diff --git a/config/buildroot.config b/config/buildroot.config
index daab55980434e7918e720a4dfcf2ae0038eb8822..63e838c6ab6deef0a4a1ab077cd2e6af8cec7a2d 100644
--- a/config/buildroot.config
+++ b/config/buildroot.config
@@ -6,8 +6,12 @@ BR2_GCC_ENABLE_OPENMP=y
 BR2_SYSTEM_BIN_SH_BASH=y
 BR2_PACKAGE_BUSYBOX_SHOW_OTHERS=y
 BR2_PACKAGE_ZLIB=y
+BR2_PACKAGE_OPTEE_EXAMPLES=y
+BR2_PACKAGE_OPTEE_TEST=y
 # BR2_PACKAGE_URANDOM_SCRIPTS is not set
 BR2_TARGET_ROOTFS_CPIO=y
 BR2_TARGET_ROOTFS_EXT2=y
 BR2_TARGET_ROOTFS_EXT2_4=y
 # BR2_TARGET_ROOTFS_TAR is not set
+BR2_TARGET_OPTEE_OS=y
+BR2_TARGET_OPTEE_OS_PLATFORM="vexpress-fvp"
diff --git a/config/ffa-hafnium-optee.yaml b/config/ffa-hafnium-optee.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..30627b1f82673e2bb416da8b64a6cadbce9d7ef8
--- /dev/null
+++ b/config/ffa-hafnium-optee.yaml
@@ -0,0 +1,52 @@
+# Copyright (c) 2023, Arm Limited.
+# SPDX-License-Identifier: MIT
+
+%YAML 1.2
+---
+description: >-
+  Brings together a software stack to demonstrate Arm FF-A running on FVP.
+  Includes TF-A in secure EL3 running SPMD(Secure Partition Manager
+  Dispatcher), Hafnium as secure Hypervisor at secure EL2 running SPMC
+  (Secure Partition Manager Core) and OPTEE as a secure partition/VM
+  in secure EL1 and Linux in Normal world.
+
+concrete: true
+
+layers:
+  - ns-edk2.yaml
+  - hafnium-base.yaml
+  - optee-base.yaml
+  - arch/v8.5.yaml
+
+build:
+  optee:
+    params:
+      CFG_CORE_SEL2_SPMC: y
+      CFG_CORE_ASYNC_NOTIF: y
+      CFG_CORE_HAFNIUM_INTC: y
+      CFG_ARM_GICV3: n
+      CFG_CORE_WORKAROUND_NSITR_CACHE_PRIME: n
+
+  tfa:
+    repo:
+      # Temporary until we move tfa-base.yaml to release version with this
+      revision: a169b8fbc2b184f2a38e7c6ee29371407b15c634
+    prebuild:
+    - cat <<EOF > ${param:builddir}/sp_layout.json
+    - "{"
+    -   "\"op-tee\" : {"
+    -     "\"image\" : \"${artifact:OPTEE_PAGER_BIN}\","
+    -     "\"pm\" : \"${param:sourcedir}/plat/arm/board/fvp/fdts/optee_sp_manifest.dts\""
+    -   "}"
+    - "}"
+    - EOF
+    params:
+      # This DEPENDS_ON_PARAM is not used by TF-A but just to ensure OPTEE is
+      # built before TF-A though it is not used by TF-A directly but
+      # indirectly via SP_LAYOUT_FILE
+      DEPENDS_ON_PARAM: ${artifact:OPTEE_PAGER_BIN}
+      ARM_SPMC_MANIFEST_DTS: ${param:sourcedir}/plat/arm/board/fvp/fdts/fvp_spmc_optee_sp_manifest.dts
+      SP_LAYOUT_FILE: ${param:builddir}/sp_layout.json
+      BL32: ${artifact:HAFNIUM}
+      SPMD_SPM_AT_SEL2: 1
+      SPD: spmd
diff --git a/config/ffa-optee.yaml b/config/ffa-optee.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..9f89e606aa315d30dfe7c44d76446adc3d7f29e6
--- /dev/null
+++ b/config/ffa-optee.yaml
@@ -0,0 +1,33 @@
+# Copyright (c) 2023, Arm Limited.
