# 使用 systemd-boot 和 UKI 配置并安全启动

systemd-boot统一可扩展固件接口（UEFI）启动管理器提供控制启动流程的选项，并加载用户选择的启动加载器。配置文件、内核镜像、initrd 镜像和其他 EFI 镜像必须驻留在 EFI 分区上。

要将 Qualcomm Linux 内核直接作为 EFI 镜像运行，请使用 `CONFIG_EFI_STUB` 编译它们。systemd-boot支持两种配置：

> 
> 
> - Type1：
> 
> 
>     Type1配置使用引导加载程序规范（BLS）描述文件。您可以在 `/loader/entries/` EFI 上的目录中找到这些文件。
> - Type2：
> 
> 
>     Type2配置使用统一内核镜像（UKI）。这些镜像将内核、initrd和内核命令行合并到单个EFI可执行文件中。Type2提供了更好的安全性，因为UKI包含设备启动所需的所有信息。对UKI镜像进行签名可保护所有包含的实体。如果启用了UEFI安全启动，则系统仅加载已签名的镜像，因此需要签名。

有关详细信息，请参阅 [systemd-boot](https://www.freedesktop.org/software/systemd/man/latest/systemd-boot.html)。

Note

要使用启用了安全启动的设备，需要签名。

## UKI

UKI 集合了单个UEFI 可移植可执行 (PE) 文件中 UEFI boot stub 程序、Qualcomm Linux 内核镜像、initrd 和其他资源。UEFI boot stub 在 UEFI PE 二进制文件内部搜索用于内核调用的各种资源。这允许在单个 UKI 镜像内组合各种资源，然后可以使用 sbsign 进行签名。Qualcomm Linux 使用 sbsign 来签署 PE 文件，而非 PE 文件（如 DTB）则使用 OpenSSL 签署。

有关 UKI 的更多详细信息，请参阅 [unified_kernel_image](https://uapi-group.org/specifications/specs/unified_kernel_image/)。下表显示了 `uki.efi` 的内容：

| uki.efi 文件的组件 | 内容 |
| --- | --- |
| Initrd = Init ramdisk | `initramfs-ostree-image-qcs6490-rb3gen2-vision-kit.cpio.gz` |
| Linux = 内核镜像 | `Image`（因为 systemd-boot 需要未压缩的内核） |
| Uname = 内核发布版本 | `6.6.52` |
| Efi-arch = 架构 | `aa64` |
| Stub = System-boot efi stub | `linuxx64.efi.stub` |
| OS-release = 操作系统发行版本 | <ul class="simple"><br><li><p><code class="docutils literal notranslate"><span class="pre">ID</span> <span class="pre">=</span> <span class="pre">qcom-wayland</span></code></p></li><br><li><p><code class="docutils literal notranslate"><span class="pre">Name</span> <span class="pre">=</span> <span class="pre">“QCOM</span> <span class="pre">Reference</span> <span class="pre">Distro</span> <span class="pre">with</span> <span class="pre">Wayland”</span></code></p></li><br><li><p><code class="docutils literal notranslate"><span class="pre">VERSION</span> <span class="pre">=</span> <span class="pre">“1.0”</span></code></p></li><br><li><p><code class="docutils literal notranslate"><span class="pre">VERSION_ID</span> <span class="pre">=</span> <span class="pre">1.0</span></code></p></li><br><li><p><code class="docutils literal notranslate"><span class="pre">PRETTY_NAME</span> <span class="pre">=</span> <span class="pre">“QCOM</span> <span class="pre">Reference</span> <span class="pre">Distro</span> <span class="pre">with</span> <span class="pre">Wayland</span> <span class="pre">1.0”</span></code></p></li><br></ul> |

### 镜像配方

`meta-qcom-hwe/recipes-kernel/images` 包含以下配方：

- `linux-qcom-uki.bb` 生成 `uki.efi`。
- `esp-qcom-image.bb` 生成 VFAT 镜像，`efi.bin`，其中包含 `uki.efi` 和 `systemd-boot`。

`meta-qcom-distro/classes/image-qcom-deploy.bbclass` 类调用 `esp-qcom-image`。

## EFI 镜像

EFI 镜像，`efi.bin`，是存储在闪存的EFI分区中的VFAT文件系统镜像。该 VFAT 文件系统包含 UEFI 将执行控制权加载和转移到 systemd-boot 所需的镜像。为了将执行控制权转移到 systemd-boot 管理器，UEFI 挂载 `efi.bin`，加载 `bootaa64.efi`，并执行它。systemd-boot 管理器解析 `loader.conf`，加载内核镜像，并将控制权转移给它。

有关 EFI 结构的更多信息，请参阅 [EFI 系统分区](https://wiki.archlinux.org/title/EFI_system_partition)。

以下是来自 Qualcomm Linux 的 `efi.bin` 的示例结构。它包含 `/ostree/poky-<sha256-sum>` 目录下的 systemd-boot `bootaa64.efi` 和 Qualcomm Linux 内核 `vmlinuz-<version>`。

> 
> 
> ![../../_images/efi-bin-ostree.png](data:image/png;base64,UklGRggNAABXRUJQVlA4TPwMAAAvVwJjEP/BoJEkRf3g3+ox/8/YYNg2kqIc9V/qM//MMGwbSVEe+m/1mP9n2Na2LWObs49ORArQll5lY2TJZgIA/PvdJJHtl8gmiWx/Fses1/f9JJPF4fml0fZBYb9gc7iAwfFKYXfoLmgNgfgDSocH+B0XQA1UQAU0QAVUb396xkhlyWv261e24vs/cY7a0ex3C1Mw72ne07yneU+OrWfpZxfn6HxH3aswBbI4VrZCFli0taeRJKl/jWe9994UTRKFKmYZVLDLvv9rJRIZVW3OKc50RUT/adG2W7eNDlbRZaXSXIAw9WhFzPebTwrtr7/9018Wkv3hNxN+96PPaSHZl3/8leHXP6G1ZF/85W+an321mKAf/lPz0y9XEz/41+k/p6S8/fYoj8uHy+NR8KoXgmExYliOiOuITMMi/DjSJ32o6znSm9cLj0dtAbnLUfse12akGevqOf/pP++Wy7KCTv85/edEhMtR7u5W1XtADw+v0cO4WnFEsQI10ERAg+6IsW5oRKHv5CFE0v1MAFEbW5YOJEK5DRV9nwhYQoTOVPOgyESAYvlsbrZ2c5sIWCJ8h6N2Mc5VWVGuqT++qDb7KitqN1yt+iPPzRTr6jn/eR3r6v2y039O/zmR5eEol8vR9hf3q+o9oMvjq14w3j2CtlBI8EcUdsSB623OhkgMt3DYeyJlGTdIWBYfKsBEsQE7ka+AuAwg0Q60SOZIHtHMi10MGaiOAXDCkiARI/ieKYKpVuebKJcQqDZzpEndu8ZZwz24lpV7sfO/h4N2mawn31ldme01YCPa4OwHhjnSFaaESLmSoe/jRy967h6eTsumXUEcdRwRB67gauZItu4jvAXKXsw8sz3V7c0Twx6J4QYCZV6JHcJf+Dzb5q43V6GIQKU5V2GPNIQldQDrcgvEsjDoh3YjV5GUBHhzJCWMydILUQFaNKyrdU1ffWZdva+xrt4vO/3n9J8TWR6XFfg0ksaHSPgkj8kqkgJUT64C9Qp3tKAWnPSLhklXgdyc75ly9ySgiESlESOuG2dX6R4qRKjv6kOpRAGBQSuDx6NmsF0FQgUghKQQDIuLg8tRu+mq3HBl1hJl6WyuQr1QaDI2uwpKSBSrZyyg3WJHq42cmN0A8NWtq78/Ov3nWbmsq/fLTv85/edEhMtR7u7W1f931iteeMR3uZo8A35J4cCLynnEtcETu19I7W1QhiarUGpDjxGALA2e2P1CmqcruXlXxSqUPsSuD/fE7hciNOhMFHarcIjhtgTAUbsontj9QqPEEFmF6wCip7kndr846FYJT+x+ccVsJhGrcJXwxO4XVwL41m5Lgff3749O+6HTf07/OcHlYV29B/QaPi1/7wmzKKk+kgfQCBWZMlAdeQHyosE2qSiVQmflIETcg2uZpLqAtDB4OGoDu+h7adF+AJNaJp67ElXKemHepMLlcegJ0P0sMEzWzIdp+x3f9pljLSqsmz9im1Q0IXUhVzS5BWKhVh0Jr53dgj5SQlNQAVpUoqpfV8/5z+d4WFfvl53+c/rPCS6H5dzfr6r3yx4ePsEkIr6HJLwP2nxFfj/wiEdhPAuCxjgg5RnI8r4D1ikw4cWO9NEkY1ibVF8HdrJLwzlRa8E1pS0fJyJrwUzkcxXSuvej6GDCKLQ+UrF3p6suEe1aEQM9qVB6muRAR+8tRUl0MjRNiG2Std0GaNApMUeymZvEtiGSJY7UKylmVBLtOhGUKvgmR0fRq1x5KEtm3GwUSavw07ENdEuUDv4AVcjI/Vi6xlacymhyPVPoam1wqmKnoeM05CFYVQA0TYaSo0h1rrZxvDQrCa/HMpI0pTjDeTAxvM0B3ZgiuAdXK+XmfcuWITFhM1GbACdAgzkmtpEcyxC/YdP5kmyCpAxPG/bncY3Voupdi0zdmXEzURA3m3/fdzsMM1HT4G/TmExIHzZSO1o0045CGiOQAw9iBZJNuZnnuKusRQQ1VvtQ3c3ITZQyRjiuAnWw13ZlZBhsBIahu5SJth06AR0tKHUJ9gsiwBBQy5VSlGTGOFJUAXebA/OFslGLqALsrBOTR3xRfWU7m6hNgFcqwKb67JFMmwYTGwNgo28bquuupJgvuhQaYduvfajAyFBDr6JnbK/bPthRVCEXUTQ2wd6QQHr092qyc0uUDZ5QVVDS2kg2rmZC+sBpgaTRhkSsBrs0T32nDd58FVmfz9quJoxdqwi6cJxOsK9ZHQmbVTpms9xd7p4EqgBbNpXm5+RGRltCoKrnv9KUxCKmzMwAcgsGjzQk7N3p71a2OYhQX0sT9Zi6qijSSMVGfHVtzC5RRz0LUOU93MK0aTCxDWf16fmxaAfAzI3cXUAFRlkWNZatkm8ypmpXxbR9MKNIZcyBPEgwv2+TKAT65DybLIrcFGWCv+J8KyQ9kPRR8zakDxxdWaUSUd0jah/jXClXNUBwZg3wDX56hnZND6CS64HuBnubKB1V57Lvu/l+76TI88moC8VeyWjTYapIAvQx/RXWxSlqtL3+1pFgo11d4QQwMXabgy2rk6CJmqq6yCvXDxWuVD2RbQDyJGobYKOR4FuYNg0mtoHVpxGFK+pyhLTOCKFgSgmslGdREYXdtH2wo+gm18o1kx63WRSZKfSsgcnOTVE2eCSlTbKaZq7YkN57/vPfx4P21uIRJSsNEcCViDDGDGAMGyhhQ8bAVTPozdvZ9orricgo1RcgKtUJqgqMi0iW2NBqsdpcUWcOgYktIU7KRyGZBlQAQdAX737EWTvPc+CQxNaHJzHX5Z0kK8b8EXuyUc8DbPkWpk2DiW1Gyxo9ddqKVGV8xaspTV3/s1KRdclN4rCjWEWdYLRWO2636lvTdHZuizLBm4HzA490xYb03rN/dzlo3xxzqaoSKiPFk6lfVTjRhjjczV97UOkcImdKbznoO6/IN4uGqLF1e/PKFSKajB/DWSJmN7qpa+V60vUINgeJFSbqxnZep1zIODO7mKhNgMddIGMeYe7MJZUi7AozOwZsAwc+5sJ0FGdzoBQygzyJwmU/MJtVdg6IMpuPOBvSR2azqsEd1QxjJl+jKQBGoIxoq4H1zCTVKec6z5SO/LPa7KpOx/gjSBOnw5LmyGgrzY0jpaGtelOGXt00xolOJBVwZ+IezCDHWmwOtEZ4E7XUEZUbcapy3EbWRuChs41aB3h0s2nTYGK7MtGnbwGjwqtrhOQb274PoXNQYnhsDnozidg49MC5ntXMoEPX4zaJgprYm3zfWUk7IMoEf2SzDekjsFuY77aB1eWSstjU7dSm8ymAICUo86anj+plENSzrYnSyW4CTNAnZ6YJQPFktOmzJLzR1vSJX0XBdAOGqpysY4gYP7c50A+vbNRe9K2toEbSD9xUoQPFRm0D5H5wN3WHp2PTGH3m4duVyWPEbE6uvtq8154p1OluJg47itE0gVCFp8btyENJr45kh+GWKBs8RO9W1W7U2Ib0gXPs7H/F0UvQPkYUoSWFRwvr6t9RvE7E5Sh3d+vq/bLTf07/eY2Rxfbv6r95u6reA7o8vo4GA36pwHCGgI1aPo4D39ARBGKld70cnmmEYbpOKPq+CNyT8Ig3ZHRxpNntqsKmEYbpOvHidwkUIWqdTiQAjVCRVfMGs5Amd/QQ7frXPSqyHCl02whDZLI2cOOpdtXoQvCyhjZsHlG5afOGUeW9B6pVlW3AZpY7pj5Zp5VRAZ5Ud82ku04Y5tpzD/TCJhIhTWATHCsJkom4Gcok8updFQ3r9bcnjTB01wnNXLtudPGiBEft4SmkBhyBUkVPHkA0S+NPF/g3Js10nTgE0gsToud3DnzIze9b+z4BTjFphGG7ThxzL3ekKFTzhiMkxCte33wGV2XaoWLaCMN0nTiA3vxCJ43d2DZvuO0mHUrJ9nMonSg2mK+AboRhu04wwi1MM4xVta4pLym4Ot9kQaE/uHW1vvenMayr98tO/zn950SWh6Pc3x/k7bfran3vV8ZovK54YnsKlwFDqmDNDrSolwzcl42rNZBmm9Qu90B7d04tcbqtAVxnolJ1qwsGqhs0JqkNPdoVSQUARM2N3R0pfFYrLwe1QGrnReByHT+KYNpQne+7pUeq1aBqFmFQWkePg4AKCFmTRq5l2hBf0Pz/8aDdDza46yezFDORZIuM484I5hJOejSLd0cIhc6aBsQRBJDp5cw3l6N2p1R1zoWeAdeKKloeQgKiwhOVyW8M7ztT7GkVrOe2S0/PQWmOlJVqCdgsnIg8kuphIbIKCOjuKeTmfG20YXbzmWwTi1qd+cA9DBeRxhl5Gaw/2TI9BV+BKw0Amj7PTppYeN0csRfV9aKl8V8Byrpa1/TUirv7Z35f43JZFbwPdvrP6T8fGX7+9Wrix//Q/OPfn60lvvrzXzVvfvnvrz9fR3zxg7/85o213/zsz39ZRvb7X/z9zSeF9gY=)
> 
> **图：OSTree 支持下生成的 efi.bin 文件**

## 签名

安全启动是 UEFI 标准中的一项功能，但在 Qualcomm Linux 中默认情况下并未启用。启用后，安全启动会通过维护一份在设备启动时运行的加密签名二进制文件列表（如果成功通过身份验证）为预启动过程增加了一层保护。这可确保设备的启动固件和 Linux 操作系统启动组件（例如启动管理器、内核和 initramfs）未被篡改。

UEFI 安全启动使用数字签名来验证其加载的二进制代码的真实性和完整性。UEFI 安全变量存储所有密钥。实现 UEFI 安全启动需要使用平台密钥 (PK)、密钥交换密钥 (KEK)、数据库 (DB) 和禁止签名数据库 (DBX)。

使用安全启动需要密钥 PK、KEK 和 DB。虽然允许多个 KEK、DB 和 DBX，但PK只允许一个。

启用 UEFI 安全启动需要在系统中注册 PK。Qualcomm 建议在安全启动启用过程的最后一步配置 PK。有关 Qualcomm 如何实现 UEFI 安全启动功能的更多信息，请参阅[安全启动](https://docs.qualcomm.com/bundle/publicresource/topics/80-70020-11/features.html#secure-boot)。

### 使用主机工具signing\_tool.py 对 Qualcomm Linux 编译版本生成的 Linux 操作系统镜像进行签名

启用 UEFI 安全启动需要签署 EFI 和 DTB 镜像。使用 `signing_tool.py` 主机签名工具来简化此过程。此命令行 Python 脚本在 Linux 主机（Ubuntu 20.04 或更高版本）上运行。它通过两个独立的操作自动完成 EFI 和 DTB 镜像的签名。该工具还支持合并 DTB 文件的功能。

主机签名工具可在 [GitHub](https://github.com/quic/host-signing-tool) 上下载。

### 主机签名工具概述

主机签名工具在安装了Python3的Linux主机上运行。它可以在单个操作中对 EFI 镜像或 DTB 镜像进行签名。要签署 EFI 和 DTB 镜像，您必须使用不同的输入调用该工具两次。

![../../_images/host_tool_design_wbg.png](data:image/png;base64,UklGRtgPAABXRUJQVlA4TMwPAAAvzQFNEKfiuG0jSSrZdcyZf5ozu//pNBy2kaRI3dXHfPknSc/oMJIkp9nZc3jIP0iVIgCDbCMV4RBO4Yjen+IjJCG9E7JITsAQhoEh7OwOCjCEddWmHlmkLJIpCmQAqixHtxGWRXKCKVna1GNvV52NypddVMCxrVlMPVKr7tBVO/tdlYXvmDa5lCwSn3GtzQnr1e7xIX++PwspISWkhNSQ2rUvFBwIqzQMEAEMEAwAFgEABgiGABbAs/2t/2d90//68/1ewLBtm9RGrubNSkXhQBbQ4QQxJJQGUEcMTM+SvWzLy7gt+4XA//8zQgihQoazdUT/J+CLz6z87vtZ9rve/vZxpv1bTz98/PiPf86w//j48S/9/PXjvzjL/uvjX/v69zzz78/+++y//0vveXerLv/u4XUmeLtTunyeB+6UPj/NAc9Kqcc9L/7t061St3PATqlHavH1RqmXGeBGqb0e+KDU0wyglKImnz777382FRYuMZgtagOXGcwVES71AioX3gS2BHwOvjCAogcpgFUPQpIVJLmyyQqyD8+bkhwgGx4dIDttZeZsbK+fVs9j3/NEg5RkjIaUgNuQtmvaKQCbFSQFgLyCJCsX8EjGJkTMCgAqVh7gzQlSkGQVNpR2Rc8mbbsiKSRb6Hlki+2yskNukTJFTnoeSddjZYdTVZFl0dEsKwZ1KGJyi4Z2yH62aMhcsiFJIdu2aEhpTk/lJnIWOHnhRJt6ODla8/6kYLs0ARyROBQT0yZY4IwLf1MOoAqbHFu2ni1FTIpjghOiJpIlOhqOE0StgeMYbYfLpOwvR0oyRkMhz7RFQ+aSoc0uW2wnpgjtVpBkPDlLAqsFWPTHlZmzsT0yFDljszpihifRdlnZK8Yi5wqSXNkkbbviyp2QFgAW/qZk/5tgAQBJf5QAJEmGgJ3ySAxxUuMCK5IrIDRDshHIWbmA20xItR8UPHsRWH59hulYDwP/f299/dvfOSM98WzKvj5gtKeOIju9WwKr7OnbD3/ORnnySNCjf6SOotIBsk2U9KHUE0d56iiNPoy6LQP+4xfAbwBnNmHh9Fiww9EZ5bz/eeSnxRyU4OcA1hYAWOXsU+AwYmkAwHL2oY+fAEbhA4BRzD/kf6H9pzXbZ5AyOrHsVOD4csoRclRKCydaZZcMMAD8DHCuFc8+SJH34XmaazzAjMkK8rqgf446iorfANk6SqYH0yVTxBzi2HAddS95agCjZsdrJncBSbJyAY8VAFQ6y5GS9FxWkGQq4HoeaYcuREoyNmGmJCXgjc7Zg4JXUSVC5qYkXZeVGZKeR61XImTrQSNC5uLAzLkyya3IKUXFFCklrowTrw+055QmSSlIU5Kx1B9TYYfVEWmS9A5CMkVFd0VSxHRXJMWUYpNkipyeS3KLnBJuSI4AKT14bZ57ksChpCnHZfOu8I6QoYd0FMjKXLWsepBsHZUAMDbZ0NcA6itFmiSlYBVW5MrWnxQkubJbpHmS67a5qxFJcKELXimVCNmYIWl6pOuRK1tvlemRuRm2VCJkLjqlkMzNLVOklBgJ+pdhFNcKcxuQJHMXcCuyEch1xsYDINnCVMC1OzEWEJKkBDxzLJgsneEHNa+Lq9Jd8fIv7cInhcbMmSKdjRibEDHnI23+Ly2hmGMk2tPxCcUkRTJFzl7nntiEGZOsPMCr2ioX8HQWui4QxwJ2Q1ICdk5SAp4tycoDPJK5DcjJJUXKGFvSdlm5bpvrsjJDnYmcEjZpe6Q0G4YmGSOlhCRdj5UdkkJyi3SKWODERTfXI+m53CInc2xbTEnGUmc2WSEmQ5NsSObI6XokheQWDSlNNtiSUmO3Sn3SxJ1SzyOTnbLpJiRJKSgFSQrZIuGG1HWXlAwFyRAAcgrZJnEoSA8rycFewoNSd29aeFZKvY4MnW4OB0CGHtKxCM2cOXKaxwSPNqFrNvraK6VuHp4uf6eUuufY1t2KE1yPpOdyi5zMsT2owopc2WNhh2xxvbYtti25JGmG+uKz0ubd2+gw6OLzhBQpU6Sk7ZKuzQOaHul6Y7Gyq8pFzhQpJSRp2xVXLnNINqbUGJ9vNLF74/iWxjGjPIWxgBmTrFzAq9pyF3CrsahcCImUlIAnJFm5gNuQsQmE1Bn58qTB51eO8vrYmtetiHmhl3LNW20LXq+xWzEU1VSStWVXDCVg55xKuDxw+F59h9UH9XzECAg4Lbw+7TT48Kyrl8fduf/+y1/+fXfuxxddPT/sNPi0186j0uTtXkdvOzXAr75SA9y96Wh/qzT5qJkHpc2bvQaEPOHtTmnz7k0/+xulzQetvCilds8vl/94o9SuLbQPPK+HCnJoT0qph08vF//pQSn1qJ+dUurx5fKfd0qpTzq5V+qeWtwrpfbnGuJJN0o9UYs/KnWjnb1S6oVavFfqXic3Su31wHulfjylgjRhN2TlAh5ZQZKNDXMlSDt0IVKSsQkzJSkB75RXpRQ1eaPUXjfPSu2ox71SNzpRSlGTT0o9neZWtFek67IywzbbZWUfmDlXJrkVOaWomCKlxAkvSu10sVPqRTdPSj1pgkqpqyklQ5s0JRnLli1yUh6EZIqK7oqkiOmuSIp5RMINyRYpeIrAoaQp5xMy9JC2xD1Its4X0jwwVx2qsCJXdssW+Smu2+au5opGrEiJbQeaHul6LbRdVnanFJK5uWWKlBJzBHMXsFN2yV3ArdoaG6bXibGAkCQl4JmzxAClyWHOInbMxgzno9wFQr5r6sg5c5C9Kwbdx3qBgS7WI5ZggMFUEGDAwWjVGORmXIqsa3lVFBh0MVYBAD876xqAMybZAp2N6JqIACQcZAIgGisH8HnmBMCIJDjZGl6KXGMBBxqMW3YujkptAHCOWwAQXBXRUKLJIACMgh0zC0B2CakIgVVuQ6QkYxMiJpkKuJ5HUgJuQ+Y2IKctB0jY3QIW5SVAcgvRcGWSW6RMkbMRIXPhkdKu6NmkkNwinbqyEwoAxvoSKtJekSkaNiQpJKVJ0vNIEZNbNA22pHwv+H4PdbAAnOTKYAQAC6fHoB5AeJCT0gQg6bltOVpzelhJnvMcRVZfG2tgfVJhoHV5ZdBH30YymBQxKSRXHbZsb0LXbC7CgVFcGREQnVIbOBpcGUwWPQHZUEKbLdJso5AtuSRphhcCo7h2fMBIWC8B1FcGyazHxAAWQ4lFzhUkKxEyFx4ZipyxWeWQbEx5EYUBGMWVYwAJSTpAdH30WgAoBsIVEJohmQq4tkcyBOyUjE0g5EWwMACjuG4A8DC6lugAWT/ndlc8b1YPhIUBGPXYbMqhlQfB+6Uxc6ZIzxQhKofBBEA0No6RDGkB+CRLA0jeKYxNiJhng5EMojAAox4dwMqGEwFYJmsDMMr3yiAjAHCy8xUGYBQcIWBZD4UWjiZ87wF+fabCAIyC4wQjKgdSOi1Gwo5Z8V6DEZVncQCj4FgBi2QYZBY5/rrk0cwBgGXxPgMWm/MYBUcMcLJhnOjjaHItffPlHyMNOh2A33/dX5HVHNiHL/8UafDXHYA/fDs0H92vog/Q8Ifezt/Dl9Dvr74Zlg9gEZV1YFxP33z5x0iDTqfff60GEDjHk/N8+PJPkQZ/3ekP36pB+QCskiRL62pS6okajDosNi9qAAG6bs6i1As16HRwsic1KB+AVbK1tN5lRlRyEEkXoxiPRUIOywdglTxavsf8mhwGi+x4zbEwopID8wFYJTu+v5yMh8PoW2vLmodD8gFYJd9vRsL2q8TK2D4gH4BV8v0WlbxejITHh+MDsEq+27KaHa+PTcnh+QCsku+37tdH96H4AKyS8866gw/AKnlqMav4AJIjPgCr5KmFAVjzSYJBRvMJ/SFY5YzCaHGuRVRyVJLBLKaK4estAoxiID6AcvaoDQDOIBcAAs4eTDBgqxyhYCjB+GwA5zphthhMUHKEkAwjwfgUALLrhCyyYZY8dQwKDLoYGToAgk125rG61DFgMKSAY1MYGKA/NXC9GMpizdFhsRiAUU8NlzsKZBI45y44q1zsZ17dKrXXxL1SP+rmVakbXdwotdfNs1L3mtgrdaOTe6Xu9bBXSu11wxulnvTwo1I31O1eKfWih3ul7nXyopTaPb9c/uONUjtq90kpdf/p5eI/PSilHrXDnVLq8eXyn3dKqU864YPS5s1eP293Spt3b/rZ3yhtPlArfNTF7Z4aftsN4auvhrB7o4b3t7p4pGb4+rTT4MMzNf3yuDv333/5y7/vzv34Qk0/P+w0+LSndq78CAj4bn2H1QBQz0fLA2c2ytCazUVW22JaeHnS4I+v47TG0fWE8Hyj9Lh7G6HSOGaUk8Gz0ubt2/gE6OhPBXul1M3j0+XfKaXuR6dG52IieFDq7o06fFZKvY6N082ZCG6V+kQ93in1PDIZTtxMA0opavJJqaeRWZyymHuOAny/fl5WkUVRlBXzUOEbaDf8bPYpHHR3inlnjVbHj3znAIjmHB8AnA3bNw4A+OfwbJIx5FzhA1hk7JotAPhn2kJyplgDWJbsXi4BRGfJRUiSsQkzZYotuTLJEHCbqa8GsOTpSwDFGRrTI8mtyClFRTMkTUlpVnTtqc8BFmUP5QJw+jNtVAfuiqSIGZrcIufKJfNw4isAZOwzA1D0Btd0DwQOJXPk0iRzYYcNJ74AcNivA/i9mdUW8kCy3ZSuJEkZIpz4FsDm2MYC/PLIBlj0ZpMSW9J1j0gTW1LmZIxq0qsB8OgGh1bZRgD1GeiaFVNI5uaWbGCS9OyKoclJLwOcY4sWrI84QHaOynTJWEBIkjRDkpUH2Pm0t+kEYG0B/pElsO6pV7GlxieVCIg6LQ0gOBIB0WCkzZlgAzjHHLRujiyBZCjCzOeCDLCOFcaBz6MOkA1F95NKDaA8wjpwlgmPlgDq2aUEkB07MQEWnFtKC0DZkwMEc0tpAUjYbwagPuXbD3/ORnk6KS0ACfstF4DDUz5gtCeS0gKQsN/SAoz6pK9/+ztnpKeR0gKQsN/SArDmSUo9cWrWSWkBSNjvxgDgc1YpLQAJu5ZZ2VImDgD4nFVKC0DCrgkAy3EcC4dGwlmltAAk7LpGd7/mrFJaABIerdeBga6LoGa/80VpAUh4NEGrVZbZYcneZ4vSApDwaI3WZcmzzxWlBSDh8TWAYF1wgHOFBSBhxwgIOMyZYg0g4QnRnOMASx4tsyyzZh4D2BxJDLQmcw4AttdodzgPRQAcZ5lwPgo45Dkkmn8MYJ21WrPQEp2L+afotOT8w2LpHI04B13uZ//NQzdKvWriYR7YKfWoh9cbpV5mgGel1OP+8t4+3Sp1yxmAd0qfn2aBtzttPHMWIJ93txrYPbxyLpgxP/vvs//+z7l/zTP/6uuHjx//8c8Z9h8fP/6lny/+9nGm/dsXfX/3/Sz73RefWQk=)

**图：装有 OpenSSL 和 sbsign 的 Linux 机器**

host tool 需要将未签名的 EFI 或 DTB 文件以及证书和密钥作为输入。调用后，该工具将解包未签名的镜像，使用提供的密钥和证书对可用项目进行签名，然后重新将镜像打包，将未签名的版本替换为已签名的版本。

要合并 DTB 文件，您必须遵循与签名过程不同的流程。使用该工具将新的 DTB 文件与现有的 `dtb.bin` 合并或从可用的 DTB 文件列表中创建一个新的串接 `dtb.bin` 文件。

### 主机签名工具的工作原理

**运行该工具的前提条件**

> 
> 
> 若要运行此工具，请在 Linux 主机上安装以下内容：
> 
> - OpenSSL、sbsign和mtools实用程序
> - Python3
> - pip、subprocess、shlex、socket、glob和shutil Python模块

### 主机签名工具配置

在开始操作之前，您必须配置主机签名工具。

### `config.ini` 文件

使用主机工具需要在 `config.ini` 配置文件中提供必要的信息。该工具读取此文件并对镜像进行相应的签名。以下代码片段显示了配置文件中的变量：

[common]
    # Section - 1: Common Selection
    # Select operation: 1. sign_image or 2. combine_dtb
    operation = sign_image
    # This option is useful for both operations(sign_image & combine_dtb). Possible values for file_path are 1. remote or 2. local
    file_path = local
    # This option is required for both operations(sign_image & combine_dtb) if file_path == remote
    local_machine_private_key_path = /usr2/<user_name_for_machine>/.ssh/id_rsa
    
