deleted file mode 100644
@@ -1,129 +0,0 @@
-From 74a07ccbb4eb573269672a0c1f61b9165a592b44 Mon Sep 17 00:00:00 2001
-From: Satish Kumar <satish.kumar01@arm.com>
-Date: Mon, 14 Feb 2022 08:22:25 +0000
-Subject: [PATCH 02/12] Fix in AEAD for psa-arch test 254
-
-PSA crypto test 254 fails at checkpoint 6.
-Fix output arguments in various crypto AEAD functions
-to match crypto service implementation in TF-M. AEAD API's
-in TF-M start expecting output size as an argument.
-
-Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/31176]
-Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
-Signed-off-by: Satish Kumar <satish.kumar01@arm.com>
-Signed-off-by: Rui Miguel Silva <rui.silva@linaro.org>
-Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
----
- .../crypto/client/caller/packed-c/crypto_caller_aead.h | 1 +
- components/service/crypto/include/psa/crypto_sizes.h | 2 +-
- .../crypto/provider/extension/aead/aead_provider.c | 10 ++++++++--
- .../aead/serializer/aead_provider_serializer.h | 1 +
- .../packed-c/packedc_aead_provider_serializer.c | 2 ++
- protocols/service/crypto/packed-c/aead.h | 1 +
- 6 files changed, 14 insertions(+), 3 deletions(-)
-
-diff --git a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
-index 417189e87..236d3e258 100644
---- a/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
-+++ b/components/service/crypto/client/caller/packed-c/crypto_caller_aead.h
-@@ -314,6 +314,7 @@ static inline psa_status_t crypto_caller_aead_update(struct service_client *cont
- size_t req_len = req_fixed_len;
-
- *output_length = 0;
-+ req_msg.output_size = output_size;
- req_msg.op_handle = op_handle;
-
- /* Mandatory input data parameter */
-diff --git a/components/service/crypto/include/psa/crypto_sizes.h b/components/service/crypto/include/psa/crypto_sizes.h
-index 30aa102da..130d27295 100644
---- a/components/service/crypto/include/psa/crypto_sizes.h
-+++ b/components/service/crypto/include/psa/crypto_sizes.h
-@@ -351,7 +351,7 @@
- * just the largest size that may be generated by
- * #psa_aead_generate_nonce().
- */
--#define PSA_AEAD_NONCE_MAX_SIZE 12
-+#define PSA_AEAD_NONCE_MAX_SIZE 16
-
- /** A sufficient output buffer size for psa_aead_update().
- *
-diff --git a/components/service/crypto/provider/extension/aead/aead_provider.c b/components/service/crypto/provider/extension/aead/aead_provider.c
-index b73d88d32..510cffa34 100644
---- a/components/service/crypto/provider/extension/aead/aead_provider.c
-+++ b/components/service/crypto/provider/extension/aead/aead_provider.c
-@@ -283,10 +283,11 @@ static rpc_status_t aead_update_handler(void *context, struct rpc_request *req)
- uint32_t op_handle;
- const uint8_t *input;
- size_t input_len;
-+ uint32_t recv_output_size;
-
- if (serializer)
- rpc_status = serializer->deserialize_aead_update_req(req_buf, &op_handle,
-- &input, &input_len);
-+ &recv_output_size, &input, &input_len);
-
- if (rpc_status == RPC_SUCCESS) {
-
-@@ -300,9 +301,14 @@ static rpc_status_t aead_update_handler(void *context, struct rpc_request *req)
- if (crypto_context) {
-
- size_t output_len = 0;
-- size_t output_size = PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(input_len);
-+ size_t output_size = PSA_AEAD_UPDATE_OUTPUT_MAX_SIZE(24);
-+ /* Always allocate maximum size to be more robust to implementations of psa_aead_update() */
- uint8_t *output = malloc(output_size);
-
-+ if (recv_output_size < output_size) {
-+ output_size = recv_output_size;
-+ }
-+
- if (output) {
-
- psa_status = psa_aead_update(&crypto_context->op.aead,
-diff --git a/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h b/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h
-index be76d2bc6..590973048 100644
---- a/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h
-+++ b/components/service/crypto/provider/extension/aead/serializer/aead_provider_serializer.h
-@@ -51,6 +51,7 @@ struct aead_provider_serializer {
- /* Operation: aead_update */
- rpc_status_t (*deserialize_aead_update_req)(const struct rpc_buffer *req_buf,
- uint32_t *op_handle,
-+ uint32_t *output_size,
- const uint8_t **input, size_t *input_len);
-
- rpc_status_t (*serialize_aead_update_resp)(struct rpc_buffer *resp_buf,
-diff --git a/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c b/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c
-index 8f8c3c7f2..922a7b651 100644
---- a/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c
-+++ b/components/service/crypto/provider/extension/aead/serializer/packed-c/packedc_aead_provider_serializer.c
-@@ -192,6 +192,7 @@ static rpc_status_t deserialize_aead_update_ad_req(const struct rpc_buffer *req_
- /* Operation: aead_update */
- static rpc_status_t deserialize_aead_update_req(const struct rpc_buffer *req_buf,
- uint32_t *op_handle,
-+ uint32_t *output_size,
- const uint8_t **input, size_t *input_len)
- {
- rpc_status_t rpc_status = RPC_ERROR_INVALID_REQUEST_BODY;
-@@ -208,6 +209,7 @@ static rpc_status_t deserialize_aead_update_req(const struct rpc_buffer *req_buf
- memcpy(&recv_msg, req_buf->data, expected_fixed_len);
-
- *op_handle = recv_msg.op_handle;
-+ *output_size = recv_msg.output_size;
-
- tlv_const_iterator_begin(&req_iter,
- (uint8_t*)req_buf->data + expected_fixed_len,
-diff --git a/protocols/service/crypto/packed-c/aead.h b/protocols/service/crypto/packed-c/aead.h
-index 0be266b52..435fd3b52 100644
---- a/protocols/service/crypto/packed-c/aead.h
-+++ b/protocols/service/crypto/packed-c/aead.h
-@@ -98,6 +98,7 @@ enum
- struct __attribute__ ((__packed__)) ts_crypto_aead_update_in
- {
- uint32_t op_handle;
-+ uint32_t output_size;
- };
-
- /* Variable length input parameter tags */
-2.25.1
-
deleted file mode 100644
@@ -1,31 +0,0 @@
-From c74d0d62fede8ef0207a909fb4157dbbb4830dc9 Mon Sep 17 00:00:00 2001
-From: Bence Balogh <bence.balogh@arm.com>
-Date: Wed, 10 Apr 2024 09:17:39 +0200
-Subject: [PATCH 04/12] Fix psa-api-crypto-test no 243
-
-Enable MbedTLS ECP DP SECP521R1 ECC algorithm to pass
-PSA-API tests's `psa-api-crypto-test` number 243 as it is
-required for Corstone-1000.
-
-Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/31177/1]
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
----
- platform/providers/arm/corstone1000/platform.cmake | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
-index d39b79033..0c7c51b6e 100644
---- a/platform/providers/arm/corstone1000/platform.cmake
-+++ b/platform/providers/arm/corstone1000/platform.cmake
-@@ -14,6 +14,7 @@ target_compile_definitions(${TGT} PRIVATE
- SMM_VARIABLE_INDEX_STORAGE_UID=0x787
- PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE=0x2080
- COMMS_MHU_MSG_SIZE=0x3500
-+ MBEDTLS_ECP_DP_SECP521R1_ENABLED
- )
-
- get_property(_platform_driver_dependencies TARGET ${TGT}
-2.25.1
-
deleted file mode 100644
@@ -1,40 +0,0 @@
-From 1c8b1d017cbdd26c9b75580936017eecd2b1f70c Mon Sep 17 00:00:00 2001
-From: Gyorgy Szing <gyorgy.szing@arm.com>
-Date: Fri, 18 Oct 2024 12:08:21 +0000
-Subject: [PATCH 10/12] Make RSE and MHU sizes compile-time definitions
- user-configurable
-
-Replace the hardcoded RSE and MHU compile definitions values with CMake
-cache variables that users can configure to change the size of the RSE
-communication payload and the MHU message.
