diff mbox series

[6/9] arm-bsp: enable Trusted Services on the fvp-base platform

Message ID 20240423163205.5885-6-gyorgy.szing@arm.com
State New
Headers show
Series [1/9] arm/trusted-services: Update FFA TEE driver to v2.0.0 | expand

Commit Message

Gyorgy Szing April 23, 2024, 4:32 p.m. UTC 
Add configuration settings to TF-A, OP-TEE and TS SPs needed to get TS
built and run on the fvp-base machine.

Signed-off-by: Gyorgy Szing <gyorgy.szing@arm.com>
---
 .gitlab-ci.yml                                |   3 +-
 ci/fvp-base-ts.yml                            |  22 ++++
 meta-arm-bsp/conf/machine/fvp-base.conf       |   1 +
 .../files/fvp-base/optee_spmc_maifest.dts     | 116 ++++++++++++++++++
 .../trusted-firmware-a-fvp-base.inc           |  55 ++++++++-
 .../linux/linux-arm-platforms.inc             |  10 +-
 .../optee/optee-os-fvp-base.inc               |  13 ++
 .../optee/optee-os-tadevkit_4.%.bbappend      |   1 +
 .../optee/optee-os_4.%.bbappend               |   1 +
 .../optee/optee-test-fvp-base.inc             |   3 +
 .../optee/optee-test_4.%.bbappend             |   1 +
 .../packagegroup-ts-tests.bbappend            |   1 +
 .../trusted-services/libts_%.bbappend         |   4 +
 .../trusted-services/ts-arm-platforms.inc     |   3 +
 .../trusted-services/ts-newlib_%.bbappend     |   1 +
 .../ts-sp-se-proxy_%.bbappend                 |   4 +
 .../ts-sp-smm-gateway_%.bbappend              |   4 +
 .../ts-sp-spm-test1_%.bbappend                |   1 +
 .../ts-sp-spm-test2_%.bbappend                |   1 +
 .../ts-sp-spm-test3_%.bbappend                |   1 +
 .../ts-sp-spm-test4_%.bbappend                |   1 +
 21 files changed, 239 insertions(+), 8 deletions(-)
 create mode 100644 ci/fvp-base-ts.yml
 create mode 100644 meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/fvp-base/optee_spmc_maifest.dts
 create mode 100644 meta-arm-bsp/recipes-security/optee/optee-os-fvp-base.inc
 create mode 100644 meta-arm-bsp/recipes-security/optee/optee-test-fvp-base.inc
 create mode 100644 meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test1_%.bbappend
 create mode 100644 meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test2_%.bbappend
 create mode 100644 meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test3_%.bbappend
 create mode 100644 meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test4_%.bbappend
diff mbox series

Patch

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 4f16fcf3..c063adef 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -140,7 +140,8 @@  fvp-base:
   extends: .build
   parallel:
     matrix:
-      - TESTING: testimage
+      - TS: [none, fvp-base-ts]
+        TESTING: testimage
       - FIRMWARE: edk2
       - SYSTEMREADY_FIRMWARE: arm-systemready-firmware
 
