diff --git a/targets/stm32l442/Makefile b/targets/stm32l442/Makefile
index f65e709..23accff 100644
--- a/targets/stm32l442/Makefile
+++ b/targets/stm32l442/Makefile
@@ -2,6 +2,8 @@ ifndef DEBUG
 DEBUG=0
 endif
 
+merge_hex=python ../../tools/solotool.py mergehex
+
 all:
 	$(MAKE) -f application.mk -j8 solo.hex DEBUG=$(DEBUG) EXTRA_DEFINES='-DFLASH_ROP=1'
 
@@ -30,17 +32,17 @@ clean:
 	$(MAKE) -f bootloader.mk clean
 
 flash: solo.hex bootloader.hex
-	python merge_hex.py solo.hex bootloader.hex all.hex
+	$(merge_hex) solo.hex bootloader.hex all.hex
 	STM32_Programmer_CLI -c port=SWD -halt -e all --readunprotect
 	STM32_Programmer_CLI -c port=SWD -halt  -d all.hex -rst
 
 flash_dfu: solo.hex bootloader.hex
-	python merge_hex.py solo.hex bootloader.hex all.hex
+	$(merge_hex) solo.hex bootloader.hex all.hex
 	# STM32_Programmer_CLI -c port=usb1 -halt -e all --readunprotect
 	STM32_Programmer_CLI -c port=usb1 -halt -rdu  -d all.hex
 
 flashboot: solo.hex bootloader.hex
-	python merge_hex.py solo.hex bootloader.hex all.hex
+	$(merge_hex) solo.hex bootloader.hex all.hex
 	STM32_Programmer_CLI -c port=SWD -halt -e all --readunprotect
 	STM32_Programmer_CLI -c port=SWD -halt  -d bootloader.hex -rst
 
diff --git a/targets/stm32l442/merge_hex.py b/targets/stm32l442/merge_hex.py
deleted file mode 100644
index 397a72b..0000000
--- a/targets/stm32l442/merge_hex.py
+++ /dev/null
@@ -1,88 +0,0 @@
-#
-# Copyright (C) 2018 SoloKeys, Inc. <https://solokeys.com/>
-#
-# This file is part of Solo.
-#
-# Solo is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-#
-# Solo is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with Solo.  If not, see <https://www.gnu.org/licenses/>
-#
-# This code is available under licenses for commercial use.
-# Please contact SoloKeys for more information.
-#
-
-# Merges bootloader and application into 1 file for ST Solo
-#
-# Patches settings in flash so bootloader will boot application.
-
-from intelhex import IntelHex
-import sys
-from binascii import unhexlify
-
-if len(sys.argv) < 3:
-    print('usage: %s <file1.hex> <file2.hex> [...] [-s <secret_attestation_key>] <output.hex>')
-    sys.exit(1)
-
-def flash_addr(num):
-    return 0x08000000 + num * 2048
-
-args = sys.argv[:]
-
-# generic / hacker attestation key
-secret_attestation_key = "1b2626ecc8f69b0f69e34fb236d76466ba12ac16c3ab5750ba064e8b90e02448"
-
-# user supplied, optional
-for i,x in enumerate(args):
-    if x == '-s':
-        secret_attestation_key = args[i+1]
-        args = args[:i] + args[i+2:]
-        break
-
-
-# TODO put definitions somewhere else
-PAGES = 128
-APPLICATION_END_PAGE = PAGES - 19
-AUTH_WORD_ADDR       = (flash_addr(APPLICATION_END_PAGE)-8)
-ATTEST_ADDR          = (flash_addr(PAGES - 15))
-
-first = IntelHex(args[1])
-for i in range(2, len(args)-1):
-    print('merging %s with ' % (args[1]), args[i])
-    first.merge(IntelHex( args[i] ), overlap = 'replace')
-
-first [ flash_addr(APPLICATION_END_PAGE-1) ] = 0x41
-first [ flash_addr(APPLICATION_END_PAGE-1)+1 ] = 0x41
-
-first[AUTH_WORD_ADDR-4]   = 0
-first[AUTH_WORD_ADDR-1] = 0
-first[AUTH_WORD_ADDR-2] = 0
-first[AUTH_WORD_ADDR-3] = 0
-
-first[AUTH_WORD_ADDR]   = 0
-first[AUTH_WORD_ADDR+1] = 0
-first[AUTH_WORD_ADDR+2] = 0
-first[AUTH_WORD_ADDR+3] = 0
-
-first[AUTH_WORD_ADDR+4] = 0xff
-first[AUTH_WORD_ADDR+5] = 0xff
-first[AUTH_WORD_ADDR+6] = 0xff
-first[AUTH_WORD_ADDR+7] = 0xff
-
-
-if secret_attestation_key is not None:
-    key = unhexlify(secret_attestation_key)
-
-
-    for i,x in enumerate(key):
-        first[ATTEST_ADDR + i] = x
-
-first.tofile(args[len(args)-1], format='hex')
diff --git a/tools/solotool.py b/tools/solotool.py
index 3a579eb..f02cac7 100644
--- a/tools/solotool.py
+++ b/tools/solotool.py
@@ -26,7 +26,7 @@
 import sys,os,time,struct,argparse
 import array,struct,socket,json,base64,binascii
 import tempfile
-from binascii import hexlify
+from binascii import hexlify,unhexlify
 from hashlib import sha256
 
