Complete Yocto mirror with license table for TQMa6UL (2038-compliance)

- 264 license table entries with exact download URLs (224/264 resolved)
- Complete sources/ directory with all BitBake recipes
- Build configuration: tqma6ul-multi-mba6ulx, spaetzle (musl)
- Full traceability for Softwarefreigabeantrag
- GCC 13.4.0, Linux 6.6.102, U-Boot 2023.04, musl 1.2.4
- License distribution: GPL-2.0 (24), MIT (23), GPL-2.0+ (18), BSD-3 (16)

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0001-Fix-FF-A-version-in-SPMC-manifest.patch

@@ -0,0 +1,29 @@
+From adaa22bc2f529bb34e9d4fe89ff5c65f0c83ca0c Mon Sep 17 00:00:00 2001
+From: emeara01 <emekcan.aras@arm.com>
+Date: Wed, 11 May 2022 14:37:06 +0100
+Subject: [PATCH] Fix FF-A version in SPMC manifest
+
+OPTEE does not support FF-A version 1.1 in SPMC at the moment.
+This commit corrects the FF-A version in corstone1000_spmc_manifest.dts.
+This patch will not be upstreamed and will be dropped once
+OPTEE version is updated for Corstone1000.
+
+Upstream-Status: Inappropriate
+Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
+---
+ .../corstone1000/common/fdts/corstone1000_spmc_manifest.dts     | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts b/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts
+index 8e49ab83f76a..5baa1b115b2e 100644
+--- a/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts
++++ b/plat/arm/board/corstone1000/common/fdts/corstone1000_spmc_manifest.dts
+@@ -20,7 +20,7 @@
+ 	attribute {
+ 		spmc_id = <0x8000>;
+ 		maj_ver = <0x1>;
+-		min_ver = <0x1>;
++		min_ver = <0x0>;
+ 		exec_state = <0x0>;
+ 		load_address = <0x0 0x2002000>;
+ 		entrypoint = <0x0 0x2002000>;

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0002-fix-corstone1000-pass-spsr-value-explicitly.patch

@@ -0,0 +1,32 @@
+From d70a07562d3b0a7b4441922fd3ce136565927d04 Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <Emekcan.Aras@arm.com>
+Date: Wed, 21 Feb 2024 07:57:36 +0000
+Subject: [PATCH] fix(corstone1000): pass spsr value explicitly
+
+Passes spsr value for BL32 (OPTEE) explicitly between different boot
+stages.
+
+Upstream-Status: Pending
+Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
+---
+ .../corstone1000/common/corstone1000_bl2_mem_params_desc.c     | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c b/plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c
+index fe521a9fa..2cc096f38 100644
+--- a/plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c
++++ b/plat/arm/board/corstone1000/common/corstone1000_bl2_mem_params_desc.c
+@@ -72,7 +72,8 @@ static bl_mem_params_node_t bl2_mem_params_descs[] = {
+ 		SET_STATIC_PARAM_HEAD(ep_info, PARAM_EP,
+ 			VERSION_2, entry_point_info_t, NON_SECURE | EXECUTABLE),
+ 		.ep_info.pc = BL33_BASE,
+-
++		.ep_info.spsr = SPSR_64(MODE_EL2, MODE_SP_ELX,
++				       DISABLE_ALL_EXCEPTIONS),
+ 		SET_STATIC_PARAM_HEAD(image_info, PARAM_EP,
+ 			VERSION_2, image_info_t, 0),
+ 		.image_info.image_base = BL33_BASE,
+-- 
+2.25.1
+
+

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0003-fix-spmd-remove-EL3-interrupt-registration.patch

@@ -0,0 +1,54 @@
+From 684b8f88238f522b52eb102485762e02e6b1671a Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <Emekcan.Aras@arm.com>
+Date: Fri, 23 Feb 2024 13:17:59 +0000
+Subject: [PATCH] fix(spmd): remove EL3 interrupt registration
+
+This configuration should not be done for corstone1000 and similar
+platforms. GICv2 systems only support EL3 interrupts and can have SEL1 component
+as SPMC.
+
+Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
+Upstream-Status: Inappropriate [Discussions of fixing this in a better way is ongoing in upstream]
+---
+ services/std_svc/spmd/spmd_main.c | 24 ------------------------
+ 1 file changed, 24 deletions(-)
+
+diff --git a/services/std_svc/spmd/spmd_main.c b/services/std_svc/spmd/spmd_main.c
+index 066571e9b..313f05bf3 100644
+--- a/services/std_svc/spmd/spmd_main.c
++++ b/services/std_svc/spmd/spmd_main.c
+@@ -580,30 +580,6 @@ static int spmd_spmc_init(void *pm_addr)
+ 		panic();
+ 	}
+ 
+-	/*
+-	 * Permit configurations where the SPM resides at S-EL1/2 and upon a
+-	 * Group0 interrupt triggering while the normal world runs, the
+-	 * interrupt is routed either through the EHF or directly to the SPMD:
+-	 *
+-	 * EL3_EXCEPTION_HANDLING=0: the Group0 interrupt is routed to the SPMD
+-	 *                   for handling by spmd_group0_interrupt_handler_nwd.
+-	 *
+-	 * EL3_EXCEPTION_HANDLING=1: the Group0 interrupt is routed to the EHF.
+-	 *
+-	 */
+-#if (EL3_EXCEPTION_HANDLING == 0)
+-	/*
+-	 * Register an interrupt handler routing Group0 interrupts to SPMD
+-	 * while the NWd is running.
+-	 */
+-	rc = register_interrupt_type_handler(INTR_TYPE_EL3,
+-					     spmd_group0_interrupt_handler_nwd,
+-					     flags);
+-	if (rc != 0) {
+-		panic();
+-	}
+-#endif
+-
+ 	return 0;
+ }
+ 
+-- 
+2.25.1
+
+

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0004-fix-corstone1000-remove-unused-NS_SHARED_RAM-region.patch

