* [PATCH 1/5] Add support for the TS Firmware Update service
@ 2024-04-29 15:26 Gyorgy Szing
2024-04-29 15:26 ` [PATCH 2/5] arm/trusted-services: update to 2024 April 19 Gyorgy Szing
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Gyorgy Szing @ 2024-04-29 15:26 UTC (permalink / raw
To: meta-arm; +Cc: Gyorgy Szing
Add a recipe to enable building and deploying the FWU service
implemented in the Trusted Services Project. The FWU service can
help vendors to meet PSA certification requirements.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
---
ci/fvp-base-ts.yml | 12 ++-
documentation/trusted-services.md | 6 +-
.../trusted-services/ts-sp-fwu_%.bbappend | 1 +
.../recipes-security/optee/optee-os-ts.inc | 6 ++
...uring-flash-image-files-compile-time.patch | 100 ++++++++++++++++++
.../trusted-services/trusted-services-src.inc | 1 +
.../trusted-services/ts-sp-fwu_git.bb | 32 ++++++
.../trusted-services/ts-uuid.inc | 1 +
8 files changed, 156 insertions(+), 3 deletions(-)
create mode 100644 meta-arm-bsp/recipes-security/trusted-services/ts-sp-fwu_%.bbappend
create mode 100644 meta-arm/recipes-security/trusted-services/files/0001-Allow-configuring-flash-image-files-compile-time.patch
create mode 100644 meta-arm/recipes-security/trusted-services/ts-sp-fwu_git.bb
diff --git a/ci/fvp-base-ts.yml b/ci/fvp-base-ts.yml
index e2e7ada2..9a03bc85 100644
--- a/ci/fvp-base-ts.yml
+++ b/ci/fvp-base-ts.yml
@@ -12,7 +12,7 @@ local_conf_header:
# Include all Secure Partitions into the image
MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its"
MACHINE_FEATURES:append = " ts-attestation ts-smm-gateway optee-spmc-test"
- MACHINE_FEATURES:append = " ts-block-storage"
+ MACHINE_FEATURES:append = " ts-block-storage ts-fwu"
# Include TS demo/test tools into image
IMAGE_INSTALL:append = " packagegroup-ts-tests"
# Include TS PSA Arch tests into image
@@ -20,3 +20,13 @@ local_conf_header:
CORE_IMAGE_EXTRA_INSTALL += "optee-test"
# Set the TS environment
TS_ENV="sp"
+ # Enable and configure semihosting
+ FVP_CONFIG[cluster0.cpu0.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
+ FVP_CONFIG[cluster0.cpu1.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
+ FVP_CONFIG[cluster0.cpu2.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
+ FVP_CONFIG[cluster0.cpu3.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
+ FVP_CONFIG[cluster1.cpu0.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
+ FVP_CONFIG[cluster1.cpu1.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
+ FVP_CONFIG[cluster1.cpu2.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
+ FVP_CONFIG[cluster1.cpu3.semihosting-cwd] = "${DEPLOY_DIR_IMAGE}"
+ FVP_CONFIG[semihosting-enable] = "True"
diff --git a/documentation/trusted-services.md b/documentation/trusted-services.md
index 0359b648..c37b10bf 100644
--- a/documentation/trusted-services.md
+++ b/documentation/trusted-services.md
@@ -18,6 +18,7 @@ features for each [Secure Partition][^2] you would like to include:
| ----------------- | --------------- |
| Attestation | ts-attesation |
| Crypto | ts-crypto |
+| Firmware Update | ts-fwu
| Internal Storage | ts-its |
| Protected Storage | ts-storage |
| se-proxy | ts-se-proxy |
@@ -47,9 +48,10 @@ Other steps depend on your machine/platform definition:
4. Trusted Services supports an SPMC agonistic binary format. To build SPs to this format the `TS_ENV` variable is to be
set to `sp`. The resulting SP binaries should be able to boot under any FF-A v1.1 compliant SPMC implementation.
+
## Normal World applications
-Optionally for testing purposes you can add `packagegroup-ts-tests` into your image. It includes
+Optionally for testing purposes you can add `packagegroup-ts-tests` into your image. It includes
[Trusted Services test and demo tools][^3] and [xtest][^4] configured to include the `ffa_spmc` tests.
## OEQA Trusted Services tests
@@ -65,4 +67,4 @@ See `ci/trusted-services.yml` for an example how to include them into an image.
[^3]: https://trusted-services.readthedocs.io/en/integration/deployments/test-executables.html
-[^4]: https://optee.readthedocs.io/en/latest/building/gits/optee_test.html
\ No newline at end of file
+[^4]: https://optee.readthedocs.io/en/latest/building/gits/optee_test.html
diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-sp-fwu_%.bbappend b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-fwu_%.bbappend
new file mode 100644
index 00000000..5c9ef210
--- /dev/null
+++ b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-fwu_%.bbappend
@@ -0,0 +1 @@
+require ts-arm-platforms.inc
diff --git a/meta-arm/recipes-security/optee/optee-os-ts.inc b/meta-arm/recipes-security/optee/optee-os-ts.inc
index a9071abd..d30e8ea7 100644
--- a/meta-arm/recipes-security/optee/optee-os-ts.inc
+++ b/meta-arm/recipes-security/optee/optee-os-ts.inc
@@ -67,6 +67,12 @@ SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
EXTRA_OEMAKE:append = "${@bb.utils.contains('MACHINE_FEATURES', 'optee-spmc-test', \
' CFG_SPMC_TESTS=y', '' , d)}"
+# Firmware Update SP
+DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-fwu', \
+ ' ts-sp-fwu', '' , d)}"
+SP_PATHS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-fwu', \
+ ' ${TS_BIN}/${FWU_UUID}${SP_EXT}', '', d)}"
+
# Block Storage SP
DEPENDS:append = "${@bb.utils.contains('MACHINE_FEATURES', 'ts-block-storage', \
' ts-sp-block-storage', '' , d)}"
diff --git a/meta-arm/recipes-security/trusted-services/files/0001-Allow-configuring-flash-image-files-compile-time.patch b/meta-arm/recipes-security/trusted-services/files/0001-Allow-configuring-flash-image-files-compile-time.patch
new file mode 100644
index 00000000..bcffa4b8
--- /dev/null
+++ b/meta-arm/recipes-security/trusted-services/files/0001-Allow-configuring-flash-image-files-compile-time.patch
@@ -0,0 +1,100 @@
+From 9fbeb9dd8c4f2c842248541b73e4cff9c6f8d26e Mon Sep 17 00:00:00 2001
+From: Gyorgy Szing <gyorgy.szing@arm.com>
+Date: Wed, 27 Mar 2024 21:53:51 +0000
+Subject: [PATCH 1/1] Allow configuring flash image files compile time
+
+Allow configuring image file PATH name for file and semihosted
+block_store using CMake build options.
+
+Upstream-Status: Pending
+
+Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
+---
+ .../block_storage/factory/file/block_store_factory.c | 6 +++++-
+ .../service/block_storage/factory/file/component.cmake | 6 +++++-
+ .../block_storage/factory/semihosting/block_store_factory.c | 6 +++++-
+ .../block_storage/factory/semihosting/component.cmake | 6 +++++-
+ 4 files changed, 20 insertions(+), 4 deletions(-)
+
+diff --git a/components/service/block_storage/factory/file/block_store_factory.c b/components/service/block_storage/factory/file/block_store_factory.c
+index c6915107b..ef05ee791 100644
+--- a/components/service/block_storage/factory/file/block_store_factory.c
++++ b/components/service/block_storage/factory/file/block_store_factory.c
+@@ -25,6 +25,10 @@
+ #define FILE_BLOCK_SIZE (512)
+ #endif
+
++#ifndef FILE_BLK_FILE_NAME
++#define FILE_BLK_FILE_NAME "secure-flash.img"
++#endif
++
+ static char disk_img_filename[256];
+
+ struct block_store_assembly {
+@@ -60,7 +64,7 @@ struct block_store *file_block_store_factory_create(void)
+
+ /* Ensure disk image filename is set */
+ if (disk_img_filename[0] == '\0')
+- file_block_store_factory_set_filename("secure-flash.img");
++ file_block_store_factory_set_filename(FILE_BLK_FILE_NAME);
+
+ /* Initialise a file_block_store to provide underlying storage */
+ struct block_store *secure_flash = file_block_store_init(
+diff --git a/components/service/block_storage/factory/file/component.cmake b/components/service/block_storage/factory/file/component.cmake
+index 644f03972..fa15d1399 100644
+--- a/components/service/block_storage/factory/file/component.cmake
++++ b/components/service/block_storage/factory/file/component.cmake
+@@ -17,4 +17,8 @@ if (NOT DEFINED TS_BLOCK_STORE_FACTORY)
+ set(TS_BLOCK_STORE_FACTORY "file_block_store_factory")
+ target_compile_definitions(${TGT} PRIVATE
+ CONCRETE_BLOCK_STORE_FACTORY=${TS_BLOCK_STORE_FACTORY})
+-endif()
+\ No newline at end of file
++endif()
++
++set(FILE_BLK_FILE_NAME "secure-flash.img" CACHE PATH "PATH to block storage flash image file.")
++set_property(SOURCE "${CMAKE_CURRENT_LIST_DIR}/block_store_factory.c" APPEND PROPERTY COMPILE_DEFINITIONS FILE_BLK_FILE_NAME="${FILE_BLK_FILE_NAME}")
++message(status "Block storage image file PATH is ${FILE_BLK_FILE_NAME}")
+diff --git a/components/service/block_storage/factory/semihosting/block_store_factory.c b/components/service/block_storage/factory/semihosting/block_store_factory.c
+index 8e58e3638..09bdb74eb 100644
+--- a/components/service/block_storage/factory/semihosting/block_store_factory.c
++++ b/components/service/block_storage/factory/semihosting/block_store_factory.c
+@@ -21,6 +21,10 @@
+ /* Most common block size for UEFI volumes */
+ #define SEMIHOSTING_BLOCK_SIZE (512)
+
++#ifndef SEMIHOSTING_BLK_FILE_NAME
++#define SEMIHOSTING_BLK_FILE_NAME "secure-flash.img"
++#endif
++
+ struct block_store_assembly
+ {
+ struct semihosting_block_store semihosting_block_store;
+@@ -55,7 +59,7 @@ struct block_store *semihosting_block_store_factory_create(void)
+ /* Initialise a semihosting_block_store to provide underlying storage */
+ struct block_store *secure_flash = semihosting_block_store_init(
+ &assembly->semihosting_block_store,
+- "secure-flash.img",
++ SEMIHOSTING_BLK_FILE_NAME,
+ SEMIHOSTING_BLOCK_SIZE);
+
+ if (secure_flash) {
+diff --git a/components/service/block_storage/factory/semihosting/component.cmake b/components/service/block_storage/factory/semihosting/component.cmake
+index 97affaf49..98d6dcdcb 100644
+--- a/components/service/block_storage/factory/semihosting/component.cmake
++++ b/components/service/block_storage/factory/semihosting/component.cmake
+@@ -17,4 +17,8 @@ if (NOT DEFINED TS_BLOCK_STORE_FACTORY)
+ set(TS_BLOCK_STORE_FACTORY "semihosting_block_store_factory")
+ target_compile_definitions(${TGT} PRIVATE
+ CONCRETE_BLOCK_STORE_FACTORY=${TS_BLOCK_STORE_FACTORY})
+-endif()
+\ No newline at end of file
++endif()
++
++set(SEMIHOSTING_BLK_FILE_NAME "secure-flash.img" CACHE PATH "PATH to block storage flash image file.")
++set_property(SOURCE "${CMAKE_CURRENT_LIST_DIR}/block_store_factory.c" APPEND PROPERTY COMPILE_DEFINITIONS SEMIHOSTING_BLK_FILE_NAME="${SEMIHOSTING_BLK_FILE_NAME}")
++message(status "Block storage semihosting image file PATH is ${SEMIHOSTING_BLK_FILE_NAME}")
+\ No newline at end of file
+--
+2.34.1
+
diff --git a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
index cf301a14..f8cbc862 100644
--- a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
+++ b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
@@ -10,6 +10,7 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
SRC_URI:append = "\
file://0001-Upgrade-nanopb-to-v0.4.7.patch \
file://0001-Add-boot-order-property-to-SP-manifests.patch \
+ file://0001-Allow-configuring-flash-image-files-compile-time.patch \
"
# Trusted Services; Tag: v1.0.0
diff --git a/meta-arm/recipes-security/trusted-services/ts-sp-fwu_git.bb b/meta-arm/recipes-security/trusted-services/ts-sp-fwu_git.bb
new file mode 100644
index 00000000..02f58fb4
--- /dev/null
+++ b/meta-arm/recipes-security/trusted-services/ts-sp-fwu_git.bb
@@ -0,0 +1,32 @@
+# SPDX-FileCopyrightText: <text>Copyright 2024 Arm Limited and/or its
+# affiliates <open-source-office@arm.com></text>
+#
+# SPDX-License-Identifier: MIT
+
+DESCRIPTION = "Trusted Services Firmware Update Service provider"
+
+require ts-sp-common.inc
+inherit deploy
+
+SP_UUID = "${FWU_UUID}"
+TS_SP_FWU_CONFIG ?= "default"
+
+OECMAKE_SOURCEPATH="${S}/deployments/fwu/config/${TS_SP_FWU_CONFIG}-${TS_ENV}"
+
+# The GPT parser component is needed from TF-A
+SRC_URI += "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;name=tfa;protocol=https;branch=master;destsuffix=git/tf-a"
+SRCREV_tfa = "v2.7.0"
+LIC_FILES_CHKSUM = "file://../tf-a/docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde"
+do_apply_local_src_patches:append() {
+ apply_local_src_patches ${S}/external/tf_a ${WORKDIR}/git/tf-a
+}
+
+EXTRA_OECMAKE:append = "-DTFA_SOURCE_DIR=${WORKDIR}/git/tf-a"
+
+# Deploy the secure flash image.
+do_deploy() {
+ cp -v ${S}/components/media/disk/disk_images/multi_location_fw.img ${DEPLOYDIR}/secure-flash.img
+}
+addtask deploy after do_compile
+
+EXTRA_OECMAKE:append:qemuall = " -DSEMIHOSTING_BLK_FILE_NAME:STRING=${@oe.path.relative('${TMPDIR}', '${DEPLOY_DIR_IMAGE}')}/secure-flash.img"
diff --git a/meta-arm/recipes-security/trusted-services/ts-uuid.inc b/meta-arm/recipes-security/trusted-services/ts-uuid.inc
index 0b2bd85a..810ffa5e 100644
--- a/meta-arm/recipes-security/trusted-services/ts-uuid.inc
+++ b/meta-arm/recipes-security/trusted-services/ts-uuid.inc
@@ -11,4 +11,5 @@ SPM_TEST1_UUID = "5c9edbc3-7b3a-4367-9f83-7c191ae86a37"
SPM_TEST2_UUID = "7817164c-c40c-4d1a-867a-9bb2278cf41a"
SPM_TEST3_UUID = "23eb0100-e32a-4497-9052-2f11e584afa6"
SPM_TEST4_UUID = "423762ed-7772-406f-99d8-0c27da0abbf8"
+FWU_UUID = "6823a838-1b06-470e-9774-0cce8bfb53fd"
BLOCK_STORAGE_UUID = "63646e80-eb52-462f-ac4f-8cdf3987519c"
--
2.43.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/5] arm/trusted-services: update to 2024 April 19
2024-04-29 15:26 [PATCH 1/5] Add support for the TS Firmware Update service Gyorgy Szing
@ 2024-04-29 15:26 ` Gyorgy Szing
2024-04-29 15:26 ` [PATCH 3/5] arm/trusted-services: fix oeqa script Gyorgy Szing
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Gyorgy Szing @ 2024-04-29 15:26 UTC (permalink / raw
To: meta-arm; +Cc: Gyorgy Szing
From: Gyorgy Szing <Gyorgy.Szing@arm.com>
Update TS and dependencies to latest version of the integration branch.
Remove patches merged upstream.
Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
---
.../oeqa/runtime/cases/trusted_services.py | 3 +-
...-boot-order-property-to-SP-manifests.patch | 1005 -----------------
.../files/0001-Upgrade-nanopb-to-v0.4.7.patch | 179 ---
.../trusted-services/trusted-services-src.inc | 14 +-
.../trusted-services/ts-newlib_4.1.0.bb | 2 +-
5 files changed, 8 insertions(+), 1195 deletions(-)
delete mode 100644 meta-arm/recipes-security/trusted-services/files/0001-Add-boot-order-property-to-SP-manifests.patch
delete mode 100644 meta-arm/recipes-security/trusted-services/files/0001-Upgrade-nanopb-to-v0.4.7.patch
diff --git a/meta-arm/lib/oeqa/runtime/cases/trusted_services.py b/meta-arm/lib/oeqa/runtime/cases/trusted_services.py
index bfb42d69..e6a840a9 100644
--- a/meta-arm/lib/oeqa/runtime/cases/trusted_services.py
+++ b/meta-arm/lib/oeqa/runtime/cases/trusted_services.py
@@ -38,8 +38,7 @@ class TrustedServicesTest(OERuntimeTestCase):
@OEHasPackage(['ts-psa-ps-api-test'])
@OETestDepends(['ssh.SSHTest.test_ssh'])
def test_05_psa_ps_api_test(self):
- # There are a few expected PSA Storage tests failing
- self.run_test_tool('psa-ps-api-test', expected_status=46)
+ self.run_test_tool('psa-ps-api-test')
@OEHasPackage(['ts-psa-iat-api-test'])
@OETestDepends(['ssh.SSHTest.test_ssh'])
diff --git a/meta-arm/recipes-security/trusted-services/files/0001-Add-boot-order-property-to-SP-manifests.patch b/meta-arm/recipes-security/trusted-services/files/0001-Add-boot-order-property-to-SP-manifests.patch
deleted file mode 100644
index dc4a4a1b..00000000
--- a/meta-arm/recipes-security/trusted-services/files/0001-Add-boot-order-property-to-SP-manifests.patch
+++ /dev/null
@@ -1,1005 +0,0 @@
-From b8a6c54f519fce1651bd9d5d43884e62708f825d Mon Sep 17 00:00:00 2001
-From: Gabor Toth <gabor.toth2@arm.com>
-Date: Thu, 14 Mar 2024 11:09:19 +0100
-Subject: [PATCH 1/1] Add boot-order property to SP manifests
-
-Capture the boot-order in the SP manifest files for each SP to help
-portability. The legacy way to set the boot order is integration
-system, packaging method and SPMC implementation specific.
-
-The boot order of SP is dictated by service dependency and relative
-boot order of TS SPs should be as follows:
-
-1 - block-storage
-1 - se-proxy (corstone1000-opteesp)
-2 - se-proxy (default-opteesp or default-sp)
-2 - internal-trusted-storage
-3 - protected-storage
-4 - crypto
-5 - attestation
-6 - se-proxy
-7 - fwu
-8 - smm-gateway
-
-Signed-off-by: Gabor Toth <gabor.toth2@arm.com>
-Change-Id: I4b93015c68e7261fdc87434a6c7f4ec86965af54
-
-Upstream-Status: Backport 7e4babed40dc686ae38d3fe35459e7417717d880
----
- components/service/spm_test/spm_test.cmake | 1 +
- .../attestation/config/default-opteesp/CMakeLists.txt | 2 ++
- .../config/default-opteesp/default_attestation.dts.in | 1 +
- deployments/attestation/config/default-sp/CMakeLists.txt | 2 ++
- .../config/default-sp/default_attestation.dts.in | 1 +
- .../block-storage/config/cfi-flash-optee/CMakeLists.txt | 2 ++
- .../config/cfi-flash-optee/default_block-storage.dts.in | 1 +
- .../block-storage/config/default-opteesp/CMakeLists.txt | 2 ++
- .../config/default-opteesp/default_block-storage.dts.in | 1 +
- .../block-storage/config/default-sp/CMakeLists.txt | 2 ++
- .../config/default-sp/default_block-storage.dts.in | 1 +
- .../config/edk2-secure-flash-opteesp/CMakeLists.txt | 2 ++
- .../default_block-storage.dts.in | 1 +
- .../config/semihosted-opteesp/CMakeLists.txt | 2 ++
- .../semihosted-opteesp/default_block-storage.dts.in | 1 +
- deployments/crypto/config/default-opteesp/CMakeLists.txt | 2 ++
- .../crypto/config/default-opteesp/default_crypto.dts.in | 1 +
- deployments/crypto/config/default-sp/CMakeLists.txt | 2 ++
- .../crypto/config/default-sp/default_crypto.dts.in | 1 +
- .../default_env-test.dts.in | 1 +
- .../baremetal-fvp_base_revc-sp/default_env-test.dts.in | 1 +
- .../config/n1sdp-opteesp/default_env-test.dts.in | 1 +
- deployments/fwu/config/default-opteesp/CMakeLists.txt | 2 ++
- .../fwu/config/default-opteesp/default_fwu.dts.in | 1 +
- deployments/fwu/config/default-sp/CMakeLists.txt | 2 ++
- deployments/fwu/config/default-sp/default_fwu.dts.in | 1 +
- .../config/default-opteesp/CMakeLists.txt | 2 ++
- .../default_internal-trusted-storage.dts.in | 1 +
- .../config/default-sp/CMakeLists.txt | 2 ++
- .../default-sp/default_internal-trusted-storage.dts.in | 1 +
- .../config/shared-flash-opteesp/CMakeLists.txt | 2 ++
- .../default_internal-trusted-storage.dts.in | 1 +
- .../config/default-opteesp/CMakeLists.txt | 2 ++
- .../default-opteesp/default_protected-storage.dts.in | 1 +
- .../protected-storage/config/default-sp/CMakeLists.txt | 2 ++
- .../config/default-sp/default_protected-storage.dts.in | 1 +
- .../config/shared-flash-opteesp/CMakeLists.txt | 2 ++
- .../default_protected-storage.dts.in | 1 +
- .../se-proxy/config/corstone1000-opteesp/CMakeLists.txt | 2 ++
- .../config/corstone1000-opteesp/default_se-proxy.dts.in | 1 +
- .../se-proxy/config/default-opteesp/CMakeLists.txt | 2 ++
- .../config/default-opteesp/default_se-proxy.dts.in | 1 +
- deployments/se-proxy/config/default-sp/CMakeLists.txt | 2 ++
- .../se-proxy/config/default-sp/default_se-proxy.dts.in | 1 +
- deployments/sfs-demo/opteesp/default_sfs-demo.dts.in | 1 +
- deployments/sfs-demo/sp/default_sfs-demo.dts.in | 1 +
- .../smm-gateway/config/default-opteesp/CMakeLists.txt | 2 ++
- .../config/default-opteesp/default_smm-gateway.dts.in | 1 +
- deployments/smm-gateway/config/default-sp/CMakeLists.txt | 3 +++
- .../config/default-sp/default_smm-gateway.dts.in | 1 +
- deployments/spm-test1/opteesp/CMakeLists.txt | 1 +
- deployments/spm-test1/opteesp/default_spm_test1.dts.in | 1 +
- deployments/spm-test2/opteesp/CMakeLists.txt | 1 +
- deployments/spm-test2/opteesp/default_spm_test2.dts.in | 1 +
- deployments/spm-test3/opteesp/CMakeLists.txt | 2 ++
- deployments/spm-test3/opteesp/default_spm_test3.dts.in | 1 +
- deployments/spm-test4/opteesp/CMakeLists.txt | 1 +
- deployments/spm-test4/opteesp/default_spm_test4.dts.in | 1 +
- tools/cmake/common/ExportSp.cmake | 9 ++++++++-
- 59 files changed, 90 insertions(+), 1 deletion(-)
-
-diff --git a/components/service/spm_test/spm_test.cmake b/components/service/spm_test/spm_test.cmake
-index e8a1ccd48..7cb7e667a 100644
---- a/components/service/spm_test/spm_test.cmake
-+++ b/components/service/spm_test/spm_test.cmake
-@@ -70,4 +70,5 @@ export_sp(
- MK_IN ${TS_ROOT}/environments/opteesp/sp.mk.in
- DTS_IN ${TS_ROOT}/deployments/spm-test${SP_NUMBER}/opteesp/default_spm_test${SP_NUMBER}.dts.in
- JSON_IN ${TS_ROOT}/environments/opteesp/sp_pkg.json.in
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- )
-diff --git a/deployments/attestation/config/default-opteesp/CMakeLists.txt b/deployments/attestation/config/default-opteesp/CMakeLists.txt
-index 58ecb3412..7e13465dd 100644
---- a/deployments/attestation/config/default-opteesp/CMakeLists.txt
-+++ b/deployments/attestation/config/default-opteesp/CMakeLists.txt
-@@ -23,6 +23,7 @@ target_include_directories(attestation PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}")
- set(SP_BIN_UUID_CANON "a1baf155-8876-4695-8f7c-54955e8db974")
- set(SP_FFA_UUID_CANON "${TS_RPC_UUID_CANON}")
- set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "SP heap size in bytes")
-+set(SP_BOOT_ORDER "5")
- set(TRACE_PREFIX "ATT" CACHE STRING "Trace prefix")
-
- target_include_directories(attestation PRIVATE
-@@ -90,6 +91,7 @@ include(${TS_ROOT}/tools/cmake/common/ExportSp.cmake)
- export_sp(
- SP_FFA_UUID_CANON ${SP_FFA_UUID_CANON}
- SP_BIN_UUID_CANON ${SP_BIN_UUID_CANON}
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- SP_NAME "attestation"
- MK_IN ${TS_ROOT}/environments/opteesp/sp.mk.in
- DTS_IN ${CMAKE_CURRENT_LIST_DIR}/default_attestation.dts.in
-diff --git a/deployments/attestation/config/default-opteesp/default_attestation.dts.in b/deployments/attestation/config/default-opteesp/default_attestation.dts.in
-index 3a2ac76c9..e310cc672 100644
---- a/deployments/attestation/config/default-opteesp/default_attestation.dts.in
-+++ b/deployments/attestation/config/default-opteesp/default_attestation.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
- elf-format = <1>;
-diff --git a/deployments/attestation/config/default-sp/CMakeLists.txt b/deployments/attestation/config/default-sp/CMakeLists.txt
-index cdcbdcd71..43d880546 100644
---- a/deployments/attestation/config/default-sp/CMakeLists.txt
-+++ b/deployments/attestation/config/default-sp/CMakeLists.txt
-@@ -28,6 +28,7 @@ set(SP_FFA_UUID_CANON "${TS_RPC_UUID_CANON}")
- set(TRACE_PREFIX "ATT" CACHE STRING "Trace prefix")
- set(SP_STACK_SIZE "64 * 1024" CACHE STRING "Stack size")
- set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "Heap size")
-+set(SP_BOOT_ORDER "5")
-
- #-------------------------------------------------------------------------------
- # Default deployment specific configuration
-@@ -90,6 +91,7 @@ include(${TS_ROOT}/tools/cmake/common/ExportSp.cmake)
- export_sp(
- SP_FFA_UUID_CANON ${SP_FFA_UUID_CANON}
- SP_BIN_UUID_CANON ${SP_BIN_UUID_CANON}
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- SP_NAME ${SP_NAME}
- DTS_IN ${CMAKE_CURRENT_LIST_DIR}/default_${SP_NAME}.dts.in
- DTS_MEM_REGIONS ${SP_BIN_UUID_CANON}_memory_regions.dtsi
-diff --git a/deployments/attestation/config/default-sp/default_attestation.dts.in b/deployments/attestation/config/default-sp/default_attestation.dts.in
-index 2e16f7ed9..e8383aec1 100644
---- a/deployments/attestation/config/default-sp/default_attestation.dts.in
-+++ b/deployments/attestation/config/default-sp/default_attestation.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
-
-diff --git a/deployments/block-storage/config/cfi-flash-optee/CMakeLists.txt b/deployments/block-storage/config/cfi-flash-optee/CMakeLists.txt
-index b6501f25d..53bd07839 100644
---- a/deployments/block-storage/config/cfi-flash-optee/CMakeLists.txt
-+++ b/deployments/block-storage/config/cfi-flash-optee/CMakeLists.txt
-@@ -28,6 +28,7 @@ target_include_directories(block-storage PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}")
- set(SP_BIN_UUID_CANON "63646e80-eb52-462f-ac4f-8cdf3987519c")
- set(SP_FFA_UUID_CANON "${TS_RPC_UUID_CANON}")
- set(SP_HEAP_SIZE "120 * 1024" CACHE STRING "SP heap size in bytes")
-+set(SP_BOOT_ORDER "1")
- set(TRACE_PREFIX "BLOCK" CACHE STRING "Trace prefix")
-
- target_include_directories(block-storage PRIVATE
-@@ -95,6 +96,7 @@ include(${TS_ROOT}/tools/cmake/common/ExportSp.cmake)
- export_sp(
- SP_FFA_UUID_CANON ${SP_FFA_UUID_CANON}
- SP_BIN_UUID_CANON ${SP_BIN_UUID_CANON}
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- SP_NAME "block-storage"
- MK_IN ${TS_ROOT}/environments/opteesp/sp.mk.in
- DTS_IN ${CMAKE_CURRENT_LIST_DIR}/default_block-storage.dts.in
-diff --git a/deployments/block-storage/config/cfi-flash-optee/default_block-storage.dts.in b/deployments/block-storage/config/cfi-flash-optee/default_block-storage.dts.in
-index 0a97cb53e..287ecb032 100644
---- a/deployments/block-storage/config/cfi-flash-optee/default_block-storage.dts.in
-+++ b/deployments/block-storage/config/cfi-flash-optee/default_block-storage.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
- elf-format = <1>;
-diff --git a/deployments/block-storage/config/default-opteesp/CMakeLists.txt b/deployments/block-storage/config/default-opteesp/CMakeLists.txt
-index 5592dcd0a..7702492fa 100644
---- a/deployments/block-storage/config/default-opteesp/CMakeLists.txt
-+++ b/deployments/block-storage/config/default-opteesp/CMakeLists.txt
-@@ -21,6 +21,7 @@ target_include_directories(block-storage PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}")
- set(SP_BIN_UUID_CANON "63646e80-eb52-462f-ac4f-8cdf3987519c")
- set(SP_FFA_UUID_CANON "${TS_RPC_UUID_CANON}")
- set(SP_HEAP_SIZE "120 * 1024" CACHE STRING "SP heap size in bytes")
-+set(SP_BOOT_ORDER "1")
- set(TRACE_PREFIX "BLOCK" CACHE STRING "Trace prefix")
-
- target_include_directories(block-storage PRIVATE
-@@ -73,6 +74,7 @@ include(${TS_ROOT}/tools/cmake/common/ExportSp.cmake)
- export_sp(
- SP_FFA_UUID_CANON ${SP_FFA_UUID_CANON}
- SP_BIN_UUID_CANON ${SP_BIN_UUID_CANON}
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- SP_NAME "block-storage"
- MK_IN ${TS_ROOT}/environments/opteesp/sp.mk.in
- DTS_IN ${CMAKE_CURRENT_LIST_DIR}/default_block-storage.dts.in
-diff --git a/deployments/block-storage/config/default-opteesp/default_block-storage.dts.in b/deployments/block-storage/config/default-opteesp/default_block-storage.dts.in
-index 0a97cb53e..287ecb032 100644
---- a/deployments/block-storage/config/default-opteesp/default_block-storage.dts.in
-+++ b/deployments/block-storage/config/default-opteesp/default_block-storage.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
- elf-format = <1>;
-diff --git a/deployments/block-storage/config/default-sp/CMakeLists.txt b/deployments/block-storage/config/default-sp/CMakeLists.txt
-index 2241c9c46..2f9c85ca7 100644
---- a/deployments/block-storage/config/default-sp/CMakeLists.txt
-+++ b/deployments/block-storage/config/default-sp/CMakeLists.txt
-@@ -26,6 +26,7 @@ set(SP_BIN_UUID_CANON "63646e80-eb52-462f-ac4f-8cdf3987519c")
- set(SP_FFA_UUID_CANON "${TS_RPC_UUID_CANON}")
- set(SP_HEAP_SIZE "120 * 1024" CACHE STRING "SP heap size in bytes")
- set(SP_STACK_SIZE "64 * 1024" CACHE STRING "Stack size")
-+set(SP_BOOT_ORDER "1")
- set(TRACE_PREFIX "BLOCK" CACHE STRING "Trace prefix")
-
- #-------------------------------------------------------------------------------
-@@ -78,6 +79,7 @@ include(${TS_ROOT}/tools/cmake/common/ExportSp.cmake REQUIRED)
- export_sp(
- SP_FFA_UUID_CANON ${SP_FFA_UUID_CANON}
- SP_BIN_UUID_CANON ${SP_BIN_UUID_CANON}
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- SP_NAME ${SP_NAME}
- DTS_IN ${CMAKE_CURRENT_LIST_DIR}/default_${SP_NAME}.dts.in
- DTS_MEM_REGIONS ${SP_BIN_UUID_CANON}_memory_regions.dtsi
-diff --git a/deployments/block-storage/config/default-sp/default_block-storage.dts.in b/deployments/block-storage/config/default-sp/default_block-storage.dts.in
-index 5d1cf5d08..916925bf3 100644
---- a/deployments/block-storage/config/default-sp/default_block-storage.dts.in
-+++ b/deployments/block-storage/config/default-sp/default_block-storage.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
-
-diff --git a/deployments/block-storage/config/edk2-secure-flash-opteesp/CMakeLists.txt b/deployments/block-storage/config/edk2-secure-flash-opteesp/CMakeLists.txt
-index 5b8bedf69..bba970cee 100644
---- a/deployments/block-storage/config/edk2-secure-flash-opteesp/CMakeLists.txt
-+++ b/deployments/block-storage/config/edk2-secure-flash-opteesp/CMakeLists.txt
-@@ -32,6 +32,7 @@ target_include_directories(block-storage PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}")
- set(SP_BIN_UUID_CANON "63646e80-eb52-462f-ac4f-8cdf3987519c")
- set(SP_FFA_UUID_CANON "${TS_RPC_UUID_CANON}")
- set(SP_HEAP_SIZE "120 * 1024" CACHE STRING "SP heap size in bytes")
-+set(SP_BOOT_ORDER "1")
- set(TRACE_PREFIX "BLOCK" CACHE STRING "Trace prefix")
-
- target_include_directories(block-storage PRIVATE
-@@ -96,6 +97,7 @@ include(${TS_ROOT}/tools/cmake/common/ExportSp.cmake)
- export_sp(
- SP_FFA_UUID_CANON ${SP_FFA_UUID_CANON}
- SP_BIN_UUID_CANON ${SP_BIN_UUID_CANON}
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- SP_NAME "block-storage"
- MK_IN ${TS_ROOT}/environments/opteesp/sp.mk.in
- DTS_IN ${CMAKE_CURRENT_LIST_DIR}/default_block-storage.dts.in
-diff --git a/deployments/block-storage/config/edk2-secure-flash-opteesp/default_block-storage.dts.in b/deployments/block-storage/config/edk2-secure-flash-opteesp/default_block-storage.dts.in
-index 0a97cb53e..287ecb032 100644
---- a/deployments/block-storage/config/edk2-secure-flash-opteesp/default_block-storage.dts.in
-+++ b/deployments/block-storage/config/edk2-secure-flash-opteesp/default_block-storage.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
- elf-format = <1>;
-diff --git a/deployments/block-storage/config/semihosted-opteesp/CMakeLists.txt b/deployments/block-storage/config/semihosted-opteesp/CMakeLists.txt
-index 2be517640..fe7b48dc8 100644
---- a/deployments/block-storage/config/semihosted-opteesp/CMakeLists.txt
-+++ b/deployments/block-storage/config/semihosted-opteesp/CMakeLists.txt
-@@ -27,6 +27,7 @@ target_include_directories(block-storage PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}")
- set(SP_BIN_UUID_CANON "63646e80-eb52-462f-ac4f-8cdf3987519c")
- set(SP_FFA_UUID_CANON "${TS_RPC_UUID_CANON}")
- set(SP_HEAP_SIZE "120 * 1024" CACHE STRING "SP heap size in bytes")
-+set(SP_BOOT_ORDER "1")
- set(TRACE_PREFIX "BLOCK" CACHE STRING "Trace prefix")
-
- target_include_directories(block-storage PRIVATE
-@@ -92,6 +93,7 @@ include(${TS_ROOT}/tools/cmake/common/ExportSp.cmake)
- export_sp(
- SP_FFA_UUID_CANON ${SP_FFA_UUID_CANON}
- SP_BIN_UUID_CANON ${SP_BIN_UUID_CANON}
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- SP_NAME "block-storage"
- MK_IN ${TS_ROOT}/environments/opteesp/sp.mk.in
- DTS_IN ${CMAKE_CURRENT_LIST_DIR}/default_block-storage.dts.in
-diff --git a/deployments/block-storage/config/semihosted-opteesp/default_block-storage.dts.in b/deployments/block-storage/config/semihosted-opteesp/default_block-storage.dts.in
-index 0a97cb53e..287ecb032 100644
---- a/deployments/block-storage/config/semihosted-opteesp/default_block-storage.dts.in
-+++ b/deployments/block-storage/config/semihosted-opteesp/default_block-storage.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
- elf-format = <1>;
-diff --git a/deployments/crypto/config/default-opteesp/CMakeLists.txt b/deployments/crypto/config/default-opteesp/CMakeLists.txt
-index 1e4069d66..11e2dfbb3 100644
---- a/deployments/crypto/config/default-opteesp/CMakeLists.txt
-+++ b/deployments/crypto/config/default-opteesp/CMakeLists.txt
-@@ -30,6 +30,7 @@ target_include_directories(crypto PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}")
- set(SP_BIN_UUID_CANON "d9df52d5-16a2-4bb2-9aa4-d26d3b84e8c0")
- set(SP_FFA_UUID_CANON "${TS_RPC_UUID_CANON}")
- set(SP_HEAP_SIZE "490 * 1024" CACHE STRING "SP heap size in bytes")
-+set(SP_BOOT_ORDER "4")
- set(TRACE_PREFIX "CRYPTO" CACHE STRING "Trace prefix")
-
- target_include_directories(crypto PRIVATE
-@@ -91,6 +92,7 @@ include(${TS_ROOT}/tools/cmake/common/ExportSp.cmake)
- export_sp(
- SP_FFA_UUID_CANON ${SP_FFA_UUID_CANON}
- SP_BIN_UUID_CANON ${SP_BIN_UUID_CANON}
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- SP_NAME "crypto"
- MK_IN ${TS_ROOT}/environments/opteesp/sp.mk.in
- DTS_IN ${CMAKE_CURRENT_LIST_DIR}/default_crypto.dts.in
-diff --git a/deployments/crypto/config/default-opteesp/default_crypto.dts.in b/deployments/crypto/config/default-opteesp/default_crypto.dts.in
-index c9006361d..729dca7f0 100644
---- a/deployments/crypto/config/default-opteesp/default_crypto.dts.in
-+++ b/deployments/crypto/config/default-opteesp/default_crypto.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
- elf-format = <1>;
-diff --git a/deployments/crypto/config/default-sp/CMakeLists.txt b/deployments/crypto/config/default-sp/CMakeLists.txt
-index 83594c5e2..b32772820 100644
---- a/deployments/crypto/config/default-sp/CMakeLists.txt
-+++ b/deployments/crypto/config/default-sp/CMakeLists.txt
-@@ -35,6 +35,7 @@ set(SP_FFA_UUID_CANON "${TS_RPC_UUID_CANON}")
- set(TRACE_PREFIX "CRYPTO" CACHE STRING "Trace prefix")
- set(SP_STACK_SIZE "64 * 1024" CACHE STRING "Stack size")
- set(SP_HEAP_SIZE "490 * 1024" CACHE STRING "Heap size")
-+set(SP_BOOT_ORDER "4")
-
- #-------------------------------------------------------------------------------
- # Components that are specific to deployment in the opteesp environment.
