arm-bsp/docs: corstone1000-a320: Add standalone A320 documentation

Add a separate Corstone-1000 Armv9-A Edge-AI documentation
set for the Cortex-A320 platform.

Populate the new documentation tree with the initial index,
user guide, software architecture, release notes, change log,
and supporting images.

Keep common Corstone-1000 material in the existing documentation
set and move A320-specific content into the new standalone
document set.

Signed-off-by: Michael Safwat <michael.safwat@arm.com>
Signed-off-by: Lisa Durbin <lisa.durbin@arm.com>
Signed-off-by: Alex Chapman <alex.chapman@arm.com>
Signed-off-by: Hugues KAMBA MPIANA <hugues.kambampiana@arm.com>

meta-arm-bsp/documentation/corstone1000-a320/.readthedocs.yaml

@@ -0,0 +1,12 @@
+version: 2
+build:
+  os: "ubuntu-22.04"
+  tools:
+    python: "3.9"
+sphinx:
+  configuration: meta-arm-bsp/documentation/corstone1000-a320/conf.py
+formats:
+  - pdf
+python:
+  install:
+    - requirements: meta-arm-bsp/documentation/requirements.txt

meta-arm-bsp/documentation/corstone1000-a320/conf.py

@@ -0,0 +1,117 @@
+# SPDX-FileCopyrightText: <text>Copyright 2026 Arm Limited and/or its
+# affiliates <open-source-office@arm.com></text>
+#
+# SPDX-License-Identifier: MIT
+
+# Configuration file for the Sphinx documentation builder.
+#
+# This file only contains a selection of the most common options. For a full
+# list see the documentation:
+# https://www.sphinx-doc.org/en/master/usage/configuration.html
+
+# -- Path setup --------------------------------------------------------------
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+#
+# sys.path.insert(0, os.path.abspath('.'))
+
+import os
+import re
+import sys
+
+import yaml
+
+# Append the documentation directory to the path, so we can import variables
+sys.path.append(os.path.dirname(__file__))
+
+_metadata_path = os.path.join(os.path.dirname(__file__), 'corstone-a320_metadata.yaml')
+with open(_metadata_path, encoding='utf-8') as metadata_file:
+    _metadata = yaml.safe_load(metadata_file) or {}
+
+_metadata_variables = {
+    item['name']: item['value']
+    for item in _metadata.get('variables', [])
+    if item.get('name') and item.get('value')
+}
+
+
+# -- Project information -----------------------------------------------------
+
+project = 'Corstone-1000 Armv9-A Edge-AI'
+copyright = '2026, Arm Limited'
+author = 'Arm Limited'
+
+
+# -- General configuration ---------------------------------------------------
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+extensions = [
+    'myst_parser',
+    'sphinx_rtd_theme',
+]
+
+source_suffix = {
+    '.rst': 'restructuredtext',
+    '.md': 'markdown',
+}
+
+myst_enable_extensions = [
+    'colon_fence',
+]
+
+# Add any paths that contain templates here, relative to this directory.
+templates_path = ['_templates']
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+# This pattern also affects html_static_path and html_extra_path.
+exclude_patterns = [
+    '_build',
+    'Thumbs.db',
+    '.DS_Store',
+    'docs/infra',
+    'corstone-a320_map.md',
+    'corstone-a320_metadata.yaml',
+]
+
+
+# -- Options for HTML output -------------------------------------------------
+
+# The theme to use for HTML and HTML Help pages.  See the documentation for
+# a list of builtin themes.
+#
+html_theme = 'sphinx_rtd_theme'
+html_theme_options = {
+    'flyout_display': 'attached',
+}
+
+# Define the canonical URL if you are using a custom domain on Read the Docs
+html_baseurl = os.environ.get("READTHEDOCS_CANONICAL_URL", "")
+
+# Tell Jinja2 templates the build is running on Read the Docs
+if os.environ.get("READTHEDOCS", "") == "True":
+    if "html_context" not in globals():
+        html_context = {}
+    html_context["READTHEDOCS"] = True
+
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+#html_static_path = ['_static']
+
+
+def _replace_metadata_variables(app, docname, source):
+    source[0] = re.sub(
+        r'\$([A-Za-z0-9_]+)',
+        lambda match: _metadata_variables.get(match.group(1), match.group(0)),
+        source[0],
+    )
+
+
+def setup(app):
+    app.connect('source-read', _replace_metadata_variables)

meta-arm-bsp/documentation/corstone1000-a320/corstone-a320_map.md

@@ -0,0 +1,6 @@
+- topics/introducing.md
+- topics/software-architecture.md
+- topics/user-guide.md
+- topics/tests.md
+- topics/release-notes.md
+- topics/change-log.md

