14 files changed, 1171 insertions, 11 deletions
diff --git a/include/common/bl_common.ld.h b/include/common/bl_common.ld.h
index 32c54b4d2..8ea7d6a8c 100644
--- a/include/common/bl_common.ld.h
+++ b/include/common/bl_common.ld.h
@@ -7,6 +7,164 @@
 #ifndef BL_COMMON_LD_H
 #define BL_COMMON_LD_H
 
+#include <platform_def.h>
+
+#ifdef __aarch64__
+#define STRUCT_ALIGN	8
+#define BSS_ALIGN	16
+#else
+#define STRUCT_ALIGN	4
+#define BSS_ALIGN	8
+#endif
+
+#define CPU_OPS						\
+	. = ALIGN(STRUCT_ALIGN);			\
+	__CPU_OPS_START__ = .;				\
+	KEEP(*(cpu_ops))				\
+	__CPU_OPS_END__ = .;
+
+#define PARSER_LIB_DESCS				\
+	. = ALIGN(STRUCT_ALIGN);			\
+	__PARSER_LIB_DESCS_START__ = .;			\
+	KEEP(*(.img_parser_lib_descs))			\
+	__PARSER_LIB_DESCS_END__ = .;
+
+#define RT_SVC_DESCS					\
+	. = ALIGN(STRUCT_ALIGN);			\
+	__RT_SVC_DESCS_START__ = .;			\
+	KEEP(*(rt_svc_descs))				\
+	__RT_SVC_DESCS_END__ = .;
+
+#define PMF_SVC_DESCS					\
+	. = ALIGN(STRUCT_ALIGN);			\
+	__PMF_SVC_DESCS_START__ = .;			\
+	KEEP(*(pmf_svc_descs))				\
+	__PMF_SVC_DESCS_END__ = .;
+
+#define FCONF_POPULATOR					\
+	. = ALIGN(STRUCT_ALIGN);			\
+	__FCONF_POPULATOR_START__ = .;			\
+	KEEP(*(.fconf_populator))			\
+	__FCONF_POPULATOR_END__ = .;
+
+/*
+ * Keep the .got section in the RO section as it is patched prior to enabling
+ * the MMU and having the .got in RO is better for security. GOT is a table of
+ * addresses so ensure pointer size alignment.
+ */
+#define GOT						\
+	. = ALIGN(STRUCT_ALIGN);			\
+	__GOT_START__ = .;				\
+	*(.got)						\
+	__GOT_END__ = .;
+
+/*
+ * The base xlat table
+ *
+ * It is put into the rodata section if PLAT_RO_XLAT_TABLES=1,
+ * or into the bss section otherwise.
+ */
+#define BASE_XLAT_TABLE					\
+	. = ALIGN(16);					\
+	*(base_xlat_table)
+
+#if PLAT_RO_XLAT_TABLES
+#define BASE_XLAT_TABLE_RO		BASE_XLAT_TABLE
+#define BASE_XLAT_TABLE_BSS
+#else
+#define BASE_XLAT_TABLE_RO
+#define BASE_XLAT_TABLE_BSS		BASE_XLAT_TABLE
+#endif
+
+#define RODATA_COMMON					\
+	RT_SVC_DESCS					\
+	FCONF_POPULATOR					\
+	PMF_SVC_DESCS					\
+	PARSER_LIB_DESCS				\
+	CPU_OPS						\
+	GOT						\
+	BASE_XLAT_TABLE_RO
+
+#define STACK_SECTION					\
+	stacks (NOLOAD) : {				\
+		__STACKS_START__ = .;			\
+		*(tzfw_normal_stacks)			\
+		__STACKS_END__ = .;			\
+	}
+
+/*
+ * If BL doesn't use any bakery lock then __PERCPU_BAKERY_LOCK_SIZE__
+ * will be zero. For this reason, the only two valid values for
+ * __PERCPU_BAKERY_LOCK_SIZE__ are 0 or the platform defined value
+ * PLAT_PERCPU_BAKERY_LOCK_SIZE.
+ */
+#ifdef PLAT_PERCPU_BAKERY_LOCK_SIZE
+#define BAKERY_LOCK_SIZE_CHECK				\
+	ASSERT((__PERCPU_BAKERY_LOCK_SIZE__ == 0) ||	\
+	       (__PERCPU_BAKERY_LOCK_SIZE__ == PLAT_PERCPU_BAKERY_LOCK_SIZE), \
+	       "PLAT_PERCPU_BAKERY_LOCK_SIZE does not match bakery lock requirements");
+#else
+#define BAKERY_LOCK_SIZE_CHECK
+#endif
+
+/*
+ * Bakery locks are stored in normal .bss memory
+ *
+ * Each lock's data is spread across multiple cache lines, one per CPU,
+ * but multiple locks can share the same cache line.
+ * The compiler will allocate enough memory for one CPU's bakery locks,
+ * the remaining cache lines are allocated by the linker script
+ */
+#if !USE_COHERENT_MEM
+#define BAKERY_LOCK_NORMAL				\
+	. = ALIGN(CACHE_WRITEBACK_GRANULE);		\
+	__BAKERY_LOCK_START__ = .;			\
+	__PERCPU_BAKERY_LOCK_START__ = .;		\
+	*(bakery_lock)					\
+	. = ALIGN(CACHE_WRITEBACK_GRANULE);		\
+	__PERCPU_BAKERY_LOCK_END__ = .;			\
+	__PERCPU_BAKERY_LOCK_SIZE__ = ABSOLUTE(__PERCPU_BAKERY_LOCK_END__ - __PERCPU_BAKERY_LOCK_START__); \
+	. = . + (__PERCPU_BAKERY_LOCK_SIZE__ * (PLATFORM_CORE_COUNT - 1)); \
+	__BAKERY_LOCK_END__ = .;			\
+	BAKERY_LOCK_SIZE_CHECK
+#else
+#define BAKERY_LOCK_NORMAL
+#endif
+
+/*
+ * Time-stamps are stored in normal .bss memory
+ *
+ * The compiler will allocate enough memory for one CPU's time-stamps,
+ * the remaining memory for other CPUs is allocated by the
+ * linker script
+ */
+#define PMF_TIMESTAMP					\
+	. = ALIGN(CACHE_WRITEBACK_GRANULE);		\
+	__PMF_TIMESTAMP_START__ = .;			\
+	KEEP(*(pmf_timestamp_array))			\
+	. = ALIGN(CACHE_WRITEBACK_GRANULE);		\
+	__PMF_PERCPU_TIMESTAMP_END__ = .;		\
+	__PERCPU_TIMESTAMP_SIZE__ = ABSOLUTE(. - __PMF_TIMESTAMP_START__); \
+	. = . + (__PERCPU_TIMESTAMP_SIZE__ * (PLATFORM_CORE_COUNT - 1)); \
+	__PMF_TIMESTAMP_END__ = .;
+
+
+/*
+ * The .bss section gets initialised to 0 at runtime.
+ * Its base address has bigger alignment for better performance of the
+ * zero-initialization code.
+ */
+#define BSS_SECTION					\
+	.bss (NOLOAD) : ALIGN(BSS_ALIGN) {		\
+		__BSS_START__ = .;			\
+		*(SORT_BY_ALIGNMENT(.bss*))		\
+		*(COMMON)				\
+		BAKERY_LOCK_NORMAL			\
+		PMF_TIMESTAMP				\
+		BASE_XLAT_TABLE_BSS			\
+		__BSS_END__ = .;			\
+	}
+
 /*
  * The xlat_table section is for full, aligned page tables (4K).
