blob: d8727ec73cc5a48622cfdf96c1ac75feac15f1fd [file] [log] [blame]
Sean Anderson5746e402022-06-25 13:12:18 -04001.\" SPDX-License-Identifier: GPL-2.0
2.\" Copyright (C) 2022 Sean Anderson <seanga2@gmail.com>
3.\" Copyright (C) 2013-20 Simon Glass <sjg@chromium.org>
4.\" Copyright (C) 2010 Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
5.\" Copyright (C) 2010 Wolfgang Denk <wd@denx.de>
6.TH MKIMAGE 1 2022-06-11 U-Boot
Sean Anderson0d862732022-06-25 13:12:09 -04007.
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +09008.SH NAME
Sean Anderson9ed02c02022-06-25 13:12:14 -04009mkimage \- generate images for U-Boot
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +090010.SH SYNOPSIS
Sean Anderson90283862022-06-25 13:12:08 -040011.SY mkimage
12.OP \-T type
13.BI \-l\~ image-file-name
14.YS
Sean Anderson0d862732022-06-25 13:12:09 -040015.
Sean Anderson90283862022-06-25 13:12:08 -040016.SY mkimage
17.RI [ option\~ .\|.\|.\&]
18.OP \-T type
19.I image-file-name
20.YS
Sean Anderson0d862732022-06-25 13:12:09 -040021.
Sean Anderson90283862022-06-25 13:12:08 -040022.SY mkimage
23.RI [ option\~ .\|.\|.\&]
24.BI \-f\~ image-tree-source-file\c
Massimo Pegorer13878dd2023-01-05 10:31:09 +010025.RB | auto\c
26.RB | auto-conf
Sean Anderson90283862022-06-25 13:12:08 -040027.I image-file-name
28.YS
Sean Anderson0d862732022-06-25 13:12:09 -040029.
Sean Anderson90283862022-06-25 13:12:08 -040030.SY mkimage
31.RI [ option\~ .\|.\|.\&]
32.BI \-F\~ image-file-name
33.YS
Sean Anderson0d862732022-06-25 13:12:09 -040034.
Sean Andersond72a0592022-06-25 13:12:11 -040035.SH DESCRIPTION
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +090036The
37.B mkimage
Sean Anderson5f3aa382022-06-25 13:12:15 -040038command is used to create images for use with the U-Boot boot loader. These
39images can contain the Linux kernel, device tree blob, root file system image,
40firmware images etc., either separate or combined.
Sean Anderson0d862732022-06-25 13:12:09 -040041.P
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +090042.B mkimage
Sean Anderson5f3aa382022-06-25 13:12:15 -040043supports many image formats. Some of these formats may be used by embedded boot
44firmware to load U-Boot. Others may be used by U-Boot to load Linux (or some
45other kernel):
Sean Anderson0d862732022-06-25 13:12:09 -040046.P
Sean Anderson5f3aa382022-06-25 13:12:15 -040047The legacy image format concatenates the individual parts (for example, kernel
48image, device tree blob and ramdisk image) and adds a 64 byte header containing
49information about the target architecture, operating system, image type,
50compression method, entry points, time stamp, checksums, etc.
Sean Anderson0d862732022-06-25 13:12:09 -040051.P
Horst Kronstorfere6b37cf2011-12-21 04:31:23 +000052The new
Sean Anderson5f3aa382022-06-25 13:12:15 -040053.I FIT
54(Flattened Image Tree) format allows for more flexibility in handling images of
55various types and also enhances integrity protection of images with stronger
56checksums. It also supports verified boot.
Sean Anderson0d862732022-06-25 13:12:09 -040057.
Sean Andersond72a0592022-06-25 13:12:11 -040058.SH OPTIONS
Sean Anderson0d862732022-06-25 13:12:09 -040059.
Sean Anderson41b1ca92022-06-25 13:12:12 -040060.SS General options
Sean Anderson0d862732022-06-25 13:12:09 -040061.
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +090062.TP
Sean Andersone4045c02022-06-25 13:12:13 -040063.B \-h
Sean Andersonc4567c52022-06-25 13:12:19 -040064.TQ
65.B \-\-help
Sean Andersone4045c02022-06-25 13:12:13 -040066Print a help message and exit.
Sean Anderson0d862732022-06-25 13:12:09 -040067.
Pali Rohárcdf0d1c2022-02-13 01:09:46 +010068.TP
Sean Andersone4045c02022-06-25 13:12:13 -040069.B \-l
Sean Andersonc4567c52022-06-25 13:12:19 -040070.TQ
71.B \-\-list
Sean Anderson5f3aa382022-06-25 13:12:15 -040072.B mkimage
73lists the information contained in the header of an existing U-Boot image.
Sean Andersone4045c02022-06-25 13:12:13 -040074.
75.TP
76.B \-s
Sean Andersonc4567c52022-06-25 13:12:19 -040077.TQ
78.B \-\-no\-copy
Sean Andersone4045c02022-06-25 13:12:13 -040079Don't copy in the image data. Depending on the image type, this may create
80just the header, everything but the image data, or nothing at all.
