Sean Anderson | 5746e40 | 2022-06-25 13:12:18 -0400 | [diff] [blame^] | 1 | .\" SPDX-License-Identifier: GPL-2.0 |
| 2 | .\" Copyright (C) 2022 Sean Anderson <seanga2@gmail.com> |
| 3 | .\" Copyright (C) 2013-20 Simon Glass <sjg@chromium.org> |
| 4 | .\" Copyright (C) 2010 Nobuhiro Iwamatsu <iwamatsu@nigauri.org> |
| 5 | .\" Copyright (C) 2010 Wolfgang Denk <wd@denx.de> |
| 6 | .TH MKIMAGE 1 2022-06-11 U-Boot |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 7 | . |
Nobuhiro Iwamatsu | 9711cf6 | 2010-06-16 10:38:24 +0900 | [diff] [blame] | 8 | .SH NAME |
Sean Anderson | 9ed02c0 | 2022-06-25 13:12:14 -0400 | [diff] [blame] | 9 | mkimage \- generate images for U-Boot |
Nobuhiro Iwamatsu | 9711cf6 | 2010-06-16 10:38:24 +0900 | [diff] [blame] | 10 | .SH SYNOPSIS |
Sean Anderson | 9028386 | 2022-06-25 13:12:08 -0400 | [diff] [blame] | 11 | .SY mkimage |
| 12 | .OP \-T type |
| 13 | .BI \-l\~ image-file-name |
| 14 | .YS |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 15 | . |
Sean Anderson | 9028386 | 2022-06-25 13:12:08 -0400 | [diff] [blame] | 16 | .SY mkimage |
| 17 | .RI [ option\~ .\|.\|.\&] |
| 18 | .OP \-T type |
| 19 | .I image-file-name |
| 20 | .YS |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 21 | . |
Sean Anderson | 9028386 | 2022-06-25 13:12:08 -0400 | [diff] [blame] | 22 | .SY mkimage |
| 23 | .RI [ option\~ .\|.\|.\&] |
| 24 | .BI \-f\~ image-tree-source-file\c |
| 25 | .RB | auto |
| 26 | .I image-file-name |
| 27 | .YS |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 28 | . |
Sean Anderson | 9028386 | 2022-06-25 13:12:08 -0400 | [diff] [blame] | 29 | .SY mkimage |
| 30 | .RI [ option\~ .\|.\|.\&] |
| 31 | .BI \-F\~ image-file-name |
| 32 | .YS |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 33 | . |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 34 | .SH DESCRIPTION |
Nobuhiro Iwamatsu | 9711cf6 | 2010-06-16 10:38:24 +0900 | [diff] [blame] | 35 | The |
| 36 | .B mkimage |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 37 | command is used to create images for use with the U-Boot boot loader. These |
| 38 | images can contain the Linux kernel, device tree blob, root file system image, |
| 39 | firmware images etc., either separate or combined. |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 40 | .P |
Nobuhiro Iwamatsu | 9711cf6 | 2010-06-16 10:38:24 +0900 | [diff] [blame] | 41 | .B mkimage |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 42 | supports many image formats. Some of these formats may be used by embedded boot |
| 43 | firmware to load U-Boot. Others may be used by U-Boot to load Linux (or some |
| 44 | other kernel): |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 45 | .P |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 46 | The legacy image format concatenates the individual parts (for example, kernel |
| 47 | image, device tree blob and ramdisk image) and adds a 64 byte header containing |
| 48 | information about the target architecture, operating system, image type, |
| 49 | compression method, entry points, time stamp, checksums, etc. |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 50 | .P |
Horst Kronstorfer | e6b37cf | 2011-12-21 04:31:23 +0000 | [diff] [blame] | 51 | The new |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 52 | .I FIT |
| 53 | (Flattened Image Tree) format allows for more flexibility in handling images of |
| 54 | various types and also enhances integrity protection of images with stronger |