  * Removing them from .bss avoids forcing 4K alignment on
diff --git a/include/drivers/arm/cryptocell/713/bsv_api.h b/include/drivers/arm/cryptocell/713/bsv_api.h
new file mode 100644
index 000000000..dc494735c
--- /dev/null
+++ b/include/drivers/arm/cryptocell/713/bsv_api.h
@@ -0,0 +1,221 @@
+/*
+ * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef _BSV_API_H
+#define _BSV_API_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/*!
+@file
+@brief This file contains the Boot Services APIs and definitions.
+
+@defgroup cc_bsv_api CryptoCell Boot Services APIs and definitions
+@{
+@ingroup cc_bsv
+*/
+
+#include "cc_pal_types.h"
+#include "cc_sec_defs.h"
+#include "cc_boot_defs.h"
+
+/* Life cycle state definitions. */
+#define CC_BSV_CHIP_MANUFACTURE_LCS    0x0 /*!< The CM life-cycle state (LCS) value. */
+#define CC_BSV_DEVICE_MANUFACTURE_LCS  0x1 /*!< The DM life-cycle state (LCS) value. */
+#define CC_BSV_SECURE_LCS              0x5 /*!< The Secure life-cycle state (LCS) value. */
+#define CC_BSV_RMA_LCS                 0x7 /*!< The RMA life-cycle state (LCS) value. */
+#define CC_BSV_INVALID_LCS             0xff /*!< The invalid life-cycle state (LCS) value. */
+
+/*----------------------------
+      TYPES
+-----------------------------------*/
+
+/*----------------------------
+      PUBLIC FUNCTIONS
+-----------------------------------*/
+
+
+/*!
+@brief This function verifies the product and version numbers of the HW, and initializes it.
+
+\warning This function must be the first CryptoCell-7xx SBROM library API called.
+
+@return \c CC_OK on success.
+@return A non-zero value from bsv_error.h on failure.
+*/
+CCError_t CC_BsvInit(
+    unsigned long hwBaseAddress     /*!< [in] The base address of the CryptoCell HW registers. */
+    );
+
+/*!
+@brief This function retrieves the HW LCS and performs validity checks.
+
+If the LCS is RMA, it also sets the OTP secret keys to a fixed value.
+
+@note An error is returned if there is an invalid LCS. If this happens, your code must
+completely disable the device.
+
+@return \c CC_OK on success.
+@return A non-zero value from bsv_error.h on failure.
+*/
+CCError_t CC_BsvGetAndInitLcs(
+    unsigned long hwBaseAddress,    /*!< [in] The base address of the CryptoCell HW registers. */
+    uint32_t *pLcs                  /*!< [out] The value of the current LCS. */
+    );
+
+/*!
+@brief This function retrieves the LCS from the NVM manager.
+
+@return \c CC_OK on success.
+@return A non-zero value from bsv_error.h on failure.
+*/
+CCError_t CC_BsvLcsGet(
+    unsigned long hwBaseAddress,    /*!< [in] The base address of the CryptoCell HW registers. */
+    uint32_t *pLcs                  /*!< [out] The value of the current LCS. */
+    );
+
+/*!
+@brief This function reads software revocation counter from OTP memory, according to the provided sw version index.
+SW version is stored in NVM counter and represented by ones. Meaning seVersion=5 would be stored as binary 0b11111;
+hence:
+    the maximal of trusted is 32
+    the maximal of non-trusted is 224
+
+@return \c CC_OK on success.
+@return A non-zero value from bsv_error.h on failure.
+*/
+CCError_t CC_BsvSwVersionGet(
+    unsigned long hwBaseAddress,        /*!< [in] HW registers base address. */
+    CCSbSwVersionId_t id,               /*!< [in] Enumeration defining the trusted/non-trusted counter to read. */
+    uint32_t *swVersion                 /*!< [out] The value of the requested counter as read from OTP memory. */
+    );
+
+/*!
+@brief This function sets the NVM counter according to swVersionID (trusted/non-trusted).
+
+@return \c CC_OK on success.
+@return A non-zero value from bsv_error.h on failure.
+*/
+CCError_t CC_BsvSwVersionSet(
+    unsigned long hwBaseAddress,        /*!< [in] HW registers base address. */
+    CCSbSwVersionId_t id,               /*!< [in] Enumeration defining the trusted/non-trusted counter to read. */
+    uint32_t swVersion                  /*!< [in] New value of the counter to be programmed in OTP memory. */
+    );
+
+/*!
+@brief This function sets the "fatal error" flag in the NVM manager, to disable the use of
+any HW keys or security services.
+
+@return \c CC_OK on success.
+@return A non-zero value from bsv_error.h on failure.
+*/
+CCError_t CC_BsvFatalErrorSet(
+    unsigned long hwBaseAddress         /*!< [in] The base address of the CryptoCell HW registers. */
+    );
+
+/*!
+@brief This function retrieves the public key hash from OTP memory, according to the provided index.
+
+@return \c CC_OK on success.
+@return A non-zero value from bsv_error.h on failure.
+*/
+CCError_t CC_BsvPubKeyHashGet(
+    unsigned long hwBaseAddress,        /*!< [in] HW registers base address. */
+    CCSbPubKeyIndexType_t keyIndex,     /*!< [in] Enumeration defining the key hash to retrieve: 128-bit HBK0, 128-bit HBK1, or 256-bit HBK. */
+    uint32_t *hashedPubKey,             /*!< [out] A buffer to contain the public key HASH. */
+    uint32_t hashResultSizeWords        /*!< [in] The size of the hash in 32-bit words:
+                            - Must be 4 for 128-bit hash.
+                            - Must be 8 for 256bit hash. */
+    );
+
+/*!
+@brief This function permanently sets the RMA LCS for the ICV and the OEM.
+
+@return \c CC_OK on success.
+@return A non-zero value from bsv_error.h on failure.
+*/
+CCError_t CC_BsvRMAModeEnable(
+    unsigned long hwBaseAddress         /*!< [in] The base address of the CryptoCell HW registers. */
+    );
+
+/*!
+@brief This function is called by the ICV code, to disable the OEM code from changing the ICV RMA bit flag.
+
+@return \c CC_OK on success.
+@return A non-zero value from bsv_error.h on failure.
+*/
+CCError_t CC_BsvICVRMAFlagBitLock(
+    unsigned long hwBaseAddress         /*!< [in] The base address of the CryptoCell HW registers. */
+    );
+
+/*!
+@brief This function locks the defined ICV class keys from further usage.
+
+@return \c CC_OK on success.
+@return A non-zero value from bsv_error.h on failure.
+*/
+CCError_t CC_BsvICVKeyLock(
+    unsigned long hwBaseAddress,        /*!< [in] HW registers base address. */
+    CCBool_t isICVProvisioningKeyLock,  /*!< [in] Should the provisioning key be locked. */
+    CCBool_t isICVCodeEncKeyLock        /*!< [in] Should the encryption key be locked. */
+    );
+
+
+/*!
+@brief This function retrieves the value of "secure disable" bit.
+
+@return \c CC_OK on success.
