new file mode 100644
@@ -0,0 +1,30 @@
+From e1ef7c537c09972d981e09d4dbcc98e50c7d2b04 Mon Sep 17 00:00:00 2001
+From: Bence Balogh <bence.balogh@arm.com>
+Date: Tue, 28 Nov 2023 15:32:39 +0100
+Subject: [PATCH 8/9] Decrease SMM_GATEWAY_MAX_UEFI_VARIABLES
+
+This fixes the SMM gateway initialization error that was caused
+by a malloc fault in Corstone-1000.
+
+Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27857]
+Signed-off-by: Bence Balogh <bence.balogh@arm.com>
+---
+ platform/providers/arm/corstone1000/platform.cmake | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
+index ff044ed7..d16cde3f 100644
+--- a/platform/providers/arm/corstone1000/platform.cmake
++++ b/platform/providers/arm/corstone1000/platform.cmake
+@@ -11,7 +11,7 @@ include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake)
+
+ target_compile_definitions(${TGT} PRIVATE
+ SMM_VARIABLE_INDEX_STORAGE_UID=0x787
+- SMM_GATEWAY_MAX_UEFI_VARIABLES=100
++ SMM_GATEWAY_MAX_UEFI_VARIABLES=80
+ )
+
+ add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+--
+2.25.1
+
new file mode 100644
@@ -0,0 +1,37 @@
+From b216cb0740b6e0107509145cadd0671fda62e89c Mon Sep 17 00:00:00 2001
+From: Bence Balogh <bence.balogh@arm.com>
+Date: Tue, 28 Nov 2023 15:33:12 +0100
+Subject: [PATCH 9/9] Fix psa_ipc service's psa_call
+
+The wrong parameter was passed to the psa_ipc_phys_to_virt()
+function which resulted in faulty behavior.
+
+Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27858]
+Signed-off-by: Bence Balogh <bence.balogh@arm.com>
+---
+ components/rpc/psa_ipc/service_psa_ipc.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/components/rpc/psa_ipc/service_psa_ipc.c b/components/rpc/psa_ipc/service_psa_ipc.c
+index 36c8e367..4bf86716 100644
+--- a/components/rpc/psa_ipc/service_psa_ipc.c
++++ b/components/rpc/psa_ipc/service_psa_ipc.c
+@@ -176,13 +176,13 @@ static psa_status_t __psa_call(struct rpc_caller_interface *caller, psa_handle_t
+ if (!resp_msg || !out_len || resp_msg->reply != PSA_SUCCESS)
+ goto caller_end;
+
+- out_vec_param = (struct psa_outvec *)psa_ipc_phys_to_virt(caller,
++ out_vec_param = (struct psa_outvec *)psa_ipc_phys_to_virt(caller->context,
+ psa_u32_to_ptr(resp_msg->params.out_vec));
+
+ for (i = 0; i < resp_msg->params.out_len; i++) {
+ out_vec[i].len = out_vec_param[i].len;
+ unaligned_memcpy(psa_u32_to_ptr(out_vec[i].base),
+- psa_ipc_phys_to_virt(caller,
++ psa_ipc_phys_to_virt(caller->context,
+ psa_u32_to_ptr(out_vec_param[i].base)),
+ out_vec[i].len);
+ }
+--
+2.25.1
+
new file mode 100644
@@ -0,0 +1,52 @@
+From 40e6b48971bbbd37edf693a8a70b76e4551fda82 Mon Sep 17 00:00:00 2001
+From: Imre Kis <imre.kis@arm.com>
+Date: Wed, 21 Feb 2024 14:24:43 +0100
+Subject: [PATCH 03/12] Make RPC caller session SHM size build-time
+ configurable
+
+Introduce RPC_CALLER_SESSION_SHARED_MEMORY_SIZE macro allow setting the
+RPC caller session shared memory size from the build system. This only
+affects RPC caller sessions created by spffa_service_context.
