diff mbox series

[09/16] arm-bsp/trusted-services:corstone1000: remove already merged patches

Message ID 20230519112400.340-9-Gyorgy.Szing@arm.com
State New
Headers show
Series [01/16] arm/trusted-services: update TS version | expand

Commit Message

Gyorgy Szing May 19, 2023, 11:23 a.m. UTC
From: Rui Miguel Silva <rui.silva@linaro.org>

Remove already merged patches in trusted services integration
branch to avoid clash during apply patch stage and rebase the
remaining patches.

Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
---
 ...1-Add-openamp-to-SE-proxy-deployment.patch |  287 --
 ...b-capsule-update-service-components.patch} |   88 +-
 ...in-AEAD-for-psa-arch-test-54-and-58.patch} |    8 +-
 ...iver-and-the-OpenAmp-conversion-laye.patch | 1091 -------
 .../0003-Add-openamp-rpc-caller.patch         | 1196 --------
 ...=> 0003-FMP-Support-in-Corstone1000.patch} |    6 +-
 ...1.7-alignment-Align-PSA-Crypto-SIDs.patch} |   32 +-
 ...-add-psa-client-definitions-for-ff-m.patch |  298 --
 ...mon-service-component-to-ipc-support.patch |  295 --
 ...nment-Align-crypto-iovec-definition.patch} |  135 +-
 .../0006-Add-secure-storage-ipc-backend.patch |  523 ----
 ...gnment-PSA-crypto-client-in-out_vec.patch} |   39 +-
 ...storage-ipc-and-openamp-for-se_proxy.patch |   63 -
 .../corstone1000/0008-Run-psa-arch-test.patch |   72 -
 ...0009-Use-address-instead-of-pointers.patch |  168 --
 ...-Add-psa-ipc-attestation-to-se-proxy.patch |  323 ---
 ...d-as-openamp-rpc-using-secure-storag.patch |  163 --
 .../0012-add-psa-ipc-crypto-backend.patch     | 2570 -----------------
 .../0014-Configure-storage-size.patch         |   42 -
 ...face-structure-aligned-with-tf-m-cha.patch |   31 -
 ...egrate-remaining-psa-ipc-client-APIs.patch |  494 ----
 ...et_key_usage_flags-definition-to-the.patch |   40 -
 ...rstone1000-change-default-smm-values.patch |   37 -
 ...teway-add-checks-for-null-attributes.patch |   35 -
 .../0022-GetNextVariableName-Fix.patch        |   33 -
 ...3-Use-the-stateless-platform-service.patch |  140 -
 .../trusted-services/ts-arm-platforms.inc     |   32 +-
 27 files changed, 128 insertions(+), 8113 deletions(-)
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch
 rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0013-Add-stub-capsule-update-service-components.patch => 0001-Add-stub-capsule-update-service-components.patch} (78%)
 rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch => 0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch} (96%)
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch
 rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0020-FMP-Support-in-Corstone1000.patch => 0003-FMP-Support-in-Corstone1000.patch} (99%)
 rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch => 0004-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch} (95%)
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch
 rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch => 0005-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch} (90%)
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch
 rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch => 0006-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch} (80%)
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch
 delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0023-Use-the-stateless-platform-service.patch
diff mbox series

Patch

diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch
deleted file mode 100644
index c44885cf..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-openamp-to-SE-proxy-deployment.patch
+++ /dev/null
@@ -1,287 +0,0 @@ 
-From 13de79cd4f0d25b812e5f4ad4a19bc075496be83 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 16:36:51 +0000
-Subject: [PATCH 01/20] Add openamp to SE proxy deployment
-
-Openamp is required to communicate between secure partitions(running on
-Cortex-A) and trusted-firmware-m(running on Cortex-M).
-These changes are to fetch libmetal and openamp from github repo's
-and build it.
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- deployments/se-proxy/opteesp/lse.S            | 28 ++++++++
- deployments/se-proxy/se-proxy.cmake           |  8 +++
- external/openamp/libmetal-init-cache.cmake.in | 20 ++++++
- external/openamp/libmetal.cmake               | 67 +++++++++++++++++++
- external/openamp/openamp-init-cache.cmake.in  | 20 ++++++
- external/openamp/openamp.cmake                | 66 ++++++++++++++++++
- 6 files changed, 209 insertions(+)
- create mode 100644 deployments/se-proxy/opteesp/lse.S
- create mode 100644 external/openamp/libmetal-init-cache.cmake.in
- create mode 100644 external/openamp/libmetal.cmake
- create mode 100644 external/openamp/openamp-init-cache.cmake.in
- create mode 100644 external/openamp/openamp.cmake
-
-diff --git a/deployments/se-proxy/opteesp/lse.S b/deployments/se-proxy/opteesp/lse.S
-new file mode 100644
-index 000000000000..8e466d65fc2b
---- /dev/null
-+++ b/deployments/se-proxy/opteesp/lse.S
-@@ -0,0 +1,28 @@
-+// SPDX-License-Identifier: BSD-3-Clause
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ */
-+
-+.text
-+.globl __aarch64_cas4_acq_rel
-+.globl __aarch64_cas4_sync
-+
-+__aarch64_cas4_acq_rel:
-+	mov	w16, w0
-+	ldaxr	w0, [x2]
-+	cmp	w0, w16
-+0:	bne	1f
-+
-+	stlxr	w17, w1, [x2]
-+	cbnz	w17, 0b
-+1:	ret
-+
-+__aarch64_cas4_sync:
-+	mov	w16, w0
-+	ldxr	w0, [x2]
-+	cmp	w0, w16
-+0:	bne	1f
-+
-+	stlxr	w17, w1, [x2]
-+	cbnz	w17, 0b
-+1:	ret
-diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
-index 426c66c05350..d39873a0fe81 100644
---- a/deployments/se-proxy/se-proxy.cmake
-+++ b/deployments/se-proxy/se-proxy.cmake
-@@ -61,6 +61,7 @@ add_components(TARGET "se-proxy"
- target_sources(se-proxy PRIVATE
- 	${CMAKE_CURRENT_LIST_DIR}/common/se_proxy_sp.c
- 	${CMAKE_CURRENT_LIST_DIR}/common/service_proxy_factory.c
-+	${CMAKE_CURRENT_LIST_DIR}/opteesp/lse.S
- )
- 
- #-------------------------------------------------------------------------------
-@@ -73,6 +74,13 @@ include(../../../external/nanopb/nanopb.cmake)
- target_link_libraries(se-proxy PRIVATE nanopb::protobuf-nanopb-static)
- protobuf_generate_all(TGT "se-proxy" NAMESPACE "protobuf" BASE_DIR "${TS_ROOT}/protocols")
- 
-+# libmetal
-+include(../../../external/openamp/libmetal.cmake)
-+
-+# OpenAMP
-+include(../../../external/openamp/openamp.cmake)
-+target_link_libraries(se-proxy PRIVATE openamp libmetal)
-+
- #################################################################
- 
- target_include_directories(se-proxy PRIVATE
-diff --git a/external/openamp/libmetal-init-cache.cmake.in b/external/openamp/libmetal-init-cache.cmake.in
-new file mode 100644
-index 000000000000..04c25fbde960
---- /dev/null
-+++ b/external/openamp/libmetal-init-cache.cmake.in
-@@ -0,0 +1,20 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-+# Copyright (c) 2021-2022, Linaro. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+
-+set(CMAKE_INSTALL_PREFIX "@BUILD_INSTALL_DIR@" CACHE STRING "")
-+set(CMAKE_TOOLCHAIN_FILE "@TS_EXTERNAL_LIB_TOOLCHAIN_FILE@" CACHE STRING "")
-+set(BUILD_SHARED_LIBS Off CACHE BOOL "")
-+set(BUILD_STATIC_LIBS On CACHE BOOL "")
-+
-+set(WITH_DOC OFF CACHE BOOL "")
-+set(WITH_TESTS OFF CACHE BOOL "")
-+set(WITH_EXAMPLES OFF CACHE BOOL "")
-+set(WITH_DEFAULT_LOGGER OFF CACHE BOOL "")
-+set(MACHINE "template" CACHE STRING "")
-+
-+@_cmake_fragment@
-diff --git a/external/openamp/libmetal.cmake b/external/openamp/libmetal.cmake
-new file mode 100644
-index 000000000000..6e5004ff555c
---- /dev/null
-+++ b/external/openamp/libmetal.cmake
-@@ -0,0 +1,67 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2022 Linaro Limited
-+# Copyright (c) 2022, Arm Limited. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+
-+set (LIBMETAL_URL "https://github.com/OpenAMP/libmetal.git"
-+		    CACHE STRING "libmetal repository URL")
-+set (LIBMETAL_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/libmetal_install"
-+		    CACHE DIR "libmetal installation directory")
-+set(LIBMETAL_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/libmetal"
-+		CACHE DIR "libmetal source-code")
-+set (LIBMETAL_PACKAGE_DIR "${LIBMETAL_INSTALL_DIR}/libmetal/cmake"
-+			    CACHE DIR "libmetal CMake package directory")
-+set (LIBMETAL_TARGET_NAME "libmetal")
-+set (LIBMETAL_REFSPEC "f252f0e007fbfb8b3a52b1d5901250ddac96baad"
-+			CACHE STRING "The version of libmetal to use")
-+set(LIBMETAL_BINARY_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/libmetal-build")
-+
-+set(GIT_OPTIONS
-+    GIT_REPOSITORY ${LIBMETAL_URL}
-+    GIT_TAG ${LIBMETAL_REFSPEC}
-+    GIT_SHALLOW FALSE
-+)
-+
-+if(NOT LIBMETAL_DEBUG)
-+	set(LIBMETAL_BUILD_TYPE "Release")
-+else()
-+	set(LIBMETAL_BUILD_TYPE "Debug")
-+endif()
-+
-+include(FetchContent)
-+
-+# Checking git
-+find_program(GIT_COMMAND "git")
-+if (NOT GIT_COMMAND)
-+	message(FATAL_ERROR "Please install git")
-+endif()
-+
-+# Only pass libc settings to libmetal if needed. For environments where the
-+# standard library is not overridden, this is not needed.
-+if(TARGET stdlib::c)
-+	include(${TS_ROOT}/tools/cmake/common/PropertyCopy.cmake)
-+
-+	# Save libc settings
-+	save_interface_target_properties(TGT stdlib::c PREFIX LIBC)
-+	# Translate libc settings to cmake code fragment. Will be inserted into
-+	# libmetal-init-cache.cmake.in when LazyFetch configures the file.
-+	translate_interface_target_properties(PREFIX LIBC RES _cmake_fragment)
-+	unset_saved_properties(LIBC)
-+endif()
-+
-+include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED)
-+LazyFetch_MakeAvailable(DEP_NAME libmetal
-+    FETCH_OPTIONS "${GIT_OPTIONS}"
-+    INSTALL_DIR "${LIBMETAL_INSTALL_DIR}"
-+    CACHE_FILE "${TS_ROOT}/external/openamp/libmetal-init-cache.cmake.in"
-+    SOURCE_DIR "${LIBMETAL_SOURCE_DIR}"
-+)
-+unset(_cmake_fragment)
-+
-+#Create an imported target to have clean abstraction in the build-system.
-+add_library(libmetal STATIC IMPORTED)
-+set_property(TARGET libmetal PROPERTY IMPORTED_LOCATION "${LIBMETAL_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}metal${CMAKE_STATIC_LIBRARY_SUFFIX}")
-+set_property(TARGET libmetal PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${LIBMETAL_INSTALL_DIR}/include")
-diff --git a/external/openamp/openamp-init-cache.cmake.in b/external/openamp/openamp-init-cache.cmake.in
-new file mode 100644
-index 000000000000..302b80511bce
---- /dev/null
-+++ b/external/openamp/openamp-init-cache.cmake.in
-@@ -0,0 +1,20 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
-+# Copyright (c) 2021-2022, Linaro. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+
-+set(CMAKE_INSTALL_PREFIX "@BUILD_INSTALL_DIR@" CACHE STRING "")
-+set(CMAKE_TOOLCHAIN_FILE "@TS_EXTERNAL_LIB_TOOLCHAIN_FILE@" CACHE STRING "")
-+set(BUILD_SHARED_LIBS Off CACHE BOOL "")
-+set(BUILD_STATIC_LIBS On CACHE BOOL "")
-+
-+set(LIBMETAL_INCLUDE_DIR "@CMAKE_CURRENT_BINARY_DIR@/libmetal_install/include" CACHE
-+    STRING "")
-+set(LIBMETAL_LIB "@CMAKE_CURRENT_BINARY_DIR@/libmetal_install/lib" CACHE STRING "")
-+set(RPMSG_BUFFER_SIZE "512" CACHE STRING "")
-+set(MACHINE "template" CACHE STRING "")
-+
-+@_cmake_fragment@
-diff --git a/external/openamp/openamp.cmake b/external/openamp/openamp.cmake
-new file mode 100644
-index 000000000000..449f35f4fda4
---- /dev/null
-+++ b/external/openamp/openamp.cmake
-@@ -0,0 +1,66 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2022 Linaro Limited
-+# Copyright (c) 2022, Arm Limited. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+
-+set (OPENAMP_URL "https://github.com/OpenAMP/open-amp.git"
-+		    CACHE STRING "OpenAMP repository URL")
-+set (OPENAMP_INSTALL_DIR "${CMAKE_CURRENT_BINARY_DIR}/openamp_install"
-+			    CACHE DIR "OpenAMP installation directory")
-+set (OPENAMP_SOURCE_DIR "${CMAKE_CURRENT_BINARY_DIR}/_deps/openamp"
-+			    CACHE DIR "OpenAMP source code directory")
-+set (OPENAMP_PACKAGE_DIR "${OPENAMP_INSTALL_DIR}/openamp/cmake"
-+			    CACHE DIR "OpenAMP CMake package directory")
-+set (OPENAMP_TARGET_NAME "openamp")
-+set (OPENAMP_REFSPEC "347397decaa43372fc4d00f965640ebde042966d"
-+			CACHE STRING "The version of openamp to use")
-+
-+set(GIT_OPTIONS
-+    GIT_REPOSITORY ${OPENAMP_URL}
-+    GIT_TAG ${OPENAMP_REFSPEC}
-+    GIT_SHALLOW FALSE
-+)
-+
-+if(NOT OPENAMP_DEBUG)
-+	set(OPENAMP_BUILD_TYPE "Release")
-+else()
-+	set(OPENAMP_BUILD_TYPE "Debug")
-+endif()
-+
-+include(FetchContent)
-+
-+# Checking git
-+find_program(GIT_COMMAND "git")
-+if (NOT GIT_COMMAND)
-+	message(FATAL_ERROR "Please install git")
-+endif()
-+
-+# Only pass libc settings to openamp if needed. For environments where the
-+# standard library is not overridden, this is not needed.
-+if(TARGET stdlib::c)
-+	include(${TS_ROOT}/tools/cmake/common/PropertyCopy.cmake)
-+
-+	# Save libc settings
-+	save_interface_target_properties(TGT stdlib::c PREFIX LIBC)
-+	# Translate libc settings to cmake code fragment. Will be inserted into
-+	# libmetal-init-cache.cmake.in when LazyFetch configures the file.
-+	translate_interface_target_properties(PREFIX LIBC RES _cmake_fragment)
-+	unset_saved_properties(LIBC)
-+endif()
-+
-+include(${TS_ROOT}/tools/cmake/common/LazyFetch.cmake REQUIRED)
-+LazyFetch_MakeAvailable(DEP_NAME openamp
-+    FETCH_OPTIONS "${GIT_OPTIONS}"
-+    INSTALL_DIR "${OPENAMP_INSTALL_DIR}"
-+    CACHE_FILE "${TS_ROOT}/external/openamp/openamp-init-cache.cmake.in"
-+    SOURCE_DIR "${OPENAMP_SOURCE_DIR}"
-+)
-+unset(_cmake_fragment)
-+
-+#Create an imported target to have clean abstraction in the build-system.
-+add_library(openamp STATIC IMPORTED)
-+set_property(TARGET openamp PROPERTY IMPORTED_LOCATION "${OPENAMP_INSTALL_DIR}/lib/${CMAKE_STATIC_LIBRARY_PREFIX}open_amp${CMAKE_STATIC_LIBRARY_SUFFIX}")
-+set_property(TARGET openamp PROPERTY INTERFACE_INCLUDE_DIRECTORIES "${OPENAMP_INSTALL_DIR}/include")
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch
similarity index 78%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch
index 0040e127..c1775b79 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Add-stub-capsule-update-service-components.patch
+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch
@@ -1,7 +1,7 @@ 
-From 050be6fdfee656b0556766cc1db30f4c0ea87c79 Mon Sep 17 00:00:00 2001
+From a965129153a0cca340535fe2cf99dbfef9b557da Mon Sep 17 00:00:00 2001
 From: Julian Hall <julian.hall@arm.com>
 Date: Tue, 12 Oct 2021 15:45:41 +0100
-Subject: [PATCH 13/20] Add stub capsule update service components
+Subject: [PATCH 1/6] Add stub capsule update service components
 
 To facilitate development of a capsule update service provider,
 stub components are added to provide a starting point for an
@@ -18,15 +18,12 @@  Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
  .../provider/capsule_update_provider.c        | 133 ++++++++++++++++++
  .../provider/capsule_update_provider.h        |  51 +++++++
  .../capsule_update/provider/component.cmake   |  13 ++
- deployments/se-proxy/common/se_proxy_sp.c     |   3 +
- .../se-proxy/common/service_proxy_factory.c   |  16 +++
- .../se-proxy/common/service_proxy_factory.h   |   1 +
- deployments/se-proxy/se-proxy.cmake           |   1 +
+ .../se-proxy/infra/corstone1000/infra.cmake   |   1 +
  deployments/se-proxy/se_proxy_interfaces.h    |   9 +-
  .../capsule_update/capsule_update_proto.h     |  13 ++
  protocols/service/capsule_update/opcodes.h    |  17 +++
  protocols/service/capsule_update/parameters.h |  15 ++
- 12 files changed, 292 insertions(+), 4 deletions(-)
+ 9 files changed, 272 insertions(+), 4 deletions(-)
  create mode 100644 components/service/capsule_update/backend/capsule_update_backend.h
  create mode 100644 components/service/capsule_update/provider/capsule_update_provider.c
  create mode 100644 components/service/capsule_update/provider/capsule_update_provider.h
@@ -280,75 +277,18 @@  index 000000000000..1d412eb234d9
 +target_sources(${TGT} PRIVATE
 +	"${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c"
 +	)
-diff --git a/deployments/se-proxy/common/se_proxy_sp.c b/deployments/se-proxy/common/se_proxy_sp.c
-index a37396f4454b..a38ad6ca3f56 100644
---- a/deployments/se-proxy/common/se_proxy_sp.c
-+++ b/deployments/se-proxy/common/se_proxy_sp.c
-@@ -77,6 +77,9 @@ void __noreturn sp_main(struct ffa_init_info *init_info)
- 	}
- 	rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_ATTEST, rpc_iface);
- 
-+	rpc_iface = capsule_update_proxy_create();
-+	rpc_demux_attach(&rpc_demux, SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE, rpc_iface);
-+
- 	/* End of boot phase */
- 	result = sp_msg_wait(&req_msg);
- 	if (result != SP_RESULT_OK) {
-diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
-index 7edeef8b434a..591cc9eeb59e 100644
---- a/deployments/se-proxy/common/service_proxy_factory.c
-+++ b/deployments/se-proxy/common/service_proxy_factory.c
-@@ -13,6 +13,7 @@
- #include <service/crypto/factory/crypto_provider_factory.h>
- #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
- #include <trace.h>
-+#include <service/capsule_update/provider/capsule_update_provider.h>
- 
- /* Stub backends */
- #include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-@@ -93,3 +94,18 @@ struct rpc_interface *its_proxy_create(void)
-  
-         return secure_storage_provider_init(&its_provider, backend);
- }
-+
-+struct rpc_interface *capsule_update_proxy_create(void)
-+{
-+	static struct capsule_update_provider capsule_update_provider;
-+	static struct rpc_caller *capsule_update_caller;
-+
-+	capsule_update_caller = openamp_caller_init(&openamp);
-+
-+	if (!capsule_update_caller)
-+	return NULL;
-+
-+	capsule_update_provider.client.caller = capsule_update_caller;
-+
-+	return capsule_update_provider_init(&capsule_update_provider);
-+}
-diff --git a/deployments/se-proxy/common/service_proxy_factory.h b/deployments/se-proxy/common/service_proxy_factory.h
-index 298d407a2371..02aa7fe2550d 100644
---- a/deployments/se-proxy/common/service_proxy_factory.h
-+++ b/deployments/se-proxy/common/service_proxy_factory.h
-@@ -17,6 +17,7 @@ struct rpc_interface *attest_proxy_create(void);
- struct rpc_interface *crypto_proxy_create(void);
- struct rpc_interface *ps_proxy_create(void);
- struct rpc_interface *its_proxy_create(void);
-+struct rpc_interface *capsule_update_proxy_create(void);
- 
- #ifdef __cplusplus
- }
-diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
-index 3dbbc36c968d..f0db2d43f443 100644
---- a/deployments/se-proxy/se-proxy.cmake
-+++ b/deployments/se-proxy/se-proxy.cmake
-@@ -51,6 +51,7 @@ add_components(TARGET "se-proxy"
- 		"components/service/attestation/provider/serializer/packed-c"
+diff --git a/deployments/se-proxy/infra/corstone1000/infra.cmake b/deployments/se-proxy/infra/corstone1000/infra.cmake
+index 4e7e2bd58028..e60b5400617f 100644
+--- a/deployments/se-proxy/infra/corstone1000/infra.cmake
++++ b/deployments/se-proxy/infra/corstone1000/infra.cmake
+@@ -21,6 +21,7 @@ add_components(TARGET "se-proxy"
+ 		"components/service/attestation/key_mngr/local"
  		"components/service/attestation/reporter/psa_ipc"
- 		"components/service/attestation/client/psa_ipc"
+ 		"components/service/crypto/backend/psa_ipc"
 +		"components/service/capsule_update/provider"
- 		"components/rpc/openamp/caller/sp"
+ 		"components/service/secure_storage/backend/secure_storage_ipc"
+ )
  
- 		# Stub service provider backends
 diff --git a/deployments/se-proxy/se_proxy_interfaces.h b/deployments/se-proxy/se_proxy_interfaces.h
 index 48908f846990..3d4a7c204785 100644
 --- a/deployments/se-proxy/se_proxy_interfaces.h
@@ -432,5 +372,5 @@  index 000000000000..285d924186be
 +
 +#endif /* CAPSULE_UPDATE_PARAMETERS_H */
 -- 
-2.38.1
+2.40.0
 
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
similarity index 96%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
index c1598a9e..3f3800ce 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch
@@ -1,7 +1,7 @@ 
-From 1a4d46fdc0b5745b9cfb0789e4b778111bd6dbbb Mon Sep 17 00:00:00 2001
+From 51a7024967187644011c5043ef0f733cf81b26be Mon Sep 17 00:00:00 2001
 From: Satish Kumar <satish.kumar01@arm.com>
 Date: Mon, 14 Feb 2022 08:22:25 +0000
-Subject: [PATCH 18/20] Fixes in AEAD for psa-arch test 54 and 58.
+Subject: [PATCH 2/6] Fixes in AEAD for psa-arch test 54 and 58.
 
 Upstream-Status: Pending [Not submitted to upstream yet]
 Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
@@ -29,7 +29,7 @@  index c4ffb20cf7f8..a91f66c14008 100644
  
  	/* Mandatory input data parameter */
 diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h
-index 4d7bf6e959b0..e3c4df2927b3 100644
+index 30aa102da581..130d27295878 100644
 --- a/components/service/crypto/include/psa/crypto_sizes.h
 +++ b/components/service/crypto/include/psa/crypto_sizes.h
 @@ -351,7 +351,7 @@
@@ -117,5 +117,5 @@  index 0be266b52403..435fd3b523ce 100644
  