@@ -0,0 +1,92 @@
+From 19600e6718e1a5b2ac8ec27d471acdafce0e433e Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <Emekcan.Aras@arm.com>
+Date: Thu, 25 Apr 2024 11:30:58 +0100
+Subject: [PATCH] fix(corstone1000): remove unused NS_SHARED_RAM region
+
+After enabling additional features in Trusted Services, the size of BL32 image
+(OP-TEE + Trusted Services SPs) is larger now. To create more space in secure RAM 
+for BL32 image, this patch removes NS_SHARED_RAM region which is not currently used by
+corstone1000 platform.
+
+Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
+Upstream-Status: Pending
+---
+ .../corstone1000/common/corstone1000_plat.c   |  1 -
+ .../common/include/platform_def.h             | 19 +------------------
+ 2 files changed, 1 insertion(+), 19 deletions(-)
+
+diff --git a/plat/arm/board/corstone1000/common/corstone1000_plat.c b/plat/arm/board/corstone1000/common/corstone1000_plat.c
+index ed3801caa..a9475859a 100644
+--- a/plat/arm/board/corstone1000/common/corstone1000_plat.c
++++ b/plat/arm/board/corstone1000/common/corstone1000_plat.c
+@@ -23,7 +23,6 @@
+ 
+ const mmap_region_t plat_arm_mmap[] = {
+ 	ARM_MAP_SHARED_RAM,
+-	ARM_MAP_NS_SHARED_RAM,
+ 	ARM_MAP_NS_DRAM1,
+ 	CORSTONE1000_MAP_DEVICE,
+ 	CORSTONE1000_EXTERNAL_FLASH,
+diff --git a/plat/arm/board/corstone1000/common/include/platform_def.h b/plat/arm/board/corstone1000/common/include/platform_def.h
+index 442d187f0..18fce4486 100644
+--- a/plat/arm/board/corstone1000/common/include/platform_def.h
++++ b/plat/arm/board/corstone1000/common/include/platform_def.h
+@@ -90,9 +90,6 @@
+  *	partition size: 176 KB
+  *	content: BL2
+  *
+- * <ARM_NS_SHARED_RAM_BASE> = <ARM_TRUSTED_SRAM_BASE> + 1 MB
+- *	partition size: 512 KB
+- *	content: BL33 (u-boot)
+  */
+ 
+ /* DDR memory */
+@@ -117,11 +114,7 @@
+ /* The remaining Trusted SRAM is used to load the BL images */
+ #define TOTAL_SRAM_SIZE		(SZ_4M)  /* 4 MB */
+ 
+-/* Last 512KB of CVM is allocated for shared RAM as an example openAMP */
+-#define ARM_NS_SHARED_RAM_SIZE	(512 * SZ_1K)
+-
+ #define PLAT_ARM_TRUSTED_SRAM_SIZE	(TOTAL_SRAM_SIZE - \
+-					 ARM_NS_SHARED_RAM_SIZE - \
+ 					 ARM_SHARED_RAM_SIZE)
+ 
+ #define PLAT_ARM_MAX_BL2_SIZE	(180 * SZ_1K)  /* 180 KB */
+@@ -160,11 +153,6 @@
+ 
+ /* NS memory */
+ 
+-/* The last 512KB of the SRAM is allocated as shared memory */
+-#define ARM_NS_SHARED_RAM_BASE	(ARM_TRUSTED_SRAM_BASE + TOTAL_SRAM_SIZE - \
+-				 (PLAT_ARM_MAX_BL31_SIZE + \
+-				  PLAT_ARM_MAX_BL32_SIZE))
+-
+ #define BL33_BASE		ARM_DRAM1_BASE
+ #define PLAT_ARM_MAX_BL33_SIZE	(12 * SZ_1M)  /* 12 MB*/
+ #define BL33_LIMIT		(ARM_DRAM1_BASE + PLAT_ARM_MAX_BL33_SIZE)
+@@ -266,7 +254,7 @@
+ #define PLAT_ARM_TRUSTED_MAILBOX_BASE	ARM_TRUSTED_SRAM_BASE
+ #define PLAT_ARM_NSTIMER_FRAME_ID	U(1)
+ 
+-#define PLAT_ARM_NS_IMAGE_BASE		(ARM_NS_SHARED_RAM_BASE)
++#define PLAT_ARM_NS_IMAGE_BASE		(BL33_BASE)
+
+ #define PLAT_PHY_ADDR_SPACE_SIZE	(1ULL << 32)
+ #define PLAT_VIRT_ADDR_SPACE_SIZE	(1ULL << 32)
+@@ -295,11 +283,6 @@
+ 				ARM_SHARED_RAM_SIZE, \
+ 				MT_MEMORY | MT_RW | MT_SECURE)
+ 
+-#define ARM_MAP_NS_SHARED_RAM	MAP_REGION_FLAT( \
+-				ARM_NS_SHARED_RAM_BASE, \
+-				ARM_NS_SHARED_RAM_SIZE, \
+-				MT_MEMORY | MT_RW | MT_NS)
+-
+ #define ARM_MAP_NS_DRAM1	MAP_REGION_FLAT( \
+ 				ARM_NS_DRAM1_BASE, \
+ 				ARM_NS_DRAM1_SIZE, \
+-- 
+2.25.1
+
+

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/corstone1000/0005-fix-corstone1000-clean-the-cache-and-disable-interru.patch

@@ -0,0 +1,46 @@
+From 37f92eeb4361626072e690adb3b0bb20db7c2fca Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <Emekcan.Aras@arm.com>
+Date: Wed, 15 May 2024 13:54:51 +0100
+Subject: [PATCH] fix(corstone1000): clean the cache and disable interrupt
+ before system reset
+
+Corstone1000 does not properly clean the cache and disable gic interrupts
+before the reset. This causes a race condition especially in FVP after reset.
+This adds proper sequence before resetting the platform.
+
+Signed-off-by: Emekcan Aras <Emekcan.Aras@arm.com>
+Upstream-Status: Pending
+---
+ plat/arm/board/corstone1000/common/corstone1000_pm.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/plat/arm/board/corstone1000/common/corstone1000_pm.c b/plat/arm/board/corstone1000/common/corstone1000_pm.c
+index 4b0a791e7..a52e945bf 100644
+--- a/plat/arm/board/corstone1000/common/corstone1000_pm.c
++++ b/plat/arm/board/corstone1000/common/corstone1000_pm.c
+@@ -7,6 +7,7 @@
+ #include <lib/psci/psci.h>
+ #include <plat/arm/common/plat_arm.h>
+ #include <platform_def.h>
++#include <drivers/arm/gicv2.h>
+ /*******************************************************************************
+  * Export the platform handlers via plat_arm_psci_pm_ops. The ARM Standard
+  * platform layer will take care of registering the handlers with PSCI.
+@@ -18,6 +19,14 @@ static void __dead2 corstone1000_system_reset(void)
+ 	uint32_t volatile * const watchdog_ctrl_reg = (uint32_t *) SECURE_WATCHDOG_ADDR_CTRL_REG;
+ 	uint32_t volatile * const watchdog_val_reg = (uint32_t *) SECURE_WATCHDOG_ADDR_VAL_REG;
+ 
++	/* Flush and invalidate data cache */
++	dcsw_op_all(DCCISW);
++	/*
++	 * Disable GIC CPU interface to prevent pending interrupt
++	 * from waking up the AP from WFI.
++	 */
++	gicv2_cpuif_disable();
++
+ 	*(watchdog_val_reg) = SECURE_WATCHDOG_COUNTDOWN_VAL;
+ 	*watchdog_ctrl_reg = SECURE_WATCHDOG_MASK_ENABLE;
+ 	while (1) {
+-- 
+2.25.1
+