81.
82.TP
Sean Andersond72a0592022-06-25 13:12:11 -040083.BI \-T " image-type"
Sean Andersonc4567c52022-06-25 13:12:19 -040084.TQ
85.BI \-\-type " image-type"
Sean Anderson5f3aa382022-06-25 13:12:15 -040086Parse image file as
87.IR image-type .
88Pass
89.B list
90as
91.I image-type
92to see the list of supported image types. If this option is absent, then it
93defaults to
94.B kernel
95(legacy image). If this option is absent when
96.B \-l
97is passed, then
98.B mkimage
99will attempt to automatically detect the image type. Not all image types support
100automatic detection, so it may be necessary to pass
101.B \-T
102explicitly.
103.IP
104When creating a FIT image with
105.BR \-f ,
106the image type is always set to
107.BR flat_dt .
108In this case,
109.B \-T
110specifies the image node's \(oqtype\(cq property. If
111.B \-T
112is absent, then the \(oqtype\(cq property will default to
113.BR kernel .
Sean Anderson0d862732022-06-25 13:12:09 -0400114.
Sean Anderson138d2712022-04-08 16:08:39 -0400115.TP
Sean Andersond72a0592022-06-25 13:12:11 -0400116.B \-q
Sean Andersonc4567c52022-06-25 13:12:19 -0400117.TQ
118.B \-\-quiet
Sean Andersone4045c02022-06-25 13:12:13 -0400119Quiet. Don't print the image header.
120.
121.TP
122.B \-v
Sean Andersonc4567c52022-06-25 13:12:19 -0400123.TQ
124.B \-\-verbose
Sean Andersone4045c02022-06-25 13:12:13 -0400125Verbose. Print file names as they are added to the image.
126.
127.TP
128.B \-V
Sean Andersonc4567c52022-06-25 13:12:19 -0400129.TQ
130.B \-\-version
Sean Andersone4045c02022-06-25 13:12:13 -0400131Print version information and exit.
Sean Anderson0d862732022-06-25 13:12:09 -0400132.
Sean Anderson41b1ca92022-06-25 13:12:12 -0400133.SS General image-creation options
Sean Anderson0d862732022-06-25 13:12:09 -0400134.
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +0900135.TP
Sean Andersond72a0592022-06-25 13:12:11 -0400136.BI \-A " architecture"
Sean Andersonc4567c52022-06-25 13:12:19 -0400137.TQ
138.BI \-\-architecture " architecture"
Sean Anderson5f3aa382022-06-25 13:12:15 -0400139Set the architecture. Pass
140.B \-h
141as the architecture to see the list of supported architectures. If
142.B \-A
143is absent, it defaults to
144.BR ppc .
Sean Anderson0d862732022-06-25 13:12:09 -0400145.
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +0900146.TP
Sean Andersond72a0592022-06-25 13:12:11 -0400147.BI \-O " os"
Sean Andersonc4567c52022-06-25 13:12:19 -0400148.TQ
149.BI \-\-os " os"
Sean Anderson5f3aa382022-06-25 13:12:15 -0400150Set the operating system. The U-Boot
151.I bootm
152command changes boot method based on the OS type.
153Pass
154.B \-h
155as the
156.I os
157to see the list of supported OSs. If
158.B \-O
159is absent, it defaults to
160.BR linux .
Sean Anderson0d862732022-06-25 13:12:09 -0400161.
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +0900162.TP
Sean Andersond72a0592022-06-25 13:12:11 -0400163.BI \-C " compression-type"
Sean Andersonc4567c52022-06-25 13:12:19 -0400164.TQ
165.BI \-\-compression " compression-type"
Sean Anderson5f3aa382022-06-25 13:12:15 -0400166Set the compression type. The image data should have already been compressed
167using this compression type.
168.B mkimage
169will not automatically compress image data.
170Pass
171.B \-h
172as the
173.I compression-type
174to see the list of supported compression types. If
175.B \-C
176is absent, it defaults to
177.BR gzip .
Sean Anderson0d862732022-06-25 13:12:09 -0400178.
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +0900179.TP
Sean Andersond72a0592022-06-25 13:12:11 -0400180.BI \-a " load-address"
Sean Andersonc4567c52022-06-25 13:12:19 -0400181.TQ
182.BI \-\-load\-address " load-address"
Sean Anderson5f3aa382022-06-25 13:12:15 -0400183Set the absolute address to load the image data to.
184.I load-address
185will be interpreted as a hexadecimal number.
Sean Anderson0d862732022-06-25 13:12:09 -0400186.
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +0900187.TP
Sean Andersond72a0592022-06-25 13:12:11 -0400188.BI \-e " entry-point"
Sean Andersonc4567c52022-06-25 13:12:19 -0400189.TQ
190.BI \-\-entry\-point " entry-point"
Sean Anderson5f3aa382022-06-25 13:12:15 -0400191Set the absolute address of the image entry point. The U-Boot
192.I bootm
193command will jump to this address after loading the image.
