@KevinFFF yes, that’s the command I used to build standalonemm_optee_t234.bin (using 36.3.0-updates branch + the 3 patches), referenced it in UEFI_STMM_PATH, built atf and optee and finally used the gen_tos_part_img.py from Linux_for_Tegra:
./gen_tos_part_img.py --monitor ./atf_build/arm-trusted-firmware/build/tegra/t234/release/bl31.bin --os ./optee/build/t234/core/tee-raw.bin --dtb ./optee/tegra234-optee.dtb --tostype optee ./tos.img
copied tos.img to Linux_for_Tegra/bootloader/tos-optee_t234 , regenerated UEFI capsule, applied capsule.
I assume this would be the process to update optee on the device with those 3 patches, right?