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/fvp-base/0001-fdts-fvp-base-Add-stdout-path-and-virtio-net-and-rng.patch

@@ -0,0 +1,64 @@
+From b79d3cf319cc5698311ef83247110c93d3c2de2c Mon Sep 17 00:00:00 2001
+Message-Id: <b79d3cf319cc5698311ef83247110c93d3c2de2c.1695834344.git.diego.sueiro@arm.com>
+From: Diego Sueiro <diego.sueiro@arm.com>
+Date: Wed, 27 Sep 2023 18:05:26 +0100
+Subject: [PATCH] fdts/fvp-base: Add stdout-path and virtio net and rng nodes
+
+Upstream-Status: Pending
+Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
+---
+ fdts/fvp-base-psci-common.dtsi |  8 ++++++--
+ fdts/rtsm_ve-motherboard.dtsi  | 12 ++++++++++++
+ 2 files changed, 18 insertions(+), 2 deletions(-)
+
+diff --git a/fdts/fvp-base-psci-common.dtsi b/fdts/fvp-base-psci-common.dtsi
+index 79cf37d3b0..b1ba5ce703 100644
+--- a/fdts/fvp-base-psci-common.dtsi
++++ b/fdts/fvp-base-psci-common.dtsi
+@@ -30,7 +30,9 @@
+ #if (ENABLE_RME == 1)
+ 	chosen { bootargs = "console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=on";};
+ #else
+-	chosen {};
++	chosen {
++		stdout-path = &v2m_serial0;
++	};
+ #endif
+ 
+ 	aliases {
+@@ -243,6 +245,8 @@
+ 				<0 0 39 &gic 0 GIC_SPI 39 IRQ_TYPE_LEVEL_HIGH>,
+ 				<0 0 40 &gic 0 GIC_SPI 40 IRQ_TYPE_LEVEL_HIGH>,
+ 				<0 0 41 &gic 0 GIC_SPI 41 IRQ_TYPE_LEVEL_HIGH>,
+-				<0 0 42 &gic 0 GIC_SPI 42 IRQ_TYPE_LEVEL_HIGH>;
++				<0 0 42 &gic 0 GIC_SPI 42 IRQ_TYPE_LEVEL_HIGH>,
++				<0 0 44 &gic 0 GIC_SPI 44 IRQ_TYPE_LEVEL_HIGH>,
++				<0 0 46 &gic 0 GIC_SPI 46 IRQ_TYPE_LEVEL_HIGH>;
+ 	};
+ };
+diff --git a/fdts/rtsm_ve-motherboard.dtsi b/fdts/rtsm_ve-motherboard.dtsi
+index 0a824b349a..21a083a51a 100644
+--- a/fdts/rtsm_ve-motherboard.dtsi
++++ b/fdts/rtsm_ve-motherboard.dtsi
+@@ -230,6 +230,18 @@
+ 					interrupts = <42>;
+ 				};
+ 
++				virtio@150000 {
++					compatible = "virtio,mmio";
++					reg = <0x150000 0x200>;
++					interrupts = <44>;
++				};
++
++				virtio@200000 {
++					compatible = "virtio,mmio";
++					reg = <0x200000 0x200>;
++					interrupts = <46>;
++				};
++
+ 				rtc@170000 {
+ 					compatible = "arm,pl031", "arm,primecell";
+ 					reg = <0x170000 0x1000>;
+-- 
+2.39.1
+

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/fvp-base/optee_spmc_maifest.dts

@@ -0,0 +1,116 @@
+/* SPDX-License-Identifier: BSD-3-Clause */
+/*
+ * Copyright (c) 2022-2023, Arm Limited. All rights reserved.
+ */
+
+
+/*
+ * The content of the SPMC manifest may depend on integration settings like the
+ * set of deployed SP. This information lives in the integration system and 
+ * hence this file should be store in meta-arm. This avoids indirect
+ * dependencies between integration systems using the same file which would
+ * enforce some from of cooperation. 
+ */
+
+/dts-v1/;
+
+/ {
+	compatible = "arm,ffa-core-manifest-1.0";
+	#address-cells = <2>;
+	#size-cells = <1>;
+
+	attribute {
+		spmc_id = <0x8000>;
+		maj_ver = <0x1>;
+		min_ver = <0x0>;
+		exec_state = <0x0>;
+		load_address = <0x0 0x6000000>;
+		entrypoint = <0x0 0x6000000>;
+		binary_size = <0x80000>;
+	};
+
+/*
+ * This file will be preprocessed by TF-A's build system. If Measured Boot is
+ * enabled in TF-A's config, the build system will add the MEASURED_BOOT=1 macro
+ * to the preprocessor arguments.
+ */
+#if MEASURED_BOOT
+	tpm_event_log {
+		compatible = "arm,tpm_event_log";
+		tpm_event_log_addr = <0x0 0x0>;
+		tpm_event_log_size = <0x0>;
+		tpm_event_log_max_size = <0x0>;
+	};
+#endif
+
+/* If the ARM_BL2_SP_LIST_DTS is defined, SPs should be loaded from FIP */
+#ifdef ARM_BL2_SP_LIST_DTS
+	sp_packages {
+		compatible = "arm,sp_pkg";
+#if !SPMC_TESTS
+		block_storage {
+			uuid = <0x806e6463 0x2f4652eb 0xdf8c4fac 0x9c518739>;
+			load-address = <0x0 0x7a00000>;
+		};
+		internal_trusted_storage {
+			uuid = <0x48ef1edc 0xcf4c7ab1 0xcfdf8bac 0x141b71f7>;
+			load-address = <0x0 0x7a80000>;
+		};
+
+		protected_storage_sp {
+			uuid = <0x01f81b75 0x6847de3d 0x100f14a5 0x9017edae>;
+			load-address = <0x0 0x7b00000>;
+		};
+
+		crypto_sp {
+			uuid = <0xd552dfd9 0xb24ba216 0x6dd2a49a 0xc0e8843b>;
+			load-address = <0x0 0x7b80000>;
+		};
+
+#if MEASURED_BOOT
+		initial_attestation_sp {
+			uuid = <0x55f1baa1 0x95467688 0x95547c8f 0x74b98d5e>;
+			load-address = <0x0 0x7c80000>;
+		};
+#endif
+
+#if TS_SMM_GATEWAY
+		smm_gateway {
+			uuid = <0x33d532ed 0x0942e699 0x722dc09c 0xa798d9cd>;
+			load-address = <0x0 0x7d00000>;
+		};
+#endif /* TS_SMM_GATEWAY */
+
+#if TS_FW_UPDATE
+		fwu {
+			uuid = <0x38a82368 0x0e47061b 0xce0c7497 0xfd53fb8b>;
+			load-address = <0x0 0x7d80000>;
+		};
+#endif /* TS_FW_UPDATE */
+
+#else /* SPMC_TESTS */
+		test_sp1 {
+			uuid = <0xc3db9e5c 0x67433a7b 0x197c839f 0x376ae81a>;
+			load-address = <0x0 0x7a00000>;
+		};
+
+		test_sp2 {
+			uuid = <0x4c161778 0x1a4d0cc4 0xb29b7a86 0x1af48c27>;
+			load-address = <0x0 0x7a20000>;
+		};
+
+		test_sp3 {
+			uuid = <0x0001eb23 0x97442ae3 0x112f5290 0xa6af84e5>;
+			load-address = <0x0 0x7a40000>;
+		};
+
+		test_sp4 {
+			/* SP binary UUID */
+			uuid = <0xed623742 0x6f407277 0x270cd899 0xf8bb0ada>;
+			load-address = <0x0 0x7a80000>;
+		};
+#endif /* SPMC_TESTS */
+
+	};
+#endif /* ARM_BL2_SP_LIST_DTS */
+};

