Merge changes I0b0443d5,Ic454a87a into integration

* changes:
  fix(gic): quote the correct flag on error
  feat(lib): add a generic EXTRACT macro
diff --git a/Makefile b/Makefile
index 6d5a0c3..150aa30 100644
--- a/Makefile
+++ b/Makefile
@@ -652,7 +652,7 @@
 ################################################################################
 include ${MAKE_HELPERS_DIRECTORY}march.mk
 
-TF_CFLAGS   +=	$(march-directive)
+TF_CFLAGS	+=	$(march-directive)
 ASFLAGS		+=	$(march-directive)
 
 # This internal flag is common option which is set to 1 for scenarios
@@ -938,6 +938,34 @@
 	endif
 endif #(CTX_INCLUDE_PAUTH_REGS)
 
+# Check ENABLE_FEAT_PAUTH_LR
+ifneq (${ENABLE_FEAT_PAUTH_LR},0)
+
+# Make sure PAUTH is enabled
+ifeq (${ENABLE_PAUTH},0)
+	$(error Error: PAUTH_LR cannot be used without PAUTH (see BRANCH_PROTECTION))
+endif
+
+# Make sure SCTLR2 is enabled
+ifeq (${ENABLE_FEAT_SCTLR2},0)
+	$(error Error: PAUTH_LR cannot be used without ENABLE_FEAT_SCTLR2)
+endif
+
+# FEAT_PAUTH_LR is only supported in aarch64 state
+ifneq (${ARCH},aarch64)
+	$(error ENABLE_FEAT_PAUTH_LR requires AArch64)
+endif
+
+# Currently, FEAT_PAUTH_LR is only supported by arm/clang compilers
+# TODO implement for GCC when support is added
+ifeq ($($(ARCH)-cc-id),arm-clang)
+	arch-features	:= $(arch-features)+pauth-lr
+else
+	$(error Error: ENABLE_FEAT_PAUTH_LR not supported for GCC compiler)
+endif
+
+endif # ${ENABLE_FEAT_PAUTH_LR}
+
 ifeq ($(FEATURE_DETECTION),1)
         $(info FEATURE_DETECTION is an experimental feature)
 endif #(FEATURE_DETECTION)
@@ -984,7 +1012,7 @@
 	endif
 
 	# FEAT_RNG_TRAP is not supported in AArch32
-	ifeq (${ENABLE_FEAT_RNG_TRAP},1)
+	ifneq (${ENABLE_FEAT_RNG_TRAP},0)
                 $(error "ENABLE_FEAT_RNG_TRAP cannot be used with ARCH=aarch32")
 	endif
 
@@ -1324,6 +1352,7 @@
 	ENABLE_TRBE_FOR_NS \
 	ENABLE_BTI \
 	ENABLE_PAUTH \
+	ENABLE_FEAT_PAUTH_LR \
 	ENABLE_FEAT_AMU \
 	ENABLE_FEAT_AMUv1p1 \
 	ENABLE_FEAT_CSV2_2 \
@@ -1410,6 +1439,7 @@
 	ENABLE_FEAT_DEBUGV8P9 \
 	ENABLE_FEAT_MPAM \
 	ENABLE_PAUTH \
+	ENABLE_FEAT_PAUTH_LR \
 	ENABLE_PIE \
 	ENABLE_PMF \
 	ENABLE_PSCI_STAT \
diff --git a/bl31/bl31_traps.c b/bl31/bl31_traps.c
index 984fdaa..114a57d 100644
--- a/bl31/bl31_traps.c
+++ b/bl31/bl31_traps.c
@@ -90,19 +90,17 @@
  * Explicitly create all bits of SPSR to get PSTATE at exception return.
  *
  * The code is based on "Aarch64.exceptions.takeexception" described in
- * DDI0602 revision 2023-06.
- * "https://developer.arm.com/documentation/ddi0602/2023-06/Shared-Pseudocode/
+ * DDI0602 revision 2025-03.
+ * "https://developer.arm.com/documentation/ddi0597/2025-03/Shared-Pseudocode/
  * aarch64-exceptions-takeexception"
  *
- * NOTE: This piece of code must be reviewed every release to ensure that
- * we keep up with new ARCH features which introduces a new SPSR bit.
+ * NOTE: This piece of code must be reviewed every release against the latest
+ * takeexception sequence to ensure that we keep up with new arch features that
+ * affect the PSTATE.
  *
- * TF-A 2.12 release review
- * The latest version available is 2024-09, which has two extra features which
- * impacts generation of SPSR, since these features are not implemented in TF-A
- * at the time of release, just log the feature names here to be taken up when
- * feature support is introduced.
- *  - FEAT_PAuth_LR (2023 extension)
+ * TF-A 2.13 release review
+ *
+ * Review of version 2025-03 indicates we are missing support for one feature.
  *  - FEAT_UINJ (2024 extension)
  */
 u_register_t create_spsr(u_register_t old_spsr, unsigned int target_el)
@@ -204,6 +202,12 @@
 		new_spsr |= (gcscr & GCSCR_EXLOCK_EN_BIT) ? SPSR_EXLOCK_BIT_AARCH64 : 0;
 	}
 
+	/* If FEAT_PAUTH_LR present then zero the PACM bit. */
+	new_spsr |= old_spsr & SPSR_PACM_BIT_AARCH64;
+	if (is_feat_pauth_lr_present()) {
+		new_spsr &= ~SPSR_PACM_BIT_AARCH64;
+	}
+
 	return new_spsr;
 }
 
diff --git a/bl32/tsp/aarch64/tsp_entrypoint.S b/bl32/tsp/aarch64/tsp_entrypoint.S
index b4e7a7a..4ea2f5b 100644
--- a/bl32/tsp/aarch64/tsp_entrypoint.S
+++ b/bl32/tsp/aarch64/tsp_entrypoint.S
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2025, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -51,6 +51,15 @@
 	.endm
 
 func tsp_entrypoint _align=3
+	/*---------------------------------------------
+	 * Save arguments x0 - x3 from BL1 for future
+	 * use.
+	 * ---------------------------------------------
+	 */
+	mov	x20, x0
+	mov	x21, x1
+	mov	x22, x2
+	mov	x23, x3
 
 #if ENABLE_PIE
 		/*
@@ -173,6 +182,16 @@
 	bl	update_stack_protector_canary
 #endif
 
+	/*---------------------------------------------
+	 * Save arguments x0 - x3 from prio stage for
+	 * future use.
+	 * ---------------------------------------------
+	 */
+	mov	x0, x20
+	mov	x1, x21
+	mov	x2, x22
+	mov	x3, x23
+
 	/* ---------------------------------------------
 	 * Perform TSP setup
 	 * ---------------------------------------------
diff --git a/bl32/tsp/tsp_common.c b/bl32/tsp/tsp_common.c
index e69c054..144349a 100644
--- a/bl32/tsp/tsp_common.c
+++ b/bl32/tsp/tsp_common.c
@@ -64,13 +64,14 @@
 /*******************************************************************************
  * Setup function for TSP.
  ******************************************************************************/
-void tsp_setup(void)
+void tsp_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
+	       u_register_t arg3)
 {
 	/* Enable early console if EARLY_CONSOLE flag is enabled */
 	plat_setup_early_console();
 
 	/* Perform early platform-specific setup. */
-	tsp_early_platform_setup();
+	tsp_early_platform_setup(arg0, arg1, arg2, arg3);
 
 	/* Perform late platform-specific setup. */
 	tsp_plat_arch_setup();
diff --git a/changelog.yaml b/changelog.yaml
index 600e5be..93eeb73 100644
--- a/changelog.yaml
+++ b/changelog.yaml
@@ -205,13 +205,6 @@
             deprecated:
               - plat/tc
 
-            subsections:
-              - title: TC0
-                scope: tc0
-
-                deprecated:
-                  - plat/tc0
-
           - title: Corstone-1000
             scope: corstone-1000
 
diff --git a/common/feat_detect.c b/common/feat_detect.c
index 4d285d3..2d80b42 100644
--- a/common/feat_detect.c
+++ b/common/feat_detect.c
@@ -330,7 +330,7 @@
 	 * revisions so that we catch them as they come along
 	 */
 	check_feature(FEAT_STATE_ALWAYS, read_feat_pmuv3_id_field(),
-		      "PMUv3", 1, ID_AA64DFR0_PMUVER_PMUV3P8);
+		      "PMUv3", 1, ID_AA64DFR0_PMUVER_PMUV3P9);
 
 	/* v8.1 features */
 	check_feature(ENABLE_FEAT_PAN, read_feat_pan_id_field(), "PAN", 1, 3);
@@ -429,6 +429,7 @@
 	/* v9.4 features */
 	check_feature(ENABLE_FEAT_GCS, read_feat_gcs_id_field(), "GCS", 1, 1);
 	check_feature(ENABLE_RME, read_feat_rme_id_field(), "RME", 1, 1);
+	check_feature(ENABLE_FEAT_PAUTH_LR, is_feat_pauth_lr_present(), "PAUTH_LR", 1, 1);
 
 	if (tainted) {
 		panic();
diff --git a/docs/design_documents/measured_boot.rst b/docs/design_documents/measured_boot.rst
index 1f76770..a9d2fa9 100644
--- a/docs/design_documents/measured_boot.rst
+++ b/docs/design_documents/measured_boot.rst
@@ -231,9 +231,9 @@
    - Public key data size is passed as the third argument to this function.
    - This function must return 0 on success, a signed integer error code
      otherwise.
-   - In TC2 platform, this function is used to calculate the hash of the given
-     key and forward this hash to |RSE| alongside the measurement of the image
-     which the key signs.
+   - In Total Compute platform, this function is used to calculate the hash
+     of the given key and forward this hash to |RSE| alongside the measurement
+     of the image which the key signs.
 
 --------------
 
diff --git a/docs/getting_started/build-options.rst b/docs/getting_started/build-options.rst
index e5f7b30..32daf1e 100644
--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@@ -405,6 +405,12 @@
    flag can take values 0 to 2, to align  with the ``ENABLE_FEAT``
    mechanism. Default value is ``0``.
 
+-  ``ENABLE_FEAT_PAUTH_LR``: Numeric value to enable the ``FEAT_PAUTH_LR``
+   extension. ``FEAT_PAUTH_LR`` is an optional feature available from Arm v9.4
+   onwards. This feature requires PAUTH to be enabled via the
+   ``BRANCH_PROTECTION`` flag. This flag can take the values 0 to 2, to align
+   with the ``ENABLE_FEAT`` mechanism. Default value is ``0``.
+
 -  ``ENABLE_FEAT_RNG``: Numeric value to enable the ``FEAT_RNG`` extension.
    ``FEAT_RNG`` is an optional feature available on Arm v8.5 onwards. This
    flag can take the values 0 to 2, to align with the ``ENABLE_FEAT``
diff --git a/docs/plat/arm/tc/index.rst b/docs/plat/arm/tc/index.rst
index 467738c..d57b48e 100644
--- a/docs/plat/arm/tc/index.rst
+++ b/docs/plat/arm/tc/index.rst
@@ -17,12 +17,8 @@
 the Total Compute platform number. The platforms support the CPU variants
 listed as below:
 
--  TC0 has support for Cortex A510, Cortex A710 and Cortex X2. (Note TC0 is now deprecated)
--  TC1 has support for Cortex A510, Cortex A715 and Cortex X3. (Note TC1 is now deprecated)
--  TC2 has support for Cortex A520, Cortex A720 and Cortex x4. (Note TC2 is now deprecated)
 -  TC3 has support for Cortex A520, Cortex A725 and Cortex x925.
 
