diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0038-corstone1000-add-signature-device-tree-overlay.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0038-corstone1000-add-signature-device-tree-overlay.patch
new file mode 100644
index 00000000..9d8c6a9e
--- /dev/null
+++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0038-corstone1000-add-signature-device-tree-overlay.patch
@@ -0,0 +1,31 @@
+From 88cb6f5a91178903d4e306d8653b941f9727987b Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Wed, 13 Sep 2023 13:20:15 +0100
+Subject: [PATCH] corstone1000: add signature device tree overlay
+
+Adds signature device tree overlay.
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ arch/arm/dts/corstone1000.dtsi | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/arch/arm/dts/corstone1000.dtsi b/arch/arm/dts/corstone1000.dtsi
+index 25a032b6b3..1c3ab2c315 100644
+--- a/arch/arm/dts/corstone1000.dtsi
++++ b/arch/arm/dts/corstone1000.dtsi
+@@ -111,6 +111,10 @@
+ 		fwu-mdata-store = <&nvmxip>;
+ 	};
+ 
++	signature {
++		capsule-key = /incbin/("../../../CRT.esl");
++	};
++
+ 	soc {
+ 		compatible = "simple-bus";
+ 		#address-cells = <1>;
+-- 
+2.17.1
+
diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0039-corstone1000-enable-authenticated-capsule-config.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0039-corstone1000-enable-authenticated-capsule-config.patch
new file mode 100644
index 00000000..761234e6
--- /dev/null
+++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0039-corstone1000-enable-authenticated-capsule-config.patch
@@ -0,0 +1,28 @@
+From 9b884d4f483474b99fcb4850197a1c8dde34147d Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Wed, 13 Sep 2023 13:52:02 +0100
+Subject: [PATCH] corstone1000: enable authenticated capsule config
+
+Enables authenticated capsule update config for corstone1000.
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Upstream-Status: Pending [Not submitted to upstream yet]
+---
+ configs/corstone1000_defconfig | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/configs/corstone1000_defconfig b/configs/corstone1000_defconfig
+index 5b0b2ac3bf..2de3f5d7b3 100644
+--- a/configs/corstone1000_defconfig
++++ b/configs/corstone1000_defconfig
+@@ -70,6 +70,7 @@ CONFIG_FWU_MDATA=y
+ CONFIG_FWU_MDATA_GPT_BLK=y
+ CONFIG_SYSRESET=y
+ CONFIG_EFI_CAPSULE_ON_DISK=y
++CONFIG_EFI_CAPSULE_AUTHENTICATE=y
+ CONFIG_EFI_IGNORE_OSINDICATIONS=y
+ CONFIG_FWU_MULTI_BANK_UPDATE=y
+ # CONFIG_TOOLS_MKEFICAPSULE is not set
+-- 
+2.17.1
+
diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0040-corstone1000-introduce-EFI-authenticated-capsule-upd.patch b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0040-corstone1000-introduce-EFI-authenticated-capsule-upd.patch
new file mode 100644
index 00000000..f47dd8c1
--- /dev/null
+++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot/corstone1000/0040-corstone1000-introduce-EFI-authenticated-capsule-upd.patch
@@ -0,0 +1,76 @@
+From b99a39c662b9be5f940b895efa8016f5567e1c1f Mon Sep 17 00:00:00 2001
+From: Emekcan Aras <emekcan.aras@arm.com>
+Date: Wed, 13 Sep 2023 13:55:08 +0100
+Subject: [PATCH] corstone1000: introduce EFI authenticated capsule update
+
+Introduces EFI authenticated capsule update for corstone1000. Corstone1000
+implements platform-specific capsule update mechanism in u-bootdue to the SoC
+design. This patch add authenticated capsule update mechanism to the
+platform-specific firmware-update routine.