diff --git a/ci/fvp-base-ts.yml b/ci/fvp-base-ts.yml
new file mode 100644
index 00000000..e2e7ada2
--- /dev/null
+++ b/ci/fvp-base-ts.yml
@@ -0,0 +1,22 @@ 
+header:
+  version: 14
+  includes:
+    - ci/fvp-base.yml
+    - ci/meta-openembedded.yml
+    - ci/testimage.yml
+
+local_conf_header:
+  trusted_services: |
+    # Enable the needed test suites
+    TEST_SUITES = " ping ssh trusted_services"
+    # Include all Secure Partitions into the image
+    MACHINE_FEATURES:append = " arm-ffa ts-crypto ts-storage ts-its"
+    MACHINE_FEATURES:append = " ts-attestation ts-smm-gateway optee-spmc-test"
+    MACHINE_FEATURES:append = " ts-block-storage"
+    # Include TS demo/test tools into image
+    IMAGE_INSTALL:append = " packagegroup-ts-tests"
+    # Include TS PSA Arch tests into image
+    IMAGE_INSTALL:append = " packagegroup-ts-tests-psa"
+    CORE_IMAGE_EXTRA_INSTALL += "optee-test"
+    # Set the TS environment
+    TS_ENV="sp"
diff --git a/meta-arm-bsp/conf/machine/fvp-base.conf b/meta-arm-bsp/conf/machine/fvp-base.conf
index f621cd8b..17fb5023 100644
--- a/meta-arm-bsp/conf/machine/fvp-base.conf
+++ b/meta-arm-bsp/conf/machine/fvp-base.conf
@@ -62,3 +62,4 @@  FVP_TERMINALS[bp.terminal_0] ?= "Console"
 FVP_TERMINALS[bp.terminal_1] ?= ""
 FVP_TERMINALS[bp.terminal_2] ?= ""
 FVP_TERMINALS[bp.terminal_3] ?= ""
+FVP_CONFIG[bp.secure_memory] ?= "1"
\ No newline at end of file
diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/fvp-base/optee_spmc_maifest.dts b/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/fvp-base/optee_spmc_maifest.dts
new file mode 100644
index 00000000..748da309
--- /dev/null
+++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/fvp-base/optee_spmc_maifest.dts
@@ -0,0 +1,116 @@ 
+/* SPDX-License-Identifier: BSD-3-Clause */
+/*
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
+ */
+
+
+/*
+ * The content of the SPMC manifest may depend on integration settings like the
+ * set of deployed SP. This information lives in the integration system and 
+ * hence this file should be store in meta-arm. This avoids indirect
+ * dependencies between integration systems using the same file which would
+ * enforce some from of cooperation. 
+ */
+
+/dts-v1/;
+
+/ {
+	compatible = "arm,ffa-core-manifest-1.0";
+	#address-cells = <2>;
+	#size-cells = <1>;
+
+	attribute {
+		spmc_id = <0x8000>;
+		maj_ver = <0x1>;
+		min_ver = <0x0>;
+		exec_state = <0x0>;
+		load_address = <0x0 0x6000000>;
+		entrypoint = <0x0 0x6000000>;
+		binary_size = <0x80000>;
