blob: 759dc2d12f5d787b5646dbcf7649e76365bab38b [file] [log] [blame]
Pali Rohárcdf0d1c2022-02-13 01:09:46 +01001.TH MKIMAGE 1 "2022-02-07"
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +09002
3.SH NAME
4mkimage \- Generate image for U-Boot
5.SH SYNOPSIS
6.B mkimage
Pali Rohárcdf0d1c2022-02-13 01:09:46 +01007.RB [ \-T " \fItype\fP] " \-l " [\fIuimage file name\fP]"
Simon Glassb1489742013-06-13 15:10:03 -07008
9.B mkimage
10.RB [\fIoptions\fP] " \-f [" "image tree source file" "]" " [" "uimage file name" "]"
11
12.B mkimage
Simon Glassce8c3ca2013-06-13 15:10:05 -070013.RB [\fIoptions\fP] " \-F [" "uimage file name" "]"
14
15.B mkimage
Simon Glassb1489742013-06-13 15:10:03 -070016.RB [\fIoptions\fP] " (legacy mode)"
17
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +090018.SH "DESCRIPTION"
19The
20.B mkimage
21command is used to create images for use with the U-Boot boot loader.
Horst Kronstorfere6b37cf2011-12-21 04:31:23 +000022These images can contain the linux kernel, device tree blob, root file
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +090023system image, firmware images etc., either separate or combined.
24
25.B mkimage
26supports two different formats:
27
Horst Kronstorfere6b37cf2011-12-21 04:31:23 +000028The old
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +090029.I legacy image
30format concatenates the individual parts (for example, kernel image,
31device tree blob and ramdisk image) and adds a 64 bytes header
32containing information about target architecture, operating system,
33image type, compression method, entry points, time stamp, checksums,
34etc.
35
Horst Kronstorfere6b37cf2011-12-21 04:31:23 +000036The new
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +090037.I FIT (Flattened Image Tree) format
Horst Kronstorfere6b37cf2011-12-21 04:31:23 +000038allows for more flexibility in handling images of various types and also
Simon Glassb1489742013-06-13 15:10:03 -070039enhances integrity protection of images with stronger checksums. It also
40supports verified boot.
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +090041
42.SH "OPTIONS"
43
44.B List image information:
45
46.TP
47.BI "\-l [" "uimage file name" "]"
48mkimage lists the information contained in the header of an existing U-Boot image.
49
Pali Rohárcdf0d1c2022-02-13 01:09:46 +010050.TP
51.BI "\-T [" "image type" "]"
52Parse image file as type.
53Pass \-h as the image to see the list of supported image type.
54Without this option image type is autodetected.
55
Sean Anderson138d2712022-04-08 16:08:39 -040056.TP
57.BI "\-q"
58Quiet. Don't print the image header on successful verification.
59
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +090060.P
61.B Create old legacy image:
62
63.TP
64.BI "\-A [" "architecture" "]"
Loïc Minier775648f2011-01-04 02:32:36 +010065Set architecture. Pass \-h as the architecture to see the list of supported architectures.
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +090066
67.TP
68.BI "\-O [" "os" "]"
69Set operating system. bootm command of u-boot changes boot method by os type.
Loïc Minier775648f2011-01-04 02:32:36 +010070Pass \-h as the OS to see the list of supported OS.
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +090071
72.TP
73.BI "\-T [" "image type" "]"
74Set image type.
Loïc Minier775648f2011-01-04 02:32:36 +010075Pass \-h as the image to see the list of supported image type.
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +090076
77.TP
78.BI "\-C [" "compression type" "]"
79Set compression type.
Loïc Minier775648f2011-01-04 02:32:36 +010080Pass \-h as the compression to see the list of supported compression type.
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +090081
82.TP
Jelle van der Waa6c90a7d2016-09-14 21:54:53 +020083.BI "\-a [" "load address" "]"
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +090084Set load address with a hex number.
85
86.TP
87.BI "\-e [" "entry point" "]"
88Set entry point with a hex number.
89
90.TP
Simon Glassb1489742013-06-13 15:10:03 -070091.BI "\-l"
92List the contents of an image.