-
 Boot Sequence
 -------------
 
@@ -59,6 +55,6 @@
 
 --------------
 
-*Copyright (c) 2020-2023, Arm Limited. All rights reserved.*
+*Copyright (c) 2020-2025, Arm Limited. All rights reserved.*
 
 .. _Arm Toolchain: https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/downloads
diff --git a/docs/plat/index.rst b/docs/plat/index.rst
index d0d6889..a30f55d 100644
--- a/docs/plat/index.rst
+++ b/docs/plat/index.rst
@@ -72,7 +72,7 @@
 +----------------+----------------+--------------------+--------------------+
 |    Platform    |     Vendor     | Deprecated version |  Deleted version   |
 +================+================+====================+====================+
-|      TC2       |      Arm       |        2.12        |         TBD        |
+|      TC2       |      Arm       |        2.12        |         2.13       |
 |                |                |                    |                    |
 +----------------+----------------+--------------------+--------------------+
 |     fvp_r      |      Arm       |        2.13        |         2.13       |
diff --git a/drivers/measured_boot/event_log/event_handoff.c b/drivers/measured_boot/event_log/event_handoff.c
new file mode 100644
index 0000000..238ea27
--- /dev/null
+++ b/drivers/measured_boot/event_log/event_handoff.c
@@ -0,0 +1,118 @@
+/*
+ * Copyright (c) 2025, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <stddef.h>
+
+#include <common/debug.h>
+#include <drivers/measured_boot/event_log/event_handoff.h>
+
+#include <platform_def.h>
+
+static uint8_t *get_log_ptr(struct transfer_list_entry *te, size_t offset)
+{
+	uint8_t *base_ptr = transfer_list_entry_data(te);
+
+	if (base_ptr == NULL) {
+		return NULL;
+	}
+
+	return base_ptr + offset;
+}
+
+uint8_t *transfer_list_event_log_extend(struct transfer_list_header *tl,
+					size_t req_size, size_t *free)
+{
+	struct transfer_list_entry *existing_entry;
+	struct transfer_list_entry *new_entry;
+	uint8_t *old_data;
+	size_t existing_offset;
+	size_t old_size;
+
+	if (tl == NULL || free == NULL || req_size == 0) {
+		ERROR("Invalid arguments to event log extend.\n");
+		return NULL;
+	}
+
+	existing_entry = transfer_list_find(tl, TL_TAG_TPM_EVLOG);
+	existing_offset = EVENT_LOG_RESERVED_BYTES;
+
+	if (existing_entry != NULL) {
+		existing_offset = existing_entry->data_size;
+
+		if (transfer_list_set_data_size(tl, existing_entry,
+						req_size + existing_offset)) {
+			VERBOSE("TPM event log entry resized: new space %zu bytes at offset %zu\n",
+				req_size, existing_offset);
+
+			*free = existing_entry->data_size - existing_offset;
+
+			return get_log_ptr(existing_entry, existing_offset);
+		}
+	}
+
+	/* Add new entry (resize failed or no existing entry) */
+	new_entry = transfer_list_add(tl, TL_TAG_TPM_EVLOG,
+				      req_size + existing_offset, NULL);
+
+	if (new_entry == NULL) {
+		ERROR("Failed to add TPM event log entry to transfer list.\n");
+		return NULL;
+	}
+
+	VERBOSE("New TPM event log entry added at %p\n",
+		transfer_list_entry_data(new_entry));
+
+	if (existing_entry != NULL) {
+		old_data = transfer_list_entry_data(existing_entry);
+		old_size = existing_offset;
+
+		VERBOSE("Copying existing event log (%zu bytes) to new entry at %p\n",
+			old_size, transfer_list_entry_data(new_entry));
+
+		memmove(transfer_list_entry_data(new_entry), old_data,
+			old_size);
+
+		transfer_list_rem(tl, existing_entry);
+	}
+
+	*free = new_entry->data_size - existing_offset;
+
+	return get_log_ptr(new_entry, existing_offset);
+}
+
+uint8_t *transfer_list_event_log_finish(struct transfer_list_header *tl,
+					uintptr_t cursor)
+{
+	uintptr_t entry_data_base;
+	size_t final_log_size;
+	struct transfer_list_entry *entry;
+
+	entry = transfer_list_find(tl, TL_TAG_TPM_EVLOG);
+	entry_data_base = (uintptr_t)transfer_list_entry_data(entry);
+
+	if (cursor < entry_data_base ||
+	    cursor >= entry_data_base + entry->data_size) {
+		ERROR("Invalid cursor: outside event log bounds.\n");
+		return NULL;
+	}
+
+	final_log_size = cursor - entry_data_base;
+
+	if (!transfer_list_set_data_size(tl, entry, final_log_size)) {
+		ERROR("Unable to resize event log TE.\n");
+		return NULL;
+	}
+
+	transfer_list_update_checksum(tl);
+
+	VERBOSE("TPM event log finalized: trimmed to %zu bytes",
+		final_log_size - EVENT_LOG_RESERVED_BYTES);
+
+	/* Ensure changes are visible to the next stage. */
+	flush_dcache_range((uintptr_t)tl, tl->size);
+
+	return get_log_ptr(entry, EVENT_LOG_RESERVED_BYTES);
+}
diff --git a/drivers/measured_boot/event_log/event_log.mk b/drivers/measured_boot/event_log/event_log.mk
index df3460f..09c15da 100644
--- a/drivers/measured_boot/event_log/event_log.mk
+++ b/drivers/measured_boot/event_log/event_log.mk
@@ -47,3 +47,8 @@
 
 EVENT_LOG_SOURCES	:= ${EVENT_LOG_SRC_DIR}event_log.c		\
 			   ${EVENT_LOG_SRC_DIR}event_print.c
+
+
+ifeq (${TRANSFER_LIST}, 1)
+EVENT_LOG_SOURCES	+= ${EVENT_LOG_SRC_DIR}/event_handoff.c
+endif
diff --git a/fdts/tc2.dts b/fdts/tc2.dts
deleted file mode 100644
index fa16dcd..0000000
--- a/fdts/tc2.dts
+++ /dev/null
@@ -1,287 +0,0 @@
-/*
- * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
- *
- * SPDX-License-Identifier: BSD-3-Clause
- */
-/dts-v1/;
-
-#include <dt-bindings/interrupt-controller/arm-gic.h>
-#include <dt-bindings/interrupt-controller/irq.h>
-#include <platform_def.h>
-
-#if TARGET_FLAVOUR_FVP
-#define LIT_CAPACITY			406
-#define MID_CAPACITY			912
-#else /* TARGET_FLAVOUR_FPGA */
-#define LIT_CAPACITY			280
-#define MID_CAPACITY			775
-/* this is an area optimized configuration of the big core */
-#define BIG2_CAPACITY			930
-#endif /* TARGET_FLAVOUR_FPGA */
-#define BIG_CAPACITY			1024
-
-#define MHU_TX_ADDR			45000000 /* hex */
-#define MHU_TX_COMPAT			"arm,mhuv2-tx","arm,primecell"
-#define MHU_TX_INT_NAME			"mhu_tx"
-
-#define MHU_RX_ADDR			45010000 /* hex */
-#define MHU_RX_COMPAT			"arm,mhuv2-rx","arm,primecell"
-#define MHU_OFFSET			0x1000
-#define MHU_MBOX_CELLS			2
-#define MHU_RX_INT_NUM			317
-#define MHU_RX_INT_NAME			"mhu_rx"
-
-#define LIT_CPU_PMU_COMPATIBLE		"arm,cortex-a520-pmu"
-#define MID_CPU_PMU_COMPATIBLE		"arm,cortex-a720-pmu"
-#define BIG_CPU_PMU_COMPATIBLE		"arm,cortex-x4-pmu"
-
-#define DSU_MPAM_ADDR			0x1 0x00010000 /* 0x1_0001_0000 */
-
-#define DPU_ADDR			2cc00000
-#define DPU_IRQ				69
-
-#define ETHERNET_ADDR			18000000
-#define ETHERNET_INT			109
-
-#define SYS_REGS_ADDR			1c010000
-
-#define MMC_ADDR			1c050000
-#define MMC_INT_0			107
-#define MMC_INT_1			108
-
-#define RTC_ADDR			1c170000
-#define RTC_INT				100
-
-#define KMI_0_ADDR			1c060000
-#define KMI_0_INT			197
-#define KMI_1_ADDR			1c070000
-#define KMI_1_INT			103
-
-#define VIRTIO_BLOCK_ADDR		1c130000
-#define VIRTIO_BLOCK_INT		204
-
-#include "tc-common.dtsi"
-#if TARGET_FLAVOUR_FVP
-#include "tc-fvp.dtsi"
-#else
-#include "tc-fpga.dtsi"
-#endif /* TARGET_FLAVOUR_FVP */
-#include "tc-base.dtsi"
-
-/ {
-	cpus {
-#if TARGET_FLAVOUR_FPGA
-		cpu-map {
-			cluster0 {
-				core8 {
-					cpu = <&CPU8>;
-				};
-				core9 {
-					cpu = <&CPU9>;
-				};
-				core10 {
-					cpu = <&CPU10>;
-				};
-				core11 {
-					cpu = <&CPU11>;
-				};
-				core12 {
-					cpu = <&CPU12>;
-				};
-				core13 {
-					cpu = <&CPU13>;
-				};
-			};
-		};
-#endif
-
-		CPU2:cpu@200 {
-			clocks = <&scmi_dvfs 0>;
-			capacity-dmips-mhz = <LIT_CAPACITY>;
-		};
-
-		CPU3:cpu@300 {
-			clocks = <&scmi_dvfs 0>;
-			capacity-dmips-mhz = <LIT_CAPACITY>;
-		};
-
-		CPU6:cpu@600 {
-			clocks = <&scmi_dvfs 1>;
-			capacity-dmips-mhz = <MID_CAPACITY>;
-		};
-
-		CPU7:cpu@700 {
-			clocks = <&scmi_dvfs 1>;
-			capacity-dmips-mhz = <MID_CAPACITY>;
-		};
-
-#if TARGET_FLAVOUR_FPGA
-		CPU8:cpu@800 {
-			device_type = "cpu";
-			compatible = "arm,armv8";
-			reg = <0x800>;
-			enable-method = "psci";
-			clocks = <&scmi_dvfs 1>;
-			capacity-dmips-mhz = <MID_CAPACITY>;
-		};
-
-		CPU9:cpu@900 {
-			device_type = "cpu";
-			compatible = "arm,armv8";
-			reg = <0x900>;
-			enable-method = "psci";
-			clocks = <&scmi_dvfs 2>;
-			capacity-dmips-mhz = <BIG2_CAPACITY>;
-		};
-
-		CPU10:cpu@A00 {
-			device_type = "cpu";
-			compatible = "arm,armv8";
-			reg = <0xA00>;
-			enable-method = "psci";
-			clocks = <&scmi_dvfs 2>;
-			capacity-dmips-mhz = <BIG2_CAPACITY>;
-		};
-
-		CPU11:cpu@B00 {
-			device_type = "cpu";
-			compatible = "arm,armv8";
-			reg = <0xB00>;
-			enable-method = "psci";
-			clocks = <&scmi_dvfs 2>;
-			capacity-dmips-mhz = <BIG2_CAPACITY>;
-		};
-
-		CPU12:cpu@C00 {
-			device_type = "cpu";
-			compatible = "arm,armv8";
-			reg = <0xC00>;
-			enable-method = "psci";
-			clocks = <&scmi_dvfs 3>;
-			capacity-dmips-mhz = <BIG_CAPACITY>;
-		};
-
-		CPU13:cpu@D00 {
-			device_type = "cpu";
-			compatible = "arm,armv8";
-			reg = <0xD00>;
-			enable-method = "psci";
-			clocks = <&scmi_dvfs 3>;
-			capacity-dmips-mhz = <BIG_CAPACITY>;
-		};
-#endif
-	};
-
-#if TARGET_FLAVOUR_FPGA
-	ete8 {
-		compatible = "arm,embedded-trace-extension";
-		cpu = <&CPU8>;
-	};
-
-	ete9 {
-		compatible = "arm,embedded-trace-extension";
-		cpu = <&CPU9>;
-	};
-
-	ete10 {
-		compatible = "arm,embedded-trace-extension";
-		cpu = <&CPU10>;
-	};
-
-	ete11 {
-		compatible = "arm,embedded-trace-extension";
-		cpu = <&CPU11>;
-	};
-
-	ete12 {
-		compatible = "arm,embedded-trace-extension";
-		cpu = <&CPU12>;
-	};
-
-	ete13 {
-		compatible = "arm,embedded-trace-extension";
-		cpu = <&CPU13>;
-	};
-#endif /* TARGET_FLAVOUR_FPGA */
-
-	cmn-pmu {
-		compatible = "arm,ci-700";
-		reg = <0x0 0x50000000 0x0 0x10000000>;
-		interrupts = <GIC_SPI 460 IRQ_TYPE_LEVEL_HIGH 0>;
-	};
-
-	mbox_db_rx: mhu@MHU_RX_ADDR {
-		arm,mhuv2-protocols = <0 1>;
-	};
-
-	mbox_db_tx: mhu@MHU_TX_ADDR {
-		arm,mhuv2-protocols = <0 1>;
-	};
-
-	firmware {
-		/*
-		 * TC2 does not have a P2A channel, but wiring one was needed to make Linux work
-		 * (by chance). At the time the SCMI driver did not support bidirectional
-		 * mailboxes so as a workaround, the A2P channel was wired for TX communication
-		 * and the synchronous replies would be read asyncrhonously as if coming from
-		 * the P2A channel, while being the actual A2P channel.
-		 *
-		 * This will not work with kernels > 5.15, but keep it around to keep TC2
-		 * working with its target kernel. Newer kernels will still work, but SCMI
-		 * won't as they check that the two regions are distinct.
-		 */
-		scmi {
-			mboxes = <&mbox_db_tx 0 0 &mbox_db_rx 0 0>;
-			shmem = <&cpu_scp_scmi_a2p &cpu_scp_scmi_a2p>;
-		};
-	};
-
-	gic: interrupt-controller@GIC_CTRL_ADDR {
-		ppi-partitions {
-			ppi_partition_little: interrupt-partition-0 {
-				affinity = <&CPU0>, <&CPU1>, <&CPU2>, <&CPU3>;
-			};
-
-#if TARGET_FLAVOUR_FVP
-			ppi_partition_mid: interrupt-partition-1 {
-				affinity = <&CPU4>, <&CPU5>, <&CPU6>;
-			};
-
-			ppi_partition_big: interrupt-partition-2 {
-				affinity = <&CPU7>;
-			};
-#elif TARGET_FLAVOUR_FPGA
-			ppi_partition_mid: interrupt-partition-1 {
-				affinity = <&CPU4>, <&CPU5>, <&CPU6>, <&CPU7>, <&CPU8>;
-			};
-
-			ppi_partition_big: interrupt-partition-2 {
-				affinity = <&CPU9>, <&CPU10>, <&CPU11>, <&CPU12>, <&CPU13>;
-			};
-#endif
-		};
-	};
-
-	spe-pmu-big {
-		status = "okay";
-	};
-
-	smmu_700: iommu@3f000000 {
-		status = "okay";
-	};
-
-	dp0: display@DPU_ADDR {
-#if TC_SCMI_PD_CTRL_EN
-		power-domains = <&scmi_devpd (PLAT_MAX_CPUS_PER_CLUSTER + 2)>;
-#endif
-		iommus = <&smmu_700 0x100>;
-	};
-
-	gpu: gpu@2d000000 {
-		interrupts = <GIC_SPI 66 IRQ_TYPE_LEVEL_HIGH 0>,
-			     <GIC_SPI 67 IRQ_TYPE_LEVEL_HIGH 0>,
-			     <GIC_SPI 65 IRQ_TYPE_LEVEL_HIGH 0>;
-		interrupt-names = "JOB", "MMU", "GPU";
-		iommus = <&smmu_700 0x200>;
-	};
-};
diff --git a/include/arch/aarch64/arch.h b/include/arch/aarch64/arch.h
index 3707520..77660b7 100644
--- a/include/arch/aarch64/arch.h
+++ b/include/arch/aarch64/arch.h
@@ -251,7 +251,7 @@
 #define ID_AA64DFR0_PMUVER_SHIFT	U(8)
 #define ID_AA64DFR0_PMUVER_MASK		U(0xf)
 #define ID_AA64DFR0_PMUVER_PMUV3	U(1)
-#define ID_AA64DFR0_PMUVER_PMUV3P8	U(8)
+#define ID_AA64DFR0_PMUVER_PMUV3P9	U(9)
 #define ID_AA64DFR0_PMUVER_IMP_DEF	U(0xf)
 