    # Section - 2: operation == sign_image related common selection
    # Possible values for image_type are 1. efi or 2. dtb
    image_type = efi
    # This option is required if operation == sign_image & image_type == efi
    loader_conf_timeout = 20
    
    # Section - 3: operation == combine_dtb related common selection
    # Possible values for combine_dtb_type are 1. combine_with_old_dtb, 2. combine_without_old_dtb
    combine_dtb_type = combine_with_old_dtb
    
    # Below options are required to fetch file from remote Linux machine in the same network (that is if file_path == remote)
    
    # This option is useful if operation == sign_image & image_type == efi
    [efi_config]
    efi_remote_hostname = <remotemachine_ip_or_hostname_where_efi.bin_available>
    efi_remote_username = <username_on_remote_machine_where_efi.bin_available>
    efi_remote_filepath = <full_path_of_efi.bin_file_on_remotemachine>
    
    # This option is useful if operation == sign_image. Both image_type requires this option
    [keys_config]
    keys_remote_hostname = <remotemachine_ip_or_hostname_where_keys_available>
    keys_remote_username = <username_on_remote_machine_where_keys_available>
    keys_remote_filepath = <full_path_of_keys_directory_on_remotemachine>
    
    # This option is useful if operation == sign_image & image_type == dtb
    [dtb_config]
    dtb_remote_hostname = <remotemachine_ip_or_hostname_where_dtb_available>
    dtb_remote_username = <username_on_remote_machine_where_dtb_available>
    dtb_remote_filepath = <full_path_of_dtb_on_remotemachine>
    
    # This option is useful if operation == combine_dtb.
    [combine_dtb_config]
    combine_dtb_remote_hostname = <remotemachine_ip_or_hostname_where_combined-dtb.dtb_available>
    combine_dtb_remote_username = <username_on_remote_machine_where_combined-dtb.dtb_available>
    combine_dtb_remote_filepath = <full_path_of_combined-dtb.dtb_on_remotemachine>
    Copy to clipboard

表：config.ini 文件中的变量

| config.ini 中的变量 | 值 | 说明 |
| --- | --- | --- |
| `operation` | `sign_image/combine_dtb` | 使用此配置可以选择对镜像进行签名或合并DTB文件。 |
| `image_type` | `efi/dtb` | 如配置 `operation == sign_image`，请使用此配置单独选择 `efi` 或 `dtb` 签名。 |
| `combine_dtb_type` | `combine_with_old_dtb/combine_without_old_dtb` | 如配置 `operation == combine_dtb`，请使用此配置选择要执行的DTB合并操作类型。<br><br><br><br>> <br>> <br>> <ul class="simple"><br>> <li><p><code class="docutils literal notranslate"><span class="pre">combine_with_old_dtb</span></code>：与旧的 <code class="docutils literal notranslate"><span class="pre">dtb.bin</span></code> DTB结合使用</p></li><br>> <li><p><code class="docutils literal notranslate"><span class="pre">combine_without_old_dtb</span></code>：合并一组 DTB 文件</p></li><br>> </ul> |
| `file_path` | `local/remote` | <ul class="simple"><br><li><p>本地：密钥和 efi.bin/dtb.bin 与脚本位于同一路径。</p></li><br><li><p>远程：将 efi.bin/dtb.bin 和密钥从远程 Linux 机器复制到当前路径。</p></li><br></ul> |
| `local_machine_private_key_path` | `<path of id_rsa file in local machine>` | 如果 `file_path = remote`，此文件将与远程计算机建立SSH 连接。 |
| `loader_conf_timeout` | `<timeout in seconds>` | systemd-boot等待时间，让您选择对二进制文件进行身份验证。此选项是签名 `efi.bin` 所必需的。 |
| `efi/keys/dtb/combine-dtb_remote_hostname` | `<ip or hostname of the remote Linux machine>` | 如果 `file_path = remote`，则主机工具选择远程机器的主机名，使用 SCP 复制从远程机器获取文件 `efi/keys/dtb/combine-dtb`。 |
| `efi/keys/dtb/combine-dtb_remote_username` | `<username_on_remote_machine>` | 如果 `file_path = remote`，则主机工具选择远程机器的用户名，使用 SCP 复制从远程机器获取文件 `efi/keys/dtb/combine-dtb`，前提是用户名是在远程机器上创建的。 |
| `efi/keys/dtb/combine-dtb_remote_filepath` | `<full_path_of_file_on_remote_machine>` | 如果 `file_path = remote`，则主机工具选择远程计算机上的一个 `efi/key/dtb/combine-dtb` 文件的路径，使用 SCP 从远程计算机复制该文件。 |

### 使用 config.ini 文件进行配置

1. 操作选择：设置 `operation` 变量以指定必须执行的操作。可选值为 `sign_image` 或 `combine_dtb`。
2. 镜像选择：如果选择 `operation == sign_image`，则需要通过设置 `image_type` 变量来指定要签名的镜像。可选值为 `efi` 或 `dtb`。
3. 文件位置：使用 `file_path` 变量指示未签名的 EFI/DTB 镜像、密钥和证书的位置。

    如果在配置文件中进行选择 `local`，请手动将 EFI/DTB 镜像、密钥和证书文件复制到本地工作目录。

    1. 在与脚本相同的路径中创建一个 `unsigned_binaries` 目录，然后将 `efi.bin`/`dtb.bin` 镜像复制到该目录中。
    2. 在与脚本相同的路径中创建一个 `keys` 目录，然后将 `db.auth`、`db.crt`、`db.key` 和 `KEK.auth` `PK.auth` 文件复制到该目录中。

    如果希望脚本从同一网络上的远程 Linux 计算机自动复制所需的文件，请在配置文件中选择 `remote`。

    在配置文件中，提供以下变量的信息：

    - `local_machine_private_key_path`（必填）
    - `[efi_config]` 节（如果 `operation` 是 `sign_image` 并且 `image_type` 是 `efi`）
    - `[keys_config]` 节（如果 `operation` 是 `sign_image`）
    - `[dtb_config]` 节（如果 `operation` 是 `sign_image` 并且 `image_type` 是 `dtb`）
    - `[combine_dtb_config]` 节（如果 `operation` 是 `combine_dtb`）

Note

该脚本支持在同一网络内通过 SCP 从另一台 Linux主机复制文件。
4. 加载器配置超时：当配置文件中的 `image_type` 设置为 efi 时，将会更新 `loader_conf_timeout` 变量。
5. 组合 DTB 选择：设置 `operation == combine_dtb` 时，请通过设置 `combine_dtb_type` 变量来指定 DTB 组合操作的类型。可选值为 `combine_with_old_dtb` 或 `combine_without_old_dtb`。

    1. 如果选择 `combine_dtb_type == combine_with_old_dtb`，则在与脚本相同的路径中创建一个 `unsigned_binaries` 目录，`dtb.bin` 并将镜像复制到该目录。
    2. 对于这两个选项，请在与脚本相同的路径中创建一个 `dtb_files` 目录，并将必须合并到该目录中的所有 DTB 文件复制（与旧的合并 DTB 一起 `dtb.bin` 复制，或者仅与彼此合并）。

处理缺失的配置：如果缺少任何配置信息，脚本将运行，并通过命令行提示您输入缺少的详细信息。

**运行主机签名工具**

1. 运行主机工具：完成代码编译过程并获取未签名的 `efi.bin` 和 `dtb.bin` 镜像后，运行主机签名工具。
2. 准备主机：将主机签名工具文件（`signing_tool.py` 和 `config.ini`）存储在一台 Linux 机器上。确保两个文件位于同一工作目录中。
3. 配置工具：根据配置说明对主机签名工具进行配置。
4. 运行工具：运行以下命令从命令行启动主机工具：`$python3 signing_tool.py`
5. 交互过程：主机签名工具在屏幕上显示您的选择和操作命令。它还会在命令行中显示错误。
6. 签名镜像：它会创建一个在同一工作目录中调用 `signed_binaries` 的目录。签名d `efi.bin` 或 `dtb.bin` 镜像存储在目录中。该工具会在签名后删除用户创建的其他目录。
7. 对两个镜像重复上述步骤：按照此过程操作两次，一次为 `efi.bin`，一次为 `dtb.bin`。每次签名操作后，请先删除 `signed_binaries` 目录，然后再开始新操作。

### 主机签名工具工作流程

下图显示了主机签名工具的工作流：

![../../_images/host_tool_workflow.png](data:image/png;base64,UklGRnwYAABXRUJQVlA4TG8YAAAv/4GWEDfDOJKkNosH+aCUfy564e6Wp1Jg2LaNo/h7zw31+6/Sa+6dcxBJkiL1MTMZOv8azgA/w3QraNuGMX+y3QHQhAAEXUlm/CGJLkYCwg+6GPGIORY+bOYQcwE/6kQKnUihk1LoRBJdIHgICkEhmB+fFbHwxAZc7vPdw7ed+tIwcNXLANQuAqQ/hnSM74+EYUYjSDQSQX4zP1HS/IQUZg+KB00P8saCj1aC/phmN81umt2178YNq9KUNv2CdRoWK39C/vSE2lFPXPP2hFrOR3n8urXyhNo7z26tGDhurRimTOawucMXjtx5bq08oUZR3LaNY+6/dq6Xd0RMQPZGgnmBrLTsB1kEZ4X8rN4REl1J0NNs5GfhQSKQfl3NkXKTn1Qu0J52podt+9u27f8v4N2FtOpu1b0Xw0jKmxat9ysKjeg9zFf3MN/227TUqfj5PwfTJglAIF9diuj/BPhRZNu2bdu2IAlZKEHJFKFUCmQqhUqmSAUPwJJ2/GNSa6vtM/roYzbYQkT/J+DWHoGfvve2mL/zwWdtvDcW9dc/avbuePziM09J+dOvjMcfNfl4PH4akv7C+PXPGrwzfh6y/sr4wwZvjB8XtmfH7zYYjyHsT43f/rtWi4IDl/TAlXH40sCVBxDv/Sc4x9F9cartxtBBGCzFjbAPSeU36Hy6/x07VhTVyVBWSWMpIKSaVEmD1aT2YCuqE1aT2oKsUvBBFEUHouOLup0Ig1OUSS8QBnhj1X7li7pBdZY7WHDoPh9FRyw6A3p9YgKpvDg0IcrVgF45lJA6pg4IkaJLehA6270wAAuatoAlqpckHxmPX8DsXh5KVO3cOHQ8dyghdWQA5UCSdlsXW13Lley2oNbF5veoDl5JBbMc8sPovhRRFaflstCAqmC55POJ5VJbsBepM/M/ontSs6v/ft5xdCg9S/GC6i8K+0p99NepSz5ZCgip1aC3JgXUxrCQHBgmb+1UJQ3SpQBWk9qx6ERZeL3YNQgFXTu75oU2pu1M66RdEAbLOlkCqrP8juhsDtkvvAEW9ApL42pB7UQB2p0oQBiHEjJ6IDlptU8uLN7Q/JnmwKEMA3jiUHIguvpFecf2XPseRcKudfL2hijPRAHCOJSQ0QPJaXXRC6ehQehFyzppV7stlnVm6VAd/C5LzmpSzQtCavYihsnrFVVBVimA5VI7Fp3nbef1vl39iEKx+6Lbes0sydD4dhFSTV68F9nO1+tvuufKMoBWA1dShM9s4MJonnn258y3Iwxd/lXo6Xv/7f2399/+YFVZlqosyzOxm6r6SuxQ1mwhd5P1lang4UwpVULy8JNaT2SvUmeQPXyvhY/YaNEjZjZa8IivGi12xPVGCx3x9UaLHPFNjRY44psbLW7ETY0WNuLmRosacZtGCxpxu0aLGXHbRgsZcftGixhxl0YLGHG3RosXcddGCxdx90aLFrGNRgsWsZ1GixWxrUYLFbG9RosUsc1GCxSx3UaLE7HtRgsTsf1GixKxi0YLErGbRosRsatGCxGxu0aLELHLRgsQcZdL8S42WnyIb/7wnlT29xxFRzdjo4WHuOHtOzC0fxQbLTrEDY+i+0Bz2IvKuNqLyoDlUqNHUXTQgI0WHOKmyzqXhyVh63RYEraozqqdVPK00WJD3HxY7QvwDbD95Btg+6EJGa9ho4WGuNVoamA6x8l0jjAuX8NGiwxx26tsWHC+CM5vYqMFhrjNMICt4n7D/eLQhIyXsdHiQtzqKg2ydIaCLMdpKMhyUJ1VN6bGa9hoYSFueTZJAewmC07sJguYLm3ApvYaNlpUiH1stKAQ+9loMSH2tdFCQuxvo0WE2OdGCwix340WD2LfGy0cxP43WjSIO+/2QWEvYqMFg9irr2OjxYK46fG9KPLFUhTVedGNYV3assoGEFJNwKVQQkg+T1XSIO9E0WEjNlooiBvfucPsjSVf1O2GgkM22QpEmfQCW5k0JVEXrZ4Ig2UHfHT7sBEbLRLEzR8ycxhLA3q9s6BuMDSZQCqxgFRiOxyaj6Iw8+ETzdjooWWrduCv3Ma9KNLL+imhS1KmjovUZT5qzswPoqNm/Ivahf2iwg6kFu7eOeZ4Vy9JKueNg8cXrS3CLhxeQI2Oo/vcXe2csLjA4okozHz4BDcmyASoCd++x0flXVtdy5X0MmlKuiV7WafdFssO+OHtg0YEqQA1Obod3e223rNcFhrg0qaELtXBZVWQd6PokJsS5ALUwPpDk48kSAbImW0Dr3wkQTZArqwm+foIgnSAHPlcgnyAvEaQEJDHCDIC8hZBSkCWdPs0gpyA7Ph4gqSAulkuNegGs6psxlIU1fkegqyAOnFnlX5RnVVPvqjbWwjSAuqiBOxxOpQQpwG9voMgL6AOQt7hFMaHECQG1B70pnHaP4UgM6C2Vl+w1dOh/AiC1IBaojTwdqI6q76NIDegltIlXxezqrR3ESQH1M7TUXgrQXZAXdWdWfpbCNID6ihd6ryTID+gbt5OkCCQQwQZAjlDkCKQIwQ5AjlBkCSQAwRZAllHkCaQZQR5AllFkCiQRQSZAllDkCqQJQS5AllBkCyQBQTZAnVGkC5QRwT5AnVCkDBQBwQZA7VGkDJQSwQ5A7VCkDRQCwRZAzUiSBuoAUHeQDciSBzoBgSZA11DkDpQDUHuQMxMkDwQE2QPKaQvZPf+2/vv72RdlGX542VZng0qVVmWqizL814wWavaalCZqvqLXoDTmi2G1bLmBP0AmyvTgWWyVkqtJ32hUkqV8GWWh+5CewJnSqlT9AU8UuuJLzIO34Uv8JPaoD9M1Rl8mQdQ4Y1KVf1Ax/Msy7/JF1kWj/oR+2AUz7Ms/zpfZFk8Cjqd0opvXizno8FjlC4LvnmxTEeBNltyuybVQ0a65HbzNMDSFbdfZHqg0NmK2y8yHVazFXdbZINEWnC3RRpQoyV3v4oHhyTn7k0SSrOCrcwGhnnBVs7DaMG25npIILaVdAAR22tGg4E2bK/RoaNztrlIBgJt2GajA2fJdhd6ENCG7TY6aIhtN3oIyNl2EzJztn85ACzYfgqXhF3Met+MXZyFijZOcNLzdOFEoQMlYzfznkfs5jJMRuxq2utidjUOEnJmtQuWq33GUD5aGje6/Vy5M3mIjNjd1BuheWrliW6wVT6x22uW4rQUpPLHidndOEDIoZU3lsXJ4olzax8Brzl34/wTLR3Kw0MXDvHMF7QK7JqsJjXoxbW6YZLSAnblaTXJFyXgUBJSTeh2sZrki6XN5JOlOC1Fl9S7AaX9FCN2eRQcKbtM3hia4A7eWLXTLaEbtAZbhc05u4M3NocoRJn0csMdvLHk4PUWqWRqMHX8FHOnFsGxdKrwBiVYtnNoQhR65c7QxOJiAmEcmpRgAql8NIEwlgYcmk9RN6LwUxinVsHBbs+8sVV2g9DZnqHEoXnVJBmUfSqhS7rVJD2YOp6Lgm8/xYjdHgVG7NjCG4fSNwjj8pnNw7msvgiD7lGglyTvVF/EjfHc1GHHT5E6Ng+MzLG8u3I7tYOy6YBDx0sOK3GxNLg4zANq59bS4Mah+RxejI+YXJbdkWMUGMuWUpeZusylaIktUKqcWBEqALUuNn+KonlBaWQxoChhq2v5DUojy8nXqs6tqQHs2j6iXCsL8jaapBKQuu6YJG0vMYFhWhucU4PzG0Y2qPWZDVNxWi75fG6rXGdR7bagF2C5LDQeZVHttpa6ydc9NjWYGh9QbZSygVupMMoGsBQA1mGW/goODHYttkKpn6ru3uzx4A8/jLdNt+qqO6SOZ2jtJaNe8b+yrKnK8/9d/O+yptrWKPXo3y4dtn4G7+/6/ETVb6uas/Lq9Mq0vHpWc1b+0B4lnkmLl8RBods7d1LneMe31mxdatr5CVO+3nbpgdpuSVLl1xO3NzinBuc3ZOi6rNlUyB36i+JiW1Oi69iWDrNu/wmsT4FAAs43jpX+DGG/ntEuOJkgoDAp1y4dOn5fcG4GYFI+6mJ7gVqbdin/jNaudimBofwjgOllF9uTSSejbDwzS/u9XY4PiIHzjdp2MMG1Fk3tvH8p3jC1Q/U/CJh0odangG5HUgnuSdLGS5OwWLX0wcnFVqlObmhRKj/gxQ9SyflP6nKrlNpUaOWzERa5Y59fqqs/lhZasJrUFiGpnYaaBntRGTCrymakBvTKUtCLa60mNWCYvF6EpEZtVyH5hN1Uxgecld3/qK4++q9jq8DIHPuXT6qz3CGVXAUcloQtqrPqU5bgjVU7yzppF6SSR1EXrXLoIGz9HNv/OLYMjJljhGqrlNrCwu4OJaSOWwt8A2w/lBBPVTg0IQpRgPYK2+HQ3A3WwcPuYOFWKbU5x9yxLDC0YymAs7UfwgAsnjGdI4wXhc7G5i9KXeaq1gdbaMe6BJA4lgQGjFsaACalz4Lz/jrj8g0H16OXO364nODqyqkCoTF3aon6iQ8OJaSOZ9wvDuXFeurQcRHlRVhc7DvM6L4PpqhfOEXBMXIqvcbK7qgOXnlmKMhyUJ1VDcrGLHeodbE5yzppr+iW7GWFJSM68sH1iVNxcGDpUKG9slxq6yl2kwXMqtIMhqn6reWSTxhF7q+gS3VASPZP9gmMQyuER+xQBq98YBg/vVWpQ2mAIHem0D0OK2dWCJHYmQx9LnUmDRIsHSn0rvkL2oXcEYMwGRVuzNDvEkeSQEHqxBI9D5kTGUIF5MBK9z7kDhiEizbWFQn6n15ZV+iAgTa2xRgAkBSWFQlCBklhV4pBAElhVZEgbJAYi4oUAwGSwqIiQehAG2uKBIMBEmONSRA+wMISozEgQC8tWWoEEWaFDRkc7S3AvLCgmMOjnoNedJYnGBwwos6WI4QTMKJO8hju9hkgzjvJY/jVf8BoUbS1jOFyvwESKloqKIFvdwGAGa2aLVMNt/sOoFMqGhXLVMO/OwLAKM2WueEvP1/l+WKewP3+czVJszw3/BWv8jxLE/h5d1y7reDLfnStgtfDjQJoOXDpPHhMMnABOvasij2bwKODhXcVwnUo24pfyP5ZViV+6i//SvEL2T/LqsRP/eVfKX4h+2dZlfipv/yrxC9k/yyrlLyqLMtSlWVZngndVF1/LnQ4uWYLqZus66Zih9OaE8gdflJKrSeSVymlTiF5eKR+guxNVSVgepl3+V1ucSY2S/bmQmiIPSozGfs0lpiUhS9m4UsK4RsVLHvasPAZFj5i4SMWvpSFL2XhS1j4kkL49IplTxsWvpw9Gk+IDN+4tv8HYKmbPF0KIKSagEuhhJB8XoVUE2p32YBZVZoQNVbRzq4kyqQX2MqkKYm6aPUiyqQXqCXZClRnVSEa0Ass7UwglVhAKrEdDs3TBFJJ7TC0Dk0IQaqngC5JmTouUpd5oku6sxtfqV6SVM4bB497SfL7VTsnLC6wuFE79w7Nr9RW13IlvUyakm7JXtZpq2v5Haqzqjwtl4UGuLQpoUt1cF4uC40b01U2+XnvocmHi9K2gVe+eKtJvr55f+ifuvX6tuVq372t8oGy1doXzOtkLyqD6jAV7KYyLkxSki4FDDWNL1Qri8OSsLXbYjcOHYStE63Bsk6WYCh4rfCEJfgG2L5sxxu7werzRhQgjKH1hTJtgOkctIbtrGp9cH1qDhzK75SaDrDgcrfDAEYvfqt9sypewf0KKw77DlPjRhQgjG/VKhtDQZYDNu0QlgzljWWdWfrXiqGd3WQB7LaAkGznBlml4Dv1fDh/oiStMr57oY3v3h/713BL8YLq37Q/W3q65JOlAJdCSW9NCqiNYSE5EFKr8ZWKsvB6sZVJO2ln17zQxrSdXYPQd2pzyH5hAXmqsDSuFtSON8C+U2m1T06p4w0W3yuIrn6abylfrEjYtZYCizd4+161uuiFUy+T9qqhQeg7tZpU8wKXtlcRUrPv1NOHJq+3/du1beCV1+6+6La+XatJvl5ESDX5dv25f9F0ruovB5VTVV/2Amxr1pNBBZuazaQfXNSUGFbOa87RD3CplNpgYMFWKbVFX5islTrvB8kumSqlLnoDTtUWO3XprRV26om6RH/AZrpbtPHUKtktk81klxH79nP2rUm6AZLYxwk6Tgv27Rfs2SK1KePwzbvaxaOCwzexKA8gDo+YAzjbn2lpvGMpXpTKb0oUqS2WwrLDJwaPrig6ZD54InRCA7zy8v9wWpnMsvFT+6RVIHUsBYTUatBbk+LBZvIJq0ltwWpSW1RJ4yIkTyCkmoBL2ykknyw19X8z60AY3WBWlc1YiqI6fxu9TM6nXYNQ0LWza145eIXqLHeoznKHMDj1MtnKIsqkF+hl0pREXbR64v09pTqXp+qsevJF3X4buLb9gTfAgl5haVwNODQPJaSOQwmp44YFUIIJpBLbIZXYDofm0vhXm9V6Xh1KiNOAXn8dzF7KuLB41dQRBmARBmDxKHUA3qBLUk4dF6nL/IeD0eXzFMbvBgjNU3nDeEde9ZLkvYPzPx3g5bT/biyAqXHy9qpD81BC6jiUkDoeYQGUoHZO2H6BxT/eoQPYtbpxKH8zUQZstk5Dg9BTvlZ1qA5eoTp4hd3WRS+TboutruVKepk0Jd2Svax/N9wnyyvdoDqr/lqIInlyIqRmT3WTL1gutQXLpbaAqjjRJU9YLgsNaFJXQpfq4B+OLqmti1lV2u/ledv56/aVp6Pwo/pq90W39R9U3Zml/4YIqSb/QaVLnV/R37oH/cR/cmHxSb1+saxfDB0f0e0/h5SkNqHpeoUk1fH7evejP7u3DGg2AboBhBZ0W7+Mvch26K1JAYTUnhlKanfZIDWgV0LJobgoLgV0YymK6oR0qcNQ07CAXfnPRvOnUvm7ODQYSrp2dk2GBqFXlGQrN6iN2rjQYGhc+aJuYJ1ZgqGArcLm/Lvt9lQr/C4mgAW9wtLAN8Be0WFo3Uhttq4q4NvVgF5ZAK0xtGBoYvEPN5S3zuOXQRRJd0p8CF3Bnc3vMVzSA0ocmv8ZLAibv4uhHexP2NTv1XvLNmiPNg/nH27XegaL30WvPOHbe9ajQ2Hzjm/3htatw0r8y7nzy9kt2XRnaBB6HWVjlgq14X6lndBxbyrY9Yii+Q/XbD7Vlb8LNqmXfoOQWnmg87g3TNUr3RapuHCXdu6xS97qo63yryapTe5JqoNfxt/Q4x/tpw+pw9Z3r2nnu/eZe65RAK3CIwmhmUXaBE8xCw9k4UOwCIh9+9v/Y89qhGgS+1bFnk1gl3e3FQZYBa/v/bf3395/e//t/fd3L9I8dLOhK+XwXQxceQAV4sd7yrX2jta+S72eWntDKl/U7dv3c8pBWJc2YJi8NtiLbKdL6hCSTxgmr1fdGNalLatswGqSL8ClUEJIPkVFQVqwrJPWODQYSlIJURetsqyTdkfBIZtsBdzBG2xl0pREXbQqKwt6IQrQGhPA4sp2ODSjAO3WgrrB0GQCYWABqcR2OPRQWsLY/Iookq5Sl7n5S/opmU2SkTouUpdHgjO0gz06OL+n+iKMeePgQwe/KKeyXW2FKFe9cgOLiyhvWBqcsLjA4ksybYPQQShIC5Z10hq7JZuCqQHdkr2sZZ20F1EaWQx6mTQl3ZK9HMsH6VIdEGrSBowi9wab1EuHTQ26VAeMIvdXZVHttsClTQldqoMF5HFo8XMemnyuPG0beOW/votyh60m+fq8s4uBqVKbc+v+3leqn1Q1OCm1vQim6aVSg5RSl5MgmpRrNUD8tHX9pxq1/i6Avtio2p+2zveLi8r505rNWW7f0vi81q52KYGh/Cyufqo5rdzvFR6slFLrcgKLhg7CXjR0fMbUDtX/AOB0rZSqELZBdjkFbDq/7P0PUsn5T8DkZID6qcLVrppDGBzKoaySxtJWVOfFcqnBUIJLoaR2lw1YTWrAMHm9CEmN2q5C8gm7qYxPAKbboen6rnYD10EUhpIwWPJF3S7cWaVfbGXSTiXZCnhj1c6yTtoFqeRR1EWrHDoIWx8Rvn1l6sA88O3WgF4vSsAeFxaQpw5D69CEKEQB2itsh0NzN1h9fjEosZe9YuNFIe9wSh1PhM7G5i9KXeaq1gdvH/a6bzE1jBdBbxqn+Zxx+YaD69GLfzUOKwfu/qLVF2z1hMUTh46LKC/C4mLfYWp8MzCDUFzttu5RGni76GXS7lDrYnOWddJe0S3ZywpLhvKr4Rukjiuq4l665OsCl7ZbyyWfMIrcX0GX6oCQbOer8dmHJj+ykGwbeOWLt5rk65vn9b/9txq4ZgE0H7gQL/KwpRmGrsH47we9OX5G2J4fv9fg3fFLsvb4q+OPGnz62viFxwTtyZfHb91q+uF4/OqLz0n5S+Px6582uvXxm2NJf+ezW21+8sH7Uv7hp7f2CAQA)

**图：主机签名工具工作流**

- 主机工具需要 `efi.bin` 和 `dtb.bin` 路径（绝对路径或网络路径）。

    - `efi.bin` 支持 OSTree 的包含 `vmlinuz-x.y.z`（Qualcomm Linux 内核镜像）和 `bootaa64.efi`（boot loader 镜像）。
    - `dtb.bin` 包含 `combined-dtb.dtb`。
- 主机工具需要 `certificate` 和 `key` 的路径（绝对路径或网络路径）来对镜像进行签名。
- 主机工具将 `dtb.bin`/`efi.bin` 装载到 FAT 分区上，该分区提供以下目录结构并遵循其单独的签名过程：

> 
> 
> ![../../_images/1_efi_bin.png](data:image/png;base64,UklGRrgEAABXRUJQVlA4TKsEAAAv20BPEKehoI0kZe79iz16JhsM27ZxpLv733/V/p8ehm3bOFJu/2HvvqaHbSRJTvofYX7+GRGEhgC0tggA8C9zU8Kr8bLtVL/HFnG8nOgRmH9P+jWnDJmA7jOJpr7ZFbACK7ACiwz5ZFACgf1X5qLHdrPEfTuR9Njq+1rm2veZaoaoIWqI6v9vqmnfR49texiiTqQTaapZ5l613yPuGyha2962bfx9GcjeEzYImYEYhL/6t2hx/xcXARKl1ICHzlFE/yEqkmRJiYKGGdixfevY/sDF/WXevuhNXr3d4d2XZ487k2df3tdePGN38uz1Do/74/GZBJfXS226YNgshQdFgm18wDZjQGdEbhNScdK9IQCILLalzTYL87MTZViYqzvgNsYd+vaz3um6oWt4vluP72munvbsfm0znMoIADAb0iugjmRI20Ysyoxtl0iXJ1oIKdlyRKBVJWmLneajCGPi7+SJKZJ0WHWDy4Eat2Yx5Rsyh0IXthOZCjHZUorN9C+WZqiKUelVSSQDOrZtVXr1GACoXfB9tdS3n/VO7/TtXvTsv9uL9VLXlwsNQ8/u19brB0Uif54gNdYIu5+JQMEj7raCZ4BpPFXHQtpnRMsWKSF5MgB5JH0CJkYAoxFALauTxmxYmDRVIqAmAAgjWiU7SuYKIwO8zZEeoSgxGZtjfdKcMrInHVwlZGdSLMqNtlkvzFCIpIOflaROAYacdMdCpD5JsmfMhmliJU9kyDfesD6YxSixeNNVkz0FpwCkOql+24fEGopUGvQ3zUOLCilSnzRrAUVSPaZFNsCxt3Ogh2Oe6ZLUJ60wFgvuKDE5BmkcXfQYjWL0GUkTy5OKxpJnxSGQM5D8jXJz8yCtb3dQfbsXPfvv9mKz1M+rvt2LnsyQeqqhUzpYUiAEUFs0EpIt/2reEWptnipcwamwgf75e7MwV3sFUmKNc862hf76MSzM0wN5xLZvH1oSbH/EZKwmjnCi7QcA2MkqoMnliRahbz/rnaoZlrp62rd70bP//qc6fL+2Xj9ECljYDGxP5Gkng0CHVaeKhW/8opok2LJJTQrlWzgjOQ9ALHwXmCRkyWPknIrSC6qmNivp4Brpv83CXO+BtINgG99Gl8PSXO7hc9xR5qLf9jh+6smdAK6wqowY6dV2gFWgxCn73/JMBgCBlb7NEJws+9HneaSz//6soW/zSA+LUlhkxP0fq4AYGgHU0iigqKaMKJpT26kam6SYfciRMVsK6ikjSZaNMyxNpRjaW8Hwd0SYp+2injISYetslqbiYUkP7xSAEONWPWUk0urtvUVlT5mLtrbav63CPNMl2W4bRT1lJNKJx3xG0lS+RNRTRiJ9+zn2lM6mb/eiZ//dvqyXur7s2//dPSCy8H9y2iUAtlsMQseKhW+fI00pzYDaukPRhOw9AGme40wpxWSNSt2hZE/VZpRf64W5LBxnSikH0k11hyJkSK1wvT7MUaaUimbIusO2IA9bHDiltLC01OFTStU2ReoOW+rwKSWHsO+xnfo2H3Hy5PJ68R1Uix0zZ/8d0ZP+eLLDy++PeuPR9ze1j1+/Pe9Mvn39VLv4/KE7+Xxxp8sFAA==)
> 
> **图：efi.bin**
> ![../../_images/efi-bin-ostree.png](data:image/png;base64,UklGRggNAABXRUJQVlA4TPwMAAAvVwJjEP/BoJEkRf3g3+ox/8/YYNg2kqIc9V/qM//MMGwbSVEe+m/1mP9n2Na2LWObs49ORArQll5lY2TJZgIA/PvdJJHtl8gmiWx/Fses1/f9JJPF4fml0fZBYb9gc7iAwfFKYXfoLmgNgfgDSocH+B0XQA1UQAU0QAVUb396xkhlyWv261e24vs/cY7a0ex3C1Mw72ne07yneU+OrWfpZxfn6HxH3aswBbI4VrZCFli0taeRJKl/jWe9994UTRKFKmYZVLDLvv9rJRIZVW3OKc50RUT/adG2W7eNDlbRZaXSXIAw9WhFzPebTwrtr7/9018Wkv3hNxN+96PPaSHZl3/8leHXP6G1ZF/85W+an321mKAf/lPz0y9XEz/41+k/p6S8/fYoj8uHy+NR8KoXgmExYliOiOuITMMi/DjSJ32o6znSm9cLj0dtAbnLUfse12akGevqOf/pP++Wy7KCTv85/edEhMtR7u5W1XtADw+v0cO4WnFEsQI10ERAg+6IsW5oRKHv5CFE0v1MAFEbW5YOJEK5DRV9nwhYQoTOVPOgyESAYvlsbrZ2c5sIWCJ8h6N2Mc5VWVGuqT++qDb7KitqN1yt+iPPzRTr6jn/eR3r6v2y039O/zmR5eEol8vR9hf3q+o9oMvjq14w3j2CtlBI8EcUdsSB623OhkgMt3DYeyJlGTdIWBYfKsBEsQE7ka+AuAwg0Q60SOZIHtHMi10MGaiOAXDCkiARI/ieKYKpVuebKJcQqDZzpEndu8ZZwz24lpV7sfO/h4N2mawn31ldme01YCPa4OwHhjnSFaaESLmSoe/jRy967h6eTsumXUEcdRwRB67gauZItu4jvAXKXsw8sz3V7c0Twx6J4QYCZV6JHcJf+Dzb5q43V6GIQKU5V2GPNIQldQDrcgvEsjDoh3YjV5GUBHhzJCWMydILUQFaNKyrdU1ffWZdva+xrt4vO/3n9J8TWR6XFfg0ksaHSPgkj8kqkgJUT64C9Qp3tKAWnPSLhklXgdyc75ly9ySgiESlESOuG2dX6R4qRKjv6kOpRAGBQSuDx6NmsF0FQgUghKQQDIuLg8tRu+mq3HBl1hJl6WyuQr1QaDI2uwpKSBSrZyyg3WJHq42cmN0A8NWtq78/Ov3nWbmsq/fLTv85/edEhMtR7u7W1f931iteeMR3uZo8A35J4cCLynnEtcETu19I7W1QhiarUGpDjxGALA2e2P1CmqcruXlXxSqUPsSuD/fE7hciNOhMFHarcIjhtgTAUbsontj9QqPEEFmF6wCip7kndr846FYJT+x+ccVsJhGrcJXwxO4XVwL41m5Lgff3749O+6HTf07/OcHlYV29B/QaPi1/7wmzKKk+kgfQCBWZMlAdeQHyosE2qSiVQmflIETcg2uZpLqAtDB4OGoDu+h7adF+AJNaJp67ElXKemHepMLlcegJ0P0sMEzWzIdp+x3f9pljLSqsmz9im1Q0IXUhVzS5BWKhVh0Jr53dgj5SQlNQAVpUoqpfV8/5z+d4WFfvl53+c/rPCS6H5dzfr6r3yx4ePsEkIr6HJLwP2nxFfj/wiEdhPAuCxjgg5RnI8r4D1ikw4cWO9NEkY1ibVF8HdrJLwzlRa8E1pS0fJyJrwUzkcxXSuvej6GDCKLQ+UrF3p6suEe1aEQM9qVB6muRAR+8tRUl0MjRNiG2Std0GaNApMUeymZvEtiGSJY7UKylmVBLtOhGUKvgmR0fRq1x5KEtm3GwUSavw07ENdEuUDv4AVcjI/Vi6xlacymhyPVPoam1wqmKnoeM05CFYVQA0TYaSo0h1rrZxvDQrCa/HMpI0pTjDeTAxvM0B3ZgiuAdXK+XmfcuWITFhM1GbACdAgzkmtpEcyxC/YdP5kmyCpAxPG/bncY3Voupdi0zdmXEzURA3m3/fdzsMM1HT4G/TmExIHzZSO1o0045CGiOQAw9iBZJNuZnnuKusRQQ1VvtQ3c3ITZQyRjiuAnWw13ZlZBhsBIahu5SJth06AR0tKHUJ9gsiwBBQy5VSlGTGOFJUAXebA/OFslGLqALsrBOTR3xRfWU7m6hNgFcqwKb67JFMmwYTGwNgo28bquuupJgvuhQaYduvfajAyFBDr6JnbK/bPthRVCEXUTQ2wd6QQHr092qyc0uUDZ5QVVDS2kg2rmZC+sBpgaTRhkSsBrs0T32nDd58FVmfz9quJoxdqwi6cJxOsK9ZHQmbVTpms9xd7p4EqgBbNpXm5+RGRltCoKrnv9KUxCKmzMwAcgsGjzQk7N3p71a2OYhQX0sT9Zi6qijSSMVGfHVtzC5RRz0LUOU93MK0aTCxDWf16fmxaAfAzI3cXUAFRlkWNZatkm8ypmpXxbR9MKNIZcyBPEgwv2+TKAT65DybLIrcFGWCv+J8KyQ9kPRR8zakDxxdWaUSUd0jah/jXClXNUBwZg3wDX56hnZND6CS64HuBnubKB1V57Lvu/l+76TI88moC8VeyWjTYapIAvQx/RXWxSlqtL3+1pFgo11d4QQwMXabgy2rk6CJmqq6yCvXDxWuVD2RbQDyJGobYKOR4FuYNg0mtoHVpxGFK+pyhLTOCKFgSgmslGdREYXdtH2wo+gm18o1kx63WRSZKfSsgcnOTVE2eCSlTbKaZq7YkN57/vPfx4P21uIRJSsNEcCViDDGDGAMGyhhQ8bAVTPozdvZ9orricgo1RcgKtUJqgqMi0iW2NBqsdpcUWcOgYktIU7KRyGZBlQAQdAX737EWTvPc+CQxNaHJzHX5Z0kK8b8EXuyUc8DbPkWpk2DiW1Gyxo9ddqKVGV8xaspTV3/s1KRdclN4rCjWEWdYLRWO2636lvTdHZuizLBm4HzA490xYb03rN/dzlo3xxzqaoSKiPFk6lfVTjRhjjczV97UOkcImdKbznoO6/IN4uGqLF1e/PKFSKajB/DWSJmN7qpa+V60vUINgeJFSbqxnZep1zIODO7mKhNgMddIGMeYe7MJZUi7AozOwZsAwc+5sJ0FGdzoBQygzyJwmU/MJtVdg6IMpuPOBvSR2azqsEd1QxjJl+jKQBGoIxoq4H1zCTVKec6z5SO/LPa7KpOx/gjSBOnw5LmyGgrzY0jpaGtelOGXt00xolOJBVwZ+IezCDHWmwOtEZ4E7XUEZUbcapy3EbWRuChs41aB3h0s2nTYGK7MtGnbwGjwqtrhOQb274PoXNQYnhsDnozidg49MC5ntXMoEPX4zaJgprYm3zfWUk7IMoEf2SzDekjsFuY77aB1eWSstjU7dSm8ymAICUo86anj+plENSzrYnSyW4CTNAnZ6YJQPFktOmzJLzR1vSJX0XBdAOGqpysY4gYP7c50A+vbNRe9K2toEbSD9xUoQPFRm0D5H5wN3WHp2PTGH3m4duVyWPEbE6uvtq8154p1OluJg47itE0gVCFp8btyENJr45kh+GWKBs8RO9W1W7U2Ib0gXPs7H/F0UvQPkYUoSWFRwvr6t9RvE7E5Sh3d+vq/bLTf07/eY2Rxfbv6r95u6reA7o8vo4GA36pwHCGgI1aPo4D39ARBGKld70cnmmEYbpOKPq+CNyT8Ig3ZHRxpNntqsKmEYbpOvHidwkUIWqdTiQAjVCRVfMGs5Amd/QQ7frXPSqyHCl02whDZLI2cOOpdtXoQvCyhjZsHlG5afOGUeW9B6pVlW3AZpY7pj5Zp5VRAZ5Ud82ku04Y5tpzD/TCJhIhTWATHCsJkom4Gcok8updFQ3r9bcnjTB01wnNXLtudPGiBEft4SmkBhyBUkVPHkA0S+NPF/g3Js10nTgE0gsToud3DnzIze9b+z4BTjFphGG7ThxzL3ekKFTzhiMkxCte33wGV2XaoWLaCMN0nTiA3vxCJ43d2DZvuO0mHUrJ9nMonSg2mK+AboRhu04wwi1MM4xVta4pLym4Ot9kQaE/uHW1vvenMayr98tO/zn950SWh6Pc3x/k7bfran3vV8ZovK54YnsKlwFDqmDNDrSolwzcl42rNZBmm9Qu90B7d04tcbqtAVxnolJ1qwsGqhs0JqkNPdoVSQUARM2N3R0pfFYrLwe1QGrnReByHT+KYNpQne+7pUeq1aBqFmFQWkePg4AKCFmTRq5l2hBf0Pz/8aDdDza46yezFDORZIuM484I5hJOejSLd0cIhc6aBsQRBJDp5cw3l6N2p1R1zoWeAdeKKloeQgKiwhOVyW8M7ztT7GkVrOe2S0/PQWmOlJVqCdgsnIg8kuphIbIKCOjuKeTmfG20YXbzmWwTi1qd+cA9DBeRxhl5Gaw/2TI9BV+BKw0Amj7PTppYeN0csRfV9aKl8V8Byrpa1/TUirv7Z35f43JZFbwPdvrP6T8fGX7+9Wrix//Q/OPfn60lvvrzXzVvfvnvrz9fR3zxg7/85o213/zsz39ZRvb7X/z9zSeF9gY=)
> 
> **图：支持 OSTree 的 efi.bin**
> ![../../_images/1_dtb_bin.png](data:image/png;base64,UklGRgQCAABXRUJQVlA4TPcBAAAvrYAXEE+hoI0kZR78W727Z34bCts2Uvqw/6oHz1iGbSMpykH/rTLfzy/b2rZl7D+nU24pQf+hFixNiFRAAAD+ta/3fvtIn8On+S96z5wj5+r95L5XG2A9WoF8n9YAA7ADOuAA9JD9E3O4NtuZvLpPcmnO/ahmIolIMuY25jbm1scikqhm+zyldiKJagaI1rY1bfy+tnbvZSj61yDl5/7vsEFDPNnrRPSfgdtGirzH2GN4QrFnKN9PL2ux3Pc8X3ItltuP1AvXo+vP8zuuJuvVz996NZnuDyaZTNftJPsE+9v3k1MH2+wTnzx/6yj6T6yFXYTzA1QS3s/kpFk5sR2B0zxOVxK5XgigluyAYCgxAOIB9y8AXbK9PiiiJR0QShpFDKkGCFEUQOVVoTY3zTJpYOli2UZDH0uBZQvHGrVNRkkiWoZAiaZURw2sNFGhpUXv6CXBc9Msk64jS1fFlixRC0iLikSTLKnzCU+KcpZNokHd7xGUpPY40sDmphkbcssv0+0giYYkZD6ng5CUNI9vAIhyjipJn5Vm9LepZWkISa5Ag1x0sAwMHtQbPMipofjZYDM0uIFQYn9wbprx31THm20OD3QcxC6JaMLQbBEhCk1E5YNCLQUmJ826/WY5C+FiPbrp+Xq8W4vl4TVVvL2vxfJabLmlAAA=)
> 
> **图：dtb.bin**
- 对镜像进行签名后，主机工具会将 *Auth* 文件复制到 `efi.bin` 和 `dtb.bin` 的目录 `/loader/keys/authkeys` 中。
- 主机工具必须在加载程序配置中 `systemd-boot` 配置等待时间。此等待时间将停止内核加载，并允许您查看和选择 `systemd-boot` 菜单选项。该 `loader.conf` 文件必须在更新的 `efi.bin` 文件中可用。

> 
> 
> Note
> 
> 
> `dtb.bin` 文件不遵循该签名过程。

    - 主机工具将配置 `/loader/loader.conf`。
    - `loader.conf` 的语法规则是 `timeout x`，其中 x = 超时（以秒为单位）。
- 对镜像进行签名后，主机工具必须从 FAT 分区中卸载。`efi.bin/dtb.bin` 将已签名的 `efi.bin/dtb.bin` 存储在主机上，存储路径与主机工具类似，包含在 `signed_binaries` 目录中。
- 以下是已签名的 `efi.bin` 和 `dtb.bin` 的目录结构：

![../../_images/efi-bin_and_dtb-bin.png](data:image/png;base64,UklGRloeAABXRUJQVlA4TE4eAAAvyEOoEI/jsG0bSdLuXv81Hq6D/+ZJrDYct43kSFr32/zD2z2XgL+eme4qx20jOVLN7v/yj87fBeBvTHWJbSRJTvofYX8q5O8QhU5Bg6cDBPRr7LGkAIjQFRE0xDSSjZIIgmOxao2WFACV2SCpS59OVHpBP+hkavFAB5OOg5aDBmHCGpm0d6YEJVAN2kAbaAOtEMe0X6D/tu3NsfXqnDfH1Mw2rO+uq1SPVtm9RAHo9anSKs3fQYTVTcVqJsCy2iICmLHMmGYs2R+6yurTiC6K1adK22OJYo/l9/uJ4vl80qi0EV2laUShMaKrNA2NKF6vFw2NKO7H3eNx1FUq7XG7ikJjRLf61FVmGzgGIsmgf23ungQRocBtG2V4fDl4RT9oTUWAgUBifA6hAFTSIrHsNs4C6pUSFgT0gXa+4JakyrcT3LLdnrI4QzENISasPJVHEql36NpBP2oOeE73D3mSznMw5Ecbs2ztYRtJiu/XrrHRm6DCy4Kf4FfTHXDQcAe0+RXYFMxwI99/Kfw/RFd1J2lppjKi/7Rg267bNgsTTMGY9KUgQi+7Od/Urm1v2zYCaEcps/fobrMnsxN4b1ply+wgeyfoYo///7dFvYIQ8QneSm9E/yExkuRIiTo5PPQ5YK6v99vi44j/Yr1fvj3Hs/nxdFc/H9mesGzGd13otjtzfFvCtdn1fRcn9id8m+Nn6p3cw7gOnRKfHYYkOykOw5l9BPswKU/bn30rK3OIJF9od3M+X5pDM/n8vi52LmNyAVjK7/iyM7+hIcnY1HK7y0vzgxrPTK206y1PaUyyO7/jye0pjUpmbtebv6ERzdzNLvdItYZl1/Zj4RoudVuptzoGqWuz9fe15jQsWTzsCTB3VVe70JA6uACSOfGf+E/8hzhFZQ0YjKVSADNW/PfF66iNcEBvkcB7RUJvQc9SY9wlvdEbCfC98j0jjmdpbwsIXxHTgOhrJqVuTTWcqEx/gijrROFGRDuHUkq9ueqN9s7mqGcp7VYMSCCagVyJSwY4AfEqA7NaCpCA7IkikB1VQclaA3JhAeCTCCSsrWbge6moMXDsUWOh3FPUFPpqDxSLm0qlVBwj0IRIC5ag/oqV7H2ZiEt1EkkyeVE8Jgowj/mq8LXVMNmJeSZysa8P5LAwzMWApo40J4XVXaDXxqVisQOGIxIjElWEtdUwEh+lRVN3/9uijJjnbLqe1ACw0A1eVb+qmkaz+R/XO4j+4Pr70Kmr46/p+GtFmd3Mg81DZvNQlEqc+uY62tzAxMVuXltNjFgauoN3uyH13YZoViXWPNqtIBemWuBTll7UXFZVw8hrvEV8WsMB+e6d4j/xn/jvl/9GLHEpUZahwdCrBqTUgdq9sygand/ep1B27xyJ6JsTC+q+4jsVC4pozpsuAECuRH4GpPVKsiokQjXZCxgAZjeYFSKWXoiHbm13d1H2RxfgyeVMJNkTYyGPRJSKJ1KzRLuBENUyjWalgcnnTCooxzcgFhQDJVBMqtCEsNmIQQ1ePSkyq0aZ9ghKaTQrEnWojt0lyLGgzPzH4q4aGvGGc3mmSdR1Asqxm9M+6XgwK06vGoWVnR8LSpmJemnqa/yWeWCI+c1uhqeoNHhRomyxp2vU8vzDbhYiOytek7hbvCSf00MdC4paRmldihvnnSXmP1d6corbBd2rl9Ty/GE6l9OO6j6Qz+mhjgVlKrLdlm8OCPtoM2P15v0fC6ohXPkdsLnP4y7azee0erdvQCyoCXqgKsibDX0613x+vTsAQPYrPr/eM77kVIT7zU+UfScEUa8THsC/rKEGUh/Iv3X1awOlI6oqNFh61YDkSkZuwyv+E//98p/4b+ge1k3/XAlS07+qwqzpH9ZteI1tRkE0MUaMsaKPgPCXY8BviZT+egmyuRrWBnHb/1aHBWgZbK4QP+TAVLFsnQZ/m4uAmbk4tqjYHe6eacFk7y5Dg6g3GyznSoogrrqa7m8G6QZ9BpIzQVIagEitAEz2SKK3ki+zwQVSA4DkEbaDjW/IKgULBQEmiioU54RekdMZEFtxpExZFJMKkQFww+YazFNV92IbjdGrAI2EjLiD2eRGOTsviUy0o955ME3w5kgVGUgqzFXTAhrNoroNMYimtOg0Sr6oWVFdQ6UsFMX1amYpKIGoomomFaK6mjaYnSeSuZdgozGm7CoaIe2v7qP1nM5kKVOvrhc4E7bMDgKCOVJAUlETW/HGnNXl8z8o7DHnBmHRVLDhPKkX2VMeDBj2eX8qgWJxJBNpJhXidvlIrpVh5knfC9gEcVNHmmcC7y6p8Z0aUWy8NxN/UGEACOZIZqFxpZGRoAoaxDLT8xiIHi1FtU6YOG+KmwFAPWlFsgsNC1lQbbOk9FoZZp6oCQAO8F1Ab4/REUZ63VsQ+pJijlSxdDxKUT3PqvBBx3O+2k3iiUE5qStlzsooe7dJhfizFUJudQ58o1PvQ2Km3y/Og819zhmVIoI5Ui+sD4hs19Ao5MuDme8XF6aASrM4l0FlpiqpF6YGZDuTCnGr2Xmq6n0MttEYJTv9uIOztGY3oohICUho5kiqsJmsuZB6rs8NtJdX7UYuo6mZgQ8FksXGRTQq2KRC3GqDeWIgl2ijMfapenZ5XQQaQubr4XHQ4j92V2VExqChoFeNkdvwiv/Ef+I/8d/QPYbt3okmrxW3j2Pq7/14hFUadrCUdp9gM8I8hD2Yu5iISwaYWFQxSchJ2mYmuITN2OYykGGCxlHKRXYrHYwlA82DiXJSgTr8LqMytjnDF56K22KDuG02Y1ssnhJs0Lgkfr92FUyuRGL4OZND4+JdTvuMqsIgLlhom5lwT/bxqUyDJEsVNSXaraREIjXnhRvcdcTg3TFQ1PzziwhCm4Uau4WO2zbI2IbW2aBxu8+/V7Z/dcDc9cau8NyrEOS6C7vSNr7L6UanQ07tPWZt+0N1KvRXIdXmZO70Ke84DZWSSqXKxW/45sImY1vf7DJs0LgdxX9Soql4j0g+B1oAR1E8zbKnAACPUAIyas5EW7+bydjm1DzYoHH7FuXsg+iAd2UmPeP18fejoX1PGbzB++jFxT2ICRo9ijuiX1dwKXVrIDJGbsMr/hP/if/Ef8PqXAoSQ68akFLnveLgde80NhZtt3IYFZddBIRVxRS0rRUQvg3A5kh7zZzHciIq0z2OxKF92ImavQcpGwyqdUlqTLqYDDQCABLeXkmqT0AkmYmm4hgoYfdqBWB7DQAQQgay7xhNpyBsqOTAPgMJG7N4Umwcuv53m8vc/Cm7isZwlGPFQrG4ncurDIje0F32vkxXjGBTEJaJFpXSr5YOMnKppAzi0G2Xp2uGmH90uVTqawbNs8dyHVXMe3JAr7heu43BIEVCRiObgjBmuo5mCds9oE+edwMwBAAb5tVLS8wfRPrmD+gtUZq5ELWM0vai0pIrzgDWgioApq5+XBeBtAOMJ1i/oWUZKKqmTR7om7+ikr79U9QFwO0vnrMgrO/iBG9TEFKZddo8L78DwoOJ1WZfJsPEodtk5uaX7CgxOWChhkAMv3MxKkUEcw1QmkeYcrYpCGmCTpXn5B4iI08wkBVaTB6/SjoO3SYzN7/Xb9XSXIhoQh/sXJSAhGauAWqQIV+SSUFIVX1d3vIBbktD52nHfX4daOropVVkURG+G+ZE9xkRkb4XPKTeaRDRnhNs/j6MBZgryRVn5Da84j/xn/jvl/9GFfnnyk5C/nJKR1RVADf9Kx0cPqztEUH0PoVHGBUXQqz+J9E9wq6UksLYlzxCQPgKxr1Jg9/jGvz/+TIDuarYHRKIIpARTI4+Lhl+Z6lZJTlBI0oxAmhJBCV0XrJT8+nBRDmpGfd7TARy16dYcUlNYIpELGqyuRfFW2sqlVJxDZWyUMNCjGBy9DHC7upkpgXN0N11S87EcJLIzOecyaFx8S6n/UVfGl2koBeJKM6XaJiOaYLbGB/vrk4uZ5SJyGHpVTBozur5ksnRx6Dd4p0l5j/qFNgYDFiucnZk5rPBXUcM3rBB0CPSzdkM/DigSEq3qDRqG+PT69WZ8Qw0dZ93MwBQigYA7BoPDDG/NQFWg3TodbnC89zLQa5bJeihJVMciWJfR2GdrRzc6ibx466osq721sCBv9CFEgf5BOdkYoClvMMGa7qcVnfbvHkW5zLUC5+IYHL07TD1ql3JTH29CKgjtGCx+QQXwFEUT7PsL/rSuLG5zFQlqe+RpU+2tc27qUTN8DSp3UyOvh2GGMj9eAUikVxGG6GpBJNPkMps3uSte2y3yeyW1BSWWc1yFnXpZFGTbdzFfjS0LPv4R0PvYbi4BzFBeyD/1tXfw3nxD0gKqiqjXhgMYrLKe8UZuQ2v+E/8J/775b947Y9/PYz9/u87Ee9t69Dr3km2L//vnThtt/LIIMIE/oqA8Ajm0fYoxrYD3zcFeCIGB/SWCI2oYl4Z9OtepQG5XGUT68tmKmMhCmgAogqtlfaQhmaTEHS1RLqn8ZgooHNe1AOXzlRmeN0lWrDsHwFMQ30av5jYrdExmko252IhWhBUtJE95KMl5l8dw9kcVsMHKIY1GKDtHguYhlgSEX0xsVuDYwTiUp3EioUmoTlTLbx/pIaaPxShgabu/CpT2S4DTOYbAJ4A5EFZq/NBNRtbEPN7l9FIBf/iQjL10Sxhdww8Z203id8z3TtFze8BkbEMuxwwaTUD2BfUyxmo1g+LSi4Cye08HhO1G5sHmcoqJXgC76bOUyx+pKnIX19M7NbcJ+IET+YZfIUJk+Zl2nmoFb2bfieozINMZb0QeIqI+wnlPEZT8SsTu20/7hMUpRInooyJSBI5iXtIKEtD9xBfkt4ser3NUsGrErvtAL4kmnVybEYlqnkvDeLmGm8e5S198HLCD2IN2T2KOyL6G0E4Nf1j5H7a4j/xn/hP/DfihyEPw5hSt/g0oz4vs4NG6jDZStaAn+vfNqOQq4Zl904xxiBZGnhvmlAT6ElpV5G4r9hoeDYUSopETrJfF70PGwG9sQ5AwOA1otzB1BJtNpHO5exoj/FEDc0m79tfVmQ99ABEZz1cme0tCMB7g5eZxpI4+lqGRmSQRJO8T6kZmPWMpigAfBJBCfvEmqyH185mPVyX7a1M1BD2BZZEY7N4oi9maERnbwGTJjMtaIburlty3jcDhjUYoK3L9lay3+DBy54m7htEw0NvjRJQRjNDndit2T0oiPlttBmYxvWzMRiwbLoPiph/K24GsM66bG91Bqat5Sx5Bs5RNLxhV4JkGs0nHKqiB3rZ1cn7tCbAOvulm8Sv7VZnewtYNoznDKPhjUSqZRrNZ5PznRFPsagaHJhoP1mV9TDN1qpsbx5MFW1voKn4IVqwrJpP1cEJ5dzVq3YlM4USicvucTvrYYMY67K9tdIHuwNl8dBxajuaEFZmaMSJL4lVQkbkElXiPolUC/ze8Vdke9temC0NDfpx0LuPE34Qa8juUdwR0a8FWKrSUZc7VYhxJVXByG14xX/iv1/+E//9L5k1rCaUmfHoMGr650rMwNq9sxmFXLWhIjF9NcAN+CFM4p7CeIRCb/MgsNu6fz7T3/tUQclXIpCgL4UyyESHBkAIGch+05mFo0Qb2O0uSTJ5uSr1ur3zYJrgDd1l78u0A1CUQWA3InJJLaspErFEAI2RAb7XqVj0IBLVQTS3gGAMBinugU6iDuymRXG+REN3au119yyKms1XFX7Ao3UMYJ1dsNnpwG6jltItKmbLHYvWfvcWhK3uPvY4qFujUWC3UXZL3BGRZKo3NjMqRQRvIq6meTOlhjw6ozEO7KbkdF/sqGa9W+67qS0JSGgqdpW6XGSLeI5xI7BbV+a+9KrvkYUC6l1MIEtDdwTKUsEqWVoWFdTtymW0x6Fwlob+8t9oFqG0rWtshfeWiTBYhMVYvrOvAk+kaMOb5NdQMTObxFbnV6duQZKV5XZ0ley8jUmuJ0kcBVHEf+I/8d8oBSdcjFdcxi541Z4ul6cHsR/Aj/9xg6rpX+mau3vnV41XvP/UukHVhteamGq0+eHpBLy/Xl0A4MfVK/B2HHh/B06HwzPwfK3i9NaLYkon9Dak2nlAtRdlUEXkcFlNkNx77AkDfrcpeD8cz8NB+eiLyrN1Ph7eUI6druK5eo4p1YGAA++37gn4XLO54DTc/AF82IF6Zx0mKRI5yT6ht8ByNUtYl6ERBh5hv+kLwxqXG56A593G5exsyJgulkqbKAgw6XRP8yBCJEUgO0JG7OWpmmyFUBH7AoB0r+ySOBpiVPpiGM6m4EukACaZaUGzESK5VCeRzBIhiWphU6FJEKm7Xbj5Mt78r7pf+2LUzOJpiBGIvhiGsykwHNGUdeFsA8v1W5ULgbuKStTYVGjSUXV7cLfD6dZuj5SqfTdcPCiI2QwondociQEsg5LXRu8boBQ1v2tCRAxqAoADvALVlEHEJ1PhPnT4AZxP3fFNebTlX9T/qkcb/niu1G8JLqqiNyVIHnZoc/EaAxjstPay58A3OvXuw9e7nf1bVw3NczaLVMs0IuRyJrJhOJuMesVduF41sI0QGaUSJwLbzV7YVHgPRQuWIfJlWhmGs2nY98AZyCXaCJE0AxK6Cr61210UTQgJvTX1OnQBrwzDOYCFuzT0jie0paHiv/8Hocqo1xTU65WsYuR+2uI/8Z/4T/w3rC7LiFJH31rUyAuLJ1hvPEoGFRAeoBIAZD8I7LaCR9sUEu/W9MKRZRDY7cGLGrwJ7KZMgAQVYySgAYgBGUg/ZyZ4iD4Sexs3LvoERCJ1pPi8N4snpaFSFsPrLtGC5efMxuUrEzUEnYkoEaXsKpo5UkS1ZoipfXE1gd0GjWENBmg/ZzacV1FvO2hMKs7XPJsjxVOlpWazSKPAbpqbAfxkUWPrx+WrMzANBFVYMkeKkjxni3FgN2USv0XdtQUso64SkT1SfGZffs/iXIb6HgmewD93Ji6fB1Mdxo2T7CixOVKERhPCXFTOvH68BOSriGj83HdrRR8JongVlNkcKaaCZ2mo+G94ByO34RX/if/Ef+K/0aNcSp64Dw2GPmlgDO3e2ej8Vk0sJLyKR/hzhIK21Rj/jWL6b6gtFLS7jJyIdgZBb1EbpC2oGUhOHWkmD9XaeoxmA5ORjzmRrntazSWV7YhcBEb3hASvKkqunwhKU7dBafam0GcvdwTC2++LcxbQqKG5EqmW2I/kC5uVxa3mccWl0lQcQZPUT2GtlJ3LQpRzHd0TGuApivcSVcURzoOJ4c1NQQH+W9p59Ug1ePyJQL4KWd+Xs7qvca/JVKiKARMAbCiY1CIzkGvnJcdCtCB0IWN4jbcCMHFR8xpQezU+eqI0D1ZeLpCqz8NTFZTc5bljIlUtxauKXt5satOP/V7fPZzKVdJgViRzT/Blvirq3NRSVxHUbVDY3BS91Ctz1t9IOTsvyQbna1iIEVyJxPCsr4+GQLE4UyGDaYLr3aZyXiJNpVIqjuEkqfhuk9CVmSX1UL6QV/OiLsyq583pKQql6Vl06hF6ForiXU4kmbxcsdhAf0loLIqtLYrz/SxLdSag55xoloISSN8T5rkZDb6fx1ScPl60NwWrtHXmrL9VHhhiflNUjLwF6qGEQXNWT0sZTj10QN9HZyIXbYW9mAC/PZ6SJw38h6IfWMtE5LAwVJBXmfqIiMwsXU1CqgV1PKfLUpNJzWZ8y1FXUlF7rXVSExpTX328IkAYPIUv10HJFctgkJK6Abiocy6eUlELvNKK7+brIMPRBKBRVYPJ3hQc1SsBfdbfKZWl5j/mKadX93cTnC9Fo7erYRgoW+FmefWSWp4/rAZCUzUwII6IS0VtAPQsXTn1WN/L6OzDbDRxQb1EO30JqjY0M6FKiqSo0r0VBJJnW1vNABJBNfMkjVJUj/BX6syv9MuvQguCOgcGcmF9U+i2wJzjd4Xn3Ogm8eOuqPvx17oNHazrQlHX7Cx6egrRqIAFoXe3/vjo1DNzdYhBks4bXYBqkRuZ7xLT+O6h5KS7Puf2D815gIdvx8dZVw5VpEe1NwUHRXffKx5enJMJzqc2RwSPSD4HoyEQF2cqNDZ+s44bmDEpZpbIqeuaUSleJX35s/pvtZtE82Rfv2edfRTfy5NMVVSVXu/WuxGfxNnayqyOFKUSJ3MStKANBkS9U39Q+zmYRSbkmSgNlrQ+0Gf9fWTeAx8E55vMbgLM1JX51m6bDchuuBtNJailojczSzTpd60TkNAaVPP6SEGV5gafMTMAHuyWUbKlipFGA8DsydYWCiSLri2YT8zZ3C9uSMihf6k+v2ACBKpmPva2Z11mmst3CYJLQ9e+jOW8IT8aeufnhB/EGrK7u0H2UVd/Q4e+FRQOEX6rFuNoVNvwiv/Ef+I/+cFYdDV9DRbXlmOr64uwHK5cj62S5ZlvIHF0ZTqJrtrT+SoiWb6e9FFBVWVExkQeCMWbIIaqkrMx4B+b5jxaIRxJXM+Bb/1LsHlQCBeEzkTyM2EMVCFYHnWd9WdkGFwwkWlTaXqNMZH8VHKvnB9vXUw2f2CDByABGc08piMBmQtKDQASMVD04YTXrCw2kl9KRAxT07B2cipcCl8Z5A9sUF0AE8lMC9oV+VIq5azWgoqFYnFXFRlICkMtP6aForME5WSMa4+lEvOwBTG/K4OQVAPBnBxfRzpCG4sx23UCiWphjXVsp1EkvwzAG+Pay0T0H+swRR80AdagllFUWCiVnm9OihANUreRihAmnpKsgvZI4Tlf4MCrOvOeuh4sA3DKKJKfqDReYV33QJNmpYKprdEQTJA+ytmZgS+xD4aR/FJ2FItbQW/mMq3vFkgnR40rugkwn3F5/XZ6mXVWP1bR/UwkP58ACb2SW3RMPjYxANPhYazitnMwPdjBxie0jjl+FFyeLpcn7YJXrZfyYPUM4PID+HFTL+XB6hWX4+Hn1AXZ9C96e9dlDPw8NofYhjdOe3oFyulwQG+nZ+DZen8HrgWpUi44vQFvx0em4wW9vayiC1IGVTwynXA+Hj6Box4M9YLeUI6druKM8yPTGbo9jww3fwAfdtAXm8sj0+WLnoDnh6kz3vRuj9/uBfg8HN8+xz7xOtx8wwN0t8tx6A0Y7vYwdTi+AHg53ureupczcDrseLHrUVe//Cf+i9dcSpRljDxNkDzNIzySlekrakK6HdbNJSB7UrGh2sO08yW5FWHdUnaUEwU0inAPOgGVqEw6q1sCoiKs87X5QQ6g3thEpCBDmIwpEHFRKQgqwqOuk6n/FSPQhEgLFit7Xybr2mZxXcnq2fs4rJsJMxKpXrupuEedKV9HNocMEZpigwSNMKo+5exdTjfDupEHilMhZfDY2qyoUetKRRX+M1QweQABzQaJsWHdTEtCi44N9SDSj+QZ/k/gZDZllsmqWKypEjV49bod/LDDSPQVUZzPQpM4+xKg1D4YhXUzu/WOS6WG8LDj0b7EZyCLR29R1TmrL5nLMKybrq4SRQBM9zmYzi7yy38j3PhMD1cU/EqL/8R/4j/x31C4MUhdm41x5m9Aau5mjHM4PwioqZV2jJOcz5fm0Ew+vzPBEGIvhDP7kgRCcTDiP/Gf+G843o+Cy9Pl8qRd8Kr1UnoyqZ7YuoEHoWcAlx/Aj5t6KT25r9TTWh9vAE5HVcJ9pdSjyY3vZkvecpZXXI6Hv6x7xfsKz2aleLr+UZvzL5exz80H/ryaVzoWnJ8Oz6VX9IbycTieUczC8vyYGjy9AuV0OKC3U7+6rfd34GQu+AtOb8DbUXnD2+Fwxkd/hH86Afrx/cfVZ8HlWTvpp/o/cK3vHee+0+l0HOlV4l3Vh5djL+QCvH08cBz1k+yXVXRByqAKszacD0fgRRUwplqxq8xZrU/Aqdf29qme6t+AqzdV61l/F6A8PW6ccD4ePoGjflo+1At6Qzl2uoozzsoHcPzsV/0LXrrR4Lmfwqfybl4hqGcTb1CP9zeYpxnl4/BU8Hks/a28M14eN87Q7XmNV7VUfNhBX2wuttjPN1xwPOPzFrVg/Fjj8Nx3LB9j6in/C3Q7fUK398eNyxc9Ac+rvOBULiecgOM6twejj8dXeLV+PH6c8XZQ7c/tPnHByxMuOB/Wuf0lT7qWvt6s6Yo9FXw8eHZ7AT4Px7fPsU+8DjevckSv9gy8DFyGVhxIlXB4B1Z0n7r2l34q78fD5/vjZ7fLcegNGO62yvVri157jFPfbeDmD6IMSsDLCmY3fJjdcHrgfH59fFFvZN/q3rqXM3A6rPSCN/0djePbGoeP18Fb5B8vV+cfhzUOp2I+tv48A+fPB/JvXf3yn/hP/Be1nTjAt8bPna135kKbbe35odUlvx77PM6y2vsvnu6mderSOZbNdz+dafFxxH+RXgs=)

    **图：efi.bin 和 dtb.bin 文件的目录结构**

### `efi.bin` 签名流程

- 主机工具使用 `sbsign` 实用程序对 `uki.efi` 或 vmlinuz.xyz 和 `bootaa64.efi` 镜像分别签名。
- `sbsign` 需要 `certificate` 和 `key` 用于签名过程。验证以下句法，其中 `dsk1.key` 为密钥、`dsk1.crt` 为证书，输出文件名与输入文件相同：

sbsign --key <key file> --cert <cert file> <efi file> <output file name>
        Copy to clipboard

- 示例：
    - - sbsign –key dsk1.key –cert dsk1.crt bootaa64.efi bootaa64.efi
            Copy to clipboard
    - sbsign --key dsk1.key --cert dsk1.crt uki.efi uki.efi
            Copy to clipboard
    - sbsign --key dsk1.key --cert dsk1.crt vmlinuz.x.y.z vmlinuz.x.y.z
            Copy to clipboard

### `dtb.bin` 签名流程

- 主机工具需要文件 `dtb.bin` 的路径。
- 主机工具需要 `key` 和 `certificate` 的路径（绝对路径或网络路径）来对镜像进行签名。
- UEFI 安全启动需要使用 PE 格式的文件进行验证。无法使用 `sbsign` 对非PE文件（如 `dtb`）进行签名，因为此签名工具需要 PE 格式文件作为输入。
- 主机工具使用实用程序 `openssl` 对 `dtb` 文件进行签名。验证以下语法，其中 `dsk1.key` 为密钥和 `dsk1.crt` 为证书：

> 
> 
> openssl cms -sign -inkey <.key file> -signer <.crt file> -binary -in <dtb file> --out <output .dtb.sig file> -outform DER
>         Copy to clipboard

- 示例：
    - openssl cms -sign -inkey dsk1.key -signer dsk1.crt -binary -in <foo.dtb file> --out <foo.dtb.sig file > -outform DER
        Copy to clipboard

    此命令将 DTB 文件的签名添加到单独的文件 (`foo.dtb.sig`）并且不修改原始文件（`foo.dtb`）。因此，主机工具必须同时保存两个文件，其中 `*.dtb.sig` 文件在 UEFI 安全启动验证期间使用。

### 使用主机签名工具工作流合并 DB 文件

要使用主机工具合并 DTB 文件，请执行以下操作：

1. 准备 DTB 文件：将新的 DTB 文件放在 `dtb_files` 目录中进行组合。
2. 选择操作：在 `config.ini` 中设置 `operation=combine_dtb`。
3. 与旧 DTB 组合使用：

    1. 要将新的 DTB 文件与 `dtb.bin` 中现有的 `combined-dtb.dtb` 合并，请设置 `combine_dtb_type=combine_with_old_dtb`。
    2. 确保旧的 `dtb.bin` 在 `unsigned_binaries/` 目录中 。
    3. 主机工具从旧 `dtb.bin` 文件中获取 `combined-dtb.dtb` 并附加目录 `dtb_files` 中的所有 DTB 文件。
    4. 然后，主机工具创建一个 `dtb.bin`（vfat），从旧的 `dtb.bin` 文件/目录复制所有旧的文件/目录，并将新创建 `combined-dtb.dtb` 的文件/目录与附加的 DTB 文件一起包括在内。
    5. 主机工具将更新的 `dtb.bin` 放在 `unsigned_combined_dtb_bi` 目录中 。
4. 在没有旧 DTB 的情况下进行组合：

    1. 要仅合并目录中 `dtb_files` 的新 DTB 文件，请设置 `combine_dtb_type=combine_without_old_dtb`。
    2. 主机工具从 `dtb_files` 目录中获取所有 DTB 文件并创建一个 `combined-dtb.dtb` 文件。
    3. 然后，主机工具创建一个 `dtb.bin`（vfat） 并包含新创建的 `combined-dtb.dtb`。
    4. 主机工具将更新的 `dtb.bin` 放在 `unsigned_combined_dtb_bin` 目录中 。