-@@ -91,6 +92,7 @@ include(${TS_ROOT}/tools/cmake/common/ExportSp.cmake REQUIRED)
- export_sp(
- SP_FFA_UUID_CANON ${SP_FFA_UUID_CANON}
- SP_BIN_UUID_CANON ${SP_BIN_UUID_CANON}
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- SP_NAME ${SP_NAME}
- DTS_IN ${CMAKE_CURRENT_LIST_DIR}/default_${SP_NAME}.dts.in
- DTS_MEM_REGIONS ${SP_BIN_UUID_CANON}_memory_regions.dtsi
-diff --git a/deployments/crypto/config/default-sp/default_crypto.dts.in b/deployments/crypto/config/default-sp/default_crypto.dts.in
-index fcc7ce58e..ef63c63a0 100644
---- a/deployments/crypto/config/default-sp/default_crypto.dts.in
-+++ b/deployments/crypto/config/default-sp/default_crypto.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
-
-diff --git a/deployments/env-test/config/baremetal-fvp_base_revc-opteesp/default_env-test.dts.in b/deployments/env-test/config/baremetal-fvp_base_revc-opteesp/default_env-test.dts.in
-index 9c09689cf..c8c8c38f3 100644
---- a/deployments/env-test/config/baremetal-fvp_base_revc-opteesp/default_env-test.dts.in
-+++ b/deployments/env-test/config/baremetal-fvp_base_revc-opteesp/default_env-test.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
- elf-format = <1>;
-diff --git a/deployments/env-test/config/baremetal-fvp_base_revc-sp/default_env-test.dts.in b/deployments/env-test/config/baremetal-fvp_base_revc-sp/default_env-test.dts.in
-index 8c741b29c..379eba332 100644
---- a/deployments/env-test/config/baremetal-fvp_base_revc-sp/default_env-test.dts.in
-+++ b/deployments/env-test/config/baremetal-fvp_base_revc-sp/default_env-test.dts.in
-@@ -13,6 +13,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
- memory-regions {
-diff --git a/deployments/env-test/config/n1sdp-opteesp/default_env-test.dts.in b/deployments/env-test/config/n1sdp-opteesp/default_env-test.dts.in
-index 9c09689cf..c8c8c38f3 100644
---- a/deployments/env-test/config/n1sdp-opteesp/default_env-test.dts.in
-+++ b/deployments/env-test/config/n1sdp-opteesp/default_env-test.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
- elf-format = <1>;
-diff --git a/deployments/fwu/config/default-opteesp/CMakeLists.txt b/deployments/fwu/config/default-opteesp/CMakeLists.txt
-index f5087d81e..d19e4293c 100644
---- a/deployments/fwu/config/default-opteesp/CMakeLists.txt
-+++ b/deployments/fwu/config/default-opteesp/CMakeLists.txt
-@@ -23,6 +23,7 @@ target_include_directories(fwu PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}")
- set(SP_BIN_UUID_CANON "6823a838-1b06-470e-9774-0cce8bfb53fd")
- set(SP_FFA_UUID_CANON "${TS_RPC_UUID_CANON}")
- set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "SP heap size in bytes")
-+set(SP_BOOT_ORDER "7")
-
- target_include_directories(fwu PRIVATE
- ${CMAKE_CURRENT_LIST_DIR}
-@@ -90,6 +91,7 @@ include(${TS_ROOT}/tools/cmake/common/ExportSp.cmake)
- export_sp(
- SP_FFA_UUID_CANON ${SP_FFA_UUID_CANON}
- SP_BIN_UUID_CANON ${SP_BIN_UUID_CANON}
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- SP_NAME "fwu"
- DTS_IN ${CMAKE_CURRENT_LIST_DIR}/default_fwu.dts.in
- JSON_IN ${TS_ROOT}/environments/opteesp/sp_pkg.json.in
-diff --git a/deployments/fwu/config/default-opteesp/default_fwu.dts.in b/deployments/fwu/config/default-opteesp/default_fwu.dts.in
-index 14970d592..d62850fe8 100644
---- a/deployments/fwu/config/default-opteesp/default_fwu.dts.in
-+++ b/deployments/fwu/config/default-opteesp/default_fwu.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
- elf-format = <1>;
-diff --git a/deployments/fwu/config/default-sp/CMakeLists.txt b/deployments/fwu/config/default-sp/CMakeLists.txt
-index f84ba8f27..9ddc7cc3f 100644
---- a/deployments/fwu/config/default-sp/CMakeLists.txt
-+++ b/deployments/fwu/config/default-sp/CMakeLists.txt
-@@ -27,6 +27,7 @@ set(SP_BIN_UUID_CANON "6823a838-1b06-470e-9774-0cce8bfb53fd")
- set(SP_FFA_UUID_CANON "${TS_RPC_UUID_CANON}")
- set(SP_STACK_SIZE "64 * 1024" CACHE STRING "Stack size")
- set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "Heap size")
-+set(SP_BOOT_ORDER "7")
-
- #-------------------------------------------------------------------------------
- # Configure trace output
-@@ -90,6 +91,7 @@ include(${TS_ROOT}/tools/cmake/common/ExportSp.cmake)
- export_sp(
- SP_FFA_UUID_CANON ${SP_FFA_UUID_CANON}
- SP_BIN_UUID_CANON ${SP_BIN_UUID_CANON}
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- SP_NAME ${SP_NAME}
- DTS_IN ${CMAKE_CURRENT_LIST_DIR}/default_${SP_NAME}.dts.in
- DTS_MEM_REGIONS ${SP_BIN_UUID_CANON}_memory_regions.dtsi
-diff --git a/deployments/fwu/config/default-sp/default_fwu.dts.in b/deployments/fwu/config/default-sp/default_fwu.dts.in
-index 3f1292e1f..a30111a18 100644
---- a/deployments/fwu/config/default-sp/default_fwu.dts.in
-+++ b/deployments/fwu/config/default-sp/default_fwu.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
-
-diff --git a/deployments/internal-trusted-storage/config/default-opteesp/CMakeLists.txt b/deployments/internal-trusted-storage/config/default-opteesp/CMakeLists.txt
-index 5ae53d7f7..51040bc9b 100644
---- a/deployments/internal-trusted-storage/config/default-opteesp/CMakeLists.txt
-+++ b/deployments/internal-trusted-storage/config/default-opteesp/CMakeLists.txt
-@@ -21,6 +21,7 @@ set(SP_BIN_UUID_CANON "dc1eef48-b17a-4ccf-ac8b-dfcff7711b14")
- set(SP_FFA_UUID_CANON "${TS_RPC_UUID_CANON}")
-
- set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "SP heap size in bytes")
-+set(SP_BOOT_ORDER "2")
- set(TRACE_PREFIX "ITS" CACHE STRING "Trace prefix")
-
- target_include_directories(internal-trusted-storage PRIVATE
-@@ -74,6 +75,7 @@ include(${TS_ROOT}/tools/cmake/common/ExportSp.cmake)
- export_sp(
- SP_FFA_UUID_CANON ${SP_FFA_UUID_CANON}
- SP_BIN_UUID_CANON ${SP_BIN_UUID_CANON}
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- SP_NAME "internal-trusted-storage"
- MK_IN ${TS_ROOT}/environments/opteesp/sp.mk.in
- DTS_IN ${CMAKE_CURRENT_LIST_DIR}/default_internal-trusted-storage.dts.in
-diff --git a/deployments/internal-trusted-storage/config/default-opteesp/default_internal-trusted-storage.dts.in b/deployments/internal-trusted-storage/config/default-opteesp/default_internal-trusted-storage.dts.in
-index 77d08051c..9c5c8971e 100644
---- a/deployments/internal-trusted-storage/config/default-opteesp/default_internal-trusted-storage.dts.in
-+++ b/deployments/internal-trusted-storage/config/default-opteesp/default_internal-trusted-storage.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
- elf-format = <1>;
-diff --git a/deployments/internal-trusted-storage/config/default-sp/CMakeLists.txt b/deployments/internal-trusted-storage/config/default-sp/CMakeLists.txt
-index fd54a6389..6e68e57ae 100644
---- a/deployments/internal-trusted-storage/config/default-sp/CMakeLists.txt
-+++ b/deployments/internal-trusted-storage/config/default-sp/CMakeLists.txt
-@@ -25,6 +25,7 @@ set(SP_FFA_UUID_CANON "${TS_RPC_UUID_CANON}")
- set(TRACE_PREFIX "ITS" CACHE STRING "Trace prefix")
- set(SP_STACK_SIZE "64 * 1024" CACHE STRING "Stack size")
- set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "Heap size")
-+set(SP_BOOT_ORDER "2")
-
- #-------------------------------------------------------------------------------
- # Add components - this deployment uses an infrastructure that provides
-@@ -78,6 +79,7 @@ include(${TS_ROOT}/tools/cmake/common/ExportSp.cmake REQUIRED)
- export_sp(
- SP_FFA_UUID_CANON ${SP_FFA_UUID_CANON}
- SP_BIN_UUID_CANON ${SP_BIN_UUID_CANON}
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- SP_NAME ${SP_NAME}
- DTS_IN ${CMAKE_CURRENT_LIST_DIR}/default_${SP_NAME}.dts.in
- DTS_MEM_REGIONS ${SP_BIN_UUID_CANON}_memory_regions.dtsi
-diff --git a/deployments/internal-trusted-storage/config/default-sp/default_internal-trusted-storage.dts.in b/deployments/internal-trusted-storage/config/default-sp/default_internal-trusted-storage.dts.in
-index bfe55b651..068ecc079 100644
---- a/deployments/internal-trusted-storage/config/default-sp/default_internal-trusted-storage.dts.in
-+++ b/deployments/internal-trusted-storage/config/default-sp/default_internal-trusted-storage.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
-
-diff --git a/deployments/internal-trusted-storage/config/shared-flash-opteesp/CMakeLists.txt b/deployments/internal-trusted-storage/config/shared-flash-opteesp/CMakeLists.txt
-index 7a0c20966..ab2cf1c25 100644
---- a/deployments/internal-trusted-storage/config/shared-flash-opteesp/CMakeLists.txt
-+++ b/deployments/internal-trusted-storage/config/shared-flash-opteesp/CMakeLists.txt
-@@ -21,6 +21,7 @@ set(SP_BIN_UUID_CANON "dc1eef48-b17a-4ccf-ac8b-dfcff7711b14")
- set(SP_FFA_UUID_CANON "${TS_RPC_UUID_CANON}")
-
- set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "SP heap size in bytes")
-+set(SP_BOOT_ORDER "2")
- set(TRACE_PREFIX "ITS" CACHE STRING "Trace prefix")
-
- target_include_directories(internal-trusted-storage PRIVATE
-@@ -74,6 +75,7 @@ include(${TS_ROOT}/tools/cmake/common/ExportSp.cmake)
- export_sp(
- SP_FFA_UUID_CANON ${SP_FFA_UUID_CANON}
- SP_BIN_UUID_CANON ${SP_BIN_UUID_CANON}
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- SP_NAME "internal-trusted-storage"
- MK_IN ${TS_ROOT}/environments/opteesp/sp.mk.in
- DTS_IN ${CMAKE_CURRENT_LIST_DIR}/default_internal-trusted-storage.dts.in
-diff --git a/deployments/internal-trusted-storage/config/shared-flash-opteesp/default_internal-trusted-storage.dts.in b/deployments/internal-trusted-storage/config/shared-flash-opteesp/default_internal-trusted-storage.dts.in
-index 77d08051c..9c5c8971e 100644
---- a/deployments/internal-trusted-storage/config/shared-flash-opteesp/default_internal-trusted-storage.dts.in
-+++ b/deployments/internal-trusted-storage/config/shared-flash-opteesp/default_internal-trusted-storage.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
- elf-format = <1>;
-diff --git a/deployments/protected-storage/config/default-opteesp/CMakeLists.txt b/deployments/protected-storage/config/default-opteesp/CMakeLists.txt
-index 7d6e5a0e6..e1fb3698c 100644
---- a/deployments/protected-storage/config/default-opteesp/CMakeLists.txt
-+++ b/deployments/protected-storage/config/default-opteesp/CMakeLists.txt
-@@ -21,6 +21,7 @@ set(SP_BIN_UUID_CANON "751bf801-3dde-4768-a514-0f10aeed1790")
- set(SP_FFA_UUID_CANON "${TS_RPC_UUID_CANON}")
-
- set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "SP heap size in bytes")
-+set(SP_BOOT_ORDER "3")
- set(TRACE_PREFIX "PS" CACHE STRING "Trace prefix")
-
- target_include_directories(protected-storage PRIVATE
-@@ -73,6 +74,7 @@ include(${TS_ROOT}/tools/cmake/common/ExportSp.cmake)
- export_sp(
- SP_FFA_UUID_CANON ${SP_FFA_UUID_CANON}
- SP_BIN_UUID_CANON ${SP_BIN_UUID_CANON}
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- SP_NAME "protected-storage"
- MK_IN ${TS_ROOT}/environments/opteesp/sp.mk.in
- DTS_IN ${CMAKE_CURRENT_LIST_DIR}/default_protected-storage.dts.in
-diff --git a/deployments/protected-storage/config/default-opteesp/default_protected-storage.dts.in b/deployments/protected-storage/config/default-opteesp/default_protected-storage.dts.in
-index b305fbbf7..2bc74a40d 100644
---- a/deployments/protected-storage/config/default-opteesp/default_protected-storage.dts.in
-+++ b/deployments/protected-storage/config/default-opteesp/default_protected-storage.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
- elf-format = <1>;
-diff --git a/deployments/protected-storage/config/default-sp/CMakeLists.txt b/deployments/protected-storage/config/default-sp/CMakeLists.txt
-index 1c85ef120..4ee55b84d 100644
---- a/deployments/protected-storage/config/default-sp/CMakeLists.txt
-+++ b/deployments/protected-storage/config/default-sp/CMakeLists.txt
-@@ -25,6 +25,7 @@ set(SP_FFA_UUID_CANON "${TS_RPC_UUID_CANON}")
- set(TRACE_PREFIX "PS" CACHE STRING "Trace prefix")
- set(SP_STACK_SIZE "64 * 1024" CACHE STRING "Stack size")
- set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "Heap size")
-+set(SP_BOOT_ORDER "3")
-
- #-------------------------------------------------------------------------------
- # Add components - this deployment uses an infrastructure that provides
-@@ -78,6 +79,7 @@ include(${TS_ROOT}/tools/cmake/common/ExportSp.cmake REQUIRED)
- export_sp(
- SP_FFA_UUID_CANON ${SP_FFA_UUID_CANON}
- SP_BIN_UUID_CANON ${SP_BIN_UUID_CANON}
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- SP_NAME ${SP_NAME}
- DTS_IN ${CMAKE_CURRENT_LIST_DIR}/default_${SP_NAME}.dts.in
- DTS_MEM_REGIONS ${SP_BIN_UUID_CANON}_memory_regions.dtsi
-diff --git a/deployments/protected-storage/config/default-sp/default_protected-storage.dts.in b/deployments/protected-storage/config/default-sp/default_protected-storage.dts.in
-index 38c9b5849..79c001faf 100644
---- a/deployments/protected-storage/config/default-sp/default_protected-storage.dts.in
-+++ b/deployments/protected-storage/config/default-sp/default_protected-storage.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
-
-diff --git a/deployments/protected-storage/config/shared-flash-opteesp/CMakeLists.txt b/deployments/protected-storage/config/shared-flash-opteesp/CMakeLists.txt
-index 1a3480dce..31724de6a 100644
---- a/deployments/protected-storage/config/shared-flash-opteesp/CMakeLists.txt
-+++ b/deployments/protected-storage/config/shared-flash-opteesp/CMakeLists.txt
-@@ -22,6 +22,7 @@ set(SP_FFA_UUID_CANON "${TS_RPC_UUID_CANON}")
-
- set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "SP heap size in bytes")
- set(TRACE_PREFIX "PS" CACHE STRING "Trace prefix")
-+set(SP_BOOT_ORDER "3")
-
- target_include_directories(protected-storage PRIVATE
- ${CMAKE_CURRENT_LIST_DIR}
-@@ -72,6 +73,7 @@ include(${TS_ROOT}/tools/cmake/common/ExportSp.cmake)
- export_sp(
- SP_FFA_UUID_CANON ${SP_FFA_UUID_CANON}
- SP_BIN_UUID_CANON ${SP_BIN_UUID_CANON}
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- SP_NAME "protected-storage"
- MK_IN ${TS_ROOT}/environments/opteesp/sp.mk.in
- DTS_IN ${CMAKE_CURRENT_LIST_DIR}/default_protected-storage.dts.in
-diff --git a/deployments/protected-storage/config/shared-flash-opteesp/default_protected-storage.dts.in b/deployments/protected-storage/config/shared-flash-opteesp/default_protected-storage.dts.in
-index b305fbbf7..2bc74a40d 100644
---- a/deployments/protected-storage/config/shared-flash-opteesp/default_protected-storage.dts.in
-+++ b/deployments/protected-storage/config/shared-flash-opteesp/default_protected-storage.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
- elf-format = <1>;
-diff --git a/deployments/se-proxy/config/corstone1000-opteesp/CMakeLists.txt b/deployments/se-proxy/config/corstone1000-opteesp/CMakeLists.txt
-index 2c0da0e97..3e2cef692 100644
---- a/deployments/se-proxy/config/corstone1000-opteesp/CMakeLists.txt
-+++ b/deployments/se-proxy/config/corstone1000-opteesp/CMakeLists.txt
-@@ -23,6 +23,7 @@ set(SP_BIN_UUID_CANON "46bb39d1-b4d9-45b5-88ff-040027dab249")
- set(SP_FFA_UUID_CANON "${TS_RPC_UUID_CANON}")
-
- set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "SP heap size in bytes")
-+set(SP_BOOT_ORDER "1")
- set(TRACE_PREFIX "SEPROXY" CACHE STRING "Trace prefix")
-
- target_include_directories(se-proxy PRIVATE
-@@ -84,6 +85,7 @@ include(${TS_ROOT}/tools/cmake/common/ExportSp.cmake)
- export_sp(
- SP_FFA_UUID_CANON ${SP_FFA_UUID_CANON}
- SP_BIN_UUID_CANON ${SP_BIN_UUID_CANON}
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- SP_NAME "se-proxy"
- MK_IN ${TS_ROOT}/environments/opteesp/sp.mk.in
- DTS_IN ${CMAKE_CURRENT_LIST_DIR}/default_se-proxy.dts.in
-diff --git a/deployments/se-proxy/config/corstone1000-opteesp/default_se-proxy.dts.in b/deployments/se-proxy/config/corstone1000-opteesp/default_se-proxy.dts.in
-index cc42929d5..d3addedbc 100644
---- a/deployments/se-proxy/config/corstone1000-opteesp/default_se-proxy.dts.in
-+++ b/deployments/se-proxy/config/corstone1000-opteesp/default_se-proxy.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
- elf-format = <1>;
-diff --git a/deployments/se-proxy/config/default-opteesp/CMakeLists.txt b/deployments/se-proxy/config/default-opteesp/CMakeLists.txt
-index 77ea841d2..a9b1bad17 100644
---- a/deployments/se-proxy/config/default-opteesp/CMakeLists.txt
-+++ b/deployments/se-proxy/config/default-opteesp/CMakeLists.txt
-@@ -25,6 +25,7 @@ set(SP_BIN_UUID_CANON "46bb39d1-b4d9-45b5-88ff-040027dab249")
- set(SP_FFA_UUID_CANON "${TS_RPC_UUID_CANON}")
-
- set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "SP heap size in bytes")
-+set(SP_BOOT_ORDER "2")
- set(TRACE_PREFIX "SEPROXY" CACHE STRING "Trace prefix")
-
- target_include_directories(se-proxy PRIVATE
-@@ -86,6 +87,7 @@ include(${TS_ROOT}/tools/cmake/common/ExportSp.cmake)
- export_sp(
- SP_FFA_UUID_CANON ${SP_FFA_UUID_CANON}
- SP_BIN_UUID_CANON ${SP_BIN_UUID_CANON}
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- SP_NAME "se-proxy"
- MK_IN ${TS_ROOT}/environments/opteesp/sp.mk.in
- DTS_IN ${CMAKE_CURRENT_LIST_DIR}/default_se-proxy.dts.in
-diff --git a/deployments/se-proxy/config/default-opteesp/default_se-proxy.dts.in b/deployments/se-proxy/config/default-opteesp/default_se-proxy.dts.in
-index 902017c35..7c2f038a0 100644
---- a/deployments/se-proxy/config/default-opteesp/default_se-proxy.dts.in
-+++ b/deployments/se-proxy/config/default-opteesp/default_se-proxy.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
- elf-format = <1>;
-diff --git a/deployments/se-proxy/config/default-sp/CMakeLists.txt b/deployments/se-proxy/config/default-sp/CMakeLists.txt
-index 70d40739d..59780b44d 100644
---- a/deployments/se-proxy/config/default-sp/CMakeLists.txt
-+++ b/deployments/se-proxy/config/default-sp/CMakeLists.txt
-@@ -29,6 +29,7 @@ set(SP_FFA_UUID_CANON "${TS_RPC_UUID_CANON}")
- set(TRACE_PREFIX "SEPROXY" CACHE STRING "Trace prefix")
- set(SP_STACK_SIZE "64 * 1024" CACHE STRING "Stack size")
- set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "Heap size")
-+set(SP_BOOT_ORDER "2")
-
- #-------------------------------------------------------------------------------
- # Components that are specific to deployment in the opteesp environment.
-@@ -85,6 +86,7 @@ include(${TS_ROOT}/tools/cmake/common/ExportSp.cmake REQUIRED)
- export_sp(
- SP_FFA_UUID_CANON ${SP_FFA_UUID_CANON}
- SP_BIN_UUID_CANON ${SP_BIN_UUID_CANON}
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- SP_NAME ${SP_NAME}
- DTS_IN ${CMAKE_CURRENT_LIST_DIR}/default_${SP_NAME}.dts.in
- DTS_MEM_REGIONS ${SP_BIN_UUID_CANON}_memory_regions.dtsi
-diff --git a/deployments/se-proxy/config/default-sp/default_se-proxy.dts.in b/deployments/se-proxy/config/default-sp/default_se-proxy.dts.in
-index 3b66f9258..09f0dc129 100644
---- a/deployments/se-proxy/config/default-sp/default_se-proxy.dts.in
-+++ b/deployments/se-proxy/config/default-sp/default_se-proxy.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
-
-diff --git a/deployments/sfs-demo/opteesp/default_sfs-demo.dts.in b/deployments/sfs-demo/opteesp/default_sfs-demo.dts.in
-index 69c36895e..17d1dece3 100644
---- a/deployments/sfs-demo/opteesp/default_sfs-demo.dts.in
-+++ b/deployments/sfs-demo/opteesp/default_sfs-demo.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
- elf-format = <1>;
-diff --git a/deployments/sfs-demo/sp/default_sfs-demo.dts.in b/deployments/sfs-demo/sp/default_sfs-demo.dts.in
-index 0ea2844d7..b97b5ffea 100644
---- a/deployments/sfs-demo/sp/default_sfs-demo.dts.in
-+++ b/deployments/sfs-demo/sp/default_sfs-demo.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
-
-diff --git a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt
-index 0ca460601..7becb3999 100644
---- a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt
-+++ b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt
-@@ -22,6 +22,7 @@ add_executable(smm-gateway)
- target_include_directories(smm-gateway PRIVATE "${TOP_LEVEL_INCLUDE_DIRS}")
- set(SP_BIN_UUID_CANON "ed32d533-99e6-4209-9cc0-2d72cdd998a7")
- set(SP_FFA_UUID_CANON "${SP_BIN_UUID_CANON}")
-+set(SP_BOOT_ORDER "8")
-
- set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "SP heap size in bytes")
- set(TRACE_PREFIX "SMMGW" CACHE STRING "Trace prefix")
-@@ -89,6 +90,7 @@ include(${TS_ROOT}/tools/cmake/common/ExportSp.cmake)
- export_sp(
- SP_FFA_UUID_CANON ${SP_FFA_UUID_CANON}
- SP_BIN_UUID_CANON ${SP_BIN_UUID_CANON}
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- SP_NAME "smm-gateway"
- MK_IN ${TS_ROOT}/environments/opteesp/sp.mk.in
- DTS_IN ${CMAKE_CURRENT_LIST_DIR}/default_smm-gateway.dts.in
-diff --git a/deployments/smm-gateway/config/default-opteesp/default_smm-gateway.dts.in b/deployments/smm-gateway/config/default-opteesp/default_smm-gateway.dts.in
-index d74c2f3ee..eb5ebf592 100644
---- a/deployments/smm-gateway/config/default-opteesp/default_smm-gateway.dts.in
-+++ b/deployments/smm-gateway/config/default-opteesp/default_smm-gateway.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
- elf-format = <1>;
-diff --git a/deployments/smm-gateway/config/default-sp/CMakeLists.txt b/deployments/smm-gateway/config/default-sp/CMakeLists.txt
-index 95c572632..e56a8559d 100644
---- a/deployments/smm-gateway/config/default-sp/CMakeLists.txt
-+++ b/deployments/smm-gateway/config/default-sp/CMakeLists.txt
-@@ -27,6 +27,8 @@ set(SP_BIN_UUID_CANON "ed32d533-99e6-4209-9cc0-2d72cdd998a7")
- set(SP_FFA_UUID_CANON "${SP_BIN_UUID_CANON}")
- set(TRACE_PREFIX "SMMGW" CACHE STRING "Trace prefix")
- set(SP_STACK_SIZE "64 * 1024" CACHE STRING "Stack size")
-+set(SP_BOOT_ORDER "8")
-+
- set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "Heap size")
-
- # Setting the MM communication buffer parameters
-@@ -88,6 +90,7 @@ include(${TS_ROOT}/tools/cmake/common/ExportSp.cmake REQUIRED)
- export_sp(
- SP_FFA_UUID_CANON ${SP_FFA_UUID_CANON}
- SP_BIN_UUID_CANON ${SP_BIN_UUID_CANON}
-+ SP_BOOT_ORDER ${SP_BOOT_ORDER}
- SP_NAME ${SP_NAME}
- DTS_IN ${CMAKE_CURRENT_LIST_DIR}/default_${SP_NAME}.dts.in
- DTS_MEM_REGIONS ${SP_BIN_UUID_CANON}_memory_regions.dtsi
-diff --git a/deployments/smm-gateway/config/default-sp/default_smm-gateway.dts.in b/deployments/smm-gateway/config/default-sp/default_smm-gateway.dts.in
-index 9b8988eb1..8e41eb762 100644
---- a/deployments/smm-gateway/config/default-sp/default_smm-gateway.dts.in
-+++ b/deployments/smm-gateway/config/default-sp/default_smm-gateway.dts.in
-@@ -15,6 +15,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AArch64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
-
-diff --git a/deployments/spm-test1/opteesp/CMakeLists.txt b/deployments/spm-test1/opteesp/CMakeLists.txt
-index 4558303ad..26b846ef6 100644
---- a/deployments/spm-test1/opteesp/CMakeLists.txt
-+++ b/deployments/spm-test1/opteesp/CMakeLists.txt
-@@ -18,6 +18,7 @@ set(SP_FFA_UUID_CANON "5c9edbc3-7b3a-4367-9f83-7c191ae86a37")
- set(SP_NUMBER 1)
- set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "SP heap size in bytes")
- set(TRACE_PREFIX "SPM-TEST${SP_NUMBER}" CACHE STRING "Trace prefix")
-+set(SP_BOOT_ORDER "0" CACHE STRING "Boot-order.")
-
- #-------------------------------------------------------------------------------
- # Components that are spm-test specific to deployment in the opteesp
-diff --git a/deployments/spm-test1/opteesp/default_spm_test1.dts.in b/deployments/spm-test1/opteesp/default_spm_test1.dts.in
-index 0cc220798..a672ee19c 100644
---- a/deployments/spm-test1/opteesp/default_spm_test1.dts.in
-+++ b/deployments/spm-test1/opteesp/default_spm_test1.dts.in
-@@ -17,6 +17,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AARCH64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
- elf-format = <1>;
-diff --git a/deployments/spm-test2/opteesp/CMakeLists.txt b/deployments/spm-test2/opteesp/CMakeLists.txt
-index ea82a4ae1..3781567bb 100644
---- a/deployments/spm-test2/opteesp/CMakeLists.txt
-+++ b/deployments/spm-test2/opteesp/CMakeLists.txt
-@@ -18,6 +18,7 @@ set(SP_FFA_UUID_CANON "7817164c-c40c-4d1a-867a-9bb2278cf41a")
- set(SP_NUMBER 2)
- set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "SP heap size in bytes")
- set(TRACE_PREFIX "SPM-TEST${SP_NUMBER}" CACHE STRING "Trace prefix")
-+set(SP_BOOT_ORDER "0" CACHE STRING "Boot-order.")
-
- #-------------------------------------------------------------------------------
- # Components that are spm-test specific to deployment in the opteesp
-diff --git a/deployments/spm-test2/opteesp/default_spm_test2.dts.in b/deployments/spm-test2/opteesp/default_spm_test2.dts.in
-index f75bd9e7e..2364ded72 100644
---- a/deployments/spm-test2/opteesp/default_spm_test2.dts.in
-+++ b/deployments/spm-test2/opteesp/default_spm_test2.dts.in
-@@ -17,6 +17,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AARCH64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
- elf-format = <1>;
-diff --git a/deployments/spm-test3/opteesp/CMakeLists.txt b/deployments/spm-test3/opteesp/CMakeLists.txt
-index c448673d6..7d9ae0b42 100644
---- a/deployments/spm-test3/opteesp/CMakeLists.txt
-+++ b/deployments/spm-test3/opteesp/CMakeLists.txt
-@@ -18,6 +18,8 @@ set(SP_FFA_UUID_CANON "23eb0100-e32a-4497-9052-2f11e584afa6")
- set(SP_NUMBER 3)
- set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "SP heap size in bytes")
- set(TRACE_PREFIX "SPM-TEST${SP_NUMBER}" CACHE STRING "Trace prefix")
-+set(SP_BOOT_ORDER "0" CACHE STRING "Boot-order.")
-+
-
- #-------------------------------------------------------------------------------
- # Components that are spm-test specific to deployment in the opteesp
-diff --git a/deployments/spm-test3/opteesp/default_spm_test3.dts.in b/deployments/spm-test3/opteesp/default_spm_test3.dts.in
-index c3c768fb5..17e9a47b8 100644
---- a/deployments/spm-test3/opteesp/default_spm_test3.dts.in
-+++ b/deployments/spm-test3/opteesp/default_spm_test3.dts.in
-@@ -17,6 +17,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AARCH64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
- elf-format = <1>;
-diff --git a/deployments/spm-test4/opteesp/CMakeLists.txt b/deployments/spm-test4/opteesp/CMakeLists.txt
-index 4e572ecd2..09cb70944 100644
---- a/deployments/spm-test4/opteesp/CMakeLists.txt
-+++ b/deployments/spm-test4/opteesp/CMakeLists.txt
-@@ -18,6 +18,7 @@ set(SP_FFA_UUID_CANON "23eb0100-e32a-4497-9052-2f11e584afa6")
- set(SP_NUMBER 4)
- set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "SP heap size in bytes")
- set(TRACE_PREFIX "SPM-TEST${SP_NUMBER}" CACHE STRING "Trace prefix")
-+set(SP_BOOT_ORDER "0" CACHE STRING "Boot-order.")
-
- #-------------------------------------------------------------------------------
- # Components that are spm-test specific to deployment in the opteesp
-diff --git a/deployments/spm-test4/opteesp/default_spm_test4.dts.in b/deployments/spm-test4/opteesp/default_spm_test4.dts.in
-index fffc31f45..ac57dcdfb 100644
---- a/deployments/spm-test4/opteesp/default_spm_test4.dts.in
-+++ b/deployments/spm-test4/opteesp/default_spm_test4.dts.in
-@@ -17,6 +17,7 @@
- exception-level = <1>; /* S-EL0 */
- execution-state = <0>; /* AARCH64 */
- xlat-granule = <0>; /* 4KiB */
-+ boot-order = /bits/ 16 <@EXPORT_SP_BOOT_ORDER@>;
- messaging-method = <3>; /* Direct messaging only */
- ns-interrupts-action = <2>; /* Non-secure interrupts are signaled */
- elf-format = <1>;
-diff --git a/tools/cmake/common/ExportSp.cmake b/tools/cmake/common/ExportSp.cmake
-index 78701b933..ceb770046 100644
---- a/tools/cmake/common/ExportSp.cmake
-+++ b/tools/cmake/common/ExportSp.cmake
-@@ -15,6 +15,7 @@ include(${CMAKE_CURRENT_LIST_DIR}/Uuid.cmake)
- export_sp(
- SP_FFA_UUID_CANON <uuid_str_canon>
- SP_NAME <name> MK_IN <.mk path>
-+ SP_BOOT_ORDER <number>
- DTS_IN <DTS path>
- DTS_MEM_REGIONS <Memory region manifest path>
- JSON_IN <JSON path>
-@@ -29,6 +30,9 @@ include(${CMAKE_CURRENT_LIST_DIR}/Uuid.cmake)
- The UUID of the SP binary a canonical string. When not set use the
- SP_FFA_UUID_CANON as the SP_BIN_UUID_CANON.
-
-+ ``SP_BOOT_ORDER``
-+ Boot-order of the SP. 0 will be booted first.
-+
- ``SP_NAME``
- The name of the SP.
