Merge remote-tracking branch 'origin/apertis/v2024dev1' into...

Merge remote-tracking branch 'origin/apertis/v2024dev1' into proposed-updates/debian/bookworm/d21f430d * origin/apertis/v2024dev1: (30 commits) Release arm-trusted-firmware version 2.7.0+dfsg-2+apertis3 d/rules: Add k3 target Release arm-trusted-firmware version 2.7.0+dfsg-2+apertis2 Refresh the automatically detected licensing information Patch reverting upgrade to openssl 3.0 Revert Fix build failure by ignoring warnings for RWX segments Revert passing --param=min-pagesize=0 in CFLAGS Refresh the automatically detected licensing information Release arm-trusted-firmware version 2.7.0+dfsg-2+apertis1 Release arm-trusted-firmware 2.5+dfsg-1+apertis4 Release arm-trusted-firmware version 2.5+dfsg-1+apertis3 d/rules: Call make clean between each subplatforms rebuild Release arm-trusted-firmware version 2.5+dfsg-1+apertis2 d/rules: Add imx8mn_uart4 target subplatform Revert "d/patches: imx8m: Disable ATF console_imx_uart_register" Release arm-trusted-firmware version 2.5+dfsg-1+apertis1 Refresh the automatically detected licensing information Import Upstream version 2.5+dfsg Release arm-trusted-firmware version 2.4+dfsg-2+apertis2 d/patches: imx8m: Disable ATF console_imx_uart_register ...

Merge remote-tracking branch 'origin/apertis/v2024dev1' into...
Merge remote-tracking branch 'origin/apertis/v2024dev1' into proposed-updates/debian/bookworm/d21f430d * origin/apertis/v2024dev1: (30 commits) Release arm-trusted-firmware version 2.7.0+dfsg-2+apertis3 d/rules: Add k3 target Release arm-trusted-firmware version 2.7.0+dfsg-2+apertis2 Refresh the automatically detected licensing information Patch reverting upgrade to openssl 3.0 Revert Fix build failure by ignoring warnings for RWX segments Revert passing --param=min-pagesize=0 in CFLAGS Refresh the automatically detected licensing information Release arm-trusted-firmware version 2.7.0+dfsg-2+apertis1 Release arm-trusted-firmware 2.5+dfsg-1+apertis4 Release arm-trusted-firmware version 2.5+dfsg-1+apertis3 d/rules: Call make clean between each subplatforms rebuild Release arm-trusted-firmware version 2.5+dfsg-1+apertis2 d/rules: Add imx8mn_uart4 target subplatform Revert "d/patches: imx8m: Disable ATF console_imx_uart_register" Release arm-trusted-firmware version 2.5+dfsg-1+apertis1 Refresh the automatically detected licensing information Import Upstream version 2.5+dfsg Release arm-trusted-firmware version 2.4+dfsg-2+apertis2 d/patches: imx8m: Disable ATF console_imx_uart_register ...
602fefec · Ritesh Raj Sarraf · 1183f04a · d21f430d · 602fefec · 602fefec
Unverified Commit 602fefec authored 2 years ago by Ritesh Raj Sarraf
--- a/debian/apertis/component
+++ b/debian/apertis/component
+target
--- a/debian/apertis/copyright
+++ b/debian/apertis/copyright
--- a/debian/apertis/gitlab-ci.yml
+++ b/debian/apertis/gitlab-ci.yml
+include:
+  - project: 'infrastructure/ci-package-builder'
+    file: '/ci-package-builder.yml'
--- a/debian/changelog
+++ b/debian/changelog
@@ -8,6 +8,32 @@ arm-trusted-firmware (2.8.0+dfsg-1) unstable; urgency=medium