+@return A non-zero value from bsv_error.h on failure.
+*/
+CCError_t CC_BsvSecureDisableGet(
+    unsigned long hwBaseAddress,        /*!< [in] HW registers base address. */
+    CCBool_t *isSDEnabled               /*!< [out] The value of the SD Enable bit. */
+    );
+
+
+/*!
+@brief This function derives the platform key (Kplt) from the Kpicv, and then decrypts the customer key (Kcst)
+from the EKcst (burned in the OTP). The decryption is done only in Secure and RMA LCS mode using AES-ECB.
+The customer ROM should invoke this function during early boot, prior to running any non-ROM code, only if Kcst exists.
+The resulting Kcst is saved in a HW register.
+
+@return \c CC_OK on success.
+@return A non-zero value from bsv_error.h on failure.
+*/
+CCError_t CC_BsvCustomerKeyDecrypt(
+    unsigned long hwBaseAddress         /*!< [in] The base address of the CryptoCell HW registers. */
+    );
+#ifdef __cplusplus
+}
+#endif
+
+/*!
+@brief This function derives the unique SoC_ID for the device, as hashed (Hbk || AES_CMAC (HUK)).
+
+@note SoC_ID is required to create debug certificates.
+
+The OEM or ICV must provide a method for a developer to discover the SoC_ID of a target
+device without having to first enable debugging.
+One suggested implementation is to have the device ROM code compute the SoC_ID and place
+it in a specific location in the flash memory, from where it can be accessed by the developer.
+
+@return \c CC_OK on success.
+@return A non-zero value from bsv_error.h on failure.
+*/
+CCError_t CC_BsvSocIDCompute(
+    unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
+    CCHashResult_t hashResult    /*!< [out] The derived SoC_ID. */
+    );
+
+#endif /* _BSV_API_H */
+
+/**
+@}
+ */
+
diff --git a/include/drivers/arm/cryptocell/713/bsv_crypto_api.h b/include/drivers/arm/cryptocell/713/bsv_crypto_api.h
new file mode 100644
index 000000000..1e6057931
--- /dev/null
+++ b/include/drivers/arm/cryptocell/713/bsv_crypto_api.h
@@ -0,0 +1,76 @@
+/*
+ * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef _BSV_CRYPTO_API_H
+#define _BSV_CRYPTO_API_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/*!
+@file
+@brief This file contains the cryptographic ROM APIs of the Boot Services.
+
+@defgroup cc_bsv_crypto_api CryptoCell Boot Services cryptographic ROM APIs
+@{
+@ingroup cc_bsv
+*/
+
+#include "cc_pal_types.h"
+#include "cc_sec_defs.h"
+#include "cc_address_defs.h"
+#include "bsv_crypto_defs.h"
+
+/*----------------------------
+      PUBLIC FUNCTIONS
+-----------------------------------*/
+
+/*!
+@brief This function calculates the SHA-256 digest over contiguous memory
+in an integrated operation.
+
+@return \c CC_OK on success.
+@return A non-zero value from bsv_error.h on failure.
+*/
+CCError_t CC_BsvSha256(
+    unsigned long   hwBaseAddress,  /*!< [in] The base address of the CryptoCell HW registers. */
+    uint8_t        *pDataIn,        /*!< [in] A pointer to the input buffer to be hashed. The buffer must be contiguous. */
+    size_t          dataSize,       /*!< [in] The size of the data to be hashed, in bytes. */
+    CCHashResult_t  hashBuff        /*!< [out]  A pointer to a word-aligned 32-byte buffer. */
+    );
+
+
+/*!
+@brief This function allows you to calculate SHA256 digest of an image with decryption base on AES-CTR,
+with HW or user key.
+
+@return \c CC_OK on success.
+@return A non-zero value from bsv_error.h on failure. (in this case, hashBuff will be returned clean, while the output data should be cleaned by the user).
+*/
+CCError_t CC_BsvCryptoImageDecrypt( unsigned long      hwBaseAddress,   /*!< [in] The base address of the CryptoCell HW registers. */
+                                    CCBsvflowMode_t    flow,            /*!< [in] The supported operations are: HASH, AES to HASH, AES and HASH. */
+                                    CCBsvKeyType_t     keyType,         /*!< [in] The key type to use: Kce, Kceicv, or user key. */
+                                    uint8_t           *pUserKey,        /*!< [in] A pointer to the user key buffer in case keyType is CC_BSV_USER_KEY. */
+                                    size_t             userKeySize,     /*!< [in] The user key size in bytes (128bits) in case keyType is CC_BSV_USER_KEY. */
+                                    uint8_t           *pIvBuf,          /*!< [in] A pointer to the IV / counter buffer. */
+                                    uint8_t           *pInputData,      /*!< [in] A pointer to the input data. */
+                                    uint8_t           *pOutputData,     /*!< [out] A pointer to the output buffer. (optional – should be null in case of hash only). */
+                                    size_t             dataSize,        /*!< [in] The size of the input data in bytes. MUST be multiple of AES block size. */
+                                    CCHashResult_t     hashBuff         /*!< [out] A pointer to a word-aligned 32-byte digest output buffer. */
+                                    );
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+/**
+@}
+ */
+
diff --git a/include/drivers/arm/cryptocell/713/bsv_crypto_asym_api.h b/include/drivers/arm/cryptocell/713/bsv_crypto_asym_api.h
new file mode 100644
index 000000000..406e1effb
--- /dev/null
+++ b/include/drivers/arm/cryptocell/713/bsv_crypto_asym_api.h
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef _BSV_CRYPTO_ASYM_API_H
+#define _BSV_CRYPTO_ASYM_API_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/*!
+@file
+@brief This file contains the cryptographic Asymmetric ROM APIs of the Boot Services.
+
+@defgroup cc_bsv_crypto_asym_api CryptoCell Boot Services cryptographic Asymmetric ROM APIs
+@{
+@ingroup cc_bsv
+*/
+
+#include "cc_pal_types.h"
+#include "cc_pka_hw_plat_defs.h"
+#include "cc_sec_defs.h"
+#include "bsv_crypto_api.h"
+
+/*! Defines the workspace size in bytes needed for internal Asymmetric operations. */
+#define BSV_RSA_WORKSPACE_MIN_SIZE (4*BSV_CERT_RSA_KEY_SIZE_IN_BYTES +\
+                                    2*RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_BYTES)
+
+/*! Definition for the RSA public modulus array. */
+typedef uint32_t CCBsvNBuff_t[BSV_CERT_RSA_KEY_SIZE_IN_WORDS];
+
+/*! Definition for the RSA Barrett mod tag array. */
+typedef uint32_t CCBsvNpBuff_t[RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_BYTES];
+
+/*! Definition for the RSA signature array. */
+typedef uint32_t CCBsvSignature_t[BSV_CERT_RSA_KEY_SIZE_IN_WORDS];
+
+
+/*----------------------------
+      PUBLIC FUNCTIONS
+-----------------------------------*/
+
+/*!
+@brief This function performs the primitive operation of RSA, meaning exponent and modulus.
+    outBuff = (pInBuff ^ Exp) mod NBuff. ( Exp = 0x10001 )
+
+    The function supports 2k and 3K bit size of modulus, based on compile time define.