+# SPDX-License-Identifier: MIT
+
+%YAML 1.2
+---
+description: >-
+  Brings together a software stack to demonstrate Arm FF-A running on FVP.
+  Includes TF-A in secure EL3 running SPMD(Secure Partition Manager
+  Dispatcher), with secure EL2 disabled and SPMC(Secure Partition Manager
+  Core) inside OPTEE at secure EL1 and Linux in Normal world.
+
+concrete: true
+
+layers:
+  - ns-edk2.yaml
+  - optee-base.yaml
+
+build:
+  optee:
+    params:
+      CFG_CORE_SEL1_SPMC: y
+      CFG_CORE_ASYNC_NOTIF: y
+
+  tfa:
+    repo:
+      # Temporary until we move tfa-base.yaml to release version with this
+      revision: a169b8fbc2b184f2a38e7c6ee29371407b15c634
+    params:
+      ARM_SPMC_MANIFEST_DTS: ${param:sourcedir}/plat/arm/board/fvp/fdts/fvp_spmc_el1_optee_manifest.dts
+      BL32: ${artifact:OPTEE_PAGER_BIN}
+      SPMD_SPM_AT_SEL2: 0
+      SPMC_OPTEE: 1
+      SPD: spmd
diff --git a/config/optee-base.yaml b/config/optee-base.yaml
index e01d97c189fdab382778121a80838c401a40052e..364cfb2b2bab4a2899c6f77a223dd3db80b761ca 100644
--- a/config/optee-base.yaml
+++ b/config/optee-base.yaml
@@ -10,7 +10,7 @@ build:
   optee:
     repo:
       remote: https://github.com/OP-TEE/optee_os.git
-      revision: 4.2.0
+      revision: 4.3.0
 
     toolchain: aarch64-linux-gnu-
 
diff --git a/test/test.py b/test/test.py
index 6bf64c944391eb81da17d74384b9f17f07573b70..e0b945b36d3e14fbcc40bd44e625b27aee9f3bff 100755
--- a/test/test.py
+++ b/test/test.py
@@ -57,6 +57,32 @@ CONFIGS = [
 		},
 		'arch': {'start': 'v8.0', 'end': ARCH_LATEST},
 	},
+	{
+		'config': 'ffa-optee.yaml',
+		'btvars': {},
+		'rtvars': {
+			'dt': {'KERNEL': KERNEL, 'ROOTFS': ROOTFS},
+			'acpi': {
+				'KERNEL': KERNEL,
+				'ROOTFS': ROOTFS,
+				'CMDLINE': '\"console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=dhcp acpi=force\"'
+			},
+		},
+		'arch': {'start': 'v8.0', 'end': ARCH_LATEST},
+	},
+	{
+		'config': 'ffa-hafnium-optee.yaml',
+		'btvars': {},
+		'rtvars': {
+			'dt': {'KERNEL': KERNEL, 'ROOTFS': ROOTFS},
+			'acpi': {
+				'KERNEL': KERNEL,
+				'ROOTFS': ROOTFS,
+				'CMDLINE': '\"console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=dhcp acpi=force\"'
+			},
+		},
+		'arch': {'start': 'v8.5', 'end': ARCH_LATEST},
+	},
 	{
 		'config': 'ffa-tftf.yaml',
 		'btvars': {},
@@ -68,7 +94,7 @@ CONFIGS = [
 				'CMDLINE': '\"console=ttyAMA0 earlycon=pl011,0x1c090000 root=/dev/vda ip=dhcp acpi=force\"'
 			},
 		},
-		'arch': {'start': 'v8.5', 'end': 'v8.7'}, # BL2 freezes from v8.8. Haven't traced root cause yet.
+		'arch': {'start': 'v8.5', 'end': ARCH_LATEST},
 	},
 	{
 		'config': 'bootwrapper.yaml',