| 55 | checksums. It also supports verified boot. |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 56 | . |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 57 | .SH OPTIONS |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 58 | . |
Sean Anderson | 41b1ca9 | 2022-06-25 13:12:12 -0400 | [diff] [blame] | 59 | .SS General options |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 60 | . |
Nobuhiro Iwamatsu | 9711cf6 | 2010-06-16 10:38:24 +0900 | [diff] [blame] | 61 | .TP |
Sean Anderson | e4045c0 | 2022-06-25 13:12:13 -0400 | [diff] [blame] | 62 | .B \-h |
| 63 | Print a help message and exit. |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 64 | . |
Pali Rohár | cdf0d1c | 2022-02-13 01:09:46 +0100 | [diff] [blame] | 65 | .TP |
Sean Anderson | e4045c0 | 2022-06-25 13:12:13 -0400 | [diff] [blame] | 66 | .B \-l |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 67 | .B mkimage |
| 68 | lists the information contained in the header of an existing U-Boot image. |
Sean Anderson | e4045c0 | 2022-06-25 13:12:13 -0400 | [diff] [blame] | 69 | . |
| 70 | .TP |
| 71 | .B \-s |
| 72 | Don't copy in the image data. Depending on the image type, this may create |
| 73 | just the header, everything but the image data, or nothing at all. |
| 74 | . |
| 75 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 76 | .BI \-T " image-type" |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 77 | Parse image file as |
| 78 | .IR image-type . |
| 79 | Pass |
| 80 | .B list |
| 81 | as |
| 82 | .I image-type |
| 83 | to see the list of supported image types. If this option is absent, then it |
| 84 | defaults to |
| 85 | .B kernel |
| 86 | (legacy image). If this option is absent when |
| 87 | .B \-l |
| 88 | is passed, then |
| 89 | .B mkimage |
| 90 | will attempt to automatically detect the image type. Not all image types support |
| 91 | automatic detection, so it may be necessary to pass |
| 92 | .B \-T |
| 93 | explicitly. |
| 94 | .IP |
| 95 | When creating a FIT image with |
| 96 | .BR \-f , |
| 97 | the image type is always set to |
| 98 | .BR flat_dt . |
| 99 | In this case, |
| 100 | .B \-T |
| 101 | specifies the image node's \(oqtype\(cq property. If |
| 102 | .B \-T |
| 103 | is absent, then the \(oqtype\(cq property will default to |
| 104 | .BR kernel . |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 105 | . |
Sean Anderson | 138d271 | 2022-04-08 16:08:39 -0400 | [diff] [blame] | 106 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 107 | .B \-q |
Sean Anderson | e4045c0 | 2022-06-25 13:12:13 -0400 | [diff] [blame] | 108 | Quiet. Don't print the image header. |
| 109 | . |
| 110 | .TP |
| 111 | .B \-v |
| 112 | Verbose. Print file names as they are added to the image. |
| 113 | . |
| 114 | .TP |
| 115 | .B \-V |
| 116 | Print version information and exit. |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 117 | . |
Sean Anderson | 41b1ca9 | 2022-06-25 13:12:12 -0400 | [diff] [blame] | 118 | .SS General image-creation options |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 119 | . |
Nobuhiro Iwamatsu | 9711cf6 | 2010-06-16 10:38:24 +0900 | [diff] [blame] | 120 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 121 | .BI \-A " architecture" |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 122 | Set the architecture. Pass |
| 123 | .B \-h |
| 124 | as the architecture to see the list of supported architectures. If |
| 125 | .B \-A |
| 126 | is absent, it defaults to |
| 127 | .BR ppc . |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 128 | . |
Nobuhiro Iwamatsu | 9711cf6 | 2010-06-16 10:38:24 +0900 | [diff] [blame] | 129 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 130 | .BI \-O " os" |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 131 | Set the operating system. The U-Boot |