+    There are no restriction on pInBuff location, however its size must be equal to BSV_RSA_KEY_SIZE_IN_BYTES and its
+    value must be smaller than the modulus.
+
+
+@return \c CC_OK on success.
+@return A non-zero value from bsv_error.h on failure.
+*/
+CCError_t CC_BsvRsaPrimVerify (unsigned long hwBaseAddress, /*!< [in] The base address of the CryptoCell HW registers. */
+                                CCBsvNBuff_t NBuff,         /*!< [in] The modulus buffer big endian format. */
+                                CCBsvNpBuff_t NpBuff,       /*!< [in] The barret tag buffer big endian format - optional. */
+                                uint32_t *pInBuff,          /*!< [in] The DataIn buffer to be encrypted. */
+                                size_t inBuffSize,          /*!< [in] The DataIn buffer size in bytes, must be BSV_RSA_KEY_SIZE_IN_BYTES. */
+                                CCBsvSignature_t pOutBuff, /*!< [out] The encrypted buffer in big endian format. */
+                                uint32_t *pWorkSpace,       /*!< [in] The pointer to user allocated buffer for internal use. */
+                                size_t  workBufferSize      /*!< [in] The size in bytes of pWorkSpace, must be at-least BSV_RSA_WORKSPACE_MIN_SIZE. */
+);
+
+
+/*!
+@brief This function performs RSA PSS verify.
+
+    The function should support 2k and 3K bit size of modulus, based on compile time define.
+
+@return \c CC_OK on success.
+@return A non-zero value from bsv_error.h on failure.
+*/
+CCError_t CC_BsvRsaPssVerify (unsigned long hwBaseAddress,  /*!< [in] The base address of the CryptoCell HW registers. */
+                                CCBsvNBuff_t NBuff,         /*!< [in] The modulus buffer big endian format. */
+                                CCBsvNpBuff_t NpBuff,       /*!< [in] The barret tag buffer big endian format - optional. */
+                                CCBsvSignature_t signature, /*!< [in] The signature buffer to verify - big endian format. */
+                                CCHashResult_t hashedData,  /*!< [in] The data-in buffer to be verified as sha256 digest. */
+                                uint32_t *pWorkSpace,       /*!< [in] The pointer to user allocated buffer for internal use. */
+                                size_t  workBufferSize,     /*!< [in] The size in bytes of pWorkSpace, must be at-least BSV_RSA_WORKSPACE_MIN_SIZE. */
+                                CCBool_t    *pIsVerified    /*!< [out] The flag indicates whether the signature is verified or not.
+                                                                         If verified value will be CC_TRUE, otherwise CC_FALSE */
+);
+
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+/**
+@}
+ */
+
diff --git a/include/drivers/arm/cryptocell/713/bsv_crypto_defs.h b/include/drivers/arm/cryptocell/713/bsv_crypto_defs.h
new file mode 100644
index 000000000..9ea354deb
--- /dev/null
+++ b/include/drivers/arm/cryptocell/713/bsv_crypto_defs.h
@@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef _BSV_CRYPTO_DEFS_H
+#define _BSV_CRYPTO_DEFS_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/*!
+@file
+@brief This file contains the definitions of the cryptographic ROM APIs.
+
+@defgroup cc_bsv_crypto_defs CryptoCell Boot Services cryptographic ROM API definitions
+@{
+@ingroup cc_bsv
+*/
+
+/*! AES supported HW key code table. */
+typedef enum {
+
+    CC_BSV_USER_KEY = 0,        /*!< Definition for a user key. */
+    CC_BSV_HUK_KEY = 1,         /*!< Definition for the HW unique key. */
+    CC_BSV_RTL_KEY = 2,         /*!< Definition for the RTL key. */
+    CC_BSV_SESSION_KEY = 3,     /*!< Definition for the Session key. */
+    CC_BSV_CE_KEY = 4,          /*!< Definition for the Kce. */
+    CC_BSV_PLT_KEY = 5,         /*!< Definition for the Platform key. */
+    CC_BSV_KCST_KEY = 6,        /*!< Definition for Kcst. */
+    CC_BSV_ICV_PROV_KEY = 0xd,  /*!< Definition for the Kpicv. */
+    CC_BSV_ICV_CE_KEY = 0xe,    /*!< Definition for the Kceicv. */
+    CC_BSV_PROV_KEY = 0xf,      /*!< Definition for the Kcp. */
+    CC_BSV_END_OF_KEY_TYPE = INT32_MAX, /*!< Reserved. */
+}CCBsvKeyType_t;
+
+/*! AES directions. */
+typedef enum bsvAesDirection {
+    BSV_AES_DIRECTION_ENCRYPT = 0, /*!< Encrypt.*/
+    BSV_AES_DIRECTION_DECRYPT = 1, /*!< Decrypt.*/
+    BSV_AES_NUM_OF_ENCRYPT_MODES,  /*!< The maximal number of operations. */
+    BSV_AES_DIRECTION_RESERVE32B = INT32_MAX /*!< Reserved.*/
+}bsvAesDirection_t;
+
+/*! Definitions of the cryptographic flow supported as part of the Secure Boot. */
+typedef enum {
+    CC_BSV_CRYPTO_HASH_MODE     = 0,            /*!< Hash mode only. */
+    CC_BSV_CRYPTO_AES_CTR_AND_HASH_MODE  = 1,   /*!< Data goes into the AES and Hash engines. */
+    CC_BSV_CRYPTO_AES_CTR_TO_HASH_MODE = 2      /*!< Data goes into the AES and from the AES to the Hash engine. */
+}CCBsvflowMode_t;
+
+/*! CryptoImage HW completion sequence mode */
+typedef enum
+{
+    BSV_CRYPTO_COMPLETION_NO_WAIT = 0, /*!< The driver waits only before reading the output. */
+    BSV_CRYPTO_COMPLETION_WAIT_UPON_END = 1 /*!< The driver waits after each chunk of data. */
+}bsvCryptoCompletionMode_t;
+
+
+/*! AES-CMAC result size, in words. */
+#define CC_BSV_CMAC_RESULT_SIZE_IN_WORDS    4  /* 128b */
+/*! AES-CMAC result size, in bytes. */
+#define CC_BSV_CMAC_RESULT_SIZE_IN_BYTES    16 /* 128b */
+/*! AES-CCM 128bit key size, in bytes. */
+#define CC_BSV_CCM_KEY_SIZE_BYTES               16
+/*! AES-CCM 128bit key size, in words. */
+#define CC_BSV_CCM_KEY_SIZE_WORDS               4
+/*! AES-CCM NONCE size, in bytes. */
+#define CC_BSV_CCM_NONCE_SIZE_BYTES     12
+
+
+/*! AES-CMAC result buffer. */
+typedef uint32_t CCBsvCmacResult_t[CC_BSV_CMAC_RESULT_SIZE_IN_WORDS];
+/*! AES-CCM key buffer.*/
+typedef uint32_t CCBsvCcmKey_t[CC_BSV_CCM_KEY_SIZE_WORDS];
+/*! AES-CCM nonce buffer.*/
+typedef uint8_t CCBsvCcmNonce_t[CC_BSV_CCM_NONCE_SIZE_BYTES];
+/*! AES-CCM MAC buffer.*/
+typedef uint8_t CCBsvCcmMacRes_t[CC_BSV_CMAC_RESULT_SIZE_IN_BYTES];
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+/**
+@}
+ */
+
diff --git a/include/drivers/arm/cryptocell/713/bsv_error.h b/include/drivers/arm/cryptocell/713/bsv_error.h
new file mode 100644
index 000000000..4d72e60aa
--- /dev/null
+++ b/include/drivers/arm/cryptocell/713/bsv_error.h
@@ -0,0 +1,161 @@
+/*
+ * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef _BSV_ERROR_H
+#define _BSV_ERROR_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/*!
