deleted file mode 100644
@@ -1,378 +0,0 @@
-From fd171007b073a4cff7c3deabfdff233c0a9ed507 Mon Sep 17 00:00:00 2001
-From: Julian Hall <julian.hall@arm.com>
-Date: Tue, 12 Oct 2021 15:45:41 +0100
-Subject: [PATCH 01/12] Add stub capsule update service components
-
-To facilitate development of a capsule update service provider,
-stub components are added to provide a starting point for an
-implementation. The capsule update service provider is integrated
-into the se-proxy/common deployment.
-
-Upstream-Status: Inappropriate [Trusted-Services Design needs to be followed]
-Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
-Signed-off-by: Julian Hall <julian.hall@arm.com>
-Change-Id: I0d4049bb4de5af7ca80806403301692507085d28
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../backend/capsule_update_backend.h | 24 ++++
- .../provider/capsule_update_provider.c | 135 ++++++++++++++++++
- .../provider/capsule_update_provider.h | 51 +++++++
- .../capsule_update/provider/component.cmake | 13 ++
- .../se-proxy/infra/corstone1000/infra.cmake | 1 +
- deployments/se-proxy/se_proxy_interfaces.h | 9 +-
- .../capsule_update/capsule_update_proto.h | 13 ++
- protocols/service/capsule_update/opcodes.h | 17 +++
- protocols/service/capsule_update/parameters.h | 15 ++
- 9 files changed, 274 insertions(+), 4 deletions(-)
- create mode 100644 components/service/capsule_update/backend/capsule_update_backend.h
- create mode 100644 components/service/capsule_update/provider/capsule_update_provider.c
- create mode 100644 components/service/capsule_update/provider/capsule_update_provider.h
- create mode 100644 components/service/capsule_update/provider/component.cmake
- create mode 100644 protocols/service/capsule_update/capsule_update_proto.h
- create mode 100644 protocols/service/capsule_update/opcodes.h
- create mode 100644 protocols/service/capsule_update/parameters.h
-
-diff --git a/components/service/capsule_update/backend/capsule_update_backend.h b/components/service/capsule_update/backend/capsule_update_backend.h
-new file mode 100644
-index 000000000..f3144ff1d
---- /dev/null
-+++ b/components/service/capsule_update/backend/capsule_update_backend.h
-@@ -0,0 +1,24 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef CAPSULE_UPDATE_BACKEND_H
-+#define CAPSULE_UPDATE_BACKEND_H
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/**
-+ * Defines the common capsule update backend interface. Concrete backends
-+ * implement this interface for different types of platform.
-+ */
-+
-+
-+#ifdef __cplusplus
-+} /* extern "C" */
-+#endif
-+
-+#endif /* CAPSULE_UPDATE_BACKEND_H */
-diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
-new file mode 100644
-index 000000000..f35c272d2
---- /dev/null
-+++ b/components/service/capsule_update/provider/capsule_update_provider.c
-@@ -0,0 +1,135 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <trace.h>
-+
-+#include <protocols/service/capsule_update/capsule_update_proto.h>
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include "capsule_update_provider.h"
-+
-+
-+#define CAPSULE_UPDATE_REQUEST (0x1)
-+#define KERNEL_STARTED_EVENT (0x2)
-+
-+enum corstone1000_ioctl_id_t {
-+ IOCTL_CORSTONE1000_FWU_FLASH_IMAGES = 0,
-+ IOCTL_CORSTONE1000_FWU_HOST_ACK,
-+};
-+
-+/* Service request handlers */
-+static rpc_status_t update_capsule_handler(void *context, struct rpc_request *req);
-+static rpc_status_t boot_confirmed_handler(void *context, struct rpc_request *req);
-+
-+/* Handler mapping table for service */
-+static const struct service_handler handler_table[] = {
-+ {CAPSULE_UPDATE_OPCODE_UPDATE_CAPSULE, update_capsule_handler},
-+ {CAPSULE_UPDATE_OPCODE_BOOT_CONFIRMED, boot_confirmed_handler}
-+};
-+
-+struct rpc_service_interface *capsule_update_provider_init(
-+ struct capsule_update_provider *context)
-+{
-+ struct rpc_service_interface *rpc_interface = NULL;
-+ const struct rpc_uuid dummy_uuid = { .uuid = { 0 }};
-+ if (!context)
-+ return NULL;
-+
-+ service_provider_init(
-+ &context->base_provider,
-+ context,
-+ &dummy_uuid,
-+ handler_table,
-+ sizeof(handler_table)/sizeof(struct service_handler));
-+
-+ rpc_interface = service_provider_get_rpc_interface(&context->base_provider);
-+
-+
-+ return rpc_interface;
-+}
-+
-+void capsule_update_provider_deinit(struct capsule_update_provider *context)
-+{
-+ (void)context;
-+}
-+
-+static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller_interface *caller)
-+{
-+ uint32_t ioctl_id;
-+ psa_handle_t handle;
-+ rpc_status_t rpc_status = TS_RPC_CALL_ACCEPTED;
-+
-+ struct psa_invec in_vec[] = {
-+ { .base = &ioctl_id, .len = sizeof(ioctl_id) }
-+ };
-+
-+ if(!caller) {
-+ EMSG("event_handler rpc_caller is NULL");
-+ rpc_status = TS_RPC_ERROR_RESOURCE_FAILURE;
-+ return rpc_status;
-+ }
-+
-+ IMSG("event handler opcode %x", opcode);
-+ switch(opcode) {
-+ case CAPSULE_UPDATE_REQUEST:
-+ /* Openamp call with IOCTL for firmware update*/
-+ ioctl_id = IOCTL_CORSTONE1000_FWU_FLASH_IMAGES;
-+ handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
-+ TFM_SP_PLATFORM_IOCTL_VERSION);
-+ if (handle <= 0) {
-+ EMSG("%s Invalid handle", __func__);
-+ rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
-+ return rpc_status;
-+ }
-+ psa_call(caller,handle, PSA_IPC_CALL,
-+ in_vec,IOVEC_LEN(in_vec), NULL, 0);
-+ break;
-+
-+ case KERNEL_STARTED_EVENT:
-+ ioctl_id = IOCTL_CORSTONE1000_FWU_HOST_ACK;
-+ /*openamp call with IOCTL for kernel start*/
-+ handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
-+ TFM_SP_PLATFORM_IOCTL_VERSION);
-+ if (handle <= 0) {
-+ EMSG("%s Invalid handle", __func__);
-+ rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
-+ return rpc_status;
-+ }
-+ psa_call(caller,handle, PSA_IPC_CALL,
-+ in_vec,IOVEC_LEN(in_vec), NULL, 0);
-+ break;
-+ default:
-+ EMSG("%s unsupported opcode", __func__);
-+ rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
-+ return rpc_status;
-+ }
-+ return rpc_status;
-+
-+}
-+
-+static rpc_status_t update_capsule_handler(void *context, struct rpc_request *req)
-+{
-+ struct capsule_update_provider *this_instance = (struct capsule_update_provider*)context;
-+ struct rpc_caller_interface *caller = this_instance->client.session->caller;
-+ uint32_t opcode = req->opcode;
-+ rpc_status_t rpc_status = TS_RPC_ERROR_NOT_READY;
-+
-+ rpc_status = event_handler(opcode, caller);
-+ return rpc_status;
-+}
-+
-+static rpc_status_t boot_confirmed_handler(void *context, struct rpc_request *req)
-+{
-+ struct capsule_update_provider *this_instance = (struct capsule_update_provider*)context;
-+ struct rpc_caller_interface *caller = this_instance->client.session->caller;
-+ uint32_t opcode = req->opcode;
-+ rpc_status_t rpc_status = TS_RPC_ERROR_NOT_READY;
-+
-+ rpc_status = event_handler(opcode, caller);
-+
-+ return rpc_status;
-+}
-diff --git a/components/service/capsule_update/provider/capsule_update_provider.h b/components/service/capsule_update/provider/capsule_update_provider.h
-new file mode 100644
-index 000000000..5dc5535d6
---- /dev/null
-+++ b/components/service/capsule_update/provider/capsule_update_provider.h
-@@ -0,0 +1,51 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef CAPSULE_UPDATE_PROVIDER_H
-+#define CAPSULE_UPDATE_PROVIDER_H
-+
-+#include <rpc/common/endpoint/rpc_service_interface.h>
-+#include <service/common/provider/service_provider.h>
-+#include <service/common/client/service_client.h>
-+#include <service/capsule_update/backend/capsule_update_backend.h>
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/**
-+ * The capsule_update_provider is a service provider that accepts update capsule
-+ * requests and delegates them to a suitable backend that applies the update.
-+ */
-+struct capsule_update_provider
-+{
-+ struct service_provider base_provider;
-+ struct service_client client;
-+};
-+
-+/**
-+ * \brief Initialize an instance of the capsule update service provider
-+ *
-+ * @param[in] context The instance to initialize
-+ *
-+ * \return An rpc_service_interface or NULL on failure
-+ */
-+struct rpc_service_interface *capsule_update_provider_init(
-+ struct capsule_update_provider *context);
-+
-+/**
-+ * \brief Cleans up when the instance is no longer needed
-+ *
-+ * \param[in] context The instance to de-initialize
-+ */
-+void capsule_update_provider_deinit(
-+ struct capsule_update_provider *context);
-+
-+#ifdef __cplusplus
-+} /* extern "C" */
-+#endif
-+
-+#endif /* CAPSULE_UPDATE_PROVIDER_H */
-diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake
-new file mode 100644
-index 000000000..1d412eb23
---- /dev/null
-+++ b/components/service/capsule_update/provider/component.cmake
-@@ -0,0 +1,13 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+ "${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c"
-+ )
-diff --git a/deployments/se-proxy/infra/corstone1000/infra.cmake b/deployments/se-proxy/infra/corstone1000/infra.cmake
-index 3830f9d61..27af8a333 100644
---- a/deployments/se-proxy/infra/corstone1000/infra.cmake
-+++ b/deployments/se-proxy/infra/corstone1000/infra.cmake
-@@ -27,6 +27,7 @@ add_components(TARGET "se-proxy"
- "components/service/fwu/provider/serializer"
- "components/service/fwu/psa_fwu_m/agent"
- "components/service/fwu/psa_fwu_m/interface/stub"
-+ "components/service/capsule_update/provider"
- "components/service/secure_storage/backend/secure_storage_ipc"
- )
-
-diff --git a/deployments/se-proxy/se_proxy_interfaces.h b/deployments/se-proxy/se_proxy_interfaces.h
-index 48908f846..3d4a7c204 100644
---- a/deployments/se-proxy/se_proxy_interfaces.h
-+++ b/deployments/se-proxy/se_proxy_interfaces.h
-@@ -8,9 +8,10 @@
- #define SE_PROXY_INTERFACES_H
-
- /* Interface IDs from service endpoints available from an se-proxy deployment */
--#define SE_PROXY_INTERFACE_ID_ITS (0)
--#define SE_PROXY_INTERFACE_ID_PS (1)
--#define SE_PROXY_INTERFACE_ID_CRYPTO (2)
--#define SE_PROXY_INTERFACE_ID_ATTEST (3)
-+#define SE_PROXY_INTERFACE_ID_ITS (0)
-+#define SE_PROXY_INTERFACE_ID_PS (1)
-+#define SE_PROXY_INTERFACE_ID_CRYPTO (2)
-+#define SE_PROXY_INTERFACE_ID_ATTEST (3)
-+#define SE_PROXY_INTERFACE_ID_CAPSULE_UPDATE (4)
-
- #endif /* SE_PROXY_INTERFACES_H */
-diff --git a/protocols/service/capsule_update/capsule_update_proto.h b/protocols/service/capsule_update/capsule_update_proto.h
-new file mode 100644
-index 000000000..8f326cd38
---- /dev/null
-+++ b/protocols/service/capsule_update/capsule_update_proto.h
-@@ -0,0 +1,13 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef CAPSULE_UPDATE_PROTO_H
-+#define CAPSULE_UPDATE_PROTO_H
-+
-+#include <protocols/service/capsule_update/opcodes.h>
-+#include <protocols/service/capsule_update/parameters.h>
-+
-+#endif /* CAPSULE_UPDATE_PROTO_H */
-diff --git a/protocols/service/capsule_update/opcodes.h b/protocols/service/capsule_update/opcodes.h
-new file mode 100644
-index 000000000..8185a0902
---- /dev/null
-+++ b/protocols/service/capsule_update/opcodes.h
-@@ -0,0 +1,17 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef CAPSULE_UPDATE_OPCODES_H
-+#define CAPSULE_UPDATE_OPCODES_H
-+
-+/**
-+ * Opcode definitions for the capsule update service
-+ */
-+
-+#define CAPSULE_UPDATE_OPCODE_UPDATE_CAPSULE 1
-+#define CAPSULE_UPDATE_OPCODE_BOOT_CONFIRMED 2
-+
-+#endif /* CAPSULE_UPDATE_OPCODES_H */
-diff --git a/protocols/service/capsule_update/parameters.h b/protocols/service/capsule_update/parameters.h
-new file mode 100644
-index 000000000..285d92418
---- /dev/null
-+++ b/protocols/service/capsule_update/parameters.h
-@@ -0,0 +1,15 @@
-+/*
-+ * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef CAPSULE_UPDATE_PARAMETERS_H
-+#define CAPSULE_UPDATE_PARAMETERS_H
-+
-+/**
-+ * Operation parameter definitions for the capsule update service access protocol.
-+ */
-+
-+
-+#endif /* CAPSULE_UPDATE_PARAMETERS_H */
-2.25.1
-
similarity index 100%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fix-in-AEAD-for-psa-arch-test-254.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Fix-in-AEAD-for-psa-arch-test-254.patch
similarity index 100%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-Fix-psa-api-crypto-test-no-243.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fix-psa-api-crypto-test-no-243.patch
deleted file mode 100644
@@ -1,418 +0,0 @@
-From fea499f48d07638417511f194c2977133fd75b4d Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Fri, 8 Jul 2022 09:48:06 +0100
-Subject: [PATCH 03/12] FMP Support in Corstone1000.
-
-The FMP support is used by u-boot to pupolate ESRT information
-for the kernel.
-
-The solution is platform specific and needs to be revisted.
