diff --git a/plat/intel/soc/common/include/socfpga_fcs.h b/plat/intel/soc/common/include/socfpga_fcs.h
index 37456bc45..893551de3 100644
--- a/plat/intel/soc/common/include/socfpga_fcs.h
+++ b/plat/intel/soc/common/include/socfpga_fcs.h
@@ -231,18 +231,19 @@ int intel_fcs_get_crypto_service_key_info(uint32_t session_id, uint32_t key_id,
 int intel_fcs_get_digest_init(uint32_t session_id, uint32_t context_id,
 				uint32_t key_id, uint32_t param_size,
 				uint64_t param_data, uint32_t *mbox_error);
-int intel_fcs_get_digest_finalize(uint32_t session_id, uint32_t context_id,
+int intel_fcs_get_digest_update_finalize(uint32_t session_id, uint32_t context_id,
 				uint32_t src_addr, uint32_t src_size,
 				uint64_t dst_addr, uint32_t *dst_size,
-				uint32_t *mbox_error);
+				uint8_t is_finalised, uint32_t *mbox_error);
 
 int intel_fcs_mac_verify_init(uint32_t session_id, uint32_t context_id,
 				uint32_t key_id, uint32_t param_size,
 				uint64_t param_data, uint32_t *mbox_error);
-int intel_fcs_mac_verify_finalize(uint32_t session_id, uint32_t context_id,
+int intel_fcs_mac_verify_update_finalize(uint32_t session_id, uint32_t context_id,
 				uint32_t src_addr, uint32_t src_size,
 				uint64_t dst_addr, uint32_t *dst_size,
-				uint32_t data_size, uint32_t *mbox_error);
+				uint32_t data_size, uint8_t is_finalised,
+				uint32_t *mbox_error);
 
 int intel_fcs_ecdsa_hash_sign_init(uint32_t session_id, uint32_t context_id,
 				uint32_t key_id, uint32_t param_size,
diff --git a/plat/intel/soc/common/include/socfpga_sip_svc.h b/plat/intel/soc/common/include/socfpga_sip_svc.h
index 36ba4aa4d..f9a6ffdec 100644
--- a/plat/intel/soc/common/include/socfpga_sip_svc.h
+++ b/plat/intel/soc/common/include/socfpga_sip_svc.h
@@ -110,8 +110,10 @@
 #define INTEL_SIP_SMC_FCS_AES_CRYPT_UPDATE			0x42000075
 #define INTEL_SIP_SMC_FCS_AES_CRYPT_FINALIZE			0x42000076
 #define INTEL_SIP_SMC_FCS_GET_DIGEST_INIT			0xC2000077
+#define INTEL_SIP_SMC_FCS_GET_DIGEST_UPDATE			0xC2000078
 #define INTEL_SIP_SMC_FCS_GET_DIGEST_FINALIZE			0xC2000079
 #define INTEL_SIP_SMC_FCS_MAC_VERIFY_INIT			0xC200007A
+#define INTEL_SIP_SMC_FCS_MAC_VERIFY_UPDATE			0xC200007B
 #define INTEL_SIP_SMC_FCS_MAC_VERIFY_FINALIZE			0xC200007C
 #define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGN_INIT			0xC200007D
 #define INTEL_SIP_SMC_FCS_ECDSA_HASH_SIGN_FINALIZE		0xC200007F
diff --git a/plat/intel/soc/common/sip/socfpga_sip_fcs.c b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
index 8e223866c..c4e30a240 100644
--- a/plat/intel/soc/common/sip/socfpga_sip_fcs.c
+++ b/plat/intel/soc/common/sip/socfpga_sip_fcs.c
@@ -844,13 +844,16 @@ int intel_fcs_get_digest_init(uint32_t session_id, uint32_t context_id,
 				mbox_error);
 }
 
-int intel_fcs_get_digest_finalize(uint32_t session_id, uint32_t context_id,
-				uint32_t src_addr, uint32_t src_size,
-				uint64_t dst_addr, uint32_t *dst_size,
+int intel_fcs_get_digest_update_finalize(uint32_t session_id,
+				uint32_t context_id, uint32_t src_addr,
+				uint32_t src_size, uint64_t dst_addr,
+				uint32_t *dst_size, uint8_t is_finalised,
 				uint32_t *mbox_error)
 {
 	int status;
 	uint32_t i;
+	uint32_t flag;
+	uint32_t crypto_header;
 	uint32_t resp_len;
 	uint32_t payload[FCS_GET_DIGEST_CMD_MAX_WORD_SIZE] = {0U};
 