+@file
+@brief This file defines the error code types that are returned from the Boot Services APIs.
+
+@defgroup cc_bsv_error CryptoCell Boot Services error codes
+@{
+@ingroup cc_bsv
+*/
+
+/*! Defines the base address for Boot Services errors. */
+#define CC_BSV_BASE_ERROR                             0x0B000000
+/*! Defines the base address for Boot Services cryptographic errors. */
+#define CC_BSV_CRYPTO_ERROR                           0x0C000000
+
+/*! Illegal input parameter. */
+#define CC_BSV_ILLEGAL_INPUT_PARAM_ERR                (CC_BSV_BASE_ERROR + 0x00000001)
+/*! Illegal HUK value. */
+#define CC_BSV_ILLEGAL_HUK_VALUE_ERR                  (CC_BSV_BASE_ERROR + 0x00000002)
+/*! Illegal Kcp value. */
+#define CC_BSV_ILLEGAL_KCP_VALUE_ERR                  (CC_BSV_BASE_ERROR + 0x00000003)
+/*! Illegal Kce value. */
+#define CC_BSV_ILLEGAL_KCE_VALUE_ERR                  (CC_BSV_BASE_ERROR + 0x00000004)
+/*! Illegal Kpicv value. */
+#define CC_BSV_ILLEGAL_KPICV_VALUE_ERR                (CC_BSV_BASE_ERROR + 0x00000005)
+/*! Illegal Kceicv value. */
+#define CC_BSV_ILLEGAL_KCEICV_VALUE_ERR               (CC_BSV_BASE_ERROR + 0x00000006)
+/*! Illegal EKcst value. */
+#define CC_BSV_ILLEGAL_EKCST_VALUE_ERR                (CC_BSV_BASE_ERROR + 0x00000007)
+/*! Hash boot key not programmed in the OTP. */
+#define CC_BSV_HASH_NOT_PROGRAMMED_ERR                (CC_BSV_BASE_ERROR + 0x00000008)
+/*! Illegal Hash boot key zero count in the OTP. */
+#define CC_BSV_HBK_ZERO_COUNT_ERR                     (CC_BSV_BASE_ERROR + 0x00000009)
+/*! Illegal LCS. */
+#define CC_BSV_ILLEGAL_LCS_ERR                        (CC_BSV_BASE_ERROR + 0x0000000A)
+/*! OTP write compare failure. */
+#define CC_BSV_OTP_WRITE_CMP_FAIL_ERR                 (CC_BSV_BASE_ERROR + 0x0000000B)
+/*! OTP access error */
+#define CC_BSV_OTP_ACCESS_ERR                         (CC_BSV_BASE_ERROR + 0x0000000C)
+/*! Erase key in OTP failed. */
+#define CC_BSV_ERASE_KEY_FAILED_ERR                   (CC_BSV_BASE_ERROR + 0x0000000D)
+/*! Illegal PIDR. */
+#define CC_BSV_ILLEGAL_PIDR_ERR                       (CC_BSV_BASE_ERROR + 0x0000000E)
+/*! Illegal CIDR. */
+#define CC_BSV_ILLEGAL_CIDR_ERR                       (CC_BSV_BASE_ERROR + 0x0000000F)
+/*! Device failed to move to fatal error state. */
+#define CC_BSV_FAILED_TO_SET_FATAL_ERR                (CC_BSV_BASE_ERROR + 0x00000010)
+/*! Failed to set RMA LCS. */
+#define CC_BSV_FAILED_TO_SET_RMA_ERR                  (CC_BSV_BASE_ERROR + 0x00000011)
+/*! Illegal RMA indication. */
+#define CC_BSV_ILLEGAL_RMA_INDICATION_ERR             (CC_BSV_BASE_ERROR + 0x00000012)
+/*! Boot Services version is not initialized. */
+#define CC_BSV_VER_IS_NOT_INITIALIZED_ERR             (CC_BSV_BASE_ERROR + 0x00000013)
+/*! APB secure mode is locked. */
+#define CC_BSV_APB_SECURE_IS_LOCKED_ERR               (CC_BSV_BASE_ERROR + 0x00000014)
+/*! APB privilege mode is locked. */
+#define CC_BSV_APB_PRIVILEG_IS_LOCKED_ERR             (CC_BSV_BASE_ERROR + 0x00000015)
+/*! Illegal operation. */
+#define CC_BSV_ILLEGAL_OPERATION_ERR                  (CC_BSV_BASE_ERROR + 0x00000016)
+/*! Illegal asset size. */
+#define CC_BSV_ILLEGAL_ASSET_SIZE_ERR                 (CC_BSV_BASE_ERROR + 0x00000017)
+/*! Illegal asset value. */
+#define CC_BSV_ILLEGAL_ASSET_VAL_ERR                  (CC_BSV_BASE_ERROR + 0x00000018)
+/*! Kpicv is locked. */
+#define CC_BSV_KPICV_IS_LOCKED_ERR                    (CC_BSV_BASE_ERROR + 0x00000019)
+/*! Illegal SW version. */
+#define CC_BSV_ILLEGAL_SW_VERSION_ERR                 (CC_BSV_BASE_ERROR + 0x0000001A)
+/*! AO write operation. */
+#define CC_BSV_AO_WRITE_FAILED_ERR                    (CC_BSV_BASE_ERROR + 0x0000001B)
+/*! Chip state is already initialized. */
+#define CC_BSV_CHIP_INITIALIZED_ERR                   (CC_BSV_BASE_ERROR + 0x0000001C)
+/*! SP is not enabled. */
+#define CC_BSV_SP_NOT_ENABLED_ERR                     (CC_BSV_BASE_ERROR + 0x0000001D)
+/*! Production secure provisioning - header fields. */
+#define CC_BSV_PROD_PKG_HEADER_ERR                    (CC_BSV_BASE_ERROR + 0x0000001E)
+/*! Production secure provisioning - header MAC. */
+#define CC_BSV_PROD_PKG_HEADER_MAC_ERR                (CC_BSV_BASE_ERROR + 0x0000001F)
+/*! Overrun buffer or size. */
+#define CC_BSV_OVERRUN_ERR                            (CC_BSV_BASE_ERROR + 0x00000020)
+/*! Kceicv is locked. */
+#define CC_BSV_KCEICV_IS_LOCKED_ERR                   (CC_BSV_BASE_ERROR + 0x00000021)
+/*! Chip indication is CHIP_STATE_ERROR. */
+#define CC_BSV_CHIP_INDICATION_ERR                    (CC_BSV_BASE_ERROR + 0x00000022)
+/*! Device is locked in fatal error state. */
+#define CC_BSV_FATAL_ERR_IS_LOCKED_ERR                (CC_BSV_BASE_ERROR + 0x00000023)
+/*! Device has security disable feature enabled. */