-
-Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/31178/1]
-Signed-off-by: Bence Balogh <bence.balogh@arm.com>
-Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
----
- platform/providers/arm/corstone1000/platform.cmake | 6 ++++--
- 1 file changed, 4 insertions(+), 2 deletions(-)
-
-diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
-index 0c7c51b6e..66a55ab85 100644
---- a/platform/providers/arm/corstone1000/platform.cmake
-+++ b/platform/providers/arm/corstone1000/platform.cmake
-@@ -9,11 +9,13 @@
- set(SMM_GATEWAY_MAX_UEFI_VARIABLES 80 CACHE STRING "Maximum UEFI variable count")
- set(SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE 4*4096 CACHE STRING "RPC caller buffer size in SMMGW")
- set(SMM_SP_HEAP_SIZE 80*1024 CACHE STRING "SMM gateway SP heap size")
-+set(PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE 0x43C0 CACHE STRING "Size of the RSE_COMMS_PAYLOAD buffer")
-+set(COMMS_MHU_MSG_SIZE 0x4500 CACHE STRING "Max message size that can be transfered via MHU")
-
- target_compile_definitions(${TGT} PRIVATE
- SMM_VARIABLE_INDEX_STORAGE_UID=0x787
-- PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE=0x2080
-- COMMS_MHU_MSG_SIZE=0x3500
-+ PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE=${PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE}
-+ COMMS_MHU_MSG_SIZE=${COMMS_MHU_MSG_SIZE}
- MBEDTLS_ECP_DP_SECP521R1_ENABLED
- )
-
-2.25.1
-
deleted file mode 100644
@@ -1,298 +0,0 @@
-From 111c15d7bf79e023bfb8bdcf631dfa95503f5f4e Mon Sep 17 00:00:00 2001
-From: Gyorgy Szing <gyorgy.szing@arm.com>
-Date: Fri, 18 Oct 2024 11:40:29 +0000
-Subject: [PATCH 11/12] Align PSA Crypto with TF-Mv2.1
-
-Update following files using the TF-Mv2.1 release (0c4c99b) commit.
-
-* crypto_sid.h
-This is derived from TF-M's tfm_crypto_defs.h file. The crypto function
-ID definitions were reworked. This change had to be done on the TS
-side too to keep the compatibility.
-
-* crypto_ipc_backend.h
-This file is also derived from the tfm_crypto_defs.h file. The
-tfm_crypto_pack_iovec struct changed in TF-M so the
-psa_ipc_crypto_pack_iovec struct had to be updated in TS to
-keep the compatibility.
-
-* crypto_client_struct.h
-The psa_client_key_attributes_s struct had to be aligned with the
-psa_key_attributes_s struct in TF-M. (psa_crypto.c)
-
-Signed-off-by: Bence Balogh <bence.balogh@arm.com>
-Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/31179/1]
----
- .../service/common/include/psa/crypto_sid.h | 166 +++++-------------
- .../backend/psa_ipc/crypto_ipc_backend.h | 9 +-
- .../crypto/include/psa/crypto_client_struct.h | 4 +-
- 3 files changed, 54 insertions(+), 125 deletions(-)
-
-diff --git a/components/service/common/include/psa/crypto_sid.h b/components/service/common/include/psa/crypto_sid.h
-index 5b05f46d7..e1fbb15e2 100644
---- a/components/service/common/include/psa/crypto_sid.h
-+++ b/components/service/common/include/psa/crypto_sid.h
-@@ -19,21 +19,23 @@ extern "C" {
- * Asym sign, Asym encrypt, Key derivation).
- */
- enum tfm_crypto_group_id {
-- TFM_CRYPTO_GROUP_ID_RANDOM = 0x0,
-- TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT,
-- TFM_CRYPTO_GROUP_ID_HASH,
-- TFM_CRYPTO_GROUP_ID_MAC,
-- TFM_CRYPTO_GROUP_ID_CIPHER,
-- TFM_CRYPTO_GROUP_ID_AEAD,
-- TFM_CRYPTO_GROUP_ID_ASYM_SIGN,
-- TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT,
-- TFM_CRYPTO_GROUP_ID_KEY_DERIVATION,
-+ TFM_CRYPTO_GROUP_ID_RANDOM = UINT8_C(1),
-+ TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT = UINT8_C(2),
-+ TFM_CRYPTO_GROUP_ID_HASH = UINT8_C(3),
-+ TFM_CRYPTO_GROUP_ID_MAC = UINT8_C(4),
-+ TFM_CRYPTO_GROUP_ID_CIPHER = UINT8_C(5),
-+ TFM_CRYPTO_GROUP_ID_AEAD = UINT8_C(6),
-+ TFM_CRYPTO_GROUP_ID_ASYM_SIGN = UINT8_C(7),
-+ TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT = UINT8_C(8),
-+ TFM_CRYPTO_GROUP_ID_KEY_DERIVATION = UINT8_C(9)
- };
-
--/* X macro describing each of the available PSA Crypto APIs */
-+/* Set of X macros describing each of the available PSA Crypto APIs */
-+#define RANDOM_FUNCS \
-+ X(TFM_CRYPTO_GENERATE_RANDOM)
-+
- #define KEY_MANAGEMENT_FUNCS \
- X(TFM_CRYPTO_GET_KEY_ATTRIBUTES) \
-- X(TFM_CRYPTO_RESET_KEY_ATTRIBUTES) \
- X(TFM_CRYPTO_OPEN_KEY) \
- X(TFM_CRYPTO_CLOSE_KEY) \
- X(TFM_CRYPTO_IMPORT_KEY) \
-@@ -89,13 +91,13 @@ enum tfm_crypto_group_id {
- X(TFM_CRYPTO_AEAD_VERIFY) \
- X(TFM_CRYPTO_AEAD_ABORT)
-
--#define ASYMMETRIC_SIGN_FUNCS \
-+#define ASYM_SIGN_FUNCS \
- X(TFM_CRYPTO_ASYMMETRIC_SIGN_MESSAGE) \
- X(TFM_CRYPTO_ASYMMETRIC_VERIFY_MESSAGE) \
- X(TFM_CRYPTO_ASYMMETRIC_SIGN_HASH) \
- X(TFM_CRYPTO_ASYMMETRIC_VERIFY_HASH)
-
--#define AYSMMETRIC_ENCRYPT_FUNCS \
-+#define ASYM_ENCRYPT_FUNCS \
- X(TFM_CRYPTO_ASYMMETRIC_ENCRYPT) \
- X(TFM_CRYPTO_ASYMMETRIC_DECRYPT)
-
-@@ -106,133 +108,55 @@ enum tfm_crypto_group_id {
- X(TFM_CRYPTO_KEY_DERIVATION_SET_CAPACITY) \
- X(TFM_CRYPTO_KEY_DERIVATION_INPUT_BYTES) \
- X(TFM_CRYPTO_KEY_DERIVATION_INPUT_KEY) \
-+ X(TFM_CRYPTO_KEY_DERIVATION_INPUT_INTEGER) \
- X(TFM_CRYPTO_KEY_DERIVATION_KEY_AGREEMENT) \
- X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_BYTES) \
- X(TFM_CRYPTO_KEY_DERIVATION_OUTPUT_KEY) \
- X(TFM_CRYPTO_KEY_DERIVATION_ABORT)
-
--#define RANDOM_FUNCS \
-- X(TFM_CRYPTO_GENERATE_RANDOM)
--
--/*
-- * Define function IDs in each group. The function ID will be encoded into
-- * tfm_crypto_func_sid below.
-- * Each group is defined as a dedicated enum in case the total number of
-- * PSA Crypto APIs exceeds 256.
-- */
--#define X(func_id) func_id,
--enum tfm_crypto_key_management_func_id {
-- KEY_MANAGEMENT_FUNCS
--};
--enum tfm_crypto_hash_func_id {
-- HASH_FUNCS
--};
--enum tfm_crypto_mac_func_id {
-- MAC_FUNCS
--};
--enum tfm_crypto_cipher_func_id {
-- CIPHER_FUNCS
--};
--enum tfm_crypto_aead_func_id {
-- AEAD_FUNCS
--};
--enum tfm_crypto_asym_sign_func_id {
-- ASYMMETRIC_SIGN_FUNCS
--};
--enum tfm_crypto_asym_encrypt_func_id {
-- AYSMMETRIC_ENCRYPT_FUNCS
--};
--enum tfm_crypto_key_derivation_func_id {
-- KEY_DERIVATION_FUNCS
--};
--enum tfm_crypto_random_func_id {
-- RANDOM_FUNCS
--};
--#undef X
--
--#define FUNC_ID(func_id) (((func_id) & 0xFF) << 8)
-+#define BASE__VALUE(x) ((uint16_t)((((uint16_t)(x)) << 8) & 0xFF00))
-
--/*
-- * Numerical progressive value identifying a function API exposed through
-- * the interfaces (S or NS). It's used to dispatch the requests from S/NS
-- * to the corresponding API implementation in the Crypto service backend.
-+/**
-+ * \brief This type defines numerical progressive values identifying a function API
-+ * exposed through the interfaces (S or NS). It's used to dispatch the requests
-+ * from S/NS to the corresponding API implementation in the Crypto service backend.
-+ *
-+ * \note Each function SID is encoded as uint16_t.
-+ * +------------+------------+
-+ * | Group ID | Func ID |
-+ * +------------+------------+
-+ * (MSB)15 8 7 0(LSB)
- *
-- * Each function SID is encoded as uint16_t.