93
94.TP
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +090095.BI "\-n [" "image name" "]"
96Set image name to 'image name'.
97
98.TP
Sean Anderson138d2712022-04-08 16:08:39 -040099.BI "\-R [" "secondary image name" "]"
100Some image types support a second image for additional data. For these types,
101use \-R to specify this second image.
Sean Anderson021e2db2022-05-16 16:11:07 -0400102.TS
103allbox;
104lb lbx
105l l.
106Image Type Secondary Image Description
107pblimage Additional RCW-style header, typically used for PBI commands.
108zynqimage, zynqmpimage T{
109Initialization parameters, one per line. Each parameter has the form
110.sp
111.ti 4
112.I address data
113.sp
114where
115.I address
116and
117.I data
118are hexadecimal integers. The boot ROM will write each
119.I data
120to
121.I address
122when loading the image. At most 256 parameters may be specified in this
123manner.
124T}
125.TE
Sean Anderson138d2712022-04-08 16:08:39 -0400126
127.TP
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +0900128.BI "\-d [" "image data file" "]"
129Use image data from 'image data file'.
130
131.TP
132.BI "\-x"
133Set XIP (execute in place) flag.
134
Sean Anderson138d2712022-04-08 16:08:39 -0400135.TP
136.BI "\-s"
Sean Anderson021e2db2022-05-16 16:11:07 -0400137Don't copy in the image data. Depending on the image type, this may create
138just the header, everything but the image data, or nothing at all.
Sean Anderson138d2712022-04-08 16:08:39 -0400139
140.TP
141.BI "\-v"
142Verbose. Print file names as they are added to the image.
143
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +0900144.P
145.B Create FIT image:
146
147.TP
Andreas Bießmannf4001582016-05-01 03:01:27 +0200148.BI "\-b [" "device tree file" "]
149Appends the device tree binary file (.dtb) to the FIT.
Simon Glassbd8bc5d2016-02-22 22:55:52 -0700150
151.TP
Simon Glassbf27d3d2013-06-13 15:10:06 -0700152.BI "\-c [" "comment" "]"
153Specifies a comment to be added when signing. This is typically a useful
154message which describes how the image was signed or some other useful
155information.
156
157.TP
Horst Kronstorfer88784922011-12-23 05:40:20 +0000158.BI "\-D [" "dtc options" "]"
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +0900159Provide special options to the device tree compiler that is used to
160create the image.
161
162.TP
Simon Glassafd728c2016-02-22 22:55:53 -0700163.BI "\-E
164After processing, move the image data outside the FIT and store a data offset
165in the FIT. Images will be placed one after the other immediately after the
166FIT, with each one aligned to a 4-byte boundary. The existing 'data' property
167in each image will be replaced with 'data-offset' and 'data-size' properties.
168A 'data-offset' of 0 indicates that it starts in the first (4-byte aligned)
169byte after the FIT.
170
171.TP
Sean Anderson138d2712022-04-08 16:08:39 -0400172.BI "\-B [" "alignment" "]"
173The alignment, in hexadecimal, that external data will be aligned to. This
174option only has an effect when \-E is specified.
175
176.TP
Simon Glass88e31cb2016-02-22 22:55:51 -0700177.BI "\-f [" "image tree source file" " | " "auto" "]"
Horst Kronstorfere6b37cf2011-12-21 04:31:23 +0000178Image tree source file that describes the structure and contents of the
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +0900179FIT image.
180
Simon Glass88e31cb2016-02-22 22:55:51 -0700181This can be automatically generated for some simple cases.
182Use "-f auto" for this. In that case the arguments -d, -A, -O, -T, -C, -a
183and -e are used to specify the image to include in the FIT and its attributes.
184No .its file is required.
185
Simon Glassb1489742013-06-13 15:10:03 -0700186.TP
Simon Glassce8c3ca2013-06-13 15:10:05 -0700187.BI "\-F"
188Indicates that an existing FIT image should be modified. No dtc
Vagrant Cascadian6736b8b2014-11-01 18:09:01 -0700189compilation is performed and the \-f flag should not be given.