+#define CC_BSV_SECURE_DISABLE_ERROR                   (CC_BSV_BASE_ERROR + 0x00000024)
+/*! Device has Kcst in disabled state */
+#define CC_BSV_KCST_DISABLE_ERROR                     (CC_BSV_BASE_ERROR + 0x00000025)
+
+
+/*! Illegal data-in pointer. */
+#define CC_BSV_CRYPTO_INVALID_DATA_IN_POINTER_ERROR         (CC_BSV_CRYPTO_ERROR + 0x00000001)
+/*! Illegal data-out pointer. */
+#define CC_BSV_CRYPTO_INVALID_DATA_OUT_POINTER_ERROR        (CC_BSV_CRYPTO_ERROR + 0x00000002)
+/*! Illegal data size. */
+#define CC_BSV_CRYPTO_INVALID_DATA_SIZE_ERROR               (CC_BSV_CRYPTO_ERROR + 0x00000003)
+/*! Illegal key type. */
+#define CC_BSV_CRYPTO_INVALID_KEY_TYPE_ERROR                (CC_BSV_CRYPTO_ERROR + 0x00000004)
+/*! Illegal key size. */
+#define CC_BSV_CRYPTO_INVALID_KEY_SIZE_ERROR                (CC_BSV_CRYPTO_ERROR + 0x00000005)
+/*! Invalid key pointer. */
+#define CC_BSV_CRYPTO_INVALID_KEY_POINTER_ERROR             (CC_BSV_CRYPTO_ERROR + 0x00000006)
+/*! Illegal key DMA type. */
+#define CC_BSV_CRYPTO_INVALID_KEY_DMA_TYPE_ERROR            (CC_BSV_CRYPTO_ERROR + 0x00000007)
+/*! Illegal IV pointer. */
+#define CC_BSV_CRYPTO_INVALID_IV_POINTER_ERROR              (CC_BSV_CRYPTO_ERROR + 0x00000008)
+/*! Illegal cipher mode. */
+#define CC_BSV_CRYPTO_INVALID_CIPHER_MODE_ERROR             (CC_BSV_CRYPTO_ERROR + 0x00000009)
+/*! Illegal result buffer pointer. */
+#define CC_BSV_CRYPTO_INVALID_RESULT_BUFFER_POINTER_ERROR   (CC_BSV_CRYPTO_ERROR + 0x0000000A)
+/*! Invalid DMA type. */
+#define CC_BSV_CRYPTO_INVALID_DMA_TYPE_ERROR                (CC_BSV_CRYPTO_ERROR + 0x0000000B)
+/*! Invalid in/out buffers overlapping. */
+#define CC_BSV_CRYPTO_DATA_OUT_DATA_IN_OVERLAP_ERROR        (CC_BSV_CRYPTO_ERROR + 0x0000000C)
+/*! Invalid KDF label size. */
+#define CC_BSV_CRYPTO_ILLEGAL_KDF_LABEL_ERROR               (CC_BSV_CRYPTO_ERROR + 0x0000000D)
+/*! Invalid KDF Context size. */
+#define CC_BSV_CRYPTO_ILLEGAL_KDF_CONTEXT_ERROR             (CC_BSV_CRYPTO_ERROR + 0x0000000E)
+/*! Invalid CCM key. */
+#define CC_BSV_CCM_INVALID_KEY_ERROR                        (CC_BSV_CRYPTO_ERROR + 0x0000000f)
+/*! Invalid CCM Nonce. */
+#define CC_BSV_CCM_INVALID_NONCE_ERROR                      (CC_BSV_CRYPTO_ERROR + 0x00000010)
+/*! Invalid CCM associated data. */
+#define CC_BSV_CCM_INVALID_ASSOC_DATA_ERROR                 (CC_BSV_CRYPTO_ERROR + 0x00000011)
+/*! Invalid CCM text data. */
+#define CC_BSV_CCM_INVALID_TEXT_DATA_ERROR                  (CC_BSV_CRYPTO_ERROR + 0x00000012)
+/*! Invalid CCM-MAC buffer. */
+#define CC_BSV_CCM_INVALID_MAC_BUF_ERROR                    (CC_BSV_CRYPTO_ERROR + 0x00000013)
+/*! CCM-MAC comparison failed. */
+#define CC_BSV_CCM_TAG_LENGTH_ERROR                         (CC_BSV_CRYPTO_ERROR + 0x00000014)
+/*! CCM-MAC comparison failed. */
+#define CC_BSV_CCM_MAC_INVALID_ERROR                        (CC_BSV_CRYPTO_ERROR + 0x00000015)
+/*! Illegal flow mode. */
+#define CC_BSV_CRYPTO_INVALID_FLOW_MODE_ERROR               (CC_BSV_CRYPTO_ERROR + 0x00000016)
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+/**
+@}
+ */
+
+
+
diff --git a/include/drivers/arm/cryptocell/713/cc_address_defs.h b/include/drivers/arm/cryptocell/713/cc_address_defs.h
new file mode 100644
index 000000000..0abc15c70
--- /dev/null
+++ b/include/drivers/arm/cryptocell/713/cc_address_defs.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef _CC_ADDRESS_DEFS_H
+#define _CC_ADDRESS_DEFS_H
+
+/*!
+@file
+@brief This file contains general definitions.
+*/
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include "cc_pal_types.h"
+
+/************************ Defines ******************************/
+
+/**
+ * Address types within CC
+ */
+/*! Definition of DMA address type, can be 32 bits or 64 bits according to CryptoCell's HW. */
+typedef uint64_t  CCDmaAddr_t;
+/*! Definition of CryptoCell address type, can be 32 bits or 64 bits according to platform. */
+typedef uint64_t  CCAddr_t;
+/*! Definition of CC SRAM address type, can be 32 bits according to CryptoCell's HW. */
+typedef uint32_t  CCSramAddr_t;
+
+/*
+ * CCSramAddr_t is being cast into pointer type which can be 64 bit.
+ */
+/*! Definition of MACRO that casts SRAM addresses to pointer types. */
+#define CCSramAddr2Ptr(sramAddr) ((uintptr_t)sramAddr)
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+/**
+ @}
+ */
+
+
diff --git a/include/drivers/arm/cryptocell/713/cc_boot_defs.h b/include/drivers/arm/cryptocell/713/cc_boot_defs.h
new file mode 100644
index 000000000..4d29a6d00
--- /dev/null
+++ b/include/drivers/arm/cryptocell/713/cc_boot_defs.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef  _CC_BOOT_DEFS_H
+#define  _CC_BOOT_DEFS_H
+
+/*!
+ @file
+ @brief This file contains general definitions of types and enums of Boot APIs.