meta-arm-bsp/documentation/corstone1000-a320/corstone-a320_metadata.yaml

@@ -0,0 +1,106 @@
+---
+title: Corstone-1000 Armv9-A Edge-AI
+subtitle: ""
+abstract: Arm Corstone-1000 with Cortex-A320 is a reference solution for IoT devices. It is part of Total Solution for IoT which consists of hardware and software reference implementation.
+author: Arm
+status: REL
+keywords: [IoT, software]
+bookpartno: 112000
+product: Corstone-1000 with Cortex-A320
+product_type: Open Source Projects
+product_revision:
+  - prefix: Version
+    version: "0101"
+    version_label: "2026.02"
+output_type: "software"
+conformance_notice: "true"
+content_type: User Guide
+audience:
+  - Software Developers
+categories:
+  - IoT
+themes:
+  - IoT
+intended_audience: Software Developers
+terminology_review: new
+releases:
+ - revision: 0100-01
+   date: 2026-05-01
+   change_summary: Update
+   permissions: nonconfidential
+
+variables:
+- name: arm_developer_cs1000_website
+  value: 'https://developer.arm.com/Tools%20and%20Software/Corstone-1000%20Software'
+- name: arm_developer_cs1000_search
+  value: 'https://developer.arm.com/search#q=corstone-1000'
+- name: arm_developer_mhu_website
+  value: 'https://developer.arm.com/documentation/ka005129/latest/#:~:text=An%20MHU%20is%20a%20device,that%20a%20message%20is%20available'
+- name: arm_developer_secureboot_website
+  value: 'https://developer.arm.com/documentation/PRD29-GENC-009492/c/TrustZone-Software-Architecture/Booting-a-secure-system/Secure-boot'
+- name: arm_architecture_security_features_platform_security
+  value: 'https://www.arm.com/architecture/security-features/platform-security'
+- name: linux_repository
+  value: 'https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/'
+- name: arm_trustzone_for_cortex_a_website
+  value: 'https://www.arm.com/technologies/trustzone-for-cortex-a'
+- name: arm_fmw_framework_a_profile_pdf
+  value: 'https://developer.arm.com/documentation/den0077/latest'
+- name: arm_fmw_framework_m_profile_pdf
+  value: 'https://developer.arm.com/architectures/Firmware%20Framework%20for%20M-Profile'
+- name: platform_security_fwu_for_a_profile_pdf
+  value: 'https://developer.arm.com/documentation/den0118/a/'
+- name: psa_firmware_update_ihi_0093_api_reference_website
+  value: 'https://arm-software.github.io/psa-api/fwu/1.0/api/api.html'
+- name: edk2_capsule_generation_tool_repository
+  value: 'https://github.com/tianocore/edk2/blob/master/BaseTools/Source/Python/Capsule/GenerateCapsule.py'
+- name: psa_fwu_den0018_specification_website
+  value: 'https://developer.arm.com/documentation/den0118/latest/'
+- name: ts_psa_fwu_service_website
+  value: 'https://trusted-services.readthedocs.io/en/stable/services/fwu/psa-fwu-m.html'
+- name: tfm_shim_layer_website
+  value: 'https://trustedfirmware-m.readthedocs.io/en/latest/design_docs/services/tfm_fwu_service.html#shim-layer-between-fwu-and-bootloader'
+- name: op_tee_os_repository
+  value: 'https://github.com/OP-TEE/optee_os'
+- name: psa_certified_website
+  value: 'https://www.psacertified.org/'
+- name: psa_l2_ready
+  value: 'https://www.psacertified.org/products/corstone-1000/'
+- name: systemready_ir_certification
+  value: 'https://armkeil.blob.core.windows.net/developer/Files/pdf/certificate-list/arm-systemready-ve-arm-neoverse.pdf'
+- name: trusted_board_boot_requirements_client_pdf
+  value: 'https://developer.arm.com/documentation/den0006/latest'
+- name: trusted_firmware_m_website
+  value: 'https://www.trustedfirmware.org/projects/tf-m/'
+- name: trusted_firmware_m_bl1_website
+  value: 'https://trustedfirmware-m.readthedocs.io/en/latest/design_docs/booting/bl1.html'
+- name: trusted_firmware_a_bl2_website
+  value: 'https://developer.arm.com/documentation/108028/0000/RD-TC22-software/Software-components/AP-firmware/Trusted-firmware-A-BL2'
+- name: trusted_firmware_a_fip_guide
+  value: 'https://trustedfirmware-a.readthedocs.io/en/latest/design/firmware-design.html#firmware-image-package-fip'
+- name: trusted_services_website
+  value: 'https://www.trustedfirmware.org/projects/trusted-services/'
+- name: trusted_services_uefi_smm_website
+  value: 'https://trusted-services.readthedocs.io/en/integration/services/uefi-smm-services.html#'
+- name: das_u_boot_repository
+  value: 'https://github.com/u-boot/u-boot.git'
+- name: keil_rtx5_website
+  value: 'https://developer.arm.com/Tools%20and%20Software/Keil%20MDK/RTX5%20RTOS'
+- name: ppa_website
+  value: 'https://developer.arm.com/documentation/102738/0100/Power--performance--and-area-analysis'
+- name: mcuboot_website
+  value: 'https://docs.mcuboot.com/'
+- name: arm_developer_fvp
+  value: 'https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps'
+- name: secure_debug_manager_repo_readme
+  value: 'https://github.com/ARM-software/secure-debug-manager/tree/master?tab=readme-ov-file#secure-debug-manager-psa-adac--sdc-600'
+- name: secure_debug_manager_armds_integration
+  value: 'https://github.com/ARM-software/secure-debug-manager?tab=readme-ov-file#arm-development-studio-integration'
+- name: meta_arm_repository_release_branch
+  value: 'https://docs.yoctoproject.org/next/migration-guides/migration-5.3.html'
+- name: arm_ulink_pro_website
+  value: 'https://www.arm.com/products/development-tools/debug-probes/ulink-pro'
+- name: arm_ds_website
+  value: 'https://www.arm.com/products/development-tools/embedded-and-software/arm-development-studio'
+- name: edk2_repository
+  value: 'https://github.com/tianocore/edk2'

meta-arm-bsp/documentation/corstone1000-a320/index.md

@@ -0,0 +1,12 @@
+# Corstone-1000 Armv9-A Edge-AI
+
+```{toctree}
+:maxdepth: 2
+
+topics/introducing
+topics/software-architecture
+topics/user-guide
+topics/tests
+topics/release-notes
+topics/change-log
+```