-
-@@ -47,7 +51,7 @@ include(${CMAKE_CURRENT_LIST_DIR}/Uuid.cmake)
- #]===]
- function (export_sp)
- set(options)
-- set(oneValueArgs SP_FFA_UUID_CANON SP_BIN_UUID_CANON SP_NAME MK_IN DTS_IN DTS_MEM_REGIONS JSON_IN)
-+ set(oneValueArgs SP_FFA_UUID_CANON SP_BIN_UUID_CANON SP_BOOT_ORDER SP_NAME MK_IN DTS_IN DTS_MEM_REGIONS JSON_IN)
- set(multiValueArgs)
- cmake_parse_arguments(EXPORT "${options}" "${oneValueArgs}"
- "${multiValueArgs}" ${ARGN} )
-@@ -59,6 +63,9 @@ function (export_sp)
- # We use the same UUID for the binary and FF-A if the UUID of the SP binary is not set
- set(EXPORT_SP_BIN_UUID_CANON ${EXPORT_SP_FFA_UUID_CANON})
- endif()
-+ if(NOT DEFINED EXPORT_SP_BOOT_ORDER)
-+ message(FATAL_ERROR "export_sp: mandatory parameter SP_BOOT_ORDER not defined!")
-+ endif()
- if(NOT DEFINED EXPORT_SP_NAME)
- message(FATAL_ERROR "export_sp: mandatory parameter SP_NAME not defined!")
- endif()
---
-2.34.1
-
diff --git a/meta-arm/recipes-security/trusted-services/files/0001-Upgrade-nanopb-to-v0.4.7.patch b/meta-arm/recipes-security/trusted-services/files/0001-Upgrade-nanopb-to-v0.4.7.patch
deleted file mode 100644
index 9e81f26d..00000000
--- a/meta-arm/recipes-security/trusted-services/files/0001-Upgrade-nanopb-to-v0.4.7.patch
+++ /dev/null
@@ -1,179 +0,0 @@
-From f3ba58b00ec967970d22dfbd71c406ccb5b2ac78 Mon Sep 17 00:00:00 2001
-From: Ross Burton <ross.burton@arm.com>
-Date: Fri, 29 Sep 2023 16:21:26 +0100
-Subject: [PATCH 1/1] Upgrade nanopb to v4.7.0
-
-Upgrade the nanopb to 0.4.7 and add the following fixes:
- - remove the nanopb patch as it has become obsolete.
- - stop using the nanopb protoc wrapper when building the generator as
- this seems to cause build issues.
- - use the new nanopb_PYTHON_INSTDIR_OVERRIDE variable to set the
- install location for the generator. Modify TS cmake script to search
- the generator in the install content instead of the nanopb source.
- - pass discovered python settings to nanopb build using the initial
- cache. This speeds up the build and allows easier control of python
- discovery for integration systems.
-
-Upstream-Status: Pending
-
-Signed-off-by: Ross Burton <ross.burton@arm.com>
-Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
----
- external/nanopb/fix-pyhon-name.patch | 41 ----------------------
- external/nanopb/nanopb-init-cache.cmake.in | 9 ++++-
- external/nanopb/nanopb.cmake | 34 +++++++++---------
- 3 files changed, 24 insertions(+), 60 deletions(-)
- delete mode 100644 external/nanopb/fix-pyhon-name.patch
-
-diff --git a/external/nanopb/fix-pyhon-name.patch b/external/nanopb/fix-pyhon-name.patch
-deleted file mode 100644
-index ab0e84c5..00000000
---- a/external/nanopb/fix-pyhon-name.patch
-+++ /dev/null
-@@ -1,41 +0,0 @@
--This patch fixes two issues:
--
--1. On windows the python3 executable is not allways called "python3". As a result
-- "protoc" execution can fail due to the shebang in the file. This patch fixes
-- this by running protoc with the intepreter.
--
--2. In addition when not running from a virtualenv, the install path for python file
-- is set to the "user site-packages" to avoid needing elevated access rights.
--
--diff --git a/CMakeLists.txt b/CMakeLists.txt
--index 31c86e7..e827015 100644
----- a/CMakeLists.txt
--+++ b/CMakeLists.txt
--@@ -54,13 +54,25 @@ if(nanopb_BUILD_GENERATOR)
-- string(REGEX REPLACE "([^;]+)" "\\1_pb2.py" generator_proto_py_file "${generator_proto}")
-- add_custom_command(
-- OUTPUT ${generator_proto_py_file}
--- COMMAND ${nanopb_PROTOC_PATH} --python_out=${PROJECT_BINARY_DIR} -I${PROJECT_SOURCE_DIR}/generator/proto ${generator_proto_file}
--+ COMMAND ${Python_EXECUTABLE} ${nanopb_PROTOC_PATH} --python_out=${PROJECT_BINARY_DIR} -I${PROJECT_SOURCE_DIR}/generator/proto ${generator_proto_file}
-- DEPENDS ${generator_proto_file}
-- )
-- add_custom_target("generate_${generator_proto_py_file}" ALL DEPENDS ${generator_proto_py_file})
--+
--+ if (DEFINED ENV{VIRTUAL_ENV})
--+ set(PYTHON_INSTALL_DIR ${Python_SITELIB} CACHE PATH "Install location for generated python modules.")
--+ else()
--+ execute_process(
--+ COMMAND ${Python_EXECUTABLE} -m site --user-site
--+ OUTPUT_VARIABLE PYTHON_USER_SITE
--+ OUTPUT_STRIP_TRAILING_WHITESPACE
--+ )
--+ set(PYTHON_INSTALL_DIR ${PYTHON_USER_SITE} CACHE PATH "Install location for generated python modules.")
--+ endif()
--+
-- install(
-- FILES ${PROJECT_BINARY_DIR}/${generator_proto_py_file}
--- DESTINATION ${Python_SITELIB}
--+ DESTINATION ${PYTHON_INSTALL_DIR}
-- )
-- endforeach()
-- endif()
-diff --git a/external/nanopb/nanopb-init-cache.cmake.in b/external/nanopb/nanopb-init-cache.cmake.in
-index fb8104d6..c53b6e5b 100644
---- a/external/nanopb/nanopb-init-cache.cmake.in
-+++ b/external/nanopb/nanopb-init-cache.cmake.in
-@@ -12,11 +12,18 @@ set(BUILD_STATIC_LIBS On CACHE BOOL "")
- set(nanopb_BUILD_RUNTIME On CACHE BOOL "")
- set(nanopb_BUILD_GENERATOR On CACHE BOOL "")
- set(nanopb_MSVC_STATIC_RUNTIME Off BOOL "")
--set(nanopb_PROTOC_PATH ${CMAKE_SOURCE_DIR}/generator/protoc CACHE STRING "")
-+
-+# Specify location of python binary and avoid discovery.
-+set(Python_EXECUTABLE "@Python_EXECUTABLE@" CACHE PATH "Location of python3 executable")
-
- string(TOUPPER @CMAKE_CROSSCOMPILING@ CMAKE_CROSSCOMPILING) # CMake expects TRUE
- if (CMAKE_CROSSCOMPILING)
- set(CMAKE_TRY_COMPILE_TARGET_TYPE STATIC_LIBRARY CACHE STRING "")
- endif()
-
-+# Override the install directory of the generator. TS will first look at
-+# NEWLIB_INSTALL_DIR (aka. BUILD_INSTALL_DIR), then let cmake do system specific
-+# search.
-+set(nanopb_PYTHON_INSTDIR_OVERRIDE "@BUILD_INSTALL_DIR@/lib/python" CACHE PATH "")
-+
- @_cmake_fragment@
-diff --git a/external/nanopb/nanopb.cmake b/external/nanopb/nanopb.cmake
-index 36465f61..fa35d971 100644
---- a/external/nanopb/nanopb.cmake
-+++ b/external/nanopb/nanopb.cmake
-@@ -10,17 +10,14 @@ NanoPB integration for cmake
- ----------------------------
-
- This module will:
-- - download nanopb if not available locally
-- - build the runtime static library and the generator
-- - import the static library to the build
-- - define a function to provide access to the generator
-+ - use LazyFetch to download nanopb and build the static library and the generator.
-+ Usual LazyFetch configuration to use prefetched source or prebuilt binaries apply.
-+ - run find_module() to import the static library
-+ - run find_executable() import the generator to the build (extend PYTHONPATH) and
-+ define a cmake function to provide access to the generator to build nanopb files.
-
--Note: the python module created by the generator build will be installed under
--Python_SITELIB ("Third-party platform independent installation directory.")
--This means the build may alter the state of your system. Please use virtualenv.
--
--Note: see requirements.txt for dependencies which need to be installed before
--running this module.
-+Note: see requirements.txt for dependencies which need to be installed in the build
-+environment to use this module.
-
- #]===]
-
-@@ -28,7 +25,7 @@ running this module.
-
- set(NANOPB_URL "https://github.com/nanopb/nanopb.git"
- CACHE STRING "nanopb repository URL")
--set(NANOPB_REFSPEC "nanopb-0.4.2"
-+set(NANOPB_REFSPEC "nanopb-0.4.7"
- CACHE STRING "nanopb git refspec")
- set(NANOPB_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/nanopb-src"
- CACHE PATH "nanopb source-code")
-@@ -65,6 +62,11 @@ if(TARGET stdlib::c)
- unset_saved_properties(LIBC)
- endif()
-
-+# Nanopb build depends on python. Discover python here and pass the result to
-+# nanopb build trough the initial cache file.
-+find_package(Python3 REQUIRED COMPONENTS Interpreter)
-+
-+# Use LazyFetch to manage the external dependency.
- include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED)
- LazyFetch_MakeAvailable(DEP_NAME nanopb
- FETCH_OPTIONS ${GIT_OPTIONS}
-@@ -80,12 +82,9 @@ if(TARGET stdlib::c)
- endif()
-
- #### Build access to the protobuf compiler
--#TODO: verify protoc dependencies: python3-protobuf
--find_package(Python3 REQUIRED COMPONENTS Interpreter)
--
--find_file(NANOPB_GENERATOR_PATH
-+find_program(NANOPB_GENERATOR_PATH
- NAMES nanopb_generator.py
-- PATHS ${nanopb_SOURCE_DIR}/generator
-+ HINTS ${NANOPB_INSTALL_DIR}/bin ${NANOPB_INSTALL_DIR}/sbin
- DOC "nanopb protobuf compiler"
- NO_DEFAULT_PATH
- )
-@@ -186,11 +185,10 @@ function(protobuf_generate)
- target_include_directories(${PARAMS_TGT} PRIVATE ${_OUT_DIR_BASE})
- endif()
-
-- get_filename_component(NANOPB_GENERATOR_DIR "${NANOPB_GENERATOR_PATH}" DIRECTORY CACHE "Location of nanopb generator.")
- #Append a protobuf generator command to the nanopb_generate target.
- add_custom_command(OUTPUT "${_OUT_C}" "${_OUT_H}"
- COMMAND
-- ${CMAKE_COMMAND} -E env PYTHONPATH=${NANOPB_GENERATOR_DIR}
-+ ${CMAKE_COMMAND} -E env PYTHONPATH=${NANOPB_INSTALL_DIR}/lib/python
- ${Python3_EXECUTABLE} ${NANOPB_GENERATOR_PATH}
- -I ${PARAMS_BASE_DIR}
- -D ${_OUT_DIR_BASE}
---
-2.34.1
-
diff --git a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
index f8cbc862..6b193b33 100644
--- a/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
+++ b/meta-arm/recipes-security/trusted-services/trusted-services-src.inc
@@ -2,19 +2,17 @@
LICENSE = "Apache-2.0 & BSD-3-Clause & BSD-2-Clause & Zlib"
-SRC_URI = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https;branch=integration;name=trusted-services;destsuffix=git/trusted-services \
+SRC_URI = "git://git.trustedfirmware.org/TS/trusted-services.git;protocol=https;branch=main;name=trusted-services;destsuffix=git/trusted-services \
"
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
SRC_URI:append = "\
- file://0001-Upgrade-nanopb-to-v0.4.7.patch \
- file://0001-Add-boot-order-property-to-SP-manifests.patch \
file://0001-Allow-configuring-flash-image-files-compile-time.patch \
"
-# Trusted Services; Tag: v1.0.0
-SRCREV_trusted-services = "808904390eb89294d2371959a7d82dde3851ca6c"
+# Trusted Services; aka. 2024 April 19
+SRCREV_trusted-services = "602be607198ea784bc5ab1c0c9d3ac4e2c67f1d9"
LIC_FILES_CHKSUM = "file://${S}/license.rst;md5=ea160bac7f690a069c608516b17997f4"
S = "${WORKDIR}/git/trusted-services"
@@ -25,10 +23,10 @@ SRC_URI += "git://github.com/dgibson/dtc;name=dtc;protocol=https;branch=main;des
SRCREV_dtc = "b6910bec11614980a21e46fbccc35934b671bd81"
LIC_FILES_CHKSUM += "file://../dtc/README.license;md5=a1eb22e37f09df5b5511b8a278992d0e"
-# MbedTLS, tag "mbedtls-3.4.0"
+# MbedTLS, tag "v3.5.1"
SRC_URI += "git://github.com/ARMmbed/mbedtls.git;name=mbedtls;protocol=https;branch=master;destsuffix=git/mbedtls"
-SRCREV_mbedtls = "1873d3bfc2da771672bd8e7e8f41f57e0af77f33"
-LIC_FILES_CHKSUM += "file://../mbedtls/LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
+SRCREV_mbedtls = "15254759342494c7e969766d5424d78d7deb9bfa"
+LIC_FILES_CHKSUM += "file://../mbedtls/LICENSE;md5=379d5819937a6c2f1ef1630d341e026d"
# Nanopb, tag "nanopb-0.4.7" plus some further fixes
SRC_URI += "git://github.com/nanopb/nanopb.git;name=nanopb;protocol=https;branch=master;destsuffix=git/nanopb"
diff --git a/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb b/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb
index 24a724a4..669e87ae 100644
--- a/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb
+++ b/meta-arm/recipes-security/trusted-services/ts-newlib_4.1.0.bb
@@ -7,7 +7,7 @@ require trusted-services.inc
SRC_URI += "git://sourceware.org/git/newlib-cygwin.git;name=newlib;protocol=https;branch=master;destsuffix=git/newlib \
"
-# tag "newlib-0.4.1"
+# tag "newlib-4.1.0"
SRCREV_newlib = "415fdd4279b85eeec9d54775ce13c5c412451e08"
LIC_FILES_CHKSUM += "file://../newlib/COPYING.NEWLIB;md5=b8dda70da54e0efb49b1074f349d7749"
--
2.43.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 3/5] arm/trusted-services: fix oeqa script
2024-04-29 15:26 [PATCH 1/5] Add support for the TS Firmware Update service Gyorgy Szing
2024-04-29 15:26 ` [PATCH 2/5] arm/trusted-services: update to 2024 April 19 Gyorgy Szing
@ 2024-04-29 15:26 ` Gyorgy Szing
2024-04-29 15:26 ` [PATCH 4/5] arm-bsp/trusted-services: rebase corstone1000 patches Gyorgy Szing
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Gyorgy Szing @ 2024-04-29 15:26 UTC (permalink / raw
To: meta-arm; +Cc: Gyorgy Szing
trusted_services.py:test_15_crypto_service runs ts-service test with
an incorrect argument list. The -g argument does not accept two group
names. This resulted in a silent failure.
Fix this by relying the pattern matching capability of the argument.
Additionaly remove references to OP-TEE from test messages as TS tests
are SPMC agonistic.
Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
---
.../lib/oeqa/runtime/cases/trusted_services.py | 16 ++++++----------
1 file changed, 6 insertions(+), 10 deletions(-)
diff --git a/meta-arm/lib/oeqa/runtime/cases/trusted_services.py b/meta-arm/lib/oeqa/runtime/cases/trusted_services.py
index e6a840a9..54423999 100644
--- a/meta-arm/lib/oeqa/runtime/cases/trusted_services.py
+++ b/meta-arm/lib/oeqa/runtime/cases/trusted_services.py
@@ -75,7 +75,7 @@ class TrustedServicesTest(OERuntimeTestCase):
def test_11_ps_service_tests(self):
if 'ts-storage' not in self.tc.td['MACHINE_FEATURES'] and \
'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']:
- self.skipTest('Storage SP is not included into OPTEE')
+ self.skipTest('Storage SP is not deployed in the system.')
self.run_test_tool('ts-service-test -g PsServiceTests')
@OEHasPackage(['ts-service-test'])
@@ -83,7 +83,7 @@ class TrustedServicesTest(OERuntimeTestCase):
def test_12_its_service_tests(self):
if 'ts-its' not in self.tc.td['MACHINE_FEATURES'] and \
'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']:
- self.skipTest('Internal Storage SP is not included into OPTEE')
+ self.skipTest('Internal Storage SP is not deployed in the system.')
self.run_test_tool('ts-service-test -g ItsServiceTests')
@OEHasPackage(['ts-service-test'])
@@ -91,9 +91,8 @@ class TrustedServicesTest(OERuntimeTestCase):
def test_14_attestation_service_tests(self):
if 'ts-attestation' not in self.tc.td['MACHINE_FEATURES'] and \
'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']:
- self.skipTest('Attestation SP is not included into OPTEE')
- for grp in ["AttestationProvisioningTests", "AttestationServiceTests"]:
- self.run_test_tool('ts-service-test -g %s'%grp)
+ self.skipTest('Attestation SP is not deployed in the system.')
+ self.run_test_tool('ts-service-test -g Attestation')
@OEHasPackage(['ts-service-test'])
@skipIfNotInDataVar('MACHINE_FEATURES', 'ts-crypto', 'Crypto SP is not included')
@@ -101,8 +100,5 @@ class TrustedServicesTest(OERuntimeTestCase):
def test_15_crypto_service_tests(self):
if 'ts-crypto' not in self.tc.td['MACHINE_FEATURES'] and \
'ts-se-proxy' not in self.tc.td['MACHINE_FEATURES']:
- self.skipTest('Crypto SP is not included into OPTEE')
- for grp in ["CryptoKeyDerivationServicePackedcTests", "CryptoMacServicePackedcTests", \
- "CryptoCipherServicePackedcTests", "CryptoHashServicePackedcTests", \
- "CryptoServicePackedcTests", "CryptoServiceProtobufTests CryptoServiceLimitTests"]:
- self.run_test_tool('ts-service-test -g %s'%grp)
+ self.skipTest('Crypto SP is not deployed in the system.')
+ self.run_test_tool('ts-service-test -g Crypto')
--
2.43.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 4/5] arm-bsp/trusted-services: rebase corstone1000 patches
2024-04-29 15:26 [PATCH 1/5] Add support for the TS Firmware Update service Gyorgy Szing
2024-04-29 15:26 ` [PATCH 2/5] arm/trusted-services: update to 2024 April 19 Gyorgy Szing
2024-04-29 15:26 ` [PATCH 3/5] arm/trusted-services: fix oeqa script Gyorgy Szing
@ 2024-04-29 15:26 ` Gyorgy Szing
2024-04-29 15:26 ` [PATCH 5/5] arm-bsp/trusted-firmware-m: replace OpenAMP with RSE Comms Gyorgy Szing
2024-04-30 3:21 ` [PATCH 1/5] Add support for the TS Firmware Update service Jon Mason
4 siblings, 0 replies; 6+ messages in thread
From: Gyorgy Szing @ 2024-04-29 15:26 UTC (permalink / raw
To: meta-arm; +Cc: Bence Balogh
From: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
---
...ub-capsule-update-service-components.patch | 22 +--
...-in-AEAD-for-psa-arch-test-54-and-58.patch | 23 ++-
.../0003-FMP-Support-in-Corstone1000.patch | 14 +-
.../0004-GetNextVariableName-Fix.patch | 43 ------
...-smm_gateway-GetNextVariableName-Fix.patch | 45 ++++++
...0-add-compile-definitions-for-ECP_DP.patch | 18 +--
...0-Use-the-stateless-platform-service.patch | 12 +-
...0-Initialize-capsule-update-provider.patch | 19 ++-
...e1000-add-client_id-for-FMP-service.patch} | 5 +-
...rstone1000-fix-synchronization-issue.patch | 107 -------------
.../0009-Remove-Werror-flag.patch | 84 ++++++++++
...rease-SMM_GATEWAY_MAX_UEFI_VARIABLES.patch | 30 ----
.../0011-Fix-psa_ipc-service-s-psa_call.patch | 37 -----
...session-SHM-size-build-time-configur.patch | 52 -------
...ession-SHM-size-for-Corstone-1000-SM.patch | 144 ------------------
...ked-for-the-variable_metadata-struct.patch | 34 -----
.../trusted-services/ts-arm-platforms.inc | 11 +-
17 files changed, 186 insertions(+), 514 deletions(-)
delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-GetNextVariableName-Fix.patch
create mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-smm_gateway-GetNextVariableName-Fix.patch
rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0009-plat-corstone1000-fmp-client-id.patch => 0008-plat-corstone1000-add-client_id-for-FMP-service.patch} (93%)
delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-platform-corstone1000-fix-synchronization-issue.patch
create mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Remove-Werror-flag.patch
delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Decrease-SMM_GATEWAY_MAX_UEFI_VARIABLES.patch
delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Fix-psa_ipc-service-s-psa_call.patch
delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-Make-RPC-caller-session-SHM-size-build-time-configur.patch
delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Set-RPC-caller-session-SHM-size-for-Corstone-1000-SM.patch
delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Use-__packed-for-the-variable_metadata-struct.patch
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch
index 05999444..0f6fab81 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch
+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch
@@ -1,7 +1,7 @@
-From e44a317a5ae283207926311cc71b18c117899c4a Mon Sep 17 00:00:00 2001
+From 1ba2a22575c1b73b5ab09e040a00f370eca4b758 Mon Sep 17 00:00:00 2001
From: Julian Hall <julian.hall@arm.com>
Date: Tue, 12 Oct 2021 15:45:41 +0100
-Subject: [PATCH] Add stub capsule update service components
+Subject: [PATCH 1/8] Add stub capsule update service components
To facilitate development of a capsule update service provider,
stub components are added to provide a starting point for an
@@ -34,7 +34,7 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
diff --git a/components/service/capsule_update/backend/capsule_update_backend.h b/components/service/capsule_update/backend/capsule_update_backend.h
new file mode 100644
-index 00000000..f3144ff1
+index 000000000..f3144ff1d
--- /dev/null
+++ b/components/service/capsule_update/backend/capsule_update_backend.h
@@ -0,0 +1,24 @@
@@ -64,7 +64,7 @@ index 00000000..f3144ff1
+#endif /* CAPSULE_UPDATE_BACKEND_H */
diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
new file mode 100644
-index 00000000..f35c272d
+index 000000000..f35c272d2
--- /dev/null
+++ b/components/service/capsule_update/provider/capsule_update_provider.c
@@ -0,0 +1,135 @@
@@ -205,7 +205,7 @@ index 00000000..f35c272d
+}
diff --git a/components/service/capsule_update/provider/capsule_update_provider.h b/components/service/capsule_update/provider/capsule_update_provider.h
new file mode 100644
-index 00000000..71131417
+index 000000000..5dc5535d6
--- /dev/null
+++ b/components/service/capsule_update/provider/capsule_update_provider.h
@@ -0,0 +1,51 @@
@@ -262,7 +262,7 @@ index 00000000..71131417
+#endif /* CAPSULE_UPDATE_PROVIDER_H */
diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake
new file mode 100644
-index 00000000..1d412eb2
+index 000000000..1d412eb23
--- /dev/null
+++ b/components/service/capsule_update/provider/component.cmake
@@ -0,0 +1,13 @@
@@ -280,7 +280,7 @@ index 00000000..1d412eb2
+ "${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c"
+ )
diff --git a/deployments/se-proxy/infra/corstone1000/infra.cmake b/deployments/se-proxy/infra/corstone1000/infra.cmake
-index 4e7e2bd5..e60b5400 100644
+index a52a1b711..4658c9662 100644
--- a/deployments/se-proxy/infra/corstone1000/infra.cmake
+++ b/deployments/se-proxy/infra/corstone1000/infra.cmake
@@ -21,6 +21,7 @@ add_components(TARGET "se-proxy"
@@ -292,7 +292,7 @@ index 4e7e2bd5..e60b5400 100644
)
diff --git a/deployments/se-proxy/se_proxy_interfaces.h b/deployments/se-proxy/se_proxy_interfaces.h
-index 48908f84..3d4a7c20 100644
+index 48908f846..3d4a7c204 100644
--- a/deployments/se-proxy/se_proxy_interfaces.h
+++ b/deployments/se-proxy/se_proxy_interfaces.h
@@ -8,9 +8,10 @@
@@ -312,7 +312,7 @@ index 48908f84..3d4a7c20 100644
#endif /* SE_PROXY_INTERFACES_H */
diff --git a/protocols/service/capsule_update/capsule_update_proto.h b/protocols/service/capsule_update/capsule_update_proto.h
new file mode 100644
-index 00000000..8f326cd3
+index 000000000..8f326cd38
--- /dev/null
+++ b/protocols/service/capsule_update/capsule_update_proto.h
@@ -0,0 +1,13 @@
@@ -331,7 +331,7 @@ index 00000000..8f326cd3
+#endif /* CAPSULE_UPDATE_PROTO_H */
diff --git a/protocols/service/capsule_update/opcodes.h b/protocols/service/capsule_update/opcodes.h
new file mode 100644
-index 00000000..8185a090
+index 000000000..8185a0902
--- /dev/null
+++ b/protocols/service/capsule_update/opcodes.h
@@ -0,0 +1,17 @@
@@ -354,7 +354,7 @@ index 00000000..8185a090
+#endif /* CAPSULE_UPDATE_OPCODES_H */
diff --git a/protocols/service/capsule_update/parameters.h b/protocols/service/capsule_update/parameters.h
new file mode 100644
-index 00000000..285d9241
+index 000000000..285d92418
--- /dev/null
+++ b/protocols/service/capsule_update/parameters.h
@@ -0,0 +1,15 @@
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
index 7a2c796e..524d6f7a 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
@@ -1,7 +1,7 @@
-From 1ab4f9dda5d3f6a4828dc3154cf5bf71d6d744d4 Mon Sep 17 00:00:00 2001
+From 1923e1f4dbd8f912701c2870822fa4b61eb6082d Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Mon, 14 Feb 2022 08:22:25 +0000
-Subject: [PATCH 2/6] Fixes in AEAD for psa-arch test 54 and 58.
+Subject: [PATCH 2/8] Fixes in AEAD for psa-arch test 54 and 58.
Upstream-Status: Pending [Not submitted to upstream yet]
Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
@@ -17,7 +17,7 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
6 files changed, 12 insertions(+), 3 deletions(-)
diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
-index bf39762b..27ffbc66 100644
+index bf39762b0..27ffbc66e 100644
--- a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
+++ b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
@@ -314,6 +314,7 @@ static inline psa_status_t crypto_caller_aead_update(struct service_client *cont
@@ -29,7 +29,7 @@ index bf39762b..27ffbc66 100644
/* Mandatory input data parameter */
diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h
-index 30aa102d..130d2729 100644
+index 30aa102da..130d27295 100644
--- a/components/service/crypto/include/psa/crypto_sizes.h
+++ b/components/service/crypto/include/psa/crypto_sizes.h
@@ -351,7 +351,7 @@
@@ -42,10 +42,10 @@ index 30aa102d..130d2729 100644
/** A sufficient output buffer size for psa_aead_update().
*
diff --git a/components/service/crypto/provider/extension/aead/aead_provider.c b/components/service/crypto/provider/extension/aead/aead_provider.c
-index 696474e8..66aee9e4 100644
+index b73d88d32..6a0f96c3c 100644
--- a/components/service/crypto/provider/extension/aead/aead_provider.c
+++ b/components/service/crypto/provider/extension/aead/aead_provider.c
-@@ -280,10 +280,11 @@ static rpc_status_t aead_update_handler(void *context, struct rpc_request *req)
+@@ -283,10 +283,11 @@ static rpc_status_t aead_update_handler(void *context, struct rpc_request *req)
uint32_t op_handle;
const uint8_t *input;
size_t input_len;
@@ -58,7 +58,7 @@ index 696474e8..66aee9e4 100644
if (rpc_status == RPC_SUCCESS) {
-@@ -297,9 +298,12 @@ static rpc_status_t aead_update_handler(void *context, struct rpc_request *req)
+@@ -300,9 +301,12 @@ static rpc_status_t aead_update_handler(void *context, struct rpc_request *req)
if (crypto_context) {
size_t output_len = 0;
@@ -73,7 +73,7 @@ index 696474e8..66aee9e4 100644
psa_status = psa_aead_update(&crypto_context->op.aead,
diff --git a/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h b/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h
-index 2bf7a015..733d2e75 100644
+index be76d2bc6..590973048 100644
--- a/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h
+++ b/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h
@@ -51,6 +51,7 @@ struct aead_provider_serializer {
@@ -85,7 +85,7 @@ index 2bf7a015..733d2e75 100644
rpc_status_t (*serialize_aead_update_resp)(struct rpc_buffer *resp_buf,
diff --git a/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c b/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c
-index 738d5f23..9440a084 100644
+index 8f8c3c7f2..922a7b651 100644
--- a/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c
+++ b/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c
@@ -192,6 +192,7 @@ static rpc_status_t deserialize_aead_update_ad_req(const struct rpc_buffer *req_
@@ -105,7 +105,7 @@ index 738d5f23..9440a084 100644
tlv_const_iterator_begin(&req_iter,
(uint8_t*)req_buf->data + expected_fixed_len,
diff --git a/protocols/service/crypto/packed-c/aead.h b/protocols/service/crypto/packed-c/aead.h
-index 0be266b5..435fd3b5 100644
+index 0be266b52..435fd3b52 100644
--- a/protocols/service/crypto/packed-c/aead.h
+++ b/protocols/service/crypto/packed-c/aead.h
@@ -98,6 +98,7 @@ enum
@@ -119,6 +119,3 @@ index 0be266b5..435fd3b5 100644
--
2.25.1
-
-
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch
index 5218d068..dff9b7ff 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch
+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch
@@ -1,7 +1,7 @@
-From 33dae70ae2786cf12070d063ff74cfe0df1f4f50 Mon Sep 17 00:00:00 2001
+From ef6b4fef7b7a740d6df8dab12aa7c73d06bb9f3b Mon Sep 17 00:00:00 2001
From: Satish Kumar <satish.kumar01@arm.com>
Date: Fri, 8 Jul 2022 09:48:06 +0100
-Subject: [PATCH] FMP Support in Corstone1000.
+Subject: [PATCH 3/8] FMP Support in Corstone1000.
The FMP support is used by u-boot to pupolate ESRT information
for the kernel.
@@ -22,7 +22,7 @@ Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.h
diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
-index f35c272d..bfeb7301 100644
+index f35c272d2..bfeb7301a 100644
--- a/components/service/capsule_update/provider/capsule_update_provider.c
+++ b/components/service/capsule_update/provider/capsule_update_provider.c
@@ -11,6 +11,7 @@
@@ -59,7 +59,7 @@ index f35c272d..bfeb7301 100644
default:
EMSG("%s unsupported opcode", __func__);
diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake
-index 1d412eb2..6b060149 100644
+index 1d412eb23..6b0601494 100644
--- a/components/service/capsule_update/provider/component.cmake
+++ b/components/service/capsule_update/provider/component.cmake
@@ -10,4 +10,5 @@ endif()
@@ -70,7 +70,7 @@ index 1d412eb2..6b060149 100644
)
diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
new file mode 100644
-index 00000000..56ce3857
+index 000000000..56ce38579
--- /dev/null
+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
@@ -0,0 +1,307 @@
@@ -86,7 +86,7 @@ index 00000000..56ce3857
+#include <psa/storage_common.h>
+#include <trace.h>
+
-+#include <service/smm_variable/backend/variable_index.h>
++#include <service/uefi/smm_variable/backend/variable_index.h>
+
+#define VARIABLE_INDEX_STORAGE_UID (0x787)
+
@@ -383,7 +383,7 @@ index 00000000..56ce3857
+}
diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h
new file mode 100644
-index 00000000..d0023dc0
+index 000000000..d0023dc07
--- /dev/null
+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h
@@ -0,0 +1,26 @@
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-GetNextVariableName-Fix.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-GetNextVariableName-Fix.patch
deleted file mode 100644
index a8e7f7c9..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-GetNextVariableName-Fix.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From a0056ea1d994f1ec4da8ccae45abab2d2461f0a2 Mon Sep 17 00:00:00 2001
-From: Gyorgy Szing <Gyorgy.Szing@arm.com>
-Date: Thu, 16 Nov 2023 18:14:46 +0000
-Subject: [PATCH 1/1] smm_gateway: GetNextVariableName Fix
-
-GetNextVariableName() should return EFI_BUFFER_TOO_SMALL
-when requested NameSize is smaller than the actual. It
-currently returns EFI_BUFFER_OUT_OF_RESOURCES due to setting
-max_name_len incorrectly. This change fixes the error by
-using clamping the maximum size to the NameSize requested by
-the client.
-
-Upstream-Status: Pending
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
----
- .../service/smm_variable/provider/smm_variable_provider.c | 4 +---
- 1 file changed, 1 insertion(+), 3 deletions(-)
-
-diff --git a/components/service/smm_variable/provider/smm_variable_provider.c b/components/service/smm_variable/provider/smm_variable_provider.c
-index f1c3c712..7ec49af5 100644
---- a/components/service/smm_variable/provider/smm_variable_provider.c
-+++ b/components/service/smm_variable/provider/smm_variable_provider.c
-@@ -190,15 +190,13 @@ static rpc_status_t get_next_variable_name_handler(void *context, struct rpc_req
- if (resp_buf->size >= param_len) {
-
- struct rpc_buffer *req_buf = &req->request;
-- size_t max_name_len = resp_buf->size -
-- SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_NAME_OFFSET;
-
- memmove(resp_buf->data, req_buf->data, param_len);
-
- efi_status = uefi_variable_store_get_next_variable_name(
- &this_instance->variable_store,
- (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data,
-- max_name_len,
-+ ((SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data)->NameSize,
- &resp_buf->data_length);
- }
- else {
---
-2.34.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-smm_gateway-GetNextVariableName-Fix.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-smm_gateway-GetNextVariableName-Fix.patch
new file mode 100644
index 00000000..51337b2f
--- /dev/null
+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-smm_gateway-GetNextVariableName-Fix.patch
@@ -0,0 +1,45 @@
+From 660658e9f974126fae15d9d8839415a76e8d6663 Mon Sep 17 00:00:00 2001
+From: Bence Balogh <bence.balogh@arm.com>
+Date: Wed, 10 Apr 2024 09:16:47 +0200
+Subject: [PATCH 4/9] smm_gateway: GetNextVariableName Fix
+
+GetNextVariableName() should return EFI_BUFFER_TOO_SMALL
+when requested NameSize is smaller than the actual. It
+currently returns EFI_BUFFER_OUT_OF_RESOURCES due to setting
+max_name_len incorrectly. This change fixes the error by
+using clamping the maximum size to the NameSize requested by
+the client.
+
+Upstream-Status: Pending
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
+---
+ .../uefi/smm_variable/provider/smm_variable_provider.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/components/service/uefi/smm_variable/provider/smm_variable_provider.c b/components/service/uefi/smm_variable/provider/smm_variable_provider.c
+index 1875397..ca3f7e5 100644
+--- a/components/service/uefi/smm_variable/provider/smm_variable_provider.c
++++ b/components/service/uefi/smm_variable/provider/smm_variable_provider.c
+@@ -176,16 +176,14 @@ static rpc_status_t get_next_variable_name_handler(void *context, struct rpc_req
+
+ if (resp_buf->size >= param_len) {
+ struct rpc_buffer *req_buf = &req->request;
+- size_t max_name_len =
+- resp_buf->size -
+- SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME_NAME_OFFSET;
+
+ memmove(resp_buf->data, req_buf->data, param_len);
+
+ efi_status = uefi_variable_store_get_next_variable_name(
+ &this_instance->variable_store,
+ (SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME *)resp_buf->data,
+- max_name_len, &resp_buf->data_length);
++ ((SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data)->NameSize,
++ &resp_buf->data_length);
+ } else {
+ /* Reponse buffer not big enough */
+ efi_status = EFI_BAD_BUFFER_SIZE;
+--
+2.25.1
+
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch
index 3e37ba87..e1166905 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch
+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch
@@ -1,7 +1,7 @@
-From 4816a705e7917ee58d3972fefe163189eb412d36 Mon Sep 17 00:00:00 2001
-From: Emekcan Aras <emekcan.aras@arm.com>
-Date: Fri, 16 Jun 2023 10:47:48 +0100
-Subject: [PATCH] plat: corstone1000: add compile definitions for
+From a7818585e1113aabf310a94eea802ff79234b0db Mon Sep 17 00:00:00 2001
+From: Bence Balogh <bence.balogh@arm.com>
+Date: Wed, 10 Apr 2024 09:17:39 +0200
+Subject: [PATCH 5/8] plat: corstone1000: add compile definitions for
ECP_DP_SECP512R1
Corstone1000 runs PSA-API tests which requires this ECC algorithm.
