diff --git a/meta-arm-bsp/conf/machine/fvp-base.conf b/meta-arm-bsp/conf/machine/fvp-base.conf
index 52f1e1f2..83506c7e 100644
--- a/meta-arm-bsp/conf/machine/fvp-base.conf
+++ b/meta-arm-bsp/conf/machine/fvp-base.conf
@@ -58,8 +58,8 @@ FVP_CONFIG[cluster0.check_memory_attributes] ?= "0"
 FVP_CONFIG[cluster1.check_memory_attributes] ?= "0"
 FVP_CONFIG[cluster0.stage12_tlb_size] ?= "1024"
 FVP_CONFIG[cluster1.stage12_tlb_size] ?= "1024"
-FVP_CONFIG[bp.secureflashloader.fname] ?= "bl1-fvp.bin"
-FVP_CONFIG[bp.flashloader0.fname] ?= "fip-fvp.bin"
+FVP_CONFIG[bp.secureflashloader.fname] ?= "trusted-firmware-a/bl1.bin"
+FVP_CONFIG[bp.flashloader0.fname] ?= "trusted-firmware-a/fip.bin"
 FVP_CONFIG[bp.virtioblockdevice.image_path] ?= "${IMAGE_NAME}.wic"
 
 # FVP Base default is 8.0, so there is no has_arm_v8-0 for it.  However, this is needed for every version after.  So set this accordingly
diff --git a/meta-arm-bsp/conf/machine/sgi575.conf b/meta-arm-bsp/conf/machine/sgi575.conf
index 75403930..07d1e79c 100644
--- a/meta-arm-bsp/conf/machine/sgi575.conf
+++ b/meta-arm-bsp/conf/machine/sgi575.conf
@@ -49,8 +49,8 @@ FVP_CONFIG[css.gic_distributor.ITS-device-bits] ?= "20"
 FVP_DATA ?= "css.scp.armcortexm7ct=scp_ramfw.bin@0x0BD80000"
 FVP_CONFIG[css.mcp.ROMloader.fname] ?= "mcp_romfw.bin"
 FVP_CONFIG[css.scp.ROMloader.fname] ?= "scp_romfw.bin"
-FVP_CONFIG[css.trustedBootROMloader.fname] ?= "bl1-sgi575.bin"
-FVP_CONFIG[board.flashloader0.fname] ?= "fip-sgi575.bin"
+FVP_CONFIG[css.trustedBootROMloader.fname] ?= "trusted-firmware-a/bl1.bin"
+FVP_CONFIG[board.flashloader0.fname] ?= "trusted-firmware-a/fip.bin"
 
 FVP_CONSOLES[default] = "terminal_uart_ap"
 FVP_TERMINALS[css.scp.terminal_uart_aon] ?= "SCP Console"
diff --git a/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb b/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb
index a452445e..e705efd3 100644
--- a/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb
+++ b/meta-arm-bsp/recipes-bsp/images/corstone1000-flash-firmware-image.bb
@@ -115,7 +115,7 @@ CAPSULE_INDEXES += "${PAYLOAD_FIP_INDEX} "
 CAPSULE_HARDWARE_INSTANCES += "${PAYLOAD_HARDWARE_INSTANCE} "
 CAPSULE_MONOTONIC_COUNTS += "${PAYLOAD_MONOTONIC_COUNT} "
 CAPSULE_PRIVATE_KEY_PATHS += "${PAYLOAD_PRIVATE_KEY_PATH} "
-UEFI_FIRMWARE_BINARIES += "${DEPLOY_DIR_IMAGE}/signed_fip-corstone1000.bin "
+UEFI_FIRMWARE_BINARIES += "${DEPLOY_DIR_IMAGE}/signed_fip.bin "
 CAPSULE_FW_VERSIONS += "${PAYLOAD_FIP_VERSION} "
 CAPSULE_LOWEST_SUPPORTED_VERSIONS += "${PAYLOAD_FIP_LOWEST_SUPPORTED_VERSION} "
 