meta-arm-bsp/documentation/corstone1000-a320/topics/change-log.md

@@ -0,0 +1,80 @@
+# Change log {.chapter permissions=non-confidential}
+
+This document contains a summary of the new features, changes and fixes in each release of the Corstone-1000 with Cortex-A320 software stack.
+
+## Version 2025.12 {.reference}
+
+The following changes are present in this release:
+
+- Delivered end-to-end Cortex-A320 enablement across U-Boot, TF-A, TF-M, OP-TEE, Yocto machine layers, and documentation, including device-tree updates, MPIDR handling, and FVP model renaming.
+- Rolled out the PSA Firmware Update (DEN0118) pipeline: U-Boot capsule parsing, Bootloader Abstraction Layer in TF-M, ESRT exposure, and Trusted Services IPC bridges replacing legacy capsule code.
+- Hardened the new firmware update flow with EFI self-tests, metadata restructuring for partial and multi-image acceptance, and RSE-COMMS gating refinements.
+- Upgraded key firmware components (TF-A 2.13.0, TF-M 2.2.1, Trusted Services 1.2.0, OP-TEE OS 4.7.0) and introduced targeted test skips plus integer-only build modes to keep validation green.
+- Cleaned and renumbered downstream patch series across Trusted Services and TF-M while removing obsolete integrations to align with upstream baselines.
+- Refreshed release material and architecture guides to describe the A320 profile, PSA FWU behavior, and updated software stack.
+- Added KAS profiles, machine includes, and automated FVP selection logic to streamline developer workflows for the refreshed platform configuration.
+
+### Corstone-1000 with Cortex-A320 components versions {.reference}
+
+The following component versions are available:
+
+Table: Corstone-1000 with Cortex-A320 component versions
+
++----------------------------------------+-----------------------------------+
+| Component                              | Version                           |
++========================================+===================================+
+| linux-yocto                            | 6.12.60                           |
++----------------------------------------+-----------------------------------+
+| u-boot                                 | 2025.04                           |
++----------------------------------------+-----------------------------------+
+| optee-client                           | 4.7.0                             |
++----------------------------------------+-----------------------------------+
+| optee-os                               | 4.7.0                             |
++----------------------------------------+-----------------------------------+
+| trusted-firmware-a                     | 2.13.0                            |
++----------------------------------------+-----------------------------------+
+| trusted-firmware-m                     | 2.2.1                             |
++----------------------------------------+-----------------------------------+
+| libts                                  | v1.2.0                            |
++----------------------------------------+-----------------------------------+
+| ts-sp-{se-proxy, smm-gateway}          | v1.2.0                            |
++----------------------------------------+-----------------------------------+
+| ts-psa-{crypto, iat, its. ps}-api-test | 74dc6646ff                        |
++----------------------------------------+-----------------------------------+
+
+### Yocto distribution components versions {.reference}
+
+The following Yocto distribution components versions are available:
+
+
+Table: Yocto distribution component versions
+
++-------------------+------------+
+| Component         | Version    |
++===================+============+
+| meta-arm          | whinlatter |
++-------------------+------------+
+| bitbake           | 0dde1a3ff8 |
++-------------------+------------+
+| meta-openembedded | fc0152e434 |
++-------------------+------------+
+| openembedded-core | 4bd920ad7d |
++-------------------+------------+
+| meta-yocto        | b3b6592635 |
++-------------------+------------+
+| meta-secure-core  | 63209fb150 |
++-------------------+------------+
+| meta-ethos        | aa2504a32f |
++-------------------+------------+
+| meta-sca          | e68f1a9d17 |
++-------------------+------------+
+| busybox           | 1.37.0     |
++-------------------+------------+
+| musl              | 1.2.5      |
++-------------------+------------+
+| gcc-arm-none-eabi | 13.3.rel1  |
++-------------------+------------+
+| gcc-cross-aarch64 | 15.2.0     |
++-------------------+------------+
+| openssl           | 3.5.4      |
++-------------------+------------+

meta-arm-bsp/documentation/corstone1000-a320/topics/introducing.md

@@ -0,0 +1,14 @@
+# Introduction {.chapter permissions=non-confidential}
+
+Arm Corstone-1000 with Cortex-A320 is a reference solution for IoT devices
+based on Arm Corstone-1000, but with Cortex-A320 CPU, Ethos-U85 NPU and
+GIC700 (Generic Interrupt Controller). It is part of Total Solution
+for IoT which consists of hardware and software reference implementations.
+
+## Disclaimer {.reference}
+
+Arm reference solutions are Arm public example software projects that track and
+pull upstream components, incorporating their respective security fixes
+published over time. Arm partners are responsible for ensuring that the
+components they use contain all the required security fixes, if and when they
+deploy a product derived from Arm reference solutions.

meta-arm-bsp/documentation/corstone1000-a320/topics/release-notes.md

@@ -0,0 +1,28 @@
+# Release notes {.chapter permissions=non-confidential}
+
+You expressly assume all liabilities and risks relating to your use or operation
+of your software and hardware designed or modified using the Arm Tools,
+including without limitation, your software or hardware designed or
+intended for safety-critical applications. Should your software or hardware
+prove defective, you assume the entire cost of all necessary servicing, repair
+or correction.
+
+## Release notes - 2025.12 {.reference}
+
+The following knowns issues and limitations are present in this release:
+
+- Corstone-1000 with Cortex-A320 FVP does not currently support Symmetric Multiprocessing
+- Corstone-1000 with Cortex-A320 FVP becomes unresponsive when the Linux kernel driver for the Ethos-U85 NPU loads automatically after a software reboot.
+- Crypto isolation is not supported in the Secure world of Corstone-1000. Additionally, clients in
+  the Normal world are not isolated from one another. Therefore, if an end user wants to add a new
+  Secure Partition (SP) (such as a software TPM) that accesses the Crypto service via the SE-Proxy,
+  they are responsible for implementing their own isolation mechanisms to ensure proper security boundaries.
+- DSTREAM debug probe may experience unreliable USB connectivity when used with Arm DS for secure debug.
+  This issue is under active investigation, and we are working to identify and resolve compatibility issues in a future update.
+  As a more stable alternative, the ULINKpro debug probe is recommended for use with Corstone-1000 in secure debug scenarios.
+
+## Support {.reference}
+
+For technical support, email [Arm subsystem support](mailto:support-subsystem-iot@arm.com).
+
+For security issues, contact [Arm Security](mailto:psirt@arm.com).