 -- Vagrant Cascadian <vagrant@debian.org>  Thu, 24 Nov 2022 22:31:44 -0800

+arm-trusted-firmware (2.7.0+dfsg-2+apertis3) apertis; urgency=medium
+
+  * d/rules: Add k3 target
+
+ -- Martyn Welch <martyn.welch@collabora.com>  Tue, 08 Nov 2022 15:19:57 +0000
+
+arm-trusted-firmware (2.7.0+dfsg-2+apertis2) apertis; urgency=medium
+
+  * Revert passing --param=min-pagesize=0 in CFLAGS.
+    This change is required only for gcc-12, since we still use gcc-10
+    in Apertis, it fails to build with an "unrecognized command-line option".
+  * Revert Fix build failure by ignoring warnings for RWX segments.
+    This change is required for Apertis and uses another unrecognized
+    arguement.
+  * Add a patch reverting upgrade to openssl 3.0 which is not available in
+    apertis.
+
+ -- Dylan Aïssi <dylan.aissi@collabora.com>  Fri, 04 Nov 2022 13:52:38 +0100
+
+arm-trusted-firmware (2.7.0+dfsg-2+apertis1) apertis; urgency=medium
+
+  * Merge from Debian bookworm. Remaining Apertis changes:
+    - None.
+
+ -- Ariel D'Alessandro <ariel.dalessandro@collabora.com>  Tue, 06 Sep 2022 14:27:19 -0300
+
 arm-trusted-firmware (2.7.0+dfsg-2) unstable; urgency=medium

  * debian/rules: Fix build failure by ignoring warnings for RWX segments.
@@ -63,6 +89,35 @@ arm-trusted-firmware (2.5+dfsg-2) unstable; urgency=medium

 -- Vagrant Cascadian <vagrant@debian.org>  Wed, 08 Sep 2021 19:35:43 -0700

+arm-trusted-firmware (2.5+dfsg-1+apertis4) apertis; urgency=medium
+
+  * Bump version to force rebuild with latest dwarf2sources
+
+ -- Walter Lozano <walter.lozano@collabora.com>  Thu, 25 Aug 2022 09:55:26 -0300
+
+arm-trusted-firmware (2.5+dfsg-1+apertis3) apertis; urgency=medium
+
+  * d/rules: Call make clean between each subplatforms rebuild
+
+ -- Ariel D'Alessandro <ariel.dalessandro@collabora.com>  Wed, 24 Nov 2021 15:20:14 -0300
+
+arm-trusted-firmware (2.5+dfsg-1+apertis2) apertis; urgency=medium
+
+  * Revert "d/patches: imx8m: Disable ATF console_imx_uart_register"
+  * d/rules: Add imx8mn_uart4 target subplatform
+
+ -- Ariel D'Alessandro <ariel.dalessandro@collabora.com>  Tue, 16 Nov 2021 12:39:53 -0300
+
+arm-trusted-firmware (2.5+dfsg-1+apertis1) apertis; urgency=medium
+
+  * Merge from Debian experimental. Remaining Apertis changes:
+    - Add override_dh_dwz due failures in Apertis.
+    - Enable imx8mn target.
+    - d/patches: imx8m: Disable ATF console_imx_uart_register. Fixes imx8mn
+      support.
+
+ -- Ariel D'Alessandro <ariel.dalessandro@collabora.com>  Thu, 12 Aug 2021 10:17:40 -0300
+
 arm-trusted-firmware (2.5+dfsg-1) experimental; urgency=medium

  * New upstream release
@@ -85,6 +140,28 @@ arm-trusted-firmware (2.5+dfsg-1) experimental; urgency=medium

 -- Vagrant Cascadian <vagrant@debian.org>  Tue, 08 Jun 2021 20:04:40 -0700

+arm-trusted-firmware (2.4+dfsg-2+apertis2) apertis; urgency=medium
+
+  * d/patches: imx8m: Disable ATF console_imx_uart_register. Fixes imx8mn
+    support.
+
+ -- Ariel D'Alessandro <ariel.dalessandro@collabora.com>  Wed, 07 Jul 2021 08:42:52 -0300
+
+arm-trusted-firmware (2.4+dfsg-2+apertis1) apertis; urgency=medium
+
+  * debian/targets: Enable imx8mn target.
+
+ -- Ariel D'Alessandro <ariel.dalessandro@collabora.com>  Thu, 01 Jul 2021 17:34:33 -0300
+
+arm-trusted-firmware (2.4+dfsg-2co1) apertis; urgency=medium
+
+  * Sync updates from Debian Bullseye
+  * Remaining Apertis specific changes
+    - Add override_dh_dwz due failures in Apertis
+    - Demote debhelper-compat to 12
+
+ -- Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>  Mon, 22 Feb 2021 13:24:23 +0530
+
 arm-trusted-firmware (2.4+dfsg-2) unstable; urgency=medium

  * Upload to unstable.
@@ -136,6 +213,14 @@ arm-trusted-firmware (2.3+dfsg-2) experimental; urgency=medium