-- * | Func ID | Group ID |
-- * 15 8 7 0
-- * Func ID is defined in each group func_id enum above
-- * Group ID is defined in tfm_crypto_group_id.
- */
--enum tfm_crypto_func_sid {
--
--#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-- (TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT & 0xFF)),
--
-+enum tfm_crypto_func_sid_t {
-+#define X(FUNCTION_NAME) FUNCTION_NAME ## _SID,
-+ BASE__RANDOM = BASE__VALUE(TFM_CRYPTO_GROUP_ID_RANDOM) - 1,
-+ RANDOM_FUNCS
-+ BASE__KEY_MANAGEMENT = BASE__VALUE(TFM_CRYPTO_GROUP_ID_KEY_MANAGEMENT) - 1,
- KEY_MANAGEMENT_FUNCS
--
--#undef X
--#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-- (TFM_CRYPTO_GROUP_ID_HASH & 0xFF)),
-+ BASE__HASH = BASE__VALUE(TFM_CRYPTO_GROUP_ID_HASH) - 1,
- HASH_FUNCS
--
--#undef X
--#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-- (TFM_CRYPTO_GROUP_ID_MAC & 0xFF)),
-+ BASE__MAC = BASE__VALUE(TFM_CRYPTO_GROUP_ID_MAC) - 1,
- MAC_FUNCS
--
--#undef X
--#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-- (TFM_CRYPTO_GROUP_ID_CIPHER & 0xFF)),
-+ BASE__CIPHER = BASE__VALUE(TFM_CRYPTO_GROUP_ID_CIPHER) - 1,
- CIPHER_FUNCS
--
--#undef X
--#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-- (TFM_CRYPTO_GROUP_ID_AEAD & 0xFF)),
-+ BASE__AEAD = BASE__VALUE(TFM_CRYPTO_GROUP_ID_AEAD) - 1,
- AEAD_FUNCS
--
--#undef X
--#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-- (TFM_CRYPTO_GROUP_ID_ASYM_SIGN & 0xFF)),
-- ASYMMETRIC_SIGN_FUNCS
--
--#undef X
--#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-- (TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT & 0xFF)),
-- AYSMMETRIC_ENCRYPT_FUNCS
--
--#undef X
--#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-- (TFM_CRYPTO_GROUP_ID_KEY_DERIVATION & 0xFF)),
-+ BASE__ASYM_SIGN = BASE__VALUE(TFM_CRYPTO_GROUP_ID_ASYM_SIGN) - 1,
-+ ASYM_SIGN_FUNCS
-+ BASE__ASYM_ENCRYPT = BASE__VALUE(TFM_CRYPTO_GROUP_ID_ASYM_ENCRYPT) - 1,
-+ ASYM_ENCRYPT_FUNCS
-+ BASE__KEY_DERIVATION = BASE__VALUE(TFM_CRYPTO_GROUP_ID_KEY_DERIVATION) - 1,
- KEY_DERIVATION_FUNCS
--
- #undef X
--#define X(func_id) func_id ## _SID = (uint16_t)((FUNC_ID(func_id)) | \
-- (TFM_CRYPTO_GROUP_ID_RANDOM & 0xFF)),
-- RANDOM_FUNCS
--
- };
--#undef X
-
- /**
-- * \brief Define an invalid value for an SID
-- *
-+ * \brief This macro is used to extract the group_id from an encoded function id
-+ * by accessing the upper 8 bits. A \a _function_id is uint16_t type
- */
--#define TFM_CRYPTO_SID_INVALID (~0x0u)
--
--/**
-- * \brief This value is used to mark an handle as invalid.
-- *
-- */
--#define TFM_CRYPTO_INVALID_HANDLE (0x0u)
--
--/**
-- * \brief Define miscellaneous literal constants that are used in the service
-- *
-- */
--enum {
-- TFM_CRYPTO_NOT_IN_USE = 0,
-- TFM_CRYPTO_IN_USE = 1
--};
-+#define TFM_CRYPTO_GET_GROUP_ID(_function_id) \
-+ ((enum tfm_crypto_group_id_t)(((uint16_t)(_function_id) >> 8) & 0xFF))
-
- #ifdef __cplusplus
- }
-diff --git a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-index f9bbf84d6..27fe3496a 100644
---- a/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-+++ b/components/service/crypto/backend/psa_ipc/crypto_ipc_backend.h
-@@ -30,10 +30,9 @@ struct psa_ipc_crypto_aead_pack_input {
- struct psa_ipc_crypto_pack_iovec {
- psa_key_id_t key_id; /*!< Key id */
- psa_algorithm_t alg; /*!< Algorithm */
-- uint32_t op_handle; /*!< Frontend context handle associated to a
-+ uint32_t op_handle; /*!< Client context handle associated to a
- * multipart operation
- */
-- uint32_t capacity; /*!< Key derivation capacity */
- uint32_t ad_length; /*!< Additional Data length for multipart AEAD */
- uint32_t plaintext_length; /*!< Plaintext length for multipart AEAD */
-
-@@ -44,7 +43,11 @@ struct psa_ipc_crypto_pack_iovec {
- * See tfm_crypto_func_sid for detail
- */
- uint16_t step; /*!< Key derivation step */
--} __attribute__((__packed__));
-+ union {
-+ size_t capacity; /*!< Key derivation capacity */
-+ uint64_t value; /*!< Key derivation integer for update*/
-+ };
-+};
-
- #define iov_size sizeof(struct psa_ipc_crypto_pack_iovec)
-
-diff --git a/components/service/crypto/include/psa/crypto_client_struct.h b/components/service/crypto/include/psa/crypto_client_struct.h
-index 1f68aba21..ebc400811 100644
---- a/components/service/crypto/include/psa/crypto_client_struct.h
-+++ b/components/service/crypto/include/psa/crypto_client_struct.h
-@@ -34,9 +34,11 @@ struct psa_client_key_attributes_s
- uint16_t type;
- uint16_t bits;
- uint32_t lifetime;
-- psa_key_id_t id;
- uint32_t usage;
- uint32_t alg;
-+ uint32_t alg2;
-+ uint32_t id;
-+ int32_t owner_id;
- };
-
- #define PSA_CLIENT_KEY_ATTRIBUTES_INIT {0, 0, 0, 0, 0, 0}
-2.25.1
-
deleted file mode 100644
@@ -1,71 +0,0 @@
-From 77dbb98428b0661f0ceee54208d226fc7fb27130 Mon Sep 17 00:00:00 2001
-From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
-Date: Sun, 1 Jun 2025 11:06:00 +0000
-Subject: [PATCH 02/11] se proxy protobuf change
-
-Upstream-Status: Pending (not yet submitted to upstream)
-Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
-Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
----
- .../se-proxy/env/commonsp/se_proxy_sp.c | 24 ++++++++++++++++++-
- 1 file changed, 23 insertions(+), 1 deletion(-)
-
-diff --git a/deployments/se-proxy/env/commonsp/se_proxy_sp.c b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
-index 485d7649..9f94092b 100644
---- a/deployments/se-proxy/env/commonsp/se_proxy_sp.c
-+++ b/deployments/se-proxy/env/commonsp/se_proxy_sp.c
-@@ -13,6 +13,7 @@
- #include "trace.h"
- #include "deployments/se-proxy/infra/service_proxy_factory.h"
- #include "deployments/se-proxy/se_proxy_interfaces.h"
-+#include <service/crypto/factory/crypto_provider_factory.h>
-
- static bool sp_init(uint16_t *own_sp_id);
-
-@@ -25,6 +26,8 @@ void __noreturn sp_main(union ffa_boot_info *boot_info)
- uint16_t own_id = 0;
- sp_result result = SP_RESULT_INTERNAL_ERROR;
- rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
-+ struct rpc_service_interface *crypto_iface_protobuf = NULL;
-+ struct crypto_provider *crypto_protobuf_provider = NULL;
-
- /* Boot phase */
- if (!sp_init(&own_id)) {
-@@ -39,7 +42,7 @@ void __noreturn sp_main(union ffa_boot_info *boot_info)
- goto fatal_error;
- }
-
-- rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 5, 16);
-+ rpc_status = ts_rpc_endpoint_sp_init(&rpc_endpoint, 6, 16);
- if (rpc_status != RPC_SUCCESS) {
- EMSG("Failed to initialize RPC endpoint: %d", rpc_status);
- goto fatal_error;
-@@ -106,6 +109,25 @@ void __noreturn sp_main(union ffa_boot_info *boot_info)
- goto fatal_error;
- }
-
-+ crypto_protobuf_provider = crypto_protobuf_provider_factory_create();
-+ if (!crypto_protobuf_provider) {
-+ EMSG("Failed to create crypto protobuf provider factory");
-+ goto fatal_error;
-+ }
-+
-+ crypto_iface_protobuf = service_provider_get_rpc_interface(
-+ &crypto_protobuf_provider->base_provider);
-+ if (!crypto_iface_protobuf) {
-+ EMSG("Failed to create service provider RPC interface");
-+ goto fatal_error;
-+ }
-+
-+ rpc_status = ts_rpc_endpoint_sp_add_service(&rpc_endpoint, crypto_iface_protobuf);
-+ if (rpc_status != RPC_SUCCESS) {
-+ EMSG("Failed to add service to RPC endpoint: %d", rpc_status);
-+ goto fatal_error;
-+ }
-+
- /* End of boot phase */
- result = sp_msg_wait(&req_msg);
- if (result != SP_RESULT_OK) {
-2.34.1
-
deleted file mode 100644
@@ -1,436 +0,0 @@
-From f385ddacc8cc62842f7c9c91622d59959c41e718 Mon Sep 17 00:00:00 2001
-From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
-Date: Thu, 28 Nov 2024 12:02:28 +0000
-Subject: [PATCH 04/11] Integrate PSA FWU IPC framework for Corstone-1000
-
-Integrate IPC framework for PSA FWU calls between Cortex-A side and Cortex-M subsystems.