meta-arm-bsp/documentation/corstone1000-a320/topics/software-architecture.md

@@ -0,0 +1,311 @@
+# Software architecture {.chapter permissions=non-confidential}
+
+The combination of Corstone-1000 software and hardware reference solution is [PSA Level-2 ready certified]($psa_l2_ready) as well as [Arm SystemReady Devicetree certified]($systemready_ir_certification). Please rely on the Corstone-1000 platform for certification needs.
+
+More information on the Corstone-1000 subsystems product(s), variants and design can be
+found on [Arm Developer]($arm_developer_cs1000_website).
+
+This document explicitly focuses on the software part of the solution and
+provides internal details on the software components. The reference
+software package of the platform can be retrieved following instructions
+present in the user guide document.
+
+## Design overview {.reference}
+
+This variant of the Corstone-1000 platform replaces the Host System's Cortex-A35
+processor with a Cortex-A320. In this configuration, the optional External System
+(previously a Cortex-M3) is replaced by an Arm Ethos-U85 Neural Processing Unit (NPU).
+The Ethos-U85 runs in the direct drive configuration, where the Host System is
+responsible for managing the NPU directly.
+
+![Cortex-A320 subsystems](../images/CorstoneA320Subsystems.png)
+
+## Secure boot chain {.reference}
+
+For the security of a device, it is essential that only authorized
+software should run on the device.
+
+The Corstone-1000 boot uses a [Secure boot]($arm_developer_secureboot_website) chain process
+where an already authenticated image verifies and loads the following software in the chain.
+
+For the boot chain process to work, the start of the chain should be trusted, forming the
+Root of Trust (RoT) of the device. The RoT of the device is immutable in
+nature and encoded into the device by the device manufacturer before it
+is deployed into the field.
+In Corstone-1000, the content of the ROM and CC312 One Time Programmable (OTP) memory forms the RoT.
+
+Verification of an image can happen either by comparing the computed and stored hashes, or by
+checking the signature of the image if the image is signed.
+
+![Secure boot chain](../images/SecureBootChain.png)
+
+It is a lengthy chain to boot the software on Corstone-1000.
+
+### TF-M BL1\_1 {.reference}
+
+On power-up, the Secure Enclave begins execution from TF-M BL1\_1, which resides in ROM and serves as
+the Root of Trust (RoT) for the device.
+
+TF-M BL1\_1 is the immutable bootloader and is responsible for:
+
+- Provisioning the device during the first boot
+- Performing hardware initialization
+- Verifying the integrity and authenticity of the next stage in the boot chain
+
+At boot time, TF-M BL1\_1:
+
+- Copies the TF-M BL1\_2 image from OTP to RAM.
+- Verifies the integrity of BL1\_2 by comparing its computed hash with the hash stored in OTP.
+
+### TF-M BL1\_2 {.reference}
+
+During provisioning, the TF-M BL1\_2 binary, along with its hashes and cryptographic keys, is stored
+in One-Time Programmable (OTP) memory.
+
+Once verified, TF-M BL1\_2:
+
+- Takes control and verifies the next stage in the boot chain, which is TF-M BL2.
+- Computes the hash of the BL2 image and compares it with the BL2 hash stored in OTP to ensure
+  integrity before transferring execution to BL2.
+
+The TF-M BL1 design details can be found in the [TF-M design documents]($trusted_firmware_m_bl1_website).
+
+:::note
+Corstone-1000 has some differences compared to this design due to memory (OTP/ROM) limitations:
+
+- BL1\_1 code size is larger than needed because it handles most of the hardware initialization instead of the BL1\_2.
+- BL1\_2 cannot be updated during provisioning time because the provisioning bundle that contains its code is located in the ROM.
+- BL1\_2 does not use the post-quantum LMS verification.
+- BL2 cannot be updated because it is verified by comparing the computed hash to the hash stored in the OTP.
+
+:::
+
+### TF-M BL2 {.reference}
+
+In this system, TF-M BL2 refers to MCUBoot.
+
+On the first boot, MCUBoot can provision additional cryptographic keys. It is responsible for authenticating both:
+
+- TF-M (Trusted Firmware-M), and
+- The initial bootloader of the Host system, [Trusted Firmware-A (TF-A) BL2]($trusted_firmware_a_bl2_website)
+
+This authentication is done by verifying the digital signatures of the respective images.
+
+MCUBoot performs image verification in the following steps:
+
+1. Load the image from non-volatile memory into RAM.
+2. Validate the image's signature using the corresponding public key.
+
+:::note
+The public key present in the image header is validated by comparing with the hash. Depending on the image, the hash of the public key is either stored in the OTP or part of the software which is being already verified in the previous stages.
+:::
+
+The execution control is passed to TF-M after the verification.
+As the runtime executable of the Secure Enclave, TF-M initializes itself before
+bringing the Host system out of reset.
+
+### Host system authentication {.reference}
+
+The Host system follows the boot standard defined in [Trusted Board Boot Requirements Client]($trusted_board_boot_requirements_client_pdf)
+to authenticate the Secure and Non-secure software.
+
+The [Firmware Image Package (FIP)]($trusted_firmware_a_fip_guide) packs bootloader images and
+other payloads into a single archive.