 /* ID_AA64DFR0_EL1.SEBEP definitions */
@@ -606,6 +606,11 @@
 #define SCTLR_EPAN_BIT		(ULL(1) << 57)
 #define SCTLR_RESET_VAL		SCTLR_EL3_RES1
 
+#define SCTLR2_EnPACM_BIT	(ULL(1) << 7)
+
+/* SCTLR2 currently has no RES1 fields so reset to 0 */
+#define SCTLR2_RESET_VAL	ULL(0)
+
 /* CPACR_EL1 definitions */
 #define CPACR_EL1_FPEN(x)	((x) << 20)
 #define CPACR_EL1_FP_TRAP_EL0	UL(0x1)
@@ -696,6 +701,7 @@
 #define MDCR_NSPBE_BIT		(ULL(1) << 11)
 #define MDCR_TDOSA_BIT		(ULL(1) << 10)
 #define MDCR_TDA_BIT		(ULL(1) << 9)
+#define MDCR_EnPM2_BIT		(ULL(1) << 7)
 #define MDCR_TPM_BIT		(ULL(1) << 6)
 #define MDCR_RLTE_BIT		(ULL(1) << 0)
 #define MDCR_EL3_RESET_VAL	MDCR_MTPME_BIT
@@ -855,6 +861,7 @@
 #define SPSR_PPEND_BIT		BIT(33)
 #define SPSR_EXLOCK_BIT_AARCH64	BIT_64(34)
 #define SPSR_NZCV		(SPSR_V_BIT | SPSR_C_BIT | SPSR_Z_BIT | SPSR_N_BIT)
+#define SPSR_PACM_BIT_AARCH64	BIT_64(35)
 
 #define DISABLE_ALL_EXCEPTIONS \
 		(DAIF_FIQ_BIT | DAIF_IRQ_BIT | DAIF_ABT_BIT | DAIF_DBG_BIT)
@@ -1531,6 +1538,7 @@
 /*******************************************************************************
  * FEAT_SCTLR2 - Extension to SCTLR_ELx Registers
  ******************************************************************************/
+#define SCTLR2_EL3		S3_6_C1_C0_3
 #define SCTLR2_EL2		S3_4_C1_C0_3
 #define SCTLR2_EL1		S3_0_C1_C0_3
 
diff --git a/include/arch/aarch64/arch_features.h b/include/arch/aarch64/arch_features.h
index e3068d1..757ce06 100644
--- a/include/arch/aarch64/arch_features.h
+++ b/include/arch/aarch64/arch_features.h
@@ -146,6 +146,8 @@
  * +----------------------------+
  * |	FEAT_MOPS		|
  * +----------------------------+
+ * |	FEAT_PAUTH_LR		|
+ * +----------------------------+
  */
 
 __attribute__((always_inline))
@@ -196,6 +198,35 @@
 CREATE_FEATURE_SUPPORTED(feat_pauth, is_feat_pauth_present, ENABLE_PAUTH)
 CREATE_FEATURE_SUPPORTED(ctx_pauth, is_feat_pauth_present, CTX_INCLUDE_PAUTH_REGS)
 
+/*
+ * FEAT_PAUTH_LR
+ * This feature has a non-standard discovery method so define this function
+ * manually then call use the CREATE_FEATURE_SUPPORTED macro with it. This
+ * feature is enabled with ENABLE_PAUTH when present.
+ */
+__attribute__((always_inline))
+static inline bool is_feat_pauth_lr_present(void)
+{
+	/*
+	 * FEAT_PAUTH_LR support is indicated by up to 3 fields, if one or more
+	 * of these is 0b0110 then the feature is present.
+	 *   1) id_aa64isr1_el1.api
+	 *   2) id_aa64isr1_el1.apa
+	 *   3) id_aa64isr2_el1.apa3
+	 */
+	if (ISOLATE_FIELD(read_id_aa64isar1_el1(), ID_AA64ISAR1_API_SHIFT, ID_AA64ISAR1_API_MASK) == 0b0110) {
+		return true;
+	}
+	if (ISOLATE_FIELD(read_id_aa64isar1_el1(), ID_AA64ISAR1_APA_SHIFT, ID_AA64ISAR1_APA_MASK) == 0b0110) {
+		return true;
+	}
+	if (ISOLATE_FIELD(read_id_aa64isar2_el1(), ID_AA64ISAR2_APA3_SHIFT, ID_AA64ISAR2_APA3_MASK) == 0b0110) {
+		return true;
+	}
+	return false;
+}
+CREATE_FEATURE_SUPPORTED(feat_pauth_lr, is_feat_pauth_lr_present, ENABLE_FEAT_PAUTH_LR)
+
 /* FEAT_TTST: Small translation tables */
 CREATE_FEATURE_PRESENT(feat_ttst, id_aa64mmfr2_el1, ID_AA64MMFR2_EL1_ST_SHIFT,
 			ID_AA64MMFR2_EL1_ST_MASK, 1U)
diff --git a/include/arch/aarch64/arch_helpers.h b/include/arch/aarch64/arch_helpers.h
index 9419583..c885424 100644
--- a/include/arch/aarch64/arch_helpers.h
+++ b/include/arch/aarch64/arch_helpers.h
@@ -240,12 +240,11 @@
  ******************************************************************************/
 static inline u_register_t xpaci(u_register_t arg)
 {
-	register u_register_t x0 asm("x0") = arg;
+	__asm__ (".arch armv8.3-a\n"
+		 "xpaci %0\n"
+		 : "+r" (arg));
 
-	/* `xpaci x0` for compatibility with older compiler and/or older -march */
-	__asm__ (".arch armv8.3-a; xpaci %0\n" : "+r" (x0));
-
-	return x0;
+	return arg;
 }
 
 void flush_dcache_range(uintptr_t addr, size_t size);
@@ -733,6 +732,7 @@
 /* FEAT_SCTLR2 Registers */
 DEFINE_RENAME_SYSREG_RW_FUNCS(sctlr2_el1, SCTLR2_EL1)
 DEFINE_RENAME_SYSREG_RW_FUNCS(sctlr2_el2, SCTLR2_EL2)
+DEFINE_RENAME_SYSREG_RW_FUNCS(sctlr2_el3, SCTLR2_EL3)
 
 /* FEAT_LS64_ACCDATA Registers */
 DEFINE_RENAME_SYSREG_RW_FUNCS(accdata_el1, ACCDATA_EL1)
diff --git a/include/arch/aarch64/asm_macros.S b/include/arch/aarch64/asm_macros.S
index da51bf8..8f1651d 100644
--- a/include/arch/aarch64/asm_macros.S
+++ b/include/arch/aarch64/asm_macros.S
@@ -230,7 +230,7 @@
 	 */
 	.macro	read reg:req
 #if ENABLE_BTI
-	bti	j
+	BTI	j
 #endif
 	mrs	x0, \reg
 	ret
@@ -241,7 +241,7 @@
 	 */
 	.macro	write reg:req
 #if ENABLE_BTI
-	bti	j
+	BTI	j
 #endif
 	msr	\reg, x1
 	ret
@@ -351,6 +351,11 @@
 	tst	\reg, \clobber
 	.endm
 
+	.macro is_feat_sctlr2_present_asm reg:req
+	mrs	\reg, ID_AA64MMFR3_EL1
+	ands	\reg, \reg, #(ID_AA64MMFR3_EL1_SCTLR2_MASK << ID_AA64MMFR3_EL1_SCTLR2_SHIFT)
+	.endm
+
 .macro call_reset_handler
 #if !(defined(IMAGE_BL2) && ENABLE_RME)
 	/* ---------------------------------------------------------------------
diff --git a/include/arch/aarch64/el3_common_macros.S b/include/arch/aarch64/el3_common_macros.S
index 07dffb1..fce0f2c 100644
--- a/include/arch/aarch64/el3_common_macros.S
+++ b/include/arch/aarch64/el3_common_macros.S
@@ -45,6 +45,16 @@
 	msr	sctlr_el3, x0
 	isb
 
+#if ENABLE_FEAT_SCTLR2
+#if ENABLE_FEAT_SCTLR2 > 1
+	is_feat_sctlr2_present_asm x1
+	beq	feat_sctlr2_not_supported\@
+#endif
+	mov	x1, #SCTLR2_RESET_VAL
+	msr	SCTLR2_EL3, x1
+feat_sctlr2_not_supported\@:
+#endif
+
 #ifdef IMAGE_BL31
 	/* ---------------------------------------------------------------------
 	 * Initialise the per-cpu cache pointer to the CPU.
diff --git a/include/bl32/tsp/platform_tsp.h b/include/bl32/tsp/platform_tsp.h
index fe8a2c9..81a1a40 100644
--- a/include/bl32/tsp/platform_tsp.h
+++ b/include/bl32/tsp/platform_tsp.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2025, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -10,7 +10,8 @@
 /*******************************************************************************
  * Mandatory TSP functions (only if platform contains a TSP)
  ******************************************************************************/
-void tsp_early_platform_setup(void);
+void tsp_early_platform_setup(u_register_t arg0, u_register_t arg1,
+			      u_register_t arg2, u_register_t arg3);
 void tsp_plat_arch_setup(void);
 void tsp_platform_setup(void);
 
diff --git a/include/bl32/tsp/tsp.h b/include/bl32/tsp/tsp.h
index a63abf1..bc152e5 100644
--- a/include/bl32/tsp/tsp.h
+++ b/include/bl32/tsp/tsp.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2025, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -106,7 +106,8 @@
 	tsp_vector_isn_t abort_yield_smc_entry;
 } tsp_vectors_t;
 
