rpc;
-+}
-+
-+void openamp_caller_deinit(struct openamp_caller *openamp)
-+{
-+	struct rpc_caller *rpc = &openamp->rpc_caller;
-+
-+	if (--openamp->ref_count)
-+		return;
-+
-+	rpc->context = NULL;
-+	rpc->call_begin = NULL;
-+	rpc->call_invoke = NULL;
-+	rpc->call_end = NULL;
-+}
-+
-+int openamp_caller_discover(struct openamp_caller *openamp)
-+{
-+	return openamp_init(openamp);
-+}
-+
-+int openamp_caller_open(struct openamp_caller *openamp)
-+{
-+
-+}
-diff --git a/components/rpc/openamp/caller/sp/openamp_caller.h b/components/rpc/openamp/caller/sp/openamp_caller.h
-new file mode 100644
-index 000000000000..3fb67c56cc53
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_caller.h
-@@ -0,0 +1,43 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+#ifndef OPENAMP_CALLER_H
-+#define OPENAMP_CALLER_H
-+
-+#include <stddef.h>
-+#include <rpc_caller.h>
-+
-+struct openamp_caller {
-+	struct rpc_caller rpc_caller;
-+	const struct openamp_platform_ops *platform_ops;
-+	uint32_t ref_count;
-+	uint8_t status;
-+
-+	void *transport;
-+	void *platform;
-+};
-+
-+struct openamp_platform_ops {
-+	int (*transport_init)(struct openamp_caller *openamp);
-+	int (*transport_deinit)(struct openamp_caller *openamp);
-+	int (*transport_notify)(struct openamp_caller *openamp);
-+	int (*transport_receive)(struct openamp_caller *openamp);
-+	int (*platform_init)(struct openamp_caller *openamp);
-+	int (*platform_deinit)(struct openamp_caller *openamp);
-+	int (*platform_call_begin)(struct openamp_caller *openamp,
-+				   uint8_t **req_buf, size_t req_len);
-+	int (*platform_call_invoke)(struct openamp_caller *openamp,
-+				    int *opstatus, uint8_t **resp_buf,
-+				    size_t *resp_len);
-+	int (*platform_call_end)(struct openamp_caller *openamp);
-+	void *(*platform_virt_to_phys)(struct openamp_caller *openamp, void *va);
-+	void *(*platform_phys_to_virt)(struct openamp_caller *openamp, void *pa);
-+};
-+
-+struct rpc_caller *openamp_caller_init(struct openamp_caller *openamp);
-+void openamp_caller_deinit(struct openamp_caller *openamp);
-+
-+#endif
-diff --git a/components/rpc/openamp/caller/sp/openamp_mhu.c b/components/rpc/openamp/caller/sp/openamp_mhu.c
-new file mode 100644
-index 000000000000..ffdadaf870a3
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_mhu.c
-@@ -0,0 +1,191 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <config/interface/config_store.h>
-+#include <config/interface/config_blob.h>
-+#include <platform/interface/device_region.h>
-+#include <platform/drivers/arm/mhu_driver/mhu_v2.h>
-+#include <trace.h>
-+#include <errno.h>
-+#include <stdlib.h>
-+#include <stdint.h>
-+#include <stddef.h>
-+#include <limits.h>
-+
-+#include "openamp_caller.h"
-+
-+#define MHU_V_2_NOTIFY_CHANNEL	0
-+#define MHU_V_2_NOTIFY_VALUE	0xff
-+
-+struct openamp_mhu {
-+	struct device_region rx_region;
-+	struct device_region tx_region;
-+	struct mhu_v2_x_dev_t rx_dev;
-+	struct mhu_v2_x_dev_t tx_dev;
-+};
-+
-+static int openamp_mhu_device_get(const char *dev,
-+				  struct device_region *dev_region)
-+{
-+	bool found;
-+
-+	found = config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION, dev, 0,
-+				   dev_region, sizeof(*dev_region));
-+	if (!found)
-+		return -EINVAL;
-+
-+	if (!dev_region->base_addr)
-+		return -EINVAL;
-+
-+	IMSG("mhu: device region found: %s addr: 0x%x size: %d", dev,
-+	     dev_region->base_addr, dev_region->io_region_size);
-+
-+	return 0;
-+}
-+
-+int openamp_mhu_receive(struct openamp_caller *openamp)
-+{
-+	struct mhu_v2_x_dev_t *rx_dev;
-+	enum mhu_v2_x_error_t ret;
-+	struct openamp_mhu *mhu;
-+	uint32_t channel = 0;
-+	uint32_t irq_status;
-+
-+	if (!openamp->transport) {
-+		EMSG("openamp: mhu: receive transport not initialized");
-+		return -EINVAL;
-+	}
-+
-+	mhu = openamp->transport;
-+	rx_dev = &mhu->rx_dev;
-+
-+	irq_status = 0;
-+
-+	do {
-+		irq_status = mhu_v2_x_get_interrupt_status(rx_dev);
-+	} while(!irq_status);
-+
-+	ret = mhu_v2_1_get_ch_interrupt_num(rx_dev, &channel);
-+
-+	ret = mhu_v2_x_channel_clear(rx_dev, channel);
-+	if (ret != MHU_V_2_X_ERR_NONE) {
-+		EMSG("openamp: mhu: failed to clear channel: %d", channel);
-+		return -EPROTO;
-+	}
-+
-+	return 0;
-+}
-+
-+int openamp_mhu_notify_peer(struct openamp_caller *openamp)
-+{
-+	struct mhu_v2_x_dev_t *tx_dev;
-+	enum mhu_v2_x_error_t ret;
-+	struct openamp_mhu *mhu;
-+	uint32_t access_ready;
-+
-+	if (!openamp->transport) {
-+		EMSG("openamp: mhu: notify transport not initialized");
-+		return -EINVAL;
-+	}
-+
-+	mhu = openamp->transport;
-+	tx_dev = &mhu->tx_dev;
-+
-+	ret = mhu_v2_x_set_access_request(tx_dev);
-+	if (ret != MHU_V_2_X_ERR_NONE) {
-+		EMSG("openamp: mhu: set access request failed");
-+		return -EPROTO;
-+	}
-+
-+	do {
-+		ret = mhu_v2_x_get_access_ready(tx_dev, &access_ready);
-+		if (ret != MHU_V_2_X_ERR_NONE) {
-+			EMSG("openamp: mhu: failed to get access_ready");
-+			return -EPROTO;
-+		}
-+	} while (!access_ready);
-+
-+	ret = mhu_v2_x_channel_send(tx_dev, MHU_V_2_NOTIFY_CHANNEL,
-+				    MHU_V_2_NOTIFY_VALUE);
-+	if (ret != MHU_V_2_X_ERR_NONE) {
-+		EMSG("openamp: mhu: failed send over channel");
-+		return -EPROTO;
-+	}
-+
-+	ret = mhu_v2_x_reset_access_request(tx_dev);
-+	if (ret != MHU_V_2_X_ERR_NONE) {
-+		EMSG("openamp: mhu: failed reset access request");
-+		return -EPROTO;
-+	}
-+
-+	return 0;
-+}
-+
-+int openamp_mhu_init(struct openamp_caller *openamp)
-+{
-+	struct mhu_v2_x_dev_t *rx_dev;
-+	struct mhu_v2_x_dev_t *tx_dev;
-+	struct openamp_mhu *mhu;
-+	int ret;
-+
-+	/* if we already have initialized skip this */
-+	if (openamp->transport)
-+		return 0;
-+
-+	mhu = malloc(sizeof(*mhu));
-+	if (!mhu)
-+		return -1;
-+
-+	ret = openamp_mhu_device_get("mhu-sender", &mhu->tx_region);
-+	if (ret < 0)
-+		goto free_mhu;
-+
-+	ret = openamp_mhu_device_get("mhu-receiver", &mhu->rx_region);
-+	if (ret < 0)
-+		goto free_mhu;
-+
-+	rx_dev = &mhu->rx_dev;
-+	tx_dev = &mhu->tx_dev;
-+
-+	rx_dev->base =  (unsigned int)mhu->rx_region.base_addr;
-+	rx_dev->frame = MHU_V2_X_RECEIVER_FRAME;
-+
-+	tx_dev->base =  (unsigned int)mhu->tx_region.base_addr;
-+	tx_dev->frame = MHU_V2_X_SENDER_FRAME;
-+
-+	ret = mhu_v2_x_driver_init(rx_dev, MHU_REV_READ_FROM_HW);
-+	if (ret < 0)
-+		goto free_mhu;
-+
-+	ret = mhu_v2_x_driver_init(tx_dev, MHU_REV_READ_FROM_HW);
-+	if (ret < 0)
-+		goto free_mhu;
-+
-+	openamp->transport = (void *)mhu;
-+
-+	return 0;
-+
-+free_mhu:
-+	free(mhu);
-+
-+	return ret;
-+}
-+
-+int openamp_mhu_deinit(struct openamp_caller *openamp)
-+{
-+	struct openamp_mhu *mhu;
-+
-+	if (!openamp->transport)
-+		return 0;
-+
-+	mhu = openamp->transport;
-+	free(mhu);
-+
-+	openamp->transport = NULL;
-+
-+	return 0;
-+}
-diff --git a/components/rpc/openamp/caller/sp/openamp_mhu.h b/components/rpc/openamp/caller/sp/openamp_mhu.h
-new file mode 100644
-index 000000000000..2ae5cb8ee1c6
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_mhu.h
-@@ -0,0 +1,19 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+#ifndef OPENAMP_MHU_H
-+#define OPENAMP_MHU_H
-+
-+#include <stddef.h>
-+#include "openamp_caller.h"
-+
-+int openamp_mhu_init(struct openamp_caller *openamp);
-+int openamp_mhu_deinit(struct openamp_caller *openamp);
-+
-+int openamp_mhu_notify_peer(struct openamp_caller *openamp);
-+int openamp_mhu_receive(struct openamp_caller *openamp);
-+
-+#endif
-diff --git a/components/rpc/openamp/caller/sp/openamp_virtio.c b/components/rpc/openamp/caller/sp/openamp_virtio.c
-new file mode 100644
-index 000000000000..b7c1aa929111
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_virtio.c
-@@ -0,0 +1,555 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <metal/device.h>
-+#include <metal/spinlock.h>
-+#include <openamp/open_amp.h>
-+#include <platform/interface/device_region.h>
-+#include <config/interface/config_store.h>
-+
-+#include <stddef.h>
-+#include <trace.h>
-+#include "openamp_caller.h"
-+
-+#define OPENAMP_SHEM_DEVICE_NAME "openamp-virtio"
-+#define OPENAMP_RPMSG_ENDPOINT_NAME OPENAMP_SHEM_DEVICE_NAME
-+#define OPENAMP_RPMSG_ENDPOINT_ADDR 1024
-+
-+#define OPENAMP_SHEM_PHYS 0x88000000
-+#define OPENAMP_SHEM_PHYS_PAGES 1
-+#define OPENAMP_SHEM_SE_PHYS 0xa8000000
-+
-+#define OPENAMP_SHEM_VDEV_SIZE (4 * 1024)
-+#define OPENAMP_SHEM_VRING_SIZE (4 * 1024)
-+
-+#define OPENAMP_BUFFER_NO_WAIT  0
-+#define OPENAMP_BUFFER_WAIT     1
-+
-+#define VIRTQUEUE_NR            2
-+#define VQ_TX                   0
-+#define VQ_RX                   1
-+
-+#define VRING_DESCRIPTORS       16
-+#define VRING_ALIGN             4
-+
-+#define container_of(ptr, type, member) \
-+	((type *)((char *)(ptr) - (unsigned long)(&((type *)0)->member)))
-+
-+struct openamp_virtio_shm {
-+	uintptr_t base_addr;
-+	size_t size;
-+	uintptr_t vdev_status;
-+	size_t vdev_status_size;
-+	uintptr_t payload_addr;
-+	size_t payload_size;
-+	uintptr_t vring_tx;
-+	size_t vring_tx_size;
-+	uintptr_t vring_rx;
-+	size_t vring_rx_size;
-+
-+	metal_phys_addr_t shm_physmap[OPENAMP_SHEM_PHYS_PAGES];
-+};
-+
-+struct openamp_virtio_metal {
-+	struct metal_spinlock lock;
-+	struct metal_device shm_dev;
-+	struct metal_device *io_dev;
-+
-+	struct metal_io_region *io;
-+	struct openamp_virtio_shm shm;
-+};
-+
-+struct openamp_virtio_device {
-+	struct virtio_device virtio_dev;
-+	struct virtqueue *vq[VIRTQUEUE_NR];
-+	struct virtio_vring_info rvrings[VIRTQUEUE_NR];
-+};
-+
-+struct openamp_virtio_rpmsg {
-+	struct rpmsg_virtio_device rpmsg_vdev;
-+	struct rpmsg_endpoint ep;
-+	uint8_t *req_buf;
-+	uint32_t req_len;
-+	uint8_t *resp_buf;
-+	size_t resp_len;
-+};
-+
-+struct openamp_virtio {
-+	struct openamp_caller *openamp;
-+	struct openamp_virtio_rpmsg rpmsg;
-+	struct openamp_virtio_device vdev;
-+	struct openamp_virtio_metal metal;
-+};
-+
-+static struct openamp_virtio *openamp_virtio_from_dev(struct virtio_device *vdev)
-+{
-+	struct openamp_virtio_device *openamp_vdev;
-+
-+	openamp_vdev = container_of(vdev, struct openamp_virtio_device,
-+			    virtio_dev);
-+
-+	return container_of(openamp_vdev, struct openamp_virtio, vdev);
-+}
-+
-+static struct openamp_virtio_rpmsg *openamp_virtio_rpmsg_from_dev(struct rpmsg_device *rdev)
-+{
-+	struct rpmsg_virtio_device *rvdev;
-+
-+	rvdev = container_of(rdev, struct rpmsg_virtio_device, rdev);
-+
-+	return container_of(rvdev, struct openamp_virtio_rpmsg, rpmsg_vdev);
-+
-+}
-+
-+static void openamp_virtio_metal_device_setup(struct metal_device *shm_dev,
-+					      struct openamp_virtio_shm *shm)
-+{
-+	struct metal_io_region *shm_region;
-+
-+	shm_region = &shm_dev->regions[0];
-+
-+	shm_dev->name = OPENAMP_SHEM_DEVICE_NAME;
-+	shm_dev->num_regions = 1;
-+
-+	shm_region->virt = (void *)shm->payload_addr;
-+	shm_region->size = shm->payload_size;
-+
-+	shm_region->physmap = &shm->shm_physmap;
-+	shm_region->page_shift = (metal_phys_addr_t)(-1);
-+	shm_region->page_mask = (metal_phys_addr_t)(-1);
-+}
-+
-+static int openamp_virtio_metal_init(struct openamp_virtio_metal *metal)
-+{
-+	struct metal_init_params params = METAL_INIT_DEFAULTS;
-+	struct metal_device *shm_dev = &metal->shm_dev;
-+	int ret;
-+
-+	openamp_virtio_metal_device_setup(shm_dev, &metal->shm);
-+
-+	metal_spinlock_init(&metal->lock);
-+
-+	ret = metal_init(&params);
-+	if (ret < 0)
-+		return ret;
-+
-+	ret = metal_register_generic_device(shm_dev);
-+	if (ret < 0)
-+		goto metal_finish;
-+
-+	ret = metal_device_open("generic", OPENAMP_SHEM_DEVICE_NAME,
-+				&metal->io_dev);
-+	if (ret < 0)
-+		goto metal_finish;
-+
-+	metal->io = metal_device_io_region(metal->io_dev, 0);
-+	if (!metal->io) {
-+		EMSG("openamp: virtio: failed to init metal io");
-+		ret = -EPROTO;
-+		goto metal_finish;
-+	}
-+
-+	return 0;
-+
-+metal_finish:
-+	metal_finish();
-+	return ret;
-+}
-+
-+static unsigned char openamp_virtio_status_get(struct virtio_device *vdev)
-+{
-+	struct openamp_virtio *virtio = openamp_virtio_from_dev(vdev);
-+	struct openamp_virtio_shm *shm = &virtio->metal.shm;
-+
-+	uint32_t status = *(volatile uint32_t *)shm->vdev_status;
-+
-+	return status;
-+}
-+
-+static void openamp_virtio_status_set(struct virtio_device *vdev,
-+				      unsigned char status)
-+{
-+	struct openamp_virtio *virtio = openamp_virtio_from_dev(vdev);
-+	struct openamp_virtio_shm *shm = &virtio->metal.shm;
-+
-+	*(volatile uint32_t *)shm->vdev_status = status;
-+}
-+
-+static int count;
-+
-+static uint32_t openamp_virtio_features_get(struct virtio_device *vdev)
-+{
-+	return 1 << VIRTIO_RPMSG_F_NS;
-+}
-+
-+static void openamp_virtio_notify(struct virtqueue *vq)
-+{
-+	struct openamp_virtio_device *openamp_vdev;
-+	struct openamp_caller *openamp;
-+	struct openamp_virtio *virtio;
-+	int ret;
-+
-+	openamp_vdev = container_of(vq->vq_dev, struct openamp_virtio_device, virtio_dev);
-+	virtio = container_of(openamp_vdev, struct openamp_virtio, vdev);
-+	openamp = virtio->openamp;
-+
-+	ret = openamp->platform_ops->transport_notify(openamp);
-+	if (ret < 0)
-+		EMSG("openamp: virtio: erro in transport_notify: %d", ret);
-+}
-+
-+const static struct virtio_dispatch openamp_virtio_dispatch = {
-+	.get_status = openamp_virtio_status_get,
-+	.set_status = openamp_virtio_status_set,
-+	.get_features = openamp_virtio_features_get,
-+	.notify = openamp_virtio_notify,
-+};
-+
-+static int openamp_virtio_device_setup(struct openamp_virtio *virtio)
-+{
-+	struct openamp_virtio_metal *metal = &virtio->metal;
-+	struct openamp_virtio_device *openamp_vdev = &virtio->vdev;
-+	struct virtio_device *vdev = &openamp_vdev->virtio_dev;
-+	struct openamp_virtio_shm *shm = &metal->shm;
-+	struct virtio_vring_info *rvring;
-+
-+	rvring = &openamp_vdev->rvrings[0];
-+
-+	vdev->role = RPMSG_REMOTE;
-+	vdev->vrings_num = VIRTQUEUE_NR;
-+	vdev->func = &openamp_virtio_dispatch;
-+
-+	openamp_vdev->vq[VQ_TX] = virtqueue_allocate(VRING_DESCRIPTORS);
-+	if (!openamp_vdev->vq[VQ_TX]) {
-+		EMSG("openamp: virtio: failed to allocate virtqueue 0");
-+		return -ENOMEM;
-+	}
-+	rvring->io = metal->io;
-+	rvring->info.vaddr = (void *)shm->vring_tx;
-+	rvring->info.num_descs = VRING_DESCRIPTORS;
-+	rvring->info.align = VRING_ALIGN;
-+	rvring->vq = openamp_vdev->vq[VQ_TX];
-+
-+	openamp_vdev->vq[VQ_RX] = virtqueue_allocate(VRING_DESCRIPTORS);
-+	if (!openamp_vdev->vq[VQ_RX]) {
-+		EMSG("openamp: virtio: failed to allocate virtqueue 1");
-+		goto free_vq;
-+	}
-+	rvring = &openamp_vdev->rvrings[VQ_RX];
-+	rvring->io = metal->io;
-+	rvring->info.vaddr = (void *)shm->vring_rx;
-+	rvring->info.num_descs = VRING_DESCRIPTORS;
-+	rvring->info.align = VRING_ALIGN;
-+	rvring->vq = openamp_vdev->vq[VQ_RX];
-+
-+	vdev->vrings_info = &openamp_vdev->rvrings[0];
-+
-+	return 0;
-+
-+free_vq:
-+	virtqueue_free(openamp_vdev->vq[VQ_TX]);
-+	virtqueue_free(openamp_vdev->vq[VQ_RX]);
-+
-+	return -ENOMEM;
-+}
-+
-+static int openamp_virtio_rpmsg_endpoint_callback(struct rpmsg_endpoint *ep,
-+						  void *data, size_t len,
-+						  uint32_t src, void *priv)
-+{
-+	struct openamp_virtio_rpmsg *vrpmsg;
-+	struct rpmsg_device *rdev;
-+	struct openamp_virtio *virtio;
-+
-+	rdev = ep->rdev;
-+	vrpmsg = openamp_virtio_rpmsg_from_dev(rdev);
-+	virtio = container_of(vrpmsg, struct openamp_virtio, rpmsg);
-+
-+	rpmsg_hold_rx_buffer(ep, data);
-+	vrpmsg->resp_buf = data;
-+	vrpmsg->resp_len = len;
-+
-+	return 0;
-+}
-+
-+static void openamp_virtio_rpmsg_service_unbind(struct rpmsg_endpoint *ep)
-+{
-+	struct openamp_virtio_rpmsg *vrpmsg;
-+	struct rpmsg_device *rdev;
-+
-+	rdev = container_of(ep, struct rpmsg_device, ns_ept);
-+	vrpmsg = openamp_virtio_rpmsg_from_dev(rdev);
-+
-+	rpmsg_destroy_ept(&vrpmsg->ep);
-+}
-+
-+static void openamp_virtio_rpmsg_endpoint_bind(struct rpmsg_device *rdev,
-+					       const char *name,
-+					       unsigned int dest)
-+{
-+	struct openamp_virtio_rpmsg *vrpmsg;
-+
-+	vrpmsg = openamp_virtio_rpmsg_from_dev(rdev);
-+
-+	rpmsg_create_ept(&vrpmsg->ep, rdev, name, RPMSG_ADDR_ANY, dest,
-+			 openamp_virtio_rpmsg_endpoint_callback,
-+			 openamp_virtio_rpmsg_service_unbind);
-+}
-+
-+static int openamp_virtio_rpmsg_device_setup(struct openamp_virtio *virtio,
-+					     struct device_region *virtio_dev)
-+{
-+	struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg;
-+	struct rpmsg_virtio_device *rpmsg_vdev = &vrpmsg->rpmsg_vdev;
-+	struct openamp_virtio_device *openamp_vdev = &virtio->vdev;
-+	struct virtio_device *vdev = &openamp_vdev->virtio_dev;
-+	struct openamp_virtio_metal *metal = &virtio->metal;
-+	int ret;
-+
-+	/*
-+	 * we assume here that we are the client side and do not need to
-+	 * initialize the share memory poll (this is done at server side).
-+	 */
-+	ret = rpmsg_init_vdev(rpmsg_vdev, vdev,
-+			      openamp_virtio_rpmsg_endpoint_bind, metal->io,
-+			      NULL);
-+	if (ret < 0) {
-+		EMSG("openamp: virtio: init vdev failed: %d", ret);
-+		return ret;
-+	}
-+
-+
-+	ret = rpmsg_create_ept(&vrpmsg->ep, &rpmsg_vdev->rdev,
-+			       OPENAMP_RPMSG_ENDPOINT_NAME, RPMSG_ADDR_ANY,
-+			       RPMSG_ADDR_ANY,
-+			       openamp_virtio_rpmsg_endpoint_callback,
-+			       openamp_virtio_rpmsg_service_unbind);
-+	if (ret < 0) {
-+		EMSG("openamp: virtio: failed to create endpoint: %d", ret);
-+		return ret;
-+	}
-+
-+	/* set default remote addr */
-+	vrpmsg->ep.dest_addr = OPENAMP_RPMSG_ENDPOINT_ADDR;
-+
-+	return 0;
-+}
-+
-+static void openamp_virtio_shm_set(struct openamp_virtio *virtio,
-+				   struct device_region *virtio_region)
-+{
-+	struct openamp_virtio_shm *shm = &virtio->metal.shm;
-+
-+	shm->base_addr = virtio_region->base_addr;
-+	shm->size = virtio_region->io_region_size;
-+
-+	shm->vdev_status = shm->base_addr;
-+	shm->vdev_status_size = OPENAMP_SHEM_VDEV_SIZE;
-+
-+	shm->vring_rx = shm->base_addr + shm->size -
-+		(2 * OPENAMP_SHEM_VRING_SIZE);
-+	shm->vring_rx_size = OPENAMP_SHEM_VRING_SIZE;
-+
-+	shm->vring_tx = shm->vring_rx + shm->vring_rx_size;
-+	shm->vring_tx_size = OPENAMP_SHEM_VRING_SIZE;
-+
-+	shm->payload_addr = shm->vdev_status + shm->vdev_status_size;
-+	shm->payload_size = shm->size - shm->vdev_status_size -
-+		shm->vring_rx_size - shm->vring_tx_size;
-+
-+	shm->shm_physmap[0] = OPENAMP_SHEM_PHYS + shm->vdev_status_size;
-+
-+	IMSG("SHEM: base: 0x%0x size: 0x%0x size: %d",
-+	     shm->base_addr, shm->size, shm->size);
-+	IMSG("VDEV: base: 0x%0x size: 0x%0x size: %d",
-+	     shm->vdev_status, shm->vdev_status_size, shm->vdev_status_size);
-+	IMSG("PAYLOAD: base: 0x%0x size: 0x%0x size: %d",
-+	     shm->payload_addr, shm->payload_size, shm->payload_size);
-+	IMSG("VRING_TX: base: 0x%0x size: 0x%0x size: %d",
-+	     shm->vring_tx, shm->vring_tx_size, shm->vring_tx_size);
-+	IMSG("VRING_RX: base: 0x%0x size: 0x%0x size: %d",
-+	     shm->vring_rx, shm->vring_rx_size, shm->vring_rx_size);
-+	IMSG("PHYMAP: base: 0x%0x", shm->shm_physmap[0]);
-+}
-+
-+static int openamp_virtio_device_get(const char *dev,
-+				     struct device_region *dev_region)
-+{
-+	bool found;
-+
-+	found = config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION, dev, 0,
-+				   dev_region, sizeof(*dev_region));
-+	if (!found) {
-+		EMSG("openamp: virtio: device region not found: %s", dev);
-+		return -EINVAL;
-+	}
-+
-+	if (dev_region->base_addr == 0 || dev_region->io_region_size == 0) {
-+		EMSG("openamp: virtio: device region not valid");
-+		return -EINVAL;
-+	}
-+
-+	IMSG("openamp: virtio: device region found: %s addr: 0x%x size: %d",
-+	     dev, dev_region->base_addr, dev_region->io_region_size);
-+
-+	return  0;
-+}
-+
-+int openamp_virtio_call_begin(struct openamp_caller *openamp, uint8_t **req_buf,
-+			      size_t req_len)
-+{
-+	struct openamp_virtio *virtio = openamp->platform;
-+	struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg;
-+	struct rpmsg_endpoint *ep = &vrpmsg->ep;
-+
-+
-+	*req_buf = rpmsg_get_tx_payload_buffer(ep, &vrpmsg->req_len,
-+					       OPENAMP_BUFFER_WAIT);
-+	if (*req_buf == NULL)
-+		return -EINVAL;
-+
-+	if (vrpmsg->req_len < req_len)
-+		return -E2BIG;
-+
-+	vrpmsg->req_buf = *req_buf;
-+
-+	return 0;
-+}
-+
-+int openamp_virtio_call_invoke(struct openamp_caller *openamp, int *opstatus,
-+			       uint8_t **resp_buf, size_t *resp_len)
-+{
-+	const struct openamp_platform_ops *ops = openamp->platform_ops;
-+	struct openamp_virtio *virtio = openamp->platform;
-+	struct openamp_virtio_device *openamp_vdev = &virtio->vdev;
-+	struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg;
-+	struct rpmsg_endpoint *ep = &vrpmsg->ep;
-+	int ret;
-+
-+	ret = rpmsg_send_nocopy(ep, vrpmsg->req_buf, vrpmsg->req_len);
-+	if (ret < 0) {
-+		EMSG("openamp: virtio: send nocopy failed: %d", ret);
-+		return -EIO;
-+	}
-+
-+	if (ret != vrpmsg->req_len) {
-+		EMSG("openamp: virtio: send less bytes %d than requested %d",
-+		     ret, vrpmsg->req_len);
-+		return -EIO;
-+	}
-+
-+	if (!ops->transport_receive)
-+		return 0;
-+
-+	ret = ops->transport_receive(openamp);
-+	if (ret < 0) {
-+		EMSG("openamp: virtio: failed transport_receive");
-+		return -EIO;
-+	}
-+
-+	virtqueue_notification(openamp_vdev->vq[VQ_RX]);
-+
-+	*resp_buf = vrpmsg->resp_buf;
-+	*resp_len = vrpmsg->resp_len;
-+
-+	return  0;
-+}
-+
-+void openamp_virtio_call_end(struct openamp_caller *openamp)
-+{
-+	struct openamp_virtio *virtio = openamp->platform;
-+	struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg;
-+
-+	rpmsg_release_rx_buffer(&vrpmsg->ep, vrpmsg->resp_buf);
-+
-+	vrpmsg->req_buf = NULL;
-+	vrpmsg->req_len = 0;
-+	vrpmsg->resp_buf = NULL;
-+	vrpmsg->resp_len = 0;
-+}
-+
-+void *openamp_virtio_virt_to_phys(struct openamp_caller *openamp, void *va)
-+{
-+	struct openamp_virtio *virtio = openamp->platform;
-+	struct openamp_virtio_metal *metal = &virtio->metal;
-+
-+	return metal_io_virt_to_phys(metal->io, va);
-+}
-+
-+void *openamp_virtio_phys_to_virt(struct openamp_caller *openamp, void *pa)
-+{
-+	struct openamp_virtio *virtio = openamp->platform;
-+	struct openamp_virtio_metal *metal = &virtio->metal;
-+
-+	return metal_io_phys_to_virt(metal->io, pa);
-+}
-+
-+int openamp_virtio_init(struct openamp_caller *openamp)
-+{
-+	struct device_region virtio_dev;
-+	struct openamp_virtio *virtio;
-+	int ret;
-+
-+	if (openamp->platform)
-+		return 0;
-+
-+
-+	virtio = malloc(sizeof(*virtio));
-+	if (!virtio)
-+		return -ENOMEM;
-+
-+	virtio->openamp = openamp;
-+
-+	ret = openamp_virtio_device_get(OPENAMP_SHEM_DEVICE_NAME, &virtio_dev);
-+	if (ret < 0)
-+		goto free_virtio;
-+
-+	openamp_virtio_shm_set(virtio, &virtio_dev);
-+
-+	ret = openamp_virtio_metal_init(&virtio->metal);
-+	if (ret < 0)
-+		goto free_virtio;
-+
-+	ret = openamp_virtio_device_setup(virtio);
-+	if (ret < 0)
-+		goto finish_metal;
-+
-+	ret = openamp_virtio_rpmsg_device_setup(virtio, &virtio_dev);
-+	if (ret < 0) {
-+		EMSG("openamp: virtio: rpmsg device setup failed: %d", ret);
-+		goto finish_metal;
-+	}
-+
-+	openamp->platform = virtio;
-+
-+	return 0;
-+
-+finish_metal:
-+	metal_finish();
-+
-+free_virtio:
-+	free(virtio);
-+
-+	return ret;
-+}
-+
-+int openamp_virtio_deinit(struct openamp_caller *openamp)
-+{
-+	struct openamp_virtio *virtio;
-+
-+	if (!openamp->platform)
-+		return 0;
-+
-+	virtio = openamp->platform;
-+
-+	metal_finish();
-+	free(virtio);
-+
-+	openamp->platform = NULL;
-+
-+	return 0;
-+}
-diff --git a/components/rpc/openamp/caller/sp/openamp_virtio.h b/components/rpc/openamp/caller/sp/openamp_virtio.h
-new file mode 100644
-index 000000000000..915128ff65ce
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_virtio.h
-@@ -0,0 +1,24 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+#ifndef OPENAMP_VIRTIO_H
-+#define OPENAMP_VIRTIO_H
-+
-+#include <stddef.h>
-+#include "openamp_caller.h"
-+
-+int openamp_virtio_call_begin(struct openamp_caller *openamp, uint8_t **req_buf,
-+			      size_t req_len);
-+int openamp_virtio_call_invoke(struct openamp_caller *openamp, int *opstatus,
-+			       uint8_t **resp_buf, size_t *resp_len);
-+int openamp_virtio_call_end(struct openamp_caller *openamp);
-+void *openamp_virtio_virt_to_phys(struct openamp_caller *openamp, void *va);
-+void *openamp_virtio_phys_to_virt(struct openamp_caller *openamp, void *pa);
-+
-+int openamp_virtio_init(struct openamp_caller *openamp);
-+int openamp_virtio_deinit(struct openamp_caller *openamp);
-+
-+#endif
-diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-index 267b4f923540..04c181586b06 100644
---- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-+++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-@@ -32,5 +32,11 @@
- 			pages-count = <16>;
- 			attributes = <0x3>; /* read-write */
- 		};
-+		openamp-virtio {
-+			/* Armv8 A Foundation Platform values */
-+			base-address = <0x00000000 0x88000000>;
-+			pages-count = <256>;
-+			attributes = <0x3>; /* read-write */
-+		};
- 	};
- };
-diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
-index d39873a0fe81..34fe5ff1b925 100644
---- a/deployments/se-proxy/se-proxy.cmake
-+++ b/deployments/se-proxy/se-proxy.cmake
-@@ -47,6 +47,7 @@ add_components(TARGET "se-proxy"
- 		"components/service/attestation/include"
- 		"components/service/attestation/provider"
- 		"components/service/attestation/provider/serializer/packed-c"
-+		"components/rpc/openamp/caller/sp"
- 
- 		# Stub service provider backends
- 		"components/rpc/dummy"
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch
similarity index 99%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch
index ce40df0f..3d743d28 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch
+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch
@@ -1,7 +1,7 @@
-From 70cf374fb55f2d62ecbe28049253df33b42b6749 Mon Sep 17 00:00:00 2001
+From 5c8ac10337ac853d8a82992fb6e1d91b122b99d2 Mon Sep 17 00:00:00 2001
 From: Satish Kumar <satish.kumar01@arm.com>
 Date: Fri, 8 Jul 2022 09:48:06 +0100
-Subject: [PATCH 20/20] FMP Support in Corstone1000.
+Subject: [PATCH 3/6] FMP Support in Corstone1000.
 