@@ -875,29 +878,48 @@ int intel_fcs_get_digest_finalize(uint32_t session_id, uint32_t context_id,
 
 	resp_len = *dst_size / MBOX_WORD_BYTE;
 
+	/* Prepare crypto header */
+	flag = 0;
+
+	if (fcs_sha_get_digest_param.is_updated) {
+		fcs_sha_get_digest_param.crypto_param_size = 0;
+	} else {
+		flag |=  FCS_CS_FIELD_FLAG_INIT;
+	}
+
+	if (is_finalised != 0U) {
+		flag |=  FCS_CS_FIELD_FLAG_FINALIZE;
+	} else {
+		flag |=  FCS_CS_FIELD_FLAG_UPDATE;
+		fcs_sha_get_digest_param.is_updated = 1;
+	}
+
+	crypto_header = ((flag << FCS_CS_FIELD_FLAG_OFFSET) |
+			(fcs_sha_get_digest_param.crypto_param_size &
+			FCS_CS_FIELD_SIZE_MASK));
+
 	/* Prepare command payload */
 	i = 0;
-	/* Crypto header */
 	payload[i] = fcs_sha_get_digest_param.session_id;
 	i++;
 	payload[i] = fcs_sha_get_digest_param.context_id;
 	i++;
-	payload[i] = fcs_sha_get_digest_param.crypto_param_size
-			& FCS_CS_FIELD_SIZE_MASK;
-	payload[i] |= (FCS_CS_FIELD_FLAG_INIT | FCS_CS_FIELD_FLAG_UPDATE
-			| FCS_CS_FIELD_FLAG_FINALIZE)
-			<< FCS_CS_FIELD_FLAG_OFFSET;
-	i++;
-	payload[i] = fcs_sha_get_digest_param.key_id;
-	i++;
-	/* Crypto parameters */
-	payload[i] = fcs_sha_get_digest_param.crypto_param
-			& INTEL_SIP_SMC_FCS_SHA_MODE_MASK;
-	payload[i] |= ((fcs_sha_get_digest_param.crypto_param
-			>> INTEL_SIP_SMC_FCS_DIGEST_SIZE_OFFSET)
-			& INTEL_SIP_SMC_FCS_DIGEST_SIZE_MASK)
-			<< FCS_SHA_HMAC_CRYPTO_PARAM_SIZE_OFFSET;
+	payload[i] = crypto_header;
 	i++;
+
+	if ((crypto_header >> FCS_CS_FIELD_FLAG_OFFSET) &
+		FCS_CS_FIELD_FLAG_INIT) {
+		payload[i] = fcs_sha_get_digest_param.key_id;
+		i++;
+		/* Crypto parameters */
+		payload[i] = fcs_sha_get_digest_param.crypto_param
+				& INTEL_SIP_SMC_FCS_SHA_MODE_MASK;
+		payload[i] |= ((fcs_sha_get_digest_param.crypto_param
+				>> INTEL_SIP_SMC_FCS_DIGEST_SIZE_OFFSET)
+				& INTEL_SIP_SMC_FCS_DIGEST_SIZE_MASK)
+				<< FCS_SHA_HMAC_CRYPTO_PARAM_SIZE_OFFSET;
+		i++;
+	}
 	/* Data source address and size */
 	payload[i] = src_addr;
 	i++;
@@ -908,7 +930,10 @@ int intel_fcs_get_digest_finalize(uint32_t session_id, uint32_t context_id,
 				payload, i, CMD_CASUAL,
 				(uint32_t *) dst_addr, &resp_len);
 
-	memset((void *)&fcs_sha_get_digest_param, 0, sizeof(fcs_crypto_service_data));
+	if (is_finalised != 0U) {
+		memset((void *)&fcs_sha_get_digest_param, 0,
+		sizeof(fcs_crypto_service_data));
+	}
 
 	if (status < 0) {
 		*mbox_error = -status;
@@ -931,13 +956,16 @@ int intel_fcs_mac_verify_init(uint32_t session_id, uint32_t context_id,
 				mbox_error);
 }
 