-void tsp_setup(void);
+void tsp_setup(u_register_t arg0, u_register_t arg1, u_register_t arg2,
+	       u_register_t arg3);
 
 #endif /* __ASSEMBLER__ */
 
diff --git a/include/common/asm_macros_common.S b/include/common/asm_macros_common.S
index fd0ea81..9172b55 100644
--- a/include/common/asm_macros_common.S
+++ b/include/common/asm_macros_common.S
@@ -7,6 +7,20 @@
 #define ASM_MACROS_COMMON_S
 
 	/*
+	 * Provide a wrapper for the "bti" instructions using the more
+	 * compatible "hint" encoding, otherwise older toolchains would reject
+	 * this when not compiled for a BTI capable machine (-march=armv8.5-a).
+	 */
+	.macro	BTI _targets
+	.ifc	\_targets, j
+	hint	#36
+	.endif
+	.ifc	\_targets, jc
+	hint	#38
+	.endif
+	.endm
+
+	/*
 	 * This macro is used to create a function label and place the
 	 * code into a separate text section based on the function name
 	 * to enable elimination of unused code during linking. It also adds
@@ -42,7 +56,7 @@
 	/* When Branch Target Identification is enabled, insert "bti jc"
 	 * instruction to enable indirect calls and branches
 	 */
-	 bti	jc
+	BTI	jc
 #endif
 	.endm
 
diff --git a/include/drivers/measured_boot/event_log/event_handoff.h b/include/drivers/measured_boot/event_log/event_handoff.h
new file mode 100644
index 0000000..e969d1f
--- /dev/null
+++ b/include/drivers/measured_boot/event_log/event_handoff.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2025, Arm Limited. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+
+#ifndef HANDOFF_H
+#define HANDOFF_H
+
+#include <stdint.h>
+
+#include <lib/transfer_list.h>
+
+/**
+ * Initializes or extends the TPM event log in the transfer list.
+ *
+ * If an event log entry exists, attempts to resize it. Otherwise, adds a new entry.
+ * Copies old data if needed. Updates free to reflect available space.
+ *
+ * @param tl         Pointer to the transfer list header.
+ * @param req_size   Requested size (bytes)
+ * @param free       Available size (bytes)
+ * @return           Pointer to writable space in the log, or NULL on failure.
+ */
+uint8_t *transfer_list_event_log_extend(struct transfer_list_header *tl,
+					size_t req_size, size_t *free);
+
+/**
+ * Finalizes the event log after writing is complete.
+ *
+ * Resizes the event log to match actual data written, updates checksum,
+ * and flushes cache for the next stage.
+ *
+ * @param tl         Pointer to the transfer list header.
+ * @param cursor     End offset of written log data.
+ * @return           Pointer to finalized log data (past reserved bytes), or NULL.
+ */
+uint8_t *transfer_list_event_log_finish(struct transfer_list_header *tl,
+					uintptr_t cursor);
+
+#define EVENT_LOG_RESERVED_BYTES U(4)
+
+#endif /* HANDOFF_H */
diff --git a/include/drivers/measured_boot/event_log/event_log.h b/include/drivers/measured_boot/event_log/event_log.h
index 50e4721..b5adfdc 100644
--- a/include/drivers/measured_boot/event_log/event_log.h
+++ b/include/drivers/measured_boot/event_log/event_log.h
@@ -11,6 +11,7 @@
 #include <stdint.h>
 
 #include <drivers/auth/crypto_mod.h>
+#include "event_handoff.h"
 #include "tcg.h"
 
 /*
diff --git a/include/drivers/mmc.h b/include/drivers/mmc.h
index e94693d..454a85a 100644
--- a/include/drivers/mmc.h
+++ b/include/drivers/mmc.h
@@ -19,29 +19,29 @@
 
 #define MMC_ACMD(_x)			U(_x)
 
-#define OCR_POWERUP			BIT(31)
-#define OCR_HCS				BIT(30)
-#define OCR_BYTE_MODE			(U(0) << 29)
-#define OCR_SECTOR_MODE			(U(2) << 29)
-#define OCR_ACCESS_MODE_MASK		(U(3) << 29)
-#define OCR_3_5_3_6			BIT(23)
-#define OCR_3_4_3_5			BIT(22)
-#define OCR_3_3_3_4			BIT(21)
-#define OCR_3_2_3_3			BIT(20)
-#define OCR_3_1_3_2			BIT(19)
-#define OCR_3_0_3_1			BIT(18)
-#define OCR_2_9_3_0			BIT(17)
-#define OCR_2_8_2_9			BIT(16)
-#define OCR_2_7_2_8			BIT(15)
-#define OCR_VDD_MIN_2V7			GENMASK(23, 15)
-#define OCR_VDD_MIN_2V0			GENMASK(14, 8)
-#define OCR_VDD_MIN_1V7			BIT(7)
+#define OCR_POWERUP			BIT_32(31U)
+#define OCR_HCS				BIT_32(30U)
+#define OCR_BYTE_MODE			(U(0) << 29U)
+#define OCR_SECTOR_MODE			(U(2) << 29U)
+#define OCR_ACCESS_MODE_MASK		(U(3) << 29U)
+#define OCR_3_5_3_6			BIT_32(23U)
+#define OCR_3_4_3_5			BIT_32(22U)
+#define OCR_3_3_3_4			BIT_32(21U)
+#define OCR_3_2_3_3			BIT_32(20U)
+#define OCR_3_1_3_2			BIT_32(19U)
+#define OCR_3_0_3_1			BIT_32(18U)
+#define OCR_2_9_3_0			BIT_32(17U)
+#define OCR_2_8_2_9			BIT_32(16U)
+#define OCR_2_7_2_8			BIT_32(15U)
+#define OCR_VDD_MIN_2V7			GENMASK_32(23U, 15U)
+#define OCR_VDD_MIN_2V0			GENMASK_32(14U, 8U)
+#define OCR_VDD_MIN_1V7			BIT_32(7U)
 
-#define MMC_RSP_48			BIT(0)
-#define MMC_RSP_136			BIT(1)		/* 136 bit response */
-#define MMC_RSP_CRC			BIT(2)		/* expect valid crc */
-#define MMC_RSP_CMD_IDX			BIT(3)		/* response contains cmd idx */
-#define MMC_RSP_BUSY			BIT(4)		/* device may be busy */
+#define MMC_RSP_48			BIT_32(0U)
+#define MMC_RSP_136			BIT_32(1U)		/* 136 bit response */
+#define MMC_RSP_CRC			BIT_32(2U)		/* expect valid crc */
+#define MMC_RSP_CMD_IDX			BIT_32(3U)		/* response contains cmd idx */
+#define MMC_RSP_BUSY			BIT_32(4U)		/* device may be busy */
 
 /* JEDEC 4.51 chapter 6.12 */
 #define MMC_RESPONSE_R1			(MMC_RSP_48 | MMC_RSP_CMD_IDX | MMC_RSP_CRC)
diff --git a/include/lib/cpus/aarch64/cpu_macros.S b/include/lib/cpus/aarch64/cpu_macros.S
index 5d2bb7b..402e07f 100644
--- a/include/lib/cpus/aarch64/cpu_macros.S
+++ b/include/lib/cpus/aarch64/cpu_macros.S
@@ -514,7 +514,7 @@
 	.align \_align
 	\_name:
 #if ENABLE_BTI
-	bti	jc
+	BTI	jc
 #endif
 .endm
 
diff --git a/include/plat/arm/common/plat_arm.h b/include/plat/arm/common/plat_arm.h
index 4a856a7..aed85f5 100644
--- a/include/plat/arm/common/plat_arm.h
+++ b/include/plat/arm/common/plat_arm.h
@@ -300,7 +300,8 @@
 void arm_transfer_list_get_heap_info(void **heap_addr, size_t *heap_size);
 
 /* TSP utility functions */
-void arm_tsp_early_platform_setup(void);
+void arm_tsp_early_platform_setup(u_register_t arg0, u_register_t arg1,
+				  u_register_t arg2, u_register_t arg3);
 
 /* SP_MIN utility functions */
 void arm_sp_min_early_platform_setup(u_register_t arg0, u_register_t arg1,
diff --git a/include/services/arm_arch_svc.h b/include/services/arm_arch_svc.h
index 699a8d7..10ac2f1 100644
--- a/include/services/arm_arch_svc.h
+++ b/include/services/arm_arch_svc.h
@@ -95,6 +95,12 @@
 #define SCR_FEAT_AMUv1p1 (0)
 #endif
 
+#if ENABLE_FEAT_TWED
+#define SCR_FEAT_TWED SCR_TWEDEn_BIT
+#else
+#define SCR_FEAT_TWED (0)
+#endif
+
 #if ENABLE_FEAT_ECV
 #define SCR_FEAT_ECV SCR_ECVEN_BIT
 #else
@@ -119,7 +125,7 @@
 #define SCR_FEAT_CSV2_2 (0)
 #endif
 
-#if ENABLE_FEAT_RAS
+#if !RAS_TRAP_NS_ERR_REC_ACCESS
 #define SCR_FEAT_RAS SCR_TERR_BIT
 #else
 #define SCR_FEAT_RAS (0)
@@ -182,6 +188,7 @@
 	SCR_FEAT_HCX		|						\
 	SCR_FEAT_LS64_ACCDATA	|						\
 	SCR_FEAT_AMUv1p1	|						\
+	SCR_FEAT_TWED		|						\
 	SCR_FEAT_ECV		|						\
 	SCR_FEAT_FGT		|						\
 	SCR_FEAT_MTE2		|						\
@@ -289,6 +296,7 @@
 	MDCR_FEAT_SPE		|						\
 	MDCR_TDOSA_BIT		|						\
 	MDCR_TDA_BIT		|						\
+	MDCR_EnPM2_BIT		|						\
 	MDCR_TPM_BIT		| /* FEAT_PMUv3 */				\
 	MDCR_PLAT_FEATS)
 #define MDCR_EL3_FLIPPED (							\
diff --git a/lib/aarch64/cache_helpers.S b/lib/aarch64/cache_helpers.S
index ff9a4e6..cc46c53 100644
--- a/lib/aarch64/cache_helpers.S
+++ b/lib/aarch64/cache_helpers.S
@@ -215,7 +215,7 @@
 
 	.macro	dcsw_loop _op
 #if ENABLE_BTI
-	bti	j
+	BTI	j
 #endif
 loop2_\_op:
 	lsl	w7, w6, w2		// w7 = aligned max set number
diff --git a/lib/extensions/pauth/pauth.c b/lib/extensions/pauth/pauth.c
index 2dd0d28..fbbcaa2 100644
--- a/lib/extensions/pauth/pauth.c
+++ b/lib/extensions/pauth/pauth.c
@@ -62,16 +62,25 @@
 void __no_pauth pauth_enable_el3(void)
 {
 	write_sctlr_el3(read_sctlr_el3() | SCTLR_EnIA_BIT);
+
+	if (is_feat_pauth_lr_supported()) {
+		write_sctlr2_el3(read_sctlr2_el3() | SCTLR2_EnPACM_BIT);
+	}
+
 	isb();
 }
 
 void __no_pauth pauth_enable_el1(void)
 {
 	write_sctlr_el1(read_sctlr_el1() | SCTLR_EnIA_BIT);
+
+	if (is_feat_pauth_lr_supported()) {
+		write_sctlr2_el1(read_sctlr2_el1() | SCTLR2_EnPACM_BIT);
+	}
+
 	isb();
 }
 