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-Reserve-OP-TEE-memory-from-nwd.patch

@@ -0,0 +1,42 @@
+From 2d305094f8f500362079e9e7637d46129bf980e4 Mon Sep 17 00:00:00 2001
+From: Adam Johnston <adam.johnston@arm.com>
+Date: Tue, 25 Jul 2023 16:05:51 +0000
+Subject: [PATCH] n1sdp: Reserve OP-TEE memory from NWd
+
+The physical memory which is used to run OP-TEE on the N1SDP is known
+to the secure world via TOS_FW_CONFIG, but it may not be known to the
+normal world.
+
+As a precaution, explicitly reserve this memory via NT_FW_CONFIG to
+prevent the normal world from using it. This is not required on most
+platforms as the Trusted OS is run from secure RAM.
+
+Upstream-Status: Pending (not yet submitted to upstream)
+Signed-off-by: Adam Johnston <adam.johnston@arm.com>
+Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
+---
+ plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts b/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts
+index da5e04ddb6..b7e2d4e86f 100644
+--- a/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts
++++ b/plat/arm/board/n1sdp/fdts/n1sdp_nt_fw_config.dts
+@@ -20,4 +20,16 @@
+ 		local-ddr-size = <0x0>;
+ 		remote-ddr-size = <0x0>;
+ 	};
++
++	reserved-memory {
++		#address-cells = <2>;
++		#size-cells = <2>;
++		ranges;
++
++		optee@0xDE000000 {
++			compatible = "removed-dma-pool";
++			reg = <0x0 0xDE000000 0x0 0x02000000>;
++			no-map;
++		};
++	};
+ };
+\ No newline at end of file

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0001-n1sdp-tftf-tests-to-skip.patch

@@ -0,0 +1,46 @@
+From cc0153b56d634aa80b740be5afed15bedb94a2c9 Mon Sep 17 00:00:00 2001
+From: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
+Date: Tue, 23 Jan 2024 14:19:39 +0000
+Subject: [PATCH] n1sdp patch tests to skip
+
+Upstream-Status: Pending
+Signed-off-by: Harsimran Singh Tungal <harsimransingh.tungal@arm.com>
+---
+ plat/arm/n1sdp/tests_to_skip.txt | 15 ++++++++++-----
+ 1 file changed, 10 insertions(+), 5 deletions(-)
+
+diff --git a/plat/arm/n1sdp/tests_to_skip.txt b/plat/arm/n1sdp/tests_to_skip.txt
+index b6e87bf..1848408 100644
+--- a/plat/arm/n1sdp/tests_to_skip.txt
++++ b/plat/arm/n1sdp/tests_to_skip.txt
+@@ -11,7 +11,7 @@ SMMUv3 tests
+ PSCI CPU Suspend in OSI mode
+ 
+ # PSCI is enabled but not tested
+-PSCI STAT/Stats test cases after system suspend
++PSCI STAT
+ PSCI System Suspend Validation
+ 
+ # Disable FF-A Interrupt tests as TWDOG is not supported by TC platform
+@@ -25,9 +25,14 @@ FF-A Interrupt
+ # files in TFTF, since the port was done purely to test the spectre workaround
+ # performance impact. Once that was done no further work was done on the port.
+ 
+-Timer framework Validation/Target timer to a power down cpu
+-Timer framework Validation/Test scenario where multiple CPUs call same timeout
+-Timer framework Validation/Stress test the timer framework
++Timer framework Validation
+ PSCI Affinity Info/Affinity info level0 powerdown
+ PSCI CPU Suspend
+-PSCI STAT/for valid composite state CPU suspend
++Framework Validation/NVM serialisation
++Framework Validation/Events API
++Boot requirement tests
++CPU Hotplug
++ARM_ARCH_SVC/SMCCC_ARCH_WORKAROUND_1 test
++ARM_ARCH_SVC/SMCCC_ARCH_WORKAROUND_2 test
++ARM_ARCH_SVC/SMCCC_ARCH_WORKAROUND_3 test
++FF-A Power management
+-- 
+2.34.1
+

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0002-Modify-BL32-Location-to-DDR4.patch