-
-IPC framework is required to bridge the PSA FWU calls for the platforms which have
-both Cortex-A and Cortex-M subsystems. Corstone-1000 falls under this category of
-platforms. In these platforms, the PSA FWU client and PSA FWU provider exist on
-Cortex-A and all the PSA FWU services are implemented on Cortex-M side. This IPC
-framework forwards the PSA FWU calls from Cortex-A to Cortex-M subsystem.
-
-Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/33826]
-Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
----
- components/service/common/include/psa/sid.h | 6 +-
- .../interface/psa_ipc/component.cmake | 13 +
- .../psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.c | 253 ++++++++++++++++++
- .../psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.h | 49 ++++
- .../se-proxy/infra/corstone1000/infra.cmake | 2 +-
- .../corstone1000/service_proxy_factory.c | 16 ++
- 6 files changed, 337 insertions(+), 2 deletions(-)
- create mode 100644 components/service/fwu/psa_fwu_m/interface/psa_ipc/component.cmake
- create mode 100644 components/service/fwu/psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.c
- create mode 100644 components/service/fwu/psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.h
-
-diff --git a/components/service/common/include/psa/sid.h b/components/service/common/include/psa/sid.h
-index 5aaa659d..0235764d 100644
---- a/components/service/common/include/psa/sid.h
-+++ b/components/service/common/include/psa/sid.h
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2019-2023, Arm Limited. All rights reserved.
-+ * Copyright (c) 2019-2024, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
-@@ -58,6 +58,10 @@ extern "C" {
- #define TFM_ATTEST_GET_TOKEN_SIZE 1002
-
- /******** TFM_SP_FWU ********/
-+#define TFM_FIRMWARE_UPDATE_SERVICE_SID (0x000000A0U)
-+#define TFM_FIRMWARE_UPDATE_SERVICE_VERSION (1U)
-+#define TFM_FIRMWARE_UPDATE_SERVICE_HANDLE (0x40000104U)
-+
- #define TFM_FWU_WRITE_SID (0x000000A0U)
- #define TFM_FWU_WRITE_VERSION (1U)
- #define TFM_FWU_INSTALL_SID (0x000000A1U)
-diff --git a/components/service/fwu/psa_fwu_m/interface/psa_ipc/component.cmake b/components/service/fwu/psa_fwu_m/interface/psa_ipc/component.cmake
-new file mode 100644
-index 00000000..cdc653a6
---- /dev/null
-+++ b/components/service/fwu/psa_fwu_m/interface/psa_ipc/component.cmake
-@@ -0,0 +1,13 @@
-+#-------------------------------------------------------------------------------
-+# Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
-+#
-+# SPDX-License-Identifier: BSD-3-Clause
-+#
-+#-------------------------------------------------------------------------------
-+if (NOT DEFINED TGT)
-+ message(FATAL_ERROR "mandatory parameter TGT is not defined.")
-+endif()
-+
-+target_sources(${TGT} PRIVATE
-+ "${CMAKE_CURRENT_LIST_DIR}/psa_fwu_ipc.c"
-+)
-diff --git a/components/service/fwu/psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.c b/components/service/fwu/psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.c
-new file mode 100644
-index 00000000..a47ae539
---- /dev/null
-+++ b/components/service/fwu/psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.c
-@@ -0,0 +1,253 @@
-+/*
-+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#include <stddef.h>
-+#include <string.h>
-+#include <trace.h>
-+
-+#include <protocols/rpc/common/packed-c/status.h>
-+#include <psa/client.h>
-+#include <psa/sid.h>
-+#include <service/common/client/service_client.h>
-+#include "service/fwu/psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.h"
-+#include "service/fwu/psa_fwu_m/interface/tfm_fwu_defs.h"
-+#include "service/fwu/psa_fwu_m/interface/update.h"
-+
-+/**
-+ * @brief The singleton psa_fwu_ipc instance
-+ *
-+ * The psa attestation C API assumes a single backend service provider.
-+ */
-+static struct service_client instance;
-+
-+psa_status_t psa_fwu_ipc_init(struct rpc_caller_session *session)
-+{
-+ return service_client_init(&instance, session);
-+}
-+
-+void psa_fwu_ipc_deinit(void)
-+{
-+ service_client_deinit(&instance);
-+}
-+
-+int psa_fwu_rpc_status(void)
-+{
-+ return instance.rpc_status;
-+}
-+
-+psa_status_t psa_fwu_query(psa_fwu_component_t component,
-+ psa_fwu_component_info_t *info)
-+{
-+ if (!instance.session)
-+ return PSA_ERROR_BAD_STATE;
-+ if (!info)
-+ return PSA_ERROR_INVALID_ARGUMENT;
-+
-+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
-+ struct rpc_caller_interface *caller = instance.session->caller;
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&component), .len = sizeof(component) },
-+ };
-+ struct psa_outvec out_vec[] = {
-+ { .base = psa_ptr_to_u32(info), .len = sizeof(*info) },
-+ };
-+
-+ status = psa_call(caller, TFM_FIRMWARE_UPDATE_SERVICE_HANDLE,
-+ TFM_FWU_QUERY, in_vec, IOVEC_LEN(in_vec),
-+ out_vec, IOVEC_LEN(out_vec));
-+ if (status != PSA_SUCCESS)
-+ EMSG("failed to psa_call: %d", status);
-+
-+ return status;
-+}
-+
-+psa_status_t psa_fwu_start(psa_fwu_component_t component,
-+ const void *manifest,
-+ size_t manifest_size)
-+{
-+ if(manifest_size > UINT32_MAX)
-+ return PSA_ERROR_INVALID_ARGUMENT;
-+ if (!instance.session)
-+ return PSA_ERROR_BAD_STATE;
-+
-+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
-+ struct rpc_caller_interface *caller = instance.session->caller;
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&component), .len = sizeof(component) },
-+ { .base = psa_ptr_const_to_u32(manifest), .len = manifest_size },
-+ };
-+
-+ status = psa_call(caller, TFM_FIRMWARE_UPDATE_SERVICE_HANDLE,
-+ TFM_FWU_START, in_vec, IOVEC_LEN(in_vec),
-+ NULL, 0);
-+ if (status != PSA_SUCCESS)
-+ EMSG("failed to psa_call: %d", status);
-+
-+ return status;
-+}
-+
-+psa_status_t psa_fwu_write(psa_fwu_component_t component,
-+ size_t image_offset,
-+ const void *block,
-+ size_t block_size)
-+{
-+ if (!instance.session)
-+ return PSA_ERROR_BAD_STATE;
-+ if (!block || !block_size)
-+ return PSA_ERROR_INVALID_ARGUMENT;
-+ if((image_offset > UINT32_MAX) || (block_size > UINT32_MAX))
-+ return PSA_ERROR_INVALID_ARGUMENT;
-+
-+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
-+ struct rpc_caller_interface *caller = instance.session->caller;
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&component), .len = sizeof(component) },
-+ { .base = psa_ptr_to_u32(&image_offset), .len = sizeof(uint32_t) },
-+ { .base = psa_ptr_const_to_u32(block), .len = block_size },
-+ };
-+
-+ status = psa_call(caller, TFM_FIRMWARE_UPDATE_SERVICE_HANDLE,
-+ TFM_FWU_WRITE, in_vec, IOVEC_LEN(in_vec),
-+ NULL, 0);
-+ if (status != PSA_SUCCESS)
-+ EMSG("failed to psa_call: %d", status);
-+
-+ return status;
-+}
-+
-+psa_status_t psa_fwu_finish(psa_fwu_component_t component)
-+{
-+ if (!instance.session)
-+ return PSA_ERROR_BAD_STATE;
-+
-+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
-+ struct rpc_caller_interface *caller = instance.session->caller;
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&component), .len = sizeof(component) },
-+ };
-+
-+ status = psa_call(caller, TFM_FIRMWARE_UPDATE_SERVICE_HANDLE,
-+ TFM_FWU_FINISH, in_vec, IOVEC_LEN(in_vec),
-+ NULL, 0);
-+ if (status != PSA_SUCCESS)
-+ EMSG("failed to psa_call: %d", status);
