X-Git-Url: https://git.kernelconcepts.de/?a=blobdiff_plain;f=doc%2Fmkimage.1;h=b48f70bb3cc7a0222d8a21d9d1122e69af2ddf4f;hb=ffc103732c82faa945c85bbb7c5c34c30b6fac72;hp=7985f5abe18756398284ef5b339c8df190f0f2dd;hpb=cd1535564c3d52d2bc063e54e7d11ace7aeb9f52;p=karo-tx-uboot.git diff --git a/doc/mkimage.1 b/doc/mkimage.1 index 7985f5abe1..b48f70bb3c 100644 --- a/doc/mkimage.1 +++ b/doc/mkimage.1 @@ -4,18 +4,28 @@ mkimage \- Generate image for U-Boot .SH SYNOPSIS .B mkimage -.RB [\fIoptions\fP] +.RB "\-l [" "uimage file name" "]" + +.B mkimage +.RB [\fIoptions\fP] " \-f [" "image tree source file" "]" " [" "uimage file name" "]" + +.B mkimage +.RB [\fIoptions\fP] " \-F [" "uimage file name" "]" + +.B mkimage +.RB [\fIoptions\fP] " (legacy mode)" + .SH "DESCRIPTION" The .B mkimage command is used to create images for use with the U-Boot boot loader. -Thes eimages can contain the linux kernel, device tree blob, root file +These images can contain the linux kernel, device tree blob, root file system image, firmware images etc., either separate or combined. .B mkimage supports two different formats: -The old, +The old .I legacy image format concatenates the individual parts (for example, kernel image, device tree blob and ramdisk image) and adds a 64 bytes header @@ -23,10 +33,11 @@ containing information about target architecture, operating system, image type, compression method, entry points, time stamp, checksums, etc. -The new, +The new .I FIT (Flattened Image Tree) format -allows for more flexibility in handling images of various and also -enhances integrity protection of images with stronger checksums. +allows for more flexibility in handling images of various types and also +enhances integrity protection of images with stronger checksums. It also +supports verified boot. .SH "OPTIONS" @@ -41,22 +52,22 @@ mkimage lists the information contained in the header of an existing U-Boot imag .TP .BI "\-A [" "architecture" "]" -Set architecture. Pass -h as the architecture to see the list of supported architectures. +Set architecture. Pass \-h as the architecture to see the list of supported architectures. .TP .BI "\-O [" "os" "]" Set operating system. bootm command of u-boot changes boot method by os type. -Pass -h as the OS to see the list of supported OS. +Pass \-h as the OS to see the list of supported OS. .TP .BI "\-T [" "image type" "]" Set image type. -Pass -h as the image to see the list of supported image type. +Pass \-h as the image to see the list of supported image type. .TP .BI "\-C [" "compression type" "]" Set compression type. -Pass -h as the compression to see the list of supported compression type. +Pass \-h as the compression to see the list of supported compression type. .TP .BI "\-a [" "load addess" "]" @@ -66,6 +77,10 @@ Set load address with a hex number. .BI "\-e [" "entry point" "]" Set entry point with a hex number. +.TP +.BI "\-l" +List the contents of an image. + .TP .BI "\-n [" "image name" "]" Set image name to 'image name'. @@ -82,16 +97,49 @@ Set XIP (execute in place) flag. .B Create FIT image: .TP -.BI "\-D "dtc option" +.BI "\-c [" "comment" "]" +Specifies a comment to be added when signing. This is typically a useful +message which describes how the image was signed or some other useful +information. + +.TP +.BI "\-D [" "dtc options" "]" Provide special options to the device tree compiler that is used to create the image. .TP -.BI "\-f "fit-image.its" -Image tree source fine that descbres the structure and contents of the +.BI "\-f [" "image tree source file" "]" +Image tree source file that describes the structure and contents of the FIT image. -.SH EXMAPLES +.TP +.BI "\-F" +Indicates that an existing FIT image should be modified. No dtc +compilation is performed and the \-f flag should not be given. +This can be used to sign images with additional keys after initial image +creation. + +.TP +.BI "\-k [" "key_directory" "]" +Specifies the directory containing keys to use for signing. This directory +should contain a private key file .key for use with signing and a +certificate .crt (containing the public key) for use with verification. + +.TP +.BI "\-K [" "key_destination" "]" +Specifies a compiled device tree binary file (typically .dtb) to write +public key information into. When a private key is used to sign an image, +the corresponding public key is written into this file for for run-time +verification. Typically the file here is the device tree binary used by +CONFIG_OF_CONTROL in U-Boot. + +.TP +.BI "\-r +Specifies that keys used to sign the FIT are required. This means that they +must be verified for the image to boot. Without this option, the verification +will be optional (useful for testing but not for release). + +.SH EXAMPLES List image information: .nf @@ -109,10 +157,31 @@ Create FIT image with compressed PowerPC Linux kernel: .nf .B mkimage -f kernel.its kernel.itb .fi +.P +Create FIT image with compressed kernel and sign it with keys in the +/public/signing-keys directory. Add corresponding public keys into u-boot.dtb, +skipping those for which keys cannot be found. Also add a comment. +.nf +.B mkimage -f kernel.its -k /public/signing-keys -K u-boot.dtb \\\\ +.br +.B -c "Kernel 3.8 image for production devices" kernel.itb +.fi + +.P +Update an existing FIT image, signing it with additional keys. +Add corresponding public keys into u-boot.dtb. This will resign all images +with keys that are available in the new directory. Images that request signing +with unavailable keys are skipped. +.nf +.B mkimage -F -k /secret/signing-keys -K u-boot.dtb \\\\ +.br +.B -c "Kernel 3.8 image for production devices" kernel.itb +.fi .SH HOMEPAGE http://www.denx.de/wiki/U-Boot/WebHome .PP .SH AUTHOR This manual page was written by Nobuhiro Iwamatsu -and Wolfgang Denk +and Wolfgang Denk . It was updated for image signing by +Simon Glass .