@@ -14,13 +14,13 @@ Upstream-Status: Pending
1 file changed, 2 insertions(+)
diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
-index a3c4209b..ff044ed7 100644
+index 663226740..83350f788 100644
--- a/platform/providers/arm/corstone1000/platform.cmake
+++ b/platform/providers/arm/corstone1000/platform.cmake
-@@ -13,3 +13,5 @@ target_compile_definitions(${TGT} PRIVATE
- SMM_VARIABLE_INDEX_STORAGE_UID=0x787
- SMM_GATEWAY_MAX_UEFI_VARIABLES=100
- )
+@@ -26,3 +26,5 @@ get_property(_platform_driver_dependencies TARGET ${TGT}
+ if ("mhu" IN_LIST _platform_driver_dependencies)
+ include(${TS_ROOT}/platform/drivers/arm/mhu_driver/mhu_v2_x/driver.cmake)
+ endif()
+
+add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
--
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Use-the-stateless-platform-service.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Use-the-stateless-platform-service.patch
index 4381f75e..44e2dd85 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Use-the-stateless-platform-service.patch
+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Use-the-stateless-platform-service.patch
@@ -1,7 +1,7 @@
-From b07d29440b5ca8d1f3b9a4f03786bb3127930a64 Mon Sep 17 00:00:00 2001
+From c2edcd8bd3d8817765f280708eae894d6cd8d974 Mon Sep 17 00:00:00 2001
From: Emekcan Aras <emekcan.aras@arm.com>
Date: Sun, 18 Jun 2023 14:38:42 +0100
-Subject: [PATCH] plat: corstone1000: Use the stateless platform service
+Subject: [PATCH 6/8] plat: corstone1000: Use the stateless platform service
calls Calls to psa_connect is not needed and psa_call can be called directly
with a pre defined handle.
@@ -18,7 +18,7 @@ Upstream-Status: Inappropriate [Design is to revisted]
4 files changed, 17 insertions(+), 27 deletions(-)
diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
-index bfeb7301..12c552da 100644
+index bfeb7301a..12c552dae 100644
--- a/components/service/capsule_update/provider/capsule_update_provider.c
+++ b/components/service/capsule_update/provider/capsule_update_provider.c
@@ -63,7 +63,6 @@ void capsule_update_provider_deinit(struct capsule_update_provider *context)
@@ -67,7 +67,7 @@ index bfeb7301..12c552da 100644
default:
EMSG("%s unsupported opcode", __func__);
diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
-index 56ce3857..bebdf859 100644
+index 56ce38579..bebdf859f 100644
--- a/components/service/capsule_update/provider/corstone1000_fmp_service.c
+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
@@ -238,8 +238,7 @@ static psa_status_t unpack_image_info(void *buffer, uint32_t size)
@@ -105,7 +105,7 @@ index 56ce3857..bebdf859 100644
return;
}
diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h
-index d0023dc0..486fa10b 100644
+index d0023dc07..486fa10b4 100644
--- a/components/service/capsule_update/provider/corstone1000_fmp_service.h
+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h
@@ -16,8 +16,7 @@ extern "C" {
@@ -119,7 +119,7 @@ index d0023dc0..486fa10b 100644
#ifdef __cplusplus
} /* extern "C" */
diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index 5aaa659d..fc3a4fb0 100644
+index 5aaa659d4..fc3a4fb06 100644
--- a/components/service/common/include/psa/sid.h
+++ b/components/service/common/include/psa/sid.h
@@ -40,6 +40,13 @@ extern "C" {
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-Initialize-capsule-update-provider.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-Initialize-capsule-update-provider.patch
index 5f06cb51..738b5af0 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-Initialize-capsule-update-provider.patch
+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-Initialize-capsule-update-provider.patch
@@ -1,14 +1,13 @@
-From c304d5b2e4319542b33abbd43b06a694d6895628 Mon Sep 17 00:00:00 2001
+From 925a07093fa571ee1d2f2e59affcd2c52f1d5b54 Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Wed, 29 Nov 2023 15:40:21 +0100
-Subject: [PATCH] plat: corstone1000: Initialize capsule update provider
+Subject: [PATCH 7/8] plat: corstone1000: Initialize capsule update provider
Initializes the capsule update service provider in se-proxy-sp.c deployment
for corstone1000.
Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
Upstream-Status: Inappropriate [Design is to revisted]
-
---
.../se-proxy/env/commonsp/se_proxy_sp.c | 14 +++++++++-
.../corstone1000/service_proxy_factory.c | 28 +++++++++++++++++++
@@ -16,7 +15,7 @@ Upstream-Status: Inappropriate [Design is to revisted]
3 files changed, 42 insertions(+), 1 deletion(-)
diff --git a/deployments/se-proxy/env/commonsp/se_proxy_sp.c b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
-index 155e9486..a0eb03b6 100644
+index 155e94863..a0eb03b6f 100644
--- a/deployments/se-proxy/env/commonsp/se_proxy_sp.c
+++ b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
@@ -39,7 +39,7 @@ void __noreturn sp_main(union ffa_boot_info *boot_info)
@@ -48,11 +47,11 @@ index 155e9486..a0eb03b6 100644
result = sp_msg_wait(&req_msg);
if (result != SP_RESULT_OK) {
diff --git a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
-index 6885f928..bbab80e5 100644
+index b3b93cfd6..fc179b3c1 100644
--- a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
+++ b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
@@ -11,6 +11,7 @@
- #include <rpc/psa_ipc/caller/sp/psa_ipc_caller.h>
+ #include <rpc/rss_comms/caller/sp/rss_comms_caller.h>
#include <service/attestation/provider/attest_provider.h>
#include <service/attestation/provider/serializer/packed-c/packedc_attest_provider_serializer.h>
+#include <service/capsule_update/provider/capsule_update_provider.h>
@@ -71,14 +70,14 @@ index 6885f928..bbab80e5 100644
+ rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
+
+ /* Static objects for proxy instance */
-+ static struct rpc_caller_interface psa_ipc = { 0 };
++ static struct rpc_caller_interface rss_comms = { 0 };
+ static struct rpc_caller_session rpc_session = { 0 };
+
-+ rpc_status = psa_ipc_caller_init(&psa_ipc);
++ rpc_status = rss_comms_caller_init(&rss_comms);
+ if (rpc_status != RPC_SUCCESS)
+ return NULL;
+
-+ rpc_status = rpc_caller_session_open(&rpc_session, &psa_ipc, &dummy_uuid, 0, 0);
++ rpc_status = rpc_caller_session_open(&rpc_session, &rss_comms, &dummy_uuid, 0, 0);
+ if (rpc_status != RPC_SUCCESS)
+ return NULL;
+
@@ -91,7 +90,7 @@ index 6885f928..bbab80e5 100644
+ return capsule_update_provider_init(&capsule_update_provider);
+}
diff --git a/deployments/se-proxy/infra/service_proxy_factory.h b/deployments/se-proxy/infra/service_proxy_factory.h
-index caaea79e..b981754b 100644
+index caaea79ed..b981754b7 100644
--- a/deployments/se-proxy/infra/service_proxy_factory.h
+++ b/deployments/se-proxy/infra/service_proxy_factory.h
@@ -17,6 +17,7 @@ struct rpc_service_interface *attest_proxy_create(void);
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-plat-corstone1000-fmp-client-id.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-plat-corstone1000-add-client_id-for-FMP-service.patch
similarity index 93%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-plat-corstone1000-fmp-client-id.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-plat-corstone1000-add-client_id-for-FMP-service.patch
index 837fcd85..3e927000 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-plat-corstone1000-fmp-client-id.patch
+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-plat-corstone1000-add-client_id-for-FMP-service.patch
@@ -1,7 +1,7 @@
-From 8aef83efaa03f92b35ab68bc6da2bd26722eedfd Mon Sep 17 00:00:00 2001
+From f6ed75939f0b57e6b0e50ab11cdc3304098456dd Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Fri, 5 Apr 2024 17:31:03 +0200
-Subject: [PATCH] plat: corstone1000: add client_id for FMP service
+Subject: [PATCH 8/8] plat: corstone1000: add client_id for FMP service
Corstone1000 uses trusted-firmware-m as secure enclave software component. Due
to the changes in TF-M 2.0, psa services requires a seperate client_id now.
@@ -47,4 +47,3 @@ index bebdf859f..1b4813d62 100644
--
2.25.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-platform-corstone1000-fix-synchronization-issue.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-platform-corstone1000-fix-synchronization-issue.patch
deleted file mode 100644
index 7df00974..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-platform-corstone1000-fix-synchronization-issue.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-From e8f0a013acc02c82c9193f6ab7970e80fb0f961e Mon Sep 17 00:00:00 2001
-From: Emekcan Aras <emekcan.aras@arm.com>
-Date: Tue, 14 Nov 2023 14:43:44 +0000
-Subject: [PATCH] plat: corstone1000: fix synchronization issue on openamp
- notification
-
-This fixes a race that is observed rarely in the FVP. It occurs in FVP
-when Secure Enclave sends the notication ack in openamp, and then reset the access
-request which resets the mhu registers before received by the SE-proxy-sp in the
-host processort. This solution introduces polling on the status register of
-mhu until the notificaiton is read by the host processor. (Inspired by
-signal_and_wait_for_signal function in mhu_wrapper_v2_x.c in trusted-firmware-m
-https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/ext/target/arm/rss/common/native_drivers/mhu_wrapper_v2_x.c#n61)
-
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Upstream-Status: Pending [Not submitted to upstream yet]
----
- components/messaging/openamp/sp/openamp_mhu.c | 9 ++++++++-
- platform/drivers/arm/mhu_driver/mhu_v2.h | 18 ++++++++++++++++++
- platform/drivers/arm/mhu_driver/mhu_v2_x.c | 17 +++++++++++++++++
- 3 files changed, 43 insertions(+), 1 deletion(-)
-
-diff --git a/components/messaging/openamp/sp/openamp_mhu.c b/components/messaging/openamp/sp/openamp_mhu.c
-index bafba3e37..e96de6059 100644
---- a/components/messaging/openamp/sp/openamp_mhu.c
-+++ b/components/messaging/openamp/sp/openamp_mhu.c
-@@ -85,7 +85,7 @@ int openamp_mhu_notify_peer(struct openamp_messenger *openamp)
- struct mhu_v2_x_dev_t *tx_dev;
- enum mhu_v2_x_error_t ret;
- struct openamp_mhu *mhu;
-- uint32_t access_ready;
-+ uint32_t access_ready,val;
-
- if (!openamp->transport) {
- EMSG("openamp: mhu: notify transport not initialized");
-@@ -116,6 +116,13 @@ int openamp_mhu_notify_peer(struct openamp_messenger *openamp)
- return -EPROTO;
- }
-
-+ do {
-+ ret = mhu_v2_x_channel_poll(tx_dev, MHU_V_2_NOTIFY_CHANNEL, &val);
-+ if (ret != MHU_V_2_X_ERR_NONE) {
-+ break;
-+ }
-+ } while (val != 0);
-+
- ret = mhu_v2_x_reset_access_request(tx_dev);
- if (ret != MHU_V_2_X_ERR_NONE) {
- EMSG("openamp: mhu: failed reset access request");
-diff --git a/platform/drivers/arm/mhu_driver/mhu_v2.h b/platform/drivers/arm/mhu_driver/mhu_v2.h
-index 26b3a5d63..2b4d6fcb6 100644
---- a/platform/drivers/arm/mhu_driver/mhu_v2.h
-+++ b/platform/drivers/arm/mhu_driver/mhu_v2.h
-@@ -384,6 +384,24 @@ enum mhu_v2_x_error_t mhu_v2_x_interrupt_clear(
- enum mhu_v2_x_error_t mhu_v2_1_get_ch_interrupt_num(
- const struct mhu_v2_x_dev_t *dev, uint32_t *channel);
-
-+
-+/**
-+ * \brief Polls sender channel status.
-+ *
-+ * \param[in] dev MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel Channel to poll the status of.
-+ * \param[out] value Pointer to variable that will store the value.
-+ *
-+ * Polls sender channel status.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_poll(const struct mhu_v2_x_dev_t *dev,
-+ uint32_t channel, uint32_t *value);
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/platform/drivers/arm/mhu_driver/mhu_v2_x.c b/platform/drivers/arm/mhu_driver/mhu_v2_x.c
-index d7e70efaa..022e287a1 100644
---- a/platform/drivers/arm/mhu_driver/mhu_v2_x.c
-+++ b/platform/drivers/arm/mhu_driver/mhu_v2_x.c
-@@ -600,3 +600,20 @@ enum mhu_v2_x_error_t mhu_v2_1_get_ch_interrupt_num(
-
- return MHU_V_2_X_ERR_GENERAL;
- }
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_poll(const struct mhu_v2_x_dev_t *dev,
-+ uint32_t channel, uint32_t *value)
-+{
-+ union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+ if ( !(dev->is_initialized) ) {
-+ return MHU_V_2_X_ERR_NOT_INIT;
-+ }
-+
-+ if (dev->frame == MHU_V2_X_SENDER_FRAME) {
-+ *value = (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_st;
-+ return MHU_V_2_X_ERR_NONE;
-+ } else {
-+ return MHU_V_2_X_ERR_INVALID_ARG;
-+ }
-+}
---
-2.25.1
-
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Remove-Werror-flag.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Remove-Werror-flag.patch
new file mode 100644
index 00000000..d08ebe9f
--- /dev/null
+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Remove-Werror-flag.patch
@@ -0,0 +1,84 @@
+From 6d140b21c22dda58f596bb513a1cd6bc08e914eb Mon Sep 17 00:00:00 2001
+From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
+Date: Wed, 3 Apr 2024 10:18:16 +0100
+Subject: [PATCH] Remove Werror flag
+
+Remove Werror flag due to compilation issues for TS in yocto
+
+Upstream-Status: Inappropriate [Only for meta-arm]
+Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
+---
+ deployments/smm-gateway/config/default-opteesp/CMakeLists.txt | 1 -
+ deployments/smm-gateway/config/default-sp/CMakeLists.txt | 1 -
+ environments/arm-linux/default_toolchain_file.cmake | 2 +-
+ environments/linux-pc/default_toolchain_file.cmake | 2 +-
+ environments/opteesp/default_toolchain_file.cmake | 2 +-
+ 5 files changed, 3 insertions(+), 5 deletions(-)
+
+diff --git a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt
+index 5521467..88048a2 100644
+--- a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt
++++ b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt
+@@ -99,7 +99,6 @@ target_compile_definitions(smm-gateway PRIVATE
+ if(CMAKE_C_COMPILER_ID STREQUAL "GNU")
+ target_compile_options(smm-gateway PRIVATE
+ -std=c11
+- -Werror
+ )
+
+ endif()
+diff --git a/deployments/smm-gateway/config/default-sp/CMakeLists.txt b/deployments/smm-gateway/config/default-sp/CMakeLists.txt
+index ca563c0..4b43653 100644
+--- a/deployments/smm-gateway/config/default-sp/CMakeLists.txt
++++ b/deployments/smm-gateway/config/default-sp/CMakeLists.txt
+@@ -97,7 +97,6 @@ target_compile_definitions(smm-gateway PRIVATE
+ if(CMAKE_C_COMPILER_ID STREQUAL "GNU")
+ target_compile_options(smm-gateway PRIVATE
+ -std=c11
+- -Werror
+ )
+
+ endif()
+diff --git a/environments/arm-linux/default_toolchain_file.cmake b/environments/arm-linux/default_toolchain_file.cmake
+index 1da144e..6909db6 100644
+--- a/environments/arm-linux/default_toolchain_file.cmake
++++ b/environments/arm-linux/default_toolchain_file.cmake
+@@ -19,7 +19,7 @@ set(CMAKE_SYSTEM_PROCESSOR arm)
+
+ set(TS_DEBUG_INFO_FLAGS "-fdiagnostics-show-option -gdwarf-2" CACHE STRING "Compiler flags to add debug information.")
+ set(TS_MANDATORY_AARCH_FLAGS "-mstrict-align -march=armv8-a+crc -DARM64=1" CACHE STRING "Compiler flags configuring architecture specific ")
+-set(TS_WARNING_FLAGS "-Wall -Werror" CACHE STRING "Compiler flags affecting generating warning messages.")
++set(TS_WARNING_FLAGS "-Wall" CACHE STRING "Compiler flags affecting generating warning messages.")
+ set(TS_MANDATORY_LINKER_FLAGS "" CACHE STRING "Linker flags needed for correct builds.")
+
+ # Set flags affecting all build types
+diff --git a/environments/linux-pc/default_toolchain_file.cmake b/environments/linux-pc/default_toolchain_file.cmake
+index 58f29bc..e23bb79 100644
+--- a/environments/linux-pc/default_toolchain_file.cmake
++++ b/environments/linux-pc/default_toolchain_file.cmake
+@@ -11,7 +11,7 @@ include_guard(GLOBAL)
+
+ set(TS_DEBUG_INFO_FLAGS "-fdiagnostics-show-option -gdwarf-2" CACHE STRING "Compiler flags to add debug information.")
+ set(TS_MANDATORY_AARCH_FLAGS "" CACHE STRING "Compiler flags configuring architecture specific ")
+-set(TS_WARNING_FLAGS "-Wall -Werror" CACHE STRING "Compiler flags affecting generating warning messages.")
++set(TS_WARNING_FLAGS "-Wall" CACHE STRING "Compiler flags affecting generating warning messages.")
+ set(TS_MANDATORY_LINKER_FLAGS "" CACHE STRING "Linker flags needed for correct builds.")
+
+ # Set flags affecting all build types
+diff --git a/environments/opteesp/default_toolchain_file.cmake b/environments/opteesp/default_toolchain_file.cmake
+index 43c19c5..90a9418 100644
+--- a/environments/opteesp/default_toolchain_file.cmake
++++ b/environments/opteesp/default_toolchain_file.cmake
+@@ -21,7 +21,7 @@ set(CMAKE_POSITION_INDEPENDENT_CODE True)
+
+ set(TS_DEBUG_INFO_FLAGS "-fdiagnostics-show-option -gdwarf-2" CACHE STRING "Compiler flags to add debug information.")
+ set(TS_MANDATORY_AARCH_FLAGS "-fpic -mstrict-align -march=armv8-a+crc" CACHE STRING "Compiler flags configuring architecture specific ")
+-set(TS_WARNING_FLAGS "-Wall -Werror" CACHE STRING "Compiler flags affecting generating warning messages.")
++set(TS_WARNING_FLAGS "-Wall" CACHE STRING "Compiler flags affecting generating warning messages.")
+ set(TS_MANDATORY_LINKER_FLAGS "-pie -Wl,--as-needed -Wl,--sort-section=alignment -zmax-page-size=4096"
+ CACHE STRING "Linker flags needed for correct builds.")
+
+--
+2.25.1
+
+
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Decrease-SMM_GATEWAY_MAX_UEFI_VARIABLES.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Decrease-SMM_GATEWAY_MAX_UEFI_VARIABLES.patch
deleted file mode 100644
index e302b74b..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Decrease-SMM_GATEWAY_MAX_UEFI_VARIABLES.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From e1ef7c537c09972d981e09d4dbcc98e50c7d2b04 Mon Sep 17 00:00:00 2001
-From: Bence Balogh <bence.balogh@arm.com>
-Date: Tue, 28 Nov 2023 15:32:39 +0100
-Subject: [PATCH 8/9] Decrease SMM_GATEWAY_MAX_UEFI_VARIABLES
-
-This fixes the SMM gateway initialization error that was caused
-by a malloc fault in Corstone-1000.
-
-Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27857]
-Signed-off-by: Bence Balogh <bence.balogh@arm.com>
----
- platform/providers/arm/corstone1000/platform.cmake | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
-index ff044ed7..d16cde3f 100644
---- a/platform/providers/arm/corstone1000/platform.cmake
-+++ b/platform/providers/arm/corstone1000/platform.cmake
-@@ -11,7 +11,7 @@ include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake)
-
- target_compile_definitions(${TGT} PRIVATE
- SMM_VARIABLE_INDEX_STORAGE_UID=0x787
-- SMM_GATEWAY_MAX_UEFI_VARIABLES=100
-+ SMM_GATEWAY_MAX_UEFI_VARIABLES=80
- )
-
- add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
---
-2.25.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Fix-psa_ipc-service-s-psa_call.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Fix-psa_ipc-service-s-psa_call.patch
deleted file mode 100644
index 25e272f8..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Fix-psa_ipc-service-s-psa_call.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From b216cb0740b6e0107509145cadd0671fda62e89c Mon Sep 17 00:00:00 2001
-From: Bence Balogh <bence.balogh@arm.com>
-Date: Tue, 28 Nov 2023 15:33:12 +0100
-Subject: [PATCH 9/9] Fix psa_ipc service's psa_call
-
-The wrong parameter was passed to the psa_ipc_phys_to_virt()
-function which resulted in faulty behavior.
-
-Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27858]
-Signed-off-by: Bence Balogh <bence.balogh@arm.com>
----
- components/rpc/psa_ipc/service_psa_ipc.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/components/rpc/psa_ipc/service_psa_ipc.c b/components/rpc/psa_ipc/service_psa_ipc.c
-index 36c8e367..4bf86716 100644
---- a/components/rpc/psa_ipc/service_psa_ipc.c
-+++ b/components/rpc/psa_ipc/service_psa_ipc.c
-@@ -176,13 +176,13 @@ static psa_status_t __psa_call(struct rpc_caller_interface *caller, psa_handle_t
- if (!resp_msg || !out_len || resp_msg->reply != PSA_SUCCESS)
- goto caller_end;
-
-- out_vec_param = (struct psa_outvec *)psa_ipc_phys_to_virt(caller,
-+ out_vec_param = (struct psa_outvec *)psa_ipc_phys_to_virt(caller->context,
- psa_u32_to_ptr(resp_msg->params.out_vec));
-
- for (i = 0; i < resp_msg->params.out_len; i++) {
- out_vec[i].len = out_vec_param[i].len;
- unaligned_memcpy(psa_u32_to_ptr(out_vec[i].base),
-- psa_ipc_phys_to_virt(caller,
-+ psa_ipc_phys_to_virt(caller->context,
- psa_u32_to_ptr(out_vec_param[i].base)),
- out_vec[i].len);
- }
---
-2.25.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-Make-RPC-caller-session-SHM-size-build-time-configur.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-Make-RPC-caller-session-SHM-size-build-time-configur.patch
deleted file mode 100644
index 7eb7814a..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-Make-RPC-caller-session-SHM-size-build-time-configur.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 40e6b48971bbbd37edf693a8a70b76e4551fda82 Mon Sep 17 00:00:00 2001
-From: Imre Kis <imre.kis@arm.com>
-Date: Wed, 21 Feb 2024 14:24:43 +0100
-Subject: [PATCH 03/12] Make RPC caller session SHM size build-time
- configurable
-
-Introduce RPC_CALLER_SESSION_SHARED_MEMORY_SIZE macro allow setting the
-RPC caller session shared memory size from the build system. This only
-affects RPC caller sessions created by spffa_service_context.
-
-Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27864]
-Signed-off-by: Imre Kis <imre.kis@arm.com>
-Signed-off-by: Bence Balogh <bence.balogh@arm.com>
----
- .../service/locator/sp/ffa/spffa_service_context.c | 9 +++++++--
- 1 file changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/components/service/locator/sp/ffa/spffa_service_context.c b/components/service/locator/sp/ffa/spffa_service_context.c
-index 0c1616fc..4ddc53af 100644
---- a/components/service/locator/sp/ffa/spffa_service_context.c
-+++ b/components/service/locator/sp/ffa/spffa_service_context.c
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021-2024, Arm Limited and Contributors. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-@@ -10,6 +10,10 @@
- #include <stdlib.h>
- #include <string.h>
-
-+#ifndef RPC_CALLER_SESSION_SHARED_MEMORY_SIZE
-+#define RPC_CALLER_SESSION_SHARED_MEMORY_SIZE (4096)
-+#endif /* RPC_CALLER_SESSION_SHARED_MEMORY_SIZE */
-+
- /* Concrete service_context methods */
- static struct rpc_caller_session *sp_ts_service_context_open(void *context);
- static void sp_ts_service_context_close(void *context, struct rpc_caller_session *session);
-@@ -52,7 +56,8 @@ static struct rpc_caller_session *sp_ts_service_context_open(void *context)
- return NULL;
-
- rpc_status = rpc_caller_session_find_and_open(session, &this_context->caller,
-- &this_context->service_uuid, 4096);
-+ &this_context->service_uuid,
-+ RPC_CALLER_SESSION_SHARED_MEMORY_SIZE);
- if (rpc_status != RPC_SUCCESS) {
- free(session);
- return NULL;
---
-2.25.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Set-RPC-caller-session-SHM-size-for-Corstone-1000-SM.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Set-RPC-caller-session-SHM-size-for-Corstone-1000-SM.patch
deleted file mode 100644
index 1510246f..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Set-RPC-caller-session-SHM-size-for-Corstone-1000-SM.patch
+++ /dev/null
@@ -1,144 +0,0 @@
-From ca3a9e31a560d630cf20286eb30d63ddafc0a05a Mon Sep 17 00:00:00 2001
-From: Bence Balogh <bence.balogh@arm.com>
-Date: Mon, 26 Feb 2024 14:47:25 +0100
-Subject: [PATCH] Set RPC caller session SHM size for Corstone 1000 SMMGW
-
-Set RPC caller session shared memory size so it fits the UEFI variable
-index. Validate if SMM_GATEWAY_MAX_UEFI_VARIABLES * [descriptor size]
-would fit into the shared memory size. Also align the heap size
-accordingly.
-
-Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27865]
-Signed-off-by: Imre Kis <imre.kis@arm.com>
-Signed-off-by: Bence Balogh <bence.balogh@arm.com>
----
- .../config/default-opteesp/CMakeLists.txt | 32 +++++++++++++++----
- .../config/default-sp/CMakeLists.txt | 31 ++++++++++++++----
- .../providers/arm/corstone1000/platform.cmake | 4 ++-
- 3 files changed, 52 insertions(+), 15 deletions(-)
-
-diff --git a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt
-index 7becb3999..897a8dabd 100644
---- a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt
-+++ b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt
-@@ -1,5 +1,5 @@
- #-------------------------------------------------------------------------------
--# Copyright (c) 2021-2023, Arm Limited and Contributors. All rights reserved.
-+# Copyright (c) 2021-2024, Arm Limited and Contributors. All rights reserved.
- #
- # SPDX-License-Identifier: BSD-3-Clause
- #
-@@ -24,7 +24,30 @@ set(SP_BIN_UUID_CANON "ed32d533-99e6-4209-9cc0-2d72cdd998a7")
- set(SP_FFA_UUID_CANON "${SP_BIN_UUID_CANON}")
- set(SP_BOOT_ORDER "8")
-
--set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "SP heap size in bytes")
-+#-------------------------------------------------------------------------------
-+# Set target platform to provide drivers needed by the deployment
-+#
-+#-------------------------------------------------------------------------------
-+add_platform(TARGET "smm-gateway")
-+
-+# SMM variable and RPC caller settings
-+set(SMM_GATEWAY_MAX_UEFI_VARIABLES 40 CACHE STRING "Maximum UEFI variable count")
-+set(SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE 8192 CACHE STRING "RPC caller buffer size in SMMGW")
-+
-+# Validating settings
-+# The UEFI variable index entry size is 168 bytes
-+math(EXPR SHM_MIN "${SMM_GATEWAY_MAX_UEFI_VARIABLES} * 168")
-+
-+if (${SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE} LESS ${SHM_MIN})
-+ message(FATAL_ERROR "The RPC SHM size must be at least 168 * [max UEFI variable count]")
-+endif()
-+
-+target_compile_definitions("smm-gateway" PRIVATE
-+ RPC_CALLER_SESSION_SHARED_MEMORY_SIZE=${SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE}
-+ SMM_GATEWAY_MAX_UEFI_VARIABLES=${SMM_GATEWAY_MAX_UEFI_VARIABLES}
-+)
-+
-+set(SP_HEAP_SIZE "16 * 1024 + ${SMM_GATEWAY_MAX_UEFI_VARIABLES} * 168 + ${SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE}" CACHE STRING "SP heap size in bytes")
- set(TRACE_PREFIX "SMMGW" CACHE STRING "Trace prefix")
-
- # Setting the MM communication buffer parameters
-@@ -50,11 +73,6 @@ include(../../env/commonsp/smm_gateway_sp.cmake REQUIRED)
- include(../../infra/psa-varstore.cmake REQUIRED)
- include(../../smm-gateway.cmake REQUIRED)
-
--#-------------------------------------------------------------------------------
--# Set target platform to provide drivers needed by the deployment
--#
--#-------------------------------------------------------------------------------
--add_platform(TARGET "smm-gateway")
-
- #-------------------------------------------------------------------------------
- # Deployment specific build options
-diff --git a/deployments/smm-gateway/config/default-sp/CMakeLists.txt b/deployments/smm-gateway/config/default-sp/CMakeLists.txt
-index e56a8559d..d3a96b0c6 100644
---- a/deployments/smm-gateway/config/default-sp/CMakeLists.txt
-+++ b/deployments/smm-gateway/config/default-sp/CMakeLists.txt
-@@ -29,7 +29,30 @@ set(TRACE_PREFIX "SMMGW" CACHE STRING "Trace prefix")
- set(SP_STACK_SIZE "64 * 1024" CACHE STRING "Stack size")
- set(SP_BOOT_ORDER "8")
-
--set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "Heap size")
-+#-------------------------------------------------------------------------------
-+# Set target platform to provide drivers needed by the deployment
-+#
-+#-------------------------------------------------------------------------------
-+add_platform(TARGET "smm-gateway")
-+
-+# SMM variable and RPC caller settings
-+set(SMM_GATEWAY_MAX_UEFI_VARIABLES 40 CACHE STRING "Maximum UEFI variable count")
-+set(SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE 8192 CACHE STRING "RPC caller buffer size in SMMGW")
-+
-+# Validating settings
-+# The UEFI variable index entry size is 168 bytes
-+math(EXPR SHM_MIN "${SMM_GATEWAY_MAX_UEFI_VARIABLES} * 168")
-+
-+if (${SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE} LESS ${SHM_MIN})
-+ message(FATAL_ERROR "The RPC SHM size must be at least 168 * [max UEFI variable count]")
-+endif()
-+
-+target_compile_definitions("smm-gateway" PRIVATE
-+ RPC_CALLER_SESSION_SHARED_MEMORY_SIZE=${SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE}
-+ SMM_GATEWAY_MAX_UEFI_VARIABLES=${SMM_GATEWAY_MAX_UEFI_VARIABLES}
-+)
-+
-+set(SP_HEAP_SIZE "16 * 1024 + ${SMM_GATEWAY_MAX_UEFI_VARIABLES} * 168 + ${SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE}" CACHE STRING "SP heap size in bytes")
-
- # Setting the MM communication buffer parameters
- set(MM_COMM_BUFFER_ADDRESS "0x00000008 0x81000000" CACHE STRING "Address of MM communicte buffer in 64 bit DTS format")
-@@ -49,12 +72,6 @@ include(../../env/commonsp/smm_gateway_sp.cmake REQUIRED)
- include(../../infra/psa-varstore.cmake REQUIRED)
- include(../../smm-gateway.cmake REQUIRED)
-
--#-------------------------------------------------------------------------------
--# Set target platform to provide drivers needed by the deployment
--#
--#-------------------------------------------------------------------------------
--add_platform(TARGET "smm-gateway")
--
- #-------------------------------------------------------------------------------
- # Deployment specific build options
- #-------------------------------------------------------------------------------
-diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
-index d16cde3f4..fd93d6f7e 100644
---- a/platform/providers/arm/corstone1000/platform.cmake
-+++ b/platform/providers/arm/corstone1000/platform.cmake
-@@ -9,9 +9,11 @@
- # include MHU driver
- include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake)
-
-+set(SMM_GATEWAY_MAX_UEFI_VARIABLES 80 CACHE STRING "Maximum UEFI variable count")
-+set(SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE 16384 CACHE STRING "RPC caller buffer size in SMMGW")
-+
- target_compile_definitions(${TGT} PRIVATE
- SMM_VARIABLE_INDEX_STORAGE_UID=0x787
-- SMM_GATEWAY_MAX_UEFI_VARIABLES=80
- )
-
- add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
---
-2.25.1
-
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Use-__packed-for-the-variable_metadata-struct.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Use-__packed-for-the-variable_metadata-struct.patch
deleted file mode 100644
index 019b54a9..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Use-__packed-for-the-variable_metadata-struct.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 8290755eb2b6aaa857b2dca74494290c64d46fb3 Mon Sep 17 00:00:00 2001
-From: Bence Balogh <bence.balogh@arm.com>
-Date: Mon, 26 Feb 2024 16:41:03 +0100
-Subject: [PATCH] Use __packed for the variable_metadata struct
-
-This is only a temporary fix so the buffer limit in TF-M
-doesn't need to be changed. With the __packed attribute, the
-struct's size is 100 bytes instead of 104 bytes.
-The struct will be changed in later upstream commits so this
-change won't be needed, and the RSS_COMMS implementation
-will be able to handle that.
-
-Upstream-Status: Inappropriate
-[Won't be needed after newer upstream version]
----
- components/service/smm_variable/backend/variable_index.h | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/components/service/smm_variable/backend/variable_index.h b/components/service/smm_variable/backend/variable_index.h
-index 2f0197da..e82039ac 100644
---- a/components/service/smm_variable/backend/variable_index.h
-+++ b/components/service/smm_variable/backend/variable_index.h
-@@ -29,7 +29,7 @@ extern "C" {
- *
- * Holds metadata associated with stored variable.
- */
--struct variable_metadata
-+struct __packed variable_metadata
- {
- EFI_GUID guid;
- size_t name_size;
---
-2.25.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
index 9bace889..64d65714 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
+++ b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
@@ -5,17 +5,12 @@ SRC_URI:append:corstone1000 = " \
file://0001-Add-stub-capsule-update-service-components.patch \
file://0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch \
file://0003-FMP-Support-in-Corstone1000.patch \
- file://0004-GetNextVariableName-Fix.patch \
+ file://0004-smm_gateway-GetNextVariableName-Fix.patch \
file://0005-plat-corstone1000-add-compile-definitions-for-ECP_DP.patch \
file://0006-plat-corstone1000-Use-the-stateless-platform-service.patch \
file://0007-plat-corstone1000-Initialize-capsule-update-provider.patch \
- file://0008-platform-corstone1000-fix-synchronization-issue.patch \
- file://0009-plat-corstone1000-fmp-client-id.patch \
- file://0010-Decrease-SMM_GATEWAY_MAX_UEFI_VARIABLES.patch \
- file://0011-Fix-psa_ipc-service-s-psa_call.patch \
- file://0012-Make-RPC-caller-session-SHM-size-build-time-configur.patch \
- file://0013-Set-RPC-caller-session-SHM-size-for-Corstone-1000-SM.patch \
- file://0014-Use-__packed-for-the-variable_metadata-struct.patch \
+ file://0008-plat-corstone1000-add-client_id-for-FMP-service.patch \
+ file://0009-Remove-Werror-flag.patch \
"
--
2.43.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 5/5] arm-bsp/trusted-firmware-m: replace OpenAMP with RSE Comms
2024-04-29 15:26 [PATCH 1/5] Add support for the TS Firmware Update service Gyorgy Szing
` (2 preceding siblings ...)
2024-04-29 15:26 ` [PATCH 4/5] arm-bsp/trusted-services: rebase corstone1000 patches Gyorgy Szing
@ 2024-04-29 15:26 ` Gyorgy Szing
2024-04-30 3:21 ` [PATCH 1/5] Add support for the TS Firmware Update service Jon Mason
4 siblings, 0 replies; 6+ messages in thread
From: Gyorgy Szing @ 2024-04-29 15:26 UTC (permalink / raw
To: meta-arm; +Cc: Bence Balogh
From: Bence Balogh <bence.balogh@arm.com>
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
---
...e1000-Fix-issues-due-to-adjustment-M.patch | 76 -
...ne1000-align-capsule-update-structs.patch} | 0
...stone1000-skip-the-first-nv-counter.patch} | 0
...rstone1000-add-unique-guid-for-mps3.patch} | 0
...e1000-fix-synchronization-issue-on-o.patch | 50 -
...one1000-Enable-host-firewall-in-FVP.patch} | 0
...one1000-Increase-ITS-max-asset-size.patch} | 0
...S1000-Replace-OpenAMP-with-RSE_COMMS.patch | 3620 +++++++++++++++++
...S1000-Increase-RSE_COMMS-buffer-size.patch | 28 +
.../trusted-firmware-m-corstone1000.inc | 14 +-
10 files changed, 3655 insertions(+), 133 deletions(-)
delete mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch
rename meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/{0004-platform-corstone1000-align-capsule-update-structs.patch => 0003-platform-corstone1000-align-capsule-update-structs.patch} (100%)
rename meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/{0006-Platform-Corstone1000-skip-the-first-nv-counter.patch => 0004-Platform-Corstone1000-skip-the-first-nv-counter.patch} (100%)
rename meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/{0007-platform-corstone1000-add-unique-guid-for-mps3.patch => 0005-platform-corstone1000-add-unique-guid-for-mps3.patch} (100%)
delete mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-fix-synchronization-issue-on-o.patch
rename meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/{0008-Platform-Corstone1000-Enable-host-firewall-in-FVP.patch => 0006-Platform-Corstone1000-Enable-host-firewall-in-FVP.patch} (100%)
rename meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/{0009-platform-corstone1000-Increase-ITS-max-asset-size.patch => 0007-platform-corstone1000-Increase-ITS-max-asset-size.patch} (100%)
create mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-Platform-CS1000-Replace-OpenAMP-with-RSE_COMMS.patch
create mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-platform-CS1000-Increase-RSE_COMMS-buffer-size.patch
diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch
deleted file mode 100644
index 23609921..00000000
--- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From f7b58b5ba5b48e071eb360c1bcfc4d31290a77c1 Mon Sep 17 00:00:00 2001
-From: Ali Can Ozaslan <ali.oezaslan@arm.com>
-Date: Tue, 5 Mar 2024 21:01:59 +0000
-Subject: [PATCH] Platform:corstone1000:Fix issues due to adjustment Mailbox
- Agent params
-
-Adjust Mailbox Agent API parameters patch changed memory check and
-related parameters. As a result, platform-specific issues occurred.