  /* Variable length input parameter tags */
 -- 
-2.38.1
+2.40.0
 
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch
deleted file mode 100644
index 0371a7a4..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch
+++ /dev/null
@@ -1,1091 +0,0 @@ 
-From 28aedac78016e5063ebd675a43e6c3655f87b442 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 18:00:46 +0000
-Subject: [PATCH 02/20] Implement mhu driver and the OpenAmp conversion layer.
-
-This commit adds an mhu driver (v2.1 and v2) to the secure
-partition se_proxy and a conversion layer to communicate with
-the secure enclave using OpenAmp.
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../se-proxy/opteesp/default_se-proxy.dts.in  |  16 +
- .../drivers/arm/mhu_driver/component.cmake    |  12 +
- platform/drivers/arm/mhu_driver/mhu_v2.h      | 391 ++++++++++++
- platform/drivers/arm/mhu_driver/mhu_v2_x.c    | 602 ++++++++++++++++++
- .../providers/arm/corstone1000/platform.cmake |  10 +
- 5 files changed, 1031 insertions(+)
- create mode 100644 platform/drivers/arm/mhu_driver/component.cmake
- create mode 100644 platform/drivers/arm/mhu_driver/mhu_v2.h
- create mode 100644 platform/drivers/arm/mhu_driver/mhu_v2_x.c
- create mode 100644 platform/providers/arm/corstone1000/platform.cmake
-
-diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-index 5748d2f80f88..267b4f923540 100644
---- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-+++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-@@ -17,4 +17,20 @@
- 	xlat-granule = <0>; /* 4KiB */
- 	messaging-method = <3>; /* Direct messaging only */
- 	legacy-elf-format = <1>;
-+
-+	device-regions {
-+		compatible = "arm,ffa-manifest-device-regions";
-+		mhu-sender {
-+			/* Armv8 A Foundation Platform values */
-+			base-address = <0x00000000 0x1b820000>;
-+			pages-count = <16>;
-+			attributes = <0x3>; /* read-write */
-+		};
-+		mhu-receiver {
-+			/* Armv8 A Foundation Platform values */
-+			base-address = <0x00000000 0x1b830000>;
-+			pages-count = <16>;
-+			attributes = <0x3>; /* read-write */
-+		};
-+	};
- };
-diff --git a/platform/drivers/arm/mhu_driver/component.cmake b/platform/drivers/arm/mhu_driver/component.cmake
-new file mode 100644
-index 000000000000..77a5a50b67d1
---- /dev/null
-+++ b/platform/drivers/arm/mhu_driver/component.cmake
-@@ -0,0 +1,12 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+
-+# Add source files for using mhu driver
-+target_sources(${TGT}
-+	PRIVATE
-+	"${CMAKE_CURRENT_LIST_DIR}/mhu_v2_x.c"
-+)
-diff --git a/platform/drivers/arm/mhu_driver/mhu_v2.h b/platform/drivers/arm/mhu_driver/mhu_v2.h
-new file mode 100644
-index 000000000000..2e4ba80fab95
---- /dev/null
-+++ b/platform/drivers/arm/mhu_driver/mhu_v2.h
-@@ -0,0 +1,391 @@
-+/*
-+ * Copyright (c) 2021 Arm Limited
-+ *
-+ * Licensed under the Apache License, Version 2.0 (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ *
-+ *     http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+
-+/**
-+ * \file mhu_v2_x.h
-+ * \brief Driver for Arm MHU v2.0 and v2.1
-+ */
-+
-+#ifndef __MHU_V2_X_H__
-+#define __MHU_V2_X_H__
-+
-+#include <stdint.h>
-+#include <stdbool.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+#define MHU_2_X_INTR_NR2R_OFF             (0x0u)
-+#define MHU_2_X_INTR_R2NR_OFF             (0x1u)
-+#define MHU_2_1_INTR_CHCOMB_OFF           (0x2u)
-+
-+#define MHU_2_X_INTR_NR2R_MASK            (0x1u << MHU_2_X_INTR_NR2R_OFF)
-+#define MHU_2_X_INTR_R2NR_MASK            (0x1u << MHU_2_X_INTR_R2NR_OFF)
-+#define MHU_2_1_INTR_CHCOMB_MASK          (0x1u << MHU_2_1_INTR_CHCOMB_OFF)
-+
-+enum mhu_v2_x_frame_t {
-+    MHU_V2_X_SENDER_FRAME   = 0x0u,
-+    MHU_V2_X_RECEIVER_FRAME = 0x1u,
-+};
-+
-+enum mhu_v2_x_supported_revisions {
-+     MHU_REV_READ_FROM_HW = 0,
-+     MHU_REV_2_0,
-+     MHU_REV_2_1,
-+};
-+
-+struct mhu_v2_x_dev_t {
-+    uint32_t base;
-+    enum mhu_v2_x_frame_t frame;
-+    uint32_t subversion;    /*!< Hardware subversion: v2.X */
-+    bool is_initialized;    /*!< Indicates if the MHU driver
-+                             *   is initialized and enabled
-+                             */
-+};
-+
-+/**
-+ * \brief MHU v2 error enumeration types.
-+ */
-+enum mhu_v2_x_error_t {
-+    MHU_V_2_X_ERR_NONE                =  0,
-+    MHU_V_2_X_ERR_NOT_INIT            = -1,
-+    MHU_V_2_X_ERR_ALREADY_INIT        = -2,
-+    MHU_V_2_X_ERR_UNSUPPORTED_VERSION = -3,
-+    MHU_V_2_X_ERR_INVALID_ARG         = -4,
-+    MHU_V_2_X_ERR_GENERAL             = -5
-+};
-+
-+/**
-+ * \brief Initializes the driver
-+ *
-+ * \param[in] dev   MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] rev   MHU revision (if can't be identified from HW)
-+ *
-+ * Reads the MHU hardware version
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note MHU revision only has to be specified when versions can't be read
-+ *       from HW (ARCH_MAJOR_REV reg reads as 0x0).
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_driver_init(struct mhu_v2_x_dev_t *dev,
-+     enum mhu_v2_x_supported_revisions rev);
-+
-+/**
-+ * \brief Returns the number of channels implemented.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ *
-+ * Returns the number of channels implemented.
-+ *
-+ * \return Returns the number of channels implemented.
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+uint32_t mhu_v2_x_get_num_channel_implemented(
-+         const struct mhu_v2_x_dev_t *dev);
-+
-+/**
-+ * \brief Sends the value over a channel.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel     Channel to send the value over.
-+ * \param[in] val         Value to send.
-+ *
-+ * Sends the value over a channel.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_send(const struct mhu_v2_x_dev_t *dev,
-+     uint32_t channel, uint32_t val);
-+
-+/**
-+ * \brief Clears the channel after the value is send over it.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel     Channel to clear.
-+ *
-+ * Clears the channel after the value is send over it.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_clear(const struct mhu_v2_x_dev_t *dev,
-+     uint32_t channel);
-+
-+/**
-+ * \brief Receives the value over a channel.
-+ *
-+ * \param[in]  dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in]  channel     Channel to receive the value from.
-+ * \param[out] value       Pointer to variable that will store the value.
-+ *
-+ * Receives the value over a channel.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_receive(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t *value);
-+
-+/**
-+ * \brief Sets bits in the Channel Mask.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel     Which channel's mask to set.
-+ * \param[in] mask        Mask to be set over a receiver frame.
-+ *
-+ * Sets bits in the Channel Mask.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_set(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask);
-+
-+/**
-+ * \brief Clears bits in the Channel Mask.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel     Which channel's mask to clear.
-+ * \param[in] mask        Mask to be clear over a receiver frame.
-+ *
-+ * Clears bits in the Channel Mask.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_clear(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask);
-+
-+/**
-+ * \brief Enables the Channel interrupt.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel     Which channel's interrupt to enable.
-+ *
-+ * Enables the Channel clear interrupt.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_enable(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel);
-+
-+/**
-+ * \brief Disables the Channel interrupt.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel     Which channel's interrupt to disable.
-+ *
-+ * Disables the Channel interrupt.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_disable(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel);
-+
-+/**
-+ * \brief Cleares the Channel interrupt.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] channel     Which channel's interrupt to clear.
-+ *
-+ * Cleares the Channel interrupt.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ * \note This function doesn't check if channel is implemented.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_clear(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel);
-+
-+/**
-+ * \brief Initiates a MHU transfer with the handshake signals.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ *
-+ * Initiates a MHU transfer with the handshake signals in a blocking mode.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_initiate_transfer(
-+     const struct mhu_v2_x_dev_t *dev);
-+
-+/**
-+ * \brief Closes a MHU transfer with the handshake signals.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ *
-+ * Closes a MHU transfer with the handshake signals in a blocking mode.
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_close_transfer(
-+     const struct mhu_v2_x_dev_t *dev);
-+
-+/**
-+ * \brief Returns the value of access request signal.
-+ *
-+ * \param[in]  dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[out] val         Pointer to variable that will store the value.
-+ *
-+ * For more information please read the MHU v2 user guide
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_get_access_request(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t *val);
-+
-+/**
-+ * \brief Sets the value of access request signal to high.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ *
-+ * For more information please read the MHU v2 user guide
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_set_access_request(
-+     const struct mhu_v2_x_dev_t *dev);
-+
-+/**
-+ * \brief Sets the value of access request signal to low.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ *
-+ * For more information please read the MHU v2 user guide
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_reset_access_request(
-+     const struct mhu_v2_x_dev_t *dev);
-+
-+/**
-+ * \brief Returns the value of access ready signal.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[out] val        Pointer to variable that will store the value.
-+ *
-+ * For more information please read the MHU v2 user guide
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_get_access_ready(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t *val);
-+
-+/**
-+ * \brief Returns the MHU interrupt status.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ *
-+ * \return Interrupt status register value. Masking is needed for individual
-+ *         interrupts.
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+uint32_t mhu_v2_x_get_interrupt_status(const struct mhu_v2_x_dev_t *dev);
-+
-+/**
-+ * \brief Enables MHU interrupts.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] mask        Bit mask for enabling/disabling interrupts
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_interrupt_enable(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t mask);
-+
-+/**
-+ * \brief Disables MHU interrupts.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] mask        Bit mask for enabling/disabling interrupts
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_interrupt_disable(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t mask);
-+
-+/**
-+ * \brief Clears MHU interrupts.
-+ *
-+ * \param[in] dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[in] mask        Bit mask for clearing interrupts
-+ *
-+ * \return Returns mhu_v2_x_error_t error code
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_x_interrupt_clear(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t mask);
-+
-+/**
-+ * \brief Returns the first channel number whose interrupt bit is high.
-+ *
-+ * \param[in]  dev         MHU device struct \ref mhu_v2_x_dev_t
-+ * \param[out] channel     Pointer to variable that will have the channel value.
-+ *
-+ * \return Returns the first channel number whose interrupt bit is high.
-+ * \return Returns mhu_v2_x_error_t error code.
-+ *
-+ * \note This function doesn't check if dev is NULL.
-+ */
-+enum mhu_v2_x_error_t mhu_v2_1_get_ch_interrupt_num(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t *channel);
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* __MHU_V2_X_H__ */
-diff --git a/platform/drivers/arm/mhu_driver/mhu_v2_x.c b/platform/drivers/arm/mhu_driver/mhu_v2_x.c
-new file mode 100644
-index 000000000000..01d8f659a73a
---- /dev/null
-+++ b/platform/drivers/arm/mhu_driver/mhu_v2_x.c
-@@ -0,0 +1,602 @@
-+/*
-+ * Copyright (c) 2021 Arm Limited
-+ *
-+ * Licensed under the Apache License, Version 2.0 (the "License");
-+ * you may not use this file except in compliance with the License.
-+ * You may obtain a copy of the License at
-+ *
-+ *     http://www.apache.org/licenses/LICENSE-2.0
-+ *
-+ * Unless required by applicable law or agreed to in writing, software
-+ * distributed under the License is distributed on an "AS IS" BASIS,
-+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-+ * See the License for the specific language governing permissions and
-+ * limitations under the License.
-+ */
-+#include <stdint.h>
-+#include <stdbool.h>
-+#include "mhu_v2.h"
-+
-+#define _MHU_V2_X_MAX_CHANNELS    124
-+#define _MHU_V2_1_MAX_CHCOMB_INT  4
-+#define ENABLE                    0x1
-+#define DISABLE                   0x0
-+#define CLEAR_INTR                0x1
-+#define CH_PER_CH_COMB            0x20
-+#define SEND_FRAME(p_mhu)       ((struct _mhu_v2_x_send_frame_t *)p_mhu)
-+#define RECV_FRAME(p_mhu)       ((struct _mhu_v2_x_recv_frame_t *)p_mhu)
-+
-+#define MHU_MAJOR_REV_V2      0x1u
-+#define MHU_MINOR_REV_2_0     0x0u
-+#define MHU_MINOR_REV_2_1     0x1u
-+
-+struct _mhu_v2_x_send_ch_window_t {
-+    /* Offset: 0x00 (R/ ) Channel Status */
-+    volatile uint32_t ch_st;
-+    /* Offset: 0x04 (R/ ) Reserved */
-+    volatile uint32_t reserved_0;
-+    /* Offset: 0x08 (R/ ) Reserved */
-+    volatile uint32_t reserved_1;
-+    /* Offset: 0x0C ( /W) Channel Set */
-+    volatile uint32_t ch_set;
-+    /* Offset: 0x10 (R/ ) Channel Interrupt Status (Reserved in 2.0) */
-+    volatile uint32_t ch_int_st;
-+    /* Offset: 0x14 ( /W) Channel Interrupt Clear  (Reserved in 2.0) */
-+    volatile uint32_t ch_int_clr;
-+    /* Offset: 0x18 (R/W) Channel Interrupt Enable (Reserved in 2.0) */
-+    volatile uint32_t ch_int_en;
-+    /* Offset: 0x1C (R/ ) Reserved */
-+    volatile uint32_t reserved_2;
-+};
-+
-+struct _mhu_v2_x_send_frame_t {
-+    /* Offset: 0x000 ( / ) Sender Channel Window 0 -123 */
-+    struct _mhu_v2_x_send_ch_window_t send_ch_window[_MHU_V2_X_MAX_CHANNELS];
-+    /* Offset: 0xF80 (R/ ) Message Handling Unit Configuration */
-+    volatile uint32_t mhu_cfg;
-+    /* Offset: 0xF84 (R/W) Response Configuration */
-+    volatile uint32_t resp_cfg;
-+    /* Offset: 0xF88 (R/W) Access Request */
-+    volatile uint32_t access_request;
-+    /* Offset: 0xF8C (R/ ) Access Ready */
-+    volatile uint32_t access_ready;
-+    /* Offset: 0xF90 (R/ ) Interrupt Status */
-+    volatile uint32_t int_st;
-+    /* Offset: 0xF94 ( /W) Interrupt Clear */
-+    volatile uint32_t int_clr;
-+    /* Offset: 0xF98 (R/W) Interrupt Enable */
-+    volatile uint32_t int_en;
-+    /* Offset: 0xF9C (R/ ) Reserved */
-+    volatile uint32_t reserved_0;
-+    /* Offset: 0xFA0 (R/W) Channel Combined Interrupt Stat (Reserved in 2.0) */
-+    volatile uint32_t ch_comb_int_st[_MHU_V2_1_MAX_CHCOMB_INT];
-+    /* Offset: ‭0xFC4‬ (R/ ) Reserved */
-+    volatile uint32_t reserved_1[6];
-+    /* Offset: 0xFC8 (R/ ) Implementer Identification Register */
-+    volatile uint32_t iidr;
-+    /* Offset: 0xFCC (R/ ) Architecture Identification Register */
-+    volatile uint32_t aidr;
-+    /* Offset: 0xFD0 (R/ )  */
-+    volatile uint32_t pid_1[4];
-+    /* Offset: 0xFE0 (R/ )  */
-+    volatile uint32_t pid_0[4];
-+    /* Offset: 0xFF0 (R/ )  */
-+    volatile uint32_t cid[4];
-+};
-+
-+struct _mhu_v2_x_rec_ch_window_t {
-+    /* Offset: 0x00 (R/ ) Channel Status */
-+    volatile uint32_t ch_st;
-+    /* Offset: 0x04 (R/ ) Channel Status Masked */
-+    volatile uint32_t ch_st_msk;
-+    /* Offset: 0x08 ( /W) Channel Clear */
-+    volatile uint32_t ch_clr;
-+    /* Offset: 0x0C (R/ ) Reserved */
-+    volatile uint32_t reserved_0;
-+    /* Offset: 0x10 (R/ ) Channel Mask Status */
-+    volatile uint32_t ch_msk_st;
-+    /* Offset: 0x14 ( /W) Channel Mask Set */
-+    volatile uint32_t ch_msk_set;
-+    /* Offset: 0x18 ( /W) Channel Mask Clear */
-+    volatile uint32_t ch_msk_clr;
-+    /* Offset: 0x1C (R/ ) Reserved */
-+    volatile uint32_t reserved_1;
-+};
-+
-+struct _mhu_v2_x_recv_frame_t {
-+    /* Offset: 0x000 ( / ) Receiver Channel Window 0 -123 */
-+    struct _mhu_v2_x_rec_ch_window_t rec_ch_window[_MHU_V2_X_MAX_CHANNELS];
-+    /* Offset: 0xF80 (R/ ) Message Handling Unit Configuration */
-+    volatile uint32_t mhu_cfg;
-+    /* Offset: 0xF84 (R/ ) Reserved */
-+    volatile uint32_t reserved_0[3];
-+    /* Offset: 0xF90 (R/ ) Interrupt Status (Reserved in 2.0) */
-+    volatile uint32_t int_st;
-+    /* Offset: 0xF94 (R/ ) Interrupt Clear  (Reserved in 2.0) */
-+    volatile uint32_t int_clr;
-+    /* Offset: 0xF98 (R/W) Interrupt Enable (Reserved in 2.0) */
-+    volatile uint32_t int_en;
-+    /* Offset: 0xF9C (R/ ) Reserved  */
-+    volatile uint32_t reserved_1;
-+    /* Offset: 0xFA0 (R/ ) Channel Combined Interrupt Stat (Reserved in 2.0) */
-+    volatile uint32_t ch_comb_int_st[_MHU_V2_1_MAX_CHCOMB_INT];
-+    /* Offset: 0xFB0 (R/ ) Reserved */
-+    volatile uint32_t reserved_2[6];
-+    /* Offset: 0xFC8 (R/ ) Implementer Identification Register */
-+    volatile uint32_t iidr;
-+    /* Offset: 0xFCC (R/ ) Architecture Identification Register */
-+    volatile uint32_t aidr;
-+    /* Offset: 0xFD0 (R/ )  */
-+    volatile uint32_t pid_1[4];
-+    /* Offset: 0xFE0 (R/ )  */
-+    volatile uint32_t pid_0[4];
-+    /* Offset: 0xFF0 (R/ )  */
-+    volatile uint32_t cid[4];
-+};
-+
-+union _mhu_v2_x_frame_t {
-+    struct _mhu_v2_x_send_frame_t send_frame;
-+    struct _mhu_v2_x_recv_frame_t recv_frame;
-+};
-+
-+enum mhu_v2_x_error_t mhu_v2_x_driver_init(struct mhu_v2_x_dev_t *dev,
-+     enum mhu_v2_x_supported_revisions rev)
-+{
-+    uint32_t AIDR = 0;
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if (dev->is_initialized) {
-+        return MHU_V_2_X_ERR_ALREADY_INIT;
-+    }
-+
-+    if (rev == MHU_REV_READ_FROM_HW) {
-+        /* Read revision from HW */
-+        if (dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+            AIDR = p_mhu->recv_frame.aidr;
-+        } else {
-+            AIDR = p_mhu->send_frame.aidr;
-+        }
-+
-+        /* Get bits 7:4 to read major revision */
-+        if ( ((AIDR >> 4) & 0b1111) != MHU_MAJOR_REV_V2) {
-+            /* Unsupported MHU version */
-+            return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+        } /* No need to save major version, driver only supports MHUv2 */
-+
-+        /* Get bits 3:0 to read minor revision */
-+        dev->subversion = AIDR & 0b1111;
-+
-+        if (dev->subversion != MHU_MINOR_REV_2_0 &&
-+            dev->subversion != MHU_MINOR_REV_2_1) {
-+            /* Unsupported subversion */
-+            return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+        }
-+    } else {
-+        /* Revisions were provided by caller */
-+        if (rev == MHU_REV_2_0) {
-+            dev->subversion = MHU_MINOR_REV_2_0;
-+        } else if (rev == MHU_REV_2_1) {
-+            dev->subversion = MHU_MINOR_REV_2_1;
-+        } else {
-+            /* Unsupported subversion */
-+            return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+        }/* No need to save major version, driver only supports MHUv2 */
-+    }
-+
-+    dev->is_initialized = true;
-+
-+    return MHU_V_2_X_ERR_NONE;
-+}
-+
-+uint32_t mhu_v2_x_get_num_channel_implemented(const struct mhu_v2_x_dev_t *dev)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+        return (SEND_FRAME(p_mhu))->mhu_cfg;
-+    } else {
-+        return (RECV_FRAME(p_mhu))->mhu_cfg;
-+    }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_send(const struct mhu_v2_x_dev_t *dev,
-+     uint32_t channel, uint32_t val)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+        (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_set = val;
-+        return MHU_V_2_X_ERR_NONE;
-+    } else {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_clear(const struct mhu_v2_x_dev_t *dev,
-+     uint32_t channel)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+        (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_clr = UINT32_MAX;
-+        return MHU_V_2_X_ERR_NONE;
-+    } else {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_receive(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t *value)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+        *value = (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_st;
-+        return MHU_V_2_X_ERR_NONE;
-+    } else {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_set(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+        (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_msk_set = mask;
-+        return MHU_V_2_X_ERR_NONE;
-+    } else {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_mask_clear(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel, uint32_t mask)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+        (RECV_FRAME(p_mhu))->rec_ch_window[channel].ch_msk_clr = mask;
-+        return MHU_V_2_X_ERR_NONE;
-+    } else {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_enable(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if (dev->subversion == MHU_MINOR_REV_2_1) {
-+        return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+    }
-+
-+    if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+        (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_en = ENABLE;
-+        return MHU_V_2_X_ERR_NONE;
-+    } else {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_disable(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if (dev->subversion == MHU_MINOR_REV_2_1) {
-+        return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+    }
-+
-+    if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+        (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_en = DISABLE;
-+        return MHU_V_2_X_ERR_NONE;
-+    } else {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_channel_interrupt_clear(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t channel)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if (dev->subversion == MHU_MINOR_REV_2_1) {
-+        return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+    }
-+
-+    if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+        (SEND_FRAME(p_mhu))->send_ch_window[channel].ch_int_clr = CLEAR_INTR;
-+        return MHU_V_2_X_ERR_NONE;
-+    } else {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_initiate_transfer(
-+     const struct mhu_v2_x_dev_t *dev)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame != MHU_V2_X_SENDER_FRAME) {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+
-+    (SEND_FRAME(p_mhu))->access_request = ENABLE;
-+
-+    while ( !((SEND_FRAME(p_mhu))->access_ready) ) {
-+        /* Wait in a loop for access ready signal to be high */
-+        ;
-+    }
-+
-+    return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_close_transfer(const struct mhu_v2_x_dev_t *dev)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame != MHU_V2_X_SENDER_FRAME) {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+
-+    (SEND_FRAME(p_mhu))->access_request = DISABLE;
-+
-+    return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_get_access_request(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t *val)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame != MHU_V2_X_SENDER_FRAME) {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+
-+    *val = (SEND_FRAME(p_mhu))->access_request;
-+
-+    return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_set_access_request(
-+     const struct mhu_v2_x_dev_t *dev)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame != MHU_V2_X_SENDER_FRAME) {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+
-+    (SEND_FRAME(p_mhu))->access_request = ENABLE;
-+
-+    return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_reset_access_request(
-+     const struct mhu_v2_x_dev_t *dev)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame != MHU_V2_X_SENDER_FRAME) {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+
-+    (SEND_FRAME(p_mhu))->access_request = DISABLE;
-+
-+    return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_get_access_ready(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t *val)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame != MHU_V2_X_SENDER_FRAME) {
-+        return MHU_V_2_X_ERR_INVALID_ARG;
-+    }
-+
-+    *val = (SEND_FRAME(p_mhu))->access_ready;
-+
-+    return MHU_V_2_X_ERR_NONE;
-+}
-+
-+uint32_t mhu_v2_x_get_interrupt_status(const struct mhu_v2_x_dev_t *dev)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+        return (SEND_FRAME(p_mhu))->int_st;
-+    } else {
-+        return (RECV_FRAME(p_mhu))->int_st;
-+    }
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_interrupt_enable(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t mask)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if (dev->subversion == MHU_MINOR_REV_2_0) {
-+        if (mask & MHU_2_1_INTR_CHCOMB_MASK) {
-+            /* Combined channel IRQ is not present in v2.0 */
-+            return MHU_V_2_X_ERR_INVALID_ARG;
-+        }
-+
-+        if (dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+            /* Only sender frame has these registers */
-+            return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+        }
-+    }
-+
-+    if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+        (SEND_FRAME(p_mhu))->int_en |= mask;
-+    } else {
-+        (RECV_FRAME(p_mhu))->int_en |= mask;
-+    }
-+
-+    return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_interrupt_disable(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t mask)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if (dev->subversion == MHU_MINOR_REV_2_0) {
-+        if (mask & MHU_2_1_INTR_CHCOMB_MASK) {
-+            /* Combined channel IRQ is not present in v2.0 */
-+            return MHU_V_2_X_ERR_INVALID_ARG;
-+        }
-+
-+        if (dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+            /* Only sender frame has these registers */
-+            return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+        }
-+    }
-+
-+    if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+        (SEND_FRAME(p_mhu))->int_en &= ~mask;
-+    } else {
-+        (RECV_FRAME(p_mhu))->int_en &= ~mask;
-+    }
-+
-+    return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_x_interrupt_clear(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t mask)
-+{
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if (dev->subversion == MHU_MINOR_REV_2_0) {
-+        if (mask & MHU_2_1_INTR_CHCOMB_MASK) {
-+            /* Combined channel IRQ is not present in v2.0 */
-+            return MHU_V_2_X_ERR_INVALID_ARG;
-+        }
-+
-+        if (dev->frame == MHU_V2_X_RECEIVER_FRAME) {
-+            /* Only sender frame has these registers */
-+            return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+        }
-+    }
-+
-+    if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+        (SEND_FRAME(p_mhu))->int_clr = mask;
-+    } else {
-+        (RECV_FRAME(p_mhu))->int_clr = mask;
-+    }
-+
-+    return MHU_V_2_X_ERR_NONE;
-+}
-+
-+enum mhu_v2_x_error_t mhu_v2_1_get_ch_interrupt_num(
-+     const struct mhu_v2_x_dev_t *dev, uint32_t *channel)
-+{
-+    uint32_t i, j, status;
-+    union _mhu_v2_x_frame_t *p_mhu = (union _mhu_v2_x_frame_t *)dev->base;
-+
-+    if ( !(dev->is_initialized) ) {
-+        return MHU_V_2_X_ERR_NOT_INIT;
-+    }
-+
-+    if (dev->subversion != MHU_MINOR_REV_2_1) {
-+        /* Feature is only supported in MHU v2.1 */
-+        return MHU_V_2_X_ERR_UNSUPPORTED_VERSION;
-+    }
-+
-+    for(i = 0; i < _MHU_V2_1_MAX_CHCOMB_INT; i++) {
-+        if(dev->frame == MHU_V2_X_SENDER_FRAME) {
-+            status = (SEND_FRAME(p_mhu))->ch_comb_int_st[i];
-+        } else {
-+            status = (RECV_FRAME(p_mhu))->ch_comb_int_st[i];
-+        }
-+
-+        for(j = 0; j < CH_PER_CH_COMB; j++) {
-+            if ((status >> CH_PER_CH_COMB - j - 1) & (ENABLE)) {
-+                *channel = (CH_PER_CH_COMB - j -1 + (i * CH_PER_CH_COMB));
-+                return MHU_V_2_X_ERR_NONE;
-+            }
-+        }
-+    }
-+
-+    return MHU_V_2_X_ERR_GENERAL;
-+}
-diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
-new file mode 100644
-index 000000000000..bb778bb9719b
---- /dev/null
-+++ b/platform/providers/arm/corstone1000/platform.cmake
-@@ -0,0 +1,10 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+# Platform definition for the 'fvp_base_revc-2xaem8a' virtual platform.
-+#-------------------------------------------------------------------------------
-+
-+# include MHU driver
-+include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake)
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch
deleted file mode 100644
index 5686face..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Add-openamp-rpc-caller.patch
+++ /dev/null
@@ -1,1196 +0,0 @@ 
-From 55394c4c9681af71b1ed7f7ebc7c44b2e1737113 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 19:00:54 +0000
-Subject: [PATCH 03/20] Add openamp rpc caller
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- components/rpc/common/caller/rpc_caller.c     |  10 +
- components/rpc/common/interface/rpc_caller.h  |   8 +
- .../rpc/openamp/caller/sp/component.cmake     |  15 +
- .../rpc/openamp/caller/sp/openamp_caller.c    | 203 +++++++
- .../rpc/openamp/caller/sp/openamp_caller.h    |  43 ++
- .../rpc/openamp/caller/sp/openamp_mhu.c       | 191 ++++++
- .../rpc/openamp/caller/sp/openamp_mhu.h       |  19 +
- .../rpc/openamp/caller/sp/openamp_virtio.c    | 555 ++++++++++++++++++
- .../rpc/openamp/caller/sp/openamp_virtio.h    |  24 +
- .../se-proxy/opteesp/default_se-proxy.dts.in  |   6 +
- deployments/se-proxy/se-proxy.cmake           |   1 +
- 11 files changed, 1075 insertions(+)
- create mode 100644 components/rpc/openamp/caller/sp/component.cmake
- create mode 100644 components/rpc/openamp/caller/sp/openamp_caller.c
- create mode 100644 components/rpc/openamp/caller/sp/openamp_caller.h
- create mode 100644 components/rpc/openamp/caller/sp/openamp_mhu.c
- create mode 100644 components/rpc/openamp/caller/sp/openamp_mhu.h
- create mode 100644 components/rpc/openamp/caller/sp/openamp_virtio.c
- create mode 100644 components/rpc/openamp/caller/sp/openamp_virtio.h
-
-diff --git a/components/rpc/common/caller/rpc_caller.c b/components/rpc/common/caller/rpc_caller.c
-index 2dceabeb8967..20d889c162b0 100644
---- a/components/rpc/common/caller/rpc_caller.c
-+++ b/components/rpc/common/caller/rpc_caller.c
-@@ -37,3 +37,13 @@ void rpc_caller_end(struct rpc_caller *s, rpc_call_handle handle)
- {
- 	s->call_end(s->context, handle);
- }
-+
-+void *rpc_caller_virt_to_phys(struct rpc_caller *s, void *va)
-+{
-+	return s->virt_to_phys(s->context, va);
-+}
-+
-+void *rpc_caller_phys_to_virt(struct rpc_caller *s, void *pa)
-+{
-+	return s->phys_to_virt(s->context, pa);
-+}
-diff --git a/components/rpc/common/interface/rpc_caller.h b/components/rpc/common/interface/rpc_caller.h
-index 387489cdb1b2..ef9bb64905ed 100644
---- a/components/rpc/common/interface/rpc_caller.h
-+++ b/components/rpc/common/interface/rpc_caller.h
-@@ -45,6 +45,10 @@ struct rpc_caller
- 		     	rpc_opstatus_t *opstatus, uint8_t **resp_buf, size_t *resp_len);
- 
- 	void (*call_end)(void *context, rpc_call_handle handle);
-+
-+	void *(*virt_to_phys)(void *context, void *va);