 -- Vagrant Cascadian <vagrant@debian.org>  Sat, 10 Oct 2020 19:22:41 -0700

+arm-trusted-firmware (2.3+dfsg-1co1) apertis; urgency=medium
+
+  * Sync updates from Debian Buster
+  * Remaining Apertis specific changes
+    - Add override_dh_dwz due failures in Apertis
+
+ -- Ritesh Raj Sarraf <ritesh.sarraf@collabora.com>  Fri, 07 Aug 2020 07:02:04 +0000
+
 arm-trusted-firmware (2.3+dfsg-1) unstable; urgency=medium

  * Remove binary files with unknown licensing (Closes: #961697).
@@ -144,6 +229,17 @@ arm-trusted-firmware (2.3+dfsg-1) unstable; urgency=medium

 -- Vagrant Cascadian <vagrant@debian.org>  Wed, 08 Jul 2020 08:26:49 -0700

+arm-trusted-firmware (2.3-1co1) apertis; urgency=medium
+
+  [ Apertis package maintainers ]
+  * Import Apertis version 2.3-1
+
+  [ Denis Pynkin ]
+  * Add override_dh_dwz due failures in Apertis
+  * debian/apertis/component: set to target
+
+ -- Denis Pynkin <denis.pynkin@collabora.com>  Sun, 14 Jun 2020 18:27:52 +0000
+
 arm-trusted-firmware (2.3-1) unstable; urgency=medium

  * New upstream release.