+	};
+
+/*
+ * This file will be preprocessed by TF-A's build system. If Measured Boot is
+ * enabled in TF-A's config, the build system will add the MEASURED_BOOT=1 macro
+ * to the preprocessor arguments.
+ */
+#if MEASURED_BOOT
+	tpm_event_log {
+		compatible = "arm,tpm_event_log";
+		tpm_event_log_addr = <0x0 0x0>;
+		tpm_event_log_size = <0x0>;
+		tpm_event_log_max_size = <0x0>;
+	};
+#endif
+
+/* If the ARM_BL2_SP_LIST_DTS is defined, SPs should be loaded from FIP */
+#ifdef ARM_BL2_SP_LIST_DTS
+	sp_packages {
+		compatible = "arm,sp_pkg";
+#if !SPMC_TESTS
+		block_storage {
+			uuid = <0x806e6463 0x2f4652eb 0xdf8c4fac 0x9c518739>;
+			load-address = <0x0 0x7a00000>;
+		};
+		internal_trusted_storage {
+			uuid = <0x48ef1edc 0xcf4c7ab1 0xcfdf8bac 0x141b71f7>;
+			load-address = <0x0 0x7a80000>;
+		};
+
+		protected_storage_sp {
+			uuid = <0x01f81b75 0x6847de3d 0x100f14a5 0x9017edae>;
+			load-address = <0x0 0x7b00000>;
+		};
+
+		crypto_sp {
+			uuid = <0xd552dfd9 0xb24ba216 0x6dd2a49a 0xc0e8843b>;
+			load-address = <0x0 0x7b80000>;
+		};
+
+#if MEASURED_BOOT
+		initial_attestation_sp {
+			uuid = <0x55f1baa1 0x95467688 0x95547c8f 0x74b98d5e>;
+			load-address = <0x0 0x7c80000>;
+		};
+#endif
+
+#if TS_SMM_GATEWAY
+		smm_gateway {
+			uuid = <0x33d532ed 0x0942e699 0x722dc09c 0xa798d9cd>;
+			load-address = <0x0 0x7d00000>;
+		};
+#endif /* TS_SMM_GATEWAY */
+
+#if TS_FW_UPDATE
+		fwu {
+			uuid = <0x38a82368 0x0e47061b 0xce0c7497 0xfd53fb8b>;
+			load-address = <0x0 0x7d80000>;
+		};
+#endif /* TS_FW_UPDATE */
+
+#else /* SPMC_TESTS */
+		test_sp1 {
+			uuid = <0xc3db9e5c 0x67433a7b 0x197c839f 0x376ae81a>;
+			load-address = <0x0 0x7a00000>;
+		};
+
+		test_sp2 {
+			uuid = <0x4c161778 0x1a4d0cc4 0xb29b7a86 0x1af48c27>;
+			load-address = <0x0 0x7a20000>;
+		};
+
+		test_sp3 {
+			uuid = <0x0001eb23 0x97442ae3 0x112f5290 0xa6af84e5>;
+			load-address = <0x0 0x7a40000>;
+		};
+
+		test_sp4 {
+			/* SP binary UUID */
+			uuid = <0xed623742 0x6f407277 0x270cd899 0xf8bb0ada>;
+			load-address = <0x0 0x7a80000>;
+		};
+#endif /* SPMC_TESTS */
+
+	};
+#endif /* ARM_BL2_SP_LIST_DTS */
+};
diff --git a/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-base.inc b/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-base.inc
index 5fafe292..4c37f7cb 100644
--- a/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-base.inc
+++ b/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-base.inc
@@ -4,17 +4,62 @@ 
 # Armv8-A Base Platform FVP
 #
 