+
+![FIPDiagram](../images/FIPDiagram.png)
+
+The FIP for Corstone-1000 contains:
+
+- Trusted firmware-A BL2
+- AP EL3 Runtime firmware, BL31 image
+- AP Secure Payload, BL32 image
+- AP Normal world firmware -U-boot, BL33 image
+- Trusted OS Firmware configuration file used by Trusted OS (BL32), TOS_FW_CONFIG
+- Key certificates
+- Content certificates
+
+To load and validate TF-A BL2, TF-M BL2 first parses the GUID Partition Table (GPT)
+to locate the FIP. It then determines the offset of TF-A BL2 within the FIP.
+
+:::note
+TF-M does not check the FIP signature, it only checks the TF-A BL2's signature in the FIP.
+:::
+
+The implicitly trusted components are:
+
+- A SHA-256 hash of the Root of Trust Public Key (ROTPK.) For development purposes, a development ROTPK is used and its hash embedded into the TF-A BL2 image. This public key is provided by the TF-A source code.
+- TF-A BL2 image - it can be trusted because it has been verified by TF-M BL2 before starting TF-A.
+
+The remaining components in the Chain of Trust (CoT) are either certificates or bootloader images.
+
+#### Bootloader authentication {.reference}
+
+The FIP contains two types of certificates:
+
+- Content Certificates used to store the hash of a bootloader image.
+- Key Certificates used to verify public keys used to sign Content Certificates.
+
+The Host system bootloader images are authenticated by computing their hash and comparing it to the corresponding hash found in the Content Certificate.
+
+#### Certificates verification {.reference}
+
+The public keys defined in the Trusted Key Certificate are used to verify the later certificates in
+the CoT process. The Trusted Key Certificate is verified with the Root of Trust Public Key.
+
+#### UEFI authenticated variables {.reference}
+
+For UEFI Secure Boot, authenticated variables can be accessed from the secure flash.
+The feature has been integrated in U-Boot, which authenticates the images as per the UEFI
+specification before executing them.
+
+## Secure services {.reference}
+
+Corstone-1000 is unique in offering a secure environment for running trusted workloads.
+While the Host system includes TrustZone technology, the platform also features a hardware-isolated
+Secure Enclave, specifically designed to execute these secure workloads.
+
+In Corstone-1000, essential Secure Services—such as Cryptography, Protected Storage,
+Internal Trusted Storage, and Attestation—are provided through PSA Functional APIs implemented in TF-M.
+
+From the user's perspective, there is no difference when communicating with these services,
+whether they run in the Secure Enclave or in the Secure world of the Host system.
+The diagram below illustrates the data flow for such calls.
+
+![Secure services](../images/SecureServices.png)
+
+The Secure Enclave Proxy Secure Partition (SE Proxy SP) is a proxy managed by OP-TEE that forwards
+Secure Service calls to the Secure Enclave. This communication uses the
+[RSE communication protocol](https://tf-m-user-guide.trustedfirmware.org/platform/arm/rse/rse_comms.html).
+While the protocol supports shared memory and MHU interrupts as a doorbell mechanism between cores,
+in Corstone-1000, the entire message is currently transmitted through the MHU channels.
+Corstone-1000 implements Isolation Level 2 using the Cortex-M0+ Memory Protection Unit (MPU).
+
+Users can define their own secure services to run either in the Host system's Secure World or in
+the Secure Enclave. This choice involves a trade-off between latency and security.
+Services running in the Secure Enclave benefit from strong, hardware-enforced isolation,
+offering higher security but at the cost of increased latency. In contrast, services running in the
+Host Secure World experience lower latency, but rely on TrustZone technology for virtualized isolation,
+which offers comparatively less robust security.
+
+## PSA secure firmware update {.reference}
+
+The Corstone-1000 platform necessitates a robust, secure, and flexible firmware update mechanism
+including partial capsule update to ensure fielded devices can receive critical patches, feature enhancements,
+and security fixes without compromising system integrity. To meet these requirements, we have implemented the
+Platform Security Architecture (PSA) Firmware Update (FWU) framework on Corstone-1000, leveraging Trusted Firmware-M (TF-M)
+for the Secure Enclave, U-Boot as the host-side client on Cortex-A, and the UEFI capsule update mechanism for payload
+encapsulation. This design supports the Fixed Virtual Platform (FVP) target, providing consistent behavior across
+simulation-based deployments. The Corstone-1000 supports FWU
+which complies with the
+[Platform Security Firmware Update for the A-profile Arm Architecture]($platform_security_fwu_for_a_profile_pdf)
+and [PSA Firmware Update IHI 0093]($psa_firmware_update_ihi_0093_api_reference_website)
+specifications.
+
+To standardize and streamline capsule creation with multiple FMP payloads, the
+[EDK2 capsule generation tool]($edk2_capsule_generation_tool_repository)
+tool has been integrated into the meta-arm Yocto layer for Corstone-1000. This integration involves defining
+build rules for generating UEFI capsules as part of the firmware image build process. Configuration parameters
+exposed in the recipe allow developers to specify the number of FMP payloads, target image GUIDs, version numbers etc.