--- a/debian/patches/0001-Revert-refactor-security-upgrade-tools-to-OpenSSL-3.patch
+++ b/debian/patches/0001-Revert-refactor-security-upgrade-tools-to-OpenSSL-3.patch
+From 0b296d10759b6f86931370022980c499a224389e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Dylan=20A=C3=AFssi?= <dylan.aissi@collabora.com>
+Date: Fri, 4 Nov 2022 14:45:30 +0100
+Subject: [PATCH] Revert "refactor(security): upgrade tools to OpenSSL 3.0"
+
+This reverts commit 9bc52d330fccb0e4df22006630350a42457d3306.
+---
+ docs/getting_started/prerequisites.rst |  2 +-
+ tools/cert_create/Makefile             | 11 +---
+ tools/cert_create/src/cert.c           |  4 +-
+ tools/cert_create/src/key.c            | 58 +++++++++++++++++++---
+ tools/cert_create/src/sha.c            | 69 +++++++++-----------------
+ tools/encrypt_fw/Makefile              | 11 +---
+ tools/fiptool/Makefile                 | 11 +---
+ 7 files changed, 83 insertions(+), 83 deletions(-)
+
+diff --git a/docs/getting_started/prerequisites.rst b/docs/getting_started/prerequisites.rst
+index 0b8a71cbc..466986113 100644
+--- a/docs/getting_started/prerequisites.rst
+++ b/docs/getting_started/prerequisites.rst
+@@ -53,7 +53,7 @@ The following tools are required to obtain and build |TF-A|:
+ The following libraries must be available to build one or more components or
+ supporting tools:
+ 
+-- OpenSSL >= 3.0
+- OpenSSL >= 1.0.1
+ 
+    Required to build the cert_create tool.
+ 
+diff --git a/tools/cert_create/Makefile b/tools/cert_create/Makefile
+index ca548b836..77d2007d5 100644
+--- a/tools/cert_create/Makefile
+++ b/tools/cert_create/Makefile
+@@ -1,5 +1,5 @@
+ #
+-# Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
+ #
+ # SPDX-License-Identifier: BSD-3-Clause
+ #
+@@ -62,14 +62,7 @@ HOSTCCFLAGS += ${DEFINES}
+ # Make soft links and include from local directory otherwise wrong headers
+ # could get pulled in from firmware tree.
+ INC_DIR += -I ./include -I ${PLAT_INCLUDE} -I ${OPENSSL_DIR}/include
+-
+-# Include library directories where OpenSSL library files are located.
+-# For a normal installation (i.e.: when ${OPENSSL_DIR} = /usr or
+-# /usr/local), binaries are located under the ${OPENSSL_DIR}/lib/
+-# directory. However, for a local build of OpenSSL, the built binaries are
+-# located under the main project directory (i.e.: ${OPENSSL_DIR}, not
+-# ${OPENSSL_DIR}/lib/).
+-LIB_DIR := -L ${OPENSSL_DIR}/lib -L ${OPENSSL_DIR}
+LIB_DIR := -L ${OPENSSL_DIR}/lib
+ LIB := -lssl -lcrypto
+ 
+ HOSTCC ?= gcc
+diff --git a/tools/cert_create/src/cert.c b/tools/cert_create/src/cert.c
+index 67ae1d6ee..4b35d735a 100644
+--- a/tools/cert_create/src/cert.c
+++ b/tools/cert_create/src/cert.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
+  *
+  * SPDX-License-Identifier: BSD-3-Clause
+  */
+@@ -39,7 +39,7 @@ int rand_serial(BIGNUM *b, ASN1_INTEGER *ai)
+ 	if (!btmp)
+ 		return 0;
+ 
+-	if (!BN_rand(btmp, SERIAL_RAND_BITS, 0, 0))
+	if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
+ 		goto error;
+ 	if (ai && !BN_to_ASN1_INTEGER(btmp, ai))
+ 		goto error;
+diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
+index 2857a3b07..64359756f 100644
+--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
+@@ -1,5 +1,5 @@
+ /*
+- * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2021, ARM Limited and Contributors. All rights reserved.
+  *
+  * SPDX-License-Identifier: BSD-3-Clause
+  */
+@@ -40,25 +40,69 @@ int key_new(key_t *key)
+ 
+ static int key_create_rsa(key_t *key, int key_bits)
+ {
+-	EVP_PKEY *rsa = EVP_RSA_gen(key_bits);
+	BIGNUM *e;
+	RSA *rsa = NULL;
+
+	e = BN_new();
+	if (e == NULL) {
+		printf("Cannot create RSA exponent\n");
+		goto err;
+	}
+
+	if (!BN_set_word(e, RSA_F4)) {
+		printf("Cannot assign RSA exponent\n");
+		goto err;
+	}
+
+	rsa = RSA_new();
+ 	if (rsa == NULL) {
+		printf("Cannot create RSA key\n");
+		goto err;
+	}
+
+	if (!RSA_generate_key_ex(rsa, key_bits, e, NULL)) {
+ 		printf("Cannot generate RSA key\n");
+-		return 0;
+		goto err;
+	}
+
+	if (!EVP_PKEY_assign_RSA(key->key, rsa)) {
+		printf("Cannot assign RSA key\n");
+		goto err;
+ 	}
+-	key->key = rsa;
+
+	BN_free(e);
+ 	return 1;
+err:
+	RSA_free(rsa);
+	BN_free(e);
+	return 0;
+ }
+ 
+ #ifndef OPENSSL_NO_EC
+ static int key_create_ecdsa(key_t *key, int key_bits)
+ {
+-	EVP_PKEY *ec = EVP_EC_gen("prime256v1");
+	EC_KEY *ec;
+
+	ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
+ 	if (ec == NULL) {
+		printf("Cannot create EC key\n");
+		goto err;
+	}
+	if (!EC_KEY_generate_key(ec)) {
+ 		printf("Cannot generate EC key\n");
+-		return 0;
+		goto err;
+	}
+	EC_KEY_set_flags(ec, EC_PKEY_NO_PARAMETERS);
+	EC_KEY_set_asn1_flag(ec, OPENSSL_EC_NAMED_CURVE);
+	if (!EVP_PKEY_assign_EC_KEY(key->key, ec)) {
+		printf("Cannot assign EC key\n");
+		goto err;
+ 	}
+-	key->key = ec;
+
+ 	return 1;
+err:
+	EC_KEY_free(ec);
+	return 0;
+ }
+ #endif /* OPENSSL_NO_EC */
+ 
+diff --git a/tools/cert_create/src/sha.c b/tools/cert_create/src/sha.c
+index 06ef3601b..3d977fbfe 100644