| 132 | .I bootm |
| 133 | command changes boot method based on the OS type. |
| 134 | Pass |
| 135 | .B \-h |
| 136 | as the |
| 137 | .I os |
| 138 | to see the list of supported OSs. If |
| 139 | .B \-O |
| 140 | is absent, it defaults to |
| 141 | .BR linux . |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 142 | . |
Nobuhiro Iwamatsu | 9711cf6 | 2010-06-16 10:38:24 +0900 | [diff] [blame] | 143 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 144 | .BI \-C " compression-type" |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 145 | Set the compression type. The image data should have already been compressed |
| 146 | using this compression type. |
| 147 | .B mkimage |
| 148 | will not automatically compress image data. |
| 149 | Pass |
| 150 | .B \-h |
| 151 | as the |
| 152 | .I compression-type |
| 153 | to see the list of supported compression types. If |
| 154 | .B \-C |
| 155 | is absent, it defaults to |
| 156 | .BR gzip . |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 157 | . |
Nobuhiro Iwamatsu | 9711cf6 | 2010-06-16 10:38:24 +0900 | [diff] [blame] | 158 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 159 | .BI \-a " load-address" |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 160 | Set the absolute address to load the image data to. |
| 161 | .I load-address |
| 162 | will be interpreted as a hexadecimal number. |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 163 | . |
Nobuhiro Iwamatsu | 9711cf6 | 2010-06-16 10:38:24 +0900 | [diff] [blame] | 164 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 165 | .BI \-e " entry-point" |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 166 | Set the absolute address of the image entry point. The U-Boot |
| 167 | .I bootm |
| 168 | command will jump to this address after loading the image. |
| 169 | .I entry-point |
| 170 | will be interpreted as a hexadecimal number. |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 171 | . |
Nobuhiro Iwamatsu | 9711cf6 | 2010-06-16 10:38:24 +0900 | [diff] [blame] | 172 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 173 | .BI \-n " image-name" |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 174 | Set the image name to |
| 175 | .IR image-name . |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 176 | . |
Nobuhiro Iwamatsu | 9711cf6 | 2010-06-16 10:38:24 +0900 | [diff] [blame] | 177 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 178 | .BI \-R " secondary-image-name" |
Sean Anderson | 138d271 | 2022-04-08 16:08:39 -0400 | [diff] [blame] | 179 | Some image types support a second image for additional data. For these types, |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 180 | use |
| 181 | .B \-R |
| 182 | to specify this second image. |
Sean Anderson | 021e2db | 2022-05-16 16:11:07 -0400 | [diff] [blame] | 183 | .TS |
| 184 | allbox; |
| 185 | lb lbx |
| 186 | l l. |
| 187 | Image Type Secondary Image Description |
| 188 | pblimage Additional RCW-style header, typically used for PBI commands. |
| 189 | zynqimage, zynqmpimage T{ |
| 190 | Initialization parameters, one per line. Each parameter has the form |
| 191 | .sp |
| 192 | .ti 4 |
| 193 | .I address data |
| 194 | .sp |
| 195 | where |
| 196 | .I address |
| 197 | and |
| 198 | .I data |
| 199 | are hexadecimal integers. The boot ROM will write each |
| 200 | .I data |
| 201 | to |
| 202 | .I address |
| 203 | when loading the image. At most 256 parameters may be specified in this |
| 204 | manner. |