-
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-
-Upstream-Status: Inappropriate [The solution is platform specific and needs to be revisted]
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
----
- .../provider/capsule_update_provider.c | 5 +
- .../capsule_update/provider/component.cmake | 1 +
- .../provider/corstone1000_fmp_service.c | 307 ++++++++++++++++++
- .../provider/corstone1000_fmp_service.h | 26 ++
- 4 files changed, 339 insertions(+)
- create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.c
- create mode 100644 components/service/capsule_update/provider/corstone1000_fmp_service.h
-
-diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
-index f35c272d2..bfeb7301a 100644
---- a/components/service/capsule_update/provider/capsule_update_provider.c
-+++ b/components/service/capsule_update/provider/capsule_update_provider.c
-@@ -11,6 +11,7 @@
- #include <protocols/service/capsule_update/capsule_update_proto.h>
- #include <protocols/rpc/common/packed-c/status.h>
- #include "capsule_update_provider.h"
-+#include "corstone1000_fmp_service.h"
-
-
- #define CAPSULE_UPDATE_REQUEST (0x1)
-@@ -49,6 +50,8 @@ struct rpc_service_interface *capsule_update_provider_init(
- rpc_interface = service_provider_get_rpc_interface(&context->base_provider);
-
-
-+ provision_fmp_variables_metadata(context->client.session->caller);
-+
- return rpc_interface;
- }
-
-@@ -87,6 +90,7 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller_interface *
- }
- psa_call(caller,handle, PSA_IPC_CALL,
- in_vec,IOVEC_LEN(in_vec), NULL, 0);
-+ set_fmp_image_info(caller, handle);
- break;
-
- case KERNEL_STARTED_EVENT:
-@@ -101,6 +105,7 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller_interface *
- }
- psa_call(caller,handle, PSA_IPC_CALL,
- in_vec,IOVEC_LEN(in_vec), NULL, 0);
-+ set_fmp_image_info(caller, handle);
- break;
- default:
- EMSG("%s unsupported opcode", __func__);
-diff --git a/components/service/capsule_update/provider/component.cmake b/components/service/capsule_update/provider/component.cmake
-index 1d412eb23..6b0601494 100644
---- a/components/service/capsule_update/provider/component.cmake
-+++ b/components/service/capsule_update/provider/component.cmake
-@@ -10,4 +10,5 @@ endif()
-
- target_sources(${TGT} PRIVATE
- "${CMAKE_CURRENT_LIST_DIR}/capsule_update_provider.c"
-+ "${CMAKE_CURRENT_LIST_DIR}/corstone1000_fmp_service.c"
- )
-diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
-new file mode 100644
-index 000000000..2222251a7
---- /dev/null
-+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
-@@ -0,0 +1,307 @@
-+/*
-+ * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include "corstone1000_fmp_service.h"
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <psa/storage_common.h>
-+#include <trace.h>
-+
-+#include <service/uefi/smm_variable/backend/variable_index.h>
-+
-+#define VARIABLE_INDEX_STORAGE_UID (0x787)
-+
-+/**
-+ * Variable attributes
-+ */
-+#define EFI_VARIABLE_NON_VOLATILE (0x00000001)
-+#define EFI_VARIABLE_BOOTSERVICE_ACCESS (0x00000002)
-+#define EFI_VARIABLE_RUNTIME_ACCESS (0x00000004)
-+#define EFI_VARIABLE_HARDWARE_ERROR_RECORD (0x00000008)
-+#define EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS (0x00000010)
-+#define EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS (0x00000020)
-+#define EFI_VARIABLE_APPEND_WRITE (0x00000040)
-+#define EFI_VARIABLE_MASK \
-+ (EFI_VARIABLE_NON_VOLATILE | \
-+ EFI_VARIABLE_BOOTSERVICE_ACCESS | \
-+ EFI_VARIABLE_RUNTIME_ACCESS | \
-+ EFI_VARIABLE_HARDWARE_ERROR_RECORD | \
-+ EFI_VARIABLE_AUTHENTICATED_WRITE_ACCESS | \
-+ EFI_VARIABLE_APPEND_WRITE)
-+
-+#define FMP_VARIABLES_COUNT 6
-+
-+static struct variable_metadata fmp_variables_metadata[FMP_VARIABLES_COUNT] = {
-+ {
-+ { 0x86c77a67, 0x0b97, 0x4633, \
-+ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
-+ /* name size = (variable_name + \0) * sizeof(u16) */
-+ .name_size = 42, { 'F', 'm', 'p', 'D', 'e', 's', 'c', 'r', 'i', 'p', 't', 'o', 'r', 'V', 'e', 'r', 's', 'i', 'o', 'n' },
-+ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
-+ },
-+ {
-+ { 0x86c77a67, 0x0b97, 0x4633, \
-+ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
-+ /* name size = (variable_name + \0) * sizeof(u16) */
-+ .name_size = 34, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'I', 'n', 'f', 'o', 'S', 'i', 'z', 'e' },
-+ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
-+ },
-+ {
-+ { 0x86c77a67, 0x0b97, 0x4633, \
-+ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
-+ /* name size = (variable_name + \0) * sizeof(u16) */
-+ .name_size = 38, { 'F', 'm', 'p', 'D', 'e', 's', 'c', 'r', 'i', 'p', 't', 'o', 'r', 'C', 'o', 'u', 'n', 't' },
-+ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
-+ },
-+ {
-+ { 0x86c77a67, 0x0b97, 0x4633, \
-+ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
-+ /* name size = (variable_name + \0) * sizeof(u16) */
-+ .name_size = 26, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'I', 'n', 'f', 'o' },
-+ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
-+ },
-+ {
-+ { 0x86c77a67, 0x0b97, 0x4633, \
-+ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
-+ /* name size = (variable_name + \0) * sizeof(u16) */
-+ .name_size = 28, { 'F', 'm', 'p', 'I', 'm', 'a', 'g', 'e', 'N', 'a', 'm', 'e', '1' },
-+ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
-+ },
-+ {
-+ { 0x86c77a67, 0x0b97, 0x4633, \
-+ { 0xa1, 0x87, 0x49, 0x10, 0x4d, 0x06, 0x85, 0xc7} },
-+ /* name size = (variable_name + \0) * sizeof(u16) */
-+ .name_size = 32, { 'F', 'm', 'p', 'V', 'e', 'r', 's', 'i', 'o', 'n', 'N', 'a', 'm', 'e', '1' },
-+ .attributes = EFI_VARIABLE_NON_VOLATILE, .uid = 0
-+ },
-+};
-+
-+static psa_status_t protected_storage_set(struct rpc_caller_interface *caller,
-+ psa_storage_uid_t uid, size_t data_length, const void *p_data)
-+{
-+ psa_status_t psa_status;
-+ psa_storage_create_flags_t create_flags = PSA_STORAGE_FLAG_NONE;
-+
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
-+ { .base = psa_ptr_const_to_u32(p_data), .len = data_length },
-+ { .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) },
-+ };
-+
-+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_ITS_SET,
-+ in_vec, IOVEC_LEN(in_vec), NULL, 0);
-+ if (psa_status < 0)
-+ EMSG("ipc_set: psa_call failed: %d", psa_status);
-+
-+ return psa_status;
-+}
-+
-+static psa_status_t protected_storage_get(struct rpc_caller_interface *caller,
-+ psa_storage_uid_t uid, size_t data_size, void *p_data)
-+{
-+ psa_status_t psa_status;
-+ uint32_t offset = 0;
-+
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&uid), .len = sizeof(uid) },
-+ { .base = psa_ptr_to_u32(&offset), .len = sizeof(offset) },
-+ };
-+
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(p_data), .len = data_size },
-+ };
-+
-+ psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-+ TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec),
-+ out_vec, IOVEC_LEN(out_vec));
-+
-+ if (psa_status == PSA_SUCCESS && out_vec[0].len != data_size) {
-+ EMSG("Return size does not match with expected size.");
-+ return PSA_ERROR_BUFFER_TOO_SMALL;
-+ }
-+
-+ return psa_status;
-+}
-+
-+static uint64_t name_hash(EFI_GUID *guid, size_t name_size,
-+ const int16_t *name)
-+{
-+ /* Using djb2 hash by Dan Bernstein */
-+ uint64_t hash = 5381;
-+
-+ /* Calculate hash over GUID */
-+ hash = ((hash << 5) + hash) + guid->Data1;
-+ hash = ((hash << 5) + hash) + guid->Data2;
-+ hash = ((hash << 5) + hash) + guid->Data3;
-+
-+ for (int i = 0; i < 8; ++i) {
-+
-+ hash = ((hash << 5) + hash) + guid->Data4[i];
-+ }
-+
-+ /* Extend to cover name up to but not including null terminator */
-+ for (int i = 0; i < name_size / sizeof(int16_t); ++i) {
-+
-+ if (!name[i]) break;
-+ hash = ((hash << 5) + hash) + name[i];
-+ }
-+
-+ return hash;
-+}
-+
-+
-+static void initialize_metadata(void)
-+{
-+ for (int i = 0; i < FMP_VARIABLES_COUNT; i++) {
-+
-+ fmp_variables_metadata[i].uid = name_hash(
-+ &fmp_variables_metadata[i].guid,
-+ fmp_variables_metadata[i].name_size,
-+ fmp_variables_metadata[i].name);
-+ }
-+}
-+
-+
-+void provision_fmp_variables_metadata(struct rpc_caller_interface *caller)
-+{
-+ struct variable_metadata metadata;
-+ psa_status_t status;
-+ uint32_t dummy_values = 0xDEAD;
-+
-+ EMSG("Provisioning FMP metadata.");
-+
-+ initialize_metadata();
-+
-+ status = protected_storage_get(caller, VARIABLE_INDEX_STORAGE_UID,
-+ sizeof(struct variable_metadata), &metadata);
-+
-+ if (status == PSA_SUCCESS) {
-+ EMSG("UEFI variables store is already provisioned.");
-+ return;
-+ }
-+
-+ /* Provision FMP variables with dummy values. */
-+ for (int i = 0; i < FMP_VARIABLES_COUNT; i++) {
-+ protected_storage_set(caller, fmp_variables_metadata[i].uid,
-+ sizeof(dummy_values), &dummy_values);
-+ }
-+
-+ status = protected_storage_set(caller, VARIABLE_INDEX_STORAGE_UID,
-+ sizeof(struct variable_metadata) * FMP_VARIABLES_COUNT,
-+ fmp_variables_metadata);
-+
-+ if (status != EFI_SUCCESS) {
-+ return;
-+ }
-+
-+ EMSG("FMP metadata is provisioned");
-+}
-+
-+typedef struct {
-+ void *base;
-+ int len;
-+} variable_data_t;
-+
-+static variable_data_t fmp_variables_data[FMP_VARIABLES_COUNT];
-+
-+#define IMAGE_INFO_BUFFER_SIZE 256
-+static char image_info_buffer[IMAGE_INFO_BUFFER_SIZE];
-+#define IOCTL_CORSTONE1000_FMP_IMAGE_INFO 2
-+
-+static psa_status_t unpack_image_info(void *buffer, uint32_t size)
-+{
-+ typedef struct __attribute__ ((__packed__)) {
-+ uint32_t variable_count;
-+ uint32_t variable_size[FMP_VARIABLES_COUNT];
-+ uint8_t variable[];
-+ } packed_buffer_t;
-+
-+ packed_buffer_t *packed_buffer = buffer;
-+ int runner = 0;
-+
-+ if (packed_buffer->variable_count != FMP_VARIABLES_COUNT) {
-+ EMSG("Expected fmp varaibles = %u, but received = %u",
-+ FMP_VARIABLES_COUNT, packed_buffer->variable_count);
-+ return PSA_ERROR_PROGRAMMER_ERROR;
-+ }
-+
-+ for (int i = 0; i < packed_buffer->variable_count; i++) {
-+ EMSG("FMP variable %d : size %u", i, packed_buffer->variable_size[i]);
-+ fmp_variables_data[i].base = &packed_buffer->variable[runner];
-+ fmp_variables_data[i].len= packed_buffer->variable_size[i];
-+ runner += packed_buffer->variable_size[i];
-+ }
-+
-+ return PSA_SUCCESS;
-+}
-+
-+static psa_status_t get_image_info(struct rpc_caller_interface *caller,
-+ psa_handle_t platform_service_handle)
-+{
-+ psa_status_t status;
-+ psa_handle_t handle;
-+ uint32_t ioctl_id = IOCTL_CORSTONE1000_FMP_IMAGE_INFO;
-+
-+ struct psa_invec in_vec[] = {
-+ { .base = &ioctl_id, .len = sizeof(ioctl_id) },
-+ };
-+
-+ struct psa_outvec out_vec[] = {
-+ { .base = image_info_buffer, .len = IMAGE_INFO_BUFFER_SIZE },
-+ };
-+
-+ memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE);
-+
-+ psa_call(caller, platform_service_handle, PSA_IPC_CALL,
-+ in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-+
-+ status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE);
-+ if (status != PSA_SUCCESS) {
-+ return status;
-+ }
-+
-+ return PSA_SUCCESS;
-+}
-+
-+static psa_status_t set_image_info(struct rpc_caller_interface *caller)
-+{
-+ psa_status_t status;
-+
-+ for (int i = 0; i < FMP_VARIABLES_COUNT; i++) {
-+
-+ status = protected_storage_set(caller,
-+ fmp_variables_metadata[i].uid,
-+ fmp_variables_data[i].len, fmp_variables_data[i].base);
-+
-+ if (status != PSA_SUCCESS) {
-+
-+ EMSG("FMP variable %d set unsuccessful", i);
-+ return status;
-+ }
-+
-+ EMSG("FMP variable %d set success", i);
-+ }
-+
-+ return PSA_SUCCESS;
-+}
-+
-+void set_fmp_image_info(struct rpc_caller_interface *caller,
-+ psa_handle_t platform_service_handle)
-+{
-+ psa_status_t status;
-+
-+ status = get_image_info(caller, platform_service_handle);
-+ if (status != PSA_SUCCESS) {
-+ return;
-+ }
-+
-+ status = set_image_info(caller);
-+ if (status != PSA_SUCCESS) {
-+ return;
-+ }
-+
-+ return;
-+}
-diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h
-new file mode 100644
-index 000000000..d0023dc07
---- /dev/null
-+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h
-@@ -0,0 +1,26 @@
-+/*
-+ * Copyright (c) 2022, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef CORSTONE1000_FMP_SERVICE_H
-+#define CORSTONE1000_FMP_SERVICE_H
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+#include <rpc_caller.h>
-+#include <psa/client.h>
-+
-+void provision_fmp_variables_metadata(struct rpc_caller_interface *caller);
-+
-+void set_fmp_image_info(struct rpc_caller_interface *caller,
-+ psa_handle_t platform_service_handle);
-+
-+#ifdef __cplusplus
-+} /* extern "C" */
-+#endif
-+
-+#endif /* CORSTONE1000_FMP_SERVICE_H */
-2.25.1
-
similarity index 100%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-Remove-Werror-flag.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-Remove-Werror-flag.patch
similarity index 100%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0004-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch
similarity index 100%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Make-RSS-and-MHU-sizes-compile-time-definitions-user.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Make-RSS-and-MHU-sizes-compile-time-definitions-user.patch
deleted file mode 100644
@@ -1,141 +0,0 @@
-From 81d1dbe3f04195c0ad26790e127d61149e4f5b78 Mon Sep 17 00:00:00 2001
-From: Emekcan Aras <emekcan.aras@arm.com>
-Date: Sun, 18 Jun 2023 14:38:42 +0100
-Subject: [PATCH 05/12] plat: corstone1000: Use the stateless platform service
- calls Calls to psa_connect is not needed and psa_call can be called directly
- with a pre defined handle.
-
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Mohamed Omar Asaker <mohamed.omarasaker@arm.com>
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-
-Upstream-Status: Inappropriate [Design is to revisted]
----
- .../provider/capsule_update_provider.c | 24 ++++---------------
- .../provider/corstone1000_fmp_service.c | 10 ++++----
- .../provider/corstone1000_fmp_service.h | 3 +--
- components/service/common/include/psa/sid.h | 7 ++++++
- 4 files changed, 17 insertions(+), 27 deletions(-)
-
-diff --git a/components/service/capsule_update/provider/capsule_update_provider.c b/components/service/capsule_update/provider/capsule_update_provider.c
-index bfeb7301a..12c552dae 100644
---- a/components/service/capsule_update/provider/capsule_update_provider.c
-+++ b/components/service/capsule_update/provider/capsule_update_provider.c
-@@ -63,7 +63,6 @@ void capsule_update_provider_deinit(struct capsule_update_provider *context)
- static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller_interface *caller)
- {
- uint32_t ioctl_id;
-- psa_handle_t handle;
- rpc_status_t rpc_status = TS_RPC_CALL_ACCEPTED;
-
- struct psa_invec in_vec[] = {
-@@ -81,31 +80,18 @@ static rpc_status_t event_handler(uint32_t opcode, struct rpc_caller_interface *
- case CAPSULE_UPDATE_REQUEST:
- /* Openamp call with IOCTL for firmware update*/
- ioctl_id = IOCTL_CORSTONE1000_FWU_FLASH_IMAGES;
-- handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
-- TFM_SP_PLATFORM_IOCTL_VERSION);
-- if (handle <= 0) {
-- EMSG("%s Invalid handle", __func__);
-- rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
-- return rpc_status;
-- }
-- psa_call(caller,handle, PSA_IPC_CALL,
-+ psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
- in_vec,IOVEC_LEN(in_vec), NULL, 0);
-- set_fmp_image_info(caller, handle);
-+ set_fmp_image_info(caller);
- break;
-
- case KERNEL_STARTED_EVENT:
- ioctl_id = IOCTL_CORSTONE1000_FWU_HOST_ACK;
- /*openamp call with IOCTL for kernel start*/
-- handle = psa_connect(caller, TFM_SP_PLATFORM_IOCTL_SID,
-- TFM_SP_PLATFORM_IOCTL_VERSION);
-- if (handle <= 0) {
-- EMSG("%s Invalid handle", __func__);
-- rpc_status = TS_RPC_ERROR_INVALID_PARAMETER;
-- return rpc_status;
-- }
-- psa_call(caller,handle, PSA_IPC_CALL,
-+
-+ psa_call(caller,TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
- in_vec,IOVEC_LEN(in_vec), NULL, 0);
-- set_fmp_image_info(caller, handle);
-+ set_fmp_image_info(caller);
- break;
- default:
- EMSG("%s unsupported opcode", __func__);
-diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
-index 2222251a7..2ed0f33c5 100644
---- a/components/service/capsule_update/provider/corstone1000_fmp_service.c
-+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
-@@ -238,8 +238,7 @@ static psa_status_t unpack_image_info(void *buffer, uint32_t size)
- return PSA_SUCCESS;
- }
-
--static psa_status_t get_image_info(struct rpc_caller_interface *caller,
-- psa_handle_t platform_service_handle)
-+static psa_status_t get_image_info(struct rpc_caller_interface *caller)
- {
- psa_status_t status;
- psa_handle_t handle;
-@@ -255,7 +254,7 @@ static psa_status_t get_image_info(struct rpc_caller_interface *caller,
-
- memset(image_info_buffer, 0, IMAGE_INFO_BUFFER_SIZE);
-
-- psa_call(caller, platform_service_handle, PSA_IPC_CALL,
-+ psa_call(caller, TFM_PLATFORM_SERVICE_HANDLE, TFM_PLATFORM_API_ID_IOCTL,
- in_vec, IOVEC_LEN(in_vec), out_vec, IOVEC_LEN(out_vec));
-
- status = unpack_image_info(image_info_buffer, IMAGE_INFO_BUFFER_SIZE);
-@@ -288,12 +287,11 @@ static psa_status_t set_image_info(struct rpc_caller_interface *caller)
- return PSA_SUCCESS;
- }
-
--void set_fmp_image_info(struct rpc_caller_interface *caller,
-- psa_handle_t platform_service_handle)
-+void set_fmp_image_info(struct rpc_caller_interface *caller)
- {
- psa_status_t status;
-
-- status = get_image_info(caller, platform_service_handle);
-+ status = get_image_info(caller);
- if (status != PSA_SUCCESS) {
- return;
- }
-diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.h b/components/service/capsule_update/provider/corstone1000_fmp_service.h
-index d0023dc07..486fa10b4 100644
---- a/components/service/capsule_update/provider/corstone1000_fmp_service.h
-+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.h
-@@ -16,8 +16,7 @@ extern "C" {
-
- void provision_fmp_variables_metadata(struct rpc_caller_interface *caller);
-
--void set_fmp_image_info(struct rpc_caller_interface *caller,
-- psa_handle_t platform_service_handle);
-+void set_fmp_image_info(struct rpc_caller_interface *caller);
-
- #ifdef __cplusplus
- } /* extern "C" */
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index 5aaa659d4..fc3a4fb06 100644
---- a/components/service/common/include/psa/sid.h
-+++ b/components/service/common/include/psa/sid.h
-@@ -40,6 +40,13 @@ extern "C" {
- #define TFM_CRYPTO_VERSION (1U)
- #define TFM_CRYPTO_HANDLE (0x40000100U)
-
-+/******** TFM_PLATFORM_SERVICE *******/
-+#define TFM_PLATFORM_API_ID_IOCTL (1013)
-+#define TFM_PLATFORM_SERVICE_HANDLE (0x40000105U)
-+
-+/**
-+ * \brief Define a progressive numerical value for each SID which can be used
-+ * when dispatching the requests to the service
- /******** TFM_SP_PLATFORM ********/
- #define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U)
- #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U)
-2.25.1
-
similarity index 100%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Align-PSA-Crypto-with-TF-Mv2.1.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Align-PSA-Crypto-with-TF-Mv2.1.patch
deleted file mode 100644
@@ -1,106 +0,0 @@
-From 8a6542231613d5f1b60bc209a7ad8f8cf72bc95a Mon Sep 17 00:00:00 2001
-From: Bence Balogh <bence.balogh@arm.com>
-Date: Wed, 29 Nov 2023 15:40:21 +0100
-Subject: [PATCH 06/12] plat: corstone1000: Initialize capsule update provider
-
-Initializes the capsule update service provider in se-proxy-sp.c deployment
-for corstone1000.