-+
-+	void *(*phys_to_virt)(void *context, void *pa);
- };
- 
- /*
-@@ -87,6 +91,10 @@ RPC_CALLER_EXPORTED rpc_status_t rpc_caller_invoke(struct rpc_caller *s, rpc_cal
-  */
- RPC_CALLER_EXPORTED void rpc_caller_end(struct rpc_caller *s, rpc_call_handle handle);
- 
-+RPC_CALLER_EXPORTED void *rpc_caller_virt_to_phys(struct rpc_caller *s, void *va);
-+
-+RPC_CALLER_EXPORTED void *rpc_caller_phys_to_virt(struct rpc_caller *s, void *pa);
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/components/rpc/openamp/caller/sp/component.cmake b/components/rpc/openamp/caller/sp/component.cmake
-new file mode 100644
-index 000000000000..fc919529d731
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/component.cmake
-@@ -0,0 +1,15 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2020, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+	message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+	"${CMAKE_CURRENT_LIST_DIR}/openamp_caller.c"
-+	"${CMAKE_CURRENT_LIST_DIR}/openamp_virtio.c"
-+	"${CMAKE_CURRENT_LIST_DIR}/openamp_mhu.c"
-+	)
-diff --git a/components/rpc/openamp/caller/sp/openamp_caller.c b/components/rpc/openamp/caller/sp/openamp_caller.c
-new file mode 100644
-index 000000000000..6cdfb756568f
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_caller.c
-@@ -0,0 +1,203 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <stddef.h>
-+#include <trace.h>
-+#include "openamp_caller.h"
-+#include "openamp_mhu.h"
-+#include "openamp_virtio.h"
-+#include <protocols/rpc/common/packed-c/status.h>
-+
-+#define OPENAMP_TRANSACTION_IDLE	0x0
-+#define OPENAMP_TRANSACTION_INPROGRESS	0x1
-+#define OPENAMP_TRANSACTION_INVOKED	0x2
-+
-+static rpc_call_handle openamp_call_begin(void *context, uint8_t **req_buf,
-+					  size_t req_len)
-+{
-+	struct openamp_caller *openamp = context;
-+	const struct openamp_platform_ops *ops = openamp->platform_ops;
-+	rpc_call_handle handle;
-+	int ret;
-+
-+	if (!req_buf) {
-+		EMSG("openamp: call_begin: not req_buf");
-+		return NULL;
-+	}
-+
-+	if (req_len > UINT32_MAX || req_len == 0) {
-+		EMSG("openamp: call_begin: resp_len invalid: %lu", req_len);
-+		return NULL;
-+	}
-+
-+	if (openamp->status != OPENAMP_TRANSACTION_IDLE) {
-+		EMSG("openamp: call_begin: transaction not idle");
-+		return NULL;
-+	}
-+
-+	ret = ops->platform_call_begin(openamp, req_buf, req_len);
-+	if (ret < 0) {
-+		EMSG("openamp: call_begin: platform begin failed: %d", ret);
-+		return NULL;
-+	}
-+
-+	openamp->status = OPENAMP_TRANSACTION_INPROGRESS;
-+	handle = openamp;
-+
-+	return handle;
-+}
-+
-+static rpc_status_t openamp_call_invoke(void *context, rpc_call_handle handle,
-+					uint32_t opcode, int *opstatus,
-+					uint8_t **resp_buf, size_t *resp_len)
-+{
-+	struct openamp_caller *openamp = context;
-+	const struct openamp_platform_ops *ops = openamp->platform_ops;
-+	rpc_status_t status;
-+	int ret;
-+
-+	(void)opcode;
-+
-+	if ((handle != openamp) || !opstatus || !resp_buf || !resp_len) {
-+		EMSG("openamp: call_invoke: invalid arguments");
-+		return TS_RPC_ERROR_INVALID_PARAMETER;
-+	}
-+
-+	if (openamp->status != OPENAMP_TRANSACTION_INPROGRESS) {
-+		EMSG("openamp: call_invoke: transaction needed to be started");
-+		return TS_RPC_ERROR_NOT_READY;
-+	}
-+
-+	ret = ops->platform_call_invoke(openamp, opstatus, resp_buf, resp_len);
-+	if (ret < 0)
-+		return TS_RPC_ERROR_INTERNAL;
-+
-+	openamp->status = OPENAMP_TRANSACTION_INVOKED;
-+	*opstatus = 0;
-+
-+	return TS_RPC_CALL_ACCEPTED;
-+}
-+
-+static void openamp_call_end(void *context, rpc_call_handle handle)
-+{
-+	struct openamp_caller *openamp = context;
-+	const struct openamp_platform_ops *ops = openamp->platform_ops;
-+
-+	if (handle != openamp) {
-+		EMSG("openamp: call_end: invalid arguments");
-+		return;
-+	}
-+
-+	if (openamp->status == OPENAMP_TRANSACTION_IDLE) {
-+		EMSG("openamp: call_end: transaction idle");
-+		return;
-+	}
-+
-+	ops->platform_call_end(openamp);
-+
-+	openamp->status = OPENAMP_TRANSACTION_IDLE;
-+}
-+
-+static void *openamp_virt_to_phys(void *context, void *va)
-+{
-+	struct openamp_caller *openamp = context;
-+	const struct openamp_platform_ops *ops = openamp->platform_ops;
-+
-+	return ops->platform_virt_to_phys(openamp, va);
-+}
-+
-+static void *openamp_phys_to_virt(void *context, void *pa)
-+{
-+	struct openamp_caller *openamp = context;
-+	const struct openamp_platform_ops *ops = openamp->platform_ops;
-+
-+	return ops->platform_phys_to_virt(openamp, pa);
-+}
-+
-+static int openamp_init(struct openamp_caller *openamp)
-+{
-+	const struct openamp_platform_ops *ops = openamp->platform_ops;
-+	int ret;
-+
-+	ret = ops->transport_init(openamp);
-+	if (ret < 0)
-+		return ret;
-+
-+	ret = ops->platform_init(openamp);
-+	if (ret < 0)
-+		goto denit_transport;
-+
-+	return 0;
-+
-+denit_transport:
-+	ops->transport_deinit(openamp);
-+
-+	return ret;
-+}
-+
-+static const struct openamp_platform_ops openamp_virtio_ops = {
-+	.transport_init = openamp_mhu_init,
-+	.transport_deinit = openamp_mhu_deinit,
-+	.transport_notify = openamp_mhu_notify_peer,
-+	.transport_receive = openamp_mhu_receive,
-+	.platform_init = openamp_virtio_init,
-+	.platform_call_begin = openamp_virtio_call_begin,
-+	.platform_call_invoke = openamp_virtio_call_invoke,
-+	.platform_call_end = openamp_virtio_call_end,
-+	.platform_virt_to_phys = openamp_virtio_virt_to_phys,
-+	.platform_phys_to_virt = openamp_virtio_phys_to_virt,
-+};
-+
-+struct rpc_caller *openamp_caller_init(struct openamp_caller *openamp)
-+{
-+	struct rpc_caller *rpc = &openamp->rpc_caller;
-+	int ret;
-+
-+	if (openamp->ref_count)
-+		return rpc;
-+
-+	rpc_caller_init(rpc, openamp);
-+
-+	rpc->call_begin = openamp_call_begin;
-+	rpc->call_invoke = openamp_call_invoke;
-+	rpc->call_end = openamp_call_end;
-+	rpc->virt_to_phys = openamp_virt_to_phys;
-+	rpc->phys_to_virt = openamp_phys_to_virt;
-+	openamp->platform_ops = &openamp_virtio_ops;
-+
-+	ret = openamp_init(openamp);
-+	if (ret < 0) {
-+		EMSG("openamp_init: failed to start: %d", ret);
-+		return rpc;
-+	}
-+	openamp->ref_count++;
-+
-+	return rpc;
-+}
-+
-+void openamp_caller_deinit(struct openamp_caller *openamp)
-+{
-+	struct rpc_caller *rpc = &openamp->rpc_caller;
-+
-+	if (--openamp->ref_count)
-+		return;
-+
-+	rpc->context = NULL;
-+	rpc->call_begin = NULL;
-+	rpc->call_invoke = NULL;
-+	rpc->call_end = NULL;
-+}
-+
-+int openamp_caller_discover(struct openamp_caller *openamp)
-+{
-+	return openamp_init(openamp);
-+}
-+
-+int openamp_caller_open(struct openamp_caller *openamp)
-+{
-+
-+}
-diff --git a/components/rpc/openamp/caller/sp/openamp_caller.h b/components/rpc/openamp/caller/sp/openamp_caller.h
-new file mode 100644
-index 000000000000..3fb67c56cc53
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_caller.h
-@@ -0,0 +1,43 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+#ifndef OPENAMP_CALLER_H
-+#define OPENAMP_CALLER_H
-+
-+#include <stddef.h>
-+#include <rpc_caller.h>
-+
-+struct openamp_caller {
-+	struct rpc_caller rpc_caller;
-+	const struct openamp_platform_ops *platform_ops;
-+	uint32_t ref_count;
-+	uint8_t status;
-+
-+	void *transport;
-+	void *platform;
-+};
-+
-+struct openamp_platform_ops {
-+	int (*transport_init)(struct openamp_caller *openamp);
-+	int (*transport_deinit)(struct openamp_caller *openamp);
-+	int (*transport_notify)(struct openamp_caller *openamp);
-+	int (*transport_receive)(struct openamp_caller *openamp);
-+	int (*platform_init)(struct openamp_caller *openamp);
-+	int (*platform_deinit)(struct openamp_caller *openamp);
-+	int (*platform_call_begin)(struct openamp_caller *openamp,
-+				   uint8_t **req_buf, size_t req_len);
-+	int (*platform_call_invoke)(struct openamp_caller *openamp,
-+				    int *opstatus, uint8_t **resp_buf,
-+				    size_t *resp_len);
-+	int (*platform_call_end)(struct openamp_caller *openamp);
-+	void *(*platform_virt_to_phys)(struct openamp_caller *openamp, void *va);
-+	void *(*platform_phys_to_virt)(struct openamp_caller *openamp, void *pa);
-+};
-+
-+struct rpc_caller *openamp_caller_init(struct openamp_caller *openamp);
-+void openamp_caller_deinit(struct openamp_caller *openamp);
-+
-+#endif
-diff --git a/components/rpc/openamp/caller/sp/openamp_mhu.c b/components/rpc/openamp/caller/sp/openamp_mhu.c
-new file mode 100644
-index 000000000000..ffdadaf870a3
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_mhu.c
-@@ -0,0 +1,191 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <config/interface/config_store.h>
-+#include <config/interface/config_blob.h>
-+#include <platform/interface/device_region.h>
-+#include <platform/drivers/arm/mhu_driver/mhu_v2.h>
-+#include <trace.h>
-+#include <errno.h>
-+#include <stdlib.h>
-+#include <stdint.h>
-+#include <stddef.h>
-+#include <limits.h>
-+
-+#include "openamp_caller.h"
-+
-+#define MHU_V_2_NOTIFY_CHANNEL	0
-+#define MHU_V_2_NOTIFY_VALUE	0xff
-+
-+struct openamp_mhu {
-+	struct device_region rx_region;
-+	struct device_region tx_region;
-+	struct mhu_v2_x_dev_t rx_dev;
-+	struct mhu_v2_x_dev_t tx_dev;
-+};
-+
-+static int openamp_mhu_device_get(const char *dev,
-+				  struct device_region *dev_region)
-+{
-+	bool found;
-+
-+	found = config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION, dev, 0,
-+				   dev_region, sizeof(*dev_region));
-+	if (!found)
-+		return -EINVAL;
-+
-+	if (!dev_region->base_addr)
-+		return -EINVAL;
-+
-+	IMSG("mhu: device region found: %s addr: 0x%x size: %d", dev,
-+	     dev_region->base_addr, dev_region->io_region_size);
-+
-+	return 0;
-+}
-+
-+int openamp_mhu_receive(struct openamp_caller *openamp)
-+{
-+	struct mhu_v2_x_dev_t *rx_dev;
-+	enum mhu_v2_x_error_t ret;
-+	struct openamp_mhu *mhu;
-+	uint32_t channel = 0;
-+	uint32_t irq_status;
-+
-+	if (!openamp->transport) {
-+		EMSG("openamp: mhu: receive transport not initialized");
-+		return -EINVAL;
-+	}
-+
-+	mhu = openamp->transport;
-+	rx_dev = &mhu->rx_dev;
-+
-+	irq_status = 0;
-+
-+	do {
-+		irq_status = mhu_v2_x_get_interrupt_status(rx_dev);
-+	} while(!irq_status);
-+
-+	ret = mhu_v2_1_get_ch_interrupt_num(rx_dev, &channel);
-+
-+	ret = mhu_v2_x_channel_clear(rx_dev, channel);
-+	if (ret != MHU_V_2_X_ERR_NONE) {
-+		EMSG("openamp: mhu: failed to clear channel: %d", channel);
-+		return -EPROTO;
-+	}
-+
-+	return 0;
-+}
-+
-+int openamp_mhu_notify_peer(struct openamp_caller *openamp)
-+{
-+	struct mhu_v2_x_dev_t *tx_dev;
-+	enum mhu_v2_x_error_t ret;
-+	struct openamp_mhu *mhu;
-+	uint32_t access_ready;
-+
-+	if (!openamp->transport) {
-+		EMSG("openamp: mhu: notify transport not initialized");
-+		return -EINVAL;
-+	}
-+
-+	mhu = openamp->transport;
-+	tx_dev = &mhu->tx_dev;
-+
-+	ret = mhu_v2_x_set_access_request(tx_dev);
-+	if (ret != MHU_V_2_X_ERR_NONE) {
-+		EMSG("openamp: mhu: set access request failed");
-+		return -EPROTO;
-+	}
-+
-+	do {
-+		ret = mhu_v2_x_get_access_ready(tx_dev, &access_ready);
-+		if (ret != MHU_V_2_X_ERR_NONE) {
-+			EMSG("openamp: mhu: failed to get access_ready");
-+			return -EPROTO;
-+		}
-+	} while (!access_ready);
-+
-+	ret = mhu_v2_x_channel_send(tx_dev, MHU_V_2_NOTIFY_CHANNEL,
-+				    MHU_V_2_NOTIFY_VALUE);
-+	if (ret != MHU_V_2_X_ERR_NONE) {
-+		EMSG("openamp: mhu: failed send over channel");
-+		return -EPROTO;
-+	}
-+
-+	ret = mhu_v2_x_reset_access_request(tx_dev);
-+	if (ret != MHU_V_2_X_ERR_NONE) {
-+		EMSG("openamp: mhu: failed reset access request");
-+		return -EPROTO;
-+	}
-+
-+	return 0;
-+}
-+
-+int openamp_mhu_init(struct openamp_caller *openamp)
-+{
-+	struct mhu_v2_x_dev_t *rx_dev;
-+	struct mhu_v2_x_dev_t *tx_dev;
-+	struct openamp_mhu *mhu;
-+	int ret;
-+
-+	/* if we already have initialized skip this */
-+	if (openamp->transport)
-+		return 0;
-+
-+	mhu = malloc(sizeof(*mhu));
-+	if (!mhu)
-+		return -1;
-+
-+	ret = openamp_mhu_device_get("mhu-sender", &mhu->tx_region);
-+	if (ret < 0)
-+		goto free_mhu;
-+
-+	ret = openamp_mhu_device_get("mhu-receiver", &mhu->rx_region);
-+	if (ret < 0)
-+		goto free_mhu;
-+
-+	rx_dev = &mhu->rx_dev;
-+	tx_dev = &mhu->tx_dev;
-+
-+	rx_dev->base =  (unsigned int)mhu->rx_region.base_addr;
-+	rx_dev->frame = MHU_V2_X_RECEIVER_FRAME;
-+
-+	tx_dev->base =  (unsigned int)mhu->tx_region.base_addr;
-+	tx_dev->frame = MHU_V2_X_SENDER_FRAME;
-+
-+	ret = mhu_v2_x_driver_init(rx_dev, MHU_REV_READ_FROM_HW);
-+	if (ret < 0)
-+		goto free_mhu;
-+
-+	ret = mhu_v2_x_driver_init(tx_dev, MHU_REV_READ_FROM_HW);
-+	if (ret < 0)
-+		goto free_mhu;
-+
-+	openamp->transport = (void *)mhu;
-+
-+	return 0;
-+
-+free_mhu:
-+	free(mhu);
-+
-+	return ret;
-+}
-+
-+int openamp_mhu_deinit(struct openamp_caller *openamp)
-+{
-+	struct openamp_mhu *mhu;
-+
-+	if (!openamp->transport)
-+		return 0;
-+
-+	mhu = openamp->transport;
-+	free(mhu);
-+
-+	openamp->transport = NULL;
-+
-+	return 0;
-+}
-diff --git a/components/rpc/openamp/caller/sp/openamp_mhu.h b/components/rpc/openamp/caller/sp/openamp_mhu.h
-new file mode 100644
-index 000000000000..2ae5cb8ee1c6
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_mhu.h
-@@ -0,0 +1,19 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+#ifndef OPENAMP_MHU_H
-+#define OPENAMP_MHU_H
-+
-+#include <stddef.h>
-+#include "openamp_caller.h"
-+
-+int openamp_mhu_init(struct openamp_caller *openamp);
-+int openamp_mhu_deinit(struct openamp_caller *openamp);
-+
-+int openamp_mhu_notify_peer(struct openamp_caller *openamp);
-+int openamp_mhu_receive(struct openamp_caller *openamp);
-+
-+#endif
-diff --git a/components/rpc/openamp/caller/sp/openamp_virtio.c b/components/rpc/openamp/caller/sp/openamp_virtio.c
-new file mode 100644
-index 000000000000..b7c1aa929111
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_virtio.c
-@@ -0,0 +1,555 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <metal/device.h>
-+#include <metal/spinlock.h>
-+#include <openamp/open_amp.h>
-+#include <platform/interface/device_region.h>
-+#include <config/interface/config_store.h>
-+
-+#include <stddef.h>
-+#include <trace.h>
-+#include "openamp_caller.h"
-+
-+#define OPENAMP_SHEM_DEVICE_NAME "openamp-virtio"
-+#define OPENAMP_RPMSG_ENDPOINT_NAME OPENAMP_SHEM_DEVICE_NAME
-+#define OPENAMP_RPMSG_ENDPOINT_ADDR 1024
-+
-+#define OPENAMP_SHEM_PHYS 0x88000000
-+#define OPENAMP_SHEM_PHYS_PAGES 1
-+#define OPENAMP_SHEM_SE_PHYS 0xa8000000
-+
-+#define OPENAMP_SHEM_VDEV_SIZE (4 * 1024)
-+#define OPENAMP_SHEM_VRING_SIZE (4 * 1024)
-+
-+#define OPENAMP_BUFFER_NO_WAIT  0
-+#define OPENAMP_BUFFER_WAIT     1
-+
-+#define VIRTQUEUE_NR            2
-+#define VQ_TX                   0
-+#define VQ_RX                   1
-+
-+#define VRING_DESCRIPTORS       16
-+#define VRING_ALIGN             4
-+
-+#define container_of(ptr, type, member) \
-+	((type *)((char *)(ptr) - (unsigned long)(&((type *)0)->member)))
-+
-+struct openamp_virtio_shm {
-+	uintptr_t base_addr;
-+	size_t size;
-+	uintptr_t vdev_status;
-+	size_t vdev_status_size;
-+	uintptr_t payload_addr;
-+	size_t payload_size;
-+	uintptr_t vring_tx;
-+	size_t vring_tx_size;
-+	uintptr_t vring_rx;
-+	size_t vring_rx_size;
-+
-+	metal_phys_addr_t shm_physmap[OPENAMP_SHEM_PHYS_PAGES];
-+};
-+
-+struct openamp_virtio_metal {
-+	struct metal_spinlock lock;
-+	struct metal_device shm_dev;
-+	struct metal_device *io_dev;
-+
-+	struct metal_io_region *io;
-+	struct openamp_virtio_shm shm;
-+};
-+
-+struct openamp_virtio_device {
-+	struct virtio_device virtio_dev;
-+	struct virtqueue *vq[VIRTQUEUE_NR];
-+	struct virtio_vring_info rvrings[VIRTQUEUE_NR];
-+};
-+
-+struct openamp_virtio_rpmsg {
-+	struct rpmsg_virtio_device rpmsg_vdev;
-+	struct rpmsg_endpoint ep;
-+	uint8_t *req_buf;
-+	uint32_t req_len;
-+	uint8_t *resp_buf;
-+	size_t resp_len;
-+};
-+
-+struct openamp_virtio {
-+	struct openamp_caller *openamp;
-+	struct openamp_virtio_rpmsg rpmsg;
-+	struct openamp_virtio_device vdev;
-+	struct openamp_virtio_metal metal;
-+};
-+
-+static struct openamp_virtio *openamp_virtio_from_dev(struct virtio_device *vdev)
-+{
-+	struct openamp_virtio_device *openamp_vdev;
-+
-+	openamp_vdev = container_of(vdev, struct openamp_virtio_device,
-+			    virtio_dev);
-+
-+	return container_of(openamp_vdev, struct openamp_virtio, vdev);
-+}
-+
-+static struct openamp_virtio_rpmsg *openamp_virtio_rpmsg_from_dev(struct rpmsg_device *rdev)
-+{
-+	struct rpmsg_virtio_device *rvdev;
-+
-+	rvdev = container_of(rdev, struct rpmsg_virtio_device, rdev);
-+
-+	return container_of(rvdev, struct openamp_virtio_rpmsg, rpmsg_vdev);
-+
-+}
-+
-+static void openamp_virtio_metal_device_setup(struct metal_device *shm_dev,
-+					      struct openamp_virtio_shm *shm)
-+{
-+	struct metal_io_region *shm_region;
-+
-+	shm_region = &shm_dev->regions[0];
-+
-+	shm_dev->name = OPENAMP_SHEM_DEVICE_NAME;
-+	shm_dev->num_regions = 1;
-+
-+	shm_region->virt = (void *)shm->payload_addr;
-+	shm_region->size = shm->payload_size;
-+
-+	shm_region->physmap = &shm->shm_physmap;
-+	shm_region->page_shift = (metal_phys_addr_t)(-1);
-+	shm_region->page_mask = (metal_phys_addr_t)(-1);
-+}
-+
-+static int openamp_virtio_metal_init(struct openamp_virtio_metal *metal)
-+{
-+	struct metal_init_params params = METAL_INIT_DEFAULTS;
-+	struct metal_device *shm_dev = &metal->shm_dev;
-+	int ret;
-+
-+	openamp_virtio_metal_device_setup(shm_dev, &metal->shm);
-+
-+	metal_spinlock_init(&metal->lock);
-+
-+	ret = metal_init(&params);
-+	if (ret < 0)
-+		return ret;
-+
-+	ret = metal_register_generic_device(shm_dev);
-+	if (ret < 0)
-+		goto metal_finish;
-+
-+	ret = metal_device_open("generic", OPENAMP_SHEM_DEVICE_NAME,
-+				&metal->io_dev);
-+	if (ret < 0)
-+		goto metal_finish;
-+
-+	metal->io = metal_device_io_region(metal->io_dev, 0);
-+	if (!metal->io) {
-+		EMSG("openamp: virtio: failed to init metal io");
-+		ret = -EPROTO;
-+		goto metal_finish;
-+	}
-+
-+	return 0;
-+
-+metal_finish:
-+	metal_finish();
-+	return ret;
-+}
-+
-+static unsigned char openamp_virtio_status_get(struct virtio_device *vdev)
-+{
-+	struct openamp_virtio *virtio = openamp_virtio_from_dev(vdev);
-+	struct openamp_virtio_shm *shm = &virtio->metal.shm;
-+
-+	uint32_t status = *(volatile uint32_t *)shm->vdev_status;
-+
-+	return status;
-+}
-+
-+static void openamp_virtio_status_set(struct virtio_device *vdev,
-+				      unsigned char status)
-+{
-+	struct openamp_virtio *virtio = openamp_virtio_from_dev(vdev);
-+	struct openamp_virtio_shm *shm = &virtio->metal.shm;
-+
-+	*(volatile uint32_t *)shm->vdev_status = status;
-+}
-+
-+static int count;
-+
-+static uint32_t openamp_virtio_features_get(struct virtio_device *vdev)
-+{
-+	return 1 << VIRTIO_RPMSG_F_NS;
-+}
-+
-+static void openamp_virtio_notify(struct virtqueue *vq)
-+{
-+	struct openamp_virtio_device *openamp_vdev;
-+	struct openamp_caller *openamp;
-+	struct openamp_virtio *virtio;
-+	int ret;
-+
-+	openamp_vdev = container_of(vq->vq_dev, struct openamp_virtio_device, virtio_dev);
-+	virtio = container_of(openamp_vdev, struct openamp_virtio, vdev);
-+	openamp = virtio->openamp;
-+
-+	ret = openamp->platform_ops->transport_notify(openamp);
-+	if (ret < 0)
-+		EMSG("openamp: virtio: erro in transport_notify: %d", ret);
-+}
-+
-+const static struct virtio_dispatch openamp_virtio_dispatch = {
-+	.get_status = openamp_virtio_status_get,
-+	.set_status = openamp_virtio_status_set,
-+	.get_features = openamp_virtio_features_get,
-+	.notify = openamp_virtio_notify,
-+};
-+
-+static int openamp_virtio_device_setup(struct openamp_virtio *virtio)
-+{
-+	struct openamp_virtio_metal *metal = &virtio->metal;
-+	struct openamp_virtio_device *openamp_vdev = &virtio->vdev;
-+	struct virtio_device *vdev = &openamp_vdev->virtio_dev;
-+	struct openamp_virtio_shm *shm = &metal->shm;
-+	struct virtio_vring_info *rvring;
-+
-+	rvring = &openamp_vdev->rvrings[0];
-+
-+	vdev->role = RPMSG_REMOTE;
-+	vdev->vrings_num = VIRTQUEUE_NR;
-+	vdev->func = &openamp_virtio_dispatch;
-+
-+	openamp_vdev->vq[VQ_TX] = virtqueue_allocate(VRING_DESCRIPTORS);
-+	if (!openamp_vdev->vq[VQ_TX]) {
-+		EMSG("openamp: virtio: failed to allocate virtqueue 0");
-+		return -ENOMEM;
-+	}
-+	rvring->io = metal->io;
-+	rvring->info.vaddr = (void *)shm->vring_tx;
-+	rvring->info.num_descs = VRING_DESCRIPTORS;
-+	rvring->info.align = VRING_ALIGN;
-+	rvring->vq = openamp_vdev->vq[VQ_TX];
-+
-+	openamp_vdev->vq[VQ_RX] = virtqueue_allocate(VRING_DESCRIPTORS);
-+	if (!openamp_vdev->vq[VQ_RX]) {
-+		EMSG("openamp: virtio: failed to allocate virtqueue 1");
-+		goto free_vq;
-+	}
-+	rvring = &openamp_vdev->rvrings[VQ_RX];
-+	rvring->io = metal->io;
-+	rvring->info.vaddr = (void *)shm->vring_rx;
-+	rvring->info.num_descs = VRING_DESCRIPTORS;
-+	rvring->info.align = VRING_ALIGN;
-+	rvring->vq = openamp_vdev->vq[VQ_RX];
-+
-+	vdev->vrings_info = &openamp_vdev->rvrings[0];
-+
-+	return 0;
-+
-+free_vq:
-+	virtqueue_free(openamp_vdev->vq[VQ_TX]);
-+	virtqueue_free(openamp_vdev->vq[VQ_RX]);
-+
-+	return -ENOMEM;
-+}
-+
-+static int openamp_virtio_rpmsg_endpoint_callback(struct rpmsg_endpoint *ep,
-+						  void *data, size_t len,
-+						  uint32_t src, void *priv)
-+{
-+	struct openamp_virtio_rpmsg *vrpmsg;
-+	struct rpmsg_device *rdev;
-+	struct openamp_virtio *virtio;
-+
-+	rdev = ep->rdev;
-+	vrpmsg = openamp_virtio_rpmsg_from_dev(rdev);
-+	virtio = container_of(vrpmsg, struct openamp_virtio, rpmsg);
-+
-+	rpmsg_hold_rx_buffer(ep, data);
-+	vrpmsg->resp_buf = data;
-+	vrpmsg->resp_len = len;
-+
-+	return 0;
-+}
-+
-+static void openamp_virtio_rpmsg_service_unbind(struct rpmsg_endpoint *ep)
-+{
-+	struct openamp_virtio_rpmsg *vrpmsg;
-+	struct rpmsg_device *rdev;
-+
-+	rdev = container_of(ep, struct rpmsg_device, ns_ept);
-+	vrpmsg = openamp_virtio_rpmsg_from_dev(rdev);
-+
-+	rpmsg_destroy_ept(&vrpmsg->ep);
-+}
-+
-+static void openamp_virtio_rpmsg_endpoint_bind(struct rpmsg_device *rdev,
-+					       const char *name,
-+					       unsigned int dest)
-+{
-+	struct openamp_virtio_rpmsg *vrpmsg;
-+
-+	vrpmsg = openamp_virtio_rpmsg_from_dev(rdev);
-+
-+	rpmsg_create_ept(&vrpmsg->ep, rdev, name, RPMSG_ADDR_ANY, dest,
-+			 openamp_virtio_rpmsg_endpoint_callback,
-+			 openamp_virtio_rpmsg_service_unbind);
-+}
-+
-+static int openamp_virtio_rpmsg_device_setup(struct openamp_virtio *virtio,
-+					     struct device_region *virtio_dev)
-+{
-+	struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg;
-+	struct rpmsg_virtio_device *rpmsg_vdev = &vrpmsg->rpmsg_vdev;
-+	struct openamp_virtio_device *openamp_vdev = &virtio->vdev;
-+	struct virtio_device *vdev = &openamp_vdev->virtio_dev;
-+	struct openamp_virtio_metal *metal = &virtio->metal;
-+	int ret;
-+
-+	/*
-+	 * we assume here that we are the client side and do not need to
-+	 * initialize the share memory poll (this is done at server side).
-+	 */
-+	ret = rpmsg_init_vdev(rpmsg_vdev, vdev,
-+			      openamp_virtio_rpmsg_endpoint_bind, metal->io,
-+			      NULL);
-+	if (ret < 0) {
-+		EMSG("openamp: virtio: init vdev failed: %d", ret);
-+		return ret;
-+	}
-+
-+
-+	ret = rpmsg_create_ept(&vrpmsg->ep, &rpmsg_vdev->rdev,
-+			       OPENAMP_RPMSG_ENDPOINT_NAME, RPMSG_ADDR_ANY,
-+			       RPMSG_ADDR_ANY,
-+			       openamp_virtio_rpmsg_endpoint_callback,
-+			       openamp_virtio_rpmsg_service_unbind);
-+	if (ret < 0) {
-+		EMSG("openamp: virtio: failed to create endpoint: %d", ret);
-+		return ret;
-+	}
-+
-+	/* set default remote addr */
-+	vrpmsg->ep.dest_addr = OPENAMP_RPMSG_ENDPOINT_ADDR;
-+
-+	return 0;
-+}
-+
-+static void openamp_virtio_shm_set(struct openamp_virtio *virtio,
-+				   struct device_region *virtio_region)
-+{
-+	struct openamp_virtio_shm *shm = &virtio->metal.shm;
-+
-+	shm->base_addr = virtio_region->base_addr;
-+	shm->size = virtio_region->io_region_size;
-+
-+	shm->vdev_status = shm->base_addr;
-+	shm->vdev_status_size = OPENAMP_SHEM_VDEV_SIZE;
-+
-+	shm->vring_rx = shm->base_addr + shm->size -
-+		(2 * OPENAMP_SHEM_VRING_SIZE);
-+	shm->vring_rx_size = OPENAMP_SHEM_VRING_SIZE;
-+
-+	shm->vring_tx = shm->vring_rx + shm->vring_rx_size;
-+	shm->vring_tx_size = OPENAMP_SHEM_VRING_SIZE;
-+
-+	shm->payload_addr = shm->vdev_status + shm->vdev_status_size;
-+	shm->payload_size = shm->size - shm->vdev_status_size -
-+		shm->vring_rx_size - shm->vring_tx_size;
-+
-+	shm->shm_physmap[0] = OPENAMP_SHEM_PHYS + shm->vdev_status_size;
-+
-+	IMSG("SHEM: base: 0x%0x size: 0x%0x size: %d",
-+	     shm->base_addr, shm->size, shm->size);
-+	IMSG("VDEV: base: 0x%0x size: 0x%0x size: %d",
-+	     shm->vdev_status, shm->vdev_status_size, shm->vdev_status_size);
-+	IMSG("PAYLOAD: base: 0x%0x size: 0x%0x size: %d",
-+	     shm->payload_addr, shm->payload_size, shm->payload_size);
-+	IMSG("VRING_TX: base: 0x%0x size: 0x%0x size: %d",
-+	     shm->vring_tx, shm->vring_tx_size, shm->vring_tx_size);
-+	IMSG("VRING_RX: base: 0x%0x size: 0x%0x size: %d",
-+	     shm->vring_rx, shm->vring_rx_size, shm->vring_rx_size);
-+	IMSG("PHYMAP: base: 0x%0x", shm->shm_physmap[0]);
-+}
-+
-+static int openamp_virtio_device_get(const char *dev,
-+				     struct device_region *dev_region)
-+{
-+	bool found;
-+
-+	found = config_store_query(CONFIG_CLASSIFIER_DEVICE_REGION, dev, 0,
-+				   dev_region, sizeof(*dev_region));
-+	if (!found) {
-+		EMSG("openamp: virtio: device region not found: %s", dev);
-+		return -EINVAL;
-+	}
-+
-+	if (dev_region->base_addr == 0 || dev_region->io_region_size == 0) {
-+		EMSG("openamp: virtio: device region not valid");
-+		return -EINVAL;
-+	}
-+
-+	IMSG("openamp: virtio: device region found: %s addr: 0x%x size: %d",
-+	     dev, dev_region->base_addr, dev_region->io_region_size);
-+
-+	return  0;
-+}
-+
-+int openamp_virtio_call_begin(struct openamp_caller *openamp, uint8_t **req_buf,
-+			      size_t req_len)
-+{
-+	struct openamp_virtio *virtio = openamp->platform;
-+	struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg;
-+	struct rpmsg_endpoint *ep = &vrpmsg->ep;
-+
-+
-+	*req_buf = rpmsg_get_tx_payload_buffer(ep, &vrpmsg->req_len,
-+					       OPENAMP_BUFFER_WAIT);
-+	if (*req_buf == NULL)
-+		return -EINVAL;
-+
-+	if (vrpmsg->req_len < req_len)
-+		return -E2BIG;
-+
-+	vrpmsg->req_buf = *req_buf;
-+
-+	return 0;
-+}
-+
-+int openamp_virtio_call_invoke(struct openamp_caller *openamp, int *opstatus,
-+			       uint8_t **resp_buf, size_t *resp_len)
-+{
-+	const struct openamp_platform_ops *ops = openamp->platform_ops;
-+	struct openamp_virtio *virtio = openamp->platform;
-+	struct openamp_virtio_device *openamp_vdev = &virtio->vdev;
-+	struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg;
-+	struct rpmsg_endpoint *ep = &vrpmsg->ep;
-+	int ret;
-+
-+	ret = rpmsg_send_nocopy(ep, vrpmsg->req_buf, vrpmsg->req_len);
-+	if (ret < 0) {
-+		EMSG("openamp: virtio: send nocopy failed: %d", ret);
-+		return -EIO;
-+	}
-+
-+	if (ret != vrpmsg->req_len) {
-+		EMSG("openamp: virtio: send less bytes %d than requested %d",
-+		     ret, vrpmsg->req_len);
-+		return -EIO;
-+	}
-+
-+	if (!ops->transport_receive)
-+		return 0;
-+
-+	ret = ops->transport_receive(openamp);
-+	if (ret < 0) {
-+		EMSG("openamp: virtio: failed transport_receive");
-+		return -EIO;
-+	}
-+
-+	virtqueue_notification(openamp_vdev->vq[VQ_RX]);
-+
-+	*resp_buf = vrpmsg->resp_buf;
-+	*resp_len = vrpmsg->resp_len;
-+
-+	return  0;
-+}
-+
-+void openamp_virtio_call_end(struct openamp_caller *openamp)
-+{
-+	struct openamp_virtio *virtio = openamp->platform;
-+	struct openamp_virtio_rpmsg *vrpmsg = &virtio->rpmsg;
-+
-+	rpmsg_release_rx_buffer(&vrpmsg->ep, vrpmsg->resp_buf);
-+
-+	vrpmsg->req_buf = NULL;
-+	vrpmsg->req_len = 0;
-+	vrpmsg->resp_buf = NULL;
-+	vrpmsg->resp_len = 0;
-+}
-+
-+void *openamp_virtio_virt_to_phys(struct openamp_caller *openamp, void *va)
-+{
-+	struct openamp_virtio *virtio = openamp->platform;
-+	struct openamp_virtio_metal *metal = &virtio->metal;
-+
-+	return metal_io_virt_to_phys(metal->io, va);
-+}
-+
-+void *openamp_virtio_phys_to_virt(struct openamp_caller *openamp, void *pa)
-+{
-+	struct openamp_virtio *virtio = openamp->platform;
-+	struct openamp_virtio_metal *metal = &virtio->metal;
-+
-+	return metal_io_phys_to_virt(metal->io, pa);
-+}
-+
-+int openamp_virtio_init(struct openamp_caller *openamp)
-+{
-+	struct device_region virtio_dev;
-+	struct openamp_virtio *virtio;
-+	int ret;
-+
-+	if (openamp->platform)
-+		return 0;
-+
-+
-+	virtio = malloc(sizeof(*virtio));
-+	if (!virtio)
-+		return -ENOMEM;
-+
-+	virtio->openamp = openamp;
-+
-+	ret = openamp_virtio_device_get(OPENAMP_SHEM_DEVICE_NAME, &virtio_dev);
-+	if (ret < 0)
-+		goto free_virtio;
-+
-+	openamp_virtio_shm_set(virtio, &virtio_dev);
-+
-+	ret = openamp_virtio_metal_init(&virtio->metal);
-+	if (ret < 0)
-+		goto free_virtio;
-+
-+	ret = openamp_virtio_device_setup(virtio);
-+	if (ret < 0)
-+		goto finish_metal;
-+
-+	ret = openamp_virtio_rpmsg_device_setup(virtio, &virtio_dev);
-+	if (ret < 0) {
-+		EMSG("openamp: virtio: rpmsg device setup failed: %d", ret);
-+		goto finish_metal;
-+	}
-+
-+	openamp->platform = virtio;
-+
-+	return 0;
-+
-+finish_metal:
-+	metal_finish();
-+
-+free_virtio:
-+	free(virtio);
-+
-+	return ret;
-+}
-+
-+int openamp_virtio_deinit(struct openamp_caller *openamp)
-+{
-+	struct openamp_virtio *virtio;
-+
-+	if (!openamp->platform)
-+		return 0;
-+
-+	virtio = openamp->platform;
-+
-+	metal_finish();
-+	free(virtio);
-+
-+	openamp->platform = NULL;
-+
-+	return 0;
-+}
-diff --git a/components/rpc/openamp/caller/sp/openamp_virtio.h b/components/rpc/openamp/caller/sp/openamp_virtio.h
-new file mode 100644
-index 000000000000..915128ff65ce
---- /dev/null
-+++ b/components/rpc/openamp/caller/sp/openamp_virtio.h
-@@ -0,0 +1,24 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021, Linaro Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+#ifndef OPENAMP_VIRTIO_H
-+#define OPENAMP_VIRTIO_H
-+
-+#include <stddef.h>
-+#include "openamp_caller.h"
-+
-+int openamp_virtio_call_begin(struct openamp_caller *openamp, uint8_t **req_buf,
-+			      size_t req_len);
-+int openamp_virtio_call_invoke(struct openamp_caller *openamp, int *opstatus,
-+			       uint8_t **resp_buf, size_t *resp_len);
-+int openamp_virtio_call_end(struct openamp_caller *openamp);
-+void *openamp_virtio_virt_to_phys(struct openamp_caller *openamp, void *va);
-+void *openamp_virtio_phys_to_virt(struct openamp_caller *openamp, void *pa);
-+
-+int openamp_virtio_init(struct openamp_caller *openamp);
-+int openamp_virtio_deinit(struct openamp_caller *openamp);
-+
-+#endif
-diff --git a/deployments/se-proxy/opteesp/default_se-proxy.dts.in b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-index 267b4f923540..04c181586b06 100644
---- a/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-+++ b/deployments/se-proxy/opteesp/default_se-proxy.dts.in
-@@ -32,5 +32,11 @@
- 			pages-count = <16>;
- 			attributes = <0x3>; /* read-write */
- 		};
-+		openamp-virtio {
-+			/* Armv8 A Foundation Platform values */
-+			base-address = <0x00000000 0x88000000>;
-+			pages-count = <256>;
-+			attributes = <0x3>; /* read-write */
-+		};
- 	};
- };
-diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
-index d39873a0fe81..34fe5ff1b925 100644
---- a/deployments/se-proxy/se-proxy.cmake
-+++ b/deployments/se-proxy/se-proxy.cmake
-@@ -47,6 +47,7 @@ add_components(TARGET "se-proxy"
- 		"components/service/attestation/include"
- 		"components/service/attestation/provider"
- 		"components/service/attestation/provider/serializer/packed-c"
-+		"components/rpc/openamp/caller/sp"
- 
- 		# Stub service provider backends
- 		"components/rpc/dummy"
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch
similarity index 99%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch
index ce40df0f..3d743d28 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-FMP-Support-in-Corstone1000.patch
+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch
@@ -1,7 +1,7 @@ 
-From 70cf374fb55f2d62ecbe28049253df33b42b6749 Mon Sep 17 00:00:00 2001
+From 5c8ac10337ac853d8a82992fb6e1d91b122b99d2 Mon Sep 17 00:00:00 2001
 From: Satish Kumar <satish.kumar01@arm.com>
 Date: Fri, 8 Jul 2022 09:48:06 +0100
-Subject: [PATCH 20/20] FMP Support in Corstone1000.
+Subject: [PATCH 3/6] FMP Support in Corstone1000.
 