-FILESEXTRAPATHS:prepend := "${THISDIR}/files/:"
-SRC_URI:append = " file://0001-fdts-fvp-base-Add-stdout-path-and-virtio-net-and-rng.patch"
+FILESEXTRAPATHS:prepend := "${THISDIR}/files/:${THISDIR}/files/fvp-base"
 
+SRC_URI:append = " \
+    file://0001-fdts-fvp-base-Add-stdout-path-and-virtio-net-and-rng.patch \
+    file://optee_spmc_maifest.dts;subdir=git/plat/arm/board/fvp/fdts \
+"
+
+# OP-TEE SPMC related configuration
+SPMC_IS_OPTEE = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', '0' \
+                 if d.getVar('SEL2_SPMC') == '1' else '1', '0', d)}"
+# Configure the SPMC manifest file.
+TFA_ARM_SPMC_MANIFEST_DTS = "${@oe.utils.conditional('SPMC_IS_OPTEE', '1', \
+                '${S}/plat/arm/board/fvp/fdts/optee_spmc_maifest.dts', '', d)}"
+EXTRA_OEMAKE += "${@bb.utils.contains('MACHINE_FEATURES','arm-ffa', \
+                'ARM_SPMC_MANIFEST_DTS=${TFA_ARM_SPMC_MANIFEST_DTS}' \
+                    if d.getVar('TFA_ARM_SPMC_MANIFEST_DTS') else '', '', d)}"
+
+# Set OP-TEE SPMC specific TF-A config settings
+TFA_SPMD_SPM_AT_SEL2 := '0'
+TFA_SPD := "${@oe.utils.conditional('SPMC_IS_OPTEE', '1', 'spmd', \
+            d.getVar('TFA_SPD'), d)}"
+DEPENDS += " ${@oe.utils.conditional('SPMC_IS_OPTEE', '1', 'optee-os', '', d)}"
+
+# Configure measured boot if the attestation SP is deployed.
+TFA_MB_FLAGS += " \
+    ARM_ROTPK_LOCATION=devel_rsa \
+    EVENT_LOG_LEVEL=20 \
+    GENERATE_COT=1 \
+    MBOOT_EL_HASH_ALG=sha256 \
+    MEASURED_BOOT=1 \
+    ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \
+    TRUSTED_BOARD_BOOT=1 \
+"
+EXTRA_OEMAKE += "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation',\
+                 '${TFA_MB_FLAGS}','', d)}"
+
+# Add OP-TEE as BL32.
+BL32 = "${@oe.utils.conditional('SPMC_IS_OPTEE', '1',\
+        '${RECIPE_SYSROOT}/${nonarch_base_libdir}/firmware/tee-pager_v2.bin',\
+        '', d)}"
+EXTRA_OEMAKE += "${@oe.utils.conditional('SPMC_IS_OPTEE', '1', \
+                ' BL32=${BL32}', '', d)}"
+
+# Generic configuration
 COMPATIBLE_MACHINE = "fvp-base"
 TFA_PLATFORM = "fvp"
-TFA_DEBUG = "1"
-TFA_MBEDTLS = "1"
+# Disable debug build if measured boot is enabled.
+TFA_DEBUG := "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', '0',\
+              d.getVar('TFA_DEBUG'), d)}"
+# Add mbedtls if measured boot is enabled
+TFA_MBEDTLS := "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation',\
+               '1', d.getVar('TFA_MBEDTLS'), d)}"
 TFA_UBOOT ?= "1"
 TFA_BUILD_TARGET = "bl1 bl2 bl31 dtbs fip"
 
-EXTRA_OEMAKE += "FVP_DT_PREFIX=fvp-base-gicv3-psci-1t"
+EXTRA_OEMAKE += "FVP_DT_PREFIX=fvp-base-gicv3-psci-1t FVP_USE_GIC_DRIVER=FVP_GICV3"
 
 # Our fvp-base machine explicitly has v8.4 cores
 EXTRA_OEMAKE += "ARM_ARCH_MAJOR=8 ARM_ARCH_MINOR=4"
diff --git a/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc b/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc
index d0df9ce3..eb9e1595 100644
--- a/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc
+++ b/meta-arm-bsp/recipes-kernel/linux/linux-arm-platforms.inc
@@ -49,8 +49,14 @@  KERNEL_FEATURES:corstone1000 = ""
 #
 COMPATIBLE_MACHINE:fvp-base = "fvp-base"
 KMACHINE:fvp-base = "fvp"
-FILESEXTRAPATHS:prepend:fvp-base := "${ARMBSPFILESPATHS}"
-SRC_URI:append:fvp-base = " file://0001-arm64-dts-fvp-Enable-virtio-rng-support.patch"
+FILESEXTRAPATHS:prepend:fvp-base := "${ARMBSPFILESPATHS}:${ARMFILESPATHS}"
+SRC_URI:append:fvp-base = " \
+    file://0001-arm64-dts-fvp-Enable-virtio-rng-support.patch \
+    file://tee.cfg \
+    ${@bb.utils.contains('MACHINE_FEATURES', 'ts-smm-gateway', \
+                         'file://no-strict-devmem.cfg', '' , d)} \
+"
+
 