+This capsule ensures that all update payloads conform to the UEFI FMP specification and are ready for
+validation and delivery by U‑Boot.
+
+The FWU solution for Corstone-1000 is composed of three primary domains:
+
+- Host System
+- Trusted Services intermediary
+- Secure Enclave
+
+Each domain has distinct responsibilities and communicates through standardized interfaces.
+
+![System architecture PSA firmware update](../images/SystemArchitecturePSAFirmwareUpdate.png)
+
+On the host side, U-Boot functions as the FWU client and orchestrates the update process from capsule retrieval to
+payload delivery based on [PSA FWU DEN0018 specification]($psa_fwu_den0018_specification_website)
+via Arm FF-A framework. The Trusted-Services SE Proxy secure partition serves as a gateway between the non-secure host
+environment and the Secure Enclave. The [PSA FWU service]($ts_psa_fwu_service_website) running in the Trusted Services
+implementation forwards the data to the Secure Enclave via MHU-based PSA calls. Within the Secure Enclave, the PSA FWU
+Agent, conforming to [PSA Firmware Update IHI 0093]($psa_firmware_update_ihi_0093_api_reference_website) specification,
+orchestrates the actual flash programming, metadata management, and rollback protection mechanisms. The agent relies on a
+bespoke [shim layer]($tfm_shim_layer_website) to abstract hardware‑specific flash operations and bootloader interactions.
+
+As defined in the specification, the external flash is divided into two banks: one bank holds the
+currently running images, while the other is used to stage new images.
+
+There are four updatable components: **BL2**, **TF-M**, **the FIP** and **the Kernel Image** (the initramfs bundle).
+New images are delivered and accepted in the form of UEFI capsules.
+
+![External flash](../images/ExternalFlash.png)
+
+When a FWU is initiated on Corstone-1000, the following sequence of operations takes place:
+
+1. Capsule Retrieval and Preparation
+
+   U-Boot on the host system retrieves the firmware capsule.
+   It validates the capsule header and parses the FMP (Firmware Management Protocol) descriptor list to identify the payloads to be updated.
+
+   For each FMP descriptor, U-Boot:
+
+   Splits the firmware payload into 4 KiB chunks.
+   Invokes the PSA_FWU_Update API for each chunk, transmitting the buffer address via the FF-A (Firmware Framework for Arm) shared memory interface.
+
+2. Secure Transmission and Forwarding
+
+   The PSA Firmware Update (FWU) service, running as part of Trusted Services, receives the chunks through Secure Partition Client (SPC) calls.
+   It forwards these chunks to the Secure Enclave using MHU-based PSA calls.
+
+3. Flashing Within the Secure Enclave
+
+   Inside the Secure Enclave, the PSA FWU Agent dispatches each chunk to the shim layer.
+
+   The shim layer:
+
+   Erases the corresponding sectors in the non-active flash bank.
+   Writes the received firmware chunks at the correct offsets.
+   During partial updates, it also copies static partitions from the active bank to the non-active one to maintain consistency.
+
+4. Finalization and Boot Preparation
+
+   After all chunks are successfully written:
+
+   The shim updates the firmware manifest and the EFI System Resource Table (ESRT) entries to reflect the new image version.
+   This step enables the bootloader to recognize the new firmware for a trial boot.
+   The platform then performs an automatic reset, booting into the non-active bank in trial mode.
+
+5. Trial Boot and Confirmation
+
+   In trial mode, U-Boot evaluates the new firmware and issues either an accept or reject command using the PSA FWU ABI.
+   These commands are sent to the Secure Enclave, instructing the shim to update the firmware metadata accordingly.
+
+6. Recovery and Fallback Mechanism
+
+   If the trial boot is successful, the host sends an acknowledgment, transitioning the firmware state from 'trial' to 'regular'.
+
+   If the system fails or becomes unresponsive:
+
+   A watchdog timer triggers a system reset.
+   The BL1 firmware in the Secure Enclave detects repeated failures and reverts to the previously known-good flash bank.
+   This rollback mechanism ensures the device remains operational and recoverable, even after a failed update.
+
+![Secure firmware update](../images/SecureFirmwareUpdate.png)
+
+## UEFI runtime support in U-Boot {.reference}
+
+The implementation of UEFI boot-time and runtime APIs requires persistent variable storage. In
+Corstone-1000, UEFI variables are stored using the Protected Storage (PS) service.
+
+The diagram below illustrates the data flow for storing UEFI variables. U-Boot's UEFI subsystem
+communicates with the Secure World using the U-Boot FF-A driver, which interfaces with the
+[UEFI System Management Mode (SMM) service]($trusted_services_uefi_smm_website).
+
+The SMM service provides support for the UEFI System Management Mode. This support is implemented by the SMM Gateway secure partition.
+The SMM service then uses the Proxy Protected Storage (PS) provided by the SE Proxy SP.
+These PS calls are forwarded to the Secure Enclave, following the communication path described earlier.
+
+![UEFI runtime support flow](../images/UEFISupport.png)
+
+## References {.reference}
+
+For more information, see:
+
+- [Arm Developer]($arm_developer_cs1000_search)
+- [Arm Security Architectures]($arm_architecture_security_features_platform_security)

