NAME¶
mkimage - Generate image for U-Boot
SYNOPSIS¶
mkimage -l [
uimage file name]
mkimage [
options]
-f [image tree source file
]
[
uimage file name]
mkimage [
options]
-F [uimage file name
]
mkimage [
options]
(legacy mode)
DESCRIPTION¶
The
mkimage command is used to create images for use with the U-Boot boot
loader. These images can contain the linux kernel, device tree blob, root file
system image, firmware images etc., either separate or combined.
mkimage supports two different formats:
The old
legacy image format concatenates the individual parts (for
example, kernel image, device tree blob and ramdisk image) and adds a 64 bytes
header containing information about target architecture, operating system,
image type, compression method, entry points, time stamp, checksums, etc.
The new
FIT (Flattened Image Tree) format allows for more flexibility in
handling images of various types and also enhances integrity protection of
images with stronger checksums. It also supports verified boot.
OPTIONS¶
List image information:
- -l [uimage file name]
- mkimage lists the information contained in the header of an existing
U-Boot image.
Create old legacy image:
- -A [architecture]
- Set architecture. Pass -h as the architecture to see the list of supported
architectures.
- -O [os]
- Set operating system. bootm command of u-boot changes boot method by os
type. Pass -h as the OS to see the list of supported OS.
- -T [image type]
- Set image type. Pass -h as the image to see the list of supported image
type.
- -C [compression type]
- Set compression type. Pass -h as the compression to see the list of
supported compression type.
- -a [load addess]
- Set load address with a hex number.
- -e [entry point]
- Set entry point with a hex number.
- -l
- List the contents of an image.
- -n [image name]
- Set image name to 'image name'.
- -d [image data file]
- Use image data from 'image data file'.
- -x
- Set XIP (execute in place) flag.
Create FIT image:
- -c [comment]
- Specifies a comment to be added when signing. This is typically a useful
message which describes how the image was signed or some other useful
information.
- -D [dtc options]
- Provide special options to the device tree compiler that is used to create
the image.
- -f [image tree source file]
- Image tree source file that describes the structure and contents of the
FIT image.
- -F
- Indicates that an existing FIT image should be modified. No dtc
compilation is performed and the -f flag should not be given. This can be
used to sign images with additional keys after initial image creation.
- -k [key_directory]
- Specifies the directory containing keys to use for signing. This directory
should contain a private key file <name>.key for use with signing
and a certificate <name>.crt (containing the public key) for use
with verification.
- -K [key_destination]
- Specifies a compiled device tree binary file (typically .dtb) to write
public key information into. When a private key is used to sign an image,
the corresponding public key is written into this file for for run-time
verification. Typically the file here is the device tree binary used by
CONFIG_OF_CONTROL in U-Boot.
- -r
- Specifies that keys used to sign the FIT are required. This means that
they must be verified for the image to boot. Without this option, the
verification will be optional (useful for testing but not for release).
EXAMPLES¶
List image information:
mkimage -l uImage
Create legacy image with compressed PowerPC Linux kernel:
mkimage -A powerpc -O linux -T kernel -C gzip \
-a 0 -e 0 -n Linux -d vmlinux.gz uImage
Create FIT image with compressed PowerPC Linux kernel:
mkimage -f kernel.its kernel.itb
Create FIT image with compressed kernel and sign it with keys in the
/public/signing-keys directory. Add corresponding public keys into u-boot.dtb,
skipping those for which keys cannot be found. Also add a comment.
mkimage -f kernel.its -k /public/signing-keys -K u-boot.dtb \
-c "Kernel 3.8 image for production devices" kernel.itb
Update an existing FIT image, signing it with additional keys. Add corresponding
public keys into u-boot.dtb. This will resign all images with keys that are
available in the new directory. Images that request signing with unavailable
keys are skipped.
mkimage -F -k /secret/signing-keys -K u-boot.dtb \
-c "Kernel 3.8 image for production devices" kernel.itb
HOMEPAGE¶
http://www.denx.de/wiki/U-Boot/WebHome
AUTHOR¶
This manual page was written by Nobuhiro Iwamatsu <iwamatsu@nigauri.org>
and Wolfgang Denk <wd@denx.de>. It was updated for image signing by
Simon Glass <sjg@chromium.org>.