+
+Signed-off-by: Emekcan Aras <emekcan.aras@arm.com>
+Upstream-Status: Inappropriate [Redesign of Capsule update interface is required]
+---
+ lib/efi_loader/efi_capsule.c | 39 ++++++++++++++++++++++++++++++++++++
+ 1 file changed, 39 insertions(+)
+
+diff --git a/lib/efi_loader/efi_capsule.c b/lib/efi_loader/efi_capsule.c
+index 6a06605ad9..30fb7d1dd5 100644
+--- a/lib/efi_loader/efi_capsule.c
++++ b/lib/efi_loader/efi_capsule.c
+@@ -820,6 +820,12 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule(
+ 		u64 scatter_gather_list)
+ {
+ 	struct efi_capsule_header *capsule;
++	struct efi_firmware_management_capsule_header *capsule_header;
++	struct efi_firmware_management_capsule_image_header *image;
++	size_t image_binary_size;
++	size_t tmp_capsule_payload_size=0;
++	void *tmp_capsule_payload=NULL;
++	void *image_binary;
+ 	unsigned int i;
+ 	efi_status_t ret;
+ 
+@@ -859,6 +865,39 @@ efi_status_t __efi_runtime EFIAPI efi_update_capsule(
+ 			goto out;
+ 		}
+ 
++		capsule_header = (void *)capsule + capsule->header_size;
++		image = (void *)capsule_header + capsule_header->item_offset_list[0];
++		if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE) &&
++			!(image->image_capsule_support &
++			CAPSULE_SUPPORT_AUTHENTICATION)) {
++			/* no signature */
++			log_err("Corstone1000: Capsule authentication flag check failed. Aborting update\n");
++			ret = EFI_SECURITY_VIOLATION;
++			goto out;
++		}
++
++		image_binary = (void *)image + sizeof(*image);
++		image_binary_size = image->update_image_size;
++		if (IS_ENABLED(CONFIG_EFI_CAPSULE_AUTHENTICATE) &&
++		    (image->image_capsule_support &
++			CAPSULE_SUPPORT_AUTHENTICATION)){
++			ret = efi_capsule_authenticate(image_binary, image_binary_size,
++						  &tmp_capsule_payload,
++						  &tmp_capsule_payload_size);
++
++			if (ret == EFI_SECURITY_VIOLATION) {
++				log_err("Corstone1000: Capsule authentication check failed. Aborting update\n");
++				goto out;
++			} else if (ret != EFI_SUCCESS) {
++				goto out;
++			}
++
++			log_debug("Corstone1000: Capsule authentication successful\n");
++		} else {
++			log_debug("Corstone1000: Capsule authentication disabled. ");
++			log_debug("Corstone1000: Updating capsule without authenticating.\n");
++		}
++
+ 		/* copy the data to the contiguous buffer */
+ 		efi_memcpy_runtime(corstone1000_capsule_buf, capsule, capsule->capsule_image_size);
+ 
+-- 
+2.17.1
+
diff --git a/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend b/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
index 6ad4b782..c2916a55 100644
--- a/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
+++ b/meta-arm-bsp/recipes-bsp/u-boot/u-boot_%.bbappend
@@ -3,7 +3,7 @@ FILESEXTRAPATHS:prepend := "${THISDIR}/${PN}:"
 #
 # Corstone1000 64-bit machines
 #
-DEPENDS:append:corstone1000 = " gnutls-native"
+DEPENDS:append:corstone1000 = " gnutls-native openssl-native efitools-native"
 CORSTONE1000_DEVICE_TREE:corstone1000-mps3 = "corstone1000-mps3"
 CORSTONE1000_DEVICE_TREE:corstone1000-fvp = "corstone1000-fvp"
 EXTRA_OEMAKE:append:corstone1000 = ' DEVICE_TREE=${CORSTONE1000_DEVICE_TREE}'
@@ -48,8 +48,21 @@ SRC_URI:append:corstone1000 = " \
 	file://0035-dt-Provide-a-way-to-remove-non-compliant-nodes-and-p.patch \
 	file://0036-bootefi-Call-the-EVT_FT_FIXUP-event-handler.patch \
 	file://0037-corstone1000-purge-U-Boot-specific-DT-nodes.patch \
+	file://0038-corstone1000-add-signature-device-tree-overlay.patch	  \
+	file://0039-corstone1000-enable-authenticated-capsule-config.patch	  \
+	file://0040-corstone1000-introduce-EFI-authenticated-capsule-upd.patch	  \
         "
 
+do_configure:append:corstone1000(){
+    openssl req -x509 -sha256 -newkey rsa:2048 -subj /CN=CRT/ -keyout ${B}/CRT.key -out ${B}/CRT.crt -nodes -days 365
+    cert-to-efi-sig-list ${B}/CRT.crt ${B}/corstone1000_defconfig/CRT.esl
+}
+
+do_install:append:corstone1000() {
+   install -D -p -m 0644 ${B}/CRT.crt ${DEPLOY_DIR_IMAGE}/corstone1000_capsule_cert.crt
+   install -D -p -m 0644 ${B}/CRT.key ${DEPLOY_DIR_IMAGE}/corstone1000_capsule_key.key
+}
+
 #
 # FVP BASE
 #