 from fido2.hid import CtapHidDevice, CTAPHID
@@ -803,12 +803,73 @@ def programmer_main():
     else:
         p.program_file(fw)
 
+
+def main_mergehex():
+    if len(sys.argv) < 3:
+        print('usage: %s <file1.hex> <file2.hex> [...] [-s <secret_attestation_key>] <output.hex>')
+        sys.exit(1)
+
+    def flash_addr(num):
+        return 0x08000000 + num * 2048
+
+    args = sys.argv[:]
+
+    # generic / hacker attestation key
+    secret_attestation_key = "1b2626ecc8f69b0f69e34fb236d76466ba12ac16c3ab5750ba064e8b90e02448"
+
+    # user supplied, optional
+    for i,x in enumerate(args):
+        if x == '-s':
+            secret_attestation_key = args[i+1]
+            args = args[:i] + args[i+2:]
+            break
+
+
+    # TODO put definitions somewhere else
+    PAGES = 128
+    APPLICATION_END_PAGE = PAGES - 19
+    AUTH_WORD_ADDR       = (flash_addr(APPLICATION_END_PAGE)-8)
+    ATTEST_ADDR          = (flash_addr(PAGES - 15))
+
+    first = IntelHex(args[1])
+    for i in range(2, len(args)-1):
+        print('merging %s with ' % (args[1]), args[i])
+        first.merge(IntelHex( args[i] ), overlap = 'replace')
+
+    first [ flash_addr(APPLICATION_END_PAGE-1) ] = 0x41
+    first [ flash_addr(APPLICATION_END_PAGE-1)+1 ] = 0x41
+
+    first[AUTH_WORD_ADDR-4]   = 0
+    first[AUTH_WORD_ADDR-1] = 0
+    first[AUTH_WORD_ADDR-2] = 0
+    first[AUTH_WORD_ADDR-3] = 0
+
+    first[AUTH_WORD_ADDR]   = 0
+    first[AUTH_WORD_ADDR+1] = 0
+    first[AUTH_WORD_ADDR+2] = 0
+    first[AUTH_WORD_ADDR+3] = 0
+
+    first[AUTH_WORD_ADDR+4] = 0xff
+    first[AUTH_WORD_ADDR+5] = 0xff
+    first[AUTH_WORD_ADDR+6] = 0xff
+    first[AUTH_WORD_ADDR+7] = 0xff
+
+
+    if secret_attestation_key is not None:
+        key = unhexlify(secret_attestation_key)
+
+
+        for i,x in enumerate(key):
+            first[ATTEST_ADDR + i] = x
+
+    first.tofile(args[len(args)-1], format='hex')
+
 if __name__ == '__main__':
 
     if len(sys.argv) < 2 or (len(sys.argv) == 2 and asked_for_help()):
         print('Diverse command line tool for working with Solo')
         print('usage: %s <command> [options] [-h]' % sys.argv[0])
-        print('commands: program, solo, monitor, sign, genkey')
+        print('commands: program, solo, monitor, sign, genkey, mergehex')
         print(
 """
 Examples:
@@ -820,6 +881,7 @@ Examples:
     {0} monitor <serial-port>
     {0} sign <key.pem> <firmware.hex> <output.json>
     {0} genkey <output-pem-file> [rng-seed-file]
+    {0} mergehex bootloader.hex solo.hex combined.hex
 """.format(sys.argv[0]))
         sys.exit(1)
 
@@ -838,5 +900,7 @@ Examples:
         sign_main()
     elif c == 'genkey':
         genkey_main()
+    elif c == 'mergehex':
+        main_mergehex()
     else:
         print('invalid command: %s' % c)