194.I entry-point
195will be interpreted as a hexadecimal number.
Sean Anderson0d862732022-06-25 13:12:09 -0400196.
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +0900197.TP
Sean Anderson4db32852022-06-25 13:12:20 -0400198.BI \-n " primary-configuration"
Sean Andersonc4567c52022-06-25 13:12:19 -0400199.TQ
Sean Anderson4db32852022-06-25 13:12:20 -0400200.BI \-\-config " primary-configuration"
201Images may require additional configuration not specified with other options,
202often in a image-type-specific format. The image types which support this
203option and the format of their configuration are listed in
204.BR CONFIGURATION .
Sean Anderson0d862732022-06-25 13:12:09 -0400205.
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +0900206.TP
Sean Anderson4db32852022-06-25 13:12:20 -0400207.BI \-R " secondary-configuration"
Sean Andersonc4567c52022-06-25 13:12:19 -0400208.TQ
Sean Anderson4db32852022-06-25 13:12:20 -0400209.BI \-\-secondary\-config " secondary-configuration"
210Some image types support a second set of configuration data. The image types
211which support secondary configuration and the formap of their configuration are
212listed in
213.BR CONFIGURATION .
Sean Anderson0d862732022-06-25 13:12:09 -0400214.
Sean Anderson138d2712022-04-08 16:08:39 -0400215.TP
Sean Andersond72a0592022-06-25 13:12:11 -0400216.BI \-d " image-data-file"
Sean Andersonc4567c52022-06-25 13:12:19 -0400217.TQ
218.BI \-\-image " image-data-file"
Sean Anderson5f3aa382022-06-25 13:12:15 -0400219Use image data from
220.IR image-data-file .
221If the
222.I image-type
223is
224.BR multi ,
225then multiple images may be specified, separated by colons:
226.RS
227.IP
228.IR image-data-file [\fB:\fP image-data-file .\|.\|.]
229.RE
Sean Anderson0d862732022-06-25 13:12:09 -0400230.
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +0900231.TP
Sean Andersond72a0592022-06-25 13:12:11 -0400232.B \-x
Sean Andersonc4567c52022-06-25 13:12:19 -0400233.TQ
234.B \-\-xip
Sean Anderson5f3aa382022-06-25 13:12:15 -0400235Set the
236.I XIP
237(execute in place) flag. The U-Boot
238.I bootm
239command will not load the image data, and instead will assume it is already
240accessible at the load address (such as via memory-mapped flash).
Sean Anderson0d862732022-06-25 13:12:09 -0400241.
Sean Anderson41b1ca92022-06-25 13:12:12 -0400242.SS Options for creating FIT images
Sean Anderson0d862732022-06-25 13:12:09 -0400243.
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +0900244.TP
Sean Andersond72a0592022-06-25 13:12:11 -0400245.BI \-b " device-tree-file"
Sean Andersonc4567c52022-06-25 13:12:19 -0400246.TQ
247.BI \-\-device\-tree " device-tree-file"
Andreas Bießmannf4001582016-05-01 03:01:27 +0200248Appends the device tree binary file (.dtb) to the FIT.
Sean Anderson0d862732022-06-25 13:12:09 -0400249.
Simon Glassbd8bc5d2016-02-22 22:55:52 -0700250.TP
Sean Andersond72a0592022-06-25 13:12:11 -0400251.BI \-c " comment"
Sean Andersonc4567c52022-06-25 13:12:19 -0400252.TQ
253.BI \-\-comment " comment"
Sean Anderson5f3aa382022-06-25 13:12:15 -0400254Specifies a comment to be added when signing. This is typically a message which
255describes how the image was signed or some other useful information.
Sean Anderson0d862732022-06-25 13:12:09 -0400256.
Simon Glassbf27d3d2013-06-13 15:10:06 -0700257.TP
Sean Andersond72a0592022-06-25 13:12:11 -0400258.BI \-D " dtc-options"
Sean Andersonc4567c52022-06-25 13:12:19 -0400259.TQ
260.BI \-\-dtcopts " dtc-options"
Sean Anderson5f3aa382022-06-25 13:12:15 -0400261Provide additional options to the device tree compiler when creating the image.
262See
263.BR dtc (1)
264for documentation of possible options. If
265.B \-D
266is absent, it defaults to
267.BR "\-I dts \-O dtb \-p 500" .
Sean Anderson0d862732022-06-25 13:12:09 -0400268.
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +0900269.TP
Sean Andersond72a0592022-06-25 13:12:11 -0400270.BI \-E
Sean Andersonc4567c52022-06-25 13:12:19 -0400271.TQ
272.BI \-\-external
Simon Glassafd728c2016-02-22 22:55:53 -0700273After processing, move the image data outside the FIT and store a data offset
Sean Anderson5f3aa382022-06-25 13:12:15 -0400274in the FIT. Images will be placed one after the other immediately after the FIT,
275with each one aligned to a 4-byte boundary. The existing \(oqdata\(cq property
276in each image will be replaced with \(oqdata-offset\(cq and \(oqdata-size\(cq
277properties. A \(oqdata-offset\(cq of 0 indicates that it starts in the first
278(4-byte-aligned) byte after the FIT.