 #
 # Juno KMACHINE
diff --git a/meta-arm-bsp/recipes-security/optee/optee-os-fvp-base.inc b/meta-arm-bsp/recipes-security/optee/optee-os-fvp-base.inc
new file mode 100644
index 00000000..1ef36329
--- /dev/null
+++ b/meta-arm-bsp/recipes-security/optee/optee-os-fvp-base.inc
@@ -0,0 +1,13 @@ 
+COMPATIBLE_MACHINE = "fvp-base"
+
+OPTEEMACHINE = "vexpress-fvp"
+# Enable boot logs
+EXTRA_OEMAKE += " CFG_TEE_CORE_LOG_LEVEL=4"
+
+# default disable latency benchmarks (over all OP-TEE layers)
+EXTRA_OEMAKE += " CFG_TEE_BENCHMARK=n"
+
+# If FF-A is enabled configure to be the SPMC.
+EXTRA_OEMAKE += "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', ' CFG_CORE_HEAP_SIZE=131072 CFG_CORE_SEL1_SPMC=y CFG_DT=y', '' ,d)}"
+
+EXTRA_OEMAKE += " CFG_ARM_GICV3=y"
\ No newline at end of file
diff --git a/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_4.%.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_4.%.bbappend
index e09c4a5e..c9b48be2 100644
--- a/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_4.%.bbappend
+++ b/meta-arm-bsp/recipes-security/optee/optee-os-tadevkit_4.%.bbappend
@@ -2,5 +2,6 @@ 
 
 MACHINE_OPTEE_OS_TADEVKIT_REQUIRE ?= ""
 MACHINE_OPTEE_OS_TADEVKIT_REQUIRE:n1sdp = "optee-os-n1sdp.inc"
+MACHINE_OPTEE_OS_TADEVKIT_REQUIRE:fvp-base = "optee-os-fvp-base.inc"
 
 require ${MACHINE_OPTEE_OS_TADEVKIT_REQUIRE}
diff --git a/meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend b/meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend
index 788a23ef..919a1523 100644
--- a/meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend
+++ b/meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend
@@ -3,5 +3,6 @@ 
 MACHINE_OPTEE_OS_REQUIRE ?= ""
 MACHINE_OPTEE_OS_REQUIRE:corstone1000 = "optee-os-corstone1000-common.inc"
 MACHINE_OPTEE_OS_REQUIRE:n1sdp = "optee-os-n1sdp.inc"
+MACHINE_OPTEE_OS_REQUIRE:fvp-base = "optee-os-fvp-base.inc"
 
 require ${MACHINE_OPTEE_OS_REQUIRE}
diff --git a/meta-arm-bsp/recipes-security/optee/optee-test-fvp-base.inc b/meta-arm-bsp/recipes-security/optee/optee-test-fvp-base.inc
new file mode 100644
index 00000000..23dead24
--- /dev/null
+++ b/meta-arm-bsp/recipes-security/optee/optee-test-fvp-base.inc
@@ -0,0 +1,3 @@ 
+# fvp-base specific configuration
+
+COMPATIBLE_MACHINE = "fvp-base"
diff --git a/meta-arm-bsp/recipes-security/optee/optee-test_4.%.bbappend b/meta-arm-bsp/recipes-security/optee/optee-test_4.%.bbappend
index 05e2abca..249d67f0 100644
--- a/meta-arm-bsp/recipes-security/optee/optee-test_4.%.bbappend
+++ b/meta-arm-bsp/recipes-security/optee/optee-test_4.%.bbappend
@@ -2,5 +2,6 @@ 
 
 MACHINE_OPTEE_TEST_REQUIRE ?= ""
 MACHINE_OPTEE_TEST_REQUIRE:n1sdp = "optee-os-generic-n1sdp.inc"
+MACHINE_OPTEE_TEST_REQUIRE:fvp-base = "optee-test-fvp-base.inc"
 
