new file mode 100644
@@ -0,0 +1,76 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
+
+From 2ba5fa76a886e0ef59656fe96666f2582e8ffc72 Mon Sep 17 00:00:00 2001
+From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
+Date: Mon, 20 Dec 2021 19:56:30 +0000
+Subject: [PATCH 2/3] Add missing features to setVariable()
+
+This patch resolves the failing tests in SCT related to
+setVariable() function. The existing implementation is
+missing few cases where error codes are returned when called
+with certain paramters. These conditions are implemented in
+this patch based on the explanation provided in uefi spec.
+
+%% original patch: 0030-Add-missing-features-to-setVariable.patch
+---
+ .../backend/uefi_variable_store.c | 29 ++++++++++++++++---
+ 1 file changed, 25 insertions(+), 4 deletions(-)
+
+diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
+index 1bb869a..a167107 100644
+--- a/components/service/smm_variable/backend/uefi_variable_store.c
++++ b/components/service/smm_variable/backend/uefi_variable_store.c
+@@ -161,6 +161,17 @@ efi_status_t uefi_variable_store_set_variable(
+ bool should_sync_index = false;
+
+ if (status != EFI_SUCCESS) return status;
++
++ /*
++ * Runtime access to a data variable implies boot service access. Attributes that have
++ * EFI_VARIABLE_RUNTIME_ACCESS set must also have EFI_VARIABLE_BOOTSERVICE_ACCESS set.
++ * The caller is responsible for following this rule.
++ */
++ if((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS))
++ {
++ if((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) != EFI_VARIABLE_BOOTSERVICE_ACCESS )
++ return EFI_INVALID_PARAMETER;
++ }
+
+ /* Find in index */
+ const struct variable_info *info = variable_index_find(
+@@ -221,6 +232,13 @@ efi_status_t uefi_variable_store_set_variable(
+ if (!info) status = EFI_OUT_OF_RESOURCES;
+ should_sync_index = info && (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE);
+ }
++ else
++ {
++ /* Return EFI_NOT_FOUND when a remove operation is performed
++ * on variable that is not existing.
++ */
++ status = EFI_NOT_FOUND;
++ }
+
+ /* The order of these operations is important. For an update
+ * or create operation, The variable index is always synchronized
+@@ -555,10 +573,13 @@ static efi_status_t check_access_permitted_on_set(
+ if ((status == EFI_SUCCESS) && var->DataSize) {
+
+ /* Restrict which attributes can be modified for an existing variable */
+- if ((var->Attributes & EFI_VARIABLE_NON_VOLATILE) !=
+- (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) {
+-
+- /* Don't permit change of storage class */
++ if (((var->Attributes & EFI_VARIABLE_NON_VOLATILE) !=
++ (info->metadata.attributes & EFI_VARIABLE_NON_VOLATILE)) ||
++ ((var->Attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS) !=
++ (info->metadata.attributes & EFI_VARIABLE_BOOTSERVICE_ACCESS)) ||
++ ((var->Attributes & EFI_VARIABLE_RUNTIME_ACCESS) !=
++ (info->metadata.attributes & EFI_VARIABLE_RUNTIME_ACCESS))) {
++ /* Don't permit change of attributes */
+ status = EFI_INVALID_PARAMETER;
+ }
+ }
+--
+2.17.1
+
new file mode 100644
@@ -0,0 +1,58 @@
+Upstream-Status: Pending [Not submitted to upstream yet]
+Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
+
+From 8a2a47d360e43004d277c00ed06cbc59ccfb721e Mon Sep 17 00:00:00 2001
+From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
+Date: Mon, 20 Dec 2021 20:01:10 +0000
+Subject: [PATCH 3/3] Add invalid parameter check in getNextVariableName()
+
+This patch resolves the failing tests in SCT related to
+getNextVariableName() function. The existing implementation is
+missing few cases where error codes are returned when called
+with certain paramters. These conditions are implemented in
+this patch based on the explanation provided in uefi spec.
+
+%% original patch: 0031-Add-invalid-parameter-check-in-getNextVariableName.patch
+---
+ .../smm_variable/backend/uefi_variable_store.c | 18 +++++++++++++++++-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
+index a167107..a57b334 100644
+--- a/components/service/smm_variable/backend/uefi_variable_store.c
++++ b/components/service/smm_variable/backend/uefi_variable_store.c
+@@ -161,7 +161,7 @@ efi_status_t uefi_variable_store_set_variable(
+ bool should_sync_index = false;
+
+ if (status != EFI_SUCCESS) return status;
+-
++
+ /*
+ * Runtime access to a data variable implies boot service access. Attributes that have
+ * EFI_VARIABLE_RUNTIME_ACCESS set must also have EFI_VARIABLE_BOOTSERVICE_ACCESS set.
+@@ -310,6 +310,22 @@ efi_status_t uefi_variable_store_get_next_variable_name(
+ status = EFI_NOT_FOUND;
+ *total_length = 0;
+
++ /*
++ * If input values of VariableName and VendorGuid are not a name and GUID of an
++ * existing variable, EFI_INVALID_PARAMETER is returned.
++ */
++ if (cur->NameSize >= sizeof(int16_t)) {
++ /*
++ * Name must be at least one character long to accommodate
++ * the mandatory null terminator.
++ */
++ if (cur->Name[0] != 0) {
++ const struct variable_info *var_info = variable_index_find(&context->variable_index,&cur->Guid,cur->NameSize,cur->Name);
++ if(var_info == NULL)
++ return EFI_INVALID_PARAMETER;
++ }
++ }
++
+ const struct variable_info *info = variable_index_find_next(
+ &context->variable_index,
+ &cur->Guid,
+--
+2.17.1
+
@@ -40,6 +40,8 @@ SRC_URI:append = " \
file://0027-Configure-storage-size.patch \
file://0028-Revert-Add-uefi-variable-append-write-support.patch \
file://0029-Change-UID-of-variable-index-in-SMM.patch \
+ file://0030-Add-missing-features-to-setVariable.patch \
+ file://0031-Add-invalid-parameter-check-in-getNextVariableName.patch \
"
SRC_URI_MBED = "git://github.com/ARMmbed/mbed-crypto.git;protocol=https;branch=development;name=mbed;destsuffix=git/mbedcrypto"