diff --git a/Makefile b/Makefile
index 19798ed7697737041e507c132d982605ec9948a5..c97ae70d646188ae51b1e0ce63563d8f1cf65df2 100644
--- a/Makefile
+++ b/Makefile
@@ -23,7 +23,8 @@ check:
 	yamllint .
 	shellcheck $$(find -name '*.sh')
 	flake8
-	./parser.py --validate-config --schema schemas/config-schema.yaml
+	./parser.py --validate-config --config EBBR.yaml --schema schemas/config-schema.yaml
+	./parser.py --validate-config --config SIE.yaml --schema schemas/config-schema.yaml
 	./parser.py --validate-config --config sample/sample.yaml --schema schemas/config-schema.yaml
 	./parser.py --validate-seq-db --schema schemas/seq_db-schema.yaml
 
diff --git a/README.md b/README.md
index 00927c6697fd83dc03a9f815ee5becebbddb3820..775182be3adbb58e1920df982c9148b4bd450f22 100644
--- a/README.md
+++ b/README.md
@@ -327,6 +327,26 @@ $ ./parser.py \
       --fields 'count,result,name,comments' --uniq --print ...
 ```
 
+### SIE configuration
+
+The `SIE.yaml` file is the configuration file to use when certifiying for the
+Security Interface Extension. It is meant for [BBSR] testing and can override
+the result of some tests with the following ones:
+
+-------------------------------------------------------------------------------
+                 Result  Description
+-----------------------  ------------------------------------------------------
+              `IGNORED`  False-positive test failure, not mandated by [BBSR]
+                         and too fine-grained to be removed from the `BBSR.seq`
+                         sequence file.
+
+`KNOWN RPMB LIMITATION`  Genuine limitations, we know about them; they are due
+                         to eMMC RPMB limitations and they do not prevent
+                         Secure Boot.
+-------------------------------------------------------------------------------
+
+[BBSR]: https://developer.arm.com/documentation/den0107/b/?lang=en
+
 ### Validating configurations
 
 It is possible to validate the configuration using a schema with:
diff --git a/SIE.yaml b/SIE.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d91506b1861ba3d0ae5a65f08bef7a2b3421531a
--- /dev/null
+++ b/SIE.yaml
@@ -0,0 +1,109 @@
+###############################################################################
+#                         SIE configuration file                              #
+###############################################################################
+
+# Rules defined in this configuration are applied in order to the tests.
+# Only the first matching rule does actually update the test.
+# Criteria fields are matched in a "relaxed" manner (substrings can match).
+# See README.md for details.
+---
+
+###############################################################################
+#                                Ignored                                      #
+###############################################################################
+
+# We force the following dropped or skipped tests result as `IGNORED' because
+# they are run only when some platform features are present, which are not
+# mandated by BBSR.
+
+- rule: Force dropped TPM as ignored
+    BBSR v1.1 does not mandate use of a TPM; the requirements of section 2.4
+    "TPMs and measured boot" must be followed only if a TPM is implemented.
+  criteria:
+    result: DROPPED
+    revision: '0x10000'
+    set guid: 39FF9C71-4B41-4E5B-AED7-87C794187D67
+    sub set: GetCapability_Conf
+  update:
+    result: IGNORED
+
+- rule: Force dropped TPM (2) as ignored
+    BBSR v1.1 does not mandate use of a TPM; the requirements of section 2.4
+    "TPMs and measured boot" must be followed only if a TPM is implemented.
+  criteria:
+    result: DROPPED
+    revision: '0x10000'
+    set guid: 847F1AE0-B429-49F1-9E0C-8F43FB553454
+    sub set: GetActivePcrBanks_Conf
+  update:
+    result: IGNORED
+
+- rule: Force dropped TPM (3) as ignored
+    BBSR v1.1 does not mandate use of a TPM; the requirements of section 2.4
+    "TPMs and measured boot" must be followed only if a TPM is implemented.
+  criteria:
+    result: DROPPED
+    revision: '0x10000'
+    set guid: 907A7878-B294-F147-E90A-6543AB557646
+    sub set: HashLogExtendEvent_Conf
+  update:
+    result: IGNORED
+
+- rule: Force dropped TPM (4) as ignored
+    BBSR v1.1 does not mandate use of a TPM; the requirements of section 2.4
+    "TPMs and measured boot" must be followed only if a TPM is implemented.
+  criteria:
+    result: DROPPED
+    revision: '0x10000'
+    set guid: 9087AD78-9AD2-4172-9ABC-982308F56D26
+    sub set: SubmitCommand_Conf
+  update:
+    result: IGNORED
+
+###############################################################################
+#                          Known RPMB limitations                             #
+###############################################################################
+
+# We force the following tests result as `KNOWN RPMB LIMITATION'. They are
+# genuine limitations, we know about them; they are due to eMMC RPMB limitations
+# and they do not prevent Secure Boot.
+
+- rule: Force BBSR variable size test failure as known RPMB limitation.
+    The SIE ACS checks that MaxVariableStorageSize is larger than 128kb as per
+    rule R040_BBSR of BBSR v1.1.
+    That is typically not the case when using OP-TEE's secure storage on eMMC
+    RPMB.