@@ -0,0 +1,30 @@
+From 15dab90c3cb8e7677c4f953c2269e8ee1afa01b0 Mon Oct 2 13:45:43 2023
+From: Mariam Elshakfy <mariam.elshakfy@arm.com>
+Date: Mon, 2 Oct 2023 13:45:43 +0000
+Subject: [PATCH] Modify BL32 Location to DDR4
+
+Since OP-TEE start address is changed to run
+from DDR4, this patch changes BL32 entrypoint
+to the correct one.
+
+Upstream-Status: Pending (not yet submitted to upstream)
+Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
+---
+ plat/arm/board/n1sdp/fdts/n1sdp_optee_spmc_manifest.dts | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/plat/arm/board/n1sdp/fdts/n1sdp_optee_spmc_manifest.dts b/plat/arm/board/n1sdp/fdts/n1sdp_optee_spmc_manifest.dts
+index ed870803c..797dfe3a4 100644
+--- a/plat/arm/board/n1sdp/fdts/n1sdp_optee_spmc_manifest.dts
++++ b/plat/arm/board/n1sdp/fdts/n1sdp_optee_spmc_manifest.dts
+@@ -22,8 +22,8 @@
+ 		maj_ver = <0x1>;
+ 		min_ver = <0x0>;
+ 		exec_state = <0x0>;
+-		load_address = <0x0 0x08000000>;
+-		entrypoint = <0x0 0x08000000>;
++		load_address = <0x0 0xDE000000>;
++		entrypoint = <0x0 0xDE000000>;
+ 		binary_size = <0x2000000>;
+ 	};
+ 

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/n1sdp/0003-Modify-SPMC-Base-to-DDR4.patch

@@ -0,0 +1,28 @@
+From 9a1d11b9fbadf740c73aee6dca4fd0370b38e4a8 Tue Oct 3 13:49:13 2023
+From: Mariam Elshakfy <mariam.elshakfy@arm.com>
+Date: Tue, 3 Oct 2023 13:49:13 +0000
+Subject: [PATCH] Modify SPMC Base to DDR4
+
+Since OP-TEE start address is changed to run
+from DDR4, this patch changes SPMC base to 
+the correct one.
+
+Upstream-Status: Pending (not yet submitted to upstream)
+Signed-off-by: Mariam Elshakfy <mariam.elshakfy@arm.com>
+---
+ plat/arm/board/n1sdp/include/platform_def.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/plat/arm/board/n1sdp/include/platform_def.h b/plat/arm/board/n1sdp/include/platform_def.h
+index b3799a7b2..b12c61b61 100644
+--- a/plat/arm/board/n1sdp/include/platform_def.h
++++ b/plat/arm/board/n1sdp/include/platform_def.h
+@@ -118,7 +118,7 @@
+ 
+ #define PLAT_ARM_MAX_BL31_SIZE		UL(0x40000)
+ 
+-#define PLAT_ARM_SPMC_BASE		U(0x08000000)
++#define PLAT_ARM_SPMC_BASE		U(0xDE000000)
+ #define PLAT_ARM_SPMC_SIZE		UL(0x02000000)  /* 32 MB */
+ 
+ 

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/rwx-segments.patch

@@ -0,0 +1,45 @@
+From 051c723a6463a579b05dcaa81f204516737a3645 Mon Sep 17 00:00:00 2001
+From: Ross Burton <ross.burton@arm.com>
+Date: Wed, 9 Aug 2023 15:56:03 -0400
+Subject: [PATCH] Binutils 2.39 now warns when a segment has RXW
+ permissions[1]:
+
+aarch64-none-elf-ld.bfd: warning: bl31.elf has a LOAD segment with RWX
+permissions
+
+However, TF-A passes --fatal-warnings to LD, so this is a build failure.
+
+There is a ticket filed upstream[2], so until that is resolved just
+remove --fatal-warnings.
+
+[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
+[2] https://developer.trustedfirmware.org/T996
+
+Upstream-Status: Inappropriate
+Signed-off-by: Ross Burton <ross.burton@arm.com>
+---
+ Makefile | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile b/Makefile
+index 1ddb7b84417d..9eae30c923ec 100644
+--- a/Makefile
++++ b/Makefile
+@@ -425,7 +425,7 @@ TF_LDFLAGS		+=	$(TF_LDFLAGS_$(ARCH))
+ # LD = gcc (used when GCC LTO is enabled)
+ else ifneq ($(findstring gcc,$(notdir $(LD))),)
+ # Pass ld options with Wl or Xlinker switches
+-TF_LDFLAGS		+=	-Wl,--fatal-warnings -O1
++TF_LDFLAGS		+=	-O1
+ TF_LDFLAGS		+=	-Wl,--gc-sections
+ ifeq ($(ENABLE_LTO),1)
+ 	ifeq (${ARCH},aarch64)
+@@ -442,7 +442,7 @@ TF_LDFLAGS		+=	$(subst --,-Xlinker --,$(TF_LDFLAGS_$(ARCH)))
+ 
+ # LD = gcc-ld (ld) or llvm-ld (ld.lld) or other
+ else
+-TF_LDFLAGS		+=	--fatal-warnings -O1
++TF_LDFLAGS		+=	-O1
+ TF_LDFLAGS		+=	--gc-sections
+ # ld.lld doesn't recognize the errata flags,
+ # therefore don't add those in that case

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tc/generate_metadata.py

@@ -0,0 +1,63 @@
+#!/usr/bin/env python3
+# Copyright (c) 2021, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+
+import argparse
+import uuid
+import zlib
+
+def main(metadata_file, img_type_uuids, location_uuids, img_uuids):
+    def add_field_to_metadata(value):
+        # Write the integer values to file in little endian representation
+        with open(metadata_file, "ab") as fp:
+            fp.write(value.to_bytes(4, byteorder='little'))
+
+    def add_uuid_to_metadata(uuid_str):
+        # Validate UUID string and write to file in little endian representation
+        uuid_val = uuid.UUID(uuid_str)
+        with open(metadata_file, "ab") as fp:
+            fp.write(uuid_val.bytes_le)
+
+    # Fill metadata preamble
+    add_field_to_metadata(1) #version=1
+    add_field_to_metadata(0) #active_index=0
+    add_field_to_metadata(0) #previous_active_index=0
+
+    for img_type_uuid, location_uuid in zip(img_type_uuids, location_uuids):
+        # Fill metadata image entry
+        add_uuid_to_metadata(img_type_uuid) # img_type_uuid
+        add_uuid_to_metadata(location_uuid) # location_uuid
+
+        for img_uuid in img_uuids:
+            # Fill metadata bank image info
+            add_uuid_to_metadata(img_uuid) # image unique bank_uuid
+            add_field_to_metadata(1)       # accepted=1
+            add_field_to_metadata(0)       # reserved (MBZ)
+
+    # Prepend CRC32
+    with open(metadata_file, 'rb+') as fp:
+        content = fp.read()
+        crc = zlib.crc32(content)
+        fp.seek(0)
+        fp.write(crc.to_bytes(4, byteorder='little') + content)
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser()
+    parser.add_argument('--metadata_file', required=True,
+                        help='Output binary file to store the metadata')
+    parser.add_argument('--img_type_uuids', type=str, nargs='+', required=True,
+                        help='A list of UUIDs identifying the image types')
+    parser.add_argument('--location_uuids', type=str, nargs='+', required=True,
+                        help='A list of UUIDs of the storage volumes where the images are located. '
+                             'Must have the same length as img_type_uuids.')
+    parser.add_argument('--img_uuids', type=str, nargs='+', required=True,
+                        help='A list UUIDs of the images in a firmware bank')
+
+    args = parser.parse_args()
+
+    if len(args.img_type_uuids) != len(args.location_uuids):
+        parser.print_help()
+        raise argparse.ArgumentError(None, 'Arguments img_type_uuids and location_uuids must have the same length.')
+
+    main(args.metadata_file, args.img_type_uuids, args.location_uuids, args.img_uuids)