-Secure side client IDs are converted to negative values. Control
-parameter is created.
-
-Signed-off-by: Bence Balogh <bence.balogh@arm.com>
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
-Upstream-Status: Pending
-
----
- .../tfm_spe_dual_core_psa_client_secure_lib.c | 23 +++++++++++++++----
- 1 file changed, 18 insertions(+), 5 deletions(-)
-
-diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c
-index d2eabe144..39e11b8cd 100644
---- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c
-+++ b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c
-@@ -18,6 +18,9 @@
- #include "utilities.h"
- #include "thread.h"
-
-+#define SE_PROXY_SP_UID 0
-+#define SMM_GW_SP_UID 0x8003
-+
- /**
- * In linux environment and for psa_call type client api,
- * the layout of the reply from tf-m to linux is as following.
-@@ -174,7 +177,14 @@ static psa_status_t prepare_params_for_psa_call(struct client_params_t *params,
- {
- psa_status_t ret = PSA_SUCCESS;
-
-- params->ns_client_id_stateless = s_map_entry->msg.client_id;
-+ if (s_map_entry->msg.client_id == SE_PROXY_SP_UID) {
-+ params->ns_client_id_stateless = -1;
-+ }
-+ else if (s_map_entry->msg.client_id == SMM_GW_SP_UID) {
-+ params->ns_client_id_stateless = -1 * s_map_entry->msg.client_id;
-+ } else {
-+ params->ns_client_id_stateless = s_map_entry->msg.client_id;
-+ }
-
- params->p_outvecs = NULL;
- ret = alloc_and_prepare_out_vecs(¶ms->p_outvecs, s_map_entry);
-@@ -250,6 +260,9 @@ void deliver_msg_to_tfm_spe(void *private)
- struct client_params_t params = {0};
- psa_status_t psa_ret = PSA_ERROR_GENERIC_ERROR;
- unordered_map_entry_t* s_map_entry = (unordered_map_entry_t*)private;
-+ uint32_t control = PARAM_PACK(s_map_entry->msg.params.psa_call_params.type,
-+ s_map_entry->msg.params.psa_call_params.in_len,
-+ s_map_entry->msg.params.psa_call_params.out_len);
-
- switch(s_map_entry->msg.call_type) {
- case OPENAMP_PSA_FRAMEWORK_VERSION:
-@@ -266,11 +279,11 @@ void deliver_msg_to_tfm_spe(void *private)
- send_service_reply_to_non_secure(psa_ret, s_map_entry);
- break;
- }
-+ control = PARAM_SET_NS_INVEC(control);
-+ control = PARAM_SET_NS_OUTVEC(control);
-+ control = PARAM_SET_NS_VEC(control);
- psa_ret = tfm_rpc_psa_call(s_map_entry->msg.params.psa_call_params.handle,
-- PARAM_PACK(s_map_entry->msg.params.psa_call_params.type,
-- s_map_entry->msg.params.psa_call_params.in_len,
-- s_map_entry->msg.params.psa_call_params.out_len),
-- ¶ms, NULL);
-+ control, ¶ms, NULL);
- if (psa_ret != PSA_SUCCESS) {
- send_service_reply_to_non_secure(psa_ret, s_map_entry);
- break;
diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-platform-corstone1000-align-capsule-update-structs.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-platform-corstone1000-align-capsule-update-structs.patch
similarity index 100%
rename from meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-platform-corstone1000-align-capsule-update-structs.patch
rename to meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0003-platform-corstone1000-align-capsule-update-structs.patch
diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-skip-the-first-nv-counter.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-Platform-Corstone1000-skip-the-first-nv-counter.patch
similarity index 100%
rename from meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-skip-the-first-nv-counter.patch
rename to meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0004-Platform-Corstone1000-skip-the-first-nv-counter.patch
diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-add-unique-guid-for-mps3.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-add-unique-guid-for-mps3.patch
similarity index 100%
rename from meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-add-unique-guid-for-mps3.patch
rename to meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-add-unique-guid-for-mps3.patch
diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-fix-synchronization-issue-on-o.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-fix-synchronization-issue-on-o.patch
deleted file mode 100644
index be6bde6f..00000000
--- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0005-platform-corstone1000-fix-synchronization-issue-on-o.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From b70dd14eed59d7c5833ded8469cf99e631951e14 Mon Sep 17 00:00:00 2001
-From: Emekcan Aras <emekcan.aras@arm.com>
-Date: Wed, 15 Nov 2023 09:52:19 +0000
-Subject: [PATCH] platform: corstone1000: fix synchronization issue on openamp
- notification
-
-This fixes a race that is observed rarely in the FVP. It occurs in FVP
-when tfm sends the notication ack in openamp, and then reset the access
-request which resets the mhu registers before received by the host
-processor. This solution introduces polling on the status register of
-mhu until the notificaiton is read by the host processor. (Inspired by
-signal_and_wait_for_signal function in mhu_wrapper_v2_x.c in trusted-firmware-m
-https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git/tree/platform/ext/target/arm/rss/common/native_drivers/mhu_wrapper_v2_x.c#n61)
-
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Upstream-Status: Pending [Not submitted to upstream yet]
----
- .../corstone1000/openamp/platform_spe_dual_core_hal.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c b/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c
-index 7613345ffc..b58088032f 100644
---- a/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c
-+++ b/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c
-@@ -83,7 +83,7 @@ enum tfm_plat_err_t tfm_dual_core_hal_init(void)
-
- enum tfm_plat_err_t tfm_hal_notify_peer(void)
- {
-- uint32_t access_ready;
-+ uint32_t access_ready,val;
- enum mhu_v2_x_error_t status;
- struct mhu_v2_x_dev_t* dev = &MHU1_SE_TO_HOST_DEV;
-
-@@ -108,6 +108,13 @@ enum tfm_plat_err_t tfm_hal_notify_peer(void)
- return TFM_PLAT_ERR_SYSTEM_ERR;
- }
-
-+ do {
-+ status = mhu_v2_x_channel_poll(dev, MHU1_SEH_NOTIFY_CH, &val);
-+ if (status != MHU_V_2_X_ERR_NONE) {
-+ break;
-+ }
-+ } while(val != 0);
-+
- status = mhu_v2_x_reset_access_request(dev);
- if (status != MHU_V_2_X_ERR_NONE) {
- SPMLOG_ERRMSGVAL("mhu_v2_x_reset_access_request : ", status);
---
-2.25.1
-
diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-Platform-Corstone1000-Enable-host-firewall-in-FVP.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-host-firewall-in-FVP.patch
similarity index 100%
rename from meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-Platform-Corstone1000-Enable-host-firewall-in-FVP.patch
rename to meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0006-Platform-Corstone1000-Enable-host-firewall-in-FVP.patch
diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-platform-corstone1000-Increase-ITS-max-asset-size.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-Increase-ITS-max-asset-size.patch
similarity index 100%
rename from meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-platform-corstone1000-Increase-ITS-max-asset-size.patch
rename to meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0007-platform-corstone1000-Increase-ITS-max-asset-size.patch
diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-Platform-CS1000-Replace-OpenAMP-with-RSE_COMMS.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-Platform-CS1000-Replace-OpenAMP-with-RSE_COMMS.patch
new file mode 100644
index 00000000..3e0acbe3
--- /dev/null
+++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0008-Platform-CS1000-Replace-OpenAMP-with-RSE_COMMS.patch
@@ -0,0 +1,3620 @@
+From 5e0e5207fe7edf7f9b47f0800388c7b3c9d69a1c Mon Sep 17 00:00:00 2001
+From: Bence Balogh <bence.balogh@arm.com>
+Date: Mon, 26 Feb 2024 10:20:54 +0100
+Subject: [PATCH] Platform: CS1000: Replace OpenAMP with RSE_COMMS
+
+The RSE_COMMS files were copied from the arm/rse platform (e7fcf4e0)
+Did not copy the ATU and pointer access protocol related files as
+they are not supported yet in Corstone-1000.
+
+There were some modifications in the files:
+- Remove ATU support because Corstone-1000 doesn't have ATU
+- Update and extend platform specific memory and permission checks
+- Remove Armv8.1-M specific calls
+
+The OpenAMP related files were removed from Corstone-1000.
+
+Signed-off-by: Bence Balogh <bence.balogh@arm.com>
+Upstream-Status: Backport [75a980b37fb726dff8720b50de121c8196b70e4e]
+---
+ docs/platform/arm/corstone1000/readme.rst | 5 +-
+ .../target/arm/corstone1000/CMakeLists.txt | 5 +-
+ .../arm/corstone1000/Native_Driver/mhu.h | 140 +++++++
+ .../Native_Driver/mhu_wrapper_v2_x.c | 353 ++++++++++++++++++
+ .../ext/target/arm/corstone1000/config.cmake | 8 -
+ .../arm/corstone1000/openamp/CMakeLists.txt | 57 ---
+ ...ogger-when-the-build-type-is-release.patch | 27 --
+ .../openamp/ext/libmetal/CMakeLists.txt | 23 --
+ .../openamp/ext/libopenamp/CMakeLists.txt | 21 --
+ .../openamp/platform_spe_dual_core_hal.c | 152 --------
+ .../corstone1000/openamp/tfm_openamp_lib.h | 128 -------
+ .../tfm_spe_dual_core_psa_client_secure_lib.c | 304 ---------------
+ .../tfm_spe_dual_core_psa_client_secure_lib.h | 39 --
+ .../openamp/tfm_spe_openamp_interface.h | 39 --
+ .../openamp/tfm_spe_openamp_interface_impl.c | 248 ------------
+ .../tfm_spe_openamp_platform_interconnect.c | 114 ------
+ .../tfm_spe_openamp_platform_interface.h | 31 --
+ .../tfm_spe_psa_client_lib_unordered_map.c | 151 --------
+ .../tfm_spe_psa_client_lib_unordered_map.h | 50 ---
+ .../openamp/tfm_spe_shm_openamp.h | 39 --
+ .../arm/corstone1000/partition/region_defs.h | 12 +-
+ .../arm/corstone1000/rse_comms/CMakeLists.txt | 34 ++
+ .../arm/corstone1000/rse_comms/rse_comms.c | 176 +++++++++
+ .../arm/corstone1000/rse_comms/rse_comms.h | 48 +++
+ .../corstone1000/rse_comms/rse_comms_hal.c | 232 ++++++++++++
+ .../corstone1000/rse_comms/rse_comms_hal.h | 56 +++
+ .../rse_comms/rse_comms_permissions_hal.h | 58 +++
+ .../rse_comms/rse_comms_protocol.c | 120 ++++++
+ .../rse_comms/rse_comms_protocol.h | 129 +++++++
+ .../rse_comms/rse_comms_protocol_embed.c | 105 ++++++
+ .../rse_comms/rse_comms_protocol_embed.h | 50 +++
+ .../corstone1000/rse_comms/rse_comms_queue.c | 64 ++++
+ .../corstone1000/rse_comms/rse_comms_queue.h | 25 ++
+ .../corstone1000/rse_comms_permissions_hal.c | 177 +++++++++
+ .../target/arm/corstone1000/tfm_interrupts.c | 51 +++
+ 35 files changed, 1831 insertions(+), 1440 deletions(-)
+ create mode 100644 platform/ext/target/arm/corstone1000/Native_Driver/mhu.h
+ create mode 100644 platform/ext/target/arm/corstone1000/Native_Driver/mhu_wrapper_v2_x.c
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/CMakeLists.txt
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/ext/libmetal/0001-Disable-logger-when-the-build-type-is-release.patch
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/ext/libmetal/CMakeLists.txt
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/ext/libopenamp/CMakeLists.txt
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_openamp_lib.h
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.h
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface.h
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface_impl.c
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interconnect.c
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interface.h
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.c
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.h
+ delete mode 100644 platform/ext/target/arm/corstone1000/openamp/tfm_spe_shm_openamp.h
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/CMakeLists.txt
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms.c
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.c
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.h
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_permissions_hal.h
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.c
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.h
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.c
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.h
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.c
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.h
+ create mode 100644 platform/ext/target/arm/corstone1000/rse_comms_permissions_hal.c
+ create mode 100644 platform/ext/target/arm/corstone1000/tfm_interrupts.c
+
+diff --git a/docs/platform/arm/corstone1000/readme.rst b/docs/platform/arm/corstone1000/readme.rst
+index 59b167d8f..d46a6460e 100644
+--- a/docs/platform/arm/corstone1000/readme.rst
++++ b/docs/platform/arm/corstone1000/readme.rst
+@@ -19,7 +19,8 @@ and boots the software ecosystem based on linux, u-boot, UEFI run time
+ services, TF-A, Secure Partitions and Optee.
+
+ The communication between NSPE and SPE is based on PSA IPC protocol running on
+-top of FF-A/OpenAMP.
++top of the RSE communication protocol. The Corstone-1000 supports only the
++`Embed protocol`, and the ATU support is removed.
+
+ .. toctree::
+ :maxdepth: 1
+@@ -116,7 +117,7 @@ Other test configurations are:
+ - -DTEST_S_PS=ON/OFF
+ - -DTEST_S_PLATFORM=ON/OFF
+
+-*Copyright (c) 2021-2023, Arm Limited. All rights reserved.*
++*Copyright (c) 2021-2024, Arm Limited. All rights reserved.*
+
+ .. _Arm Ecosystem FVPs: https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
+ .. _Arm Corstone-1000 User Guide: https://corstone1000.docs.arm.com/en/corstone1000-2022.11.23/user-guide.html
+diff --git a/platform/ext/target/arm/corstone1000/CMakeLists.txt b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+index 541504368..e2a7ac302 100644
+--- a/platform/ext/target/arm/corstone1000/CMakeLists.txt
++++ b/platform/ext/target/arm/corstone1000/CMakeLists.txt
+@@ -87,7 +87,7 @@ target_add_scatter_file(bl1_2
+
+ #========================= Platform Secure ====================================#
+
+-add_subdirectory(openamp)
++add_subdirectory(${CMAKE_CURRENT_LIST_DIR}/rse_comms rse_comms)
+
+ add_subdirectory(${PLATFORM_DIR}/ext/accelerator/cc312/cc312-rom cc312-rom)
+
+@@ -124,6 +124,7 @@ target_sources(platform_s
+ Device/Source/system_core_init.c
+ ${PLATFORM_DIR}/ext/target/arm/drivers/usart/pl011/uart_pl011_drv.c
+ Native_Driver/mhu_v2_x.c
++ Native_Driver/mhu_wrapper_v2_x.c
+ Native_Driver/watchdog.c
+ Native_Driver/arm_watchdog_drv.c
+ $<$<BOOL:TFM_PARTITION_PLATFORM>:${CMAKE_CURRENT_SOURCE_DIR}/services/src/tfm_platform_system.c>
+@@ -137,6 +138,7 @@ target_sources(platform_s
+ partition/partition.c
+ partition/gpt.c
+ $<$<NOT:$<BOOL:${PLATFORM_DEFAULT_OTP}>>:${PLATFORM_DIR}/ext/accelerator/cc312/otp_cc312.c>
++ rse_comms_permissions_hal.c
+ )
+
+ if (PLATFORM_IS_FVP)
+@@ -376,6 +378,7 @@ target_sources(tfm_psa_rot_partition_ns_agent_mailbox
+
+ target_sources(tfm_spm
+ PRIVATE
++ tfm_interrupts.c
+ tfm_hal_isolation.c
+ tfm_hal_platform.c
+ $<$<BOOL:${TFM_S_REG_TEST}>:${CMAKE_CURRENT_SOURCE_DIR}/target_cfg.c>
+diff --git a/platform/ext/target/arm/corstone1000/Native_Driver/mhu.h b/platform/ext/target/arm/corstone1000/Native_Driver/mhu.h
+new file mode 100644
+index 000000000..a02fdd883
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/Native_Driver/mhu.h
+@@ -0,0 +1,140 @@
++/*
++ * Copyright (c) 2022-2023 Arm Limited. All rights reserved.
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++#ifndef __MHU_H__
++#define __MHU_H__
++
++#include <stddef.h>
++#include <stdint.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * Generic MHU error enumeration types.
++ */
++enum mhu_error_t {
++ MHU_ERR_NONE = 0,
++ MHU_ERR_NOT_INIT = -1,
++ MHU_ERR_ALREADY_INIT = -2,
++ MHU_ERR_UNSUPPORTED_VERSION = -3,
++ MHU_ERR_UNSUPPORTED = -4,
++ MHU_ERR_INVALID_ARG = -5,
++ MHU_ERR_BUFFER_TOO_SMALL = -6,
++ MHU_ERR_GENERAL = -7,
++};
++
++/**
++ * \brief Initializes sender MHU.
++ *
++ * \param[in] mhu_sender_dev Pointer to the sender MHU.
++ *
++ * \return Returns mhu_error_t error code.
++ *
++ * \note This function must be called before mhu_send_data().
++ */
++enum mhu_error_t mhu_init_sender(void *mhu_sender_dev);
++
++/**
++ * \brief Initializes receiver MHU.
++ *
++ * \param[in] mhu_receiver_dev Pointer to the receiver MHU.
++ *
++ * \return Returns mhu_error_t error code.
++ *
++ * \note This function must be called before mhu_receive_data().
++ */
++enum mhu_error_t mhu_init_receiver(void *mhu_receiver_dev);
++
++/**
++ * \brief Sends data over MHU.
++ *
++ * \param[in] mhu_sender_dev Pointer to the sender MHU.
++ * \param[in] send_buffer Pointer to buffer containing the data to be
++ * transmitted.
++ * \param[in] size Size of the data to be transmitted in bytes.
++ *
++ * \return Returns mhu_error_t error code.
++ *
++ * \note The send_buffer must be 4-byte aligned and its length must be at least
++ * (4 - (size % 4)) bytes bigger than the data size to prevent buffer
++ * over-reading.
++ */
++enum mhu_error_t mhu_send_data(void *mhu_sender_dev,
++ const uint8_t *send_buffer,
++ size_t size);
++
++/**
++ * \brief Wait for data from MHU.
++ *
++ * \param[in] mhu_receiver_dev Pointer to the receiver MHU.
++ *
++ * \return Returns mhu_error_t error code.
++ *
++ * \note This function must be called before mhu_receive_data() if the MHU
++ * receiver interrupt is not used.
++ */
++enum mhu_error_t mhu_wait_data(void *mhu_receiver_dev);
++
++/**
++ * \brief Receives data from MHU.
++ *
++ * \param[in] mhu_receiver_dev Pointer to the receiver MHU.
++ * \param[out] receive_buffer Pointer the buffer where to store the
++ * received data.
++ * \param[in,out] size As input the size of the receive_buffer,
++ * as output the number of bytes received.
++ * As a limitation, the size of the buffer
++ * must be a multiple of 4.
++ *
++ * \return Returns mhu_error_t error code.
++ *
++ * \note The receive_buffer must be 4-byte aligned and its length must be a
++ * multiple of 4.
++ */
++enum mhu_error_t mhu_receive_data(void *mhu_receiver_dev,
++ uint8_t *receive_buffer,
++ size_t *size);
++
++/**
++ * \brief Signals an interrupt over the last available channel and wait for the
++ * values to be cleared by the receiver.
++ *
++ * \param[in] mhu_sender_dev Pointer to the sender MHU.
++ * \param[in] value Value that will be used while signaling.
++ *
++ * \return Returns mhu_error_t error code.
++ */
++enum mhu_error_t signal_and_wait_for_clear(void *mhu_sender_dev,
++ uint32_t value);
++
++/**
++ * \brief Wait for signal on the last available channel in a loop and
++ * acknowledge the transfer by clearing the status on that channel.
++ *
++ * \param[in] mhu_receiver_dev Pointer to the receiver MHU.
++ * \param[in] value Value that will be used while waiting.
++ *
++ * \return Returns mhu_error_t error code.
++ */
++enum mhu_error_t wait_for_signal_and_clear(void *mhu_receiver_dev,
++ uint32_t value);
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* __MHU_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/Native_Driver/mhu_wrapper_v2_x.c b/platform/ext/target/arm/corstone1000/Native_Driver/mhu_wrapper_v2_x.c
+new file mode 100644
+index 000000000..f749f7661
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/Native_Driver/mhu_wrapper_v2_x.c
+@@ -0,0 +1,353 @@
++/*
++ * Copyright (c) 2022-2023 Arm Limited. All rights reserved.
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ * http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++#include "mhu.h"
++
++#include <stddef.h>
++#include <stdint.h>
++
++#include "mhu_v2_x.h"
++
++#define MHU_NOTIFY_VALUE (1234u)
++
++static enum mhu_error_t
++error_mapping_to_mhu_error_t(enum mhu_v2_x_error_t err)
++{
++ switch (err) {
++ case MHU_V_2_X_ERR_NONE:
++ return MHU_ERR_NONE;
++ case MHU_V_2_X_ERR_NOT_INIT:
++ return MHU_ERR_NOT_INIT;
++ case MHU_V_2_X_ERR_ALREADY_INIT:
++ return MHU_ERR_ALREADY_INIT;
++ case MHU_V_2_X_ERR_UNSUPPORTED_VERSION:
++ return MHU_ERR_UNSUPPORTED_VERSION;
++ case MHU_V_2_X_ERR_INVALID_ARG:
++ return MHU_ERR_INVALID_ARG;
++ case MHU_V_2_X_ERR_GENERAL:
++ return MHU_ERR_GENERAL;
++ default:
++ return MHU_ERR_GENERAL;
++ }
++}
++
++enum mhu_error_t
++signal_and_wait_for_clear(void *mhu_sender_dev, uint32_t value)
++{
++ enum mhu_v2_x_error_t err;
++ struct mhu_v2_x_dev_t *dev;
++ uint32_t channel_notify;
++ uint32_t wait_val;
++
++ if (mhu_sender_dev == NULL) {
++ return MHU_ERR_INVALID_ARG;
++ }
++
++ dev = (struct mhu_v2_x_dev_t *)mhu_sender_dev;
++
++ /* Use the last channel for notifications */
++ channel_notify = mhu_v2_x_get_num_channel_implemented(dev) - 1;
++
++ /* FIXME: Avoid wasting a whole channel for notifying */
++ err = mhu_v2_x_channel_send(dev, channel_notify, value);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++
++ do {
++ err = mhu_v2_x_channel_poll(dev, channel_notify, &wait_val);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ break;
++ }
++ } while (wait_val != 0);
++
++ return error_mapping_to_mhu_error_t(err);
++}
++
++enum mhu_error_t
++wait_for_signal_and_clear(void *mhu_receiver_dev, uint32_t value)
++{
++ enum mhu_v2_x_error_t err;
++ struct mhu_v2_x_dev_t *dev;
++ uint32_t channel_notify;
++ uint32_t wait_val;
++
++ if (mhu_receiver_dev == NULL) {
++ return MHU_ERR_INVALID_ARG;
++ }
++
++ dev = (struct mhu_v2_x_dev_t *)mhu_receiver_dev;
++
++ /* Use the last channel for notifications */
++ channel_notify = mhu_v2_x_get_num_channel_implemented(dev) - 1;
++
++ do {
++ /* Using the last channel for notifications */
++ err = mhu_v2_x_channel_receive(dev, channel_notify, &wait_val);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++ } while (wait_val != value);
++
++ /* Clear the last channel */
++ err = mhu_v2_x_channel_clear(dev, channel_notify);
++
++ return error_mapping_to_mhu_error_t(err);
++}
++
++static enum mhu_v2_x_error_t
++clear_and_wait_for_signal(struct mhu_v2_x_dev_t *dev)
++{
++ enum mhu_v2_x_error_t err;
++ uint32_t num_channels = mhu_v2_x_get_num_channel_implemented(dev);
++ uint32_t val, i;
++
++ /* Clear all channels */
++ for (i = 0; i < num_channels; ++i) {
++ err = mhu_v2_x_channel_clear(dev, i);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return err;
++ }
++ }
++
++ do {
++ /* Using the last channel for notifications */
++ err = mhu_v2_x_channel_receive(dev, num_channels - 1, &val);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ break;
++ }
++ } while (val != MHU_NOTIFY_VALUE);
++
++ return err;
++}
++
++enum mhu_error_t mhu_init_sender(void *mhu_sender_dev)
++{
++ enum mhu_v2_x_error_t err;
++ struct mhu_v2_x_dev_t *dev = mhu_sender_dev;
++
++ if (dev == NULL) {
++ return MHU_ERR_INVALID_ARG;
++ }
++
++ err = mhu_v2_x_driver_init(dev, MHU_REV_READ_FROM_HW);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++
++ /* This wrapper requires at least two channels to be implemented */
++ if (mhu_v2_x_get_num_channel_implemented(dev) < 2) {
++ return MHU_ERR_UNSUPPORTED;
++ }
++
++ return MHU_ERR_NONE;
++}
++
++enum mhu_error_t mhu_init_receiver(void *mhu_receiver_dev)
++{
++ enum mhu_v2_x_error_t err;
++ struct mhu_v2_x_dev_t *dev = mhu_receiver_dev;
++ uint32_t num_channels, i;
++
++ if (dev == NULL) {
++ return MHU_ERR_INVALID_ARG;
++ }
++
++ err = mhu_v2_x_driver_init(dev, MHU_REV_READ_FROM_HW);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++
++ num_channels = mhu_v2_x_get_num_channel_implemented(dev);
++
++ /* This wrapper requires at least two channels to be implemented */
++ if (num_channels < 2) {
++ return MHU_ERR_UNSUPPORTED;
++ }
++
++ /* Mask all channels except the notifying channel */
++ for (i = 0; i < (num_channels - 1); ++i) {
++ err = mhu_v2_x_channel_mask_set(dev, i, UINT32_MAX);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++ }
++
++ /* The last channel is used for notifications */
++ err = mhu_v2_x_channel_mask_clear(dev, (num_channels - 1), UINT32_MAX);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++
++ err = mhu_v2_x_interrupt_enable(dev, MHU_2_1_INTR_CHCOMB_MASK);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++
++ return MHU_ERR_NONE;
++}
++
++enum mhu_error_t mhu_send_data(void *mhu_sender_dev,
++ const uint8_t *send_buffer,
++ size_t size)
++{
++ enum mhu_v2_x_error_t err;
++ enum mhu_error_t mhu_err;
++ struct mhu_v2_x_dev_t *dev = mhu_sender_dev;
++ uint32_t num_channels = mhu_v2_x_get_num_channel_implemented(dev);
++ uint32_t chan = 0;
++ uint32_t i;
++ uint32_t *p;
++
++ if (dev == NULL || send_buffer == NULL) {
++ return MHU_ERR_INVALID_ARG;
++ } else if (size == 0) {
++ return MHU_ERR_NONE;
++ }
++
++ /* For simplicity, require the send_buffer to be 4-byte aligned. */
++ if ((uintptr_t)send_buffer & 0x3u) {
++ return MHU_ERR_INVALID_ARG;
++ }
++
++ err = mhu_v2_x_initiate_transfer(dev);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++
++ /* First send over the size of the actual message. */
++ err = mhu_v2_x_channel_send(dev, chan, (uint32_t)size);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++ chan++;
++
++ p = (uint32_t *)send_buffer;
++ for (i = 0; i < size; i += 4) {
++ err = mhu_v2_x_channel_send(dev, chan, *p++);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++ if (++chan == (num_channels - 1)) {
++ mhu_err = signal_and_wait_for_clear(dev, MHU_NOTIFY_VALUE);
++ if (mhu_err != MHU_ERR_NONE) {
++ return mhu_err;
++ }
++ chan = 0;
++ }
++ }
++
++ /* Signal the end of transfer.
++ * It's not required to send a signal when the message was
++ * perfectly-aligned ((num_channels - 1) channels were used in the last
++ * round) preventing it from signaling twice at the end of transfer.
++ */
++ if (chan != 0) {
++ mhu_err = signal_and_wait_for_clear(dev, MHU_NOTIFY_VALUE);
++ if (mhu_err != MHU_ERR_NONE) {
++ return mhu_err;
++ }
++ }
++
++ err = mhu_v2_x_close_transfer(dev);
++ return error_mapping_to_mhu_error_t(err);
++}
++
++enum mhu_error_t mhu_wait_data(void *mhu_receiver_dev)
++{
++ enum mhu_v2_x_error_t err;
++ struct mhu_v2_x_dev_t *dev = mhu_receiver_dev;
++ uint32_t num_channels = mhu_v2_x_get_num_channel_implemented(dev);
++ uint32_t val;
++
++ do {
++ /* Using the last channel for notifications */
++ err = mhu_v2_x_channel_receive(dev, num_channels - 1, &val);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ break;
++ }
++ } while (val != MHU_NOTIFY_VALUE);
++
++ return error_mapping_to_mhu_error_t(err);
++}
++
++enum mhu_error_t mhu_receive_data(void *mhu_receiver_dev,
++ uint8_t *receive_buffer,
++ size_t *size)
++{
++ enum mhu_v2_x_error_t err;
++ struct mhu_v2_x_dev_t *dev = mhu_receiver_dev;
++ uint32_t num_channels = mhu_v2_x_get_num_channel_implemented(dev);
++ uint32_t chan = 0;
++ uint32_t message_len;
++ uint32_t i;
++ uint32_t *p;
++
++ if (dev == NULL || receive_buffer == NULL) {
++ return MHU_ERR_INVALID_ARG;
++ }
++
++ /* For simplicity, require:
++ * - the receive_buffer to be 4-byte aligned,
++ * - the buffer size to be a multiple of 4.
++ */
++ if (((uintptr_t)receive_buffer & 0x3u) || (*size & 0x3u)) {
++ return MHU_ERR_INVALID_ARG;
++ }
++
++ /* The first word is the length of the actual message. */
++ err = mhu_v2_x_channel_receive(dev, chan, &message_len);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++ chan++;
++
++ if (message_len > *size) {
++ /* Message buffer too small */
++ *size = message_len;
++ return MHU_ERR_BUFFER_TOO_SMALL;
++ }
++
++ p = (uint32_t *)receive_buffer;
++ for (i = 0; i < message_len; i += 4) {
++ err = mhu_v2_x_channel_receive(dev, chan, p++);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++
++ /* Only wait for next transfer if there is still missing data. */
++ if (++chan == (num_channels - 1) && (message_len - i) > 4) {
++ /* Busy wait for next transfer */
++ err = clear_and_wait_for_signal(dev);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++ chan = 0;
++ }
++ }
++
++ /* Clear all channels */
++ for (i = 0; i < num_channels; ++i) {
++ err = mhu_v2_x_channel_clear(dev, i);
++ if (err != MHU_V_2_X_ERR_NONE) {
++ return error_mapping_to_mhu_error_t(err);
++ }
++ }
++
++ *size = message_len;
++
++ return MHU_ERR_NONE;
++}
+diff --git a/platform/ext/target/arm/corstone1000/config.cmake b/platform/ext/target/arm/corstone1000/config.cmake
+index 70bbcdafd..6a805a122 100644
+--- a/platform/ext/target/arm/corstone1000/config.cmake
++++ b/platform/ext/target/arm/corstone1000/config.cmake
+@@ -37,14 +37,6 @@ set(TFM_CRYPTO_TEST_ALG_CFB OFF CACHE BOOL "Test CFB cryp
+ set(NS FALSE CACHE BOOL "Whether to build NS app")
+ set(EXTERNAL_SYSTEM_SUPPORT OFF CACHE BOOL "Whether to include external system support.")
+
+-# External dependency on OpenAMP and Libmetal
+-set(LIBMETAL_SRC_PATH "DOWNLOAD" CACHE PATH "Path to Libmetal (or DOWNLOAD to fetch automatically")
+-set(LIBMETAL_VERSION "f252f0e007fbfb8b3a52b1d5901250ddac96baad" CACHE STRING "The version of libmetal to use")
+-set(LIBMETAL_FORCE_PATCH OFF CACHE BOOL "Always apply Libmetal patches")
+-
+-set(LIBOPENAMP_SRC_PATH "DOWNLOAD" CACHE PATH "Path to Libopenamp (or DOWNLOAD to fetch automatically")
+-set(OPENAMP_VERSION "347397decaa43372fc4d00f965640ebde042966d" CACHE STRING "The version of openamp to use")
+-
+ if (${PLATFORM_IS_FVP})
+ set(PLATFORM_PSA_ADAC_SECURE_DEBUG FALSE CACHE BOOL "Whether to use psa-adac secure debug.")
+ else()
+diff --git a/platform/ext/target/arm/corstone1000/openamp/CMakeLists.txt b/platform/ext/target/arm/corstone1000/openamp/CMakeLists.txt
+deleted file mode 100644
+index 32c0def25..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/CMakeLists.txt
++++ /dev/null
+@@ -1,57 +0,0 @@
+-#-------------------------------------------------------------------------------
+-# Copyright (c) 2021, Arm Limited. All rights reserved.
+-#
+-# SPDX-License-Identifier: BSD-3-Clause
+-#
+-#-------------------------------------------------------------------------------
+-
+-add_subdirectory(ext/libmetal)
+-add_subdirectory(ext/libopenamp)
+-
+-set(CMAKE_SYSTEM_PROCESSOR "arm")
+-set(MACHINE "template")
+-set(LIBMETAL_INCLUDE_DIR "${LIBMETAL_BIN_PATH}/lib/include")
+-set(LIBMETAL_LIB "${LIBMETAL_BIN_PATH}/lib")
+-
+-add_subdirectory(${LIBMETAL_SRC_PATH} ${LIBMETAL_BIN_PATH})
+-add_subdirectory(${LIBOPENAMP_SRC_PATH} ${LIBOPENAMP_BIN_PATH})
+-
+-target_include_directories(platform_s
+- PRIVATE
+- ${LIBMETAL_BIN_PATH}/lib/include
+- ${LIBOPENAMP_SRC_PATH}/lib/include
+-)
+-
+-target_include_directories(platform_s
+- PUBLIC
+- .
+-)
+-
+-target_sources(platform_s
+- PRIVATE
+- tfm_spe_openamp_platform_interconnect.c
+- tfm_spe_dual_core_psa_client_secure_lib.c
+- tfm_spe_openamp_interface_impl.c
+- platform_spe_dual_core_hal.c
+- tfm_spe_psa_client_lib_unordered_map.c
+-)
+-
+-target_link_libraries(open_amp-static
+- PRIVATE
+- metal-static
+-)
+-
+-target_compile_definitions(open_amp-static
+- PRIVATE
+- RPMSG_BUFFER_SIZE=8192
+-)
+-
+-target_link_libraries(platform_s
+- PRIVATE
+- open_amp-static
+-)
+-
+-# Export header file shared with non-secure side
+-install(FILES tfm_openamp_lib.h
+- DESTINATION ${INSTALL_INTERFACE_INC_DIR}
+-)
+diff --git a/platform/ext/target/arm/corstone1000/openamp/ext/libmetal/0001-Disable-logger-when-the-build-type-is-release.patch b/platform/ext/target/arm/corstone1000/openamp/ext/libmetal/0001-Disable-logger-when-the-build-type-is-release.patch
+deleted file mode 100644
+index 7c5eacc9f..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/ext/libmetal/0001-Disable-logger-when-the-build-type-is-release.patch
++++ /dev/null
+@@ -1,27 +0,0 @@
+-From d9d92c8848e4567f208f1900aff57e6a234c8130 Mon Sep 17 00:00:00 2001
+-From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+-Date: Wed, 7 Dec 2022 12:37:22 +0000
+-Subject: [PATCH] Disable logger when the build type is release
+-
+-Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
+----
+- cmake/options.cmake | 3 ++-
+- 1 file changed, 2 insertions(+), 1 deletion(-)
+-
+-diff --git a/cmake/options.cmake b/cmake/options.cmake
+-index 25c7c96..7a2b116 100644
+---- a/cmake/options.cmake
+-+++ b/cmake/options.cmake
+-@@ -55,7 +55,8 @@ if (WITH_ZEPHYR)
+- option (WITH_ZEPHYR_LIB "Build libmetal as a zephyr library" OFF)
+- endif (WITH_ZEPHYR)
+-
+--option (WITH_DEFAULT_LOGGER "Build with default logger" ON)
+-+include(CMakeDependentOption)
+-+cmake_dependent_option(WITH_DEFAULT_LOGGER "Build with default logger" ON "${CMAKE_BUILD_TYPE} STREQUAL Debug" OFF)
+-
+- option (WITH_DOC "Build with documentation" ON)
+-
+---
+-2.25.1
+-
+diff --git a/platform/ext/target/arm/corstone1000/openamp/ext/libmetal/CMakeLists.txt b/platform/ext/target/arm/corstone1000/openamp/ext/libmetal/CMakeLists.txt
+deleted file mode 100644
+index fa37fd6be..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/ext/libmetal/CMakeLists.txt
++++ /dev/null
+@@ -1,23 +0,0 @@
+-#-------------------------------------------------------------------------------
+-# Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+-# Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon company)
+-# or an affiliate of Cypress Semiconductor Corporation. All rights reserved.