 The FMP support is used by u-boot to pupolate ESRT information
 for the kernel.
@@ -414,5 +414,5 @@  index 000000000000..95fba2a04d5c
 +
 +#endif /* CORSTONE1000_FMP_SERVICE_H */
 -- 
-2.38.1
+2.40.0
 
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch
similarity index 95%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch
index 7e65de86..628d8682 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch
+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch
@@ -1,24 +1,25 @@ 
-From ca7d37502f9453125aead14c7ee5181336cbe8f4 Mon Sep 17 00:00:00 2001
+From c294197b17358b20c75757b9a06d628f43cd7884 Mon Sep 17 00:00:00 2001
 From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
 Date: Thu, 9 Feb 2023 00:22:40 +0000
-Subject: [PATCH 1/3] TF-Mv1.7 alignment: Align PSA Crypto SIDs
+Subject: [PATCH 4/6] TF-Mv1.7 alignment: Align PSA Crypto SIDs
 
 This patch is to change the PSA Crypto SIDs to match the values of the
 PSA Crypto SID definitions in TF-M v1.7 running on the secure enclave
 
 Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
 Upstream-Status: Pending [Not submitted yet]
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
 ---
  .../service/common/include/psa/crypto_sid.h   | 241 ++++++++++++++++++
- components/service/common/include/psa/sid.h   |  78 +-----
+ components/service/common/include/psa/sid.h   |  76 +-----
  .../caller/psa_ipc/crypto_caller_sign_hash.h  |   4 +-
  .../psa_ipc/crypto_caller_verify_hash.h       |   4 +-
- 4 files changed, 249 insertions(+), 78 deletions(-)
+ 4 files changed, 248 insertions(+), 77 deletions(-)
  create mode 100644 components/service/common/include/psa/crypto_sid.h
 
 diff --git a/components/service/common/include/psa/crypto_sid.h b/components/service/common/include/psa/crypto_sid.h
 new file mode 100644
-index 00000000..5b05f46d
+index 000000000000..5b05f46d7d72
 --- /dev/null
 +++ b/components/service/common/include/psa/crypto_sid.h
 @@ -0,0 +1,241 @@
@@ -264,16 +265,9 @@  index 00000000..5b05f46d
 +
 +#endif /* __PSA_CRYPTO_SID_H__ */
 diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index 8103a9af..50ad070e 100644
+index 8e2c6bdf2919..5aaa659d49a0 100644
 --- a/components/service/common/include/psa/sid.h
 +++ b/components/service/common/include/psa/sid.h
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
-+ * Copyright (c) 2019-2023, Arm Limited. All rights reserved.
-  *
-  * SPDX-License-Identifier: BSD-3-Clause
-  *
 @@ -12,6 +12,9 @@
  extern "C" {
  #endif
@@ -284,9 +278,9 @@  index 8103a9af..50ad070e 100644
  /******** TFM_SP_PS ********/
  #define TFM_PROTECTED_STORAGE_SERVICE_SID                          (0x00000060U)
  #define TFM_PROTECTED_STORAGE_SERVICE_VERSION                      (1U)
-@@ -43,79 +46,6 @@ extern "C" {
- #define TFM_PLATFORM_SERVICE_HANDLE       (0x40000105U)
- 
+@@ -37,79 +40,6 @@ extern "C" {
+ #define TFM_CRYPTO_VERSION                                         (1U)
+ #define TFM_CRYPTO_HANDLE                                          (0x40000100U)
  
 -/**
 - * \brief Define a progressive numerical value for each SID which can be used
@@ -365,7 +359,7 @@  index 8103a9af..50ad070e 100644
  #define TFM_SP_PLATFORM_SYSTEM_RESET_SID                           (0x00000040U)
  #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION                       (1U)
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-index e4a2b167..9276748d 100644
+index 29bd56e60708..bebfe05c7c49 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
 @@ -37,7 +37,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex
@@ -387,7 +381,7 @@  index e4a2b167..9276748d 100644
  		.alg = alg,
  	};
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-index cc9279ee..bcd8e0e4 100644
+index 66281d588626..d0a3850678cb 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
 @@ -63,7 +63,7 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont
@@ -409,5 +403,5 @@  index cc9279ee..bcd8e0e4 100644
  
  #ifdef __cplusplus
 -- 
-2.25.1
+2.40.0
 
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch
deleted file mode 100644
index 84d418c1..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-add-psa-client-definitions-for-ff-m.patch
+++ /dev/null
@@ -1,298 +0,0 @@ 
-From fb6d2f33e26c7b6ef88d552feca1f835da3f0df6 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 19:05:18 +0000
-Subject: [PATCH 04/20] add psa client definitions for ff-m
-
-Add PSA client definitions in common include to add future
-ff-m support.
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../service/common/include/psa/client.h       | 194 ++++++++++++++++++
- components/service/common/include/psa/sid.h   |  71 +++++++
- 2 files changed, 265 insertions(+)
- create mode 100644 components/service/common/include/psa/client.h
- create mode 100644 components/service/common/include/psa/sid.h
-
-diff --git a/components/service/common/include/psa/client.h b/components/service/common/include/psa/client.h
-new file mode 100644
-index 000000000000..69ccf14f40a3
---- /dev/null
-+++ b/components/service/common/include/psa/client.h
-@@ -0,0 +1,194 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef SERVICE_PSA_IPC_H
-+#define SERVICE_PSA_IPC_H
-+
-+#include <stddef.h>
-+#include <stdint.h>
-+
-+#include <rpc_caller.h>
-+#include <psa/error.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+#ifndef IOVEC_LEN
-+#define IOVEC_LEN(arr) ((uint32_t)(sizeof(arr)/sizeof(arr[0])))
-+#endif
-+
-+/*********************** PSA Client Macros and Types *************************/
-+
-+typedef int32_t psa_handle_t;
-+
-+/**
-+ * The version of the PSA Framework API that is being used to build the calling
-+ * firmware. Only part of features of FF-M v1.1 have been implemented. FF-M v1.1
-+ * is compatible with v1.0.
-+ */
-+#define PSA_FRAMEWORK_VERSION       (0x0101u)
-+
-+/**
-+ * Return value from psa_version() if the requested RoT Service is not present
-+ * in the system.
-+ */
-+#define PSA_VERSION_NONE            (0u)
-+
-+/**
-+ * The zero-value null handle can be assigned to variables used in clients and
-+ * RoT Services, indicating that there is no current connection or message.
-+ */
-+#define PSA_NULL_HANDLE             ((psa_handle_t)0)
-+
-+/**
-+ * Tests whether a handle value returned by psa_connect() is valid.
-+ */
-+#define PSA_HANDLE_IS_VALID(handle) ((psa_handle_t)(handle) > 0)
-+
-+/**
-+ * Converts the handle value returned from a failed call psa_connect() into
-+ * an error code.
-+ */
-+#define PSA_HANDLE_TO_ERROR(handle) ((psa_status_t)(handle))
-+
-+/**
-+ * Maximum number of input and output vectors for a request to psa_call().
-+ */
-+#define PSA_MAX_IOVEC               (4u)
-+
-+/**
-+ * An IPC message type that indicates a generic client request.
-+ */
-+#define PSA_IPC_CALL                (0)
-+
-+/**
-+ * A read-only input memory region provided to an RoT Service.
-+ */
-+struct __attribute__ ((__packed__)) psa_invec {
-+    uint32_t base;           /*!< the start address of the memory buffer */
-+    uint32_t len;                 /*!< the size in bytes                      */
-+};
-+
-+/**
-+ * A writable output memory region provided to an RoT Service.
-+ */
-+struct __attribute__ ((__packed__)) psa_outvec {
-+    uint32_t base;                 /*!< the start address of the memory buffer */
-+    uint32_t len;                 /*!< the size in bytes                      */
-+};
-+
-+/*************************** PSA Client API **********************************/
-+
-+/**
-+ * \brief Retrieve the version of the PSA Framework API that is implemented.
-+ *
-+ * \param[in] rpc_caller        RPC caller to use
-+ * \return version              The version of the PSA Framework implementation
-+ *                              that is providing the runtime services to the
-+ *                              caller. The major and minor version are encoded
-+ *                              as follows:
-+ * \arg                           version[15:8] -- major version number.
-+ * \arg                           version[7:0]  -- minor version number.
-+ */
-+uint32_t psa_framework_version(struct rpc_caller *caller);
-+
-+/**
-+ * \brief Retrieve the version of an RoT Service or indicate that it is not
-+ *        present on this system.
-+ *
-+ * \param[in] rpc_caller        RPC caller to use
-+ * \param[in] sid               ID of the RoT Service to query.
-+ *
-+ * \retval PSA_VERSION_NONE     The RoT Service is not implemented, or the
-+ *                              caller is not permitted to access the service.
-+ * \retval > 0                  The version of the implemented RoT Service.
-+ */
-+uint32_t psa_version(struct rpc_caller *caller, uint32_t sid);
-+
-+/**
-+ * \brief Connect to an RoT Service by its SID.
-+ *
-+ * \param[in] rpc_caller        RPC caller to use
-+ * \param[in] sid               ID of the RoT Service to connect to.
-+ * \param[in] version           Requested version of the RoT Service.
-+ *
-+ * \retval > 0                  A handle for the connection.
-+ * \retval PSA_ERROR_CONNECTION_REFUSED The SPM or RoT Service has refused the
-+ *                              connection.
-+ * \retval PSA_ERROR_CONNECTION_BUSY The SPM or RoT Service cannot make the
-+ *                              connection at the moment.
-+ * \retval "PROGRAMMER ERROR"   The call is a PROGRAMMER ERROR if one or more
-+ *                              of the following are true:
-+ * \arg                           The RoT Service ID is not present.
-+ * \arg                           The RoT Service version is not supported.
-+ * \arg                           The caller is not allowed to access the RoT
-+ *                                service.
-+ */
-+psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
-+			 uint32_t version);
-+
-+/**
-+ * \brief Call an RoT Service on an established connection.
-+ *
-+ * \note  FF-M 1.0 proposes 6 parameters for psa_call but the secure gateway ABI
-+ *        support at most 4 parameters. TF-M chooses to encode 'in_len',
-+ *        'out_len', and 'type' into a 32-bit integer to improve efficiency.
-+ *        Compared with struct-based encoding, this method saves extra memory
-+ *        check and memory copy operation. The disadvantage is that the 'type'
-+ *        range has to be reduced into a 16-bit integer. So with this encoding,
-+ *        the valid range for 'type' is 0-32767.
-+ *
-+ * \param[in] rpc_caller        RPC caller to use
-+ * \param[in] handle            A handle to an established connection.
-+ * \param[in] type              The request type.
-+ *                              Must be zero( \ref PSA_IPC_CALL) or positive.
-+ * \param[in] in_vec            Array of input \ref psa_invec structures.
-+ * \param[in] in_len            Number of input \ref psa_invec structures.
-+ * \param[in,out] out_vec       Array of output \ref psa_outvec structures.
-+ * \param[in] out_len           Number of output \ref psa_outvec structures.
-+ *
-+ * \retval >=0                  RoT Service-specific status value.
-+ * \retval <0                   RoT Service-specific error code.
-+ * \retval PSA_ERROR_PROGRAMMER_ERROR The connection has been terminated by the
-+ *                              RoT Service. The call is a PROGRAMMER ERROR if
-+ *                              one or more of the following are true:
-+ * \arg                           An invalid handle was passed.
-+ * \arg                           The connection is already handling a request.
-+ * \arg                           type < 0.
-+ * \arg                           An invalid memory reference was provided.
-+ * \arg                           in_len + out_len > PSA_MAX_IOVEC.
-+ * \arg                           The message is unrecognized by the RoT
-+ *                                Service or incorrectly formatted.
-+ */
-+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle,
-+		      int32_t type, const struct psa_invec *in_vec,
-+		      size_t in_len, struct psa_outvec *out_vec, size_t out_len);
-+
-+/**
-+ * \brief Close a connection to an RoT Service.
-+ *
-+ * \param[in] rpc_caller        RPC caller to use
-+ * \param[in] handle            A handle to an established connection, or the
-+ *                              null handle.
-+ *
-+ * \retval void                 Success.
-+ * \retval "PROGRAMMER ERROR"   The call is a PROGRAMMER ERROR if one or more
-+ *                              of the following are true:
-+ * \arg                           An invalid handle was provided that is not
-+ *                                the null handle.
-+ * \arg                           The connection is currently handling a
-+ *                                request.
-+ */
-+void psa_close(struct rpc_caller *caller, psa_handle_t handle);
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* SERVICE_PSA_IPC_H */
-+
-+
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-new file mode 100644
-index 000000000000..aaa973c6e987
---- /dev/null
-+++ b/components/service/common/include/psa/sid.h
-@@ -0,0 +1,71 @@
-+/*
-+ * Copyright (c) 2019-2021, Arm Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ *
-+ */
-+
-+#ifndef __PSA_MANIFEST_SID_H__
-+#define __PSA_MANIFEST_SID_H__
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/******** TFM_SP_PS ********/
-+#define TFM_PROTECTED_STORAGE_SERVICE_SID                          (0x00000060U)
-+#define TFM_PROTECTED_STORAGE_SERVICE_VERSION                      (1U)
-+#define TFM_PROTECTED_STORAGE_SERVICE_HANDLE                       (0x40000101U)
-+
-+/* Invalid UID */
-+#define TFM_PS_INVALID_UID 0
-+
-+/* PS message types that distinguish PS services. */
-+#define TFM_PS_SET                1001
-+#define TFM_PS_GET                1002
-+#define TFM_PS_GET_INFO           1003
-+#define TFM_PS_REMOVE             1004
-+#define TFM_PS_GET_SUPPORT        1005
-+
-+/******** TFM_SP_ITS ********/
-+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SID                   (0x00000070U)
-+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_VERSION               (1U)
-+#define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE                (0x40000102U)
-+
-+/******** TFM_SP_CRYPTO ********/
-+#define TFM_CRYPTO_SID                                             (0x00000080U)
-+#define TFM_CRYPTO_VERSION                                         (1U)
-+#define TFM_CRYPTO_HANDLE                                          (0x40000100U)
-+
-+/******** TFM_SP_PLATFORM ********/
-+#define TFM_SP_PLATFORM_SYSTEM_RESET_SID                           (0x00000040U)
-+#define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION                       (1U)
-+#define TFM_SP_PLATFORM_IOCTL_SID                                  (0x00000041U)
-+#define TFM_SP_PLATFORM_IOCTL_VERSION                              (1U)
-+#define TFM_SP_PLATFORM_NV_COUNTER_SID                             (0x00000042U)
-+#define TFM_SP_PLATFORM_NV_COUNTER_VERSION                         (1U)
-+
-+/******** TFM_SP_INITIAL_ATTESTATION ********/
-+#define TFM_ATTESTATION_SERVICE_SID                                (0x00000020U)
-+#define TFM_ATTESTATION_SERVICE_VERSION                            (1U)
-+#define TFM_ATTESTATION_SERVICE_HANDLE                             (0x40000103U)
-+
-+/******** TFM_SP_FWU ********/
-+#define TFM_FWU_WRITE_SID                                          (0x000000A0U)
-+#define TFM_FWU_WRITE_VERSION                                      (1U)
-+#define TFM_FWU_INSTALL_SID                                        (0x000000A1U)
-+#define TFM_FWU_INSTALL_VERSION                                    (1U)
-+#define TFM_FWU_ABORT_SID                                          (0x000000A2U)
-+#define TFM_FWU_ABORT_VERSION                                      (1U)
-+#define TFM_FWU_QUERY_SID                                          (0x000000A3U)
-+#define TFM_FWU_QUERY_VERSION                                      (1U)
-+#define TFM_FWU_REQUEST_REBOOT_SID                                 (0x000000A4U)
-+#define TFM_FWU_REQUEST_REBOOT_VERSION                             (1U)
-+#define TFM_FWU_ACCEPT_SID                                         (0x000000A5U)
-+#define TFM_FWU_ACCEPT_VERSION                                     (1U)
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* __PSA_MANIFEST_SID_H__ */
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch
deleted file mode 100644
index df3cb2f4..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Add-common-service-component-to-ipc-support.patch
+++ /dev/null
@@ -1,295 +0,0 @@ 
-From 0311fc8f131fe7a2b0f4dd9988c610fda47394aa Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 19:13:03 +0000
-Subject: [PATCH 05/20] Add common service component to ipc support
-
-Add support for inter processor communication for PSA
-including, the openamp client side structures lib.
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../service/common/psa_ipc/component.cmake    |  13 ++
- .../service/common/psa_ipc/service_psa_ipc.c  |  97 +++++++++++++
- .../psa_ipc/service_psa_ipc_openamp_lib.h     | 131 ++++++++++++++++++
- deployments/se-proxy/se-proxy.cmake           |   1 +
- 4 files changed, 242 insertions(+)
- create mode 100644 components/service/common/psa_ipc/component.cmake
- create mode 100644 components/service/common/psa_ipc/service_psa_ipc.c
- create mode 100644 components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h
-
-diff --git a/components/service/common/psa_ipc/component.cmake b/components/service/common/psa_ipc/component.cmake
-new file mode 100644
-index 000000000000..5a1c9e62e2f0
---- /dev/null
-+++ b/components/service/common/psa_ipc/component.cmake
-@@ -0,0 +1,13 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+	message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+	"${CMAKE_CURRENT_LIST_DIR}/service_psa_ipc.c"
-+	)
-diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
-new file mode 100644
-index 000000000000..e8093c20a523
---- /dev/null
-+++ b/components/service/common/psa_ipc/service_psa_ipc.c
-@@ -0,0 +1,97 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <stddef.h>
-+#include <stdint.h>
-+#include <string.h>
-+#include <trace.h>
-+
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <psa/error.h>
-+#include <rpc_caller.h>
-+
-+#include <psa/client.h>
-+#include "service_psa_ipc_openamp_lib.h"
-+
-+psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
-+			 uint32_t version)
-+{
-+	psa_status_t psa_status = PSA_SUCCESS;
-+	struct s_openamp_msg *resp_msg = NULL;
-+	struct ns_openamp_msg *req_msg;
-+	rpc_call_handle rpc_handle;
-+	size_t resp_len;
-+	uint8_t *resp;
-+	uint8_t *req;
-+	int ret;
-+
-+	rpc_handle = rpc_caller_begin(caller, &req,
-+				      sizeof(struct ns_openamp_msg));
-+	if (!rpc_handle) {
-+		EMSG("psa_connect: could not get handle");
-+		return PSA_ERROR_GENERIC_ERROR;
-+	}
-+
-+	req_msg = (struct ns_openamp_msg *)req;
-+
-+	req_msg->call_type = OPENAMP_PSA_CONNECT;
-+	req_msg->params.psa_connect_params.sid = sid;
-+	req_msg->params.psa_connect_params.version = version;
-+
-+	ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
-+				&resp_len);
-+	if (ret != TS_RPC_CALL_ACCEPTED) {
-+		EMSG("psa_connect: invoke failed: %d", ret);
-+		return PSA_ERROR_GENERIC_ERROR;
-+	}
-+
-+	if (psa_status == PSA_SUCCESS)
-+		resp_msg = (struct s_openamp_msg *)resp;
-+
-+	rpc_caller_end(caller, rpc_handle);
-+
-+	return resp_msg ? (psa_handle_t)resp_msg->reply : PSA_NULL_HANDLE;
-+}
-+
-+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle,
-+		      int32_t type, const struct psa_invec *in_vec,
-+		      size_t in_len, struct psa_outvec *out_vec, size_t out_len)
-+{
-+
-+}
-+
-+void psa_close(struct rpc_caller *caller, psa_handle_t handle)
-+{
-+	psa_status_t psa_status = PSA_SUCCESS;
-+	struct s_openamp_msg *resp_msg = NULL;
-+	struct ns_openamp_msg *req_msg;
-+	rpc_call_handle rpc_handle;
-+	size_t resp_len;
-+	uint8_t *resp;
-+	uint8_t *req;
-+	int ret;
-+
-+	rpc_handle = rpc_caller_begin(caller, &req,
-+				      sizeof(struct ns_openamp_msg));
-+	if (!rpc_handle) {
-+		EMSG("psa_close: could not get handle");
-+		return;
-+	}
-+
-+	req_msg = (struct ns_openamp_msg *)req;
-+
-+	req_msg->call_type = OPENAMP_PSA_CLOSE;
-+	req_msg->params.psa_close_params.handle = handle;
-+
-+	ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
-+				&resp_len);
-+	if (ret != TS_RPC_CALL_ACCEPTED) {
-+		EMSG("psa_close: invoke failed: %d", ret);
-+		return;
-+	}
-+
-+	rpc_caller_end(caller, rpc_handle);
-+}
-diff --git a/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h b/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h
-new file mode 100644
-index 000000000000..33ea96660572
---- /dev/null
-+++ b/components/service/common/psa_ipc/service_psa_ipc_openamp_lib.h
-@@ -0,0 +1,131 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef SERVICE_PSA_IPC_OPENAMP_LIB_H
-+#define SERVICE_PSA_IPC_OPENAMP_LIB_H
-+
-+#include <stddef.h>
-+#include <stdint.h>
-+
-+#include <compiler.h>
-+#include <psa/error.h>
-+
-+#include <stdint.h>
-+#include <psa/client.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/* PSA client call type value */
-+#define OPENAMP_PSA_FRAMEWORK_VERSION       (0x1)
-+#define OPENAMP_PSA_VERSION                 (0x2)
-+#define OPENAMP_PSA_CONNECT                 (0x3)
-+#define OPENAMP_PSA_CALL                    (0x4)
-+#define OPENAMP_PSA_CLOSE                   (0x5)
-+
-+/* Return code of openamp APIs */
-+#define OPENAMP_SUCCESS                     (0)
-+#define OPENAMP_MAP_FULL                    (INT32_MIN + 1)
-+#define OPENAMP_MAP_ERROR                   (INT32_MIN + 2)
-+#define OPENAMP_INVAL_PARAMS                (INT32_MIN + 3)
-+#define OPENAMP_NO_PERMS                    (INT32_MIN + 4)
-+#define OPENAMP_NO_PEND_EVENT               (INT32_MIN + 5)
-+#define OPENAMP_CHAN_BUSY                   (INT32_MIN + 6)
-+#define OPENAMP_CALLBACK_REG_ERROR          (INT32_MIN + 7)
-+#define OPENAMP_INIT_ERROR                  (INT32_MIN + 8)
-+
-+#define HOLD_INPUT_BUFFER (1) /* IF true, TF-M Library will hold the openamp
-+			       * buffer so that openamp shared memory buffer
-+			       * does not get freed.
-+			       */
-+
-+/*
-+ * This structure holds the parameters used in a PSA client call.
-+ */
-+typedef struct __packed psa_client_in_params {
-+	union {
-+		struct __packed {
-+			uint32_t        sid;
-+		} psa_version_params;
-+
-+		struct __packed {
-+			uint32_t        sid;
-+			uint32_t        version;
-+		} psa_connect_params;
-+
-+		struct __packed {
-+			psa_handle_t     handle;
-+			int32_t          type;
-+			uint32_t         in_vec;
-+			uint32_t         in_len;
-+			uint32_t         out_vec;
-+			uint32_t         out_len;
-+		} psa_call_params;
-+
-+		struct __packed {
-+			psa_handle_t    handle;
-+		} psa_close_params;
-+	};
-+} psa_client_in_params_t;
-+
-+/* Openamp message passed from NSPE to SPE to deliver a PSA client call */
-+struct __packed ns_openamp_msg {
-+	uint32_t                      call_type;   /* PSA client call type */
-+	struct psa_client_in_params   params;      /* Contain parameters used in PSA
-+						  * client call
-+						  */
-+
-+	int32_t                     client_id;   /* Optional client ID of the
-+						  * non-secure caller.
-+						  * It is required to identify the
-+						  * non-secure task when NSPE OS
-+						  * enforces non-secure task
-+						  * isolation
-+						  */
-+	int32_t                     request_id;  /* This is the unique ID for a
-+						  * request send to TF-M by the
-+						  * non-secure core. TF-M forward
-+						  * the ID back to non-secure on the
-+						  * reply to a given request. Using
-+						  * this id, the non-secure library
-+						  * can identify the request for
-+						  * which the reply has received.
-+						  */
-+};
-+
-+/*
-+ * This structure holds the location of the out data of the PSA client call.
-+ */
-+struct __packed psa_client_out_params {
-+	uint32_t              out_vec;
-+	uint32_t              out_len;
-+};
-+
-+
-+/* Openamp message from SPE to NSPE delivering the reply back for a PSA client
-+ * call.
-+ */
-+struct __packed s_openamp_msg {
-+	int32_t                     request_id;  /* Using this id, the non-secure
-+						  * library identifies the request.
-+						  * TF-M forwards the same
-+						  * request-id received on the
-+						  * initial request.
-+						  */
-+	int32_t                     reply;       /* Reply of the PSA client call */
-+	struct psa_client_out_params     params;      /* Contain out data result of the
-+						       * PSA client call.
-+						       */
-+};
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* SERVICE_PSA_IPC_OPENAMP_LIB_H */
-+
-+
-diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
-index 34fe5ff1b925..dd0c5d00c21e 100644
---- a/deployments/se-proxy/se-proxy.cmake
-+++ b/deployments/se-proxy/se-proxy.cmake
-@@ -24,6 +24,7 @@ add_components(TARGET "se-proxy"
- 		"components/service/common/include"
- 		"components/service/common/serializer/protobuf"
- 		"components/service/common/client"
-+		"components/service/common/psa_ipc"
- 		"components/service/common/provider"
- 		"components/service/discovery/provider"
- 		"components/service/discovery/provider/serializer/packed-c"
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch
similarity index 90%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch
index ecea2364..5ed36faf 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch
+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch
@@ -1,7 +1,7 @@ 
-From a3e203136e7c552069ae582273e0540a219c105f Mon Sep 17 00:00:00 2001
+From 355e9e1425bbe1d4f27eadf81b91ad047d7b42b5 Mon Sep 17 00:00:00 2001
 From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
 Date: Thu, 9 Feb 2023 00:01:06 +0000
-Subject: [PATCH 2/3] TF-Mv1.7 alignment: Align crypto iovec definition
+Subject: [PATCH 5/6] TF-Mv1.7 alignment: Align crypto iovec definition
 
 This patch is to align psa_ipc_crypto_pack_iovec with TF-M v1.7
 And propagate changes accross psa_ipc functions
@@ -9,6 +9,7 @@  More accuratly change sfn_id to function_id
 
 Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
 Upstream-Status: Pending [Not submitted yet]
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
 ---
  .../backend/psa_ipc/crypto_ipc_backend.h      | 34 +++++++++----------
  .../caller/psa_ipc/crypto_caller_aead.h       | 24 ++++++-------
@@ -32,7 +33,7 @@  Upstream-Status: Pending [Not submitted yet]
  19 files changed, 73 insertions(+), 73 deletions(-)
 
 diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-index ec25eaf8..aacd3fcc 100644
+index 678a35810d71..47243648a99f 100644
 --- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
 +++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
 @@ -28,23 +28,23 @@ struct psa_ipc_crypto_aead_pack_input {
@@ -77,7 +78,7 @@  index ec25eaf8..aacd3fcc 100644
  #define iov_size sizeof(struct psa_ipc_crypto_pack_iovec)
  
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-index f6aadd8b..efdffdf7 100644
+index 66a2bc958687..f63996a8aad3 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
 @@ -44,7 +44,7 @@ static inline psa_status_t crypto_caller_aead_encrypt(
@@ -102,94 +103,94 @@  index f6aadd8b..efdffdf7 100644
  	struct rpc_caller *caller = ipc->caller;
  	psa_status_t status;
  	struct psa_ipc_crypto_pack_iovec iov = {
--	    .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
-+	    .function_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
- 	    .key_id = key,
- 	    .alg = alg,
- 	    .op_handle = (*op_handle),
-@@ -185,7 +185,7 @@ static inline psa_status_t crypto_caller_aead_decrypt_setup(
+-		.sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
++		.function_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
+ 		.key_id = key,
+ 		.alg = alg,
+ 		.op_handle = (*op_handle),
+@@ -186,7 +186,7 @@ static inline psa_status_t crypto_caller_aead_decrypt_setup(
  	struct rpc_caller *caller = ipc->caller;
  	psa_status_t status;
  	struct psa_ipc_crypto_pack_iovec iov = {
--	    .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
-+	    .function_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
- 	    .key_id = key,
- 	    .alg = alg,
- 	    .op_handle = (*op_handle),
-@@ -214,7 +214,7 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
+-		.sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
++		.function_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
+ 		.key_id = key,
+ 		.alg = alg,
+ 		.op_handle = (*op_handle),
+@@ -217,7 +217,7 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
  	struct rpc_caller *caller = ipc->caller;
  	psa_status_t status;
  	struct psa_ipc_crypto_pack_iovec iov = {
--	    .sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
-+	    .function_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
- 	    .op_handle = op_handle,
+-		.sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
++		.function_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
+ 		.op_handle = op_handle,
  	};
  
-@@ -243,7 +243,7 @@ static inline psa_status_t crypto_caller_aead_set_nonce(
+@@ -248,7 +248,7 @@ static inline psa_status_t crypto_caller_aead_set_nonce(
  	struct rpc_caller *caller = ipc->caller;
  	psa_status_t status;
  	struct psa_ipc_crypto_pack_iovec iov = {
--	    .sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
-+	    .function_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
- 	    .op_handle = op_handle,
+-		.sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
++		.function_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
+ 		.op_handle = op_handle,
  	};
  
-@@ -270,7 +270,7 @@ static inline psa_status_t crypto_caller_aead_set_lengths(
+@@ -277,7 +277,7 @@ static inline psa_status_t crypto_caller_aead_set_lengths(
  	struct rpc_caller *caller = ipc->caller;
  	psa_status_t status;
  	struct psa_ipc_crypto_pack_iovec iov = {
--	    .sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
-+	    .function_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
- 	    .ad_length = ad_length,
- 	    .plaintext_length = plaintext_length,
- 	    .op_handle = op_handle,
-@@ -299,7 +299,7 @@ static inline psa_status_t crypto_caller_aead_update_ad(
+-		.sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
++		.function_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
+ 		.ad_length = ad_length,
+ 		.plaintext_length = plaintext_length,
+ 		.op_handle = op_handle,
+@@ -307,7 +307,7 @@ static inline psa_status_t crypto_caller_aead_update_ad(
  	struct rpc_caller *caller = ipc->caller;
  	psa_status_t status;
  	struct psa_ipc_crypto_pack_iovec iov = {
--	    .sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
-+	    .function_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
- 	    .op_handle = op_handle,
+-		.sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
++		.function_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
+ 		.op_handle = op_handle,
  	};
  
-@@ -339,7 +339,7 @@ static inline psa_status_t crypto_caller_aead_update(
+@@ -349,7 +349,7 @@ static inline psa_status_t crypto_caller_aead_update(
  	struct rpc_caller *caller = ipc->caller;
  	psa_status_t status;
  	struct psa_ipc_crypto_pack_iovec iov = {
--	    .sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID,
-+	    .function_id = TFM_CRYPTO_AEAD_UPDATE_SID,
- 	    .op_handle = op_handle,
+-		.sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID,
++		.function_id = TFM_CRYPTO_AEAD_UPDATE_SID,
+ 		.op_handle = op_handle,
  	};
  
-@@ -383,7 +383,7 @@ static inline psa_status_t crypto_caller_aead_finish(
+@@ -395,7 +395,7 @@ static inline psa_status_t crypto_caller_aead_finish(
  	struct rpc_caller *caller = ipc->caller;
  	psa_status_t status;
  	struct psa_ipc_crypto_pack_iovec iov = {
--	    .sfn_id = TFM_CRYPTO_AEAD_FINISH_SID,
-+	    .function_id = TFM_CRYPTO_AEAD_FINISH_SID,
- 	    .op_handle = op_handle,
+-		.sfn_id = TFM_CRYPTO_AEAD_FINISH_SID,
++		.function_id = TFM_CRYPTO_AEAD_FINISH_SID,
+ 		.op_handle = op_handle,
  	};
  