+
+Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27864]
+Signed-off-by: Imre Kis <imre.kis@arm.com>
+Signed-off-by: Bence Balogh <bence.balogh@arm.com>
+---
+ .../service/locator/sp/ffa/spffa_service_context.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/components/service/locator/sp/ffa/spffa_service_context.c b/components/service/locator/sp/ffa/spffa_service_context.c
+index 0c1616fc..4ddc53af 100644
+--- a/components/service/locator/sp/ffa/spffa_service_context.c
++++ b/components/service/locator/sp/ffa/spffa_service_context.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2021-2022, Arm Limited and Contributors. All rights reserved.
++ * Copyright (c) 2021-2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+@@ -10,6 +10,10 @@
+ #include <stdlib.h>
+ #include <string.h>
+
++#ifndef RPC_CALLER_SESSION_SHARED_MEMORY_SIZE
++#define RPC_CALLER_SESSION_SHARED_MEMORY_SIZE (4096)
++#endif /* RPC_CALLER_SESSION_SHARED_MEMORY_SIZE */
++
+ /* Concrete service_context methods */
+ static struct rpc_caller_session *sp_ts_service_context_open(void *context);
+ static void sp_ts_service_context_close(void *context, struct rpc_caller_session *session);
+@@ -52,7 +56,8 @@ static struct rpc_caller_session *sp_ts_service_context_open(void *context)
+ return NULL;
+
+ rpc_status = rpc_caller_session_find_and_open(session, &this_context->caller,
+- &this_context->service_uuid, 4096);
++ &this_context->service_uuid,
++ RPC_CALLER_SESSION_SHARED_MEMORY_SIZE);
+ if (rpc_status != RPC_SUCCESS) {
+ free(session);
+ return NULL;
+--
+2.25.1
+
new file mode 100644
@@ -0,0 +1,144 @@
+From ca3a9e31a560d630cf20286eb30d63ddafc0a05a Mon Sep 17 00:00:00 2001
+From: Bence Balogh <bence.balogh@arm.com>
+Date: Mon, 26 Feb 2024 14:47:25 +0100
+Subject: [PATCH] Set RPC caller session SHM size for Corstone 1000 SMMGW
+
+Set RPC caller session shared memory size so it fits the UEFI variable
+index. Validate if SMM_GATEWAY_MAX_UEFI_VARIABLES * [descriptor size]
+would fit into the shared memory size. Also align the heap size
+accordingly.
+
+Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/27865]
+Signed-off-by: Imre Kis <imre.kis@arm.com>
+Signed-off-by: Bence Balogh <bence.balogh@arm.com>
+---
+ .../config/default-opteesp/CMakeLists.txt | 32 +++++++++++++++----
+ .../config/default-sp/CMakeLists.txt | 31 ++++++++++++++----
+ .../providers/arm/corstone1000/platform.cmake | 4 ++-
+ 3 files changed, 52 insertions(+), 15 deletions(-)
+
+diff --git a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt
+index 7becb3999..897a8dabd 100644
+--- a/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt
++++ b/deployments/smm-gateway/config/default-opteesp/CMakeLists.txt
+@@ -1,5 +1,5 @@
+ #-------------------------------------------------------------------------------
+-# Copyright (c) 2021-2023, Arm Limited and Contributors. All rights reserved.
++# Copyright (c) 2021-2024, Arm Limited and Contributors. All rights reserved.