-+
-+ return status;
-+}
-+
-+psa_status_t psa_fwu_cancel(psa_fwu_component_t component)
-+{
-+ if (!instance.session)
-+ return PSA_ERROR_BAD_STATE;
-+
-+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
-+ struct rpc_caller_interface *caller = instance.session->caller;
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&component), .len = sizeof(component) },
-+ };
-+
-+ status = psa_call(caller, TFM_FIRMWARE_UPDATE_SERVICE_HANDLE,
-+ TFM_FWU_CANCEL, in_vec, IOVEC_LEN(in_vec),
-+ NULL, 0);
-+ if (status != PSA_SUCCESS)
-+ EMSG("failed to psa_call: %d", status);
-+
-+ return status;
-+}
-+
-+psa_status_t psa_fwu_clean(psa_fwu_component_t component)
-+{
-+ if (!instance.session)
-+ return PSA_ERROR_BAD_STATE;
-+
-+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
-+ struct rpc_caller_interface *caller = instance.session->caller;
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&component), .len = sizeof(component) },
-+ };
-+
-+ status = psa_call(caller, TFM_FIRMWARE_UPDATE_SERVICE_HANDLE,
-+ TFM_FWU_CLEAN, in_vec, IOVEC_LEN(in_vec),
-+ NULL, 0);
-+ if (status != PSA_SUCCESS)
-+ EMSG("failed to psa_call: %d", status);
-+
-+ return status;
-+}
-+
-+psa_status_t psa_fwu_install(void)
-+{
-+ if (!instance.session)
-+ return PSA_ERROR_BAD_STATE;
-+
-+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
-+ struct rpc_caller_interface *caller = instance.session->caller;
-+ struct psa_invec in_vec[] = {};
-+
-+ status = psa_call(caller, TFM_FIRMWARE_UPDATE_SERVICE_HANDLE,
-+ TFM_FWU_INSTALL, in_vec, 0,
-+ NULL, 0);
-+ if (status != PSA_SUCCESS)
-+ EMSG("failed to psa_call: %d", status);
-+
-+ return status;
-+}
-+
-+psa_status_t psa_fwu_request_reboot(void)
-+{
-+ if (!instance.session)
-+ return PSA_ERROR_BAD_STATE;
-+
-+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
-+ struct rpc_caller_interface *caller = instance.session->caller;
-+ struct psa_invec in_vec[] = {};
-+
-+ status = psa_call(caller, TFM_FIRMWARE_UPDATE_SERVICE_HANDLE,
-+ TFM_FWU_REQUEST_REBOOT, in_vec, 0,
-+ NULL, 0);
-+ if (status != PSA_SUCCESS)
-+ EMSG("failed to psa_call: %d", status);
-+
-+ return status;
-+}
-+
-+psa_status_t psa_fwu_reject(psa_status_t error)
-+{
-+ if (!instance.session)
-+ return PSA_ERROR_BAD_STATE;
-+
-+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
-+ struct rpc_caller_interface *caller = instance.session->caller;
-+ struct psa_invec in_vec[] = {
-+ { .base = psa_ptr_to_u32(&error), .len = sizeof(error) },
-+ };
-+
-+ status = psa_call(caller, TFM_FIRMWARE_UPDATE_SERVICE_HANDLE,
-+ TFM_FWU_REJECT, in_vec, IOVEC_LEN(in_vec),
-+ NULL, 0);
-+ if (status != PSA_SUCCESS)
-+ EMSG("failed to psa_call: %d", status);
-+
-+ return status;
-+}
-+
-+psa_status_t psa_fwu_accept(void)
-+{
-+ if (!instance.session)
-+ return PSA_ERROR_BAD_STATE;
-+
-+ psa_status_t status = PSA_ERROR_INVALID_ARGUMENT;
-+ struct rpc_caller_interface *caller = instance.session->caller;
-+ struct psa_invec in_vec[] = {};
-+
-+ status = psa_call(caller, TFM_FIRMWARE_UPDATE_SERVICE_HANDLE,
-+ TFM_FWU_ACCEPT, in_vec, 0,
-+ NULL, 0);
-+ if (status != PSA_SUCCESS)
-+ EMSG("failed to psa_call: %d", status);
-+
-+ return status;
-+}
-diff --git a/components/service/fwu/psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.h b/components/service/fwu/psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.h
-new file mode 100644
-index 00000000..867a1c9c
---- /dev/null
-+++ b/components/service/fwu/psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.h
-@@ -0,0 +1,49 @@
-+/*
-+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ */
-+
-+#ifndef PSA_FWU_IPC_H
-+#define PSA_FWU_IPC_H
-+
-+#include <psa/error.h>
-+#include "rpc_caller_session.h"
-+
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+/**
-+ * @brief Initialize a PSA FWU ipc client
-+ *
-+ * A PSA FWU ipc client makes RPC calls to a remote FWU service.
-+ *
-+ * @param[in] rpc_caller RPC caller instance
-+ *
-+ * @return A status indicating the success/failure of the operation
-+ */
-+psa_status_t psa_fwu_ipc_init(struct rpc_caller_session *session);
-+
-+/**
-+ * @brief Deinitialize a PSA FWU ipc client
-+ *
-+ */
-+void psa_fwu_ipc_deinit(void);
-+
-+/**
-+ * @brief Return the most recent RPC status
-+ *
-+ * May be used to obtain information about an RPC error that resulted
-+ * in an API operation failure
-+ *
-+ * @return Most recent RPC operation status
-+ */
-+int psa_fwu_rpc_status(void);
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* PSA_FWU_IPC_H */
-+
-diff --git a/deployments/se-proxy/infra/corstone1000/infra.cmake b/deployments/se-proxy/infra/corstone1000/infra.cmake
-index 3830f9d6..2bf6b36e 100644
---- a/deployments/se-proxy/infra/corstone1000/infra.cmake
-+++ b/deployments/se-proxy/infra/corstone1000/infra.cmake
-@@ -26,7 +26,7 @@ add_components(TARGET "se-proxy"
- "components/service/fwu/provider"
- "components/service/fwu/provider/serializer"
- "components/service/fwu/psa_fwu_m/agent"
-- "components/service/fwu/psa_fwu_m/interface/stub"
-+ "components/service/fwu/psa_fwu_m/interface/psa_ipc"
- "components/service/secure_storage/backend/secure_storage_ipc"
- )
-
-diff --git a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
-index 759983b4..547e84bc 100644
---- a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
-+++ b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
-@@ -14,6 +14,7 @@
- #include <service/crypto/factory/crypto_provider_factory.h>
- #include "service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.h"
- #include "service/fwu/provider/fwu_provider.h"
-+#include "service/fwu/psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.h"
- #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
- #include "service/secure_storage/frontend/secure_storage_provider/secure_storage_uuid.h"
- #include <trace.h>
-@@ -134,10 +135,25 @@ struct rpc_service_interface *its_proxy_create(void)
-
- struct rpc_service_interface *fwu_proxy_create(void)
- {
-+ rpc_status_t rpc_status = RPC_ERROR_INTERNAL;
- static struct update_agent *agent;
- static struct fwu_provider fwu_provider = { 0 };
-
-+ /* Static objects for proxy instance */
-+ static struct rpc_caller_interface rss_comms = { 0 };
-+ static struct rpc_caller_session rpc_session = { 0 };
-+
-+ rpc_status = rss_comms_caller_init(&rss_comms);
-+ if (rpc_status != RPC_SUCCESS)
-+ return NULL;
-+
-+ rpc_status = rpc_caller_session_open(&rpc_session, &rss_comms, &dummy_uuid, 0, 0);
-+ if (rpc_status != RPC_SUCCESS)
-+ return NULL;
-+
- agent = psa_fwu_m_update_agent_init(NULL, 0, 4096);
-+ if (psa_fwu_ipc_init(&rpc_session) != PSA_SUCCESS)
-+ return NULL;
-
- return fwu_provider_init(&fwu_provider, agent);
- }
-2.34.1
-
deleted file mode 100644
@@ -1,188 +0,0 @@
-From 6fb3bead9e0eea3640ad1209347691c2b40512a2 Mon Sep 17 00:00:00 2001
-From: Imre Kis <imre.kis@arm.com>
-Date: Wed, 5 Feb 2025 14:27:45 +0100
-Subject: [PATCH 2/8] Load initial image state in PSA FWU M update agent
-
-Set initial image state based on the image state returned by
-psa_fwu_query. This way the update agent has the correct view of images
-after reboot and it can accept or reject them.