-/* Enable PAuth for EL2 */
 void pauth_enable_el2(void)
 {
 	u_register_t hcr_el2 = read_hcr_el2();
diff --git a/lib/extensions/pmuv3/aarch64/pmuv3.c b/lib/extensions/pmuv3/aarch64/pmuv3.c
index 61d1258..b47b664 100644
--- a/lib/extensions/pmuv3/aarch64/pmuv3.c
+++ b/lib/extensions/pmuv3/aarch64/pmuv3.c
@@ -78,11 +78,14 @@
 	 *   1  |  1   |    enabled   | disabled only for counters 0 to
 	 *                              MDCR_EL2.HPMN - 1. Enabled for the rest
 	 *
+	 * MDCR_EL3.EnPM2: Set to one so that various PMUv3p9 related system
+	 * register accesses do not trap to EL3.
+	 *
 	 * MDCR_EL3.TPM: Set to zero so that EL0, EL1, and EL2 System register
 	 *  accesses to all Performance Monitors registers do not trap to EL3.
 	 */
-	mdcr_el3_val = (mdcr_el3_val | MDCR_SCCD_BIT | MDCR_MCCD_BIT) &
-		  ~(MDCR_MPMX_BIT | MDCR_SPME_BIT | MDCR_TPM_BIT);
+	mdcr_el3_val |= MDCR_SCCD_BIT | MDCR_MCCD_BIT | MDCR_EnPM2_BIT;
+	mdcr_el3_val &=	~(MDCR_MPMX_BIT | MDCR_SPME_BIT | MDCR_TPM_BIT);
 	mdcr_el3_val = mtpmu_disable_el3(mdcr_el3_val);
 
 	write_ctx_reg(state, CTX_MDCR_EL3, mdcr_el3_val);
diff --git a/lib/libc/printf.c b/lib/libc/printf.c
index f8c4a26..2a4b9db 100644
--- a/lib/libc/printf.c
+++ b/lib/libc/printf.c
@@ -44,19 +44,19 @@
 	unsigned int rem;
 
 	/* num_buf is only large enough for radix >= 10 */
-	if (radix < 10) {
+	if (radix < 10U) {
 		assert(0);
 		return 0;
 	}
 
 	do {
 		rem = (uint32_t)(unum % radix);
-		if (rem < 0xa) {
+		if (rem < 0xaU) {
 			num_buf[i] = '0' + rem;
 		} else if (uppercase) {
-			num_buf[i] = 'A' + (rem - 0xa);
+			num_buf[i] = 'A' + (rem - 0xaU);
 		} else {
-			num_buf[i] = 'a' + (rem - 0xa);
+			num_buf[i] = 'a' + (rem - 0xaU);
 		}
 		i++;
 		unum /= radix;
diff --git a/make_helpers/arch_features.mk b/make_helpers/arch_features.mk
index 56bfb64..1561a59 100644
--- a/make_helpers/arch_features.mk
+++ b/make_helpers/arch_features.mk
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2022-2024, Arm Limited. All rights reserved.
+# Copyright (c) 2022-2025, Arm Limited. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -160,6 +160,11 @@
 # direct setting. Use BRANCH_PROTECTION to enable PAUTH.
 ENABLE_PAUTH			?=	0
 
+# FEAT_PAUTH_LR is an optional architectural feature, so this flag must be set
+# manually in addition to the BRANCH_PROTECTION flag which is used for other
+# branch protection and pointer authentication features.
+ENABLE_FEAT_PAUTH_LR		?=	0
+
 # Include pointer authentication (ARMv8.3-PAuth) registers in cpu context. This
 # must be set to 1 if the platform wants to use this feature in the Secure
 # world. It is not necessary for use in the Non-secure world.
diff --git a/plat/arm/board/fvp/fvp_bl1_measured_boot.c b/plat/arm/board/fvp/fvp_bl1_measured_boot.c
index 7e2d9cc..d6b6863 100644
--- a/plat/arm/board/fvp/fvp_bl1_measured_boot.c
+++ b/plat/arm/board/fvp/fvp_bl1_measured_boot.c
@@ -8,11 +8,16 @@
 
 #include <drivers/measured_boot/event_log/event_log.h>
 #include <drivers/measured_boot/metadata.h>
-#include <plat/arm/common/plat_arm.h>
 #include <tools_share/zero_oid.h>
 
+#include <plat/arm/common/plat_arm.h>
+
 /* Event Log data */
+#if TRANSFER_LIST
+static uint8_t *event_log;
+#else
 static uint8_t event_log[PLAT_ARM_EVENT_LOG_MAX_SIZE];
+#endif
 
 /* FVP table with platform specific image IDs, names and PCRs */
 const event_log_metadata_t fvp_event_log_metadata[] = {
@@ -20,14 +25,23 @@
 	{ TB_FW_CONFIG_ID, MBOOT_TB_FW_CONFIG_STRING, PCR_0 },
 	{ BL2_IMAGE_ID, MBOOT_BL2_IMAGE_STRING, PCR_0 },
 
-	{ EVLOG_INVALID_ID, NULL, (unsigned int)(-1) }	/* Terminator */
+	{ EVLOG_INVALID_ID, NULL, (unsigned int)(-1) } /* Terminator */
 };
 
 void bl1_plat_mboot_init(void)
 {
-	size_t event_log_max_size = PLAT_ARM_EVENT_LOG_MAX_SIZE;
+	size_t event_log_max_size;
 	int rc;
 
+#if TRANSFER_LIST
+	event_log = transfer_list_event_log_extend(
+		secure_tl, PLAT_ARM_EVENT_LOG_MAX_SIZE,
+		&event_log_max_size);
+	assert(event_log != NULL);
+#else
+	event_log_max_size = sizeof(event_log);
+#endif
+
 	rc = event_log_init(event_log, event_log + event_log_max_size);
 	if (rc < 0) {
 		ERROR("Failed to initialize event log (%d).\n", rc);
@@ -43,18 +57,28 @@
 
 void bl1_plat_mboot_finish(void)
 {
-	size_t event_log_cur_size;
+	size_t event_log_cur_size = event_log_get_cur_size(event_log);
 
-	event_log_cur_size = event_log_get_cur_size(event_log);
-	int rc = arm_set_tb_fw_info((uintptr_t)event_log,
-				    event_log_cur_size,
-				    PLAT_ARM_EVENT_LOG_MAX_SIZE);
-	if (rc != 0) {
-		/*
-		 * It is a fatal error because on FVP platform, BL2 software
-		 * assumes that a valid Event Log buffer exist and it will use
-		 * same Event Log buffer to append image measurements.
-		 */
-		panic();
+#if TRANSFER_LIST
+	uint8_t *rc = transfer_list_event_log_finish(
+		secure_tl, (uintptr_t)event_log + event_log_cur_size);
+
+	if (rc != NULL) {
+		return;
 	}
+#else
+	int rc = arm_set_tb_fw_info((uintptr_t)event_log, event_log_cur_size,
+				PLAT_ARM_EVENT_LOG_MAX_SIZE);
+	if (rc == 0) {
+		return;
+	}
+#endif
+
+	/*
+	 * Panic if we fail to set up the event log for the next stage. This is a fatal
+	 * error because, on the FVP platform, BL2 software assumes that a valid
+	 * Event Log buffer exists and will use the same Event Log buffer to append image
+	 * measurements.
+	 */
+	panic();
 }
diff --git a/plat/arm/board/fvp/fvp_bl2_measured_boot.c b/plat/arm/board/fvp/fvp_bl2_measured_boot.c
index 28aef92..1fae0cf 100644
--- a/plat/arm/board/fvp/fvp_bl2_measured_boot.c
+++ b/plat/arm/board/fvp/fvp_bl2_measured_boot.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021-2024, Arm Limited. All rights reserved.
+ * Copyright (c) 2021-2025, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -19,7 +19,7 @@
 #include <plat/arm/common/plat_arm.h>
 #include <plat/common/common_def.h>
 
-#if defined(SPD_tspd) || defined(SPD_opteed) || defined(SPD_spmd)
+#if !TRANSFER_LIST && (defined(SPD_tspd) || defined(SPD_opteed) || defined(SPD_spmd))
 CASSERT(ARM_EVENT_LOG_DRAM1_SIZE >= PLAT_ARM_EVENT_LOG_MAX_SIZE, \
 	assert_res_eventlog_mem_insufficient);
 #endif /* defined(SPD_tspd) || defined(SPD_opteed) || defined(SPD_spmd) */
@@ -61,10 +61,17 @@
 {
 	uint8_t *event_log_start;
 	uint8_t *event_log_finish;
-	size_t bl1_event_log_size;
-	size_t event_log_max_size;
-	int rc;
+	size_t bl1_event_log_size __unused;
+	size_t event_log_max_size __unused;
+	int rc __unused;
 
+#if TRANSFER_LIST
+	event_log_start = transfer_list_event_log_extend(
+		secure_tl, PLAT_ARM_EVENT_LOG_MAX_SIZE, &event_log_max_size);
+	event_log_finish = event_log_start + event_log_max_size;
+
+	event_log_base = (uintptr_t)event_log_start;
+#else
 	rc = arm_get_tb_fw_info(&event_log_base, &bl1_event_log_size,
 				&event_log_max_size);
 	if (rc != 0) {
@@ -82,10 +89,11 @@
 	 * BL1 and BL2 share the same Event Log buffer and that BL2 will
 	 * append its measurements after BL1's
 	 */
-	event_log_start = (uint8_t *)((uintptr_t)event_log_base +
-				      bl1_event_log_size);
-	event_log_finish = (uint8_t *)((uintptr_t)event_log_base +
-				       event_log_max_size);
+	event_log_start =
+		(uint8_t *)((uintptr_t)event_log_base + bl1_event_log_size);
+	event_log_finish =
+		(uint8_t *)((uintptr_t)event_log_base + event_log_max_size);
+#endif
 
 	event_log_init((uint8_t *)event_log_start, event_log_finish);
 }
@@ -160,7 +168,7 @@
 	int rc;
 
 	/* Event Log address in Non-Secure memory */
-	uintptr_t ns_log_addr;
+	uintptr_t ns_log_addr __unused;
 
 	/* Event Log filled size */
 	size_t event_log_cur_size;
@@ -172,6 +180,15 @@
 
 	event_log_cur_size = event_log_get_cur_size((uint8_t *)event_log_base);
 
+#if TRANSFER_LIST
+	/*
+	 * Re-size the event log for the next stage and update the size to include
+	 * the entire event log (i.e., not just what this stage has added.)
+	 */
+	event_log_base = (uintptr_t)transfer_list_event_log_finish(
+		secure_tl, (uintptr_t)event_log_base + event_log_cur_size);
+	event_log_cur_size = event_log_get_cur_size((uint8_t *)event_log_base);
+#else
 #if defined(SPD_tspd) || defined(SPD_opteed) || defined(SPD_spmd)
 	/* Copy Event Log to TZC secured DRAM memory */
 	(void)memcpy((void *)ARM_EVENT_LOG_DRAM1_BASE,
@@ -217,6 +234,7 @@
 		panic();
 	}
 #endif /* defined(SPD_tspd) || defined(SPD_spmd) */
+#endif /* TRANSFER_LIST */
 
 	event_log_dump((uint8_t *)event_log_base, event_log_cur_size);
 }
diff --git a/plat/arm/board/fvp/fvp_private.h b/plat/arm/board/fvp/fvp_private.h
index 9a51eb7..7e53a65 100644
--- a/plat/arm/board/fvp/fvp_private.h
+++ b/plat/arm/board/fvp/fvp_private.h
@@ -19,7 +19,6 @@
 void fvp_interconnect_enable(void);
 void fvp_interconnect_disable(void);
 void fvp_timer_init(void);
-void tsp_early_platform_setup(void);
 void fvp_pcpu_init(void);
 void fvp_gic_driver_pre_init(void);
 
diff --git a/plat/arm/board/fvp/include/platform_def.h b/plat/arm/board/fvp/include/platform_def.h
index 854e48a..68ff0fe 100644
--- a/plat/arm/board/fvp/include/platform_def.h
+++ b/plat/arm/board/fvp/include/platform_def.h
@@ -206,7 +206,7 @@
 #  define PLAT_ARM_MMAP_ENTRIES		12
 #  define MAX_XLAT_TABLES		6
 # else
-#  define PLAT_ARM_MMAP_ENTRIES		11
+#  define PLAT_ARM_MMAP_ENTRIES		12
 #  define MAX_XLAT_TABLES		5
 # endif /* (IMAGE_BL2 && ENABLE_RME) */
 #else
@@ -514,8 +514,12 @@
 /* Account for additional measurements of secure partitions and SPM. */
 #define	PLAT_ARM_EVENT_LOG_MAX_SIZE		UL(0x800)
 #else
+#if defined(IMAGE_BL1) && TRANSFER_LIST
+#define PLAT_ARM_EVENT_LOG_MAX_SIZE		UL(0x200)
+#else
 #define	PLAT_ARM_EVENT_LOG_MAX_SIZE		UL(0x400)
 #endif
+#endif
 
 /*
  * Maximum size of Event Log buffer used for DRTM
diff --git a/plat/arm/board/fvp/platform.mk b/plat/arm/board/fvp/platform.mk
index beb6d5d..8e8870c 100644
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@@ -292,7 +292,7 @@
 				plat/arm/board/fvp/fvp_ide_keymgmt.c
 endif
 