-int intel_fcs_mac_verify_finalize(uint32_t session_id, uint32_t context_id,
-				uint32_t src_addr, uint32_t src_size,
-				uint64_t dst_addr, uint32_t *dst_size,
-				uint32_t data_size, uint32_t *mbox_error)
+int intel_fcs_mac_verify_update_finalize(uint32_t session_id,
+				uint32_t context_id, uint32_t src_addr,
+				uint32_t src_size, uint64_t dst_addr,
+				uint32_t *dst_size, uint32_t data_size,
+				uint8_t is_finalised, uint32_t *mbox_error)
 {
 	int status;
 	uint32_t i;
+	uint32_t flag;
+	uint32_t crypto_header;
 	uint32_t resp_len;
 	uint32_t payload[FCS_MAC_VERIFY_CMD_MAX_WORD_SIZE] = {0U};
 	uintptr_t mac_offset;
@@ -967,45 +995,70 @@ int intel_fcs_mac_verify_finalize(uint32_t session_id, uint32_t context_id,
 
 	resp_len = *dst_size / MBOX_WORD_BYTE;
 
+	/* Prepare crypto header */
+	flag = 0;
+
+	if (fcs_sha_mac_verify_param.is_updated) {
+		fcs_sha_mac_verify_param.crypto_param_size = 0;
+	} else {
+		flag |=  FCS_CS_FIELD_FLAG_INIT;
+	}
+
+	if (is_finalised) {
+		flag |=  FCS_CS_FIELD_FLAG_FINALIZE;
+	} else {
+		flag |=  FCS_CS_FIELD_FLAG_UPDATE;
+		fcs_sha_mac_verify_param.is_updated = 1;
+	}
+
+	crypto_header = ((flag << FCS_CS_FIELD_FLAG_OFFSET) |
+			(fcs_sha_mac_verify_param.crypto_param_size &
+			FCS_CS_FIELD_SIZE_MASK));
+
 	/* Prepare command payload */
 	i = 0;
-	/* Crypto header */
 	payload[i] = fcs_sha_mac_verify_param.session_id;
 	i++;
 	payload[i] = fcs_sha_mac_verify_param.context_id;
 	i++;
-	payload[i] = fcs_sha_mac_verify_param.crypto_param_size
-			& FCS_CS_FIELD_SIZE_MASK;
-	payload[i] |= (FCS_CS_FIELD_FLAG_INIT | FCS_CS_FIELD_FLAG_UPDATE
-			| FCS_CS_FIELD_FLAG_FINALIZE)
-			<< FCS_CS_FIELD_FLAG_OFFSET;
-	i++;
-	payload[i] = fcs_sha_mac_verify_param.key_id;
-	i++;
-	/* Crypto parameters */
-	payload[i] = ((fcs_sha_mac_verify_param.crypto_param
-			>> INTEL_SIP_SMC_FCS_DIGEST_SIZE_OFFSET)
-			& INTEL_SIP_SMC_FCS_DIGEST_SIZE_MASK)
-			<< FCS_SHA_HMAC_CRYPTO_PARAM_SIZE_OFFSET;
+	payload[i] = crypto_header;
 	i++;
+
+	if ((crypto_header >> FCS_CS_FIELD_FLAG_OFFSET) &
+		FCS_CS_FIELD_FLAG_INIT) {
+		payload[i] = fcs_sha_mac_verify_param.key_id;
+		i++;
+		/* Crypto parameters */
+		payload[i] = ((fcs_sha_mac_verify_param.crypto_param
+				>> INTEL_SIP_SMC_FCS_DIGEST_SIZE_OFFSET)
+				& INTEL_SIP_SMC_FCS_DIGEST_SIZE_MASK)
+				<< FCS_SHA_HMAC_CRYPTO_PARAM_SIZE_OFFSET;
+		i++;
+	}
 	/* Data source address and size */
 	payload[i] = src_addr;
 	i++;
 	payload[i] = data_size;
 	i++;
-	/* Copy mac data to command */
-	mac_offset = src_addr + data_size;
-	memcpy((uint8_t *) &payload[i], (uint8_t *) mac_offset,
-				src_size - data_size);
 