-
-Upstream-Status: Submitted [https://review.trustedfirmware.org/c/TS/trusted-services/+/35155]
-Signed-off-by: Imre Kis <imre.kis@arm.com>
-Change-Id: I150e4fdb4584c8d07f5f1f642ee88197f9cff49b
-Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
----
- .../psa_fwu_m/agent/psa_fwu_m_update_agent.c | 23 +++++++--
- .../test/test_psa_fwu_m_update_agent.cpp | 49 ++++++++++++++++++-
- docs/services/fwu/psa-fwu-m.rst | 14 +++++-
- 3 files changed, 80 insertions(+), 6 deletions(-)
-
-diff --git a/components/service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.c b/components/service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.c
-index 6de9ba71..48b86f6e 100644
---- a/components/service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.c
-+++ b/components/service/fwu/psa_fwu_m/agent/psa_fwu_m_update_agent.c
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2024, Arm Limited. All rights reserved.
-+ * Copyright (c) 2024-2025, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
-@@ -609,8 +609,11 @@ struct update_agent *psa_fwu_m_update_agent_init(
- const struct psa_fwu_m_image_mapping image_mapping[], size_t image_count,
- uint32_t max_payload_size)
- {
-+ psa_status_t psa_status = PSA_ERROR_GENERIC_ERROR;
- struct psa_fwu_m_update_agent *context = NULL;
-+ struct psa_fwu_component_info_t info = { 0 };
- struct psa_fwu_m_image *images = NULL;
-+ enum psa_fwu_m_state state = regular;
- struct update_agent *agent = NULL;
- size_t i = 0;
-
-@@ -637,9 +640,23 @@ struct update_agent *psa_fwu_m_update_agent_init(
- }
-
- for (i = 0; i < image_count; i++) {
-+ psa_status = psa_fwu_query(image_mapping[i].component, &info);
-+ if (psa_status != PSA_SUCCESS) {
-+ free(images);
-+ free(context);
-+ free(agent);
-+ return NULL;
-+ }
-+
- images[i].uuid = image_mapping[i].uuid;
- images[i].component = image_mapping[i].component;
-- images[i].selected_for_staging = false;
-+ if (info.state == PSA_FWU_TRIAL) {
-+ images[i].selected_for_staging = true;
-+ state = trial;
-+ } else {
-+ images[i].selected_for_staging = false;
-+ }
-+
- images[i].read = NULL; /* Cannot read images */
- images[i].write = image_write;
- }
-@@ -654,7 +671,7 @@ struct update_agent *psa_fwu_m_update_agent_init(
- context->images = images;
- context->image_count = image_count + 1;
- context->max_payload_size = max_payload_size;
-- context->state = regular;
-+ context->state = state;
-
- agent->context = context;
- agent->interface = &interface;
-diff --git a/components/service/fwu/psa_fwu_m/agent/test/test_psa_fwu_m_update_agent.cpp b/components/service/fwu/psa_fwu_m/agent/test/test_psa_fwu_m_update_agent.cpp
-index de289fff..3805d182 100644
---- a/components/service/fwu/psa_fwu_m/agent/test/test_psa_fwu_m_update_agent.cpp
-+++ b/components/service/fwu/psa_fwu_m/agent/test/test_psa_fwu_m_update_agent.cpp
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2024, Arm Limited. All rights reserved.
-+ * Copyright (c) 2024-2025, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- *
-@@ -14,6 +14,9 @@
-
- TEST_GROUP(psa_fwu_m_update_agent) {
- TEST_SETUP() {
-+ psa_fwu_component_info_t info = {0};
-+ expect_mock_psa_fwu_query(mapping[0].component, &info, PSA_SUCCESS);
-+ expect_mock_psa_fwu_query(mapping[1].component, &info, PSA_SUCCESS);
- agent = psa_fwu_m_update_agent_init(mapping, 2, 4096);
- handle = 0;
- progress = 0;
-@@ -667,4 +670,46 @@ TEST(psa_fwu_m_update_agent, select_previous)
-
- expect_mock_psa_fwu_reject(0, PSA_SUCCESS);
- LONGS_EQUAL(FWU_STATUS_SUCCESS, update_agent_select_previous(agent));
--}
-\ No newline at end of file
-+}
-+
-+TEST(psa_fwu_m_update_agent, boot_in_trial_mode_query_fail) {
-+ psa_fwu_component_info_t info = {0};
-+
-+ expect_mock_psa_fwu_query(mapping[0].component, &info, PSA_ERROR_GENERIC_ERROR);
-+ POINTERS_EQUAL(NULL, psa_fwu_m_update_agent_init(mapping, 2, 4096));
-+}
-+
-+TEST(psa_fwu_m_update_agent, boot_in_trial_mode_select_previous) {
-+ psa_fwu_component_info_t info0 = {0};
-+ psa_fwu_component_info_t info1 = {0};
-+
-+ info1.state = PSA_FWU_TRIAL;
-+
-+ expect_mock_psa_fwu_query(mapping[0].component, &info0, PSA_SUCCESS);
-+ expect_mock_psa_fwu_query(mapping[1].component, &info1, PSA_SUCCESS);
-+
-+ update_agent *agent = psa_fwu_m_update_agent_init(mapping, 2, 4096);
-+
-+ expect_mock_psa_fwu_reject(0, PSA_SUCCESS);
-+ LONGS_EQUAL(FWU_STATUS_SUCCESS, update_agent_select_previous(agent));
-+
-+ psa_fwu_m_update_agent_deinit(agent);
-+}
-+
-+TEST(psa_fwu_m_update_agent, boot_in_trial_mode_accept) {
-+ psa_fwu_component_info_t info0 = {0};
-+ psa_fwu_component_info_t info1 = {0};
-+
-+ info1.state = PSA_FWU_TRIAL;
-+
-+ expect_mock_psa_fwu_query(mapping[0].component, &info0, PSA_SUCCESS);
-+ expect_mock_psa_fwu_query(mapping[1].component, &info1, PSA_SUCCESS);
-+
-+ update_agent *agent = psa_fwu_m_update_agent_init(mapping, 2, 4096);
-+
-+ expect_mock_psa_fwu_accept(PSA_SUCCESS);
-+ LONGS_EQUAL(FWU_STATUS_DENIED, update_agent_accept_image(agent, &mapping[0].uuid));
-+ LONGS_EQUAL(FWU_STATUS_SUCCESS, update_agent_accept_image(agent, &mapping[1].uuid));
-+
-+ psa_fwu_m_update_agent_deinit(agent);
-+}
-diff --git a/docs/services/fwu/psa-fwu-m.rst b/docs/services/fwu/psa-fwu-m.rst
-index 26ffed09..1358015f 100644
---- a/docs/services/fwu/psa-fwu-m.rst
-+++ b/docs/services/fwu/psa-fwu-m.rst
-@@ -44,6 +44,11 @@ The solutions to these differences:
- * Convert the image query result returned by FWU-M to FWU-A format. There are similar field, but this imposes some
- limitations.
-
-+Initialization
-+```````````````
-+
-+The initial image and agent state is determined based on the image state returned by ``psa_fwu_query()``.
-+
-
- ``fwu_discover()``
- ``````````````````
-@@ -71,6 +76,10 @@ agent switches to trial state, so the client can validate the new set of images
-
- On calling ``fwu_end_staging()`` the agent calls ``psa_fwu_finish()`` on each selected image, then calls
- ``psa_fwu_install()``. If all images have been accepted (see ``fwu_commit()``) it also calls ``psa_fwu_accept()``.
-+The implementation treats ``PSA_SUCCESS_REBOOT`` and ``PSA_SUCCESS_RESTART`` status values as error. In an A+M system the M
-+class side shouldn't restart the system, so calling ``psa_fwu_request_reboot()`` does not fit the system. There's also no
-+PSA FWU A return code for inidicating the restart request to the normal world. If the normal world has to restart the
-+system after ending the staging phase, it has to do it in an implementation defined way.
-
- .. uml:: ../uml/psa_fwu_m_update_agent/fwu_end_staging.puml
-
-@@ -136,7 +145,10 @@ calls ``psa_fwu_accept()`` when all images have been accepted. This results in a
- `````````````````````````
-
- Selects previous working state (i.e. rejects the firmware update) and transitions back to regular state after calling
--``psa_fwu_reject()``.
-+``psa_fwu_reject()``. The implementation treats ``PSA_SUCCESS_REBOOT`` and ``PSA_SUCCESS_RESTART`` status values as error.