-
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Upstream-Status: Inappropriate [Design is to revisted]
----
- .../se-proxy/env/commonsp/se_proxy_sp.c | 14 +++++++++-
- .../corstone1000/service_proxy_factory.c | 28 +++++++++++++++++++
- .../se-proxy/infra/service_proxy_factory.h | 1 +
- 3 files changed, 42 insertions(+), 1 deletion(-)
-
-diff --git a/deployments/se-proxy/env/commonsp/se_proxy_sp.c b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
-index 485d76493..88e4cf17e 100644
---- a/deployments/se-proxy/env/commonsp/se_proxy_sp.c
-+++ b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
-@@ -39,7 +39,7 @@ void __noreturn sp_main(union ffa_boot_info *boot_info)
- goto fatal_error;
- }
-
-- rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 5, 16);
-+ rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 6, 16);
- if (rpc_status != RPC_SUCCESS) {
- EMSG("Failed to initialize RPC endpoint: %d", rpc_status);
- goto fatal_error;
-@@ -94,6 +94,18 @@ void __noreturn sp_main(union ffa_boot_info *boot_info)
- goto fatal_error;
- }
-
-+ rpc_iface = capsule_update_proxy_create();
-+ if (!rpc_iface) {
-+ EMSG("Failed to create Capsule Update proxy");
-+ goto fatal_error;
-+ }
-+
-+ rpc_status = ts_rpc_endpoint_sp_add_service(&rpc_endpoint, rpc_iface);
-+ if (rpc_status != RPC_SUCCESS) {
-+ EMSG("Failed to add service to RPC endpoint: %d", rpc_status);
-+ goto fatal_error;
-+ }
-+
- rpc_iface = fwu_proxy_create();
- if (!rpc_iface) {
- EMSG("Failed to create FWU proxy");
-diff --git a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
-index 759983b46..185a6cd97 100644
---- a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
-+++ b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
-@@ -11,6 +11,7 @@
- #include <rpc/rse_comms/caller/sp/rse_comms_caller.h>
- #include <service/attestation/provider/attest_provider.h>
- #include <service/attestation/provider/serializer/packed-c/packedc_attest_provider_serializer.h>
-+#include <service/capsule_update/provider/capsule_update_provider.h>
- #include <service/crypto/factory/crypto_provider_factory.h>
- #include "service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.h"
- #include "service/fwu/provider/fwu_provider.h"
-@@ -141,3 +142,30 @@ struct rpc_service_interface *fwu_proxy_create(void)
-
- return fwu_provider_init(&fwu_provider, agent);
- }
-+
-+struct rpc_service_interface *capsule_update_proxy_create(void)
-+{
-+ static struct capsule_update_provider capsule_update_provider;
-+ static struct secure_storage_ipc capsule_update_backend;
-+ rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
-+
-+ /* Static objects for proxy instance */
-+ static struct rpc_caller_interface rse_comms = { 0 };
-+ static struct rpc_caller_session rpc_session = { 0 };
-+
-+ rpc_status = rse_comms_caller_init(&rse_comms);
-+ if (rpc_status != RPC_SUCCESS)
-+ return NULL;
-+
-+ rpc_status = rpc_caller_session_open(&rpc_session, &rse_comms, &dummy_uuid, 0, 0);
-+ if (rpc_status != RPC_SUCCESS)
-+ return NULL;
-+
-+
-+ capsule_update_provider.client.session = &rpc_session;
-+ capsule_update_provider.client.rpc_status = RPC_SUCCESS;
-+ capsule_update_provider.client.service_info.supported_encodings = 0;
-+ capsule_update_provider.client.service_info.max_payload = 4096;
-+
-+ return capsule_update_provider_init(&capsule_update_provider);
-+}
-diff --git a/deployments/se-proxy/infra/service_proxy_factory.h b/deployments/se-proxy/infra/service_proxy_factory.h
-index be83319b8..88b377063 100644
---- a/deployments/se-proxy/infra/service_proxy_factory.h
-+++ b/deployments/se-proxy/infra/service_proxy_factory.h
-@@ -18,6 +18,7 @@ struct rpc_service_interface *crypto_proxy_create(void);
- struct rpc_service_interface *ps_proxy_create(void);
- struct rpc_service_interface *its_proxy_create(void);
- struct rpc_service_interface *fwu_proxy_create(void);
-+struct rpc_service_interface *capsule_update_proxy_create(void);
-
- #ifdef __cplusplus
- }
-2.25.1
-
similarity index 74%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Revert-Load-and-store-UEFI-variable-index-in-chunks.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-Revert-Load-and-store-UEFI-variable-index-in-chunks.patch
@@ -1,28 +1,29 @@
-From c490956e50e721c8f2db5934ae5af365ba92e55a Mon Sep 17 00:00:00 2001
+From a986e751f6d4ef34bdc3847cfb02e6f24fbb0702 Mon Sep 17 00:00:00 2001
From: Bence Balogh <bence.balogh@arm.com>
Date: Mon, 25 Nov 2024 22:13:15 +0100
-Subject: [PATCH 2/3] Revert "Load and store UEFI variable index in chunks"
+Subject: [PATCH 01/12] Revert "Load and store UEFI variable index in chunks"
This reverts commit a0a08571084238af2a24d4e6e580308f86ab59a2.
The PSA IPC backend for the Protected Storage doesn't support the optional
-create() and set_extended() APIs. This feature has to be reverted because
+create() and set_extended() APIs. This feature has to be reverted because
of this.
-Keep this inappropriate patch until the usage of create() and set_extended()
+Keep this inappropriate patch until the usage of create() and set_extended()
APIs are not optional in the SMM-Gateway.
Upstream-Status: Inappropriate [To be redesigned]
Signed-off-by: Bence Balogh <bence.balogh@arm.com>
+Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
---
- .../backend/test/variable_store_tests.cpp | 100 +-----------------
- .../backend/uefi_variable_store.c | 84 +++------------
+ .../backend/test/variable_store_tests.cpp | 100 +--------------
+ .../backend/uefi_variable_store.c | 115 ++++--------------
deployments/smm-gateway/common/smm_gateway.c | 4 +
- 3 files changed, 22 insertions(+), 166 deletions(-)
+ 3 files changed, 28 insertions(+), 191 deletions(-)
diff --git a/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp b/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp
-index e0f21f77a..2a8c8eb94 100644
+index 0f962f20..7c7435fb 100644
--- a/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp
+++ b/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp
-@@ -56,12 +56,6 @@ TEST_GROUP(UefiVariableStoreTests)
+@@ -57,12 +57,6 @@ TEST_GROUP(UefiVariableStoreTests)
return var_name;
}
@@ -35,7 +36,7 @@ index e0f21f77a..2a8c8eb94 100644
size_t string_get_size_in_bytes(const std::u16string &string)
{
return string.size() * sizeof(uint16_t);
-@@ -266,9 +260,9 @@ TEST_GROUP(UefiVariableStoreTests)
+@@ -267,9 +261,9 @@ TEST_GROUP(UefiVariableStoreTests)
MAX_VARIABLE_SIZE);
}
@@ -44,14 +45,13 @@ index e0f21f77a..2a8c8eb94 100644
static const size_t MAX_VARIABLE_SIZE = 3000;
- static const size_t STORE_CAPACITY = MAX_VARIABLES * MAX_VARIABLE_SIZE;
+ static const size_t STORE_CAPACITY = 10000;
-
- static const uint32_t OWNER_ID = 100;
- /*
-@@ -773,93 +767,3 @@ TEST(UefiVariableStoreTests, noRemoveCheck)
- EFI_VARIABLE_NON_VOLATILE);
+ static const size_t VARIABLE_INDEX_MAX_SIZE =
+ sizeof(uint32_t) +
+ MAX_VARIABLES * (sizeof(struct variable_metadata) +
+@@ -784,96 +778,6 @@ TEST(UefiVariableStoreTests, noRemoveCheck)
UNSIGNED_LONGLONGS_EQUAL(EFI_INVALID_PARAMETER, status);
}
--
+
-TEST(UefiVariableStoreTests, fillStore)
-{
- efi_status_t status = EFI_SUCCESS;
@@ -141,50 +141,77 @@ index e0f21f77a..2a8c8eb94 100644
- LONGS_EQUAL(0, input_data.compare(output_data));
- }
-}
+-
+ TEST(UefiVariableStoreTests, variableIndexCounterOverflow)
+ {
+ efi_status_t efi_status = EFI_SUCCESS;
diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.c b/components/service/uefi/smm_variable/backend/uefi_variable_store.c
-index 459ca4566..e5fc32864 100644
+index 48b81ff3..e90ed172 100644
--- a/components/service/uefi/smm_variable/backend/uefi_variable_store.c
+++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.c
-@@ -615,41 +615,26 @@ static efi_status_t load_variable_index(struct uefi_variable_store *context)
+@@ -716,59 +716,29 @@ static psa_status_t get_active_variable_uid(struct uefi_variable_store *context,
+ static efi_status_t load_variable_index(struct uefi_variable_store *context)
+ {
+ struct storage_backend *persistent_store = context->persistent_store.storage_backend;
+- psa_status_t psa_status = PSA_SUCCESS;
if (persistent_store) {
size_t data_len = 0;
- size_t data_offset = 0;
+- struct psa_storage_info_t variable_index_info = { 0 };
+-
+- psa_status = get_active_variable_uid(context, &context->active_variable_index_uid,
+- &context->variable_index.counter);
+- switch (psa_status) {
+- case PSA_SUCCESS:
+- break;
-- do {
-- psa_status_t psa_status = persistent_store->interface->get(
-- persistent_store->context, context->owner_id,
-- SMM_VARIABLE_INDEX_STORAGE_UID, data_offset,
-- RPC_CALLER_SESSION_SHARED_MEMORY_SIZE,
-- context->index_sync_buffer + data_offset, &data_len);
+- case PSA_ERROR_DOES_NOT_EXIST:
+- IMSG("Variable index does not exist in NV store, continuing with empty index");
+- return EFI_SUCCESS;
+ psa_status_t psa_status = persistent_store->interface->get(
+ persistent_store->context, context->owner_id,
+ SMM_VARIABLE_INDEX_STORAGE_UID, 0, context->index_sync_buffer_size,
+ context->index_sync_buffer, &data_len);
-- switch (psa_status) {
-+ switch(psa_status) {
- case PSA_SUCCESS:
-- data_offset += data_len;
+- default:
+- EMSG("Loading variable index failed: %d", psa_status);
+- return EFI_LOAD_ERROR;
+- }
-
-- if (data_offset > context->index_sync_buffer_size) {
-- EMSG("Variable index cannot fit the sync buffer");
-- return EFI_LOAD_ERROR;
-- }
+- /* Make sure the variable index fits the buffer */
+- persistent_store->interface->get_info(persistent_store->context, context->owner_id,
+- context->active_variable_index_uid,
+- &variable_index_info);
-
+- if (variable_index_info.size > context->index_sync_buffer_size) {
+- EMSG("Variable index cannot fit the sync buffer");
+- return EFI_LOAD_ERROR;
+- }
++ switch(psa_status) {
++ case PSA_SUCCESS:
+ (void) variable_index_restore(&context->variable_index, data_len,
+ context->index_sync_buffer);
- break;
++ break;
- case PSA_ERROR_DOES_NOT_EXIST:
- IMSG("Index variable does not exist in NV store, continuing with empty index");
-- return EFI_SUCCESS;
+- do {
+- psa_status = persistent_store->interface->get(
+- persistent_store->context, context->owner_id,
+- context->active_variable_index_uid, data_offset,
+- RPC_CALLER_SESSION_SHARED_MEMORY_SIZE,
+- context->index_sync_buffer + data_offset, &data_len);
++ case PSA_ERROR_DOES_NOT_EXIST:
++ IMSG("Index variable does not exist in NV store, continuing with empty index");
+ break;
- default:
+- if (psa_status != PSA_SUCCESS) {
++ default:
EMSG("Loading variable index failed: %d", psa_status);
return EFI_LOAD_ERROR;
- }
+-
+- data_offset += data_len;
+-
- } while (data_len == RPC_CALLER_SESSION_SHARED_MEMORY_SIZE);
-
- variable_index_restore(&context->variable_index, data_offset,
@@ -196,8 +223,8 @@ index 459ca4566..e5fc32864 100644
}
return EFI_SUCCESS;
-@@ -658,14 +643,13 @@ static efi_status_t load_variable_index(struct uefi_variable_store *context)
- static efi_status_t sync_variable_index(const struct uefi_variable_store *context)
+@@ -777,14 +747,13 @@ static efi_status_t load_variable_index(struct uefi_variable_store *context)
+ static efi_status_t sync_variable_index(struct uefi_variable_store *context)
{
efi_status_t status = EFI_SUCCESS;
- psa_status_t psa_status = PSA_SUCCESS;
@@ -213,27 +240,29 @@ index 459ca4566..e5fc32864 100644
if (status != EFI_SUCCESS)
return status;
-@@ -674,52 +658,16 @@ static efi_status_t sync_variable_index(const struct uefi_variable_store *contex
+@@ -793,56 +762,16 @@ static efi_status_t sync_variable_index(struct uefi_variable_store *context)
context->persistent_store.storage_backend;
if (persistent_store) {
- size_t data_offset = 0;
+- uint64_t next_index_uid = 0;
+-
+- /* Write the older one */
+- next_index_uid = (context->active_variable_index_uid ==
+- SMM_VARIABLE_INDEX_STORAGE_A_UID ?