| 205 | T} |
| 206 | .TE |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 207 | . |
Sean Anderson | 138d271 | 2022-04-08 16:08:39 -0400 | [diff] [blame] | 208 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 209 | .BI \-d " image-data-file" |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 210 | Use image data from |
| 211 | .IR image-data-file . |
| 212 | If the |
| 213 | .I image-type |
| 214 | is |
| 215 | .BR multi , |
| 216 | then multiple images may be specified, separated by colons: |
| 217 | .RS |
| 218 | .IP |
| 219 | .IR image-data-file [\fB:\fP image-data-file .\|.\|.] |
| 220 | .RE |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 221 | . |
Nobuhiro Iwamatsu | 9711cf6 | 2010-06-16 10:38:24 +0900 | [diff] [blame] | 222 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 223 | .B \-x |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 224 | Set the |
| 225 | .I XIP |
| 226 | (execute in place) flag. The U-Boot |
| 227 | .I bootm |
| 228 | command will not load the image data, and instead will assume it is already |
| 229 | accessible at the load address (such as via memory-mapped flash). |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 230 | . |
Sean Anderson | 41b1ca9 | 2022-06-25 13:12:12 -0400 | [diff] [blame] | 231 | .SS Options for creating FIT images |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 232 | . |
Nobuhiro Iwamatsu | 9711cf6 | 2010-06-16 10:38:24 +0900 | [diff] [blame] | 233 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 234 | .BI \-b " device-tree-file" |
Andreas Bießmann | f400158 | 2016-05-01 03:01:27 +0200 | [diff] [blame] | 235 | Appends the device tree binary file (.dtb) to the FIT. |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 236 | . |
Simon Glass | bd8bc5d | 2016-02-22 22:55:52 -0700 | [diff] [blame] | 237 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 238 | .BI \-c " comment" |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 239 | Specifies a comment to be added when signing. This is typically a message which |
| 240 | describes how the image was signed or some other useful information. |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 241 | . |
Simon Glass | bf27d3d | 2013-06-13 15:10:06 -0700 | [diff] [blame] | 242 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 243 | .BI \-D " dtc-options" |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 244 | Provide additional options to the device tree compiler when creating the image. |
| 245 | See |
| 246 | .BR dtc (1) |
| 247 | for documentation of possible options. If |
| 248 | .B \-D |
| 249 | is absent, it defaults to |
| 250 | .BR "\-I dts \-O dtb \-p 500" . |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 251 | . |
Nobuhiro Iwamatsu | 9711cf6 | 2010-06-16 10:38:24 +0900 | [diff] [blame] | 252 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 253 | .BI \-E |
Simon Glass | afd728c | 2016-02-22 22:55:53 -0700 | [diff] [blame] | 254 | After processing, move the image data outside the FIT and store a data offset |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 255 | in the FIT. Images will be placed one after the other immediately after the FIT, |
| 256 | with each one aligned to a 4-byte boundary. The existing \(oqdata\(cq property |
| 257 | in each image will be replaced with \(oqdata-offset\(cq and \(oqdata-size\(cq |
| 258 | properties. A \(oqdata-offset\(cq of 0 indicates that it starts in the first |
| 259 | (4-byte-aligned) byte after the FIT. |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 260 | . |