 The FMP support is used by u-boot to pupolate ESRT information
 for the kernel.
@@ -414,5 +414,5 @@ index 000000000000..95fba2a04d5c
 +
 +#endif /* CORSTONE1000_FMP_SERVICE_H */
 -- 
-2.38.1
+2.40.0
 
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch
similarity index 95%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch
index 7e65de86..628d8682 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch
+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch
@@ -1,24 +1,25 @@
-From ca7d37502f9453125aead14c7ee5181336cbe8f4 Mon Sep 17 00:00:00 2001
+From c294197b17358b20c75757b9a06d628f43cd7884 Mon Sep 17 00:00:00 2001
 From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
 Date: Thu, 9 Feb 2023 00:22:40 +0000
-Subject: [PATCH 1/3] TF-Mv1.7 alignment: Align PSA Crypto SIDs
+Subject: [PATCH 4/6] TF-Mv1.7 alignment: Align PSA Crypto SIDs
 
 This patch is to change the PSA Crypto SIDs to match the values of the
 PSA Crypto SID definitions in TF-M v1.7 running on the secure enclave
 
 Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
 Upstream-Status: Pending [Not submitted yet]
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
 ---
  .../service/common/include/psa/crypto_sid.h   | 241 ++++++++++++++++++
- components/service/common/include/psa/sid.h   |  78 +-----
+ components/service/common/include/psa/sid.h   |  76 +-----
  .../caller/psa_ipc/crypto_caller_sign_hash.h  |   4 +-
  .../psa_ipc/crypto_caller_verify_hash.h       |   4 +-
- 4 files changed, 249 insertions(+), 78 deletions(-)
+ 4 files changed, 248 insertions(+), 77 deletions(-)
  create mode 100644 components/service/common/include/psa/crypto_sid.h
 
 diff --git a/components/service/common/include/psa/crypto_sid.h b/components/service/common/include/psa/crypto_sid.h
 new file mode 100644
-index 00000000..5b05f46d
+index 000000000000..5b05f46d7d72
 --- /dev/null
 +++ b/components/service/common/include/psa/crypto_sid.h
 @@ -0,0 +1,241 @@
@@ -264,16 +265,9 @@ index 00000000..5b05f46d
 +
 +#endif /* __PSA_CRYPTO_SID_H__ */
 diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index 8103a9af..50ad070e 100644
+index 8e2c6bdf2919..5aaa659d49a0 100644
 --- a/components/service/common/include/psa/sid.h
 +++ b/components/service/common/include/psa/sid.h
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
-+ * Copyright (c) 2019-2023, Arm Limited. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  *
 @@ -12,6 +12,9 @@
  extern "C" {
  #endif
@@ -284,9 +278,9 @@ index 8103a9af..50ad070e 100644
  /******** TFM_SP_PS ********/
  #define TFM_PROTECTED_STORAGE_SERVICE_SID                          (0x00000060U)
  #define TFM_PROTECTED_STORAGE_SERVICE_VERSION                      (1U)
-@@ -43,79 +46,6 @@ extern "C" {
- #define TFM_PLATFORM_SERVICE_HANDLE       (0x40000105U)
- 
+@@ -37,79 +40,6 @@ extern "C" {
+ #define TFM_CRYPTO_VERSION                                         (1U)
+ #define TFM_CRYPTO_HANDLE                                          (0x40000100U)
  
 -/**
 - * \brief Define a progressive numerical value for each SID which can be used
@@ -365,7 +359,7 @@ index 8103a9af..50ad070e 100644
  #define TFM_SP_PLATFORM_SYSTEM_RESET_SID                           (0x00000040U)
  #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION                       (1U)
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-index e4a2b167..9276748d 100644
+index 29bd56e60708..bebfe05c7c49 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
 @@ -37,7 +37,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex
@@ -387,7 +381,7 @@ index e4a2b167..9276748d 100644
  		.alg = alg,
  	};
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-index cc9279ee..bcd8e0e4 100644
+index 66281d588626..d0a3850678cb 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
 @@ -63,7 +63,7 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont
@@ -409,5 +403,5 @@ index cc9279ee..bcd8e0e4 100644
  
  #ifdef __cplusplus
 -- 
-2.25.1
+2.40.0
 
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch
deleted file mode 100644
index 84d418c1..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch
+++ /dev/null
@@ -1,298 +0,0 @@
-From fb6d2f33e26c7b6ef88d552feca1f835da3f0df6 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 19:05:18 +0000
-Subject: [PATCH 04/20] add psa client definitions for ff-m
-
-Add PSA client definitions in common include to add future
-ff-m support.
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../service/common/include/psa/client.h       | 194 ++++++++++++++++++
- components/service/common/include/psa/sid.h   |  71 +++++++
- 2 files changed, 265 insertions(+)
- create mode 100644 components/service/common/include/psa/client.h
- create mode 100644 components/service/common/include/psa/sid.h
-
-diff --git a/components/service/common/include/psa/client.h b/components/service/common/include/psa/client.h
-new file mode 100644
-index 000000000000..69ccf14f40a3
---- /dev/null
-+++ b/components/service/common/include/psa/client.h
-@@ -0,0 +1,194 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef SERVICE_PSA_IPC_H
-+#define SERVICE_PSA_IPC_H
-+
-+#include <stddef.h>
-+#include <stdint.h>
-+
-+#include <rpc_caller.h>
-+#include <psa/error.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+#ifndef IOVEC_LEN
-+#define IOVEC_LEN(arr) ((uint32_t)(sizeof(arr)/sizeof(arr[0])))
-+#endif
-+
-+/*********************** PSA Client Macros and Types *************************/
-+
-+typedef int32_t psa_handle_t;
-+
-+/**
-+ * The version of the PSA Framework API that is being used to build the calling
-+ * firmware. Only part of features of FF-M v1.1 have been implemented. FF-M v1.1
-+ * is compatible with v1.0.
-+ */
-+#define PSA_FRAMEWORK_VERSION       (0x0101u)
-+
-+/**
-+ * Return value from psa_version() if the requested RoT Service is not present
-+ * in the system.
-+ */
-+#define PSA_VERSION_NONE            (0u)
-+
-+/**
-+ * The zero-value null handle can be assigned to variables used in clients and
-+ * RoT Services, indicating that there is no current connection or message.
-+ */
-+#define PSA_NULL_HANDLE             ((psa_handle_t)0)
-+
-+/**
-+ * Tests whether a handle value returned by psa_connect() is valid.
-+ */
-+#define PSA_HANDLE_IS_VALID(handle) ((psa_handle_t)(handle) > 0)
-+
-+/**
-+ * Converts the handle value returned from a failed call psa_connect() into
-+ * an error code.
-+ */
-+#define PSA_HANDLE_TO_ERROR(handle) ((psa_status_t)(handle))
-+
-+/**
-+ * Maximum number of input and output vectors for a request to psa_call().
-+ */
-+#define PSA_MAX_IOVEC               (4u)
-+
-+/**
-+ * An IPC message type that indicates a generic client request.
-+ */
-+#define PSA_IPC_CALL                (0)
-+
-+/**
-+ * A read-only input memory region provided to an RoT Service.
-+ */
-+struct __attribute__ ((__packed__)) psa_invec {
-+    uint32_t base;           /*!< the start address of the memory buffer */
-+    uint32_t len;                 /*!< the size in bytes                      */
-+};
-+
-+/**
-+ * A writable output memory region provided to an RoT Service.
-+ */
-+struct __attribute__ ((__packed__)) psa_outvec {
-+    uint32_t base;                 /*!< the start address of the memory buffer */
-+    uint32_t len;                 /*!< the size in bytes                      */
-+};
-+
-+/*************************** PSA Client API **********************************/
-+
-+/**
-+ * \brief Retrieve the version of the PSA Framework API that is implemented.
-+ *
-+ * \param[in] rpc_caller        RPC caller to use
-+ * \return version              The version of the PSA Framework implementation
-+ *                              that is providing the runtime services to the
-+ *                              caller. The major and minor version are encoded
-+ *                              as follows:
-+ * \arg                           version[15:8] -- major version number.
-+ * \arg                           version[7:0]  -- minor version number.
-+ */
-+uint32_t psa_framework_version(struct rpc_caller *caller);
-+
-+/**
-+ * \brief Retrieve the version of an RoT Service or indicate that it is not
-+ *        present on this system.
-+ *
-+ * \param[in] rpc_caller        RPC caller to use
-+ * \param[in] sid               ID of the RoT Service to query.
-+ *
-+ * \retval PSA_VERSION_NONE     The RoT Service is not implemented, or the
-+ *                              caller is not permitted to access the service.
-+ * \retval > 0                  The version of the implemented RoT Service.
-+ */
-+uint32_t psa_version(struct rpc_caller *caller, uint32_t sid);
-+
-+/**
-+ * \brief Connect to an RoT Service by its SID.
-+ *
-+ * \param[in] rpc_caller        RPC caller to use
-+ * \param[in] sid               ID of the RoT Service to connect to.
-+ * \param[in] version           Requested version of the RoT Service.
-+ *
-+ * \retval > 0                  A handle for the connection.
-+ * \retval PSA_ERROR_CONNECTION_REFUSED The SPM or RoT Service has refused the
-+ *                              connection.
-+ * \retval PSA_ERROR_CONNECTION_BUSY The SPM or RoT Service cannot make the
-+ *                              connection at the moment.
-+ * \retval "PROGRAMMER ERROR"   The call is a PROGRAMMER ERROR if one or more
-+ *                              of the following are true:
-+ * \arg                           The RoT Service ID is not present.
-+ * \arg                           The RoT Service version is not supported.
-+ * \arg                           The caller is not allowed to access the RoT
-+ *                                service.
-+ */
-+psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
-+			 uint32_t version);
-+
-+/**
-+ * \brief Call an RoT Service on an established connection.
-+ *
-+ * \note  FF-M 1.0 proposes 6 parameters for psa_call but the secure gateway ABI
-+ *        support at most 4 parameters. TF-M chooses to encode 'in_len',
-+ *        'out_len', and 'type' into a 32-bit integer to improve efficiency.
-+ *        Compared with struct-based encoding, this method saves extra memory
-+ *        check and memory copy operation. The disadvantage is that the 'type'
-+ *        range has to be reduced into a 16-bit integer. So with this encoding,
-+ *        the valid range for 'type' is 0-32767.
-+ *
-+ * \param[in] rpc_caller        RPC caller to use
-+ * \param[in] handle            A handle to an established connection.
-+ * \param[in] type              The request type.
-+ *                              Must be zero( \ref PSA_IPC_CALL) or positive.
-+ * \param[in] in_vec            Array of input \ref psa_invec structures.
-+ * \param[in] in_len            Number of input \ref psa_invec structures.
-+ * \param[in,out] out_vec       Array of output \ref psa_outvec structures.
-+ * \param[in] out_len           Number of output \ref psa_outvec structures.
-+ *
-+ * \retval >=0                  RoT Service-specific status value.
-+ * \retval <0                   RoT Service-specific error code.
-+ * \retval PSA_ERROR_PROGRAMMER_ERROR The connection has been terminated by the
-+ *                              RoT Service. The call is a PROGRAMMER ERROR if
-+ *                              one or more of the following are true:
-+ * \arg                           An invalid handle was passed.
-+ * \arg                           The connection is already handling a request.
-+ * \arg                           type < 0.
-+ * \arg                           An invalid memory reference was provided.
-+ * \arg                           in_len + out_len > PSA_MAX_IOVEC.
-+ * \arg                           The message is unrecognized by the RoT
-+ *                                Service or incorrectly formatted.
-+ */
-+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle,
-+		      int32_t type, const struct psa_invec *in_vec,
-+		      size_t in_len, struct psa_outvec *out_vec, size_t out_len);
-+
-+/**
-+ * \brief Close a connection to an RoT Service.
-+ *
-+ * \param[in] rpc_caller        RPC caller to use
-+ * \param[in] handle            A handle to an established connection, or the
-+ *                              null handle.
-+ *
-+ * \retval void                 Success.
-+ * \retval "PROGRAMMER ERROR"   The call is a PROGRAMMER ERROR if one or more
-+ *                              of the following are true:
-+ * \arg                           An invalid handle was provided that is not
-+ *                                the null handle.
-+ * \arg                           The connection is currently handling a
-+ *                                request.
-+ */
-+void psa_close(struct rpc_caller *caller, psa_handle_t handle);
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* SERVICE_PSA_IPC_H */
-+
-+
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-new file mode 100644
-index 000000000000..aaa973c6e987
---- /dev/null
-+++ b/components/service/common/include/psa/sid.h
-@@ -0,0 +1,71 @@
-+/*
-+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ *
-+ */
-+
-+#ifndef __PSA_MANIFEST_SID_H__
-+#define __PSA_MANIFEST_SID_H__
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/******** TFM_SP_PS ********/
-+#define TFM_PROTECTED_STORAGE_SERVICE_SID                          (0x00000060U)
-+#define TFM_PROTECTED_STORAGE_SERVICE_VERSION                      (1U)
-+#define TFM_PROTECTED_STORAGE_SERVICE_HANDLE                       (0x40000101U)
-+
-+/* Invalid UID */
-+#define TFM_PS_INVALID_UID 0
-+
-+/* PS message types that distinguish PS services. */
-+#define TFM_PS_SET                1001
-+#define TFM_PS_GET                1002
-+#define TFM_PS_GET_INFO           1003
-+#define TFM_PS_REMOVE             1004
-+#define TFM_PS_GET_SUPPORT        1005
-+
-+/******** TFM_SP_ITS ********/
-+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SID                   (0x00000070U)
-+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_VERSION               (1U)
-+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE                (0x40000102U)
-+
-+/******** TFM_SP_CRYPTO ********/
-+#define TFM_CRYPTO_SID                                             (0x00000080U)
-+#define TFM_CRYPTO_VERSION                                         (1U)
-+#define TFM_CRYPTO_HANDLE                                          (0x40000100U)
-+
-+/******** TFM_SP_PLATFORM ********/
-+#define TFM_SP_PLATFORM_SYSTEM_RESET_SID                           (0x00000040U)
-+#define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION                       (1U)
-+#define TFM_SP_PLATFORM_IOCTL_SID                                  (0x00000041U)
-+#define TFM_SP_PLATFORM_IOCTL_VERSION                              (1U)
-+#define TFM_SP_PLATFORM_NV_COUNTER_SID                             (0x00000042U)
-+#define TFM_SP_PLATFORM_NV_COUNTER_VERSION                         (1U)
-+
-+/******** TFM_SP_INITIAL_ATTESTATION ********/
-+#define TFM_ATTESTATION_SERVICE_SID                                (0x00000020U)
-+#define TFM_ATTESTATION_SERVICE_VERSION                            (1U)
-+#define TFM_ATTESTATION_SERVICE_HANDLE                             (0x40000103U)
-+
-+/******** TFM_SP_FWU ********/
-+#define TFM_FWU_WRITE_SID                                          (0x000000A0U)
-+#define TFM_FWU_WRITE_VERSION                                      (1U)
-+#define TFM_FWU_INSTALL_SID                                        (0x000000A1U)
-+#define TFM_FWU_INSTALL_VERSION                                    (1U)
-+#define TFM_FWU_ABORT_SID                                          (0x000000A2U)
-+#define TFM_FWU_ABORT_VERSION                                      (1U)
-+#define TFM_FWU_QUERY_SID                                          (0x000000A3U)
-+#define TFM_FWU_QUERY_VERSION                                      (1U)
-+#define TFM_FWU_REQUEST_REBOOT_SID                                 (0x000000A4U)
-+#define TFM_FWU_REQUEST_REBOOT_VERSION                             (1U)
-+#define TFM_FWU_ACCEPT_SID                                         (0x000000A5U)
-+#define TFM_FWU_ACCEPT_VERSION                                     (1U)
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* __PSA_MANIFEST_SID_H__ */
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch
deleted file mode 100644
index df3cb2f4..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch
+++ /dev/null
@@ -1,295 +0,0 @@
-From 0311fc8f131fe7a2b0f4dd9988c610fda47394aa Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 19:13:03 +0000
-Subject: [PATCH 05/20] Add common service component to ipc support
-
-Add support for inter processor communication for PSA
-including, the openamp client side structures lib.
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../service/common/psa_ipc/component.cmake    |  13 ++
- .../service/common/psa_ipc/service_psa_ipc.c  |  97 +++++++++++++
- .../psa_ipc/service_psa_ipc_openamp_lib.h     | 131 ++++++++++++++++++
- deployments/se-proxy/se-proxy.cmake           |   1 +
- 4 files changed, 242 insertions(+)
- create mode 100644 components/service/common/psa_ipc/component.cmake
- create mode 100644 components/service/common/psa_ipc/service_psa_ipc.c
- create mode 100644 components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h
-
-diff --git a/components/service/common/psa_ipc/component.cmake b/components/service/common/psa_ipc/component.cmake
-new file mode 100644
-index 000000000000..5a1c9e62e2f0
---- /dev/null
-+++ b/components/service/common/psa_ipc/component.cmake
-@@ -0,0 +1,13 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+	message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+	"${CMAKE_CURRENT_LIST_DIR}/service_psa_ipc.c"
-+	)
-diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
-new file mode 100644
-index 000000000000..e8093c20a523
---- /dev/null
-+++ b/components/service/common/psa_ipc/service_psa_ipc.c
-@@ -0,0 +1,97 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <stddef.h>
-+#include <stdint.h>
-+#include <string.h>
-+#include <trace.h>
-+
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <psa/error.h>
-+#include <rpc_caller.h>
-+
-+#include <psa/client.h>
-+#include "service_psa_ipc_openamp_lib.h"
-+
-+psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
-+			 uint32_t version)
-+{
-+	psa_status_t psa_status = PSA_SUCCESS;
-+	struct s_openamp_msg *resp_msg = NULL;
-+	struct ns_openamp_msg *req_msg;
-+	rpc_call_handle rpc_handle;
-+	size_t resp_len;
-+	uint8_t *resp;
-+	uint8_t *req;
-+	int ret;
-+
-+	rpc_handle = rpc_caller_begin(caller, &req,
-+				      sizeof(struct ns_openamp_msg));
-+	if (!rpc_handle) {
-+		EMSG("psa_connect: could not get handle");
-+		return PSA_ERROR_GENERIC_ERROR;
-+	}
-+
-+	req_msg = (struct ns_openamp_msg *)req;
-+
-+	req_msg->call_type = OPENAMP_PSA_CONNECT;
-+	req_msg->params.psa_connect_params.sid = sid;
-+	req_msg->params.psa_connect_params.version = version;
-+
-+	ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
-+				&resp_len);
-+	if (ret != TS_RPC_CALL_ACCEPTED) {
-+		EMSG("psa_connect: invoke failed: %d", ret);
-+		return PSA_ERROR_GENERIC_ERROR;
-+	}
-+
-+	if (psa_status == PSA_SUCCESS)
-+		resp_msg = (struct s_openamp_msg *)resp;
-+
-+	rpc_caller_end(caller, rpc_handle);
-+
-+	return resp_msg ? (psa_handle_t)resp_msg->reply : PSA_NULL_HANDLE;
-+}
-+
-+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle,
-+		      int32_t type, const struct psa_invec *in_vec,
-+		      size_t in_len, struct psa_outvec *out_vec, size_t out_len)
-+{
-+
-+}
-+
-+void psa_close(struct rpc_caller *caller, psa_handle_t handle)
-+{
-+	psa_status_t psa_status = PSA_SUCCESS;
-+	struct s_openamp_msg *resp_msg = NULL;
-+	struct ns_openamp_msg *req_msg;
-+	rpc_call_handle rpc_handle;
-+	size_t resp_len;
-+	uint8_t *resp;
-+	uint8_t *req;
-+	int ret;
-+
-+	rpc_handle = rpc_caller_begin(caller, &req,
-+				      sizeof(struct ns_openamp_msg));
-+	if (!rpc_handle) {
-+		EMSG("psa_close: could not get handle");
-+		return;
-+	}
-+
-+	req_msg = (struct ns_openamp_msg *)req;
-+
-+	req_msg->call_type = OPENAMP_PSA_CLOSE;
-+	req_msg->params.psa_close_params.handle = handle;
-+
-+	ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
-+				&resp_len);
-+	if (ret != TS_RPC_CALL_ACCEPTED) {
-+		EMSG("psa_close: invoke failed: %d", ret);
-+		return;
-+	}
-+
-+	rpc_caller_end(caller, rpc_handle);
-+}
-diff --git a/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h b/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h
-new file mode 100644
-index 000000000000..33ea96660572
---- /dev/null
-+++ b/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h
-@@ -0,0 +1,131 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef SERVICE_PSA_IPC_OPENAMP_LIB_H
-+#define SERVICE_PSA_IPC_OPENAMP_LIB_H
-+
-+#include <stddef.h>
-+#include <stdint.h>
-+
-+#include <compiler.h>
-+#include <psa/error.h>
-+
-+#include <stdint.h>
-+#include <psa/client.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/* PSA client call type value */
-+#define OPENAMP_PSA_FRAMEWORK_VERSION       (0x1)
-+#define OPENAMP_PSA_VERSION                 (0x2)
-+#define OPENAMP_PSA_CONNECT                 (0x3)
-+#define OPENAMP_PSA_CALL                    (0x4)
-+#define OPENAMP_PSA_CLOSE                   (0x5)
-+
-+/* Return code of openamp APIs */
-+#define OPENAMP_SUCCESS                     (0)
-+#define OPENAMP_MAP_FULL                    (INT32_MIN + 1)
-+#define OPENAMP_MAP_ERROR                   (INT32_MIN + 2)
-+#define OPENAMP_INVAL_PARAMS                (INT32_MIN + 3)
-+#define OPENAMP_NO_PERMS                    (INT32_MIN + 4)
-+#define OPENAMP_NO_PEND_EVENT               (INT32_MIN + 5)
-+#define OPENAMP_CHAN_BUSY                   (INT32_MIN + 6)
-+#define OPENAMP_CALLBACK_REG_ERROR          (INT32_MIN + 7)
-+#define OPENAMP_INIT_ERROR                  (INT32_MIN + 8)
-+
-+#define HOLD_INPUT_BUFFER (1) /* IF true, TF-M Library will hold the openamp
-+			       * buffer so that openamp shared memory buffer
-+			       * does not get freed.
-+			       */
-+
-+/*
-+ * This structure holds the parameters used in a PSA client call.
-+ */
-+typedef struct __packed psa_client_in_params {
-+	union {
-+		struct __packed {
-+			uint32_t        sid;
-+		} psa_version_params;
-+
-+		struct __packed {
-+			uint32_t        sid;
-+			uint32_t        version;
-+		} psa_connect_params;
-+
-+		struct __packed {
-+			psa_handle_t     handle;
-+			int32_t          type;
-+			uint32_t         in_vec;
-+			uint32_t         in_len;
-+			uint32_t         out_vec;
-+			uint32_t         out_len;
-+		} psa_call_params;
-+
-+		struct __packed {
-+			psa_handle_t    handle;
-+		} psa_close_params;
-+	};
-+} psa_client_in_params_t;
-+
-+/* Openamp message passed from NSPE to SPE to deliver a PSA client call */
-+struct __packed ns_openamp_msg {
-+	uint32_t                      call_type;   /* PSA client call type */
-+	struct psa_client_in_params   params;      /* Contain parameters used in PSA
-+						  * client call
-+						  */
-+
-+	int32_t                     client_id;   /* Optional client ID of the
-+						  * non-secure caller.
-+						  * It is required to identify the
-+						  * non-secure task when NSPE OS
-+						  * enforces non-secure task
-+						  * isolation
-+						  */
-+	int32_t                     request_id;  /* This is the unique ID for a
-+						  * request send to TF-M by the
-+						  * non-secure core. TF-M forward
-+						  * the ID back to non-secure on the
-+						  * reply to a given request. Using
-+						  * this id, the non-secure library
-+						  * can identify the request for
-+						  * which the reply has received.
-+						  */
-+};
-+
-+/*
-+ * This structure holds the location of the out data of the PSA client call.
-+ */
-+struct __packed psa_client_out_params {
-+	uint32_t              out_vec;
-+	uint32_t              out_len;
-+};
-+
-+
-+/* Openamp message from SPE to NSPE delivering the reply back for a PSA client
-+ * call.
-+ */
-+struct __packed s_openamp_msg {
-+	int32_t                     request_id;  /* Using this id, the non-secure
-+						  * library identifies the request.
-+						  * TF-M forwards the same
-+						  * request-id received on the
-+						  * initial request.
-+						  */
-+	int32_t                     reply;       /* Reply of the PSA client call */
-+	struct psa_client_out_params     params;      /* Contain out data result of the
-+						       * PSA client call.
-+						       */
-+};
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* SERVICE_PSA_IPC_OPENAMP_LIB_H */
-+
-+
-diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
-index 34fe5ff1b925..dd0c5d00c21e 100644
---- a/deployments/se-proxy/se-proxy.cmake
-+++ b/deployments/se-proxy/se-proxy.cmake
-@@ -24,6 +24,7 @@ add_components(TARGET "se-proxy"
- 		"components/service/common/include"
- 		"components/service/common/serializer/protobuf"
- 		"components/service/common/client"
-+		"components/service/common/psa_ipc"
- 		"components/service/common/provider"
- 		"components/service/discovery/provider"
- 		"components/service/discovery/provider/serializer/packed-c"
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch
similarity index 90%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch
index ecea2364..5ed36faf 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch
+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch
@@ -1,7 +1,7 @@
-From a3e203136e7c552069ae582273e0540a219c105f Mon Sep 17 00:00:00 2001
+From 355e9e1425bbe1d4f27eadf81b91ad047d7b42b5 Mon Sep 17 00:00:00 2001
 From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
 Date: Thu, 9 Feb 2023 00:01:06 +0000
-Subject: [PATCH 2/3] TF-Mv1.7 alignment: Align crypto iovec definition
+Subject: [PATCH 5/6] TF-Mv1.7 alignment: Align crypto iovec definition
 
 This patch is to align psa_ipc_crypto_pack_iovec with TF-M v1.7
 And propagate changes accross psa_ipc functions
@@ -9,6 +9,7 @@ More accuratly change sfn_id to function_id
 
 Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
 Upstream-Status: Pending [Not submitted yet]
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
 ---
  .../backend/psa_ipc/crypto_ipc_backend.h      | 34 +++++++++----------
  .../caller/psa_ipc/crypto_caller_aead.h       | 24 ++++++-------
@@ -32,7 +33,7 @@ Upstream-Status: Pending [Not submitted yet]
  19 files changed, 73 insertions(+), 73 deletions(-)
 
 diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-index ec25eaf8..aacd3fcc 100644
+index 678a35810d71..47243648a99f 100644
 --- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
 +++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
 @@ -28,23 +28,23 @@ struct psa_ipc_crypto_aead_pack_input {
@@ -77,7 +78,7 @@ index ec25eaf8..aacd3fcc 100644
  #define iov_size sizeof(struct psa_ipc_crypto_pack_iovec)
  
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-index f6aadd8b..efdffdf7 100644
+index 66a2bc958687..f63996a8aad3 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
 @@ -44,7 +44,7 @@ static inline psa_status_t crypto_caller_aead_encrypt(
@@ -102,94 +103,94 @@ index f6aadd8b..efdffdf7 100644
  	struct rpc_caller *caller = ipc->caller;
  	psa_status_t status;
  	struct psa_ipc_crypto_pack_iovec iov = {
--	    .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
-+	    .function_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
- 	    .key_id = key,
- 	    .alg = alg,
- 	    .op_handle = (*op_handle),
-@@ -185,7 +185,7 @@ static inline psa_status_t crypto_caller_aead_decrypt_setup(
+-		.sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
++		.function_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
+ 		.key_id = key,
+ 		.alg = alg,
+ 		.op_handle = (*op_handle),
+@@ -186,7 +186,7 @@ static inline psa_status_t crypto_caller_aead_decrypt_setup(
  	struct rpc_caller *caller = ipc->caller;
  	psa_status_t status;
  	struct psa_ipc_crypto_pack_iovec iov = {
--	    .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
-+	    .function_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
- 	    .key_id = key,
- 	    .alg = alg,
- 	    .op_handle = (*op_handle),
-@@ -214,7 +214,7 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
+-		.sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
++		.function_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
+ 		.key_id = key,
+ 		.alg = alg,
+ 		.op_handle = (*op_handle),
+@@ -217,7 +217,7 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
  	struct rpc_caller *caller = ipc->caller;
  	psa_status_t status;
  	struct psa_ipc_crypto_pack_iovec iov = {
--	    .sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
-+	    .function_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
- 	    .op_handle = op_handle,
+-		.sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
++		.function_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
+ 		.op_handle = op_handle,
  	};
  
-@@ -243,7 +243,7 @@ static inline psa_status_t crypto_caller_aead_set_nonce(
+@@ -248,7 +248,7 @@ static inline psa_status_t crypto_caller_aead_set_nonce(
  	struct rpc_caller *caller = ipc->caller;
  	psa_status_t status;
  	struct psa_ipc_crypto_pack_iovec iov = {
--	    .sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
-+	    .function_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
- 	    .op_handle = op_handle,
+-		.sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
++		.function_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
+ 		.op_handle = op_handle,
  	};
  
-@@ -270,7 +270,7 @@ static inline psa_status_t crypto_caller_aead_set_lengths(
+@@ -277,7 +277,7 @@ static inline psa_status_t crypto_caller_aead_set_lengths(
  	struct rpc_caller *caller = ipc->caller;
  	psa_status_t status;
  	struct psa_ipc_crypto_pack_iovec iov = {
--	    .sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
-+	    .function_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
- 	    .ad_length = ad_length,
- 	    .plaintext_length = plaintext_length,
- 	    .op_handle = op_handle,
-@@ -299,7 +299,7 @@ static inline psa_status_t crypto_caller_aead_update_ad(
+-		.sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
++		.function_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
+ 		.ad_length = ad_length,
+ 		.plaintext_length = plaintext_length,
+ 		.op_handle = op_handle,
+@@ -307,7 +307,7 @@ static inline psa_status_t crypto_caller_aead_update_ad(
  	struct rpc_caller *caller = ipc->caller;
  	psa_status_t status;
  	struct psa_ipc_crypto_pack_iovec iov = {
--	    .sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
-+	    .function_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
- 	    .op_handle = op_handle,
+-		.sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
++		.function_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
+ 		.op_handle = op_handle,
  	};
  
-@@ -339,7 +339,7 @@ static inline psa_status_t crypto_caller_aead_update(
+@@ -349,7 +349,7 @@ static inline psa_status_t crypto_caller_aead_update(
  	struct rpc_caller *caller = ipc->caller;
  	psa_status_t status;
  	struct psa_ipc_crypto_pack_iovec iov = {
--	    .sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID,
-+	    .function_id = TFM_CRYPTO_AEAD_UPDATE_SID,
- 	    .op_handle = op_handle,
+-		.sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID,
++		.function_id = TFM_CRYPTO_AEAD_UPDATE_SID,
+ 		.op_handle = op_handle,
  	};
  
-@@ -383,7 +383,7 @@ static inline psa_status_t crypto_caller_aead_finish(
+@@ -395,7 +395,7 @@ static inline psa_status_t crypto_caller_aead_finish(
  	struct rpc_caller *caller = ipc->caller;
  	psa_status_t status;
  	struct psa_ipc_crypto_pack_iovec iov = {
--	    .sfn_id = TFM_CRYPTO_AEAD_FINISH_SID,
-+	    .function_id = TFM_CRYPTO_AEAD_FINISH_SID,
- 	    .op_handle = op_handle,
+-		.sfn_id = TFM_CRYPTO_AEAD_FINISH_SID,
++		.function_id = TFM_CRYPTO_AEAD_FINISH_SID,
+ 		.op_handle = op_handle,
  	};
  
-@@ -436,7 +436,7 @@ static inline psa_status_t crypto_caller_aead_verify(
+@@ -448,7 +448,7 @@ static inline psa_status_t crypto_caller_aead_verify(
  	struct rpc_caller *caller = ipc->caller;
  	psa_status_t status;
  	struct psa_ipc_crypto_pack_iovec iov = {
--	    .sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID,
-+	    .function_id = TFM_CRYPTO_AEAD_VERIFY_SID,
- 	    .op_handle = op_handle,
+-		.sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID,
++		.function_id = TFM_CRYPTO_AEAD_VERIFY_SID,
+ 		.op_handle = op_handle,
  	};
  
-@@ -482,7 +482,7 @@ static inline psa_status_t crypto_caller_aead_abort(
+@@ -494,7 +494,7 @@ static inline psa_status_t crypto_caller_aead_abort(
  	struct rpc_caller *caller = ipc->caller;
  	psa_status_t status;
  	struct psa_ipc_crypto_pack_iovec iov = {
--	    .sfn_id = TFM_CRYPTO_AEAD_ABORT_SID,
-+	    .function_id = TFM_CRYPTO_AEAD_ABORT_SID,
- 	    .op_handle = op_handle,
+-		.sfn_id = TFM_CRYPTO_AEAD_ABORT_SID,
++		.function_id = TFM_CRYPTO_AEAD_ABORT_SID,
+ 		.op_handle = op_handle,
  	};
  
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
-index ff01815c..c387eb55 100644
+index d3e43b25f7e5..03682e7cdaa0 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
 @@ -38,7 +38,7 @@ static inline psa_status_t crypto_caller_asymmetric_decrypt(
@@ -202,7 +203,7 @@ index ff01815c..c387eb55 100644
  		.alg = alg,
  	};
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
-index 1daf1689..8eb3de45 100644
+index 124b088f94d8..60f5770e3a1e 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
 @@ -38,7 +38,7 @@ static inline psa_status_t crypto_caller_asymmetric_encrypt(
@@ -215,7 +216,7 @@ index 1daf1689..8eb3de45 100644
  		.alg = alg,
  	};
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-index fbefb28d..20aa46a5 100644
+index 8d906aeef2a0..4f885f3445ab 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
 @@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_cipher_encrypt_setup(
@@ -282,7 +283,7 @@ index fbefb28d..20aa46a5 100644
  	};
  	struct psa_invec in_vec[] = {
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
-index 9a988171..48157d7e 100644
+index b2e57e1e7255..71cf4381dfe5 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
 @@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_copy_key(struct service_client *context
@@ -295,7 +296,7 @@ index 9a988171..48157d7e 100644
  	};
  	struct psa_invec in_vec[] = {
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
-index d00f4faa..6d0a05e6 100644
+index 94a01580b482..85bd2b4cde97 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
 @@ -31,7 +31,7 @@ static inline psa_status_t crypto_caller_destroy_key(struct service_client *cont
@@ -308,7 +309,7 @@ index d00f4faa..6d0a05e6 100644
  	};
  	struct psa_invec in_vec[] = {
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
-index 8ac5477f..9a6b7013 100644
+index b6dfda38bc23..5e9543085139 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
 @@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_export_key(struct service_client *conte
@@ -321,7 +322,7 @@ index 8ac5477f..9a6b7013 100644
  	};
  	struct psa_invec in_vec[] = {
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
-index b24c47f1..52bdd757 100644
+index d154db89bf0b..349dc6cb949c 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
 @@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_export_public_key(struct service_client
@@ -334,7 +335,7 @@ index b24c47f1..52bdd757 100644
  	};
  	struct psa_invec in_vec[] = {
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
-index 1b66ed40..7ed1673b 100644
+index 41dc3a1806ec..31c6901ab88a 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
 @@ -32,7 +32,7 @@ static inline psa_status_t crypto_caller_generate_key(struct service_client *con
@@ -347,7 +348,7 @@ index 1b66ed40..7ed1673b 100644
  	struct psa_invec in_vec[] = {
  		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
-index 7c538237..4fb87aa8 100644
+index 50437327ec2a..ce51ded30b1f 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
 @@ -32,7 +32,7 @@ static inline psa_status_t crypto_caller_generate_random(struct service_client *
@@ -360,7 +361,7 @@ index 7c538237..4fb87aa8 100644
  	struct psa_invec in_vec[] = {
  		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
-index 22f1d18f..2caa3bd3 100644
+index 3531bd06147f..ea90af7df782 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
 @@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_get_key_attributes(
@@ -373,7 +374,7 @@ index 22f1d18f..2caa3bd3 100644
  	};
  	struct psa_invec in_vec[] = {
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-index 9f37908a..4fb60d44 100644
+index f63e9812af6c..f7ffaf38c7d0 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
 @@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_hash_setup(
@@ -431,7 +432,7 @@ index 9f37908a..4fb60d44 100644
  	};
  	struct psa_invec in_vec[] = {
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
-index d4703366..1458163c 100644
+index 72a43c428adf..0c946a25488f 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
 @@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_import_key(struct service_client *conte
@@ -444,7 +445,7 @@ index d4703366..1458163c 100644
  	struct psa_invec in_vec[] = {
  		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
-index 5ce4fb6c..16be9916 100644
+index cacadf09d2c4..8bc32977535d 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
 @@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_key_derivation_setup(
@@ -538,7 +539,7 @@ index 5ce4fb6c..16be9916 100644
  		.key_id = private_key,
  	};
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
-index 3a820192..30222800 100644
+index a0092bfd94e7..596923387596 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
 @@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_mac_sign_setup(
@@ -596,7 +597,7 @@ index 3a820192..30222800 100644
  	};
  	struct psa_invec in_vec[] = {
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
-index a3a796e2..f6ab0978 100644
+index 36a01765b1a3..b5894e06d1ff 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
 @@ -31,7 +31,7 @@ static inline psa_status_t crypto_caller_purge_key(struct service_client *contex
@@ -609,7 +610,7 @@ index a3a796e2..f6ab0978 100644
  	};
  	struct psa_invec in_vec[] = {
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-index 9276748d..8b53e3dc 100644
+index bebfe05c7c49..254ee5a90d89 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
 @@ -37,7 +37,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex
@@ -631,7 +632,7 @@ index 9276748d..8b53e3dc 100644
  		.alg = alg,
  	};
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-index bcd8e0e4..c9ed865b 100644
+index d0a3850678cb..515f2a8da39f 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
 @@ -31,13 +31,13 @@ static inline psa_status_t crypto_caller_common(struct service_client *context,
@@ -651,5 +652,5 @@ index bcd8e0e4..c9ed865b 100644
  		.alg = alg,
  	};
 -- 
-2.25.1
+2.40.0
 