+-#
+-# SPDX-License-Identifier: BSD-3-Clause
+-#
+-#-------------------------------------------------------------------------------
+-
+-fetch_remote_library(
+- LIB_NAME libmetal
+- LIB_SOURCE_PATH_VAR LIBMETAL_SRC_PATH
+- LIB_BINARY_PATH_VAR LIBMETAL_BIN_PATH
+- LIB_PATCH_DIR ${CMAKE_CURRENT_LIST_DIR}
+- LIB_FORCE_PATCH LIBMETAL_FORCE_PATCH
+- FETCH_CONTENT_ARGS
+- GIT_TAG ${LIBMETAL_VERSION}
+- GIT_REPOSITORY https://github.com/OpenAMP/libmetal.git
+-)
+-
+-if (NOT LIB_BINARY_PATH_VAR)
+-set(LIBMETAL_BIN_PATH "${CMAKE_SOURCE_DIR}/build/lib/ext/libmetal-subbuild" CACHE PATH "Path to build directory of libmetal.")
+-endif()
+diff --git a/platform/ext/target/arm/corstone1000/openamp/ext/libopenamp/CMakeLists.txt b/platform/ext/target/arm/corstone1000/openamp/ext/libopenamp/CMakeLists.txt
+deleted file mode 100644
+index 28c5fa284..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/ext/libopenamp/CMakeLists.txt
++++ /dev/null
+@@ -1,21 +0,0 @@
+-#-------------------------------------------------------------------------------
+-# Copyright (c) 2020-2022, Arm Limited. All rights reserved.
+-# Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon company)
+-# or an affiliate of Cypress Semiconductor Corporation. All rights reserved.
+-#
+-# SPDX-License-Identifier: BSD-3-Clause
+-#
+-#-------------------------------------------------------------------------------
+-
+-fetch_remote_library(
+- LIB_NAME libopenamp
+- LIB_SOURCE_PATH_VAR LIBOPENAMP_SRC_PATH
+- LIB_BINARY_PATH_VAR LIBOPENAMP_BIN_PATH
+- FETCH_CONTENT_ARGS
+- GIT_TAG ${OPENAMP_VERSION}
+- GIT_REPOSITORY https://github.com/OpenAMP/open-amp.git
+-)
+-
+-if (NOT LIB_BINARY_PATH_VAR)
+-set(LIBOPENAMP_BIN_PATH "${CMAKE_SOURCE_DIR}/build/lib/ext/libopenamp-subbuild" CACHE PATH "Path to build directory of open-amp.")
+-endif()
+diff --git a/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c b/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c
+deleted file mode 100644
+index 7613345ff..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/platform_spe_dual_core_hal.c
++++ /dev/null
+@@ -1,152 +0,0 @@
+-/*
+- * Copyright (c) 2021, Arm Limited. All rights reserved.
+- * Copyright (c) 2021-2022 Cypress Semiconductor Corporation (an Infineon
+- * company) or an affiliate of Cypress Semiconductor Corporation. All rights
+- * reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- */
+-
+-#include "tfm_spe_openamp_platform_interface.h"
+-#include "device_cfg.h"
+-#include "device_definition.h"
+-#include "load/interrupt_defs.h"
+-#include "mhu_v2_x.h"
+-#include "tfm_plat_defs.h"
+-#include "tfm_spm_log.h"
+-#include "cmsis.h"
+-
+-#define MHU1_SEH_NOTIFY_CH 0
+-#define MHU1_SEH_NOTIFY_VAL 1234
+-
+-static enum tfm_plat_err_t initialize_secure_enclave_to_host_mhu(void)
+-{
+- enum mhu_v2_x_error_t status;
+-
+- status = mhu_v2_x_driver_init(&MHU1_SE_TO_HOST_DEV, MHU_REV_READ_FROM_HW);
+- if (status != MHU_V_2_X_ERR_NONE) {
+- SPMLOG_ERRMSGVAL("Secure-enclave to Host MHU driver initialization failed: ", status);
+- return TFM_PLAT_ERR_SYSTEM_ERR;
+- }
+- SPMLOG_INFMSG("Secure-enclave to Host MHU Driver initialized successfully.\r\n");
+-
+- return TFM_PLAT_ERR_SUCCESS;
+-}
+-
+-static enum tfm_plat_err_t initialize_host_to_secure_enclave_mhu(void)
+-{
+- enum mhu_v2_x_error_t status;
+-
+- status = mhu_v2_x_driver_init(&MHU1_HOST_TO_SE_DEV, MHU_REV_READ_FROM_HW);
+- if (status != MHU_V_2_X_ERR_NONE) {
+- SPMLOG_ERRMSGVAL("Host to secure-enclave MHU driver initialization failed: ", status);
+- return TFM_PLAT_ERR_SYSTEM_ERR;
+- }
+- SPMLOG_INFMSG("Host to secure-enclave MHU Driver initialized successfully.\r\n");
+-
+- NVIC_EnableIRQ(HSE1_RECEIVER_COMBINED_IRQn);
+-
+- return TFM_PLAT_ERR_SUCCESS;
+-}
+-
+-static struct irq_t mbox_irq_info = {0};
+-
+-void HSE1_RECEIVER_COMBINED_IRQHandler(void)
+-{
+- spm_handle_interrupt(mbox_irq_info.p_pt, mbox_irq_info.p_ildi);
+-
+- mhu_v2_x_channel_clear(&MHU1_HOST_TO_SE_DEV, 0);
+- NVIC_ClearPendingIRQ(HSE1_RECEIVER_COMBINED_IRQn);
+-}
+-
+-enum tfm_hal_status_t mailbox_irq_init(void *p_pt,
+- const struct irq_load_info_t *p_ildi)
+-{
+- mbox_irq_info.p_pt = p_pt;
+- mbox_irq_info.p_ildi = p_ildi;
+-
+- return TFM_HAL_SUCCESS;
+-}
+-
+-enum tfm_plat_err_t tfm_dual_core_hal_init(void)
+-{
+- enum tfm_plat_err_t status;
+-
+- status = initialize_host_to_secure_enclave_mhu();
+- if (status) {
+- return status;
+- }
+- status = initialize_secure_enclave_to_host_mhu();
+-
+- return status;
+-}
+-
+-enum tfm_plat_err_t tfm_hal_notify_peer(void)
+-{
+- uint32_t access_ready;
+- enum mhu_v2_x_error_t status;
+- struct mhu_v2_x_dev_t* dev = &MHU1_SE_TO_HOST_DEV;
+-
+- status = mhu_v2_x_set_access_request(dev);
+- if (status != MHU_V_2_X_ERR_NONE) {
+- SPMLOG_ERRMSGVAL("mhu_v2_x_set_access_request failed : ", status);
+- return TFM_PLAT_ERR_SYSTEM_ERR;
+- }
+-
+- do {
+- status = mhu_v2_x_get_access_ready(dev, &access_ready);
+- if (status != MHU_V_2_X_ERR_NONE) {
+- SPMLOG_ERRMSGVAL("mhu_v2_x_get_access_ready failed : ", status);
+- return TFM_PLAT_ERR_SYSTEM_ERR;
+- }
+- } while(!access_ready);
+-
+- status = mhu_v2_x_channel_send(dev, MHU1_SEH_NOTIFY_CH, MHU1_SEH_NOTIFY_VAL);
+-
+- if (status != MHU_V_2_X_ERR_NONE) {
+- SPMLOG_ERRMSGVAL("mhu_v2_x_channel_send : ", status);
+- return TFM_PLAT_ERR_SYSTEM_ERR;
+- }
+-
+- status = mhu_v2_x_reset_access_request(dev);
+- if (status != MHU_V_2_X_ERR_NONE) {
+- SPMLOG_ERRMSGVAL("mhu_v2_x_reset_access_request : ", status);
+- return TFM_PLAT_ERR_SYSTEM_ERR;
+- }
+- return TFM_PLAT_ERR_SUCCESS;
+-}
+-
+-/*
+- * The function is implemented to support libmetal's mutex and spinlock
+- * implementation. The GCC does not support a respective builtin
+- * functions for Cortex M0+. So below function provides the
+- * missing link for libmetal compilation.
+- * This function will prevent race condition between PendSV context (where
+- * entries are inserted into unordered map) and service threads (where
+- * entries are removed from the unordered map).
+- */
+-bool __atomic_compare_exchange_4(volatile void *mem, void *expected,
+- uint32_t desired, bool var, int success, int failure)
+-{
+- bool ret = false;
+- volatile uint32_t *location = mem;
+- volatile uint32_t *old_val = expected;
+- /* unused variables */
+- (void)var;
+- (void)success;
+- (void)failure;
+-
+- NVIC_DisableIRQ(PendSV_IRQn);
+-
+- do {
+- if (*location != *old_val) {
+- break;
+- }
+- *location = desired;
+- ret = true;
+- } while (0);
+-
+- NVIC_EnableIRQ(PendSV_IRQn);
+-
+- return ret;
+-}
+diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_openamp_lib.h b/platform/ext/target/arm/corstone1000/openamp/tfm_openamp_lib.h
+deleted file mode 100644
+index 2996ba9a8..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/tfm_openamp_lib.h
++++ /dev/null
+@@ -1,128 +0,0 @@
+-/*
+- * Copyright (c) 2021, Arm Limited. All rights reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- *
+- */
+-
+-/*
+- * This header file is common to NSPE and SPE PSA client libraries.
+- */
+-
+-#ifndef __TFM_OPENAMP_LIB_H__
+-#define __TFM_OPENAMP_LIB_H__
+-
+-#include <stdint.h>
+-#include "psa/client.h"
+-
+-#ifdef __cplusplus
+-extern "C" {
+-#endif
+-
+-/* PSA client call type value */
+-#define OPENAMP_PSA_FRAMEWORK_VERSION (0x1)
+-#define OPENAMP_PSA_VERSION (0x2)
+-#define OPENAMP_PSA_CONNECT (0x3)
+-#define OPENAMP_PSA_CALL (0x4)
+-#define OPENAMP_PSA_CLOSE (0x5)
+-
+-/* Return code of openamp APIs */
+-#define OPENAMP_SUCCESS (0)
+-#define OPENAMP_MAP_FULL (INT32_MIN + 1)
+-#define OPENAMP_MAP_ERROR (INT32_MIN + 2)
+-#define OPENAMP_INVAL_PARAMS (INT32_MIN + 3)
+-#define OPENAMP_NO_PERMS (INT32_MIN + 4)
+-#define OPENAMP_NO_PEND_EVENT (INT32_MIN + 5)
+-#define OPENAMP_CHAN_BUSY (INT32_MIN + 6)
+-#define OPENAMP_CALLBACK_REG_ERROR (INT32_MIN + 7)
+-#define OPENAMP_INIT_ERROR (INT32_MIN + 8)
+-
+-#define HOLD_INPUT_BUFFER (1) /* IF true, TF-M Library will hold the openamp
+- * buffer so that openamp shared memory buffer
+- * does not get freed.
+- */
+-
+-/*
+- * This structure holds the parameters used in a PSA client call.
+- */
+-typedef struct __attribute__((packed)) psa_client_in_params {
+- union {
+- struct __attribute__((packed)) {
+- uint32_t sid;
+- } psa_version_params;
+-
+- struct __attribute__((packed)) {
+- uint32_t sid;
+- uint32_t version;
+- } psa_connect_params;
+-
+- struct __attribute__((packed)) {
+- psa_handle_t handle;
+- int32_t type;
+- uint32_t in_vec;
+- uint32_t in_len;
+- uint32_t out_vec;
+- uint32_t out_len;
+- } psa_call_params;
+-
+- struct __attribute__((packed)) {
+- psa_handle_t handle;
+- } psa_close_params;
+- };
+-} psa_client_in_params_t;
+-
+-/* Openamp message passed from NSPE to SPE to deliver a PSA client call */
+-typedef struct __attribute__((packed)) ns_openamp_msg {
+- uint32_t call_type; /* PSA client call type */
+- psa_client_in_params_t params; /* Contain parameters used in PSA
+- * client call
+- */
+-
+- int32_t client_id; /* Optional client ID of the
+- * non-secure caller.
+- * It is required to identify the
+- * non-secure task when NSPE OS
+- * enforces non-secure task
+- * isolation
+- */
+- int32_t request_id; /* This is the unique ID for a
+- * request send to TF-M by the
+- * non-secure core. TF-M forward
+- * the ID back to non-secure on the
+- * reply to a given request. Using
+- * this id, the non-secure library
+- * can identify the request for
+- * which the reply has received.
+- */
+-} ns_openamp_msg_t;
+-
+-/*
+- * This structure holds the location of the out data of the PSA client call.
+- */
+-typedef struct __attribute__((packed)) psa_client_out_params {
+- uint32_t out_vec;
+- uint32_t out_len;
+-} psa_client_out_params_t;
+-
+-
+-/* Openamp message from SPE to NSPE delivering the reply back for a PSA client
+- * call.
+- */
+-typedef struct __attribute__((packed)) s_openamp_msg {
+- int32_t request_id; /* Using this id, the non-secure
+- * library identifies the request.
+- * TF-M forwards the same
+- * request-id received on the
+- * initial request.
+- */
+- int32_t reply; /* Reply of the PSA client call */
+- psa_client_out_params_t params; /* Contain out data result of the
+- * PSA client call.
+- */
+-} s_openamp_msg_t;
+-
+-#ifdef __cplusplus
+-}
+-#endif
+-
+-#endif /* __TFM_OPENAMP_LIB_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c
+deleted file mode 100644
+index d2eabe144..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.c
++++ /dev/null
+@@ -1,304 +0,0 @@
+-/*
+- * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+- * Copyright (c) 2021-2023 Cypress Semiconductor Corporation (an Infineon company)
+- * or an affiliate of Cypress Semiconductor Corporation. All rights reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- *
+- */
+-
+-#include "config_impl.h"
+-#include "tfm_psa_call_pack.h"
+-#include "tfm_spe_dual_core_psa_client_secure_lib.h"
+-#include "tfm_rpc.h"
+-#include "tfm_spe_openamp_interface.h"
+-#include "tfm_spm_log.h"
+-#include "tfm_spe_psa_client_lib_unordered_map.h"
+-#include "psa/error.h"
+-#include "utilities.h"
+-#include "thread.h"
+-
+-/**
+- * In linux environment and for psa_call type client api,
+- * the layout of the reply from tf-m to linux is as following.
+- */
+-typedef struct output_buffer_with_payload {
+- s_openamp_msg_t header;
+- psa_outvec outvec[PSA_MAX_IOVEC];
+- uint8_t payload[]; /* outdata follows */
+-} output_buffer_with_payload_t;
+-
+-static void prepare_and_send_output_msg(int32_t reply, int32_t request_id)
+-{
+- s_openamp_msg_t msg;
+-
+- msg.request_id = request_id;
+- msg.reply = reply;
+-
+- msg.params.out_vec = 0;
+- msg.params.out_len = 0;
+-
+- tfm_to_openamp_reply_back(&msg, sizeof(msg));
+-}
+-
+-static void prepare_and_send_preallocated_output_msg(int32_t reply,
+- const unordered_map_entry_t* s_map_entry)
+-{
+- uint32_t out_len = s_map_entry->msg.params.psa_call_params.out_len;
+- output_buffer_with_payload_t *output_msg = (output_buffer_with_payload_t*)s_map_entry->output_buffer;
+-
+- output_msg->header.request_id = s_map_entry->msg.request_id;
+- output_msg->header.reply = reply;
+-
+- output_msg->header.params.out_vec =
+- (uint32_t)tfm_to_openamp_translate_secure_to_non_secure_ptr(
+- output_msg->outvec);
+- output_msg->header.params.out_len = out_len;
+-
+- for (int i = 0; i < out_len; i++) {
+- output_msg->outvec[i].base = tfm_to_openamp_translate_secure_to_non_secure_ptr(
+- output_msg->outvec[i].base);
+- }
+-
+- /* send msg to non-secure side */
+- tfm_to_openamp_reply_back_no_copy(output_msg, s_map_entry->output_buffer_len);
+-}
+-
+-void send_service_reply_to_non_secure(int32_t reply, void *private)
+-{
+- unordered_map_handle_t handle;
+- const unordered_map_entry_t* s_map_entry = (const unordered_map_entry_t*)private;
+-
+- if (s_map_entry->is_input_buffer_hold) {
+- tfm_to_openamp_release_buffer(s_map_entry->input_buffer);
+- }
+-
+- if (s_map_entry->is_output_buffer) {
+- prepare_and_send_preallocated_output_msg(reply, s_map_entry);
+- } else {
+- prepare_and_send_output_msg(reply, s_map_entry->msg.request_id);
+- }
+-
+- handle = unordered_map_get_entry_handle(s_map_entry);
+- if (handle == INVALID_MAP_HANDLE) {
+- SPMLOG_ERRMSG("FATAL_ERROR: Map handle not valid\r\n");
+- SPM_ASSERT(0);
+- }
+- unordered_map_free(handle);
+-}
+-
+-static psa_invec * prepare_in_vecs(unordered_map_entry_t* s_map_entry)
+-{
+- uint32_t in_len = s_map_entry->msg.params.psa_call_params.in_len;
+- SPM_ASSERT(in_len <= PSA_MAX_IOVEC);
+-
+- psa_invec *input_buffer_in_vec = (psa_invec*)tfm_to_openamp_translate_non_secure_to_secure_ptr(
+- (void*)s_map_entry->msg.params.psa_call_params.in_vec);
+- for (int i = 0; i < in_len; i++) {
+- input_buffer_in_vec[i].base = tfm_to_openamp_translate_non_secure_to_secure_ptr(
+- input_buffer_in_vec[i].base);
+- }
+-
+- return input_buffer_in_vec;
+-}
+-
+-static void * alloc_output_buffer_in_shared_mem(size_t length,
+- unordered_map_entry_t* s_map_entry)
+-{
+- uint32_t buffer_sz = 0;
+-
+- /* pre allocate output_buffer space from openamp shared memory */
+- s_map_entry->output_buffer = tfm_to_openamp_get_buffer(&buffer_sz);
+- SPM_ASSERT((s_map_entry->output_buffer != NULL) && (buffer_sz >= length));
+- s_map_entry->is_output_buffer = true;
+- s_map_entry->output_buffer_len = length;
+- spm_memset(s_map_entry->output_buffer, 0x0, length);
+-
+- return s_map_entry->output_buffer;
+-}
+-
+-static psa_status_t alloc_and_prepare_out_vecs(psa_outvec **out_vec_start_ptr,
+- unordered_map_entry_t* s_map_entry)
+-{
+- psa_outvec *input_buffer_outvec = NULL;
+- size_t output_buffer_len = 0;
+- size_t current_outdata_len = 0;
+- output_buffer_with_payload_t *out_buffer = NULL;
+- int max_shared_mem_buffer_size = 0;
+- uint32_t out_len = s_map_entry->msg.params.psa_call_params.out_len;
+-
+- SPM_ASSERT(out_len <= PSA_MAX_IOVEC);
+- *out_vec_start_ptr = NULL;
+-
+- if (out_len == 0) {
+- return PSA_SUCCESS;
+- }
+-
+- input_buffer_outvec = (psa_outvec*)tfm_to_openamp_translate_non_secure_to_secure_ptr(
+- (void*)s_map_entry->msg.params.psa_call_params.out_vec);
+-
+- /* calculate and validate out data len */
+- output_buffer_len = sizeof(output_buffer_with_payload_t);
+- for (int i = 0; i < out_len; i++) {
+- output_buffer_len += input_buffer_outvec[i].len;
+- }
+- max_shared_mem_buffer_size = tfm_to_openamp_get_buffer_size();
+- if (output_buffer_len > max_shared_mem_buffer_size) {
+- SPMLOG_ERRMSGVAL("required buffer size : ", output_buffer_len);
+- SPMLOG_ERRMSGVAL(" is more than maximum available : ", max_shared_mem_buffer_size);
+- return PSA_ERROR_INVALID_ARGUMENT;
+- }
+-
+- /* prepare output buffer layout */
+- out_buffer = (output_buffer_with_payload_t*)alloc_output_buffer_in_shared_mem(
+- output_buffer_len, s_map_entry);
+-
+- for (int i = 0; i < PSA_MAX_IOVEC; i++) {
+- if (i < out_len) {
+- out_buffer->outvec[i].base = &out_buffer->payload[current_outdata_len];
+- out_buffer->outvec[i].len = input_buffer_outvec[i].len;
+- current_outdata_len += input_buffer_outvec[i].len;
+- } else {
+- out_buffer->outvec[i].base = NULL;
+- out_buffer->outvec[i].len = 0;
+- }
+- }
+-
+- *out_vec_start_ptr = out_buffer->outvec;
+-
+- return PSA_SUCCESS;
+-}
+-
+-static psa_status_t prepare_params_for_psa_call(struct client_params_t *params,
+- unordered_map_entry_t* s_map_entry)
+-{
+- psa_status_t ret = PSA_SUCCESS;
+-
+- params->ns_client_id_stateless = s_map_entry->msg.client_id;
+-
+- params->p_outvecs = NULL;
+- ret = alloc_and_prepare_out_vecs(¶ms->p_outvecs, s_map_entry);
+- if (ret != PSA_SUCCESS) {
+- return ret;
+- }
+-
+- params->p_invecs = prepare_in_vecs(s_map_entry);
+-
+- /* hold the input shared memory */
+- tfm_to_openamp_hold_buffer(s_map_entry->input_buffer);
+- s_map_entry->is_input_buffer_hold = true;
+-
+- return ret;
+-}
+-
+-__STATIC_INLINE int32_t check_msg(const ns_openamp_msg_t *msg)
+-{
+- /*
+- * TODO
+- * Comprehensive check of openamp msessage content can be implemented here.
+- */
+- (void)msg;
+- return OPENAMP_SUCCESS;
+-}
+-
+-static void send_error_to_non_secure(int32_t reply, int32_t request_id)
+-{
+- prepare_and_send_output_msg(reply, request_id);
+-}
+-
+-int32_t register_msg_to_spe_and_verify(void **private, const void *data, size_t len)
+-{
+- unordered_map_entry_t *s_map_entry;
+- ns_openamp_msg_t *ns_msg;
+- unordered_map_handle_t map_handle;
+- int32_t ret = OPENAMP_SUCCESS;
+-
+- *private = NULL;
+-
+- if (len < sizeof(ns_openamp_msg_t)) {
+- SPMLOG_ERRMSG("Invalid parameters.\r\n");
+- send_error_to_non_secure(OPENAMP_INVAL_PARAMS, 0);
+- return OPENAMP_INVAL_PARAMS;
+- }
+-
+- /* start of the data is with "ns_openamp_msg_t" */
+- ns_msg = (ns_openamp_msg_t*)data;
+- ret = unordered_map_insert(ns_msg, data, &map_handle);
+- if (ret) {
+- SPMLOG_ERRMSG("Map insert failed\r\n");
+- send_error_to_non_secure(OPENAMP_MAP_FULL, ns_msg->request_id);
+- return OPENAMP_MAP_FULL;
+- }
+-
+- s_map_entry = unordered_map_get_entry_ptr(map_handle);
+-
+- /* verify msg after copy to the secure memory */
+- if (check_msg(&s_map_entry->msg)) {
+- SPMLOG_ERRMSG("Message is invalid\r\n");
+- send_error_to_non_secure(OPENAMP_INVAL_PARAMS, ns_msg->request_id);
+- unordered_map_free(map_handle);
+- return OPENAMP_INVAL_PARAMS;
+- }
+-
+- *private = s_map_entry;
+-
+- return ret;
+-}
+-
+-void deliver_msg_to_tfm_spe(void *private)
+-{
+- struct client_params_t params = {0};
+- psa_status_t psa_ret = PSA_ERROR_GENERIC_ERROR;
+- unordered_map_entry_t* s_map_entry = (unordered_map_entry_t*)private;
+-
+- switch(s_map_entry->msg.call_type) {
+- case OPENAMP_PSA_FRAMEWORK_VERSION:
+- psa_ret = tfm_rpc_psa_framework_version();
+- send_service_reply_to_non_secure(psa_ret, s_map_entry);
+- break;
+- case OPENAMP_PSA_VERSION:
+- psa_ret = tfm_rpc_psa_version(s_map_entry->msg.params.psa_version_params.sid);
+- send_service_reply_to_non_secure(psa_ret, s_map_entry);
+- break;
+- case OPENAMP_PSA_CALL:
+- psa_ret = prepare_params_for_psa_call(¶ms, s_map_entry);
+- if (psa_ret != PSA_SUCCESS) {
+- send_service_reply_to_non_secure(psa_ret, s_map_entry);
+- break;
+- }
+- psa_ret = tfm_rpc_psa_call(s_map_entry->msg.params.psa_call_params.handle,
+- PARAM_PACK(s_map_entry->msg.params.psa_call_params.type,
+- s_map_entry->msg.params.psa_call_params.in_len,
+- s_map_entry->msg.params.psa_call_params.out_len),
+- ¶ms, NULL);
+- if (psa_ret != PSA_SUCCESS) {
+- send_service_reply_to_non_secure(psa_ret, s_map_entry);
+- break;
+- }
+- break;
+-#if CONFIG_TFM_CONNECTION_BASED_SERVICE_API == 1
+- case OPENAMP_PSA_CONNECT:
+- psa_ret = tfm_rpc_psa_connect(s_map_entry->msg.params.psa_connect_params.sid,
+- s_map_entry->msg.params.psa_connect_params.version,
+- s_map_entry->msg.client_id,
+- NULL);
+- if (psa_ret != PSA_SUCCESS) {
+- send_service_reply_to_non_secure(psa_ret, s_map_entry);
+- }
+- break;
+- case OPENAMP_PSA_CLOSE:
+- tfm_rpc_psa_close(s_map_entry->msg.params.psa_close_params.handle);
+- break;
+-#endif /* CONFIG_TFM_CONNECTION_BASED_SERVICE_API == 1 */
+- default:
+- SPMLOG_ERRMSG("msg type did not recognized\r\n");
+- send_error_to_non_secure(OPENAMP_INVAL_PARAMS, s_map_entry->msg.request_id);
+- unordered_map_free(unordered_map_get_entry_handle(s_map_entry));
+- break;
+- }
+-}
+-
+-void init_dual_core_psa_client_secure_lib(void)
+-{
+- unordered_map_init();
+-}
+diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.h b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.h
+deleted file mode 100644
+index de7891b83..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_dual_core_psa_client_secure_lib.h
++++ /dev/null
+@@ -1,39 +0,0 @@
+-/*
+- * Copyright (c) 2021, Arm Limited. All rights reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- *
+- */
+-
+-#ifndef __TFM_SPE_DUAL_CORE_PSA_CLIENT_SECURE_LIB_H__
+-#define __TFM_SPE_DUAL_CORE_PSA_CLIENT_SECURE_LIB_H__
+-
+-#include "tfm_openamp_lib.h"
+-
+-/**
+- * \brief Initializes the library.
+- */
+-void init_dual_core_psa_client_secure_lib(void);
+-
+-/**
+- * \brief Decodes the messages received from the NSPE before sending
+- * to SPE.
+- */
+-void deliver_msg_to_tfm_spe(void *private);
+-
+-/**
+- * \brief Encodes the reply of service before sending it to NSPE.
+- */
+-void send_service_reply_to_non_secure(int32_t reply, void *private);
+-
+-/**
+- * \brief Validate and register the message. The message details are
+- * copied inside the unordered_map.
+- *
+- * \retval OPENAMP_SUCCESS Successfully registered the message.
+- * \retval Other return code Operation failed with an error code.
+- */
+-int32_t register_msg_to_spe_and_verify(void **private,
+- const void *data, size_t len);
+-
+-#endif /* __TFM_SPE_DUAL_CORE_PSA_CLIENT_SECURE_LIB_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface.h b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface.h
+deleted file mode 100644
+index 25afd5017..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface.h
++++ /dev/null
+@@ -1,39 +0,0 @@
+-/*
+- * Copyright (c) 2020 Linaro Limited
+- *
+- * Copyright (c) 2021, Arm Limited. All rights reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- *
+- */
+-
+-#ifndef TFM_SPE_OPENAMP_INTERFACE_H_
+-#define TFM_SPE_OPENAMP_INTERFACE_H_
+-
+-#define SUCCESS (0)
+-#define ERROR (INT32_MIN + 1)
+-
+-
+-typedef void (*openamp_to_tfm_callback)(const void *data,
+- size_t len);
+-typedef void (*openamp_to_tfm_notify)(void);
+-
+-/*
+- * These functions are the logical interface from TF-M to
+- * OpenAMP.
+- */
+-int32_t tfm_to_openamp_init(openamp_to_tfm_callback cb,
+- openamp_to_tfm_notify notify);
+-void tfm_to_openamp_notify(void);
+-void tfm_to_openamp_spe_map_spinlock_acquire(void);
+-void tfm_to_openamp_spe_map_spinlock_release(void);
+-void tfm_to_openamp_reply_back(const void* data, size_t len);
+-void tfm_to_openamp_reply_back_no_copy(const void* data, size_t len);
+-void tfm_to_openamp_hold_buffer(const void *buffer);
+-void tfm_to_openamp_release_buffer(const void *buffer);
+-void *tfm_to_openamp_get_buffer(uint32_t *len);
+-int tfm_to_openamp_get_buffer_size(void);
+-void *tfm_to_openamp_translate_non_secure_to_secure_ptr(const void *ptr);
+-void *tfm_to_openamp_translate_secure_to_non_secure_ptr(const void *ptr);
+-
+-#endif /* TFM_SPE_OPENAMP_INTERFACE_H_ */
+diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface_impl.c b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface_impl.c
+deleted file mode 100644
+index aa16e9929..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_interface_impl.c
++++ /dev/null
+@@ -1,248 +0,0 @@
+-/*
+- * Copyright (c) 2020 Linaro Limited
+- *
+- * Copyright (c) 2021, Arm Limited. All rights reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- *
+- */
+-
+-#include <metal/device.h>
+-#include <metal/spinlock.h>
+-#include <openamp/open_amp.h>
+-
+-#include "tfm_spe_openamp_interface.h"
+-#include "tfm_spm_log.h"
+-#include "tfm_spe_shm_openamp.h"
+-
+-static metal_phys_addr_t shm_physmap[] = { SHM_START_PHY_ADDR };
+-static struct metal_device shm_device = {
+- .name = SHM_DEVICE_NAME,
+- .bus = NULL,
+- .num_regions = 1,
+- {
+- {
+- .virt = (void *) SHM_START_VIRT_ADDR,
+- .physmap = shm_physmap,
+- .size = SHM_SIZE,
+- .page_shift = 0xffffffff,
+- .page_mask = 0xffffffff,
+- .mem_flags = 0,
+- .ops = { NULL },
+- },
+- },
+- .node = { NULL },
+- .irq_num = 0,
+- .irq_info = NULL
+-};
+-
+-/* Space to be used by virtqueues */
+-#define VQ_STATIC_SIZE (sizeof(struct virtqueue) + (VRING_SIZE * sizeof(struct vq_desc_extra)))
+-uint8_t vq1_static_space[VQ_STATIC_SIZE];
+-uint8_t vq2_static_space[VQ_STATIC_SIZE];
+-
+-static struct virtio_vring_info rvrings[2];
+-
+-static struct virtio_device vdev;
+-static struct rpmsg_virtio_device rvdev;
+-static struct metal_io_region *io;
+-static struct virtqueue *vq[2];
+-static struct rpmsg_virtio_shm_pool shpool;
+-static struct rpmsg_endpoint tfm_ept;
+-static struct rpmsg_endpoint *ep = &tfm_ept;
+-static struct metal_spinlock spe_map_slock;
+-static openamp_to_tfm_callback tfm_callback = NULL;
+-static openamp_to_tfm_notify tfm_notify = NULL;
+-
+-static unsigned char virtio_get_status(struct virtio_device *vdev)
+-{
+- (void)vdev;
+- uint32_t status = *(uint32_t *)VDEV_STATUS_ADDR;
+- return status;
+-}
+-
+-static void virtio_set_status(struct virtio_device *vdev, unsigned char status)
+-{
+- (void)vdev;
+- *(uint32_t *)VDEV_STATUS_ADDR = status;
+-}
+-
+-static uint32_t virtio_get_features(struct virtio_device *vdev)
+-{
+- (void)vdev;
+- return 1 << VIRTIO_RPMSG_F_NS;
+-}
+-
+-static void virtio_notify(struct virtqueue *vq)
+-{
+- (void)vq;
+- tfm_notify();
+-}
+-
+-static struct virtio_dispatch dispatch = {
+- .get_status = virtio_get_status,
+- .set_status = virtio_set_status,
+- .get_features = virtio_get_features,
+- .notify = virtio_notify,
+-};
+-
+-int endpoint_cb(struct rpmsg_endpoint *ept, void *data,
+- size_t len, uint32_t src, void *priv)
+-{
+- (void)ept;
+- (void)src;
+- (void)priv;
+- tfm_callback(data, len);
+- return 0;
+-}
+-
+-static void rpmsg_service_unbind(struct rpmsg_endpoint *ept)
+-{
+- (void)ept;
+- rpmsg_destroy_ept(ep);
+-}
+-
+-void ns_bind_cb(struct rpmsg_device *rdev, const char *name, uint32_t dest)
+-{
+- (void)rpmsg_create_ept(ep, rdev, name,
+- RPMSG_ADDR_ANY, dest,
+- endpoint_cb,
+- rpmsg_service_unbind);
+-}
+-
+-void tfm_to_openamp_notify(void)
+-{
+- virtqueue_notification(vq[0]);
+-}
+-
+-void tfm_to_openamp_spe_map_spinlock_acquire(void)
+-{
+- metal_spinlock_acquire(&spe_map_slock);
+-}
+-
+-void tfm_to_openamp_spe_map_spinlock_release(void)
+-{
+- metal_spinlock_release(&spe_map_slock);
+-}
+-
+-void tfm_to_openamp_reply_back(const void* data, size_t len)
+-{
+- rpmsg_send(ep, data, len);
+-}
+-
+-void tfm_to_openamp_reply_back_no_copy(const void* data, size_t len)
+-{
+- rpmsg_send_nocopy(ep, data, len);
+-}
+-
+-void tfm_to_openamp_hold_buffer(const void *buffer)
+-{
+- rpmsg_hold_rx_buffer(ep, (void*)buffer);
+-}
+-
+-void tfm_to_openamp_release_buffer(const void *buffer)
+-{
+- rpmsg_release_rx_buffer(ep, (void*)buffer);
+-}
+-
+-void *tfm_to_openamp_get_buffer(uint32_t *len)
+-{
+- return rpmsg_get_tx_payload_buffer(ep, len, 1);
+-}
+-
+-int tfm_to_openamp_get_buffer_size(void)
+-{
+- return rpmsg_virtio_get_buffer_size(&rvdev.rdev);
+-}
+-
+-void *tfm_to_openamp_translate_non_secure_to_secure_ptr(const void *ptr)
+-{
+- metal_phys_addr_t phys = 0;
+- phys = (metal_phys_addr_t)ptr;
+- return metal_io_phys_to_virt(io, phys);
+-}
+-
+-void *tfm_to_openamp_translate_secure_to_non_secure_ptr(const void *ptr)
+-{
+- metal_phys_addr_t phys = metal_io_virt_to_phys(io, (void*)ptr);
+- return (void*)phys;
+-}
+-
+-int32_t tfm_to_openamp_init(openamp_to_tfm_callback cb,
+- openamp_to_tfm_notify notify)
+-{
+- int status = 0;
+- struct metal_device *device;
+- struct metal_init_params metal_params = METAL_INIT_DEFAULTS;
+-
+- SPMLOG_INFMSG("TF-M OpenAMP[master] starting initialization...\r\n");
+-
+- if (cb == NULL || notify == NULL) {
+- SPMLOG_ERRMSG("invalid parameters\r\n");
+- return ERROR;
+- }
+- tfm_callback = cb;
+- tfm_notify = notify;
+-
+- metal_spinlock_init(&spe_map_slock);
+-
+- status = metal_init(&metal_params);
+- if (status != 0) {
+- SPMLOG_ERRMSG("metal_init: failed - error code\r\n");
+- return ERROR;
+- }
+-
+- status = metal_register_generic_device(&shm_device);
+- if (status != 0) {
+- SPMLOG_ERRMSG("Couldn't register shared memory device\r\n");
+- return ERROR;
+- }
+-
+- status = metal_device_open("generic", SHM_DEVICE_NAME, &device);
+- if (status != 0) {
+- SPMLOG_ERRMSG("metal_device_open failed\r\n");
+- return ERROR;
+- }
+-
+- io = metal_device_io_region(device, 0);
+- if (io == NULL) {
+- SPMLOG_ERRMSG("metal_device_io_region failed to get region\r\n");
+- return ERROR;
+- }
+-
+- /* setup vdev */
+-
+- memset(vq1_static_space, 0x0, VQ_STATIC_SIZE);
+- vq[0] = (struct virtqueue *)vq1_static_space;
+-
+- memset(vq2_static_space, 0x0, VQ_STATIC_SIZE);
+- vq[1] = (struct virtqueue *)vq2_static_space;
+-
+- vdev.role = RPMSG_MASTER;
+- vdev.vrings_num = VRING_COUNT;
+- vdev.func = &dispatch;
+- rvrings[0].io = io;
+- rvrings[0].info.vaddr = (void *)VRING_TX_ADDRESS;
+- rvrings[0].info.num_descs = VRING_SIZE;
+- rvrings[0].info.align = VRING_ALIGNMENT;
+- rvrings[0].vq = vq[0];
+-
+- rvrings[1].io = io;
+- rvrings[1].info.vaddr = (void *)VRING_RX_ADDRESS;
+- rvrings[1].info.num_descs = VRING_SIZE;
+- rvrings[1].info.align = VRING_ALIGNMENT;
+- rvrings[1].vq = vq[1];
+-
+- vdev.vrings_info = &rvrings[0];
+-
+- /* setup rvdev */
+- rpmsg_virtio_init_shm_pool(&shpool, (void *)SHM_START_VIRT_ADDR, SHM_SIZE);
+- status = rpmsg_init_vdev(&rvdev, &vdev, ns_bind_cb, io, &shpool);
+- if (status != 0) {
+- SPMLOG_ERRMSGVAL("rpmsg_init_vdev failed : ", status);
+- return ERROR;
+- }
+- SPMLOG_INFMSG("rpmsg_init_vdev Done!\r\n");
+-
+- return SUCCESS;
+-}
+diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interconnect.c b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interconnect.c
+deleted file mode 100644
+index db8e8ac8b..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interconnect.c
++++ /dev/null
+@@ -1,114 +0,0 @@
+-/*
+- * Copyright (c) 2021-2022, Arm Limited. All rights reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- *
+- */
+-
+-#include "tfm_spe_openamp_platform_interface.h"
+-#include "tfm_spe_dual_core_psa_client_secure_lib.h"
+-#include "tfm_rpc.h"
+-#include "tfm_spe_openamp_interface.h"
+-#include "tfm_multi_core.h"
+-#include "tfm_spm_log.h"
+-#include "utilities.h"
+-
+-static void *registered_msg = NULL;
+-
+-/* Process call from the other core. */
+-void callback_from_openamp(const void *ns_msg, size_t len)
+-{
+- int32_t ret = OPENAMP_SUCCESS;
+- void *priv = NULL;
+-
+- ret = register_msg_to_spe_and_verify(&priv, ns_msg, len);
+- if (ret != OPENAMP_SUCCESS) {
+- return;
+- }
+-
+- /*
+- * registered_msg will be used inside get_caller_private_data.