Sean Anderson0d862732022-06-25 13:12:09 -0400279.
Simon Glassafd728c2016-02-22 22:55:53 -0700280.TP
Sean Andersond72a0592022-06-25 13:12:11 -0400281.BI \-B " alignment"
Sean Andersonc4567c52022-06-25 13:12:19 -0400282.TQ
283.BI \-\-alignment " alignment"
Sean Anderson138d2712022-04-08 16:08:39 -0400284The alignment, in hexadecimal, that external data will be aligned to. This
285option only has an effect when \-E is specified.
Sean Anderson0d862732022-06-25 13:12:09 -0400286.
Sean Anderson138d2712022-04-08 16:08:39 -0400287.TP
Sean Andersone4045c02022-06-25 13:12:13 -0400288.BI \-p " external-position"
Sean Andersonc4567c52022-06-25 13:12:19 -0400289.TQ
290.BI \-\-position " external-position"
Sean Anderson5f3aa382022-06-25 13:12:15 -0400291Place external data at a static external position. Instead of writing a
292\(oqdata-offset\(cq property defining the offset from the end of the FIT,
293.B \-p
294will use \(oqdata-position\(cq as the absolute position from the base of the
295FIT. See
296.B \-E
297for details on using external data.
Sean Andersone4045c02022-06-25 13:12:13 -0400298.
299.TP
Massimo Pegorer13878dd2023-01-05 10:31:09 +0100300\fB\-f \fIimage-tree-source-file\fR | \fBauto\fR | \fBauto-conf
Sean Andersonc4567c52022-06-25 13:12:19 -0400301.TQ
Massimo Pegorer13878dd2023-01-05 10:31:09 +0100302\fB\-\-fit \fIimage-tree-source-file\fR | \fBauto\fR | \fBauto-conf
Horst Kronstorfere6b37cf2011-12-21 04:31:23 +0000303Image tree source file that describes the structure and contents of the
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +0900304FIT image.
Sean Anderson0d862732022-06-25 13:12:09 -0400305.IP
Sean Anderson5f3aa382022-06-25 13:12:15 -0400306In some simple cases, the image tree source can be generated automatically. To
307use this feature, pass
308.BR "\-f auto" .
309The
310.BR \-d ,
311.BR \-A ,
312.BR \-O ,
313.BR \-T ,
314.BR \-C ,
315.BR \-a ,
316and
317.B \-e
318options may be used to specify the image to include in the FIT and its
319attributes. No
320.I image-tree-source-file
Massimo Pegorer13878dd2023-01-05 10:31:09 +0100321is required. The
322.BR \-g ,
323.BR \-o ,
324and
325.B \-k
326or
327.B \-G
328options may be used to get \(oqimages\(cq signed subnodes in the generated
329auto FIT. Instead, to get \(oqconfigurations\(cq signed subnodes and
330\(oqimages\(cq hashed subnodes, pass
331.BR "\-f auto-conf".
332In this case
333.BR \-g ,
334.BR \-o ,
335and
336.B \-k
337or
338.B \-G
339are mandatory options.
Sean Anderson0d862732022-06-25 13:12:09 -0400340.
Simon Glassb1489742013-06-13 15:10:03 -0700341.TP
Sean Andersond72a0592022-06-25 13:12:11 -0400342.B \-F
Sean Andersonc4567c52022-06-25 13:12:19 -0400343.TQ
344.B \-\-update
Sean Anderson5f3aa382022-06-25 13:12:15 -0400345Indicates that an existing FIT image should be modified. No dtc compilation will
346be performed and
347.B \-f
348should not be passed. This can be used to sign images with additional keys
349after initial image creation.
Sean Anderson0d862732022-06-25 13:12:09 -0400350.
Simon Glassce8c3ca2013-06-13 15:10:05 -0700351.TP
Sean Andersond72a0592022-06-25 13:12:11 -0400352.BI \-i " ramdisk-file"
Sean Andersonc4567c52022-06-25 13:12:19 -0400353.TQ
354.BI \-\-initramfs " ramdisk-file"
Sean Anderson5f3aa382022-06-25 13:12:15 -0400355Append a ramdisk or initramfs file to the image.
Sean Anderson0d862732022-06-25 13:12:09 -0400356.
Tomeu Vizoso8d83ed22016-11-04 14:22:15 +0100357.TP
Sean Andersond72a0592022-06-25 13:12:11 -0400358.BI \-k " key-directory"
Sean Andersonc4567c52022-06-25 13:12:19 -0400359.TQ
360.BI \-\-key\-dir " key-directory"
Simon Glassb1489742013-06-13 15:10:03 -0700361Specifies the directory containing keys to use for signing. This directory
Sean Anderson5f3aa382022-06-25 13:12:15 -0400362should contain a private key file
363.IR name .key
364for use with signing, and a certificate
365.IR name .crt
366(containing the public key) for use with verification. The public key is only
367necessary when embedding it into another device tree using
368.BR \-K .
