5 files changed, 97 insertions, 5 deletions

diff --git a/include/bootstage.h b/include/bootstage.h
index c9408e7b12..5e7e242b83 100644
--- a/include/bootstage.h
+++ b/include/bootstage.h
@@ -181,6 +181,7 @@ enum bootstage_id {
 	BOOTSTAGE_ID_BOOTM_START,
 	BOOTSTAGE_ID_BOOTM_HANDOFF,
 	BOOTSTAGE_ID_MAIN_LOOP,
+	BOOTSTAGE_ID_ENTER_CLI_LOOP,
 	BOOTSTAGE_KERNELREAD_START,
 	BOOTSTAGE_KERNELREAD_STOP,
 	BOOTSTAGE_ID_BOARD_INIT,
diff --git a/include/linux/soc/ti/ti_sci_protocol.h b/include/linux/soc/ti/ti_sci_protocol.h
index 222cf66546..c57802f293 100644
--- a/include/linux/soc/ti/ti_sci_protocol.h
+++ b/include/linux/soc/ti/ti_sci_protocol.h
@@ -279,8 +279,8 @@ struct ti_sci_proc_ops {
 				 u64 bv, u32 cfg_set, u32 cfg_clr);
 	int (*set_proc_boot_ctrl)(const struct ti_sci_handle *handle, u8 pid,
 				  u32 ctrl_set, u32 ctrl_clr);
-	int (*proc_auth_boot_image)(const struct ti_sci_handle *handle, u8 pid,
-				    u64 caddr);
+	int (*proc_auth_boot_image)(const struct ti_sci_handle *handle,
+				    u64 *image_addr, u32 *image_size);
 	int (*get_proc_boot_status)(const struct ti_sci_handle *handle, u8 pid,
 				    u64 *bv, u32 *cfg_flags, u32 *ctrl_flags,
 				    u32 *sts_flags);
@@ -511,6 +511,68 @@ struct ti_sci_rm_udmap_ops {
 };
 
 /**
+ * struct ti_sci_msg_fwl_region_cfg - Request and Response for firewalls settings
+ *
+ * @fwl_id:		Firewall ID in question
+ * @region:		Region or channel number to set config info
+ *			This field is unused in case of a simple firewall  and must be initialized
+ *			to zero.  In case of a region based firewall, this field indicates the
+ *			region in question. (index starting from 0) In case of a channel based
+ *			firewall, this field indicates the channel in question (index starting
+ *			from 0)
+ * @n_permission_regs:	Number of permission registers to set
+ * @control:		Contents of the firewall CONTROL register to set
+ * @permissions:	Contents of the firewall PERMISSION register to set
+ * @start_address:	Contents of the firewall START_ADDRESS register to set
+ * @end_address:	Contents of the firewall END_ADDRESS register to set
+ */
+struct ti_sci_msg_fwl_region {
+	u16 fwl_id;
+	u16 region;
+	u32 n_permission_regs;
+	u32 control;
+	u32 permissions[3];
+	u64 start_address;
+	u64 end_address;
+} __packed;
+
+/**
+ * \brief Request and Response for firewall owner change
+ *
+ * @fwl_id:		Firewall ID in question
+ * @region:		Region or channel number to set config info
+ *			This field is unused in case of a simple firewall  and must be initialized
+ *			to zero.  In case of a region based firewall, this field indicates the
+ *			region in question. (index starting from 0) In case of a channel based
+ *			firewall, this field indicates the channel in question (index starting
+ *			from 0)
+ * @n_permission_regs:	Number of permission registers <= 3
+ * @control:		Control register value for this region
+ * @owner_index:	New owner index to change to. Owner indexes are setup in DMSC firmware boot configuration data
+ * @owner_privid:	New owner priv-id, used to lookup owner_index is not known, must be set to zero otherwise
+ * @owner_permission_bits: New owner permission bits
+ */
+struct ti_sci_msg_fwl_owner {
+	u16 fwl_id;
+	u16 region;
+	u8 owner_index;
+	u8 owner_privid;
+	u16 owner_permission_bits;
+} __packed;
+
+/**
+ * struct ti_sci_fwl_ops - Firewall specific operations
+ * @set_fwl_region: Request for configuring the firewall permissions.
+ * @get_fwl_region: Request for retrieving the firewall permissions.
+ * @change_fwl_owner: Request for a change of firewall owner.
+ */
+struct ti_sci_fwl_ops {
+	int (*set_fwl_region)(const struct ti_sci_handle *handle, const struct ti_sci_msg_fwl_region *region);
+	int (*get_fwl_region)(const struct ti_sci_handle *handle, struct ti_sci_msg_fwl_region *region);
+	int (*change_fwl_owner)(const struct ti_sci_handle *handle, struct ti_sci_msg_fwl_owner *owner);
+};
+
+/**
  * struct ti_sci_ops - Function support for TI SCI
  * @board_ops:	Miscellaneous operations
  * @dev_ops:	Device specific operations
@@ -518,6 +580,7 @@ struct ti_sci_rm_udmap_ops {
  * @core_ops:	Core specific operations
  * @proc_ops:	Processor specific operations
  * @ring_ops: Ring Accelerator Management operations
+ * @fw_ops:	Firewall specific operations
  */
 struct ti_sci_ops {
 	struct ti_sci_board_ops board_ops;
@@ -529,6 +592,7 @@ struct ti_sci_ops {
 	struct ti_sci_rm_ringacc_ops rm_ring_ops;
 	struct ti_sci_rm_psil_ops rm_psil_ops;
 	struct ti_sci_rm_udmap_ops rm_udmap_ops;
+	struct ti_sci_fwl_ops fwl_ops;
 };
 