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch
deleted file mode 100644
index 74a83777..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch
+++ /dev/null
@@ -1,523 +0,0 @@
-From ed4371d63cb52c121be9678bc225055944286c30 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 19:19:24 +0000
-Subject: [PATCH 06/20] Add secure storage ipc backend
-
-Add secure storage ipc ff-m implementation which may use
-openamp as rpc to communicate with other processor.
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../service/common/psa_ipc/service_psa_ipc.c  | 143 +++++++++++-
- .../secure_storage_ipc/component.cmake        |  14 ++
- .../secure_storage_ipc/secure_storage_ipc.c   | 214 ++++++++++++++++++
- .../secure_storage_ipc/secure_storage_ipc.h   |  52 +++++
- deployments/se-proxy/se-proxy.cmake           |   1 +
- 5 files changed, 420 insertions(+), 4 deletions(-)
- create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/component.cmake
- create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
- create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-
-diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
-index e8093c20a523..95a07c135f31 100644
---- a/components/service/common/psa_ipc/service_psa_ipc.c
-+++ b/components/service/common/psa_ipc/service_psa_ipc.c
-@@ -16,6 +16,52 @@
- #include <psa/client.h>
- #include "service_psa_ipc_openamp_lib.h"
- 
-+static struct psa_invec *psa_call_in_vec_param(uint8_t *req)
-+{
-+	return (struct psa_invec *)(req + sizeof(struct ns_openamp_msg));
-+}
-+
-+static struct psa_outvec *psa_call_out_vec_param(uint8_t *req, size_t in_len)
-+{
-+	return (struct psa_outvec *)(req + sizeof(struct ns_openamp_msg) +
-+				     (in_len * sizeof(struct psa_invec)));
-+}
-+
-+static size_t psa_call_header_len(const struct psa_invec *in_vec, size_t in_len,
-+				  struct psa_outvec *out_vec, size_t out_len)
-+{
-+	return sizeof(struct ns_openamp_msg) + (in_len * sizeof(*in_vec)) +
-+		(out_len * sizeof(*out_vec));
-+}
-+
-+static size_t psa_call_in_vec_len(const struct psa_invec *in_vec, size_t in_len)
-+{
-+	size_t req_len = 0;
-+	int i;
-+
-+	if (!in_vec || !in_len)
-+		return 0;
-+
-+	for (i = 0; i < in_len; i++)
-+		req_len += in_vec[i].len;
-+
-+	return req_len;
-+}
-+
-+static size_t psa_call_out_vec_len(const struct psa_outvec *out_vec, size_t out_len)
-+{
-+	size_t resp_len = 0;
-+	int i;
-+
-+	if (!out_vec || !out_len)
-+		return 0;
-+
-+	for (i = 0; i < out_len; i++)
-+		resp_len += out_vec[i].len;
-+
-+	return resp_len;
-+}
-+
- psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
- 			 uint32_t version)
- {
-@@ -31,7 +77,7 @@ psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
- 	rpc_handle = rpc_caller_begin(caller, &req,
- 				      sizeof(struct ns_openamp_msg));
- 	if (!rpc_handle) {
--		EMSG("psa_connect: could not get handle");
-+		EMSG("psa_connect: could not get rpc handle");
- 		return PSA_ERROR_GENERIC_ERROR;
- 	}
- 
-@@ -56,14 +102,100 @@ psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
- 	return resp_msg ? (psa_handle_t)resp_msg->reply : PSA_NULL_HANDLE;
- }
- 
--psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle,
-+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
- 		      int32_t type, const struct psa_invec *in_vec,
- 		      size_t in_len, struct psa_outvec *out_vec, size_t out_len)
- {
-+	psa_status_t psa_status = PSA_SUCCESS;
-+	struct s_openamp_msg *resp_msg = NULL;
-+	struct psa_outvec *out_vec_param;
-+	struct psa_invec *in_vec_param;
-+	struct ns_openamp_msg *req_msg;
-+	rpc_call_handle rpc_handle;
-+	size_t out_vec_len;
-+	size_t in_vec_len;
-+	size_t header_len;
-+	uint8_t *payload;
-+	size_t resp_len;
-+	uint8_t *resp;
-+	uint8_t *req;
-+	int ret;
-+	int i;
-+
-+	if ((psa_handle == PSA_NULL_HANDLE) || !caller)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	header_len = psa_call_header_len(in_vec, in_len, out_vec, out_len);
-+	in_vec_len = psa_call_in_vec_len(in_vec, in_len);
-+	out_vec_len = psa_call_out_vec_len(out_vec, out_len);
- 
-+	rpc_handle = rpc_caller_begin(caller, &req, header_len + in_vec_len);
-+	if (!rpc_handle) {
-+		EMSG("psa_call: could not get handle");
-+		return PSA_ERROR_GENERIC_ERROR;
-+	}
-+
-+	payload = req + header_len;
-+
-+	out_vec_param = psa_call_out_vec_param(req, in_len);
-+	in_vec_param = psa_call_in_vec_param(req);
-+
-+	req_msg = (struct ns_openamp_msg *)req;
-+
-+	req_msg->call_type = OPENAMP_PSA_CALL;
-+	req_msg->request_id = 1234;
-+	req_msg->params.psa_call_params.handle = psa_handle;
-+	req_msg->params.psa_call_params.type = type;
-+	req_msg->params.psa_call_params.in_len = in_len;
-+	req_msg->params.psa_call_params.in_vec = rpc_caller_virt_to_phys(caller, in_vec_param);
-+	req_msg->params.psa_call_params.out_len = out_len;
-+	req_msg->params.psa_call_params.out_vec = rpc_caller_virt_to_phys(caller, out_vec_param);
-+
-+	for (i = 0; i < in_len; i++) {
-+		in_vec_param[i].base = rpc_caller_virt_to_phys(caller, payload);
-+		in_vec_param[i].len = in_vec[i].len;
-+
-+		memcpy(payload, in_vec[i].base, in_vec[i].len);
-+		payload += in_vec[i].len;
-+	}
-+
-+	for (i = 0; i < out_len; i++) {
-+		out_vec_param[i].base = NULL;
-+		out_vec_param[i].len = out_vec[i].len;
-+	}
-+
-+	ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
-+				&resp_len);
-+	if (ret != TS_RPC_CALL_ACCEPTED) {
-+		EMSG("psa_call: invoke failed: %d", ret);
-+		return PSA_ERROR_GENERIC_ERROR;
-+	}
-+
-+	if (psa_status != PSA_SUCCESS) {
-+		EMSG("psa_call: psa_status invoke failed: %d", psa_status);
-+		return PSA_ERROR_GENERIC_ERROR;
-+	}
-+
-+	resp_msg = (struct s_openamp_msg *)resp;
-+
-+	if (!resp_msg || !out_len || resp_msg->reply != PSA_SUCCESS)
-+		goto caller_end;
-+
-+	out_vec_param = (struct psa_outvec *)rpc_caller_phys_to_virt(caller,
-+						     resp_msg->params.out_vec);
-+
-+	for (i = 0; i < resp_msg->params.out_len; i++) {
-+		memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base),
-+		       out_vec[i].len);
-+	}
-+
-+caller_end:
-+	rpc_caller_end(caller, rpc_handle);
-+
-+	return resp_msg ? resp_msg->reply : PSA_ERROR_COMMUNICATION_FAILURE;
- }
- 
--void psa_close(struct rpc_caller *caller, psa_handle_t handle)
-+void psa_close(struct rpc_caller *caller, psa_handle_t psa_handle)
- {
- 	psa_status_t psa_status = PSA_SUCCESS;
- 	struct s_openamp_msg *resp_msg = NULL;
-@@ -74,6 +206,9 @@ void psa_close(struct rpc_caller *caller, psa_handle_t handle)
- 	uint8_t *req;
- 	int ret;
- 
-+	if ((psa_handle == PSA_NULL_HANDLE) || !caller)
-+		return;
-+
- 	rpc_handle = rpc_caller_begin(caller, &req,
- 				      sizeof(struct ns_openamp_msg));
- 	if (!rpc_handle) {
-@@ -84,7 +219,7 @@ void psa_close(struct rpc_caller *caller, psa_handle_t handle)
- 	req_msg = (struct ns_openamp_msg *)req;
- 
- 	req_msg->call_type = OPENAMP_PSA_CLOSE;
--	req_msg->params.psa_close_params.handle = handle;
-+	req_msg->params.psa_close_params.handle = psa_handle;
- 
- 	ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
- 				&resp_len);
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/component.cmake b/components/service/secure_storage/backend/secure_storage_ipc/component.cmake
-new file mode 100644
-index 000000000000..5d8f6714e0bd
---- /dev/null
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/component.cmake
-@@ -0,0 +1,14 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+	message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+	"${CMAKE_CURRENT_LIST_DIR}/secure_storage_ipc.c"
-+	)
-+
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-new file mode 100644
-index 000000000000..9b55f77dd395
---- /dev/null
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-@@ -0,0 +1,214 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include "secure_storage_ipc.h"
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <rpc_caller.h>
-+#include <string.h>
-+#include <trace.h>
-+
-+
-+static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
-+			 psa_storage_uid_t uid, size_t data_length,
-+			 const void *p_data, psa_storage_create_flags_t create_flags)
-+{
-+	struct secure_storage_ipc *ipc = context;
-+	struct rpc_caller *caller = ipc->client.caller;
-+	psa_handle_t psa_handle;
-+	psa_status_t psa_status;
-+	struct psa_invec in_vec[] = {
-+		{ .base = &uid, .len = sizeof(uid) },
-+		{ .base = p_data, .len = data_length },
-+		{ .base = &create_flags, .len = sizeof(create_flags) },
-+	};
-+
-+	(void)client_id;
-+
-+	ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED;
-+
-+	/* Validating input parameters */
-+	if (p_data == NULL)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-+			      TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0);
-+	if (psa_status < 0)
-+		EMSG("ipc_set: psa_call failed: %d", psa_status);
-+
-+	return psa_status;
-+}
-+
-+static psa_status_t secure_storage_ipc_get(void *context,
-+					   uint32_t client_id,
-+					   psa_storage_uid_t uid,
-+					   size_t data_offset,
-+					   size_t data_size,
-+					   void *p_data,
-+					   size_t *p_data_length)
-+{
-+	struct secure_storage_ipc *ipc = context;
-+	struct rpc_caller *caller = ipc->client.caller;
-+	psa_handle_t psa_handle;
-+	psa_status_t psa_status;
-+	uint32_t offset = (uint32_t)data_offset;
-+	struct psa_invec in_vec[] = {
-+		{ .base = &uid, .len = sizeof(uid) },
-+		{ .base = &offset, .len = sizeof(offset) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = p_data, .len = data_size },
-+	};
-+
-+	if (!p_data_length) {
-+		EMSG("ipc_get: p_data_length not defined");
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+	}
-+
-+	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-+			      TFM_PS_GET, in_vec, IOVEC_LEN(in_vec),
-+			      out_vec, IOVEC_LEN(out_vec));
-+	if (psa_status == PSA_SUCCESS)
-+		*p_data_length = out_vec[0].len;
-+
-+	return psa_status;
-+}
-+
-+static psa_status_t secure_storage_ipc_get_info(void *context,
-+						uint32_t client_id,
-+						psa_storage_uid_t uid,
-+						struct psa_storage_info_t *p_info)
-+{
-+	struct secure_storage_ipc *ipc = context;
-+	struct rpc_caller *caller = ipc->client.caller;
-+	psa_handle_t psa_handle;
-+	psa_status_t psa_status;
-+	struct psa_invec in_vec[] = {
-+		{ .base = &uid, .len = sizeof(uid) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = p_info, .len = sizeof(*p_info) },
-+	};
-+
-+	(void)client_id;
-+
-+	/* Validating input parameters */
-+	if (!p_info)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-+			      TFM_PS_GET_INFO, in_vec,
-+			      IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+	if (psa_status != PSA_SUCCESS)
-+		EMSG("ipc_get_info: failed to psa_call: %d", psa_status);
-+
-+	return psa_status;
-+}
-+
-+static psa_status_t secure_storage_ipc_remove(void *context,
-+						uint32_t client_id,
-+						psa_storage_uid_t uid)
-+{
-+	struct secure_storage_ipc *ipc = context;
-+	struct rpc_caller *caller = ipc->client.caller;
-+	psa_handle_t psa_handle;
-+	psa_status_t psa_status;
-+	struct psa_invec in_vec[] = {
-+		{ .base = &uid, .len = sizeof(uid) },
-+	};
-+
-+	(void)client_id;
-+
-+	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-+			      TFM_PS_REMOVE, in_vec,
-+			      IOVEC_LEN(in_vec), NULL, 0);
-+	if (psa_status != PSA_SUCCESS)
-+		EMSG("ipc_remove: failed to psa_call: %d", psa_status);
-+
-+	return psa_status;
-+}
-+
-+static psa_status_t secure_storage_ipc_create(void *context,
-+					      uint32_t client_id,
-+					      uint64_t uid,
-+					      size_t capacity,
-+					      uint32_t create_flags)
-+{
-+	(void)context;
-+	(void)uid;
-+	(void)client_id;
-+	(void)capacity;
-+	(void)create_flags;
-+
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static psa_status_t secure_storage_set_extended(void *context,
-+						uint32_t client_id,
-+						uint64_t uid,
-+						size_t data_offset,
-+						size_t data_length,
-+						const void *p_data)
-+{
-+	(void)context;
-+	(void)uid;
-+	(void)client_id;
-+	(void)data_offset;
-+	(void)data_length;
-+	(void)p_data;
-+
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static uint32_t secure_storage_get_support(void *context, uint32_t client_id)
-+{
-+	struct secure_storage_ipc *ipc = context;
-+	struct rpc_caller *caller = ipc->client.caller;
-+	psa_handle_t psa_handle;
-+	psa_status_t psa_status;
-+	uint32_t support_flags;
-+	struct psa_outvec out_vec[] = {
-+		{ .base = &support_flags, .len =  sizeof(support_flags) },
-+	};
-+
-+	(void)client_id;
-+
-+	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-+			      TFM_PS_GET_SUPPORT, NULL, 0,
-+			      out_vec, IOVEC_LEN(out_vec));
-+	if (psa_status != PSA_SUCCESS)
-+		EMSG("ipc_get_support: failed to psa_call: %d", psa_status);
-+
-+	return psa_status;
-+}
-+
-+struct storage_backend *secure_storage_ipc_init(struct secure_storage_ipc *context,
-+						struct rpc_caller *caller)
-+{
-+	service_client_init(&context->client, caller);
-+
-+	static const struct storage_backend_interface interface =
-+	{
-+		.set = secure_storage_ipc_set,
-+		.get = secure_storage_ipc_get,
-+		.get_info = secure_storage_ipc_get_info,
-+		.remove = secure_storage_ipc_remove,
-+		.create = secure_storage_ipc_create,
-+		.set_extended = secure_storage_set_extended,
-+		.get_support = secure_storage_get_support,
-+	};
-+
-+	context->backend.context = context;
-+	context->backend.interface = &interface;
-+
-+	return &context->backend;
-+}
-+
-+void secure_storage_ipc_deinit(struct secure_storage_ipc *context)
-+{
-+	service_client_deinit(&context->client);
-+}
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-new file mode 100644
-index 000000000000..e8c1e8fd2f92
---- /dev/null
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-@@ -0,0 +1,52 @@
-+/*
-+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef SECURE_STORAGE_IPC_H
-+#define SECURE_STORAGE_IPC_H
-+
-+#include <service/secure_storage/backend/storage_backend.h>
-+#include <service/common/client/service_client.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/**
-+ * @brief      Secure storage ipc instance
-+ */
-+struct secure_storage_ipc
-+{
-+    struct storage_backend backend;
-+    struct service_client client;
-+};
-+
-+/**
-+ * @brief      Initialize a secure storage ipc client
-+ *
-+ * A secure storage client is a storage backend that makes RPC calls
-+ * to a remote secure storage provider.
-+ *
-+ * @param[in]  context    Instance data
-+ * @param[in]  rpc_caller RPC caller instance
-+ *
-+ *
-+ * @return     Pointer to inialized storage backend or NULL on failure
-+ */
-+struct storage_backend *secure_storage_ipc_init(struct secure_storage_ipc *context,
-+						struct rpc_caller *caller);
-+
-+/**
-+ * @brief      Deinitialize a secure storage ipc client
-+ *
-+ * @param[in]  context   Instance data
-+ */
-+void secure_storage_ipc_deinit(struct secure_storage_ipc *context);
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* SECURE_STORAGE_IPC_H */
-diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
-index dd0c5d00c21e..cd51460406ca 100644
---- a/deployments/se-proxy/se-proxy.cmake
-+++ b/deployments/se-proxy/se-proxy.cmake
-@@ -45,6 +45,7 @@ add_components(TARGET "se-proxy"
- 		"components/service/crypto/factory/full"
- 		"components/service/secure_storage/include"
- 		"components/service/secure_storage/frontend/secure_storage_provider"
-+		"components/service/secure_storage/backend/secure_storage_ipc"
- 		"components/service/attestation/include"
- 		"components/service/attestation/provider"
- 		"components/service/attestation/provider/serializer/packed-c"
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch
similarity index 80%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch
index 0dcdd5da..7a9bee6d 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch
+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch
@@ -1,7 +1,7 @@
-From ee7e13dcc14110aa16f7c6453cfe72f088857ed2 Mon Sep 17 00:00:00 2001
+From 507008e501c4f5bea0841547a052b3dffd86eb20 Mon Sep 17 00:00:00 2001
 From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
 Date: Thu, 9 Feb 2023 00:34:23 +0000
-Subject: [PATCH 3/3] TF-Mv1.7 alignment: PSA crypto client in/out_vec
+Subject: [PATCH 6/6] TF-Mv1.7 alignment: PSA crypto client in/out_vec
 
 Few psa crypto operations have different in/out_vec expectations
 This patch is fixing the differences between psa crypto client in TS
@@ -20,6 +20,7 @@ operations:
 
 Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
 Upstream-Status: Pending [Not submitted yet]
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
 ---
  .../crypto/client/caller/psa_ipc/crypto_caller_aead.h       | 6 ++----
  .../crypto/client/caller/psa_ipc/crypto_caller_cipher.h     | 6 ++----
@@ -27,44 +28,44 @@ Upstream-Status: Pending [Not submitted yet]
  3 files changed, 6 insertions(+), 8 deletions(-)
 
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-index efdffdf7..e862c2de 100644
+index f63996a8aad3..393ba447663a 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-@@ -222,14 +222,13 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
- 	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
+@@ -226,14 +226,13 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
+ 			.len = sizeof(struct psa_ipc_crypto_pack_iovec) },
  	};
  	struct psa_outvec out_vec[] = {
--	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
- 	    {.base = psa_ptr_to_u32(nonce), .len = nonce_size}
+-		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
+ 		{ .base = psa_ptr_to_u32(nonce), .len = nonce_size },
  	};
  
  	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
- 	                   IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
+ 			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
  
 -	*nonce_length = out_vec[1].len;
 +	*nonce_length = out_vec[0].len;
+ 
  	return status;
  }
- 
-@@ -353,7 +352,6 @@ static inline psa_status_t crypto_caller_aead_update(
- 	    {.base = psa_ptr_const_to_u32(input), .len = input_length}
+@@ -364,7 +363,6 @@ static inline psa_status_t crypto_caller_aead_update(
+ 		{ .base = psa_ptr_const_to_u32(input), .len = input_length },
  	};
  	struct psa_outvec out_vec[] = {
--	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
- 	    {.base = psa_ptr_const_to_u32(output), .len = output_size},
+-		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
+ 		{ .base = psa_ptr_const_to_u32(output), .len = output_size },
  	};
  
-@@ -365,7 +363,7 @@ static inline psa_status_t crypto_caller_aead_update(
+@@ -376,7 +374,7 @@ static inline psa_status_t crypto_caller_aead_update(
  	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
- 	                   in_len, out_vec, IOVEC_LEN(out_vec));
+ 			  in_len, out_vec, IOVEC_LEN(out_vec));
  
 -	*output_length = out_vec[1].len;
 +	*output_length = out_vec[0].len;
+ 
  	return status;
  }
- 
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-index 20aa46a5..948865e4 100644
+index 4f885f3445ab..0d32444b6bbf 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
 @@ -98,14 +98,13 @@ static inline psa_status_t crypto_caller_cipher_generate_iv(
@@ -100,7 +101,7 @@ index 20aa46a5..948865e4 100644
  	return status;
  }
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-index 4fb60d44..1e422130 100644
+index f7ffaf38c7d0..77ef4ead1d03 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
 @@ -172,6 +172,8 @@ static inline psa_status_t crypto_caller_hash_clone(
@@ -113,5 +114,5 @@ index 4fb60d44..1e422130 100644
  	struct psa_outvec out_vec[] = {
  		{ .base = psa_ptr_to_u32(target_op_handle),
 -- 
-2.25.1
+2.40.0
 