-ifeq (${ENABLE_FEAT_RNG_TRAP},1)
+ifneq (${ENABLE_FEAT_RNG_TRAP},0)
 BL31_SOURCES		+=	plat/arm/board/fvp/fvp_sync_traps.c
 endif
 
diff --git a/plat/arm/board/fvp/tsp/fvp_tsp_setup.c b/plat/arm/board/fvp/tsp/fvp_tsp_setup.c
index 3c8a963..53a84c6 100644
--- a/plat/arm/board/fvp/tsp/fvp_tsp_setup.c
+++ b/plat/arm/board/fvp/tsp/fvp_tsp_setup.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2025, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -8,9 +8,10 @@
 
 #include "../fvp_private.h"
 
-void tsp_early_platform_setup(void)
+void tsp_early_platform_setup(u_register_t arg0, u_register_t arg1,
+			      u_register_t arg2, u_register_t arg3)
 {
-	arm_tsp_early_platform_setup();
+	arm_tsp_early_platform_setup(arg0, arg1, arg2, arg3);
 
 	/* Initialize the platform config for future decision making */
 	fvp_config_setup();
diff --git a/plat/arm/board/tc/include/platform_def.h b/plat/arm/board/tc/include/platform_def.h
index 0216000..76bae38 100644
--- a/plat/arm/board/tc/include/platform_def.h
+++ b/plat/arm/board/tc/include/platform_def.h
@@ -258,11 +258,7 @@
 #define TC_FLASH0_RO	MAP_REGION_FLAT(V2M_FLASH0_BASE,\
 						V2M_FLASH0_SIZE,	\
 						MT_DEVICE | MT_RO | MT_SECURE)
-#if TARGET_PLATFORM == 2
-#define PLAT_ARM_NSTIMER_FRAME_ID	U(0)
-#else
 #define PLAT_ARM_NSTIMER_FRAME_ID	U(1)
-#endif
 
 #define PLAT_ARM_TRUSTED_ROM_BASE	0x0
 
@@ -276,10 +272,7 @@
 #define PLAT_ARM_NSRAM_SIZE		0x00008000	/* 64KB */
 #endif /* TARGET_FLAVOUR_FPGA */
 
-#if TARGET_PLATFORM <= 2
-#define PLAT_ARM_DRAM2_BASE		ULL(0x8080000000)
-#define PLAT_ARM_DRAM2_SIZE             ULL(0x180000000)
-#elif TARGET_PLATFORM >= 3
+#if TARGET_PLATFORM >= 3
 
 #if TC_FPGA_FS_IMG_IN_RAM
 /* 10GB reserved for system+userdata+vendor images */
@@ -348,28 +341,19 @@
 					 CSS_SCMI_PAYLOAD_SIZE_MAX)
 
 #define PLAT_ARM_CLUSTER_COUNT		U(1)
-#if TARGET_FLAVOUR_FPGA && TARGET_PLATFORM == 2
-#define PLAT_MAX_CPUS_PER_CLUSTER	U(14)
-#else /* TARGET_FLAVOUR_FPGA && TARGET_PLATFORM == 2 */
 #define PLAT_MAX_CPUS_PER_CLUSTER	U(8)
-#endif /* TARGET_FLAVOUR_FPGA && TARGET_PLATFORM == 2 */
 #define PLAT_MAX_PE_PER_CPU		U(1)
 
 #define PLATFORM_CORE_COUNT		(PLAT_MAX_CPUS_PER_CLUSTER * PLAT_ARM_CLUSTER_COUNT)
 
 /* Message Handling Unit (MHU) base addresses */
-#if TARGET_PLATFORM <= 2
-	#define PLAT_CSS_MHU_BASE		UL(0x45400000)
-#elif TARGET_PLATFORM >= 3
+#if TARGET_PLATFORM >= 3
 	#define PLAT_CSS_MHU_BASE		UL(0x46000000)
 #endif /* TARGET_PLATFORM >= 3 */
 #define PLAT_MHUV2_BASE			PLAT_CSS_MHU_BASE
 
 /* AP<->RSS MHUs */
-#if TARGET_PLATFORM <= 2
-#define PLAT_RSE_AP_SND_MHU_BASE	UL(0x2A840000)
-#define PLAT_RSE_AP_RCV_MHU_BASE	UL(0x2A850000)
-#elif TARGET_PLATFORM == 3
+#if TARGET_PLATFORM == 3
 #define PLAT_RSE_AP_SND_MHU_BASE	UL(0x49000000)
 #define PLAT_RSE_AP_RCV_MHU_BASE	UL(0x49100000)
 #elif TARGET_PLATFORM == 4
@@ -403,36 +387,6 @@
  */
 #define PLAT_CSS_MAX_SCP_BL2U_SIZE	0x30000
 
-#if TARGET_PLATFORM <= 2
-/* TZC Related Constants */
-#define PLAT_ARM_TZC_BASE		UL(0x25000000)
-#define PLAT_ARM_TZC_FILTERS		TZC_400_REGION_ATTR_FILTER_BIT(0)
-
-#define TZC400_OFFSET			UL(0x1000000)
-#define TZC400_COUNT			4
-
-#define TZC400_BASE(n)			(PLAT_ARM_TZC_BASE + \
-					 (n * TZC400_OFFSET))
-
-#define TZC_NSAID_DEFAULT		U(0)
-
-#define PLAT_ARM_TZC_NS_DEV_ACCESS	\
-		(TZC_REGION_ACCESS_RDWR(TZC_NSAID_DEFAULT))
-
-/*
- * The first region below, TC_TZC_DRAM1_BASE (0xf9000000) to
- * ARM_SCP_TZC_DRAM1_END (0xffffffff) will mark the last 112 MB of DRAM as
- * secure. The second and third regions gives non secure access to rest of DRAM.
- */
-#define TC_TZC_REGIONS_DEF	\
-	{TC_TZC_DRAM1_BASE, ARM_SCP_TZC_DRAM1_END,	\
-		TZC_REGION_S_RDWR, PLAT_ARM_TZC_NS_DEV_ACCESS},	\
-	{TC_NS_DRAM1_BASE, TC_NS_DRAM1_END, ARM_TZC_NS_DRAM_S_ACCESS,	\
-		PLAT_ARM_TZC_NS_DEV_ACCESS},	\
-	{PLAT_ARM_DRAM2_BASE, PLAT_ARM_DRAM2_END,	\
-		ARM_TZC_NS_DRAM_S_ACCESS, PLAT_ARM_TZC_NS_DEV_ACCESS}
-#endif
-
 /* virtual address used by dynamic mem_protect for chunk_base */
 #define PLAT_ARM_MEM_PROTEC_VA_FRAME	UL(0xc0000000)
 
@@ -468,13 +422,11 @@
 #undef  ARM_CONSOLE_BAUDRATE
 #define ARM_CONSOLE_BAUDRATE		38400
 
-#if TARGET_PLATFORM <= 2
-#define TC_UARTCLK			5000000
-#elif TARGET_PLATFORM == 3
+#if TARGET_PLATFORM == 3
 #define TC_UARTCLK			3750000
 #elif TARGET_PLATFORM == 4
 #define TC_UARTCLK			4000000
-#endif /* TARGET_PLATFORM <=2 */
+#endif /* TARGET_PLATFORM == 3 */
 
 
 #if TARGET_FLAVOUR_FVP
diff --git a/plat/arm/board/tc/include/tc_helpers.S b/plat/arm/board/tc/include/tc_helpers.S
index cc2f760..9a8172a 100644
--- a/plat/arm/board/tc/include/tc_helpers.S
+++ b/plat/arm/board/tc/include/tc_helpers.S
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2024, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2024-2025, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -74,10 +74,6 @@
 	ret
 endfunc enable_dsu_pmu_el1_access
 
-func TC_HANDLER(2)
-	ret
-endfunc TC_HANDLER(2)
-
 func TC_HANDLER(3)
 	mov	x9, lr
 	bl	mark_extllc_presence
diff --git a/plat/arm/board/tc/platform.mk b/plat/arm/board/tc/platform.mk
index bbccce6..b29f0d6 100644
--- a/plat/arm/board/tc/platform.mk
+++ b/plat/arm/board/tc/platform.mk
@@ -67,15 +67,10 @@
 endif
 endif
 
-ifneq ($(shell expr $(TARGET_PLATFORM) \<= 1), 0)
+ifneq ($(shell expr $(TARGET_PLATFORM) \<= 2), 0)
         $(error Platform ${PLAT}$(TARGET_PLATFORM) is no longer available.)
 endif
 
-ifneq ($(shell expr $(TARGET_PLATFORM) = 2), 0)
-        $(warning Platform ${PLAT}$(TARGET_PLATFORM) is deprecated. \
-          Some of the features might not work as expected)
-endif
-
 ifeq ($(shell expr $(TARGET_PLATFORM) \<= 4), 0)
         $(error TARGET_PLATFORM must be less than or equal to 4)
 endif
@@ -109,35 +104,13 @@
 # Save DSU PMU registers on cluster off and restore them on cluster on
 PRESERVE_DSU_PMU_REGS		:= 1
 
-# Specify MHU type based on platform
-ifneq ($(filter ${TARGET_PLATFORM}, 2),)
-	PLAT_MHU		:= MHUv2
-else
-	PLAT_MHU		:= MHUv3
-endif
+PLAT_MHU		:= MHUv3
 
 TC_BASE	=	plat/arm/board/tc
 
 PLAT_INCLUDES		+=	-I${TC_BASE}/include/ \
 				-I${TC_BASE}/fdts/
 
-# CPU libraries for TARGET_PLATFORM=1
-ifeq (${TARGET_PLATFORM}, 1)
-TC_CPU_SOURCES	+=	lib/cpus/aarch64/cortex_a510.S \
-			lib/cpus/aarch64/cortex_a715.S \
-			lib/cpus/aarch64/cortex_x3.S
-endif
-
-# CPU libraries for TARGET_PLATFORM=2
-ifeq (${TARGET_PLATFORM}, 2)
-ERRATA_A520_2938996	:=	1
-ERRATA_X4_2726228	:=	1
-
-TC_CPU_SOURCES	+=	lib/cpus/aarch64/cortex_a520.S \
-			lib/cpus/aarch64/cortex_a720.S \
-			lib/cpus/aarch64/cortex_x4.S
-endif
-
 # CPU libraries for TARGET_PLATFORM=3
 ifeq (${TARGET_PLATFORM}, 3)
 ERRATA_A520_2938996	:=	1
@@ -183,10 +156,6 @@
 				drivers/arm/tzc/tzc400.c		\
 				plat/arm/common/arm_nor_psci_mem_protect.c
 
-ifeq ($(shell test $(TARGET_PLATFORM) -le 2; echo $$?),0)
-BL2_SOURCES		+=	plat/arm/common/arm_tzc400.c
-endif
-
 BL31_SOURCES		+=	${INTERCONNECT_SOURCES}	\
 				${TC_CPU_SOURCES}	\
 				${TC_BASE}/tc_bl31_setup.c	\
diff --git a/plat/arm/board/tc/tc_bl31_setup.c b/plat/arm/board/tc/tc_bl31_setup.c
index a358390..7f2014b 100644
--- a/plat/arm/board/tc/tc_bl31_setup.c
+++ b/plat/arm/board/tc/tc_bl31_setup.c
@@ -54,15 +54,6 @@
 }
 #endif /* PLATFORM_TEST_TFM_TESTSUITE */
 
-#if TARGET_PLATFORM <= 2
-static scmi_channel_plat_info_t tc_scmi_plat_info = {
-	.scmi_mbx_mem = CSS_SCMI_PAYLOAD_BASE,
-	.db_reg_addr = PLAT_CSS_MHU_BASE + SENDER_REG_SET(0),
-	.db_preserve_mask = 0xfffffffe,
-	.db_modify_mask = 0x1,
-	.ring_doorbell = &mhuv2_ring_doorbell,
-};
-#elif TARGET_PLATFORM >= 3
 static scmi_channel_plat_info_t tc_scmi_plat_info = {
 	.scmi_mbx_mem = CSS_SCMI_PAYLOAD_BASE,
 	.db_reg_addr = PLAT_CSS_MHU_BASE + MHU_V3_SENDER_REG_SET(0),
@@ -70,7 +61,6 @@
 	.db_modify_mask = 0x1,
 	.ring_doorbell = &mhu_ring_doorbell,
 };
-#endif
 