Simon Glass | afd728c | 2016-02-22 22:55:53 -0700 | [diff] [blame] | 261 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 262 | .BI \-B " alignment" |
Sean Anderson | 138d271 | 2022-04-08 16:08:39 -0400 | [diff] [blame] | 263 | The alignment, in hexadecimal, that external data will be aligned to. This |
| 264 | option only has an effect when \-E is specified. |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 265 | . |
Sean Anderson | 138d271 | 2022-04-08 16:08:39 -0400 | [diff] [blame] | 266 | .TP |
Sean Anderson | e4045c0 | 2022-06-25 13:12:13 -0400 | [diff] [blame] | 267 | .BI \-p " external-position" |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 268 | Place external data at a static external position. Instead of writing a |
| 269 | \(oqdata-offset\(cq property defining the offset from the end of the FIT, |
| 270 | .B \-p |
| 271 | will use \(oqdata-position\(cq as the absolute position from the base of the |
| 272 | FIT. See |
| 273 | .B \-E |
| 274 | for details on using external data. |
Sean Anderson | e4045c0 | 2022-06-25 13:12:13 -0400 | [diff] [blame] | 275 | . |
| 276 | .TP |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 277 | \fB\-f \fIimage-tree-source-file\fR | \fBauto |
Horst Kronstorfer | e6b37cf | 2011-12-21 04:31:23 +0000 | [diff] [blame] | 278 | Image tree source file that describes the structure and contents of the |
Nobuhiro Iwamatsu | 9711cf6 | 2010-06-16 10:38:24 +0900 | [diff] [blame] | 279 | FIT image. |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 280 | .IP |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 281 | In some simple cases, the image tree source can be generated automatically. To |
| 282 | use this feature, pass |
| 283 | .BR "\-f auto" . |
| 284 | The |
| 285 | .BR \-d , |
| 286 | .BR \-A , |
| 287 | .BR \-O , |
| 288 | .BR \-T , |
| 289 | .BR \-C , |
| 290 | .BR \-a , |
| 291 | and |
| 292 | .B \-e |
| 293 | options may be used to specify the image to include in the FIT and its |
| 294 | attributes. No |
| 295 | .I image-tree-source-file |
| 296 | is required. |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 297 | . |
Simon Glass | b148974 | 2013-06-13 15:10:03 -0700 | [diff] [blame] | 298 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 299 | .B \-F |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 300 | Indicates that an existing FIT image should be modified. No dtc compilation will |
| 301 | be performed and |
| 302 | .B \-f |
| 303 | should not be passed. This can be used to sign images with additional keys |
| 304 | after initial image creation. |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 305 | . |
Simon Glass | ce8c3ca | 2013-06-13 15:10:05 -0700 | [diff] [blame] | 306 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 307 | .BI \-i " ramdisk-file" |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 308 | Append a ramdisk or initramfs file to the image. |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 309 | . |
Tomeu Vizoso | 8d83ed2 | 2016-11-04 14:22:15 +0100 | [diff] [blame] | 310 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 311 | .BI \-k " key-directory" |
Simon Glass | b148974 | 2013-06-13 15:10:03 -0700 | [diff] [blame] | 312 | Specifies the directory containing keys to use for signing. This directory |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 313 | should contain a private key file |
| 314 | .IR name .key |
| 315 | for use with signing, and a certificate |
| 316 | .IR name .crt |
| 317 | (containing the public key) for use with verification. The public key is only |
| 318 | necessary when embedding it into another device tree using |