Simon Glassce8c3ca2013-06-13 15:10:05 -0700190This can be used to sign images with additional keys after initial image
191creation.
192
193.TP
Tomeu Vizoso8d83ed22016-11-04 14:22:15 +0100194.BI "\-i [" "ramdisk_file" "]"
195Appends the ramdisk file to the FIT.
196
197.TP
Simon Glassb1489742013-06-13 15:10:03 -0700198.BI "\-k [" "key_directory" "]"
199Specifies the directory containing keys to use for signing. This directory
200should contain a private key file <name>.key for use with signing and a
201certificate <name>.crt (containing the public key) for use with verification.
202
Simon Glassb4d8b092013-06-13 15:10:04 -0700203.TP
Sean Anderson021e2db2022-05-16 16:11:07 -0400204.BI "\-G [" "key_file" "]"
205Specifies the private key file to use when signing. This option may be used
206instead of \-k.
207
208.TP
Simon Glassb4d8b092013-06-13 15:10:04 -0700209.BI "\-K [" "key_destination" "]"
210Specifies a compiled device tree binary file (typically .dtb) to write
211public key information into. When a private key is used to sign an image,
212the corresponding public key is written into this file for for run-time
213verification. Typically the file here is the device tree binary used by
214CONFIG_OF_CONTROL in U-Boot.
215
Simon Glass817278a2013-06-13 15:10:07 -0700216.TP
Sean Anderson138d2712022-04-08 16:08:39 -0400217.BI "\-G [" "key_file" "]"
218Specifies the private key file to use when signing. This option may be used
219instead of \-k.
220
221.TP
Sean Anderson5f150292022-05-16 16:11:08 -0400222.BI "\-g [" "key_name_hint" "]"
223Sets the key-name-hint property when used with \-f auto. This is the <name>
224part of the key. The directory part is set by \-k. This option also indicates
225that the images included in the FIT should be signed. If this option is
226specified, \-o must be specified as well.
227
228.TP
Jan Kiszka4043f322022-01-14 10:21:19 +0100229.BI "\-o [" "signing algorithm" "]"
230Specifies the algorithm to be used for signing a FIT image. The default is
Jan Kiszka61f1fbd2022-02-05 13:19:36 +0100231taken from the signature node's 'algo' property.
Jan Kiszka4043f322022-01-14 10:21:19 +0100232
233.TP
Teddy Reeda8457622016-06-09 19:38:02 -0700234.BI "\-p [" "external position" "]"
235Place external data at a static external position. See \-E. Instead of writing
236a 'data-offset' property defining the offset from the end of the FIT, \-p will
237use 'data-position' as the absolute position from the base of the FIT.
238
239.TP
Sean Anderson138d2712022-04-08 16:08:39 -0400240.BI "\-r"
Simon Glass817278a2013-06-13 15:10:07 -0700241Specifies that keys used to sign the FIT are required. This means that they
242must be verified for the image to boot. Without this option, the verification
243will be optional (useful for testing but not for release).
244
Simon Glass472ee0c2020-07-09 18:39:43 -0600245.TP
Sean Anderson138d2712022-04-08 16:08:39 -0400246.BI "\-N [" "engine" "]"
247The openssl engine to use when signing and verifying the image. For a complete list of
248available engines, refer to
249.BR engine (1).
250
251.TP
Simon Glass472ee0c2020-07-09 18:39:43 -0600252.BI "\-t
253Update the timestamp in the FIT.
254
255Normally the FIT timestamp is created the first time mkimage is run on a FIT,
256when converting the source .its to the binary .fit file. This corresponds to
257using the -f flag. But if the original input to mkimage is a binary file
258(already compiled) then the timestamp is assumed to have been set previously.