+  criteria:
+    descr: BBSR Variable Size Test
+    device path: No device path
+    group: RuntimeServicesTest
+    guid: B6DC17CA-71E1-4BD5-9E76-F9A0847D9AE4
+    log: BBSRVariableSizeBBTestFunction.c
+    name: RT.SecurityVariableSizeTest - BBSR Variable Size test
+    result: FAILURE
+    revision: '0x00010000'
+    set guid: 19A9EDCF-EEB9-43E4-86A0-F28734FED429
+    sub set: BBSRVariableSizeTest_func
+    test set: BBSRVariableSizeTest
+  update:
+    result: KNOWN RPMB LIMITATION
+
+- rule: Force BBSR variable size test failure (2) as known RPMB limitation.
+    The SIE ACS checks that MaxVariableSize is larger than 64kb as per rule
+    R050_BBSR of BBSR v1.1.
+    That is typically not the case when using OP-TEE's secure storage on eMMC
+    RPMB.
+  criteria:
+    descr: BBSR Variable Size Test
+    device path: No device path
+    group: RuntimeServicesTest
+    guid: 9B37033F-53AF-4097-AAE3-73FD28D267D5
+    log: BBSRVariableSizeBBTestFunction.c
+    name: RT.SecurityVariableSizeTest - BBSR Variable Size test
+    result: FAILURE
+    revision: '0x00010000'
+    set guid: 19A9EDCF-EEB9-43E4-86A0-F28734FED429
+    sub set: BBSRVariableSizeTest_func
+    test set: BBSRVariableSizeTest
+  update:
+    result: KNOWN RPMB LIMITATION
diff --git a/schemas/config-schema.yaml b/schemas/config-schema.yaml
index b83c4e90cf7d10c309356d7d9a4fa8f925762e7a..7b7b97c068f7c22e36677f350bd635136e1d14d4 100644
--- a/schemas/config-schema.yaml
+++ b/schemas/config-schema.yaml
@@ -26,6 +26,7 @@ items:
             properties:
                 descr:
                     enum:
+                        - BBSR Variable Size Test
                         - Device Path Protocol Test
                         - Device Path Utilities Protocol Test
                         - Event, Timer, and Task Priority Services Test
@@ -92,6 +93,7 @@ items:
                         - AppendDevicePath_Functionality
                         - AuthVar_Conf
                         - AuthVar_Func
+                        - BBSRVariableSizeTest_func
                         - BootExcLevel
                         - CalculateCrc32_Conf
                         - CalculateCrc32_Func
@@ -127,6 +129,8 @@ items:
                         - Flush_Func
                         - FreePages_Conf
                         - FreePages_Func
+                        - GetActivePcrBanks_Conf
+                        - GetCapability_Conf
                         - GetDevicePathSize_Conformance
                         - GetDevicePathSize_Functionality
                         - GetInfo_Conf
@@ -155,6 +159,7 @@ items:
                         - HandleProtocol_Func
                         - HardwareErrorRecord_Conf
                         - HardwareErrorRecord_Func
+                        - HashLogExtendEvent_Conf
                         - Initialize_Conf
                         - Initialize_Func
                         - InstallConfigurationTable_Conf
@@ -261,6 +266,7 @@ items:
                         - Statistics_Func
                         - Stop_Conf
                         - Stop_Func
+                        - SubmitCommand_Conf
                         - TestEfiSpecVerLvl
                         - TestString_Func
                         - Transmit_Conf
@@ -280,6 +286,7 @@ items:
                         - Write_Func
                 test set:
                     enum:
+                        - BBSRVariableSizeTest
                         - DevicePathProcotolTest
                         - DevicePathUtilitiesProcotolTest
                         - EFICompliantTest
@@ -324,6 +331,7 @@ items:
                         - FAILURE
                         - IGNORED
                         - KNOWN ACS LIMITATION
+                        - KNOWN RPMB LIMITATION
                         - KNOWN U-BOOT LIMITATION
                         - SKIPPED
                         - WARNING
diff --git a/schemas/seq_db-schema.yaml b/schemas/seq_db-schema.yaml
index 3a943cd208ba6290e2f9bcfe358a16f28308dec3..f342e4ddee0ce16db1559f4fd4e295e816d6f63c 100644
--- a/schemas/seq_db-schema.yaml
+++ b/schemas/seq_db-schema.yaml
@@ -24,6 +24,7 @@ properties:
                 config:
                     enum:
                         - EBBR.yaml
+                        - SIE.yaml
             required:
                 - sha256
                 - name
diff --git a/seq_db.yaml b/seq_db.yaml
index baaa27b4ff97b461ff6501b07c46038d50fe9831..7d8d86dcf7244f2fe839295e0d41784d21bc442b 100644
--- a/seq_db.yaml
+++ b/seq_db.yaml
@@ -26,4 +26,4 @@ seq_files:
       config: EBBR.yaml
     - sha256: 7cb231d17fa9f580e75fee01c0295c9bd800fa6ba27501c7a1b941cbbdeaebfb
       name: Security interface extension ACS v21.10_SIE_REL1.0 BBSR.seq
-      config: EBBR.yaml
+      config: SIE.yaml