meta-arm-bsp/documentation/corstone1000-a320/topics/user-guide.md

@@ -0,0 +1,265 @@
+# Build, flash and run {.chapter permissions=non-confidential}
+
+The Arm Corstone-1000 software stack uses the Yocto Project to build a tiny Linux distribution suitable for the Arm Corstone-1000 platform (kernel and initramfs filesystem less than 6 MB on the flash).
+
+The Corstone-1000 software stack can be run on [Arm Corstone-1000 Ecosystem FVP (Fixed Virtual Platform)](https://developer.arm.com/downloads/-/arm-ecosystem-fvps) and is built on top of Yocto Project's [Whinlatter release]($meta_arm_repository_release_branch).
+
+The Yocto Project relies on the [BitBake](https://docs.yoctoproject.org/bitbake.html#bitbake-documentation) tool as its build tool. Please see the [Yocto Project documentation](https://docs.yoctoproject.org/) for more information.
+
+## Prerequisites {.reference}
+
+This guide assumes that your host machine is running Ubuntu 24.04 LTS (with `sudo` rights), with at least
+32GB of free disk space and 16GB of RAM as minimum requirement.
+
+The following prerequisites must be available on the host system:
+
+- Git 2.39.2 or greater.
+- Python 3.11.2 or greater.
+- GNU Tar 1.34 or greater.
+- GNU Compiler Collection 12.2 or greater.
+- GNU Make 4.3 or greater.
+- tmux 3.3 or greater.
+
+Please follow the steps described in the Yocto mega manual:
+
+- [Compatible Linux Distribution](https://docs.yoctoproject.org/singleindex.html#compatible-linux-distribution)
+- [Build Host Packages](https://docs.yoctoproject.org/singleindex.html#build-host-packages)
+
+## Software components {.reference}
+
+Within the Yocto Project, each component included in the Corstone-1000 software stack is specified as
+a [BitBake recipe](https://docs.yoctoproject.org/bitbake/2.2/bitbake-user-manual/bitbake-user-manual-intro.html#recipes).
+The recipes specific to the Corstone-1000 BSP are located at:
+`${WORKSPACE}/meta-arm/meta-arm-bsp/`.
+
+`${WORKSPACE}` refers to the absolute path to your workspace where the `meta-arm` repository will be cloned. Consider exporting it (e.g., `export WORKSPACE=$(realpath .)`) if you're already in the workspace directory,
+so you can copy and paste the commands from this guide verbatim.
+
+The Yocto machine config files are at:
+
+- `${WORKSPACE}/meta-arm/meta-arm-bsp/conf/machine/include/corstone1000-a320.inc`
+- `${WORKSPACE}/meta-arm/meta-arm-bsp/conf/machine/corstone1000-a320-fvp.conf`
+
+:::note
+All the paths stated in this document are absolute paths.
+:::
+
+### Host processor components {.reference}
+
+This section describes the components used in the host processor.
+
+#### Trusted Firmware-A {.reference}
+
+The following [Trusted Firmware-A](https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git) components are used:
+
+Table: Trusted Firmware-A components
+
+| Type      | Path                                                                                                             |
+| --------- | ---------------------------------------------------------------------------------------------------------------- |
+| bbappend  | `${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend`                |
+| Recipe    | `${WORKSPACE}/meta-arm/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_2.14.0.bb`                     |
+
+#### Trusted Services {.reference}
+
+The following [Trusted Services](https://trusted-services.readthedocs.io/en/latest/index.html) components are used:
+
+Table: Trusted Services components
+
+| Type      | Path                                                                                                             |
+| --------- | ---------------------------------------------------------------------------------------------------------------- |
+| bbappend  | `${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-security/trusted-services/libts_%.bbappend`                          |
+| bbappend  | `${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-crypto-api-test_%.bbappend`        |
+| bbappend  | `${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-iat-api-test_%.bbappend`           |
+| bbappend  | `${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-its-api-test_%.bbappend`           |
+| bbappend  | `${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-psa-ps-api-test_%.bbappend`            |
+| bbappend  | `${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-se-proxy_%.bbappend`                |
+| bbappend  | `${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-security/trusted-services/ts-sp-smm-gateway_%.bbappend`             |
+| Recipe    | `${WORKSPACE}/meta-arm/meta-arm/recipes-security/trusted-services/libts_git.bb`                                  |
+| Recipe    | `${WORKSPACE}/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-crypto-api-test_git.bb`                |
+| Recipe    | `${WORKSPACE}/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-iat-api-test_git.bb`                   |
+| Recipe    | `${WORKSPACE}/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-its-api-test_git.bb`                   |
+| Recipe    | `${WORKSPACE}/meta-arm/meta-arm/recipes-security/trusted-services/ts-psa-ps-api-test_git.bb`                    |
+| Recipe    | `${WORKSPACE}/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-smm-gateway_git.bb`                     |
+| Recipe    | `${WORKSPACE}/meta-arm/meta-arm/recipes-security/trusted-services/ts-sp-se-proxy_git.bb`                        |
+
+#### OP-TEE {.reference}
+
+The following [OP-TEE](https://git.trustedfirmware.org/OP-TEE/optee_os.git) components are used:
+
+Table: OP-TEE components
+
+| Type      | Path                                                                                                             |
+| --------- | ---------------------------------------------------------------------------------------------------------------- |
+| bbappend  | `${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os_4.%.bbappend`                               |
+| Recipe    | `${WORKSPACE}/meta-arm/meta-arm/recipes-security/optee/optee-os_4.9.0.bb`                                       |
+
+#### U-Boot {.reference}
+
+The following [U-Boot](https://github.com/u-boot/u-boot.git) components are used:
+
+Table: U-Boot components
+
+| Type      | Path                                                                                                             |
+| --------- | ---------------------------------------------------------------------------------------------------------------- |
+| bbappend  | `${WORKSPACE}/meta-arm/meta-arm/recipes-bsp/u-boot/u-boot_%.bbappend`                                           |
+| bbappend  | `${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend`                                       |