 require ${MACHINE_OPTEE_TEST_REQUIRE}
diff --git a/meta-arm-bsp/recipes-security/packagegroups/packagegroup-ts-tests.bbappend b/meta-arm-bsp/recipes-security/packagegroups/packagegroup-ts-tests.bbappend
index 20612cb1..35137220 100644
--- a/meta-arm-bsp/recipes-security/packagegroups/packagegroup-ts-tests.bbappend
+++ b/meta-arm-bsp/recipes-security/packagegroups/packagegroup-ts-tests.bbappend
@@ -1,2 +1,3 @@ 
 COMPATIBLE_MACHINE:corstone1000 = "corstone1000"
 COMPATIBLE_MACHINE:n1sdp = "n1sdp"
+COMPATIBLE_MACHINE:fvp-base = "fvp-base"
diff --git a/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend b/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend
index 450cfc58..2ae28c89 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend
+++ b/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend
@@ -3,3 +3,7 @@  require ts-arm-platforms.inc
 EXTRA_OECMAKE:append:corstone1000 = "-DMM_COMM_BUFFER_ADDRESS=0x81FFF000 \
                                      -DMM_COMM_BUFFER_PAGE_COUNT=1 \
                                     "
+
+EXTRA_OECMAKE:append:fvp-base = " -DMM_COMM_BUFFER_ADDRESS=0x81000000 \
+                                  -DMM_COMM_BUFFER_PAGE_COUNT=8 \
+    "
diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
index 80a58056..36f7c9b9 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
+++ b/meta-arm-bsp/recipes-security/trusted-services/ts-arm-platforms.inc
@@ -15,3 +15,6 @@  SRC_URI:append:corstone1000  = " \
 
 
 COMPATIBLE_MACHINE:n1sdp = "n1sdp"
+
+COMPATIBLE_MACHINE:fvp-base = "fvp-base"
+TS_PLATFORM:fvp-base = "arm/fvp/fvp_base_revc-2xaemv8a"
diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend b/meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend
index 7417d9b0..77fb7ae2 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend
+++ b/meta-arm-bsp/recipes-security/trusted-services/ts-newlib_%.bbappend
@@ -6,3 +6,4 @@  SRC_URI:append:corstone1000 = " \
 "
 
 COMPATIBLE_MACHINE:n1sdp = "n1sdp"
+COMPATIBLE_MACHINE:fvp-base = "fvp-base"
diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend
index 3a1b2d81..31e4ea55 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend
+++ b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend
@@ -3,3 +3,7 @@  require ts-arm-platforms.inc
 EXTRA_OECMAKE:append:corstone1000 = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x81FFF000" \
     -DMM_COMM_BUFFER_PAGE_COUNT="1" \
     "
+
+# Proxy is pointless on fvp-base as there is no dedicated security subsystem. It could be
+# deployed configured to have dummy service providers for build testing purposes.
+COMPATIBLE_MACHINE:remove:fvp-base = "fvp-base"
diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend
index 3a1b2d81..f584f81b 100644
--- a/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend
+++ b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend
@@ -3,3 +3,7 @@  require ts-arm-platforms.inc
 EXTRA_OECMAKE:append:corstone1000 = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x81FFF000" \
     -DMM_COMM_BUFFER_PAGE_COUNT="1" \
     "
+
+EXTRA_OECMAKE:append:fvp-base = " -DMM_COMM_BUFFER_ADDRESS="0x00000000 0x81000000" \
+    -DMM_COMM_BUFFER_PAGE_COUNT="8" \
+    "
diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test1_%.bbappend b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test1_%.bbappend
new file mode 100644
index 00000000..5c9ef210
--- /dev/null
+++ b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test1_%.bbappend
@@ -0,0 +1 @@ 
+require ts-arm-platforms.inc
diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test2_%.bbappend b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test2_%.bbappend
new file mode 100644
index 00000000..5c9ef210
--- /dev/null
+++ b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test2_%.bbappend
@@ -0,0 +1 @@ 
+require ts-arm-platforms.inc
diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test3_%.bbappend b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test3_%.bbappend
new file mode 100644
index 00000000..5c9ef210
--- /dev/null
+++ b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test3_%.bbappend
@@ -0,0 +1 @@ 
+require ts-arm-platforms.inc
diff --git a/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test4_%.bbappend b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test4_%.bbappend
new file mode 100644
index 00000000..5c9ef210
--- /dev/null
+++ b/meta-arm-bsp/recipes-security/trusted-services/ts-sp-spm-test4_%.bbappend
@@ -0,0 +1 @@ 
+require ts-arm-platforms.inc