259
Horst Kronstorfere6b37cf2011-12-21 04:31:23 +0000260.SH EXAMPLES
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +0900261
262List image information:
263.nf
264.B mkimage -l uImage
265.fi
266.P
267Create legacy image with compressed PowerPC Linux kernel:
268.nf
269.B mkimage -A powerpc -O linux -T kernel -C gzip \\\\
270.br
271.B -a 0 -e 0 -n Linux -d vmlinux.gz uImage
272.fi
273.P
274Create FIT image with compressed PowerPC Linux kernel:
275.nf
276.B mkimage -f kernel.its kernel.itb
277.fi
Simon Glassb4d8b092013-06-13 15:10:04 -0700278.P
279Create FIT image with compressed kernel and sign it with keys in the
280/public/signing-keys directory. Add corresponding public keys into u-boot.dtb,
281skipping those for which keys cannot be found. Also add a comment.
282.nf
283.B mkimage -f kernel.its -k /public/signing-keys -K u-boot.dtb \\\\
Vagrant Cascadian6736b8b2014-11-01 18:09:01 -0700284.br
Simon Glass1c570232016-02-22 22:55:49 -0700285.B -c """Kernel 3.8 image for production devices""" kernel.itb
Simon Glassb4d8b092013-06-13 15:10:04 -0700286.fi
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +0900287
Simon Glassce8c3ca2013-06-13 15:10:05 -0700288.P
Sean Anderson5f150292022-05-16 16:11:08 -0400289Add public keys to u-boot.dtb without needing a FIT to sign. This will also
290create a FIT containing an images node with no data named unused.itb.
291.nf
292.B mkimage -f auto -d /dev/null -k /public/signing-keys -g dev \\\\
293.br
294.B -o sha256,rsa2048 -K u-boot.dtb unused.itb
295.fi
296
297.P
Simon Glassce8c3ca2013-06-13 15:10:05 -0700298Update an existing FIT image, signing it with additional keys.
299Add corresponding public keys into u-boot.dtb. This will resign all images
300with keys that are available in the new directory. Images that request signing
301with unavailable keys are skipped.
302.nf
303.B mkimage -F -k /secret/signing-keys -K u-boot.dtb \\\\
Vagrant Cascadian6736b8b2014-11-01 18:09:01 -0700304.br
Simon Glass1c570232016-02-22 22:55:49 -0700305.B -c """Kernel 3.8 image for production devices""" kernel.itb
Simon Glassce8c3ca2013-06-13 15:10:05 -0700306.fi
307
Simon Glass88e31cb2016-02-22 22:55:51 -0700308.P
309Create a FIT image containing a kernel, using automatic mode. No .its file
310is required.
311.nf
312.B mkimage -f auto -A arm -O linux -T kernel -C none -a 43e00000 -e 0 \\\\
313.br
314.B -c """Kernel 4.4 image for production devices""" -d vmlinuz kernel.itb
315.fi
Simon Glassbd8bc5d2016-02-22 22:55:52 -0700316.P
317Create a FIT image containing a kernel and some device tree files, using
318automatic mode. No .its file is required.
319.nf
320.B mkimage -f auto -A arm -O linux -T kernel -C none -a 43e00000 -e 0 \\\\
321.br
322.B -c """Kernel 4.4 image for production devices""" -d vmlinuz \\\\
Andreas Bießmannf4001582016-05-01 03:01:27 +0200323.B -b /path/to/rk3288-firefly.dtb -b /path/to/rk3288-jerry.dtb kernel.itb
Simon Glassbd8bc5d2016-02-22 22:55:52 -0700324.fi
Sean Anderson5f150292022-05-16 16:11:08 -0400325.P
326Create a FIT image containing a signed kernel, using automatic mode. No .its
327file is required.
328.nf
329.B mkimage -f auto -A arm -O linux -T kernel -C none -a 43e00000 -e 0 \\\\
330.br
331.B -d vmlinuz -k /secret/signing-keys -g dev -o sha256,rsa2048 kernel.itb
332.fi
Simon Glass88e31cb2016-02-22 22:55:51 -0700333
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +0900334.SH HOMEPAGE
335http://www.denx.de/wiki/U-Boot/WebHome
336.PP
337.SH AUTHOR
338This manual page was written by Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
Simon Glassb1489742013-06-13 15:10:03 -0700339and Wolfgang Denk <wd@denx.de>. It was updated for image signing by
340Simon Glass <sjg@chromium.org>.