+| Recipe    | `${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2025.04.bb`                                       |
+
+#### Linux {.reference}
+
+The distribution is based on the [Poky](https://docs.yoctoproject.org/ref-manual/terms.html#term-Poky)
+distribution which is a Linux distribution stripped down to a minimal configuration.
+
+The provided distribution is based on [BusyBox](https://www.busybox.net/) and built using [musl libc](https://musl.libc.org/).
+
+The following Linux components are used:
+
+Table: Linux components
+
+| Type      | Path                                                                                                             |
+| --------- | ---------------------------------------------------------------------------------------------------------------- |
+| bbappend  | `${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_%.bbappend`                                |
+| Recipe    | `${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-kernel/linux/linux-yocto_6.19.bb`                                   |
+| defconfig | `${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-kernel/linux/files/corstone1000/defconfig`                          |
+
+### Secure enclave components {.reference}
+
+This section describes the secure enclave components.
+
+#### Trusted Firmware-M {.reference}
+
+The following [Trusted Firmware-M](https://git.trustedfirmware.org/TF-M/trusted-firmware-m.git) are used:
+
+Table: Trusted Firmware-M secure enclave components
+
+| Type      | Path                                                                                                             |
+| --------- | ---------------------------------------------------------------------------------------------------------------- |
+| bbappend  | `${WORKSPACE}/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-m/trusted-firmware-m_%.bbappend`                |
+| Recipe    | `${WORKSPACE}/meta-arm/meta-arm/recipes-bsp/trusted-firmware-m/trusted-firmware-m_2.2.1.bb`                     |
+
+## Build {.reference}
+
+To build the software stack, do the following:
+
+:::note
+Building binaries natively on Windows and AArch64 Linux is not supported. Use an Intel or AMD 64-bit architecture Linux based development machine to build the software stack and transfer the binaries to run the software stack on an FVP in Windows or AArch64 Linux if required.
+:::
+
+1. Create a new folder that will be your workspace:
+
+   ```
+   mkdir ${WORKSPACE}
+   cd ${WORKSPACE}
+   ```
+
+2. Install kas version 4.4 with `sudo` rights:
+
+   ```
+   sudo pip3 install kas==4.4
+   ```
+
+   Ensure the kas installation directory is visible on the `$PATH` environment variable.
+
+3. Clone the `meta-arm` Yocto layer in the workspace `${WORKSPACE}`.
+
+   ```
+   cd ${WORKSPACE}
+   git clone https://git.yoctoproject.org/git/meta-arm -b CORSTONE1000-2025.12
+   ```
+
+4. Build a Corstone-1000 image:
+
+   ```
+   kas build meta-arm/kas/corstone1000-a320-fvp.yml:meta-arm/ci/debug.yml
+   ```
+
+5. Accept the EULA on the [Arm Developer](https://developer.arm.com/downloads/-/arm-ecosystem-fvps/eula) site to build a Corstone-1000 image for FVP as follows:
+
+   ```
+   export ARM_FVP_EULA_ACCEPT="True"
+   ```
+
+A clean build takes a significant amount of time given that all of the development machine utilities are also
+built along with the target images. Those development machine utilities include executables (Python,
+CMake, etc.) and the required toolchains.
+
+Once the build succeeds, all output binaries will be placed in `${WORKSPACE}/build/tmp/deploy/images/corstone1000-a320-fvp/`.
+
+Everything apart from the Secure Enclave ROM firmware is bundled into a single binary, the
+`corstone1000-flash-firmware-image-corstone1000-a320-fvp.wic` file.
+
+The output binaries run in the Corstone-1000 platform are the following:
+
+- The Secure Enclave ROM firmware: `${WORKSPACE}/build/tmp/deploy/images/corstone1000-a320-fvp/trusted-firmware-m/bl1.bin`
+- The internal firmware flash image: `${WORKSPACE}/build/tmp/deploy/images/corstone1000-a320-fvp/corstone1000-flash-firmware-image-corstone1000-a320-fvp.wic`
+
+## Build with SSH {.reference}
+
+The `meta-arm/kas/corstone1000-a320-fvp.yml` build produces an image for booting from flash.
+
+To build a bootable mass storage OS image with Dropbear SSH enabled, run:
+
+```
+kas build meta-arm/ci/corstone1000-a320-fvp.yml:meta-arm/kas/corstone1000-ssh.yml
+```
+
+The mass storage OS image can be found at `${WORKSPACE}/build/tmp/deploy/images/corstone1000-a320-fvp/core-image-minimal-corstone1000-a320-fvp.wic`
+
+:::note
+The generated `core-image-minimal-corstone1000-a320-fvp.fvpconf` attaches the mass storage OS image to `board.msd_mmc.p_mmc_file`.
+:::
+
+
+## Run {.reference}
+
+Once the platform is turned ON, the Secure Enclave will start to boot, wherein the relevant memory contents of the `*.wic`
+file are copied to their respective memory locations. Firewall policies are enforced
+on memories and peripherals before bringing the Host Processor out of reset.
+
+The Host Processor will boot TrustedFirmware-A, OP-TEE, U-Boot and then Linux before presenting a login prompt.
+
+A Fixed Virtual Platform (FVP) model of the Corstone-1000 platform must be available to run the
+Corstone-1000 FVP software image.
+
+A Yocto recipe is provided to download the latest supported FVP version.
+
+The recipe is located at `${WORKSPACE}/meta-arm/meta-arm/recipes-devtools/fvp/fvp-corstone1000-a320.bb`.
+
+The latest FVP version is `11.30.27` for Corstone-1000, and the model is automatically downloaded and installed when using the `runfvp` command as follows:
+
+```
+kas shell meta-arm/kas/corstone1000-a320-fvp.yml:meta-arm/ci/debug.yml \
+-c "../meta-arm/scripts/runfvp -- --version"
+```
+
+The FVP can also be manually downloaded from [Arm Developer](https://developer.arm.com/downloads/-/arm-ecosystem-fvps) to download the Corstone-1000 platform FVP installer.
+
+To set up the FVP:
+
+1. Run `tmux`:
+
+   ```
+   cd ${WORKSPACE} && tmux
+   ```
+
+2. Run the FVP within `tmux`:
+
+   ```
+   kas shell meta-arm/kas/corstone1000-a320-fvp.yml:meta-arm/ci/debug.yml \
+   -c "../meta-arm/scripts/runfvp --terminals=tmux"
+   ```
+
+   When the script is executed, three terminal instances will be launched:
+
+   - one for the Secure Enclave processing element
+   - two for the Host processor processing element.
+
+   ```
+   corstone1000-a320-fvp login:
+   ```
+
+3. Log in using the `root` username.
+
+## Security issue reporting {.reference}
+
+To report any security issues identified with Corstone-1000, please send an email to [psirt@arm.com](mailto:psirt@arm.com).

meta-arm-bsp/documentation/requirements.txt

@@ -7,5 +7,6 @@ jinja2==3.1.1
 
 # Required to build the documentation
 sphinx==7.1.2
+myst-parser~=3.0.1
 sphinx_rtd_theme~=3.0.0
 docutils~=0.18.1