X-Git-Url: https://git.kernelconcepts.de/?a=blobdiff_plain;f=doc%2Fmkimage.1;h=b48f70bb3cc7a0222d8a21d9d1122e69af2ddf4f;hb=ffcdbd85b18e0e34ce296a4bfa90ec441e9db6c8;hp=8185ff5647e43386af42e2293664d38c2823700d;hpb=e29495d37f7c0533d365004ca475218250351c93;p=karo-tx-uboot.git

diff --git a/doc/mkimage.1 b/doc/mkimage.1
index 8185ff5647..b48f70bb3c 100644
--- a/doc/mkimage.1
+++ b/doc/mkimage.1
@@ -9,6 +9,9 @@ mkimage \- Generate image for U-Boot
 .B mkimage
 .RB [\fIoptions\fP] " \-f [" "image tree source file" "]" " [" "uimage file name" "]"
 
+.B mkimage
+.RB [\fIoptions\fP] " \-F [" "uimage file name" "]"
+
 .B mkimage
 .RB [\fIoptions\fP] " (legacy mode)"
 
@@ -93,6 +96,12 @@ Set XIP (execute in place) flag.
 .P
 .B Create FIT image:
 
+.TP
+.BI "\-c [" "comment" "]"
+Specifies a comment to be added when signing. This is typically a useful
+message which describes how the image was signed or some other useful
+information.
+
 .TP
 .BI "\-D [" "dtc options" "]"
 Provide special options to the device tree compiler that is used to
@@ -103,6 +112,13 @@ create the image.
 Image tree source file that describes the structure and contents of the
 FIT image.
 
+.TP
+.BI "\-F"
+Indicates that an existing FIT image should be modified. No dtc
+compilation is performed and the \-f flag should not be given.
+This can be used to sign images with additional keys after initial image
+creation.
+
 .TP
 .BI "\-k [" "key_directory" "]"
 Specifies the directory containing keys to use for signing. This directory
@@ -117,6 +133,12 @@ the corresponding public key is written into this file for for run-time
 verification. Typically the file here is the device tree binary used by
 CONFIG_OF_CONTROL in U-Boot.
 
+.TP
+.BI "\-r
+Specifies that keys used to sign the FIT are required. This means that they
+must be verified for the image to boot. Without this option, the verification
+will be optional (useful for testing but not for release).
+
 .SH EXAMPLES
 
 List image information:
@@ -141,7 +163,19 @@ Create FIT image with compressed kernel and sign it with keys in the
 skipping those for which keys cannot be found. Also add a comment.
 .nf
 .B mkimage -f kernel.its -k /public/signing-keys -K u-boot.dtb \\\\
--c "Kernel 3.8 image for production devices" kernel.itb
+.br
+.B -c "Kernel 3.8 image for production devices" kernel.itb
+.fi
+
+.P
+Update an existing FIT image, signing it with additional keys.
+Add corresponding public keys into u-boot.dtb. This will resign all images
+with keys that are available in the new directory. Images that request signing
+with unavailable keys are skipped.
+.nf
+.B mkimage -F -k /secret/signing-keys -K u-boot.dtb \\\\
+.br
+.B -c "Kernel 3.8 image for production devices" kernel.itb
 .fi
 
 .SH HOMEPAGE