 /* the bottom 3 AMU group 1 counters */
 #define MPMM_GEARS ((1 << 0) | (1 << 1) | (1 << 2))
diff --git a/plat/arm/board/tc/tc_security.c b/plat/arm/board/tc/tc_security.c
index 7c7a1a1..804a35b 100644
--- a/plat/arm/board/tc/tc_security.c
+++ b/plat/arm/board/tc/tc_security.c
@@ -7,21 +7,8 @@
 #include <plat/arm/common/plat_arm.h>
 #include <platform_def.h>
 
-#if (TARGET_PLATFORM <= 2)
-static const arm_tzc_regions_info_t tzc_regions[] = {
-	TC_TZC_REGIONS_DEF,
-	{}
-};
-#endif
-
 /* Initialize the secure environment */
 void plat_arm_security_setup(void)
 {
-#if (TARGET_PLATFORM <= 2)
-	unsigned int i;
 
-	for (i = 0U; i < TZC400_COUNT; i++) {
-		arm_tzc400_setup(TZC400_BASE(i), tzc_regions);
-	}
-#endif
 }
diff --git a/plat/arm/common/arm_bl2_setup.c b/plat/arm/common/arm_bl2_setup.c
index bd3946c..522017f 100644
--- a/plat/arm/common/arm_bl2_setup.c
+++ b/plat/arm/common/arm_bl2_setup.c
@@ -320,6 +320,13 @@
 void arm_bl2_setup_next_ep_info(bl_mem_params_node_t *next_param_node)
 {
 	entry_point_info_t *ep __unused;
+
+	/*
+	 * Information might have been added to the TL before this (i.e. event log)
+	 * make sure the checksum is up to date.
+	 */
+	transfer_list_update_checksum(secure_tl);
+
 	ep = transfer_list_set_handoff_args(secure_tl,
 					    &next_param_node->ep_info);
 	assert(ep != NULL);
diff --git a/plat/arm/common/arm_bl31_setup.c b/plat/arm/common/arm_bl31_setup.c
index 82f96ba..f196269 100644
--- a/plat/arm/common/arm_bl31_setup.c
+++ b/plat/arm/common/arm_bl31_setup.c
@@ -133,7 +133,12 @@
 	}
 #endif
 	else {
+#if TRANSFER_LIST && !RESET_TO_BL31
+		next_image_info = transfer_list_set_handoff_args(
+			secure_tl, &bl32_image_ep_info);
+#else
 		next_image_info = &bl32_image_ep_info;
+#endif
 	}
 
 	/*
@@ -394,6 +399,16 @@
 	te = transfer_list_add(ns_tl, TL_TAG_FDT, te->data_size,
 			       transfer_list_entry_data(te));
 	assert(te != NULL);
+
+	te = transfer_list_find(secure_tl, TL_TAG_TPM_EVLOG);
+	if (te != NULL) {
+		te = transfer_list_add(ns_tl, TL_TAG_TPM_EVLOG, te->data_size,
+				  transfer_list_entry_data(te));
+		if (te == NULL) {
+			ERROR("Failed to load event log in Non-Secure transfer list\n");
+			panic();
+		}
+	}
 #endif /* TRANSFER_LIST && !RESET_TO_BL31 */
 
 #if RESET_TO_BL31
diff --git a/plat/arm/common/arm_common.mk b/plat/arm/common/arm_common.mk
index d3c2a96..418a9d8 100644
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@@ -456,6 +456,9 @@
     ifeq (${MEASURED_BOOT},1)
          BL1_SOURCES		+= 	${EVENT_LOG_SOURCES}
          BL2_SOURCES		+= 	${EVENT_LOG_SOURCES}
+         ifeq (${SPD_tspd},1)
+             BL32_SOURCES		+= 	${EVENT_LOG_SOURCES}
+         endif
     endif
 
     ifeq (${DRTM_SUPPORT},1)
diff --git a/plat/arm/common/tsp/arm_tsp.mk b/plat/arm/common/tsp/arm_tsp.mk
index 4ad77c6..d7592df 100644
--- a/plat/arm/common/tsp/arm_tsp.mk
+++ b/plat/arm/common/tsp/arm_tsp.mk
@@ -1,5 +1,5 @@
 #
-# Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2025, Arm Limited and Contributors. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@@ -8,3 +8,10 @@
 BL32_SOURCES		+=	plat/arm/common/arm_topology.c			\
 				plat/arm/common/tsp/arm_tsp_setup.c		\
 				plat/common/aarch64/platform_mp_stack.S
+
+ifeq (${TRANSFER_LIST},1)
+BL32_SOURCES	+=	$(TRANSFER_LIST_SOURCES)
+ifeq (${MEASURED_BOOT},1)
+BL32_SOURCES	+=	$(EVENT_LOG_SOURCES)
+endif
+endif
diff --git a/plat/arm/common/tsp/arm_tsp_setup.c b/plat/arm/common/tsp/arm_tsp_setup.c
index 4f45579..d018dee 100644
--- a/plat/arm/common/tsp/arm_tsp_setup.c
+++ b/plat/arm/common/tsp/arm_tsp_setup.c
@@ -13,6 +13,9 @@
 #include <common/debug.h>
 #include <drivers/arm/pl011.h>
 #include <drivers/console.h>
+#if TRANSFER_LIST && MEASURED_BOOT
+#include <drivers/measured_boot/event_log/event_log.h>
+#endif
 #include <plat/arm/common/plat_arm.h>
 #include <plat/common/platform.h>
 
@@ -26,13 +29,32 @@
 					BL32_END - BL32_BASE,		\
 					MT_MEMORY | MT_RW | MT_SECURE)
 
+#define MAP_FW_HANDOFF		MAP_REGION_FLAT(			\
+					PLAT_ARM_EL3_FW_HANDOFF_BASE,	\
+					PLAT_ARM_FW_HANDOFF_SIZE,	\
+					MT_MEMORY | MT_RO | MT_SECURE)
+
+struct transfer_list_header *secure_tl __unused;
+
 /*******************************************************************************
  * Initialize the UART
  ******************************************************************************/
 static console_t arm_tsp_runtime_console;
 
-void arm_tsp_early_platform_setup(void)
+void arm_tsp_early_platform_setup(u_register_t arg0, u_register_t arg1,
+			      u_register_t arg2, u_register_t arg3)
 {
+#if TRANSFER_LIST
+	secure_tl = (struct transfer_list_header *)arg3;
+	assert(secure_tl != NULL);
+
+	if (transfer_list_check_header(secure_tl) == TL_OPS_NON) {
+		ERROR("Invalid transfer list received");
+		transfer_list_dump(secure_tl);
+		panic();
+	}
+#endif
+
 	/*
 	 * Initialize a different console than already in use to display
 	 * messages from TSP
@@ -41,16 +63,18 @@
 					PLAT_ARM_TSP_UART_CLK_IN_HZ,
 					ARM_CONSOLE_BAUDRATE,
 					&arm_tsp_runtime_console);
-	if (rc == 0)
+	if (rc == 0) {
 		panic();
+	}
 
 	console_set_scope(&arm_tsp_runtime_console,
 			  CONSOLE_FLAG_BOOT | CONSOLE_FLAG_RUNTIME);
 }
 
-void tsp_early_platform_setup(void)
+void tsp_early_platform_setup(u_register_t arg0, u_register_t arg1,
+			      u_register_t arg2, u_register_t arg3)
 {
-	arm_tsp_early_platform_setup();
+	arm_tsp_early_platform_setup(arg0, arg1, arg2, arg3);
 }
 
 /*******************************************************************************
@@ -58,6 +82,8 @@
  ******************************************************************************/
 void tsp_platform_setup(void)
 {
+	struct transfer_list_entry *te __unused;
+
 	/*
 	 * On GICv2 the driver must be initialised before calling the plat_ic_*
 	 * functions as they need the data structures. Higher versions don't.
@@ -65,6 +91,17 @@
 #if USE_GIC_DRIVER == 2
 	gic_init(plat_my_core_pos());
 #endif
+
+#if TRANSFER_LIST && MEASURED_BOOT
+	te = transfer_list_find(secure_tl, TL_TAG_TPM_EVLOG);
+	assert(te != NULL);
+
+	/*
+	 * Note the actual log is offset 4-bytes from the start of entry data, the
+	 * first bytes are reserved.
+	 */
+	event_log_dump(transfer_list_entry_data(te) + U(4), te->data_size - U(4));
+#endif
 }
 
 /*******************************************************************************
@@ -81,6 +118,9 @@
 	const mmap_region_t bl_regions[] = {
 		MAP_BL_TSP_TOTAL,
 		ARM_MAP_BL_RO,
+#if TRANSFER_LIST
+		MAP_FW_HANDOFF,
+#endif
 		{0}
 	};
 
diff --git a/plat/mediatek/build_helpers/options.mk b/plat/mediatek/build_helpers/options.mk
index 75cc80a..c55f50e 100644
--- a/plat/mediatek/build_helpers/options.mk
+++ b/plat/mediatek/build_helpers/options.mk
@@ -1,27 +1,30 @@
 #
-# Copyright (c) 2022-2023, MediaTek Inc. All rights reserved.
+# Copyright (c) 2022-2025, MediaTek Inc. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
 
 # call add_defined_option to evaluate MTK defined value
-$(eval $(call add_defined_option,MTK_SIP_KERNEL_BOOT_ENABLE))
-$(eval $(call add_defined_option,PLAT_EXTRA_RODATA_INCLUDES))
-$(eval $(call add_defined_option,MTK_EXTRA_LINKERFILE))
-$(eval $(call add_defined_option,MTK_BL31_AS_BL2))
-$(eval $(call add_defined_option,MTK_BL33_IS_64BIT))
-$(eval $(call add_defined_option,PLAT_XLAT_TABLES_DYNAMIC))
-$(eval $(call add_defined_option,MTK_ADAPTED))
-$(eval $(call add_defined_option,MTK_PUBEVENT_ENABLE))
-$(eval $(call add_defined_option,MTK_SOC))
-$(eval $(call add_defined_option,UART_CLOCK))
-$(eval $(call add_defined_option,UART_BAUDRATE))
-$(eval $(call add_defined_option,CONFIG_MTK_MCUSYS))
-$(eval $(call add_defined_option,CONFIG_MTK_PM_SUPPORT))
-$(eval $(call add_defined_option,CONFIG_MTK_CPU_PM_SUPPORT))
-$(eval $(call add_defined_option,CONFIG_MTK_SMP_EN))
-$(eval $(call add_defined_option,CONFIG_MTK_CPU_SUSPEND_EN))
-$(eval $(call add_defined_option,CONFIG_MTK_PM_ARCH))
-$(eval $(call add_defined_option,CONFIG_MTK_CPU_PM_ARCH))
-$(eval $(call add_defined_option,CONFIG_MTK_SUPPORT_SYSTEM_SUSPEND))
-$(eval $(call add_defined_option,CONFIG_MTK_MTCMOS))
+DEFINED_OPTIONS := \
+	CONFIG_MTK_CPU_PM_ARCH \
+	CONFIG_MTK_CPU_PM_SUPPORT \
+	CONFIG_MTK_CPU_SUSPEND_EN \
+	CONFIG_MTK_MCUSYS \
+	CONFIG_MTK_MTCMOS \
+	CONFIG_MTK_PM_ARCH \
+	CONFIG_MTK_PM_SUPPORT \
+	CONFIG_MTK_SMP_EN \
+	CONFIG_MTK_SUPPORT_SYSTEM_SUSPEND \
+	MTK_ADAPTED \
+	MTK_BL31_AS_BL2 \
+	MTK_BL33_IS_64BIT \
+	MTK_EXTRA_LINKERFILE \
+	MTK_PUBEVENT_ENABLE \
+	MTK_SIP_KERNEL_BOOT_ENABLE \
+	MTK_SOC \
+	PLAT_EXTRA_RODATA_INCLUDES \
+	PLAT_XLAT_TABLES_DYNAMIC \
+	UART_BAUDRATE \
+	UART_CLOCK
+
+$(foreach opt, $(DEFINED_OPTIONS),$(eval $(call add_defined_option,$(opt))))
diff --git a/plat/qti/msm8916/tsp/msm8916_tsp_setup.c b/plat/qti/msm8916/tsp/msm8916_tsp_setup.c
index 218af57..88d3c93 100644
--- a/plat/qti/msm8916/tsp/msm8916_tsp_setup.c
+++ b/plat/qti/msm8916/tsp/msm8916_tsp_setup.c
@@ -1,5 +1,6 @@
 /*
  * Copyright (c) 2023, Stephan Gerhold <stephan@gerhold.net>
+ * Copyright (c) 2025, Arm Limited. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -10,7 +11,8 @@
 #include "../msm8916_setup.h"
 #include <platform_def.h>
 