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch
deleted file mode 100644
index ad33295d..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch
+++ /dev/null
@@ -1,63 +0,0 @@
-From d1377a5ed909e3a1d9caca56aeda262a80322a4b Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 19:25:34 +0000
-Subject: [PATCH 07/20] Use secure storage ipc and openamp for se_proxy
-
-Remove mock up backend for secure storage in se proxy
-deployment and use instead the secure storage ipc backend with
-openamp as rpc to secure enclave side.
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../se-proxy/common/service_proxy_factory.c      | 16 +++++++++++++---
- 1 file changed, 13 insertions(+), 3 deletions(-)
-
-diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
-index acfb6e8873fa..57290056d614 100644
---- a/deployments/se-proxy/common/service_proxy_factory.c
-+++ b/deployments/se-proxy/common/service_proxy_factory.c
-@@ -6,15 +6,20 @@
- 
- #include <stddef.h>
- #include <rpc/common/endpoint/rpc_interface.h>
-+#include <rpc/openamp/caller/sp/openamp_caller.h>
- #include <service/attestation/provider/attest_provider.h>
- #include <service/attestation/provider/serializer/packed-c/packedc_attest_provider_serializer.h>
- #include <service/crypto/factory/crypto_provider_factory.h>
- #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
-+#include <trace.h>
- 
- /* Stub backends */
- #include <service/crypto/backend/stub/stub_crypto_backend.h>
-+#include <service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h>
- #include <service/secure_storage/backend/mock_store/mock_store.h>
- 
-+struct openamp_caller openamp;
-+
- struct rpc_interface *attest_proxy_create(void)
- {
- 	struct rpc_interface *attest_iface;
-@@ -47,10 +52,15 @@ struct rpc_interface *crypto_proxy_create(void)
- 
- struct rpc_interface *ps_proxy_create(void)
- {
--	static struct mock_store ps_backend;
- 	static struct secure_storage_provider ps_provider;
--
--	struct storage_backend *backend = mock_store_init(&ps_backend);
-+	static struct secure_storage_ipc ps_backend;
-+	static struct rpc_caller *storage_caller;
-+	struct storage_backend *backend;
-+
-+	storage_caller = openamp_caller_init(&openamp);
-+	if (!storage_caller)
-+		return NULL;
-+	backend = secure_storage_ipc_init(&ps_backend, &openamp.rpc_caller);
- 
- 	return secure_storage_provider_init(&ps_provider, backend);
- }
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch
deleted file mode 100644
index ab576882..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 1b50ab6b6ff1c6f27ab320e18fb0d4aeb1122f0d Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Sun, 12 Dec 2021 10:43:48 +0000
-Subject: [PATCH 08/20] Run psa-arch-test
-
-Fixes needed to run psa-arch-test
-
-Upstream-Status: Pending
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- components/service/common/psa_ipc/service_psa_ipc.c       | 1 +
- .../backend/secure_storage_ipc/secure_storage_ipc.c       | 8 --------
- .../service/secure_storage/include/psa/storage_common.h   | 4 ++--
- 3 files changed, 3 insertions(+), 10 deletions(-)
-
-diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
-index 95a07c135f31..5e5815dbc9cf 100644
---- a/components/service/common/psa_ipc/service_psa_ipc.c
-+++ b/components/service/common/psa_ipc/service_psa_ipc.c
-@@ -185,6 +185,7 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
- 						     resp_msg->params.out_vec);
- 
- 	for (i = 0; i < resp_msg->params.out_len; i++) {
-+                out_vec[i].len = out_vec_param[i].len;
- 		memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base),
- 		       out_vec[i].len);
- 	}
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-index 9b55f77dd395..a1f369db253e 100644
---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-@@ -31,10 +31,6 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
- 
- 	ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED;
- 
--	/* Validating input parameters */
--	if (p_data == NULL)
--		return PSA_ERROR_INVALID_ARGUMENT;
--
- 	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
- 			      TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0);
- 	if (psa_status < 0)
-@@ -96,10 +92,6 @@ static psa_status_t secure_storage_ipc_get_info(void *context,
- 
- 	(void)client_id;
- 
--	/* Validating input parameters */
--	if (!p_info)
--		return PSA_ERROR_INVALID_ARGUMENT;
--
- 	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
- 			      TFM_PS_GET_INFO, in_vec,
- 			      IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-diff --git a/components/service/secure_storage/include/psa/storage_common.h b/components/service/secure_storage/include/psa/storage_common.h
-index 4f6ba2a7d822..1fd6b40dc803 100644
---- a/components/service/secure_storage/include/psa/storage_common.h
-+++ b/components/service/secure_storage/include/psa/storage_common.h
-@@ -20,8 +20,8 @@ typedef uint64_t psa_storage_uid_t;
- typedef uint32_t psa_storage_create_flags_t;
- 
- struct psa_storage_info_t {
--	size_t capacity;
--	size_t size;
-+	uint32_t capacity;
-+	uint32_t size;
- 	psa_storage_create_flags_t flags;
- };
- 
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch
deleted file mode 100644
index 3295fa9b..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch
+++ /dev/null
@@ -1,168 +0,0 @@
-From a6fba503ffddae004e23b32559212e749e8586f6 Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Sun, 12 Dec 2021 10:57:17 +0000
-Subject: [PATCH 09/20] Use address instead of pointers
-
-Since secure enclave is 32bit and we 64bit there is an issue
-in the protocol communication design that force us to handle
-on our side the manipulation of address and pointers to make
-this work.
-
-Upstream-Status: Pending
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../service/common/include/psa/client.h       | 15 ++++++++++++++
- .../service/common/psa_ipc/service_psa_ipc.c  | 20 ++++++++++++-------
- .../secure_storage_ipc/secure_storage_ipc.c   | 20 +++++++++----------
- 3 files changed, 38 insertions(+), 17 deletions(-)
-
-diff --git a/components/service/common/include/psa/client.h b/components/service/common/include/psa/client.h
-index 69ccf14f40a3..12dcd68f8a76 100644
---- a/components/service/common/include/psa/client.h
-+++ b/components/service/common/include/psa/client.h
-@@ -81,6 +81,21 @@ struct __attribute__ ((__packed__)) psa_outvec {
-     uint32_t len;                 /*!< the size in bytes                      */
- };
- 
-+static void *psa_u32_to_ptr(uint32_t addr)
-+{
-+	return (void *)(uintptr_t)addr;
-+}
-+
-+static uint32_t psa_ptr_to_u32(void *ptr)
-+{
-+	return (uintptr_t)ptr;
-+}
-+
-+static uint32_t psa_ptr_const_to_u32(const void *ptr)
-+{
-+	return (uintptr_t)ptr;
-+}
-+
- /*************************** PSA Client API **********************************/
- 
- /**
-diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
-index 5e5815dbc9cf..435c6c0a2eba 100644
---- a/components/service/common/psa_ipc/service_psa_ipc.c
-+++ b/components/service/common/psa_ipc/service_psa_ipc.c
-@@ -62,6 +62,11 @@ static size_t psa_call_out_vec_len(const struct psa_outvec *out_vec, size_t out_
- 	return resp_len;
- }
- 
-+static uint32_t psa_virt_to_phys_u32(struct rpc_caller *caller, void *va)
-+{
-+	return (uintptr_t)rpc_caller_virt_to_phys(caller, va);
-+}
-+
- psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
- 			 uint32_t version)
- {
-@@ -147,20 +152,20 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
- 	req_msg->params.psa_call_params.handle = psa_handle;
- 	req_msg->params.psa_call_params.type = type;
- 	req_msg->params.psa_call_params.in_len = in_len;
--	req_msg->params.psa_call_params.in_vec = rpc_caller_virt_to_phys(caller, in_vec_param);
-+	req_msg->params.psa_call_params.in_vec = psa_virt_to_phys_u32(caller, in_vec_param);
- 	req_msg->params.psa_call_params.out_len = out_len;
--	req_msg->params.psa_call_params.out_vec = rpc_caller_virt_to_phys(caller, out_vec_param);
-+	req_msg->params.psa_call_params.out_vec = psa_virt_to_phys_u32(caller, out_vec_param);
- 
- 	for (i = 0; i < in_len; i++) {
--		in_vec_param[i].base = rpc_caller_virt_to_phys(caller, payload);
-+		in_vec_param[i].base = psa_virt_to_phys_u32(caller, payload);
- 		in_vec_param[i].len = in_vec[i].len;
- 
--		memcpy(payload, in_vec[i].base, in_vec[i].len);
-+		memcpy(payload, psa_u32_to_ptr(in_vec[i].base), in_vec[i].len);
- 		payload += in_vec[i].len;
- 	}
- 
- 	for (i = 0; i < out_len; i++) {
--		out_vec_param[i].base = NULL;
-+		out_vec_param[i].base = 0;
- 		out_vec_param[i].len = out_vec[i].len;
- 	}
- 
-@@ -182,11 +187,12 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
- 		goto caller_end;
- 
- 	out_vec_param = (struct psa_outvec *)rpc_caller_phys_to_virt(caller,
--						     resp_msg->params.out_vec);
-+				psa_u32_to_ptr(resp_msg->params.out_vec));
- 
- 	for (i = 0; i < resp_msg->params.out_len; i++) {
-                 out_vec[i].len = out_vec_param[i].len;
--		memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base),
-+		memcpy(psa_u32_to_ptr(out_vec[i].base),
-+		       rpc_caller_phys_to_virt(caller,	psa_u32_to_ptr(out_vec_param[i].base)),
- 		       out_vec[i].len);
- 	}
- 
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-index a1f369db253e..bda442a61d5c 100644
---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-@@ -22,9 +22,9 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
- 	psa_handle_t psa_handle;
- 	psa_status_t psa_status;
- 	struct psa_invec in_vec[] = {
--		{ .base = &uid, .len = sizeof(uid) },
--		{ .base = p_data, .len = data_length },
--		{ .base = &create_flags, .len = sizeof(create_flags) },
-+		{ .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
-+		{ .base = psa_ptr_const_to_u32(p_data), .len = data_length },
-+		{ .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) },
- 	};
- 
- 	(void)client_id;
-@@ -53,11 +53,11 @@ static psa_status_t secure_storage_ipc_get(void *context,
- 	psa_status_t psa_status;
- 	uint32_t offset = (uint32_t)data_offset;
- 	struct psa_invec in_vec[] = {
--		{ .base = &uid, .len = sizeof(uid) },
--		{ .base = &offset, .len = sizeof(offset) },
-+		{ .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
-+		{ .base = psa_ptr_to_u32(&offset), .len = sizeof(offset) },
- 	};
- 	struct psa_outvec out_vec[] = {
--		{ .base = p_data, .len = data_size },
-+		{ .base = psa_ptr_to_u32(p_data), .len = data_size },
- 	};
- 
- 	if (!p_data_length) {
-@@ -84,10 +84,10 @@ static psa_status_t secure_storage_ipc_get_info(void *context,
- 	psa_handle_t psa_handle;
- 	psa_status_t psa_status;
- 	struct psa_invec in_vec[] = {
--		{ .base = &uid, .len = sizeof(uid) },
-+		{ .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
- 	};
- 	struct psa_outvec out_vec[] = {
--		{ .base = p_info, .len = sizeof(*p_info) },
-+		{ .base = psa_ptr_to_u32(p_info), .len = sizeof(*p_info) },
- 	};
- 
- 	(void)client_id;
-@@ -110,7 +110,7 @@ static psa_status_t secure_storage_ipc_remove(void *context,
- 	psa_handle_t psa_handle;
- 	psa_status_t psa_status;
- 	struct psa_invec in_vec[] = {
--		{ .base = &uid, .len = sizeof(uid) },
-+		{ .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
- 	};
- 
- 	(void)client_id;
-@@ -164,7 +164,7 @@ static uint32_t secure_storage_get_support(void *context, uint32_t client_id)
- 	psa_status_t psa_status;
- 	uint32_t support_flags;
- 	struct psa_outvec out_vec[] = {
--		{ .base = &support_flags, .len =  sizeof(support_flags) },
-+		{ .base = psa_ptr_to_u32(&support_flags), .len =  sizeof(support_flags) },
- 	};
- 
- 	(void)client_id;
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch
deleted file mode 100644
index 2d0725cb..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch
+++ /dev/null
@@ -1,323 +0,0 @@
-From b142f3c162fb1c28982d26b5ac2181ba79197a28 Mon Sep 17 00:00:00 2001
-From: Rui Miguel Silva <rui.silva@linaro.org>
-Date: Tue, 7 Dec 2021 11:50:00 +0000
-Subject: [PATCH 10/20] Add psa ipc attestation to se proxy
-
-Implement attestation client API as psa ipc and include it to
-se proxy deployment.
-
-Upstream-Status: Pending
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../client/psa_ipc/component.cmake            | 13 +++
- .../client/psa_ipc/iat_ipc_client.c           | 86 +++++++++++++++++++
- .../reporter/psa_ipc/component.cmake          | 13 +++
- .../reporter/psa_ipc/psa_ipc_attest_report.c  | 45 ++++++++++
- components/service/common/include/psa/sid.h   |  4 +
- .../se-proxy/common/service_proxy_factory.c   |  6 ++
- deployments/se-proxy/se-proxy.cmake           |  7 +-
- ...ble-using-hard-coded-attestation-key.patch | 29 -------
- external/psa_arch_tests/psa_arch_tests.cmake  |  4 -
- 9 files changed, 171 insertions(+), 36 deletions(-)
- create mode 100644 components/service/attestation/client/psa_ipc/component.cmake
- create mode 100644 components/service/attestation/client/psa_ipc/iat_ipc_client.c
- create mode 100644 components/service/attestation/reporter/psa_ipc/component.cmake
- create mode 100644 components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c
- delete mode 100644 external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch
-
-diff --git a/components/service/attestation/client/psa_ipc/component.cmake b/components/service/attestation/client/psa_ipc/component.cmake
-new file mode 100644
-index 000000000000..a5bc6b4a387e
---- /dev/null
-+++ b/components/service/attestation/client/psa_ipc/component.cmake
-@@ -0,0 +1,13 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+	message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+	"${CMAKE_CURRENT_LIST_DIR}/iat_ipc_client.c"
-+	)
-diff --git a/components/service/attestation/client/psa_ipc/iat_ipc_client.c b/components/service/attestation/client/psa_ipc/iat_ipc_client.c
-new file mode 100644
-index 000000000000..30bd0a13a385
---- /dev/null
-+++ b/components/service/attestation/client/psa_ipc/iat_ipc_client.c
-@@ -0,0 +1,86 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <stddef.h>
-+#include <string.h>
-+
-+#include "../psa/iat_client.h"
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <psa/initial_attestation.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+
-+/**
-+ * @brief      The singleton psa_iat_client instance
-+ *
-+ * The psa attestation C API assumes a single backend service provider.
-+ */
-+static struct service_client instance;
-+
-+
-+psa_status_t psa_iat_client_init(struct rpc_caller *caller)
-+{
-+	return service_client_init(&instance, caller);
-+}
-+
-+void psa_iat_client_deinit(void)
-+{
-+	service_client_deinit(&instance);
-+}
-+
-+int psa_iat_client_rpc_status(void)
-+{
-+	return instance.rpc_status;
-+}
-+
-+psa_status_t psa_initial_attest_get_token(const uint8_t *auth_challenge,
-+					  size_t challenge_size,
-+					  uint8_t *token_buf,
-+					  size_t token_buf_size,
-+					  size_t *token_size)
-+{
-+	psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
-+	struct rpc_caller *caller = instance.caller;
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_const_to_u32(auth_challenge), .len = challenge_size},
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(token_buf), .len = token_buf_size},
-+	};
-+
-+	if (!token_buf || !token_buf_size)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	status = psa_call(caller, TFM_ATTESTATION_SERVICE_HANDLE,
-+			  TFM_ATTEST_GET_TOKEN, in_vec, IOVEC_LEN(in_vec),
-+			  out_vec, IOVEC_LEN(out_vec));
-+	if (status == PSA_SUCCESS) {
-+		*token_size = out_vec[0].len;
-+	}
-+
-+	return status;
-+}
-+
-+psa_status_t psa_initial_attest_get_token_size(size_t challenge_size,
-+						size_t *token_size)
-+{
-+	struct rpc_caller *caller = instance.caller;
-+	psa_status_t status;
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&challenge_size), .len = sizeof(uint32_t)}
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(token_size), .len = sizeof(uint32_t)}
-+	};
-+
-+	status = psa_call(caller, TFM_ATTESTATION_SERVICE_HANDLE,
-+			  TFM_ATTEST_GET_TOKEN_SIZE,
-+			  in_vec, IOVEC_LEN(in_vec),
-+			  out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-diff --git a/components/service/attestation/reporter/psa_ipc/component.cmake b/components/service/attestation/reporter/psa_ipc/component.cmake
-new file mode 100644
-index 000000000000..b37830c618fe
---- /dev/null
-+++ b/components/service/attestation/reporter/psa_ipc/component.cmake
-@@ -0,0 +1,13 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+	message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+	"${CMAKE_CURRENT_LIST_DIR}/psa_ipc_attest_report.c"
-+	)
-diff --git a/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c b/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c
-new file mode 100644
-index 000000000000..15805e8ed4b1
---- /dev/null
-+++ b/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c
-@@ -0,0 +1,45 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+/**
-+ * A attestation reporter for psa ipc
-+ */
-+
-+#include <stddef.h>
-+#include <psa/error.h>
-+#include <service/attestation/reporter/attest_report.h>
-+#include <psa/initial_attestation.h>
-+
-+#define TOKEN_BUF_SIZE	1024
-+
-+static uint8_t token_buf[TOKEN_BUF_SIZE];
-+
-+int attest_report_create(int32_t client_id, const uint8_t *auth_challenge_data,
-+			 size_t auth_challenge_len, const uint8_t **report,
-+			 size_t *report_len)
-+{
-+	*report = token_buf;
-+	psa_status_t ret;
-+	size_t token_size = 0;
-+
-+	ret = psa_initial_attest_get_token(auth_challenge_data,
-+					   auth_challenge_len, token_buf,
-+					   TOKEN_BUF_SIZE, &token_size);
-+	if (ret != PSA_SUCCESS) {
-+		*report = NULL;
-+		*report_len = 0;
-+		return ret;
-+	}
-+
-+	*report_len = token_size;
-+
-+	return PSA_SUCCESS;
-+}
-+
-+void attest_report_destroy(const uint8_t *report)
-+{
-+	(void)report;
-+}
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index aaa973c6e987..833f5039425f 100644
---- a/components/service/common/include/psa/sid.h
-+++ b/components/service/common/include/psa/sid.h
-@@ -50,6 +50,10 @@ extern "C" {
- #define TFM_ATTESTATION_SERVICE_VERSION                            (1U)
- #define TFM_ATTESTATION_SERVICE_HANDLE                             (0x40000103U)
- 
-+/* Initial Attestation message types that distinguish Attest services. */
-+#define TFM_ATTEST_GET_TOKEN       1001
-+#define TFM_ATTEST_GET_TOKEN_SIZE  1002
-+
- /******** TFM_SP_FWU ********/
- #define TFM_FWU_WRITE_SID                                          (0x000000A0U)
- #define TFM_FWU_WRITE_VERSION                                      (1U)
-diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
-index 57290056d614..4b8cceccbe4d 100644
---- a/deployments/se-proxy/common/service_proxy_factory.c
-+++ b/deployments/se-proxy/common/service_proxy_factory.c
-@@ -23,12 +23,18 @@ struct openamp_caller openamp;
- struct rpc_interface *attest_proxy_create(void)
- {
- 	struct rpc_interface *attest_iface;
-+	struct rpc_caller *attest_caller;
- 
- 	/* Static objects for proxy instance */
- 	static struct attest_provider attest_provider;
- 
-+	attest_caller = openamp_caller_init(&openamp);
-+	if (!attest_caller)
-+		return NULL;
-+
- 	/* Initialize the service provider */
- 	attest_iface = attest_provider_init(&attest_provider);
-+	psa_iat_client_init(&openamp.rpc_caller);
- 
- 	attest_provider_register_serializer(&attest_provider,
- 		TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance());
-diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
-index cd51460406ca..3dbbc36c968d 100644
---- a/deployments/se-proxy/se-proxy.cmake
-+++ b/deployments/se-proxy/se-proxy.cmake
-@@ -49,14 +49,15 @@ add_components(TARGET "se-proxy"
- 		"components/service/attestation/include"
- 		"components/service/attestation/provider"
- 		"components/service/attestation/provider/serializer/packed-c"
-+		"components/service/attestation/reporter/psa_ipc"
-+		"components/service/attestation/client/psa_ipc"
- 		"components/rpc/openamp/caller/sp"
- 
- 		# Stub service provider backends
- 		"components/rpc/dummy"
- 		"components/rpc/common/caller"
--		"components/service/attestation/reporter/stub"
--		"components/service/attestation/key_mngr/stub"
--		"components/service/crypto/backend/stub"
-+		"components/service/attestation/key_mngr/local"
-+		"components/service/crypto/backend/psa_ipc"
- 		"components/service/crypto/client/psa"
- 		"components/service/secure_storage/backend/mock_store"
- )
-diff --git a/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch b/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch
-deleted file mode 100644
-index 6664961ab662..000000000000
---- a/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch
-+++ /dev/null
-@@ -1,29 +0,0 @@
--From dbd25f94eb62a9855bf342dd97503a49ea50f83e Mon Sep 17 00:00:00 2001
--From: Gyorgy Szing <Gyorgy.Szing@arm.com>
--Date: Tue, 8 Feb 2022 17:06:37 +0000
--Subject: [PATCH 1/1] Disable using hard-coded attestation key
--
--Modify platform config to disable using a hard-coded attestation
--key.
--
--Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
-----
-- api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h | 2 +-
-- 1 file changed, 1 insertion(+), 1 deletion(-)
--
--diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h
--index 6112ba7..1cdf581 100755
----- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h
--+++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h
--@@ -60,7 +60,7 @@ typedef uint32_t            cfg_id_t;
-- #define CRYPTO_VERSION_BETA3
-- 
-- /* Use hardcoded public key */
---#define PLATFORM_OVERRIDE_ATTEST_PK
--+//#define PLATFORM_OVERRIDE_ATTEST_PK
-- 
-- /*
--  * Include of PSA defined Header files
---- 
--2.17.1
--
-diff --git a/external/psa_arch_tests/psa_arch_tests.cmake b/external/psa_arch_tests/psa_arch_tests.cmake
-index a8b77a1fc05e..1995df3e0b49 100644
---- a/external/psa_arch_tests/psa_arch_tests.cmake
-+++ b/external/psa_arch_tests/psa_arch_tests.cmake
-@@ -15,10 +15,6 @@ set(GIT_OPTIONS
- 	GIT_REPOSITORY ${PSA_ARCH_TESTS_URL}
- 	GIT_TAG ${PSA_ARCH_TESTS_REFSPEC}
- 	GIT_SHALLOW FALSE
--	PATCH_COMMAND git stash
--		COMMAND git tag -f ts-before-am
--		COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0001-Disable-using-hard-coded-attestation-key.patch
--		COMMAND git reset ts-before-am
- )
- 
- # Ensure list of defines is separated correctly
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch
deleted file mode 100644
index 5803cc17..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch
+++ /dev/null
@@ -1,163 +0,0 @@
-From 4240977f7c38950f5edb316bb08ae05cb7b99875 Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Thu, 9 Dec 2021 14:11:06 +0000
-Subject: [PATCH 11/20] Setup its backend as openamp rpc using secure storage
- ipc implementation.
-
-Upstream-Status: Pending
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- components/service/common/include/psa/sid.h   | 12 +++++-----
- .../secure_storage_ipc/secure_storage_ipc.c   | 20 ++++++++---------
- .../secure_storage_ipc/secure_storage_ipc.h   |  1 +
- .../se-proxy/common/service_proxy_factory.c   | 22 +++++++++++++------
- 4 files changed, 32 insertions(+), 23 deletions(-)
-
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index 833f5039425f..4a951d4a3502 100644
---- a/components/service/common/include/psa/sid.h
-+++ b/components/service/common/include/psa/sid.h
-@@ -20,12 +20,12 @@ extern "C" {
- /* Invalid UID */
- #define TFM_PS_INVALID_UID 0
- 
--/* PS message types that distinguish PS services. */
--#define TFM_PS_SET                1001
--#define TFM_PS_GET                1002
--#define TFM_PS_GET_INFO           1003
--#define TFM_PS_REMOVE             1004
--#define TFM_PS_GET_SUPPORT        1005
-+/* PS / ITS message types that distinguish PS services. */
-+#define TFM_PS_ITS_SET                1001
-+#define TFM_PS_ITS_GET                1002
-+#define TFM_PS_ITS_GET_INFO           1003
-+#define TFM_PS_ITS_REMOVE             1004
-+#define TFM_PS_ITS_GET_SUPPORT        1005
- 
- /******** TFM_SP_ITS ********/
- #define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SID                   (0x00000070U)
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-index bda442a61d5c..0e1b48c0d2e2 100644
---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-@@ -31,8 +31,8 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
- 
- 	ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED;
- 
--	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
--			      TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0);
-+	psa_status = psa_call(caller, ipc->service_handle, TFM_PS_ITS_SET,
-+			      in_vec, IOVEC_LEN(in_vec), NULL, 0);
- 	if (psa_status < 0)
- 		EMSG("ipc_set: psa_call failed: %d", psa_status);
- 
-@@ -65,8 +65,8 @@ static psa_status_t secure_storage_ipc_get(void *context,
- 		return PSA_ERROR_INVALID_ARGUMENT;
- 	}
- 
--	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
--			      TFM_PS_GET, in_vec, IOVEC_LEN(in_vec),
-+	psa_status = psa_call(caller, ipc->service_handle,
-+			      TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec),
- 			      out_vec, IOVEC_LEN(out_vec));
- 	if (psa_status == PSA_SUCCESS)
- 		*p_data_length = out_vec[0].len;
-@@ -92,8 +92,8 @@ static psa_status_t secure_storage_ipc_get_info(void *context,
- 
- 	(void)client_id;
- 
--	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
--			      TFM_PS_GET_INFO, in_vec,
-+	psa_status = psa_call(caller, ipc->service_handle,
-+			      TFM_PS_ITS_GET_INFO, in_vec,
- 			      IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
- 	if (psa_status != PSA_SUCCESS)
- 		EMSG("ipc_get_info: failed to psa_call: %d", psa_status);
-@@ -115,8 +115,8 @@ static psa_status_t secure_storage_ipc_remove(void *context,
- 
- 	(void)client_id;
- 
--	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
--			      TFM_PS_REMOVE, in_vec,
-+	psa_status = psa_call(caller, ipc->service_handle,
-+			      TFM_PS_ITS_REMOVE, in_vec,
- 			      IOVEC_LEN(in_vec), NULL, 0);
- 	if (psa_status != PSA_SUCCESS)
- 		EMSG("ipc_remove: failed to psa_call: %d", psa_status);
-@@ -169,8 +169,8 @@ static uint32_t secure_storage_get_support(void *context, uint32_t client_id)
- 
- 	(void)client_id;
- 
--	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
--			      TFM_PS_GET_SUPPORT, NULL, 0,
-+	psa_status = psa_call(caller, ipc->service_handle,
-+			      TFM_PS_ITS_GET_SUPPORT, NULL, 0,
- 			      out_vec, IOVEC_LEN(out_vec));
- 	if (psa_status != PSA_SUCCESS)
- 		EMSG("ipc_get_support: failed to psa_call: %d", psa_status);
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-index e8c1e8fd2f92..d9949f6a9305 100644
---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-@@ -21,6 +21,7 @@ struct secure_storage_ipc
- {
-     struct storage_backend backend;
-     struct service_client client;
-+    int32_t service_handle;
- };
- 
- /**
-diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
-index 4b8cceccbe4d..1110ac46bf8b 100644
---- a/deployments/se-proxy/common/service_proxy_factory.c
-+++ b/deployments/se-proxy/common/service_proxy_factory.c
-@@ -5,6 +5,7 @@
-  */
- 
- #include <stddef.h>
-+#include <psa/sid.h>
- #include <rpc/common/endpoint/rpc_interface.h>
- #include <rpc/openamp/caller/sp/openamp_caller.h>
- #include <service/attestation/provider/attest_provider.h>
-@@ -60,23 +61,30 @@ struct rpc_interface *ps_proxy_create(void)
- {
- 	static struct secure_storage_provider ps_provider;
- 	static struct secure_storage_ipc ps_backend;
--	static struct rpc_caller *storage_caller;
-+	struct rpc_caller *storage_caller;
- 	struct storage_backend *backend;
- 
- 	storage_caller = openamp_caller_init(&openamp);
- 	if (!storage_caller)
- 		return NULL;
- 	backend = secure_storage_ipc_init(&ps_backend, &openamp.rpc_caller);
-+	ps_backend.service_handle = TFM_PROTECTED_STORAGE_SERVICE_HANDLE;
- 
- 	return secure_storage_provider_init(&ps_provider, backend);
- }
- 
- struct rpc_interface *its_proxy_create(void)
- {
--	static struct mock_store its_backend;
--	static struct secure_storage_provider its_provider;
--
--	struct storage_backend *backend = mock_store_init(&its_backend);
--
--	return secure_storage_provider_init(&its_provider, backend);
-+        static struct secure_storage_provider its_provider;
-+        static struct secure_storage_ipc its_backend;
-+        struct rpc_caller *storage_caller;
-+        struct storage_backend *backend;
-+ 
-+        storage_caller = openamp_caller_init(&openamp);
-+        if (!storage_caller)
-+        	return NULL;
-+        backend = secure_storage_ipc_init(&its_backend, &openamp.rpc_caller);
-+        its_backend.service_handle = TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE;
-+ 
-+        return secure_storage_provider_init(&its_provider, backend);
- }
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch
deleted file mode 100644
index 67ea7b8c..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch
+++ /dev/null
@@ -1,2570 +0,0 @@
-From 0b5d96b1a9f927dc141047600edf2249af7022c5 Mon Sep 17 00:00:00 2001
-From: Rui Miguel Silva <rui.silva@linaro.org>
-Date: Thu, 9 Dec 2021 14:17:39 +0000
-Subject: [PATCH 12/20] add psa ipc crypto backend
-
-Add psa ipc crypto backend and attach it to se proxy
-deployment.
-
-Upstream-Status: Pending
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- components/service/common/include/psa/sid.h   |  73 +++++
- .../crypto/backend/psa_ipc/component.cmake    |  21 ++
- .../backend/psa_ipc/crypto_ipc_backend.c      |  26 ++
- .../backend/psa_ipc/crypto_ipc_backend.h      |  70 ++++
- .../client/caller/psa_ipc/crypto_caller.h     |  34 ++
- .../caller/psa_ipc/crypto_caller_aead.h       | 252 +++++++++++++++
- .../crypto_caller_asymmetric_decrypt.h        |  76 +++++
- .../crypto_caller_asymmetric_encrypt.h        |  76 +++++
- .../caller/psa_ipc/crypto_caller_cipher.h     | 246 +++++++++++++++
- .../caller/psa_ipc/crypto_caller_copy_key.h   |  57 ++++
- .../psa_ipc/crypto_caller_destroy_key.h       |  51 +++
- .../caller/psa_ipc/crypto_caller_export_key.h |  59 ++++
- .../psa_ipc/crypto_caller_export_public_key.h |  59 ++++
- .../psa_ipc/crypto_caller_generate_key.h      |  55 ++++
- .../psa_ipc/crypto_caller_generate_random.h   |  57 ++++
- .../crypto_caller_get_key_attributes.h        |  56 ++++
- .../caller/psa_ipc/crypto_caller_hash.h       | 220 +++++++++++++
- .../caller/psa_ipc/crypto_caller_import_key.h |  57 ++++
- .../psa_ipc/crypto_caller_key_attributes.h    |  51 +++
- .../psa_ipc/crypto_caller_key_derivation.h    | 298 ++++++++++++++++++
- .../client/caller/psa_ipc/crypto_caller_mac.h | 207 ++++++++++++
- .../caller/psa_ipc/crypto_caller_purge_key.h  |  51 +++
- .../caller/psa_ipc/crypto_caller_sign_hash.h  |  64 ++++
- .../psa_ipc/crypto_caller_verify_hash.h       |  59 ++++
- .../crypto/include/psa/crypto_client_struct.h |   8 +-
- .../service/crypto/include/psa/crypto_sizes.h |   2 +-
- .../se-proxy/common/service_proxy_factory.c   |  15 +-
- .../providers/arm/corstone1000/platform.cmake |   2 +
- 28 files changed, 2292 insertions(+), 10 deletions(-)
- create mode 100644 components/service/crypto/backend/psa_ipc/component.cmake
- create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c
- create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index 4a951d4a3502..7a29cc253bad 100644
---- a/components/service/common/include/psa/sid.h
-+++ b/components/service/common/include/psa/sid.h
-@@ -37,6 +37,79 @@ extern "C" {
- #define TFM_CRYPTO_VERSION                                         (1U)
- #define TFM_CRYPTO_HANDLE                                          (0x40000100U)
- 
-+/**
-+ * \brief Define a progressive numerical value for each SID which can be used
-+ *        when dispatching the requests to the service
-+ */
-+enum {
-+    TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID = (0u),
-+    TFM_CRYPTO_RESET_KEY_ATTRIBUTES_SID,
-+    TFM_CRYPTO_OPEN_KEY_SID,
-+    TFM_CRYPTO_CLOSE_KEY_SID,
-+    TFM_CRYPTO_IMPORT_KEY_SID,
-+    TFM_CRYPTO_DESTROY_KEY_SID,
-+    TFM_CRYPTO_EXPORT_KEY_SID,
-+    TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
-+    TFM_CRYPTO_PURGE_KEY_SID,
-+    TFM_CRYPTO_COPY_KEY_SID,
-+    TFM_CRYPTO_HASH_COMPUTE_SID,
-+    TFM_CRYPTO_HASH_COMPARE_SID,
-+    TFM_CRYPTO_HASH_SETUP_SID,
-+    TFM_CRYPTO_HASH_UPDATE_SID,
-+    TFM_CRYPTO_HASH_FINISH_SID,
-+    TFM_CRYPTO_HASH_VERIFY_SID,
-+    TFM_CRYPTO_HASH_ABORT_SID,
-+    TFM_CRYPTO_HASH_CLONE_SID,
-+    TFM_CRYPTO_MAC_COMPUTE_SID,
-+    TFM_CRYPTO_MAC_VERIFY_SID,
-+    TFM_CRYPTO_MAC_SIGN_SETUP_SID,
-+    TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
-+    TFM_CRYPTO_MAC_UPDATE_SID,
-+    TFM_CRYPTO_MAC_SIGN_FINISH_SID,
-+    TFM_CRYPTO_MAC_VERIFY_FINISH_SID,
-+    TFM_CRYPTO_MAC_ABORT_SID,
-+    TFM_CRYPTO_CIPHER_ENCRYPT_SID,
-+    TFM_CRYPTO_CIPHER_DECRYPT_SID,
-+    TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
-+    TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
-+    TFM_CRYPTO_CIPHER_GENERATE_IV_SID,
-+    TFM_CRYPTO_CIPHER_SET_IV_SID,
-+    TFM_CRYPTO_CIPHER_UPDATE_SID,
-+    TFM_CRYPTO_CIPHER_FINISH_SID,
-+    TFM_CRYPTO_CIPHER_ABORT_SID,
-+    TFM_CRYPTO_AEAD_ENCRYPT_SID,
-+    TFM_CRYPTO_AEAD_DECRYPT_SID,
-+    TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
-+    TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
-+    TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
-+    TFM_CRYPTO_AEAD_SET_NONCE_SID,
-+    TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
-+    TFM_CRYPTO_AEAD_UPDATE_AD_SID,
-+    TFM_CRYPTO_AEAD_UPDATE_SID,
-+    TFM_CRYPTO_AEAD_FINISH_SID,
-+    TFM_CRYPTO_AEAD_VERIFY_SID,
-+    TFM_CRYPTO_AEAD_ABORT_SID,
-+    TFM_CRYPTO_SIGN_MESSAGE_SID,
-+    TFM_CRYPTO_VERIFY_MESSAGE_SID,
-+    TFM_CRYPTO_SIGN_HASH_SID,
-+    TFM_CRYPTO_VERIFY_HASH_SID,
-+    TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
-+    TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_SETUP_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_ABORT_SID,
-+    TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
-+    TFM_CRYPTO_GENERATE_RANDOM_SID,
-+    TFM_CRYPTO_GENERATE_KEY_SID,
-+    TFM_CRYPTO_SID_MAX,
-+};
-+
- /******** TFM_SP_PLATFORM ********/
- #define TFM_SP_PLATFORM_SYSTEM_RESET_SID                           (0x00000040U)
- #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION                       (1U)
-diff --git a/components/service/crypto/backend/psa_ipc/component.cmake b/components/service/crypto/backend/psa_ipc/component.cmake
-new file mode 100644
-index 000000000000..93c297a83ac6
---- /dev/null
-+++ b/components/service/crypto/backend/psa_ipc/component.cmake
-@@ -0,0 +1,21 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+	message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+	"${CMAKE_CURRENT_LIST_DIR}/crypto_ipc_backend.c"
-+	)
-+
-+# The ipc crypto backend uses the psa crypto client to realize the
-+# psa crypto API that the crypto provider depends on.  This define
-+# configures the psa crypto client to be built with the ipc crypto
-+# caller.
-+target_compile_definitions(${TGT} PRIVATE
-+	PSA_CRYPTO_CLIENT_CALLER_SELECTION_H="service/crypto/client/caller/psa_ipc/crypto_caller.h"
-+)
-diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c
-new file mode 100644
-index 000000000000..e47cd4ffb4ce
---- /dev/null
-+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c
-@@ -0,0 +1,26 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <stddef.h>
-+#include <psa/crypto.h>
-+#include <service/crypto/client/psa/psa_crypto_client.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include "crypto_ipc_backend.h"
-+
-+psa_status_t crypto_ipc_backend_init(struct rpc_caller *caller)
-+{
-+	psa_status_t status = psa_crypto_client_init(caller);
-+
-+	if (status == PSA_SUCCESS)
-+		status = psa_crypto_init();
-+
-+	return status;
-+}
-+
-+void crypto_ipc_backend_deinit(void)
-+{
-+	psa_crypto_client_deinit();
-+}
-diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-new file mode 100644
-index 000000000000..c13c20e84131
---- /dev/null
-+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-@@ -0,0 +1,70 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef CRYPTO_IPC_BACKEND_H
-+#define CRYPTO_IPC_BACKEND_H
-+
-+#include <service/crypto/client/psa/psa_crypto_client.h>
-+#include <psa/error.h>
-+#include <rpc_caller.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/**
-+ * \brief This type is used to overcome a limitation in the number of maximum
-+ *        IOVECs that can be used especially in psa_aead_encrypt and
-+ *        psa_aead_decrypt. To be removed in case the AEAD APIs number of
-+ *        parameters passed gets restructured
-+ */
-+#define TFM_CRYPTO_MAX_NONCE_LENGTH (16u)
-+struct psa_ipc_crypto_aead_pack_input {
-+	uint8_t nonce[TFM_CRYPTO_MAX_NONCE_LENGTH];
-+	uint32_t nonce_length;
-+};
-+
-+struct psa_ipc_crypto_pack_iovec {
-+	uint32_t sfn_id;             /*!< Secure function ID used to dispatch the
-+				      *   request
-+				      */
-+	uint16_t step;               /*!< Key derivation step */
-+	psa_key_id_t key_id;         /*!< Key id */
-+	psa_algorithm_t alg;         /*!< Algorithm */
-+	uint32_t op_handle;          /*!< Frontend context handle associated to a
-+				      *   multipart operation
-+				      */
-+	uint32_t capacity;             /*!< Key derivation capacity */
-+
-+	struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for
-+							    *   AEAD until the API is
-+							    *   restructured
-+							    */
-+};
-+
-+#define iov_size sizeof(struct psa_ipc_crypto_pack_iovec)
-+
-+/**
-+ * \brief Initialize the psa ipc crypto backend
-+ *
-+ * Initializes a crypto backend that uses the psa API client with a
-+ * psa_ipc_backend caller to realize the PSA crypto API used by the crypto
-+ * service proviser.
-+ *
-+ * \return PSA_SUCCESS if backend initialized successfully
-+ */
-+psa_status_t crypto_ipc_backend_init(struct rpc_caller *caller);
-+
-+/**
-+ * \brief Clean-up to free any resource used by the crypto backend
-+ */
-+void crypto_ipc_backend_deinit(void);
-+
-+#ifdef __cplusplus
-+} /* extern "C" */
-+#endif
-+
-+#endif /* CRYPTO_IPC_BACKEND_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller.h
-new file mode 100644
-index 000000000000..0a972187062f
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller.h
-@@ -0,0 +1,34 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_H
-+#define PSA_IPC_CRYPTO_CALLER_H
-+
-+/**
-+ * Includes all header files that form the psa ipc crypto caller
-+ * interface.  May be used by a client that needs to call operations
-+ * provided by a crypto service instance using the psa ipc interface.
-+ */
-+#include "crypto_caller_aead.h"
-+#include "crypto_caller_asymmetric_decrypt.h"
-+#include "crypto_caller_asymmetric_encrypt.h"
-+#include "crypto_caller_cipher.h"
-+#include "crypto_caller_copy_key.h"
-+#include "crypto_caller_destroy_key.h"
-+#include "crypto_caller_export_key.h"
-+#include "crypto_caller_export_public_key.h"
-+#include "crypto_caller_generate_key.h"
-+#include "crypto_caller_generate_random.h"
-+#include "crypto_caller_get_key_attributes.h"
-+#include "crypto_caller_hash.h"
-+#include "crypto_caller_import_key.h"
-+#include "crypto_caller_key_derivation.h"
-+#include "crypto_caller_mac.h"
-+#include "crypto_caller_purge_key.h"
-+#include "crypto_caller_sign_hash.h"
-+#include "crypto_caller_verify_hash.h"
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-new file mode 100644
-index 000000000000..78517fe32ca9
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-@@ -0,0 +1,252 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_AEAD_H
-+#define PSA_IPC_CRYPTO_CALLER_AEAD_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_aead_encrypt(
-+					      struct service_client *context,
-+					      psa_key_id_t key,
-+					      psa_algorithm_t alg,
-+					      const uint8_t *nonce,
-+					      size_t nonce_length,
-+					      const uint8_t *additional_data,
-+					      size_t additional_data_length,
-+					      const uint8_t *plaintext,
-+					      size_t plaintext_length,
-+					      uint8_t *aeadtext,
-+					      size_t aeadtext_size,
-+					      size_t *aeadtext_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	size_t in_len;
-+	int i;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SID,
-+		.key_id = key,
-+		.alg = alg,
-+		.aead_in = { .nonce = {0}, .nonce_length = nonce_length },
-+	};
-+
-+	if (!additional_data && additional_data_length)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(plaintext),
-+			.len = plaintext_length },
-+		{ .base = psa_ptr_const_to_u32(additional_data),
-+			.len = additional_data_length},
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(aeadtext), .len = aeadtext_size },
-+	};
-+
-+	if (nonce_length > TFM_CRYPTO_MAX_NONCE_LENGTH)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	if (nonce) {
-+		for (i = 0; i < nonce_length; i++)
-+			iov.aead_in.nonce[i] = nonce[i];
-+	}
-+
-+	in_len = IOVEC_LEN(in_vec);
-+
-+	if (!additional_data)
-+		in_len--;
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  in_len, out_vec, IOVEC_LEN(out_vec));
-+
-+	*aeadtext_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_decrypt(
-+					      struct service_client *context,
-+					      psa_key_id_t key,
-+					      psa_algorithm_t alg,
-+					      const uint8_t *nonce,
-+					      size_t nonce_length,
-+					      const uint8_t *additional_data,
-+					      size_t additional_data_length,
-+					      const uint8_t *aeadtext,
-+					      size_t aeadtext_length,
-+					      uint8_t *plaintext,
-+					      size_t plaintext_size,
-+					      size_t *plaintext_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	size_t in_len;
-+	int i;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SID,
-+		.key_id = key,
-+		.alg = alg,
-+		.aead_in = { .nonce = {0}, .nonce_length = nonce_length },
-+	};
-+
-+	if (!additional_data && additional_data_length)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(aeadtext),
-+			.len = aeadtext_length },
-+		{ .base = psa_ptr_const_to_u32(additional_data),
-+			.len = additional_data_length},
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(plaintext), .len = plaintext_size },
-+	};
-+
-+	if (nonce_length > TFM_CRYPTO_MAX_NONCE_LENGTH)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	if (nonce) {
-+		for (i = 0; i < nonce_length; i++)
-+			iov.aead_in.nonce[i] = nonce[i];
-+	}
-+
-+	in_len = IOVEC_LEN(in_vec);
-+
-+	if (!additional_data)
-+		in_len--;
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  in_len, out_vec, IOVEC_LEN(out_vec));
-+
-+	*plaintext_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_encrypt_setup(
-+					    struct service_client *context,
-+					    uint32_t *op_handle,
-+					    psa_key_id_t key,
-+					    psa_algorithm_t alg)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_decrypt_setup(
-+					    struct service_client *context,
-+					    uint32_t *op_handle,
-+					    psa_key_id_t key,
-+					    psa_algorithm_t alg)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_generate_nonce(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     uint8_t *nonce,
-+					     size_t nonce_size,
-+					     size_t *nonce_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_set_nonce(
-+						struct service_client *context,
-+						uint32_t op_handle,
-+						const uint8_t *nonce,
-+						size_t nonce_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_set_lengths(
-+					  struct service_client *context,
-+					  uint32_t op_handle,
-+					  size_t ad_length,
-+					  size_t plaintext_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_update_ad(
-+						struct service_client *context,
-+						uint32_t op_handle,
-+						const uint8_t *input,
-+						size_t input_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_update(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     const uint8_t *input,
-+					     size_t input_length,
-+					     uint8_t *output,
-+					     size_t output_size,
-+					     size_t *output_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_finish(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     uint8_t *aeadtext,
-+					     size_t aeadtext_size,
-+					     size_t *aeadtext_length,
-+					     uint8_t *tag,
-+					     size_t tag_size,
-+					     size_t *tag_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_verify(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     uint8_t *plaintext,
-+					     size_t plaintext_size,
-+					     size_t *plaintext_length,
-+					     const uint8_t *tag,
-+					     size_t tag_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_abort(
-+					    struct service_client *context,
-+					    uint32_t op_handle)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_AEAD_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
-new file mode 100644
-index 000000000000..ff01815c09e9
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
-@@ -0,0 +1,76 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H
-+#define PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_asymmetric_decrypt(
-+				    struct service_client *context,
-+				    psa_key_id_t id,
-+				    psa_algorithm_t alg,
-+				    const uint8_t *input, size_t input_length,
-+				    const uint8_t *salt, size_t salt_length,
-+				    uint8_t *output, size_t output_size,
-+				    size_t *output_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	size_t in_len;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
-+		.key_id = id,
-+		.alg = alg,
-+	};
-+
-+	/* Sanitize optional input */
-+	if (!salt && salt_length)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(input), .len = input_length },
-+		{ .base = psa_ptr_const_to_u32(salt), .len = salt_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(output), .len = output_size },
-+	};
-+
-+
-+	in_len = IOVEC_LEN(in_vec);
-+	if (!salt)
-+		in_len--;
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  in_len, out_vec, IOVEC_LEN(out_vec));
-+
-+	*output_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
-new file mode 100644
-index 000000000000..1daf1689c076
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
-@@ -0,0 +1,76 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H
-+#define PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_asymmetric_encrypt(
-+				    struct service_client *context,
-+				    psa_key_id_t id,
-+				    psa_algorithm_t alg,
-+				    const uint8_t *input, size_t input_length,
-+				    const uint8_t *salt, size_t salt_length,
-+				    uint8_t *output, size_t output_size,
-+				    size_t *output_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	size_t in_len;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
-+		.key_id = id,
-+		.alg = alg,
-+	};
-+
-+	/* Sanitize optional input */
-+	if (!salt && salt_length)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(input), .len = input_length },
-+		{ .base = psa_ptr_const_to_u32(salt), .len = salt_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(output), .len = output_size },
-+	};
-+
-+
-+	in_len = IOVEC_LEN(in_vec);
-+	if (!salt)
-+		in_len--;
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  in_len, out_vec, IOVEC_LEN(out_vec));
-+
-+	*output_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-new file mode 100644
-index 000000000000..fbefb28d813a
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-@@ -0,0 +1,246 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_CIPHER_H
-+#define PSA_IPC_CRYPTO_CALLER_CIPHER_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_cipher_encrypt_setup(
-+					      struct service_client *context,
-+					      uint32_t *op_handle,
-+					      psa_key_id_t key,
-+					      psa_algorithm_t alg)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
-+		.key_id = key,
-+		.alg = alg,
-+		.op_handle = *op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_decrypt_setup(
-+					      struct service_client *context,
-+					      uint32_t *op_handle,
-+					      psa_key_id_t key,
-+					      psa_algorithm_t alg)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
-+		.key_id = key,
-+		.alg = alg,
-+		.op_handle = *op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_generate_iv(
-+					    struct service_client *context,
-+					    uint32_t op_handle,
-+					    uint8_t *iv,
-+					    size_t iv_size,
-+					    size_t *iv_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+		{ .base = psa_ptr_to_u32(iv), .len = iv_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*iv_length = out_vec[1].len;
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_set_iv(
-+					       struct service_client *context,
-+					       uint32_t op_handle,
-+					       const uint8_t *iv,
-+					       size_t iv_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_CIPHER_SET_IV_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(iv), .len = iv_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_update(
-+					       struct service_client *context,
-+					       uint32_t op_handle,
-+					       const uint8_t *input,
-+					       size_t input_length,
-+					       uint8_t *output,
-+					       size_t output_size,
-+					       size_t *output_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_CIPHER_UPDATE_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(input), .len = input_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+		{ .base = psa_ptr_to_u32(output), .len = output_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*output_length = out_vec[1].len;
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_finish(
-+					       struct service_client *context,
-+					       uint32_t op_handle,
-+					       uint8_t *output,
-+					       size_t output_size,
-+					       size_t *output_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_CIPHER_FINISH_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+		{ .base = psa_ptr_to_u32(output), .len = output_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*output_length = out_vec[1].len;
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_abort(
-+					      struct service_client *context,
-+					      uint32_t op_handle)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_CIPHER_ABORT_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline size_t crypto_caller_cipher_max_update_size(const struct service_client *context)
-+{
-+	/* Returns the maximum number of bytes that may be
-+	 * carried as a parameter of the cipher_update operation
-+	 * using the ipc encoding.
-+	 */
-+	size_t payload_space = context->service_info.max_payload;
-+	size_t overhead = iov_size;
-+
-+	/* Allow for output to be a whole number of blocks */
-+	overhead += PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE;
-+
-+	return (payload_space > overhead) ? payload_space - overhead : 0;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_CIPHER_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
-new file mode 100644
-index 000000000000..9a988171b098
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
-@@ -0,0 +1,57 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_COPY_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_COPY_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_copy_key(struct service_client *context,
-+						  psa_key_id_t source_key,
-+						  const psa_key_attributes_t *attributes,
-+						  psa_key_id_t *target_key)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_COPY_KEY_SID,
-+		.key_id = source_key,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+		{ .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(target_key), .len = sizeof(psa_key_id_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_COPY_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
-new file mode 100644
-index 000000000000..d00f4faa7a52
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
-@@ -0,0 +1,51 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_destroy_key(struct service_client *context,
-+						     psa_key_id_t id)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_DESTROY_KEY_SID,
-+		.key_id = id,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), NULL, 0);
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
-new file mode 100644
-index 000000000000..8ac5477f7b9a
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
-@@ -0,0 +1,59 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_export_key(struct service_client *context,
-+						    psa_key_id_t id,
-+						    uint8_t *data,
-+						    size_t data_size,
-+						    size_t *data_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_EXPORT_KEY_SID,
-+		.key_id = id,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(data), .len = data_size }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*data_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
-new file mode 100644
-index 000000000000..b24c47f1257e
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
-@@ -0,0 +1,59 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_export_public_key(struct service_client *context,
-+							   psa_key_id_t id,
-+							   uint8_t *data,
-+							   size_t data_size,
-+							   size_t *data_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
-+		.key_id = id,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(data), .len = data_size }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*data_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
-new file mode 100644
-index 000000000000..1b66ed4020de
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
-@@ -0,0 +1,55 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_generate_key(struct service_client *context,
-+						      const psa_key_attributes_t *attributes,
-+						      psa_key_id_t *id)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_GENERATE_KEY_SID,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+		{ .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(id), .len = sizeof(psa_key_id_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
-new file mode 100644
-index 000000000000..7c538237805a
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
-@@ -0,0 +1,57 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H
-+#define PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_generate_random(struct service_client *context,
-+							 uint8_t *output,
-+							 size_t output_size)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_GENERATE_RANDOM_SID,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(output), .len = output_size }
-+	};
-+
-+	if (!output_size)
-+		return PSA_SUCCESS;
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
-new file mode 100644
-index 000000000000..22f1d18f1476
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
-@@ -0,0 +1,56 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H
-+#define PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_get_key_attributes(
-+					    struct service_client *context,
-+					    psa_key_id_t key,
-+					    psa_key_attributes_t *attributes)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID,
-+		.key_id = key,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(attributes), .len = sizeof(psa_key_attributes_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-new file mode 100644
-index 000000000000..9f37908a2f25
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-@@ -0,0 +1,220 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_HASH_H
-+#define PSA_IPC_CRYPTO_CALLER_HASH_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_hash_setup(
-+					    struct service_client *context,
-+					    uint32_t *op_handle,
-+					    psa_algorithm_t alg)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_HASH_SETUP_SID,
-+		.alg = alg,
-+		.op_handle = *op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_update(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     const uint8_t *input,
-+					     size_t input_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_HASH_UPDATE_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(input), .len = input_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_finish(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     uint8_t *hash,
-+					     size_t hash_size,
-+					     size_t *hash_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_HASH_FINISH_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+		{ .base = psa_ptr_to_u32(hash), .len = hash_size},
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*hash_length = out_vec[1].len;
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_abort(
-+					    struct service_client *context,
-+					    uint32_t op_handle)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_HASH_ABORT_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_verify(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     const uint8_t *hash,
-+					     size_t hash_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_HASH_VERIFY_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(hash), .len = hash_length},
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_clone(
-+					    struct service_client *context,
-+					    uint32_t source_op_handle,
-+					    uint32_t *target_op_handle)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_HASH_CLONE_SID,
-+		.op_handle = source_op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(target_op_handle),
-+			.len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_suspend(struct service_client *context,
-+	uint32_t op_handle,
-+	uint8_t *hash_state,
-+	size_t hash_state_size,
-+	size_t *hash_state_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_resume(struct service_client *context,
-+	uint32_t op_handle,
-+	const uint8_t *hash_state,
-+	size_t hash_state_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline size_t crypto_caller_hash_max_update_size(const struct service_client *context)
-+{
-+	/* Returns the maximum number of bytes that may be
-+	 * carried as a parameter of the hash_update operation
-+	 * using the packed-c encoding.
-+	 */
-+	size_t payload_space = context->service_info.max_payload;
-+	size_t overhead = iov_size;
-+
-+	return (payload_space > overhead) ? payload_space - overhead : 0;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_HASH_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
-new file mode 100644
-index 000000000000..d47033662790
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
-@@ -0,0 +1,57 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_IMPORT_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_IMPORT_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_import_key(struct service_client *context,
-+				    const psa_key_attributes_t *attributes,
-+				    const uint8_t *data, size_t data_length,
-+				    psa_key_id_t *id)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_IMPORT_KEY_SID,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+		{ .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) },
-+		{ .base = psa_ptr_const_to_u32(data), .len = data_length }
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(id), .len = sizeof(psa_key_id_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PACKEDC_CRYPTO_CALLER_IMPORT_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h
-new file mode 100644
-index 000000000000..2fad2f0a64e6
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h
-@@ -0,0 +1,51 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H
-+#define PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H
-+
-+#include <psa/crypto.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline void packedc_crypto_caller_translate_key_attributes_to_proto(
-+	struct ts_crypto_key_attributes *proto_attributes,
-+	const psa_key_attributes_t *psa_attributes)
-+{
-+	proto_attributes->type = psa_get_key_type(psa_attributes);
-+	proto_attributes->key_bits = psa_get_key_bits(psa_attributes);
-+	proto_attributes->lifetime = psa_get_key_lifetime(psa_attributes);
-+	proto_attributes->id = psa_get_key_id(psa_attributes);
-+
-+	proto_attributes->policy.usage = psa_get_key_usage_flags(psa_attributes);
-+	proto_attributes->policy.alg = psa_get_key_algorithm(psa_attributes);
-+ }
-+
-+static inline void packedc_crypto_caller_translate_key_attributes_from_proto(
-+	psa_key_attributes_t *psa_attributes,
-+	const struct ts_crypto_key_attributes *proto_attributes)
-+{
-+	psa_set_key_type(psa_attributes, proto_attributes->type);
-+	psa_set_key_bits(psa_attributes, proto_attributes->key_bits);
-+	psa_set_key_lifetime(psa_attributes, proto_attributes->lifetime);
-+
-+	if (proto_attributes->lifetime == PSA_KEY_LIFETIME_PERSISTENT) {
-+
-+		psa_set_key_id(psa_attributes, proto_attributes->id);
-+	}
-+
-+	psa_set_key_usage_flags(psa_attributes, proto_attributes->policy.usage);
-+	psa_set_key_algorithm(psa_attributes, proto_attributes->policy.alg);
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
-new file mode 100644
-index 000000000000..5ce4fb6cca82
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
-@@ -0,0 +1,298 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H
-+#define PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_key_derivation_setup(
-+					      struct service_client *context,
-+					      uint32_t *op_handle,
-+					      psa_algorithm_t alg)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID,
-+		.alg = alg,
-+		.op_handle = *op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_get_capacity(
-+					     struct service_client *context,
-+					     const uint32_t op_handle,
-+					     size_t *capacity)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(capacity), .len = sizeof(uint32_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_set_capacity(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     size_t capacity)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID,
-+		.capacity = capacity,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), NULL, 0);
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_input_bytes(
-+					    struct service_client *context,
-+					    uint32_t op_handle,
-+					    psa_key_derivation_step_t step,
-+					    const uint8_t *data,
-+					    size_t data_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID,
-+		.step = step,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(data), .len = data_length },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), NULL, 0);
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_input_key(
-+					  struct service_client *context,
-+					  uint32_t op_handle,
-+					  psa_key_derivation_step_t step,
-+					  psa_key_id_t key)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
-+		.key_id = key,
-+		.step = step,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), NULL, 0);
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_output_bytes(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     uint8_t *output,
-+					     size_t output_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(output), .len = output_length },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_output_key(
-+				   struct service_client *context,
-+				   const psa_key_attributes_t *attributes,
-+				   uint32_t op_handle,
-+				   psa_key_id_t *key)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(attributes),
-+			.len = sizeof(psa_key_attributes_t) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(key), .len = sizeof(psa_key_id_t)},
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_abort(
-+					      struct service_client *context,
-+					      uint32_t op_handle)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_key_agreement(
-+				      struct service_client *context,
-+				      uint32_t op_handle,
-+				      psa_key_derivation_step_t step,
-+				      psa_key_id_t private_key,
-+				      const uint8_t *peer_key,
-+				      size_t peer_key_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
-+		.key_id = private_key,
-+		.step = step,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(peer_key),
-+			.len = peer_key_length},
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), NULL, 0);
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_raw_key_agreement(
-+					   struct service_client *context,
-+					   psa_algorithm_t alg,
-+					   psa_key_id_t private_key,
-+					   const uint8_t *peer_key,
-+					   size_t peer_key_length,
-+					   uint8_t *output,
-+					   size_t output_size,
-+					   size_t *output_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
-+		.alg = alg,
-+		.key_id = private_key,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(peer_key),
-+			.len = peer_key_length},
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(output), .len = output_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*output_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
-new file mode 100644
-index 000000000000..3a820192495a
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
-@@ -0,0 +1,207 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_MAC_H
-+#define PSA_IPC_CRYPTO_CALLER_MAC_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_mac_sign_setup(
-+						struct service_client *context,
-+						uint32_t *op_handle,
-+						psa_key_id_t key,
-+						psa_algorithm_t alg)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID,
-+		.key_id = key,
-+		.alg = alg,
-+		.op_handle = *op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_mac_verify_setup(
-+					  struct service_client *context,
-+					  uint32_t *op_handle,
-+					  psa_key_id_t key,
-+					  psa_algorithm_t alg)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
-+		.key_id = key,
-+		.alg = alg,
-+		.op_handle = *op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_mac_update(
-+					    struct service_client *context,
-+					    uint32_t op_handle,
-+					    const uint8_t *input,
-+					    size_t input_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_MAC_UPDATE_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(input), .len = input_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_mac_sign_finish(
-+						 struct service_client *context,
-+						 uint32_t op_handle,
-+						 uint8_t *mac,
-+						 size_t mac_size,
-+						 size_t *mac_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+		{ .base = psa_ptr_to_u32(mac), .len = mac_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*mac_length = out_vec[1].len;
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_mac_verify_finish(
-+					   struct service_client *context,
-+					   uint32_t op_handle,
-+					   const uint8_t *mac,
-+					   size_t mac_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(mac), .len = mac_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_mac_abort(
-+					   struct service_client *context,
-+					   uint32_t op_handle)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_MAC_ABORT_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline size_t crypto_caller_mac_max_update_size(const struct service_client *context)
-+{
-+	/* Returns the maximum number of bytes that may be
-+	 * carried as a parameter of the mac_update operation
-+	 * using the packed-c encoding.
-+	 */
-+	size_t payload_space = context->service_info.max_payload;
-+	size_t overhead = iov_size;
-+
-+	return (payload_space > overhead) ? payload_space - overhead : 0;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_MAC_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
-new file mode 100644
-index 000000000000..a3a796e2166c
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
-@@ -0,0 +1,51 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PACKEDC_CRYPTO_CALLER_PURGE_KEY_H
-+#define PACKEDC_CRYPTO_CALLER_PURGE_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_purge_key(struct service_client *context,
-+						   psa_key_id_t id)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_PURGE_KEY_SID,
-+		.key_id = id,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), NULL, 0);
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PACKEDC_CRYPTO_CALLER_PURGE_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-new file mode 100644
-index 000000000000..71d88cededf5
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-@@ -0,0 +1,64 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H
-+#define PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_sign_hash(struct service_client *context,
-+						   psa_key_id_t id,
-+						   psa_algorithm_t alg,
-+						   const uint8_t *hash,
-+						   size_t hash_length,
-+						   uint8_t *signature,
-+						   size_t signature_size,
-+						   size_t *signature_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_SIGN_HASH_SID,
-+		.key_id = id,
-+		.alg = alg,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(hash), .len = hash_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(signature), .len = signature_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*signature_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-new file mode 100644
-index 000000000000..e16f6e5450af
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-@@ -0,0 +1,59 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H
-+#define PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_verify_hash(struct service_client *context,
-+						     psa_key_id_t id,
-+						     psa_algorithm_t alg,
-+						     const uint8_t *hash,
-+						     size_t hash_length,
-+						     const uint8_t *signature,
-+						     size_t signature_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_VERIFY_HASH_SID,
-+		.key_id = id,
-+		.alg = alg,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+		{ .base = psa_ptr_const_to_u32(hash), .len = hash_length },
-+		{ .base = psa_ptr_const_to_u32(signature), .len = signature_length},
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), NULL, 0);
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H */
-diff --git a/components/service/crypto/include/psa/crypto_client_struct.h b/components/service/crypto/include/psa/crypto_client_struct.h
-index abd420c82607..bf95c9821e55 100644
---- a/components/service/crypto/include/psa/crypto_client_struct.h
-+++ b/components/service/crypto/include/psa/crypto_client_struct.h
-@@ -31,12 +31,12 @@ extern "C" {
-  * data structure internally. */
- struct psa_client_key_attributes_s
- {
-+    uint16_t type;
-+    uint16_t bits;
-     uint32_t lifetime;
--    uint32_t id;
--    uint32_t alg;
-+    psa_key_id_t id;
-     uint32_t usage;
--    size_t bits;
--    uint16_t type;
-+    uint32_t alg;
- };
- 
- #define PSA_CLIENT_KEY_ATTRIBUTES_INIT {0, 0, 0, 0, 0, 0}
-diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h
-index 7a0149bbca62..4d7bf6e959b0 100644
---- a/components/service/crypto/include/psa/crypto_sizes.h
-+++ b/components/service/crypto/include/psa/crypto_sizes.h
-@@ -81,7 +81,7 @@
- #define PSA_HASH_MAX_SIZE 64
- #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
- #else
--#define PSA_HASH_MAX_SIZE 32
-+#define PSA_HASH_MAX_SIZE 64
- #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
- #endif
- 
-diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
-index 1110ac46bf8b..7edeef8b434a 100644
---- a/deployments/se-proxy/common/service_proxy_factory.c
-+++ b/deployments/se-proxy/common/service_proxy_factory.c
-@@ -15,7 +15,7 @@
- #include <trace.h>
- 
- /* Stub backends */
--#include <service/crypto/backend/stub/stub_crypto_backend.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
- #include <service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h>
- #include <service/secure_storage/backend/mock_store/mock_store.h>
- 
-@@ -47,12 +47,17 @@ struct rpc_interface *crypto_proxy_create(void)
- {
- 	struct rpc_interface *crypto_iface = NULL;
- 	struct crypto_provider *crypto_provider;
-+	struct rpc_caller *crypto_caller;
- 
--	if (stub_crypto_backend_init() == PSA_SUCCESS) {
-+	crypto_caller = openamp_caller_init(&openamp);
-+	if (!crypto_caller)
-+		return NULL;
-+
-+	if (crypto_ipc_backend_init(&openamp.rpc_caller) != PSA_SUCCESS)
-+		return NULL;
- 
--		crypto_provider = crypto_provider_factory_create();
--		crypto_iface = service_provider_get_rpc_interface(&crypto_provider->base_provider);
--	}
-+	crypto_provider = crypto_provider_factory_create();
-+	crypto_iface = service_provider_get_rpc_interface(&crypto_provider->base_provider);
- 
- 	return crypto_iface;
- }
-diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
-index bb778bb9719b..51e5faa3e4d8 100644
---- a/platform/providers/arm/corstone1000/platform.cmake
-+++ b/platform/providers/arm/corstone1000/platform.cmake
-@@ -8,3 +8,5 @@
- 
- # include MHU driver
- include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake)
-+
-+add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch
deleted file mode 100644
index 22b1da69..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 229ec29154a4404426ad3083af68ca111a214e13 Mon Sep 17 00:00:00 2001
-From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-Date: Thu, 16 Dec 2021 21:31:40 +0000
-Subject: [PATCH 14/20] Configure storage size
-
-Upstream-Status: Pending
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../service/smm_variable/backend/uefi_variable_store.c       | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
-index 611e2e225c6b..6c3b9ed81c25 100644
---- a/components/service/smm_variable/backend/uefi_variable_store.c
-+++ b/components/service/smm_variable/backend/uefi_variable_store.c
-@@ -88,6 +88,7 @@ static efi_status_t check_name_terminator(
-  * may be overridden using uefi_variable_store_set_storage_limits()
-  */
- #define DEFAULT_MAX_VARIABLE_SIZE			(2048)
-+#define CONFIGURE_STORAGE_SIZE			    (50)
- 
- efi_status_t uefi_variable_store_init(
- 	struct uefi_variable_store *context,
-@@ -101,13 +102,13 @@ efi_status_t uefi_variable_store_init(
- 	/* Initialise persistent store defaults */
- 	context->persistent_store.is_nv = true;
- 	context->persistent_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE;
--	context->persistent_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables;
-+	context->persistent_store.total_capacity = CONFIGURE_STORAGE_SIZE * max_variables;
- 	context->persistent_store.storage_backend = persistent_store;
- 
- 	/* Initialise volatile store defaults */
- 	context->volatile_store.is_nv = false;
- 	context->volatile_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE;
--	context->volatile_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables;
-+	context->volatile_store.total_capacity = CONFIGURE_STORAGE_SIZE * max_variables;
- 	context->volatile_store.storage_backend = volatile_store;
- 
- 	context->owner_id = owner_id;
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch
deleted file mode 100644
index 426f2ca5..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From cf83184500703f9b4f2ac04be59cc7d624d8fd66 Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Sun, 13 Feb 2022 09:01:10 +0000
-Subject: [PATCH 15/20] Fix: Crypto interface structure aligned with tf-m
- change.
-
-NO NEED TO RAISE PR: The PR for this FIX  is raied by Emek.
-
-Upstream-Status: Pending
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-index c13c20e84131..ec25eaf868c7 100644
---- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-@@ -38,7 +38,8 @@ struct psa_ipc_crypto_pack_iovec {
- 				      *   multipart operation
- 				      */
- 	uint32_t capacity;             /*!< Key derivation capacity */
--
-+	uint32_t ad_length;            /*!< Additional Data length for multipart AEAD */
-+	uint32_t plaintext_length;     /*!< Plaintext length for multipart AEAD */
- 	struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for
- 							    *   AEAD until the API is
- 							    *   restructured
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch
deleted file mode 100644
index a59d1400..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch
+++ /dev/null
@@ -1,494 +0,0 @@
-From 551d8722769fa2f2d2ac74adcb289333a9b03598 Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Sun, 13 Feb 2022 09:49:51 +0000
-Subject: [PATCH 16/20] Integrate remaining psa-ipc client APIs.
-
-Upstream-Status: Pending
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../caller/psa_ipc/crypto_caller_aead.h       | 297 +++++++++++++++++-
- .../caller/psa_ipc/crypto_caller_sign_hash.h  |  35 +++
- .../psa_ipc/crypto_caller_verify_hash.h       |  33 +-
- 3 files changed, 352 insertions(+), 13 deletions(-)
-
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-index 78517fe32ca9..f6aadd8b9098 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-@@ -152,7 +152,27 @@ static inline psa_status_t crypto_caller_aead_encrypt_setup(
- 					    psa_key_id_t key,
- 					    psa_algorithm_t alg)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
-+	    .key_id = key,
-+	    .alg = alg,
-+	    .op_handle = (*op_handle),
-+	};
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t)}
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_decrypt_setup(
-@@ -161,7 +181,26 @@ static inline psa_status_t crypto_caller_aead_decrypt_setup(
- 					    psa_key_id_t key,
- 					    psa_algorithm_t alg)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
-+	    .key_id = key,
-+	    .alg = alg,
-+	    .op_handle = (*op_handle),
-+	};
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t)}
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_generate_nonce(
-@@ -171,7 +210,27 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
- 					     size_t nonce_size,
- 					     size_t *nonce_length)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
-+	    .op_handle = op_handle,
-+	};
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
-+	    {.base = psa_ptr_to_u32(nonce), .len = nonce_size}
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*nonce_length = out_vec[1].len;
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_set_nonce(
-@@ -180,7 +239,25 @@ static inline psa_status_t crypto_caller_aead_set_nonce(
- 						const uint8_t *nonce,
- 						size_t nonce_length)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
-+	    .op_handle = op_handle,
-+	};
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	    {.base = psa_ptr_to_u32(nonce), .len = nonce_length}
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_set_lengths(
-@@ -189,7 +266,27 @@ static inline psa_status_t crypto_caller_aead_set_lengths(
- 					  size_t ad_length,
- 					  size_t plaintext_length)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
-+	    .ad_length = ad_length,
-+	    .plaintext_length = plaintext_length,
-+	    .op_handle = op_handle,
-+	};
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_update_ad(
-@@ -198,7 +295,35 @@ static inline psa_status_t crypto_caller_aead_update_ad(
- 						const uint8_t *input,
- 						size_t input_length)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
-+	    .op_handle = op_handle,
-+	};
-+
-+	/* Sanitize the optional input */
-+	if ((input == NULL) && (input_length != 0)) {
-+	    return PSA_ERROR_INVALID_ARGUMENT;
-+	}
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	    {.base = psa_ptr_const_to_u32(input), .len = input_length}
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}
-+	};
-+
-+	size_t in_len = IOVEC_LEN(in_vec);
-+
-+	if (input == NULL) {
-+	    in_len--;
-+	}
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   in_len, out_vec, IOVEC_LEN(out_vec));
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_update(
-@@ -210,7 +335,38 @@ static inline psa_status_t crypto_caller_aead_update(
- 					     size_t output_size,
- 					     size_t *output_length)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID,
-+	    .op_handle = op_handle,
-+	};
-+
-+	/* Sanitize the optional input */
-+	if ((input == NULL) && (input_length != 0)) {
-+	    return PSA_ERROR_INVALID_ARGUMENT;
-+	}
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	    {.base = psa_ptr_const_to_u32(input), .len = input_length}
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
-+	    {.base = psa_ptr_const_to_u32(output), .len = output_size},
-+	};
-+
-+	size_t in_len = IOVEC_LEN(in_vec);
-+
-+	if (input == NULL) {
-+	    in_len--;
-+	}
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   in_len, out_vec, IOVEC_LEN(out_vec));
-+
-+	*output_length = out_vec[1].len;
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_finish(
-@@ -223,7 +379,48 @@ static inline psa_status_t crypto_caller_aead_finish(
- 					     size_t tag_size,
- 					     size_t *tag_length)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_FINISH_SID,
-+	    .op_handle = op_handle,
-+	};
-+
-+	/* Sanitize the optional output */
-+	if ((aeadtext == NULL) && (aeadtext_size != 0)) {
-+	    return PSA_ERROR_INVALID_ARGUMENT;
-+	}
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
-+	    {.base = psa_ptr_const_to_u32(tag), .len = tag_size},
-+	    {.base = psa_ptr_const_to_u32(aeadtext), .len = aeadtext_size}
-+	};
-+
-+	size_t out_len = IOVEC_LEN(out_vec);
-+
-+	if (aeadtext == NULL || aeadtext_size == 0) {
-+	    out_len--;
-+	}
-+	if ((out_len == 3) && (aeadtext_length == NULL)) {
-+	    return PSA_ERROR_INVALID_ARGUMENT;
-+	}
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, out_len);
-+
-+	*tag_length = out_vec[1].len;
-+
-+	if (out_len == 3) {
-+	    *aeadtext_length = out_vec[2].len;
-+	} else {
-+	    *aeadtext_length = 0;
-+	}
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_verify(
-@@ -235,14 +432,94 @@ static inline psa_status_t crypto_caller_aead_verify(
- 					     const uint8_t *tag,
- 					     size_t tag_length)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID,
-+	    .op_handle = op_handle,
-+	};
-+
-+	/* Sanitize the optional output */
-+	if ((plaintext == NULL) && (plaintext_size != 0)) {
-+	    return PSA_ERROR_INVALID_ARGUMENT;
-+	}
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	    {.base = psa_ptr_const_to_u32(tag), .len = tag_length}
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
-+	    {.base = psa_ptr_const_to_u32(plaintext), .len = plaintext_size},
-+	};
-+
-+	size_t out_len = IOVEC_LEN(out_vec);
-+
-+	if (plaintext == NULL || plaintext_size == 0) {
-+	    out_len--;
-+	}
-+	if ((out_len == 2) && (plaintext_length == NULL)) {
-+	    return PSA_ERROR_INVALID_ARGUMENT;
-+	}
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, out_len);
-+
-+	if (out_len == 2) {
-+	    *plaintext_length = out_vec[1].len;
-+	} else {
-+	    *plaintext_length = 0;
-+	}
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_abort(
- 					    struct service_client *context,
- 					    uint32_t op_handle)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_ABORT_SID,
-+	    .op_handle = op_handle,
-+	};
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+	return status;
-+}
-+
-+static inline size_t crypto_caller_aead_max_update_size(const struct service_client *context)
-+{
-+       /* Returns the maximum number of bytes that may be
-+        * carried as a parameter of the mac_update operation
-+        *  using the packed-c encoding.
-+        */
-+       size_t payload_space = context->service_info.max_payload;
-+       size_t overhead = iov_size;
-+
-+       return (payload_space > overhead) ? payload_space - overhead : 0;
-+}
-+
-+static inline size_t crypto_caller_aead_max_update_ad_size(const struct service_client *context)
-+{
-+	/* Returns the maximum number of bytes that may be
-+	 * carried as a parameter of the mac_update operation
-+	 *  using the packed-c encoding.
-+	 */
-+	size_t payload_space = context->service_info.max_payload;
-+	size_t overhead = iov_size;
-+
-+	return (payload_space > overhead) ? payload_space - overhead : 0;
- }
- 
- #ifdef __cplusplus
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-index 71d88cededf5..e4a2b167defb 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-@@ -57,6 +57,41 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex
- 	return status;
- }
- 
-+static inline psa_status_t crypto_caller_sign_message(struct service_client *context,
-+						   psa_key_id_t id,
-+						   psa_algorithm_t alg,
-+						   const uint8_t *hash,
-+						   size_t hash_length,
-+						   uint8_t *signature,
-+						   size_t signature_size,
-+						   size_t *signature_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_SIGN_MESSAGE_SID,
-+		.key_id = id,
-+		.alg = alg,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(hash), .len = hash_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(signature), .len = signature_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*signature_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-index e16f6e5450af..cc9279ee79f2 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-@@ -24,19 +24,20 @@
- extern "C" {
- #endif
- 
--static inline psa_status_t crypto_caller_verify_hash(struct service_client *context,
-+static inline psa_status_t crypto_caller_common(struct service_client *context,
- 						     psa_key_id_t id,
- 						     psa_algorithm_t alg,
- 						     const uint8_t *hash,
- 						     size_t hash_length,
- 						     const uint8_t *signature,
--						     size_t signature_length)
-+						     size_t signature_length,
-+						     uint32_t sfn_id)
- {
- 	struct service_client *ipc = context;
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_VERIFY_HASH_SID,
-+		.sfn_id = sfn_id,
- 		.key_id = id,
- 		.alg = alg,
- 	};
-@@ -52,6 +53,32 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont
- 	return status;
- }
- 
-+static inline psa_status_t crypto_caller_verify_hash(struct service_client *context,
-+						     psa_key_id_t id,
-+						     psa_algorithm_t alg,
-+						     const uint8_t *hash,
-+						     size_t hash_length,
-+						     const uint8_t *signature,
-+						     size_t signature_length)
-+{
-+
-+	return crypto_caller_common(context,id,alg,hash,hash_length,
-+			signature,signature_length, TFM_CRYPTO_VERIFY_HASH_SID);
-+}
-+
-+static inline psa_status_t crypto_caller_verify_message(struct service_client *context,
-+						     psa_key_id_t id,
-+						     psa_algorithm_t alg,
-+						     const uint8_t *hash,
-+						     size_t hash_length,
-+						     const uint8_t *signature,
-+						     size_t signature_length)
-+{
-+
-+	return crypto_caller_common(context,id,alg,hash,hash_length,
-+			signature,signature_length, TFM_CRYPTO_VERIFY_MESSAGE_SID);
-+}
-+
- #ifdef __cplusplus
- }
- #endif
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch
deleted file mode 100644
index 4adcd90a..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From 5a5e162e17c9decb04b3b2905a0fb604e8f06e91 Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Mon, 14 Feb 2022 17:52:00 +0000
-Subject: [PATCH 17/20] Fix : update psa_set_key_usage_flags definition to the
- latest from the tf-m
-
-Upstream-Status: Pending
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- components/service/crypto/include/psa/crypto_struct.h | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/components/service/crypto/include/psa/crypto_struct.h b/components/service/crypto/include/psa/crypto_struct.h
-index 1bc55e375eea..b4a7ed4b39d3 100644
---- a/components/service/crypto/include/psa/crypto_struct.h
-+++ b/components/service/crypto/include/psa/crypto_struct.h
-@@ -155,9 +155,19 @@ static inline psa_key_lifetime_t psa_get_key_lifetime(
-     return( attributes->lifetime );
- }
- 
-+static inline void psa_extend_key_usage_flags( psa_key_usage_t *usage_flags )
-+{
-+    if( *usage_flags & PSA_KEY_USAGE_SIGN_HASH )
-+        *usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE;
-+
-+    if( *usage_flags & PSA_KEY_USAGE_VERIFY_HASH )
-+        *usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE;
-+}
-+
- static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
-                                            psa_key_usage_t usage_flags)
- {
-+    psa_extend_key_usage_flags( &usage_flags );
-     attributes->usage = usage_flags;
- }
- 
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch
deleted file mode 100644
index 02c89d89..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From c519bae79629bfe551d79cfeb4e7d8a059545145 Mon Sep 17 00:00:00 2001
-From: Rui Miguel Silva <rui.silva@linaro.org>
-Date: Tue, 11 Oct 2022 10:46:10 +0100
-Subject: [PATCH 19/20] plat: corstone1000: change default smm values
-
-Smm gateway uses SE proxy to route the calls for any NV
-storage so set the NV_STORE_SN.
-Change the storage index uid because TF-M in the secure
-enclave reserves the default value (0x1) to some internal
-operation.
-Increase the maximum number of uefi variables to cope with all
-the needs for testing and certification
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- platform/providers/arm/corstone1000/platform.cmake | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
-index 51e5faa3e4d8..04b629a81906 100644
---- a/platform/providers/arm/corstone1000/platform.cmake
-+++ b/platform/providers/arm/corstone1000/platform.cmake
-@@ -10,3 +10,9 @@
- include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake)
- 
- add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-+
-+target_compile_definitions(${TGT} PRIVATE
-+	SMM_GATEWAY_NV_STORE_SN="sn:ffa:46bb39d1-b4d9-45b5-88ff-040027dab249:1"
-+	SMM_VARIABLE_INDEX_STORAGE_UID=0x787
-+	SMM_GATEWAY_MAX_UEFI_VARIABLES=100
-+)
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch
deleted file mode 100644
index 87c053fc..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 6d3cac6f3a6e977e9330c9c06514a372ade170a2 Mon Sep 17 00:00:00 2001
-From: Emekcan <emekcan.aras@arm.com>
-Date: Wed, 2 Nov 2022 09:58:27 +0000
-Subject: [PATCH] smm_gateway: add checks for null attributes
-
-As par EDK-2 and EDK-2 test code, setVariable() with 0 
-attributes means a delete variable request. Currently, 
-smm gatway doesn't handle this scenario. This commit adds
-that support.
-
-Upstream-Status: Pending
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
----
- components/service/smm_variable/backend/uefi_variable_store.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
-index 6c3b9ed8..a691dc5d 100644
---- a/components/service/smm_variable/backend/uefi_variable_store.c
-+++ b/components/service/smm_variable/backend/uefi_variable_store.c
-@@ -202,9 +202,9 @@ efi_status_t uefi_variable_store_set_variable(
- 		if (info->is_variable_set) {
- 
- 			/* It's a request to update to an existing variable */
--			if (!(var->Attributes &
-+			if (!(var->Attributes) || (!(var->Attributes &
- 				(EFI_VARIABLE_APPEND_WRITE | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS_MASK)) &&
--				!var->DataSize) {
-+				!var->DataSize)) {
- 
- 				/* It's a remove operation - for a remove, the variable
- 				 * data must be removed from the storage backend before
--- 
-2.17.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch
deleted file mode 100644
index ed4e6e27..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 2aa665ad2cb13bc79b645db41686449a47593aab Mon Sep 17 00:00:00 2001
-From: Emekcan <emekcan.aras@arm.com>
-Date: Thu, 3 Nov 2022 17:43:40 +0000
-Subject: [PATCH] smm_gateway: GetNextVariableName Fix
-
-GetNextVariableName() should return EFI_BUFFER_TOO_SMALL 
-when NameSize is smaller than the actual NameSize. It 
-currently returns EFI_BUFFER_OUT_OF_RESOURCES due to setting
-max_name_len incorrectly. This fixes max_name_len error by
-replacing it with actual NameSize request by u-boot.
-
-Upstream-Status: Pending
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
----
- .../service/smm_variable/provider/smm_variable_provider.c       | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/components/service/smm_variable/provider/smm_variable_provider.c b/components/service/smm_variable/provider/smm_variable_provider.c
-index a9679b7e..6a4b6fa7 100644
---- a/components/service/smm_variable/provider/smm_variable_provider.c
-+++ b/components/service/smm_variable/provider/smm_variable_provider.c
-@@ -197,7 +197,7 @@ static rpc_status_t get_next_variable_name_handler(void *context, struct call_re
- 			efi_status = uefi_variable_store_get_next_variable_name(
- 				&this_instance->variable_store,
- 				(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data,
--				max_name_len,
-+				((SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data)->NameSize,
- 				&resp_buf->data_len);
- 		}
- 		else {
--- 
-2.17.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0023-Use-the-stateless-platform-service.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0023-Use-the-stateless-platform-service.patch
deleted file mode 100644
index 824196c1..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0023-Use-the-stateless-platform-service.patch
+++ /dev/null
@@ -1,140 +0,0 @@
-From 956b8a8e1dd5702b9c1657f4ec27a7aeddb0758e Mon Sep 17 00:00:00 2001
-From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-Date: Mon, 21 Nov 2022 00:08:20 +0000
-Subject: [PATCH] Use the stateless platform service calls
-
-Calls to psa_connect is not needed and psa_call can be called
-directly with a pre defined handle.
-
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-Upstream-Status: Inappropriate [Design is to revisted]
-
----
- .../provider/capsule_update_provider.c        | 24 ++++---------------
- .../provider/corstone1000_fmp_service.c       | 10 ++++----
- .../provider/corstone1000_fmp_service.h       |  3 +--
- components/service/common/include/psa/sid.h   |  6 +++++
- 4 files changed, 16 insertions(+), 27 deletions(-)
-
-diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
-index 991a2235..6809249f 100644
---- a/components/service/capsule_update/provider/capsule_update_provider.c
-+++ b/components/service/capsule_update/provider/capsule_update_provider.c
-@@ -61,7 +61,6 @@ void capsule_update_provider_deinit(struct capsule_update_provider *context)
- static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
- {
- 	uint32_t ioctl_id;
--	psa_handle_t handle;
- 	rpc_status_t rpc_status = TS_RPC_CALL_ACCEPTED;
- 
- 	struct psa_invec in_vec[] = {
-@@ -79,31 +78,18 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
- 		case CAPSULE_UPDATE_REQUEST:
- 		/* Openamp call with IOCTL for firmware update*/
- 		ioctl_id = IOCTL_CORSTONE1000_FWU_FLASH_IMAGES;
--		handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
--				TFM_SP_PLATFORM_IOCTL_VERSION);
--		if (handle <= 0) {
--			EMSG("%s Invalid handle", __func__);
--			rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
--			return rpc_status;
--		}
--		psa_call(caller,handle, PSA_IPC_CALL,
-+		psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
- 			in_vec,IOVEC_LEN(in_vec), NULL, 0);
--		set_fmp_image_info(caller, handle);
-+		set_fmp_image_info(caller);
- 		break;
- 
- 		case KERNEL_STARTED_EVENT:
- 		ioctl_id = IOCTL_CORSTONE1000_FWU_HOST_ACK;
- 		/*openamp call with IOCTL for kernel start*/
--		handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
--				TFM_SP_PLATFORM_IOCTL_VERSION);
--		if (handle <= 0) {
--			EMSG("%s Invalid handle", __func__);
--			rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
--			return rpc_status;
--		}
--		psa_call(caller,handle, PSA_IPC_CALL,
-+		
-+		psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
- 			in_vec,IOVEC_LEN(in_vec), NULL, 0);
--		set_fmp_image_info(caller, handle);
-+		set_fmp_image_info(caller);
- 		break;
- 		default:
- 			EMSG("%s unsupported opcode", __func__);
-diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
-index 6a7a47a7..d811af9f 100644
---- a/components/service/capsule_update/provider/corstone1000_fmp_service.c
-+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
-@@ -238,8 +238,7 @@ static psa_status_t unpack_image_info(void *buffer, uint32_t size)
-     return PSA_SUCCESS;
- }
- 
--static psa_status_t get_image_info(struct rpc_caller *caller,
--			   psa_handle_t platform_service_handle)
-+static psa_status_t get_image_info(struct rpc_caller *caller)
- {
-     psa_status_t status;
-     psa_handle_t handle;
-@@ -255,7 +254,7 @@ static psa_status_t get_image_info(struct rpc_caller *caller,
- 
-     memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE);
- 
--    psa_call(caller, platform_service_handle, PSA_IPC_CALL,
-+    psa_call(caller, TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
- 	     in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
- 
-     status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE);
-@@ -288,12 +287,11 @@ static psa_status_t set_image_info(struct rpc_caller *caller)
-     return PSA_SUCCESS;
- }
- 
--void set_fmp_image_info(struct rpc_caller *caller,
--			psa_handle_t platform_service_handle)
-+void set_fmp_image_info(struct rpc_caller *caller)
- {
-     psa_status_t status;
- 
--    status = get_image_info(caller, platform_service_handle);
-+    status = get_image_info(caller);
-     if (status != PSA_SUCCESS) {
- 	return;
-     }
-diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h
-index 95fba2a0..963223e8 100644
---- a/components/service/capsule_update/provider/corstone1000_fmp_service.h
-+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h
-@@ -16,8 +16,7 @@ extern "C" {
- 
- void provision_fmp_variables_metadata(struct rpc_caller *caller);
- 
--void set_fmp_image_info(struct rpc_caller *caller,
--		psa_handle_t platform_service_handle);
-+void set_fmp_image_info(struct rpc_caller *caller);
- 
- #ifdef __cplusplus
- } /* extern "C" */
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index 7a29cc25..8103a9af 100644
---- a/components/service/common/include/psa/sid.h
-+++ b/components/service/common/include/psa/sid.h
-@@ -37,6 +37,12 @@ extern "C" {
- #define TFM_CRYPTO_VERSION                                         (1U)
- #define TFM_CRYPTO_HANDLE                                          (0x40000100U)
- 
-+
-+/******** TFM_PLATFORM_SERVICE *******/
-+#define TFM_PLATFORM_API_ID_IOCTL         (1013)
-+#define TFM_PLATFORM_SERVICE_HANDLE       (0x40000105U)
-+
-+
- /**
-  * \brief Define a progressive numerical value for each SID which can be used
-  *        when dispatching the requests to the service
--- 
-2.25.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
index 867bd66e..17c957e2 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
+++ b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
@@ -2,32 +2,12 @@ FILESEXTRAPATHS:prepend:corstone1000 := "${THISDIR}/corstone1000:"
 