369.I name
Massimo Pegorer13878dd2023-01-05 10:31:09 +0100370is the value of the signature node's \(oqkey-name-hint\(cq property.
Sean Anderson0d862732022-06-25 13:12:09 -0400371.
Simon Glassb4d8b092013-06-13 15:10:04 -0700372.TP
Sean Andersond72a0592022-06-25 13:12:11 -0400373.BI \-G " key-file"
Sean Andersonc4567c52022-06-25 13:12:19 -0400374.TQ
375.BI \-\-key\-file " key-file"
Sean Anderson021e2db2022-05-16 16:11:07 -0400376Specifies the private key file to use when signing. This option may be used
Massimo Pegorer13878dd2023-01-05 10:31:09 +0100377instead of \-k. Useful when the private key file basename does not match
378\(oqkey-name-hint\(cq value. But note that it may lead to unexpected results
379when used together with -K and/or -k options.
Sean Anderson0d862732022-06-25 13:12:09 -0400380.
Sean Anderson021e2db2022-05-16 16:11:07 -0400381.TP
Sean Andersond72a0592022-06-25 13:12:11 -0400382.BI \-K " key-destination"
Sean Andersonc4567c52022-06-25 13:12:19 -0400383.TQ
384.BI \-\-key\-dest " key-destination"
Simon Glassb4d8b092013-06-13 15:10:04 -0700385Specifies a compiled device tree binary file (typically .dtb) to write
386public key information into. When a private key is used to sign an image,
387the corresponding public key is written into this file for for run-time
388verification. Typically the file here is the device tree binary used by
389CONFIG_OF_CONTROL in U-Boot.
Sean Anderson0d862732022-06-25 13:12:09 -0400390.
Simon Glass817278a2013-06-13 15:10:07 -0700391.TP
Sean Andersond72a0592022-06-25 13:12:11 -0400392.BI \-g " key-name-hint"
Sean Andersonc4567c52022-06-25 13:12:19 -0400393.TQ
394.BI \-\-key\-name\-hint " key-name-hint"
Massimo Pegorer13878dd2023-01-05 10:31:09 +0100395Specifies the value of signature node \(oqkey-name-hint\(cq property for
396an automatically generated FIT image. It makes sense only when used with
397.B "\-f auto"
398or
399.BR "\-f auto-conf".
400This option also indicates that the images or configurations included in
401the FIT should be signed. If this option is specified, then
Sean Anderson5f3aa382022-06-25 13:12:15 -0400402.B \-o
403must be specified as well.
Sean Anderson0d862732022-06-25 13:12:09 -0400404.
Sean Anderson5f150292022-05-16 16:11:08 -0400405.TP
Massimo Pegorer13878dd2023-01-05 10:31:09 +0100406.BI \-o " checksum" , crypto
Sean Andersonc4567c52022-06-25 13:12:19 -0400407.TQ
Massimo Pegorer13878dd2023-01-05 10:31:09 +0100408.BI \-\-algo " checksum" , crypto
409Specifies the algorithm to be used for signing a FIT image, overriding value
410taken from the signature node \(oqalgo\(cq property in the
411.IR image-tree-source-file .
412It is mandatory for automatically generated FIT.
413.IP
Sean Anderson5f3aa382022-06-25 13:12:15 -0400414The valid values for
Massimo Pegorer13878dd2023-01-05 10:31:09 +0100415.I checksum
Sean Anderson5f3aa382022-06-25 13:12:15 -0400416are:
417.RS
418.IP
419.TS
420lb.
Massimo Pegorer13878dd2023-01-05 10:31:09 +0100421sha1
422sha256
423sha384
424sha512
Sean Anderson5f3aa382022-06-25 13:12:15 -0400425.TE
426.RE
427.IP
428The valid values for
Massimo Pegorer13878dd2023-01-05 10:31:09 +0100429.I crypto
430are:
Sean Anderson5f3aa382022-06-25 13:12:15 -0400431.RS
432.IP
433.TS
434lb.
Massimo Pegorer13878dd2023-01-05 10:31:09 +0100435rsa2048
436rsa3072
437rsa4096
438ecdsa256
Sean Anderson5f3aa382022-06-25 13:12:15 -0400439.TE
440.RE
Sean Anderson0d862732022-06-25 13:12:09 -0400441.
Jan Kiszka4043f322022-01-14 10:21:19 +0100442.TP
Sean Andersond72a0592022-06-25 13:12:11 -0400443.B \-r
Sean Andersonc4567c52022-06-25 13:12:19 -0400444.TQ
445.B \-\-key\-required
Massimo Pegorer13878dd2023-01-05 10:31:09 +0100446Specifies that keys used to sign the FIT are required. This means that images
447or configurations signatures must be verified before using them (i.e. to
448boot). Without this option, the verification will be optional (useful for
449testing but not for release). It makes sense only when used with
450.BR \-K.
451When both, images and configurations, are signed, \(oqrequired\(cq property
452value will be "conf".
