mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-11-10 15:14:43 +00:00
e29495d37f
FIT image verification requires public keys. Add a convenient option to mkimage to write the public keys to an FDT blob when it uses then for signing an image. This allows us to use: mkimage -f test.its -K dest.dtb -k keys test.fit and have the signatures written to test.fit and the corresponding public keys written to dest.dtb. Then dest.dtb can be used as the control FDT for U-Boot (CONFIG_OF_CONTROL), thus providing U-Boot with access to the public keys it needs. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
153 lines
3.9 KiB
Groff
153 lines
3.9 KiB
Groff
.TH MKIMAGE 1 "2010-05-16"
|
|
|
|
.SH NAME
|
|
mkimage \- Generate image for U-Boot
|
|
.SH SYNOPSIS
|
|
.B mkimage
|
|
.RB "\-l [" "uimage file name" "]"
|
|
|
|
.B mkimage
|
|
.RB [\fIoptions\fP] " \-f [" "image tree source file" "]" " [" "uimage file name" "]"
|
|
|
|
.B mkimage
|
|
.RB [\fIoptions\fP] " (legacy mode)"
|
|
|
|
.SH "DESCRIPTION"
|
|
The
|
|
.B mkimage
|
|
command is used to create images for use with the U-Boot boot loader.
|
|
These images can contain the linux kernel, device tree blob, root file
|
|
system image, firmware images etc., either separate or combined.
|
|
|
|
.B mkimage
|
|
supports two different formats:
|
|
|
|
The old
|
|
.I legacy image
|
|
format concatenates the individual parts (for example, kernel image,
|
|
device tree blob and ramdisk image) and adds a 64 bytes header
|
|
containing information about target architecture, operating system,
|
|
image type, compression method, entry points, time stamp, checksums,
|
|
etc.
|
|
|
|
The new
|
|
.I FIT (Flattened Image Tree) format
|
|
allows for more flexibility in handling images of various types and also
|
|
enhances integrity protection of images with stronger checksums. It also
|
|
supports verified boot.
|
|
|
|
.SH "OPTIONS"
|
|
|
|
.B List image information:
|
|
|
|
.TP
|
|
.BI "\-l [" "uimage file name" "]"
|
|
mkimage lists the information contained in the header of an existing U-Boot image.
|
|
|
|
.P
|
|
.B Create old legacy image:
|
|
|
|
.TP
|
|
.BI "\-A [" "architecture" "]"
|
|
Set architecture. Pass \-h as the architecture to see the list of supported architectures.
|
|
|
|
.TP
|
|
.BI "\-O [" "os" "]"
|
|
Set operating system. bootm command of u-boot changes boot method by os type.
|
|
Pass \-h as the OS to see the list of supported OS.
|
|
|
|
.TP
|
|
.BI "\-T [" "image type" "]"
|
|
Set image type.
|
|
Pass \-h as the image to see the list of supported image type.
|
|
|
|
.TP
|
|
.BI "\-C [" "compression type" "]"
|
|
Set compression type.
|
|
Pass \-h as the compression to see the list of supported compression type.
|
|
|
|
.TP
|
|
.BI "\-a [" "load addess" "]"
|
|
Set load address with a hex number.
|
|
|
|
.TP
|
|
.BI "\-e [" "entry point" "]"
|
|
Set entry point with a hex number.
|
|
|
|
.TP
|
|
.BI "\-l"
|
|
List the contents of an image.
|
|
|
|
.TP
|
|
.BI "\-n [" "image name" "]"
|
|
Set image name to 'image name'.
|
|
|
|
.TP
|
|
.BI "\-d [" "image data file" "]"
|
|
Use image data from 'image data file'.
|
|
|
|
.TP
|
|
.BI "\-x"
|
|
Set XIP (execute in place) flag.
|
|
|
|
.P
|
|
.B Create FIT image:
|
|
|
|
.TP
|
|
.BI "\-D [" "dtc options" "]"
|
|
Provide special options to the device tree compiler that is used to
|
|
create the image.
|
|
|
|
.TP
|
|
.BI "\-f [" "image tree source file" "]"
|
|
Image tree source file that describes the structure and contents of the
|
|
FIT image.
|
|
|
|
.TP
|
|
.BI "\-k [" "key_directory" "]"
|
|
Specifies the directory containing keys to use for signing. This directory
|
|
should contain a private key file <name>.key for use with signing and a
|
|
certificate <name>.crt (containing the public key) for use with verification.
|
|
|
|
.TP
|
|
.BI "\-K [" "key_destination" "]"
|
|
Specifies a compiled device tree binary file (typically .dtb) to write
|
|
public key information into. When a private key is used to sign an image,
|
|
the corresponding public key is written into this file for for run-time
|
|
verification. Typically the file here is the device tree binary used by
|
|
CONFIG_OF_CONTROL in U-Boot.
|
|
|
|
.SH EXAMPLES
|
|
|
|
List image information:
|
|
.nf
|
|
.B mkimage -l uImage
|
|
.fi
|
|
.P
|
|
Create legacy image with compressed PowerPC Linux kernel:
|
|
.nf
|
|
.B mkimage -A powerpc -O linux -T kernel -C gzip \\\\
|
|
.br
|
|
.B -a 0 -e 0 -n Linux -d vmlinux.gz uImage
|
|
.fi
|
|
.P
|
|
Create FIT image with compressed PowerPC Linux kernel:
|
|
.nf
|
|
.B mkimage -f kernel.its kernel.itb
|
|
.fi
|
|
.P
|
|
Create FIT image with compressed kernel and sign it with keys in the
|
|
/public/signing-keys directory. Add corresponding public keys into u-boot.dtb,
|
|
skipping those for which keys cannot be found. Also add a comment.
|
|
.nf
|
|
.B mkimage -f kernel.its -k /public/signing-keys -K u-boot.dtb \\\\
|
|
-c "Kernel 3.8 image for production devices" kernel.itb
|
|
.fi
|
|
|
|
.SH HOMEPAGE
|
|
http://www.denx.de/wiki/U-Boot/WebHome
|
|
.PP
|
|
.SH AUTHOR
|
|
This manual page was written by Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
|
|
and Wolfgang Denk <wd@denx.de>. It was updated for image signing by
|
|
Simon Glass <sjg@chromium.org>.
|