-@@ -436,7 +436,7 @@ static inline psa_status_t crypto_caller_aead_verify(
+@@ -448,7 +448,7 @@ static inline psa_status_t crypto_caller_aead_verify(
  	struct rpc_caller *caller = ipc->caller;
  	psa_status_t status;
  	struct psa_ipc_crypto_pack_iovec iov = {
--	    .sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID,
-+	    .function_id = TFM_CRYPTO_AEAD_VERIFY_SID,
- 	    .op_handle = op_handle,
+-		.sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID,
++		.function_id = TFM_CRYPTO_AEAD_VERIFY_SID,
+ 		.op_handle = op_handle,
  	};
  
-@@ -482,7 +482,7 @@ static inline psa_status_t crypto_caller_aead_abort(
+@@ -494,7 +494,7 @@ static inline psa_status_t crypto_caller_aead_abort(
  	struct rpc_caller *caller = ipc->caller;
  	psa_status_t status;
  	struct psa_ipc_crypto_pack_iovec iov = {
--	    .sfn_id = TFM_CRYPTO_AEAD_ABORT_SID,
-+	    .function_id = TFM_CRYPTO_AEAD_ABORT_SID,
- 	    .op_handle = op_handle,
+-		.sfn_id = TFM_CRYPTO_AEAD_ABORT_SID,
++		.function_id = TFM_CRYPTO_AEAD_ABORT_SID,
+ 		.op_handle = op_handle,
  	};
  
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
-index ff01815c..c387eb55 100644
+index d3e43b25f7e5..03682e7cdaa0 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
 @@ -38,7 +38,7 @@ static inline psa_status_t crypto_caller_asymmetric_decrypt(
@@ -202,7 +203,7 @@  index ff01815c..c387eb55 100644
  		.alg = alg,
  	};
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
-index 1daf1689..8eb3de45 100644
+index 124b088f94d8..60f5770e3a1e 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
 @@ -38,7 +38,7 @@ static inline psa_status_t crypto_caller_asymmetric_encrypt(
@@ -215,7 +216,7 @@  index 1daf1689..8eb3de45 100644
  		.alg = alg,
  	};
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-index fbefb28d..20aa46a5 100644
+index 8d906aeef2a0..4f885f3445ab 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
 @@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_cipher_encrypt_setup(
@@ -282,7 +283,7 @@  index fbefb28d..20aa46a5 100644
  	};
  	struct psa_invec in_vec[] = {
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
-index 9a988171..48157d7e 100644
+index b2e57e1e7255..71cf4381dfe5 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
 @@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_copy_key(struct service_client *context
@@ -295,7 +296,7 @@  index 9a988171..48157d7e 100644
  	};
  	struct psa_invec in_vec[] = {
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
-index d00f4faa..6d0a05e6 100644
+index 94a01580b482..85bd2b4cde97 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
 @@ -31,7 +31,7 @@ static inline psa_status_t crypto_caller_destroy_key(struct service_client *cont
@@ -308,7 +309,7 @@  index d00f4faa..6d0a05e6 100644
  	};
  	struct psa_invec in_vec[] = {
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
-index 8ac5477f..9a6b7013 100644
+index b6dfda38bc23..5e9543085139 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
 @@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_export_key(struct service_client *conte
@@ -321,7 +322,7 @@  index 8ac5477f..9a6b7013 100644
  	};
  	struct psa_invec in_vec[] = {
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
-index b24c47f1..52bdd757 100644
+index d154db89bf0b..349dc6cb949c 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
 @@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_export_public_key(struct service_client
@@ -334,7 +335,7 @@  index b24c47f1..52bdd757 100644
  	};
  	struct psa_invec in_vec[] = {
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
-index 1b66ed40..7ed1673b 100644
+index 41dc3a1806ec..31c6901ab88a 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
 @@ -32,7 +32,7 @@ static inline psa_status_t crypto_caller_generate_key(struct service_client *con
@@ -347,7 +348,7 @@  index 1b66ed40..7ed1673b 100644
  	struct psa_invec in_vec[] = {
  		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
-index 7c538237..4fb87aa8 100644
+index 50437327ec2a..ce51ded30b1f 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
 @@ -32,7 +32,7 @@ static inline psa_status_t crypto_caller_generate_random(struct service_client *
@@ -360,7 +361,7 @@  index 7c538237..4fb87aa8 100644
  	struct psa_invec in_vec[] = {
  		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
-index 22f1d18f..2caa3bd3 100644
+index 3531bd06147f..ea90af7df782 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
 @@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_get_key_attributes(
@@ -373,7 +374,7 @@  index 22f1d18f..2caa3bd3 100644
  	};
  	struct psa_invec in_vec[] = {
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-index 9f37908a..4fb60d44 100644
+index f63e9812af6c..f7ffaf38c7d0 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
 @@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_hash_setup(
@@ -431,7 +432,7 @@  index 9f37908a..4fb60d44 100644
  	};
  	struct psa_invec in_vec[] = {
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
-index d4703366..1458163c 100644
+index 72a43c428adf..0c946a25488f 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
 @@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_import_key(struct service_client *conte
@@ -444,7 +445,7 @@  index d4703366..1458163c 100644
  	struct psa_invec in_vec[] = {
  		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
-index 5ce4fb6c..16be9916 100644
+index cacadf09d2c4..8bc32977535d 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
 @@ -33,7 +33,7 @@ static inline psa_status_t crypto_caller_key_derivation_setup(
@@ -538,7 +539,7 @@  index 5ce4fb6c..16be9916 100644
  		.key_id = private_key,
  	};
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
-index 3a820192..30222800 100644
+index a0092bfd94e7..596923387596 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
 @@ -34,7 +34,7 @@ static inline psa_status_t crypto_caller_mac_sign_setup(
@@ -596,7 +597,7 @@  index 3a820192..30222800 100644
  	};
  	struct psa_invec in_vec[] = {
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
-index a3a796e2..f6ab0978 100644
+index 36a01765b1a3..b5894e06d1ff 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
 @@ -31,7 +31,7 @@ static inline psa_status_t crypto_caller_purge_key(struct service_client *contex
@@ -609,7 +610,7 @@  index a3a796e2..f6ab0978 100644
  	};
  	struct psa_invec in_vec[] = {
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-index 9276748d..8b53e3dc 100644
+index bebfe05c7c49..254ee5a90d89 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
 @@ -37,7 +37,7 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex
@@ -631,7 +632,7 @@  index 9276748d..8b53e3dc 100644
  		.alg = alg,
  	};
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-index bcd8e0e4..c9ed865b 100644
+index d0a3850678cb..515f2a8da39f 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
 @@ -31,13 +31,13 @@ static inline psa_status_t crypto_caller_common(struct service_client *context,
@@ -651,5 +652,5 @@  index bcd8e0e4..c9ed865b 100644
  		.alg = alg,
  	};
 -- 
-2.25.1
+2.40.0
 
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch
deleted file mode 100644
index 74a83777..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Add-secure-storage-ipc-backend.patch
+++ /dev/null
@@ -1,523 +0,0 @@ 
-From ed4371d63cb52c121be9678bc225055944286c30 Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 19:19:24 +0000
-Subject: [PATCH 06/20] Add secure storage ipc backend
-
-Add secure storage ipc ff-m implementation which may use
-openamp as rpc to communicate with other processor.
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../service/common/psa_ipc/service_psa_ipc.c  | 143 +++++++++++-
- .../secure_storage_ipc/component.cmake        |  14 ++
- .../secure_storage_ipc/secure_storage_ipc.c   | 214 ++++++++++++++++++
- .../secure_storage_ipc/secure_storage_ipc.h   |  52 +++++
- deployments/se-proxy/se-proxy.cmake           |   1 +
- 5 files changed, 420 insertions(+), 4 deletions(-)
- create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/component.cmake
- create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
- create mode 100644 components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-
-diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
-index e8093c20a523..95a07c135f31 100644
---- a/components/service/common/psa_ipc/service_psa_ipc.c
-+++ b/components/service/common/psa_ipc/service_psa_ipc.c
-@@ -16,6 +16,52 @@
- #include <psa/client.h>
- #include "service_psa_ipc_openamp_lib.h"
- 
-+static struct psa_invec *psa_call_in_vec_param(uint8_t *req)
-+{
-+	return (struct psa_invec *)(req + sizeof(struct ns_openamp_msg));
-+}
-+
-+static struct psa_outvec *psa_call_out_vec_param(uint8_t *req, size_t in_len)
-+{
-+	return (struct psa_outvec *)(req + sizeof(struct ns_openamp_msg) +
-+				     (in_len * sizeof(struct psa_invec)));
-+}
-+
-+static size_t psa_call_header_len(const struct psa_invec *in_vec, size_t in_len,
-+				  struct psa_outvec *out_vec, size_t out_len)
-+{
-+	return sizeof(struct ns_openamp_msg) + (in_len * sizeof(*in_vec)) +
-+		(out_len * sizeof(*out_vec));
-+}
-+
-+static size_t psa_call_in_vec_len(const struct psa_invec *in_vec, size_t in_len)
-+{
-+	size_t req_len = 0;
-+	int i;
-+
-+	if (!in_vec || !in_len)
-+		return 0;
-+
-+	for (i = 0; i < in_len; i++)
-+		req_len += in_vec[i].len;
-+
-+	return req_len;
-+}
-+
-+static size_t psa_call_out_vec_len(const struct psa_outvec *out_vec, size_t out_len)
-+{
-+	size_t resp_len = 0;
-+	int i;
-+
-+	if (!out_vec || !out_len)
-+		return 0;
-+
-+	for (i = 0; i < out_len; i++)
-+		resp_len += out_vec[i].len;
-+
-+	return resp_len;
-+}
-+
- psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
- 			 uint32_t version)
- {
-@@ -31,7 +77,7 @@ psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
- 	rpc_handle = rpc_caller_begin(caller, &req,
- 				      sizeof(struct ns_openamp_msg));
- 	if (!rpc_handle) {
--		EMSG("psa_connect: could not get handle");
-+		EMSG("psa_connect: could not get rpc handle");
- 		return PSA_ERROR_GENERIC_ERROR;
- 	}
- 
-@@ -56,14 +102,100 @@ psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
- 	return resp_msg ? (psa_handle_t)resp_msg->reply : PSA_NULL_HANDLE;
- }
- 
--psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t handle,
-+psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
- 		      int32_t type, const struct psa_invec *in_vec,
- 		      size_t in_len, struct psa_outvec *out_vec, size_t out_len)
- {
-+	psa_status_t psa_status = PSA_SUCCESS;
-+	struct s_openamp_msg *resp_msg = NULL;
-+	struct psa_outvec *out_vec_param;
-+	struct psa_invec *in_vec_param;
-+	struct ns_openamp_msg *req_msg;
-+	rpc_call_handle rpc_handle;
-+	size_t out_vec_len;
-+	size_t in_vec_len;
-+	size_t header_len;
-+	uint8_t *payload;
-+	size_t resp_len;
-+	uint8_t *resp;
-+	uint8_t *req;
-+	int ret;
-+	int i;
-+
-+	if ((psa_handle == PSA_NULL_HANDLE) || !caller)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	header_len = psa_call_header_len(in_vec, in_len, out_vec, out_len);
-+	in_vec_len = psa_call_in_vec_len(in_vec, in_len);
-+	out_vec_len = psa_call_out_vec_len(out_vec, out_len);
- 
-+	rpc_handle = rpc_caller_begin(caller, &req, header_len + in_vec_len);
-+	if (!rpc_handle) {
-+		EMSG("psa_call: could not get handle");
-+		return PSA_ERROR_GENERIC_ERROR;
-+	}
-+
-+	payload = req + header_len;
-+
-+	out_vec_param = psa_call_out_vec_param(req, in_len);
-+	in_vec_param = psa_call_in_vec_param(req);
-+
-+	req_msg = (struct ns_openamp_msg *)req;
-+
-+	req_msg->call_type = OPENAMP_PSA_CALL;
-+	req_msg->request_id = 1234;
-+	req_msg->params.psa_call_params.handle = psa_handle;
-+	req_msg->params.psa_call_params.type = type;
-+	req_msg->params.psa_call_params.in_len = in_len;
-+	req_msg->params.psa_call_params.in_vec = rpc_caller_virt_to_phys(caller, in_vec_param);
-+	req_msg->params.psa_call_params.out_len = out_len;
-+	req_msg->params.psa_call_params.out_vec = rpc_caller_virt_to_phys(caller, out_vec_param);
-+
-+	for (i = 0; i < in_len; i++) {
-+		in_vec_param[i].base = rpc_caller_virt_to_phys(caller, payload);
-+		in_vec_param[i].len = in_vec[i].len;
-+
-+		memcpy(payload, in_vec[i].base, in_vec[i].len);
-+		payload += in_vec[i].len;
-+	}
-+
-+	for (i = 0; i < out_len; i++) {
-+		out_vec_param[i].base = NULL;
-+		out_vec_param[i].len = out_vec[i].len;
-+	}
-+
-+	ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
-+				&resp_len);
-+	if (ret != TS_RPC_CALL_ACCEPTED) {
-+		EMSG("psa_call: invoke failed: %d", ret);
-+		return PSA_ERROR_GENERIC_ERROR;
-+	}
-+
-+	if (psa_status != PSA_SUCCESS) {
-+		EMSG("psa_call: psa_status invoke failed: %d", psa_status);
-+		return PSA_ERROR_GENERIC_ERROR;
-+	}
-+
-+	resp_msg = (struct s_openamp_msg *)resp;
-+
-+	if (!resp_msg || !out_len || resp_msg->reply != PSA_SUCCESS)
-+		goto caller_end;
-+
-+	out_vec_param = (struct psa_outvec *)rpc_caller_phys_to_virt(caller,
-+						     resp_msg->params.out_vec);
-+
-+	for (i = 0; i < resp_msg->params.out_len; i++) {
-+		memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base),
-+		       out_vec[i].len);
-+	}
-+
-+caller_end:
-+	rpc_caller_end(caller, rpc_handle);
-+
-+	return resp_msg ? resp_msg->reply : PSA_ERROR_COMMUNICATION_FAILURE;
- }
- 
--void psa_close(struct rpc_caller *caller, psa_handle_t handle)
-+void psa_close(struct rpc_caller *caller, psa_handle_t psa_handle)
- {
- 	psa_status_t psa_status = PSA_SUCCESS;
- 	struct s_openamp_msg *resp_msg = NULL;
-@@ -74,6 +206,9 @@ void psa_close(struct rpc_caller *caller, psa_handle_t handle)
- 	uint8_t *req;
- 	int ret;
- 
-+	if ((psa_handle == PSA_NULL_HANDLE) || !caller)
-+		return;
-+
- 	rpc_handle = rpc_caller_begin(caller, &req,
- 				      sizeof(struct ns_openamp_msg));
- 	if (!rpc_handle) {
-@@ -84,7 +219,7 @@ void psa_close(struct rpc_caller *caller, psa_handle_t handle)
- 	req_msg = (struct ns_openamp_msg *)req;
- 
- 	req_msg->call_type = OPENAMP_PSA_CLOSE;
--	req_msg->params.psa_close_params.handle = handle;
-+	req_msg->params.psa_close_params.handle = psa_handle;
- 
- 	ret = rpc_caller_invoke(caller, rpc_handle, 0, &psa_status, &resp,
- 				&resp_len);
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/component.cmake b/components/service/secure_storage/backend/secure_storage_ipc/component.cmake
-new file mode 100644
-index 000000000000..5d8f6714e0bd
---- /dev/null
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/component.cmake
-@@ -0,0 +1,14 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+	message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+	"${CMAKE_CURRENT_LIST_DIR}/secure_storage_ipc.c"
-+	)
-+
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-new file mode 100644
-index 000000000000..9b55f77dd395
---- /dev/null
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-@@ -0,0 +1,214 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include "secure_storage_ipc.h"
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <rpc_caller.h>
-+#include <string.h>
-+#include <trace.h>
-+
-+
-+static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
-+			 psa_storage_uid_t uid, size_t data_length,
-+			 const void *p_data, psa_storage_create_flags_t create_flags)
-+{
-+	struct secure_storage_ipc *ipc = context;
-+	struct rpc_caller *caller = ipc->client.caller;
-+	psa_handle_t psa_handle;
-+	psa_status_t psa_status;
-+	struct psa_invec in_vec[] = {
-+		{ .base = &uid, .len = sizeof(uid) },
-+		{ .base = p_data, .len = data_length },
-+		{ .base = &create_flags, .len = sizeof(create_flags) },
-+	};
-+
-+	(void)client_id;
-+
-+	ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED;
-+
-+	/* Validating input parameters */
-+	if (p_data == NULL)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-+			      TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0);
-+	if (psa_status < 0)
-+		EMSG("ipc_set: psa_call failed: %d", psa_status);
-+
-+	return psa_status;
-+}
-+
-+static psa_status_t secure_storage_ipc_get(void *context,
-+					   uint32_t client_id,
-+					   psa_storage_uid_t uid,
-+					   size_t data_offset,
-+					   size_t data_size,
-+					   void *p_data,
-+					   size_t *p_data_length)
-+{
-+	struct secure_storage_ipc *ipc = context;
-+	struct rpc_caller *caller = ipc->client.caller;
-+	psa_handle_t psa_handle;
-+	psa_status_t psa_status;
-+	uint32_t offset = (uint32_t)data_offset;
-+	struct psa_invec in_vec[] = {
-+		{ .base = &uid, .len = sizeof(uid) },
-+		{ .base = &offset, .len = sizeof(offset) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = p_data, .len = data_size },
-+	};
-+
-+	if (!p_data_length) {
-+		EMSG("ipc_get: p_data_length not defined");
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+	}
-+
-+	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-+			      TFM_PS_GET, in_vec, IOVEC_LEN(in_vec),
-+			      out_vec, IOVEC_LEN(out_vec));
-+	if (psa_status == PSA_SUCCESS)
-+		*p_data_length = out_vec[0].len;
-+
-+	return psa_status;
-+}
-+
-+static psa_status_t secure_storage_ipc_get_info(void *context,
-+						uint32_t client_id,
-+						psa_storage_uid_t uid,
-+						struct psa_storage_info_t *p_info)
-+{
-+	struct secure_storage_ipc *ipc = context;
-+	struct rpc_caller *caller = ipc->client.caller;
-+	psa_handle_t psa_handle;
-+	psa_status_t psa_status;
-+	struct psa_invec in_vec[] = {
-+		{ .base = &uid, .len = sizeof(uid) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = p_info, .len = sizeof(*p_info) },
-+	};
-+
-+	(void)client_id;
-+
-+	/* Validating input parameters */
-+	if (!p_info)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-+			      TFM_PS_GET_INFO, in_vec,
-+			      IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+	if (psa_status != PSA_SUCCESS)
-+		EMSG("ipc_get_info: failed to psa_call: %d", psa_status);
-+
-+	return psa_status;
-+}
-+
-+static psa_status_t secure_storage_ipc_remove(void *context,
-+						uint32_t client_id,
-+						psa_storage_uid_t uid)
-+{
-+	struct secure_storage_ipc *ipc = context;
-+	struct rpc_caller *caller = ipc->client.caller;
-+	psa_handle_t psa_handle;
-+	psa_status_t psa_status;
-+	struct psa_invec in_vec[] = {
-+		{ .base = &uid, .len = sizeof(uid) },
-+	};
-+
-+	(void)client_id;
-+
-+	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-+			      TFM_PS_REMOVE, in_vec,
-+			      IOVEC_LEN(in_vec), NULL, 0);
-+	if (psa_status != PSA_SUCCESS)
-+		EMSG("ipc_remove: failed to psa_call: %d", psa_status);
-+
-+	return psa_status;
-+}
-+
-+static psa_status_t secure_storage_ipc_create(void *context,
-+					      uint32_t client_id,
-+					      uint64_t uid,
-+					      size_t capacity,
-+					      uint32_t create_flags)
-+{
-+	(void)context;
-+	(void)uid;
-+	(void)client_id;
-+	(void)capacity;
-+	(void)create_flags;
-+
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static psa_status_t secure_storage_set_extended(void *context,
-+						uint32_t client_id,
-+						uint64_t uid,
-+						size_t data_offset,
-+						size_t data_length,
-+						const void *p_data)
-+{
-+	(void)context;
-+	(void)uid;
-+	(void)client_id;
-+	(void)data_offset;
-+	(void)data_length;
-+	(void)p_data;
-+
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static uint32_t secure_storage_get_support(void *context, uint32_t client_id)
-+{
-+	struct secure_storage_ipc *ipc = context;
-+	struct rpc_caller *caller = ipc->client.caller;
-+	psa_handle_t psa_handle;
-+	psa_status_t psa_status;
-+	uint32_t support_flags;
-+	struct psa_outvec out_vec[] = {
-+		{ .base = &support_flags, .len =  sizeof(support_flags) },
-+	};
-+
-+	(void)client_id;
-+
-+	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-+			      TFM_PS_GET_SUPPORT, NULL, 0,
-+			      out_vec, IOVEC_LEN(out_vec));
-+	if (psa_status != PSA_SUCCESS)
-+		EMSG("ipc_get_support: failed to psa_call: %d", psa_status);
-+
-+	return psa_status;
-+}
-+
-+struct storage_backend *secure_storage_ipc_init(struct secure_storage_ipc *context,
-+						struct rpc_caller *caller)
-+{
-+	service_client_init(&context->client, caller);
-+
-+	static const struct storage_backend_interface interface =
-+	{
-+		.set = secure_storage_ipc_set,
-+		.get = secure_storage_ipc_get,
-+		.get_info = secure_storage_ipc_get_info,
-+		.remove = secure_storage_ipc_remove,
-+		.create = secure_storage_ipc_create,
-+		.set_extended = secure_storage_set_extended,
-+		.get_support = secure_storage_get_support,
-+	};
-+
-+	context->backend.context = context;
-+	context->backend.interface = &interface;
-+
-+	return &context->backend;
-+}
-+
-+void secure_storage_ipc_deinit(struct secure_storage_ipc *context)
-+{
-+	service_client_deinit(&context->client);
-+}
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-new file mode 100644
-index 000000000000..e8c1e8fd2f92
---- /dev/null
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-@@ -0,0 +1,52 @@
-+/*
-+ * Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef SECURE_STORAGE_IPC_H
-+#define SECURE_STORAGE_IPC_H
-+
-+#include <service/secure_storage/backend/storage_backend.h>
-+#include <service/common/client/service_client.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/**
-+ * @brief      Secure storage ipc instance
-+ */
-+struct secure_storage_ipc
-+{
-+    struct storage_backend backend;
-+    struct service_client client;
-+};
-+
-+/**
-+ * @brief      Initialize a secure storage ipc client
-+ *
-+ * A secure storage client is a storage backend that makes RPC calls
-+ * to a remote secure storage provider.
-+ *
-+ * @param[in]  context    Instance data
-+ * @param[in]  rpc_caller RPC caller instance
-+ *
-+ *
-+ * @return     Pointer to inialized storage backend or NULL on failure
-+ */
-+struct storage_backend *secure_storage_ipc_init(struct secure_storage_ipc *context,
-+						struct rpc_caller *caller);
-+
-+/**
-+ * @brief      Deinitialize a secure storage ipc client
-+ *
-+ * @param[in]  context   Instance data
-+ */
-+void secure_storage_ipc_deinit(struct secure_storage_ipc *context);
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* SECURE_STORAGE_IPC_H */
-diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
-index dd0c5d00c21e..cd51460406ca 100644
---- a/deployments/se-proxy/se-proxy.cmake
-+++ b/deployments/se-proxy/se-proxy.cmake
-@@ -45,6 +45,7 @@ add_components(TARGET "se-proxy"
- 		"components/service/crypto/factory/full"
- 		"components/service/secure_storage/include"
- 		"components/service/secure_storage/frontend/secure_storage_provider"
-+		"components/service/secure_storage/backend/secure_storage_ipc"
- 		"components/service/attestation/include"
- 		"components/service/attestation/provider"
- 		"components/service/attestation/provider/serializer/packed-c"
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch
similarity index 80%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch
index 0dcdd5da..7a9bee6d 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch
+++ b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch
@@ -1,7 +1,7 @@ 
-From ee7e13dcc14110aa16f7c6453cfe72f088857ed2 Mon Sep 17 00:00:00 2001
+From 507008e501c4f5bea0841547a052b3dffd86eb20 Mon Sep 17 00:00:00 2001
 From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
 Date: Thu, 9 Feb 2023 00:34:23 +0000
-Subject: [PATCH 3/3] TF-Mv1.7 alignment: PSA crypto client in/out_vec
+Subject: [PATCH 6/6] TF-Mv1.7 alignment: PSA crypto client in/out_vec
 
 Few psa crypto operations have different in/out_vec expectations
 This patch is fixing the differences between psa crypto client in TS
@@ -20,6 +20,7 @@  operations:
 
 Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
 Upstream-Status: Pending [Not submitted yet]
+Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
 ---
  .../crypto/client/caller/psa_ipc/crypto_caller_aead.h       | 6 ++----
  .../crypto/client/caller/psa_ipc/crypto_caller_cipher.h     | 6 ++----
@@ -27,44 +28,44 @@  Upstream-Status: Pending [Not submitted yet]
  3 files changed, 6 insertions(+), 8 deletions(-)
 
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-index efdffdf7..e862c2de 100644
+index f63996a8aad3..393ba447663a 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-@@ -222,14 +222,13 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
- 	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
+@@ -226,14 +226,13 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
+ 			.len = sizeof(struct psa_ipc_crypto_pack_iovec) },
  	};
  	struct psa_outvec out_vec[] = {
--	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
- 	    {.base = psa_ptr_to_u32(nonce), .len = nonce_size}
+-		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
+ 		{ .base = psa_ptr_to_u32(nonce), .len = nonce_size },
  	};
  
  	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
- 	                   IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
+ 			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
  
 -	*nonce_length = out_vec[1].len;
 +	*nonce_length = out_vec[0].len;
+ 
  	return status;
  }
- 
-@@ -353,7 +352,6 @@ static inline psa_status_t crypto_caller_aead_update(
- 	    {.base = psa_ptr_const_to_u32(input), .len = input_length}
+@@ -364,7 +363,6 @@ static inline psa_status_t crypto_caller_aead_update(
+ 		{ .base = psa_ptr_const_to_u32(input), .len = input_length },
  	};
  	struct psa_outvec out_vec[] = {
--	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
- 	    {.base = psa_ptr_const_to_u32(output), .len = output_size},
+-		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
+ 		{ .base = psa_ptr_const_to_u32(output), .len = output_size },
  	};
  
-@@ -365,7 +363,7 @@ static inline psa_status_t crypto_caller_aead_update(
+@@ -376,7 +374,7 @@ static inline psa_status_t crypto_caller_aead_update(
  	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
- 	                   in_len, out_vec, IOVEC_LEN(out_vec));
+ 			  in_len, out_vec, IOVEC_LEN(out_vec));
  
 -	*output_length = out_vec[1].len;
 +	*output_length = out_vec[0].len;
+ 
  	return status;
  }
- 
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-index 20aa46a5..948865e4 100644
+index 4f885f3445ab..0d32444b6bbf 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
 @@ -98,14 +98,13 @@ static inline psa_status_t crypto_caller_cipher_generate_iv(
@@ -100,7 +101,7 @@  index 20aa46a5..948865e4 100644
  	return status;
  }
 diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-index 4fb60d44..1e422130 100644
+index f7ffaf38c7d0..77ef4ead1d03 100644
 --- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
 +++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
 @@ -172,6 +172,8 @@ static inline psa_status_t crypto_caller_hash_clone(
@@ -113,5 +114,5 @@  index 4fb60d44..1e422130 100644
  	struct psa_outvec out_vec[] = {
  		{ .base = psa_ptr_to_u32(target_op_handle),
 -- 
-2.25.1
+2.40.0
 
