summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorSimon Glass <sjg@chromium.org>2013-06-13 15:10:05 -0700
committerTom Rini <trini@ti.com>2013-06-26 10:18:56 -0400
commit95d77b4479f9d07aea114fd4253cd665bb48ea10 (patch)
tree4aa9f969fc0f104956fb29a6f5993d3026e39843 /doc
parente29495d37f7c0533d365004ca475218250351c93 (diff)
mkimage: Add -F option to modify an existing .fit file
When signing images it is sometimes necessary to sign with different keys at different times, or make the signer entirely separate from the FIT creation to avoid needing the private keys to be publicly available in the system. Add a -F option so that key signing can be a separate step, and possibly done multiple times as different keys are avaiable. Signed-off-by: Simon Glass <sjg@chromium.org> Reviewed-by: Marek Vasut <marex@denx.de>
Diffstat (limited to 'doc')
-rw-r--r--doc/mkimage.120
1 files changed, 20 insertions, 0 deletions
diff --git a/doc/mkimage.1 b/doc/mkimage.1
index 8185ff5647e..f9c733a5e62 100644
--- a/doc/mkimage.1
+++ b/doc/mkimage.1
@@ -10,6 +10,9 @@ mkimage \- Generate image for U-Boot
.RB [\fIoptions\fP] " \-f [" "image tree source file" "]" " [" "uimage file name" "]"
.B mkimage
+.RB [\fIoptions\fP] " \-F [" "uimage file name" "]"
+
+.B mkimage
.RB [\fIoptions\fP] " (legacy mode)"
.SH "DESCRIPTION"
@@ -104,6 +107,13 @@ Image tree source file that describes the structure and contents of the
FIT image.
.TP
+.BI "\-F"
+Indicates that an existing FIT image should be modified. No dtc
+compilation is performed and the -f flag should not be given.
+This can be used to sign images with additional keys after initial image
+creation.
+
+.TP
.BI "\-k [" "key_directory" "]"
Specifies the directory containing keys to use for signing. This directory
should contain a private key file <name>.key for use with signing and a
@@ -144,6 +154,16 @@ skipping those for which keys cannot be found. Also add a comment.
-c "Kernel 3.8 image for production devices" kernel.itb
.fi
+.P
+Update an existing FIT image, signing it with additional keys.
+Add corresponding public keys into u-boot.dtb. This will resign all images
+with keys that are available in the new directory. Images that request signing
+with unavailable keys are skipped.
+.nf
+.B mkimage -F -k /secret/signing-keys -K u-boot.dtb \\\\
+-c "Kernel 3.8 image for production devices" kernel.itb
+.fi
+
.SH HOMEPAGE
http://www.denx.de/wiki/U-Boot/WebHome
.PP