------ AHAB ------ AHAB (Advanced High Assurance Boot) is a container format supported on some devices. A configuration file in YAML or JSON is used to instruct nxpimage how the output should look like. Example of use for export ``nxpimage ahab export -c "path\to\config\file.yaml"`` Example of use for parse binary AHAB container ``nxpimage ahab parse -b "my_ahab_container.bin" -o "path\to_parsed_data"`` The full AHAB configuration template could be generated by nxpimage tool "get_template" sub-command for family that supports AHAB, example: ``nxpimage ahab get-template -f rt118x -o ahab_template_rt118x.yaml`` Generating Multiple Bootable Image Templates ============================================= For families that support IMX bootloaders (like i.MX 8/9 series), you can generate multiple template configurations using the ``get-templates`` command: ``nxpimage bootable-image get-templates -f -o `` This command generates: - Standard templates for all memory types - Extra templates with simplified naming (e.g., ``spl`` for primary image, ``uboot`` for secondary image) - Board-specific template variants in sub-folders To generate a specific template type: ``nxpimage bootable-image get-templates -f -o --template imx_boot_flash_all`` To generate templates for a specific board: ``nxpimage bootable-image get-templates -f -o --board imx95-19x19-lpddr5-evk`` Use ``nxpimage bootable-image list-boards -f `` to see available boards. AHAB Extensions ================ Since SPSDK version 2.2.0, support for AHAB extensions have been added. This allows the user to create the standard images like U-Boot for example in the similar manner as with the imx-mkimage tool, without knowing the details of the AHAB format. AHAB Sign ========== Since SPSDK version 2.3.0 it is possible to sign and encrypt existing image or image container set, without parsing. It parses the input image, loads the configuration file and iterates over the segments in the image. If the segment is AHAB image, it iterates over all the containers and if the container is not NXP signed, it signs them with the key (signature provider) provided in the configuration. If the blob is specified, it also iterates over all images in the container and encrypt them. Then signed (encrypted) image is saved to the path provided. Template for signing might be generated using the get-template command with --sign/-s flag: ``nxpimage ahab get-template -f -o sign_template.yaml --sign`` Example of use for sign and encrypt AHAB container ``nxpimage -v ahab sign -c "path\to\config\file.yaml" -c "ahab_image_to_be_signed.bin" -o "path\to_signed_image"`` AHAB Re-sign ============ It is possible to re-sign an existing AHAB container without modifying other parts of the image. This is useful when you need to update the signature of a specific container without rebuilding the entire image. The re-sign command allows you to specify a private key or signature provider configuration to sign a specific container in the AHAB image. Example of use for re-signing a container in an AHAB image: ``nxpimage ahab re-sign -f -b "ahab_image.bin" -k "path/to/private_key.pem" -i `` For bootable images that contain FCB or XMCD segments, you need to specify the memory type: ``nxpimage ahab re-sign -f -b "bootable_image.bin" -k "path/to/private_key.pem" -i -m `` AHAB Update Keyblob =================== It is possible to update the encryption keyblob in an existing AHAB container. This is useful when you need to update the encryption keys without rebuilding the entire image. The update-keyblob command allows you to replace the keyblob in a specific container of an AHAB image with a new one. Example of use for updating a keyblob in an AHAB image: ``nxpimage ahab update-keyblob -f -b "ahab_image.bin" -k "path/to/new_keyblob.bin" -i `` For bootable images that contain FCB or XMCD segments, you need to specify the memory type: ``nxpimage ahab update-keyblob -f -b "bootable_image.bin" -k "path/to/new_keyblob.bin" -i -m `` Supported configuration options ================================ .. include:: ../_prebuild/ahab_schemas.inc :parser: myst_parser.sphinx_