-	i += (src_size - data_size) / MBOX_WORD_BYTE;
+	if ((crypto_header >> FCS_CS_FIELD_FLAG_OFFSET) &
+		FCS_CS_FIELD_FLAG_FINALIZE) {
+		/* Copy mac data to command */
+		mac_offset = src_addr + data_size;
+		memcpy((uint8_t *) &payload[i], (uint8_t *) mac_offset,
+		src_size - data_size);
+
+		i += (src_size - data_size) / MBOX_WORD_BYTE;
+	}
 
 	status = mailbox_send_cmd(MBOX_JOB_ID, MBOX_FCS_MAC_VERIFY_REQ,
 				payload, i, CMD_CASUAL,
 				(uint32_t *) dst_addr, &resp_len);
 
-	memset((void *)&fcs_sha_mac_verify_param, 0,
-				sizeof(fcs_crypto_service_data));
+	if (is_finalised) {
+		memset((void *)&fcs_sha_mac_verify_param, 0,
+		sizeof(fcs_crypto_service_data));
+	}
 
 	if (status < 0) {
 		*mbox_error = -status;
diff --git a/plat/intel/soc/common/socfpga_sip_svc.c b/plat/intel/soc/common/socfpga_sip_svc.c
index b2133cc1c..421d59a80 100644
--- a/plat/intel/soc/common/socfpga_sip_svc.c
+++ b/plat/intel/soc/common/socfpga_sip_svc.c
@@ -903,11 +903,20 @@ uintptr_t sip_smc_handler_v1(uint32_t smc_fid,
 					x4, x5, &mbox_error);
 		SMC_RET2(handle, status, mbox_error);
 
+	case INTEL_SIP_SMC_FCS_GET_DIGEST_UPDATE:
+		x5 = SMC_GET_GP(handle, CTX_GPREG_X5);
+		x6 = SMC_GET_GP(handle, CTX_GPREG_X6);
+		status = intel_fcs_get_digest_update_finalize(x1, x2, x3,
+					x4, x5, (uint32_t *) &x6, false,
+					&mbox_error);
+		SMC_RET4(handle, status, mbox_error, x5, x6);
+
 	case INTEL_SIP_SMC_FCS_GET_DIGEST_FINALIZE:
 		x5 = SMC_GET_GP(handle, CTX_GPREG_X5);
 		x6 = SMC_GET_GP(handle, CTX_GPREG_X6);
-		status = intel_fcs_get_digest_finalize(x1, x2, x3,
-					 x4, x5, (uint32_t *) &x6, &mbox_error);
+		status = intel_fcs_get_digest_update_finalize(x1, x2, x3,
+					x4, x5, (uint32_t *) &x6, true,
+					&mbox_error);
 		SMC_RET4(handle, status, mbox_error, x5, x6);
 
 	case INTEL_SIP_SMC_FCS_MAC_VERIFY_INIT:
@@ -916,12 +925,22 @@ uintptr_t sip_smc_handler_v1(uint32_t smc_fid,
 					x4, x5, &mbox_error);
 		SMC_RET2(handle, status, mbox_error);
 
+	case INTEL_SIP_SMC_FCS_MAC_VERIFY_UPDATE:
+		x5 = SMC_GET_GP(handle, CTX_GPREG_X5);
+		x6 = SMC_GET_GP(handle, CTX_GPREG_X6);
+		x7 = SMC_GET_GP(handle, CTX_GPREG_X7);
+		status = intel_fcs_mac_verify_update_finalize(x1, x2, x3,
+					x4, x5, (uint32_t *) &x6, x7,
+					false, &mbox_error);
+		SMC_RET4(handle, status, mbox_error, x5, x6);
+
 	case INTEL_SIP_SMC_FCS_MAC_VERIFY_FINALIZE:
 		x5 = SMC_GET_GP(handle, CTX_GPREG_X5);
 		x6 = SMC_GET_GP(handle, CTX_GPREG_X6);
 		x7 = SMC_GET_GP(handle, CTX_GPREG_X7);
-		status = intel_fcs_mac_verify_finalize(x1, x2, x3,
-					 x4, x5, (uint32_t *) &x6, x7, &mbox_error);
+		status = intel_fcs_mac_verify_update_finalize(x1, x2, x3,
+					x4, x5, (uint32_t *) &x6, x7,
+					true, &mbox_error);
 		SMC_RET4(handle, status, mbox_error, x5, x6);
 
 	case INTEL_SIP_SMC_FCS_ECDSA_SHA2_DATA_SIGN_INIT: