# 配置安全服务

Qualcomm Linux Security 提供多种安全配置，用于增强设备安全性、维护设备软件的真实性和完整性，并保护关键敏感的开发者和用户信息。

本节将指导您完成以下配置工作流程。

安全启动

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [启用安全启动](https://docs.qualcomm.com/doc/80-70018-11SC/topic/enable-secure-boot.html#enable-secure-boot)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [QFPROM 熔丝](https://docs.qualcomm.com/doc/80-70018-11SC/topic/appendix-fuse-configurations.html#appendix-fuse-configurations)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [生成本地（不安全）根密钥和证书](https://docs.qualcomm.com/doc/80-70018-11SC/topic/generate-local-insecure-root-key-and-certificates.html#generate-local-insecure-root-key-and-certificates)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [生成 ECDSA 根密钥和证书](https://docs.qualcomm.com/doc/80-70018-11SC/topic/generate-ecdsa-root-key-and-certificate.html#generate-ecdsa-root-key-and-certificate)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [生成 RSA 客户端应用程序密钥对和证书](https://docs.qualcomm.com/doc/80-70018-11SC/topic/generate-rsa-root-ca-key-pair-and-certificate.html#generate-rsa-root-ca-key-pair-and-certificate)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [为 RSA 和 ECDSA 生成 SHA-384 哈希](https://docs.qualcomm.com/doc/80-70018-11SC/topic/generate-sha-384-hash-for-rsa-and-ecdsa.html#generate-sha-384-hash-for-rsa-and-ecdsa)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [签名镜像](https://docs.qualcomm.com/doc/80-70018-11SC/topic/sign-the-images.html#sign-the-images)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [生成已签名的 sec.elf 镜像](https://docs.qualcomm.com/doc/80-70018-11SC/topic/generate-signed-sec-elf-image.html#generate-signed-sec-elf-image)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [刷写镜像](https://docs.qualcomm.com/doc/80-70018-11SC/topic/flash-the-images.html#flash-the-images)

UEFI 安全启动

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [启用 UEFI 安全启动](https://docs.qualcomm.com/doc/80-70018-11SC/topic/enable-uefi-secure-boot.html#enable-uefi-secure-boot)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [生成密钥和证书](https://docs.qualcomm.com/doc/80-70018-11SC/topic/generate-key-and-certificate.html#generate-key-and-certificate)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [对镜像进行签名并将 (.auth) 密钥/签名文件复制到 EFI 分区](https://docs.qualcomm.com/doc/80-70018-11SC/topic/sign-images-and-copy-auth-key-signed-files-to-efi-partition.html#sign-images-and-copy-auth-key-signed-files-to-efi-partition)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [从 systemd-boot 菜单启用 UEFI 安全启动](https://docs.qualcomm.com/doc/80-70018-11SC/topic/enable-uefi-secure-boot-from-systemd-boot-menu.html#enable-uefi-secure-boot-from-systemd-boot-menu)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [对未签名镜像进行哈希处理并更新数据库以进行镜像身份验证](https://docs.qualcomm.com/doc/80-70018-11SC/topic/hash-unsigned-images-and-update-db-for-image-authentication.html#hash-unsigned-images-and-update-db-for-image-authentication)

其他配置

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [从 Qualcomm TEE 启用设备配置 (Devcfg)](https://docs.qualcomm.com/doc/80-70018-11SC/topic/enable-device-devcfg-from-qtee.html#enable-device-devcfg-from-qtee)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [启用 SELinux](https://docs.qualcomm.com/doc/80-70018-11SC/topic/enable-selinux.html#enable-selinux)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [示例 OpenSSL 配置](https://docs.qualcomm.com/doc/80-70018-11SC/topic/appendix-openssl-configuration.html#appendix-openssl-configuration)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [安装或升级 SoftSKU 功能包](https://docs.qualcomm.com/doc/80-70018-11SC/topic/upgrade-qualcomm-wes-feature-pack.html#upgrade-qualcomm-wes-feature-pack)

## 后续步骤

- 要调整 Qualcomm TEE 配置，请参阅[从 Qualcomm TEE 启用设备配置 (Devcfg)](https://docs.qualcomm.com/doc/80-70018-11SC/topic/enable-device-devcfg-from-qtee.html#enable-device-devcfg-from-qtee)。
- 要启用安全启动并确保只有受信任的应用程序在设备上运行，请参阅[启用安全启动](https://docs.qualcomm.com/doc/80-70018-11SC/topic/enable-secure-boot.html#enable-secure-boot)。

> 
> 
>

Last Published: Apr 29, 2025

[Previous Topic
调通安全功能](https://docs.qualcomm.com/bundle/publicresource/80-70018-11SC/topics/bring-up.md) [Next Topic
从 Qualcomm TEE 启用设备配置 (Devcfg)](https://docs.qualcomm.com/bundle/publicresource/80-70018-11SC/topics/enable-device-devcfg-from-qtee.md)