 /**
diff --git a/include/sandboxtee.h b/include/sandboxtee.h
index 44f653d9cf..419643a024 100644
--- a/include/sandboxtee.h
+++ b/include/sandboxtee.h
@@ -6,16 +6,25 @@
 #ifndef __SANDBOXTEE_H
 #define __SANDBOXTEE_H
 
+#include <search.h>
+#include <tee/optee_ta_avb.h>
+
 /**
  * struct sandbox_tee_state - internal state of the sandbox TEE
- * @session:	current open session
- * @num_shms:	number of registered shared memory objects
- * @ta:		Trusted Application of current session
+ * @session:			current open session
+ * @num_shms:			number of registered shared memory objects
+ * @ta:				Trusted Application of current session
+ * @ta_avb_rollback_indexes	TA avb rollback indexes storage
+ * @ta_avb_lock_state		TA avb lock state storage
+ * @pstorage_htab		named persistent values storage
  */
 struct sandbox_tee_state {
 	u32 session;
 	int num_shms;
 	void *ta;
+	u64 ta_avb_rollback_indexes[TA_AVB_MAX_ROLLBACK_LOCATIONS];
+	u32 ta_avb_lock_state;
+	struct hsearch_data pstorage_htab;
 };
 
 #endif /*__SANDBOXTEE_H*/
diff --git a/include/tee.h b/include/tee.h
index edd9f9b0c9..02bcd9e703 100644
--- a/include/tee.h
+++ b/include/tee.h
@@ -43,7 +43,9 @@
 #define TEE_ERROR_COMMUNICATION		0xffff000e
 #define TEE_ERROR_SECURITY		0xffff000f
 #define TEE_ERROR_OUT_OF_MEMORY		0xffff000c
+#define TEE_ERROR_OVERFLOW              0xffff300f
 #define TEE_ERROR_TARGET_DEAD		0xffff3024
+#define TEE_ERROR_STORAGE_NO_SPACE      0xffff3041
 
 #define TEE_ORIGIN_COMMS		0x00000002
 #define TEE_ORIGIN_TEE			0x00000003
diff --git a/include/tee/optee_ta_avb.h b/include/tee/optee_ta_avb.h
index 074386af19..949875a64c 100644
--- a/include/tee/optee_ta_avb.h
+++ b/include/tee/optee_ta_avb.h
@@ -45,4 +45,20 @@
  */
 #define TA_AVB_CMD_WRITE_LOCK_STATE	3
 
+/*
+ * Reads a persistent value corresponding to the given name.
+ *
+ * in	params[0].u.memref:	persistent value name
+ * out	params[1].u.memref:	read persistent value buffer
+ */
+#define TA_AVB_CMD_READ_PERSIST_VALUE	4
+
+/*
+ * Writes a persistent value corresponding to the given name.
+ *
+ * in	params[0].u.memref:	persistent value name
+ * in	params[1].u.memref:	persistent value buffer to write
+ */
+#define TA_AVB_CMD_WRITE_PERSIST_VALUE	5
+
 #endif /* __TA_AVB_H */