-+In an A+M system the M class side shouldn't restart the system, so calling ``psa_fwu_request_reboot()`` does not fit the
-+system. There's also no PSA FWU A return code for inidicating the restart request to the normal world. If the normal
-+world has to restart the system when rejecting the installed firmware, it has to do it in an implementation defined way.
-
- .. uml:: ../uml/psa_fwu_m_update_agent/fwu_select_previous.puml
-
-2.25.1
-
deleted file mode 100644
@@ -1,128 +0,0 @@
-From 5344d7d0580ca7f2f2569f388dd6e3cd17a372f2 Mon Sep 17 00:00:00 2001
-From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
-Date: Thu, 6 Feb 2025 10:26:04 +0000
-Subject: [PATCH 3/8] Corstone1000: Define PSA FWU image mapping structure
-
-This commit involves following changes
-
-1. Define PSA FWU image mapping structure for Corstone-1000.
-This structure is responsible to map specific image guid with
-component number.
-To enable platform-specific handling, service_proxy_factory.c now
-conditionally selects the appropriate image mapping
-based on PLATFORM_IS_FVP. This ensures that both FVP and MPS3
-platforms use the correct GUID and firmware update configuration.
-
-2. Rename RSS to RSE
-
-Upstream-Status: Pending
-Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
-Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
----
- .../infra/corstone1000/corstone1000_config.h | 28 +++++++++++++++++++
- .../corstone1000/service_proxy_factory.c | 25 +++++++++++++----
- 2 files changed, 48 insertions(+), 5 deletions(-)
- create mode 100644 deployments/se-proxy/infra/corstone1000/corstone1000_config.h
-
-diff --git a/deployments/se-proxy/infra/corstone1000/corstone1000_config.h b/deployments/se-proxy/infra/corstone1000/corstone1000_config.h
-new file mode 100644
-index 00000000..319401f3
---- /dev/null
-+++ b/deployments/se-proxy/infra/corstone1000/corstone1000_config.h
-@@ -0,0 +1,28 @@
-+/*
-+ * Copyright (c) 2025, Arm Limited. All rights reserved.
-+ *
-+ * SPDX-License-Identifier: BSD-3-Clause
-+ *
-+ */
-+
-+#ifndef CORSTONE1000_CONFIG_H
-+#define CORSTONE1000_CONFIG_H
-+
-+#define FWU_IMAGE_COUNT 1
-+
-+/* Maximum payload size to be transferred at once to Secure Enclave */
-+#define MAX_PAYLOAD_SIZE 4096
-+
-+#define CORSTONE1000_FVP_FULL_CAPSULE_UUID \
-+{ 0x4e, 0x3a, 0x9f, 0x98, 0xe0, 0x46, 0xd0, 0x4c, 0x98, 0x77, 0xa2, 0x5c, 0x70, 0xc0, 0x13, 0x29, }
-+
-+#define CORSTONE1000_MPS3_FULL_CAPSULE_UUID \
-+{ 0xd1, 0x65, 0x18, 0xdf, 0xfb, 0x90, 0x59, 0x4d, 0x9c, 0x38, 0xc9, 0xf2, 0xc1, 0xbb, 0xa8, 0xcc, }
-+
-+/* Image indexes in the UEFI capsule */
-+enum fwu_image_index
-+{
-+ FWU_IMAGE_INDEX_FULL_CAPSULE = 1,
-+};
-+
-+#endif /* CORSTONE1000_CONFIG_H */
-diff --git a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
-index ef91efe0..6e5f1221 100644
---- a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
-+++ b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2021-2024, Arm Limited and Contributors. All rights reserved.
-+ * Copyright (c) 2021-2025, Arm Limited and Contributors. All rights reserved.
- * Copyright (c) 2021-2023, Linaro Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
-@@ -19,6 +19,7 @@
- #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
- #include "service/secure_storage/frontend/secure_storage_provider/secure_storage_uuid.h"
- #include <trace.h>
-+#include "corstone1000_config.h"
-
- /* backends */
- #include <service/crypto/backend/psa_ipc/crypto_ipc_backend.h>
-@@ -27,6 +28,20 @@
-
- static const struct rpc_uuid dummy_uuid = { 0 };
-
-+static const struct psa_fwu_m_image_mapping img_mapping[FWU_IMAGE_COUNT] = {
-+#if PLATFORM_IS_FVP
-+ {
-+ .uuid = CORSTONE1000_FVP_FULL_CAPSULE_UUID,
-+ .component = FWU_IMAGE_INDEX_FULL_CAPSULE
-+ },
-+#else
-+ {
-+ .uuid = CORSTONE1000_MPS3_FULL_CAPSULE_UUID,
-+ .component = FWU_IMAGE_INDEX_FULL_CAPSULE
-+ },
-+#endif
-+};
-+
- struct rpc_service_interface *attest_proxy_create(void)
- {
- struct rpc_service_interface *attest_iface = NULL;
-@@ -141,20 +156,20 @@ struct rpc_service_interface *fwu_proxy_create(void)
- static struct fwu_provider fwu_provider = { 0 };
-
- /* Static objects for proxy instance */
-- static struct rpc_caller_interface rss_comms = { 0 };
-+ static struct rpc_caller_interface rse_comms = { 0 };
- static struct rpc_caller_session rpc_session = { 0 };
-
-- rpc_status = rss_comms_caller_init(&rss_comms);
-+ rpc_status = rse_comms_caller_init(&rse_comms);
- if (rpc_status != RPC_SUCCESS)
- return NULL;
-
-- rpc_status = rpc_caller_session_open(&rpc_session, &rss_comms, &dummy_uuid, 0, 0);
-+ rpc_status = rpc_caller_session_open(&rpc_session, &rse_comms, &dummy_uuid, 0, 0);
- if (rpc_status != RPC_SUCCESS)
- return NULL;
-
-- agent = psa_fwu_m_update_agent_init(NULL, 0, 4096);
- if (psa_fwu_ipc_init(&rpc_session) != PSA_SUCCESS)
- return NULL;
-+ agent = psa_fwu_m_update_agent_init(img_mapping, FWU_IMAGE_COUNT, MAX_PAYLOAD_SIZE);
-
- return fwu_provider_init(&fwu_provider, agent);
- }
-2.25.1
-
deleted file mode 100644
@@ -1,129 +0,0 @@
-From 27d3ce79128478cd163a2db113326c873bda8d08 Mon Sep 17 00:00:00 2001
-From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
-Date: Fri, 28 Feb 2025 21:12:56 +0000
-Subject: [PATCH 6/8] platform: corstone1000: Enable ESRT support
-
-Enable ESRT support for Corstone-1000.
-Introduce ESRT image UUID and its component number and
-set TFM_FWU_MAX_DIGEST_SIZE to ESRT data size.
-
-Upstream-Status: Pending
-Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
----
- .../infra/corstone1000/corstone1000_config.h | 3 +--
- .../corstone1000/service_proxy_factory.c | 22 +++++++++++++++++--
- .../providers/arm/corstone1000/platform.cmake | 9 ++++++++
- 3 files changed, 30 insertions(+), 4 deletions(-)
-
-diff --git a/deployments/se-proxy/infra/corstone1000/corstone1000_config.h b/deployments/se-proxy/infra/corstone1000/corstone1000_config.h
-index 319401f3..4a68c2fa 100644
---- a/deployments/se-proxy/infra/corstone1000/corstone1000_config.h
-+++ b/deployments/se-proxy/infra/corstone1000/corstone1000_config.h
-@@ -8,8 +8,6 @@
- #ifndef CORSTONE1000_CONFIG_H
- #define CORSTONE1000_CONFIG_H
-
--#define FWU_IMAGE_COUNT 1
--
- /* Maximum payload size to be transferred at once to Secure Enclave */
- #define MAX_PAYLOAD_SIZE 4096
-
-@@ -23,6 +21,7 @@
- enum fwu_image_index
- {
- FWU_IMAGE_INDEX_FULL_CAPSULE = 1,
-+ FWU_IMAGE_INDEX_ESRT,
- };
-
- #endif /* CORSTONE1000_CONFIG_H */
-diff --git a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
-index 6e5f1221..f0a4853e 100644
---- a/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
-+++ b/deployments/se-proxy/infra/corstone1000/service_proxy_factory.c
-@@ -18,6 +18,7 @@
- #include "service/fwu/psa_fwu_m/interface/psa_ipc/psa_fwu_ipc.h"
- #include <service/secure_storage/frontend/secure_storage_provider/secure_storage_provider.h>
- #include "service/secure_storage/frontend/secure_storage_provider/secure_storage_uuid.h"
-+#include <protocols/service/fwu/fwu_proto.h>
- #include <trace.h>
- #include "corstone1000_config.h"
-
-@@ -26,9 +27,17 @@
- #include <service/secure_storage/backend/secure_storage_ipc/secure_storage_ipc.h>
- #include <service/attestation/client/psa/iat_client.h>
-
-+/* IMAGE_MAPPING_ELEMENT_COUNT includes the number of images to be updated and ESRT image */
-+#define IMAGE_MAPPING_ELEMENT_COUNT (FWU_IMAGE_CAPSULE_COUNT + 1)
-+
-+/* The index to access the ESRT image in the psa_fwu_m_image_mapping structure
-+ * collection. The ESRT image is always accessed at the end of the collection.