+--- a/tools/cert_create/src/sha.c
+++ b/tools/cert_create/src/sha.c
+@@ -1,38 +1,26 @@
+ /*
+- * Copyright (c) 2015-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2017, ARM Limited and Contributors. All rights reserved.
+  *
+  * SPDX-License-Identifier: BSD-3-Clause
+  */
+ 
+#include <openssl/sha.h>
+ #include <stdio.h>
+ #include "debug.h"
+ #include "key.h"
+-#include <openssl/evp.h>
+-#include <openssl/obj_mac.h>
+ 
+ #define BUFFER_SIZE	256
+ 
+-static int get_algorithm_nid(int hash_alg)
+-{
+-	int nids[] = {NID_sha256, NID_sha384, NID_sha512};
+-	if (hash_alg < 0 || hash_alg >= sizeof(nids) / sizeof(*nids)) {
+-		return NID_undef;
+-	}
+-	return nids[hash_alg];
+-}
+-
+ int sha_file(int md_alg, const char *filename, unsigned char *md)
+ {
+ 	FILE *inFile;
+-	EVP_MD_CTX *mdctx;
+-	const EVP_MD *md_type;
+	SHA256_CTX shaContext;
+	SHA512_CTX sha512Context;
+ 	int bytes;
+-	int alg_nid;
+-	unsigned int total_bytes;
+ 	unsigned char data[BUFFER_SIZE];
+ 
+ 	if ((filename == NULL) || (md == NULL)) {
+-		ERROR("%s(): NULL argument\n", __func__);
+		ERROR("%s(): NULL argument\n", __FUNCTION__);
+ 		return 0;
+ 	}
+ 
+@@ -42,37 +30,26 @@ int sha_file(int md_alg, const char *filename, unsigned char *md)
+ 		return 0;
+ 	}
+ 
+-	mdctx = EVP_MD_CTX_new();
+-	if (mdctx == NULL) {
+-		fclose(inFile);
+-		ERROR("%s(): Could not create EVP MD context\n", __func__);
+-		return 0;
+-	}
+-
+-	alg_nid = get_algorithm_nid(md_alg);
+-	if (alg_nid == NID_undef) {
+-		ERROR("%s(): Invalid hash algorithm\n", __func__);
+-		goto err;
+	if (md_alg == HASH_ALG_SHA384) {
+		SHA384_Init(&sha512Context);
+		while ((bytes = fread(data, 1, BUFFER_SIZE, inFile)) != 0) {
+			SHA384_Update(&sha512Context, data, bytes);
+		}
+		SHA384_Final(md, &sha512Context);
+	} else if (md_alg == HASH_ALG_SHA512) {
+		SHA512_Init(&sha512Context);
+		while ((bytes = fread(data, 1, BUFFER_SIZE, inFile)) != 0) {
+			SHA512_Update(&sha512Context, data, bytes);
+		}
+		SHA512_Final(md, &sha512Context);
+	} else {
+		SHA256_Init(&shaContext);
+		while ((bytes = fread(data, 1, BUFFER_SIZE, inFile)) != 0) {
+			SHA256_Update(&shaContext, data, bytes);
+		}
+		SHA256_Final(md, &shaContext);
+ 	}
+ 
+-	md_type = EVP_get_digestbynid(alg_nid);
+-	if (EVP_DigestInit_ex(mdctx, md_type, NULL) == 0) {
+-		ERROR("%s(): Could not initialize EVP MD digest\n", __func__);
+-		goto err;
+-	}
+-
+-	while ((bytes = fread(data, 1, BUFFER_SIZE, inFile)) != 0) {
+-		EVP_DigestUpdate(mdctx, data, bytes);
+-	}
+-	EVP_DigestFinal_ex(mdctx, md, &total_bytes);
+-
+ 	fclose(inFile);
+-	EVP_MD_CTX_free(mdctx);
+ 	return 1;
+-
+-err:
+-	fclose(inFile);
+-	EVP_MD_CTX_free(mdctx);
+-	return 0;
+ }
+-
+diff --git a/tools/encrypt_fw/Makefile b/tools/encrypt_fw/Makefile
+index 60bd8ea74..96dff2324 100644
+--- a/tools/encrypt_fw/Makefile
+++ b/tools/encrypt_fw/Makefile
+@@ -1,5 +1,5 @@
+ #
+-# Copyright (c) 2019-2022, Linaro Limited. All rights reserved.
+# Copyright (c) 2019-2020, Linaro Limited. All rights reserved.
+ #
+ # SPDX-License-Identifier: BSD-3-Clause
+ #
+@@ -39,14 +39,7 @@ endif
+ # Make soft links and include from local directory otherwise wrong headers
+ # could get pulled in from firmware tree.
+ INC_DIR := -I ./include -I ../../include/tools_share -I ${OPENSSL_DIR}/include
+-
+-# Include library directories where OpenSSL library files are located.
+-# For a normal installation (i.e.: when ${OPENSSL_DIR} = /usr or
+-# /usr/local), binaries are located under the ${OPENSSL_DIR}/lib/
+-# directory. However, for a local build of OpenSSL, the built binaries are
+-# located under the main project directory (i.e.: ${OPENSSL_DIR}, not
+-# ${OPENSSL_DIR}/lib/).
+-LIB_DIR := -L ${OPENSSL_DIR}/lib -L ${OPENSSL_DIR}
+LIB_DIR := -L ${OPENSSL_DIR}/lib
+ LIB := -lssl -lcrypto
+ 
+ HOSTCC ?= gcc
+diff --git a/tools/fiptool/Makefile b/tools/fiptool/Makefile
+index e6aeba95b..7c2a08379 100644
+--- a/tools/fiptool/Makefile
+++ b/tools/fiptool/Makefile
+@@ -1,5 +1,5 @@
+ #
+-# Copyright (c) 2014-2022, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2014-2021, ARM Limited and Contributors. All rights reserved.
+ #
+ # SPDX-License-Identifier: BSD-3-Clause
+ #
+@@ -22,14 +22,7 @@ ifeq (${DEBUG},1)
+ else
+   HOSTCCFLAGS += -O2
+ endif
+-
+-# Include library directories where OpenSSL library files are located.
+-# For a normal installation (i.e.: when ${OPENSSL_DIR} = /usr or
+-# /usr/local), binaries are located under the ${OPENSSL_DIR}/lib/
+-# directory. However, for a local build of OpenSSL, the built binaries are
+-# located under the main project directory (i.e.: ${OPENSSL_DIR}, not
+-# ${OPENSSL_DIR}/lib/).
+-LDLIBS := -L${OPENSSL_DIR}/lib -L${OPENSSL_DIR} -lcrypto
+LDLIBS := -L${OPENSSL_DIR}/lib -lcrypto
+ 
+ ifeq (${V},0)
+   Q := @
+-- 
+2.30.2
+
--- a/debian/patches/series
+++ b/debian/patches/series
 use-ldflags-with-fiptool-and-cert-create
+# Apertis
+0001-Revert-refactor-security-upgrade-tools-to-OpenSSL-3.patch
--- a/debian/rules
+++ b/debian/rules
@@ -14,7 +14,7 @@ else
 VERBOSE=1
 endif