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch
deleted file mode 100644
index ad33295d..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch
+++ /dev/null
@@ -1,63 +0,0 @@ 
-From d1377a5ed909e3a1d9caca56aeda262a80322a4b Mon Sep 17 00:00:00 2001
-From: Vishnu Banavath <vishnu.banavath@arm.com>
-Date: Fri, 3 Dec 2021 19:25:34 +0000
-Subject: [PATCH 07/20] Use secure storage ipc and openamp for se_proxy
-
-Remove mock up backend for secure storage in se proxy
-deployment and use instead the secure storage ipc backend with
-openamp as rpc to secure enclave side.
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../se-proxy/common/service_proxy_factory.c      | 16 +++++++++++++---
- 1 file changed, 13 insertions(+), 3 deletions(-)
-
-diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
-index acfb6e8873fa..57290056d614 100644
---- a/deployments/se-proxy/common/service_proxy_factory.c
-+++ b/deployments/se-proxy/common/service_proxy_factory.c
-@@ -6,15 +6,20 @@
- 
- #include <stddef.h>
- #include <rpc/common/endpoint/rpc_interface.h>
-+#include <rpc/openamp/caller/sp/openamp_caller.h>
- #include <service/attestation/provider/attest_provider.h>
- #include <service/attestation/provider/serializer/packed-c/packedc_attest_provider_serializer.h>
- #include <service/crypto/factory/crypto_provider_factory.h>
- #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
-+#include <trace.h>
- 
- /* Stub backends */
- #include <service/crypto/backend/stub/stub_crypto_backend.h>
-+#include <service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h>
- #include <service/secure_storage/backend/mock_store/mock_store.h>
- 
-+struct openamp_caller openamp;
-+
- struct rpc_interface *attest_proxy_create(void)
- {
- 	struct rpc_interface *attest_iface;
-@@ -47,10 +52,15 @@ struct rpc_interface *crypto_proxy_create(void)
- 
- struct rpc_interface *ps_proxy_create(void)
- {
--	static struct mock_store ps_backend;
- 	static struct secure_storage_provider ps_provider;
--
--	struct storage_backend *backend = mock_store_init(&ps_backend);
-+	static struct secure_storage_ipc ps_backend;
-+	static struct rpc_caller *storage_caller;
-+	struct storage_backend *backend;
-+
-+	storage_caller = openamp_caller_init(&openamp);
-+	if (!storage_caller)
-+		return NULL;
-+	backend = secure_storage_ipc_init(&ps_backend, &openamp.rpc_caller);
- 
- 	return secure_storage_provider_init(&ps_provider, backend);
- }
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch
deleted file mode 100644
index ab576882..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Run-psa-arch-test.patch
+++ /dev/null
@@ -1,72 +0,0 @@ 
-From 1b50ab6b6ff1c6f27ab320e18fb0d4aeb1122f0d Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Sun, 12 Dec 2021 10:43:48 +0000
-Subject: [PATCH 08/20] Run psa-arch-test
-
-Fixes needed to run psa-arch-test
-
-Upstream-Status: Pending
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- components/service/common/psa_ipc/service_psa_ipc.c       | 1 +
- .../backend/secure_storage_ipc/secure_storage_ipc.c       | 8 --------
- .../service/secure_storage/include/psa/storage_common.h   | 4 ++--
- 3 files changed, 3 insertions(+), 10 deletions(-)
-
-diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
-index 95a07c135f31..5e5815dbc9cf 100644
---- a/components/service/common/psa_ipc/service_psa_ipc.c
-+++ b/components/service/common/psa_ipc/service_psa_ipc.c
-@@ -185,6 +185,7 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
- 						     resp_msg->params.out_vec);
- 
- 	for (i = 0; i < resp_msg->params.out_len; i++) {
-+                out_vec[i].len = out_vec_param[i].len;
- 		memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base),
- 		       out_vec[i].len);
- 	}
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-index 9b55f77dd395..a1f369db253e 100644
---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-@@ -31,10 +31,6 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
- 
- 	ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED;
- 
--	/* Validating input parameters */
--	if (p_data == NULL)
--		return PSA_ERROR_INVALID_ARGUMENT;
--
- 	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
- 			      TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0);
- 	if (psa_status < 0)
-@@ -96,10 +92,6 @@ static psa_status_t secure_storage_ipc_get_info(void *context,
- 
- 	(void)client_id;
- 
--	/* Validating input parameters */
--	if (!p_info)
--		return PSA_ERROR_INVALID_ARGUMENT;
--
- 	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
- 			      TFM_PS_GET_INFO, in_vec,
- 			      IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-diff --git a/components/service/secure_storage/include/psa/storage_common.h b/components/service/secure_storage/include/psa/storage_common.h
-index 4f6ba2a7d822..1fd6b40dc803 100644
---- a/components/service/secure_storage/include/psa/storage_common.h
-+++ b/components/service/secure_storage/include/psa/storage_common.h
-@@ -20,8 +20,8 @@ typedef uint64_t psa_storage_uid_t;
- typedef uint32_t psa_storage_create_flags_t;
- 
- struct psa_storage_info_t {
--	size_t capacity;
--	size_t size;
-+	uint32_t capacity;
-+	uint32_t size;
- 	psa_storage_create_flags_t flags;
- };
- 
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch
deleted file mode 100644
index 3295fa9b..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Use-address-instead-of-pointers.patch
+++ /dev/null
@@ -1,168 +0,0 @@ 
-From a6fba503ffddae004e23b32559212e749e8586f6 Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Sun, 12 Dec 2021 10:57:17 +0000
-Subject: [PATCH 09/20] Use address instead of pointers
-
-Since secure enclave is 32bit and we 64bit there is an issue
-in the protocol communication design that force us to handle
-on our side the manipulation of address and pointers to make
-this work.
-
-Upstream-Status: Pending
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../service/common/include/psa/client.h       | 15 ++++++++++++++
- .../service/common/psa_ipc/service_psa_ipc.c  | 20 ++++++++++++-------
- .../secure_storage_ipc/secure_storage_ipc.c   | 20 +++++++++----------
- 3 files changed, 38 insertions(+), 17 deletions(-)
-
-diff --git a/components/service/common/include/psa/client.h b/components/service/common/include/psa/client.h
-index 69ccf14f40a3..12dcd68f8a76 100644
---- a/components/service/common/include/psa/client.h
-+++ b/components/service/common/include/psa/client.h
-@@ -81,6 +81,21 @@ struct __attribute__ ((__packed__)) psa_outvec {
-     uint32_t len;                 /*!< the size in bytes                      */
- };
- 
-+static void *psa_u32_to_ptr(uint32_t addr)
-+{
-+	return (void *)(uintptr_t)addr;
-+}
-+
-+static uint32_t psa_ptr_to_u32(void *ptr)
-+{
-+	return (uintptr_t)ptr;
-+}
-+
-+static uint32_t psa_ptr_const_to_u32(const void *ptr)
-+{
-+	return (uintptr_t)ptr;
-+}
-+
- /*************************** PSA Client API **********************************/
- 
- /**
-diff --git a/components/service/common/psa_ipc/service_psa_ipc.c b/components/service/common/psa_ipc/service_psa_ipc.c
-index 5e5815dbc9cf..435c6c0a2eba 100644
---- a/components/service/common/psa_ipc/service_psa_ipc.c
-+++ b/components/service/common/psa_ipc/service_psa_ipc.c
-@@ -62,6 +62,11 @@ static size_t psa_call_out_vec_len(const struct psa_outvec *out_vec, size_t out_
- 	return resp_len;
- }
- 
-+static uint32_t psa_virt_to_phys_u32(struct rpc_caller *caller, void *va)
-+{
-+	return (uintptr_t)rpc_caller_virt_to_phys(caller, va);
-+}
-+
- psa_handle_t psa_connect(struct rpc_caller *caller, uint32_t sid,
- 			 uint32_t version)
- {
-@@ -147,20 +152,20 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
- 	req_msg->params.psa_call_params.handle = psa_handle;
- 	req_msg->params.psa_call_params.type = type;
- 	req_msg->params.psa_call_params.in_len = in_len;
--	req_msg->params.psa_call_params.in_vec = rpc_caller_virt_to_phys(caller, in_vec_param);
-+	req_msg->params.psa_call_params.in_vec = psa_virt_to_phys_u32(caller, in_vec_param);
- 	req_msg->params.psa_call_params.out_len = out_len;
--	req_msg->params.psa_call_params.out_vec = rpc_caller_virt_to_phys(caller, out_vec_param);
-+	req_msg->params.psa_call_params.out_vec = psa_virt_to_phys_u32(caller, out_vec_param);
- 
- 	for (i = 0; i < in_len; i++) {
--		in_vec_param[i].base = rpc_caller_virt_to_phys(caller, payload);
-+		in_vec_param[i].base = psa_virt_to_phys_u32(caller, payload);
- 		in_vec_param[i].len = in_vec[i].len;
- 
--		memcpy(payload, in_vec[i].base, in_vec[i].len);
-+		memcpy(payload, psa_u32_to_ptr(in_vec[i].base), in_vec[i].len);
- 		payload += in_vec[i].len;
- 	}
- 
- 	for (i = 0; i < out_len; i++) {
--		out_vec_param[i].base = NULL;
-+		out_vec_param[i].base = 0;
- 		out_vec_param[i].len = out_vec[i].len;
- 	}
- 
-@@ -182,11 +187,12 @@ psa_status_t psa_call(struct rpc_caller *caller, psa_handle_t psa_handle,
- 		goto caller_end;
- 
- 	out_vec_param = (struct psa_outvec *)rpc_caller_phys_to_virt(caller,
--						     resp_msg->params.out_vec);
-+				psa_u32_to_ptr(resp_msg->params.out_vec));
- 
- 	for (i = 0; i < resp_msg->params.out_len; i++) {
-                 out_vec[i].len = out_vec_param[i].len;
--		memcpy(out_vec[i].base, rpc_caller_phys_to_virt(caller, out_vec_param[i].base),
-+		memcpy(psa_u32_to_ptr(out_vec[i].base),
-+		       rpc_caller_phys_to_virt(caller,	psa_u32_to_ptr(out_vec_param[i].base)),
- 		       out_vec[i].len);
- 	}
- 
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-index a1f369db253e..bda442a61d5c 100644
---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-@@ -22,9 +22,9 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
- 	psa_handle_t psa_handle;
- 	psa_status_t psa_status;
- 	struct psa_invec in_vec[] = {
--		{ .base = &uid, .len = sizeof(uid) },
--		{ .base = p_data, .len = data_length },
--		{ .base = &create_flags, .len = sizeof(create_flags) },
-+		{ .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
-+		{ .base = psa_ptr_const_to_u32(p_data), .len = data_length },
-+		{ .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) },
- 	};
- 
- 	(void)client_id;
-@@ -53,11 +53,11 @@ static psa_status_t secure_storage_ipc_get(void *context,
- 	psa_status_t psa_status;
- 	uint32_t offset = (uint32_t)data_offset;
- 	struct psa_invec in_vec[] = {
--		{ .base = &uid, .len = sizeof(uid) },
--		{ .base = &offset, .len = sizeof(offset) },
-+		{ .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
-+		{ .base = psa_ptr_to_u32(&offset), .len = sizeof(offset) },
- 	};
- 	struct psa_outvec out_vec[] = {
--		{ .base = p_data, .len = data_size },
-+		{ .base = psa_ptr_to_u32(p_data), .len = data_size },
- 	};
- 
- 	if (!p_data_length) {
-@@ -84,10 +84,10 @@ static psa_status_t secure_storage_ipc_get_info(void *context,
- 	psa_handle_t psa_handle;
- 	psa_status_t psa_status;
- 	struct psa_invec in_vec[] = {
--		{ .base = &uid, .len = sizeof(uid) },
-+		{ .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
- 	};
- 	struct psa_outvec out_vec[] = {
--		{ .base = p_info, .len = sizeof(*p_info) },
-+		{ .base = psa_ptr_to_u32(p_info), .len = sizeof(*p_info) },
- 	};
- 
- 	(void)client_id;
-@@ -110,7 +110,7 @@ static psa_status_t secure_storage_ipc_remove(void *context,
- 	psa_handle_t psa_handle;
- 	psa_status_t psa_status;
- 	struct psa_invec in_vec[] = {
--		{ .base = &uid, .len = sizeof(uid) },
-+		{ .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
- 	};
- 
- 	(void)client_id;
-@@ -164,7 +164,7 @@ static uint32_t secure_storage_get_support(void *context, uint32_t client_id)
- 	psa_status_t psa_status;
- 	uint32_t support_flags;
- 	struct psa_outvec out_vec[] = {
--		{ .base = &support_flags, .len =  sizeof(support_flags) },
-+		{ .base = psa_ptr_to_u32(&support_flags), .len =  sizeof(support_flags) },
- 	};
- 
- 	(void)client_id;
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch
deleted file mode 100644
index 2d0725cb..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Add-psa-ipc-attestation-to-se-proxy.patch
+++ /dev/null
@@ -1,323 +0,0 @@ 
-From b142f3c162fb1c28982d26b5ac2181ba79197a28 Mon Sep 17 00:00:00 2001
-From: Rui Miguel Silva <rui.silva@linaro.org>
-Date: Tue, 7 Dec 2021 11:50:00 +0000
-Subject: [PATCH 10/20] Add psa ipc attestation to se proxy
-
-Implement attestation client API as psa ipc and include it to
-se proxy deployment.
-
-Upstream-Status: Pending
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../client/psa_ipc/component.cmake            | 13 +++
- .../client/psa_ipc/iat_ipc_client.c           | 86 +++++++++++++++++++
- .../reporter/psa_ipc/component.cmake          | 13 +++
- .../reporter/psa_ipc/psa_ipc_attest_report.c  | 45 ++++++++++
- components/service/common/include/psa/sid.h   |  4 +
- .../se-proxy/common/service_proxy_factory.c   |  6 ++
- deployments/se-proxy/se-proxy.cmake           |  7 +-
- ...ble-using-hard-coded-attestation-key.patch | 29 -------
- external/psa_arch_tests/psa_arch_tests.cmake  |  4 -
- 9 files changed, 171 insertions(+), 36 deletions(-)
- create mode 100644 components/service/attestation/client/psa_ipc/component.cmake
- create mode 100644 components/service/attestation/client/psa_ipc/iat_ipc_client.c
- create mode 100644 components/service/attestation/reporter/psa_ipc/component.cmake
- create mode 100644 components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c
- delete mode 100644 external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch
-
-diff --git a/components/service/attestation/client/psa_ipc/component.cmake b/components/service/attestation/client/psa_ipc/component.cmake
-new file mode 100644
-index 000000000000..a5bc6b4a387e
---- /dev/null
-+++ b/components/service/attestation/client/psa_ipc/component.cmake
-@@ -0,0 +1,13 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+	message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+	"${CMAKE_CURRENT_LIST_DIR}/iat_ipc_client.c"
-+	)
-diff --git a/components/service/attestation/client/psa_ipc/iat_ipc_client.c b/components/service/attestation/client/psa_ipc/iat_ipc_client.c
-new file mode 100644
-index 000000000000..30bd0a13a385
---- /dev/null
-+++ b/components/service/attestation/client/psa_ipc/iat_ipc_client.c
-@@ -0,0 +1,86 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <stddef.h>
-+#include <string.h>
-+
-+#include "../psa/iat_client.h"
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <psa/initial_attestation.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+
-+/**
-+ * @brief      The singleton psa_iat_client instance
-+ *
-+ * The psa attestation C API assumes a single backend service provider.
-+ */
-+static struct service_client instance;
-+
-+
-+psa_status_t psa_iat_client_init(struct rpc_caller *caller)
-+{
-+	return service_client_init(&instance, caller);
-+}
-+
-+void psa_iat_client_deinit(void)
-+{
-+	service_client_deinit(&instance);
-+}
-+
-+int psa_iat_client_rpc_status(void)
-+{
-+	return instance.rpc_status;
-+}
-+
-+psa_status_t psa_initial_attest_get_token(const uint8_t *auth_challenge,
-+					  size_t challenge_size,
-+					  uint8_t *token_buf,
-+					  size_t token_buf_size,
-+					  size_t *token_size)
-+{
-+	psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
-+	struct rpc_caller *caller = instance.caller;
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_const_to_u32(auth_challenge), .len = challenge_size},
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(token_buf), .len = token_buf_size},
-+	};
-+
-+	if (!token_buf || !token_buf_size)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	status = psa_call(caller, TFM_ATTESTATION_SERVICE_HANDLE,
-+			  TFM_ATTEST_GET_TOKEN, in_vec, IOVEC_LEN(in_vec),
-+			  out_vec, IOVEC_LEN(out_vec));
-+	if (status == PSA_SUCCESS) {
-+		*token_size = out_vec[0].len;
-+	}
-+
-+	return status;
-+}
-+
-+psa_status_t psa_initial_attest_get_token_size(size_t challenge_size,
-+						size_t *token_size)
-+{
-+	struct rpc_caller *caller = instance.caller;
-+	psa_status_t status;
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&challenge_size), .len = sizeof(uint32_t)}
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(token_size), .len = sizeof(uint32_t)}
-+	};
-+
-+	status = psa_call(caller, TFM_ATTESTATION_SERVICE_HANDLE,
-+			  TFM_ATTEST_GET_TOKEN_SIZE,
-+			  in_vec, IOVEC_LEN(in_vec),
-+			  out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-diff --git a/components/service/attestation/reporter/psa_ipc/component.cmake b/components/service/attestation/reporter/psa_ipc/component.cmake
-new file mode 100644
-index 000000000000..b37830c618fe
---- /dev/null
-+++ b/components/service/attestation/reporter/psa_ipc/component.cmake
-@@ -0,0 +1,13 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+	message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+	"${CMAKE_CURRENT_LIST_DIR}/psa_ipc_attest_report.c"
-+	)
-diff --git a/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c b/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c
-new file mode 100644
-index 000000000000..15805e8ed4b1
---- /dev/null
-+++ b/components/service/attestation/reporter/psa_ipc/psa_ipc_attest_report.c
-@@ -0,0 +1,45 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+/**
-+ * A attestation reporter for psa ipc
-+ */
-+
-+#include <stddef.h>
-+#include <psa/error.h>
-+#include <service/attestation/reporter/attest_report.h>
-+#include <psa/initial_attestation.h>
-+
-+#define TOKEN_BUF_SIZE	1024
-+
-+static uint8_t token_buf[TOKEN_BUF_SIZE];
-+
-+int attest_report_create(int32_t client_id, const uint8_t *auth_challenge_data,
-+			 size_t auth_challenge_len, const uint8_t **report,
-+			 size_t *report_len)
-+{
-+	*report = token_buf;
-+	psa_status_t ret;
-+	size_t token_size = 0;
-+
-+	ret = psa_initial_attest_get_token(auth_challenge_data,
-+					   auth_challenge_len, token_buf,
-+					   TOKEN_BUF_SIZE, &token_size);
-+	if (ret != PSA_SUCCESS) {
-+		*report = NULL;
-+		*report_len = 0;
-+		return ret;
-+	}
-+
-+	*report_len = token_size;
-+
-+	return PSA_SUCCESS;
-+}
-+
-+void attest_report_destroy(const uint8_t *report)
-+{
-+	(void)report;
-+}
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index aaa973c6e987..833f5039425f 100644
---- a/components/service/common/include/psa/sid.h
-+++ b/components/service/common/include/psa/sid.h
-@@ -50,6 +50,10 @@ extern "C" {
- #define TFM_ATTESTATION_SERVICE_VERSION                            (1U)
- #define TFM_ATTESTATION_SERVICE_HANDLE                             (0x40000103U)
- 
-+/* Initial Attestation message types that distinguish Attest services. */
-+#define TFM_ATTEST_GET_TOKEN       1001
-+#define TFM_ATTEST_GET_TOKEN_SIZE  1002
-+
- /******** TFM_SP_FWU ********/
- #define TFM_FWU_WRITE_SID                                          (0x000000A0U)
- #define TFM_FWU_WRITE_VERSION                                      (1U)
-diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
-index 57290056d614..4b8cceccbe4d 100644
---- a/deployments/se-proxy/common/service_proxy_factory.c
-+++ b/deployments/se-proxy/common/service_proxy_factory.c
-@@ -23,12 +23,18 @@ struct openamp_caller openamp;
- struct rpc_interface *attest_proxy_create(void)
- {
- 	struct rpc_interface *attest_iface;
-+	struct rpc_caller *attest_caller;
- 
- 	/* Static objects for proxy instance */
- 	static struct attest_provider attest_provider;
- 
-+	attest_caller = openamp_caller_init(&openamp);
-+	if (!attest_caller)
-+		return NULL;
-+
- 	/* Initialize the service provider */
- 	attest_iface = attest_provider_init(&attest_provider);
-+	psa_iat_client_init(&openamp.rpc_caller);
- 
- 	attest_provider_register_serializer(&attest_provider,
- 		TS_RPC_ENCODING_PACKED_C, packedc_attest_provider_serializer_instance());
-diff --git a/deployments/se-proxy/se-proxy.cmake b/deployments/se-proxy/se-proxy.cmake
-index cd51460406ca..3dbbc36c968d 100644
---- a/deployments/se-proxy/se-proxy.cmake
-+++ b/deployments/se-proxy/se-proxy.cmake
-@@ -49,14 +49,15 @@ add_components(TARGET "se-proxy"
- 		"components/service/attestation/include"
- 		"components/service/attestation/provider"
- 		"components/service/attestation/provider/serializer/packed-c"
-+		"components/service/attestation/reporter/psa_ipc"
-+		"components/service/attestation/client/psa_ipc"
- 		"components/rpc/openamp/caller/sp"
- 
- 		# Stub service provider backends
- 		"components/rpc/dummy"
- 		"components/rpc/common/caller"
--		"components/service/attestation/reporter/stub"
--		"components/service/attestation/key_mngr/stub"
--		"components/service/crypto/backend/stub"
-+		"components/service/attestation/key_mngr/local"
-+		"components/service/crypto/backend/psa_ipc"
- 		"components/service/crypto/client/psa"
- 		"components/service/secure_storage/backend/mock_store"
- )
-diff --git a/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch b/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch
-deleted file mode 100644
-index 6664961ab662..000000000000
---- a/external/psa_arch_tests/0001-Disable-using-hard-coded-attestation-key.patch
-+++ /dev/null
-@@ -1,29 +0,0 @@
--From dbd25f94eb62a9855bf342dd97503a49ea50f83e Mon Sep 17 00:00:00 2001
--From: Gyorgy Szing <Gyorgy.Szing@arm.com>
--Date: Tue, 8 Feb 2022 17:06:37 +0000
--Subject: [PATCH 1/1] Disable using hard-coded attestation key
--
--Modify platform config to disable using a hard-coded attestation
--key.
--
--Signed-off-by: Gyorgy Szing <Gyorgy.Szing@arm.com>
-----
-- api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h | 2 +-
-- 1 file changed, 1 insertion(+), 1 deletion(-)
--
--diff --git a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h
--index 6112ba7..1cdf581 100755
----- a/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h
--+++ b/api-tests/platform/targets/tgt_dev_apis_linux/nspe/pal_config.h
--@@ -60,7 +60,7 @@ typedef uint32_t            cfg_id_t;
-- #define CRYPTO_VERSION_BETA3
-- 
-- /* Use hardcoded public key */
---#define PLATFORM_OVERRIDE_ATTEST_PK
--+//#define PLATFORM_OVERRIDE_ATTEST_PK
-- 
-- /*
--  * Include of PSA defined Header files
---- 
--2.17.1
--
-diff --git a/external/psa_arch_tests/psa_arch_tests.cmake b/external/psa_arch_tests/psa_arch_tests.cmake
-index a8b77a1fc05e..1995df3e0b49 100644
---- a/external/psa_arch_tests/psa_arch_tests.cmake
-+++ b/external/psa_arch_tests/psa_arch_tests.cmake
-@@ -15,10 +15,6 @@ set(GIT_OPTIONS
- 	GIT_REPOSITORY ${PSA_ARCH_TESTS_URL}
- 	GIT_TAG ${PSA_ARCH_TESTS_REFSPEC}
- 	GIT_SHALLOW FALSE
--	PATCH_COMMAND git stash
--		COMMAND git tag -f ts-before-am
--		COMMAND git am ${CMAKE_CURRENT_LIST_DIR}/0001-Disable-using-hard-coded-attestation-key.patch
--		COMMAND git reset ts-before-am
- )
- 
- # Ensure list of defines is separated correctly
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch
deleted file mode 100644
index 5803cc17..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch
+++ /dev/null
@@ -1,163 +0,0 @@ 
-From 4240977f7c38950f5edb316bb08ae05cb7b99875 Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Thu, 9 Dec 2021 14:11:06 +0000
-Subject: [PATCH 11/20] Setup its backend as openamp rpc using secure storage
- ipc implementation.
-
-Upstream-Status: Pending
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- components/service/common/include/psa/sid.h   | 12 +++++-----
- .../secure_storage_ipc/secure_storage_ipc.c   | 20 ++++++++---------
- .../secure_storage_ipc/secure_storage_ipc.h   |  1 +
- .../se-proxy/common/service_proxy_factory.c   | 22 +++++++++++++------
- 4 files changed, 32 insertions(+), 23 deletions(-)
-
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index 833f5039425f..4a951d4a3502 100644
---- a/components/service/common/include/psa/sid.h
-+++ b/components/service/common/include/psa/sid.h
-@@ -20,12 +20,12 @@ extern "C" {
- /* Invalid UID */
- #define TFM_PS_INVALID_UID 0
- 
--/* PS message types that distinguish PS services. */
--#define TFM_PS_SET                1001
--#define TFM_PS_GET                1002
--#define TFM_PS_GET_INFO           1003
--#define TFM_PS_REMOVE             1004
--#define TFM_PS_GET_SUPPORT        1005
-+/* PS / ITS message types that distinguish PS services. */
-+#define TFM_PS_ITS_SET                1001
-+#define TFM_PS_ITS_GET                1002
-+#define TFM_PS_ITS_GET_INFO           1003
-+#define TFM_PS_ITS_REMOVE             1004
-+#define TFM_PS_ITS_GET_SUPPORT        1005
- 
- /******** TFM_SP_ITS ********/
- #define TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_SID                   (0x00000070U)
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-index bda442a61d5c..0e1b48c0d2e2 100644
---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.c
-@@ -31,8 +31,8 @@ static psa_status_t secure_storage_ipc_set(void *context, uint32_t client_id,
- 
- 	ipc->client.rpc_status = TS_RPC_CALL_ACCEPTED;
- 
--	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
--			      TFM_PS_SET, in_vec, IOVEC_LEN(in_vec), NULL, 0);
-+	psa_status = psa_call(caller, ipc->service_handle, TFM_PS_ITS_SET,
-+			      in_vec, IOVEC_LEN(in_vec), NULL, 0);
- 	if (psa_status < 0)
- 		EMSG("ipc_set: psa_call failed: %d", psa_status);
- 
-@@ -65,8 +65,8 @@ static psa_status_t secure_storage_ipc_get(void *context,
- 		return PSA_ERROR_INVALID_ARGUMENT;
- 	}
- 
--	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
--			      TFM_PS_GET, in_vec, IOVEC_LEN(in_vec),
-+	psa_status = psa_call(caller, ipc->service_handle,
-+			      TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec),
- 			      out_vec, IOVEC_LEN(out_vec));
- 	if (psa_status == PSA_SUCCESS)
- 		*p_data_length = out_vec[0].len;
-@@ -92,8 +92,8 @@ static psa_status_t secure_storage_ipc_get_info(void *context,
- 
- 	(void)client_id;
- 
--	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
--			      TFM_PS_GET_INFO, in_vec,
-+	psa_status = psa_call(caller, ipc->service_handle,
-+			      TFM_PS_ITS_GET_INFO, in_vec,
- 			      IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
- 	if (psa_status != PSA_SUCCESS)
- 		EMSG("ipc_get_info: failed to psa_call: %d", psa_status);
-@@ -115,8 +115,8 @@ static psa_status_t secure_storage_ipc_remove(void *context,
- 
- 	(void)client_id;
- 
--	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
--			      TFM_PS_REMOVE, in_vec,
-+	psa_status = psa_call(caller, ipc->service_handle,
-+			      TFM_PS_ITS_REMOVE, in_vec,
- 			      IOVEC_LEN(in_vec), NULL, 0);
- 	if (psa_status != PSA_SUCCESS)
- 		EMSG("ipc_remove: failed to psa_call: %d", psa_status);
-@@ -169,8 +169,8 @@ static uint32_t secure_storage_get_support(void *context, uint32_t client_id)
- 
- 	(void)client_id;
- 
--	psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
--			      TFM_PS_GET_SUPPORT, NULL, 0,
-+	psa_status = psa_call(caller, ipc->service_handle,
-+			      TFM_PS_ITS_GET_SUPPORT, NULL, 0,
- 			      out_vec, IOVEC_LEN(out_vec));
- 	if (psa_status != PSA_SUCCESS)
- 		EMSG("ipc_get_support: failed to psa_call: %d", psa_status);
-diff --git a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-index e8c1e8fd2f92..d9949f6a9305 100644
---- a/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-+++ b/components/service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h
-@@ -21,6 +21,7 @@ struct secure_storage_ipc
- {
-     struct storage_backend backend;
-     struct service_client client;
-+    int32_t service_handle;
- };
- 
- /**
-diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
-index 4b8cceccbe4d..1110ac46bf8b 100644
---- a/deployments/se-proxy/common/service_proxy_factory.c
-+++ b/deployments/se-proxy/common/service_proxy_factory.c
-@@ -5,6 +5,7 @@
-  */
- 
- #include <stddef.h>
-+#include <psa/sid.h>
- #include <rpc/common/endpoint/rpc_interface.h>
- #include <rpc/openamp/caller/sp/openamp_caller.h>
- #include <service/attestation/provider/attest_provider.h>
-@@ -60,23 +61,30 @@ struct rpc_interface *ps_proxy_create(void)
- {
- 	static struct secure_storage_provider ps_provider;
- 	static struct secure_storage_ipc ps_backend;
--	static struct rpc_caller *storage_caller;
-+	struct rpc_caller *storage_caller;
- 	struct storage_backend *backend;
- 
- 	storage_caller = openamp_caller_init(&openamp);
- 	if (!storage_caller)
- 		return NULL;
- 	backend = secure_storage_ipc_init(&ps_backend, &openamp.rpc_caller);
-+	ps_backend.service_handle = TFM_PROTECTED_STORAGE_SERVICE_HANDLE;
- 
- 	return secure_storage_provider_init(&ps_provider, backend);
- }
- 
- struct rpc_interface *its_proxy_create(void)
- {
--	static struct mock_store its_backend;
--	static struct secure_storage_provider its_provider;
--
--	struct storage_backend *backend = mock_store_init(&its_backend);
--
--	return secure_storage_provider_init(&its_provider, backend);
-+        static struct secure_storage_provider its_provider;
-+        static struct secure_storage_ipc its_backend;
-+        struct rpc_caller *storage_caller;
-+        struct storage_backend *backend;
-+ 
-+        storage_caller = openamp_caller_init(&openamp);
-+        if (!storage_caller)
-+        	return NULL;
-+        backend = secure_storage_ipc_init(&its_backend, &openamp.rpc_caller);
-+        its_backend.service_handle = TFM_INTERNAL_TRUSTED_STORAGE_SERVICE_HANDLE;
-+ 
-+        return secure_storage_provider_init(&its_provider, backend);
- }
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch
deleted file mode 100644
index 67ea7b8c..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-add-psa-ipc-crypto-backend.patch
+++ /dev/null
@@ -1,2570 +0,0 @@ 
-From 0b5d96b1a9f927dc141047600edf2249af7022c5 Mon Sep 17 00:00:00 2001
-From: Rui Miguel Silva <rui.silva@linaro.org>
-Date: Thu, 9 Dec 2021 14:17:39 +0000
-Subject: [PATCH 12/20] add psa ipc crypto backend
-
-Add psa ipc crypto backend and attach it to se proxy
-deployment.
-
-Upstream-Status: Pending
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- components/service/common/include/psa/sid.h   |  73 +++++
- .../crypto/backend/psa_ipc/component.cmake    |  21 ++
- .../backend/psa_ipc/crypto_ipc_backend.c      |  26 ++
- .../backend/psa_ipc/crypto_ipc_backend.h      |  70 ++++
- .../client/caller/psa_ipc/crypto_caller.h     |  34 ++
- .../caller/psa_ipc/crypto_caller_aead.h       | 252 +++++++++++++++
- .../crypto_caller_asymmetric_decrypt.h        |  76 +++++
- .../crypto_caller_asymmetric_encrypt.h        |  76 +++++
- .../caller/psa_ipc/crypto_caller_cipher.h     | 246 +++++++++++++++
- .../caller/psa_ipc/crypto_caller_copy_key.h   |  57 ++++
- .../psa_ipc/crypto_caller_destroy_key.h       |  51 +++
- .../caller/psa_ipc/crypto_caller_export_key.h |  59 ++++
- .../psa_ipc/crypto_caller_export_public_key.h |  59 ++++
- .../psa_ipc/crypto_caller_generate_key.h      |  55 ++++
- .../psa_ipc/crypto_caller_generate_random.h   |  57 ++++
- .../crypto_caller_get_key_attributes.h        |  56 ++++
- .../caller/psa_ipc/crypto_caller_hash.h       | 220 +++++++++++++
- .../caller/psa_ipc/crypto_caller_import_key.h |  57 ++++
- .../psa_ipc/crypto_caller_key_attributes.h    |  51 +++
- .../psa_ipc/crypto_caller_key_derivation.h    | 298 ++++++++++++++++++
- .../client/caller/psa_ipc/crypto_caller_mac.h | 207 ++++++++++++
- .../caller/psa_ipc/crypto_caller_purge_key.h  |  51 +++
- .../caller/psa_ipc/crypto_caller_sign_hash.h  |  64 ++++
- .../psa_ipc/crypto_caller_verify_hash.h       |  59 ++++
- .../crypto/include/psa/crypto_client_struct.h |   8 +-
- .../service/crypto/include/psa/crypto_sizes.h |   2 +-
- .../se-proxy/common/service_proxy_factory.c   |  15 +-
- .../providers/arm/corstone1000/platform.cmake |   2 +
- 28 files changed, 2292 insertions(+), 10 deletions(-)
- create mode 100644 components/service/crypto/backend/psa_ipc/component.cmake
- create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c
- create mode 100644 components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
- create mode 100644 components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index 4a951d4a3502..7a29cc253bad 100644
---- a/components/service/common/include/psa/sid.h
-+++ b/components/service/common/include/psa/sid.h
-@@ -37,6 +37,79 @@ extern "C" {
- #define TFM_CRYPTO_VERSION                                         (1U)
- #define TFM_CRYPTO_HANDLE                                          (0x40000100U)
- 
-+/**
-+ * \brief Define a progressive numerical value for each SID which can be used
-+ *        when dispatching the requests to the service
-+ */
-+enum {
-+    TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID = (0u),
-+    TFM_CRYPTO_RESET_KEY_ATTRIBUTES_SID,
-+    TFM_CRYPTO_OPEN_KEY_SID,
-+    TFM_CRYPTO_CLOSE_KEY_SID,
-+    TFM_CRYPTO_IMPORT_KEY_SID,
-+    TFM_CRYPTO_DESTROY_KEY_SID,
-+    TFM_CRYPTO_EXPORT_KEY_SID,
-+    TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
-+    TFM_CRYPTO_PURGE_KEY_SID,
-+    TFM_CRYPTO_COPY_KEY_SID,
-+    TFM_CRYPTO_HASH_COMPUTE_SID,
-+    TFM_CRYPTO_HASH_COMPARE_SID,
-+    TFM_CRYPTO_HASH_SETUP_SID,
-+    TFM_CRYPTO_HASH_UPDATE_SID,
-+    TFM_CRYPTO_HASH_FINISH_SID,
-+    TFM_CRYPTO_HASH_VERIFY_SID,
-+    TFM_CRYPTO_HASH_ABORT_SID,
-+    TFM_CRYPTO_HASH_CLONE_SID,
-+    TFM_CRYPTO_MAC_COMPUTE_SID,
-+    TFM_CRYPTO_MAC_VERIFY_SID,
-+    TFM_CRYPTO_MAC_SIGN_SETUP_SID,
-+    TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
-+    TFM_CRYPTO_MAC_UPDATE_SID,
-+    TFM_CRYPTO_MAC_SIGN_FINISH_SID,
-+    TFM_CRYPTO_MAC_VERIFY_FINISH_SID,
-+    TFM_CRYPTO_MAC_ABORT_SID,
-+    TFM_CRYPTO_CIPHER_ENCRYPT_SID,
-+    TFM_CRYPTO_CIPHER_DECRYPT_SID,
-+    TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
-+    TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
-+    TFM_CRYPTO_CIPHER_GENERATE_IV_SID,
-+    TFM_CRYPTO_CIPHER_SET_IV_SID,
-+    TFM_CRYPTO_CIPHER_UPDATE_SID,
-+    TFM_CRYPTO_CIPHER_FINISH_SID,
-+    TFM_CRYPTO_CIPHER_ABORT_SID,
-+    TFM_CRYPTO_AEAD_ENCRYPT_SID,
-+    TFM_CRYPTO_AEAD_DECRYPT_SID,
-+    TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
-+    TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
-+    TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
-+    TFM_CRYPTO_AEAD_SET_NONCE_SID,
-+    TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
-+    TFM_CRYPTO_AEAD_UPDATE_AD_SID,
-+    TFM_CRYPTO_AEAD_UPDATE_SID,
-+    TFM_CRYPTO_AEAD_FINISH_SID,
-+    TFM_CRYPTO_AEAD_VERIFY_SID,
-+    TFM_CRYPTO_AEAD_ABORT_SID,
-+    TFM_CRYPTO_SIGN_MESSAGE_SID,
-+    TFM_CRYPTO_VERIFY_MESSAGE_SID,
-+    TFM_CRYPTO_SIGN_HASH_SID,
-+    TFM_CRYPTO_VERIFY_HASH_SID,
-+    TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
-+    TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_SETUP_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID,
-+    TFM_CRYPTO_KEY_DERIVATION_ABORT_SID,
-+    TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
-+    TFM_CRYPTO_GENERATE_RANDOM_SID,
-+    TFM_CRYPTO_GENERATE_KEY_SID,
-+    TFM_CRYPTO_SID_MAX,
-+};
-+
- /******** TFM_SP_PLATFORM ********/
- #define TFM_SP_PLATFORM_SYSTEM_RESET_SID                           (0x00000040U)
- #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION                       (1U)
-diff --git a/components/service/crypto/backend/psa_ipc/component.cmake b/components/service/crypto/backend/psa_ipc/component.cmake
-new file mode 100644
-index 000000000000..93c297a83ac6
---- /dev/null
-+++ b/components/service/crypto/backend/psa_ipc/component.cmake
-@@ -0,0 +1,21 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+	message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+	"${CMAKE_CURRENT_LIST_DIR}/crypto_ipc_backend.c"
-+	)
-+
-+# The ipc crypto backend uses the psa crypto client to realize the
-+# psa crypto API that the crypto provider depends on.  This define
-+# configures the psa crypto client to be built with the ipc crypto
-+# caller.
-+target_compile_definitions(${TGT} PRIVATE
-+	PSA_CRYPTO_CLIENT_CALLER_SELECTION_H="service/crypto/client/caller/psa_ipc/crypto_caller.h"
-+)
-diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c
-new file mode 100644
-index 000000000000..e47cd4ffb4ce
---- /dev/null
-+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.c
-@@ -0,0 +1,26 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <stddef.h>
-+#include <psa/crypto.h>
-+#include <service/crypto/client/psa/psa_crypto_client.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include "crypto_ipc_backend.h"
-+
-+psa_status_t crypto_ipc_backend_init(struct rpc_caller *caller)
-+{
-+	psa_status_t status = psa_crypto_client_init(caller);
-+
-+	if (status == PSA_SUCCESS)
-+		status = psa_crypto_init();
-+
-+	return status;
-+}
-+
-+void crypto_ipc_backend_deinit(void)
-+{
-+	psa_crypto_client_deinit();
-+}
-diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-new file mode 100644
-index 000000000000..c13c20e84131
---- /dev/null
-+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-@@ -0,0 +1,70 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef CRYPTO_IPC_BACKEND_H
-+#define CRYPTO_IPC_BACKEND_H
-+
-+#include <service/crypto/client/psa/psa_crypto_client.h>
-+#include <psa/error.h>
-+#include <rpc_caller.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/**
-+ * \brief This type is used to overcome a limitation in the number of maximum
-+ *        IOVECs that can be used especially in psa_aead_encrypt and
-+ *        psa_aead_decrypt. To be removed in case the AEAD APIs number of
-+ *        parameters passed gets restructured
-+ */
-+#define TFM_CRYPTO_MAX_NONCE_LENGTH (16u)
-+struct psa_ipc_crypto_aead_pack_input {
-+	uint8_t nonce[TFM_CRYPTO_MAX_NONCE_LENGTH];
-+	uint32_t nonce_length;
-+};
-+
-+struct psa_ipc_crypto_pack_iovec {
-+	uint32_t sfn_id;             /*!< Secure function ID used to dispatch the
-+				      *   request
-+				      */
-+	uint16_t step;               /*!< Key derivation step */
-+	psa_key_id_t key_id;         /*!< Key id */
-+	psa_algorithm_t alg;         /*!< Algorithm */
-+	uint32_t op_handle;          /*!< Frontend context handle associated to a
-+				      *   multipart operation
-+				      */
-+	uint32_t capacity;             /*!< Key derivation capacity */
-+
-+	struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for
-+							    *   AEAD until the API is
-+							    *   restructured
-+							    */
-+};
-+
-+#define iov_size sizeof(struct psa_ipc_crypto_pack_iovec)
-+
-+/**
-+ * \brief Initialize the psa ipc crypto backend
-+ *
-+ * Initializes a crypto backend that uses the psa API client with a
-+ * psa_ipc_backend caller to realize the PSA crypto API used by the crypto
-+ * service proviser.
-+ *
-+ * \return PSA_SUCCESS if backend initialized successfully
-+ */
-+psa_status_t crypto_ipc_backend_init(struct rpc_caller *caller);
-+
-+/**
-+ * \brief Clean-up to free any resource used by the crypto backend
-+ */
-+void crypto_ipc_backend_deinit(void);
-+
-+#ifdef __cplusplus
-+} /* extern "C" */
-+#endif
-+
-+#endif /* CRYPTO_IPC_BACKEND_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller.h
-new file mode 100644
-index 000000000000..0a972187062f
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller.h
-@@ -0,0 +1,34 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_H
-+#define PSA_IPC_CRYPTO_CALLER_H
-+
-+/**
-+ * Includes all header files that form the psa ipc crypto caller
-+ * interface.  May be used by a client that needs to call operations
-+ * provided by a crypto service instance using the psa ipc interface.
-+ */
-+#include "crypto_caller_aead.h"
-+#include "crypto_caller_asymmetric_decrypt.h"
-+#include "crypto_caller_asymmetric_encrypt.h"
-+#include "crypto_caller_cipher.h"
-+#include "crypto_caller_copy_key.h"
-+#include "crypto_caller_destroy_key.h"
-+#include "crypto_caller_export_key.h"
-+#include "crypto_caller_export_public_key.h"
-+#include "crypto_caller_generate_key.h"
-+#include "crypto_caller_generate_random.h"
-+#include "crypto_caller_get_key_attributes.h"
-+#include "crypto_caller_hash.h"
-+#include "crypto_caller_import_key.h"
-+#include "crypto_caller_key_derivation.h"
-+#include "crypto_caller_mac.h"
-+#include "crypto_caller_purge_key.h"
-+#include "crypto_caller_sign_hash.h"
-+#include "crypto_caller_verify_hash.h"
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-new file mode 100644
-index 000000000000..78517fe32ca9
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-@@ -0,0 +1,252 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_AEAD_H
-+#define PSA_IPC_CRYPTO_CALLER_AEAD_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_aead_encrypt(
-+					      struct service_client *context,
-+					      psa_key_id_t key,
-+					      psa_algorithm_t alg,
-+					      const uint8_t *nonce,
-+					      size_t nonce_length,
-+					      const uint8_t *additional_data,
-+					      size_t additional_data_length,
-+					      const uint8_t *plaintext,
-+					      size_t plaintext_length,
-+					      uint8_t *aeadtext,
-+					      size_t aeadtext_size,
-+					      size_t *aeadtext_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	size_t in_len;
-+	int i;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SID,
-+		.key_id = key,
-+		.alg = alg,
-+		.aead_in = { .nonce = {0}, .nonce_length = nonce_length },
-+	};
-+
-+	if (!additional_data && additional_data_length)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(plaintext),
-+			.len = plaintext_length },
-+		{ .base = psa_ptr_const_to_u32(additional_data),
-+			.len = additional_data_length},
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(aeadtext), .len = aeadtext_size },
-+	};
-+
-+	if (nonce_length > TFM_CRYPTO_MAX_NONCE_LENGTH)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	if (nonce) {
-+		for (i = 0; i < nonce_length; i++)
-+			iov.aead_in.nonce[i] = nonce[i];
-+	}
-+
-+	in_len = IOVEC_LEN(in_vec);
-+
-+	if (!additional_data)
-+		in_len--;
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  in_len, out_vec, IOVEC_LEN(out_vec));
-+
-+	*aeadtext_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_decrypt(
-+					      struct service_client *context,
-+					      psa_key_id_t key,
-+					      psa_algorithm_t alg,
-+					      const uint8_t *nonce,
-+					      size_t nonce_length,
-+					      const uint8_t *additional_data,
-+					      size_t additional_data_length,
-+					      const uint8_t *aeadtext,
-+					      size_t aeadtext_length,
-+					      uint8_t *plaintext,
-+					      size_t plaintext_size,
-+					      size_t *plaintext_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	size_t in_len;
-+	int i;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SID,
-+		.key_id = key,
-+		.alg = alg,
-+		.aead_in = { .nonce = {0}, .nonce_length = nonce_length },
-+	};
-+
-+	if (!additional_data && additional_data_length)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(aeadtext),
-+			.len = aeadtext_length },
-+		{ .base = psa_ptr_const_to_u32(additional_data),
-+			.len = additional_data_length},
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(plaintext), .len = plaintext_size },
-+	};
-+
-+	if (nonce_length > TFM_CRYPTO_MAX_NONCE_LENGTH)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	if (nonce) {
-+		for (i = 0; i < nonce_length; i++)
-+			iov.aead_in.nonce[i] = nonce[i];
-+	}
-+
-+	in_len = IOVEC_LEN(in_vec);
-+
-+	if (!additional_data)
-+		in_len--;
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  in_len, out_vec, IOVEC_LEN(out_vec));
-+
-+	*plaintext_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_encrypt_setup(
-+					    struct service_client *context,
-+					    uint32_t *op_handle,
-+					    psa_key_id_t key,
-+					    psa_algorithm_t alg)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_decrypt_setup(
-+					    struct service_client *context,
-+					    uint32_t *op_handle,
-+					    psa_key_id_t key,
-+					    psa_algorithm_t alg)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_generate_nonce(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     uint8_t *nonce,
-+					     size_t nonce_size,
-+					     size_t *nonce_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_set_nonce(
-+						struct service_client *context,
-+						uint32_t op_handle,
-+						const uint8_t *nonce,
-+						size_t nonce_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_set_lengths(
-+					  struct service_client *context,
-+					  uint32_t op_handle,
-+					  size_t ad_length,
-+					  size_t plaintext_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_update_ad(
-+						struct service_client *context,
-+						uint32_t op_handle,
-+						const uint8_t *input,
-+						size_t input_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_update(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     const uint8_t *input,
-+					     size_t input_length,
-+					     uint8_t *output,
-+					     size_t output_size,
-+					     size_t *output_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_finish(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     uint8_t *aeadtext,
-+					     size_t aeadtext_size,
-+					     size_t *aeadtext_length,
-+					     uint8_t *tag,
-+					     size_t tag_size,
-+					     size_t *tag_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_verify(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     uint8_t *plaintext,
-+					     size_t plaintext_size,
-+					     size_t *plaintext_length,
-+					     const uint8_t *tag,
-+					     size_t tag_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_aead_abort(
-+					    struct service_client *context,
-+					    uint32_t op_handle)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_AEAD_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
-new file mode 100644
-index 000000000000..ff01815c09e9
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_decrypt.h
-@@ -0,0 +1,76 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H
-+#define PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_asymmetric_decrypt(
-+				    struct service_client *context,
-+				    psa_key_id_t id,
-+				    psa_algorithm_t alg,
-+				    const uint8_t *input, size_t input_length,
-+				    const uint8_t *salt, size_t salt_length,
-+				    uint8_t *output, size_t output_size,
-+				    size_t *output_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	size_t in_len;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_ASYMMETRIC_DECRYPT_SID,
-+		.key_id = id,
-+		.alg = alg,
-+	};
-+
-+	/* Sanitize optional input */
-+	if (!salt && salt_length)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(input), .len = input_length },
-+		{ .base = psa_ptr_const_to_u32(salt), .len = salt_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(output), .len = output_size },
-+	};
-+
-+
-+	in_len = IOVEC_LEN(in_vec);
-+	if (!salt)
-+		in_len--;
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  in_len, out_vec, IOVEC_LEN(out_vec));
-+
-+	*output_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_DECRYPT_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
-new file mode 100644
-index 000000000000..1daf1689c076
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_asymmetric_encrypt.h
-@@ -0,0 +1,76 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H
-+#define PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_asymmetric_encrypt(
-+				    struct service_client *context,
-+				    psa_key_id_t id,
-+				    psa_algorithm_t alg,
-+				    const uint8_t *input, size_t input_length,
-+				    const uint8_t *salt, size_t salt_length,
-+				    uint8_t *output, size_t output_size,
-+				    size_t *output_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	size_t in_len;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_ASYMMETRIC_ENCRYPT_SID,
-+		.key_id = id,
-+		.alg = alg,
-+	};
-+
-+	/* Sanitize optional input */
-+	if (!salt && salt_length)
-+		return PSA_ERROR_INVALID_ARGUMENT;
-+
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(input), .len = input_length },
-+		{ .base = psa_ptr_const_to_u32(salt), .len = salt_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(output), .len = output_size },
-+	};
-+
-+
-+	in_len = IOVEC_LEN(in_vec);
-+	if (!salt)
-+		in_len--;
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  in_len, out_vec, IOVEC_LEN(out_vec));
-+
-+	*output_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_ASYMMETRIC_ENCRYPT_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-new file mode 100644
-index 000000000000..fbefb28d813a
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_cipher.h
-@@ -0,0 +1,246 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_CIPHER_H
-+#define PSA_IPC_CRYPTO_CALLER_CIPHER_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_cipher_encrypt_setup(
-+					      struct service_client *context,
-+					      uint32_t *op_handle,
-+					      psa_key_id_t key,
-+					      psa_algorithm_t alg)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_CIPHER_ENCRYPT_SETUP_SID,
-+		.key_id = key,
-+		.alg = alg,
-+		.op_handle = *op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_decrypt_setup(
-+					      struct service_client *context,
-+					      uint32_t *op_handle,
-+					      psa_key_id_t key,
-+					      psa_algorithm_t alg)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_CIPHER_DECRYPT_SETUP_SID,
-+		.key_id = key,
-+		.alg = alg,
-+		.op_handle = *op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_generate_iv(
-+					    struct service_client *context,
-+					    uint32_t op_handle,
-+					    uint8_t *iv,
-+					    size_t iv_size,
-+					    size_t *iv_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_CIPHER_GENERATE_IV_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+		{ .base = psa_ptr_to_u32(iv), .len = iv_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*iv_length = out_vec[1].len;
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_set_iv(
-+					       struct service_client *context,
-+					       uint32_t op_handle,
-+					       const uint8_t *iv,
-+					       size_t iv_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_CIPHER_SET_IV_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(iv), .len = iv_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_update(
-+					       struct service_client *context,
-+					       uint32_t op_handle,
-+					       const uint8_t *input,
-+					       size_t input_length,
-+					       uint8_t *output,
-+					       size_t output_size,
-+					       size_t *output_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_CIPHER_UPDATE_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(input), .len = input_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+		{ .base = psa_ptr_to_u32(output), .len = output_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*output_length = out_vec[1].len;
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_finish(
-+					       struct service_client *context,
-+					       uint32_t op_handle,
-+					       uint8_t *output,
-+					       size_t output_size,
-+					       size_t *output_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_CIPHER_FINISH_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+		{ .base = psa_ptr_to_u32(output), .len = output_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*output_length = out_vec[1].len;
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_cipher_abort(
-+					      struct service_client *context,
-+					      uint32_t op_handle)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_CIPHER_ABORT_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline size_t crypto_caller_cipher_max_update_size(const struct service_client *context)
-+{
-+	/* Returns the maximum number of bytes that may be
-+	 * carried as a parameter of the cipher_update operation
-+	 * using the ipc encoding.
-+	 */
-+	size_t payload_space = context->service_info.max_payload;
-+	size_t overhead = iov_size;