Sean Anderson0d862732022-06-25 13:12:09 -0400453.
Simon Glass472ee0c2020-07-09 18:39:43 -0600454.TP
Sean Andersond72a0592022-06-25 13:12:11 -0400455.BI \-N " engine"
Sean Andersonc4567c52022-06-25 13:12:19 -0400456.TQ
457.BI \-\-engine " engine"
Sean Anderson5f3aa382022-06-25 13:12:15 -0400458The openssl engine to use when signing and verifying the image. For a complete
459list of available engines, refer to
Sean Anderson138d2712022-04-08 16:08:39 -0400460.BR engine (1).
Sean Anderson0d862732022-06-25 13:12:09 -0400461.
Sean Anderson138d2712022-04-08 16:08:39 -0400462.TP
Sean Andersond72a0592022-06-25 13:12:11 -0400463.B \-t
Sean Andersonc4567c52022-06-25 13:12:19 -0400464.TQ
465.B \-\-touch
Simon Glass472ee0c2020-07-09 18:39:43 -0600466Update the timestamp in the FIT.
Sean Anderson0d862732022-06-25 13:12:09 -0400467.IP
Sean Anderson5f3aa382022-06-25 13:12:15 -0400468Normally the FIT timestamp is created the first time mkimage runs,
Simon Glass472ee0c2020-07-09 18:39:43 -0600469when converting the source .its to the binary .fit file. This corresponds to
Sean Anderson5f3aa382022-06-25 13:12:15 -0400470using
471.BR -f .
472But if the original input to mkimage is a binary file (already compiled), then
473the timestamp is assumed to have been set previously.
Sean Anderson0d862732022-06-25 13:12:09 -0400474.
Sean Anderson4db32852022-06-25 13:12:20 -0400475.SH CONFIGURATION
476This section documents the formats of the primary and secondary configuration
477options for each image type which supports them.
478.
479.SS aisimage
480The primary configuration is a file containing a series of
481.I AIS
482(Application Image Script) commands, one per line. Each command has the form
483.RS
484.P
485.IR "command argument " .\|.\|.
486.RE
487.P
488See
489.UR https://\:www\:.ti\:.com/\:lit/\:pdf/\:spraag0
490TI application report SPRAAG0E
491.UE
492for details.
493.
494.SS atmelimage
495The primary configuration is a comma-separated list of NAND Flash parameters of
496the form
497.RS
498.P
499\fIparameter\fB=\fIvalue\fR[\fB,\fIparameter\fB=\fIvalue\fR.\|.\|.\&]
500.RE
501.P
502Valid
503.IR parameter s
504are
505.RS
506.P
507.TS
508lb.
509usePmecc
510nbSectorPerPage
511spareSize
512eccBitReq
513sectorSize
514eccOffset
515.TE
516.RE
517.P
518and valid
519.IR value s
520are decimal numbers. See section 11.4.4.1 of the SAMA5D3 Series Data Sheet for
521valid values for each parameter.
522.
523.SS imximage
524The primary configuration is a file containing configuration commands, as
525documented in doc/\:imx/\:mkimage/\:imximage.txt of the U-Boot source.
526.
527.SS imx8image and imx8mimage
528The primary configuration is a file containing configuration commands, as
529documented in doc/\:imx/\:mkimage/\:imx8image.txt of the U-Boot source.
530.
531.SS kwbimage
532The primary configuration is a file containing configuration commands, as
533documented in doc/\:imx/\:mkimage/\:kwbimage.txt of the U-Boot source.
534.
535.SS mtk_image
536The primary configuration is a semicolon-separated list of header options of the
537form
538.RS
539.P
540\fIkey\fB=\fIvalue\fR[\fB;\fIkey\fB=\fIvalue\fR.\|.\|.\&]
541.RE
542.P
543where the valid keys are:
544.RS
545.P
546.TS
547lb lbx
548lb l.
549Key Description
550_
551lk T{
552If \fB1\fP, then an \fILK\fP (legacy) image header is used. Otherwise, a
553\fIBootROM\fP image header is used.
554T}
555lkname T{
556The name of the LK image header. The maximum length is 32 ASCII characters. If
557not specified, the default value is \fBU-Boot\fP.
558T}
559media The boot device. See below for valid values.
560nandinfo The desired NAND device type. See below for valid values.
561arm64 If \fB1\fP, then this denotes an AArch64 image.
562hdroffset Increase the reported size of the BRLYT header by this amount.
563.TE
564.RE
565.P
566Valid values for
567.B media
568are:
569.RS
570.P
571.TS
572lb lb
573lb l.
574Value Description
575_
576nand Parallel NAND flash
577snand Serial NAND flash
578nor Serial NOR flash
579emmc \fIeMMC\fP (Embedded Multi-Media Card)
580sdmmc \fISD\fP (Secure Digital) card
581.TE
582.RE
583.P
584Valid values for
585.B nandinfo
586are:
587.RS
588.P
589.TS
590lb lb lb lb lb
591lb l l l l.