@@ -155,8 +155,8 @@ CAPSULE_FW_VERSIONS += "${PAYLOAD_DUMMY_END_VERSION}"
 CAPSULE_LOWEST_SUPPORTED_VERSIONS += "${PAYLOAD_DUMMY_END_LOWEST_SUPPORTED_VERSION}"
 
 # TF-A settings for signing host images
-TFA_BL2_BINARY = "bl2-corstone1000.bin"
-TFA_FIP_BINARY = "fip-corstone1000.bin"
+TFA_BL2_BINARY = "bl2.bin"
+TFA_FIP_BINARY = "fip.bin"
 TFA_BL2_RE_IMAGE_LOAD_ADDRESS = "0x62353000"
 TFA_BL2_RE_SIGN_BIN_SIZE = "0x2d000"
 TFA_FIP_RE_IMAGE_LOAD_ADDRESS = "0x68130000"
@@ -167,11 +167,11 @@ RE_IMAGE_OFFSET = "0x1000"
 
 do_sign_images() {
     # Sign TF-A BL2
-    sign_host_image ${RECIPE_SYSROOT}/firmware/${TFA_BL2_BINARY} \
+    sign_host_image ${RECIPE_SYSROOT}/firmware/trusted-firmware-a/${TFA_BL2_BINARY} \
         ${TFA_BL2_RE_IMAGE_LOAD_ADDRESS} ${TFA_BL2_RE_SIGN_BIN_SIZE}
 
     # Update BL2 in the FIP image
-    cp ${RECIPE_SYSROOT}/firmware/${TFA_FIP_BINARY} .
+    cp ${RECIPE_SYSROOT}/firmware/trusted-firmware-a/${TFA_FIP_BINARY} .
     fiptool update --tb-fw \
         ${TFM_IMAGE_SIGN_DEPLOY_DIR}/signed_${TFA_BL2_BINARY} \
         ${TFM_IMAGE_SIGN_DIR}/${TFA_FIP_BINARY}
diff --git a/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb b/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb
index 0b17b024..16e4e8db 100644
--- a/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb
+++ b/meta-arm-bsp/recipes-bsp/images/firmware-image-juno.bb
@@ -35,10 +35,10 @@ do_compile[noexec] = "1"
 # packages for this recipe.
 do_install() {
     cp -a ${S} ${D}/
-    cp -f ${RECIPE_SYSROOT}/firmware/bl1-juno.bin \
+    cp -f ${RECIPE_SYSROOT}/firmware/trusted-firmware-a/bl1.bin \
         ${D}/${FIRMWARE_DIR}/SOFTWARE/bl1.bin
 
-    cp -f ${RECIPE_SYSROOT}/firmware/fip-juno.bin \
+    cp -f ${RECIPE_SYSROOT}/firmware/trusted-firmware-a/fip.bin \
         ${D}/${FIRMWARE_DIR}/SOFTWARE/fip.bin
 
     cp -f ${RECIPE_SYSROOT}/firmware/scp_romfw_bypass.bin \
diff --git a/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-sbsa-ref.inc b/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-sbsa-ref.inc
index f251aa46..06660aed 100644
--- a/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-sbsa-ref.inc
+++ b/meta-arm-bsp/recipes-bsp/uefi/edk2-firmware-sbsa-ref.inc
@@ -14,8 +14,8 @@ EDK2_BIN_NAME:sbsa-ref      = "SBSA_FLASH0.fd"
 
 do_compile:prepend:sbsa-ref() {
     mkdir -p ${B}/Platform/Qemu/Sbsa/
-    cp ${RECIPE_SYSROOT}/firmware/bl1.bin ${B}/Platform/Qemu/Sbsa/
-    cp ${RECIPE_SYSROOT}/firmware/fip.bin ${B}/Platform/Qemu/Sbsa/
+    cp ${RECIPE_SYSROOT}/firmware/trusted-firmware-a/bl1.bin ${B}/Platform/Qemu/Sbsa/
+    cp ${RECIPE_SYSROOT}/firmware/trusted-firmware-a/fip.bin ${B}/Platform/Qemu/Sbsa/
 }
 
