optee: add property no-map to secure reserved memory

OP-TEE reserved memory node must set property "no-map" to prevent
Linux kernel from mapping secure memory unless what non-secure world
speculative accesses of the CPU can violate the memory firmware
configuration.

Fixes: 6ccb05eae01b ("image: fdt: copy possible optee nodes to a loaded devicetree")
Signed-off-by: Etienne Carriere <etienne.carriere@st.com>
Signed-off-by: Patrice Chotard <patrice.chotard@st.com>

diff --git a/lib/optee/optee.c b/lib/optee/optee.c
index 963c2ff..9e66065 100644 (file)
--- a/lib/optee/optee.c
+++ b/lib/optee/optee.c
@@ -192,7 +192,7 @@ int optee_copy_fdt_nodes(const void *old_blob, void *new_blob)
                                ret = fdtdec_add_reserved_memory(new_blob,
                                                                 nodename,
                                                                 &carveout,
-                                                                NULL, false);
+                                                                NULL, true);
                                free(oldname);
 
                                if (ret < 0)