592Value NAND type Page size OOB size Total size
593_
5942k+64 Serial 2KiB 64B
5952k+120 Serial 2KiB 120B
5962k+128 Serial 2KiB 128B
5974k+256 Serial 4KiB 256B
5981g:2k+64 Parallel 2KiB 64B 1Gbit
5992g:2k+64 Parallel 2KiB 64B 2Gbit
6004g:2k+64 Parallel 2KiB 64B 4Gbit
6012g:2k+128 Parallel 2KiB 128B 2Gbit
6024g:2k+128 Parallel 2KiB 128B 4Gbit
603.TE
604.RE
605.
606.SS mxsimage
607The primary configuration is a file containing configuration commands, as
608documented in doc/\:imx/\:mkimage/\:mxsimage.txt of the U-Boot source.
609.
610.SS omapimage
611The primary configuration is the optional value
612.BR byteswap .
613If present, each 32-bit word of the image will have its bytes swapped
614(converting from little-endian to big-endian, or vice versa).
615.
616.SS pblimage
617The primary configuration is a file containing the
618.I PBI
619(Pre-Boot Image) header. Each line of the configuration has the format
620.RS
621.P
622.IR value "[ " value .\|.\|.\&]
623.RE
624.P
625Where
626.I value
627is a 32-bit hexadecimal integer. Each
628.I value
629will, after being converted to raw bytes, be literally prepended to the PBI.
630.P
631The secondary configuration is a file with the same format as the primary
632configuration file. It will be inserted into the image after the primary
633configuration data and before the image data.
634.P
635It is traditional to use the primary configuration file for the
636.I RCW
637(Reset Configuration Word), and the secondary configuration file for any
638additional PBI commands. However, it is also possible to convert an existing PBI
639to the above format and \(lqchain\(rq additional data onto the end of the
640image. This may be especially useful for creating secure boot images.
641.
642.SS rkimage
643The primary configuration is the name of the processor to generate the image
644for. Valid values are:
645.RS
646.P
647.TS
648lb.
649px30
650rk3036
651rk3066
652rk3128
653rk3188
654rk322x
655rk3288
656rk3308
657rk3328
658rk3368
659rk3399
660rv1108
661rk3568
662.TE
663.RE
664.
665.SS sunxi_egon
666The primary configuration is the name to use for the device tree.
667.
668.SS ublimage
669The primary configuration is a file containing configuration commands, as
670documented in doc/\:README.ublimage of the U-Boot source.
671.
672.SS zynqimage and zynqmpimage
673For
674.BR zynqmpimage ,
675the primary configuration is a file containing the
676.I PMUFW
677(Power Management Unit Firmware).
678.B zynqimage
679does not use the primary configuration.
680.P
681For both image types, the secondary configuration is a file containinig
682initialization parameters, one per line. Each parameter has the form
683.RS
684.P
685.I address data
686.RE
687.P
688where
689.I address
690and
691.I data
692are hexadecimal integers. The boot ROM will write each
693.I data
694to
695.I address
696when loading the image. At most 256 parameters may be specified in this
697manner.
698.
Sean Anderson5e5d9b52022-06-25 13:12:16 -0400699.SH BUGS
700Please report bugs to the
701.UR https://\:source\:.denx\:.de/\:u-boot/\:u-boot/\:issues
702U-Boot bug tracker
703.UE .
Horst Kronstorfere6b37cf2011-12-21 04:31:23 +0000704.SH EXAMPLES
Sean Anderson05757942022-06-25 13:12:10 -0400705.\" Reduce the width of the tab stops to something reasonable
706.ta T 1i
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +0900707List image information:
Sean Anderson05757942022-06-25 13:12:10 -0400708.RS
709.P
710.EX
711\fBmkimage \-l uImage
712.EE
713.RE
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +0900714.P
715Create legacy image with compressed PowerPC Linux kernel:
Sean Anderson05757942022-06-25 13:12:10 -0400716.RS
717.P
718.EX
719\fBmkimage \-A powerpc \-O linux \-T kernel \-C gzip \\
720 \-a 0 \-e 0 \-n Linux \-d vmlinux.gz uImage
721.EE
722.RE
Nobuhiro Iwamatsu9711cf62010-06-16 10:38:24 +0900723.P
724Create FIT image with compressed PowerPC Linux kernel:
Sean Anderson05757942022-06-25 13:12:10 -0400725.RS
726.P
727.EX
728\fBmkimage \-f kernel.its kernel.itb
729.EE
730.RE
Simon Glassb4d8b092013-06-13 15:10:04 -0700731.P
732Create FIT image with compressed kernel and sign it with keys in the
Sean Anderson05757942022-06-25 13:12:10 -0400733/public/signing\-keys directory. Add corresponding public keys into u\-boot.dtb,
Simon Glassb4d8b092013-06-13 15:10:04 -0700734skipping those for which keys cannot be found. Also add a comment.