 do_install:append:sbsa-ref() {
diff --git a/meta-arm-bsp/wic/corstone1000-flash-firmware.wks.in b/meta-arm-bsp/wic/corstone1000-flash-firmware.wks.in
index 6ab4f048..8cc0558c 100644
--- a/meta-arm-bsp/wic/corstone1000-flash-firmware.wks.in
+++ b/meta-arm-bsp/wic/corstone1000-flash-firmware.wks.in
@@ -22,7 +22,7 @@ part --source rawcopy --size 144k --sourceparams="file=bl2_signed.bin" --offset
 part --source rawcopy --size 320k --sourceparams="file=tfm_s_signed.bin" --align 4 --part-name="tfm_primary" --uuid 07F9616C-1233-439C-ACBA-72D75421BF70 --part-type D763C27F-07F6-4FF0-B2F3-060CB465CD4E
 
 # Rawcopy of the FIP binary
-part --source rawcopy --size 2 --sourceparams="file=signed_fip-corstone1000.bin" --align 4 --part-name="FIP_A" --uuid B9C7AC9D-40FF-4675-956B-EEF4DE9DF1C5 --part-type B5EB19BD-CF56-45E8-ABA7-7ADB228FFEA7
+part --source rawcopy --size 2 --sourceparams="file=signed_fip.bin" --align 4 --part-name="FIP_A" --uuid B9C7AC9D-40FF-4675-956B-EEF4DE9DF1C5 --part-type B5EB19BD-CF56-45E8-ABA7-7ADB228FFEA7
 
 # Rawcopy of kernel with initramfs
 part --source rawcopy --size 12 --sourceparams="file=Image.gz-initramfs-${MACHINE}.bin" --align 4 --part-name="kernel_primary" --uuid BF7A6142-0662-47FD-9434-6A8811980816 --part-type 8197561D-6124-46FC-921E-141CC5745B05
diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
index 983f48e3..49d7eaf5 100644
--- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
+++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a.inc
@@ -2,9 +2,7 @@ DESCRIPTION = "Trusted Firmware-A"
 HOMEPAGE = "https://trustedfirmware-a.readthedocs.io/"
 LICENSE = "BSD-2-Clause & BSD-3-Clause & MIT & Apache-2.0"
 
-PACKAGE_ARCH = "${MACHINE_ARCH}"
-
-inherit deploy
+inherit firmware
 
 SRC_URI_TRUSTED_FIRMWARE_A ?= "git://review.trustedfirmware.org/TF-A/trusted-firmware-a;protocol=https"
 SRCBRANCH = "master"
@@ -17,7 +15,7 @@ SRCREV_FORMAT = "tfa"
 COMPATIBLE_MACHINE ?= "invalid"
 
 # Platform must be set for each machine
-TFA_PLATFORM ?= "invalid"
+TFA_PLATFORM ?= "${FIRMWARE_PLATFORM}"
 
 # Some platforms can have multiple board configurations
 # Leave empty for default behavior
@@ -38,7 +36,7 @@ TFA_SP_LAYOUT_FILE ?= ""
 TFA_ARM_SPMC_MANIFEST_DTS ?= ""
 
 # Build for debug (set TFA_DEBUG to 1 to activate)
-TFA_DEBUG ?= "0"
+TFA_DEBUG ?= "${FIRMWARE_DEBUG_BUILD}"
 
 B = "${WORKDIR}/build"
 
@@ -185,7 +183,8 @@ do_compile() {
 do_compile[cleandirs] = "${B}"
 