+ #
+ # SPDX-License-Identifier: BSD-3-Clause
+ #
+@@ -24,7 +24,30 @@ set(SP_BIN_UUID_CANON "ed32d533-99e6-4209-9cc0-2d72cdd998a7")
+ set(SP_FFA_UUID_CANON "${SP_BIN_UUID_CANON}")
+ set(SP_BOOT_ORDER "8")
+
+-set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "SP heap size in bytes")
++#-------------------------------------------------------------------------------
++# Set target platform to provide drivers needed by the deployment
++#
++#-------------------------------------------------------------------------------
++add_platform(TARGET "smm-gateway")
++
++# SMM variable and RPC caller settings
++set(SMM_GATEWAY_MAX_UEFI_VARIABLES 40 CACHE STRING "Maximum UEFI variable count")
++set(SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE 8192 CACHE STRING "RPC caller buffer size in SMMGW")
++
++# Validating settings
++# The UEFI variable index entry size is 168 bytes
++math(EXPR SHM_MIN "${SMM_GATEWAY_MAX_UEFI_VARIABLES} * 168")
++
++if (${SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE} LESS ${SHM_MIN})
++ message(FATAL_ERROR "The RPC SHM size must be at least 168 * [max UEFI variable count]")
++endif()
++
++target_compile_definitions("smm-gateway" PRIVATE
++ RPC_CALLER_SESSION_SHARED_MEMORY_SIZE=${SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE}
++ SMM_GATEWAY_MAX_UEFI_VARIABLES=${SMM_GATEWAY_MAX_UEFI_VARIABLES}
++)
++
++set(SP_HEAP_SIZE "16 * 1024 + ${SMM_GATEWAY_MAX_UEFI_VARIABLES} * 168 + ${SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE}" CACHE STRING "SP heap size in bytes")
+ set(TRACE_PREFIX "SMMGW" CACHE STRING "Trace prefix")
+
+ # Setting the MM communication buffer parameters
+@@ -50,11 +73,6 @@ include(../../env/commonsp/smm_gateway_sp.cmake REQUIRED)
+ include(../../infra/psa-varstore.cmake REQUIRED)
+ include(../../smm-gateway.cmake REQUIRED)
+
+-#-------------------------------------------------------------------------------
+-# Set target platform to provide drivers needed by the deployment
+-#
+-#-------------------------------------------------------------------------------
+-add_platform(TARGET "smm-gateway")
+
+ #-------------------------------------------------------------------------------
+ # Deployment specific build options
+diff --git a/deployments/smm-gateway/config/default-sp/CMakeLists.txt b/deployments/smm-gateway/config/default-sp/CMakeLists.txt
+index e56a8559d..d3a96b0c6 100644
+--- a/deployments/smm-gateway/config/default-sp/CMakeLists.txt
++++ b/deployments/smm-gateway/config/default-sp/CMakeLists.txt
+@@ -29,7 +29,30 @@ set(TRACE_PREFIX "SMMGW" CACHE STRING "Trace prefix")
+ set(SP_STACK_SIZE "64 * 1024" CACHE STRING "Stack size")
+ set(SP_BOOT_ORDER "8")
+
+-set(SP_HEAP_SIZE "32 * 1024" CACHE STRING "Heap size")
++#-------------------------------------------------------------------------------
++# Set target platform to provide drivers needed by the deployment
++#
++#-------------------------------------------------------------------------------
++add_platform(TARGET "smm-gateway")
++
++# SMM variable and RPC caller settings
++set(SMM_GATEWAY_MAX_UEFI_VARIABLES 40 CACHE STRING "Maximum UEFI variable count")
++set(SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE 8192 CACHE STRING "RPC caller buffer size in SMMGW")
++
++# Validating settings
++# The UEFI variable index entry size is 168 bytes
++math(EXPR SHM_MIN "${SMM_GATEWAY_MAX_UEFI_VARIABLES} * 168")
++
++if (${SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE} LESS ${SHM_MIN})
++ message(FATAL_ERROR "The RPC SHM size must be at least 168 * [max UEFI variable count]")
++endif()
++
++target_compile_definitions("smm-gateway" PRIVATE
++ RPC_CALLER_SESSION_SHARED_MEMORY_SIZE=${SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE}