 COMPATIBLE_MACHINE:corstone1000 = "corstone1000"
 SRC_URI:append:corstone1000  = " \
-    file://0001-Add-openamp-to-SE-proxy-deployment.patch;patchdir=../trusted-services \
-    file://0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch;patchdir=../trusted-services \
-    file://0003-Add-openamp-rpc-caller.patch;patchdir=../trusted-services \
-    file://0004-add-psa-client-definitions-for-ff-m.patch;patchdir=../trusted-services \
-    file://0005-Add-common-service-component-to-ipc-support.patch;patchdir=../trusted-services \
-    file://0006-Add-secure-storage-ipc-backend.patch;patchdir=../trusted-services \
-    file://0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch;patchdir=../trusted-services \
-    file://0008-Run-psa-arch-test.patch;patchdir=../trusted-services \
-    file://0009-Use-address-instead-of-pointers.patch;patchdir=../trusted-services \
-    file://0010-Add-psa-ipc-attestation-to-se-proxy.patch;patchdir=../trusted-services \
-    file://0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch;patchdir=../trusted-services;patchdir=../trusted-services \
-    file://0012-add-psa-ipc-crypto-backend.patch;patchdir=../trusted-services \
-    file://0013-Add-stub-capsule-update-service-components.patch;patchdir=../trusted-services \
-    file://0014-Configure-storage-size.patch;patchdir=../trusted-services \
-    file://0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch;patchdir=../trusted-services;patchdir=../trusted-services \
-    file://0016-Integrate-remaining-psa-ipc-client-APIs.patch;patchdir=../trusted-services \
-    file://0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch;patchdir=../trusted-services;patchdir=../trusted-services \
-    file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \
-    file://0019-plat-corstone1000-change-default-smm-values.patch;patchdir=../trusted-services \
-    file://0020-FMP-Support-in-Corstone1000.patch;patchdir=../trusted-services \
-    file://0021-smm_gateway-add-checks-for-null-attributes.patch;patchdir=../trusted-services \
-    file://0022-GetNextVariableName-Fix.patch;patchdir=../trusted-services \
-    file://0023-Use-the-stateless-platform-service.patch;patchdir=../trusted-services \
-    file://0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch;patchdir=../trusted-services \
-    file://0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch;patchdir=../trusted-services \
-    file://0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch;patchdir=../trusted-services \
+    file://0001-Add-stub-capsule-update-service-components.patch;patchdir=../trusted-services \
+    file://0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \
+    file://0003-FMP-Support-in-Corstone1000.patch;patchdir=../trusted-services \
+    file://0004-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch;patchdir=../trusted-services \
+    file://0005-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch;patchdir=../trusted-services \
+    file://0006-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch;patchdir=../trusted-services \
     "
 