 do_install() {
-    install -d -m 755 ${D}/firmware
+    install -d -m 755 ${D}${FIRMWARE_DIR}
+
     for atfbin in ${TFA_INSTALL_TARGET}; do
         processed="0"
         if [ "$atfbin" = "all" ]; then
@@ -199,28 +198,25 @@ do_install() {
         if [ -f ${BUILD_DIR}/$atfbin.bin ]; then
             echo "Install $atfbin.bin"
             install -m 0644 ${BUILD_DIR}/$atfbin.bin \
-                ${D}/firmware/$atfbin-${TFA_PLATFORM}${TFA_INSTALL_SUFFIX}.bin
-            ln -sf $atfbin-${TFA_PLATFORM}${TFA_INSTALL_SUFFIX}.bin ${D}/firmware/$atfbin${TFA_INSTALL_SUFFIX}.bin
+                ${D}${FIRMWARE_DIR}/$atfbin${TFA_INSTALL_SUFFIX}.bin
             processed="1"
         fi
         if [ -f ${BUILD_DIR}/$atfbin/$atfbin.elf ]; then
             echo "Install $atfbin.elf"
             install -m 0644 ${BUILD_DIR}/$atfbin/$atfbin.elf \
-                ${D}/firmware/$atfbin-${TFA_PLATFORM}${TFA_INSTALL_SUFFIX}.elf
-            ln -sf $atfbin-${TFA_PLATFORM}${TFA_INSTALL_SUFFIX}.elf ${D}/firmware/$atfbin${TFA_INSTALL_SUFFIX}.elf
+                ${D}${FIRMWARE_DIR}/$atfbin${TFA_INSTALL_SUFFIX}.elf
             processed="1"
         fi
         if [ -f ${BUILD_DIR}/$atfbin ]; then
             echo "Install $atfbin"
             install -m 0644 ${BUILD_DIR}/$atfbin \
-                ${D}/firmware/$atfbin-${TFA_PLATFORM}${TFA_INSTALL_SUFFIX}
-            ln -sf $atfbin-${TFA_PLATFORM}${TFA_INSTALL_SUFFIX} ${D}/firmware/$atfbin${TFA_INSTALL_SUFFIX}
+                ${D}${FIRMWARE_DIR}/$atfbin${TFA_INSTALL_SUFFIX}
             processed="1"
         fi
         if [ -f ${BUILD_DIR}/fdts/$atfbin.dtb ]; then
             echo "Install $atfbin.dtb"
             install -m 0644 "${BUILD_DIR}/fdts/$atfbin.dtb" \
-                "${D}/firmware/$atfbin${TFA_INSTALL_SUFFIX}.dtb"
+                "${D}${FIRMWARE_DIR}/$atfbin${TFA_INSTALL_SUFFIX}.dtb"
             processed="1"
         elif [ "$atfbin" = "dtbs" ]; then
             echo "dtbs install, skipped: set dtbs in TFA_INSTALL_TARGET"
@@ -233,21 +229,12 @@ do_install() {
     done
 }
 
-FILES:${PN} = "/firmware"
-SYSROOT_DIRS += "/firmware"
-
-FILES:${PN}-dbg = "/firmware/*.elf"
 # Skip QA check for relocations in .text of elf binaries
 INSANE_SKIP:${PN}-dbg += "textrel"
 # Build paths are currently embedded
 INSANE_SKIP:${PN} += "buildpaths"
 INSANE_SKIP:${PN}-dbg += "buildpaths"
 
-do_deploy() {
-    cp -rf ${D}/firmware/* ${DEPLOYDIR}/
-}
-addtask deploy after do_install
-
 CVE_PRODUCT = "arm:arm-trusted-firmware \
                arm:trusted_firmware-a \
                arm:arm_trusted_firmware \
diff --git a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
index 02c88148..679f6f22 100644
--- a/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
+++ b/meta-arm/recipes-bsp/trusted-firmware-a/trusted-firmware-a_%.bbappend
@@ -63,3 +63,13 @@ do_compile:append:qemuarm-secureboot() {
     dd if=${BUILD_DIR}/bl1.bin of=${BUILD_DIR}/flash.bin bs=4096 conv=notrunc
     dd if=${BUILD_DIR}/fip.bin of=${BUILD_DIR}/flash.bin seek=64 bs=4096 conv=notrunc
 }
+
+do_deploy:append:qemuarm64-secureboot(){
+    # runqemu requires flash.bin to be in the deploy directory
+    ln -srn ${DEPLOYDIR}/${PN}/flash.bin ${DEPLOYDIR}/flash.bin
+}
+
+do_deploy:append:qemuarm-secureboot(){
+    # runqemu requires flash.bin to be in the deploy directory
+    ln -srn ${DEPLOYDIR}/${PN}/flash.bin ${DEPLOYDIR}/flash.bin
+}