+- * get_caller_private_data will be called in the same context:
+- * deliver_msg* => tfm_rpc_xxx => tfm_spm_xxx => spm_init_connection
+- * => tfm_rpc_set_caller_data => get_caller_private_data
+- */
+- registered_msg = priv;
+-
+- deliver_msg_to_tfm_spe(priv);
+-}
+-
+-/* RPC reply() callback */
+-static void service_reply(const void *priv, int32_t ret)
+-{
+- send_service_reply_to_non_secure(ret, (void*)priv);
+-}
+-
+-/* RPC get_caller_data() callback */
+-static const void *get_caller_private_data(int32_t client_id)
+-{
+- if (!registered_msg) {
+- SPMLOG_ERRMSG("FATAL_ERROR: Map pointer cannot be NULL.\r\n");
+- SPM_ASSERT(0);
+- }
+-
+- return registered_msg;
+-}
+-
+-/* Openamp specific operations callback for TF-M RPC */
+-static const struct tfm_rpc_ops_t openamp_rpc_ops = {
+- .handle_req = tfm_to_openamp_notify, /* notify openamp for pendsv/irq
+- * received from the non-secure */
+- .reply = service_reply,
+- .get_caller_data = get_caller_private_data,
+-};
+-
+-void notify_request_from_openamp(void)
+-{
+- int32_t ret;
+-
+- ret = tfm_hal_notify_peer();
+- if (ret) {
+- SPMLOG_ERRMSGVAL("tfm_hal_notify_peer failed ", ret);
+- }
+- return;
+-}
+-
+-/* Openmap initialization */
+-static int32_t tfm_spe_openamp_lib_init(void)
+-{
+- int32_t ret;
+-
+- ret = tfm_dual_core_hal_init();
+- if (ret) {
+- SPMLOG_ERRMSGVAL("tfm_dual_core_hal_init failed ", ret);
+- return OPENAMP_INIT_ERROR;
+- }
+-
+- ret = tfm_to_openamp_init(callback_from_openamp,
+- notify_request_from_openamp);
+- if (ret) {
+- SPMLOG_ERRMSGVAL("tfm_to_openamp_init failed ", ret);
+- return OPENAMP_INIT_ERROR;
+- }
+-
+- init_dual_core_psa_client_secure_lib();
+-
+- /* Register RPC callbacks */
+- ret = tfm_rpc_register_ops(&openamp_rpc_ops);
+- if (ret) {
+- SPMLOG_ERRMSGVAL("tfm_rpc_register_ops failed ", ret);
+- return OPENAMP_CALLBACK_REG_ERROR;
+- }
+-
+- SPMLOG_INFMSG("tfm_spe_openamp_lib_init initialized success.\r\n");
+- return OPENAMP_SUCCESS;
+-}
+-
+-int32_t tfm_inter_core_comm_init(void)
+-{
+- if (tfm_spe_openamp_lib_init()) {
+- return TFM_PLAT_ERR_SYSTEM_ERR;
+- }
+-
+- return TFM_PLAT_ERR_SUCCESS;
+-}
+diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interface.h b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interface.h
+deleted file mode 100644
+index 4c720b731..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_openamp_platform_interface.h
++++ /dev/null
+@@ -1,31 +0,0 @@
+-/*
+- * Copyright (c) 2021, Arm Limited. All rights reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- *
+- */
+-
+-#ifndef __TFM_SPE_OPENAMP_PLATFORM_INTERFACE_H__
+-#define __TFM_SPE_OPENAMP_PLATFORM_INTERFACE_H__
+-
+-#include "tfm_openamp_lib.h"
+-#include "tfm_plat_defs.h"
+-
+-/**
+- * \brief Platform specific initialization of SPE openamp.
+- *
+- * \retval TFM_PLAT_ERR_SUCCESS Operation succeeded.
+- * \retval Other return code Operation failed with an error code.
+- */
+-enum tfm_plat_err_t tfm_dual_core_hal_init(void);
+-
+-/**
+- * \brief Notify NSPE that a PSA client call return result is replied.
+- * Implemented by platform specific inter-processor communication driver.
+- *
+- * \retval TFM_PLAT_ERR_SUCCESS The notification is successfully sent out.
+- * \retval Other return code Operation failed with an error code.
+- */
+-enum tfm_plat_err_t tfm_hal_notify_peer(void);
+-
+-#endif /* __TFM_SPE_OPENAMP_PLATFORM_INTERFACE_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.c b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.c
+deleted file mode 100644
+index 007a675bd..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.c
++++ /dev/null
+@@ -1,151 +0,0 @@
+-/*
+- * Copyright (c) 2021, Arm Limited. All rights reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- *
+- */
+-
+-#include "tfm_spe_psa_client_lib_unordered_map.h"
+-#include "utilities.h"
+-#include "tfm_spe_openamp_interface.h"
+-#include "tfm_spe_shm_openamp.h"
+-#include <stdbool.h>
+-#include <stddef.h>
+-#include <string.h>
+-
+-/*
+- * SPE map where tf-m copies the psa_client parameters
+- * from non-secure memory to its local secure memory.
+- */
+-typedef struct unordered_map {
+- /*
+- * Aligned with TFM_MAX_MESSAGES. A more sophisticated approach is
+- * required if the intent is to increase TFM_MAX_MESSAGES beyond
+- * 32 bits.
+- */
+- uint32_t busy_slots; /* protected by a spinlock */
+- unordered_map_entry_t map[TFM_MAX_MESSAGES];
+-} unordered_map_t;
+-
+-
+-/*
+- * TF-M secure memory map: the parameters are copied to secure memory
+- * from openamp non-secure memory. This is to avoid TOCTOU attack.
+- */
+-static unordered_map_t psa_client_lib_map_;
+-
+-static inline int find_first_unset_bit(uint32_t n)
+-{
+- int index = -1;
+- n = ~n & (n+1);
+- while(n>0) {
+- n >>= 1;
+- index++;
+- }
+- return index;
+-}
+-
+-static inline bool is_map_full(unordered_map_t *m)
+-{
+- return (~(m->busy_slots) == 0);
+-}
+-
+-static inline void set_bit(uint32_t *n, int index)
+-{
+- *n = (*n | (1 << index));
+-}
+-
+-static inline bool is_bit_set(uint32_t n, int index)
+-{
+- return ((n & (1 << index)) != 0);
+-}
+-
+-static inline void unset_bit(uint32_t *n, int index)
+-{
+- uint32_t mask = 0;
+- mask |= (1 << index);
+- *n = (*n & ~mask);
+-}
+-
+-void unordered_map_init(void)
+-{
+- tfm_to_openamp_spe_map_spinlock_acquire();
+- psa_client_lib_map_.busy_slots = 0;
+- tfm_to_openamp_spe_map_spinlock_release();
+-}
+-
+-static int32_t alloc_map_entry(unordered_map_handle_t *handle)
+-{
+- int32_t ret;
+- tfm_to_openamp_spe_map_spinlock_acquire();
+- do {
+- if (is_map_full(&psa_client_lib_map_)) {
+- ret = OPENAMP_MAP_FULL;
+- break;
+- }
+- *handle = find_first_unset_bit(psa_client_lib_map_.busy_slots);
+- set_bit(&psa_client_lib_map_.busy_slots, *handle);
+- ret = OPENAMP_SUCCESS;
+- } while (0);
+- tfm_to_openamp_spe_map_spinlock_release();
+- return ret;
+-}
+-
+-int32_t unordered_map_insert(const ns_openamp_msg_t *ns_msg, const void *in,
+- unordered_map_handle_t *handle)
+-{
+- int32_t ret;
+-
+- ret = alloc_map_entry(handle);
+- if (ret) {
+- return ret;
+- }
+-
+- memcpy(&psa_client_lib_map_.map[*handle].msg, ns_msg,
+- sizeof(ns_openamp_msg_t));
+-
+- psa_client_lib_map_.map[*handle].input_buffer = in;
+- psa_client_lib_map_.map[*handle].output_buffer = NULL;
+- psa_client_lib_map_.map[*handle].output_buffer_len = 0;
+- psa_client_lib_map_.map[*handle].is_input_buffer_hold = false;
+- psa_client_lib_map_.map[*handle].is_output_buffer = false;
+-
+- psa_client_lib_map_.map[*handle].handle = *handle;
+-
+- return OPENAMP_SUCCESS;
+-}
+-
+-void unordered_map_free(unordered_map_handle_t handle)
+-{
+- if (handle >= TFM_MAX_MESSAGES || handle < 0) {
+- return;
+- }
+- spm_memset(&psa_client_lib_map_.map[handle], 0,
+- sizeof(unordered_map_entry_t));
+-
+- tfm_to_openamp_spe_map_spinlock_acquire();
+- unset_bit(&psa_client_lib_map_.busy_slots, handle);
+- tfm_to_openamp_spe_map_spinlock_release();
+-}
+-
+-unordered_map_entry_t* unordered_map_get_entry_ptr(unordered_map_handle_t handle)
+-{
+- if (handle >= TFM_MAX_MESSAGES || handle < 0) {
+- return NULL;
+- }
+- if (!is_bit_set(psa_client_lib_map_.busy_slots, handle)) {
+- return NULL;
+- }
+- return &psa_client_lib_map_.map[handle];
+-}
+-
+-unordered_map_handle_t unordered_map_get_entry_handle(
+- const unordered_map_entry_t *ptr)
+-{
+- if (!ptr) {
+- return INVALID_MAP_HANDLE;
+- }
+-
+- return ptr->handle;
+-}
+-
+diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.h b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.h
+deleted file mode 100644
+index 1d094133b..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_psa_client_lib_unordered_map.h
++++ /dev/null
+@@ -1,50 +0,0 @@
+-/*
+- * Copyright (c) 2021, Arm Limited. All rights reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- *
+- */
+-
+-#ifndef __TFM_SPE_PSA_CLIENT_LIB_UNORDERED_MAP_H__
+-#define __TFM_SPE_PSA_CLIENT_LIB_UNORDERED_MAP_H__
+-
+-#include <stdbool.h>
+-#include "tfm_openamp_lib.h"
+-
+-/* 16 bits are sufficient to store the handle. Also
+- * choosing 16bits allow for better packing inside
+- * the struct unordered_map_entry_t.
+- */
+-typedef int16_t unordered_map_handle_t;
+-#define INVALID_MAP_HANDLE -1
+-
+-/* An entry structure of map data structure */
+-typedef struct unordered_map_entry {
+- ns_openamp_msg_t msg;
+- const void *input_buffer;
+- void *output_buffer;
+- size_t output_buffer_len;
+- unordered_map_handle_t handle; /* entry handle */
+- bool is_input_buffer_hold; /* true when input buffer is held */
+- bool is_output_buffer; /* true when output buffer is preallocated */
+-} unordered_map_entry_t;
+-
+-/* Initialize the map data structure */
+-void unordered_map_init(void);
+-
+-/* Insert entry into the map and return a handle to the entry */
+-int32_t unordered_map_insert(const ns_openamp_msg_t *msg, const void *in,
+- unordered_map_handle_t *handle);
+-
+-/* Free respective entry into the map represented by the handle */
+-void unordered_map_free(unordered_map_handle_t handle);
+-
+-/* Using a handle return the memory pointer of the entry */
+-unordered_map_entry_t* unordered_map_get_entry_ptr(
+- unordered_map_handle_t handle);
+-
+-/* Using a entry memory location, return respective handle */
+-unordered_map_handle_t unordered_map_get_entry_handle(
+- const unordered_map_entry_t *ptr);
+-
+-#endif /* __TFM_SPE_PSA_CLIENT_LIB_UNORDERED_MAP_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_shm_openamp.h b/platform/ext/target/arm/corstone1000/openamp/tfm_spe_shm_openamp.h
+deleted file mode 100644
+index 6e8cde8f4..000000000
+--- a/platform/ext/target/arm/corstone1000/openamp/tfm_spe_shm_openamp.h
++++ /dev/null
+@@ -1,39 +0,0 @@
+-/*
+- * Copyright (c) 2020 Linaro Limited
+- *
+- * Copyright (c) 2021, Arm Limited. All rights reserved.
+- *
+- * SPDX-License-Identifier: BSD-3-Clause
+- *
+- */
+-
+-#ifndef TFM_SPE_SHM_OPEN_AMP_H_
+-#define TFM_SPE_SHM_OPEN_AMP_H_
+-
+-#include "region_defs.h"
+-
+-#define VDEV_STATUS_ADDR (OPENAMP_SE_SHARED_MEMORY_START_ADDR)
+-#define VDEV_STATUS_SIZE (0x1000) // 4 KB
+-#define SHM_START_VIRT_ADDR (OPENAMP_SE_SHARED_MEMORY_START_ADDR + VDEV_STATUS_SIZE)
+-#define SHM_START_PHY_ADDR (OPENAMP_HOST_SHARED_MEMORY_START_ADDR + VDEV_STATUS_SIZE)
+-#define SHM_SIZE OPENAMP_SHARED_MEMORY_SIZE - VDEV_STATUS_SIZE
+-#define SHM_DEVICE_NAME "cvm.shm"
+-
+-#define VRING_COUNT 2
+-#define VRING_MEM_SIZE (0x1000) // 4 KB
+-#define VRING_TX_ADDRESS (SHM_START_VIRT_ADDR + SHM_SIZE - VRING_MEM_SIZE)
+-#define VRING_RX_ADDRESS (SHM_START_VIRT_ADDR + SHM_SIZE - (2 * VRING_MEM_SIZE))
+-#define VRING_ALIGNMENT 4
+-#define VRING_SIZE 16
+-
+-/*
+- * The tf-m can only accept MAX_MESSAGES at a given time.
+- * The Host should set RPMSG_BUFFER_SIZE accrodingly
+- * such that tf-m does not recieve more than
+- * TFM_MAX_MESSAGES messages.
+- * Changing this macro DOES NOT increase TF-M capabilities
+- * to handle more messages.
+- */
+-#define TFM_MAX_MESSAGES (32)
+-
+-#endif /* TFM_SPE_SHM_OPEN_AMP_H_ */
+diff --git a/platform/ext/target/arm/corstone1000/partition/region_defs.h b/platform/ext/target/arm/corstone1000/partition/region_defs.h
+index 64ab786e5..a80b07737 100644
+--- a/platform/ext/target/arm/corstone1000/partition/region_defs.h
++++ b/platform/ext/target/arm/corstone1000/partition/region_defs.h
+@@ -59,13 +59,13 @@
+ #define S_DATA_LIMIT (S_DATA_START + S_DATA_SIZE - 1)
+ #define S_DATA_PRIV_START (S_DATA_START + S_UNPRIV_DATA_SIZE)
+
+-/* OpenAMP shared memory region */
+-#define OPENAMP_SE_SHARED_MEMORY_START_ADDR 0xA8000000
+-#define OPENAMP_HOST_SHARED_MEMORY_START_ADDR 0x88000000
+-#define OPENAMP_SHARED_MEMORY_SIZE (1024 * 1024) /* 1MB */
++/* Shared memory region */
++#define INTER_PROCESSOR_SE_SHARED_MEMORY_START_ADDR 0xA8000000
++#define INTER_PROCESSOR_HOST_SHARED_MEMORY_START_ADDR 0x88000000
++#define INTER_PROCESSOR_SHARED_MEMORY_SIZE (1024 * 1024) /* 1MB */
+
+-#define NS_DATA_START OPENAMP_SE_SHARED_MEMORY_START_ADDR
+-#define NS_DATA_SIZE OPENAMP_SHARED_MEMORY_SIZE
++#define NS_DATA_START INTER_PROCESSOR_SE_SHARED_MEMORY_START_ADDR
++#define NS_DATA_SIZE INTER_PROCESSOR_SHARED_MEMORY_SIZE
+
+ #define S_CODE_VECTOR_TABLE_SIZE (0xc0)
+
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/CMakeLists.txt b/platform/ext/target/arm/corstone1000/rse_comms/CMakeLists.txt
+new file mode 100644
+index 000000000..7c4bc0fef
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/CMakeLists.txt
+@@ -0,0 +1,34 @@
++#-------------------------------------------------------------------------------
++# Copyright (c) 2022-2024, Arm Limited. All rights reserved.
++#
++# SPDX-License-Identifier: BSD-3-Clause
++#
++#-------------------------------------------------------------------------------
++
++target_include_directories(platform_s
++ PUBLIC
++ .
++)
++
++target_sources(platform_s
++ PRIVATE
++ rse_comms.c
++ rse_comms_hal.c
++ rse_comms_queue.c
++ rse_comms_protocol.c
++ rse_comms_protocol_embed.c
++)
++
++target_compile_definitions(platform_s
++ PRIVATE
++ RSE_COMMS_MAX_CONCURRENT_REQ=1
++ RSE_COMMS_PROTOCOL_EMBED_ENABLED
++ $<$<BOOL:${CONFIG_TFM_HALT_ON_CORE_PANIC}>:CONFIG_TFM_HALT_ON_CORE_PANIC>
++)
++
++# For spm_log_msgval
++target_link_libraries(platform_s
++ PRIVATE
++ tfm_spm
++ tfm_sprt
++)
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.c b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.c
+new file mode 100644
+index 000000000..df2b6bffa
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.c
+@@ -0,0 +1,176 @@
++/*
++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
++ * Copyright (c) 2023 Cypress Semiconductor Corporation (an Infineon company)
++ * or an affiliate of Cypress Semiconductor Corporation. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#include "rse_comms.h"
++
++#include <stddef.h>
++#include <stdint.h>
++
++#include "rse_comms_hal.h"
++#include "rse_comms_queue.h"
++#include "tfm_rpc.h"
++#include "tfm_multi_core.h"
++#include "tfm_hal_multi_core.h"
++#include "tfm_psa_call_pack.h"
++#include "tfm_spm_log.h"
++#include "rse_comms_permissions_hal.h"
++
++static struct client_request_t *req_to_process;
++
++static psa_status_t message_dispatch(struct client_request_t *req)
++{
++ int32_t client_id;
++ enum tfm_plat_err_t plat_err;
++
++ /* Create the call parameters */
++ struct client_params_t params = {
++ .p_invecs = req->in_vec,
++ .p_outvecs = req->out_vec,
++ };
++
++ SPMLOG_DBGMSG("[RSE-COMMS] Dispatching message\r\n");
++ SPMLOG_DBGMSGVAL("handle=", req->handle);
++ SPMLOG_DBGMSGVAL("type=", req->type);
++ SPMLOG_DBGMSGVAL("in_len=", req->in_len);
++ SPMLOG_DBGMSGVAL("out_len=", req->out_len);
++ if (req->in_len > 0) {
++ SPMLOG_DBGMSGVAL("in_vec[0].len=", req->in_vec[0].len);
++ }
++ if (req->in_len > 1) {
++ SPMLOG_DBGMSGVAL("in_vec[1].len=", req->in_vec[1].len);
++ }
++ if (req->in_len > 2) {
++ SPMLOG_DBGMSGVAL("in_vec[2].len=", req->in_vec[2].len);
++ }
++ if (req->in_len > 3) {
++ SPMLOG_DBGMSGVAL("in_vec[3].len=", req->in_vec[3].len);
++ }
++ if (req->out_len > 0) {
++ SPMLOG_DBGMSGVAL("out_vec[0].len=", req->out_vec[0].len);
++ }
++ if (req->out_len > 1) {
++ SPMLOG_DBGMSGVAL("out_vec[1].len=", req->out_vec[1].len);
++ }
++ if (req->out_len > 2) {
++ SPMLOG_DBGMSGVAL("out_vec[2].len=", req->out_vec[2].len);
++ }
++ if (req->out_len > 3) {
++ SPMLOG_DBGMSGVAL("out_vec[3].len=", req->out_vec[3].len);
++ }
++
++ plat_err = comms_permissions_service_check(req->handle,
++ req->in_vec,
++ req->in_len,
++ req->type);
++ if (plat_err != TFM_PLAT_ERR_SUCCESS) {
++ SPMLOG_ERRMSG("[RSE-COMMS] Call not permitted\r\n");
++ return PSA_ERROR_NOT_PERMITTED;
++ }
++
++ client_id = tfm_hal_client_id_translate(req->mhu_sender_dev,
++ (int32_t)(req->client_id));
++ if (client_id >= 0) {
++ SPMLOG_ERRMSGVAL("[RSE-COMMS] Invalid client_id: ",
++ (uint32_t)(req->client_id));
++ return PSA_ERROR_INVALID_ARGUMENT;
++ }
++ params.ns_client_id_stateless = client_id;
++
++ return tfm_rpc_psa_call(req->handle,
++ PARAM_PACK(req->type,
++ req->in_len,
++ req->out_len),
++ ¶ms,
++ NULL);
++}
++
++static void rse_comms_reply(const void *owner, int32_t ret)
++{
++ struct client_request_t *req = (struct client_request_t *)owner;
++
++ req->return_val = ret;
++
++ SPMLOG_DBGMSG("[RSE-COMMS] Sending reply\r\n");
++ SPMLOG_DBGMSGVAL("protocol_ver=", req->protocol_ver);
++ SPMLOG_DBGMSGVAL("seq_num=", req->seq_num);
++ SPMLOG_DBGMSGVAL("client_id=", req->client_id);
++ SPMLOG_DBGMSGVAL("return_val=", req->return_val);
++ SPMLOG_DBGMSGVAL("out_vec[0].len=", req->out_vec[0].len);
++ SPMLOG_DBGMSGVAL("out_vec[1].len=", req->out_vec[1].len);
++ SPMLOG_DBGMSGVAL("out_vec[2].len=", req->out_vec[2].len);
++ SPMLOG_DBGMSGVAL("out_vec[3].len=", req->out_vec[3].len);
++
++ if (tfm_multi_core_hal_reply(req) != TFM_PLAT_ERR_SUCCESS) {
++ SPMLOG_DBGMSG("[RSE-COMMS] Sending reply failed!\r\n");
++ }
++}
++
++static void rse_comms_handle_req(void)
++{
++ psa_status_t status;
++ void *queue_entry;
++
++ /* FIXME: consider memory limitations that may prevent dispatching all
++ * messages in one go.
++ */
++ while (queue_dequeue(&queue_entry) == 0) {
++ /* Deliver PSA Client call request to handler in SPM. */
++ req_to_process = queue_entry;
++ status = message_dispatch(req_to_process);
++#if CONFIG_TFM_SPM_BACKEND_IPC == 1
++ /*
++ * If status == PSA_SUCCESS, peer will be replied when mailbox agent
++ * partition receives a 'ASYNC_MSG_REPLY' signal from the requested
++ * service partition.
++ * If status != PSA_SUCCESS, the service call has been finished.
++ * Reply to the peer directly.
++ */
++ if (status != PSA_SUCCESS) {
++ SPMLOG_DBGMSGVAL("[RSE-COMMS] Message dispatch failed: ", status);
++ rse_comms_reply(req_to_process, status);
++ }
++#else
++ /* In SFN model, the service call has been finished. Reply to the peer directly. */
++ rse_comms_reply(req_to_process, status);
++#endif
++ }
++}
++
++static const void *rss_comms_get_caller_data(int32_t client_id)
++{
++ (void)client_id;
++
++ return req_to_process;
++}
++
++static struct tfm_rpc_ops_t rpc_ops = {
++ .handle_req = rse_comms_handle_req,
++ .reply = rse_comms_reply,
++ .get_caller_data = rss_comms_get_caller_data,
++};
++
++int32_t tfm_inter_core_comm_init(void)
++{
++ int32_t ret;
++
++ /* Register RPC callbacks */
++ ret = tfm_rpc_register_ops(&rpc_ops);
++ if (ret != TFM_RPC_SUCCESS) {
++ return ret;
++ }
++
++ /* Platform specific initialization */
++ ret = tfm_multi_core_hal_init();
++ if (ret != TFM_PLAT_ERR_SUCCESS) {
++ tfm_rpc_unregister_ops();
++ return ret;
++ }
++
++ return TFM_RPC_SUCCESS;
++}
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h
+new file mode 100644
+index 000000000..6d79dd3bf
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h
+@@ -0,0 +1,48 @@
++/*
++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#ifndef __RSE_COMMS_H__
++#define __RSE_COMMS_H__
++
++#include "psa/client.h"
++#include "cmsis_compiler.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++ /* size suits to fit the largest message too (EFI variables) */
++#define RSE_COMMS_PAYLOAD_MAX_SIZE (0x2100)
++
++/*
++ * Allocated for each client request.
++ *
++ * TODO: Sizing of payload_buf, this should be platform dependent:
++ * - sum in_vec size
++ * - sum out_vec size
++ */
++struct client_request_t {
++ void *mhu_sender_dev; /* Pointer to MHU sender device to reply on */
++ uint8_t protocol_ver;
++ uint8_t seq_num;
++ uint16_t client_id;
++ psa_handle_t handle;
++ int32_t type;
++ uint32_t in_len;
++ uint32_t out_len;
++ psa_invec in_vec[PSA_MAX_IOVEC];
++ psa_outvec out_vec[PSA_MAX_IOVEC];
++ int32_t return_val;
++ uint64_t out_vec_host_addr[PSA_MAX_IOVEC];
++ uint8_t param_copy_buf[RSE_COMMS_PAYLOAD_MAX_SIZE];
++};
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* __RSE_COMMS_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.c b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.c
+new file mode 100644
+index 000000000..ef6fb9e02
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.c
+@@ -0,0 +1,232 @@
++/*
++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#include "rse_comms_hal.h"
++
++#include "rse_comms.h"
++#include "rse_comms_queue.h"
++#include "mhu.h"
++#include "cmsis.h"
++#include "device_definition.h"
++#include "tfm_peripherals_def.h"
++#include "tfm_spm_log.h"
++#include "tfm_pools.h"
++#include "rse_comms_protocol.h"
++#include <string.h>
++
++/* Declared statically to avoid using huge amounts of stack space. Maybe revisit
++ * if functions not being reentrant becomes a problem.
++ */
++static __ALIGNED(4) struct serialized_psa_msg_t msg;
++static __ALIGNED(4) struct serialized_psa_reply_t reply;
++
++/* The 32bit client ID is constructed as following:
++ * bit31: always 1
++ * bit30~bit16: client source identifier.
++ 0x0000 First mailbox agent client(MHU) (by default)
++ 0x1000 Second mailbox agent client(MHU)
++ ...
++ * bit15~bit0: client input client ID
++ */
++#define CLIENT_ID_USER_INPUT_OFFSET (0)
++#define CLIENT_ID_USER_INPUT_MASK (0xFFFFUL << CLIENT_ID_USER_INPUT_OFFSET)
++
++#define CLIENT_ID_MHU_BASE_OFFSET (16)
++#define CLIENT_ID_MHU_BASE_MASK (0x7FFFUL << CLIENT_ID_MHU_BASE_OFFSET)
++
++#define NS_CLIENT_ID_FLAG_OFFSET (31)
++#define NS_CLIENT_ID_FLAG_MASK (0x1UL << NS_CLIENT_ID_FLAG_OFFSET)
++
++/* MHU for RSE <> AP_MONITOR communication */
++#ifndef MHU0_CLIENT_ID_BASE
++#define MHU0_CLIENT_ID_BASE (0x0000UL << CLIENT_ID_MHU_BASE_OFFSET)
++#endif
++
++#ifdef MHU_RSE_TO_AP_NS
++/* MHU for RSE <> AP_NS communication */
++#ifndef MHU1_CLIENT_ID_BASE
++#define MHU1_CLIENT_ID_BASE (0x1000UL << CLIENT_ID_MHU_BASE_OFFSET)
++#endif
++#endif /* MHU_RSE_TO_AP_NS */
++
++TFM_POOL_DECLARE(req_pool, sizeof(struct client_request_t),
++ RSE_COMMS_MAX_CONCURRENT_REQ);
++
++static enum tfm_plat_err_t initialize_mhu(void)
++{
++ enum mhu_error_t err;
++
++ err = mhu_init_sender(&MHU1_SE_TO_HOST_DEV);
++ if (err != MHU_ERR_NONE) {
++ SPMLOG_ERRMSGVAL("[COMMS] RSE to AP_MONITOR MHU driver init failed: ",
++ err);
++ return TFM_PLAT_ERR_SYSTEM_ERR;
++ }
++
++ err = mhu_init_receiver(&MHU1_HOST_TO_SE_DEV);
++ if (err != MHU_ERR_NONE) {
++ SPMLOG_ERRMSGVAL("[COMMS] AP_MONITOR to RSE MHU driver init failed: ",
++ err);
++ return TFM_PLAT_ERR_SYSTEM_ERR;
++ }
++
++#ifdef MHU_RSE_TO_AP_NS
++ err = mhu_init_sender(&MHU_RSE_TO_AP_NS_DEV);
++ if (err != MHU_ERR_NONE) {
++ SPMLOG_ERRMSGVAL("[COMMS] RSE to AP_NS MHU driver init failed: ", err);
++ return TFM_PLAT_ERR_SYSTEM_ERR;
++ }
++
++ err = mhu_init_receiver(&MHU_AP_NS_TO_RSE_DEV);
++ if (err != MHU_ERR_NONE) {
++ SPMLOG_ERRMSGVAL("[COMMS] AP_NS to RSE MHU driver init failed: ", err);
++ return TFM_PLAT_ERR_SYSTEM_ERR;
++ }
++#endif /* MHU_RSE_TO_AP_NS */
++
++ SPMLOG_DBGMSG("[COMMS] MHU driver initialized successfully.\r\n");
++ return TFM_PLAT_ERR_SUCCESS;
++}
++
++enum tfm_plat_err_t tfm_multi_core_hal_receive(void *mhu_receiver_dev,
++ void *mhu_sender_dev,
++ uint32_t source)
++{
++ enum mhu_error_t mhu_err;
++ enum tfm_plat_err_t err;
++ size_t msg_len = sizeof(msg);
++ size_t reply_size;
++
++ memset(&msg, 0, sizeof(msg));
++ memset(&reply, 0, sizeof(reply));
++
++ /* Receive complete message */
++ mhu_err = mhu_receive_data(mhu_receiver_dev, (uint8_t *)&msg, &msg_len);
++
++ /* Clear the pending interrupt for this MHU. This prevents the mailbox
++ * interrupt handler from being called without the next request arriving
++ * through the mailbox
++ */
++ NVIC_ClearPendingIRQ(source);
++
++ if (mhu_err != MHU_ERR_NONE) {
++ SPMLOG_DBGMSGVAL("[COMMS] MHU receive failed: ", mhu_err);
++ /* Can't respond, since we don't know anything about the message */
++ return TFM_PLAT_ERR_SYSTEM_ERR;
++ }
++
++ SPMLOG_DBGMSG("[COMMS] Received message\r\n");
++ SPMLOG_DBGMSGVAL("[COMMS] size=", msg_len);
++ SPMLOG_DBGMSGVAL("[COMMS] seq_num=", msg.header.seq_num);
++
++ struct client_request_t *req = tfm_pool_alloc(req_pool);
++ if (!req) {
++ /* No free capacity, drop message */
++ err = TFM_PLAT_ERR_SYSTEM_ERR;
++ goto out_return_err;
++ }
++ memset(req, 0, sizeof(struct client_request_t));
++
++ /* Record the MHU sender device to be used for the reply */
++ req->mhu_sender_dev = mhu_sender_dev;
++
++ err = rse_protocol_deserialize_msg(req, &msg, msg_len);
++ if (err != TFM_PLAT_ERR_SUCCESS) {
++ /* Deserialisation failed, drop message */
++ SPMLOG_DBGMSGVAL("[COMMS] Deserialize message failed: ", err);
++ goto out_return_err;
++ }
++
++ if (queue_enqueue(req) != 0) {
++ /* No queue capacity, drop message */
++ err = TFM_PLAT_ERR_SYSTEM_ERR;
++ goto out_return_err;
++ }
++
++ /* Message successfully received */
++ return TFM_PLAT_ERR_SUCCESS;
++
++out_return_err:
++ /* Attempt to respond with a failure message */
++ if (rse_protocol_serialize_error(req, &msg.header,
++ PSA_ERROR_CONNECTION_BUSY,
++ &reply, &reply_size)
++ == TFM_PLAT_ERR_SUCCESS) {
++ mhu_send_data(mhu_sender_dev, (uint8_t *)&reply, reply_size);
++ }
++
++ if (req) {
++ tfm_pool_free(req_pool, req);
++ }
++
++ return err;
++}
++
++enum tfm_plat_err_t tfm_multi_core_hal_reply(struct client_request_t *req)
++{
++ enum tfm_plat_err_t err;
++ enum mhu_error_t mhu_err;
++ size_t reply_size;
++
++ /* This function is called by the mailbox partition with Thread priority, so
++ * MHU interrupts must be disabled to prevent concurrent accesses by
++ * tfm_multi_core_hal_receive().