Sean Anderson05757942022-06-25 13:12:10 -0400735.RS
Simon Glassce8c3ca2013-06-13 15:10:05 -0700736.P
Sean Anderson05757942022-06-25 13:12:10 -0400737.EX
738\fBmkimage \-f kernel.its \-k /public/signing\-keys \-K u\-boot.dtb \\
739 \-c \(dqKernel 3.8 image for production devices\(dq kernel.itb
740.EE
741.RE
742.P
Massimo Pegorer13878dd2023-01-05 10:31:09 +0100743Add public key to u\-boot.dtb without needing a FIT to sign. This will also
Sean Anderson5f150292022-05-16 16:11:08 -0400744create a FIT containing an images node with no data named unused.itb.
Sean Anderson05757942022-06-25 13:12:10 -0400745.RS
746.P
747.EX
748\fBmkimage \-f auto \-d /dev/null \-k /public/signing\-keys \-g dev \\
749 \-o sha256,rsa2048 \-K u\-boot.dtb unused.itb
750.EE
751.RE
Sean Anderson5f150292022-05-16 16:11:08 -0400752.P
Massimo Pegorer13878dd2023-01-05 10:31:09 +0100753Add public key with required = "conf" property to u\-boot.dtb without needing
754a FIT to sign. This will also create a useless FIT named unused.itb.
755.RS
756.P
757.EX
758\fBmkimage \-f auto-conf \-d /dev/null \-k /public/signing\-keys \-g dev \\
759 \-o sha256,rsa2048 \-K u\-boot.dtb -r unused.itb
760.EE
761.RE
762.P
Simon Glassce8c3ca2013-06-13 15:10:05 -0700763Update an existing FIT image, signing it with additional keys.
Sean Anderson05757942022-06-25 13:12:10 -0400764Add corresponding public keys into u\-boot.dtb. This will resign all images
Simon Glassce8c3ca2013-06-13 15:10:05 -0700765with keys that are available in the new directory. Images that request signing
766with unavailable keys are skipped.
Sean Anderson05757942022-06-25 13:12:10 -0400767.RS
768.P
769.EX
770\fBmkimage \-F \-k /secret/signing\-keys \-K u\-boot.dtb \\
771 \-c \(dqKernel 3.8 image for production devices\(dq kernel.itb
772.EE
773.RE
Simon Glass88e31cb2016-02-22 22:55:51 -0700774.P
775Create a FIT image containing a kernel, using automatic mode. No .its file
776is required.
Sean Anderson05757942022-06-25 13:12:10 -0400777.RS
778.P
779.EX
780\fBmkimage \-f auto \-A arm \-O linux \-T kernel \-C none \-a 43e00000 \-e 0 \\
781 \-c \(dqKernel 4.4 image for production devices\(dq \-d vmlinuz kernel.itb
782.EE
783.RE
Simon Glassbd8bc5d2016-02-22 22:55:52 -0700784.P
785Create a FIT image containing a kernel and some device tree files, using
786automatic mode. No .its file is required.
Sean Anderson05757942022-06-25 13:12:10 -0400787.RS
788.P
789.EX
790\fBmkimage \-f auto \-A arm \-O linux \-T kernel \-C none \-a 43e00000 \-e 0 \\
791 \-c \(dqKernel 4.4 image for production devices\(dq \-d vmlinuz \\
792 \-b /path/to/rk3288\-firefly.dtb \-b /path/to/rk3288\-jerry.dtb kernel.itb
793.EE
794.RE
Sean Anderson5f150292022-05-16 16:11:08 -0400795.P
796Create a FIT image containing a signed kernel, using automatic mode. No .its
797file is required.
Sean Anderson05757942022-06-25 13:12:10 -0400798.RS
799.P
800.EX
801\fBmkimage \-f auto \-A arm \-O linux \-T kernel \-C none \-a 43e00000 \-e 0 \\
802 \-d vmlinuz \-k /secret/signing\-keys \-g dev \-o sha256,rsa2048 kernel.itb
803.EE
804.RE
Massimo Pegorer13878dd2023-01-05 10:31:09 +0100805.P
806Create a FIT image containing a kernel and some device tree files, signing
807each configuration, using automatic mode. Moreover, the public key needed to
808verify signatures is added to u\-boot.dtb with required = "conf" property.
809.RS
810.P
811.EX
812\fBmkimage \-f auto-conf \-A arm \-O linux \-T kernel \-C none \-a 43e00000 \\
813 \-e 0 \-d vmlinuz \-b /path/to/file\-1.dtb \-b /path/to/file\-2.dtb \\
814 \-k /folder/with/signing\-keys \-g dev \-o sha256,rsa2048 \\
815 \-K u\-boot.dtb -r kernel.itb
816.EE
817.RE
Sean Anderson0d862732022-06-25 13:12:09 -0400818.
Sean Anderson0707c982022-06-25 13:12:17 -0400819.SH SEE ALSO
820.BR dtc (1),
821.BR dumpimage (1),
822.BR openssl (1),
823the\~
824.UR https://\:u-boot\:.readthedocs\:.io/\:en/\:latest/\:index.html
825U-Boot documentation
826.UE