diff --git a/build/signtools/manifest.py b/build/signtools/manifest.py
index 12055df3bd36c770dea481a3ca09cc1776a75a38..fba929dae2f3b8a45df6e9622da1de80c3a587c8 100755
--- a/build/signtools/manifest.py
+++ b/build/signtools/manifest.py
@@ -181,6 +181,7 @@ def update_target_type(target_info):
     max_service_len = 36
     if dyn_conf_target_type == 1:
         target_type = PRODUCT_DRIVER_IMAGE
+        max_service_len = 31
     if dyn_conf_target_type == 3:
         target_type = PRODUCT_SERVICE_IMAGE
     if dyn_conf_target_type == 4:
@@ -195,6 +196,10 @@ def update_target_type(target_info):
     if not re.match(r"^[A-Za-z0-9_-]*$", service_name):
         logging.error("service name only can use [A-Z] [a-z] [0-9] '-' and '_'")
         return (False, 0)
+    if dyn_conf_target_type == 1:
+        if not re.match(r"^[A-Za-z0-9_]*$", service_name):
+            logging.error("driver service name only can use [A-Z] [a-z] [0-9] and _")
+            return (False, 0)
 
     if service_name_len > max_service_len:
         logging.error("service name len cannot larger than %s", str(max_service_len))
diff --git a/build/tools/docker_config_tools/gen_config.py b/build/tools/docker_config_tools/gen_config.py
index 6d66dc4873c0e800fb321d0aea8dbf12ceff597a..5e9425d71e6ed344cbfc42e2536754487a674441 100644
--- a/build/tools/docker_config_tools/gen_config.py
+++ b/build/tools/docker_config_tools/gen_config.py
@@ -46,9 +46,9 @@ def main():
         content["prestart"][0]["args"] = start_args
         content["poststop"][0]["args"] = stop_args
 
-        flags = os.O_RDWR | os.CREAT
+        flags = os.O_RDWR | os.O_CREAT
         modes = stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH
-        with os.fdopen(op.open(file_name, flags, modes), 'w+') as json_file:
+        with os.fdopen(os.open(file_name, flags, modes), 'w+') as json_file:
             json.dump(content, json_file, indent=4)
 
 if __name__ == '__main__':
diff --git a/include/TA/huawei_ext/tee_ext_api.h b/include/TA/huawei_ext/tee_ext_api.h
index f468f9a6bf87d865f4a936901fc469545bad5788..03d21b8ba4cfb4aa7bc6a62f91d0d04f7c361b1b 100644
--- a/include/TA/huawei_ext/tee_ext_api.h
+++ b/include/TA/huawei_ext/tee_ext_api.h
@@ -175,6 +175,24 @@ TEE_Result TEE_EXT_CheckClientPerm(uint32_t param_types, const TEE_Param params[
  */
 TEE_Result tee_ext_derive_ta_platfrom_keys(TEE_ObjectHandle object, uint32_t key_size, const TEE_Attribute *params,
     uint32_t param_count, const uint8_t *exinfo, uint32_t exinfo_size);
+
+struct accel_memref_t {
+    uint64_t buffer;
+    uint32_t size;
+};
+
+/*
+* enable crypto accelerator
+* @param op           [IN] target operation to be accelerated
+* @param length       [IN] lenght of in/out buffer
+* @param memrefs      [IN] in/out buffers
+* @param memref_num   [OUT] num of in/out buffers
+*
+* @return -1 means failed to enable accelerate
+*/
+int32_t tee_enable_crypto_accelerator(TEE_OperationHandle op,
+    size_t length, struct accel_memref_t *memrefs, int *memref_num);
+
 #ifdef __cplusplus
 #if __cplusplus
 }
diff --git a/include/TA/tee_defines.h b/include/TA/tee_defines.h
index 36ff389a6ed02b28b5364225b6a833aac59bc8af..f7c1e099e2ecab99f3fcebf9c4607ea1e8a7bfbb 100755
--- a/include/TA/tee_defines.h
+++ b/include/TA/tee_defines.h
@@ -200,7 +200,7 @@ enum TEE_ObjectType {
     TEE_TYPE_CORRUPTED_OBJECT = 0xA00000BE,
 };
 