+- SMM_VARIABLE_INDEX_STORAGE_B_UID :
+- SMM_VARIABLE_INDEX_STORAGE_A_UID);
-
- psa_status = persistent_store->interface->remove(
-+ psa_status_t psa_status = persistent_store->interface->set(
- persistent_store->context, context->owner_id,
-- SMM_VARIABLE_INDEX_STORAGE_UID);
+- persistent_store->context, context->owner_id, next_index_uid);
-
- if (psa_status != PSA_SUCCESS && psa_status != PSA_ERROR_DOES_NOT_EXIST)
- goto end;
-+ SMM_VARIABLE_INDEX_STORAGE_UID, data_len,
-+ context->index_sync_buffer, PSA_STORAGE_FLAG_NONE);
-
+-
- /* Check if the index exists and create if not yet */
- psa_status = persistent_store->interface->create(
-- persistent_store->context, context->owner_id,
-- SMM_VARIABLE_INDEX_STORAGE_UID, remaining_data_len,
-- PSA_STORAGE_FLAG_NONE);
+- persistent_store->context, context->owner_id, next_index_uid,
+- remaining_data_len, PSA_STORAGE_FLAG_NONE);
-
- if (psa_status != PSA_SUCCESS)
- goto end;
@@ -244,8 +273,7 @@ index 459ca4566..e5fc32864 100644
-
- psa_status = persistent_store->interface->set_extended(
- persistent_store->context, context->owner_id,
-- SMM_VARIABLE_INDEX_STORAGE_UID, data_offset,
-- data_of_this_iteration,
+- next_index_uid, data_offset, data_of_this_iteration,
- context->index_sync_buffer + data_offset);
-
- if (psa_status != PSA_SUCCESS)
@@ -255,7 +283,11 @@ index 459ca4566..e5fc32864 100644
- remaining_data_len -= data_of_this_iteration;
-
- } while (remaining_data_len);
--
++ psa_status_t psa_status = persistent_store->interface->set(
++ persistent_store->context, context->owner_id,
++ SMM_VARIABLE_INDEX_STORAGE_UID, data_len,
++ context->index_sync_buffer, PSA_STORAGE_FLAG_NONE);
+
- variable_index_confirm_write(&context->variable_index);
- context->active_variable_index_uid = next_index_uid;
- } else {
@@ -272,7 +304,7 @@ index 459ca4566..e5fc32864 100644
/* Check attribute usage rules */
diff --git a/deployments/smm-gateway/common/smm_gateway.c b/deployments/smm-gateway/common/smm_gateway.c
-index 3ab45ccf5..eaa861370 100644
+index 3ab45ccf..eaa86137 100644
--- a/deployments/smm-gateway/common/smm_gateway.c
+++ b/deployments/smm-gateway/common/smm_gateway.c
@@ -40,6 +40,10 @@
@@ -287,5 +319,5 @@ index 3ab45ccf5..eaa861370 100644
* The SP heap must be large enough for storing the UEFI variable index, the RPC shared memory and
* ~16kB of miscellaneous data.
--
-2.25.1
+2.34.1
deleted file mode 100644
@@ -1,49 +0,0 @@
-From eddadb001463495307fb33f99e8cb41b9722ace1 Mon Sep 17 00:00:00 2001
-From: Bence Balogh <bence.balogh@arm.com>
-Date: Fri, 5 Apr 2024 17:31:03 +0200
-Subject: [PATCH 07/12] plat: corstone1000: add client_id for FMP service
-
-Corstone1000 uses trusted-firmware-m as secure enclave software component. Due
-to the changes in TF-M 2.0, psa services requires a seperate client_id now.
-This commit adds smm-gateway-sp client id to the FMP services since FMP structure
-accessed by u-boot via smm-gateway-sp.
-
-Signed-off-by: emeara01 <emekcan.aras@arm.com>
-Upstream-Status: Inappropriate [Design is to revisted]
----
- .../capsule_update/provider/corstone1000_fmp_service.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/components/service/capsule_update/provider/corstone1000_fmp_service.c b/components/service/capsule_update/provider/corstone1000_fmp_service.c
-index 2ed0f33c5..58c2cceaf 100644
---- a/components/service/capsule_update/provider/corstone1000_fmp_service.c
-+++ b/components/service/capsule_update/provider/corstone1000_fmp_service.c
-@@ -33,6 +33,7 @@
- EFI_VARIABLE_APPEND_WRITE)
-
- #define FMP_VARIABLES_COUNT 6
-+#define SMM_GW_SP_ID 0x8003
-
- static struct variable_metadata fmp_variables_metadata[FMP_VARIABLES_COUNT] = {
- {
-@@ -91,7 +92,7 @@ static psa_status_t protected_storage_set(struct rpc_caller_interface *caller,
- { .base = psa_ptr_to_u32(&create_flags), .len = sizeof(create_flags) },
- };
-
-- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, TFM_PS_ITS_SET,
-+ psa_status = psa_call_client_id(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, SMM_GW_SP_ID,TFM_PS_ITS_SET,
- in_vec, IOVEC_LEN(in_vec), NULL, 0);
- if (psa_status < 0)
- EMSG("ipc_set: psa_call failed: %d", psa_status);
-@@ -114,7 +115,7 @@ static psa_status_t protected_storage_get(struct rpc_caller_interface *caller,
- { .base = psa_ptr_to_u32(p_data), .len = data_size },
- };
-
-- psa_status = psa_call(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE,
-+ psa_status = psa_call_client_id(caller, TFM_PROTECTED_STORAGE_SERVICE_HANDLE, SMM_GW_SP_ID,
- TFM_PS_ITS_GET, in_vec, IOVEC_LEN(in_vec),
- out_vec, IOVEC_LEN(out_vec));
-
-2.25.1
-
new file mode 100644
@@ -0,0 +1,71 @@
+From 77dbb98428b0661f0ceee54208d226fc7fb27130 Mon Sep 17 00:00:00 2001
+From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
+Date: Sun, 1 Jun 2025 11:06:00 +0000
+Subject: [PATCH 02/11] se proxy protobuf change
+
+Upstream-Status: Pending (not yet submitted to upstream)
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
+---
+ .../se-proxy/env/commonsp/se_proxy_sp.c | 24 ++++++++++++++++++-
+ 1 file changed, 23 insertions(+), 1 deletion(-)
+
+diff --git a/deployments/se-proxy/env/commonsp/se_proxy_sp.c b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
+index 485d7649..9f94092b 100644
+--- a/deployments/se-proxy/env/commonsp/se_proxy_sp.c
++++ b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
+@@ -13,6 +13,7 @@
+ #include "trace.h"
+ #include "deployments/se-proxy/infra/service_proxy_factory.h"
+ #include "deployments/se-proxy/se_proxy_interfaces.h"
++#include <service/crypto/factory/crypto_provider_factory.h>
+
+ static bool sp_init(uint16_t *own_sp_id);
+
+@@ -25,6 +26,8 @@ void __noreturn sp_main(union ffa_boot_info *boot_info)
+ uint16_t own_id = 0;
+ sp_result result = SP_RESULT_INTERNAL_ERROR;
+ rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
++ struct rpc_service_interface *crypto_iface_protobuf = NULL;
++ struct crypto_provider *crypto_protobuf_provider = NULL;
+
+ /* Boot phase */
+ if (!sp_init(&own_id)) {
+@@ -39,7 +42,7 @@ void __noreturn sp_main(union ffa_boot_info *boot_info)
+ goto fatal_error;
+ }
+
+- rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 5, 16);
++ rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 6, 16);
+ if (rpc_status != RPC_SUCCESS) {
+ EMSG("Failed to initialize RPC endpoint: %d", rpc_status);
+ goto fatal_error;
+@@ -106,6 +109,25 @@ void __noreturn sp_main(union ffa_boot_info *boot_info)
+ goto fatal_error;
+ }
+
++ crypto_protobuf_provider = crypto_protobuf_provider_factory_create();
++ if (!crypto_protobuf_provider) {
++ EMSG("Failed to create crypto protobuf provider factory");
++ goto fatal_error;
++ }
++
++ crypto_iface_protobuf = service_provider_get_rpc_interface(
++ &crypto_protobuf_provider->base_provider);
++ if (!crypto_iface_protobuf) {
++ EMSG("Failed to create service provider RPC interface");
++ goto fatal_error;
++ }
++
++ rpc_status = ts_rpc_endpoint_sp_add_service(&rpc_endpoint, crypto_iface_protobuf);
++ if (rpc_status != RPC_SUCCESS) {
++ EMSG("Failed to add service to RPC endpoint: %d", rpc_status);
++ goto fatal_error;
++ }
++
+ /* End of boot phase */
+ result = sp_msg_wait(&req_msg);
+ if (result != SP_RESULT_OK) {
+--
+2.34.1
+
similarity index 100%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-Platform-Corstone1000-Add-PLATFORM_IS_FVP-toggle-for.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0009-Platform-Corstone1000-Add-PLATFORM_IS_FVP-toggle-for.patch
similarity index 97%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Integrate-PSA-FWU-IPC-framework-for-Corstone-1000.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Integrate-PSA-FWU-IPC-framework-for-Corstone-1000.patch
@@ -1,7 +1,7 @@
-From fcc7701baf4246e5ceebe4d50db223cb70a0c00f Mon Sep 17 00:00:00 2001
+From f385ddacc8cc62842f7c9c91622d59959c41e718 Mon Sep 17 00:00:00 2001
From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Date: Thu, 28 Nov 2024 12:02:28 +0000
-Subject: [PATCH 1/8] Integrate PSA FWU IPC framework for Corstone-1000
+Subject: [PATCH 04/11] Integrate PSA FWU IPC framework for Corstone-1000
Integrate IPC framework for PSA FWU calls between Cortex-A side and Cortex-M subsystems.
@@ -26,7 +26,7 @@ Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
create mode 100644 components/service/fwu/psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.h
diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index fc3a4fb0..4830f438 100644
+index 5aaa659d..0235764d 100644
--- a/components/service/common/include/psa/sid.h
+++ b/components/service/common/include/psa/sid.h
@@ -1,5 +1,5 @@
@@ -36,7 +36,7 @@ index fc3a4fb0..4830f438 100644
*
* SPDX-License-Identifier: BSD-3-Clause
*
-@@ -65,6 +65,10 @@ extern "C" {
+@@ -58,6 +58,10 @@ extern "C" {
#define TFM_ATTEST_GET_TOKEN_SIZE 1002
/******** TFM_SP_FWU ********/
@@ -381,7 +381,7 @@ index 00000000..867a1c9c
+#endif /* PSA_FWU_IPC_H */
+
diff --git a/deployments/se-proxy/infra/corstone1000/infra.cmake b/deployments/se-proxy/infra/corstone1000/infra.cmake
-index 27af8a33..0b04149a 100644
+index 3830f9d6..2bf6b36e 100644
--- a/deployments/se-proxy/infra/corstone1000/infra.cmake
+++ b/deployments/se-proxy/infra/corstone1000/infra.cmake
@@ -26,7 +26,7 @@ add_components(TARGET "se-proxy"
@@ -390,14 +390,14 @@ index 27af8a33..0b04149a 100644
"components/service/fwu/psa_fwu_m/agent"
- "components/service/fwu/psa_fwu_m/interface/stub"
+ "components/service/fwu/psa_fwu_m/interface/psa_ipc"
- "components/service/capsule_update/provider"
"components/service/secure_storage/backend/secure_storage_ipc"
)
+
diff --git a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
-index 8872abcb..ef91efe0 100644
+index 759983b4..547e84bc 100644
--- a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
+++ b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
-@@ -15,6 +15,7 @@
+@@ -14,6 +14,7 @@
#include <service/crypto/factory/crypto_provider_factory.h>
#include "service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.h"
#include "service/fwu/provider/fwu_provider.h"
@@ -405,7 +405,7 @@ index 8872abcb..ef91efe0 100644
#include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
#include "service/secure_storage/frontend/secure_storage_provider/secure_storage_uuid.h"
#include <trace.h>
-@@ -135,10 +136,25 @@ struct rpc_service_interface *its_proxy_create(void)
+@@ -134,10 +135,25 @@ struct rpc_service_interface *its_proxy_create(void)
struct rpc_service_interface *fwu_proxy_create(void)
{
@@ -432,5 +432,5 @@ index 8872abcb..ef91efe0 100644
return fwu_provider_init(&fwu_provider, agent);
}
--
-2.25.1
+2.34.1
similarity index 100%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0019-Load-initial-image-state-in-PSA-FWU-M-update-agent.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Load-initial-image-state-in-PSA-FWU-M-update-agent.patch
similarity index 100%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0020-Corstone1000-Define-PSA-FWU-image-mapping-structure.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-Corstone1000-Define-PSA-FWU-image-mapping-structure.patch
deleted file mode 100644
@@ -1,716 +0,0 @@
-From f0c1c15fc8886349f7aeb04e1328472894b674d7 Mon Sep 17 00:00:00 2001
-From: Bence Balogh <bence.balogh@arm.com>
-Date: Mon, 25 Nov 2024 22:11:33 +0100
-Subject: [PATCH 1/3] Revert "Make variable index usage robust with redundancy"
-
-This reverts commit 8e394bbfae1dccf86a6a5428471e1b10fdaa74ec.
-This revert is needed because the FMP support added for Corstone-1000 only
-works if the SMM_VARIABLE_INDEX_STORAGE_UID is 0x787. See the implementation
-in the 0003-FMP-Support-in-Corstone1000.patch file.
-
-The 0003-FMP-Support-in-Corstone1000.patch is also inappropriate and will be
-redesigned. Instead of fixing that patch, revert this redundancy feature until
-the FMP support is redesigned.
