scripts: imgtool: Add script to combine multiple image as single

Michael Eskowitz · ozersa · commit 3011760996d0 · 2025-10-24T18:03:01.000+03:00
MCUBoot multi image support mode requires each image be procedded individually that requires multiple signature check during boot. If there be 4 imageis it requires 4 times signature validatation. This feature increase boot time. Depend on the project requirement long boot time may not be accepted. To provide a solution for this case we propose to - Generate each image as regular mcuboot format - Concatanate them and re generate a main mcuboot image. As below ------------------------- | Header | ------------------------- | Image-1 | | (Header+Data+Footer) | ------------------------- | Image-2 | | (Header+Data+Footer) | ------------------------- | ..... | ------------------------- | Footer | ------------------------- During boot time if top level image be validated sub image can be just copied to the target location without to recheck them. There will be two commit to implement this feature 1- Add a script that combine images 2- Update mcuboot source code to process subimages This commit is for #1, it adds a script which called as combine_images.py. Any imgtool parameters can be passed to the script It will directly pass them to the imgtool. Usage: python combine_images.py --config combine_images.yaml --imgtool imgtool --output <outfolder> combine_images.yaml file is added as reference file it need to be updated as per of the project need. Signed-off-by: Sadik Ozer <sadik.ozer@analog.com> Signed-off-by: Michael Eskowitz <Michael.Eskowitz@analog.com>
diff --git a/docs/combine_images.md b/docs/combine_images.md
@@ -0,0 +1,58 @@
+# [combine_images Extensions to MCUboot for Multi-Core SoC Image Distribution](#combine_images_for_multi-core_SoC_image_distribution)
+
+In multi-core system-on-chip based platforms, each processor core typically runs separate firmware 
+as every core may have distinct responsibilities. Packaging and distributing firmware images for
+these systems presents a challenge as multiple independent images must be bundled, versioned, and
+delivered as a single update while preserving the ability to secure and authenticate each image. The
+combine_images extensions to MCUboot allow for the bundling and distribution of multiple images
+together as an MCUboot AppPack.
+
+# [AppPack Structure](#apppack_structure)
+
+The purpose of this method to handle multiple images in a single image pack is to decrease the number
+of signature checks required during bootup. An example AppPack layout is shown in the image below.
+This example contains the standard MCUboot header and trailer surrounding a number of images. Each
+of the enclosed images may itself be an AppPack. 
+
+![AppPack Structure](./images/AppPack.png)
+
+# [AppPack Generation](#apppack_generation)
+
+## [combine_images.py](#combine_images.py)
+
+In order to generate an AppPack you will need to call the combine_images.py script.
+
+    Usage: python combine_images.py --config [yaml file] --imgtool [path to imgtool] --output [output directory]
+
+    Options:
+      --config [yaml file]            yaml file specifying content of the AppPack to 
+                                      be generated.  The yaml file will specify input
+                                      binaries, output file names and the path to any 
+                                      signing keys.
+      --imgtool [path to imgtool]     Path to ImgTool which can be either a python file
+                                      or binary.  The provided ImgTool is called to 
+                                      package binaries and create an AppPack structure
+                                      defined according to the specified yaml file.
+      --output [output directory]     Path to an directory which will be used to store
+                                      any intermediary file products and the final
+                                      AppPack itself.
+
+## [combine_images.yaml](#combine_images.yaml)
+
+The combine_images.py script requires a yaml config file to define the layout of the desired AppPack.
+The structure of the yaml file is shown below.  In this example there is a top level AppPack which 
+may or may not contain an inputfile.  The top level AppPack may also contain some number of nested
+AppPacks which can contain additional AppPacks itself.