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/files/tf-a-tests-no-warn-rwx-segments.patch

@@ -0,0 +1,33 @@
+From 6635341615a5bcb36ce71479ee30dae1599081e2 Mon Sep 17 00:00:00 2001
+From: Anton Antonov <anrton.antonov@arm.com>
+Date: Wed, 9 Aug 2023 15:56:03 -0400
+Subject: [PATCH] Binutils 2.39 now warns when a segment has RXW
+ permissions[1]:
+
+aarch64-poky-linux-musl-ld: tftf.elf has a LOAD segment with RWX permissions
+
+There is a ticket filed upstream[2], so until that is resolved just
+disable the warning
+
+[1] https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=ba951afb99912da01a6e8434126b8fac7aa75107
+[2] https://developer.trustedfirmware.org/T996
+
+Upstream-Status: Inappropriate
+Signed-off-by: Anton Antonov <anrton.antonov@arm.com>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 286a47c7d454..3481187b62cf 100644
+--- a/Makefile
++++ b/Makefile
+@@ -246,7 +246,7 @@ TFTF_SOURCES		:= ${FRAMEWORK_SOURCES}	${TESTS_SOURCES} ${PLAT_SOURCES} ${LIBC_SR
+ TFTF_INCLUDES		+= ${PLAT_INCLUDES}
+ TFTF_CFLAGS		+= ${COMMON_CFLAGS}
+ TFTF_ASFLAGS		+= ${COMMON_ASFLAGS}
+-TFTF_LDFLAGS		+= ${COMMON_LDFLAGS}
++TFTF_LDFLAGS		+= ${COMMON_LDFLAGS} --no-warn-rwx-segments
+ TFTF_EXTRA_OBJS 	:=
+ 
+ ifneq (${BP_OPTION},none)

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/fiptool-native_2.8.6.bb

@@ -0,0 +1,33 @@
+# Firmware Image Package (FIP)
+# It is a packaging format used by TF-A to package the
+# firmware images in a single binary.
+
+DESCRIPTION = "fiptool - Trusted Firmware tool for packaging"
+LICENSE = "BSD-3-Clause"
+
+SRC_URI_TRUSTED_FIRMWARE_A ?= "git://git.trustedfirmware.org/TF-A/trusted-firmware-a.git;protocol=https"
+SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A};destsuffix=fiptool-${PV};branch=${SRCBRANCH}"
+LIC_FILES_CHKSUM = "file://docs/license.rst;md5=b2c740efedc159745b9b31f88ff03dde"
+
+# Use fiptool from TF-A v2.8.6
+SRCREV = "ff0bd5f9bb2ba2f31fb9cec96df917747af9e92d"
+SRCBRANCH = "lts-v2.8"
+
+DEPENDS += "openssl-native"
+
+inherit native
+
+EXTRA_OEMAKE = "V=1 HOSTCC='${BUILD_CC}' OPENSSL_DIR=${STAGING_DIR_NATIVE}/${prefix_native}"
+
+do_compile () {
+    # This is still needed to have the native fiptool executing properly by
+    # setting the RPATH
+    sed -i '/^LDLIBS/ s,$, \$\{BUILD_LDFLAGS},' ${S}/tools/fiptool/Makefile
+    sed -i '/^INCLUDE_PATHS/ s,$, \$\{BUILD_CFLAGS},' ${S}/tools/fiptool/Makefile
+
+    oe_runmake fiptool
+}
+
+do_install () {
+    install -D -p -m 0755 tools/fiptool/fiptool ${D}${bindir}/fiptool
+}

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_%.bbappend

@@ -0,0 +1,16 @@
+# Machine specific TFAs
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+
+COMPATIBLE_MACHINE:corstone1000 = "corstone1000"
+EXTRA_OEMAKE:append:corstone1000 = " DEBUG=0"
+EXTRA_OEMAKE:append:corstone1000 = " LOG_LEVEL=30"
+TFTF_MODE:corstone1000 = "release"
+
+COMPATIBLE_MACHINE:n1sdp = "n1sdp"
+EXTRA_OEMAKE:append:n1sdp = " DEBUG=1"
+EXTRA_OEMAKE:append:n1sdp = " LOG_LEVEL=50"
+TFTF_MODE:n1sdp = "debug"
+SRC_URI:append:n1sdp = " \
+			file://0001-n1sdp-tftf-tests-to-skip.patch \
+			"

