[PATCH v2 1/2] mkimage: Document misc options

Sean Anderson sean.anderson at seco.com
Fri Apr 29 01:04:38 CEST 2022


Over the years, several options have not made it into the help message.
Document them. Do the same for the man page.

Signed-off-by: Sean Anderson <sean.anderson at seco.com>
---

Changes in v2:
- Document secondary image types
- Move -G directly after -k
- Reword documentation for -s

 doc/mkimage.1   | 60 ++++++++++++++++++++++++++++++++++++++++++++++++-
 tools/mkimage.c | 15 +++++++++----
 2 files changed, 70 insertions(+), 5 deletions(-)

diff --git a/doc/mkimage.1 b/doc/mkimage.1
index 287006279f..10ac31a8fc 100644
--- a/doc/mkimage.1
+++ b/doc/mkimage.1
@@ -53,6 +53,10 @@ Parse image file as type.
 Pass \-h as the image to see the list of supported image type.
 Without this option image type is autodetected.
 
+.TP
+.BI "\-q"
+Quiet. Don't print the image header on successful verification.
+
 .P
 .B Create old legacy image:
 
@@ -91,6 +95,35 @@ List the contents of an image.
 .BI "\-n [" "image name" "]"
 Set image name to 'image name'.
 
+.TP
+.BI "\-R [" "secondary image name" "]"
+Some image types support a second image for additional data. For these types,
+use \-R to specify this second image.
+.TS
+allbox;
+lb lbx
+l l.
+Image Type	Secondary Image Description
+pblimage	Additional RCW-style header, typically used for PBI commands.
+zynqimage, zynqmpimage	T{
+Initialization parameters, one per line. Each parameter has the form
+.sp
+.ti 4
+.I address data
+.sp
+where
+.I address
+and
+.I data
+are hexadecimal integers. The boot ROM will write each
+.I data
+to
+.I address
+when loading the image. At most 256 parameters may be specified in this
+manner.
+T}
+.TE
+
 .TP
 .BI "\-d [" "image data file" "]"
 Use image data from 'image data file'.
@@ -99,6 +132,15 @@ Use image data from 'image data file'.
 .BI "\-x"
 Set XIP (execute in place) flag.
 
+.TP
+.BI "\-s"
+Don't copy in the image data. Depending on the image type, this may create
+just the header, everything but the image data, or nothing at all.
+
+.TP
+.BI "\-v"
+Verbose. Print file names as they are added to the image.
+
 .P
 .B Create FIT image:
 
@@ -126,6 +168,11 @@ in each image will be replaced with 'data-offset' and 'data-size' properties.
 A 'data-offset' of 0 indicates that it starts in the first (4-byte aligned)
 byte after the FIT.
 
+.TP
+.BI "\-B [" "alignment" "]"
+The alignment, in hexadecimal, that external data will be aligned to. This
+option only has an effect when \-E is specified.
+
 .TP
 .BI "\-f [" "image tree source file" " | " "auto" "]"
 Image tree source file that describes the structure and contents of the
@@ -153,6 +200,11 @@ Specifies the directory containing keys to use for signing. This directory
 should contain a private key file <name>.key for use with signing and a
 certificate <name>.crt (containing the public key) for use with verification.
 
+.TP
+.BI "\-G [" "key_file" "]"
+Specifies the private key file to use when signing. This option may be used
+instead of \-k.
+
 .TP
 .BI "\-K [" "key_destination" "]"
 Specifies a compiled device tree binary file (typically .dtb) to write
@@ -173,11 +225,17 @@ a 'data-offset' property defining the offset from the end of the FIT, \-p will
 use 'data-position' as the absolute position from the base of the FIT.
 
 .TP
-.BI "\-r
+.BI "\-r"
 Specifies that keys used to sign the FIT are required. This means that they
 must be verified for the image to boot. Without this option, the verification
 will be optional (useful for testing but not for release).
 
+.TP
+.BI "\-N [" "engine" "]"
+The openssl engine to use when signing and verifying the image. For a complete list of
+available engines, refer to
+.BR engine (1).
+
 .TP
 .BI "\-t
 Update the timestamp in the FIT.
diff --git a/tools/mkimage.c b/tools/mkimage.c
index be58e56546..5c6a60e851 100644
--- a/tools/mkimage.c
+++ b/tools/mkimage.c
@@ -84,7 +84,8 @@ static void usage(const char *msg)
 	fprintf(stderr, "Error: %s\n", msg);
 	fprintf(stderr, "Usage: %s [-T type] -l image\n"
 			 "          -l ==> list image header information\n"
-			 "          -T ==> parse image file as 'type'\n",
+			 "          -T ==> parse image file as 'type'\n"
+			 "          -q ==> quiet\n",
 		params.cmdname);
 	fprintf(stderr,
 		"       %s [-x] -A arch -O os -T type -C comp -a addr -e ep -n name -d data_file[:data_file...] image\n"
@@ -95,8 +96,11 @@ static void usage(const char *msg)
 		"          -a ==> set load address to 'addr' (hex)\n"
 		"          -e ==> set entry point to 'ep' (hex)\n"
 		"          -n ==> set image name to 'name'\n"
+		"          -R ==> set second image name to 'name'\n"
 		"          -d ==> use image data from 'datafile'\n"
-		"          -x ==> set XIP (execute in place)\n",
+		"          -x ==> set XIP (execute in place)\n"
+		"          -s ==> create an image with no data\n"
+		"          -v ==> verbose\n",
 		params.cmdname);
 	fprintf(stderr,
 		"       %s [-D dtc_options] [-f fit-image.its|-f auto|-F] [-b <dtb> [-b <dtb>]] [-E] [-B size] [-i <ramdisk.cpio.gz>] fit-image\n"
@@ -107,7 +111,9 @@ static void usage(const char *msg)
 		"          -f => input filename for FIT source\n"
 		"          -i => input filename for ramdisk file\n"
 		"          -E => place data outside of the FIT structure\n"
-		"          -B => align size in hex for FIT structure and header\n");
+		"          -B => align size in hex for FIT structure and header\n"
+		"          -b => append the device tree binary to the FIT\n"
+		"          -t => update the timestamp in the FIT\n");
 #ifdef CONFIG_FIT_SIGNATURE
 	fprintf(stderr,
 		"Signing / verified boot options: [-k keydir] [-K dtb] [ -c <comment>] [-p addr] [-r] [-N engine]\n"
@@ -118,7 +124,8 @@ static void usage(const char *msg)
 		"          -F => re-sign existing FIT image\n"
 		"          -p => place external data at a static position\n"
 		"          -r => mark keys used as 'required' in dtb\n"
-		"          -N => openssl engine to use for signing\n");
+		"          -N => openssl engine to use for signing\n"
+		"          -o => algorithm to use for signing\n");
 #else
 	fprintf(stderr,
 		"Signing / verified boot not supported (CONFIG_FIT_SIGNATURE undefined)\n");
-- 
2.35.1.1320.gc452695387.dirty



More information about the U-Boot mailing list