 
-- 
2.39.1.windows.1

[PATCH 10/16] trusted-services: update documentation

[Gyorgy Szing]

Add information related to SPMC tests and fix stale links.

Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
---
 documentation/trusted-services.md | 40 ++++++++++++++++++++-----------
 1 file changed, 26 insertions(+), 14 deletions(-)

diff --git a/documentation/trusted-services.md b/documentation/trusted-services.md
index e3cee6b3..70826f68 100644
--- a/documentation/trusted-services.md
+++ b/documentation/trusted-services.md
@@ -1,6 +1,6 @@
 # The Trusted Services: framework for developing root-of-trust services
 
-  meta-arm layer includes recipes for [Trusted Services][1] Secure Partitions and Normal World applications
+meta-arm layer includes recipes for [Trusted Services][^1] Secure Partitions and Normal World applications
 in `meta-arm/recipes-security/trusted-services`
 
 ## Secure Partitions recipes
@@ -12,7 +12,7 @@ These files are automatically included into optee-os image accordingly to define
 ### How to include TS SPs
 
 To include TS SPs into optee-os image you need to add into MACHINE_FEATURES
-features for each [Secure Partition][2] you would like to include:
+features for each [Secure Partition][^2] you would like to include:
 
 | Secure Partition  | MACHINE_FEATURE |
 | ----------------- | --------------- |
@@ -22,32 +22,44 @@ features for each [Secure Partition][2] you would like to include:
 | Protected Storage | ts-storage      |
 | se-proxy          | ts-se-proxy     |
 | smm-gateway       | ts-smm-gateway  |
+| spm-test[1-3]     | optee-spmc-test |
 
 Other steps depend on your machine/platform definition:
 
 1. For communications between Secure and Normal Words Linux kernel option `CONFIG_ARM_FFA_TRANSPORT=y`
-is required. If your platform doesn't include it already you can add `arm-ffa` into MACHINE_FEATURES.
+   is required. If your platform doesn't include it already you can add `arm-ffa` into MACHINE_FEATURES.
+   (Please see ` meta-arm/recipes-kernel/arm-ffa-tee`.)
+
+   For running the `uefi-test` or the `xtest -t ffa_spmc` tests under Linux the `arm-ffa-user` drivel is required. This is
+   enabled if the `ts-smm-gateway` and/or the `optee-spmc-test` machine features are enabled.
+   (Please see ` meta-arm/recipes-kernel/arm-ffa-user`.)
 
 2. optee-os might require platform specific OP-TEE build parameters (for example what SEL the SPM Core is implemented at).
-You can find examples in `meta-arm/recipes-security/optee/optee-os_%.bbappend` for qemuarm64-secureboot machine
-and in `meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc` and `meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc`
-for N1SDP and Corstone1000 platforms accordingly.
+   You can find examples in `meta-arm/recipes-security/optee/optee-os_%.bbappend` for qemuarm64-secureboot machine
+   and in `meta-arm-bsp/recipes-security/optee/optee-os-n1sdp.inc` and `meta-arm-bsp/recipes-security/optee/optee-os-corstone1000-common.inc`
+   for N1SDP and Corstone1000 platforms accordingly.
 
 3. trusted-firmware-a might require platform specific TF-A build parameters (SPD and SPMC details on the platform).
-See `meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend` for qemuarm64-secureboot machine
-and in `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc` and
-`meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc` for N1SDP and Corstone1000 platforms.
+   See `meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend` for qemuarm64-secureboot machine
+   and in `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc` and
+   `meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc` for N1SDP and Corstone1000 platforms.
 
 ## Normal World applications
 
-  Optionally for testing purposes you can add `packagegroup-ts-tests` and `packagegroup-ts-tests-psa` package groups into your image.
-They include [Trusted Services test and demo tools][3]
+Optionally for testing purposes you can add `packagegroup-ts-tests` into your image. It includes 
+[Trusted Services test and demo tools][^3] and [xtest][^4] configured to include the `ffa_spmc` tests.
 
 ## OEQA Trusted Services tests
 
   meta-arm also includes Trusted Service OEQA tests which can be used for automated testing.
 See `ci/trusted-services.yml` for an example how to include them into an image.
 
-[1] https://trusted-services.readthedocs.io/en/integration/overview/introduction.html
-[2] https://trusted-services.readthedocs.io/en/integration/developer/deployments/secure-partitions.html
-[3] https://trusted-services.readthedocs.io/en/integration/developer/deployments/test-executables.html
+
+------
+[^1]: https://trusted-services.readthedocs.io/en/integration/overview/index.html
+
+[^2]: https://trusted-services.readthedocs.io/en/integration/deployments/secure-partitions.html
+
+[^3]: https://trusted-services.readthedocs.io/en/integration/deployments/test-executables.html
+
+[^4]: https://optee.readthedocs.io/en/latest/building/gits/optee_test.html
\ No newline at end of file
-- 
2.39.1.windows.1

[PATCH 11/16] arm/trusted-services: disable psa-iat on qemuarm64-secureboot

[Gyorgy Szing]

TF-A v2.8 does not support measured boot and FF-A which is mandatory for
PSA Initial Attestation SP to work correctly.

Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
---
 ci/trusted-services.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ci/trusted-services.yml b/ci/trusted-services.yml
index 433ec78b..5f28dd3c 100644
--- a/ci/trusted-services.yml
+++ b/ci/trusted-services.yml
@@ -6,8 +6,8 @@ header:
 local_conf_header:
   trusted_services: |
     TEST_SUITES:append = " trusted_services"
-    # Include TS Crypto, Storage, ITS, Attestation and SMM-Gateway SPs into optee-os image
-    MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its ts-attestation ts-smm-gateway"
+    # Include TS Crypto, TS Protected Storage, TS Internal Trusted Storage and SMM-Gateway SPs into optee-os image
+    MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its ts-smm-gateway"
     # Include TS demo/test tools into image
     IMAGE_INSTALL:append = " packagegroup-ts-tests"
     # Include TS PSA Arch tests into image
-- 
2.39.1.windows.1

[PATCH 12/16] arm-bsp/trusted-services: remove merged patches for corstone1000

[Gyorgy Szing]

From: Rui Miguel Silva <rui.silva@linaro.org>

Patch related with the changes to support the in/out_vec modifications
in TF-M v1.7 was merged in upstream trusted-services integration branch.
So, drop this 3 out of tree patches not needed to be applied any more.

Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
 ...v1.7-alignment-Align-PSA-Crypto-SIDs.patch | 407 -----------
 ...gnment-Align-crypto-iovec-definition.patch | 656 ------------------
 ...ignment-PSA-crypto-client-in-out_vec.patch | 118 ----
 .../trusted-services/ts-arm-platforms.inc     |   3 -
 4 files changed, 1184 deletions(-)
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch

diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch
deleted file mode 100644
index 628d8682..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch
+++ /dev/null
@@ -1,407 +0,0 @@
-From c294197b17358b20c75757b9a06d628f43cd7884 Mon Sep 17 00:00:00 2001
-From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-Date: Thu, 9 Feb 2023 00:22:40 +0000
-Subject: [PATCH 4/6] TF-Mv1.7 alignment: Align PSA Crypto SIDs
-
-This patch is to change the PSA Crypto SIDs to match the values of the
-PSA Crypto SID definitions in TF-M v1.7 running on the secure enclave
-
-Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-Upstream-Status: Pending [Not submitted yet]
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../service/common/include/psa/crypto_sid.h   | 241 ++++++++++++++++++
- components/service/common/include/psa/sid.h   |  76 +-----
- .../caller/psa_ipc/crypto_caller_sign_hash.h  |   4 +-
- .../psa_ipc/crypto_caller_verify_hash.h       |   4 +-
- 4 files changed, 248 insertions(+), 77 deletions(-)
- create mode 100644 components/service/common/include/psa/crypto_sid.h
-
-diff --git a/components/service/common/include/psa/crypto_sid.h b/components/service/common/include/psa/crypto_sid.h
-new file mode 100644
-index 000000000000..5b05f46d7d72
---- /dev/null
-+++ b/components/service/common/include/psa/crypto_sid.h
-@@ -0,0 +1,241 @@
-+/*
-+ * Copyright (c) 2023, Arm Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ *
-+ */
-+
-+#ifndef __PSA_CRYPTO_SID_H__
-+#define __PSA_CRYPTO_SID_H__
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+#include <stdint.h>
-+
-+/**
-+ * \brief Type associated to the group of a function encoding. There can be
-+ *        nine groups (Random, Key management, Hash, MAC, Cipher, AEAD,
-+ *        Asym sign, Asym encrypt, Key derivation).
-+ */
-+enum tfm_crypto_group_id {
-+    TFM_CRYPTO_GROUP_ID_RANDOM = 0x0,
-+    TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT,
-+    TFM_CRYPTO_GROUP_ID_HASH,
-+    TFM_CRYPTO_GROUP_ID_MAC,
-+    TFM_CRYPTO_GROUP_ID_CIPHER,
-+    TFM_CRYPTO_GROUP_ID_AEAD,
-+    TFM_CRYPTO_GROUP_ID_ASYM_SIGN,
-+    TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT,
-+    TFM_CRYPTO_GROUP_ID_KEY_DERIVATION,
-+};
-+
-+/* X macro describing each of the available PSA Crypto APIs */
-+#define KEY_MANAGEMENT_FUNCS                       \
-+    X(TFM_CRYPTO_GET_KEY_ATTRIBUTES)               \
-+    X(TFM_CRYPTO_RESET_KEY_ATTRIBUTES)             \
-+    X(TFM_CRYPTO_OPEN_KEY)                         \
-+    X(TFM_CRYPTO_CLOSE_KEY)                        \
-+    X(TFM_CRYPTO_IMPORT_KEY)                       \
-+    X(TFM_CRYPTO_DESTROY_KEY)                      \
-+    X(TFM_CRYPTO_EXPORT_KEY)                       \
-+    X(TFM_CRYPTO_EXPORT_PUBLIC_KEY)                \
-+    X(TFM_CRYPTO_PURGE_KEY)                        \
-+    X(TFM_CRYPTO_COPY_KEY)                         \
-+    X(TFM_CRYPTO_GENERATE_KEY)
-+
-+#define HASH_FUNCS                                 \
-+    X(TFM_CRYPTO_HASH_COMPUTE)                     \
-+    X(TFM_CRYPTO_HASH_COMPARE)                     \
-+    X(TFM_CRYPTO_HASH_SETUP)                       \
-+    X(TFM_CRYPTO_HASH_UPDATE)                      \
-+    X(TFM_CRYPTO_HASH_CLONE)                       \
-+    X(TFM_CRYPTO_HASH_FINISH)                      \
-+    X(TFM_CRYPTO_HASH_VERIFY)                      \
-+    X(TFM_CRYPTO_HASH_ABORT)
-+
-+#define MAC_FUNCS                                  \
-+    X(TFM_CRYPTO_MAC_COMPUTE)                      \
-+    X(TFM_CRYPTO_MAC_VERIFY)                       \
-+    X(TFM_CRYPTO_MAC_SIGN_SETUP)                   \
-+    X(TFM_CRYPTO_MAC_VERIFY_SETUP)                 \
-+    X(TFM_CRYPTO_MAC_UPDATE)                       \
-+    X(TFM_CRYPTO_MAC_SIGN_FINISH)                  \
-+    X(TFM_CRYPTO_MAC_VERIFY_FINISH)                \
-+    X(TFM_CRYPTO_MAC_ABORT)
-+
-+#define CIPHER_FUNCS                               \
-+    X(TFM_CRYPTO_CIPHER_ENCRYPT)                   \
-+    X(TFM_CRYPTO_CIPHER_DECRYPT)                   \
-+    X(TFM_CRYPTO_CIPHER_ENCRYPT_SETUP)             \
-+    X(TFM_CRYPTO_CIPHER_DECRYPT_SETUP)             \
-+    X(TFM_CRYPTO_CIPHER_GENERATE_IV)               \
-+    X(TFM_CRYPTO_CIPHER_SET_IV)                    \
-+    X(TFM_CRYPTO_CIPHER_UPDATE)                    \
-+    X(TFM_CRYPTO_CIPHER_FINISH)                    \
-+    X(TFM_CRYPTO_CIPHER_ABORT)
-+
-+#define AEAD_FUNCS                                 \
-+    X(TFM_CRYPTO_AEAD_ENCRYPT)                     \
-+    X(TFM_CRYPTO_AEAD_DECRYPT)                     \
-+    X(TFM_CRYPTO_AEAD_ENCRYPT_SETUP)               \
-+    X(TFM_CRYPTO_AEAD_DECRYPT_SETUP)               \
-+    X(TFM_CRYPTO_AEAD_GENERATE_NONCE)              \
-+    X(TFM_CRYPTO_AEAD_SET_NONCE)                   \
-+    X(TFM_CRYPTO_AEAD_SET_LENGTHS)                 \
-+    X(TFM_CRYPTO_AEAD_UPDATE_AD)                   \
-+    X(TFM_CRYPTO_AEAD_UPDATE)                      \
-+    X(TFM_CRYPTO_AEAD_FINISH)                      \
-+    X(TFM_CRYPTO_AEAD_VERIFY)                      \
-+    X(TFM_CRYPTO_AEAD_ABORT)
-+
-+#define ASYMMETRIC_SIGN_FUNCS                      \
-+    X(TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE)          \
-+    X(TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE)        \
-+    X(TFM_CRYPTO_ASYMMETRIC_SIGN_HASH)             \
-+    X(TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH)
-+
-+#define AYSMMETRIC_ENCRYPT_FUNCS                   \
-+    X(TFM_CRYPTO_ASYMMETRIC_ENCRYPT)               \
-+    X(TFM_CRYPTO_ASYMMETRIC_DECRYPT)
-+
-+#define KEY_DERIVATION_FUNCS                       \
-+    X(TFM_CRYPTO_RAW_KEY_AGREEMENT)                \
-+    X(TFM_CRYPTO_KEY_DERIVATION_SETUP)             \
-+    X(TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY)      \
-+    X(TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY)      \
-+    X(TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES)       \
-+    X(TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY)         \
-+    X(TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT)     \
-+    X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES)      \
-+    X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY)        \
-+    X(TFM_CRYPTO_KEY_DERIVATION_ABORT)
-+
-+#define RANDOM_FUNCS                               \
-+    X(TFM_CRYPTO_GENERATE_RANDOM)
-+
-+/*
-+ * Define function IDs in each group. The function ID will be encoded into
-+ * tfm_crypto_func_sid below.
-+ * Each group is defined as a dedicated enum in case the total number of
-+ * PSA Crypto APIs exceeds 256.
-+ */
-+#define X(func_id)    func_id,
-+enum tfm_crypto_key_management_func_id {
-+    KEY_MANAGEMENT_FUNCS
-+};
-+enum tfm_crypto_hash_func_id {
-+    HASH_FUNCS
-+};
-+enum tfm_crypto_mac_func_id {
-+    MAC_FUNCS
-+};
-+enum tfm_crypto_cipher_func_id {
-+    CIPHER_FUNCS
-+};
-+enum tfm_crypto_aead_func_id {
-+    AEAD_FUNCS
-+};
-+enum tfm_crypto_asym_sign_func_id {
-+    ASYMMETRIC_SIGN_FUNCS
-+};
-+enum tfm_crypto_asym_encrypt_func_id {
-+    AYSMMETRIC_ENCRYPT_FUNCS
-+};
-+enum tfm_crypto_key_derivation_func_id {
-+    KEY_DERIVATION_FUNCS
-+};
-+enum tfm_crypto_random_func_id {
-+    RANDOM_FUNCS
-+};
-+#undef X
-+
-+#define FUNC_ID(func_id)    (((func_id) & 0xFF) << 8)
-+
-+/*
-+ * Numerical progressive value identifying a function API exposed through
-+ * the interfaces (S or NS). It's used to dispatch the requests from S/NS
-+ * to the corresponding API implementation in the Crypto service backend.
-+ *
-+ * Each function SID is encoded as uint16_t.
-+ *     |  Func ID  |  Group ID |
-+ *     15         8 7          0
-+ * Func ID is defined in each group func_id enum above
-+ * Group ID is defined in tfm_crypto_group_id.
-+ */
-+enum tfm_crypto_func_sid {
-+
-+#define X(func_id)      func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-+                                   (TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT & 0xFF)),
-+
-+    KEY_MANAGEMENT_FUNCS
-+
-+#undef X
-+#define X(func_id)      func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-+                                            (TFM_CRYPTO_GROUP_ID_HASH & 0xFF)),
-+    HASH_FUNCS
-+
-+#undef X
-+#define X(func_id)      func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-+                                            (TFM_CRYPTO_GROUP_ID_MAC & 0xFF)),
-+    MAC_FUNCS
-+
-+#undef X
-+#define X(func_id)      func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-+                                           (TFM_CRYPTO_GROUP_ID_CIPHER & 0xFF)),
-+    CIPHER_FUNCS
-+
-+#undef X
-+#define X(func_id)      func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-+                                             (TFM_CRYPTO_GROUP_ID_AEAD & 0xFF)),
-+    AEAD_FUNCS
-+
-+#undef X
-+#define X(func_id)      func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-+                                        (TFM_CRYPTO_GROUP_ID_ASYM_SIGN & 0xFF)),
-+    ASYMMETRIC_SIGN_FUNCS
-+
-+#undef X
-+#define X(func_id)      func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-+                                     (TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT & 0xFF)),
-+    AYSMMETRIC_ENCRYPT_FUNCS
-+
-+#undef X
-+#define X(func_id)      func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-+                                   (TFM_CRYPTO_GROUP_ID_KEY_DERIVATION & 0xFF)),
-+    KEY_DERIVATION_FUNCS
-+
-+#undef X
-+#define X(func_id)      func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-+                                           (TFM_CRYPTO_GROUP_ID_RANDOM & 0xFF)),
-+    RANDOM_FUNCS
-+
-+};
-+#undef X
-+
-+/**
-+ * \brief Define an invalid value for an SID
-+ *
-+ */
-+#define TFM_CRYPTO_SID_INVALID (~0x0u)
-+
-+/**
-+ * \brief This value is used to mark an handle as invalid.
-+ *
-+ */
-+#define TFM_CRYPTO_INVALID_HANDLE (0x0u)
-+
-+/**
-+ * \brief Define miscellaneous literal constants that are used in the service
-+ *
-+ */
-+enum {
-+    TFM_CRYPTO_NOT_IN_USE = 0,
-+    TFM_CRYPTO_IN_USE = 1
-+};
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* __PSA_CRYPTO_SID_H__ */
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index 8e2c6bdf2919..5aaa659d49a0 100644
---- a/components/service/common/include/psa/sid.h
-+++ b/components/service/common/include/psa/sid.h
-@@ -12,6 +12,9 @@
- extern "C" {
- #endif
- 
-+/******** PSA Crypto SIDs ********/
-+#include "crypto_sid.h"
-+
- /******** TFM_SP_PS ********/
- #define TFM_PROTECTED_STORAGE_SERVICE_SID                          (0x00000060U)
- #define TFM_PROTECTED_STORAGE_SERVICE_VERSION                      (1U)
-@@ -37,79 +40,6 @@ extern "C" {
- #define TFM_CRYPTO_VERSION                                         (1U)
- #define TFM_CRYPTO_HANDLE                                          (0x40000100U)
- 
--/**
-- * \brief Define a progressive numerical value for each SID which can be used
-- *        when dispatching the requests to the service
-- */
--enum {
--    TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID = (0u),
--    TFM_CRYPTO_RESET_KEY_ATTRIBUTES_SID,
--    TFM_CRYPTO_OPEN_KEY_SID,
--    TFM_CRYPTO_CLOSE_KEY_SID,
--    TFM_CRYPTO_IMPORT_KEY_SID,
--    TFM_CRYPTO_DESTROY_KEY_SID,
--    TFM_CRYPTO_EXPORT_KEY_SID,
--    TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
--    TFM_CRYPTO_PURGE_KEY_SID,
--    TFM_CRYPTO_COPY_KEY_SID,
--    TFM_CRYPTO_HASH_COMPUTE_SID,
--    TFM_CRYPTO_HASH_COMPARE_SID,
--    TFM_CRYPTO_HASH_SETUP_SID,
--    TFM_CRYPTO_HASH_UPDATE_SID,
--    TFM_CRYPTO_HASH_FINISH_SID,
--    TFM_CRYPTO_HASH_VERIFY_SID,
--    TFM_CRYPTO_HASH_ABORT_SID,
--    TFM_CRYPTO_HASH_CLONE_SID,
--    TFM_CRYPTO_MAC_COMPUTE_SID,
--    TFM_CRYPTO_MAC_VERIFY_SID,
--    TFM_CRYPTO_MAC_SIGN_SETUP_SID,
--    TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
--    TFM_CRYPTO_MAC_UPDATE_SID,
--    TFM_CRYPTO_MAC_SIGN_FINISH_SID,
--    TFM_CRYPTO_MAC_VERIFY_FINISH_SID,
--    TFM_CRYPTO_MAC_ABORT_SID,
--    TFM_CRYPTO_CIPHER_ENCRYPT_SID,
--    TFM_CRYPTO_CIPHER_DECRYPT_SID,
--    TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
--    TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
--    TFM_CRYPTO_CIPHER_GENERATE_IV_SID,
--    TFM_CRYPTO_CIPHER_SET_IV_SID,
--    TFM_CRYPTO_CIPHER_UPDATE_SID,
--    TFM_CRYPTO_CIPHER_FINISH_SID,
--    TFM_CRYPTO_CIPHER_ABORT_SID,
--    TFM_CRYPTO_AEAD_ENCRYPT_SID,
--    TFM_CRYPTO_AEAD_DECRYPT_SID,
--    TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
--    TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
--    TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
--    TFM_CRYPTO_AEAD_SET_NONCE_SID,
--    TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
--    TFM_CRYPTO_AEAD_UPDATE_AD_SID,
--    TFM_CRYPTO_AEAD_UPDATE_SID,
--    TFM_CRYPTO_AEAD_FINISH_SID,
--    TFM_CRYPTO_AEAD_VERIFY_SID,
--    TFM_CRYPTO_AEAD_ABORT_SID,
--    TFM_CRYPTO_SIGN_MESSAGE_SID,
--    TFM_CRYPTO_VERIFY_MESSAGE_SID,
--    TFM_CRYPTO_SIGN_HASH_SID,
--    TFM_CRYPTO_VERIFY_HASH_SID,
--    TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
--    TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
--    TFM_CRYPTO_KEY_DERIVATION_SETUP_SID,
--    TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID,
--    TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID,
--    TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID,
--    TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
--    TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
--    TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID,
--    TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID,
--    TFM_CRYPTO_KEY_DERIVATION_ABORT_SID,
--    TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
--    TFM_CRYPTO_GENERATE_RANDOM_SID,
--    TFM_CRYPTO_GENERATE_KEY_SID,
--    TFM_CRYPTO_SID_MAX,
--};
--
- /******** TFM_SP_PLATFORM ********/
- #define TFM_SP_PLATFORM_SYSTEM_RESET_SID                           (0x00000040U)
- #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION                       (1U)
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-index 29bd56e60708..bebfe05c7c49 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-@@ -37,7 +37,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_SIGN_HASH_SID,
-+		.sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID,
- 		.key_id = id,
- 		.alg = alg,
- 	};
-@@ -70,7 +70,7 @@ static inline psa_status_t crypto_caller_sign_message(struct service_client *con
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_SIGN_MESSAGE_SID,
-+		.sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID,
- 		.key_id = id,
- 		.alg = alg,
- 	};
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-index 66281d588626..d0a3850678cb 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-@@ -63,7 +63,7 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont
- {
- 
- 	return crypto_caller_common(context,id,alg,hash,hash_length,
--			signature,signature_length, TFM_CRYPTO_VERIFY_HASH_SID);
-+			signature,signature_length, TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH_SID);
- }
- 
- static inline psa_status_t crypto_caller_verify_message(struct service_client *context,
-@@ -76,7 +76,7 @@ static inline psa_status_t crypto_caller_verify_message(struct service_client *c
- {
- 
- 	return crypto_caller_common(context,id,alg,hash,hash_length,
--			signature,signature_length, TFM_CRYPTO_VERIFY_MESSAGE_SID);
-+			signature,signature_length, TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE_SID);
- }
- 
- #ifdef __cplusplus
--- 
-2.40.0
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch
deleted file mode 100644
index 5ed36faf..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch
+++ /dev/null
@@ -1,656 +0,0 @@
-From 355e9e1425bbe1d4f27eadf81b91ad047d7b42b5 Mon Sep 17 00:00:00 2001
-From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-Date: Thu, 9 Feb 2023 00:01:06 +0000
-Subject: [PATCH 5/6] TF-Mv1.7 alignment: Align crypto iovec definition
-
-This patch is to align psa_ipc_crypto_pack_iovec with TF-M v1.7
-And propagate changes accross psa_ipc functions
-More accuratly change sfn_id to function_id
-
-Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-Upstream-Status: Pending [Not submitted yet]
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../backend/psa_ipc/crypto_ipc_backend.h      | 34 +++++++++----------
- .../caller/psa_ipc/crypto_caller_aead.h       | 24 ++++++-------
- .../crypto_caller_asymmetric_decrypt.h        |  2 +-
- .../crypto_caller_asymmetric_encrypt.h        |  2 +-
- .../caller/psa_ipc/crypto_caller_cipher.h     | 14 ++++----
- .../caller/psa_ipc/crypto_caller_copy_key.h   |  2 +-
- .../psa_ipc/crypto_caller_destroy_key.h       |  2 +-
- .../caller/psa_ipc/crypto_caller_export_key.h |  2 +-
- .../psa_ipc/crypto_caller_export_public_key.h |  2 +-
- .../psa_ipc/crypto_caller_generate_key.h      |  2 +-
- .../psa_ipc/crypto_caller_generate_random.h   |  2 +-
- .../crypto_caller_get_key_attributes.h        |  2 +-
- .../caller/psa_ipc/crypto_caller_hash.h       | 12 +++----
- .../caller/psa_ipc/crypto_caller_import_key.h |  2 +-
- .../psa_ipc/crypto_caller_key_derivation.h    | 20 +++++------
- .../client/caller/psa_ipc/crypto_caller_mac.h | 12 +++----
- .../caller/psa_ipc/crypto_caller_purge_key.h  |  2 +-
- .../caller/psa_ipc/crypto_caller_sign_hash.h  |  4 +--
- .../psa_ipc/crypto_caller_verify_hash.h       |  4 +--
- 19 files changed, 73 insertions(+), 73 deletions(-)
-
-diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-index 678a35810d71..47243648a99f 100644
---- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-@@ -28,23 +28,23 @@ struct psa_ipc_crypto_aead_pack_input {
- };
- 
- struct psa_ipc_crypto_pack_iovec {
--	uint32_t sfn_id;             /*!< Secure function ID used to dispatch the
--				      *   request
--				      */
--	uint16_t step;               /*!< Key derivation step */
--	psa_key_id_t key_id;         /*!< Key id */
--	psa_algorithm_t alg;         /*!< Algorithm */
--	uint32_t op_handle;          /*!< Frontend context handle associated to a
--				      *   multipart operation
--				      */
--	uint32_t capacity;             /*!< Key derivation capacity */
--	uint32_t ad_length;            /*!< Additional Data length for multipart AEAD */
--	uint32_t plaintext_length;     /*!< Plaintext length for multipart AEAD */
--	struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for
--							    *   AEAD until the API is
--							    *   restructured
--							    */
--};
-+    psa_key_id_t key_id;     /*!< Key id */
-+    psa_algorithm_t alg;     /*!< Algorithm */
-+    uint32_t op_handle;      /*!< Frontend context handle associated to a
-+                              *   multipart operation
-+                              */
-+    uint32_t capacity;         /*!< Key derivation capacity */
-+    uint32_t ad_length;        /*!< Additional Data length for multipart AEAD */
-+    uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */
-+
-+    struct psa_ipc_crypto_aead_pack_input aead_in; /*!< Packs AEAD-related inputs */
-+
-+    uint16_t function_id;    /*!< Used to identify the function in the
-+                              *   API dispatcher to the service backend
-+                              *   See tfm_crypto_func_sid for detail
-+                              */
-+    uint16_t step;           /*!< Key derivation step */
-+}__packed;
- 
- #define iov_size sizeof(struct psa_ipc_crypto_pack_iovec)
- 
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-index 66a2bc958687..f63996a8aad3 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-@@ -44,7 +44,7 @@ static inline psa_status_t crypto_caller_aead_encrypt(
- 	size_t in_len;
- 	int i;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SID,
-+		.function_id = TFM_CRYPTO_AEAD_ENCRYPT_SID,
- 		.key_id = key,
- 		.alg = alg,
- 		.aead_in = { .nonce = {0}, .nonce_length = nonce_length },
-@@ -105,7 +105,7 @@ static inline psa_status_t crypto_caller_aead_decrypt(
- 	size_t in_len;
- 	int i;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SID,
-+		.function_id = TFM_CRYPTO_AEAD_DECRYPT_SID,
- 		.key_id = key,
- 		.alg = alg,
- 		.aead_in = { .nonce = {0}, .nonce_length = nonce_length },
-@@ -156,7 +156,7 @@ static inline psa_status_t crypto_caller_aead_encrypt_setup(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
-+		.function_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
- 		.key_id = key,
- 		.alg = alg,
- 		.op_handle = (*op_handle),
-@@ -186,7 +186,7 @@ static inline psa_status_t crypto_caller_aead_decrypt_setup(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
-+		.function_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
- 		.key_id = key,
- 		.alg = alg,
- 		.op_handle = (*op_handle),
-@@ -217,7 +217,7 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
-+		.function_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
- 		.op_handle = op_handle,
- 	};
- 
-@@ -248,7 +248,7 @@ static inline psa_status_t crypto_caller_aead_set_nonce(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
-+		.function_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
- 		.op_handle = op_handle,
- 	};
- 
-@@ -277,7 +277,7 @@ static inline psa_status_t crypto_caller_aead_set_lengths(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
-+		.function_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
- 		.ad_length = ad_length,
- 		.plaintext_length = plaintext_length,
- 		.op_handle = op_handle,
-@@ -307,7 +307,7 @@ static inline psa_status_t crypto_caller_aead_update_ad(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
-+		.function_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
- 		.op_handle = op_handle,
- 	};
- 
-@@ -349,7 +349,7 @@ static inline psa_status_t crypto_caller_aead_update(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID,
-+		.function_id = TFM_CRYPTO_AEAD_UPDATE_SID,
- 		.op_handle = op_handle,
- 	};
- 
-@@ -395,7 +395,7 @@ static inline psa_status_t crypto_caller_aead_finish(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_AEAD_FINISH_SID,
-+		.function_id = TFM_CRYPTO_AEAD_FINISH_SID,
- 		.op_handle = op_handle,
- 	};
- 
-@@ -448,7 +448,7 @@ static inline psa_status_t crypto_caller_aead_verify(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID,
-+		.function_id = TFM_CRYPTO_AEAD_VERIFY_SID,
- 		.op_handle = op_handle,
- 	};
- 
-@@ -494,7 +494,7 @@ static inline psa_status_t crypto_caller_aead_abort(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_AEAD_ABORT_SID,
-+		.function_id = TFM_CRYPTO_AEAD_ABORT_SID,
- 		.op_handle = op_handle,
- 	};
- 
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
-index d3e43b25f7e5..03682e7cdaa0 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
-@@ -38,7 +38,7 @@ static inline psa_status_t crypto_caller_asymmetric_decrypt(
- 	psa_status_t status;
- 	size_t in_len;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
-+		.function_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
- 		.key_id = id,
- 		.alg = alg,
- 	};
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
-index 124b088f94d8..60f5770e3a1e 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
-@@ -38,7 +38,7 @@ static inline psa_status_t crypto_caller_asymmetric_encrypt(
- 	psa_status_t status;
- 	size_t in_len;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
-+		.function_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
- 		.key_id = id,
- 		.alg = alg,
- 	};
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-index 8d906aeef2a0..4f885f3445ab 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_cipher_encrypt_setup(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
-+		.function_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
- 		.key_id = key,
- 		.alg = alg,
- 		.op_handle = *op_handle,
-@@ -62,7 +62,7 @@ static inline psa_status_t crypto_caller_cipher_decrypt_setup(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
-+		.function_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
- 		.key_id = key,
- 		.alg = alg,
- 		.op_handle = *op_handle,
-@@ -91,7 +91,7 @@ static inline psa_status_t crypto_caller_cipher_generate_iv(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID,
-+		.function_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID,
- 		.op_handle = op_handle,
- 	};
- 	struct psa_invec in_vec[] = {
-@@ -120,7 +120,7 @@ static inline psa_status_t crypto_caller_cipher_set_iv(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_CIPHER_SET_IV_SID,
-+		.function_id = TFM_CRYPTO_CIPHER_SET_IV_SID,
- 		.op_handle = op_handle,
- 	};
- 	struct psa_invec in_vec[] = {
-@@ -150,7 +150,7 @@ static inline psa_status_t crypto_caller_cipher_update(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_CIPHER_UPDATE_SID,
-+		.function_id = TFM_CRYPTO_CIPHER_UPDATE_SID,
- 		.op_handle = op_handle,
- 	};
- 	struct psa_invec in_vec[] = {
-@@ -181,7 +181,7 @@ static inline psa_status_t crypto_caller_cipher_finish(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_CIPHER_FINISH_SID,
-+		.function_id = TFM_CRYPTO_CIPHER_FINISH_SID,
- 		.op_handle = op_handle,
- 	};
- 	struct psa_invec in_vec[] = {
-@@ -208,7 +208,7 @@ static inline psa_status_t crypto_caller_cipher_abort(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_CIPHER_ABORT_SID,
-+		.function_id = TFM_CRYPTO_CIPHER_ABORT_SID,
- 		.op_handle = op_handle,
- 	};
- 	struct psa_invec in_vec[] = {
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
-index b2e57e1e7255..71cf4381dfe5 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
-@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_copy_key(struct service_client *context
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_COPY_KEY_SID,
-+		.function_id = TFM_CRYPTO_COPY_KEY_SID,
- 		.key_id = source_key,
- 	};
- 	struct psa_invec in_vec[] = {
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
-index 94a01580b482..85bd2b4cde97 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
-@@ -31,7 +31,7 @@ static inline psa_status_t crypto_caller_destroy_key(struct service_client *cont
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_DESTROY_KEY_SID,
-+		.function_id = TFM_CRYPTO_DESTROY_KEY_SID,
- 		.key_id = id,
- 	};
- 	struct psa_invec in_vec[] = {
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
-index b6dfda38bc23..5e9543085139 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
-@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_export_key(struct service_client *conte
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_EXPORT_KEY_SID,
-+		.function_id = TFM_CRYPTO_EXPORT_KEY_SID,
- 		.key_id = id,
- 	};
- 	struct psa_invec in_vec[] = {
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
-index d154db89bf0b..349dc6cb949c 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
-@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_export_public_key(struct service_client
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
-+		.function_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
- 		.key_id = id,
- 	};
- 	struct psa_invec in_vec[] = {
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
-index 41dc3a1806ec..31c6901ab88a 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
-@@ -32,7 +32,7 @@ static inline psa_status_t crypto_caller_generate_key(struct service_client *con
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_GENERATE_KEY_SID,
-+		.function_id = TFM_CRYPTO_GENERATE_KEY_SID,
- 	};
- 	struct psa_invec in_vec[] = {
- 		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
-index 50437327ec2a..ce51ded30b1f 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
-@@ -32,7 +32,7 @@ static inline psa_status_t crypto_caller_generate_random(struct service_client *
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_GENERATE_RANDOM_SID,
-+		.function_id = TFM_CRYPTO_GENERATE_RANDOM_SID,
- 	};
- 	struct psa_invec in_vec[] = {
- 		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
-index 3531bd06147f..ea90af7df782 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
-@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_get_key_attributes(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID,
-+		.function_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID,
- 		.key_id = key,
- 	};
- 	struct psa_invec in_vec[] = {
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-index f63e9812af6c..f7ffaf38c7d0 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_hash_setup(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_HASH_SETUP_SID,
-+		.function_id = TFM_CRYPTO_HASH_SETUP_SID,
- 		.alg = alg,
- 		.op_handle = *op_handle,
- 	};
-@@ -60,7 +60,7 @@ static inline psa_status_t crypto_caller_hash_update(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_HASH_UPDATE_SID,
-+		.function_id = TFM_CRYPTO_HASH_UPDATE_SID,
- 		.op_handle = op_handle,
- 	};
- 	struct psa_invec in_vec[] = {
-@@ -88,7 +88,7 @@ static inline psa_status_t crypto_caller_hash_finish(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_HASH_FINISH_SID,
-+		.function_id = TFM_CRYPTO_HASH_FINISH_SID,
- 		.op_handle = op_handle,
- 	};
- 	struct psa_invec in_vec[] = {
-@@ -115,7 +115,7 @@ static inline psa_status_t crypto_caller_hash_abort(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_HASH_ABORT_SID,
-+		.function_id = TFM_CRYPTO_HASH_ABORT_SID,
- 		.op_handle = op_handle,
- 	};
- 	struct psa_invec in_vec[] = {
-@@ -141,7 +141,7 @@ static inline psa_status_t crypto_caller_hash_verify(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_HASH_VERIFY_SID,
-+		.function_id = TFM_CRYPTO_HASH_VERIFY_SID,
- 		.op_handle = op_handle,
- 	};
- 	struct psa_invec in_vec[] = {
-@@ -167,7 +167,7 @@ static inline psa_status_t crypto_caller_hash_clone(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_HASH_CLONE_SID,
-+		.function_id = TFM_CRYPTO_HASH_CLONE_SID,
- 		.op_handle = source_op_handle,
- 	};
- 	struct psa_invec in_vec[] = {
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
-index 72a43c428adf..0c946a25488f 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
-@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_import_key(struct service_client *conte
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_IMPORT_KEY_SID,
-+		.function_id = TFM_CRYPTO_IMPORT_KEY_SID,
- 	};
- 	struct psa_invec in_vec[] = {
- 		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
-index cacadf09d2c4..8bc32977535d 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
-@@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_key_derivation_setup(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID,
-+		.function_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID,
- 		.alg = alg,
- 		.op_handle = *op_handle,
- 	};
-@@ -59,7 +59,7 @@ static inline psa_status_t crypto_caller_key_derivation_get_capacity(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID,
-+		.function_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID,
- 		.op_handle = op_handle,
- 	};
- 	struct psa_invec in_vec[] = {
-@@ -84,7 +84,7 @@ static inline psa_status_t crypto_caller_key_derivation_set_capacity(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID,
-+		.function_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID,
- 		.capacity = capacity,
- 		.op_handle = op_handle,
- 	};
-@@ -109,7 +109,7 @@ static inline psa_status_t crypto_caller_key_derivation_input_bytes(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID,
-+		.function_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID,
- 		.step = step,
- 		.op_handle = op_handle,
- 	};
-@@ -134,7 +134,7 @@ static inline psa_status_t crypto_caller_key_derivation_input_key(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
-+		.function_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
- 		.key_id = key,
- 		.step = step,
- 		.op_handle = op_handle,
-@@ -159,7 +159,7 @@ static inline psa_status_t crypto_caller_key_derivation_output_bytes(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID,
-+		.function_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID,
- 		.op_handle = op_handle,
- 	};
- 	struct psa_invec in_vec[] = {
-@@ -185,7 +185,7 @@ static inline psa_status_t crypto_caller_key_derivation_output_key(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID,
-+		.function_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID,
- 		.op_handle = op_handle,
- 	};
- 	struct psa_invec in_vec[] = {
-@@ -211,7 +211,7 @@ static inline psa_status_t crypto_caller_key_derivation_abort(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID,
-+		.function_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID,
- 		.op_handle = op_handle,
- 	};
- 	struct psa_invec in_vec[] = {
-@@ -239,7 +239,7 @@ static inline psa_status_t crypto_caller_key_derivation_key_agreement(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
-+		.function_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
- 		.key_id = private_key,
- 		.step = step,
- 		.op_handle = op_handle,
-@@ -270,7 +270,7 @@ static inline psa_status_t crypto_caller_raw_key_agreement(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
-+		.function_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
- 		.alg = alg,
- 		.key_id = private_key,
- 	};
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
-index a0092bfd94e7..596923387596 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
-@@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_mac_sign_setup(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID,
-+		.function_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID,
- 		.key_id = key,
- 		.alg = alg,
- 		.op_handle = *op_handle,
-@@ -62,7 +62,7 @@ static inline psa_status_t crypto_caller_mac_verify_setup(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
-+		.function_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
- 		.key_id = key,
- 		.alg = alg,
- 		.op_handle = *op_handle,
-@@ -90,7 +90,7 @@ static inline psa_status_t crypto_caller_mac_update(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_MAC_UPDATE_SID,
-+		.function_id = TFM_CRYPTO_MAC_UPDATE_SID,
- 		.op_handle = op_handle,
- 	};
- 	struct psa_invec in_vec[] = {
-@@ -118,7 +118,7 @@ static inline psa_status_t crypto_caller_mac_sign_finish(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID,
-+		.function_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID,
- 		.op_handle = op_handle,
- 	};
- 	struct psa_invec in_vec[] = {
-@@ -147,7 +147,7 @@ static inline psa_status_t crypto_caller_mac_verify_finish(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID,
-+		.function_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID,
- 		.op_handle = op_handle,
- 	};
- 	struct psa_invec in_vec[] = {
-@@ -172,7 +172,7 @@ static inline psa_status_t crypto_caller_mac_abort(
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_MAC_ABORT_SID,
-+		.function_id = TFM_CRYPTO_MAC_ABORT_SID,
- 		.op_handle = op_handle,
- 	};
- 	struct psa_invec in_vec[] = {
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
-index 36a01765b1a3..b5894e06d1ff 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
-@@ -31,7 +31,7 @@ static inline psa_status_t crypto_caller_purge_key(struct service_client *contex
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_PURGE_KEY_SID,
-+		.function_id = TFM_CRYPTO_PURGE_KEY_SID,
- 		.key_id = id,
- 	};
- 	struct psa_invec in_vec[] = {
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-index bebfe05c7c49..254ee5a90d89 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-@@ -37,7 +37,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID,
-+		.function_id = TFM_CRYPTO_ASYMMETRIC_SIGN_HASH_SID,
- 		.key_id = id,
- 		.alg = alg,
- 	};
-@@ -70,7 +70,7 @@ static inline psa_status_t crypto_caller_sign_message(struct service_client *con
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID,
-+		.function_id = TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE_SID,
- 		.key_id = id,
- 		.alg = alg,
- 	};
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-index d0a3850678cb..515f2a8da39f 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-@@ -31,13 +31,13 @@ static inline psa_status_t crypto_caller_common(struct service_client *context,
- 						     size_t hash_length,
- 						     const uint8_t *signature,
- 						     size_t signature_length,
--						     uint32_t sfn_id)
-+						     uint32_t function_id)
- {
- 	struct service_client *ipc = context;
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = sfn_id,
-+		.function_id = function_id,
- 		.key_id = id,
- 		.alg = alg,
- 	};
--- 
-2.40.0
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch
deleted file mode 100644
index 7a9bee6d..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch
+++ /dev/null
@@ -1,118 +0,0 @@
-From 507008e501c4f5bea0841547a052b3dffd86eb20 Mon Sep 17 00:00:00 2001
-From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-Date: Thu, 9 Feb 2023 00:34:23 +0000
-Subject: [PATCH 6/6] TF-Mv1.7 alignment: PSA crypto client in/out_vec
-
-Few psa crypto operations have different in/out_vec expectations
-This patch is fixing the differences between psa crypto client in TS
-and psa crypto service in TF-M running on the secure enclave
-
-operations:
-- aead_generate_nonce: TFM service doesn't expect op_handle in in_vec
-- aead_update: TFM service doesn't expect op_handle in in_vec
-- cipher_generate_iv: TFM service doesn't expect op_handle in in_vec
-- cipher_update: TFM service doesn't expect op_handle in in_vec
-- hash_clone: TFM service expects target_op_handle in the in_vec
-              rationale is target_op_handle according to the spec
-              must be initialized and not active. and since hash_clone
-              manipulates it. hence, target_op_handle should be passed
-              as input and output.
-
-Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-Upstream-Status: Pending [Not submitted yet]
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../crypto/client/caller/psa_ipc/crypto_caller_aead.h       | 6 ++----
- .../crypto/client/caller/psa_ipc/crypto_caller_cipher.h     | 6 ++----
- .../crypto/client/caller/psa_ipc/crypto_caller_hash.h       | 2 ++
- 3 files changed, 6 insertions(+), 8 deletions(-)
-
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-index f63996a8aad3..393ba447663a 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-@@ -226,14 +226,13 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
- 			.len = sizeof(struct psa_ipc_crypto_pack_iovec) },
- 	};
- 	struct psa_outvec out_vec[] = {
--		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
- 		{ .base = psa_ptr_to_u32(nonce), .len = nonce_size },
- 	};
- 
- 	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
- 			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
- 
--	*nonce_length = out_vec[1].len;
-+	*nonce_length = out_vec[0].len;
- 
- 	return status;
- }
-@@ -364,7 +363,6 @@ static inline psa_status_t crypto_caller_aead_update(
- 		{ .base = psa_ptr_const_to_u32(input), .len = input_length },
- 	};
- 	struct psa_outvec out_vec[] = {
--		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
- 		{ .base = psa_ptr_const_to_u32(output), .len = output_size },
- 	};
- 
-@@ -376,7 +374,7 @@ static inline psa_status_t crypto_caller_aead_update(
- 	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
- 			  in_len, out_vec, IOVEC_LEN(out_vec));
- 
--	*output_length = out_vec[1].len;
-+	*output_length = out_vec[0].len;
- 
- 	return status;
- }
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-index 4f885f3445ab..0d32444b6bbf 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-@@ -98,14 +98,13 @@ static inline psa_status_t crypto_caller_cipher_generate_iv(
- 		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
- 	};
- 	struct psa_outvec out_vec[] = {
--		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
- 		{ .base = psa_ptr_to_u32(iv), .len = iv_size },
- 	};
- 
- 	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
- 			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
- 
--	*iv_length = out_vec[1].len;
-+	*iv_length = out_vec[0].len;
- 
- 	return status;
- }
-@@ -158,14 +157,13 @@ static inline psa_status_t crypto_caller_cipher_update(
- 		{ .base = psa_ptr_const_to_u32(input), .len = input_length },
- 	};
- 	struct psa_outvec out_vec[] = {
--		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
- 		{ .base = psa_ptr_to_u32(output), .len = output_size },
- 	};
- 
- 	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
- 			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
- 
--	*output_length = out_vec[1].len;
-+	*output_length = out_vec[0].len;
- 
- 	return status;
- }
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-index f7ffaf38c7d0..77ef4ead1d03 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-@@ -172,6 +172,8 @@ static inline psa_status_t crypto_caller_hash_clone(
- 	};
- 	struct psa_invec in_vec[] = {
- 		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_to_u32(target_op_handle),
-+			.len = sizeof(uint32_t) },
- 	};
- 	struct psa_outvec out_vec[] = {
- 		{ .base = psa_ptr_to_u32(target_op_handle),
--- 
-2.40.0
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
index 17c957e2..e601539a 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
+++ b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
@@ -5,9 +5,6 @@ SRC_URI:append:corstone1000  = " \
     file://0001-Add-stub-capsule-update-service-components.patch;patchdir=../trusted-services \
     file://0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \
     file://0003-FMP-Support-in-Corstone1000.patch;patchdir=../trusted-services \
-    file://0004-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch;patchdir=../trusted-services \
-    file://0005-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch;patchdir=../trusted-services \
-    file://0006-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch;patchdir=../trusted-services \
     "
 
