lib: optee: Avoid CONFIG_TZDRAM_* in optee_verify_bootm_image()

The configs TZDRAM_BASE and TZDRAM_SIZE are expected to describe the
memory allocated to the OPTEE region. according to according to commit
c5a6e8bd00cc ("optee: Add optee_verify_bootm_image()"). The TZDRAM is
with some limitations, described by "/reserved-memory" nodes in the
devicetree.

Consequently TZDRAM_BASE and TZDRAM_SIZE can point to imaginary
regions which have nothing to do with actual DRAM. They are not used
to configure the hardware or set up the Trust Zone Controller (TZC)
for OP-TEE -- the devicetree values are used instead.

When a valid OP-TEE image does not fall within the region described by
these configs, u-boot will refuse to load it. In fact, it mostly
serves to cause "bootm" to reject perfectly good OP-TEE images.

Ironically, someone has to correctly configure the devicetree for
TZDRAM, then go back and enter the same information in Kconfig for
"bootm". To remedy this, do not use TZDRAM_BASE and TZDRAM_SIZE in the
verification of OPTEE images.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>

1 files changed, 0 insertions, 14 deletions

diff --git a/include/tee/optee.h b/include/tee/optee.h
index 2928597..5412bc7 100644
--- a/include/tee/optee.h
+++ b/include/tee/optee.h
@@ -44,20 +44,6 @@ optee_image_get_load_addr(const struct image_header *hdr)
 }
 
 #if defined(CONFIG_OPTEE_IMAGE)
-int optee_verify_image(struct optee_header *hdr, unsigned long tzdram_start,
-		       unsigned long tzdram_len, unsigned long image_len);
-#else
-static inline int optee_verify_image(struct optee_header *hdr,
-				     unsigned long tzdram_start,
-				     unsigned long tzdram_len,
-				     unsigned long image_len)
-{
-	return -EPERM;
-}
-
-#endif
-
-#if defined(CONFIG_OPTEE_IMAGE)
 int optee_verify_bootm_image(unsigned long image_addr,
 			     unsigned long image_load_addr,
 			     unsigned long image_len);