+ */
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+/*! Version counters value. */
+typedef enum {
+
+    CC_SW_VERSION_TRUSTED = 0,          /*!<  Trusted counter. */
+    CC_SW_VERSION_NON_TRUSTED,          /*!<  Non trusted counter. */
+    CC_SW_VERSION_MAX = 0x7FFFFFFF      /*!< Reserved */
+} CCSbSwVersionId_t;
+
+/*! The hash boot key definition. */
+typedef enum {
+    CC_SB_HASH_BOOT_KEY_0_128B = 0,     /*!< Hbk0: 128-bit truncated SHA-256 digest of PubKB0. Used by ICV */
+    CC_SB_HASH_BOOT_KEY_1_128B = 1,     /*!< Hbk1: 128-bit truncated SHA-256 digest of PubKB1. Used by OEM */
+    CC_SB_HASH_BOOT_KEY_256B = 2,       /*!< Hbk: 256-bit SHA-256 digest of public key. */
+    CC_SB_HASH_BOOT_NOT_USED = 0xF,     /*!< Hbk is not used. */
+    CC_SB_HASH_MAX_NUM = 0x7FFFFFFF,    /*!< Reserved. */
+} CCSbPubKeyIndexType_t;
+
+/*! Chip state. */
+typedef enum {
+    CHIP_STATE_NOT_INITIALIZED = 0,     /*! Chip is not initialized. */
+    CHIP_STATE_TEST = 1,                /*! Chip is in Production state. */
+    CHIP_STATE_PRODUCTION = 2,          /*! Chip is in Production state. */
+    CHIP_STATE_ERROR = 3,               /*! Chip is in Error state. */
+} CCBsvChipState_t;
+#ifdef __cplusplus
+}
+#endif
+
+#endif /*_CC_BOOT_DEFS_H */
+
+/**
+@}
+ */
diff --git a/include/drivers/arm/cryptocell/713/cc_pal_types.h b/include/drivers/arm/cryptocell/713/cc_pal_types.h
new file mode 100644
index 000000000..4ab3960d3
--- /dev/null
+++ b/include/drivers/arm/cryptocell/713/cc_pal_types.h
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef CC_PAL_TYPES_H
+#define CC_PAL_TYPES_H
+
+/*!
+@file
+@brief This file contains platform-dependent definitions and types of the PAL layer.
+
+@defgroup cc_pal_types CryptoCell platform-dependent PAL layer definitions and types
+@{
+@ingroup cc_pal
+
+ @{
+ @ingroup cc_pal
+ @}
+*/
+
+#include "cc_pal_types_plat.h"
+
+/*! Definition of Boolean type.*/
+typedef enum {
+    /*! Boolean false.*/
+    CC_FALSE = 0,
+    /*! Boolean true.*/
+    CC_TRUE =  1
+} CCBool_t;
+
+/*! Success. */
+#define CC_SUCCESS  0UL
+/*! Failure. */
+#define CC_FAIL     1UL
+
+/*! Success (OK). */
+#define CC_OK       0
+
+/*! This macro handles unused parameters in the code, to avoid compilation warnings.  */
+#define CC_UNUSED_PARAM(prm)  ((void)prm)
+
+/*! The maximal uint32 value.*/
+#define CC_MAX_UINT32_VAL   (0xFFFFFFFF)
+
+
+/* Minimal and Maximal macros */
+#ifdef  min
+/*! Definition for minimal calculation. */
+#define CC_MIN(a,b) min( a , b )
+#else
+/*! Definition for minimal calculation. */
+#define CC_MIN( a , b ) ( ( (a) < (b) ) ? (a) : (b) )
+#endif
+
+#ifdef max
+/*! Definition for maximal calculation. */
+#define CC_MAX(a,b) max( a , b )
+#else
+/*! Definition for maximal calculation.. */
+#define CC_MAX( a , b ) ( ( (a) > (b) ) ? (a) : (b) )
+#endif
+
+/*! This macro calculates the number of full Bytes from bits, where seven bits are one Byte. */
+#define CALC_FULL_BYTES(numBits)        ((numBits)/CC_BITS_IN_BYTE + (((numBits) & (CC_BITS_IN_BYTE-1)) > 0))
+/*! This macro calculates the number of full 32-bit words from bits where 31 bits are one word. */
+#define CALC_FULL_32BIT_WORDS(numBits)      ((numBits)/CC_BITS_IN_32BIT_WORD +  (((numBits) & (CC_BITS_IN_32BIT_WORD-1)) > 0))
+/*! This macro calculates the number of full 32-bit words from Bytes where three Bytes are one word. */
+#define CALC_32BIT_WORDS_FROM_BYTES(sizeBytes)  ((sizeBytes)/CC_32BIT_WORD_SIZE + (((sizeBytes) & (CC_32BIT_WORD_SIZE-1)) > 0))
+/*! This macro calculates the number of full 32-bit words from 64-bits dwords. */
+#define CALC_32BIT_WORDS_FROM_64BIT_DWORD(sizeWords)  (sizeWords * CC_32BIT_WORD_IN_64BIT_DWORD)
+/*! This macro rounds up bits to 32-bit words. */
+#define ROUNDUP_BITS_TO_32BIT_WORD(numBits) 	(CALC_FULL_32BIT_WORDS(numBits) * CC_BITS_IN_32BIT_WORD)
+/*! This macro rounds up bits to Bytes. */
+#define ROUNDUP_BITS_TO_BYTES(numBits) 		(CALC_FULL_BYTES(numBits) * CC_BITS_IN_BYTE)
+/*! This macro rounds up bytes to 32-bit words. */
+#define ROUNDUP_BYTES_TO_32BIT_WORD(sizeBytes) 	(CALC_32BIT_WORDS_FROM_BYTES(sizeBytes) * CC_32BIT_WORD_SIZE)
+/*! This macro calculates the number Bytes from words. */
+#define CALC_WORDS_TO_BYTES(numwords) 		((numwords)*CC_32BIT_WORD_SIZE)
+/*! Definition of 1 KB in Bytes. */
+#define CC_1K_SIZE_IN_BYTES 1024
+/*! Definition of number of bits in a Byte. */
+#define CC_BITS_IN_BYTE     8
+/*! Definition of number of bits in a 32-bits word. */
+#define CC_BITS_IN_32BIT_WORD   32
+/*! Definition of number of Bytes in a 32-bits word. */
+#define CC_32BIT_WORD_SIZE  4
+/*! Definition of number of 32-bits words in a 64-bits dword. */
+#define CC_32BIT_WORD_IN_64BIT_DWORD 2
+
+
+#endif
+
+/**
+@}
+ */
+
+
+
diff --git a/include/drivers/arm/cryptocell/713/cc_pal_types_plat.h b/include/drivers/arm/cryptocell/713/cc_pal_types_plat.h
new file mode 100644
index 000000000..984847217
--- /dev/null
+++ b/include/drivers/arm/cryptocell/713/cc_pal_types_plat.h
@@ -0,0 +1,25 @@
+/*
+ * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/*! @file
+@brief This file contains basic type definitions that are platform-dependent.
+*/
+#ifndef _CC_PAL_TYPES_PLAT_H
+#define _CC_PAL_TYPES_PLAT_H
+/* Host specific types for standard (ISO-C99) compilant platforms */
+
+#include <stddef.h>
+#include <stdint.h>
+
+typedef uint32_t CCStatus;
+
+#define CCError_t	CCStatus
+#define CC_INFINITE	0xFFFFFFFF
+
+#define CEXPORT_C
+#define CIMPORT_C
+
+#endif /*_CC_PAL_TYPES_PLAT_H*/
diff --git a/include/drivers/arm/cryptocell/713/cc_pka_hw_plat_defs.h b/include/drivers/arm/cryptocell/713/cc_pka_hw_plat_defs.h
new file mode 100644
index 000000000..1a1bce0ab
--- /dev/null
+++ b/include/drivers/arm/cryptocell/713/cc_pka_hw_plat_defs.h
@@ -0,0 +1,62 @@
+/*
+ * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef _CC_PKA_HW_PLAT_DEFS_H
+#define _CC_PKA_HW_PLAT_DEFS_H
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+
+#include "cc_pal_types.h"
+/*!