++ SMM_GATEWAY_MAX_UEFI_VARIABLES=${SMM_GATEWAY_MAX_UEFI_VARIABLES}
++)
++
++set(SP_HEAP_SIZE "16 * 1024 + ${SMM_GATEWAY_MAX_UEFI_VARIABLES} * 168 + ${SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE}" CACHE STRING "SP heap size in bytes")
+
+ # Setting the MM communication buffer parameters
+ set(MM_COMM_BUFFER_ADDRESS "0x00000008 0x81000000" CACHE STRING "Address of MM communicte buffer in 64 bit DTS format")
+@@ -49,12 +72,6 @@ include(../../env/commonsp/smm_gateway_sp.cmake REQUIRED)
+ include(../../infra/psa-varstore.cmake REQUIRED)
+ include(../../smm-gateway.cmake REQUIRED)
+
+-#-------------------------------------------------------------------------------
+-# Set target platform to provide drivers needed by the deployment
+-#
+-#-------------------------------------------------------------------------------
+-add_platform(TARGET "smm-gateway")
+-
+ #-------------------------------------------------------------------------------
+ # Deployment specific build options
+ #-------------------------------------------------------------------------------
+diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
+index d16cde3f4..fd93d6f7e 100644
+--- a/platform/providers/arm/corstone1000/platform.cmake
++++ b/platform/providers/arm/corstone1000/platform.cmake
+@@ -9,9 +9,11 @@
+ # include MHU driver
+ include(${TS_ROOT}/platform/drivers/arm/mhu_driver/component.cmake)
+
++set(SMM_GATEWAY_MAX_UEFI_VARIABLES 80 CACHE STRING "Maximum UEFI variable count")
++set(SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE 16384 CACHE STRING "RPC caller buffer size in SMMGW")
++
+ target_compile_definitions(${TGT} PRIVATE
+ SMM_VARIABLE_INDEX_STORAGE_UID=0x787
+- SMM_GATEWAY_MAX_UEFI_VARIABLES=80
+ )
+
+ add_compile_definitions(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+--
+2.25.1
+
+
new file mode 100644
@@ -0,0 +1,34 @@
+From 8290755eb2b6aaa857b2dca74494290c64d46fb3 Mon Sep 17 00:00:00 2001
+From: Bence Balogh <bence.balogh@arm.com>
+Date: Mon, 26 Feb 2024 16:41:03 +0100
+Subject: [PATCH] Use __packed for the variable_metadata struct
+
+This is only a temporary fix so the buffer limit in TF-M
+doesn't need to be changed. With the __packed attribute, the
+struct's size is 100 bytes instead of 104 bytes.
+The struct will be changed in later upstream commits so this
+change won't be needed, and the RSS_COMMS implementation
+will be able to handle that.
+
+Upstream-Status: Inappropriate
+[Won't be needed after newer upstream version]
+---
+ components/service/smm_variable/backend/variable_index.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/components/service/smm_variable/backend/variable_index.h b/components/service/smm_variable/backend/variable_index.h
+index 2f0197da..e82039ac 100644
+--- a/components/service/smm_variable/backend/variable_index.h
++++ b/components/service/smm_variable/backend/variable_index.h
+@@ -29,7 +29,7 @@ extern "C" {
+ *
+ * Holds metadata associated with stored variable.
+ */
+-struct variable_metadata
++struct __packed variable_metadata
+ {
+ EFI_GUID guid;
+ size_t name_size;
+--
+2.25.1
+
@@ -11,6 +11,11 @@ SRC_URI:append:corstone1000 = " \
file://0007-plat-corstone1000-Initialize-capsule-update-provider.patch \
file://0008-platform-corstone1000-fix-synchronization-issue.patch \
file://0009-plat-corstone1000-fmp-client-id.patch \
+ file://0010-Decrease-SMM_GATEWAY_MAX_UEFI_VARIABLES.patch \
+ file://0011-Fix-psa_ipc-service-s-psa_call.patch \
+ file://0012-Make-RPC-caller-session-SHM-size-build-time-configur.patch \
+ file://0013-Set-RPC-caller-session-SHM-size-for-Corstone-1000-SM.patch \
+ file://0014-Use-__packed-for-the-variable_metadata-struct.patch \
"