-
-Upstream-Status: Inappropriate [To be removed after new FWU design]
-Signed-off-by: Bence Balogh <bence.balogh@arm.com>
----
- .../backend/test/variable_index_tests.cpp | 50 ++---
- .../backend/test/variable_store_tests.cpp | 166 ----------------
- .../backend/uefi_variable_store.c | 181 +++---------------
- .../backend/uefi_variable_store.h | 1 -
- .../smm_variable/backend/variable_index.c | 29 +--
- .../smm_variable/backend/variable_index.h | 3 +-
- 6 files changed, 46 insertions(+), 384 deletions(-)
-
-diff --git a/components/service/uefi/smm_variable/backend/test/variable_index_tests.cpp b/components/service/uefi/smm_variable/backend/test/variable_index_tests.cpp
-index cf0f6a12e..a52cfbf76 100644
---- a/components/service/uefi/smm_variable/backend/test/variable_index_tests.cpp
-+++ b/components/service/uefi/smm_variable/backend/test/variable_index_tests.cpp
-@@ -208,8 +208,7 @@ TEST(UefiVariableIndexTests, enumerateStore)
-
- TEST(UefiVariableIndexTests, dumpLoadRoadtrip)
- {
-- uint8_t buffer[sizeof(uint32_t) +
-- MAX_VARIABLES * (sizeof(struct variable_metadata) + sizeof(bool))];
-+ uint8_t buffer[MAX_VARIABLES * sizeof(struct variable_metadata)];
-
- create_variables();
-
-@@ -223,13 +222,7 @@ TEST(UefiVariableIndexTests, dumpLoadRoadtrip)
-
- CHECK_TRUE(is_dirty);
- UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status);
-- /*
-- * Variable index counter is at the beginning, which is followed by metadata and
-- * constraint status byte of both NV variables
-- */
-- UNSIGNED_LONGS_EQUAL(sizeof(uint32_t) +
-- ((sizeof(struct variable_metadata) + sizeof(bool)) * 2),
-- dump_len);
-+ UNSIGNED_LONGS_EQUAL(((sizeof(struct variable_metadata) + sizeof(bool)) * 2), dump_len);
-
- /* Expect no records to be dirty when the dump is repeated */
- dump_len = 0;
-@@ -238,9 +231,7 @@ TEST(UefiVariableIndexTests, dumpLoadRoadtrip)
-
- UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status);
- CHECK_FALSE(is_dirty);
-- UNSIGNED_LONGS_EQUAL(sizeof(uint32_t) +
-- ((sizeof(struct variable_metadata) + sizeof(bool)) * 2),
-- dump_len);
-+ UNSIGNED_LONGS_EQUAL(((sizeof(struct variable_metadata) + sizeof(bool)) * 2), dump_len);
-
- /* Tear down and reinitialize to simulate a reboot */
- variable_index_deinit(&m_variable_index);
-@@ -279,8 +270,7 @@ TEST(UefiVariableIndexTests, dumpLoadRoadtrip)
-
- TEST(UefiVariableIndexTests, dumpLoadConstrainedVariable)
- {
-- uint8_t buffer[sizeof(uint32_t) +
-- MAX_VARIABLES * (sizeof(struct variable_metadata) + sizeof(bool))];
-+ uint8_t buffer[MAX_VARIABLES * sizeof(struct variable_metadata)];
-
- create_variables();
-
-@@ -314,13 +304,8 @@ TEST(UefiVariableIndexTests, dumpLoadConstrainedVariable)
- UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status);
- CHECK_TRUE(is_dirty);
-
-- /*
-- * Variable index counter is at the beginning, which is followed by metadata and
-- * constraint status byte of both NV variables, but only one of them has
-- * constraints
-- */
-- UNSIGNED_LONGS_EQUAL(sizeof(uint32_t) +
-- (sizeof(struct variable_metadata) + sizeof(bool)) * 2 +
-+ /* metadata and constraint status byte are stored for both NV variables, but only one of them has constraints */
-+ UNSIGNED_LONGS_EQUAL((sizeof(struct variable_metadata) + sizeof(bool)) * 2 +
- sizeof(struct variable_constraints),
- dump_len);
-
-@@ -331,11 +316,7 @@ TEST(UefiVariableIndexTests, dumpLoadConstrainedVariable)
-
- TEST(UefiVariableIndexTests, dumpBufferTooSmall)
- {
-- /*
-- * Enough to fit the variable index counter and the metadata and constraint
-- * status of a single variable
-- */
-- uint8_t buffer[sizeof(uint32_t) + sizeof(struct variable_metadata) + sizeof(bool)];
-+ uint8_t buffer[1 * sizeof(struct variable_metadata) + 1];
-
- create_variables();
-
-@@ -357,8 +338,7 @@ TEST(UefiVariableIndexTests, dumpBufferTooSmall)
-
- TEST(UefiVariableIndexTests, removeVariable)
- {
-- uint8_t buffer[sizeof(uint32_t) +
-- MAX_VARIABLES * (sizeof(struct variable_metadata) + sizeof(bool))];
-+ uint8_t buffer[MAX_VARIABLES * sizeof(struct variable_metadata)];
- struct variable_info *info = NULL;
-
- create_variables();
-@@ -378,12 +358,7 @@ TEST(UefiVariableIndexTests, removeVariable)
-
- CHECK_TRUE(is_dirty);
- UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status);
-- /*
-- * Dump to now contains the variable index counter and metadata,
-- * constraint status data of a variable
-- */
-- UNSIGNED_LONGS_EQUAL(sizeof(uint32_t) + sizeof(struct variable_metadata) + sizeof(bool),
-- dump_len);
-+ UNSIGNED_LONGS_EQUAL(sizeof(struct variable_metadata) + sizeof(bool), dump_len);
-
- /* Remove the volatile variable */
- info = variable_index_find(&m_variable_index, &guid_1, string_get_size_in_bytes(name_1),
-@@ -398,8 +373,7 @@ TEST(UefiVariableIndexTests, removeVariable)
-
- CHECK_FALSE(is_dirty);
- UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status);
-- UNSIGNED_LONGS_EQUAL(sizeof(uint32_t) + sizeof(struct variable_metadata) + sizeof(bool),
-- dump_len);
-+ UNSIGNED_LONGS_EQUAL(sizeof(struct variable_metadata) + sizeof(bool), dump_len);
-
- /* Remove the remaining NV variable */
- info = variable_index_find(&m_variable_index, &guid_1, string_get_size_in_bytes(name_3),
-@@ -407,14 +381,14 @@ TEST(UefiVariableIndexTests, removeVariable)
-
- variable_index_clear_variable(&m_variable_index, info);
-
-- /* Expect index to be dirty and dump to now contains only the variable index counter */
-+ /* Expect index to be dirty and dump to now be empty */
- dump_len = 0;
- status = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len,
- &is_dirty);
-
- CHECK_TRUE(is_dirty);
- UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status);
-- UNSIGNED_LONGS_EQUAL(sizeof(uint32_t), dump_len);
-+ UNSIGNED_LONGS_EQUAL(0, dump_len);
-
- /* Enumerate and now expect an empty index */
- info = NULL;
-diff --git a/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp b/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp
-index 0f962f206..e0f21f77a 100644
---- a/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp
-+++ b/components/service/uefi/smm_variable/backend/test/variable_store_tests.cpp
-@@ -5,7 +5,6 @@
- */
-
- #include <CppUTest/TestHarness.h>
--#include <limits>
- #include <service/secure_storage/backend/mock_store/mock_store.h>
- #include <service/uefi/smm_variable/backend/uefi_variable_store.h>
- #include <string.h>
-@@ -270,17 +269,8 @@ TEST_GROUP(UefiVariableStoreTests)
- static const size_t MAX_VARIABLES = 5;
- static const size_t MAX_VARIABLE_SIZE = 3000;
- static const size_t STORE_CAPACITY = MAX_VARIABLES * MAX_VARIABLE_SIZE;
-- static const size_t VARIABLE_INDEX_MAX_SIZE =
-- sizeof(uint32_t) +
-- MAX_VARIABLES * (sizeof(struct variable_metadata) +
-- sizeof(struct variable_constraints) + sizeof(bool));
-
- static const uint32_t OWNER_ID = 100;
--
-- /* Synchronize these with the variables with the store */
-- uint64_t DEFAULT_VARIABLE_INDEX_STORAGE_A_UID = 0x8000000000000001;
-- uint64_t DEFAULT_VARIABLE_INDEX_STORAGE_B_UID = 0x8000000000000002;
--
- /*
- * Make sure the variable buffer in the test is way above the limit
- * so the buffer problems will be handled by the component
-@@ -873,159 +863,3 @@ TEST(UefiVariableStoreTests, fillIndex)
- LONGS_EQUAL(0, input_data.compare(output_data));
- }
- }
--
--TEST(UefiVariableStoreTests, variableIndexCounterOverflow)
--{
-- efi_status_t efi_status = EFI_SUCCESS;
-- psa_status_t psa_status = PSA_SUCCESS;
-- std::u16string var_name = u"var";
-- std::string input_data = "a";
-- uint32_t attributes = EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS |
-- EFI_VARIABLE_RUNTIME_ACCESS;
-- /* There are no variables set in the index, only the counter is there */
-- uint8_t buffer[sizeof(uint32_t)] = { 0 };
--
-- mock_store_reset(&m_persistent_store);
--
-- /* Counter of index A is 0 */
-- psa_status = m_persistent_store.backend.interface->set(
-- m_persistent_store.backend.context, OWNER_ID, DEFAULT_VARIABLE_INDEX_STORAGE_A_UID,
-- sizeof(buffer), &buffer, PSA_STORAGE_FLAG_NONE);
-- UNSIGNED_LONGLONGS_EQUAL(PSA_SUCCESS, psa_status);
--
-- /* Set max counter value */
-- buffer[0] = 0xFF;
-- buffer[1] = 0xFF;
-- buffer[2] = 0xFF;
-- buffer[3] = 0xFF;
--
-- /* Counter of index B is max value */
-- psa_status = m_persistent_store.backend.interface->set(
-- m_persistent_store.backend.context, OWNER_ID, DEFAULT_VARIABLE_INDEX_STORAGE_B_UID,
-- sizeof(buffer), &buffer, PSA_STORAGE_FLAG_NONE);
-- UNSIGNED_LONGLONGS_EQUAL(PSA_SUCCESS, psa_status);
--
-- /* At next initialization of the store index A should be the latest index with counter value 0 */
-- uefi_variable_store_deinit(&m_uefi_variable_store);
--
-- efi_status = uefi_variable_store_init(&m_uefi_variable_store, OWNER_ID, MAX_VARIABLES,
-- m_persistent_backend, m_volatile_backend);
-- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
--
-- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.active_variable_index_uid,
-- DEFAULT_VARIABLE_INDEX_STORAGE_A_UID);
-- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.variable_index.counter, 0);
--
-- /* After setting a variable to trigger sync and rebooting index B should be the latest index with counter value 1*/
-- efi_status = set_variable(var_name, input_data, attributes);
-- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, efi_status);
--
-- power_cycle();
--
-- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.active_variable_index_uid,
-- DEFAULT_VARIABLE_INDEX_STORAGE_B_UID);
-- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.variable_index.counter, 1);
--}
--
--TEST(UefiVariableStoreTests, oneEmptyVariableIndexExists)
--{
-- psa_status_t status = PSA_SUCCESS;
--
-- /* Only, variable index A exists, but it is empty */
-- mock_store_reset(&m_persistent_store);
--
-- status = m_persistent_store.backend.interface->create(m_persistent_store.backend.context,
-- OWNER_ID,
-- DEFAULT_VARIABLE_INDEX_STORAGE_A_UID,
-- 100, PSA_STORAGE_FLAG_NONE);
-- UNSIGNED_LONGLONGS_EQUAL(PSA_SUCCESS, status);
--
-- power_cycle();
--
-- /* Empty index is considered non-existing so default index (A) is selected */
-- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.active_variable_index_uid,
-- DEFAULT_VARIABLE_INDEX_STORAGE_A_UID);
-- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.variable_index.counter, 0);
--
-- /* Only, variable index B exists, but it is empty*/
-- mock_store_reset(&m_persistent_store);
--
-- status = m_persistent_store.backend.interface->create(m_persistent_store.backend.context,
-- OWNER_ID,
-- DEFAULT_VARIABLE_INDEX_STORAGE_B_UID,
-- 100, PSA_STORAGE_FLAG_NONE);
-- UNSIGNED_LONGLONGS_EQUAL(PSA_SUCCESS, status);
--
-- power_cycle();
--
-- /* Empty index is considered non-existing so default index (A) is selected */
-- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.active_variable_index_uid,
-- DEFAULT_VARIABLE_INDEX_STORAGE_A_UID);
-- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.variable_index.counter, 0);
--}
--
--TEST(UefiVariableStoreTests, oneVariableIndexAlreadySet)
--{
-- efi_status_t status = EFI_SUCCESS;
-- /* Empty variable index with zero counter value */
-- uint8_t buffer[VARIABLE_INDEX_MAX_SIZE] = { 0 };
--
-- /* Set index A in the store with some data, so it will be found as the currently active index */
-- mock_store_reset(&m_persistent_store);
--
-- status = m_persistent_store.backend.interface->set(
-- m_persistent_store.backend.context, OWNER_ID, DEFAULT_VARIABLE_INDEX_STORAGE_A_UID,
-- sizeof(buffer), &buffer, PSA_STORAGE_FLAG_NONE);
-- UNSIGNED_LONGLONGS_EQUAL(PSA_SUCCESS, status);
--
-- power_cycle();
--
-- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.active_variable_index_uid,
-- DEFAULT_VARIABLE_INDEX_STORAGE_A_UID);
-- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.variable_index.counter, 0);
--
-- /* Set index B in the store with some data, so it will be found as the currently active index */
-- mock_store_reset(&m_persistent_store);
--
-- status = m_persistent_store.backend.interface->set(
-- m_persistent_store.backend.context, OWNER_ID, DEFAULT_VARIABLE_INDEX_STORAGE_B_UID,
-- sizeof(buffer), &buffer, PSA_STORAGE_FLAG_NONE);
-- UNSIGNED_LONGLONGS_EQUAL(PSA_SUCCESS, status);
--
-- power_cycle();
--
-- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.active_variable_index_uid,
-- DEFAULT_VARIABLE_INDEX_STORAGE_B_UID);
-- UNSIGNED_LONGLONGS_EQUAL(m_uefi_variable_store.variable_index.counter, 0);
--}
--
--TEST(UefiVariableStoreTests, variableIndexesWithSameData)
--{
-- psa_status_t psa_status = PSA_SUCCESS;
-- efi_status_t efi_status = EFI_SUCCESS;
-- /* Empty variable index with zero counter value */
-- uint8_t buffer[VARIABLE_INDEX_MAX_SIZE] = { 0 };
--
-- /* Set both indexes to the same data and counter value */
-- mock_store_reset(&m_persistent_store);
--
-- psa_status = m_persistent_store.backend.interface->set(
-- m_persistent_store.backend.context, OWNER_ID, DEFAULT_VARIABLE_INDEX_STORAGE_A_UID,
-- sizeof(buffer), &buffer, PSA_STORAGE_FLAG_NONE);
-- UNSIGNED_LONGLONGS_EQUAL(PSA_SUCCESS, psa_status);
--
-- psa_status = m_persistent_store.backend.interface->set(
-- m_persistent_store.backend.context, OWNER_ID, DEFAULT_VARIABLE_INDEX_STORAGE_B_UID,
-- sizeof(buffer), &buffer, PSA_STORAGE_FLAG_NONE);
-- UNSIGNED_LONGLONGS_EQUAL(PSA_SUCCESS, psa_status);
--
-- /*
-- * Initializing the store should fail, because if there are two indexes with the same counter it cannot be decided
-- * which has the valid data.
-- */
-- uefi_variable_store_deinit(&m_uefi_variable_store);
--
-- efi_status = uefi_variable_store_init(&m_uefi_variable_store, OWNER_ID, MAX_VARIABLES,
-- m_persistent_backend, m_volatile_backend);
-- UNSIGNED_LONGLONGS_EQUAL(EFI_LOAD_ERROR, efi_status);
--}
-diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.c b/components/service/uefi/smm_variable/backend/uefi_variable_store.c
-index 48b81ff37..459ca4566 100644
---- a/components/service/uefi/smm_variable/backend/uefi_variable_store.c
-+++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.c
-@@ -28,12 +28,9 @@
- #include "service/crypto/client/psa/crypto_client.h"
- #endif
-
--static psa_status_t get_active_variable_uid(struct uefi_variable_store *context,
-- uint64_t *active_index_uid, uint32_t *counter);
--
- static efi_status_t load_variable_index(struct uefi_variable_store *context);
-
--static efi_status_t sync_variable_index(struct uefi_variable_store *context);
-+static efi_status_t sync_variable_index(const struct uefi_variable_store *context);
-
- static efi_status_t check_capabilities(const SMM_VARIABLE_COMMUNICATE_ACCESS_VARIABLE *var);
-
-@@ -138,14 +135,6 @@ static bool compare_name_to_key_store_name(const int16_t *name1, size_t size1,
- const uint16_t *name2, size_t size2);
- #endif
-
--/* Private UID for storing the variable index */
--#define SMM_VARIABLE_INDEX_STORAGE_A_UID UINT64_C(0x8000000000000001)
--#define SMM_VARIABLE_INDEX_STORAGE_B_UID UINT64_C(0x8000000000000002)
--
--_Static_assert(SMM_VARIABLE_INDEX_STORAGE_A_UID != SMM_VARIABLE_INDEX_STORAGE_B_UID,
-- "SMM_VARIABLE_INDEX_STORAGE_A_UID must not be the same value as "
-- "SMM_VARIABLE_INDEX_STORAGE_B_UID");
--
- /* Default maximum variable size -
- * may be overridden using uefi_variable_store_set_storage_limits()
- */
-@@ -398,7 +387,7 @@ efi_status_t uefi_variable_store_set_variable(const struct uefi_variable_store *
- * index entry.