-+ */
-+#define IMAGE_MAPPING_ESRT_INDEX (IMAGE_MAPPING_ELEMENT_COUNT - 1)
-+
- static const struct rpc_uuid dummy_uuid = { 0 };
-
--static const struct psa_fwu_m_image_mapping img_mapping[FWU_IMAGE_COUNT] = {
-+static struct psa_fwu_m_image_mapping img_mapping[IMAGE_MAPPING_ELEMENT_COUNT] = {
- #if PLATFORM_IS_FVP
- {
- .uuid = CORSTONE1000_FVP_FULL_CAPSULE_UUID,
-@@ -42,6 +51,13 @@ static const struct psa_fwu_m_image_mapping img_mapping[FWU_IMAGE_COUNT] = {
- #endif
- };
-
-+/* Every platform needs to define esrt image mapping, if ESRT image UUID is to be used to extract ESRT data */
-+static void define_esrt_image_mapping()
-+{
-+ uuid_octets_from_canonical(&img_mapping[IMAGE_MAPPING_ESRT_INDEX].uuid, EFI_SYSTEM_RESOURCE_TABLE_CANONICAL_UUID);
-+ img_mapping[IMAGE_MAPPING_ESRT_INDEX].component = FWU_IMAGE_INDEX_ESRT;
-+}
-+
- struct rpc_service_interface *attest_proxy_create(void)
- {
- struct rpc_service_interface *attest_iface = NULL;
-@@ -169,7 +185,9 @@ struct rpc_service_interface *fwu_proxy_create(void)
-
- if (psa_fwu_ipc_init(&rpc_session) != PSA_SUCCESS)
- return NULL;
-- agent = psa_fwu_m_update_agent_init(img_mapping, FWU_IMAGE_COUNT, MAX_PAYLOAD_SIZE);
-+
-+ define_esrt_image_mapping();
-+ agent = psa_fwu_m_update_agent_init(img_mapping, IMAGE_MAPPING_ELEMENT_COUNT, MAX_PAYLOAD_SIZE);
-
- return fwu_provider_init(&fwu_provider, agent);
- }
-diff --git a/platform/providers/arm/corstone1000/platform.cmake b/platform/providers/arm/corstone1000/platform.cmake
-index 60bc208b..db1e9743 100644
---- a/platform/providers/arm/corstone1000/platform.cmake
-+++ b/platform/providers/arm/corstone1000/platform.cmake
-@@ -6,11 +6,18 @@
- # Platform definition for the Corstone-1000 platform.
- #-------------------------------------------------------------------------------
-
-+# For ESRT v1 details : https://uefi.org/specs/UEFI/2.9_A/23_Firmware_Update_and_Reporting.html#efi-system-resource-table
-+set(FWU_IMAGE_CAPSULE_COUNT 4 CACHE STRING "Maximum number of FWU Images in a capsule to be updated")
-+set(ESRT_IMAGE_ENTRY_SIZE 40 CACHE STRING "Size of one ESRT v1 Image entry structure object")
-+set(ESRT_REMAINING_FIELDS_SIZE 16 CACHE STRING "Size of remaining fields of ESRT v1 table structure")
-+math(EXPR TOTAL_ESRT_SIZE "${FWU_IMAGE_CAPSULE_COUNT} * ${ESRT_IMAGE_ENTRY_SIZE} + ${ESRT_REMAINING_FIELDS_SIZE}" OUTPUT_FORMAT DECIMAL)
-+
- set(SMM_GATEWAY_MAX_UEFI_VARIABLES 80 CACHE STRING "Maximum UEFI variable count")
- set(SMM_RPC_CALLER_SESSION_SHARED_MEMORY_SIZE 4*4096 CACHE STRING "RPC caller buffer size in SMMGW")
- set(SMM_SP_HEAP_SIZE 80*1024 CACHE STRING "SMM gateway SP heap size")
- set(PLAT_RSE_COMMS_PAYLOAD_MAX_SIZE 0x43C0 CACHE STRING "Size of the RSE_COMMS_PAYLOAD buffer")
- set(COMMS_MHU_MSG_SIZE 0x4500 CACHE STRING "Max message size that can be transfered via MHU")
-+set(TFM_FWU_MAX_DIGEST_SIZE ${TOTAL_ESRT_SIZE} CACHE STRING "Maximum size of ESRT entries of all the images in a bank")
-
- target_compile_definitions(${TGT} PRIVATE
- SMM_VARIABLE_INDEX_STORAGE_UID=0x787
-@@ -18,6 +25,8 @@ target_compile_definitions(${TGT} PRIVATE
- COMMS_MHU_MSG_SIZE=${COMMS_MHU_MSG_SIZE}
- MBEDTLS_ECP_DP_SECP521R1_ENABLED
- PLATFORM_IS_FVP=${PLATFORM_IS_FVP}
-+ TFM_FWU_MAX_DIGEST_SIZE=${TFM_FWU_MAX_DIGEST_SIZE}
-+ FWU_IMAGE_CAPSULE_COUNT=${FWU_IMAGE_CAPSULE_COUNT}
- )
-
- get_property(_platform_driver_dependencies TARGET ${TGT}
-2.25.1
-
deleted file mode 100644
@@ -1,29 +0,0 @@
-From 71da6c0384fb241cadf052968e8dce9c357e4a33 Mon Sep 17 00:00:00 2001
-From: Ali Can Ozaslan <ali.oezaslan@arm.com>
-Date: Tue, 29 Apr 2025 07:52:14 +0000
-Subject: [PATCH] Align PSA Crypto structs with TF-Mv2.1.1
-
-The psa_client_key_attributes_s struct had to be aligned with the
-psa_key_attributes_s struct in TF-M.
-
-Signed-off-by: Ali Can Ozaslan <ali.oezaslan@arm.com>
-Upstream-Status: Backport [Included in version v1.2.0]
----
- components/service/crypto/include/psa/crypto_client_struct.h | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/components/service/crypto/include/psa/crypto_client_struct.h b/components/service/crypto/include/psa/crypto_client_struct.h
-index ebc4008..f0c8cad 100644
---- a/components/service/crypto/include/psa/crypto_client_struct.h
-+++ b/components/service/crypto/include/psa/crypto_client_struct.h
-@@ -38,7 +38,6 @@ struct psa_client_key_attributes_s
- uint32_t alg;
- uint32_t alg2;
- uint32_t id;
-- int32_t owner_id;
- };
-
- #define PSA_CLIENT_KEY_ATTRIBUTES_INIT {0, 0, 0, 0, 0, 0}
-2.34.1
-
The Corstone-1000 Trusted Services patches removed in this change are no longer required following the upgrade to Trusted Services v1.2.0. Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com> --- ...01-Fix-in-AEAD-for-psa-arch-test-254.patch | 129 ------ .../0002-Fix-psa-api-crypto-test-no-243.patch | 31 -- ...-sizes-compile-time-definitions-user.patch | 40 -- .../0006-Align-PSA-Crypto-with-TF-Mv2.1.patch | 298 ------------ .../0008-se-proxy-protobuf-change.patch | 71 --- ...-FWU-IPC-framework-for-Corstone-1000.patch | 436 ------------------ ...mage-state-in-PSA-FWU-M-update-agent.patch | 188 -------- ...fine-PSA-FWU-image-mapping-structure.patch | 128 ----- ...orm-corstone1000-Enable-ESRT-support.patch | 129 ------ ...n-PSA-Crypto-structs-with-TF-Mv2.1.1.patch | 29 -- 10 files changed, 1479 deletions(-) delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0001-Fix-in-AEAD-for-psa-arch-test-254.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0002-Fix-psa-api-crypto-test-no-243.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0005-Make-RSS-and-MHU-sizes-compile-time-definitions-user.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0006-Align-PSA-Crypto-with-TF-Mv2.1.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0008-se-proxy-protobuf-change.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0010-Integrate-PSA-FWU-IPC-framework-for-Corstone-1000.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0011-Load-initial-image-state-in-PSA-FWU-M-update-agent.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0012-Corstone1000-Define-PSA-FWU-image-mapping-structure.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0015-platform-corstone1000-Enable-ESRT-support.patch delete mode 100644 meta-arm-bsp/recipes-security/trusted-services/corstone1000/0021-Align-PSA-Crypto-structs-with-TF-Mv2.1.1.patch