-platforms := g12a gxbb sun50i_h6 rk3328 rk3399 rpi3 rpi4 imx8mn
+platforms := g12a gxbb sun50i_h6 rk3328 rk3399 rpi3 rpi4 imx8mn k3
 platforms_nodebug := sun50i_a64 imx8mq

 # By default, iMX8MN uses UART2 console. However, other boards supported
@@ -26,15 +26,17 @@ imx8mn_subplatforms := imx8mn imx8mn_uart4
 imx8mn_uart4_assigns := IMX_BOOT_UART_BASE=0x30a60000

 # Always set CROSS_COMPILE, which also works for native builds.
+# TARGET_BOARD only required for k3 platform, but safe to set as not used at all elsewhere.
 define build_platform
 	$(eval platform := $(1))
 	$(eval debug := $(2))
 	$(eval buildtype := $(3))
 	$(eval subplatforms := $(if $($(platform)_subplatforms), $($(platform)_subplatforms), $(platform)))
 	$(eval target := $(if $(filter rk3328 rk3399,$(platform)),bl31/bl31.elf,bl31.bin))
+	$(eval board := $(if $(filter k3,$(platform)),lite,))
 	$(foreach subplatform, $(subplatforms), \
-		CROSS_COMPILE=aarch64-linux-gnu- CFLAGS=--param=min-pagesize=0 LDFLAGS= TF_LDFLAGS=--no-warn-rwx-segments dh_auto_build -- V=$(VERBOSE) DEBUG=$(debug) $($(subplatform)_assigns) PLAT=$(platform) bl31 ; \
-		install -m644 build/$(platform)/$(buildtype)/$(target) -Dt build/renamed/$(subplatform) ; \
+		CROSS_COMPILE=aarch64-linux-gnu- CFLAGS= LDFLAGS= dh_auto_build -- V=$(VERBOSE) DEBUG=$(debug) $($(subplatform)_assigns) PLAT=$(platform) TARGET_BOARD=$(board) bl31 ; \
+		install -m644 build/$(platform)/$(board)/$(buildtype)/$(target) -Dt build/renamed/$(subplatform) ; \
 		# For each subplatform, make is called using the same PLAT variable. If
 		# the build is not cleaned between each call, objects will remain the
 		# same, without rebuilding them.