 
-- 
2.39.1.windows.1

[PATCH 13/16] arm/trusted-services: fix nanopb build error

[Gyorgy Szing]

The nanopb build step randomly fails in the yocto CI due to a race condition.
This change adds a patch file to disable parallel build for nanopb. This is a
temporary workaround and a proper fix will be up-streamed int he future.

Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
---
 ...Limit-nanopb-build-to-single-process.patch | 41 +++++++++++++++++++
 .../trusted-services/trusted-services-src.inc |  6 +++
 2 files changed, 47 insertions(+)
 create mode 100644 meta-arm/recipes-security/trusted-services/files/0001-Limit-nanopb-build-to-single-process.patch

diff --git a/meta-arm/recipes-security/trusted-services/files/0001-Limit-nanopb-build-to-single-process.patch b/meta-arm/recipes-security/trusted-services/files/0001-Limit-nanopb-build-to-single-process.patch
new file mode 100644
index 00000000..28e041bc
--- /dev/null
+++ b/meta-arm/recipes-security/trusted-services/files/0001-Limit-nanopb-build-to-single-process.patch
@@ -0,0 +1,41 @@
+From aca9f9ae26235e9da2bc9adef49f9f5578f3e1e7 Mon Sep 17 00:00:00 2001
+From: Gyorgy Szing <Gyorgy.Szing@arm.com>
+Date: Tue, 25 Apr 2023 15:03:46 +0000
+Subject: [PATCH 1/1] Limit nanopb build to single process
+
+Sometimes in yocto the nanopb build step fails. The reason seems
+to be a race condition. This fix disables parallel build as
+a workaround.
+
+Upstream-Status: Inappropriate [yocto specific]
+
+Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
+---
+ external/nanopb/nanopb.cmake | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/external/nanopb/nanopb.cmake b/external/nanopb/nanopb.cmake
+index 36465f61..94f8048c 100644
+--- a/external/nanopb/nanopb.cmake
++++ b/external/nanopb/nanopb.cmake
+@@ -65,6 +65,8 @@ if(TARGET stdlib::c)
+ 	unset_saved_properties(LIBC)
+ endif()
+ 
++set(_PROCESSOR_COUNT ${PROCESSOR_COUNT})
++set(PROCESSOR_COUNT 1)
+ include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED)
+ LazyFetch_MakeAvailable(DEP_NAME nanopb
+ 	FETCH_OPTIONS ${GIT_OPTIONS}
+@@ -73,6 +75,8 @@ LazyFetch_MakeAvailable(DEP_NAME nanopb
+ 	CACHE_FILE "${TS_ROOT}/external/nanopb/nanopb-init-cache.cmake.in"
+ 	SOURCE_DIR "${NANOPB_SOURCE_DIR}"
+   )
++set(PROCESSOR_COUNT ${_PROCESSOR_COUNT})
++
+ unset(_cmake_fragment)
+ 
+ if(TARGET stdlib::c)
+-- 
+2.34.1
+
diff --git a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
index c3ab7867..34827e5d 100644
--- a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
+++ b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
@@ -5,6 +5,12 @@ LICENSE = "Apache-2.0 & BSD-3-Clause & BSD-2-Clause & Zlib"
 SRC_URI = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https;branch=integration;name=trusted-services;destsuffix=git/trusted-services \
 "
 
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+
+SRC_URI:append = "\
+	file://0001-Limit-nanopb-build-to-single-process.patch \
+"
+
 #Latest on 2023 April 25
 SRCREV="0d292e7c879076ea36cc39e30e0ac930b71e8cd8"
 LIC_FILES_CHKSUM = "file://${S}/license.rst;md5=ea160bac7f690a069c608516b17997f4"
-- 
2.39.1.windows.1

[PATCH 14/16] optee-os: unblock NWd interrupts

[Gyorgy Szing]

Update Trusted Services and backport an OP-TEE update which allows
interrupting the SPs by NWd interrupts. This solves the kernel stall
problems which are due to long cryptographic operations being executed
in the SWd.

Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
---
 ...re-spmc-handle-non-secure-interrupts.patch | 279 ++++++++++++++++++
 ...ure-SP-s-NS-interrupt-action-based-o.patch | 150 ++++++++++
 .../recipes-security/optee/optee-os_3.20.0.bb |   2 +
 .../trusted-services/trusted-services-src.inc |   4 +-
 4 files changed, 433 insertions(+), 2 deletions(-)
 create mode 100644 meta-arm/recipes-security/optee/optee-os-3.20.0/0007-core-spmc-handle-non-secure-interrupts.patch
 create mode 100644 meta-arm/recipes-security/optee/optee-os-3.20.0/0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch

diff --git a/meta-arm/recipes-security/optee/optee-os-3.20.0/0007-core-spmc-handle-non-secure-interrupts.patch b/meta-arm/recipes-security/optee/optee-os-3.20.0/0007-core-spmc-handle-non-secure-interrupts.patch
new file mode 100644
index 00000000..a0377aba
--- /dev/null
+++ b/meta-arm/recipes-security/optee/optee-os-3.20.0/0007-core-spmc-handle-non-secure-interrupts.patch
@@ -0,0 +1,279 @@
+From f4b4f5bccc1be9a709008cc8e6107302745796c8 Mon Sep 17 00:00:00 2001
+From: Imre Kis <imre.kis@arm.com>
+Date: Tue, 18 Apr 2023 16:41:51 +0200
+Subject: [PATCH] core: spmc: handle non-secure interrupts
+
+Add FFA_INTERRUPT and FFA_RUN support for signaling non-secure
+interrupts and for resuming to the secure world. If a secure partition
+is preempted by a non-secure interrupt OP-TEE saves the SP's state and
+sends an FFA_INTERRUPT to the normal world. After handling the interrupt
+the normal world should send an FFA_RUN to OP-TEE so it can continue
+running the SP.
+If OP-TEE is the active FF-A endpoint (i.e. it is running TAs) the
+non-secure interrupts are signaled by the existing
+OPTEE_FFA_YIELDING_CALL_RETURN_INTERRUPT message instead of
+FFA_INTERRUPT.
+
+Upstream-Status: Pending
+
+Signed-off-by: Imre Kis <imre.kis@arm.com>
+Change-Id: I577ebe86d416ee494963216a66a3bfc8206921b4
+
+---
+ core/arch/arm/include/ffa.h                   |  2 +-
+ .../arch/arm/include/kernel/spmc_sp_handler.h | 11 +++++++
+ core/arch/arm/kernel/secure_partition.c       | 17 ++++++++++
+ core/arch/arm/kernel/spmc_sp_handler.c        | 26 ++++++++++++++++
+ core/arch/arm/kernel/thread.c                 |  7 +++++
+ core/arch/arm/kernel/thread_spmc.c            | 31 ++++++++++++++++++-
+ core/arch/arm/kernel/thread_spmc_a64.S        | 30 ++++++++++++++++++
+ 7 files changed, 122 insertions(+), 2 deletions(-)
+
+diff --git a/core/arch/arm/include/ffa.h b/core/arch/arm/include/ffa.h
+index 5a19fb0c..b3d1d354 100644
+--- a/core/arch/arm/include/ffa.h
++++ b/core/arch/arm/include/ffa.h
+@@ -50,7 +50,7 @@
+ #define FFA_ID_GET			U(0x84000069)
+ #define FFA_MSG_WAIT			U(0x8400006B)
+ #define FFA_MSG_YIELD			U(0x8400006C)
+-#define FFA_MSG_RUN			U(0x8400006D)
++#define FFA_RUN				U(0x8400006D)
+ #define FFA_MSG_SEND			U(0x8400006E)
+ #define FFA_MSG_SEND_DIRECT_REQ_32	U(0x8400006F)
+ #define FFA_MSG_SEND_DIRECT_REQ_64	U(0xC400006F)
+diff --git a/core/arch/arm/include/kernel/spmc_sp_handler.h b/core/arch/arm/include/kernel/spmc_sp_handler.h
+index f5bda7bf..30c1e469 100644
+--- a/core/arch/arm/include/kernel/spmc_sp_handler.h
++++ b/core/arch/arm/include/kernel/spmc_sp_handler.h
+@@ -25,6 +25,8 @@ void spmc_sp_start_thread(struct thread_smc_args *args);
+ int spmc_sp_add_share(struct ffa_rxtx *rxtx,
+ 		      size_t blen, uint64_t *global_handle,
+ 		      struct sp_session *owner_sp);
++void spmc_sp_set_to_preempted(struct ts_session *ts_sess);
++int spmc_sp_resume_from_preempted(uint16_t endpoint_id);
+ #else
+ static inline void spmc_sp_start_thread(struct thread_smc_args *args __unused)
+ {
+@@ -37,6 +39,15 @@ static inline int spmc_sp_add_share(struct ffa_rxtx *rxtx __unused,
+ {
+ 	return FFA_NOT_SUPPORTED;
+ }
++
++static inline void spmc_sp_set_to_preempted(struct ts_session *ts_sess __unused)
++{
++}
++
++static inline int spmc_sp_resume_from_preempted(uint16_t endpoint_id __unused)
++{
++	return FFA_NOT_SUPPORTED;
++}
+ #endif
+ 
+ #endif /* __KERNEL_SPMC_SP_HANDLER_H */
+diff --git a/core/arch/arm/kernel/secure_partition.c b/core/arch/arm/kernel/secure_partition.c
+index 1d36e90b..6e351e43 100644
+--- a/core/arch/arm/kernel/secure_partition.c
++++ b/core/arch/arm/kernel/secure_partition.c
+@@ -999,6 +999,8 @@ static TEE_Result sp_enter_invoke_cmd(struct ts_session *s,
+ 	struct sp_session *sp_s = to_sp_session(s);
+ 	struct ts_session *sess = NULL;
+ 	struct thread_ctx_regs *sp_regs = NULL;
++	uint32_t thread_id = THREAD_ID_INVALID;
++	uint32_t rpc_target_info = 0;
+ 	uint32_t panicked = false;
+ 	uint32_t panic_code = 0;
+ 
+@@ -1011,8 +1013,23 @@ static TEE_Result sp_enter_invoke_cmd(struct ts_session *s,
+ 	sp_regs->cpsr = read_daif() & (SPSR_64_DAIF_MASK << SPSR_64_DAIF_SHIFT);
+ 
+ 	exceptions = thread_mask_exceptions(THREAD_EXCP_ALL);
++
++	/*
++	 * Store endpoint ID and thread ID in rpc_target_info. This will be used
++	 * as w1 in FFA_INTERRUPT in case of a NWd interrupt.
++	 */
++	rpc_target_info = thread_get_tsd()->rpc_target_info;
++	thread_id = thread_get_id();
++	assert((thread_id & ~0xffff) == 0);
++	thread_get_tsd()->rpc_target_info = (sp_s->endpoint_id << 16) |
++					    (thread_id & 0xffff);
++
+ 	__thread_enter_user_mode(sp_regs, &panicked, &panic_code);
++
+ 	sp_regs->cpsr = cpsr;
++	/* Restore rpc_target_info */
++	thread_get_tsd()->rpc_target_info = rpc_target_info;
++
+ 	thread_unmask_exceptions(exceptions);
+ 
+ 	thread_user_clear_vfp(&ctx->uctx);
+diff --git a/core/arch/arm/kernel/spmc_sp_handler.c b/core/arch/arm/kernel/spmc_sp_handler.c
+index 5d3326fc..f4c7ff81 100644
+--- a/core/arch/arm/kernel/spmc_sp_handler.c
++++ b/core/arch/arm/kernel/spmc_sp_handler.c
+@@ -366,6 +366,32 @@ cleanup:
+ 	return res;
+ }
+ 
++void spmc_sp_set_to_preempted(struct ts_session *ts_sess)
++{
++	if (ts_sess && is_sp_ctx(ts_sess->ctx)) {
++		struct sp_session *sp_sess = to_sp_session(ts_sess);
++
++		assert(sp_sess->state == sp_busy);
++
++		sp_sess->state = sp_preempted;
++	}
++}
++
++int spmc_sp_resume_from_preempted(uint16_t endpoint_id)
++{
++	struct sp_session *sp_sess = sp_get_session(endpoint_id);
++
++	if (!sp_sess)
++		return FFA_INVALID_PARAMETERS;
++
++	if (sp_sess->state != sp_preempted)
++		return FFA_DENIED;
++
++	sp_sess->state = sp_busy;
++
++	return FFA_OK;
++}
++
+ static bool check_rxtx(struct ffa_rxtx *rxtx)
+ {
+ 	return rxtx && rxtx->rx && rxtx->tx && rxtx->size > 0;
+diff --git a/core/arch/arm/kernel/thread.c b/core/arch/arm/kernel/thread.c
+index 1e7f9f96..8cd4dc96 100644
+--- a/core/arch/arm/kernel/thread.c
++++ b/core/arch/arm/kernel/thread.c
+@@ -531,6 +531,13 @@ int thread_state_suspend(uint32_t flags, uint32_t cpsr, vaddr_t pc)
+ 		core_mmu_set_user_map(NULL);
+ 	}
+ 
++	if (IS_ENABLED(CFG_SECURE_PARTITION)) {
++		struct ts_session *ts_sess =
++			TAILQ_FIRST(&threads[ct].tsd.sess_stack);
++
++		spmc_sp_set_to_preempted(ts_sess);
++	}
++
+ 	l->curr_thread = THREAD_ID_INVALID;
+ 
+ 	if (IS_ENABLED(CFG_VIRTUALIZATION))
+diff --git a/core/arch/arm/kernel/thread_spmc.c b/core/arch/arm/kernel/thread_spmc.c
+index 3b4ac0b4..bc4e7687 100644
+--- a/core/arch/arm/kernel/thread_spmc.c
++++ b/core/arch/arm/kernel/thread_spmc.c
+@@ -45,7 +45,7 @@ struct mem_frag_state {
+ #endif
+ 
+ /* Initialized in spmc_init() below */
+-static uint16_t my_endpoint_id;
++uint16_t my_endpoint_id;
+ 
+ /*
+  * If struct ffa_rxtx::size is 0 RX/TX buffers are not mapped or initialized.
+@@ -437,6 +437,32 @@ out:
+ 		      FFA_PARAM_MBZ, FFA_PARAM_MBZ);
+ 	cpu_spin_unlock(&rxtx->spinlock);
+ }
++
++static void spmc_handle_run(struct thread_smc_args *args)
++{
++	uint16_t endpoint = (args->a1 >> 16) & 0xffff;
++	uint16_t thread_id = (args->a1 & 0xffff);
++	uint32_t rc = 0;
++
++	if (endpoint != my_endpoint_id) {
++		/*
++		 * The endpoint should be an SP, try to resume the SP from
++		 * preempted into busy state.
++		 */
++		rc = spmc_sp_resume_from_preempted(endpoint);
++		if (rc)
++			goto out;
++	}
++
++	thread_resume_from_rpc(thread_id, 0, 0, 0, 0);
++
++	/* thread_resume_from_rpc return only of the thread_id is invalid */
++	rc = FFA_INVALID_PARAMETERS;
++
++out:
++	spmc_set_args(args, FFA_ERROR, FFA_PARAM_MBZ, rc, FFA_PARAM_MBZ,
++		      FFA_PARAM_MBZ, FFA_PARAM_MBZ);
++}
+ #endif /*CFG_CORE_SEL1_SPMC*/
+ 
+ static void handle_yielding_call(struct thread_smc_args *args)
+@@ -970,6 +996,9 @@ void thread_spmc_msg_recv(struct thread_smc_args *args)
+ 	case FFA_PARTITION_INFO_GET:
+ 		spmc_handle_partition_info_get(args, &nw_rxtx);
+ 		break;
++	case FFA_RUN:
++		spmc_handle_run(args);
++		break;
+ #endif /*CFG_CORE_SEL1_SPMC*/
+ 	case FFA_INTERRUPT:
+ 		itr_core_handler();
+diff --git a/core/arch/arm/kernel/thread_spmc_a64.S b/core/arch/arm/kernel/thread_spmc_a64.S
+index 21cb6251..7297005a 100644
+--- a/core/arch/arm/kernel/thread_spmc_a64.S
++++ b/core/arch/arm/kernel/thread_spmc_a64.S
+@@ -14,6 +14,20 @@
+ #include <kernel/thread.h>
+ #include <optee_ffa.h>
+ 
++#if CFG_SECURE_PARTITION
++LOCAL_FUNC thread_ffa_interrupt , :
++	mov_imm	x0, FFA_INTERRUPT		/* FID */
++	/* X1: Endpoint/vCPU IDs is set by caller */
++	mov	x2, #FFA_PARAM_MBZ		/* Param MBZ */
++	mov	x3, #FFA_PARAM_MBZ		/* Param MBZ */
++	mov	x4, #FFA_PARAM_MBZ		/* Param MBZ */
++	mov	x5, #FFA_PARAM_MBZ		/* Param MBZ */
++	mov	x6, #FFA_PARAM_MBZ		/* Param MBZ */
++	mov	x7, #FFA_PARAM_MBZ		/* Param MBZ */
++	b	.ffa_msg_loop
++END_FUNC thread_ffa_msg_wait
++#endif /* CFG_SECURE_PARTITION */
++
+ FUNC thread_ffa_msg_wait , :
+ 	mov_imm	x0, FFA_MSG_WAIT		/* FID */
+ 	mov	x1, #FFA_TARGET_INFO_MBZ	/* Target info MBZ */
+@@ -171,6 +185,14 @@ END_FUNC thread_rpc
+  * The current thread as indicated by @thread_index has just been
+  * suspended.  The job here is just to inform normal world the thread id to
+  * resume when returning.
++ * If the active FF-A endpoint is OP-TEE (or a TA) then an this function send an
++ * OPTEE_FFA_YIELDING_CALL_RETURN_INTERRUPT message to the normal world via the
++ * FFA_MSG_SEND_DIRECT_RESP interface. This is handled by the OP-TEE
++ * driver in Linux so it can schedule task to the thread.
++ * If the active endpoint is an SP the function sends an FFA_INTERRUPT. This is
++ * handled by the FF-A driver and after taking care of the NWd interrupts it
++ * returns via an FFA_RUN call.
++ * The active endpoint is determined by the upper 16 bits of rpc_target_info.
+  */
+ FUNC thread_foreign_intr_exit , :
+ 	/* load threads[w0].tsd.rpc_target_info into w1 */
+@@ -178,6 +200,14 @@ FUNC thread_foreign_intr_exit , :
+ 	adr_l	x2, threads
+ 	madd	x1, x1, x0, x2
+ 	ldr	w1, [x1, #THREAD_CTX_TSD_RPC_TARGET_INFO]
++#if CFG_SECURE_PARTITION
++	adr_l	x2, my_endpoint_id
++	ldrh	w2, [x2]
++	lsr	w3, w1, #16
++	cmp	w2, w3
++	/* (threads[w0].tsd.rpc_target_info >> 16) != my_endpoint_id */
++	bne	thread_ffa_interrupt
++#endif /* CFG_SECURE_PARTITION */
+ 	mov	x2, #FFA_PARAM_MBZ
+ 	mov	w3, #FFA_PARAM_MBZ
+ 	mov	w4, #OPTEE_FFA_YIELDING_CALL_RETURN_INTERRUPT
+
+-- 
+2.17.1
diff --git a/meta-arm/recipes-security/optee/optee-os-3.20.0/0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch b/meta-arm/recipes-security/optee/optee-os-3.20.0/0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch
new file mode 100644
index 00000000..32e56068
--- /dev/null
+++ b/meta-arm/recipes-security/optee/optee-os-3.20.0/0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch
@@ -0,0 +1,150 @@
+From cad33cffb5be17fc0654aaf03c4d5227ae682e7a Mon Sep 17 00:00:00 2001
+From: Imre Kis <imre.kis@arm.com>
+Date: Tue, 25 Apr 2023 14:19:14 +0200
+Subject: [PATCH] core: spmc: configure SP's NS interrupt action based on
+ the manifest
+
+Used mandatory ns-interrupts-action SP manifest property to configure
+signaled or queued non-secure interrupt handling.
+
+Upstream-Status: Pending
+
+Signed-off-by: Imre Kis <imre.kis@arm.com>
+Change-Id: I843e69e5dbb9613ecd8b95654e8ca1730a594ca6
+---
+ .../arm/include/kernel/secure_partition.h     |  2 +
+ core/arch/arm/kernel/secure_partition.c       | 66 +++++++++++++++++--
+ 2 files changed, 63 insertions(+), 5 deletions(-)
+
+diff --git a/core/arch/arm/include/kernel/secure_partition.h b/core/arch/arm/include/kernel/secure_partition.h
+index 290750936..3bf339d3c 100644
+--- a/core/arch/arm/include/kernel/secure_partition.h
++++ b/core/arch/arm/include/kernel/secure_partition.h
+@@ -43,6 +43,8 @@ struct sp_session {
+ 	unsigned int spinlock;
+ 	const void *fdt;
+ 	bool is_initialized;
++	uint32_t ns_interrupts_action;
++	uint32_t ns_interrupts_action_inherited;
+ 	TAILQ_ENTRY(sp_session) link;
+ };
+ 
+diff --git a/core/arch/arm/kernel/secure_partition.c b/core/arch/arm/kernel/secure_partition.c
+index 52365553b..e54069c17 100644
+--- a/core/arch/arm/kernel/secure_partition.c
++++ b/core/arch/arm/kernel/secure_partition.c
+@@ -46,6 +46,10 @@
+ 					 SP_MANIFEST_ATTR_WRITE | \
+ 					 SP_MANIFEST_ATTR_EXEC)
+ 
++#define SP_MANIFEST_NS_INT_QUEUED	(0x0)
++#define SP_MANIFEST_NS_INT_MANAGED_EXIT	(0x1)
++#define SP_MANIFEST_NS_INT_SIGNALED	(0x2)
++
+ #define SP_PKG_HEADER_MAGIC (0x474b5053)
+ #define SP_PKG_HEADER_VERSION_V1 (0x1)
+ #define SP_PKG_HEADER_VERSION_V2 (0x2)
+@@ -907,6 +911,30 @@ static TEE_Result sp_init_uuid(const TEE_UUID *uuid, const void * const fdt)
+ 		return res;
+ 	DMSG("endpoint is 0x%"PRIx16, sess->endpoint_id);
+ 
++	res = sp_dt_get_u32(fdt, 0, "ns-interrupts-action",
++			    &sess->ns_interrupts_action);
++
++	if (res) {
++		EMSG("Mandatory property is missing: ns-interrupts-action");
++		return res;
++	}
++
++	switch (sess->ns_interrupts_action) {
++	case SP_MANIFEST_NS_INT_QUEUED:
++	case SP_MANIFEST_NS_INT_SIGNALED:
++		/* OK */
++		break;
++
++	case SP_MANIFEST_NS_INT_MANAGED_EXIT:
++		EMSG("Managed exit is not implemented");
++		return TEE_ERROR_NOT_IMPLEMENTED;
++
++	default:
++		EMSG("Invalid ns-interrupts-action value: %d",
++		     sess->ns_interrupts_action);
++		return TEE_ERROR_BAD_PARAMETERS;
++	}
++
+ 	return TEE_SUCCESS;
+ }
+ 
+@@ -989,17 +1017,45 @@ TEE_Result sp_enter(struct thread_smc_args *args, struct sp_session *sp)
+ 	return res;
+ }
+ 
++/*
++ * According to FF-A v1.1 section 8.3.1.4 if a caller requires less permissive
++ * active on NS interrupt than the callee, the callee must inherit the caller's
++ * configuration.
++ * Each SP's own NS action setting is stored in ns_interrupts_action. The
++ * effective action will be MIN([self action], [caller's action]) which is
++ * stored in the ns_interrupts_action_inherited field.
++ */
++static void sp_cpsr_configure_foreing_interrupts(struct sp_session *s,
++						 struct ts_session *caller,
++						 uint64_t *cpsr)
++{
++	if (caller) {
++		struct sp_session *caller_sp = to_sp_session(caller);
++
++		s->ns_interrupts_action_inherited =
++			MIN(caller_sp->ns_interrupts_action_inherited,
++			    s->ns_interrupts_action);
++	} else {
++		s->ns_interrupts_action_inherited = s->ns_interrupts_action;
++	}
++
++	if (s->ns_interrupts_action_inherited == SP_MANIFEST_NS_INT_QUEUED)
++		*cpsr |= (THREAD_EXCP_FOREIGN_INTR << ARM32_CPSR_F_SHIFT);
++	else
++		*cpsr &= ~(THREAD_EXCP_FOREIGN_INTR << ARM32_CPSR_F_SHIFT);
++}
++
+ static TEE_Result sp_enter_invoke_cmd(struct ts_session *s,
+ 				      uint32_t cmd __unused)
+ {
+ 	struct sp_ctx *ctx = to_sp_ctx(s->ctx);
+ 	TEE_Result res = TEE_SUCCESS;
+ 	uint32_t exceptions = 0;
+-	uint64_t cpsr = 0;
+ 	struct sp_session *sp_s = to_sp_session(s);
+ 	struct ts_session *sess = NULL;
+ 	struct thread_ctx_regs *sp_regs = NULL;
+ 	uint32_t thread_id = THREAD_ID_INVALID;
++	struct ts_session *caller = NULL;
+ 	uint32_t rpc_target_info = 0;
+ 	uint32_t panicked = false;
+ 	uint32_t panic_code = 0;
+@@ -1009,11 +1065,12 @@ static TEE_Result sp_enter_invoke_cmd(struct ts_session *s,
+ 	sp_regs = &ctx->sp_regs;
+ 	ts_push_current_session(s);
+ 
+-	cpsr = sp_regs->cpsr;
+-	sp_regs->cpsr = read_daif() & (SPSR_64_DAIF_MASK << SPSR_64_DAIF_SHIFT);
+-
+ 	exceptions = thread_mask_exceptions(THREAD_EXCP_ALL);
+ 
++	/* Enable/disable foreign interrupts in CPSR/SPSR */
++	caller = ts_get_calling_session();
++	sp_cpsr_configure_foreing_interrupts(sp_s, caller, &sp_regs->cpsr);
++
+ 	/*
+ 	 * Store endpoint ID and thread ID in rpc_target_info. This will be used
+ 	 * as w1 in FFA_INTERRUPT in case of a NWd interrupt.
+@@ -1026,7 +1083,6 @@ static TEE_Result sp_enter_invoke_cmd(struct ts_session *s,
+ 
+ 	__thread_enter_user_mode(sp_regs, &panicked, &panic_code);
+ 
+-	sp_regs->cpsr = cpsr;
+ 	/* Restore rpc_target_info */
+ 	thread_get_tsd()->rpc_target_info = rpc_target_info;
+ 
+-- 
+2.17.1
diff --git a/meta-arm/recipes-security/optee/optee-os_3.20.0.bb b/meta-arm/recipes-security/optee/optee-os_3.20.0.bb
index 661a807d..2d4d6d6d 100644
--- a/meta-arm/recipes-security/optee/optee-os_3.20.0.bb
+++ b/meta-arm/recipes-security/optee/optee-os_3.20.0.bb
@@ -9,5 +9,7 @@ SRC_URI:append = " \
     file://0004-core-Define-section-attributes-for-clang.patch \
     file://0005-core-arm-S-EL1-SPMC-boot-ABI-update.patch \
     file://0006-core-ffa-add-TOS_FW_CONFIG-handling.patch \
+    file://0007-core-spmc-handle-non-secure-interrupts.patch \
+    file://0008-core-spmc-configure-SP-s-NS-interrupt-action-based-o.patch \
    "
 EXTRA_OEMAKE += " CFG_MAP_EXT_DT_SECURE=y"
diff --git a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
index 34827e5d..2bb4a8a1 100644
--- a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
+++ b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
@@ -11,8 +11,8 @@ SRC_URI:append = "\
 	file://0001-Limit-nanopb-build-to-single-process.patch \
 "
 