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/tf-a-tests_2.8.0.bb

@@ -0,0 +1,57 @@
+DESCRIPTION = "Trusted Firmware-A tests(aka TFTF)"
+LICENSE = "BSD-3-Clause & NCSA"
+
+LIC_FILES_CHKSUM += "file://docs/license.rst;md5=6175cc0aa2e63b6d21a32aa0ee7d1b4a"
+
+inherit deploy
+
+COMPATIBLE_MACHINE ?= "invalid"
+
+SRC_URI_TRUSTED_FIRMWARE_A_TESTS ?= "git://git.trustedfirmware.org/TF-A/tf-a-tests.git;protocol=https"
+SRC_URI = "${SRC_URI_TRUSTED_FIRMWARE_A_TESTS};branch=${SRCBRANCH} \
+          file://tf-a-tests-no-warn-rwx-segments.patch"
+SRCBRANCH = "lts-v2.8"
+SRCREV = "85442d2943440718c2c2c9c5c690202b4b4f5725"
+
+DEPENDS += "optee-os"
+
+EXTRA_OEMAKE += "USE_NVM=0"
+EXTRA_OEMAKE += "SHELL_COLOR=1"
+EXTRA_OEMAKE += "DEBUG=1"
+
+# Modify mode based on debug or release mode
+TFTF_MODE ?= "debug"
+
+# Platform must be set for each machine
+TFA_PLATFORM ?= "invalid"
+
+EXTRA_OEMAKE += "ARCH=aarch64"
+EXTRA_OEMAKE += "LOG_LEVEL=50"
+
+S = "${WORKDIR}/git"
+B = "${WORKDIR}/build"
+
+# Add platform parameter
+EXTRA_OEMAKE += "BUILD_BASE=${B} PLAT=${TFA_PLATFORM}"
+
+# Requires CROSS_COMPILE set by hand as there is no configure script
+export CROSS_COMPILE="${TARGET_PREFIX}"
+
+do_compile() {
+    oe_runmake -C ${S} tftf
+}
+
+do_compile[cleandirs] = "${B}"
+
+FILES:${PN} = "/firmware/tftf.bin"
+SYSROOT_DIRS += "/firmware"
+
+do_install() {
+    install -d -m 755 ${D}/firmware
+    install -m 0644 ${B}/${TFA_PLATFORM}/${TFTF_MODE}/tftf.bin ${D}/firmware/tftf.bin
+}
+
+do_deploy() {
+    cp -rf ${D}/firmware/* ${DEPLOYDIR}/
+}
+addtask deploy after do_install

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-corstone1000.inc

@@ -0,0 +1,56 @@
+# Corstone1000 64-bit machines specific TFA support
+
+COMPATIBLE_MACHINE = "(corstone1000)"
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/files/corstone1000:"
+SRC_URI:append = " \
+	file://0001-Fix-FF-A-version-in-SPMC-manifest.patch \
+	file://0002-fix-corstone1000-pass-spsr-value-explicitly.patch \
+	file://0003-fix-spmd-remove-EL3-interrupt-registration.patch \
+	file://0004-fix-corstone1000-remove-unused-NS_SHARED_RAM-region.patch \
+	file://0005-fix-corstone1000-clean-the-cache-and-disable-interru.patch \
+       "
+
+TFA_DEBUG = "1"
+TFA_UBOOT ?= "1"
+TFA_MBEDTLS = "1"
+TFA_BUILD_TARGET = "bl2 bl31 fip"
+
+# Enabling Secure-EL1 Payload Dispatcher (SPD)
+TFA_SPD = "spmd"
+# Cortex-A35 supports Armv8.0-A (no S-EL2 execution state).
+# So, the SPD SPMC component should run at the S-EL1 execution state
+TFA_SPMD_SPM_AT_SEL2 = "0"
+
+# BL2 loads BL32 (optee). So, optee needs to be built first:
+DEPENDS += "optee-os"
+
+# Note: Regarding the build option: LOG_LEVEL. 
+# There seems to be an issue when setting it
+# to 50 (LOG_LEVEL_VERBOSE), where the kernel 
+# tee driver sends yielding requests to OP-TEE
+# at a faster pace than OP-TEE processes them,
+# as the processing time is consumed by logging 
+# in TF-A. When this issue occurs, booting halts 
+# as soon as optee driver starts initialization.
+# Therefore, it's not currently recommended to
+# set LOG_LEVEL to 50 at all.
+EXTRA_OEMAKE:append = " \
+                        ARCH=aarch64 \
+                        TARGET_PLATFORM=${TFA_TARGET_PLATFORM} \
+                        ENABLE_STACK_PROTECTOR=strong \
+                        ENABLE_PIE=1 \
+                        RESET_TO_BL2=1 \
+                        CREATE_KEYS=1 \
+                        GENERATE_COT=1 \
+                        TRUSTED_BOARD_BOOT=1 \
+                        ARM_GPT_SUPPORT=1 \
+                        PSA_FWU_SUPPORT=1 \
+                        NR_OF_IMAGES_IN_FW_BANK=4 \
+                        COT=tbbr \
+                        ARM_ROTPK_LOCATION=devel_rsa  \
+                        ERRATA_A35_855472=1 \
+                        ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \
+                        BL32=${RECIPE_SYSROOT}/${nonarch_base_libdir}/firmware/tee-pager_v2.bin \
+                        FVP_USE_GIC_DRIVER=FVP_GICV2 \
+                        "

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-fvp-base.inc

@@ -0,0 +1,65 @@
+# FVP specific TFA parameters
+
+#
+# Armv8-A Base Platform FVP
+#
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/files/:${THISDIR}/files/fvp-base"
+
+SRC_URI:append = " \
+    file://0001-fdts-fvp-base-Add-stdout-path-and-virtio-net-and-rng.patch \
+    file://optee_spmc_maifest.dts;subdir=git/plat/arm/board/fvp/fdts \
+"
+
+# OP-TEE SPMC related configuration
+SPMC_IS_OPTEE = "${@bb.utils.contains('MACHINE_FEATURES', 'arm-ffa', '0' \
+                 if d.getVar('SEL2_SPMC') == '1' else '1', '0', d)}"
+# Configure the SPMC manifest file.
+TFA_ARM_SPMC_MANIFEST_DTS = "${@oe.utils.conditional('SPMC_IS_OPTEE', '1', \
+                '${S}/plat/arm/board/fvp/fdts/optee_spmc_maifest.dts', '', d)}"
+EXTRA_OEMAKE += "${@bb.utils.contains('MACHINE_FEATURES','arm-ffa', \
+                'ARM_SPMC_MANIFEST_DTS=${TFA_ARM_SPMC_MANIFEST_DTS}' \
+                    if d.getVar('TFA_ARM_SPMC_MANIFEST_DTS') else '', '', d)}"
+
+# Set OP-TEE SPMC specific TF-A config settings
+TFA_SPMD_SPM_AT_SEL2 := '0'
+TFA_SPD := "${@oe.utils.conditional('SPMC_IS_OPTEE', '1', 'spmd', \
+            d.getVar('TFA_SPD'), d)}"
+DEPENDS += " ${@oe.utils.conditional('SPMC_IS_OPTEE', '1', 'optee-os', '', d)}"
+
+# Configure measured boot if the attestation SP is deployed.
+TFA_MB_FLAGS += " \
+    ARM_ROTPK_LOCATION=devel_rsa \
+    EVENT_LOG_LEVEL=20 \
+    GENERATE_COT=1 \
+    MBOOT_EL_HASH_ALG=sha256 \
+    MEASURED_BOOT=1 \
+    ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \
+    TRUSTED_BOARD_BOOT=1 \
+"
+EXTRA_OEMAKE += "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation',\
+                 '${TFA_MB_FLAGS}','', d)}"
+
+# Add OP-TEE as BL32.
+BL32 = "${@oe.utils.conditional('SPMC_IS_OPTEE', '1',\
+        '${RECIPE_SYSROOT}/${nonarch_base_libdir}/firmware/tee-pager_v2.bin',\
+        '', d)}"
+EXTRA_OEMAKE += "${@oe.utils.conditional('SPMC_IS_OPTEE', '1', \
+                ' BL32=${BL32}', '', d)}"
+
+# Generic configuration
+COMPATIBLE_MACHINE = "fvp-base"
+TFA_PLATFORM = "fvp"
+# Disable debug build if measured boot is enabled.
+TFA_DEBUG := "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation', '0',\
+              d.getVar('TFA_DEBUG'), d)}"
+# Add mbedtls if measured boot is enabled
+TFA_MBEDTLS := "${@bb.utils.contains('MACHINE_FEATURES', 'ts-attestation',\
+               '1', d.getVar('TFA_MBEDTLS'), d)}"
+TFA_UBOOT ?= "1"
+TFA_BUILD_TARGET = "bl1 bl2 bl31 dtbs fip"
+
+EXTRA_OEMAKE += "FVP_DT_PREFIX=fvp-base-gicv3-psci-1t FVP_USE_GIC_DRIVER=FVP_GICV3"
+
+# Our fvp-base machine explicitly has v8.4 cores
+EXTRA_OEMAKE += "ARM_ARCH_MAJOR=8 ARM_ARCH_MINOR=4"

