# 生成已签名的 sec.elf 镜像

Source: [https://docs.qualcomm.com/doc/80-70015-11SC/topic/generate-signed-sec-elf-image.html](https://docs.qualcomm.com/doc/80-70015-11SC/topic/generate-signed-sec-elf-image.html)

此信息仅提供示例命令。要生成熔丝熔断器二进制文件，参见 [SecTools V2: Fuse Blower User Guide](https://docs.qualcomm.com/bundle/80-NM248-9/resource/80-NM248-9_REV_AB_SecTools_V2__Fuse_Blower_User_Guide.pdf)。

以下是 Windows 上 Sectools 的示例命令：

Note: 您可以根据需要替换以**粗体**突出显示的值。

- 阶段 1：基本安全启动（镜像鉴权 + OEMID + MODEL ID）
    运行以下命令：

        <meta>/common/sectoolsv2/ext/<platform>/sectools.exe fuse-blower --security-profileCopy to clipboard

        <meta>/common/sectoolsv2/<chipset>_security_profile.xml --fuse-pk-hash-0=0xf953644308944bb811ca0ec2a736a17fe38509941ce7f55860130857813c8378e93359b70dfd874c270dca08a53bd99f --fuse-oem-secure-boot1-pk-hash-in-fuse --fuse-oem-secure-boot1-auth-en --fuse-oem-secure-boot2-pk-hash-in-fuse --fuse-oem-secure-boot2-auth-en --fuse-oem-secure-boot3-pk-hash-in-fuse --fuse-oem-secure-boot3-auth-en --fuse-oem-hw-id=0x0001 --fuse-oem-product-id=0xabcd --generate --sign --signing-mode=LOCAL --root-certificate=./OEM-KEYS/qpsa_rootca.cer --ca-certificate=./OEM-KEYS/qpsa_attestca.cer --ca-key=./OEM-KEYS/qpsa_attestca.key --oem-id=0x1 --oem-product-id=0xabcd --outfile basic_sec.elfCopy to clipboard
- 阶段 2：完成安全启动（基本安全启动 + 调试禁用 + 防回滚 + 写入权限禁用）：
    运行以下命令：

        <meta>/common/sectoolsv2/ext/<platform>/sectools.exe fuse-blower --security-profile <meta>/common/sectoolsv2/<chipset>_security_profile.xml --fuse-pk-hash-0=0xf953644308944bb811ca0ec2a736a17fe38509941ce7f55860130857813c8378e93359b70dfd874c270dca08a53bd99f --fuse-oem-secure-boot1-pk-hash-in-fuse --fuse-oem-secure-boot1-auth-en --fuse-oem-secure-boot2-pk-hash-in-fuse --fuse-oem-secure-boot2-auth-en --fuse-oem-secure-boot3-pk-hash-in-fuse --fuse-oem-secure-boot3-auth-en --fuse-oem-secure-boot-fec-enable --fuse-wdog-en --fuse-shared-qsee-spiden-disable --fuse-shared-qsee-spniden-disable --fuse-shared-mss-dbgen-disable --fuse-shared-mss-niden-disable --fuse-shared-cp-dbgen-disable --fuse-shared-cp-niden-disable --fuse-shared-ns-dbgen-disable --fuse-shared-ns-niden-disable --fuse-apps-dbgen-disable --fuse-apps-niden-disable --fuse-shared-misc-debug-disable --fuse-eku-enforcement-en --fuse-anti-rollback-feature-en=0xF --fuse-sec-key-derivation-key=0x00 --fuse-read-permissions-write-disable --fuse-oem-configuration-write-disable --fuse-secondary-key-derivation-key-read-disable --fuse-public-key-hash-0-write-disable --fuse-oem-secure-boot-write-disable --fuse-secondary-key-derivation-key-write-disable --fuse-secondary-key-derivation-key-fec-enable --fuse-fec-enables-write-disable --generate --sign --fuse-oem-hw-id=0x0001 --fuse-oem-product-id=0xabcd --signing-mode=LOCAL --root-certificate=./OEM-KEYS/Copy to clipboard

        qpsa_rootca.cer --ca-certificate=./OEM-KEYS/qpsa_attestca.cer --ca-key=./OEM-KEYS/qpsa_attestca.key --oem-id=0x1 --oem-product-id=0xabcd --outfile sec.elfCopy to clipboard

**Parent Topic:** [启用安全启动](https://docs.qualcomm.com/doc/80-70015-11SC/topic/enable-secure-boot.html)

Last Published: Dec 03, 2024

[Previous Topic
为镜像签名](https://docs.qualcomm.com/bundle/publicresource/80-70015-11SC/topics/sign-the-images.md) [Next Topic
刷写映像](https://docs.qualcomm.com/bundle/publicresource/80-70015-11SC/topics/flash-the-images.md)