mkimage

Overview

U-Boot expects all bootable files (kernel, device tree blobs, initramfs, scripts, etc.) to have a specific image format called U-Boot Image Format (uImage format). mkimage generates this format.

Signing images

Generate signed image

build/uboot/tools/mkimage -k config/keys/secureboot -f boot.its boot.img

Dump information

dumpimage -l boot-temp.img

Resign the image

build/uboot/tools/mkimage -F -k config/keys/secureboot boot.img

Directory Structure Expected by `-k`

/path/to/keys/
├── dev.key        <-- Private key (used by mkimage)
├── dev.crt        <-- X.509 certificate (optional)
├── dev.pub        <-- Public key (for embedding in U-Boot, or image)

The filename prefix (dev) maps to the key-name in the .its file.

Example

./mkimage -E -p 0x800 -k $(PLATFORM_BOARD_SECUREBOOT_PATH)/keys/ -f uboot.its $(UBOOT_USB_IMAGE_NAME)

-E => place data outside of the FIT structure
-p => place external data at a static position
-k => set directory containing private keys
-f => input filename for FIT source

References

U-Boot documentation: https://docs.u-boot.org

Overview#

Signing images#

Directory Structure Expected by -k#

Example#

References#

Overview

Signing images

Directory Structure Expected by `-k`

Example

References