++ */
++ NVIC_DisableIRQ(MAILBOX_IRQ);
++
++ if (!is_valid_chunk_data_in_pool(req_pool, (uint8_t *)req)) {
++ err = TFM_PLAT_ERR_SYSTEM_ERR;
++ goto out;
++ }
++
++ err = rse_protocol_serialize_reply(req, &reply, &reply_size);
++ if (err != TFM_PLAT_ERR_SUCCESS) {
++ SPMLOG_DBGMSGVAL("[COMMS] Serialize reply failed: ", err);
++ goto out_free_req;
++ }
++
++ mhu_err = mhu_send_data(req->mhu_sender_dev, (uint8_t *)&reply, reply_size);
++ if (mhu_err != MHU_ERR_NONE) {
++ SPMLOG_DBGMSGVAL("[COMMS] MHU send failed: ", mhu_err);
++ err = TFM_PLAT_ERR_SYSTEM_ERR;
++ goto out_free_req;
++ }
++
++ SPMLOG_DBGMSG("[COMMS] Sent reply\r\n");
++
++out_free_req:
++ tfm_pool_free(req_pool, req);
++out:
++ NVIC_EnableIRQ(MAILBOX_IRQ);
++ return err;
++}
++
++enum tfm_plat_err_t tfm_multi_core_hal_init(void)
++{
++ int32_t spm_err;
++
++ spm_err = tfm_pool_init(req_pool, POOL_BUFFER_SIZE(req_pool),
++ sizeof(struct client_request_t),
++ RSE_COMMS_MAX_CONCURRENT_REQ);
++ if (spm_err) {
++ return TFM_PLAT_ERR_SYSTEM_ERR;
++ }
++
++ return initialize_mhu();
++}
++
++int32_t tfm_hal_client_id_translate(void *owner, int32_t client_id_in)
++{
++ if ((uintptr_t)owner == (uintptr_t)&MHU1_SE_TO_HOST_DEV) {
++ return ((client_id_in & CLIENT_ID_USER_INPUT_MASK) |
++ (MHU0_CLIENT_ID_BASE & CLIENT_ID_MHU_BASE_MASK) |
++ (NS_CLIENT_ID_FLAG_MASK));
++ } else {
++ SPMLOG_DBGMSG("[COMMS] client_id translation failed: invalid owner\r\n");
++ return 0;
++ }
++}
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.h
+new file mode 100644
+index 000000000..c4676cb2e
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_hal.h
+@@ -0,0 +1,56 @@
++/*
++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#ifndef __RSE_COMMS_HAL_H__
++#define __RSE_COMMS_HAL_H__
++
++#include "rse_comms.h"
++#include "tfm_plat_defs.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * \brief Platform specific initialization of SPE multi-core.
++ *
++ * \retval TFM_PLAT_ERR_SUCCESS Operation succeeded.
++ * \retval Other return code Operation failed with an error code.
++ */
++enum tfm_plat_err_t tfm_multi_core_hal_init(void);
++
++/**
++ * \brief Receive PSA client call request from NSPE.
++ * Implemented by platform specific inter-processor communication driver.
++ *
++ * \param[in] mhu_receiver_dev Pointer to MHU receiver device on which to read
++ * the message.
++ * \param[in] mhu_sender_dev Pointer to MHU sender device on which to write
++ * the reply.
++ * \param[in] source The number of the IRQ source for this MHU.
++ *
++ * \retval TFM_PLAT_ERR_SUCCESS Operation succeeded.
++ * \retval Other return code Operation failed with an error code.
++ */
++enum tfm_plat_err_t tfm_multi_core_hal_receive(void *mhu_receiver_dev,
++ void *mhu_sender_dev,
++ uint32_t source);
++
++/**
++ * \brief Notify NSPE that a PSA client call return result is replied.
++ * Implemented by platform specific inter-processor communication driver.
++ *
++ * \retval TFM_PLAT_ERR_SUCCESS The notification is successfully sent out.
++ * \retval Other return code Operation failed with an error code.
++ */
++enum tfm_plat_err_t tfm_multi_core_hal_reply(struct client_request_t *req);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* __RSE_COMMS_HAL_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_permissions_hal.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_permissions_hal.h
+new file mode 100644
+index 000000000..5bd0124a6
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_permissions_hal.h
+@@ -0,0 +1,58 @@
++/*
++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#ifndef __RSE_COMMS_PERMISSIONS_HAL_H__
++#define __RSE_COMMS_PERMISSIONS_HAL_H__
++
++#include "psa/client.h"
++#include "tfm_plat_defs.h"
++#include "stdbool.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++/**
++ * \brief Check that RSE comms callers have permission to access a memory
++ * buffer.
++ *
++ * \param[in] owner The owner of host memory against which the
++ * memory access is checked (e.g. MHU device).
++ * \param[in] host_ptr Address of the memory region to be accessed.
++ * \param[in] size Size of the memory region to be accessed.
++ * \param[in] is_write True, if the memory access is a write
++ * operation, False otherwise.
++ *
++ * \retval TFM_PLAT_ERR_SUCCESS Caller has permission to access buffer.
++ * \retval Other return code Caller does not have permission, or an error
++ * occurred.
++ */
++enum tfm_plat_err_t comms_permissions_memory_check(void *owner,
++ uint64_t host_ptr,
++ uint32_t size,
++ bool is_write);
++
++/**
++ * \brief Check that RSE comms callers have permission to access a service.
++ *
++ * \note in_vec and in_len are passed in as the Crypto partition encodes which
++ * function is requested in the first in_vec.
++ *
++ * \retval TFM_PLAT_ERR_SUCCESS Caller has permission to access service.
++ * \retval Other return code Caller does not have permission, or an error
++ * occurred.
++ */
++enum tfm_plat_err_t comms_permissions_service_check(psa_handle_t handle,
++ const psa_invec *in_vec,
++ size_t in_len,
++ int32_t type);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* __RSE_COMMS_PERMISSIONS_HAL_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.c b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.c
+new file mode 100644
+index 000000000..94b7995b9
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.c
+@@ -0,0 +1,120 @@
++/*
++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#include "rse_comms_protocol.h"
++
++#include "tfm_spm_log.h"
++#include <string.h>
++
++enum tfm_plat_err_t rse_protocol_deserialize_msg(
++ struct client_request_t *req, struct serialized_psa_msg_t *msg,
++ size_t msg_len)
++{
++ if (msg_len < sizeof(msg->header)) {
++ return TFM_PLAT_ERR_INVALID_INPUT;
++ }
++
++ req->protocol_ver = msg->header.protocol_ver;
++ req->seq_num = msg->header.seq_num;
++ req->client_id = msg->header.client_id;
++
++ switch (msg->header.protocol_ver) {
++#ifdef RSE_COMMS_PROTOCOL_EMBED_ENABLED
++ case RSE_COMMS_PROTOCOL_EMBED:
++ SPMLOG_DBGMSG("[COMMS] Deserializing as embed message\r\n");
++ return rse_protocol_embed_deserialize_msg(req, &msg->msg.embed,
++ msg_len - sizeof(struct serialized_rse_comms_header_t));
++#endif /* RSE_COMMS_PROTOCOL_EMBED_ENABLED */
++#ifdef RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED
++ case RSE_COMMS_PROTOCOL_POINTER_ACCESS:
++ SPMLOG_DBGMSG("[COMMS] Deserializing as pointer_access message\r\n");
++ return rse_protocol_pointer_access_deserialize_msg(req, &msg->msg.pointer_access,
++ msg_len - sizeof(struct serialized_rse_comms_header_t));
++#endif
++ default:
++ return TFM_PLAT_ERR_UNSUPPORTED;
++ }
++}
++
++enum tfm_plat_err_t rse_protocol_serialize_reply(struct client_request_t *req,
++ struct serialized_psa_reply_t *reply, size_t *reply_size)
++{
++ enum tfm_plat_err_t err;
++
++ memset(reply, 0, sizeof(struct serialized_psa_reply_t));
++
++ reply->header.protocol_ver = req->protocol_ver;
++ reply->header.seq_num = req->seq_num;
++ reply->header.client_id = req->client_id;
++
++ switch (reply->header.protocol_ver) {
++#ifdef RSE_COMMS_PROTOCOL_EMBED_ENABLED
++ case RSE_COMMS_PROTOCOL_EMBED:
++ err = rse_protocol_embed_serialize_reply(req, &reply->reply.embed,
++ reply_size);
++ if (err != TFM_PLAT_ERR_SUCCESS) {
++ return err;
++ }
++ break;
++#endif /* RSE_COMMS_PROTOCOL_EMBED_ENABLED */
++#ifdef RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED
++ case RSE_COMMS_PROTOCOL_POINTER_ACCESS:
++ err = rse_protocol_pointer_access_serialize_reply(req,
++ &reply->reply.pointer_access, reply_size);
++ if (err != TFM_PLAT_ERR_SUCCESS) {
++ return err;
++ }
++ break;
++#endif
++ default:
++ return TFM_PLAT_ERR_UNSUPPORTED;
++ }
++
++ *reply_size += sizeof(struct serialized_rse_comms_header_t);
++
++ return TFM_PLAT_ERR_SUCCESS;
++}
++
++enum tfm_plat_err_t rse_protocol_serialize_error(
++ struct client_request_t *req,
++ struct serialized_rse_comms_header_t *header, psa_status_t error,
++ struct serialized_psa_reply_t *reply, size_t *reply_size)
++{
++ enum tfm_plat_err_t err;
++
++ memset(reply, 0, sizeof(struct serialized_psa_reply_t));
++ memcpy(&reply->header, header,
++ sizeof(struct serialized_rse_comms_header_t));
++
++ switch (reply->header.protocol_ver) {
++#ifdef RSE_COMMS_PROTOCOL_EMBED_ENABLED
++ case RSE_COMMS_PROTOCOL_EMBED:
++ err = rse_protocol_embed_serialize_error(req, error,
++ &reply->reply.embed,
++ reply_size);
++ if (err != TFM_PLAT_ERR_SUCCESS) {
++ return err;
++ }
++ break;
++#endif /* RSE_COMMS_PROTOCOL_EMBED_ENABLED */
++#ifdef RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED
++ case RSE_COMMS_PROTOCOL_POINTER_ACCESS:
++ err = rse_protocol_pointer_access_serialize_error(req, error,
++ &reply->reply.pointer_access, reply_size);
++ if (err != TFM_PLAT_ERR_SUCCESS) {
++ return err;
++ }
++ break;
++#endif
++ default:
++ return TFM_PLAT_ERR_UNSUPPORTED;
++ }
++
++ *reply_size += sizeof(struct serialized_rse_comms_header_t);
++
++ return TFM_PLAT_ERR_SUCCESS;
++}
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.h
+new file mode 100644
+index 000000000..c30825f4c
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol.h
+@@ -0,0 +1,129 @@
++/*
++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#ifndef __RSE_COMMS_PROTOCOL_H__
++#define __RSE_COMMS_PROTOCOL_H__
++
++#include "psa/client.h"
++#include "cmsis_compiler.h"
++#include "rse_comms.h"
++#include "tfm_platform_system.h"
++
++#ifdef RSE_COMMS_PROTOCOL_EMBED_ENABLED
++#include "rse_comms_protocol_embed.h"
++#endif /* RSE_COMMS_PROTOCOL_EMBED_ENABLED */
++
++#ifdef RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED
++#include "rse_comms_protocol_pointer_access.h"
++#endif /* RSE_MHU_PROTOCOL_V0_ENABLED */
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++enum rse_comms_protocol_version_t {
++#ifdef RSE_COMMS_PROTOCOL_EMBED_ENABLED
++ RSE_COMMS_PROTOCOL_EMBED = 0,
++#endif /* RSE_COMMS_PROTOCOL_EMBED_ENABLED */
++#ifdef RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED
++ RSE_COMMS_PROTOCOL_POINTER_ACCESS = 1,
++#endif /* RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED */
++};
++
++
++__PACKED_STRUCT serialized_rse_comms_header_t {
++ uint8_t protocol_ver;
++ uint8_t seq_num;
++ uint16_t client_id;
++};
++
++/* MHU message passed from NSPE to SPE to deliver a PSA client call */
++__PACKED_STRUCT serialized_psa_msg_t {
++ struct serialized_rse_comms_header_t header;
++ __PACKED_UNION {
++#ifdef RSE_COMMS_PROTOCOL_EMBED_ENABLED
++ struct rse_embed_msg_t embed;
++#endif /* RSE_COMMS_PROTOCOL_EMBED_ENABLED */
++#ifdef RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED
++ struct rse_pointer_access_msg_t pointer_access;
++#endif /* RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED */
++ } msg;
++};
++
++/* MHU reply message to hold the PSA client call return result from SPE */
++__PACKED_STRUCT serialized_psa_reply_t {
++ struct serialized_rse_comms_header_t header;
++ __PACKED_UNION {
++#ifdef RSE_COMMS_PROTOCOL_EMBED_ENABLED
++ struct rse_embed_reply_t embed;
++#endif /* RSE_COMMS_PROTOCOL_EMBED_ENABLED */
++#ifdef RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED
++ struct rse_pointer_access_reply_t pointer_access;
++#endif /* RSE_COMMS_PROTOCOL_POINTER_ACCESS_ENABLED */
++ } reply;
++};
++
++/**
++ * \brief Convert a serialized message to a client_request_t.
++ *
++ * \param[out] req The client_request_t to fill.
++ * \param[in] msg The serialized message to extract data from.
++ * \param[in] msg_len The size of the message.
++ *
++ * \note The sanitization of the client request structure is the
++ * responsibility of the caller.
++ *
++ * \retval TFM_PLAT_ERR_SUCCESS Operation succeeded.
++ * \retval Other return code Operation failed with an error code.
++ */
++enum tfm_plat_err_t rse_protocol_deserialize_msg(struct client_request_t *req,
++ struct serialized_psa_msg_t *msg, size_t msg_len);
++
++/**
++ * \brief Convert a a client_request_t to a serialized reply.
++ *
++ * \param[in] req The client_request_t to serialize data from.
++ * \param[out] reply The reply to fill.
++ * \param[out] reply_size The size of the reply that was filled.
++ *
++ * \retval TFM_PLAT_ERR_SUCCESS Operation succeeded.
++ * \retval Other return code Operation failed with an error code.
++ */
++enum tfm_plat_err_t rse_protocol_serialize_reply(struct client_request_t *req,
++ struct serialized_psa_reply_t *reply, size_t *reply_size);
++
++/**
++ * \brief Create a serialised error reply from a header and an error code.
++ * Intended to for the RSE to notify the AP of errors during the message
++ * deserialization phase.
++ *
++ * \param[in] req The client_request_t to serialize data from. If
++ * the error occured in allocation this pointer
++ * may be NULL. This may not contain message
++ * header information if the message
++ * deserialize failed.
++ * \param[in] header The header of the received
++ * serialized_psa_msg_t whose deserialization
++ * caused the error.
++ * \param[in] error The error code to be transmitted to the AP.
++ * \param[out] reply The reply to fill.
++ * \param[out] reply_size The size of the reply that was filled.
++ *
++ * \retval TFM_PLAT_ERR_SUCCESS Operation succeeded.
++ * \retval Other return code Operation failed with an error code.
++ */
++enum tfm_plat_err_t rse_protocol_serialize_error(
++ struct client_request_t *req,
++ struct serialized_rse_comms_header_t *header, psa_status_t error,
++ struct serialized_psa_reply_t *reply, size_t *reply_size);
++
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* __RSE_COMMS_PROTOCOL_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.c b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.c
+new file mode 100644
+index 000000000..5544f9fb8
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.c
+@@ -0,0 +1,105 @@
++/*
++ * Copyright (c) 2022, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#include "rse_comms_protocol_embed.h"
++
++#include <string.h>
++
++#include "tfm_psa_call_pack.h"
++
++enum tfm_plat_err_t rse_protocol_embed_deserialize_msg(
++ struct client_request_t *req, struct rse_embed_msg_t *msg,
++ size_t msg_len)
++{
++ uint32_t payload_size = 0;
++ uint32_t i;
++
++ if (msg_len < (sizeof(*msg) - sizeof(msg->payload))) {
++ return TFM_PLAT_ERR_INVALID_INPUT;
++ }
++
++ req->in_len = PARAM_UNPACK_IN_LEN(msg->ctrl_param);
++ req->out_len = PARAM_UNPACK_OUT_LEN(msg->ctrl_param);
++ req->type = PARAM_UNPACK_TYPE(msg->ctrl_param);
++ req->handle = msg->handle;
++
++ /* Only support 4 iovecs */
++ if (req->in_len + req->out_len > 4) {
++ return TFM_PLAT_ERR_UNSUPPORTED;
++ }
++
++ /* Invecs */
++ for (i = 0; i < req->in_len; ++i) {
++ req->in_vec[i].base = req->param_copy_buf + payload_size;
++ req->in_vec[i].len = msg->io_size[i];
++ payload_size += msg->io_size[i];
++ }
++
++ /* Check payload is not too big */
++ if (payload_size > sizeof(req->param_copy_buf)
++ || payload_size > sizeof(msg->payload)
++ || sizeof(*msg) - sizeof(msg->payload) + payload_size > msg_len ) {
++ return TFM_PLAT_ERR_INVALID_INPUT;
++ }
++
++ /* Copy payload into the buffer */
++ memcpy(req->param_copy_buf, msg->payload, payload_size);
++
++ /* Outvecs */
++ for (i = 0; i < req->out_len; ++i) {
++ req->out_vec[i].base = req->param_copy_buf + payload_size;
++ req->out_vec[i].len = msg->io_size[req->in_len + i];
++ payload_size += msg->io_size[req->in_len + i];
++ }
++
++ /* Check payload is not too big */
++ if (payload_size > sizeof(req->param_copy_buf)) {
++ return TFM_PLAT_ERR_INVALID_INPUT;
++ }
++
++ return TFM_PLAT_ERR_SUCCESS;
++}
++
++enum tfm_plat_err_t rse_protocol_embed_serialize_reply(
++ struct client_request_t *req, struct rse_embed_reply_t *reply,
++ size_t *reply_size)
++{
++ size_t payload_size = 0;
++ size_t len;
++ uint32_t i;
++
++ reply->return_val = req->return_val;
++
++ /* Outvecs */
++ for (i = 0; i < req->out_len; ++i) {
++ len = req->out_vec[i].len;
++
++ if (payload_size + len > sizeof(reply->payload)) {
++ return TFM_PLAT_ERR_UNSUPPORTED;
++ }
++
++ memcpy(reply->payload + payload_size, req->out_vec[i].base, len);
++ reply->out_size[i] = len;
++ payload_size += len;
++ }
++
++ *reply_size = sizeof(*reply) - sizeof(reply->payload) + payload_size;
++
++ return TFM_PLAT_ERR_SUCCESS;
++}
++
++enum tfm_plat_err_t rse_protocol_embed_serialize_error(
++ struct client_request_t *req, psa_status_t err,
++ struct rse_embed_reply_t *reply, size_t *reply_size)
++{
++ reply->return_val = err;
++
++ /* Return the minimum reply size, as the out_sizes are all zeroed */
++ *reply_size = sizeof(*reply) - sizeof(reply->payload);
++
++ return TFM_PLAT_ERR_SUCCESS;
++}
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.h
+new file mode 100644
+index 000000000..e1ca1d0c9
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_protocol_embed.h
+@@ -0,0 +1,50 @@
++/*
++ * Copyright (c) 2022, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#ifndef __RSE_COMMS_PROTOCOL_EMBED_H__
++#define __RSE_COMMS_PROTOCOL_EMBED_H__
++
++#include "psa/client.h"
++#include "cmsis_compiler.h"
++#include "rse_comms.h"
++#include "tfm_platform_system.h"
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++__PACKED_STRUCT rse_embed_msg_t {
++ psa_handle_t handle;
++ uint32_t ctrl_param; /* type, in_len, out_len */
++ uint16_t io_size[PSA_MAX_IOVEC];
++ uint8_t payload[RSE_COMMS_PAYLOAD_MAX_SIZE];
++};
++
++__PACKED_STRUCT rse_embed_reply_t {
++ int32_t return_val;
++ uint16_t out_size[PSA_MAX_IOVEC];
++ uint8_t payload[RSE_COMMS_PAYLOAD_MAX_SIZE];
++};
++
++enum tfm_plat_err_t rse_protocol_embed_deserialize_msg(
++ struct client_request_t *req, struct rse_embed_msg_t *msg,
++ size_t msg_len);
++
++enum tfm_plat_err_t rse_protocol_embed_serialize_reply(
++ struct client_request_t *req, struct rse_embed_reply_t *reply,
++ size_t *reply_size);
++
++enum tfm_plat_err_t rse_protocol_embed_serialize_error(
++ struct client_request_t *req, psa_status_t err,
++ struct rse_embed_reply_t *reply, size_t *reply_size);
++
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* __RSE_COMMS_PROTOCOL_EMBED_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.c b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.c
+new file mode 100644
+index 000000000..d7f244db6
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.c
+@@ -0,0 +1,64 @@
++/*
++ * Copyright (c) 2022, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#include "rse_comms_queue.h"
++
++#include <stdbool.h>
++#include <stddef.h>
++
++#define QUEUE_SIZE (RSE_COMMS_MAX_CONCURRENT_REQ + 1)
++
++struct queue_t {
++ void *buf[QUEUE_SIZE];
++ size_t head;
++ size_t tail;
++};
++
++static struct queue_t queue;
++
++/* Advance head or tail */
++static size_t advance(size_t index)
++{
++ if (++index == QUEUE_SIZE) {
++ index = 0;
++ }
++ return index;
++}
++
++static inline bool is_empty(void)
++{
++ return queue.head == queue.tail;
++}
++
++static inline bool is_full(void)
++{
++ return advance(queue.head) == queue.tail;
++}
++
++int32_t queue_enqueue(void *entry)
++{
++ if (is_full()) {
++ return -1;
++ }
++
++ queue.buf[queue.head] = entry;
++ queue.head = advance(queue.head);
++
++ return 0;
++}
++
++int32_t queue_dequeue(void **entry)
++{
++ if (is_empty()) {
++ return -1;
++ }
++
++ *entry = queue.buf[queue.tail];
++ queue.tail = advance(queue.tail);
++
++ return 0;
++}
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.h
+new file mode 100644
+index 000000000..d3db1dd2e
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms_queue.h
+@@ -0,0 +1,25 @@
++/*
++ * Copyright (c) 2022, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#ifndef __RSE_COMMS_QUEUE_H__
++#define __RSE_COMMS_QUEUE_H__
++
++#include <stdint.h>
++
++#ifdef __cplusplus
++extern "C" {
++#endif
++
++int32_t queue_enqueue(void *entry);
++
++int32_t queue_dequeue(void **entry);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif /* __RSE_COMMS_QUEUE_H__ */
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms_permissions_hal.c b/platform/ext/target/arm/corstone1000/rse_comms_permissions_hal.c
+new file mode 100644
+index 000000000..59724bc94
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/rse_comms_permissions_hal.c
+@@ -0,0 +1,177 @@
++/*
++ * Copyright (c) 2022-2024, Arm Limited. All rights reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#include "rse_comms_permissions_hal.h"
++
++#include "device_definition.h"
++#include "psa_manifest/sid.h"
++#include "region_defs.h"
++#include "tfm_hal_platform.h"
++
++#ifdef TFM_PARTITION_INITIAL_ATTESTATION
++#include "tfm_attest_defs.h"
++#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
++#ifdef TFM_PARTITION_MEASURED_BOOT
++#include "measured_boot_defs.h"
++#endif /* TFM_PARTITION_MEASURED_BOOT */
++#ifdef TFM_PARTITION_DELEGATED_ATTESTATION
++#include "tfm_delegated_attest_defs.h"
++#endif /* TFM_PARTITION_DELEGATED_ATTESTATION */
++#ifdef TFM_PARTITION_CRYPTO
++#include "tfm_crypto_defs.h"
++#endif /*TFM_PARTITION_CRYPTO */
++#ifdef TFM_PARTITION_PLATFORM
++#include "tfm_platform_api.h"
++#endif /* TFM_PARTITION_PLATFORM */
++#ifdef TFM_PARTITION_PROTECTED_STORAGE
++#include "tfm_ps_defs.h"
++#endif /* TFM_PARTITION_PROTECTED_STORAGE */
++#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
++#include "tfm_its_defs.h"
++#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
++
++#define INVALID_REGION_COUNTER_MAX 128
++#define INVALID_SERVICE_COUNTER_MAX 64
++
++static uint32_t invalid_region_counter = 0;
++static uint32_t invalid_service_counter = 0;
++
++/* Check if the interface is getting a lot of invalid requests, and shutdown
++ * the system if it exceeds the threshold. This is intended to make fuzzing the
++ * interface difficult.
++ */
++static void counter_check(void) {
++ if (invalid_region_counter > INVALID_REGION_COUNTER_MAX) {
++#ifdef CONFIG_TFM_HALT_ON_CORE_PANIC
++ tfm_hal_system_halt();
++#else
++ tfm_hal_system_reset();
++#endif /* CONFIG_TFM_HALT_ON_CORE_PANIC */
++ }
++
++ if (invalid_service_counter > INVALID_SERVICE_COUNTER_MAX) {
++#ifdef CONFIG_TFM_HALT_ON_CORE_PANIC
++ tfm_hal_system_halt();
++#else
++ tfm_hal_system_reset();
++#endif /* CONFIG_TFM_HALT_ON_CORE_PANIC */
++ }
++
++ return;
++}
++
++enum tfm_plat_err_t comms_permissions_memory_check(void *owner,
++ uint64_t host_ptr,
++ uint32_t size,
++ bool is_write)
++{
++ /* Is fully within the shared memory */
++ if ((host_ptr >= INTER_PROCESSOR_HOST_SHARED_MEMORY_START_ADDR) &&
++ ((host_ptr + size) < (INTER_PROCESSOR_HOST_SHARED_MEMORY_START_ADDR +
++ INTER_PROCESSOR_SHARED_MEMORY_SIZE))) {
++ return TFM_PLAT_ERR_SUCCESS;
++ }
++
++ invalid_region_counter++;
++ counter_check();
++
++ return TFM_PLAT_ERR_UNSUPPORTED;
++}
++
++enum tfm_plat_err_t comms_permissions_service_check(psa_handle_t handle,
++ const psa_invec *in_vec,
++ size_t in_len,
++ int32_t type)
++{
++ switch(handle) {
++#ifdef TFM_PARTITION_PROTECTED_STORAGE
++ case TFM_PROTECTED_STORAGE_SERVICE_HANDLE:
++ switch(type) {
++ case TFM_PS_SET:
++ case TFM_PS_GET:
++ case TFM_PS_GET_INFO:
++ case TFM_PS_REMOVE:
++ case TFM_PS_GET_SUPPORT:
++ return TFM_PLAT_ERR_SUCCESS;
++ default:
++ goto out_err;
++ }
++#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
++
++#ifdef TFM_PARTITION_INITIAL_ATTESTATION
++ case TFM_ATTESTATION_SERVICE_HANDLE:
++ switch(type) {
++ case TFM_ATTEST_GET_TOKEN:
++ case TFM_ATTEST_GET_TOKEN_SIZE:
++ return TFM_PLAT_ERR_SUCCESS;
++ default:
++ goto out_err;
++ }
++#endif /* TFM_PARTITION_INITIAL_ATTESTATION */
++#ifdef TFM_PARTITION_DELEGATED_ATTESTATION
++ case TFM_DELEGATED_ATTESTATION_HANDLE:
++ switch(type) {
++ case DELEGATED_ATTEST_GET_DELEGATED_KEY:
++ case DELEGATED_ATTEST_GET_PLATFORM_TOKEN:
++ return TFM_PLAT_ERR_SUCCESS;
++ default:
++ goto out_err;
++ }
++#endif /* TFM_PARTITION_DELEGATED_ATTESTATION */
++#ifdef TFM_PARTITION_MEASURED_BOOT
++ case TFM_MEASURED_BOOT_HANDLE:
++ switch(type) {
++ case TFM_MEASURED_BOOT_EXTEND:
++ case TFM_MEASURED_BOOT_READ:
++ return TFM_PLAT_ERR_SUCCESS;
++ default:
++ goto out_err;
++ }
++#endif /* TFM_PARTITION_MEASURED_BOOT */
++#ifdef TFM_PARTITION_CRYPTO
++ case TFM_CRYPTO_HANDLE:
++ /* Every crypto operation is done by the SE */
++ return TFM_PLAT_ERR_SUCCESS;
++#endif /* TFM_PARTITION_CRYPTO */
++#ifdef TFM_PARTITION_PLATFORM
++ case TFM_PLATFORM_SERVICE_HANDLE:
++ switch(type) {
++ case TFM_PLATFORM_API_ID_NV_READ:
++ case TFM_PLATFORM_API_ID_NV_INCREMENT:
++ case TFM_PLATFORM_API_ID_SYSTEM_RESET:
++ case TFM_PLATFORM_API_ID_IOCTL:
++ return TFM_PLAT_ERR_SUCCESS;
++ default:
++ goto out_err;
++ }
++#endif /* TFM_PARTITION_PLATFORM */
++#ifdef TFM_PARTITION_INTERNAL_TRUSTED_STORAGE
++ case TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE:
++ switch(type) {
++ case TFM_ITS_SET:
++ case TFM_ITS_GET:
++ case TFM_ITS_GET_INFO:
++ case TFM_ITS_REMOVE:
++ return TFM_PLAT_ERR_SUCCESS;
++ default:
++ goto out_err;
++ }
++#endif /* TFM_PARTITION_INTERNAL_TRUSTED_STORAGE */
++#ifdef TFM_PARTITION_DPE
++ case TFM_DPE_SERVICE_HANDLE:
++ return TFM_PLAT_ERR_SUCCESS;
++#endif /* TFM_PARTITION_DPE */
++ default:
++ goto out_err;
++ }
++
++out_err:
++ invalid_service_counter++;
++ counter_check();
++
++ return TFM_PLAT_ERR_UNSUPPORTED;
++}
+diff --git a/platform/ext/target/arm/corstone1000/tfm_interrupts.c b/platform/ext/target/arm/corstone1000/tfm_interrupts.c
+new file mode 100644
+index 000000000..47a6c9d7b
+--- /dev/null
++++ b/platform/ext/target/arm/corstone1000/tfm_interrupts.c
+@@ -0,0 +1,51 @@
++/*
++ * Copyright (c) 2021-2023, Arm Limited. All rights reserved.
++ * Copyright (c) 2022 Cypress Semiconductor Corporation (an Infineon
++ * company) or an affiliate of Cypress Semiconductor Corporation. All rights
++ * reserved.
++ *
++ * SPDX-License-Identifier: BSD-3-Clause
++ *
++ */
++
++#include "cmsis.h"
++#include "device_definition.h"
++#include "spm.h"
++#include "tfm_hal_interrupt.h"
++#include "tfm_peripherals_def.h"
++#include "interrupt.h"
++#include "load/interrupt_defs.h"
++#include "platform_irq.h"
++#include "rse_comms_hal.h"
++
++static struct irq_t mbox_irq_info = {0};
++
++/* Platform specific inter-processor communication interrupt handler. */
++void HSE1_RECEIVER_COMBINED_IRQHandler(void)
++{
++ (void)tfm_multi_core_hal_receive(&MHU1_HOST_TO_SE_DEV,
++ &MHU1_SE_TO_HOST_DEV,
++ mbox_irq_info.p_ildi->source);
++
++ /*
++ * SPM will send a MAILBOX_SIGNAL to the corresponding partition
++ * indicating that a message has arrived and can be processed.
++ */
++ spm_handle_interrupt(mbox_irq_info.p_pt, mbox_irq_info.p_ildi);
++}
++
++enum tfm_hal_status_t mailbox_irq_init(void *p_pt,
++ const struct irq_load_info_t *p_ildi)
++{
++ mbox_irq_info.p_pt = p_pt;
++ mbox_irq_info.p_ildi = p_ildi;
++
++ /* Set MHU interrupt priority to the same as PendSV (the lowest)
++ * TODO: Consider advantages/disadvantages of setting it one higher
++ */
++ NVIC_SetPriority(HSE1_RECEIVER_COMBINED_IRQn, NVIC_GetPriority(PendSV_IRQn));
++
++ NVIC_DisableIRQ(HSE1_RECEIVER_COMBINED_IRQn);
++
++ return TFM_HAL_SUCCESS;
++}
+--
+2.25.1
+
diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-platform-CS1000-Increase-RSE_COMMS-buffer-size.patch b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-platform-CS1000-Increase-RSE_COMMS-buffer-size.patch
new file mode 100644
index 00000000..6613a415
--- /dev/null
+++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/files/corstone1000/0009-platform-CS1000-Increase-RSE_COMMS-buffer-size.patch
@@ -0,0 +1,28 @@
+From 21b0c9f028b6b04fa2f027510ec90969735f4dd1 Mon Sep 17 00:00:00 2001
+From: Bence Balogh <bence.balogh@arm.com>
+Date: Wed, 17 Apr 2024 19:31:03 +0200
+Subject: [PATCH] platform: CS1000: Increase RSE_COMMS buffer size
+
+Signed-off-by: Bence Balogh <bence.balogh@arm.com>
+Upstream-Status: Pending
+---
+ platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h
+index 6d79dd3bf..f079f6504 100644
+--- a/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h
++++ b/platform/ext/target/arm/corstone1000/rse_comms/rse_comms.h
+@@ -16,7 +16,7 @@ extern "C" {
+ #endif
+
+ /* size suits to fit the largest message too (EFI variables) */
+-#define RSE_COMMS_PAYLOAD_MAX_SIZE (0x2100)
++#define RSE_COMMS_PAYLOAD_MAX_SIZE (0x3B00)
+
+ /*
+ * Allocated for each client request.
+--
+2.25.1
+
+
diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
index 136337b6..ed4710e5 100644
--- a/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
+++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m-corstone1000.inc
@@ -35,13 +35,13 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
SRC_URI:append:corstone1000 = " \
file://0001-platform-corstone1000-Update-MPU-configuration.patch \
file://0002-platform-corstone1000-Cover-S_DATA-with-MPU.patch \
- file://0003-Platform-corstone1000-Fix-issues-due-to-adjustment-M.patch \
- file://0004-platform-corstone1000-align-capsule-update-structs.patch \
- file://0005-platform-corstone1000-fix-synchronization-issue-on-o.patch \
- file://0006-Platform-Corstone1000-skip-the-first-nv-counter.patch \
- file://0007-platform-corstone1000-add-unique-guid-for-mps3.patch \
- file://0008-Platform-Corstone1000-Enable-host-firewall-in-FVP.patch \
- file://0009-platform-corstone1000-Increase-ITS-max-asset-size.patch \
+ file://0003-platform-corstone1000-align-capsule-update-structs.patch \
+ file://0004-Platform-Corstone1000-skip-the-first-nv-counter.patch \
+ file://0005-platform-corstone1000-add-unique-guid-for-mps3.patch \
+ file://0006-Platform-Corstone1000-Enable-host-firewall-in-FVP.patch \
+ file://0007-platform-corstone1000-Increase-ITS-max-asset-size.patch \
+ file://0008-Platform-CS1000-Replace-OpenAMP-with-RSE_COMMS.patch \
+ file://0009-platform-CS1000-Increase-RSE_COMMS-buffer-size.patch \
"
# TF-M ships patches for external dependencies that needs to be applied
--
2.43.1
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 1/5] Add support for the TS Firmware Update service
2024-04-29 15:26 [PATCH 1/5] Add support for the TS Firmware Update service Gyorgy Szing
` (3 preceding siblings ...)
2024-04-29 15:26 ` [PATCH 5/5] arm-bsp/trusted-firmware-m: replace OpenAMP with RSE Comms Gyorgy Szing
@ 2024-04-30 3:21 ` Jon Mason
4 siblings, 0 replies; 6+ messages in thread
From: Jon Mason @ 2024-04-30 3:21 UTC (permalink / raw
To: meta-arm, Gyorgy Szing
On Mon, 29 Apr 2024 17:26:50 +0200, Gyorgy Szing wrote:
> Add a recipe to enable building and deploying the FWU service
> implemented in the Trusted Services Project. The FWU service can
> help vendors to meet PSA certification requirements.
>
>
Applied, thanks!
[1/5] Add support for the TS Firmware Update service
commit: fa05df1611e8038e2529c8d41bdfd308e670488c
[2/5] arm/trusted-services: update to 2024 April 19
commit: 2d46f217315de4f0e08d3ad92474e5ec1d8c7d7c
[3/5] arm/trusted-services: fix oeqa script
commit: 798c0a8257052a1c5478948047ddfa727c310112
[4/5] arm-bsp/trusted-services: rebase corstone1000 patches
commit: db2284fc01f9d097ffa6a6bc5ad70a1d76a422c9
[5/5] arm-bsp/trusted-firmware-m: replace OpenAMP with RSE Comms
commit: f63c043ba7e765140646ce4e50252375a8f8e831
Best regards,
--
Jon Mason <jon.mason@arm.com>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-04-30 3:21 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-04-29 15:26 [PATCH 1/5] Add support for the TS Firmware Update service Gyorgy Szing
2024-04-29 15:26 ` [PATCH 2/5] arm/trusted-services: update to 2024 April 19 Gyorgy Szing
2024-04-29 15:26 ` [PATCH 3/5] arm/trusted-services: fix oeqa script Gyorgy Szing
2024-04-29 15:26 ` [PATCH 4/5] arm-bsp/trusted-services: rebase corstone1000 patches Gyorgy Szing
2024-04-29 15:26 ` [PATCH 5/5] arm-bsp/trusted-firmware-m: replace OpenAMP with RSE Comms Gyorgy Szing
2024-04-30 3:21 ` [PATCH 1/5] Add support for the TS Firmware Update service Jon Mason
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.