-#Latest on 2023 April 25
-SRCREV="0d292e7c879076ea36cc39e30e0ac930b71e8cd8"
+#Latest on 2023 April 28
+SRCREV="08b3d39471f4914186bd23793dc920e83b0e3197"
 LIC_FILES_CHKSUM = "file://${S}/license.rst;md5=ea160bac7f690a069c608516b17997f4"
 
 S = "${WORKDIR}/git/trusted-services"
-- 
2.39.1.windows.1

[PATCH 15/16] arm-bps/corstone1000: setup trusted service proxy configuration

[Gyorgy Szing]

From: Rui Miguel Silva <rui.silva@linaro.org>

Make sure we setup the new variable for the configuration
of the SE-Proxy service for our machine. This will trigger
the right configuration building trusted services and all
psa-arch test pass as before.

Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
 meta-arm-bsp/conf/machine/include/corstone1000.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-arm-bsp/conf/machine/include/corstone1000.inc b/meta-arm-bsp/conf/machine/include/corstone1000.inc
index 3915d18b..198c7ec8 100644
--- a/meta-arm-bsp/conf/machine/include/corstone1000.inc
+++ b/meta-arm-bsp/conf/machine/include/corstone1000.inc
@@ -43,6 +43,7 @@ OPTEE_BINARY = "tee-pager_v2.bin"
 # Include smm-gateway and se-proxy SPs into optee-os binary
 MACHINE_FEATURES += "ts-smm-gateway ts-se-proxy"
 TS_PLATFORM = "arm/corstone1000"
+TS_SP_SE_PROXY_CONFIG = "corstone1000"
 
 # External System(Cortex-M3)
 EXTRA_IMAGEDEPENDS += "external-system"
-- 
2.39.1.windows.1

[PATCH 16/16] CI: Platform specific Trusted Services config

[Gyorgy Szing]

From: Adam Johnston <adam.johnston@arm.com>

Split trusted-services.xml into qemuarm64-secureboot-ts.yml and
n1sdp-ts.yml as collection of Trusted Services which can be tested on
each platform has diverged.

Signed-off-by: Adam Johnston <adam.johnston@arm.com>
---
 .gitlab-ci.yml                                     |  4 ++--
 ci/n1sdp-ts.yml                                    | 14 ++++++++++++++
 ...ed-services.yml => qemuarm64-secureboot-ts.yml} |  0
 3 files changed, 16 insertions(+), 2 deletions(-)
 create mode 100644 ci/n1sdp-ts.yml
 rename ci/{trusted-services.yml => qemuarm64-secureboot-ts.yml} (100%)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index df1f0f5a..4ee75fcc 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -150,7 +150,7 @@ n1sdp:
   parallel:
     matrix:
       - TOOLCHAINS: [gcc, armgcc]
-        TS: [none, trusted-services]
+        TS: [none, n1sdp-ts]
 
 qemu-generic-arm64:
   extends: .build
@@ -167,7 +167,7 @@ qemuarm64-secureboot:
       - KERNEL: [linux-yocto, linux-yocto-dev, linux-yocto-rt]
         TOOLCHAINS: [gcc, clang]
         TCLIBC: [glibc, musl]
-        TS: [none, trusted-services]
+        TS: [none, qemuarm64-secureboot-ts]
         TESTING: testimage
 
 qemuarm64:
diff --git a/ci/n1sdp-ts.yml b/ci/n1sdp-ts.yml
new file mode 100644
index 00000000..e8e9298d
--- /dev/null
+++ b/ci/n1sdp-ts.yml
@@ -0,0 +1,14 @@
+header:
+  version: 11
+  includes:
+    - ci/meta-openembedded.yml
+
+local_conf_header:
+  trusted_services: |
+    TEST_SUITES:append = " trusted_services"
+    # Include TS Crypto, TS Protected Storage, TS Internal and Trusted Storage SPs into optee-os image
+    MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its"
+    # Include TS demo/test tools into image
+    IMAGE_INSTALL:append = " packagegroup-ts-tests"
+    # Include TS PSA Arch tests into image
+    IMAGE_INSTALL:append = " packagegroup-ts-tests-psa"
diff --git a/ci/trusted-services.yml b/ci/qemuarm64-secureboot-ts.yml
similarity index 100%
rename from ci/trusted-services.yml
rename to ci/qemuarm64-secureboot-ts.yml
-- 
2.39.1.windows.1

Re: [PATCH 01/16] arm/trusted-services: update TS version

[Jon Mason]

On Fri, 19 May 2023 13:23:45 +0200, Gyorgy Szing wrote:
> This change updates to latest available version of Trusted Services.
> List of changes:
>   - adapt SP recipes to file structure changes and support for
>     "configurations". In TS each SP can be built in various different
>     setups to allow adapting to platform and integration specific
>     differences.
>   - MbedTLS dependency has been updated to v3.3.0.
>       - This needs new python dependencies are required in the build
>         environment.
>       - psa-acs was updated to a matching version.
>       - do_patch() has been updated to support the MbedTLS patch added
>         in TS.
>   - Update TS dependency patching method to use git instead of patch.
>   - Downgrade nanopb to match up-stream dependency version.

Applied, thanks!

[01/16] arm/trusted-services: update TS version
        commit: cad1cc154f795739ff9b5a32397ab6b4301f0093
[02/16] optee-os: remove v3.18 pin of OP-TEE on qemuarm64-secureboot
        commit: c5df0d9acddab09a3b05e075c85a349edcca7f92
[03/16] arm/oeqa: Make ts-service-test config match selected SPs
        commit: e0c451ffd2510c19bf52c4fdcfeea372e9990643
[04/16] optee-os: Add support for TOS_FW_CONFIG on qemu
        commit: b81642c5f8566a947a13ccb3ef135157b1842449
[05/16] arm/trusted-firmware-a: Add TOS_FW_CONFIG handling for quemu
        commit: 260b3357865ed9250c473a01aed40164e2301067
[06/16] optee-test: backport SWd ABI compatibility changes
        commit: 73d9318f0b157021a5d51f7cf435a3713a5ed594
[07/16] optee-os: enable SPMC test
        commit: cad5dd0f8f67f3db23dc5e71703f8188190122e0
[08/16] arm/oeqa: enable OP-TEE SPMC tests
        commit: a13b63f9ea04eb5500b706b0421cfed6e293d634
[09/16] arm-bsp/trusted-services:corstone1000: remove already merged patches
        commit: 6e0f3be575c6452f3810e0154d8c185801317bef
[10/16] trusted-services: update documentation
        commit: eaac633fa64a0bc87e9175461c6d073dd8b7b4ee
[11/16] arm/trusted-services: disable psa-iat on qemuarm64-secureboot
        commit: bcb0a72c93c60b89f1815b3c1921649323acb032
[12/16] arm-bsp/trusted-services: remove merged patches for corstone1000
        commit: c3cc9cfbf788c88a80209da1046af4a4d917e50b
[13/16] arm/trusted-services: fix nanopb build error
        commit: 1f2ab563d159a7150511234865fd54838e2672ea
[14/16] optee-os: unblock NWd interrupts
        commit: 78d9aafa2ab27dda70d524c614e2d86f08d5e29f
[15/16] arm-bps/corstone1000: setup trusted service proxy configuration
        commit: bd8d017051b9f160c6bb041650a24fa527a7045f
[16/16] CI: Platform specific Trusted Services config
        commit: c1a7dd5eda419109b179af6cbf93cb0dac2f7ae3

Best regards,
-- 
Jon Mason <jon.mason@arm.com>

Re: [meta-arm] [PATCH 01/16] arm/trusted-services: update TS version

[Denys Dmytriyenko]

I would like to propose reverting this series ASAP due to the breakage caused 
to downstream layers and platforms.


On Fri, May 19, 2023 at 01:23:45PM +0200, Gyorgy Szing wrote:
> This change updates to latest available version of Trusted Services.
> List of changes:
>   - adapt SP recipes to file structure changes and support for
>     "configurations". In TS each SP can be built in various different
>     setups to allow adapting to platform and integration specific
>     differences.
>   - MbedTLS dependency has been updated to v3.3.0.
>       - This needs new python dependencies are required in the build
>         environment.
>       - psa-acs was updated to a matching version.
>       - do_patch() has been updated to support the MbedTLS patch added
>         in TS.
>   - Update TS dependency patching method to use git instead of patch.
>   - Downgrade nanopb to match up-stream dependency version.
> 
> Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
> Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
> ---
>  .../trusted-services/trusted-services-src.inc | 27 +++++++++----------
>  .../trusted-services/ts-demo_git.bb           |  1 +
>  .../trusted-services/ts-newlib_4.1.0.bb       |  4 +--
>  .../ts-psa-api-test-common_git.inc            |  4 ++-
>  .../trusted-services/ts-sp-attestation_git.bb |  3 ++-
>  .../trusted-services/ts-sp-crypto_git.bb      |  5 ++--
>  .../trusted-services/ts-sp-env-test_git.bb    |  3 ++-
>  .../trusted-services/ts-sp-its_git.bb         |  3 ++-
>  .../trusted-services/ts-sp-se-proxy_git.bb    |  3 ++-
>  .../trusted-services/ts-sp-smm-gateway_git.bb |  3 ++-
>  .../trusted-services/ts-sp-storage_git.bb     |  3 ++-
>  11 files changed, 32 insertions(+), 27 deletions(-)
> 
> diff --git a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
> index dc295506..c3ab7867 100644
> --- a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
> +++ b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
> @@ -5,8 +5,8 @@ LICENSE = "Apache-2.0 & BSD-3-Clause & BSD-2-Clause & Zlib"
>  SRC_URI = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https;branch=integration;name=trusted-services;destsuffix=git/trusted-services \
>  "
>  
> -#latest on 12.10.22.
> -SRCREV_trusted-services = "3d4956770f89eb9ae0a73257901ae6277c078da6"
> +#Latest on 2023 April 25
> +SRCREV="0d292e7c879076ea36cc39e30e0ac930b71e8cd8"
>  LIC_FILES_CHKSUM = "file://${S}/license.rst;md5=ea160bac7f690a069c608516b17997f4"
>  
>  S = "${WORKDIR}/git/trusted-services"
> @@ -17,14 +17,14 @@ SRC_URI += "git://github.com/dgibson/dtc;name=dtc;protocol=https;branch=main;des
>  SRCREV_dtc = "b6910bec11614980a21e46fbccc35934b671bd81"
>  LIC_FILES_CHKSUM += "file://../dtc/README.license;md5=a1eb22e37f09df5b5511b8a278992d0e"
>  
> -# MbedTLS, tag "mbedtls-3.1.0"
> +# MbedTLS, tag "mbedtls-3.3.0"
>  SRC_URI += "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;branch=master;destsuffix=git/mbedtls"
> -SRCREV_mbedtls = "d65aeb37349ad1a50e0f6c9b694d4b5290d60e49"
> +SRCREV_mbedtls = "8c89224991adff88d53cd380f42a2baa36f91454"
>  LIC_FILES_CHKSUM += "file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
>  
> -# Nanopb, tag "nanopb-0.4.6"
> +# Nanopb, tag "nanopb-0.4.2"
>  SRC_URI += "git://github.com/nanopb/nanopb.git;name=nanopb;protocol=https;branch=master;destsuffix=git/nanopb"
> -SRCREV_nanopb = "afc499f9a410fc9bbf6c9c48cdd8d8b199d49eb4"
> +SRCREV_nanopb = "df0e92f474f9cca704fe2b31483f0b4d1b1715a4"
>  LIC_FILES_CHKSUM += "file://../nanopb/LICENSE.txt;md5=9db4b73a55a3994384112efcdb37c01f"
>  
>  # qcbor, tag "v1.0.0"
> @@ -54,15 +54,12 @@ LIC_FILES_CHKSUM += "file://../openamp/LICENSE.md;md5=a8d8cf662ef6bf9936a1e14135
>  
>  # TS ships patches for external dependencies that needs to be applied
>  apply_ts_patches() {
> -    for p in ${S}/external/qcbor/*.patch; do
> -        patch -p1 -N -d ${WORKDIR}/git/qcbor < ${p} || true
> -    done
> -    for p in ${S}/external/t_cose/*.patch; do
> -        patch -p1 -N -d ${WORKDIR}/git/tcose < ${p} || true
> -    done
> -    for p in ${S}/external/CppUTest/*.patch; do
> -        patch -p1 -d ${WORKDIR}/git/cpputest < ${p}
> -    done
> +    ( cd ${WORKDIR}/git/qcbor;    git stash; git branch -f bf_am; git am ${S}/external/qcbor/*.patch; git reset bf_am )
> +    ( cd ${WORKDIR}/git/tcose;    git stash; git branch -f bf_am; git am ${S}/external/t_cose/*.patch; git reset bf_am )
> +    ( cd ${WORKDIR}/git/mbedtls;  git stash; git branch -f bf_am; git am ${S}/external/MbedTLS/*.patch; git reset bf_am )
> +    ( cd ${WORKDIR}/git/cpputest; git stash; git apply ${S}/external/CppUTest/*.patch )
> +    ( cd ${WORKDIR}/git/dtc;      git stash; git apply ${S}/external/libfdt/*.patch )
> +    ( cd ${WORKDIR}/git/nanopb;   git stash; git apply ${S}/external/nanopb/*.patch )
>  }
>  do_patch[postfuncs] += "apply_ts_patches"
>  
> diff --git a/meta-arm/recipes-security/trusted-services/ts-demo_git.bb b/meta-arm/recipes-security/trusted-services/ts-demo_git.bb
> index a9f7b65f..668bde56 100644
> --- a/meta-arm/recipes-security/trusted-services/ts-demo_git.bb
> +++ b/meta-arm/recipes-security/trusted-services/ts-demo_git.bb
> @@ -6,6 +6,7 @@ TS_ENV = "arm-linux"
>  
>  require trusted-services.inc
>  
> +DEPENDS        += "python3-jsonschema-native python3-jinja2-native"
>  DEPENDS        += "libts"
>  RDEPENDS:${PN} += "libts"
>  
> diff --git a/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb b/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb
> index 408c7d3c..24a724a4 100644
> --- a/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb
> +++ b/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb
> @@ -22,9 +22,7 @@ OECMAKE_SOURCEPATH = "${S}/deployments/newlib/${TS_ENV}/"
>  
>  # TS ships a patch that needs to be applied to newlib
>  apply_ts_patch() {
> -    for p in ${S}/external/newlib/*.patch; do
> -        patch -p1 -d ${WORKDIR}/git/newlib < ${p}
> -    done
> +    ( cd ${WORKDIR}/git/newlib;    git stash; git branch -f bf_am; git am ${S}/external/newlib/*.patch; git reset bf_am )
>  }
>  do_patch[postfuncs] += "apply_ts_patch"
>  
> diff --git a/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc b/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc
> index 41cb0c08..8a7b0e5c 100644
> --- a/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc
> +++ b/meta-arm/recipes-security/trusted-services/ts-psa-api-test-common_git.inc
> @@ -4,6 +4,8 @@ TS_ENV = "arm-linux"
>  
>  require trusted-services.inc
>  
> +DEPENDS        += "python3-jsonschema-native python3-jinja2-native"
> +
>  DEPENDS        += "libts"
>  RDEPENDS:${PN} += "libts"
>  
> @@ -11,7 +13,7 @@ SRC_URI += "git://github.com/ARM-software/psa-arch-tests.git;name=psatest;protoc
>              file://0001-Pass-Yocto-build-settings-to-psa-arch-tests-native.patch;patchdir=../psatest \
>             "
>  
> -SRCREV_psatest = "451aa087a40d02c7d04778235014c5619d126471"
> +SRCREV_psatest = "38cb53a4d9e292435ddf7899960b15af62decfbe"
>  LIC_FILES_CHKSUM += "file://../psatest/LICENSE.md;md5=2a944942e1496af1886903d274dedb13"
>  
>  EXTRA_OECMAKE += "\
> diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb
> index eef05fe3..6cddfb03 100644
> --- a/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb
> +++ b/meta-arm/recipes-security/trusted-services/ts-sp-attestation_git.bb
> @@ -3,5 +3,6 @@ DESCRIPTION = "Trusted Services attestation service provider"
>  require ts-sp-common.inc
>  
>  SP_UUID = "${ATTESTATION_UUID}"
> +TS_SP_IAT_CONFIG ?= "default"
>  
> -OECMAKE_SOURCEPATH="${S}/deployments/attestation/${TS_ENV}"
> +OECMAKE_SOURCEPATH="${S}/deployments/attestation/config/${TS_SP_IAT_CONFIG}-${TS_ENV}"
> diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb
> index 77a28557..867e4a81 100644
> --- a/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb
> +++ b/meta-arm/recipes-security/trusted-services/ts-sp-crypto_git.bb
> @@ -3,7 +3,8 @@ DESCRIPTION = "Trusted Services crypto service provider"
>  require ts-sp-common.inc
>  
>  SP_UUID = "${CRYPTO_UUID}"
> +TS_SP_CRYPTO_CONFIG ?= "default"
>  
> -DEPENDS += "python3-protobuf-native"
> +DEPENDS += "python3-protobuf-native python3-jsonschema-native python3-jinja2-native"
>  
> -OECMAKE_SOURCEPATH="${S}/deployments/crypto/${TS_ENV}"
> +OECMAKE_SOURCEPATH="${S}/deployments/crypto/config/${TS_SP_CRYPTO_CONFIG}-${TS_ENV}"
> diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-env-test_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-env-test_git.bb
> index 040fd4d1..5551a4de 100644
> --- a/meta-arm/recipes-security/trusted-services/ts-sp-env-test_git.bb
> +++ b/meta-arm/recipes-security/trusted-services/ts-sp-env-test_git.bb
> @@ -6,5 +6,6 @@ require ts-sp-common.inc
>  COMPATIBLE_MACHINE ?= "invalid"
>  
>  SP_UUID = "${ENV_TEST_UUID}"
> +TS_SP_ENVTEST_CONFIG ?= "baremetal-fvp_base_revc"
>  
> -OECMAKE_SOURCEPATH="${S}/deployments/env-test/${TS_ENV}"
> +OECMAKE_SOURCEPATH="${S}/deployments/env-test/config/${TS_SP_ENVTEST_CONFIG}-${TS_ENV}"
> diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb
> index 4eb5dc5e..5472dbda 100644
> --- a/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb
> +++ b/meta-arm/recipes-security/trusted-services/ts-sp-its_git.bb
> @@ -3,5 +3,6 @@ DESCRIPTION = "Trusted Services internal secure storage service provider"
>  require ts-sp-common.inc
>  
>  SP_UUID = "${ITS_UUID}"
> +TS_SP_ITS_CONFIG ?= "default"
>  
> -OECMAKE_SOURCEPATH="${S}/deployments/internal-trusted-storage/${TS_ENV}"
> +OECMAKE_SOURCEPATH="${S}/deployments/internal-trusted-storage/config/${TS_SP_ITS_CONFIG}-${TS_ENV}"
> diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb
> index b9246418..26781434 100644
> --- a/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb
> +++ b/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb
> @@ -3,7 +3,8 @@ DESCRIPTION = "Trusted Services proxy service providers"
>  require ts-sp-common.inc
>  
>  SP_UUID = "${SE_PROXY_UUID}"
> +TS_SP_SE_PROXY_CONFIG ?= "default"
>  
>  DEPENDS += "python3-protobuf-native"
>  
> -OECMAKE_SOURCEPATH="${S}/deployments/se-proxy/${TS_ENV}"
> +OECMAKE_SOURCEPATH="${S}/deployments/se-proxy/config/${TS_SP_SE_PROXY_CONFIG}-${TS_ENV}"
> diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb
> index 06ca6bd1..752f7fe7 100644
> --- a/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb
> +++ b/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb
> @@ -3,5 +3,6 @@ DESCRIPTION = "Trusted Services service provider for UEFI SMM services"
>  require ts-sp-common.inc
>  
>  SP_UUID = "${SMM_GATEWAY_UUID}"
> +TS_SP_SMM_GATEWAY_CONFIG ?= "default"
>  
> -OECMAKE_SOURCEPATH="${S}/deployments/smm-gateway/${TS_ENV}"
> +OECMAKE_SOURCEPATH="${S}/deployments/smm-gateway/config/${TS_SP_SMM_GATEWAY_CONFIG}-${TS_ENV}"
> diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb
> index c8937546..5b2f47b3 100644
> --- a/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb
> +++ b/meta-arm/recipes-security/trusted-services/ts-sp-storage_git.bb
> @@ -3,5 +3,6 @@ DESCRIPTION = "Trusted Services secure storage service provider"
>  require ts-sp-common.inc
>  
>  SP_UUID = "${STORAGE_UUID}"
> +TS_SP_PS_CONFIG ?= "default"
>  
> -OECMAKE_SOURCEPATH="${S}/deployments/protected-storage/${TS_ENV}"
> +OECMAKE_SOURCEPATH="${S}/deployments/protected-storage/config/${TS_SP_PS_CONFIG}-${TS_ENV}"
> -- 
> 2.39.1.windows.1

Re: [meta-arm] [PATCH 01/16] arm/trusted-services: update TS version

[Ross Burton]

On 12 Jun 2023, at 22:42, Denys Dmytriyenko via lists.yoctoproject.org <denis=denix.org@lists.yoctoproject.org> wrote:
> 
> I would like to propose reverting this series ASAP due to the breakage caused 
> to downstream layers and platforms.

Is this just related to the EXTRA_OEMAKE += " CFG_MAP_EXT_DT_SECURE=y” line, or something else too?  Obviously that needs fixing, but I don’t think that deserves a bulk revert.

Ross

Re: [meta-arm] [PATCH 01/16] arm/trusted-services: update TS version

[Denys Dmytriyenko]

On Tue, Jun 13, 2023 at 02:20:28PM +0000, Ross Burton wrote:
> On 12 Jun 2023, at 22:42, Denys Dmytriyenko via lists.yoctoproject.org <denis=denix.org@lists.yoctoproject.org> wrote:
> > 
> > I would like to propose reverting this series ASAP due to the breakage caused 
> > to downstream layers and platforms.
> 
> Is this just related to the EXTRA_OEMAKE += " CFG_MAP_EXT_DT_SECURE=y” line, 
> or something else too?  Obviously that needs fixing, but I don’t think that 
> deserves a bulk revert.

The reason for the revert proposal was due to a total silence from the author 
on multiple inquiries. Yes, the fix is simple, but a confirmation or any kind 
of feedback would have been greatly appreciated...

-- 
Denys

Re: [meta-arm] [PATCH 01/16] arm/trusted-services: update TS version

[Ross Burton]

On 13 Jun 2023, at 20:58, Denys Dmytriyenko <denis@denix.org> wrote:
> 
> On Tue, Jun 13, 2023 at 02:20:28PM +0000, Ross Burton wrote:
>> On 12 Jun 2023, at 22:42, Denys Dmytriyenko via lists.yoctoproject.org <denis=denix.org@lists.yoctoproject.org> wrote:
>>> 
>>> I would like to propose reverting this series ASAP due to the breakage caused 
>>> to downstream layers and platforms.
>> 
>> Is this just related to the EXTRA_OEMAKE += " CFG_MAP_EXT_DT_SECURE=y” line, 
>> or something else too?  Obviously that needs fixing, but I don’t think that 
>> deserves a bulk revert.
> 
> The reason for the revert proposal was due to a total silence from the author 
> on multiple inquiries. Yes, the fix is simple, but a confirmation or any kind 
> of feedback would have been greatly appreciated…

Agreed, silence isn’t good, and any one of us should have responded.  A proposed resolution is running through internal CI now to check it doesn’t break anything now, hopefully it will be on the list tomorrow.

Ross

Re: [meta-arm] [PATCH 01/16] arm/trusted-services: update TS version

[Denys Dmytriyenko]

On Tue, Jun 13, 2023 at 09:14:43PM +0000, Ross Burton wrote:
> On 13 Jun 2023, at 20:58, Denys Dmytriyenko <denis@denix.org> wrote:
> > 
> > On Tue, Jun 13, 2023 at 02:20:28PM +0000, Ross Burton wrote:
> >> On 12 Jun 2023, at 22:42, Denys Dmytriyenko via lists.yoctoproject.org <denis=denix.org@lists.yoctoproject.org> wrote:
> >>> 
> >>> I would like to propose reverting this series ASAP due to the breakage caused 
> >>> to downstream layers and platforms.
> >> 
> >> Is this just related to the EXTRA_OEMAKE += " CFG_MAP_EXT_DT_SECURE=y” line, 
> >> or something else too?  Obviously that needs fixing, but I don’t think that 
> >> deserves a bulk revert.
> > 
> > The reason for the revert proposal was due to a total silence from the author 
> > on multiple inquiries. Yes, the fix is simple, but a confirmation or any kind 
> > of feedback would have been greatly appreciated…
> 
> Agreed, silence isn’t good, and any one of us should have responded.  A 
> proposed resolution is running through internal CI now to check it doesn’t 
> break anything now, hopefully it will be on the list tomorrow.

Thanks. Is it any different from my proposal?
https://patchwork.yoctoproject.org/project/arm/patch/20230613181723.1711212-1-denis@denix.org/

-- 
Denys

Re: [meta-arm] [PATCH 01/16] arm/trusted-services: update TS version

[Ross Burton]

On 13 Jun 2023, at 22:26, Denys Dmytriyenko <denis@denix.org> wrote:
>> Agreed, silence isn’t good, and any one of us should have responded.  A 
>> proposed resolution is running through internal CI now to check it doesn’t 
>> break anything now, hopefully it will be on the list tomorrow.
> 
> Thanks. Is it any different from my proposal?
> https://patchwork.yoctoproject.org/project/arm/patch/20230613181723.1711212-1-denis@denix.org/

It is not :)

Ross