- */
- if (should_sync_index)
-- status = sync_variable_index((struct uefi_variable_store *)context);
-+ status = sync_variable_index(context);
-
- /* Store any variable data to the storage backend with the updated metadata */
- if (info->is_variable_set && (status == EFI_SUCCESS)) {
-@@ -620,148 +609,40 @@ efi_status_t uefi_variable_store_get_var_check_property(
- return status;
- }
-
--/* Checks which index contains the latest data, which shall be loaded */
--static psa_status_t get_active_variable_uid(struct uefi_variable_store *context,
-- uint64_t *active_index_uid, uint32_t *counter)
--{
-- uint32_t counter_A = 0;
-- uint32_t counter_B = 0;
-- size_t data_len = 0;
-- psa_status_t psa_status_A = PSA_SUCCESS;
-- psa_status_t psa_status_B = PSA_SUCCESS;
-- struct storage_backend *persistent_store = context->persistent_store.storage_backend;
--
-- /* Set default value for the case when the index does not exist yet */
-- *active_index_uid = SMM_VARIABLE_INDEX_STORAGE_A_UID;
-- *counter = 0;
--
-- if (persistent_store) {
-- psa_status_A = persistent_store->interface->get(persistent_store->context,
-- context->owner_id,
-- SMM_VARIABLE_INDEX_STORAGE_A_UID, 0,
-- sizeof(counter_A), &counter_A,
-- &data_len);
--
-- if (psa_status_A == PSA_SUCCESS && data_len == 0) {
-- psa_status_A = persistent_store->interface->remove(
-- persistent_store->context, context->owner_id,
-- SMM_VARIABLE_INDEX_STORAGE_A_UID);
--
-- if (psa_status_A == PSA_SUCCESS)
-- psa_status_A = PSA_ERROR_DOES_NOT_EXIST;
-- else {
-- EMSG("Erronous state of variable index");
-- return PSA_ERROR_STORAGE_FAILURE;
-- }
-- }
--
-- psa_status_B = persistent_store->interface->get(persistent_store->context,
-- context->owner_id,
-- SMM_VARIABLE_INDEX_STORAGE_B_UID, 0,
-- sizeof(counter_B), &counter_B,
-- &data_len);
--
-- if (psa_status_B == PSA_SUCCESS && data_len == 0) {
-- psa_status_B = persistent_store->interface->remove(
-- persistent_store->context, context->owner_id,
-- SMM_VARIABLE_INDEX_STORAGE_B_UID);
--
-- if (psa_status_B == PSA_SUCCESS)
-- psa_status_B = PSA_ERROR_DOES_NOT_EXIST;
-- else {
-- EMSG("Erronous state of variable index");
-- return PSA_ERROR_STORAGE_FAILURE;
-- }
-- }
--
-- if ((psa_status_A != PSA_SUCCESS && psa_status_A != PSA_ERROR_DOES_NOT_EXIST) ||
-- (psa_status_B != PSA_SUCCESS && psa_status_B != PSA_ERROR_DOES_NOT_EXIST))
-- return PSA_ERROR_STORAGE_FAILURE;
--
-- if (psa_status_A == PSA_ERROR_DOES_NOT_EXIST) {
-- if (psa_status_B == PSA_ERROR_DOES_NOT_EXIST)
-- return PSA_ERROR_DOES_NOT_EXIST;
--
-- *active_index_uid = SMM_VARIABLE_INDEX_STORAGE_B_UID;
-- *counter = counter_B;
--
-- return PSA_SUCCESS;
-- } else if (psa_status_B == PSA_ERROR_DOES_NOT_EXIST) {
-- *active_index_uid = SMM_VARIABLE_INDEX_STORAGE_A_UID;
-- *counter = counter_A;
--
-- return PSA_SUCCESS;
-- }
--
-- if (counter_A + 1 == counter_B) {
-- *active_index_uid = SMM_VARIABLE_INDEX_STORAGE_B_UID;
-- *counter = counter_B;
-- return PSA_SUCCESS;
-- } else if (counter_B + 1 == counter_A) {
-- *active_index_uid = SMM_VARIABLE_INDEX_STORAGE_A_UID;
-- *counter = counter_A;
-- return PSA_SUCCESS;
-- } else {
-- EMSG("UEFI metadata variable index is invalid.");
-- return PSA_ERROR_STORAGE_FAILURE;
-- }
-- } else {
-- EMSG("Store backend is not accessible");
-- return PSA_ERROR_STORAGE_FAILURE;
-- }
--
-- return PSA_ERROR_STORAGE_FAILURE;
--}
--
- static efi_status_t load_variable_index(struct uefi_variable_store *context)
- {
- struct storage_backend *persistent_store = context->persistent_store.storage_backend;
-- psa_status_t psa_status = PSA_SUCCESS;
-
- if (persistent_store) {
- size_t data_len = 0;
- size_t data_offset = 0;
-- struct psa_storage_info_t variable_index_info = { 0 };
--
-- psa_status = get_active_variable_uid(context, &context->active_variable_index_uid,
-- &context->variable_index.counter);
-- switch (psa_status) {
-- case PSA_SUCCESS:
-- break;
--
-- case PSA_ERROR_DOES_NOT_EXIST:
-- IMSG("Variable index does not exist in NV store, continuing with empty index");
-- return EFI_SUCCESS;
--
-- default:
-- EMSG("Loading variable index failed: %d", psa_status);
-- return EFI_LOAD_ERROR;
-- }
--
-- /* Make sure the variable index fits the buffer */
-- persistent_store->interface->get_info(persistent_store->context, context->owner_id,
-- context->active_variable_index_uid,
-- &variable_index_info);
--
-- if (variable_index_info.size > context->index_sync_buffer_size) {
-- EMSG("Variable index cannot fit the sync buffer");
-- return EFI_LOAD_ERROR;
-- }
-
- do {
-- psa_status = persistent_store->interface->get(
-+ psa_status_t psa_status = persistent_store->interface->get(
- persistent_store->context, context->owner_id,
-- context->active_variable_index_uid, data_offset,
-+ SMM_VARIABLE_INDEX_STORAGE_UID, data_offset,
- RPC_CALLER_SESSION_SHARED_MEMORY_SIZE,
- context->index_sync_buffer + data_offset, &data_len);
-
-- if (psa_status != PSA_SUCCESS) {
-+ switch (psa_status) {
-+ case PSA_SUCCESS:
-+ data_offset += data_len;
-+
-+ if (data_offset > context->index_sync_buffer_size) {
-+ EMSG("Variable index cannot fit the sync buffer");
-+ return EFI_LOAD_ERROR;
-+ }
-+
-+ break;
-+
-+ case PSA_ERROR_DOES_NOT_EXIST:
-+ IMSG("Index variable does not exist in NV store, continuing with empty index");
-+ return EFI_SUCCESS;
-+
-+ default:
- EMSG("Loading variable index failed: %d", psa_status);
- return EFI_LOAD_ERROR;
- }
--
-- data_offset += data_len;
--
- } while (data_len == RPC_CALLER_SESSION_SHARED_MEMORY_SIZE);
-
- variable_index_restore(&context->variable_index, data_offset,
-@@ -774,7 +655,7 @@ static efi_status_t load_variable_index(struct uefi_variable_store *context)
- return EFI_SUCCESS;
- }
-
--static efi_status_t sync_variable_index(struct uefi_variable_store *context)
-+static efi_status_t sync_variable_index(const struct uefi_variable_store *context)
- {
- efi_status_t status = EFI_SUCCESS;
- psa_status_t psa_status = PSA_SUCCESS;
-@@ -794,24 +675,19 @@ static efi_status_t sync_variable_index(struct uefi_variable_store *context)
-
- if (persistent_store) {
- size_t data_offset = 0;
-- uint64_t next_index_uid = 0;
--
-- /* Write the older one */
-- next_index_uid = (context->active_variable_index_uid ==
-- SMM_VARIABLE_INDEX_STORAGE_A_UID ?
-- SMM_VARIABLE_INDEX_STORAGE_B_UID :
-- SMM_VARIABLE_INDEX_STORAGE_A_UID);
-
- psa_status = persistent_store->interface->remove(
-- persistent_store->context, context->owner_id, next_index_uid);
-+ persistent_store->context, context->owner_id,
-+ SMM_VARIABLE_INDEX_STORAGE_UID);
-
- if (psa_status != PSA_SUCCESS && psa_status != PSA_ERROR_DOES_NOT_EXIST)
- goto end;
-
- /* Check if the index exists and create if not yet */
- psa_status = persistent_store->interface->create(
-- persistent_store->context, context->owner_id, next_index_uid,
-- remaining_data_len, PSA_STORAGE_FLAG_NONE);
-+ persistent_store->context, context->owner_id,
-+ SMM_VARIABLE_INDEX_STORAGE_UID, remaining_data_len,
-+ PSA_STORAGE_FLAG_NONE);
-
- if (psa_status != PSA_SUCCESS)
- goto end;
-@@ -822,7 +698,8 @@ static efi_status_t sync_variable_index(struct uefi_variable_store *context)
-
- psa_status = persistent_store->interface->set_extended(
- persistent_store->context, context->owner_id,
-- next_index_uid, data_offset, data_of_this_iteration,
-+ SMM_VARIABLE_INDEX_STORAGE_UID, data_offset,
-+ data_of_this_iteration,
- context->index_sync_buffer + data_offset);
-
- if (psa_status != PSA_SUCCESS)
-@@ -1827,7 +1704,7 @@ static void purge_orphan_index_entries(const struct uefi_variable_store *context
- }
-
- if (any_orphans)
-- sync_variable_index((struct uefi_variable_store *)context);
-+ sync_variable_index(context);
- }
-
- static struct delegate_variable_store *
-diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.h b/components/service/uefi/smm_variable/backend/uefi_variable_store.h
-index 9f2c4a00c..2493ff6b4 100644
---- a/components/service/uefi/smm_variable/backend/uefi_variable_store.h
-+++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.h
-@@ -52,7 +52,6 @@ struct uefi_variable_store {
- uint32_t owner_id;
- uint8_t *index_sync_buffer;
- size_t index_sync_buffer_size;
-- uint64_t active_variable_index_uid;
- struct variable_index variable_index;
- struct delegate_variable_store persistent_store;
- struct delegate_variable_store volatile_store;
-diff --git a/components/service/uefi/smm_variable/backend/variable_index.c b/components/service/uefi/smm_variable/backend/variable_index.c
-index 90230426f..5fb6d08c5 100644
---- a/components/service/uefi/smm_variable/backend/variable_index.c
-+++ b/components/service/uefi/smm_variable/backend/variable_index.c
-@@ -91,7 +91,6 @@ static struct variable_entry *containing_entry(const struct variable_info *info)
- efi_status_t variable_index_init(struct variable_index *context, size_t max_variables)
- {
- context->max_variables = max_variables;
-- context->counter = 0;
- context->entries =
- (struct variable_entry *)malloc(sizeof(struct variable_entry) * max_variables);
-
-@@ -109,9 +108,9 @@ void variable_index_deinit(struct variable_index *context)
-
- size_t variable_index_max_dump_size(struct variable_index *context)
- {
-- return sizeof(context->counter) + (sizeof(struct variable_metadata) + sizeof(bool) +
-- sizeof(struct variable_constraints)) *
-- context->max_variables;
-+ return (sizeof(struct variable_metadata) + sizeof(bool) +
-+ sizeof(struct variable_constraints)) *
-+ context->max_variables;
- }
-
- struct variable_info *variable_index_find(const struct variable_index *context,
-@@ -288,16 +287,6 @@ efi_status_t variable_index_dump(const struct variable_index *context, size_t bu
- *data_len = 0;
- *any_dirty = false;
-
-- /*
-- * Intentionally letting the counter overflow.
-- * The buffer (index_sync_buffer) is provided by malloc, which allocates memory to a boundary
-- * suitable for any default data type of the system (e.g uint32_t)
-- */
-- *((uint32_t *)dump_pos) = context->counter + 1;
-- bytes_dumped += sizeof(context->counter);
-- dump_pos += sizeof(context->counter);
--
-- /* Store variables */
- for (size_t pos = 0; pos < context->max_variables; pos++) {
- struct variable_entry *entry = &context->entries[pos];
- struct variable_metadata *metadata = &entry->info.metadata;
-@@ -344,24 +333,14 @@ efi_status_t variable_index_dump(const struct variable_index *context, size_t bu
- return EFI_SUCCESS;
- }
-
--void variable_index_confirm_write(struct variable_index *context)
--{
-- context->counter++;
--}
-
--size_t variable_index_restore(struct variable_index *context, size_t data_len,
-+size_t variable_index_restore(const struct variable_index *context, size_t data_len,
- const uint8_t *buffer)
- {
- size_t bytes_loaded = 0;
- const uint8_t *load_pos = buffer;
- int pos = 0;
-
-- if (data_len >= sizeof(context->counter)) {
-- context->counter = *((uint32_t *)load_pos);
-- bytes_loaded += sizeof(context->counter);
-- load_pos += sizeof(context->counter);
-- }
--
- while (bytes_loaded < data_len) {
- struct variable_entry *entry = &context->entries[pos];
-
-diff --git a/components/service/uefi/smm_variable/backend/variable_index.h b/components/service/uefi/smm_variable/backend/variable_index.h
-index 592dddc83..0151d636a 100644
---- a/components/service/uefi/smm_variable/backend/variable_index.h
-+++ b/components/service/uefi/smm_variable/backend/variable_index.h
-@@ -75,7 +75,6 @@ struct variable_entry {
- */
- struct variable_index {
- size_t max_variables;
-- uint32_t counter;
- struct variable_entry *entries;
- };
-
-@@ -229,7 +228,7 @@ void variable_index_confirm_write(struct variable_index *context);
- *
- * @return Number of bytes loaded
- */
--size_t variable_index_restore(struct variable_index *context, size_t data_len,
-+size_t variable_index_restore(const struct variable_index *context, size_t data_len,
- const uint8_t *buffer);
-
- #ifdef __cplusplus
-2.25.1
-
similarity index 100%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-Fix-PSA-FWU-IPC-psa_fwu_install-return-value-check.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0013-Fix-PSA-FWU-IPC-psa_fwu_install-return-value-check.patch
deleted file mode 100644
@@ -1,387 +0,0 @@
-From c0ffa57e7628f23747d7ee947358f8a538fa5d4c Mon Sep 17 00:00:00 2001
-From: Bence Balogh <bence.balogh@arm.com>
-Date: Mon, 25 Nov 2024 22:17:51 +0100
-Subject: [PATCH 3/3] Revert "Make constraints of NV UEFI variables persistent"
-
-This reverts commit 64bbde5d9950413cf724ffb792d4d1637892fa8b.
-The FMP support didn't work with this commit. See the implementation in the
-0003-FMP-Support-in-Corstone1000.patch file. The
-0003-FMP-Support-in-Corstone1000.patch will be redesigned but until that, this
-commit has to be reverted.
-
-Upstream-Status: Inappropriate [To be removed after new FWU design]
-Signed-off-by: Bence Balogh <bence.balogh@arm.com>
----
- .../backend/test/variable_index_tests.cpp | 93 +++----------------
- .../backend/uefi_variable_store.c | 12 +--
- .../smm_variable/backend/variable_index.c | 90 +++---------------
- .../smm_variable/backend/variable_index.h | 7 +-
- 4 files changed, 36 insertions(+), 166 deletions(-)
-
-diff --git a/components/service/uefi/smm_variable/backend/test/variable_index_tests.cpp b/components/service/uefi/smm_variable/backend/test/variable_index_tests.cpp
-index a52cfbf76..1b7a6b879 100644
---- a/components/service/uefi/smm_variable/backend/test/variable_index_tests.cpp
-+++ b/components/service/uefi/smm_variable/backend/test/variable_index_tests.cpp
-@@ -214,28 +214,21 @@ TEST(UefiVariableIndexTests, dumpLoadRoadtrip)
-
- /* Expect the info for two NV variables to have been dumped */
- size_t dump_len = 0;
-- bool is_dirty = false;
-- efi_status_t status = EFI_SUCCESS;
--
-- status = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len,
-- &is_dirty);
-+ bool is_dirty = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len);
-
- CHECK_TRUE(is_dirty);
-- UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status);
-- UNSIGNED_LONGS_EQUAL(((sizeof(struct variable_metadata) + sizeof(bool)) * 2), dump_len);
-+ UNSIGNED_LONGS_EQUAL((sizeof(struct variable_metadata) * 2), dump_len);
-
- /* Expect no records to be dirty when the dump is repeated */
- dump_len = 0;
-- status = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len,
-- &is_dirty);
-+ is_dirty = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len);
-
-- UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status);
- CHECK_FALSE(is_dirty);
-- UNSIGNED_LONGS_EQUAL(((sizeof(struct variable_metadata) + sizeof(bool)) * 2), dump_len);
-+ UNSIGNED_LONGS_EQUAL((sizeof(struct variable_metadata) * 2), dump_len);
-
- /* Tear down and reinitialize to simulate a reboot */
- variable_index_deinit(&m_variable_index);
-- status = variable_index_init(&m_variable_index, MAX_VARIABLES);
-+ efi_status_t status = variable_index_init(&m_variable_index, MAX_VARIABLES);
- UNSIGNED_LONGLONGS_EQUAL(EFI_SUCCESS, status);
-
- /* Load the dumped contents */
-@@ -268,52 +261,6 @@ TEST(UefiVariableIndexTests, dumpLoadRoadtrip)
- UNSIGNED_LONGLONGS_EQUAL(EFI_NOT_FOUND, status);
- }
-
--TEST(UefiVariableIndexTests, dumpLoadConstrainedVariable)
--{
-- uint8_t buffer[MAX_VARIABLES * sizeof(struct variable_metadata)];
--
-- create_variables();
--
-- struct variable_constraints constraints;
-- constraints.revision = 10;
-- constraints.property = VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY;
-- constraints.attributes = 0;
-- constraints.min_size = 1;
-- constraints.max_size = 100;
--
-- /* Set check constraints on one of the variables */
-- struct variable_info *info = variable_index_find(&m_variable_index, &guid_2,
-- string_get_size_in_bytes(name_2),
-- (const int16_t *)name_2.data());
--
-- CHECK_TRUE(info);
-- CHECK_TRUE(info->is_variable_set);
-- CHECK_FALSE(info->is_constraints_set);
--
-- variable_index_set_constraints(info, &constraints);
--
-- CHECK_TRUE(info->is_constraints_set);
-- CHECK_TRUE(info->is_variable_set);
--
-- size_t dump_len = 0;
-- bool is_dirty = false;
-- efi_status_t status = EFI_SUCCESS;
-- status = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len,
-- &is_dirty);
--
-- UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status);
-- CHECK_TRUE(is_dirty);
--
-- /* metadata and constraint status byte are stored for both NV variables, but only one of them has constraints */
-- UNSIGNED_LONGS_EQUAL((sizeof(struct variable_metadata) + sizeof(bool)) * 2 +
-- sizeof(struct variable_constraints),
-- dump_len);
--
-- /* Load the dumped contents */
-- size_t load_len = variable_index_restore(&m_variable_index, dump_len, buffer);
-- UNSIGNED_LONGS_EQUAL(dump_len, load_len);
--}
--
- TEST(UefiVariableIndexTests, dumpBufferTooSmall)
- {
- uint8_t buffer[1 * sizeof(struct variable_metadata) + 1];
-@@ -325,15 +272,10 @@ TEST(UefiVariableIndexTests, dumpBufferTooSmall)
- * exceed the length of the buffer.