-void tsp_early_platform_setup(void)
+void tsp_early_platform_setup(u_register_t arg0, u_register_t arg1,
+			      u_register_t arg2, u_register_t arg3)
 {
 	msm8916_early_platform_setup();
 }
diff --git a/plat/socionext/uniphier/tsp/uniphier_tsp_setup.c b/plat/socionext/uniphier/tsp/uniphier_tsp_setup.c
index 4bbb259..31583b5 100644
--- a/plat/socionext/uniphier/tsp/uniphier_tsp_setup.c
+++ b/plat/socionext/uniphier/tsp/uniphier_tsp_setup.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017-2020, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2025, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -15,7 +15,8 @@
 
 static unsigned int uniphier_soc = UNIPHIER_SOC_UNKNOWN;
 
-void tsp_early_platform_setup(void)
+void tsp_early_platform_setup(u_register_t arg0, u_register_t arg1,
+			      u_register_t arg2, u_register_t arg3)
 {
 	uniphier_soc = uniphier_get_soc_id();
 	if (uniphier_soc == UNIPHIER_SOC_UNKNOWN)
diff --git a/plat/xilinx/common/pm_service/pm_ipi.c b/plat/xilinx/common/pm_service/pm_ipi.c
index 610acc7..7a3e72f 100644
--- a/plat/xilinx/common/pm_service/pm_ipi.c
+++ b/plat/xilinx/common/pm_service/pm_ipi.c
@@ -27,7 +27,7 @@
  * power down. Therefore, there is no doubt to use the spin_lock here.
  */
 #if !HW_ASSISTED_COHERENCY
-DEFINE_BAKERY_LOCK(pm_secure_lock);
+static DEFINE_BAKERY_LOCK(pm_secure_lock);
 static inline void pm_ipi_lock_get(void)
 {
 	bakery_lock_get(&pm_secure_lock);
diff --git a/plat/xilinx/common/tsp/tsp_plat_setup.c b/plat/xilinx/common/tsp/tsp_plat_setup.c
index 21c29c3..5df4b6e 100644
--- a/plat/xilinx/common/tsp/tsp_plat_setup.c
+++ b/plat/xilinx/common/tsp/tsp_plat_setup.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2014-2019, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2025, Arm Limited and Contributors. All rights reserved.
  * Copyright (c) 2023, Advanced Micro Devices. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
@@ -17,7 +17,8 @@
 /*******************************************************************************
  * Initialize the UART
  ******************************************************************************/
-void tsp_early_platform_setup(void)
+void tsp_early_platform_setup(u_register_t arg0, u_register_t arg1,
+			      u_register_t arg2, u_register_t arg3)
 {
 	/*
 	 * Register a different console than already in use to display
diff --git a/plat/xilinx/versal/pm_service/pm_client.c b/plat/xilinx/versal/pm_service/pm_client.c
index de2cac8..77e3fb0 100644
--- a/plat/xilinx/versal/pm_service/pm_client.c
+++ b/plat/xilinx/versal/pm_service/pm_client.c
@@ -1,6 +1,6 @@
 /*
  * Copyright (c) 2019-2022, Xilinx, Inc. All rights reserved.
- * Copyright (c) 2022-2024, Advanced Micro Devices, Inc. All rights reserved.
+ * Copyright (c) 2022-2025, Advanced Micro Devices, Inc. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -28,7 +28,7 @@
 
 #define UNDEFINED_CPUID		(~0U)
 
-DEFINE_BAKERY_LOCK(pm_client_secure_lock);
+static DEFINE_BAKERY_LOCK(pm_client_secure_lock);
 
 static const struct pm_ipi apu_ipi = {
 	.local_ipi_id = IPI_LOCAL_ID,
diff --git a/plat/xilinx/versal_net/bl31_versal_net_setup.c b/plat/xilinx/versal_net/bl31_versal_net_setup.c
index d131a92..2308a75 100644
--- a/plat/xilinx/versal_net/bl31_versal_net_setup.c
+++ b/plat/xilinx/versal_net/bl31_versal_net_setup.c
@@ -1,7 +1,7 @@
 /*
  * Copyright (c) 2018-2024, Arm Limited and Contributors. All rights reserved.
  * Copyright (c) 2018-2022, Xilinx, Inc. All rights reserved.
- * Copyright (c) 2022-2023, Advanced Micro Devices, Inc. All rights reserved.
+ * Copyright (c) 2022-2025, Advanced Micro Devices, Inc. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -203,14 +203,28 @@
 	return ret;
 }
 
+#if SDEI_SUPPORT
+static int rdo_el3_interrupt_handler(uint32_t id, uint32_t flags,
+				     void *handle, void *cookie)
+#else
 static uint64_t rdo_el3_interrupt_handler(uint32_t id, uint32_t flags,
 					  void *handle, void *cookie)
+#endif
 {
 	uint32_t intr_id;
 	uint32_t i;
 	interrupt_type_handler_t handler = NULL;
 
+#if SDEI_SUPPORT
+	/* when SDEI_SUPPORT is enabled, ehf_el3_interrupt_handler
+	 * reads the interrupt id prior to calling the
+	 * rdo_el3_interrupt_handler and passes that id to the
+	 * handler.
+	 */
+	intr_id = id;
+#else
 	intr_id = plat_ic_get_pending_interrupt_id();
+#endif
 
 	for (i = 0; i < MAX_INTR_EL3; i++) {
 		if (intr_id == type_el3_interrupt_table[i].id) {
@@ -236,6 +250,7 @@
 
 void bl31_plat_runtime_setup(void)
 {
+#if !SDEI_SUPPORT
 	uint64_t flags = 0;
 	int32_t rc;
 
@@ -245,6 +260,9 @@
 	if (rc != 0) {
 		panic();
 	}
+#else
+	ehf_register_priority_handler(PLAT_IPI_PRI, rdo_el3_interrupt_handler);
+#endif
 }
 
 /*
diff --git a/plat/xilinx/versal_net/include/platform_def.h b/plat/xilinx/versal_net/include/platform_def.h
index ae49450..461fda8 100644
--- a/plat/xilinx/versal_net/include/platform_def.h
+++ b/plat/xilinx/versal_net/include/platform_def.h
@@ -1,7 +1,7 @@
 /*
  * Copyright (c) 2018-2020, Arm Limited and Contributors. All rights reserved.
  * Copyright (c) 2021-2022, Xilinx, Inc. All rights reserved.
- * Copyright (c) 2022-2023, Advanced Micro Devices, Inc. All rights reserved.
+ * Copyright (c) 2022-2025, Advanced Micro Devices, Inc. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -10,6 +10,7 @@
 #define PLATFORM_DEF_H
 
 #include <arch.h>
+#include <drivers/arm/gic_common.h>
 #include <plat_common.h>
 #include "versal_net_def.h"
 
@@ -119,6 +120,24 @@
 #define PLAT_ARM_GICD_BASE	U(0xE2000000)
 #define PLAT_ARM_GICR_BASE	U(0xE2060000)
 
+/* interrupt priorities when SDEI is enabled:
+ * RAS in future is planned to have highest priority (lower value 0x10)
+ * followed by IPI and SDEI exceptions in a step of 0x10.
+ */
+
+#if SDEI_SUPPORT
+#define VERSAL_NET_SDEI_SGI_PRIVATE     U(8)
+#define PLAT_SDEI_CRITICAL_PRI		0x30
+#define PLAT_SDEI_NORMAL_PRI		0x40
+#define PLAT_PRI_BITS			U(3)
+#define PLAT_IPI_PRI			0x20
+
+#define PLAT_EHF_DESC	EHF_PRI_DESC(PLAT_PRI_BITS, PLAT_IPI_PRI)
+
+#define VERSAL_NET_SDEI_SH_EVENT_0	U(200)
+#define VERSAL_NET_SDEI_PRV_EV		U(201)
+#endif
+
 /*
  * Define a list of Group 1 Secure and Group 0 interrupts as per GICv3
  * terminology. On a GICv2 system or mode, the lists will be merged and treated
@@ -127,6 +146,19 @@
 #define PLAT_VERSAL_NET_IPI_IRQ	89
 #define PLAT_VERSAL_IPI_IRQ	PLAT_VERSAL_NET_IPI_IRQ
 
+#if SDEI_SUPPORT
+#define PLAT_ARM_G1S_IRQ_PROPS(grp) \
+	INTR_PROP_DESC(VERSAL_NET_IRQ_SEC_PHY_TIMER, PLAT_IPI_PRI, grp, \
+			GIC_INTR_CFG_LEVEL)
+
+#define PLAT_ARM_G0_IRQ_PROPS(grp) \
+	INTR_PROP_DESC(PLAT_VERSAL_IPI_IRQ, PLAT_IPI_PRI, grp, \
+			GIC_INTR_CFG_EDGE), \
+	INTR_PROP_DESC(CPU_PWR_DOWN_REQ_INTR, PLAT_IPI_PRI, grp, \
+			GIC_INTR_CFG_EDGE), \
+	INTR_PROP_DESC(VERSAL_NET_SDEI_SGI_PRIVATE, PLAT_SDEI_NORMAL_PRI, grp, \
+			GIC_INTR_CFG_EDGE)
+#else
 #define PLAT_ARM_G1S_IRQ_PROPS(grp) \
 	INTR_PROP_DESC(VERSAL_NET_IRQ_SEC_PHY_TIMER, GIC_HIGHEST_SEC_PRIORITY, grp, \
 			GIC_INTR_CFG_LEVEL)
@@ -136,6 +168,7 @@
 			GIC_INTR_CFG_EDGE), \
 	INTR_PROP_DESC(CPU_PWR_DOWN_REQ_INTR, GIC_HIGHEST_SEC_PRIORITY, grp, \
 			GIC_INTR_CFG_EDGE)
+#endif
 
 #define IRQ_MAX		200U
 
diff --git a/plat/xilinx/versal_net/platform.mk b/plat/xilinx/versal_net/platform.mk
index eda3e36..5e8f2b4 100644
--- a/plat/xilinx/versal_net/platform.mk
+++ b/plat/xilinx/versal_net/platform.mk
@@ -145,3 +145,10 @@
 				${LIBFDT_SRCS}					\
 				${PLAT_PATH}/sip_svc_setup.c			\
 				${XLAT_TABLES_LIB_SRCS}
+
+SDEI_SUPPORT := 0
+EL3_EXCEPTION_HANDLING := $(SDEI_SUPPORT)
+ifeq (${SDEI_SUPPORT},1)
+BL31_SOURCES		+=	plat/common/aarch64/plat_ehf.c          \
+				plat/xilinx/versal_net/versal_net_sdei.c
+endif
diff --git a/plat/xilinx/versal_net/versal_net_sdei.c b/plat/xilinx/versal_net/versal_net_sdei.c
new file mode 100644
index 0000000..e42c066
--- /dev/null
+++ b/plat/xilinx/versal_net/versal_net_sdei.c
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2025, Advanced Micro Devices, Inc. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+#include <bl31/ehf.h>
+#include <common/debug.h>
+#include <plat/common/platform.h>
+#include <services/sdei.h>
+
+#include <platform_def.h>
+
+int arm_validate_ns_entrypoint(uintptr_t entrypoint)
+{
+	int ret;
+	uintptr_t base = BL31_BASE;
+	uintptr_t limit = BL31_LIMIT;
+
+	ret = ((entrypoint < base) || (entrypoint > limit)) ? 0 : -1;
+	return ret;
+}
+
+/* Private event mappings */
+static sdei_ev_map_t versal_net_sdei_private[] = {
+	SDEI_DEFINE_EVENT_0(VERSAL_NET_SDEI_SGI_PRIVATE),
+	SDEI_PRIVATE_EVENT(VERSAL_NET_SDEI_PRV_EV, SDEI_DYN_IRQ, SDEI_MAPF_DYNAMIC),
+};
+
+/* Shared event mappings */
+static sdei_ev_map_t versal_net_sdei_shared[] = {
+	SDEI_SHARED_EVENT(VERSAL_NET_SDEI_SH_EVENT_0, SDEI_DYN_IRQ, SDEI_MAPF_DYNAMIC),
+};
+
+void plat_sdei_setup(void)
+{
+	INFO("SDEI platform setup\n");
+}
+
+/* Export ARM SDEI events */
+REGISTER_SDEI_MAP(versal_net_sdei_private, versal_net_sdei_shared);