-+
-+	/* Allow for output to be a whole number of blocks */
-+	overhead += PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE;
-+
-+	return (payload_space > overhead) ? payload_space - overhead : 0;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_CIPHER_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
-new file mode 100644
-index 000000000000..9a988171b098
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_copy_key.h
-@@ -0,0 +1,57 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_COPY_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_COPY_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_copy_key(struct service_client *context,
-+						  psa_key_id_t source_key,
-+						  const psa_key_attributes_t *attributes,
-+						  psa_key_id_t *target_key)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_COPY_KEY_SID,
-+		.key_id = source_key,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+		{ .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(target_key), .len = sizeof(psa_key_id_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_COPY_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
-new file mode 100644
-index 000000000000..d00f4faa7a52
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_destroy_key.h
-@@ -0,0 +1,51 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_destroy_key(struct service_client *context,
-+						     psa_key_id_t id)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_DESTROY_KEY_SID,
-+		.key_id = id,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), NULL, 0);
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_DESTROY_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
-new file mode 100644
-index 000000000000..8ac5477f7b9a
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_key.h
-@@ -0,0 +1,59 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_export_key(struct service_client *context,
-+						    psa_key_id_t id,
-+						    uint8_t *data,
-+						    size_t data_size,
-+						    size_t *data_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_EXPORT_KEY_SID,
-+		.key_id = id,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(data), .len = data_size }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*data_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_EXPORT_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
-new file mode 100644
-index 000000000000..b24c47f1257e
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_export_public_key.h
-@@ -0,0 +1,59 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_export_public_key(struct service_client *context,
-+							   psa_key_id_t id,
-+							   uint8_t *data,
-+							   size_t data_size,
-+							   size_t *data_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_EXPORT_PUBLIC_KEY_SID,
-+		.key_id = id,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(data), .len = data_size }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*data_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_EXPORT_PUBLIC_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
-new file mode 100644
-index 000000000000..1b66ed4020de
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_key.h
-@@ -0,0 +1,55 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_generate_key(struct service_client *context,
-+						      const psa_key_attributes_t *attributes,
-+						      psa_key_id_t *id)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_GENERATE_KEY_SID,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+		{ .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(id), .len = sizeof(psa_key_id_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_GENERATE_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
-new file mode 100644
-index 000000000000..7c538237805a
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_generate_random.h
-@@ -0,0 +1,57 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H
-+#define PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_generate_random(struct service_client *context,
-+							 uint8_t *output,
-+							 size_t output_size)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_GENERATE_RANDOM_SID,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(output), .len = output_size }
-+	};
-+
-+	if (!output_size)
-+		return PSA_SUCCESS;
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_GENERATE_RANDOM_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
-new file mode 100644
-index 000000000000..22f1d18f1476
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_get_key_attributes.h
-@@ -0,0 +1,56 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H
-+#define PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_get_key_attributes(
-+					    struct service_client *context,
-+					    psa_key_id_t key,
-+					    psa_key_attributes_t *attributes)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_GET_KEY_ATTRIBUTES_SID,
-+		.key_id = key,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(attributes), .len = sizeof(psa_key_attributes_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_GET_KEY_ATTRIBUTES_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-new file mode 100644
-index 000000000000..9f37908a2f25
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_hash.h
-@@ -0,0 +1,220 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_HASH_H
-+#define PSA_IPC_CRYPTO_CALLER_HASH_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_hash_setup(
-+					    struct service_client *context,
-+					    uint32_t *op_handle,
-+					    psa_algorithm_t alg)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_HASH_SETUP_SID,
-+		.alg = alg,
-+		.op_handle = *op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_update(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     const uint8_t *input,
-+					     size_t input_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_HASH_UPDATE_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(input), .len = input_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_finish(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     uint8_t *hash,
-+					     size_t hash_size,
-+					     size_t *hash_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_HASH_FINISH_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+		{ .base = psa_ptr_to_u32(hash), .len = hash_size},
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*hash_length = out_vec[1].len;
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_abort(
-+					    struct service_client *context,
-+					    uint32_t op_handle)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_HASH_ABORT_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_verify(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     const uint8_t *hash,
-+					     size_t hash_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_HASH_VERIFY_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(hash), .len = hash_length},
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_clone(
-+					    struct service_client *context,
-+					    uint32_t source_op_handle,
-+					    uint32_t *target_op_handle)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_HASH_CLONE_SID,
-+		.op_handle = source_op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(target_op_handle),
-+			.len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_suspend(struct service_client *context,
-+	uint32_t op_handle,
-+	uint8_t *hash_state,
-+	size_t hash_state_size,
-+	size_t *hash_state_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline psa_status_t crypto_caller_hash_resume(struct service_client *context,
-+	uint32_t op_handle,
-+	const uint8_t *hash_state,
-+	size_t hash_state_length)
-+{
-+	return PSA_ERROR_NOT_SUPPORTED;
-+}
-+
-+static inline size_t crypto_caller_hash_max_update_size(const struct service_client *context)
-+{
-+	/* Returns the maximum number of bytes that may be
-+	 * carried as a parameter of the hash_update operation
-+	 * using the packed-c encoding.
-+	 */
-+	size_t payload_space = context->service_info.max_payload;
-+	size_t overhead = iov_size;
-+
-+	return (payload_space > overhead) ? payload_space - overhead : 0;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_HASH_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
-new file mode 100644
-index 000000000000..d47033662790
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_import_key.h
-@@ -0,0 +1,57 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_IMPORT_KEY_H
-+#define PSA_IPC_CRYPTO_CALLER_IMPORT_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_import_key(struct service_client *context,
-+				    const psa_key_attributes_t *attributes,
-+				    const uint8_t *data, size_t data_length,
-+				    psa_key_id_t *id)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_IMPORT_KEY_SID,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+		{ .base = psa_ptr_const_to_u32(attributes), .len = sizeof(psa_key_attributes_t) },
-+		{ .base = psa_ptr_const_to_u32(data), .len = data_length }
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(id), .len = sizeof(psa_key_id_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PACKEDC_CRYPTO_CALLER_IMPORT_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h
-new file mode 100644
-index 000000000000..2fad2f0a64e6
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_attributes.h
-@@ -0,0 +1,51 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H
-+#define PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H
-+
-+#include <psa/crypto.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline void packedc_crypto_caller_translate_key_attributes_to_proto(
-+	struct ts_crypto_key_attributes *proto_attributes,
-+	const psa_key_attributes_t *psa_attributes)
-+{
-+	proto_attributes->type = psa_get_key_type(psa_attributes);
-+	proto_attributes->key_bits = psa_get_key_bits(psa_attributes);
-+	proto_attributes->lifetime = psa_get_key_lifetime(psa_attributes);
-+	proto_attributes->id = psa_get_key_id(psa_attributes);
-+
-+	proto_attributes->policy.usage = psa_get_key_usage_flags(psa_attributes);
-+	proto_attributes->policy.alg = psa_get_key_algorithm(psa_attributes);
-+ }
-+
-+static inline void packedc_crypto_caller_translate_key_attributes_from_proto(
-+	psa_key_attributes_t *psa_attributes,
-+	const struct ts_crypto_key_attributes *proto_attributes)
-+{
-+	psa_set_key_type(psa_attributes, proto_attributes->type);
-+	psa_set_key_bits(psa_attributes, proto_attributes->key_bits);
-+	psa_set_key_lifetime(psa_attributes, proto_attributes->lifetime);
-+
-+	if (proto_attributes->lifetime == PSA_KEY_LIFETIME_PERSISTENT) {
-+
-+		psa_set_key_id(psa_attributes, proto_attributes->id);
-+	}
-+
-+	psa_set_key_usage_flags(psa_attributes, proto_attributes->policy.usage);
-+	psa_set_key_algorithm(psa_attributes, proto_attributes->policy.alg);
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PACKEDC_CRYPTO_CALLER_KEY_ATTRIBUTES_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
-new file mode 100644
-index 000000000000..5ce4fb6cca82
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_key_derivation.h
-@@ -0,0 +1,298 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H
-+#define PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_key_derivation_setup(
-+					      struct service_client *context,
-+					      uint32_t *op_handle,
-+					      psa_algorithm_t alg)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_SETUP_SID,
-+		.alg = alg,
-+		.op_handle = *op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_get_capacity(
-+					     struct service_client *context,
-+					     const uint32_t op_handle,
-+					     size_t *capacity)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_GET_CAPACITY_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(capacity), .len = sizeof(uint32_t) }
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_set_capacity(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     size_t capacity)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY_SID,
-+		.capacity = capacity,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), NULL, 0);
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_input_bytes(
-+					    struct service_client *context,
-+					    uint32_t op_handle,
-+					    psa_key_derivation_step_t step,
-+					    const uint8_t *data,
-+					    size_t data_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES_SID,
-+		.step = step,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(data), .len = data_length },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), NULL, 0);
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_input_key(
-+					  struct service_client *context,
-+					  uint32_t op_handle,
-+					  psa_key_derivation_step_t step,
-+					  psa_key_id_t key)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY_SID,
-+		.key_id = key,
-+		.step = step,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), NULL, 0);
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_output_bytes(
-+					     struct service_client *context,
-+					     uint32_t op_handle,
-+					     uint8_t *output,
-+					     size_t output_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(output), .len = output_length },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_output_key(
-+				   struct service_client *context,
-+				   const psa_key_attributes_t *attributes,
-+				   uint32_t op_handle,
-+				   psa_key_id_t *key)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(attributes),
-+			.len = sizeof(psa_key_attributes_t) },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(key), .len = sizeof(psa_key_id_t)},
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_abort(
-+					      struct service_client *context,
-+					      uint32_t op_handle)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_ABORT_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_key_derivation_key_agreement(
-+				      struct service_client *context,
-+				      uint32_t op_handle,
-+				      psa_key_derivation_step_t step,
-+				      psa_key_id_t private_key,
-+				      const uint8_t *peer_key,
-+				      size_t peer_key_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT_SID,
-+		.key_id = private_key,
-+		.step = step,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(peer_key),
-+			.len = peer_key_length},
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), NULL, 0);
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_raw_key_agreement(
-+					   struct service_client *context,
-+					   psa_algorithm_t alg,
-+					   psa_key_id_t private_key,
-+					   const uint8_t *peer_key,
-+					   size_t peer_key_length,
-+					   uint8_t *output,
-+					   size_t output_size,
-+					   size_t *output_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_RAW_KEY_AGREEMENT_SID,
-+		.alg = alg,
-+		.key_id = private_key,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(peer_key),
-+			.len = peer_key_length},
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(output), .len = output_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*output_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_KEY_DERIVATION_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
-new file mode 100644
-index 000000000000..3a820192495a
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_mac.h
-@@ -0,0 +1,207 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_MAC_H
-+#define PSA_IPC_CRYPTO_CALLER_MAC_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_mac_sign_setup(
-+						struct service_client *context,
-+						uint32_t *op_handle,
-+						psa_key_id_t key,
-+						psa_algorithm_t alg)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_MAC_SIGN_SETUP_SID,
-+		.key_id = key,
-+		.alg = alg,
-+		.op_handle = *op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_mac_verify_setup(
-+					  struct service_client *context,
-+					  uint32_t *op_handle,
-+					  psa_key_id_t key,
-+					  psa_algorithm_t alg)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_MAC_VERIFY_SETUP_SID,
-+		.key_id = key,
-+		.alg = alg,
-+		.op_handle = *op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_mac_update(
-+					    struct service_client *context,
-+					    uint32_t op_handle,
-+					    const uint8_t *input,
-+					    size_t input_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_MAC_UPDATE_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(input), .len = input_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_mac_sign_finish(
-+						 struct service_client *context,
-+						 uint32_t op_handle,
-+						 uint8_t *mac,
-+						 size_t mac_size,
-+						 size_t *mac_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_MAC_SIGN_FINISH_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+		{ .base = psa_ptr_to_u32(mac), .len = mac_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*mac_length = out_vec[1].len;
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_mac_verify_finish(
-+					   struct service_client *context,
-+					   uint32_t op_handle,
-+					   const uint8_t *mac,
-+					   size_t mac_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_MAC_VERIFY_FINISH_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(mac), .len = mac_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline psa_status_t crypto_caller_mac_abort(
-+					   struct service_client *context,
-+					   uint32_t op_handle)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_MAC_ABORT_SID,
-+		.op_handle = op_handle,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
-+}
-+
-+static inline size_t crypto_caller_mac_max_update_size(const struct service_client *context)
-+{
-+	/* Returns the maximum number of bytes that may be
-+	 * carried as a parameter of the mac_update operation
-+	 * using the packed-c encoding.
-+	 */
-+	size_t payload_space = context->service_info.max_payload;
-+	size_t overhead = iov_size;
-+
-+	return (payload_space > overhead) ? payload_space - overhead : 0;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_MAC_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
-new file mode 100644
-index 000000000000..a3a796e2166c
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_purge_key.h
-@@ -0,0 +1,51 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PACKEDC_CRYPTO_CALLER_PURGE_KEY_H
-+#define PACKEDC_CRYPTO_CALLER_PURGE_KEY_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_purge_key(struct service_client *context,
-+						   psa_key_id_t id)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_PURGE_KEY_SID,
-+		.key_id = id,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), NULL, 0);
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PACKEDC_CRYPTO_CALLER_PURGE_KEY_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-new file mode 100644
-index 000000000000..71d88cededf5
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-@@ -0,0 +1,64 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H
-+#define PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_sign_hash(struct service_client *context,
-+						   psa_key_id_t id,
-+						   psa_algorithm_t alg,
-+						   const uint8_t *hash,
-+						   size_t hash_length,
-+						   uint8_t *signature,
-+						   size_t signature_size,
-+						   size_t *signature_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_SIGN_HASH_SID,
-+		.key_id = id,
-+		.alg = alg,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(hash), .len = hash_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(signature), .len = signature_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*signature_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_SIGN_HASH_H */
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-new file mode 100644
-index 000000000000..e16f6e5450af
---- /dev/null
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-@@ -0,0 +1,59 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H
-+#define PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H
-+
-+#include <string.h>
-+#include <stdlib.h>
-+#include <psa/crypto.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <protocols/service/crypto/packed-c/opcodes.h>
-+#include <protocols/service/crypto/packed-c/key_attributes.h>
-+#include <protocols/service/crypto/packed-c/import_key.h>
-+#include "crypto_caller_key_attributes.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+static inline psa_status_t crypto_caller_verify_hash(struct service_client *context,
-+						     psa_key_id_t id,
-+						     psa_algorithm_t alg,
-+						     const uint8_t *hash,
-+						     size_t hash_length,
-+						     const uint8_t *signature,
-+						     size_t signature_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_VERIFY_HASH_SID,
-+		.key_id = id,
-+		.alg = alg,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec) },
-+		{ .base = psa_ptr_const_to_u32(hash), .len = hash_length },
-+		{ .base = psa_ptr_const_to_u32(signature), .len = signature_length},
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), NULL, 0);
-+
-+	return status;
-+}
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_IPC_CRYPTO_CALLER_VERIFY_HASH_H */
-diff --git a/components/service/crypto/include/psa/crypto_client_struct.h b/components/service/crypto/include/psa/crypto_client_struct.h
-index abd420c82607..bf95c9821e55 100644
---- a/components/service/crypto/include/psa/crypto_client_struct.h
-+++ b/components/service/crypto/include/psa/crypto_client_struct.h
-@@ -31,12 +31,12 @@ extern "C" {
-  * data structure internally. */
- struct psa_client_key_attributes_s
- {
-+    uint16_t type;
-+    uint16_t bits;
-     uint32_t lifetime;
--    uint32_t id;
--    uint32_t alg;
-+    psa_key_id_t id;
-     uint32_t usage;
--    size_t bits;
--    uint16_t type;
-+    uint32_t alg;
- };
- 
- #define PSA_CLIENT_KEY_ATTRIBUTES_INIT {0, 0, 0, 0, 0, 0}
-diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h
-index 7a0149bbca62..4d7bf6e959b0 100644
---- a/components/service/crypto/include/psa/crypto_sizes.h
-+++ b/components/service/crypto/include/psa/crypto_sizes.h
-@@ -81,7 +81,7 @@
- #define PSA_HASH_MAX_SIZE 64
- #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 128
- #else
--#define PSA_HASH_MAX_SIZE 32
-+#define PSA_HASH_MAX_SIZE 64
- #define PSA_HMAC_MAX_HASH_BLOCK_SIZE 64
- #endif
- 
-diff --git a/deployments/se-proxy/common/service_proxy_factory.c b/deployments/se-proxy/common/service_proxy_factory.c
-index 1110ac46bf8b..7edeef8b434a 100644
---- a/deployments/se-proxy/common/service_proxy_factory.c
-+++ b/deployments/se-proxy/common/service_proxy_factory.c
-@@ -15,7 +15,7 @@
- #include <trace.h>
- 
- /* Stub backends */
--#include <service/crypto/backend/stub/stub_crypto_backend.h>
-+#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
- #include <service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h>
- #include <service/secure_storage/backend/mock_store/mock_store.h>
- 
-@@ -47,12 +47,17 @@ struct rpc_interface *crypto_proxy_create(void)
- {
- 	struct rpc_interface *crypto_iface = NULL;
- 	struct crypto_provider *crypto_provider;
-+	struct rpc_caller *crypto_caller;
- 
--	if (stub_crypto_backend_init() == PSA_SUCCESS) {
-+	crypto_caller = openamp_caller_init(&openamp);
-+	if (!crypto_caller)
-+		return NULL;
-+
-+	if (crypto_ipc_backend_init(&openamp.rpc_caller) != PSA_SUCCESS)
-+		return NULL;
- 
--		crypto_provider = crypto_provider_factory_create();
--		crypto_iface = service_provider_get_rpc_interface(&crypto_provider->base_provider);
--	}
-+	crypto_provider = crypto_provider_factory_create();
-+	crypto_iface = service_provider_get_rpc_interface(&crypto_provider->base_provider);
- 
- 	return crypto_iface;
- }
-diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
-index bb778bb9719b..51e5faa3e4d8 100644
---- a/platform/providers/arm/corstone1000/platform.cmake
-+++ b/platform/providers/arm/corstone1000/platform.cmake
-@@ -8,3 +8,5 @@
- 
- # include MHU driver
- include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake)
-+
-+add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch
deleted file mode 100644
index 22b1da69..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Configure-storage-size.patch
+++ /dev/null
@@ -1,42 +0,0 @@ 
-From 229ec29154a4404426ad3083af68ca111a214e13 Mon Sep 17 00:00:00 2001
-From: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
-Date: Thu, 16 Dec 2021 21:31:40 +0000
-Subject: [PATCH 14/20] Configure storage size
-
-Upstream-Status: Pending
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../service/smm_variable/backend/uefi_variable_store.c       | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
-index 611e2e225c6b..6c3b9ed81c25 100644
---- a/components/service/smm_variable/backend/uefi_variable_store.c
-+++ b/components/service/smm_variable/backend/uefi_variable_store.c
-@@ -88,6 +88,7 @@ static efi_status_t check_name_terminator(
-  * may be overridden using uefi_variable_store_set_storage_limits()
-  */
- #define DEFAULT_MAX_VARIABLE_SIZE			(2048)
-+#define CONFIGURE_STORAGE_SIZE			    (50)
- 
- efi_status_t uefi_variable_store_init(
- 	struct uefi_variable_store *context,
-@@ -101,13 +102,13 @@ efi_status_t uefi_variable_store_init(
- 	/* Initialise persistent store defaults */
- 	context->persistent_store.is_nv = true;
- 	context->persistent_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE;
--	context->persistent_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables;
-+	context->persistent_store.total_capacity = CONFIGURE_STORAGE_SIZE * max_variables;
- 	context->persistent_store.storage_backend = persistent_store;
- 
- 	/* Initialise volatile store defaults */
- 	context->volatile_store.is_nv = false;
- 	context->volatile_store.max_variable_size = DEFAULT_MAX_VARIABLE_SIZE;
--	context->volatile_store.total_capacity = DEFAULT_MAX_VARIABLE_SIZE * max_variables;
-+	context->volatile_store.total_capacity = CONFIGURE_STORAGE_SIZE * max_variables;
- 	context->volatile_store.storage_backend = volatile_store;
- 
- 	context->owner_id = owner_id;
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch
deleted file mode 100644
index 426f2ca5..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch
+++ /dev/null
@@ -1,31 +0,0 @@ 
-From cf83184500703f9b4f2ac04be59cc7d624d8fd66 Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Sun, 13 Feb 2022 09:01:10 +0000
-Subject: [PATCH 15/20] Fix: Crypto interface structure aligned with tf-m
- change.
-
-NO NEED TO RAISE PR: The PR for this FIX  is raied by Emek.
-
-Upstream-Status: Pending
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-index c13c20e84131..ec25eaf868c7 100644
---- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-@@ -38,7 +38,8 @@ struct psa_ipc_crypto_pack_iovec {
- 				      *   multipart operation
- 				      */
- 	uint32_t capacity;             /*!< Key derivation capacity */
--
-+	uint32_t ad_length;            /*!< Additional Data length for multipart AEAD */
-+	uint32_t plaintext_length;     /*!< Plaintext length for multipart AEAD */
- 	struct psa_ipc_crypto_aead_pack_input aead_in; /*!< FixMe: Temporarily used for
- 							    *   AEAD until the API is
- 							    *   restructured
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch
deleted file mode 100644
index a59d1400..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Integrate-remaining-psa-ipc-client-APIs.patch
+++ /dev/null
@@ -1,494 +0,0 @@ 
-From 551d8722769fa2f2d2ac74adcb289333a9b03598 Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Sun, 13 Feb 2022 09:49:51 +0000
-Subject: [PATCH 16/20] Integrate remaining psa-ipc client APIs.
-
-Upstream-Status: Pending
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../caller/psa_ipc/crypto_caller_aead.h       | 297 +++++++++++++++++-
- .../caller/psa_ipc/crypto_caller_sign_hash.h  |  35 +++
- .../psa_ipc/crypto_caller_verify_hash.h       |  33 +-
- 3 files changed, 352 insertions(+), 13 deletions(-)
-
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-index 78517fe32ca9..f6aadd8b9098 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_aead.h
-@@ -152,7 +152,27 @@ static inline psa_status_t crypto_caller_aead_encrypt_setup(
- 					    psa_key_id_t key,
- 					    psa_algorithm_t alg)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_ENCRYPT_SETUP_SID,
-+	    .key_id = key,
-+	    .alg = alg,
-+	    .op_handle = (*op_handle),
-+	};
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t)}
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_decrypt_setup(
-@@ -161,7 +181,26 @@ static inline psa_status_t crypto_caller_aead_decrypt_setup(
- 					    psa_key_id_t key,
- 					    psa_algorithm_t alg)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_DECRYPT_SETUP_SID,
-+	    .key_id = key,
-+	    .alg = alg,
-+	    .op_handle = (*op_handle),
-+	};
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)}
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(op_handle), .len = sizeof(uint32_t)}
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_generate_nonce(
-@@ -171,7 +210,27 @@ static inline psa_status_t crypto_caller_aead_generate_nonce(
- 					     size_t nonce_size,
- 					     size_t *nonce_length)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_GENERATE_NONCE_SID,
-+	    .op_handle = op_handle,
-+	};
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
-+	    {.base = psa_ptr_to_u32(nonce), .len = nonce_size}
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*nonce_length = out_vec[1].len;
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_set_nonce(
-@@ -180,7 +239,25 @@ static inline psa_status_t crypto_caller_aead_set_nonce(
- 						const uint8_t *nonce,
- 						size_t nonce_length)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_SET_NONCE_SID,
-+	    .op_handle = op_handle,
-+	};
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	    {.base = psa_ptr_to_u32(nonce), .len = nonce_length}
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_set_lengths(
-@@ -189,7 +266,27 @@ static inline psa_status_t crypto_caller_aead_set_lengths(
- 					  size_t ad_length,
- 					  size_t plaintext_length)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_SET_LENGTHS_SID,
-+	    .ad_length = ad_length,
-+	    .plaintext_length = plaintext_length,
-+	    .op_handle = op_handle,
-+	};
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_update_ad(
-@@ -198,7 +295,35 @@ static inline psa_status_t crypto_caller_aead_update_ad(
- 						const uint8_t *input,
- 						size_t input_length)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_UPDATE_AD_SID,
-+	    .op_handle = op_handle,
-+	};
-+
-+	/* Sanitize the optional input */
-+	if ((input == NULL) && (input_length != 0)) {
-+	    return PSA_ERROR_INVALID_ARGUMENT;
-+	}
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	    {.base = psa_ptr_const_to_u32(input), .len = input_length}
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)}
-+	};
-+
-+	size_t in_len = IOVEC_LEN(in_vec);
-+
-+	if (input == NULL) {
-+	    in_len--;
-+	}
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   in_len, out_vec, IOVEC_LEN(out_vec));
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_update(
-@@ -210,7 +335,38 @@ static inline psa_status_t crypto_caller_aead_update(
- 					     size_t output_size,
- 					     size_t *output_length)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_UPDATE_SID,
-+	    .op_handle = op_handle,
-+	};
-+
-+	/* Sanitize the optional input */
-+	if ((input == NULL) && (input_length != 0)) {
-+	    return PSA_ERROR_INVALID_ARGUMENT;
-+	}
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	    {.base = psa_ptr_const_to_u32(input), .len = input_length}
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
-+	    {.base = psa_ptr_const_to_u32(output), .len = output_size},
-+	};
-+
-+	size_t in_len = IOVEC_LEN(in_vec);
-+
-+	if (input == NULL) {
-+	    in_len--;
-+	}
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   in_len, out_vec, IOVEC_LEN(out_vec));
-+
-+	*output_length = out_vec[1].len;
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_finish(
-@@ -223,7 +379,48 @@ static inline psa_status_t crypto_caller_aead_finish(
- 					     size_t tag_size,
- 					     size_t *tag_length)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_FINISH_SID,
-+	    .op_handle = op_handle,
-+	};
-+
-+	/* Sanitize the optional output */
-+	if ((aeadtext == NULL) && (aeadtext_size != 0)) {
-+	    return PSA_ERROR_INVALID_ARGUMENT;
-+	}
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
-+	    {.base = psa_ptr_const_to_u32(tag), .len = tag_size},
-+	    {.base = psa_ptr_const_to_u32(aeadtext), .len = aeadtext_size}
-+	};
-+
-+	size_t out_len = IOVEC_LEN(out_vec);
-+
-+	if (aeadtext == NULL || aeadtext_size == 0) {
-+	    out_len--;
-+	}
-+	if ((out_len == 3) && (aeadtext_length == NULL)) {
-+	    return PSA_ERROR_INVALID_ARGUMENT;
-+	}
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, out_len);
-+
-+	*tag_length = out_vec[1].len;
-+
-+	if (out_len == 3) {
-+	    *aeadtext_length = out_vec[2].len;
-+	} else {
-+	    *aeadtext_length = 0;
-+	}
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_verify(
-@@ -235,14 +432,94 @@ static inline psa_status_t crypto_caller_aead_verify(
- 					     const uint8_t *tag,
- 					     size_t tag_length)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_VERIFY_SID,
-+	    .op_handle = op_handle,
-+	};
-+
-+	/* Sanitize the optional output */
-+	if ((plaintext == NULL) && (plaintext_size != 0)) {
-+	    return PSA_ERROR_INVALID_ARGUMENT;
-+	}
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	    {.base = psa_ptr_const_to_u32(tag), .len = tag_length}
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
-+	    {.base = psa_ptr_const_to_u32(plaintext), .len = plaintext_size},
-+	};
-+
-+	size_t out_len = IOVEC_LEN(out_vec);
-+
-+	if (plaintext == NULL || plaintext_size == 0) {
-+	    out_len--;
-+	}
-+	if ((out_len == 2) && (plaintext_length == NULL)) {
-+	    return PSA_ERROR_INVALID_ARGUMENT;
-+	}
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, out_len);
-+
-+	if (out_len == 2) {
-+	    *plaintext_length = out_vec[1].len;
-+	} else {
-+	    *plaintext_length = 0;
-+	}
-+	return status;
- }
- 
- static inline psa_status_t crypto_caller_aead_abort(
- 					    struct service_client *context,
- 					    uint32_t op_handle)
- {
--	return PSA_ERROR_NOT_SUPPORTED;
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+	    .sfn_id = TFM_CRYPTO_AEAD_ABORT_SID,
-+	    .op_handle = op_handle,
-+	};
-+
-+	struct psa_invec in_vec[] = {
-+	    {.base = psa_ptr_to_u32(&iov), .len = sizeof(struct psa_ipc_crypto_pack_iovec)},
-+	};
-+	struct psa_outvec out_vec[] = {
-+	    {.base = psa_ptr_to_u32(&op_handle), .len = sizeof(uint32_t)},
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+	                   IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+	return status;
-+}
-+
-+static inline size_t crypto_caller_aead_max_update_size(const struct service_client *context)
-+{
-+       /* Returns the maximum number of bytes that may be
-+        * carried as a parameter of the mac_update operation
-+        *  using the packed-c encoding.
-+        */
-+       size_t payload_space = context->service_info.max_payload;
-+       size_t overhead = iov_size;
-+
-+       return (payload_space > overhead) ? payload_space - overhead : 0;
-+}
-+
-+static inline size_t crypto_caller_aead_max_update_ad_size(const struct service_client *context)
-+{
-+	/* Returns the maximum number of bytes that may be
-+	 * carried as a parameter of the mac_update operation
-+	 *  using the packed-c encoding.
-+	 */
-+	size_t payload_space = context->service_info.max_payload;
-+	size_t overhead = iov_size;
-+
-+	return (payload_space > overhead) ? payload_space - overhead : 0;
- }
- 
- #ifdef __cplusplus
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-index 71d88cededf5..e4a2b167defb 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_sign_hash.h
-@@ -57,6 +57,41 @@ static inline psa_status_t crypto_caller_sign_hash(struct service_client *contex
- 	return status;
- }
- 
-+static inline psa_status_t crypto_caller_sign_message(struct service_client *context,
-+						   psa_key_id_t id,
-+						   psa_algorithm_t alg,
-+						   const uint8_t *hash,
-+						   size_t hash_length,
-+						   uint8_t *signature,
-+						   size_t signature_size,
-+						   size_t *signature_length)
-+{
-+	struct service_client *ipc = context;
-+	struct rpc_caller *caller = ipc->caller;
-+	psa_status_t status;
-+	struct psa_ipc_crypto_pack_iovec iov = {
-+		.sfn_id = TFM_CRYPTO_SIGN_MESSAGE_SID,
-+		.key_id = id,
-+		.alg = alg,
-+	};
-+	struct psa_invec in_vec[] = {
-+		{ .base = psa_ptr_to_u32(&iov), .len = iov_size },
-+		{ .base = psa_ptr_const_to_u32(hash), .len = hash_length },
-+	};
-+	struct psa_outvec out_vec[] = {
-+		{ .base = psa_ptr_to_u32(signature), .len = signature_size },
-+	};
-+
-+	status = psa_call(caller, TFM_CRYPTO_HANDLE, PSA_IPC_CALL, in_vec,
-+			  IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+	*signature_length = out_vec[0].len;
-+
-+	return status;
-+}
-+
-+
-+
- #ifdef __cplusplus
- }
- #endif
-diff --git a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-index e16f6e5450af..cc9279ee79f2 100644
---- a/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-+++ b/components/service/crypto/client/caller/psa_ipc/crypto_caller_verify_hash.h
-@@ -24,19 +24,20 @@
- extern "C" {
- #endif
- 
--static inline psa_status_t crypto_caller_verify_hash(struct service_client *context,
-+static inline psa_status_t crypto_caller_common(struct service_client *context,
- 						     psa_key_id_t id,
- 						     psa_algorithm_t alg,
- 						     const uint8_t *hash,
- 						     size_t hash_length,
- 						     const uint8_t *signature,
--						     size_t signature_length)
-+						     size_t signature_length,
-+						     uint32_t sfn_id)
- {
- 	struct service_client *ipc = context;
- 	struct rpc_caller *caller = ipc->caller;
- 	psa_status_t status;
- 	struct psa_ipc_crypto_pack_iovec iov = {
--		.sfn_id = TFM_CRYPTO_VERIFY_HASH_SID,
-+		.sfn_id = sfn_id,
- 		.key_id = id,
- 		.alg = alg,
- 	};
-@@ -52,6 +53,32 @@ static inline psa_status_t crypto_caller_verify_hash(struct service_client *cont
- 	return status;
- }
- 
-+static inline psa_status_t crypto_caller_verify_hash(struct service_client *context,
-+						     psa_key_id_t id,
-+						     psa_algorithm_t alg,
-+						     const uint8_t *hash,
-+						     size_t hash_length,
-+						     const uint8_t *signature,
-+						     size_t signature_length)
-+{
-+
-+	return crypto_caller_common(context,id,alg,hash,hash_length,
-+			signature,signature_length, TFM_CRYPTO_VERIFY_HASH_SID);
-+}
-+
-+static inline psa_status_t crypto_caller_verify_message(struct service_client *context,
-+						     psa_key_id_t id,
-+						     psa_algorithm_t alg,
-+						     const uint8_t *hash,
-+						     size_t hash_length,
-+						     const uint8_t *signature,
-+						     size_t signature_length)
-+{
-+
-+	return crypto_caller_common(context,id,alg,hash,hash_length,
-+			signature,signature_length, TFM_CRYPTO_VERIFY_MESSAGE_SID);
-+}
-+
- #ifdef __cplusplus
- }
- #endif
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch
deleted file mode 100644
index 4adcd90a..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch
+++ /dev/null
@@ -1,40 +0,0 @@ 
-From 5a5e162e17c9decb04b3b2905a0fb604e8f06e91 Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Mon, 14 Feb 2022 17:52:00 +0000
-Subject: [PATCH 17/20] Fix : update psa_set_key_usage_flags definition to the
- latest from the tf-m
-
-Upstream-Status: Pending
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- components/service/crypto/include/psa/crypto_struct.h | 10 ++++++++++
- 1 file changed, 10 insertions(+)
-
-diff --git a/components/service/crypto/include/psa/crypto_struct.h b/components/service/crypto/include/psa/crypto_struct.h
-index 1bc55e375eea..b4a7ed4b39d3 100644
---- a/components/service/crypto/include/psa/crypto_struct.h
-+++ b/components/service/crypto/include/psa/crypto_struct.h
-@@ -155,9 +155,19 @@ static inline psa_key_lifetime_t psa_get_key_lifetime(
-     return( attributes->lifetime );
- }
- 
-+static inline void psa_extend_key_usage_flags( psa_key_usage_t *usage_flags )
-+{
-+    if( *usage_flags & PSA_KEY_USAGE_SIGN_HASH )
-+        *usage_flags |= PSA_KEY_USAGE_SIGN_MESSAGE;
-+
-+    if( *usage_flags & PSA_KEY_USAGE_VERIFY_HASH )
-+        *usage_flags |= PSA_KEY_USAGE_VERIFY_MESSAGE;
-+}
-+
- static inline void psa_set_key_usage_flags(psa_key_attributes_t *attributes,
-                                            psa_key_usage_t usage_flags)
- {
-+    psa_extend_key_usage_flags( &usage_flags );
-     attributes->usage = usage_flags;
- }
- 
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch
deleted file mode 100644
index 02c89d89..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-plat-corstone1000-change-default-smm-values.patch
+++ /dev/null
@@ -1,37 +0,0 @@ 
-From c519bae79629bfe551d79cfeb4e7d8a059545145 Mon Sep 17 00:00:00 2001
-From: Rui Miguel Silva <rui.silva@linaro.org>
-Date: Tue, 11 Oct 2022 10:46:10 +0100
-Subject: [PATCH 19/20] plat: corstone1000: change default smm values
-
-Smm gateway uses SE proxy to route the calls for any NV
-storage so set the NV_STORE_SN.
-Change the storage index uid because TF-M in the secure
-enclave reserves the default value (0x1) to some internal
-operation.
-Increase the maximum number of uefi variables to cope with all
-the needs for testing and certification
-
-Upstream-Status: Pending
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- platform/providers/arm/corstone1000/platform.cmake | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
-index 51e5faa3e4d8..04b629a81906 100644
---- a/platform/providers/arm/corstone1000/platform.cmake
-+++ b/platform/providers/arm/corstone1000/platform.cmake
-@@ -10,3 +10,9 @@
- include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake)
- 
- add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-+
-+target_compile_definitions(${TGT} PRIVATE
-+	SMM_GATEWAY_NV_STORE_SN="sn:ffa:46bb39d1-b4d9-45b5-88ff-040027dab249:1"
-+	SMM_VARIABLE_INDEX_STORAGE_UID=0x787
-+	SMM_GATEWAY_MAX_UEFI_VARIABLES=100
-+)
--- 
-2.38.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch
deleted file mode 100644
index 87c053fc..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-smm_gateway-add-checks-for-null-attributes.patch
+++ /dev/null
@@ -1,35 +0,0 @@ 
-From 6d3cac6f3a6e977e9330c9c06514a372ade170a2 Mon Sep 17 00:00:00 2001
-From: Emekcan <emekcan.aras@arm.com>
-Date: Wed, 2 Nov 2022 09:58:27 +0000
-Subject: [PATCH] smm_gateway: add checks for null attributes
-
-As par EDK-2 and EDK-2 test code, setVariable() with 0 
-attributes means a delete variable request. Currently, 
-smm gatway doesn't handle this scenario. This commit adds
-that support.
-
-Upstream-Status: Pending
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
----
- components/service/smm_variable/backend/uefi_variable_store.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/components/service/smm_variable/backend/uefi_variable_store.c b/components/service/smm_variable/backend/uefi_variable_store.c
-index 6c3b9ed8..a691dc5d 100644
---- a/components/service/smm_variable/backend/uefi_variable_store.c
-+++ b/components/service/smm_variable/backend/uefi_variable_store.c
-@@ -202,9 +202,9 @@ efi_status_t uefi_variable_store_set_variable(
- 		if (info->is_variable_set) {
- 
- 			/* It's a request to update to an existing variable */
--			if (!(var->Attributes &
-+			if (!(var->Attributes) || (!(var->Attributes &
- 				(EFI_VARIABLE_APPEND_WRITE | EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS_MASK)) &&
--				!var->DataSize) {
-+				!var->DataSize)) {
- 
- 				/* It's a remove operation - for a remove, the variable
- 				 * data must be removed from the storage backend before
--- 
-2.17.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch
deleted file mode 100644
index ed4e6e27..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-GetNextVariableName-Fix.patch
+++ /dev/null
@@ -1,33 +0,0 @@ 
-From 2aa665ad2cb13bc79b645db41686449a47593aab Mon Sep 17 00:00:00 2001
-From: Emekcan <emekcan.aras@arm.com>
-Date: Thu, 3 Nov 2022 17:43:40 +0000
-Subject: [PATCH] smm_gateway: GetNextVariableName Fix
-
-GetNextVariableName() should return EFI_BUFFER_TOO_SMALL 
-when NameSize is smaller than the actual NameSize. It 
-currently returns EFI_BUFFER_OUT_OF_RESOURCES due to setting
-max_name_len incorrectly. This fixes max_name_len error by
-replacing it with actual NameSize request by u-boot.
-
-Upstream-Status: Pending
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
----
- .../service/smm_variable/provider/smm_variable_provider.c       | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/components/service/smm_variable/provider/smm_variable_provider.c b/components/service/smm_variable/provider/smm_variable_provider.c
-index a9679b7e..6a4b6fa7 100644
---- a/components/service/smm_variable/provider/smm_variable_provider.c
-+++ b/components/service/smm_variable/provider/smm_variable_provider.c
-@@ -197,7 +197,7 @@ static rpc_status_t get_next_variable_name_handler(void *context, struct call_re
- 			efi_status = uefi_variable_store_get_next_variable_name(
- 				&this_instance->variable_store,
- 				(SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data,
--				max_name_len,
-+				((SMM_VARIABLE_COMMUNICATE_GET_NEXT_VARIABLE_NAME*)resp_buf->data)->NameSize,
- 				&resp_buf->data_len);
- 		}
- 		else {
--- 
-2.17.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0023-Use-the-stateless-platform-service.patch b/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0023-Use-the-stateless-platform-service.patch
deleted file mode 100644
index 824196c1..00000000
--- a/meta-arm-bsp/recipes-security/trusted-services/corstone1000/0023-Use-the-stateless-platform-service.patch
+++ /dev/null
@@ -1,140 +0,0 @@ 
-From 956b8a8e1dd5702b9c1657f4ec27a7aeddb0758e Mon Sep 17 00:00:00 2001
-From: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-Date: Mon, 21 Nov 2022 00:08:20 +0000
-Subject: [PATCH] Use the stateless platform service calls
-
-Calls to psa_connect is not needed and psa_call can be called
-directly with a pre defined handle.
-
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-Upstream-Status: Inappropriate [Design is to revisted]
-
----
- .../provider/capsule_update_provider.c        | 24 ++++---------------
- .../provider/corstone1000_fmp_service.c       | 10 ++++----
- .../provider/corstone1000_fmp_service.h       |  3 +--
- components/service/common/include/psa/sid.h   |  6 +++++
- 4 files changed, 16 insertions(+), 27 deletions(-)
-
-diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
-index 991a2235..6809249f 100644
---- a/components/service/capsule_update/provider/capsule_update_provider.c
-+++ b/components/service/capsule_update/provider/capsule_update_provider.c
-@@ -61,7 +61,6 @@ void capsule_update_provider_deinit(struct capsule_update_provider *context)
- static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
- {
- 	uint32_t ioctl_id;
--	psa_handle_t handle;
- 	rpc_status_t rpc_status = TS_RPC_CALL_ACCEPTED;
- 
- 	struct psa_invec in_vec[] = {
-@@ -79,31 +78,18 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller *caller)
- 		case CAPSULE_UPDATE_REQUEST:
- 		/* Openamp call with IOCTL for firmware update*/
- 		ioctl_id = IOCTL_CORSTONE1000_FWU_FLASH_IMAGES;
--		handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
--				TFM_SP_PLATFORM_IOCTL_VERSION);
--		if (handle <= 0) {
--			EMSG("%s Invalid handle", __func__);
--			rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
--			return rpc_status;
--		}
--		psa_call(caller,handle, PSA_IPC_CALL,
-+		psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
- 			in_vec,IOVEC_LEN(in_vec), NULL, 0);
--		set_fmp_image_info(caller, handle);
-+		set_fmp_image_info(caller);
- 		break;
- 
- 		case KERNEL_STARTED_EVENT:
- 		ioctl_id = IOCTL_CORSTONE1000_FWU_HOST_ACK;
- 		/*openamp call with IOCTL for kernel start*/
--		handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
--				TFM_SP_PLATFORM_IOCTL_VERSION);
--		if (handle <= 0) {
--			EMSG("%s Invalid handle", __func__);
--			rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
--			return rpc_status;
--		}
--		psa_call(caller,handle, PSA_IPC_CALL,
-+		
-+		psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
- 			in_vec,IOVEC_LEN(in_vec), NULL, 0);
--		set_fmp_image_info(caller, handle);
-+		set_fmp_image_info(caller);
- 		break;
- 		default:
- 			EMSG("%s unsupported opcode", __func__);
-diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
-index 6a7a47a7..d811af9f 100644
---- a/components/service/capsule_update/provider/corstone1000_fmp_service.c
-+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
-@@ -238,8 +238,7 @@ static psa_status_t unpack_image_info(void *buffer, uint32_t size)
-     return PSA_SUCCESS;
- }
- 
--static psa_status_t get_image_info(struct rpc_caller *caller,
--			   psa_handle_t platform_service_handle)
-+static psa_status_t get_image_info(struct rpc_caller *caller)
- {
-     psa_status_t status;
-     psa_handle_t handle;
-@@ -255,7 +254,7 @@ static psa_status_t get_image_info(struct rpc_caller *caller,
- 
-     memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE);
- 
--    psa_call(caller, platform_service_handle, PSA_IPC_CALL,
-+    psa_call(caller, TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
- 	     in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
- 
-     status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE);
-@@ -288,12 +287,11 @@ static psa_status_t set_image_info(struct rpc_caller *caller)
-     return PSA_SUCCESS;
- }
- 
--void set_fmp_image_info(struct rpc_caller *caller,
--			psa_handle_t platform_service_handle)
-+void set_fmp_image_info(struct rpc_caller *caller)
- {
-     psa_status_t status;
- 
--    status = get_image_info(caller, platform_service_handle);
-+    status = get_image_info(caller);
-     if (status != PSA_SUCCESS) {
- 	return;
-     }
-diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h
-index 95fba2a0..963223e8 100644
---- a/components/service/capsule_update/provider/corstone1000_fmp_service.h
-+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h
-@@ -16,8 +16,7 @@ extern "C" {
- 
- void provision_fmp_variables_metadata(struct rpc_caller *caller);
- 
--void set_fmp_image_info(struct rpc_caller *caller,
--		psa_handle_t platform_service_handle);
-+void set_fmp_image_info(struct rpc_caller *caller);
- 
- #ifdef __cplusplus
- } /* extern "C" */
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index 7a29cc25..8103a9af 100644
---- a/components/service/common/include/psa/sid.h
-+++ b/components/service/common/include/psa/sid.h
-@@ -37,6 +37,12 @@ extern "C" {
- #define TFM_CRYPTO_VERSION                                         (1U)
- #define TFM_CRYPTO_HANDLE                                          (0x40000100U)
- 
-+
-+/******** TFM_PLATFORM_SERVICE *******/
-+#define TFM_PLATFORM_API_ID_IOCTL         (1013)
-+#define TFM_PLATFORM_SERVICE_HANDLE       (0x40000105U)
-+
-+
- /**
-  * \brief Define a progressive numerical value for each SID which can be used
-  *        when dispatching the requests to the service
--- 
-2.25.1
-
diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
index 867bd66e..17c957e2 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
+++ b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
@@ -2,32 +2,12 @@  FILESEXTRAPATHS:prepend:corstone1000 := "${THISDIR}/corstone1000:"
 
