diff --git a/airoha/image/iopsys-image-common.mk b/airoha/image/iopsys-image-common.mk
index 3d731cad4ddfe70afa3a41e7b075d9eff54daa35..00a610f77f63f821b0cb93aa11706b5568364f77 100644
--- a/airoha/image/iopsys-image-common.mk
+++ b/airoha/image/iopsys-image-common.mk
@@ -293,6 +293,15 @@ define Build/append_emmc_production_image
 	$(call Build/pad-to,1K)
 	mv $@ $@.sysupgrade.itb
 	mv $@.bak $@
+# generate fit image with atf blobs to put inside production image (must fit in 2M)
+	touch $@.its
+	mv $@.its $@.its.bak
+	$(Build/prepare-atf-blobs)
+	echo '/dts-v1/;' > $@.its
+	$(call airoha-aarch64-atf-blobs-its, description = "ATF-2.10 BL31/BL32 images";)
+	mv $@.its $@.boot1.its
+	PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage -E -B 0x1000 -r -f $@.boot1.its $@.boot1.fit
+	mv $@.its.bak $@.its
 # create GPT image with env1, env2, sysupgrade partitions
 #  * GPT image size will be calculated automatically (-d 0)
 #  * put Primary GPT entry table at 512K offset (-e 512K)
@@ -301,7 +310,7 @@ define Build/append_emmc_production_image
 #  * env2 partition will start at 2560K offset (just after env1)
 #  * sysupgrade partition will start at 3M offset (just after env2).
 #    ptgen uses sizes in KB, so divide sysupgrade image size to 1024
-	ptgen -o $@.img -g -d 0 -e 512K -a 100 -N env1 -p 512K@2M -N env2 -p 512K -N sysupgrade -p "$$(( $$(stat --format=%s $@.sysupgrade.itb) / 1024 ))K"
+	ptgen -o $@.img -g -d 0 -e 512K -a 100 -N env1 -p 512K@2M -N env2 -p 512K -N boot1 -p 2M -N sysupgrade -p "$$(( $$(stat --format=%s $@.sysupgrade.itb) / 1024 ))K"
 # write bootloader with 2K offset to GPT image (after PMBR and PGPT header, but before Primary GPT entry table)
 	dd bs=2K seek=1 conv=notrunc of=$@.img if=$(STAGING_DIR_IMAGE)/$(UBOOT_TARGET)-$(DEVICE_NAME)-u-boot-emmc.fip
 # generate 1-st environment (-s 0)
@@ -324,8 +333,10 @@ define Build/append_emmc_production_image
 		-O "mmc dev 0 && part size mmc 0 sysupgrade __size && read mmc "0#sysupgrade" \$${loadaddr} 0 \$${__size} && env delete __size && source \$${loadaddr}:u-boot-script && run __script_emmc_write_production && env set once true && env save"
 # write 2-nd environment with 2560K offset (env2 partition) to GPT image
 	dd bs=2560K seek=1 conv=notrunc of=$@.img if=$@.env2
-# write sysupgrade image with 3M offset (sysupgrade partition) to GPT image
-	dd bs=3M seek=1 conv=notrunc of=$@.img if=$@.sysupgrade.itb
+# write atf blob image with 3M offset (boot1 partition) to GPT image
+	dd bs=3M seek=1 conv=notrunc of=$@.img if=$@.boot1.fit
+# write sysupgrade image with 5M offset (sysupgrade partition) to GPT image
+	dd bs=5M seek=1 conv=notrunc of=$@.img if=$@.sysupgrade.itb
 # add GPT image to the current target file
 	cat $@.img >> $@
 # remove temporary files