- */
- size_t dump_len = 0;
-- bool is_dirty = false;
-- efi_status_t status = EFI_SUCCESS;
--
-- status = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len,
-- &is_dirty);
-+ bool is_dirty = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len);
-
- CHECK_TRUE(is_dirty);
-- UNSIGNED_LONGS_EQUAL(EFI_BUFFER_TOO_SMALL, status);
-- UNSIGNED_LONGS_EQUAL(0, dump_len);
-+ UNSIGNED_LONGS_EQUAL(sizeof(struct variable_metadata) * 1, dump_len);
- }
-
- TEST(UefiVariableIndexTests, removeVariable)
-@@ -351,14 +293,10 @@ TEST(UefiVariableIndexTests, removeVariable)
-
- /* Expect index to be dirty and for only one NV variable to be left */
- size_t dump_len = 0;
-- bool is_dirty = false;
-- efi_status_t status = EFI_SUCCESS;
-- status = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len,
-- &is_dirty);
-+ bool is_dirty = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len);
-
- CHECK_TRUE(is_dirty);
-- UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status);
-- UNSIGNED_LONGS_EQUAL(sizeof(struct variable_metadata) + sizeof(bool), dump_len);
-+ UNSIGNED_LONGS_EQUAL((sizeof(struct variable_metadata) * 1), dump_len);
-
- /* Remove the volatile variable */
- info = variable_index_find(&m_variable_index, &guid_1, string_get_size_in_bytes(name_1),
-@@ -368,12 +306,10 @@ TEST(UefiVariableIndexTests, removeVariable)
-
- /* Expect index not to be dirty because there was no change to any NV variable */
- dump_len = 0;
-- status = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len,
-- &is_dirty);
-+ is_dirty = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len);
-
- CHECK_FALSE(is_dirty);
-- UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status);
-- UNSIGNED_LONGS_EQUAL(sizeof(struct variable_metadata) + sizeof(bool), dump_len);
-+ UNSIGNED_LONGS_EQUAL((sizeof(struct variable_metadata) * 1), dump_len);
-
- /* Remove the remaining NV variable */
- info = variable_index_find(&m_variable_index, &guid_1, string_get_size_in_bytes(name_3),
-@@ -383,15 +319,14 @@ TEST(UefiVariableIndexTests, removeVariable)
-
- /* Expect index to be dirty and dump to now be empty */
- dump_len = 0;
-- status = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len,
-- &is_dirty);
-+ is_dirty = variable_index_dump(&m_variable_index, sizeof(buffer), buffer, &dump_len);
-
- CHECK_TRUE(is_dirty);
-- UNSIGNED_LONGS_EQUAL(EFI_SUCCESS, status);
-- UNSIGNED_LONGS_EQUAL(0, dump_len);
-+ UNSIGNED_LONGS_EQUAL((sizeof(struct variable_metadata) * 0), dump_len);
-
- /* Enumerate and now expect an empty index */
- info = NULL;
-+ efi_status_t status = EFI_SUCCESS;
-
- info = variable_index_find_next(&m_variable_index, &guid_1,
- string_get_size_in_bytes(null_name), (const int16_t *) null_name.data(),
-diff --git a/components/service/uefi/smm_variable/backend/uefi_variable_store.c b/components/service/uefi/smm_variable/backend/uefi_variable_store.c
-index e5fc32864..7da2d1e71 100644
---- a/components/service/uefi/smm_variable/backend/uefi_variable_store.c
-+++ b/components/service/uefi/smm_variable/backend/uefi_variable_store.c
-@@ -575,10 +575,8 @@ efi_status_t uefi_variable_store_set_var_check_property(
- status = variable_checker_set_constraints(&constraints, info->is_constraints_set,
- &property->VariableProperty);
-
-- if (status == EFI_SUCCESS) {
-+ if (status == EFI_SUCCESS)
- variable_index_set_constraints(info, &constraints);
-- status = sync_variable_index(context);
-- }
-
- variable_index_remove_unused_entry(&context->variable_index, info);
-
-@@ -643,15 +641,13 @@ static efi_status_t load_variable_index(struct uefi_variable_store *context)
- static efi_status_t sync_variable_index(const struct uefi_variable_store *context)
- {
- efi_status_t status = EFI_SUCCESS;
-- bool is_dirty = false;
-
- /* Sync the variable index to storage if anything is dirty */
- size_t data_len = 0;
-
-- status = variable_index_dump(&context->variable_index, context->index_sync_buffer_size,
-- context->index_sync_buffer, &data_len, &is_dirty);
-- if (status != EFI_SUCCESS)
-- return status;
-+ bool is_dirty = variable_index_dump(&context->variable_index,
-+ context->index_sync_buffer_size,
-+ context->index_sync_buffer, &data_len);
-
- if (is_dirty) {
- struct storage_backend *persistent_store =
-diff --git a/components/service/uefi/smm_variable/backend/variable_index.c b/components/service/uefi/smm_variable/backend/variable_index.c
-index 5fb6d08c5..c39f7394b 100644
---- a/components/service/uefi/smm_variable/backend/variable_index.c
-+++ b/components/service/uefi/smm_variable/backend/variable_index.c
-@@ -108,9 +108,7 @@ void variable_index_deinit(struct variable_index *context)
-
- size_t variable_index_max_dump_size(struct variable_index *context)
- {
-- return (sizeof(struct variable_metadata) + sizeof(bool) +
-- sizeof(struct variable_constraints)) *
-- context->max_variables;
-+ return sizeof(struct variable_metadata) * context->max_variables;
- }
-
- struct variable_info *variable_index_find(const struct variable_index *context,
-@@ -269,68 +267,37 @@ void variable_index_set_constraints(struct variable_info *info,
- const struct variable_constraints *constraints)
- {
- if (info) {
-- struct variable_entry *entry = containing_entry(info);
--
- info->check_constraints = *constraints;
- info->is_constraints_set = true;
--
-- mark_dirty(entry);
- }
- }
-
--efi_status_t variable_index_dump(const struct variable_index *context, size_t buffer_size,
-- uint8_t *buffer, size_t *data_len, bool *any_dirty)
-+bool variable_index_dump(const struct variable_index *context, size_t buffer_size, uint8_t *buffer,
-+ size_t *data_len)
- {
-+ bool any_dirty = false;
- uint8_t *dump_pos = buffer;
- size_t bytes_dumped = 0;
-
-- *data_len = 0;
-- *any_dirty = false;
--
- for (size_t pos = 0; pos < context->max_variables; pos++) {
- struct variable_entry *entry = &context->entries[pos];
- struct variable_metadata *metadata = &entry->info.metadata;
-- struct variable_constraints *constraints = &entry->info.check_constraints;
-
- if (entry->in_use && entry->info.is_variable_set &&
-- (metadata->attributes & EFI_VARIABLE_NON_VOLATILE)) {
-- /* Store metadata */
-- if (bytes_dumped + sizeof(struct variable_metadata) > buffer_size)
-- return EFI_BUFFER_TOO_SMALL;
--
-+ (metadata->attributes & EFI_VARIABLE_NON_VOLATILE) &&
-+ ((bytes_dumped + sizeof(struct variable_metadata)) <= buffer_size)) {
- memcpy(dump_pos, metadata, sizeof(struct variable_metadata));
- bytes_dumped += sizeof(struct variable_metadata);
- dump_pos += sizeof(struct variable_metadata);
--
-- /* Store constraints' status */
-- if (bytes_dumped + sizeof(entry->info.is_constraints_set) > buffer_size)
-- return EFI_BUFFER_TOO_SMALL;
--
-- memcpy(dump_pos, &entry->info.is_constraints_set,
-- sizeof(entry->info.is_constraints_set));
-- bytes_dumped += sizeof(entry->info.is_constraints_set);
-- dump_pos += sizeof(entry->info.is_constraints_set);
--
-- /* Store constraints, if they are set */
-- if (entry->info.is_constraints_set) {
-- if (bytes_dumped + sizeof(entry->info.check_constraints) >
-- buffer_size)
-- return EFI_BUFFER_TOO_SMALL;
--
-- memcpy(dump_pos, constraints,
-- sizeof(entry->info.check_constraints));
-- bytes_dumped += sizeof(entry->info.check_constraints);
-- dump_pos += sizeof(entry->info.check_constraints);
-- }
- }
-
-- *any_dirty |= entry->dirty;
-+ any_dirty |= entry->dirty;
- entry->dirty = false;
- }
-
- *data_len = bytes_dumped;
-
-- return EFI_SUCCESS;
-+ return any_dirty;
- }
-
-
-@@ -342,50 +309,23 @@ size_t variable_index_restore(const struct variable_index *context, size_t data_
- int pos = 0;
-
- while (bytes_loaded < data_len) {
-- struct variable_entry *entry = &context->entries[pos];
--
- if ((data_len - bytes_loaded) >= sizeof(struct variable_metadata)) {
-+ struct variable_entry *entry = &context->entries[pos];
- struct variable_metadata *metadata = &entry->info.metadata;
-
-- /* Load metadata */
- memcpy(metadata, load_pos, sizeof(struct variable_metadata));
-+
-+ entry->info.is_variable_set = true;
-+ entry->in_use = true;
-+
- bytes_loaded += sizeof(struct variable_metadata);
- load_pos += sizeof(struct variable_metadata);
-- } else {
-- /* Not a whole number of variable_metadata structs! */
-- break;
-- }
-
-- if ((data_len - bytes_loaded) >= sizeof(entry->info.is_constraints_set)) {
-- /* Load constraints' status */
-- memcpy(&entry->info.is_constraints_set, load_pos,
-- sizeof(entry->info.is_constraints_set));
-- bytes_loaded += sizeof(entry->info.is_constraints_set);
-- load_pos += sizeof(entry->info.is_constraints_set);
-+ ++pos;
- } else {
-- /* Not enough space for constraints' status! */
-+ /* Not a whole number of variable_metadata structs! */
- break;
- }
--
-- if (entry->info.is_constraints_set) {
-- if ((data_len - bytes_loaded) >= sizeof(struct variable_constraints)) {
-- struct variable_constraints *constraints =
-- &entry->info.check_constraints;
--
-- /* Load constraints if they are set */
-- memcpy(constraints, load_pos, sizeof(struct variable_constraints));
-- bytes_loaded += sizeof(struct variable_constraints);
-- load_pos += sizeof(struct variable_constraints);
-- } else {
-- /* Not a whole number of variable_constraints structs! */
-- break;
-- }
-- }
--
-- entry->info.is_variable_set = true;
-- entry->in_use = true;
--
-- ++pos;
- }
-
- return bytes_loaded;
-diff --git a/components/service/uefi/smm_variable/backend/variable_index.h b/components/service/uefi/smm_variable/backend/variable_index.h
-index 0151d636a..da6ed2476 100644
---- a/components/service/uefi/smm_variable/backend/variable_index.h
-+++ b/components/service/uefi/smm_variable/backend/variable_index.h
-@@ -201,12 +201,11 @@ void variable_index_set_constraints(struct variable_info *info,
- * @param[in] buffer_size Size of destination buffer
- * @param[in] buffer Dump to this buffer
- * @param[out] data_len Length of serialized data
-- * @param[out] any_dirty True if there is unsaved data
- *
-- * @return EFI_SUCCESS if all the changes are dumped successfully
-+ * @return True if there is unsaved data
- */
--efi_status_t variable_index_dump(const struct variable_index *context, size_t buffer_size,
-- uint8_t *buffer, size_t *data_len, bool *any_dirty);
-+bool variable_index_dump(const struct variable_index *context, size_t buffer_size, uint8_t *buffer,
-+ size_t *data_len);
-
- /**
- * @brief Confirms the successful write of the variable index into the storage
-2.25.1
-
similarity index 100%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0022-fwu-Add-EFI-ESRT-v1-support.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-fwu-Add-EFI-ESRT-v1-support.patch
similarity index 100%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0023-platform-corstone1000-Enable-ESRT-support.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-platform-corstone1000-Enable-ESRT-support.patch
deleted file mode 100644
@@ -1,64 +0,0 @@
-From dd9a51bde0608989e01de5369eaa0eef2bab7c43 Mon Sep 17 00:00:00 2001
-From: Emekcan Aras <emekcan.aras@arm.com>
-Date: Wed, 22 Jan 2025 00:54:30 +0000
-Subject: [PATCH] protobuf fix
-
-Upstream-Status: Pending (not yet submitted to upstream)
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
----
- .../se-proxy/env/commonsp/se_proxy_sp.c | 25 ++++++++++++++++++-
- 1 file changed, 24 insertions(+), 1 deletion(-)
-
-diff --git a/deployments/se-proxy/env/commonsp/se_proxy_sp.c b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
-index 88e4cf17e..7da489ca8 100644
---- a/deployments/se-proxy/env/commonsp/se_proxy_sp.c
-+++ b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
-@@ -13,6 +13,7 @@
- #include "trace.h"
- #include "deployments/se-proxy/infra/service_proxy_factory.h"
- #include "deployments/se-proxy/se_proxy_interfaces.h"
-+#include <service/crypto/factory/crypto_provider_factory.h>
-
- static bool sp_init(uint16_t *own_sp_id);
-
-@@ -39,7 +40,7 @@ void __noreturn sp_main(union ffa_boot_info *boot_info)
- goto fatal_error;
- }
-
-- rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 6, 16);
-+ rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 7, 16);
- if (rpc_status != RPC_SUCCESS) {
- EMSG("Failed to initialize RPC endpoint: %d", rpc_status);
- goto fatal_error;
-@@ -118,6 +119,28 @@ void __noreturn sp_main(union ffa_boot_info *boot_info)
- goto fatal_error;
- }
-
-+ struct rpc_service_interface *crypto_iface_protobuf = NULL;
-+ struct crypto_provider *crypto_protobuf_provider = NULL;
-+
-+ crypto_protobuf_provider = crypto_protobuf_provider_factory_create();
-+ if (!crypto_protobuf_provider) {
-+ EMSG("Failed to create crypto protobuf provider factory");
-+ goto fatal_error;
-+ }
-+
-+ crypto_iface_protobuf = service_provider_get_rpc_interface(
-+ &crypto_protobuf_provider->base_provider);
-+ if (!crypto_iface_protobuf) {
-+ EMSG("Failed to create service provider RPC interface");
-+ goto fatal_error;
-+ }
-+
-+ rpc_status = ts_rpc_endpoint_sp_add_service(&rpc_endpoint, crypto_iface_protobuf);
-+ if (rpc_status != RPC_SUCCESS) {
-+ EMSG("Failed to add service to RPC endpoint: %d", rpc_status);
-+ goto fatal_error;
-+ }
-+
- /* End of boot phase */
- result = sp_msg_wait(&req_msg);
- if (result != SP_RESULT_OK) {
-2.43.0
-
similarity index 82%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0024-platform-corstone1000-Add-event-provider-proxy.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-platform-corstone1000-Add-event-provider-proxy.patch
@@ -1,7 +1,7 @@
-From dde0ca3260ae3b7e7c3390ef03f9f484e9189626 Mon Sep 17 00:00:00 2001
+From 7953806fd3fdb743c40b76e363b917fac786c636 Mon Sep 17 00:00:00 2001
From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
Date: Tue, 11 Mar 2025 13:33:36 +0000
-Subject: [PATCH 7/8] platform: corstone1000: Add event provider proxy
+Subject: [PATCH 10/11] platform: corstone1000: Add event provider proxy
Normal world needs to send boot confirmation event
to Secure Enclave and Trusted-Services is responsible
@@ -14,17 +14,38 @@ This change is introduced for Corstone-1000
Upstream-Status: Pending
Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
---
+ components/service/common/include/psa/sid.h | 9 ++
.../se-proxy/env/commonsp/se_proxy_sp.c | 16 +++-
.../corstone1000_event_handling.c | 91 +++++++++++++++++++
.../corstone1000_event_handling.h | 42 +++++++++
.../se-proxy/infra/corstone1000/infra.cmake | 1 +
.../corstone1000/service_proxy_factory.c | 27 ++++++
- 5 files changed, 175 insertions(+), 2 deletions(-)
+ 6 files changed, 184 insertions(+), 2 deletions(-)
create mode 100644 deployments/se-proxy/infra/corstone1000/corstone1000_event_handling.c
create mode 100644 deployments/se-proxy/infra/corstone1000/corstone1000_event_handling.h
+diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
+index 0235764d..9f5ea05e 100644
+--- a/components/service/common/include/psa/sid.h
++++ b/components/service/common/include/psa/sid.h
+@@ -40,6 +40,15 @@ extern "C" {
+ #define TFM_CRYPTO_VERSION (1U)
+ #define TFM_CRYPTO_HANDLE (0x40000100U)
+
++/******** TFM_PLATFORM_SERVICE *******/
++#define TFM_PLATFORM_API_ID_IOCTL (1013)
++#define TFM_PLATFORM_SERVICE_HANDLE (0x40000105U)
++
++/**
++ * \brief Define a progressive numerical value for each SID which can be used
++ * when dispatching the requests to the service
++*/
++
+ /******** TFM_SP_PLATFORM ********/
+ #define TFM_SP_PLATFORM_SYSTEM_RESET_SID (0x00000040U)
+ #define TFM_SP_PLATFORM_SYSTEM_RESET_VERSION (1U)
diff --git a/deployments/se-proxy/env/commonsp/se_proxy_sp.c b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
-index 7da489ca..7d2ade5e 100644
+index 9f94092b..ce1410b2 100644
--- a/deployments/se-proxy/env/commonsp/se_proxy_sp.c
+++ b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
@@ -1,6 +1,6 @@
@@ -35,16 +56,16 @@ index 7da489ca..7d2ade5e 100644
*/
#include "components/rpc/common/endpoint/rpc_service_interface.h"
-@@ -40,7 +40,7 @@ void __noreturn sp_main(union ffa_boot_info *boot_info)
+@@ -42,7 +42,7 @@ void __noreturn sp_main(union ffa_boot_info *boot_info)
goto fatal_error;
}
-- rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 7, 16);
-+ rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 8, 16);
+- rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 6, 16);
++ rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 7, 16);
if (rpc_status != RPC_SUCCESS) {
EMSG("Failed to initialize RPC endpoint: %d", rpc_status);
goto fatal_error;
-@@ -95,6 +95,18 @@ void __noreturn sp_main(union ffa_boot_info *boot_info)
+@@ -97,6 +97,18 @@ void __noreturn sp_main(union ffa_boot_info *boot_info)
goto fatal_error;
}
@@ -60,9 +81,9 @@ index 7da489ca..7d2ade5e 100644
+ goto fatal_error;
+ }
+
- rpc_iface = capsule_update_proxy_create();
+ rpc_iface = fwu_proxy_create();
if (!rpc_iface) {
- EMSG("Failed to create Capsule Update proxy");
+ EMSG("Failed to create FWU proxy");
diff --git a/deployments/se-proxy/infra/corstone1000/corstone1000_event_handling.c b/deployments/se-proxy/infra/corstone1000/corstone1000_event_handling.c
new file mode 100644
index 00000000..faf450f2
@@ -209,20 +230,20 @@ index 00000000..e8e60dae
+
+#endif /* CORSTONE1000_EVENT_HANDLING_H */
diff --git a/deployments/se-proxy/infra/corstone1000/infra.cmake b/deployments/se-proxy/infra/corstone1000/infra.cmake
-index 0b04149a..b95801de 100644
+index 2bf6b36e..1ec43700 100644
--- a/deployments/se-proxy/infra/corstone1000/infra.cmake
+++ b/deployments/se-proxy/infra/corstone1000/infra.cmake
-@@ -34,4 +34,5 @@ add_components(TARGET "se-proxy"
+@@ -33,4 +33,5 @@ add_components(TARGET "se-proxy"
target_sources(se-proxy PRIVATE
${CMAKE_CURRENT_LIST_DIR}/service_proxy_factory.c
+ ${CMAKE_CURRENT_LIST_DIR}/corstone1000_event_handling.c
)
diff --git a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
-index f0a4853e..ed42e2cb 100644
+index a754ace7..6d8c3855 100644
--- a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
+++ b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
-@@ -21,6 +21,7 @@
+@@ -20,6 +20,7 @@
#include <protocols/service/fwu/fwu_proto.h>
#include <trace.h>
#include "corstone1000_config.h"
@@ -230,7 +251,7 @@ index f0a4853e..ed42e2cb 100644
/* backends */
#include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-@@ -165,6 +166,32 @@ struct rpc_service_interface *its_proxy_create(void)
+@@ -164,6 +165,32 @@ struct rpc_service_interface *its_proxy_create(void)
return secure_storage_provider_init(&its_provider, backend, &its_uuid);
}
@@ -264,5 +285,5 @@ index f0a4853e..ed42e2cb 100644
{
rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
--
-2.25.1
+2.34.1
similarity index 100%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0025-platform-corstone1000-Define-GUID-for-each-payloads.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0017-platform-corstone1000-Define-GUID-for-each-payloads.patch
similarity index 60%
rename from meta-arm-bsp/recipes-security/trusted-services/corstone1000/0016-Add-the-com-buffer-address-and-page-count.patch
rename to meta-arm-bsp/recipes-security/trusted-services/corstone1000/0018-Add-the-com-buffer-address-and-page-count.patch
@@ -1,38 +1,31 @@
-From 0423349ec142bd1c4a6cc452eed9a0f5e43c8539 Mon Sep 17 00:00:00 2001
-From: Michael Safwat <michael.safwat@arm.com>
-Date: Mon, 23 Jun 2025 13:06:10 +0000
+From 2eef8097c6411fb54b2d0203159e120d192315c7 Mon Sep 17 00:00:00 2001
+From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
+Date: Thu, 24 Jul 2025 10:33:41 +0000
Subject: [PATCH] Plat: Corstone-1000: Add MM communication buffer configs to
CMake
-Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/40893]
Two variables are added into the Corstone-1000 platform
CMake file so the MM communication buffer address and
the page count can be configured.
+Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/40893]
Change-Id: I6bbdc90231b0417d4318d6709568113ab1f2c8ce
Signed-off-by: Michael Safwat <michael.safwat@arm.com>
+Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
---
- platform/providers/arm/corstone1000/platform.cmake | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
+ platform/providers/arm/corstone1000/platform.cmake | 2 ++
+ 1 file changed, 2 insertions(+)
diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
-index 2afcdea8..37c6accf 100644
+index db1e9743..88113c9d 100644
--- a/platform/providers/arm/corstone1000/platform.cmake
+++ b/platform/providers/arm/corstone1000/platform.cmake
-@@ -1,5 +1,5 @@
- #-------------------------------------------------------------------------------
--# Copyright (c) 2021-2024, Arm Limited and Contributors. All rights reserved.
-+# Copyright (c) 2021-2025, Arm Limited and Contributors. All rights reserved.
- #
- # SPDX-License-Identifier: BSD-3-Clause
- #
-@@ -11,6 +11,9 @@ set(SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE 4*4096 CACHE STRING "RPC caller bu
- set(SMM_SP_HEAP_SIZE 80*1024 CACHE STRING "SMM gateway SP heap size")
+@@ -18,6 +18,8 @@ set(SMM_SP_HEAP_SIZE 80*1024 CACHE STRING "SMM gateway SP heap size")
set(PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE 0x43C0 CACHE STRING "Size of the RSE_COMMS_PAYLOAD buffer")
set(COMMS_MHU_MSG_SIZE 0x4500 CACHE STRING "Max message size that can be transfered via MHU")
+ set(TFM_FWU_MAX_DIGEST_SIZE ${TOTAL_ESRT_SIZE} CACHE STRING "Maximum size of ESRT entries of all the images in a bank")
+set(MM_COMM_BUFFER_ADDRESS "0x00000000 0x81FFF000" CACHE STRING "MM Communication buffer start address")
+set(MM_COMM_BUFFER_PAGE_COUNT 0x1 CACHE STRING "MM Communication buffer page count")
-+
target_compile_definitions(${TGT} PRIVATE
SMM_VARIABLE_INDEX_STORAGE_UID=0x787
@@ -2,32 +2,25 @@ FILESEXTRAPATHS:prepend:corstone1000 := "${THISDIR}/corstone1000:"
COMPATIBLE_MACHINE:corstone1000 = "corstone1000"
SRC_URI:append:corstone1000 = " \
- file://0001-Add-stub-capsule-update-service-components.patch \
- file://0002-Fix-in-AEAD-for-psa-arch-test-254.patch \
- file://0003-FMP-Support-in-Corstone1000.patch \
- file://0004-Fix-psa-api-crypto-test-no-243.patch \
- file://0005-plat-corstone1000-Use-the-stateless-platform-service.patch \
- file://0006-plat-corstone1000-Initialize-capsule-update-provider.patch \
- file://0007-plat-corstone1000-add-client_id-for-FMP-service.patch \
- file://0008-Remove-Werror-flag.patch \
- file://0009-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch \
- file://0010-Make-RSS-and-MHU-sizes-compile-time-definitions-user.patch \
- file://0011-Align-PSA-Crypto-with-TF-Mv2.1.patch \
- file://0012-Revert-Make-variable-index-usage-robust-with-redunda.patch \
- file://0013-Revert-Load-and-store-UEFI-variable-index-in-chunks.patch \
- file://0014-Revert-Make-constraints-of-NV-UEFI-variables-persist.patch \
- file://0015-se-proxy-protobuf-change.patch \
+ file://0001-Fix-in-AEAD-for-psa-arch-test-254.patch \
+ file://0002-Fix-psa-api-crypto-test-no-243.patch \
+ file://0003-Remove-Werror-flag.patch \
+ file://0004-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch \
+ file://0005-Make-RSS-and-MHU-sizes-compile-time-definitions-user.patch \
+ file://0006-Align-PSA-Crypto-with-TF-Mv2.1.patch \
+ file://0007-Revert-Load-and-store-UEFI-variable-index-in-chunks.patch \
+ file://0008-se-proxy-protobuf-change.patch \
+ file://0009-Platform-Corstone1000-Add-PLATFORM_IS_FVP-toggle-for.patch \
+ file://0010-Integrate-PSA-FWU-IPC-framework-for-Corstone-1000.patch \
+ file://0011-Load-initial-image-state-in-PSA-FWU-M-update-agent.patch \
+ file://0012-Corstone1000-Define-PSA-FWU-image-mapping-structure.patch \
+ file://0013-Fix-PSA-FWU-IPC-psa_fwu_install-return-value-check.patch \
+ file://0014-fwu-Add-EFI-ESRT-v1-support.patch \
+ file://0015-platform-corstone1000-Enable-ESRT-support.patch \
+ file://0016-platform-corstone1000-Add-event-provider-proxy.patch \
+ file://0017-platform-corstone1000-Define-GUID-for-each-payloads.patch \
+ file://0018-Add-the-com-buffer-address-and-page-count.patch \
file://0021-Align-PSA-Crypto-structs-with-TF-Mv2.1.1.patch \
- file://0016-Add-the-com-buffer-address-and-page-count.patch \
- file://0017-Platform-Corstone1000-Add-PLATFORM_IS_FVP-toggle-for.patch \
- file://0018-Integrate-PSA-FWU-IPC-framework-for-Corstone-1000.patch \
- file://0019-Load-initial-image-state-in-PSA-FWU-M-update-agent.patch \
- file://0020-Corstone1000-Define-PSA-FWU-image-mapping-structure.patch \
- file://0021-Fix-PSA-FWU-IPC-psa_fwu_install-return-value-check.patch \
- file://0022-fwu-Add-EFI-ESRT-v1-support.patch \
- file://0023-platform-corstone1000-Enable-ESRT-support.patch \
- file://0024-platform-corstone1000-Add-event-provider-proxy.patch \
- file://0025-platform-corstone1000-Define-GUID-for-each-payloads.patch \
"
# The patches above introduce errors with GCC 14.1, silence them for now
CFLAGS:append:corstone1000 = " -Wno-int-conversion -Wno-implicit-function-declaration"
This change removes the obsolete out-of-tree patches and legacy support related to the old capsule update mechanism for the Corstone-1000 platform. The Trusted-Services components are now aligned with the upstream implementation, and outdated patches have been dropped or rebased as necessary. - Removed deprecated patches targeting old capsule update logic - Rebasing of remaining patches to ensure compatibility with updated TS interface This prepares the platform for the new PSA FWU-based capsule update path and reduces technical debt in Trusted-Services integration. Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com> --- ...ub-capsule-update-service-components.patch | 378 --------- ...1-Fix-in-AEAD-for-psa-arch-test-254.patch} | 0 ...0002-Fix-psa-api-crypto-test-no-243.patch} | 0 .../0003-FMP-Support-in-Corstone1000.patch | 418 ---------- ...ag.patch => 0003-Remove-Werror-flag.patch} | 0 ..._HAS_ATTEST_PK-define-from-IAT-test.patch} | 0 ...sizes-compile-time-definitions-user.patch} | 0 ...0-Use-the-stateless-platform-service.patch | 141 ---- ...0006-Align-PSA-Crypto-with-TF-Mv2.1.patch} | 0 ...0-Initialize-capsule-update-provider.patch | 106 --- ...store-UEFI-variable-index-in-chunks.patch} | 140 ++-- ...ne1000-add-client_id-for-FMP-service.patch | 49 -- .../0008-se-proxy-protobuf-change.patch | 71 ++ ...1000-Add-PLATFORM_IS_FVP-toggle-for.patch} | 0 ...FWU-IPC-framework-for-Corstone-1000.patch} | 20 +- ...age-state-in-PSA-FWU-M-update-agent.patch} | 0 ...ine-PSA-FWU-image-mapping-structure.patch} | 0 ...able-index-usage-robust-with-redunda.patch | 716 ------------------ ...-psa_fwu_install-return-value-check.patch} | 0 ...traints-of-NV-UEFI-variables-persist.patch | 387 ---------- ...=> 0014-fwu-Add-EFI-ESRT-v1-support.patch} | 0 ...rm-corstone1000-Enable-ESRT-support.patch} | 0 .../0015-se-proxy-protobuf-change.patch | 64 -- ...rstone1000-Add-event-provider-proxy.patch} | 53 +- ...e1000-Define-GUID-for-each-payloads.patch} | 0 ...e-com-buffer-address-and-page-count.patch} | 27 +- .../trusted-services/ts-arm-platforms.inc | 43 +- 27 files changed, 232 insertions(+), 2381 deletions(-) delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Add-stub-capsule-update-service-components.patch rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0002-Fix-in-AEAD-for-psa-arch-test-254.patch => 0001-Fix-in-AEAD-for-psa-arch-test-254.patch} (100%) rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0004-Fix-psa-api-crypto-test-no-243.patch => 0002-Fix-psa-api-crypto-test-no-243.patch} (100%) delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0003-FMP-Support-in-Corstone1000.patch rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0008-Remove-Werror-flag.patch => 0003-Remove-Werror-flag.patch} (100%) rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0009-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch => 0004-Remove-PLATFORM_HAS_ATTEST_PK-define-from-IAT-test.patch} (100%) rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0010-Make-RSS-and-MHU-sizes-compile-time-definitions-user.patch => 0005-Make-RSS-and-MHU-sizes-compile-time-definitions-user.patch} (100%) delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-plat-corstone1000-Use-the-stateless-platform-service.patch rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0011-Align-PSA-Crypto-with-TF-Mv2.1.patch => 0006-Align-PSA-Crypto-with-TF-Mv2.1.patch} (100%) delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-plat-corstone1000-Initialize-capsule-update-provider.patch rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0013-Revert-Load-and-store-UEFI-variable-index-in-chunks.patch => 0007-Revert-Load-and-store-UEFI-variable-index-in-chunks.patch} (74%) delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0007-plat-corstone1000-add-client_id-for-FMP-service.patch create mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-se-proxy-protobuf-change.patch rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0017-Platform-Corstone1000-Add-PLATFORM_IS_FVP-toggle-for.patch => 0009-Platform-Corstone1000-Add-PLATFORM_IS_FVP-toggle-for.patch} (100%) rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0018-Integrate-PSA-FWU-IPC-framework-for-Corstone-1000.patch => 0010-Integrate-PSA-FWU-IPC-framework-for-Corstone-1000.patch} (97%) rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0019-Load-initial-image-state-in-PSA-FWU-M-update-agent.patch => 0011-Load-initial-image-state-in-PSA-FWU-M-update-agent.patch} (100%) rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0020-Corstone1000-Define-PSA-FWU-image-mapping-structure.patch => 0012-Corstone1000-Define-PSA-FWU-image-mapping-structure.patch} (100%) delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-Revert-Make-variable-index-usage-robust-with-redunda.patch rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0021-Fix-PSA-FWU-IPC-psa_fwu_install-return-value-check.patch => 0013-Fix-PSA-FWU-IPC-psa_fwu_install-return-value-check.patch} (100%) delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0014-Revert-Make-constraints-of-NV-UEFI-variables-persist.patch rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0022-fwu-Add-EFI-ESRT-v1-support.patch => 0014-fwu-Add-EFI-ESRT-v1-support.patch} (100%) rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0023-platform-corstone1000-Enable-ESRT-support.patch => 0015-platform-corstone1000-Enable-ESRT-support.patch} (100%) delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-se-proxy-protobuf-change.patch rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0024-platform-corstone1000-Add-event-provider-proxy.patch => 0016-platform-corstone1000-Add-event-provider-proxy.patch} (82%) rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0025-platform-corstone1000-Define-GUID-for-each-payloads.patch => 0017-platform-corstone1000-Define-GUID-for-each-payloads.patch} (100%) rename meta-arm-bsp/recipes-security/trusted-services/corstone1000/{0016-Add-the-com-buffer-address-and-page-count.patch => 0018-Add-the-com-buffer-address-and-page-count.patch} (60%)