| 319 | .BR \-K . |
| 320 | .I name |
| 321 | defaults to the value of the signature node's \(oqkey-name-hint\(cq property, |
| 322 | but may be overridden using |
| 323 | .BR \-g . |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 324 | . |
Simon Glass | b4d8b09 | 2013-06-13 15:10:04 -0700 | [diff] [blame] | 325 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 326 | .BI \-G " key-file" |
Sean Anderson | 021e2db | 2022-05-16 16:11:07 -0400 | [diff] [blame] | 327 | Specifies the private key file to use when signing. This option may be used |
| 328 | instead of \-k. |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 329 | . |
Sean Anderson | 021e2db | 2022-05-16 16:11:07 -0400 | [diff] [blame] | 330 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 331 | .BI \-K " key-destination" |
Simon Glass | b4d8b09 | 2013-06-13 15:10:04 -0700 | [diff] [blame] | 332 | Specifies a compiled device tree binary file (typically .dtb) to write |
| 333 | public key information into. When a private key is used to sign an image, |
| 334 | the corresponding public key is written into this file for for run-time |
| 335 | verification. Typically the file here is the device tree binary used by |
| 336 | CONFIG_OF_CONTROL in U-Boot. |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 337 | . |
Simon Glass | 817278a | 2013-06-13 15:10:07 -0700 | [diff] [blame] | 338 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 339 | .BI \-g " key-name-hint" |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 340 | Overrides the signature node's \(oqkey-name-hint\(cq property. This is |
| 341 | especially useful when signing an image with |
| 342 | .BR "\-f auto" . |
| 343 | This is the |
| 344 | .I name |
| 345 | part of the key. The directory part is set by |
| 346 | .BR \-k . |
| 347 | This option also indicates that the images included in the FIT should be signed. |
| 348 | If this option is specified, then |
| 349 | .B \-o |
| 350 | must be specified as well. |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 351 | . |
Sean Anderson | 5f15029 | 2022-05-16 16:11:08 -0400 | [diff] [blame] | 352 | .TP |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 353 | .BI \-o " crypto" , checksum |
Jan Kiszka | 4043f32 | 2022-01-14 10:21:19 +0100 | [diff] [blame] | 354 | Specifies the algorithm to be used for signing a FIT image. The default is |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 355 | taken from the signature node's \(oqalgo\(cq property. |
| 356 | The valid values for |
| 357 | .I crypto |
| 358 | are: |
| 359 | .RS |
| 360 | .IP |
| 361 | .TS |
| 362 | lb. |
| 363 | rsa2048 |
| 364 | rsa3072 |
| 365 | rsa4096 |
| 366 | ecdsa256 |
| 367 | .TE |
| 368 | .RE |
| 369 | .IP |
| 370 | The valid values for |
| 371 | .I checksum |
| 372 | are |
| 373 | .RS |
| 374 | .IP |
| 375 | .TS |
| 376 | lb. |
| 377 | sha1 |
| 378 | sha256 |
| 379 | sha384 |
| 380 | sha512 |
| 381 | .TE |
| 382 | .RE |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 383 | . |
Jan Kiszka | 4043f32 | 2022-01-14 10:21:19 +0100 | [diff] [blame] | 384 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 385 | .B \-r |
Simon Glass | 817278a | 2013-06-13 15:10:07 -0700 | [diff] [blame] | 386 | Specifies that keys used to sign the FIT are required. This means that they |
| 387 | must be verified for the image to boot. Without this option, the verification |
| 388 | will be optional (useful for testing but not for release). |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 389 | . |