-#define OBJECT_NAME_LEN_MAX 255
+#define OBJECT_NAME_LEN_MAX 256
 
 struct __TEE_ObjectHandle {
     void *dataPtr;
@@ -325,12 +325,18 @@ enum TEE_Result_Value {
     TEE_ERROR_ROTSRV_NOT_AVAILABLE          = 0xFFFF711B, /* ROT service is not available                           */
     TEE_ERROR_ARTSRV_NOT_AVAILABLE          = 0xFFFF711C, /* ART service is not available                           */
     TEE_ERROR_HSMSRV_NOT_AVAILABLE          = 0xFFFF711D, /* HSM service is not available                           */
+    TEE_ERROR_VRPMB_AGENT_FAIL              = 0xFFFF7200, /* REE vrpmb agent check magic failed, maybe cache fail   */
+    TEE_ERROR_VRPMB_RW_FAIL                 = 0xFFFF7201, /* REE ssd friver rw failed                               */
+    TEE_ERROR_VRPMB_SUPER_MAC_FAILED        = 0xFFFF7202, /* vrpmb check super block mac failed                     */
+    TEE_ERROR_VRPMB_WRITE_REJECT            = 0xFFFF7203, /* reject write to vrpmb                                  */
     TEE_ERROR_ANTIROOT_RSP_FAIL             = 0xFFFF9110, /* AntiRoot Response verify failed                        */
     TEE_ERROR_ANTIROOT_INVOKE_ERROR         = 0xFFFF9111, /* AntiRoot ERROR during invokecmd                        */
     TEE_ERROR_AUDIT_FAIL                    = 0xFFFF9112, /* audit failed                                           */
     TEE_FAIL2                               = 0xFFFF9113, /* unused                                                 */
     TEE_ERROR_IPC_OVERFLOW                  = 0xFFFF9114, /* IPC Channel overflow error                             */
     TEE_ERROR_APM                           = 0xFFFF9115, /* APM error                                              */
+    TEE_ERROR_CA_AUTHFILE_NOT_EXIST         = 0xFFFF9116, /* CA auth file not exist                                 */
+    TEE_ERROR_CA_CALLER_ACCESS_DENIED       = 0xFFFF9117, /* ca caller access is denied                             */
 };
 
 /*
diff --git a/include/TA/tee_trusted_storage_api.h b/include/TA/tee_trusted_storage_api.h
index 680ea332bdd1046c7ab1ef35b3ef09ffc08a399c..dff0ac9a242232f34da6aa5f49b41b24e4d53398 100644
--- a/include/TA/tee_trusted_storage_api.h
+++ b/include/TA/tee_trusted_storage_api.h
@@ -98,6 +98,8 @@ enum Data_Flag_Constants {
     TEE_DATA_FLAG_AES256 =  0x10000000,
     /* If bit29 is set to 1, it means that the lower version will be opened first */
     TEE_DATA_FLAG_OPEN_AESC = 0x20000000,
+    /* If bit30 is set to 1, it means use GM algorithm to protect data */
+    TEE_DATA_FLAG_GM = 0x40000000,
 };
 
 /*
diff --git a/test/TA/helloworld/ta_demo.c b/test/TA/helloworld/ta_demo.c
index 5c1f6b66779a7ee40566675168aa6a2c4ec7e222..72f267e1cd84c3391411fd01740333b2d82baa26 100755
--- a/test/TA/helloworld/ta_demo.c
+++ b/test/TA/helloworld/ta_demo.c
@@ -42,6 +42,19 @@ static TEE_Result get_ta_version(char* buffer, size_t *buf_len)
     return TEE_SUCCESS;
 }
 
+static TEE_Result add_ta_caller(void)
+{
+    TEE_Result ret = TEE_SUCCESS;
+    ret = addcaller_ca_exec("/vendor/bin/demo_hello", "root");
+    if (ret == TEE_SUCCESS) {
+        tlogd("TA entry point: add ca whitelist success");
+    } else {
+        tloge("TA entry point: add ca whitelist failed");
+        return TEE_ERROR_GENERIC;
+    }
+    return ret;
+}
+
 /**
  * Function TA_CreateEntryPoint
  * Description:
@@ -55,13 +68,9 @@ TEE_Result TA_CreateEntryPoint(void)
     tlogd("----- TA entry point ----- ");
     tlogd("TA version: %s", TA_TEMPLATE_VERSION);
 
-    ret = addcaller_ca_exec("/vendor/bin/demo_hello", "root");
-    if (ret == TEE_SUCCESS) {
-        tlogd("TA entry point: add ca whitelist success");
-    } else {
-        tloge("TA entry point: add ca whitelist failed");
+    ret = add_ta_caller();
+    if (ret != TEE_SUCCESS)
         return TEE_ERROR_GENERIC;
-    }
 
     return TEE_SUCCESS;
 }