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-juno.inc

@@ -0,0 +1,13 @@
+# Juno specific TFA support
+
+COMPATIBLE_MACHINE = "juno"
+TFA_PLATFORM = "juno"
+TFA_DEBUG = "1"
+TFA_MBEDTLS = "1"
+TFA_UBOOT ?= "1"
+TFA_BUILD_TARGET = "bl1 bl2 bl31 dtbs fip"
+
+# Juno needs the System Control Processor Firmware
+DEPENDS += "virtual/control-processor-firmware"
+
+EXTRA_OEMAKE:append = " SCP_BL2=${RECIPE_SYSROOT}/firmware/scp_ramfw.bin"

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-n1sdp.inc

@@ -0,0 +1,41 @@
+# N1SDP specific TFA support
+
+# Align with N1SDP-2023.06.22 Manifest
+SRCREV_tfa  = "31f60a968347497562b0129134928d7ac4767710"
+PV .= "+git"
+
+COMPATIBLE_MACHINE = "n1sdp"
+TFA_BUILD_TARGET   = "all fip"
+TFA_INSTALL_TARGET = "bl1 bl2 bl31 n1sdp-multi-chip n1sdp-single-chip n1sdp_fw_config n1sdp_tb_fw_config fip"
+TFA_DEBUG          = "1"
+TFA_MBEDTLS        = "1"
+TFA_UBOOT          = "0"
+TFA_UEFI          ?= "1"
+
+FILESEXTRAPATHS:prepend := "${THISDIR}/files/n1sdp:"
+
+SRC_URI:append = " \
+    file://0001-Reserve-OP-TEE-memory-from-nwd.patch \
+    file://0002-Modify-BL32-Location-to-DDR4.patch \
+    file://0003-Modify-SPMC-Base-to-DDR4.patch \
+    "
+
+TFA_ROT_KEY= "plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem"
+
+# Enabling Secure-EL1 Payload Dispatcher (SPD)
+TFA_SPD = "spmd"
+# Cortex-A35 supports Armv8.0-A (no S-EL2 execution state).
+# So, the SPD SPMC component should run at the S-EL1 execution state
+TFA_SPMD_SPM_AT_SEL2 = "0"
+
+# BL2 loads BL32 (optee). So, optee needs to be built first:
+DEPENDS += "optee-os"
+
+EXTRA_OEMAKE:append = "\
+                    TRUSTED_BOARD_BOOT=1 \
+		    GENERATE_COT=1 \
+		    CREATE_KEYS=1 \
+		    ARM_ROTPK_LOCATION="devel_rsa" \
+		    ROT_KEY="${TFA_ROT_KEY}" \
+		    BL32=${RECIPE_SYSROOT}/${nonarch_base_libdir}/firmware/tee-pager_v2.bin \
+		    "

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-sbsa-ref.inc

@@ -0,0 +1,6 @@
+# sbsa-ref specific TF-A support
+
+COMPATIBLE_MACHINE = "sbsa-ref"
+
+TFA_PLATFORM       = "qemu_sbsa"
+TFA_INSTALL_TARGET = "bl1 fip"

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-sgi575.inc

@@ -0,0 +1,13 @@
+# SGI575 specific TFA support
+
+COMPATIBLE_MACHINE = "sgi575"
+TFA_PLATFORM       = "sgi575"
+TFA_BUILD_TARGET   = "all fip"
+TFA_INSTALL_TARGET = "bl1 fip"
+TFA_DEBUG          = "1"
+TFA_MBEDTLS        = "1"
+TFA_UBOOT          = "0"
+TFA_UEFI           = "1"
+
+EXTRA_OEMAKE += "TRUSTED_BOARD_BOOT=1 GENERATE_COT=1 ARM_ROTPK_LOCATION=devel_rsa \
+                     ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem"

sources/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend

@@ -0,0 +1,14 @@
+FILESEXTRAPATHS:prepend := "${THISDIR}/files/:"
+
+# Machine specific TFAs
+
+MACHINE_TFA_REQUIRE ?= ""
+MACHINE_TFA_REQUIRE:corstone1000 = "trusted-firmware-a-corstone1000.inc"
+MACHINE_TFA_REQUIRE:fvp-base = "trusted-firmware-a-fvp-base.inc"
+MACHINE_TFA_REQUIRE:juno = "trusted-firmware-a-juno.inc"
+MACHINE_TFA_REQUIRE:n1sdp = "trusted-firmware-a-n1sdp.inc"
+MACHINE_TFA_REQUIRE:sbsa-ref = "trusted-firmware-a-sbsa-ref.inc"
+MACHINE_TFA_REQUIRE:sgi575 = "trusted-firmware-a-sgi575.inc"
+MACHINE_TFA_REQUIRE:tc = "trusted-firmware-a-tc.inc"
+
+require ${MACHINE_TFA_REQUIRE}