Simon Glass | 472ee0c | 2020-07-09 18:39:43 -0600 | [diff] [blame] | 390 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 391 | .BI \-N " engine" |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 392 | The openssl engine to use when signing and verifying the image. For a complete |
| 393 | list of available engines, refer to |
Sean Anderson | 138d271 | 2022-04-08 16:08:39 -0400 | [diff] [blame] | 394 | .BR engine (1). |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 395 | . |
Sean Anderson | 138d271 | 2022-04-08 16:08:39 -0400 | [diff] [blame] | 396 | .TP |
Sean Anderson | d72a059 | 2022-06-25 13:12:11 -0400 | [diff] [blame] | 397 | .B \-t |
Simon Glass | 472ee0c | 2020-07-09 18:39:43 -0600 | [diff] [blame] | 398 | Update the timestamp in the FIT. |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 399 | .IP |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 400 | Normally the FIT timestamp is created the first time mkimage runs, |
Simon Glass | 472ee0c | 2020-07-09 18:39:43 -0600 | [diff] [blame] | 401 | when converting the source .its to the binary .fit file. This corresponds to |
Sean Anderson | 5f3aa38 | 2022-06-25 13:12:15 -0400 | [diff] [blame] | 402 | using |
| 403 | .BR -f . |
| 404 | But if the original input to mkimage is a binary file (already compiled), then |
| 405 | the timestamp is assumed to have been set previously. |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 406 | . |
Sean Anderson | 5e5d9b5 | 2022-06-25 13:12:16 -0400 | [diff] [blame] | 407 | .SH BUGS |
| 408 | Please report bugs to the |
| 409 | .UR https://\:source\:.denx\:.de/\:u-boot/\:u-boot/\:issues |
| 410 | U-Boot bug tracker |
| 411 | .UE . |
Horst Kronstorfer | e6b37cf | 2011-12-21 04:31:23 +0000 | [diff] [blame] | 412 | .SH EXAMPLES |
Sean Anderson | 0575794 | 2022-06-25 13:12:10 -0400 | [diff] [blame] | 413 | .\" Reduce the width of the tab stops to something reasonable |
| 414 | .ta T 1i |
Nobuhiro Iwamatsu | 9711cf6 | 2010-06-16 10:38:24 +0900 | [diff] [blame] | 415 | List image information: |
Sean Anderson | 0575794 | 2022-06-25 13:12:10 -0400 | [diff] [blame] | 416 | .RS |
| 417 | .P |
| 418 | .EX |
| 419 | \fBmkimage \-l uImage |
| 420 | .EE |
| 421 | .RE |
Nobuhiro Iwamatsu | 9711cf6 | 2010-06-16 10:38:24 +0900 | [diff] [blame] | 422 | .P |
| 423 | Create legacy image with compressed PowerPC Linux kernel: |
Sean Anderson | 0575794 | 2022-06-25 13:12:10 -0400 | [diff] [blame] | 424 | .RS |
| 425 | .P |
| 426 | .EX |
| 427 | \fBmkimage \-A powerpc \-O linux \-T kernel \-C gzip \\ |
| 428 | \-a 0 \-e 0 \-n Linux \-d vmlinux.gz uImage |
| 429 | .EE |
| 430 | .RE |
Nobuhiro Iwamatsu | 9711cf6 | 2010-06-16 10:38:24 +0900 | [diff] [blame] | 431 | .P |
| 432 | Create FIT image with compressed PowerPC Linux kernel: |
Sean Anderson | 0575794 | 2022-06-25 13:12:10 -0400 | [diff] [blame] | 433 | .RS |
| 434 | .P |
| 435 | .EX |
| 436 | \fBmkimage \-f kernel.its kernel.itb |
| 437 | .EE |
| 438 | .RE |
Simon Glass | b4d8b09 | 2013-06-13 15:10:04 -0700 | [diff] [blame] | 439 | .P |
| 440 | Create FIT image with compressed kernel and sign it with keys in the |
Sean Anderson | 0575794 | 2022-06-25 13:12:10 -0400 | [diff] [blame] | 441 | /public/signing\-keys directory. Add corresponding public keys into u\-boot.dtb, |
Simon Glass | b4d8b09 | 2013-06-13 15:10:04 -0700 | [diff] [blame] | 442 | skipping those for which keys cannot be found. Also add a comment. |
Sean Anderson | 0575794 | 2022-06-25 13:12:10 -0400 | [diff] [blame] | 443 | .RS |
Simon Glass | ce8c3ca | 2013-06-13 15:10:05 -0700 | [diff] [blame] | 444 | .P |
Sean Anderson | 0575794 | 2022-06-25 13:12:10 -0400 | [diff] [blame] | 445 | .EX |