![../../_images/Create_sign_DTB.png](data:image/png;base64,UklGRtwRAABXRUJQVlA4TM8RAAAvp4JfEAfDILJtJff7x6lgFeifyZ2LhmDQSJKiOXwGC2Th/WtinnnGkWQr2f9xJwE9EwD5H4jI7e0qaNuGMX+UY9AdAEsAAPz1y/5+SNpfQwlM7vg+0I2kU0QKRaRQdFIoIokSAAfgAQRAA2gADaABFID+y+SOtJ4JHeVC7SzX/+tXAQLdIsKYfhUqMO6/k950mP31lstsj7NctD3OetN6O9tDywX7K9MBJ2XchYJhk/lcnDT9uqFof2f1uNM+ZHxCOs+EgAmRvG2Fec4liSDL+DTl05RPU0IJm0GY52yMRUVBKGaTSFBEtA8J5uI2UHQTYZxmWsHbtm1aG7vW1lddSVDeX5T394QYLNSWsVpWy2oZFanMyZyjmExCwmROOjDm//8Z1FUFkmVkVV4U0X9KkCQJbpsc+eSFFuuGeQeBwBGD9ztrWlf//UOp3//yp3axfvaroX7zo6l1rJ/8dpDfTqff//rXrGJ94wfTH/1+iB9Pv/MVtIz1le9Nfz7o9x9Yx38QvzqdDvjtF9Nvo4Ws701/M8Q3baTvXi2XJkeTpJpSQJ0m9kUNuZJDfQQVNH0K0Rq0UBxLKwpEGwNT0aqdNh12z3uaKnAtDVfk3e+ifRGI+BIKaO0M8metyMndMohCHTESIG0r6KrBKgHIdLmApNF2dZGrXZ1oJUBGFeAixhliCa4hcyIlNEoaVykAJB1686SLDZSIWYzoQmk5dJeQ3wtRYdX9auMU2yShh0EDBbqJ1EhEGbcDJEmLOdWKEmuIETNpypwIelBlojFuYv1WZIgCGiyF9bhaLsjdd5yRDFgIRKzBJdKYrFcbBi6U/WooTQOZYSFFjXFhyKxyKnkX36QAl34zV8RYC1lgJu3HQnGM5K97egxksfGRbJwh2fdNF4u8XwWuSRF3c2XuQm3IrBGQolEWa7etBjdLiwTjwn5Ikh7J0ZVmNdTglnEZYz/IoBoGRRfT7eI2lgTGuXHg5i0dJMcYNFAZrxbLBF2QmcrcN8Asbo0D0WpP4mZStBjLGO2I3ikyQZRy8JS8u7wA0xSppujIEw4SSlNmA0zkoClYAomTWRIDFkJsRP9CBV2oVcFiHc2RC00JDdI7aW0hI1dkhHkhRFcdUTVU9vT8l6v/rv771xAmH55OrB5nlsrtnp9e3Vkpk2f+6f3stOoj5zMb5Y4/T/DU6pF/tFE+8Ac8OTd8b6M88fd4esW5nTL7F7VaCdLmqaArSd64mJbAhERxtbYJRAEVeTsvu6dBzKFCpG92qL8Pl4y1WBVqKZIMTZLUzsE87ldpHZLiTH+LOJHbQDXUvUpNJjoFuA10VWGVmJp7WDktFD1IBw+iVkOZIN00QN6Ylm4sndwIVNWI2pCMjYM8puzgBnPhUoXAQrS6Uh08wuKpoeyFoqAaqKRE4wBzmyeLcThMJJS6QqDdk0HVL4NGU4BAXaUWER0p7d3rYL1Tkgo1rcgMsACQmWhJcw97ev7LlX9Pr6weZ9bGK6xHS2P26uoD5w+XsTNQ9/zZkkLOr/67bN0+85Gt/f2l7pmPb80udHyEPVz998+ndgFj3uoQoaPZsvVwa7YdmCJ0BvDnmogt7YqdM+d8xVanx58PR4JZGHOfXM87jKGsHofspdtwx/naZ2xB9u+lw7xtyJi/U7oAQUQ3EQsDxlbKoou1VZF95iwoU4o162qrZzYcaowF3pz7jLF5Z9FlXFkTW7Y2RVjynR8oc84DtQurFCGNo/O2fMl26v4/4gsn4pGjQmq0FNrGkNnwN8KWr5lp4+/4km0sjLlHZmzo7rtkZIb2mGHFdpolzbpTO/aOrVQ+w4CkNQ1MmbW/MhZDBt7CwvAWnOy1ukhH4/VZM1JLHnqciNSDCJWij/GmRWw1xNy3LhdHR2a6c1543LhZHGRnecx9fb+e+3RgcNhgw5bU0onMAyfqZzqUvNDmDPjOWZDnbU1T+qk4XsD78MDb8rWz5ZFnnGJMEQTcmHlFboo+ZcM22pTQlkwh1woY81ec6wsN4JGF+tCFvJX2DFhImVNsHbY1ZV6SYCpEoO7f52ShUC1kT88ruPrv+onnETazpO9jzT/gpW3E6yqzR35nSd3zJ0v6OSpu9vzj+9nY1wPnD5cvvONnoR7xAoY3j0+jXx/v8MLxlqir/67+u/rv6r+r/67++zu6v/znFxay/uMvQ/zt/z5byPrfv9nTi6/+s2ZaKDQ5iAYquyVJ6Z6ev6wKarR5KmiOJo/RkkoTu8aVANLtFACixAQASKg0RnShRMxixEKAKFTQLBZKm0hXAEBOVAlApoK7iHGGWIJro8QSUcYtFqLBAirDpgIXC3WoxEWXqcsjik7Skk2StKZNAwW6icRWlFhDjJhJtEeAVk7vfFtRYC4QMW9MA1GilKKbUJM7Z8wFuZaijieTNNa+mZMZFlJ0MQsbNchiLYcbx3mJaCIzFxpRleoCLZBGQIEm9OhRkYq4mytzF+pLyOT+44l9+qv7yauBWOZx7JoUcRljlmXpALEU7TA11OCWKu4F5PaZn1ztb09cIVo6KNQxIHITF2SOZRyXiHHeN8BEmgeJNsBYJipudgGZ7Pnz/eyk6v6Z7yevZEreTanpnTHSilUCAS7qU0xcUQyZgpipXBLKC8g9f56c3BH3iX94RQuRx7sppAR9KCITRH0hEyyhJM/bmhdSaRqVsb2APPE7PLl6P8qfrfQiMjs9s+v0WgnS5qmgK9kgpkArxYREcYlUEAVUmMct2j0NYg6VlsHwApSMtVgVaimSrOdFKjsH87hfpb10H2cdFwpEkdtANdS9Sk0mOgW4DXRVYSEACvogpbFyWij6tEmCRK2GMkG6KUSFNRR0Y+nkRqCqRtSGZGwcJBllBzeYC5cqBBai1ZABpBZPDWUvFAXVQCUlGgeY2DxZjMNhIqHUyRTtngyqfhk0mgIE6vJY+0F9Ke3d62C9U5IKNa3IDDAFSGWC2AhLttCJ1HUqzw+vrO5vrI3XV/s7O+Pm4dXVE+ezy9gZqI/8oyV1y/eWFHJ+ldntRz6y9XR7qXvmo1v7m8vcjI9w3Y2029lp1WXkYZS9P7m/LvcfJnbKA+f7p5OqZ84/WSk36n/WidVsz+9tlIdT/BmLO/7JRvnI70/PhHPLYMRezvlnFruAMW91iNDRLJ3okGxDU/jzfhFbatZsa1fsnDnnK7Y6Pf58ODLXwpj75HreYQz1VtVKkG8gzlLZhjt1R81IitALGQu2QTePUCmiLhaLeMTCLs5KWTDmbzsrh/kBZUqxZl1tuR90KUPDn3UhFh2fMTbvhE6XfCyc9tuHFkBLHNbO7u1jy9Zcq6Wz5mtn2WFLvvO6eVtDCj/QedsuwE7d/0d84UR8TUJqtBSmDb0pGr+LGho3AeeBF42Ek29n10JxzHZ2bx/eQnusEDr6IxB/rqVYsZ1mSbPu2IZ381Y88MyDwBsyWHjUhq16ByT5mYN5rDmwnd1bCt1VyV6r8Q1ovD5rRmrJ/QUVkQcR/mIAlVe7j98NudgJz50aaurwdnZVApC2tJ3dedNA9cIXR8e2Yru+e38txUFW51kLBXVwO7sGCmzjdKw2OQBkQ3dtjPOBBNAqTsfc59pjAi+kA92Bgw1b6rnN5v4hgy1bn+NBCzl1nHZ2eTxSZNygmyRHhoi5OK3NzlmQ520NUwYg35IFvA8PvG2Xcss35inGFEGgT1FRV+pgCPQpG7YxTTmbm8Pb2ZXq4BGjRDuIa6gH3/u/FnwbMOavONcXGsAjC/WhC3kr7RmwBV3InGLrqIXm2kJLJVIhyC2bk4WWZKHzd3FJDW9nZxxgPlJa7UGDS3btUkCSCaygiCFuEEVuytBKgFwURuYPbCZAFMRIn1dw9mQxUge3sysEjhfMtV9KBQU2sSJblLFiypAkLWZgZvgAfPqH3LtYZFBpDm5nV4HafTpSjtGUMoG0Iug3nLlCXjlpO4YM5DvStk8BLv1AkXFGooy4M/g6mObwdnYFgMxEi40Yp4XaXKREkh2iAref4QOaGj6EacdynU9YQW09ldB0GiiV7KCBO2wgWm2Q04HV2iTSRZSiVWoyZSiUx5hit2BOH+EbFpJDkYUyOHChi9YYVRYf9mpEefgXzI6p4kY9bBgqychjiwvd66vHCR5YhQAY9o/hsUWD59b9Wx3fT171ea+TMXY70sa/bj/xx1cN78bXI77R4YzvXze8mY1s3eBb2/G+zLJ+ASLHpDljX7BLRSbdl1HGrWVTiRZfBqapZZPk+FJqaKyaBmrjK7CJlEA/zGRC/gO5KABki1jGJEebAiSNdrpknFs1JbTGM1oSof1YATklJsccMmzjjOYQOaZJi6loqVReKm4fRrbeH2rYTwbQn4pIY8wkOdWApkoTrKBGLEpMJKKba3Jxobjjo1ufDjTsjGuqENpPmQsDlJAXiFiBzBvEY7t95iNbz+9H3n6M29m9oDgjqUywySVUKlQO0uB8fcFuxt25Ot2o1H4yoG8g4z6VulQmqC6toaIyecbOf7lENFD3TGnIlBoyRJmaLtbe+ijpphTQ6Fc7Y+cTXiIwyc0LJcaF0lYf0IXSliwUl0g00NgjL/A6WJLiEStN0a7BTL6QKm5tG0yrl5E0aKecZP3TnJNou7hl6+HWbDswRegM4M9NDRhH0kg0rDTdgLPnCG0XT48/H44EGyef//vLQV5lw8qz7lTaLp498Ke/DnEqX7GXcK4Hx2m7uPYZW3BO33je24aM+TtD20WyGdZ2ceszZ0GZUtC2i1pmw32PCuHNadvFzqLLuBoZAH/83O8EG1buVKzoyA0rt4HhBhi6BJxNQx5EbGl/RWXOeaB2YT8wtF0kBrVdjBwVUqOl0DaGzIZ7qS1fM9PG3/El24wNgC/+0OcEG1Z6cx4FPj9mw0oa1fc1vvqKs3Nu7pEv04buvktGZpjaLylD2i6qfIYBSds/MHUUcxZDBt7iGP7/82upvwKtP39pdnoNK1dammM2rKSZ10tqQ7pYnXXegn4pdJGOxlMGtV0MPU6QtosqRR/jTYvYaoi5fwz/9sVrqX9XyCyz02tYGTJS26M2rOyyzsOIU2u2I872xdGRme6cFx43bhYH2Q01PoM//fnoF0fHtvD48RtWch6FcxaeR0dpuzj36cDgsMGGLQ1P0ZgHTtTP2Ek0HDYYHf/1Ze/VTq9h5ZJtj9+wchfSFYjdmRscoe2iaUoPU9tFZVDbxcgzTjGmCAJuzLwiN0WfsmEbbUo4OlO++DzgedvTa1gZeUHElx4/ZsNK7btiT9sZgvM25RhtF/WFBvBMCw1ou6g9AxZSphS07aKxZSMJpkIEc9p2sROOz0J//J9Br4OdXMNKbaHtkRtWbklUwvCpKi758wq+/HJEzyvYsZUFPf/FX5A21daT/njFnp73evWflXU37p7G1/5mJEz2b+1+lZOHp5Gtj7c4EvBuP8K/j7QRr9GAOBvZmuCl5A3wBfuX1D7wh3Ngcgm74/ubM+CRP12+8BPfPz6MfT1zPntbvb6wvxtlkyd+Bmp/h2+t12tvRpWxPfXo1/sJnqy3Yr/Kt0S9vTxc/Wd/RGxpDXnB0MPCOloztusNsrWT5nNvaUVFzir0uKlbAO3TqTeupCI/2OmtPyPSf84hbX+Ys7Jolo5qKGPqakE3hsaVhO9HptafC4dGWzoq2Nqe8eece4t+hsZASuBF3NT6c0O6r2k5w601s2VrNeEwjvpjQ+tPcjSpR9I7zwu7sTUTMlKrg3iBExn7JPKls6EZVqHn7awZL+Skqd9hA+4H3ND6U13J99VyK/LftGXWtBPnku1or1qns2GbXjtnaWr9yblPDpXQ2aqDxpaZe9pdc6j16fRpn84epC+r1vpTO5roSowt7eb5L6HxBV6raees7ag5W9rT816v/rPc7t7u3l7vu3qZw9vnEX4f60vbiNf1KZNL2CP/cA7c86fL14zzh5vR//f7Pb+7fOEjPwv1iBcwfP80/p7u8HWwQnX13zUzv5x+x0b6/hC/m06/Zh99Y/qjdwPq59MfWMdfX59OfzHE738ynX7vmzaxvvW96fTn7wbV738+tY31Q/3fB1zhV7+wivXr37+76l/vAAA=)

**图：创建/签署 DTB**

## 多DTB支持

Qualcomm 支持基于同一硬件 SoC 的多个 Qualcomm 开发套件。例如，QCS6490 开发套件变体包括 RB3 Gen 2 核心开发套件和 RB3 Gen 2 机器视觉开发套件。

每个 Qualcomm 开发套件变体在内核中都有自己的 DTB。在启动期间，UEFI 根据特定的 Qualcomm 开发套件变体选择适当的 DTB。为了实现这一点，将共享相同硬件 SoC 的 Qualcomm 开发套件的所有 DTB 组合并存储在 DTB 分区中。

### 生成组合的 DTB

要启用多 DTB 支持，请将所有支持的 DTB 逐个附加以生成组合的 DTB。

![../../_images/combined_dtb.png](data:image/png;base64,UklGRuQDAABXRUJQVlA4TNcDAAAv0QISEJehoI0kZR/8W71n/l0bCts2Uvqw/6rM/70qbNtI6ev3n/XwGco2kiQn7b1GqzTIBJvsSQAfiwAAwH/uRn73PTQiv8tJoruL955PkvgAeGXMFA+IvYRPYgBwAhhirBccVsRx075S3edTW3j/6qO57+ijOXezJNae1p7WnuYa9lnG7M7dxuzuO1pP71/7LOdun8/nM2ZH+yDR2ra2bfz9HSZ7J4rsKiKqomISXHL/VyeGfgl1iA5H9N8R47aNNMaVHJKFbVzv79V/POL+Oh/H1Y3n5vqIcnF8ODn33J5QPo5Pp77jw4geN1k21mN82e93c4z33Uzj7a2v52fapu96puXo7333f/lnFuwe2J7eNzTLAM00np+Jfqpt2m1onrHZEf36zyzrl/c107rfZVpE316YNq+Ubz3uuXYZF+Hgv4P//lpTwoVtRK9CJHSQELQM1F03rQ4uVN0TiIUgGxTqKVqXXMk1vk0NItGQhF9o5ZHGdWxKQTfacrhNke5HKHTLCGBLLqB15/jGAkn0yXIB2pUTJLFlGtsmLqDutfBCTitIlQtoAxJLiHbrFGxBXmiU0YRIwgrvjKanV7msbXgWbILzdc+7GTIuLw0lSCgopmnaJGDDc3jjl6uJtjAVUQ0rJiWIRAvUkTYNd99TWLuUELXomEi7a27dUJUGFRYlQ5iHgPFyg2Ua3SaGSB7Sr1FhOzV36TMRw933KCuXE2Etl/HzSCI8SzK1TiN9KgFhLUP8UplEeIkJ8bovIatFJHIJ4mmhKZkwXR5pY3dFJKqJhe1hKRSaUANF0xq+4LO6X1hFS0qH7aDgWQuRWAk1KJhZEsUKSqHDNi6cEu6017EUZAyr+8oWixDqmUIb2WmaFVNGmCoxTvelW7cAB5XBdpaDQkGGO0E0nwFJmLCM2lqRdjDcfe+0RaUAe4pEk1bLnlJCR3Zs49s0LFpveD2fgOFMiZTVxZ52X0Y6dHxtUiV/Q1sYt87t0ujQcSnU1KJORsIQW0t6WalGvLJTG9QpNUBLPKVyCZW2340wvk3cAQqqvW1UdvoNFR1QR/C67wbL6tV37hRNvoSvvnOn2CKWA5okr74Piz7SVUHNaV59jxjufmIKDX9dWltYwV+XlDCo+OvSktD8dfNjGkFcRlJSXU1sfaHjjW0Tl/ILldbr2PSakni8GtJr+euSK/jrUqv562YrR7+L9eC/g//+gvOacW32TJR1f2H/K/9fUDxl239BsV+P+KcqyLL/VOUVL2tiI1pvsmzk6H989T9rJxnZZ9/N9VE29vHyzLO6u87HcXGz+js6VgA=)

例如，要为 RB3 Gen 2 机器视觉开发套件生成 `combined-dtb.dtb`，请组合以下 DTB。以下代码片段来自 `meta-qcom-hwe/conf/machine/qcs6490-rb3gen2-vision-kit.conf` 文件：

KERNEL_DEVICETREE:pn-linux-qcom-custom = " \
                      qcom/qcs6490-addons-rb3gen2-video-mezz.dtb \
                      qcom/qcs6490-addons-rb3gen2-vision-mezz.dtb \
                      qcom/qcs6490-addons-rb3gen2-vision-mezz-hsp.dtb \
                      qcom/qcs6490-addons-rb3gen2-ptz-mezz.dtb \
                      qcom/qcs6490-addons-rb3gen2-ia-mezz.dtb \
                      qcom/qcs5430-fp1-addons-rb3gen2-vision-mezz.dtb \
                      qcom/qcs5430-fp1-addons-rb3gen2-vision-mezz-hsp.dtb \
                      qcom/qcs5430-fp2-addons-rb3gen2-vision-mezz.dtb \
                      qcom/qcs5430-fp2-addons-rb3gen2-vision-mezz-hsp.dtb \
                      qcom/qcs5430-fp2p5-addons-rb3gen2-vision-mezz.dtb \
                      qcom/qcs5430-fp2p5-addons-rb3gen2-vision-mezz-hsp.dtb \
                      qcom/qcs5430-fp3-addons-rb3gen2-vision-mezz.dtb \
                      qcom/qcs5430-fp2p5-addons-rb3gen2-vision-mezz-hsp.dtb \
                      "
    Copy to clipboard

### DTB 分区

- 生成的名为 dtb.bin 的 vfat 镜像包含组合的 DTB 镜像。一个名为 `dtb` 的专用分区存在于 Qualcomm 开发套件中。在此分区上刷写 `dtb.bin`。
- UEFI 解析位于 dtb `dtb` 分区的组合 DTB，并为硬件选择匹配的 DTB。

Last Published: Jul 24, 2025

[Previous Topic
系统初始化脚本](https://docs.qualcomm.com/bundle/publicresource/80-70020-27SC/topics/system_initscripts.md) [Next Topic
在 Qualcomm Linux 中管理分区](https://docs.qualcomm.com/bundle/publicresource/80-70020-27SC/topics/managing_partitions_in_qualcomm_linux.md)