+
+    [AppPack Name]_pack:
+      # Optional: top-level infline can be omitted if not needed
+      infile: [filename]
+
+      # Required
+      outfile: [filename]
+      params: [imgtool parameter string]
+
+      [Nested AppPack Name]_pack:
+        infile: [filename]
+        outfile: [filename]
+        params: [imgtool parameter string]
diff --git a/docs/images/AppPack.png b/docs/images/AppPack.png
diff --git a/docs/index.md b/docs/index.md
@@ -40,6 +40,7 @@ The MCUboot documentation is composed of the following pages:
 - [Bootloader design](design.md)
 - [Encrypted images](encrypted_images.md)
 - [imgtool](imgtool.md) - image signing and key management
+- [Combine Images](combine_images.md) - Combine images feature
 - [ECDSA](ecdsa.md) - information about ECDSA signature formats
 - [Serial Recovery](serial_recovery.md) - MCUmgr as the serial recovery protocol
 - Usage instructions:
diff --git a/scripts/combine_images.py b/scripts/combine_images.py
@@ -0,0 +1,137 @@
+#! /usr/bin/env python3
+#
+# Copyright (C) 2025 Analog Devices, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import argparse
+import os
+import pathlib
+import subprocess
+import sys
+
+import yaml
+import shutil
+
+
+def main():
+    global img_tool
+    global output_dir
+    global config_path
+
+    parser = argparse.ArgumentParser(description="Create application package", allow_abbrev=False)
+    parser.add_argument('--config', help="The path to config yaml file", required=True)
+    parser.add_argument('--imgtool', help="The path to ImgTool", required=True)
+    parser.add_argument('--output', help="Output directory", required=True)
+
+    args = parser.parse_args()
+
+    if not os.path.isfile(args.config):
+        print(f"Error: The config file '{args.config}' does not exist")
+        return
+
+    config_path = os.path.dirname(os.path.abspath(args.config))
+    print(f"config_path: {config_path}")
+
+    with open(args.config) as config_file:
+        config = yaml.safe_load(config_file)
+
+    img_tool = args.imgtool
+    if img_tool.endswith('.py'):
+        if not os.path.exists(img_tool): # Is python file exist?
+            print(f"Error: The '{img_tool}' not found")
+            return
+    else:
+        if not shutil.which(img_tool): # Is binary file exist?
+            print(f"Error: The '{img_tool}' not found in the path")
+            return
+
+
+    output_dir = args.output
+    os.makedirs(output_dir, exist_ok=True)
+
+    parse_app_pack(config, None)
+
+    print(f"\nCreated {package_name}")
+
+
+def verify_file_exists(filename):
+    filepath = pathlib.Path(filename)
+
+    if not filepath.exists():
+        print("ERROR: File " + filename + " not found")
+        sys.exit(1)
+
+
+def parse_app_pack(app_pack, name):
+    params = None
+    image = []
+    global package_name
+
+    for key in app_pack:
+        if key.endswith("_pack"):
+            imagename = parse_app_pack(app_pack[key], name)
+            image += [imagename]
+        if key.lower() == "params":
+            params = app_pack[key]
+        if key.lower() == "infile":
+            if app_pack[key] != "":
+                image_path = os.path.join(config_path, app_pack[key])
+                verify_file_exists(image_path)
+                image += [image_path]
+        if key.lower() == "outfile":
+            name = app_pack[key]
+
+    # Exit if params or image are not specified
+    if (params is None) or (image is None):
+        return None
+
+    cmd = []
+    if img_tool.endswith('.py'):
+        cmd += [sys.executable]
+    
+    cmd += [img_tool]
+    cmd += ["sign"]
+    cmd += params.split()
+
+    # Combine images for parent package (top level package)
+    if len(image) > 1:
+        combined_images = os.path.join(output_dir, "combined.bin")
+
+        with open(combined_images, 'wb') as outfile:
+            for fname in image:
+                with open(fname, 'rb') as infile:
+                    outfile.write(infile.read())
+                    infile.close()
+            outfile.close()
+
+        image_input = combined_images
+    else:
+        image_input = image[0]
+
+    image_output = os.path.join(output_dir, name)
+
+    cmd += [image_input]
+    cmd += [image_output]
+
+    print(f'Calling imgtool to generate file {image_output}')
+    package_name = image_output
+    subprocess.run(cmd)
+
+    return image_output
+
+
+if __name__ == "__main__":
+    main()
diff --git a/scripts/combine_images.yaml b/scripts/combine_images.yaml
@@ -0,0 +1,36 @@
+#
+# Copyright (C) 2025 Analog Devices, Inc.
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+img0_pack:
+    outfile: combined_signed.bin
+    params: "--key ../root-rsa-2048.pem --header-size 0x20 --align 4 --load-addr 0x20080000 --pad-header --version 1.0.0 --slot-size 0x100000"
+
+    img1_pack:
+        infile: img1.bin
+        outfile: img1_signed.bin
+        params: "--key ../root-rsa-2048.pem --header-size 0x20 --align 4 --load-addr 0x20010000 --pad-header --version 1.0.0 --slot-size 0x10000"
+
+    img2_pack:
+        infile: img2.bin
+        outfile: img2_signed.bin
+        params: "--key ../root-rsa-2048.pem --header-size 0x20 --align 4 --load-addr 0x20020000 --pad-header --version 1.0.0 --slot-size 0x10000"
+
+    img3_pack:
+        infile: img3.bin
+        outfile: img3_signed.bin
+        params: "--key ../root-rsa-2048.pem --header-size 0x20 --align 4 --load-addr 0x20030000 --pad-header --version 1.0.0 --slot-size 0x10000" 