| 446 | \fBmkimage \-f kernel.its \-k /public/signing\-keys \-K u\-boot.dtb \\ |
| 447 | \-c \(dqKernel 3.8 image for production devices\(dq kernel.itb |
| 448 | .EE |
| 449 | .RE |
| 450 | .P |
| 451 | Add public keys to u\-boot.dtb without needing a FIT to sign. This will also |
Sean Anderson | 5f15029 | 2022-05-16 16:11:08 -0400 | [diff] [blame] | 452 | create a FIT containing an images node with no data named unused.itb. |
Sean Anderson | 0575794 | 2022-06-25 13:12:10 -0400 | [diff] [blame] | 453 | .RS |
| 454 | .P |
| 455 | .EX |
| 456 | \fBmkimage \-f auto \-d /dev/null \-k /public/signing\-keys \-g dev \\ |
| 457 | \-o sha256,rsa2048 \-K u\-boot.dtb unused.itb |
| 458 | .EE |
| 459 | .RE |
Sean Anderson | 5f15029 | 2022-05-16 16:11:08 -0400 | [diff] [blame] | 460 | .P |
Simon Glass | ce8c3ca | 2013-06-13 15:10:05 -0700 | [diff] [blame] | 461 | Update an existing FIT image, signing it with additional keys. |
Sean Anderson | 0575794 | 2022-06-25 13:12:10 -0400 | [diff] [blame] | 462 | Add corresponding public keys into u\-boot.dtb. This will resign all images |
Simon Glass | ce8c3ca | 2013-06-13 15:10:05 -0700 | [diff] [blame] | 463 | with keys that are available in the new directory. Images that request signing |
| 464 | with unavailable keys are skipped. |
Sean Anderson | 0575794 | 2022-06-25 13:12:10 -0400 | [diff] [blame] | 465 | .RS |
| 466 | .P |
| 467 | .EX |
| 468 | \fBmkimage \-F \-k /secret/signing\-keys \-K u\-boot.dtb \\ |
| 469 | \-c \(dqKernel 3.8 image for production devices\(dq kernel.itb |
| 470 | .EE |
| 471 | .RE |
Simon Glass | 88e31cb | 2016-02-22 22:55:51 -0700 | [diff] [blame] | 472 | .P |
| 473 | Create a FIT image containing a kernel, using automatic mode. No .its file |
| 474 | is required. |
Sean Anderson | 0575794 | 2022-06-25 13:12:10 -0400 | [diff] [blame] | 475 | .RS |
| 476 | .P |
| 477 | .EX |
| 478 | \fBmkimage \-f auto \-A arm \-O linux \-T kernel \-C none \-a 43e00000 \-e 0 \\ |
| 479 | \-c \(dqKernel 4.4 image for production devices\(dq \-d vmlinuz kernel.itb |
| 480 | .EE |
| 481 | .RE |
Simon Glass | bd8bc5d | 2016-02-22 22:55:52 -0700 | [diff] [blame] | 482 | .P |
| 483 | Create a FIT image containing a kernel and some device tree files, using |
| 484 | automatic mode. No .its file is required. |
Sean Anderson | 0575794 | 2022-06-25 13:12:10 -0400 | [diff] [blame] | 485 | .RS |
| 486 | .P |
| 487 | .EX |
| 488 | \fBmkimage \-f auto \-A arm \-O linux \-T kernel \-C none \-a 43e00000 \-e 0 \\ |
| 489 | \-c \(dqKernel 4.4 image for production devices\(dq \-d vmlinuz \\ |
| 490 | \-b /path/to/rk3288\-firefly.dtb \-b /path/to/rk3288\-jerry.dtb kernel.itb |
| 491 | .EE |
| 492 | .RE |
Sean Anderson | 5f15029 | 2022-05-16 16:11:08 -0400 | [diff] [blame] | 493 | .P |
| 494 | Create a FIT image containing a signed kernel, using automatic mode. No .its |
| 495 | file is required. |
Sean Anderson | 0575794 | 2022-06-25 13:12:10 -0400 | [diff] [blame] | 496 | .RS |
| 497 | .P |
| 498 | .EX |
| 499 | \fBmkimage \-f auto \-A arm \-O linux \-T kernel \-C none \-a 43e00000 \-e 0 \\ |
| 500 | \-d vmlinuz \-k /secret/signing\-keys \-g dev \-o sha256,rsa2048 kernel.itb |
| 501 | .EE |
| 502 | .RE |
Sean Anderson | 0d86273 | 2022-06-25 13:12:09 -0400 | [diff] [blame] | 503 | . |
Sean Anderson | 0707c98 | 2022-06-25 13:12:17 -0400 | [diff] [blame] | 504 | .SH SEE ALSO |
| 505 | .BR dtc (1), |
| 506 | .BR dumpimage (1), |
| 507 | .BR openssl (1), |
| 508 | the\~ |
| 509 | .UR https://\:u-boot\:.readthedocs\:.io/\:en/\:latest/\:index.html |
| 510 | U-Boot documentation |
| 511 | .UE |