 COMPATIBLE_MACHINE:corstone1000 = "corstone1000"
 SRC_URI:append:corstone1000  = " \
-    file://0001-Add-openamp-to-SE-proxy-deployment.patch;patchdir=../trusted-services \
-    file://0002-Implement-mhu-driver-and-the-OpenAmp-conversion-laye.patch;patchdir=../trusted-services \
-    file://0003-Add-openamp-rpc-caller.patch;patchdir=../trusted-services \
-    file://0004-add-psa-client-definitions-for-ff-m.patch;patchdir=../trusted-services \
-    file://0005-Add-common-service-component-to-ipc-support.patch;patchdir=../trusted-services \
-    file://0006-Add-secure-storage-ipc-backend.patch;patchdir=../trusted-services \
-    file://0007-Use-secure-storage-ipc-and-openamp-for-se_proxy.patch;patchdir=../trusted-services \
-    file://0008-Run-psa-arch-test.patch;patchdir=../trusted-services \
-    file://0009-Use-address-instead-of-pointers.patch;patchdir=../trusted-services \
-    file://0010-Add-psa-ipc-attestation-to-se-proxy.patch;patchdir=../trusted-services \
-    file://0011-Setup-its-backend-as-openamp-rpc-using-secure-storag.patch;patchdir=../trusted-services;patchdir=../trusted-services \
-    file://0012-add-psa-ipc-crypto-backend.patch;patchdir=../trusted-services \
-    file://0013-Add-stub-capsule-update-service-components.patch;patchdir=../trusted-services \
-    file://0014-Configure-storage-size.patch;patchdir=../trusted-services \
-    file://0015-Fix-Crypto-interface-structure-aligned-with-tf-m-cha.patch;patchdir=../trusted-services;patchdir=../trusted-services \
-    file://0016-Integrate-remaining-psa-ipc-client-APIs.patch;patchdir=../trusted-services \
-    file://0017-Fix-update-psa_set_key_usage_flags-definition-to-the.patch;patchdir=../trusted-services;patchdir=../trusted-services \
-    file://0018-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \
-    file://0019-plat-corstone1000-change-default-smm-values.patch;patchdir=../trusted-services \
-    file://0020-FMP-Support-in-Corstone1000.patch;patchdir=../trusted-services \
-    file://0021-smm_gateway-add-checks-for-null-attributes.patch;patchdir=../trusted-services \
-    file://0022-GetNextVariableName-Fix.patch;patchdir=../trusted-services \
-    file://0023-Use-the-stateless-platform-service.patch;patchdir=../trusted-services \
-    file://0024-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch;patchdir=../trusted-services \
-    file://0025-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch;patchdir=../trusted-services \
-    file://0026-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch;patchdir=../trusted-services \
+    file://0001-Add-stub-capsule-update-service-components.patch;patchdir=../trusted-services \
+    file://0002-Fixes-in-AEAD-for-psa-arch-test-54-and-58.patch;patchdir=../trusted-services \
+    file://0003-FMP-Support-in-Corstone1000.patch;patchdir=../trusted-services \
+    file://0004-TF-Mv1.7-alignment-Align-PSA-Crypto-SIDs.patch;patchdir=../trusted-services \
+    file://0005-TF-Mv1.7-alignment-Align-crypto-iovec-definition.patch;patchdir=../trusted-services \
+    file://0006-TF-Mv1.7-alignment-PSA-crypto-client-in-out_vec.patch;patchdir=../trusted-services \
     "