+@file
+@brief Contains the enums and definitions that are used in the PKA code (definitions that are platform dependent).
+*/
+
+/*! The size of the PKA engine word. */
+#define CC_PKA_WORD_SIZE_IN_BITS		     128
+
+/*! The maximal supported size of modulus in RSA in bits. */
+#define CC_RSA_MAX_VALID_KEY_SIZE_VALUE_IN_BITS      4096
+/*! The maximal supported size of key-generation in RSA in bits. */
+#define CC_RSA_MAX_KEY_GENERATION_HW_SIZE_BITS       4096
+
+/*! Secure boot/debug certificate RSA public modulus key size in bits. */
+#if (KEY_SIZE == 3072)
+    #define BSV_CERT_RSA_KEY_SIZE_IN_BITS 3072
+#else
+    #define BSV_CERT_RSA_KEY_SIZE_IN_BITS 2048
+#endif
+/*! Secure boot/debug certificate RSA public modulus key size in bytes. */
+#define BSV_CERT_RSA_KEY_SIZE_IN_BYTES    (BSV_CERT_RSA_KEY_SIZE_IN_BITS/CC_BITS_IN_BYTE)
+/*! Secure boot/debug certificate RSA public modulus key size in words. */
+#define BSV_CERT_RSA_KEY_SIZE_IN_WORDS    (BSV_CERT_RSA_KEY_SIZE_IN_BITS/CC_BITS_IN_32BIT_WORD)
+
+/*! The maximal count of extra bits in PKA operations. */
+#define PKA_EXTRA_BITS  8
+/*! The number of memory registers in PKA operations. */
+#define PKA_MAX_COUNT_OF_PHYS_MEM_REGS  32
+
+/*! Size of buffer for Barrett modulus tag in words. */
+#define RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS  5
+/*! Size of buffer for Barrett modulus tag in bytes. */
+#define RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_BYTES  (RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS*CC_32BIT_WORD_SIZE)
+
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif //_CC_PKA_HW_PLAT_DEFS_H
+
+/**
+ @}
+ */
+
diff --git a/include/drivers/arm/cryptocell/713/cc_sec_defs.h b/include/drivers/arm/cryptocell/713/cc_sec_defs.h
new file mode 100644
index 000000000..8fb698ff5
--- /dev/null
+++ b/include/drivers/arm/cryptocell/713/cc_sec_defs.h
@@ -0,0 +1,70 @@
+/*
+ * Copyright (c) 2017-2020 ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef _CC_SEC_DEFS_H
+#define _CC_SEC_DEFS_H
+
+/*!
+@file
+@brief This file contains general definitions and types.
+*/
+
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include "cc_pal_types.h"
+
+/*! Hashblock size in words. */
+#define HASH_BLOCK_SIZE_IN_WORDS             16
+/*! Hash - SHA2 results in words. */
+#define HASH_RESULT_SIZE_IN_WORDS            8
+/*! Hash - SHA2 results in bytes. */
+#define HASH_RESULT_SIZE_IN_BYTES            32
+
+/*! Definition for hash result array. */
+typedef uint32_t CCHashResult_t[HASH_RESULT_SIZE_IN_WORDS];
+
+/*! Definition for converting pointer to Host address. */
+#define CONVERT_TO_ADDR(ptr) 	(unsigned long)ptr
+
+/*! Definition for converting pointer to SRAM address. */
+#define CONVERT_TO_SRAM_ADDR(ptr)    (0xFFFFFFFF & ptr)
+
+/*! The data size of the signed SW image, in bytes. */
+/*!\internal ContentCertImageRecord_t includes:  HS(8W) + 64-b dstAddr(2W) + imgSize(1W) + isCodeEncUsed(1W) */
+#define SW_REC_SIGNED_DATA_SIZE_IN_BYTES            48
+
+/*! The data size of the unsigned SW image, in bytes. */
+/*!\internal CCSbSwImgAddData_t includes: 64-b srcAddr(2W)*/
+#define SW_REC_NONE_SIGNED_DATA_SIZE_IN_BYTES       8
+
+/*! The additional data size - storage address and length of the unsigned SW image, in words. */
+#define SW_REC_NONE_SIGNED_DATA_SIZE_IN_WORDS       SW_REC_NONE_SIGNED_DATA_SIZE_IN_BYTES/CC_32BIT_WORD_SIZE
+
+/*! The additional data section size, in bytes. */
+#define CC_SB_MAX_SIZE_ADDITIONAL_DATA_BYTES    128
+
+/*! Indication of whether or not to load the SW image to memory. */
+#define CC_SW_COMP_NO_MEM_LOAD_INDICATION       0xFFFFFFFFFFFFFFFFUL
+
+/*! Indication of product version, stored in certificate version field. */
+#define CC_SB_CERT_VERSION_PROJ_PRD             0x713
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+
+/**
+@}
+ */
+
+
+
diff --git a/include/lib/cpus/aarch64/cpu_macros.S b/include/lib/cpus/aarch64/cpu_macros.S
index c83824d77..92891ce38 100644
--- a/include/lib/cpus/aarch64/cpu_macros.S
+++ b/include/lib/cpus/aarch64/cpu_macros.S
@@ -25,10 +25,6 @@
 /* Word size for 64-bit CPUs */
 #define CPU_WORD_SIZE			8
 
-#if defined(IMAGE_BL1) || defined(IMAGE_BL31) ||(defined(IMAGE_BL2) && BL2_AT_EL3)
-#define IMAGE_AT_EL3
-#endif
-
 /*
  * Whether errata status needs reporting. Errata status is printed in debug
  * builds for both BL1 and BL31 images.
diff --git a/include/lib/xlat_tables/xlat_tables_v2.h b/include/lib/xlat_tables/xlat_tables_v2.h
index ab311f4cb..9fe4a6e8a 100644
--- a/include/lib/xlat_tables/xlat_tables_v2.h
+++ b/include/lib/xlat_tables/xlat_tables_v2.h
@@ -164,20 +164,15 @@ typedef struct xlat_ctx xlat_ctx_t;
  *   Would typically be PLAT_VIRT_ADDR_SPACE_SIZE
  *   (resp. PLAT_PHY_ADDR_SPACE_SIZE) for the translation context describing the
  *   BL image currently executing.
-
- * _base_table_section:
- *   Specify the name of the section where the base translation tables have to
- *   be placed by the linker.
  */
 #define REGISTER_XLAT_CONTEXT(_ctx_name, _mmap_count, _xlat_tables_count, \
-			      _virt_addr_space_size, _phy_addr_space_size, \
-			      _base_table_section)			\
+			      _virt_addr_space_size, _phy_addr_space_size) \
 	REGISTER_XLAT_CONTEXT_FULL_SPEC(_ctx_name, (_mmap_count),	\
 					 (_xlat_tables_count),		\
 					 (_virt_addr_space_size),	\
 					 (_phy_addr_space_size),	\
 					 EL_REGIME_INVALID,		\
-					 "xlat_table", (_base_table_section))
+					 "xlat_table", "base_xlat_table")
 
 /*
  * Same as REGISTER_XLAT_CONTEXT plus the additional parameters: