# 使用 systemd-boot 和 UKI 進行開機設定與安全開機配置

systemd-boot 統一可延伸韌體介面 (UEFI) 啟動管理程式提供控制啟動流程的選項，並載入使用者選擇的啟動載入器。組態檔、核心映像、initrd 映像及其他 EFI 映像必須位於 EFI 分割區中。

若要直接以 EFI 影像執行 Qualcomm Linux 核心，請透過 `CONFIG_EFI_STUB` 建置。systemd-boot 支援兩種組態：

> 
> 
> - 類型1：
> 
> 
>     Type1 組態使用啟動載入器規格 (BLS) 描述檔。您可以在 EFI 上的 `/loader/entries/` 目錄中找到這些檔案。
> - 類型2：
> 
> 
>     Type2 組態使用統一核心映像 (UKI)。這些映像將核心、initrd 及核心命令列組合成單一 EFI 可執行檔。Type2 提供更高的安全性，因為 UKI 包含裝置啟動所需的所有資訊。簽署 UKI 映像可保護所有包含的元件。如果啟用 UEFI 安全啟動，則系統只會載入經過簽署的映像，因此簽署是必要的。

如需更多詳細資訊，請參閱 [systemd-boot](https://www.freedesktop.org/software/systemd/man/latest/systemd-boot.html)。

備註

若要使用啟用安全啟動的裝置，則必須進行簽署。

## UKI

UKI 是將 UEFI 開機虛設程式、Qualcomm Linux 核心映像、initrd 及其他資源整合為單一 UEFI 可攜式可執行檔 (PE)。UEFI 開機虛設程式會在 UEFI PE 二進位檔中尋找核心啟動所需的各種資源。這使得可以將多種資源整合進單一 UKI 映像，並使用 sbsign 進行簽署。Qualcomm Linux 使用 sbsign 來簽署 PE 檔案，而像 DTB 這類非 PE 檔案則使用 OpenSSL 簽署。

如需更多關於 UKI 的詳細資訊，請參閱 [unified_kernel_image](https://uapi-group.org/specifications/specs/unified_kernel_image/)。下表顯示 `uki.efi` 內容：

| uki.efi 檔案的元件 | 目錄 |
| --- | --- |
| Initrd = Init ramdisk | `initramfs-ostree-image-qcs6490-rb3gen2-vision-kit.cpio.gz` |
| Linux = 核心程式映像檔 | `Image` (因為 systemd-boot 需要未壓縮的核心) |
| Uname = 核心程式發行版本 | `6.6.52` |
| Efi-arch = 架構 | `aa64` |
| Stub = System-boot efi stub | `linuxx64.efi.stub` |
| OS-release = 作業系統發行版本 | <ul class="simple"><br><li><p><code class="docutils literal notranslate"><span class="pre">ID</span> <span class="pre">=</span> <span class="pre">qcom-wayland</span></code></p></li><br><li><p><code class="docutils literal notranslate"><span class="pre">Name</span> <span class="pre">=</span> <span class="pre">“QCOM</span> <span class="pre">參考發行版與</span> <span class="pre">Wayland”</span></code></p></li><br><li><p><code class="docutils literal notranslate"><span class="pre">VERSION</span> <span class="pre">=</span> <span class="pre">“1.0”</span></code></p></li><br><li><p><code class="docutils literal notranslate"><span class="pre">VERSION_ID</span> <span class="pre">=</span> <span class="pre">1.0</span></code></p></li><br><li><p><code class="docutils literal notranslate"><span class="pre">PRETTY_NAME</span> <span class="pre">=</span> <span class="pre">“QCOM</span> <span class="pre">參考發行版與</span> <span class="pre">Wayland</span> <span class="pre">1,0”</span></code></p></li><br></ul> |

### 映像配方

`meta-qcom-hwe/recipes-kernel/images` 包含以下配方：

- `linux-qcom-uki.bb` 會產生 `uki.efi`。
- `esp-qcom-image.bb` 會生成一個 VFAT 映像檔 `efi.bin`，其中包含 `uki.efi` 和 `systemd-boot`。

`meta-qcom-distro/classes/image-qcom-deploy.bbclass` 類別會呼叫 `esp-qcom-image`。

## EFI 映像

EFI 映像 `efi.bin` 是儲存在快閃記憶體 EFI 分割區中的 VFAT 檔案系統映像。此 VFAT 檔案系統包含 UEFI 所需的映像，以載入並將執行控制權轉移給 systemd-boot。為了轉移控制權給 systemd-boot 管理程式，UEFI 會掛載 `efi.bin`，載入 `bootaa64.efi`，並加以執行。systemd-boot 管理程式會解析 `loader.conf`，載入核心映像，並將控制權轉移給它。

如需瞭解有關 EFI 結構的詳細資訊，請參閱 [EFI system partition](https://wiki.archlinux.org/title/EFI_system_partition)。

下列為來自 Qualcomm Linux 的 `efi.bin` 範例結構，其中包含 `/ostree/poky-<sha256-sum>` 目錄下的 systemd-boot `bootaa64.efi` 及 Qualcomm Linux 核心 `vmlinuz-<version>`。

> 
> 
> ![../../_images/efi-bin-ostree.png](data:image/png;base64,UklGRggNAABXRUJQVlA4TPwMAAAvVwJjEP/BoJEkRf3g3+ox/8/YYNg2kqIc9V/qM//MMGwbSVEe+m/1mP9n2Na2LWObs49ORArQll5lY2TJZgIA/PvdJJHtl8gmiWx/Fses1/f9JJPF4fml0fZBYb9gc7iAwfFKYXfoLmgNgfgDSocH+B0XQA1UQAU0QAVUb396xkhlyWv261e24vs/cY7a0ex3C1Mw72ne07yneU+OrWfpZxfn6HxH3aswBbI4VrZCFli0taeRJKl/jWe9994UTRKFKmYZVLDLvv9rJRIZVW3OKc50RUT/adG2W7eNDlbRZaXSXIAw9WhFzPebTwrtr7/9018Wkv3hNxN+96PPaSHZl3/8leHXP6G1ZF/85W+an321mKAf/lPz0y9XEz/41+k/p6S8/fYoj8uHy+NR8KoXgmExYliOiOuITMMi/DjSJ32o6znSm9cLj0dtAbnLUfse12akGevqOf/pP++Wy7KCTv85/edEhMtR7u5W1XtADw+v0cO4WnFEsQI10ERAg+6IsW5oRKHv5CFE0v1MAFEbW5YOJEK5DRV9nwhYQoTOVPOgyESAYvlsbrZ2c5sIWCJ8h6N2Mc5VWVGuqT++qDb7KitqN1yt+iPPzRTr6jn/eR3r6v2y039O/zmR5eEol8vR9hf3q+o9oMvjq14w3j2CtlBI8EcUdsSB623OhkgMt3DYeyJlGTdIWBYfKsBEsQE7ka+AuAwg0Q60SOZIHtHMi10MGaiOAXDCkiARI/ieKYKpVuebKJcQqDZzpEndu8ZZwz24lpV7sfO/h4N2mawn31ldme01YCPa4OwHhjnSFaaESLmSoe/jRy967h6eTsumXUEcdRwRB67gauZItu4jvAXKXsw8sz3V7c0Twx6J4QYCZV6JHcJf+Dzb5q43V6GIQKU5V2GPNIQldQDrcgvEsjDoh3YjV5GUBHhzJCWMydILUQFaNKyrdU1ffWZdva+xrt4vO/3n9J8TWR6XFfg0ksaHSPgkj8kqkgJUT64C9Qp3tKAWnPSLhklXgdyc75ly9ySgiESlESOuG2dX6R4qRKjv6kOpRAGBQSuDx6NmsF0FQgUghKQQDIuLg8tRu+mq3HBl1hJl6WyuQr1QaDI2uwpKSBSrZyyg3WJHq42cmN0A8NWtq78/Ov3nWbmsq/fLTv85/edEhMtR7u7W1f931iteeMR3uZo8A35J4cCLynnEtcETu19I7W1QhiarUGpDjxGALA2e2P1CmqcruXlXxSqUPsSuD/fE7hciNOhMFHarcIjhtgTAUbsontj9QqPEEFmF6wCip7kndr846FYJT+x+ccVsJhGrcJXwxO4XVwL41m5Lgff3749O+6HTf07/OcHlYV29B/QaPi1/7wmzKKk+kgfQCBWZMlAdeQHyosE2qSiVQmflIETcg2uZpLqAtDB4OGoDu+h7adF+AJNaJp67ElXKemHepMLlcegJ0P0sMEzWzIdp+x3f9pljLSqsmz9im1Q0IXUhVzS5BWKhVh0Jr53dgj5SQlNQAVpUoqpfV8/5z+d4WFfvl53+c/rPCS6H5dzfr6r3yx4ePsEkIr6HJLwP2nxFfj/wiEdhPAuCxjgg5RnI8r4D1ikw4cWO9NEkY1ibVF8HdrJLwzlRa8E1pS0fJyJrwUzkcxXSuvej6GDCKLQ+UrF3p6suEe1aEQM9qVB6muRAR+8tRUl0MjRNiG2Std0GaNApMUeymZvEtiGSJY7UKylmVBLtOhGUKvgmR0fRq1x5KEtm3GwUSavw07ENdEuUDv4AVcjI/Vi6xlacymhyPVPoam1wqmKnoeM05CFYVQA0TYaSo0h1rrZxvDQrCa/HMpI0pTjDeTAxvM0B3ZgiuAdXK+XmfcuWITFhM1GbACdAgzkmtpEcyxC/YdP5kmyCpAxPG/bncY3Voupdi0zdmXEzURA3m3/fdzsMM1HT4G/TmExIHzZSO1o0045CGiOQAw9iBZJNuZnnuKusRQQ1VvtQ3c3ITZQyRjiuAnWw13ZlZBhsBIahu5SJth06AR0tKHUJ9gsiwBBQy5VSlGTGOFJUAXebA/OFslGLqALsrBOTR3xRfWU7m6hNgFcqwKb67JFMmwYTGwNgo28bquuupJgvuhQaYduvfajAyFBDr6JnbK/bPthRVCEXUTQ2wd6QQHr092qyc0uUDZ5QVVDS2kg2rmZC+sBpgaTRhkSsBrs0T32nDd58FVmfz9quJoxdqwi6cJxOsK9ZHQmbVTpms9xd7p4EqgBbNpXm5+RGRltCoKrnv9KUxCKmzMwAcgsGjzQk7N3p71a2OYhQX0sT9Zi6qijSSMVGfHVtzC5RRz0LUOU93MK0aTCxDWf16fmxaAfAzI3cXUAFRlkWNZatkm8ypmpXxbR9MKNIZcyBPEgwv2+TKAT65DybLIrcFGWCv+J8KyQ9kPRR8zakDxxdWaUSUd0jah/jXClXNUBwZg3wDX56hnZND6CS64HuBnubKB1V57Lvu/l+76TI88moC8VeyWjTYapIAvQx/RXWxSlqtL3+1pFgo11d4QQwMXabgy2rk6CJmqq6yCvXDxWuVD2RbQDyJGobYKOR4FuYNg0mtoHVpxGFK+pyhLTOCKFgSgmslGdREYXdtH2wo+gm18o1kx63WRSZKfSsgcnOTVE2eCSlTbKaZq7YkN57/vPfx4P21uIRJSsNEcCViDDGDGAMGyhhQ8bAVTPozdvZ9orricgo1RcgKtUJqgqMi0iW2NBqsdpcUWcOgYktIU7KRyGZBlQAQdAX737EWTvPc+CQxNaHJzHX5Z0kK8b8EXuyUc8DbPkWpk2DiW1Gyxo9ddqKVGV8xaspTV3/s1KRdclN4rCjWEWdYLRWO2636lvTdHZuizLBm4HzA490xYb03rN/dzlo3xxzqaoSKiPFk6lfVTjRhjjczV97UOkcImdKbznoO6/IN4uGqLF1e/PKFSKajB/DWSJmN7qpa+V60vUINgeJFSbqxnZep1zIODO7mKhNgMddIGMeYe7MJZUi7AozOwZsAwc+5sJ0FGdzoBQygzyJwmU/MJtVdg6IMpuPOBvSR2azqsEd1QxjJl+jKQBGoIxoq4H1zCTVKec6z5SO/LPa7KpOx/gjSBOnw5LmyGgrzY0jpaGtelOGXt00xolOJBVwZ+IezCDHWmwOtEZ4E7XUEZUbcapy3EbWRuChs41aB3h0s2nTYGK7MtGnbwGjwqtrhOQb274PoXNQYnhsDnozidg49MC5ntXMoEPX4zaJgprYm3zfWUk7IMoEf2SzDekjsFuY77aB1eWSstjU7dSm8ymAICUo86anj+plENSzrYnSyW4CTNAnZ6YJQPFktOmzJLzR1vSJX0XBdAOGqpysY4gYP7c50A+vbNRe9K2toEbSD9xUoQPFRm0D5H5wN3WHp2PTGH3m4duVyWPEbE6uvtq8154p1OluJg47itE0gVCFp8btyENJr45kh+GWKBs8RO9W1W7U2Ib0gXPs7H/F0UvQPkYUoSWFRwvr6t9RvE7E5Sh3d+vq/bLTf07/eY2Rxfbv6r95u6reA7o8vo4GA36pwHCGgI1aPo4D39ARBGKld70cnmmEYbpOKPq+CNyT8Ig3ZHRxpNntqsKmEYbpOvHidwkUIWqdTiQAjVCRVfMGs5Amd/QQ7frXPSqyHCl02whDZLI2cOOpdtXoQvCyhjZsHlG5afOGUeW9B6pVlW3AZpY7pj5Zp5VRAZ5Ud82ku04Y5tpzD/TCJhIhTWATHCsJkom4Gcok8updFQ3r9bcnjTB01wnNXLtudPGiBEft4SmkBhyBUkVPHkA0S+NPF/g3Js10nTgE0gsToud3DnzIze9b+z4BTjFphGG7ThxzL3ekKFTzhiMkxCte33wGV2XaoWLaCMN0nTiA3vxCJ43d2DZvuO0mHUrJ9nMonSg2mK+AboRhu04wwi1MM4xVta4pLym4Ot9kQaE/uHW1vvenMayr98tO/zn950SWh6Pc3x/k7bfran3vV8ZovK54YnsKlwFDqmDNDrSolwzcl42rNZBmm9Qu90B7d04tcbqtAVxnolJ1qwsGqhs0JqkNPdoVSQUARM2N3R0pfFYrLwe1QGrnReByHT+KYNpQne+7pUeq1aBqFmFQWkePg4AKCFmTRq5l2hBf0Pz/8aDdDza46yezFDORZIuM484I5hJOejSLd0cIhc6aBsQRBJDp5cw3l6N2p1R1zoWeAdeKKloeQgKiwhOVyW8M7ztT7GkVrOe2S0/PQWmOlJVqCdgsnIg8kuphIbIKCOjuKeTmfG20YXbzmWwTi1qd+cA9DBeRxhl5Gaw/2TI9BV+BKw0Amj7PTppYeN0csRfV9aKl8V8Byrpa1/TUirv7Z35f43JZFbwPdvrP6T8fGX7+9Wrix//Q/OPfn60lvvrzXzVvfvnvrz9fR3zxg7/85o213/zsz39ZRvb7X/z9zSeF9gY=)
> 
> **Figure: efi.bin file generated with OSTree support**

## 簽署

安全啟動是 UEFI 標準中的一項功能，但在 Qualcomm Linux 中預設未啟用。啟用後，安全啟動會在裝置啟動時維護一份經加密簽署的二進位檔清單，若驗證成功則執行。這可確保裝置的開機韌體與 Linux 作業系統的開機元件如開機管理程式、核心與 initramfs未遭竄改。

UEFI 安全啟動使用數位簽章來驗證所載入二進位程式碼的真實性與完整性。UEFI 安全變數會儲存所有金鑰。要實現 UEFI 安全開機，需使用平台金鑰（PK）、金鑰交換金鑰（KEK）、資料庫（DB）與禁止簽章資料庫（DBX）。

使用安全啟動需具備金鑰 PK、KEK 及 DB。雖然可允許多個  KEK、DB 和 DBX ，但僅允許一個 PK。

啟用 UEFI 安全啟動需要在系統中註冊 PK。Qualcomm 建議在安全啟動啟用流程的最後一步佈建 PK。欲深入瞭解 Qualcomm 如何實作 UEFI 安全啟動功能，請參閱 [Secure boot](https://docs.qualcomm.com/bundle/publicresource/topics/80-70020-11/features.html#secure-boot)。

### 主機工具 signing\_tool.py 用來簽署 Qualcomm Linux 建置產生的 Linux OS 映像檔

啟用 UEFI 安全啟動需要簽署 EFI 及 DTB 影像檔。請使用主機簽署工具 `signing_tool.py` 來簡化此流程。這是一個在 Linux 主機（Ubuntu 20.04 或更新版本）上執行的命令列 Python 指令碼，可自動將 EFI 和 DTB 映像分別進行簽署。此工具也支援合併 DTB 檔案的功能。

主機簽署工具可在 [GitHub](https://github.com/quic/host-signing-tool) 下載。

### 主機簽署工具概覽

主機簽署工具可在安裝 Python3 的 Linux 機器上執行。它可在單一操作中簽署 EFI 映像或 DTB 映像。若要同時簽署 EFI 和 DTB 映像，需以不同輸入執行工具兩次。

![../../_images/host_tool_design_wbg.png](data:image/png;base64,UklGRtgPAABXRUJQVlA4TMwPAAAvzQFNEKfiuG0jSSrZdcyZf5ozu//pNBy2kaRI3dXHfPknSc/oMJIkp9nZc3jIP0iVIgCDbCMV4RBO4Yjen+IjJCG9E7JITsAQhoEh7OwOCjCEddWmHlmkLJIpCmQAqixHtxGWRXKCKVna1GNvV52NypddVMCxrVlMPVKr7tBVO/tdlYXvmDa5lCwSn3GtzQnr1e7xIX++PwspISWkhNSQ2rUvFBwIqzQMEAEMEAwAFgEABgiGABbAs/2t/2d90//68/1ewLBtm9RGrubNSkXhQBbQ4QQxJJQGUEcMTM+SvWzLy7gt+4XA//8zQgihQoazdUT/J+CLz6z87vtZ9rve/vZxpv1bTz98/PiPf86w//j48S/9/PXjvzjL/uvjX/v69zzz78/+++y//0vveXerLv/u4XUmeLtTunyeB+6UPj/NAc9Kqcc9L/7t061St3PATqlHavH1RqmXGeBGqb0e+KDU0wyglKImnz777382FRYuMZgtagOXGcwVES71AioX3gS2BHwOvjCAogcpgFUPQpIVJLmyyQqyD8+bkhwgGx4dIDttZeZsbK+fVs9j3/NEg5RkjIaUgNuQtmvaKQCbFSQFgLyCJCsX8EjGJkTMCgAqVh7gzQlSkGQVNpR2Rc8mbbsiKSRb6Hlki+2yskNukTJFTnoeSddjZYdTVZFl0dEsKwZ1KGJyi4Z2yH62aMhcsiFJIdu2aEhpTk/lJnIWOHnhRJt6ODla8/6kYLs0ARyROBQT0yZY4IwLf1MOoAqbHFu2ni1FTIpjghOiJpIlOhqOE0StgeMYbYfLpOwvR0oyRkMhz7RFQ+aSoc0uW2wnpgjtVpBkPDlLAqsFWPTHlZmzsT0yFDljszpihifRdlnZK8Yi5wqSXNkkbbviyp2QFgAW/qZk/5tgAQBJf5QAJEmGgJ3ySAxxUuMCK5IrIDRDshHIWbmA20xItR8UPHsRWH59hulYDwP/f299/dvfOSM98WzKvj5gtKeOIju9WwKr7OnbD3/ORnnySNCjf6SOotIBsk2U9KHUE0d56iiNPoy6LQP+4xfAbwBnNmHh9Fiww9EZ5bz/eeSnxRyU4OcA1hYAWOXsU+AwYmkAwHL2oY+fAEbhA4BRzD/kf6H9pzXbZ5AyOrHsVOD4csoRclRKCydaZZcMMAD8DHCuFc8+SJH34XmaazzAjMkK8rqgf446iorfANk6SqYH0yVTxBzi2HAddS95agCjZsdrJncBSbJyAY8VAFQ6y5GS9FxWkGQq4HoeaYcuREoyNmGmJCXgjc7Zg4JXUSVC5qYkXZeVGZKeR61XImTrQSNC5uLAzLkyya3IKUXFFCklrowTrw+055QmSSlIU5Kx1B9TYYfVEWmS9A5CMkVFd0VSxHRXJMWUYpNkipyeS3KLnBJuSI4AKT14bZ57ksChpCnHZfOu8I6QoYd0FMjKXLWsepBsHZUAMDbZ0NcA6itFmiSlYBVW5MrWnxQkubJbpHmS67a5qxFJcKELXimVCNmYIWl6pOuRK1tvlemRuRm2VCJkLjqlkMzNLVOklBgJ+pdhFNcKcxuQJHMXcCuyEch1xsYDINnCVMC1OzEWEJKkBDxzLJgsneEHNa+Lq9Jd8fIv7cInhcbMmSKdjRibEDHnI23+Ly2hmGMk2tPxCcUkRTJFzl7nntiEGZOsPMCr2ioX8HQWui4QxwJ2Q1ICdk5SAp4tycoDPJK5DcjJJUXKGFvSdlm5bpvrsjJDnYmcEjZpe6Q0G4YmGSOlhCRdj5UdkkJyi3SKWODERTfXI+m53CInc2xbTEnGUmc2WSEmQ5NsSObI6XokheQWDSlNNtiSUmO3Sn3SxJ1SzyOTnbLpJiRJKSgFSQrZIuGG1HWXlAwFyRAAcgrZJnEoSA8rycFewoNSd29aeFZKvY4MnW4OB0CGHtKxCM2cOXKaxwSPNqFrNvraK6VuHp4uf6eUuufY1t2KE1yPpOdyi5zMsT2owopc2WNhh2xxvbYtti25JGmG+uKz0ubd2+gw6OLzhBQpU6Sk7ZKuzQOaHul6Y7Gyq8pFzhQpJSRp2xVXLnNINqbUGJ9vNLF74/iWxjGjPIWxgBmTrFzAq9pyF3CrsahcCImUlIAnJFm5gNuQsQmE1Bn58qTB51eO8vrYmtetiHmhl3LNW20LXq+xWzEU1VSStWVXDCVg55xKuDxw+F59h9UH9XzECAg4Lbw+7TT48Kyrl8fduf/+y1/+fXfuxxddPT/sNPi0186j0uTtXkdvOzXAr75SA9y96Wh/qzT5qJkHpc2bvQaEPOHtTmnz7k0/+xulzQetvCilds8vl/94o9SuLbQPPK+HCnJoT0qph08vF//pQSn1qJ+dUurx5fKfd0qpTzq5V+qeWtwrpfbnGuJJN0o9UYs/KnWjnb1S6oVavFfqXic3Su31wHulfjylgjRhN2TlAh5ZQZKNDXMlSDt0IVKSsQkzJSkB75RXpRQ1eaPUXjfPSu2ox71SNzpRSlGTT0o9neZWtFek67IywzbbZWUfmDlXJrkVOaWomCKlxAkvSu10sVPqRTdPSj1pgkqpqyklQ5s0JRnLli1yUh6EZIqK7oqkiOmuSIp5RMINyRYpeIrAoaQp5xMy9JC2xD1Its4X0jwwVx2qsCJXdssW+Smu2+au5opGrEiJbQeaHul6LbRdVnanFJK5uWWKlBJzBHMXsFN2yV3ArdoaG6bXibGAkCQl4JmzxAClyWHOInbMxgzno9wFQr5r6sg5c5C9Kwbdx3qBgS7WI5ZggMFUEGDAwWjVGORmXIqsa3lVFBh0MVYBAD876xqAMybZAp2N6JqIACQcZAIgGisH8HnmBMCIJDjZGl6KXGMBBxqMW3YujkptAHCOWwAQXBXRUKLJIACMgh0zC0B2CakIgVVuQ6QkYxMiJpkKuJ5HUgJuQ+Y2IKctB0jY3QIW5SVAcgvRcGWSW6RMkbMRIXPhkdKu6NmkkNwinbqyEwoAxvoSKtJekSkaNiQpJKVJ0vNIEZNbNA22pHwv+H4PdbAAnOTKYAQAC6fHoB5AeJCT0gQg6bltOVpzelhJnvMcRVZfG2tgfVJhoHV5ZdBH30YymBQxKSRXHbZsb0LXbC7CgVFcGREQnVIbOBpcGUwWPQHZUEKbLdJso5AtuSRphhcCo7h2fMBIWC8B1FcGyazHxAAWQ4lFzhUkKxEyFx4ZipyxWeWQbEx5EYUBGMWVYwAJSTpAdH30WgAoBsIVEJohmQq4tkcyBOyUjE0g5EWwMACjuG4A8DC6lugAWT/ndlc8b1YPhIUBGPXYbMqhlQfB+6Uxc6ZIzxQhKofBBEA0No6RDGkB+CRLA0jeKYxNiJhng5EMojAAox4dwMqGEwFYJmsDMMr3yiAjAHCy8xUGYBQcIWBZD4UWjiZ87wF+fabCAIyC4wQjKgdSOi1Gwo5Z8V6DEZVncQCj4FgBi2QYZBY5/rrk0cwBgGXxPgMWm/MYBUcMcLJhnOjjaHItffPlHyMNOh2A33/dX5HVHNiHL/8UafDXHYA/fDs0H92vog/Q8Ifezt/Dl9Dvr74Zlg9gEZV1YFxP33z5x0iDTqfff60GEDjHk/N8+PJPkQZ/3ekP36pB+QCskiRL62pS6okajDosNi9qAAG6bs6i1As16HRwsic1KB+AVbK1tN5lRlRyEEkXoxiPRUIOywdglTxavsf8mhwGi+x4zbEwopID8wFYJTu+v5yMh8PoW2vLmodD8gFYJd9vRsL2q8TK2D4gH4BV8v0WlbxejITHh+MDsEq+27KaHa+PTcnh+QCsku+37tdH96H4AKyS8866gw/AKnlqMav4AJIjPgCr5KmFAVjzSYJBRvMJ/SFY5YzCaHGuRVRyVJLBLKaK4estAoxiID6AcvaoDQDOIBcAAs4eTDBgqxyhYCjB+GwA5zphthhMUHKEkAwjwfgUALLrhCyyYZY8dQwKDLoYGToAgk125rG61DFgMKSAY1MYGKA/NXC9GMpizdFhsRiAUU8NlzsKZBI45y44q1zsZ17dKrXXxL1SP+rmVakbXdwotdfNs1L3mtgrdaOTe6Xu9bBXSu11wxulnvTwo1I31O1eKfWih3ul7nXyopTaPb9c/uONUjtq90kpdf/p5eI/PSilHrXDnVLq8eXyn3dKqU864YPS5s1eP293Spt3b/rZ3yhtPlArfNTF7Z4aftsN4auvhrB7o4b3t7p4pGb4+rTT4MMzNf3yuDv333/5y7/vzv34Qk0/P+w0+LSndq78CAj4bn2H1QBQz0fLA2c2ytCazUVW22JaeHnS4I+v47TG0fWE8Hyj9Lh7G6HSOGaUk8Gz0ubt2/gE6OhPBXul1M3j0+XfKaXuR6dG52IieFDq7o06fFZKvY6N082ZCG6V+kQ93in1PDIZTtxMA0opavJJqaeRWZyymHuOAny/fl5WkUVRlBXzUOEbaDf8bPYpHHR3inlnjVbHj3znAIjmHB8AnA3bNw4A+OfwbJIx5FzhA1hk7JotAPhn2kJyplgDWJbsXi4BRGfJRUiSsQkzZYotuTLJEHCbqa8GsOTpSwDFGRrTI8mtyClFRTMkTUlpVnTtqc8BFmUP5QJw+jNtVAfuiqSIGZrcIufKJfNw4isAZOwzA1D0Btd0DwQOJXPk0iRzYYcNJ74AcNivA/i9mdUW8kCy3ZSuJEkZIpz4FsDm2MYC/PLIBlj0ZpMSW9J1j0gTW1LmZIxq0qsB8OgGh1bZRgD1GeiaFVNI5uaWbGCS9OyKoclJLwOcY4sWrI84QHaOynTJWEBIkjRDkpUH2Pm0t+kEYG0B/pElsO6pV7GlxieVCIg6LQ0gOBIB0WCkzZlgAzjHHLRujiyBZCjCzOeCDLCOFcaBz6MOkA1F95NKDaA8wjpwlgmPlgDq2aUEkB07MQEWnFtKC0DZkwMEc0tpAUjYbwagPuXbD3/ORnk6KS0ACfstF4DDUz5gtCeS0gKQsN/SAoz6pK9/+ztnpKeR0gKQsN/SArDmSUo9cWrWSWkBSNjvxgDgc1YpLQAJu5ZZ2VImDgD4nFVKC0DCrgkAy3EcC4dGwlmltAAk7LpGd7/mrFJaABIerdeBga6LoGa/80VpAUh4NEGrVZbZYcneZ4vSApDwaI3WZcmzzxWlBSDh8TWAYF1wgHOFBSBhxwgIOMyZYg0g4QnRnOMASx4tsyyzZh4D2BxJDLQmcw4AttdodzgPRQAcZ5lwPgo45Dkkmn8MYJ21WrPQEp2L+afotOT8w2LpHI04B13uZ//NQzdKvWriYR7YKfWoh9cbpV5mgGel1OP+8t4+3Sp1yxmAd0qfn2aBtzttPHMWIJ93txrYPbxyLpgxP/vvs//+z7l/zTP/6uuHjx//8c8Z9h8fP/6lny/+9nGm/dsXfX/3/Sz73RefWQk=)

**圖示：安裝有 OpenSSL 和 sbsign 的 Linux 機器**

主機工具預期輸入為未簽署的 EFI 或 DTB 檔案以及憑證和金鑰。執行後，工具會解壓未簽署映像，使用提供的金鑰與憑證進行簽署，然後重新封裝映像，將未簽署版本替換為已簽署版本。

若要合併 DTB 檔案，您必須依循與簽署不同的流程。可使用此工具將新的 DTB 檔案與現有的 `dtb.bin` 合併，或從可用的 DTB 檔案清單中建立新的串接 `dtb.bin` 檔案。

### 主機簽署工具的運作

**執行此工具的前置條件**

> 
> 
> 若要執行此工具，請在 Linux 主機電腦上安裝以下項目：
> 
> - OpenSSL、sbsign 和 mtools 工具
> - Python3
> - pip、subprocess、shlex、socket、glob 和 shutil Python module

### 主機簽署工具設定

在開始操作之前，您必須先設定主機簽署工具。

### `config.ini` 檔案

主機工具需在 `config.ini` 組態檔案中提供必要資訊。工具會讀取此檔案並依據內容簽署映像。以下程式碼片段顯示組態檔中的變數：

[common]
    # Section - 1: Common Selection
    # Select operation: 1. sign_image or 2. combine_dtb
    operation = sign_image
    # This option is useful for both operations(sign_image & combine_dtb). Possible values for file_path are 1. remote or 2. local
    file_path = local
    # This option is required for both operations(sign_image & combine_dtb) if file_path == remote
    local_machine_private_key_path = /usr2/<user_name_for_machine>/.ssh/id_rsa
    
    # Section - 2: operation == sign_image related common selection
    # Possible values for image_type are 1. efi or 2. dtb
    image_type = efi
    # This option is required if operation == sign_image & image_type == efi
    loader_conf_timeout = 20
    
    # Section - 3: operation == combine_dtb related common selection
    # Possible values for combine_dtb_type are 1. combine_with_old_dtb, 2. combine_without_old_dtb
    combine_dtb_type = combine_with_old_dtb
    
    # Below options are required to fetch file from remote Linux machine in the same network (that is if file_path == remote)
    
    # This option is useful if operation == sign_image & image_type == efi
    [efi_config]
    efi_remote_hostname = <remotemachine_ip_or_hostname_where_efi.bin_available>
    efi_remote_username = <username_on_remote_machine_where_efi.bin_available>
    efi_remote_filepath = <full_path_of_efi.bin_file_on_remotemachine>
    
    # This option is useful if operation == sign_image. Both image_type requires this option
    [keys_config]
    keys_remote_hostname = <remotemachine_ip_or_hostname_where_keys_available>
    keys_remote_username = <username_on_remote_machine_where_keys_available>
    keys_remote_filepath = <full_path_of_keys_directory_on_remotemachine>
    
    # This option is useful if operation == sign_image & image_type == dtb
    [dtb_config]
    dtb_remote_hostname = <remotemachine_ip_or_hostname_where_dtb_available>
    dtb_remote_username = <username_on_remote_machine_where_dtb_available>
    dtb_remote_filepath = <full_path_of_dtb_on_remotemachine>
    
    # This option is useful if operation == combine_dtb.
    [combine_dtb_config]
    combine_dtb_remote_hostname = <remotemachine_ip_or_hostname_where_combined-dtb.dtb_available>
    combine_dtb_remote_username = <username_on_remote_machine_where_combined-dtb.dtb_available>
    combine_dtb_remote_filepath = <full_path_of_combined-dtb.dtb_on_remotemachine>
    Copy to clipboard

表格：config.ini 文件中的變數

| config.ini 文件中的變數 | 值 | 說明 |
| --- | --- | --- |
| `operation` | `sign_image/combine_dtb` | 使用此設定來選擇簽署映像或合併 DTB 檔案。 |
| `image_type` | `efi/dtb` | 如果 `operation == sign_image`，使用此組態分別選擇要對 `efi` 或 `dtb` 進行簽署。 |
| `combine_dtb_type` | `combine_with_old_dtb/combine_without_old_dtb` | 如果 `operation == combine_dtb`，請使用此設定選擇要執行的 DTB 合併操作類型。<br><br><br><br>> <br>> <br>> <ul class="simple"><br>> <li><p><code class="docutils literal notranslate"><span class="pre">combine_with_old_dtb</span></code>: 與舊的 <code class="docutils literal notranslate"><span class="pre">dtb.bin</span></code> 中的 DTB 合併</p></li><br>> <li><p><code class="docutils literal notranslate"><span class="pre">combine_without_old_dtb</span></code>: 合併一組 DTB 檔案</p></li><br>> </ul> |
| `file_path` | `local/remote` | <ul class="simple"><br><li><p>local：金鑰和 efi.bin/dtb.bin 與指令碼位於同一個路徑中。</p></li><br><li><p>remote：將 efi.bin/dtb.bin 和金鑰從遠端 Linux 機器複製到目前路徑。</p></li><br></ul> |
| `local_machine_private_key_path` | `<path of id_rsa file in local machine>` | 此檔案在 `file_path = remote` 時，建立與遠端機器的 SSH 連線。 |
| `loader_conf_timeout` | `<timeout in seconds>` | systemd-boot 的等待時間可讓你選擇是否驗證二進位檔。簽署 efi.bin 時需要此選項。 |
| `efi/keys/dtb/combine-dtb_remote_hostname` | `<ip or hostname of the remote Linux machine>` | 如果 `file_path = remote`，則主機工具選擇遠端機器的主機名稱，使用SCP從遠端機器複製 `efi/keys/dtb/combine-dtb` 文件。 |
| `efi/keys/dtb/combine-dtb_remote_username` | `<username_on_remote_machine>` | 如果 `file_path = remote`，則主機工具在遠端機器上已創建使用者名的情況下，選擇遠端機器的使用者名稱，使用 SCP 從遠端機器複製 `efi/keys/dtb/combine-dtb` 文件。 |
| `efi/keys/dtb/combine-dtb_remote_filepath` | `<full_path_of_file_on_remote_machine>` | 如果 `file_path = remote`，則主機工具選擇遠端機器上 `efi/key/dtb/combine-dtb` 文件的路徑，使用 SCP 從遠端機器複製該文件。 |

### 使用 config.ini 檔案進行配置

1. 操作選擇：請設定 `operation` 變數以指定要執行的操作。可選的項目包括 `sign_image` 或 `combine_dtb`。
2. 映像選擇：如果選擇 `operation == sign_image`，請設定 `image_type` 變數以指定要簽署的映像。選項為 `efi` 或 `dtb`。
3. 檔案位置：使用 `file_path` 變數指示未簽署 EFI/DTB 映像、金鑰和憑證的位置。

    如果在組態檔案中選擇 `local`，則需手動將 EFI / DTB 影像、金鑰和憑證檔案複製到本機工作目錄。

    1. 在與腳本相同的路徑中創建一個 `unsigned_binaries` 目錄，然後將 `efi.bin` / `dtb.bin` 影像複製到該目錄中。
    2. 在與指令碼相同的路徑中建立一個 `keys` 目錄，然後將 `db.auth` 、 `db.crt` 、 `db.key` 、 `KEK.auth` 和 `PK.auth` 檔案複製到該目錄中。

    如果您希望指令碼自動從同一網路上的遠端 Linux 機器複製所需的檔案，請在組態檔案中選擇 `remote`。

    在配置文件中，提供以下變數的資訊：

    - `local_machine_private_key_path` (必填)
    - `[efi_config]` section (如果 `operation` 為 `sign_image` 而且如果 `image_type` 為 `efi`)
    - `[keys_config]` section (如果 `operation` 為 `sign_image`)
    - `[dtb_config]` section (如果 `operation` 為 `sign_image` 而且如果 `image_type` 為 `dtb`)
    - `[combine_dtb_config]` section (如果 `operation` 為 `combine_dtb`)

備註

該腳本支援透過同一網路內的 SCP 從另一台 Linux 機器進行複製。
4. 載入器組態逾時：如果在組態檔案中將 `image_type` 設定為 efi，請更新 `loader_conf_timeout` 變數。
5. 結合 DTB 選項：設定 `operation == combine_dtb` 時，透過設定 `combine_dtb_type` 變數指定 DTB 合併作業的類型。選項有 `combine_with_old_dtb` 或 `combine_without_old_dtb`。

    1. 如果您選擇 `combine_dtb_type == combine_with_old_dtb`，請在與腳本相同的路徑下創建一個 `unsigned_binaries` 目錄，並將 `dtb.bin` 影像複製到該目錄中。
    2. 對於這兩個選項，請在與指令碼相同的路徑中建立一個 `dtb_files` 目錄，並將所有必須合併的 DTB 檔案複製到該目錄中 (無論是與來自 `dtb.bin` 的舊合併 DTB 或僅彼此合併) 。

處理遺漏組態：如果遺漏任何組態資訊，指令碼會執行並透過命令列提示您輸入遺漏的詳細資訊。

**運行主機簽署工具**

1. 執行主機工具：完成程式碼建置過程並獲得未簽署的 `efi.bin` 和 `dtb.bin` 影像後，執行主機簽署工具。
2. 準備主機電腦：在 Linux 機器上儲存主機簽署工具檔案 (`signing_tool.py` 和 `config.ini`)。確保兩個檔案都在相同的工作目錄中。
3. 配置工具：根據配置說明設定主機簽署工具。
4. 執行工具：執行以下命令以從命令列啟動主機工具： `$python3 signing_tool.py`
5. 互動式流程：主機簽署工具會在畫面上顯示您的選擇和操作命令。也會在命令列中顯示錯誤。
6. 已簽署映像：工具完成其流程後，會在同一個工作目錄中建立稱為 `signed_binaries` 的資料夾。已簽署 `efi.bin` 或 `dtb.bin` 映像儲存在該資料夾中。簽署後，工具會刪除其他使用者建立的資料夾。
7. 對兩個映像重複：重複此流程兩次，一次針對 `efi.bin`，一次針對 `dtb.bin`。每次簽署操作後，請先刪除 `signed_binaries` 資料夾再開始新的操作。

### 主機簽署工具工作流程

下圖顯示了主機簽署工具的工作流程：

![../../_images/host_tool_workflow.png](data:image/png;base64,UklGRnwYAABXRUJQVlA4TG8YAAAv/4GWEDfDOJKkNosH+aCUfy564e6Wp1Jg2LaNo/h7zw31+6/Sa+6dcxBJkiL1MTMZOv8azgA/w3QraNuGMX+y3QHQhAAEXUlm/CGJLkYCwg+6GPGIORY+bOYQcwE/6kQKnUihk1LoRBJdIHgICkEhmB+fFbHwxAZc7vPdw7ed+tIwcNXLANQuAqQ/hnSM74+EYUYjSDQSQX4zP1HS/IQUZg+KB00P8saCj1aC/phmN81umt2178YNq9KUNv2CdRoWK39C/vSE2lFPXPP2hFrOR3n8urXyhNo7z26tGDhurRimTOawucMXjtx5bq08oUZR3LaNY+6/dq6Xd0RMQPZGgnmBrLTsB1kEZ4X8rN4REl1J0NNs5GfhQSKQfl3NkXKTn1Qu0J52podt+9u27f8v4N2FtOpu1b0Xw0jKmxat9ysKjeg9zFf3MN/227TUqfj5PwfTJglAIF9diuj/BPhRZNu2bdu2IAlZKEHJFKFUCmQqhUqmSAUPwJJ2/GNSa6vtM/roYzbYQkT/J+DWHoGfvve2mL/zwWdtvDcW9dc/avbuePziM09J+dOvjMcfNfl4PH4akv7C+PXPGrwzfh6y/sr4wwZvjB8XtmfH7zYYjyHsT43f/rtWi4IDl/TAlXH40sCVBxDv/Sc4x9F9cartxtBBGCzFjbAPSeU36Hy6/x07VhTVyVBWSWMpIKSaVEmD1aT2YCuqE1aT2oKsUvBBFEUHouOLup0Ig1OUSS8QBnhj1X7li7pBdZY7WHDoPh9FRyw6A3p9YgKpvDg0IcrVgF45lJA6pg4IkaJLehA6270wAAuatoAlqpckHxmPX8DsXh5KVO3cOHQ8dyghdWQA5UCSdlsXW13Lley2oNbF5veoDl5JBbMc8sPovhRRFaflstCAqmC55POJ5VJbsBepM/M/ontSs6v/ft5xdCg9S/GC6i8K+0p99NepSz5ZCgip1aC3JgXUxrCQHBgmb+1UJQ3SpQBWk9qx6ERZeL3YNQgFXTu75oU2pu1M66RdEAbLOlkCqrP8juhsDtkvvAEW9ApL42pB7UQB2p0oQBiHEjJ6IDlptU8uLN7Q/JnmwKEMA3jiUHIguvpFecf2XPseRcKudfL2hijPRAHCOJSQ0QPJaXXRC6ehQehFyzppV7stlnVm6VAd/C5LzmpSzQtCavYihsnrFVVBVimA5VI7Fp3nbef1vl39iEKx+6Lbes0sydD4dhFSTV68F9nO1+tvuufKMoBWA1dShM9s4MJonnn258y3Iwxd/lXo6Xv/7f2399/+YFVZlqosyzOxm6r6SuxQ1mwhd5P1lang4UwpVULy8JNaT2SvUmeQPXyvhY/YaNEjZjZa8IivGi12xPVGCx3x9UaLHPFNjRY44psbLW7ETY0WNuLmRosacZtGCxpxu0aLGXHbRgsZcftGixhxl0YLGHG3RosXcddGCxdx90aLFrGNRgsWsZ1GixWxrUYLFbG9RosUsc1GCxSx3UaLE7HtRgsTsf1GixKxi0YLErGbRosRsatGCxGxu0aLELHLRgsQcZdL8S42WnyIb/7wnlT29xxFRzdjo4WHuOHtOzC0fxQbLTrEDY+i+0Bz2IvKuNqLyoDlUqNHUXTQgI0WHOKmyzqXhyVh63RYEraozqqdVPK00WJD3HxY7QvwDbD95Btg+6EJGa9ho4WGuNVoamA6x8l0jjAuX8NGiwxx26tsWHC+CM5vYqMFhrjNMICt4n7D/eLQhIyXsdHiQtzqKg2ydIaCLMdpKMhyUJ1VN6bGa9hoYSFueTZJAewmC07sJguYLm3ApvYaNlpUiH1stKAQ+9loMSH2tdFCQuxvo0WE2OdGCwix340WD2LfGy0cxP43WjSIO+/2QWEvYqMFg9irr2OjxYK46fG9KPLFUhTVedGNYV3assoGEFJNwKVQQkg+T1XSIO9E0WEjNlooiBvfucPsjSVf1O2GgkM22QpEmfQCW5k0JVEXrZ4Ig2UHfHT7sBEbLRLEzR8ycxhLA3q9s6BuMDSZQCqxgFRiOxyaj6Iw8+ETzdjooWWrduCv3Ma9KNLL+imhS1KmjovUZT5qzswPoqNm/Ivahf2iwg6kFu7eOeZ4Vy9JKueNg8cXrS3CLhxeQI2Oo/vcXe2csLjA4okozHz4BDcmyASoCd++x0flXVtdy5X0MmlKuiV7WafdFssO+OHtg0YEqQA1Obod3e223rNcFhrg0qaELtXBZVWQd6PokJsS5ALUwPpDk48kSAbImW0Dr3wkQTZArqwm+foIgnSAHPlcgnyAvEaQEJDHCDIC8hZBSkCWdPs0gpyA7Ph4gqSAulkuNegGs6psxlIU1fkegqyAOnFnlX5RnVVPvqjbWwjSAuqiBOxxOpQQpwG9voMgL6AOQt7hFMaHECQG1B70pnHaP4UgM6C2Vl+w1dOh/AiC1IBaojTwdqI6q76NIDegltIlXxezqrR3ESQH1M7TUXgrQXZAXdWdWfpbCNID6ihd6ryTID+gbt5OkCCQQwQZAjlDkCKQIwQ5AjlBkCSQAwRZAllHkCaQZQR5AllFkCiQRQSZAllDkCqQJQS5AllBkCyQBQTZAnVGkC5QRwT5AnVCkDBQBwQZA7VGkDJQSwQ5A7VCkDRQCwRZAzUiSBuoAUHeQDciSBzoBgSZA11DkDpQDUHuQMxMkDwQE2QPKaQvZPf+2/vv72RdlGX542VZng0qVVmWqizL814wWavaalCZqvqLXoDTmi2G1bLmBP0AmyvTgWWyVkqtJ32hUkqV8GWWh+5CewJnSqlT9AU8UuuJLzIO34Uv8JPaoD9M1Rl8mQdQ4Y1KVf1Ax/Msy7/JF1kWj/oR+2AUz7Ms/zpfZFk8Cjqd0opvXizno8FjlC4LvnmxTEeBNltyuybVQ0a65HbzNMDSFbdfZHqg0NmK2y8yHVazFXdbZINEWnC3RRpQoyV3v4oHhyTn7k0SSrOCrcwGhnnBVs7DaMG25npIILaVdAAR22tGg4E2bK/RoaNztrlIBgJt2GajA2fJdhd6ENCG7TY6aIhtN3oIyNl2EzJztn85ACzYfgqXhF3Met+MXZyFijZOcNLzdOFEoQMlYzfznkfs5jJMRuxq2utidjUOEnJmtQuWq33GUD5aGje6/Vy5M3mIjNjd1BuheWrliW6wVT6x22uW4rQUpPLHidndOEDIoZU3lsXJ4olzax8Brzl34/wTLR3Kw0MXDvHMF7QK7JqsJjXoxbW6YZLSAnblaTXJFyXgUBJSTeh2sZrki6XN5JOlOC1Fl9S7AaX9FCN2eRQcKbtM3hia4A7eWLXTLaEbtAZbhc05u4M3NocoRJn0csMdvLHk4PUWqWRqMHX8FHOnFsGxdKrwBiVYtnNoQhR65c7QxOJiAmEcmpRgAql8NIEwlgYcmk9RN6LwUxinVsHBbs+8sVV2g9DZnqHEoXnVJBmUfSqhS7rVJD2YOp6Lgm8/xYjdHgVG7NjCG4fSNwjj8pnNw7msvgiD7lGglyTvVF/EjfHc1GHHT5E6Ng+MzLG8u3I7tYOy6YBDx0sOK3GxNLg4zANq59bS4Mah+RxejI+YXJbdkWMUGMuWUpeZusylaIktUKqcWBEqALUuNn+KonlBaWQxoChhq2v5DUojy8nXqs6tqQHs2j6iXCsL8jaapBKQuu6YJG0vMYFhWhucU4PzG0Y2qPWZDVNxWi75fG6rXGdR7bagF2C5LDQeZVHttpa6ydc9NjWYGh9QbZSygVupMMoGsBQA1mGW/goODHYttkKpn6ru3uzx4A8/jLdNt+qqO6SOZ2jtJaNe8b+yrKnK8/9d/O+yptrWKPXo3y4dtn4G7+/6/ETVb6uas/Lq9Mq0vHpWc1b+0B4lnkmLl8RBods7d1LneMe31mxdatr5CVO+3nbpgdpuSVLl1xO3NzinBuc3ZOi6rNlUyB36i+JiW1Oi69iWDrNu/wmsT4FAAs43jpX+DGG/ntEuOJkgoDAp1y4dOn5fcG4GYFI+6mJ7gVqbdin/jNaudimBofwjgOllF9uTSSejbDwzS/u9XY4PiIHzjdp2MMG1Fk3tvH8p3jC1Q/U/CJh0odangG5HUgnuSdLGS5OwWLX0wcnFVqlObmhRKj/gxQ9SyflP6nKrlNpUaOWzERa5Y59fqqs/lhZasJrUFiGpnYaaBntRGTCrymakBvTKUtCLa60mNWCYvF6EpEZtVyH5hN1Uxgecld3/qK4++q9jq8DIHPuXT6qz3CGVXAUcloQtqrPqU5bgjVU7yzppF6SSR1EXrXLoIGz9HNv/OLYMjJljhGqrlNrCwu4OJaSOWwt8A2w/lBBPVTg0IQpRgPYK2+HQ3A3WwcPuYOFWKbU5x9yxLDC0YymAs7UfwgAsnjGdI4wXhc7G5i9KXeaq1gdbaMe6BJA4lgQGjFsaACalz4Lz/jrj8g0H16OXO364nODqyqkCoTF3aon6iQ8OJaSOZ9wvDuXFeurQcRHlRVhc7DvM6L4PpqhfOEXBMXIqvcbK7qgOXnlmKMhyUJ1VDcrGLHeodbE5yzppr+iW7GWFJSM68sH1iVNxcGDpUKG9slxq6yl2kwXMqtIMhqn6reWSTxhF7q+gS3VASPZP9gmMQyuER+xQBq98YBg/vVWpQ2mAIHem0D0OK2dWCJHYmQx9LnUmDRIsHSn0rvkL2oXcEYMwGRVuzNDvEkeSQEHqxBI9D5kTGUIF5MBK9z7kDhiEizbWFQn6n15ZV+iAgTa2xRgAkBSWFQlCBklhV4pBAElhVZEgbJAYi4oUAwGSwqIiQehAG2uKBIMBEmONSRA+wMISozEgQC8tWWoEEWaFDRkc7S3AvLCgmMOjnoNedJYnGBwwos6WI4QTMKJO8hju9hkgzjvJY/jVf8BoUbS1jOFyvwESKloqKIFvdwGAGa2aLVMNt/sOoFMqGhXLVMO/OwLAKM2WueEvP1/l+WKewP3+czVJszw3/BWv8jxLE/h5d1y7reDLfnStgtfDjQJoOXDpPHhMMnABOvasij2bwKODhXcVwnUo24pfyP5ZViV+6i//SvEL2T/LqsRP/eVfKX4h+2dZlfipv/yrxC9k/yyrlLyqLMtSlWVZngndVF1/LnQ4uWYLqZus66Zih9OaE8gdflJKrSeSVymlTiF5eKR+guxNVSVgepl3+V1ucSY2S/bmQmiIPSozGfs0lpiUhS9m4UsK4RsVLHvasPAZFj5i4SMWvpSFL2XhS1j4kkL49IplTxsWvpw9Gk+IDN+4tv8HYKmbPF0KIKSagEuhhJB8XoVUE2p32YBZVZoQNVbRzq4kyqQX2MqkKYm6aPUiyqQXqCXZClRnVSEa0Ass7UwglVhAKrEdDs3TBFJJ7TC0Dk0IQaqngC5JmTouUpd5oku6sxtfqV6SVM4bB497SfL7VTsnLC6wuFE79w7Nr9RW13IlvUyakm7JXtZpq2v5Haqzqjwtl4UGuLQpoUt1cF4uC40b01U2+XnvocmHi9K2gVe+eKtJvr55f+ifuvX6tuVq372t8oGy1doXzOtkLyqD6jAV7KYyLkxSki4FDDWNL1Qri8OSsLXbYjcOHYStE63Bsk6WYCh4rfCEJfgG2L5sxxu7werzRhQgjKH1hTJtgOkctIbtrGp9cH1qDhzK75SaDrDgcrfDAEYvfqt9sypewf0KKw77DlPjRhQgjG/VKhtDQZYDNu0QlgzljWWdWfrXiqGd3WQB7LaAkGznBlml4Dv1fDh/oiStMr57oY3v3h/713BL8YLq37Q/W3q65JOlAJdCSW9NCqiNYSE5EFKr8ZWKsvB6sZVJO2ln17zQxrSdXYPQd2pzyH5hAXmqsDSuFtSON8C+U2m1T06p4w0W3yuIrn6abylfrEjYtZYCizd4+161uuiFUy+T9qqhQeg7tZpU8wKXtlcRUrPv1NOHJq+3/du1beCV1+6+6La+XatJvl5ESDX5dv25f9F0ruovB5VTVV/2Amxr1pNBBZuazaQfXNSUGFbOa87RD3CplNpgYMFWKbVFX5islTrvB8kumSqlLnoDTtUWO3XprRV26om6RH/AZrpbtPHUKtktk81klxH79nP2rUm6AZLYxwk6Tgv27Rfs2SK1KePwzbvaxaOCwzexKA8gDo+YAzjbn2lpvGMpXpTKb0oUqS2WwrLDJwaPrig6ZD54InRCA7zy8v9wWpnMsvFT+6RVIHUsBYTUatBbk+LBZvIJq0ltwWpSW1RJ4yIkTyCkmoBL2ykknyw19X8z60AY3WBWlc1YiqI6fxu9TM6nXYNQ0LWza145eIXqLHeoznKHMDj1MtnKIsqkF+hl0pREXbR64v09pTqXp+qsevJF3X4buLb9gTfAgl5haVwNODQPJaSOQwmp44YFUIIJpBLbIZXYDofm0vhXm9V6Xh1KiNOAXn8dzF7KuLB41dQRBmARBmDxKHUA3qBLUk4dF6nL/IeD0eXzFMbvBgjNU3nDeEde9ZLkvYPzPx3g5bT/biyAqXHy9qpD81BC6jiUkDoeYQGUoHZO2H6BxT/eoQPYtbpxKH8zUQZstk5Dg9BTvlZ1qA5eoTp4hd3WRS+TboutruVKepk0Jd2Svax/N9wnyyvdoDqr/lqIInlyIqRmT3WTL1gutQXLpbaAqjjRJU9YLgsNaFJXQpfq4B+OLqmti1lV2u/ledv56/aVp6Pwo/pq90W39R9U3Zml/4YIqSb/QaVLnV/R37oH/cR/cmHxSb1+saxfDB0f0e0/h5SkNqHpeoUk1fH7evejP7u3DGg2AboBhBZ0W7+Mvch26K1JAYTUnhlKanfZIDWgV0LJobgoLgV0YymK6oR0qcNQ07CAXfnPRvOnUvm7ODQYSrp2dk2GBqFXlGQrN6iN2rjQYGhc+aJuYJ1ZgqGArcLm/Lvt9lQr/C4mgAW9wtLAN8Be0WFo3Uhttq4q4NvVgF5ZAK0xtGBoYvEPN5S3zuOXQRRJd0p8CF3Bnc3vMVzSA0ocmv8ZLAibv4uhHexP2NTv1XvLNmiPNg/nH27XegaL30WvPOHbe9ajQ2Hzjm/3htatw0r8y7nzy9kt2XRnaBB6HWVjlgq14X6lndBxbyrY9Yii+Q/XbD7Vlb8LNqmXfoOQWnmg87g3TNUr3RapuHCXdu6xS97qo63yryapTe5JqoNfxt/Q4x/tpw+pw9Z3r2nnu/eZe65RAK3CIwmhmUXaBE8xCw9k4UOwCIh9+9v/Y89qhGgS+1bFnk1gl3e3FQZYBa/v/bf3395/e//t/fd3L9I8dLOhK+XwXQxceQAV4sd7yrX2jta+S72eWntDKl/U7dv3c8pBWJc2YJi8NtiLbKdL6hCSTxgmr1fdGNalLatswGqSL8ClUEJIPkVFQVqwrJPWODQYSlIJURetsqyTdkfBIZtsBdzBG2xl0pREXbQqKwt6IQrQGhPA4sp2ODSjAO3WgrrB0GQCYWABqcR2OPRQWsLY/Iookq5Sl7n5S/opmU2SkTouUpdHgjO0gz06OL+n+iKMeePgQwe/KKeyXW2FKFe9cgOLiyhvWBqcsLjA4ksybYPQQShIC5Z10hq7JZuCqQHdkr2sZZ20F1EaWQx6mTQl3ZK9HMsH6VIdEGrSBowi9wab1EuHTQ26VAeMIvdXZVHttsClTQldqoMF5HFo8XMemnyuPG0beOW/votyh60m+fq8s4uBqVKbc+v+3leqn1Q1OCm1vQim6aVSg5RSl5MgmpRrNUD8tHX9pxq1/i6Avtio2p+2zveLi8r505rNWW7f0vi81q52KYGh/Cyufqo5rdzvFR6slFLrcgKLhg7CXjR0fMbUDtX/AOB0rZSqELZBdjkFbDq/7P0PUsn5T8DkZID6qcLVrppDGBzKoaySxtJWVOfFcqnBUIJLoaR2lw1YTWrAMHm9CEmN2q5C8gm7qYxPAKbboen6rnYD10EUhpIwWPJF3S7cWaVfbGXSTiXZCnhj1c6yTtoFqeRR1EWrHDoIWx8Rvn1l6sA88O3WgF4vSsAeFxaQpw5D69CEKEQB2itsh0NzN1h9fjEosZe9YuNFIe9wSh1PhM7G5i9KXeaq1gdvH/a6bzE1jBdBbxqn+Zxx+YaD69GLfzUOKwfu/qLVF2z1hMUTh46LKC/C4mLfYWp8MzCDUFzttu5RGni76GXS7lDrYnOWddJe0S3ZywpLhvKr4Rukjiuq4l665OsCl7ZbyyWfMIrcX0GX6oCQbOer8dmHJj+ykGwbeOWLt5rk65vn9b/9txq4ZgE0H7gQL/KwpRmGrsH47we9OX5G2J4fv9fg3fFLsvb4q+OPGnz62viFxwTtyZfHb91q+uF4/OqLz0n5S+Px6582uvXxm2NJf+ezW21+8sH7Uv7hp7f2CAQA)

**圖示：主機簽署工具工作流程**

- 主機工具需要 `efi.bin` 和 `dtb.bin` 的路徑 (絕對路徑或網路路徑) 。

    - 支援 OSTree 的 `efi.bin` 包含 `vmlinuz-x.y.z` (Qualcomm Linux 核心影像檔) 和 `bootaa64.efi` (開機載入器影像檔) 。
    - `dtb.bin` 包含 `combined-dtb.dtb`。
- 主機工具需要提供 `certificate` 和 `key` 的路徑 (絕對路徑或網路路徑) 以簽署映像。
- 主機工具會將  `efi.bin`/`dtb.bin` 掛載到 FAT 分割區，並依照各自的簽署流程建立以下目錄結構：

> 
> 
> ![../../_images/1_efi_bin.png](data:image/png;base64,UklGRrgEAABXRUJQVlA4TKsEAAAv20BPEKehoI0kZe79iz16JhsM27ZxpLv733/V/p8ehm3bOFJu/2HvvqaHbSRJTvofYX7+GRGEhgC0tggA8C9zU8Kr8bLtVL/HFnG8nOgRmH9P+jWnDJmA7jOJpr7ZFbACK7ACiwz5ZFACgf1X5qLHdrPEfTuR9Njq+1rm2veZaoaoIWqI6v9vqmnfR49texiiTqQTaapZ5l613yPuGyha2962bfx9GcjeEzYImYEYhL/6t2hx/xcXARKl1ICHzlFE/yEqkmRJiYKGGdixfevY/sDF/WXevuhNXr3d4d2XZ487k2df3tdePGN38uz1Do/74/GZBJfXS226YNgshQdFgm18wDZjQGdEbhNScdK9IQCILLalzTYL87MTZViYqzvgNsYd+vaz3um6oWt4vluP72munvbsfm0znMoIADAb0iugjmRI20Ysyoxtl0iXJ1oIKdlyRKBVJWmLneajCGPi7+SJKZJ0WHWDy4Eat2Yx5Rsyh0IXthOZCjHZUorN9C+WZqiKUelVSSQDOrZtVXr1GACoXfB9tdS3n/VO7/TtXvTsv9uL9VLXlwsNQ8/u19brB0Uif54gNdYIu5+JQMEj7raCZ4BpPFXHQtpnRMsWKSF5MgB5JH0CJkYAoxFALauTxmxYmDRVIqAmAAgjWiU7SuYKIwO8zZEeoSgxGZtjfdKcMrInHVwlZGdSLMqNtlkvzFCIpIOflaROAYacdMdCpD5JsmfMhmliJU9kyDfesD6YxSixeNNVkz0FpwCkOql+24fEGopUGvQ3zUOLCilSnzRrAUVSPaZFNsCxt3Ogh2Oe6ZLUJ60wFgvuKDE5BmkcXfQYjWL0GUkTy5OKxpJnxSGQM5D8jXJz8yCtb3dQfbsXPfvv9mKz1M+rvt2LnsyQeqqhUzpYUiAEUFs0EpIt/2reEWptnipcwamwgf75e7MwV3sFUmKNc862hf76MSzM0wN5xLZvH1oSbH/EZKwmjnCi7QcA2MkqoMnliRahbz/rnaoZlrp62rd70bP//qc6fL+2Xj9ECljYDGxP5Gkng0CHVaeKhW/8opok2LJJTQrlWzgjOQ9ALHwXmCRkyWPknIrSC6qmNivp4Brpv83CXO+BtINgG99Gl8PSXO7hc9xR5qLf9jh+6smdAK6wqowY6dV2gFWgxCn73/JMBgCBlb7NEJws+9HneaSz//6soW/zSA+LUlhkxP0fq4AYGgHU0iigqKaMKJpT26kam6SYfciRMVsK6ikjSZaNMyxNpRjaW8Hwd0SYp+2injISYetslqbiYUkP7xSAEONWPWUk0urtvUVlT5mLtrbav63CPNMl2W4bRT1lJNKJx3xG0lS+RNRTRiJ9+zn2lM6mb/eiZ//dvqyXur7s2//dPSCy8H9y2iUAtlsMQseKhW+fI00pzYDaukPRhOw9AGme40wpxWSNSt2hZE/VZpRf64W5LBxnSikH0k11hyJkSK1wvT7MUaaUimbIusO2IA9bHDiltLC01OFTStU2ReoOW+rwKSWHsO+xnfo2H3Hy5PJ68R1Uix0zZ/8d0ZP+eLLDy++PeuPR9ze1j1+/Pe9Mvn39VLv4/KE7+Xxxp8sFAA==)
> 
> **Figure: efi.bin**
> ![../../_images/efi-bin-ostree.png](data:image/png;base64,UklGRggNAABXRUJQVlA4TPwMAAAvVwJjEP/BoJEkRf3g3+ox/8/YYNg2kqIc9V/qM//MMGwbSVEe+m/1mP9n2Na2LWObs49ORArQll5lY2TJZgIA/PvdJJHtl8gmiWx/Fses1/f9JJPF4fml0fZBYb9gc7iAwfFKYXfoLmgNgfgDSocH+B0XQA1UQAU0QAVUb396xkhlyWv261e24vs/cY7a0ex3C1Mw72ne07yneU+OrWfpZxfn6HxH3aswBbI4VrZCFli0taeRJKl/jWe9994UTRKFKmYZVLDLvv9rJRIZVW3OKc50RUT/adG2W7eNDlbRZaXSXIAw9WhFzPebTwrtr7/9018Wkv3hNxN+96PPaSHZl3/8leHXP6G1ZF/85W+an321mKAf/lPz0y9XEz/41+k/p6S8/fYoj8uHy+NR8KoXgmExYliOiOuITMMi/DjSJ32o6znSm9cLj0dtAbnLUfse12akGevqOf/pP++Wy7KCTv85/edEhMtR7u5W1XtADw+v0cO4WnFEsQI10ERAg+6IsW5oRKHv5CFE0v1MAFEbW5YOJEK5DRV9nwhYQoTOVPOgyESAYvlsbrZ2c5sIWCJ8h6N2Mc5VWVGuqT++qDb7KitqN1yt+iPPzRTr6jn/eR3r6v2y039O/zmR5eEol8vR9hf3q+o9oMvjq14w3j2CtlBI8EcUdsSB623OhkgMt3DYeyJlGTdIWBYfKsBEsQE7ka+AuAwg0Q60SOZIHtHMi10MGaiOAXDCkiARI/ieKYKpVuebKJcQqDZzpEndu8ZZwz24lpV7sfO/h4N2mawn31ldme01YCPa4OwHhjnSFaaESLmSoe/jRy967h6eTsumXUEcdRwRB67gauZItu4jvAXKXsw8sz3V7c0Twx6J4QYCZV6JHcJf+Dzb5q43V6GIQKU5V2GPNIQldQDrcgvEsjDoh3YjV5GUBHhzJCWMydILUQFaNKyrdU1ffWZdva+xrt4vO/3n9J8TWR6XFfg0ksaHSPgkj8kqkgJUT64C9Qp3tKAWnPSLhklXgdyc75ly9ySgiESlESOuG2dX6R4qRKjv6kOpRAGBQSuDx6NmsF0FQgUghKQQDIuLg8tRu+mq3HBl1hJl6WyuQr1QaDI2uwpKSBSrZyyg3WJHq42cmN0A8NWtq78/Ov3nWbmsq/fLTv85/edEhMtR7u7W1f931iteeMR3uZo8A35J4cCLynnEtcETu19I7W1QhiarUGpDjxGALA2e2P1CmqcruXlXxSqUPsSuD/fE7hciNOhMFHarcIjhtgTAUbsontj9QqPEEFmF6wCip7kndr846FYJT+x+ccVsJhGrcJXwxO4XVwL41m5Lgff3749O+6HTf07/OcHlYV29B/QaPi1/7wmzKKk+kgfQCBWZMlAdeQHyosE2qSiVQmflIETcg2uZpLqAtDB4OGoDu+h7adF+AJNaJp67ElXKemHepMLlcegJ0P0sMEzWzIdp+x3f9pljLSqsmz9im1Q0IXUhVzS5BWKhVh0Jr53dgj5SQlNQAVpUoqpfV8/5z+d4WFfvl53+c/rPCS6H5dzfr6r3yx4ePsEkIr6HJLwP2nxFfj/wiEdhPAuCxjgg5RnI8r4D1ikw4cWO9NEkY1ibVF8HdrJLwzlRa8E1pS0fJyJrwUzkcxXSuvej6GDCKLQ+UrF3p6suEe1aEQM9qVB6muRAR+8tRUl0MjRNiG2Std0GaNApMUeymZvEtiGSJY7UKylmVBLtOhGUKvgmR0fRq1x5KEtm3GwUSavw07ENdEuUDv4AVcjI/Vi6xlacymhyPVPoam1wqmKnoeM05CFYVQA0TYaSo0h1rrZxvDQrCa/HMpI0pTjDeTAxvM0B3ZgiuAdXK+XmfcuWITFhM1GbACdAgzkmtpEcyxC/YdP5kmyCpAxPG/bncY3Voupdi0zdmXEzURA3m3/fdzsMM1HT4G/TmExIHzZSO1o0045CGiOQAw9iBZJNuZnnuKusRQQ1VvtQ3c3ITZQyRjiuAnWw13ZlZBhsBIahu5SJth06AR0tKHUJ9gsiwBBQy5VSlGTGOFJUAXebA/OFslGLqALsrBOTR3xRfWU7m6hNgFcqwKb67JFMmwYTGwNgo28bquuupJgvuhQaYduvfajAyFBDr6JnbK/bPthRVCEXUTQ2wd6QQHr092qyc0uUDZ5QVVDS2kg2rmZC+sBpgaTRhkSsBrs0T32nDd58FVmfz9quJoxdqwi6cJxOsK9ZHQmbVTpms9xd7p4EqgBbNpXm5+RGRltCoKrnv9KUxCKmzMwAcgsGjzQk7N3p71a2OYhQX0sT9Zi6qijSSMVGfHVtzC5RRz0LUOU93MK0aTCxDWf16fmxaAfAzI3cXUAFRlkWNZatkm8ypmpXxbR9MKNIZcyBPEgwv2+TKAT65DybLIrcFGWCv+J8KyQ9kPRR8zakDxxdWaUSUd0jah/jXClXNUBwZg3wDX56hnZND6CS64HuBnubKB1V57Lvu/l+76TI88moC8VeyWjTYapIAvQx/RXWxSlqtL3+1pFgo11d4QQwMXabgy2rk6CJmqq6yCvXDxWuVD2RbQDyJGobYKOR4FuYNg0mtoHVpxGFK+pyhLTOCKFgSgmslGdREYXdtH2wo+gm18o1kx63WRSZKfSsgcnOTVE2eCSlTbKaZq7YkN57/vPfx4P21uIRJSsNEcCViDDGDGAMGyhhQ8bAVTPozdvZ9orricgo1RcgKtUJqgqMi0iW2NBqsdpcUWcOgYktIU7KRyGZBlQAQdAX737EWTvPc+CQxNaHJzHX5Z0kK8b8EXuyUc8DbPkWpk2DiW1Gyxo9ddqKVGV8xaspTV3/s1KRdclN4rCjWEWdYLRWO2636lvTdHZuizLBm4HzA490xYb03rN/dzlo3xxzqaoSKiPFk6lfVTjRhjjczV97UOkcImdKbznoO6/IN4uGqLF1e/PKFSKajB/DWSJmN7qpa+V60vUINgeJFSbqxnZep1zIODO7mKhNgMddIGMeYe7MJZUi7AozOwZsAwc+5sJ0FGdzoBQygzyJwmU/MJtVdg6IMpuPOBvSR2azqsEd1QxjJl+jKQBGoIxoq4H1zCTVKec6z5SO/LPa7KpOx/gjSBOnw5LmyGgrzY0jpaGtelOGXt00xolOJBVwZ+IezCDHWmwOtEZ4E7XUEZUbcapy3EbWRuChs41aB3h0s2nTYGK7MtGnbwGjwqtrhOQb274PoXNQYnhsDnozidg49MC5ntXMoEPX4zaJgprYm3zfWUk7IMoEf2SzDekjsFuY77aB1eWSstjU7dSm8ymAICUo86anj+plENSzrYnSyW4CTNAnZ6YJQPFktOmzJLzR1vSJX0XBdAOGqpysY4gYP7c50A+vbNRe9K2toEbSD9xUoQPFRm0D5H5wN3WHp2PTGH3m4duVyWPEbE6uvtq8154p1OluJg47itE0gVCFp8btyENJr45kh+GWKBs8RO9W1W7U2Ib0gXPs7H/F0UvQPkYUoSWFRwvr6t9RvE7E5Sh3d+vq/bLTf07/eY2Rxfbv6r95u6reA7o8vo4GA36pwHCGgI1aPo4D39ARBGKld70cnmmEYbpOKPq+CNyT8Ig3ZHRxpNntqsKmEYbpOvHidwkUIWqdTiQAjVCRVfMGs5Amd/QQ7frXPSqyHCl02whDZLI2cOOpdtXoQvCyhjZsHlG5afOGUeW9B6pVlW3AZpY7pj5Zp5VRAZ5Ud82ku04Y5tpzD/TCJhIhTWATHCsJkom4Gcok8updFQ3r9bcnjTB01wnNXLtudPGiBEft4SmkBhyBUkVPHkA0S+NPF/g3Js10nTgE0gsToud3DnzIze9b+z4BTjFphGG7ThxzL3ekKFTzhiMkxCte33wGV2XaoWLaCMN0nTiA3vxCJ43d2DZvuO0mHUrJ9nMonSg2mK+AboRhu04wwi1MM4xVta4pLym4Ot9kQaE/uHW1vvenMayr98tO/zn950SWh6Pc3x/k7bfran3vV8ZovK54YnsKlwFDqmDNDrSolwzcl42rNZBmm9Qu90B7d04tcbqtAVxnolJ1qwsGqhs0JqkNPdoVSQUARM2N3R0pfFYrLwe1QGrnReByHT+KYNpQne+7pUeq1aBqFmFQWkePg4AKCFmTRq5l2hBf0Pz/8aDdDza46yezFDORZIuM484I5hJOejSLd0cIhc6aBsQRBJDp5cw3l6N2p1R1zoWeAdeKKloeQgKiwhOVyW8M7ztT7GkVrOe2S0/PQWmOlJVqCdgsnIg8kuphIbIKCOjuKeTmfG20YXbzmWwTi1qd+cA9DBeRxhl5Gaw/2TI9BV+BKw0Amj7PTppYeN0csRfV9aKl8V8Byrpa1/TUirv7Z35f43JZFbwPdvrP6T8fGX7+9Wrix//Q/OPfn60lvvrzXzVvfvnvrz9fR3zxg7/85o213/zsz39ZRvb7X/z9zSeF9gY=)
> 
> **Figure: efi.bin with OSTree support**
> ![../../_images/1_dtb_bin.png](data:image/png;base64,UklGRgQCAABXRUJQVlA4TPcBAAAvrYAXEE+hoI0kZR78W727Z34bCts2Uvqw/6oHz1iGbSMpykH/rTLfzy/b2rZl7D+nU24pQf+hFixNiFRAAAD+ta/3fvtIn8On+S96z5wj5+r95L5XG2A9WoF8n9YAA7ADOuAA9JD9E3O4NtuZvLpPcmnO/ahmIolIMuY25jbm1scikqhm+zyldiKJagaI1rY1bfy+tnbvZSj61yDl5/7vsEFDPNnrRPSfgdtGirzH2GN4QrFnKN9PL2ux3Pc8X3ItltuP1AvXo+vP8zuuJuvVz996NZnuDyaZTNftJPsE+9v3k1MH2+wTnzx/6yj6T6yFXYTzA1QS3s/kpFk5sR2B0zxOVxK5XgigluyAYCgxAOIB9y8AXbK9PiiiJR0QShpFDKkGCFEUQOVVoTY3zTJpYOli2UZDH0uBZQvHGrVNRkkiWoZAiaZURw2sNFGhpUXv6CXBc9Msk64jS1fFlixRC0iLikSTLKnzCU+KcpZNokHd7xGUpPY40sDmphkbcssv0+0giYYkZD6ng5CUNI9vAIhyjipJn5Vm9LepZWkISa5Ag1x0sAwMHtQbPMipofjZYDM0uIFQYn9wbprx31THm20OD3QcxC6JaMLQbBEhCk1E5YNCLQUmJ826/WY5C+FiPbrp+Xq8W4vl4TVVvL2vxfJabLmlAAA=)
> 
> **Figure: dtb.bin**
- 對影像進行簽署後，主機工具將 *Auth* 檔案複製到 `/loader/keys/authkeys` 目錄中，以供 `efi.bin` 和 `dtb.bin` 使用。
- 主機工具必須在 `systemd-boot` 載入器組態中設置等待時間。這段等待時間會暫停核心載入，讓您可以檢視並選擇 `systemd-boot` 選單選項。`loader.conf` 檔案必須位於更新後的 `efi.bin` 檔案中。

> 
> 
> 備註
> 
> 
> `dtb.bin` 檔案不適用簽署流程。

    - 主機工具配置 `/loader/loader.conf`。
    - `loader.conf` 的語法是 `timeout x`，其中 x = timeout 的秒數。
- 簽署影像檔後，主機工具必須從 FAT 分割區卸載 `efi.bin/dtb.bin`。請將簽署後的 `efi.bin/dtb.bin` 儲存在主機電腦上與主機工具類似路徑下的 `signed_binaries` 資料夾中。
- 以下是已簽署的 `efi.bin` 和 `dtb.bin` 的目錄結構：

![../../_images/efi-bin_and_dtb-bin.png](data:image/png;base64,UklGRloeAABXRUJQVlA4TE4eAAAvyEOoEI/jsG0bSdLuXv81Hq6D/+ZJrDYct43kSFr32/zD2z2XgL+eme4qx20jOVLN7v/yj87fBeBvTHWJbSRJTvofYX8q5O8QhU5Bg6cDBPRr7LGkAIjQFRE0xDSSjZIIgmOxao2WFACV2SCpS59OVHpBP+hkavFAB5OOg5aDBmHCGpm0d6YEJVAN2kAbaAOtEMe0X6D/tu3NsfXqnDfH1Mw2rO+uq1SPVtm9RAHo9anSKs3fQYTVTcVqJsCy2iICmLHMmGYs2R+6yurTiC6K1adK22OJYo/l9/uJ4vl80qi0EV2laUShMaKrNA2NKF6vFw2NKO7H3eNx1FUq7XG7ikJjRLf61FVmGzgGIsmgf23ungQRocBtG2V4fDl4RT9oTUWAgUBifA6hAFTSIrHsNs4C6pUSFgT0gXa+4JakyrcT3LLdnrI4QzENISasPJVHEql36NpBP2oOeE73D3mSznMw5Ecbs2ztYRtJiu/XrrHRm6DCy4Kf4FfTHXDQcAe0+RXYFMxwI99/Kfw/RFd1J2lppjKi/7Rg267bNgsTTMGY9KUgQi+7Od/Urm1v2zYCaEcps/fobrMnsxN4b1ply+wgeyfoYo///7dFvYIQ8QneSm9E/yExkuRIiTo5PPQ5YK6v99vi44j/Yr1fvj3Hs/nxdFc/H9mesGzGd13otjtzfFvCtdn1fRcn9id8m+Nn6p3cw7gOnRKfHYYkOykOw5l9BPswKU/bn30rK3OIJF9od3M+X5pDM/n8vi52LmNyAVjK7/iyM7+hIcnY1HK7y0vzgxrPTK206y1PaUyyO7/jye0pjUpmbtebv6ERzdzNLvdItYZl1/Zj4RoudVuptzoGqWuz9fe15jQsWTzsCTB3VVe70JA6uACSOfGf+E/8hzhFZQ0YjKVSADNW/PfF66iNcEBvkcB7RUJvQc9SY9wlvdEbCfC98j0jjmdpbwsIXxHTgOhrJqVuTTWcqEx/gijrROFGRDuHUkq9ueqN9s7mqGcp7VYMSCCagVyJSwY4AfEqA7NaCpCA7IkikB1VQclaA3JhAeCTCCSsrWbge6moMXDsUWOh3FPUFPpqDxSLm0qlVBwj0IRIC5ag/oqV7H2ZiEt1EkkyeVE8Jgowj/mq8LXVMNmJeSZysa8P5LAwzMWApo40J4XVXaDXxqVisQOGIxIjElWEtdUwEh+lRVN3/9uijJjnbLqe1ACw0A1eVb+qmkaz+R/XO4j+4Pr70Kmr46/p+GtFmd3Mg81DZvNQlEqc+uY62tzAxMVuXltNjFgauoN3uyH13YZoViXWPNqtIBemWuBTll7UXFZVw8hrvEV8WsMB+e6d4j/xn/jvl/9GLHEpUZahwdCrBqTUgdq9sygand/ep1B27xyJ6JsTC+q+4jsVC4pozpsuAECuRH4GpPVKsiokQjXZCxgAZjeYFSKWXoiHbm13d1H2RxfgyeVMJNkTYyGPRJSKJ1KzRLuBENUyjWalgcnnTCooxzcgFhQDJVBMqtCEsNmIQQ1ePSkyq0aZ9ghKaTQrEnWojt0lyLGgzPzH4q4aGvGGc3mmSdR1Asqxm9M+6XgwK06vGoWVnR8LSpmJemnqa/yWeWCI+c1uhqeoNHhRomyxp2vU8vzDbhYiOytek7hbvCSf00MdC4paRmldihvnnSXmP1d6corbBd2rl9Ty/GE6l9OO6j6Qz+mhjgVlKrLdlm8OCPtoM2P15v0fC6ohXPkdsLnP4y7azee0erdvQCyoCXqgKsibDX0613x+vTsAQPYrPr/eM77kVIT7zU+UfScEUa8THsC/rKEGUh/Iv3X1awOlI6oqNFh61YDkSkZuwyv+E//98p/4b+ge1k3/XAlS07+qwqzpH9ZteI1tRkE0MUaMsaKPgPCXY8BviZT+egmyuRrWBnHb/1aHBWgZbK4QP+TAVLFsnQZ/m4uAmbk4tqjYHe6eacFk7y5Dg6g3GyznSoogrrqa7m8G6QZ9BpIzQVIagEitAEz2SKK3ki+zwQVSA4DkEbaDjW/IKgULBQEmiioU54RekdMZEFtxpExZFJMKkQFww+YazFNV92IbjdGrAI2EjLiD2eRGOTsviUy0o955ME3w5kgVGUgqzFXTAhrNoroNMYimtOg0Sr6oWVFdQ6UsFMX1amYpKIGoomomFaK6mjaYnSeSuZdgozGm7CoaIe2v7qP1nM5kKVOvrhc4E7bMDgKCOVJAUlETW/HGnNXl8z8o7DHnBmHRVLDhPKkX2VMeDBj2eX8qgWJxJBNpJhXidvlIrpVh5knfC9gEcVNHmmcC7y6p8Z0aUWy8NxN/UGEACOZIZqFxpZGRoAoaxDLT8xiIHi1FtU6YOG+KmwFAPWlFsgsNC1lQbbOk9FoZZp6oCQAO8F1Ab4/REUZ63VsQ+pJijlSxdDxKUT3PqvBBx3O+2k3iiUE5qStlzsooe7dJhfizFUJudQ58o1PvQ2Km3y/Og819zhmVIoI5Ui+sD4hs19Ao5MuDme8XF6aASrM4l0FlpiqpF6YGZDuTCnGr2Xmq6n0MttEYJTv9uIOztGY3oohICUho5kiqsJmsuZB6rs8NtJdX7UYuo6mZgQ8FksXGRTQq2KRC3GqDeWIgl2ijMfapenZ5XQQaQubr4XHQ4j92V2VExqChoFeNkdvwiv/Ef+I/8d/QPYbt3okmrxW3j2Pq7/14hFUadrCUdp9gM8I8hD2Yu5iISwaYWFQxSchJ2mYmuITN2OYykGGCxlHKRXYrHYwlA82DiXJSgTr8LqMytjnDF56K22KDuG02Y1ssnhJs0Lgkfr92FUyuRGL4OZND4+JdTvuMqsIgLlhom5lwT/bxqUyDJEsVNSXaraREIjXnhRvcdcTg3TFQ1PzziwhCm4Uau4WO2zbI2IbW2aBxu8+/V7Z/dcDc9cau8NyrEOS6C7vSNr7L6UanQ07tPWZt+0N1KvRXIdXmZO70Ke84DZWSSqXKxW/45sImY1vf7DJs0LgdxX9Soql4j0g+B1oAR1E8zbKnAACPUAIyas5EW7+bydjm1DzYoHH7FuXsg+iAd2UmPeP18fejoX1PGbzB++jFxT2ICRo9ijuiX1dwKXVrIDJGbsMr/hP/if/Ef8PqXAoSQ68akFLnveLgde80NhZtt3IYFZddBIRVxRS0rRUQvg3A5kh7zZzHciIq0z2OxKF92ImavQcpGwyqdUlqTLqYDDQCABLeXkmqT0AkmYmm4hgoYfdqBWB7DQAQQgay7xhNpyBsqOTAPgMJG7N4Umwcuv53m8vc/Cm7isZwlGPFQrG4ncurDIje0F32vkxXjGBTEJaJFpXSr5YOMnKppAzi0G2Xp2uGmH90uVTqawbNs8dyHVXMe3JAr7heu43BIEVCRiObgjBmuo5mCds9oE+edwMwBAAb5tVLS8wfRPrmD+gtUZq5ELWM0vai0pIrzgDWgioApq5+XBeBtAOMJ1i/oWUZKKqmTR7om7+ikr79U9QFwO0vnrMgrO/iBG9TEFKZddo8L78DwoOJ1WZfJsPEodtk5uaX7CgxOWChhkAMv3MxKkUEcw1QmkeYcrYpCGmCTpXn5B4iI08wkBVaTB6/SjoO3SYzN7/Xb9XSXIhoQh/sXJSAhGauAWqQIV+SSUFIVX1d3vIBbktD52nHfX4daOropVVkURG+G+ZE9xkRkb4XPKTeaRDRnhNs/j6MBZgryRVn5Da84j/xn/jvl/9GFfnnyk5C/nJKR1RVADf9Kx0cPqztEUH0PoVHGBUXQqz+J9E9wq6UksLYlzxCQPgKxr1Jg9/jGvz/+TIDuarYHRKIIpARTI4+Lhl+Z6lZJTlBI0oxAmhJBCV0XrJT8+nBRDmpGfd7TARy16dYcUlNYIpELGqyuRfFW2sqlVJxDZWyUMNCjGBy9DHC7upkpgXN0N11S87EcJLIzOecyaFx8S6n/UVfGl2koBeJKM6XaJiOaYLbGB/vrk4uZ5SJyGHpVTBozur5ksnRx6Dd4p0l5j/qFNgYDFiucnZk5rPBXUcM3rBB0CPSzdkM/DigSEq3qDRqG+PT69WZ8Qw0dZ93MwBQigYA7BoPDDG/NQFWg3TodbnC89zLQa5bJeihJVMciWJfR2GdrRzc6ibx466osq721sCBv9CFEgf5BOdkYoClvMMGa7qcVnfbvHkW5zLUC5+IYHL07TD1ql3JTH29CKgjtGCx+QQXwFEUT7PsL/rSuLG5zFQlqe+RpU+2tc27qUTN8DSp3UyOvh2GGMj9eAUikVxGG6GpBJNPkMps3uSte2y3yeyW1BSWWc1yFnXpZFGTbdzFfjS0LPv4R0PvYbi4BzFBeyD/1tXfw3nxD0gKqiqjXhgMYrLKe8UZuQ2v+E/8J/775b947Y9/PYz9/u87Ee9t69Dr3km2L//vnThtt/LIIMIE/oqA8Ajm0fYoxrYD3zcFeCIGB/SWCI2oYl4Z9OtepQG5XGUT68tmKmMhCmgAogqtlfaQhmaTEHS1RLqn8ZgooHNe1AOXzlRmeN0lWrDsHwFMQ30av5jYrdExmko252IhWhBUtJE95KMl5l8dw9kcVsMHKIY1GKDtHguYhlgSEX0xsVuDYwTiUp3EioUmoTlTLbx/pIaaPxShgabu/CpT2S4DTOYbAJ4A5EFZq/NBNRtbEPN7l9FIBf/iQjL10Sxhdww8Z203id8z3TtFze8BkbEMuxwwaTUD2BfUyxmo1g+LSi4Cye08HhO1G5sHmcoqJXgC76bOUyx+pKnIX19M7NbcJ+IET+YZfIUJk+Zl2nmoFb2bfieozINMZb0QeIqI+wnlPEZT8SsTu20/7hMUpRInooyJSBI5iXtIKEtD9xBfkt4ser3NUsGrErvtAL4kmnVybEYlqnkvDeLmGm8e5S198HLCD2IN2T2KOyL6G0E4Nf1j5H7a4j/xn/hP/DfihyEPw5hSt/g0oz4vs4NG6jDZStaAn+vfNqOQq4Zl904xxiBZGnhvmlAT6ElpV5G4r9hoeDYUSopETrJfF70PGwG9sQ5AwOA1otzB1BJtNpHO5exoj/FEDc0m79tfVmQ99ABEZz1cme0tCMB7g5eZxpI4+lqGRmSQRJO8T6kZmPWMpigAfBJBCfvEmqyH185mPVyX7a1M1BD2BZZEY7N4oi9maERnbwGTJjMtaIburlty3jcDhjUYoK3L9lay3+DBy54m7htEw0NvjRJQRjNDndit2T0oiPlttBmYxvWzMRiwbLoPiph/K24GsM66bG91Bqat5Sx5Bs5RNLxhV4JkGs0nHKqiB3rZ1cn7tCbAOvulm8Sv7VZnewtYNoznDKPhjUSqZRrNZ5PznRFPsagaHJhoP1mV9TDN1qpsbx5MFW1voKn4IVqwrJpP1cEJ5dzVq3YlM4USicvucTvrYYMY67K9tdIHuwNl8dBxajuaEFZmaMSJL4lVQkbkElXiPolUC/ze8Vdke9temC0NDfpx0LuPE34Qa8juUdwR0a8FWKrSUZc7VYhxJVXByG14xX/iv1/+E//9L5k1rCaUmfHoMGr650rMwNq9sxmFXLWhIjF9NcAN+CFM4p7CeIRCb/MgsNu6fz7T3/tUQclXIpCgL4UyyESHBkAIGch+05mFo0Qb2O0uSTJ5uSr1ur3zYJrgDd1l78u0A1CUQWA3InJJLaspErFEAI2RAb7XqVj0IBLVQTS3gGAMBinugU6iDuymRXG+REN3au119yyKms1XFX7Ao3UMYJ1dsNnpwG6jltItKmbLHYvWfvcWhK3uPvY4qFujUWC3UXZL3BGRZKo3NjMqRQRvIq6meTOlhjw6ozEO7KbkdF/sqGa9W+67qS0JSGgqdpW6XGSLeI5xI7BbV+a+9KrvkYUC6l1MIEtDdwTKUsEqWVoWFdTtymW0x6Fwlob+8t9oFqG0rWtshfeWiTBYhMVYvrOvAk+kaMOb5NdQMTObxFbnV6duQZKV5XZ0ley8jUmuJ0kcBVHEf+I/8d8oBSdcjFdcxi541Z4ul6cHsR/Aj/9xg6rpX+mau3vnV41XvP/UukHVhteamGq0+eHpBLy/Xl0A4MfVK/B2HHh/B06HwzPwfK3i9NaLYkon9Dak2nlAtRdlUEXkcFlNkNx77AkDfrcpeD8cz8NB+eiLyrN1Ph7eUI6druK5eo4p1YGAA++37gn4XLO54DTc/AF82IF6Zx0mKRI5yT6ht8ByNUtYl6ERBh5hv+kLwxqXG56A593G5exsyJgulkqbKAgw6XRP8yBCJEUgO0JG7OWpmmyFUBH7AoB0r+ySOBpiVPpiGM6m4EukACaZaUGzESK5VCeRzBIhiWphU6FJEKm7Xbj5Mt78r7pf+2LUzOJpiBGIvhiGsykwHNGUdeFsA8v1W5ULgbuKStTYVGjSUXV7cLfD6dZuj5SqfTdcPCiI2QwondociQEsg5LXRu8boBQ1v2tCRAxqAoADvALVlEHEJ1PhPnT4AZxP3fFNebTlX9T/qkcb/niu1G8JLqqiNyVIHnZoc/EaAxjstPay58A3OvXuw9e7nf1bVw3NczaLVMs0IuRyJrJhOJuMesVduF41sI0QGaUSJwLbzV7YVHgPRQuWIfJlWhmGs2nY98AZyCXaCJE0AxK6Cr61210UTQgJvTX1OnQBrwzDOYCFuzT0jie0paHiv/8Hocqo1xTU65WsYuR+2uI/8Z/4T/w3rC7LiFJH31rUyAuLJ1hvPEoGFRAeoBIAZD8I7LaCR9sUEu/W9MKRZRDY7cGLGrwJ7KZMgAQVYySgAYgBGUg/ZyZ4iD4Sexs3LvoERCJ1pPi8N4snpaFSFsPrLtGC5efMxuUrEzUEnYkoEaXsKpo5UkS1ZoipfXE1gd0GjWENBmg/ZzacV1FvO2hMKs7XPJsjxVOlpWazSKPAbpqbAfxkUWPrx+WrMzANBFVYMkeKkjxni3FgN2USv0XdtQUso64SkT1SfGZffs/iXIb6HgmewD93Ji6fB1Mdxo2T7CixOVKERhPCXFTOvH68BOSriGj83HdrRR8JongVlNkcKaaCZ2mo+G94ByO34RX/if/Ef+K/0aNcSp64Dw2GPmlgDO3e2ej8Vk0sJLyKR/hzhIK21Rj/jWL6b6gtFLS7jJyIdgZBb1EbpC2oGUhOHWkmD9XaeoxmA5ORjzmRrntazSWV7YhcBEb3hASvKkqunwhKU7dBafam0GcvdwTC2++LcxbQqKG5EqmW2I/kC5uVxa3mccWl0lQcQZPUT2GtlJ3LQpRzHd0TGuApivcSVcURzoOJ4c1NQQH+W9p59Ug1ePyJQL4KWd+Xs7qvca/JVKiKARMAbCiY1CIzkGvnJcdCtCB0IWN4jbcCMHFR8xpQezU+eqI0D1ZeLpCqz8NTFZTc5bljIlUtxauKXt5satOP/V7fPZzKVdJgViRzT/Blvirq3NRSVxHUbVDY3BS91Ctz1t9IOTsvyQbna1iIEVyJxPCsr4+GQLE4UyGDaYLr3aZyXiJNpVIqjuEkqfhuk9CVmSX1UL6QV/OiLsyq583pKQql6Vl06hF6ForiXU4kmbxcsdhAf0loLIqtLYrz/SxLdSag55xoloISSN8T5rkZDb6fx1ScPl60NwWrtHXmrL9VHhhiflNUjLwF6qGEQXNWT0sZTj10QN9HZyIXbYW9mAC/PZ6SJw38h6IfWMtE5LAwVJBXmfqIiMwsXU1CqgV1PKfLUpNJzWZ8y1FXUlF7rXVSExpTX328IkAYPIUv10HJFctgkJK6Abiocy6eUlELvNKK7+brIMPRBKBRVYPJ3hQc1SsBfdbfKZWl5j/mKadX93cTnC9Fo7erYRgoW+FmefWSWp4/rAZCUzUwII6IS0VtAPQsXTn1WN/L6OzDbDRxQb1EO30JqjY0M6FKiqSo0r0VBJJnW1vNABJBNfMkjVJUj/BX6syv9MuvQguCOgcGcmF9U+i2wJzjd4Xn3Ogm8eOuqPvx17oNHazrQlHX7Cx6egrRqIAFoXe3/vjo1DNzdYhBks4bXYBqkRuZ7xLT+O6h5KS7Puf2D815gIdvx8dZVw5VpEe1NwUHRXffKx5enJMJzqc2RwSPSD4HoyEQF2cqNDZ+s44bmDEpZpbIqeuaUSleJX35s/pvtZtE82Rfv2edfRTfy5NMVVSVXu/WuxGfxNnayqyOFKUSJ3MStKANBkS9U39Q+zmYRSbkmSgNlrQ+0Gf9fWTeAx8E55vMbgLM1JX51m6bDchuuBtNJailojczSzTpd60TkNAaVPP6SEGV5gafMTMAHuyWUbKlipFGA8DsydYWCiSLri2YT8zZ3C9uSMihf6k+v2ACBKpmPva2Z11mmst3CYJLQ9e+jOW8IT8aeufnhB/EGrK7u0H2UVd/Q4e+FRQOEX6rFuNoVNvwiv/Ef+I/+cFYdDV9DRbXlmOr64uwHK5cj62S5ZlvIHF0ZTqJrtrT+SoiWb6e9FFBVWVExkQeCMWbIIaqkrMx4B+b5jxaIRxJXM+Bb/1LsHlQCBeEzkTyM2EMVCFYHnWd9WdkGFwwkWlTaXqNMZH8VHKvnB9vXUw2f2CDByABGc08piMBmQtKDQASMVD04YTXrCw2kl9KRAxT07B2cipcCl8Z5A9sUF0AE8lMC9oV+VIq5azWgoqFYnFXFRlICkMtP6aForME5WSMa4+lEvOwBTG/K4OQVAPBnBxfRzpCG4sx23UCiWphjXVsp1EkvwzAG+Pay0T0H+swRR80AdagllFUWCiVnm9OihANUreRihAmnpKsgvZI4Tlf4MCrOvOeuh4sA3DKKJKfqDReYV33QJNmpYKprdEQTJA+ytmZgS+xD4aR/FJ2FItbQW/mMq3vFkgnR40rugkwn3F5/XZ6mXVWP1bR/UwkP58ACb2SW3RMPjYxANPhYazitnMwPdjBxie0jjl+FFyeLpcn7YJXrZfyYPUM4PID+HFTL+XB6hWX4+Hn1AXZ9C96e9dlDPw8NofYhjdOe3oFyulwQG+nZ+DZen8HrgWpUi44vQFvx0em4wW9vayiC1IGVTwynXA+Hj6Box4M9YLeUI6druKM8yPTGbo9jww3fwAfdtAXm8sj0+WLnoDnh6kz3vRuj9/uBfg8HN8+xz7xOtx8wwN0t8tx6A0Y7vYwdTi+AHg53ureupczcDrseLHrUVe//Cf+i9dcSpRljDxNkDzNIzySlekrakK6HdbNJSB7UrGh2sO08yW5FWHdUnaUEwU0inAPOgGVqEw6q1sCoiKs87X5QQ6g3thEpCBDmIwpEHFRKQgqwqOuk6n/FSPQhEgLFit7Xybr2mZxXcnq2fs4rJsJMxKpXrupuEedKV9HNocMEZpigwSNMKo+5exdTjfDupEHilMhZfDY2qyoUetKRRX+M1QweQABzQaJsWHdTEtCi44N9SDSj+QZ/k/gZDZllsmqWKypEjV49bod/LDDSPQVUZzPQpM4+xKg1D4YhXUzu/WOS6WG8LDj0b7EZyCLR29R1TmrL5nLMKybrq4SRQBM9zmYzi7yy38j3PhMD1cU/EqL/8R/4j/x31C4MUhdm41x5m9Aau5mjHM4PwioqZV2jJOcz5fm0Ew+vzPBEGIvhDP7kgRCcTDiP/Gf+G843o+Cy9Pl8qRd8Kr1UnoyqZ7YuoEHoWcAlx/Aj5t6KT25r9TTWh9vAE5HVcJ9pdSjyY3vZkvecpZXXI6Hv6x7xfsKz2aleLr+UZvzL5exz80H/ryaVzoWnJ8Oz6VX9IbycTieUczC8vyYGjy9AuV0OKC3U7+6rfd34GQu+AtOb8DbUXnD2+Fwxkd/hH86Afrx/cfVZ8HlWTvpp/o/cK3vHee+0+l0HOlV4l3Vh5djL+QCvH08cBz1k+yXVXRByqAKszacD0fgRRUwplqxq8xZrU/Aqdf29qme6t+AqzdV61l/F6A8PW6ccD4ePoGjflo+1At6Qzl2uoozzsoHcPzsV/0LXrrR4Lmfwqfybl4hqGcTb1CP9zeYpxnl4/BU8Hks/a28M14eN87Q7XmNV7VUfNhBX2wuttjPN1xwPOPzFrVg/Fjj8Nx3LB9j6in/C3Q7fUK398eNyxc9Ac+rvOBULiecgOM6twejj8dXeLV+PH6c8XZQ7c/tPnHByxMuOB/Wuf0lT7qWvt6s6Yo9FXw8eHZ7AT4Px7fPsU+8DjevckSv9gy8DFyGVhxIlXB4B1Z0n7r2l34q78fD5/vjZ7fLcegNGO62yvVri157jFPfbeDmD6IMSsDLCmY3fJjdcHrgfH59fFFvZN/q3rqXM3A6rPSCN/0djePbGoeP18Fb5B8vV+cfhzUOp2I+tv48A+fPB/JvXf3yn/hP/Be1nTjAt8bPna135kKbbe35odUlvx77PM6y2vsvnu6mderSOZbNdz+dafFxxH+RXgs=)

    **Figure: Directory structures of efi.bin and dtb.bin files**

### `efi.bin` 簽署流程

- 主機工具使用 `sbsign` 工具分別簽署 `uki.efi` 或 vmlinuz.x.y.z 和 `bootaa64.efi` 映像檔。
- `sbsign` 在簽署流程中需要 `certificate` 和 `key`。請確認以下語法，其中 `dsk1.key` 是金鑰，`dsk1.crt` 是憑證，輸出檔案名稱與輸入檔案相同：

sbsign --key <key file> --cert <cert file> <efi file> <output file name>
        Copy to clipboard

- 範例 :
    - - sbsign –key dsk1.key –cert dsk1.crt bootaa64.efi bootaa64.efi
            Copy to clipboard
    - sbsign --key dsk1.key --cert dsk1.crt uki.efi uki.efi
            Copy to clipboard
    - sbsign --key dsk1.key --cert dsk1.crt vmlinuz.x.y.z vmlinuz.x.y.z
            Copy to clipboard

### `dtb.bin` 簽署流程

- 主機工具需要 `dtb.bin` 文件的路徑。
- 主機工具需要提供 `certificate` 和 `key` 的路徑 (絕對路徑或網路路徑) 以簽署影像。
- UEFI 安全啟動需要 PE 格式檔案進行驗證。如 `dtb` 等非 PE 檔案不可使用 `sbsign` 簽署，因為該工具僅接受 PE 格式作為輸入。
- 主機工具會使用 `openssl` 工具來簽署 `dtb` 檔案。確認以下語法，其中 `dsk1.key` 是金鑰，`dsk1.crt` 是憑證：

> 
> 
> openssl cms -sign -inkey <.key file> -signer <.crt file> -binary -in <dtb file> --out <output .dtb.sig file> -outform DER
>         Copy to clipboard

- 範例 :
    - openssl cms -sign -inkey dsk1.key -signer dsk1.crt -binary -in <foo.dtb file> --out <foo.dtb.sig file > -outform DER
        Copy to clipboard

    此指令會將 DTB 檔案的簽章儲存在另一個檔案 (`foo.dtb.sig`) 中，並不會修改原始檔案 (`foo.dtb`)。因此，主機工具必須保留兩個檔案，其中 `*.dtb.sig` 檔案會在UEFI 安全啟動驗證時使用。

### 使用主機簽署工具流程合併 DTB 檔案

若要使用主機工具合併 DTB 檔案，請執行以下操作：

1. 準備 DTB 檔案：將新的 DTB 檔案放入 `dtb_files` 目錄中進行合併。
2. 選擇操作：在 `config.ini` 中設定 `operation=combine_dtb`。
3. 與舊版 DTB 合併:

    1. 要將新的 DTB 文件與 `dtb.bin` 中現有的 `combined-dtb.dtb` 合併，請設置 `combine_dtb_type=combine_with_old_dtb`。
    2. 確保舊的 `dtb.bin` 位於 `unsigned_binaries/` 資料夾中。
    3. 主機工具從舊的 `dtb.bin` 中讀取 `combined-dtb.dtb`，並附加來自 `dtb_files` 目錄的所有 DTB 文件。
    4. 主機工具接著會建立一個 `dtb.bin` (vfat)，複製舊版 `dtb.bin` 中的所有檔案與資料夾，並加入新建立的  `combined-dtb.dtb`  及附加的 DTB 檔案。
    5. 主機工具會將更新的 `dtb.bin` 放置在 `unsigned_combined_dtb_bi` 目錄中。
4. 不與舊版 DTB 合併:

    1. 若只要合併 `dtb_files` 目錄中的新 DTB 檔案，請設定 `combine_dtb_type=combine_without_old_dtb` 。
    2. 主機工具從 `dtb_files` 目錄中讀取所有 DTB 檔案，並創建一個 `combined-dtb.dtb` 檔案。
    3. 主機工具然後創建一個 `dtb.bin` (vfat) ，並加入新建立的 `combined-dtb.dtb`。
    4. 主機工具會將更新後的 `dtb.bin` 放在 `unsigned_combined_dtb_bin` 目錄中。

![../../_images/Create_sign_DTB.png](data:image/png;base64,UklGRtwRAABXRUJQVlA4TM8RAAAvp4JfEAfDILJtJff7x6lgFeifyZ2LhmDQSJKiOXwGC2Th/WtinnnGkWQr2f9xJwE9EwD5H4jI7e0qaNuGMX+UY9AdAEsAAPz1y/5+SNpfQwlM7vg+0I2kU0QKRaRQdFIoIokSAAfgAQRAA2gADaABFID+y+SOtJ4JHeVC7SzX/+tXAQLdIsKYfhUqMO6/k950mP31lstsj7NctD3OetN6O9tDywX7K9MBJ2XchYJhk/lcnDT9uqFof2f1uNM+ZHxCOs+EgAmRvG2Fec4liSDL+DTl05RPU0IJm0GY52yMRUVBKGaTSFBEtA8J5uI2UHQTYZxmWsHbtm1aG7vW1lddSVDeX5T394QYLNSWsVpWy2oZFanMyZyjmExCwmROOjDm//8Z1FUFkmVkVV4U0X9KkCQJbpsc+eSFFuuGeQeBwBGD9ztrWlf//UOp3//yp3axfvaroX7zo6l1rJ/8dpDfTqff//rXrGJ94wfTH/1+iB9Pv/MVtIz1le9Nfz7o9x9Yx38QvzqdDvjtF9Nvo4Ws701/M8Q3baTvXi2XJkeTpJpSQJ0m9kUNuZJDfQQVNH0K0Rq0UBxLKwpEGwNT0aqdNh12z3uaKnAtDVfk3e+ifRGI+BIKaO0M8metyMndMohCHTESIG0r6KrBKgHIdLmApNF2dZGrXZ1oJUBGFeAixhliCa4hcyIlNEoaVykAJB1686SLDZSIWYzoQmk5dJeQ3wtRYdX9auMU2yShh0EDBbqJ1EhEGbcDJEmLOdWKEmuIETNpypwIelBlojFuYv1WZIgCGiyF9bhaLsjdd5yRDFgIRKzBJdKYrFcbBi6U/WooTQOZYSFFjXFhyKxyKnkX36QAl34zV8RYC1lgJu3HQnGM5K97egxksfGRbJwh2fdNF4u8XwWuSRF3c2XuQm3IrBGQolEWa7etBjdLiwTjwn5Ikh7J0ZVmNdTglnEZYz/IoBoGRRfT7eI2lgTGuXHg5i0dJMcYNFAZrxbLBF2QmcrcN8Asbo0D0WpP4mZStBjLGO2I3ikyQZRy8JS8u7wA0xSppujIEw4SSlNmA0zkoClYAomTWRIDFkJsRP9CBV2oVcFiHc2RC00JDdI7aW0hI1dkhHkhRFcdUTVU9vT8l6v/rv771xAmH55OrB5nlsrtnp9e3Vkpk2f+6f3stOoj5zMb5Y4/T/DU6pF/tFE+8Ac8OTd8b6M88fd4esW5nTL7F7VaCdLmqaArSd64mJbAhERxtbYJRAEVeTsvu6dBzKFCpG92qL8Pl4y1WBVqKZIMTZLUzsE87ldpHZLiTH+LOJHbQDXUvUpNJjoFuA10VWGVmJp7WDktFD1IBw+iVkOZIN00QN6Ylm4sndwIVNWI2pCMjYM8puzgBnPhUoXAQrS6Uh08wuKpoeyFoqAaqKRE4wBzmyeLcThMJJS6QqDdk0HVL4NGU4BAXaUWER0p7d3rYL1Tkgo1rcgMsACQmWhJcw97ev7LlX9Pr6weZ9bGK6xHS2P26uoD5w+XsTNQ9/zZkkLOr/67bN0+85Gt/f2l7pmPb80udHyEPVz998+ndgFj3uoQoaPZsvVwa7YdmCJ0BvDnmogt7YqdM+d8xVanx58PR4JZGHOfXM87jKGsHofspdtwx/naZ2xB9u+lw7xtyJi/U7oAQUQ3EQsDxlbKoou1VZF95iwoU4o162qrZzYcaowF3pz7jLF5Z9FlXFkTW7Y2RVjynR8oc84DtQurFCGNo/O2fMl26v4/4gsn4pGjQmq0FNrGkNnwN8KWr5lp4+/4km0sjLlHZmzo7rtkZIb2mGHFdpolzbpTO/aOrVQ+w4CkNQ1MmbW/MhZDBt7CwvAWnOy1ukhH4/VZM1JLHnqciNSDCJWij/GmRWw1xNy3LhdHR2a6c1543LhZHGRnecx9fb+e+3RgcNhgw5bU0onMAyfqZzqUvNDmDPjOWZDnbU1T+qk4XsD78MDb8rWz5ZFnnGJMEQTcmHlFboo+ZcM22pTQlkwh1woY81ec6wsN4JGF+tCFvJX2DFhImVNsHbY1ZV6SYCpEoO7f52ShUC1kT88ruPrv+onnETazpO9jzT/gpW3E6yqzR35nSd3zJ0v6OSpu9vzj+9nY1wPnD5cvvONnoR7xAoY3j0+jXx/v8MLxlqir/67+u/rv6r+r/67++zu6v/znFxay/uMvQ/zt/z5byPrfv9nTi6/+s2ZaKDQ5iAYquyVJ6Z6ev6wKarR5KmiOJo/RkkoTu8aVANLtFACixAQASKg0RnShRMxixEKAKFTQLBZKm0hXAEBOVAlApoK7iHGGWIJro8QSUcYtFqLBAirDpgIXC3WoxEWXqcsjik7Skk2StKZNAwW6icRWlFhDjJhJtEeAVk7vfFtRYC4QMW9MA1GilKKbUJM7Z8wFuZaijieTNNa+mZMZFlJ0MQsbNchiLYcbx3mJaCIzFxpRleoCLZBGQIEm9OhRkYq4mytzF+pLyOT+44l9+qv7yauBWOZx7JoUcRljlmXpALEU7TA11OCWKu4F5PaZn1ztb09cIVo6KNQxIHITF2SOZRyXiHHeN8BEmgeJNsBYJipudgGZ7Pnz/eyk6v6Z7yevZEreTanpnTHSilUCAS7qU0xcUQyZgpipXBLKC8g9f56c3BH3iX94RQuRx7sppAR9KCITRH0hEyyhJM/bmhdSaRqVsb2APPE7PLl6P8qfrfQiMjs9s+v0WgnS5qmgK9kgpkArxYREcYlUEAVUmMct2j0NYg6VlsHwApSMtVgVaimSrOdFKjsH87hfpb10H2cdFwpEkdtANdS9Sk0mOgW4DXRVYSEACvogpbFyWij6tEmCRK2GMkG6KUSFNRR0Y+nkRqCqRtSGZGwcJBllBzeYC5cqBBai1ZABpBZPDWUvFAXVQCUlGgeY2DxZjMNhIqHUyRTtngyqfhk0mgIE6vJY+0F9Ke3d62C9U5IKNa3IDDAFSGWC2AhLttCJ1HUqzw+vrO5vrI3XV/s7O+Pm4dXVE+ezy9gZqI/8oyV1y/eWFHJ+ldntRz6y9XR7qXvmo1v7m8vcjI9w3Y2029lp1WXkYZS9P7m/LvcfJnbKA+f7p5OqZ84/WSk36n/WidVsz+9tlIdT/BmLO/7JRvnI70/PhHPLYMRezvlnFruAMW91iNDRLJ3okGxDU/jzfhFbatZsa1fsnDnnK7Y6Pf58ODLXwpj75HreYQz1VtVKkG8gzlLZhjt1R81IitALGQu2QTePUCmiLhaLeMTCLs5KWTDmbzsrh/kBZUqxZl1tuR90KUPDn3UhFh2fMTbvhE6XfCyc9tuHFkBLHNbO7u1jy9Zcq6Wz5mtn2WFLvvO6eVtDCj/QedsuwE7d/0d84UR8TUJqtBSmDb0pGr+LGho3AeeBF42Ek29n10JxzHZ2bx/eQnusEDr6IxB/rqVYsZ1mSbPu2IZ381Y88MyDwBsyWHjUhq16ByT5mYN5rDmwnd1bCt1VyV6r8Q1ovD5rRmrJ/QUVkQcR/mIAlVe7j98NudgJz50aaurwdnZVApC2tJ3dedNA9cIXR8e2Yru+e38txUFW51kLBXVwO7sGCmzjdKw2OQBkQ3dtjPOBBNAqTsfc59pjAi+kA92Bgw1b6rnN5v4hgy1bn+NBCzl1nHZ2eTxSZNygmyRHhoi5OK3NzlmQ520NUwYg35IFvA8PvG2Xcss35inGFEGgT1FRV+pgCPQpG7YxTTmbm8Pb2ZXq4BGjRDuIa6gH3/u/FnwbMOavONcXGsAjC/WhC3kr7RmwBV3InGLrqIXm2kJLJVIhyC2bk4WWZKHzd3FJDW9nZxxgPlJa7UGDS3btUkCSCaygiCFuEEVuytBKgFwURuYPbCZAFMRIn1dw9mQxUge3sysEjhfMtV9KBQU2sSJblLFiypAkLWZgZvgAfPqH3LtYZFBpDm5nV4HafTpSjtGUMoG0Iug3nLlCXjlpO4YM5DvStk8BLv1AkXFGooy4M/g6mObwdnYFgMxEi40Yp4XaXKREkh2iAref4QOaGj6EacdynU9YQW09ldB0GiiV7KCBO2wgWm2Q04HV2iTSRZSiVWoyZSiUx5hit2BOH+EbFpJDkYUyOHChi9YYVRYf9mpEefgXzI6p4kY9bBgqychjiwvd66vHCR5YhQAY9o/hsUWD59b9Wx3fT171ea+TMXY70sa/bj/xx1cN78bXI77R4YzvXze8mY1s3eBb2/G+zLJ+ASLHpDljX7BLRSbdl1HGrWVTiRZfBqapZZPk+FJqaKyaBmrjK7CJlEA/zGRC/gO5KABki1jGJEebAiSNdrpknFs1JbTGM1oSof1YATklJsccMmzjjOYQOaZJi6loqVReKm4fRrbeH2rYTwbQn4pIY8wkOdWApkoTrKBGLEpMJKKba3Jxobjjo1ufDjTsjGuqENpPmQsDlJAXiFiBzBvEY7t95iNbz+9H3n6M29m9oDgjqUywySVUKlQO0uB8fcFuxt25Ot2o1H4yoG8g4z6VulQmqC6toaIyecbOf7lENFD3TGnIlBoyRJmaLtbe+ijpphTQ6Fc7Y+cTXiIwyc0LJcaF0lYf0IXSliwUl0g00NgjL/A6WJLiEStN0a7BTL6QKm5tG0yrl5E0aKecZP3TnJNou7hl6+HWbDswRegM4M9NDRhH0kg0rDTdgLPnCG0XT48/H44EGyef//vLQV5lw8qz7lTaLp498Ke/DnEqX7GXcK4Hx2m7uPYZW3BO33je24aM+TtD20WyGdZ2ceszZ0GZUtC2i1pmw32PCuHNadvFzqLLuBoZAH/83O8EG1buVKzoyA0rt4HhBhi6BJxNQx5EbGl/RWXOeaB2YT8wtF0kBrVdjBwVUqOl0DaGzIZ7qS1fM9PG3/El24wNgC/+0OcEG1Z6cx4FPj9mw0oa1fc1vvqKs3Nu7pEv04buvktGZpjaLylD2i6qfIYBSds/MHUUcxZDBt7iGP7/82upvwKtP39pdnoNK1dammM2rKSZ10tqQ7pYnXXegn4pdJGOxlMGtV0MPU6QtosqRR/jTYvYaoi5fwz/9sVrqX9XyCyz02tYGTJS26M2rOyyzsOIU2u2I872xdGRme6cFx43bhYH2Q01PoM//fnoF0fHtvD48RtWch6FcxaeR0dpuzj36cDgsMGGLQ1P0ZgHTtTP2Ek0HDYYHf/1Ze/VTq9h5ZJtj9+wchfSFYjdmRscoe2iaUoPU9tFZVDbxcgzTjGmCAJuzLwiN0WfsmEbbUo4OlO++DzgedvTa1gZeUHElx4/ZsNK7btiT9sZgvM25RhtF/WFBvBMCw1ou6g9AxZSphS07aKxZSMJpkIEc9p2sROOz0J//J9Br4OdXMNKbaHtkRtWbklUwvCpKi758wq+/HJEzyvYsZUFPf/FX5A21daT/njFnp73evWflXU37p7G1/5mJEz2b+1+lZOHp5Gtj7c4EvBuP8K/j7QRr9GAOBvZmuCl5A3wBfuX1D7wh3Ngcgm74/ubM+CRP12+8BPfPz6MfT1zPntbvb6wvxtlkyd+Bmp/h2+t12tvRpWxPfXo1/sJnqy3Yr/Kt0S9vTxc/Wd/RGxpDXnB0MPCOloztusNsrWT5nNvaUVFzir0uKlbAO3TqTeupCI/2OmtPyPSf84hbX+Ys7Jolo5qKGPqakE3hsaVhO9HptafC4dGWzoq2Nqe8eece4t+hsZASuBF3NT6c0O6r2k5w601s2VrNeEwjvpjQ+tPcjSpR9I7zwu7sTUTMlKrg3iBExn7JPKls6EZVqHn7awZL+Skqd9hA+4H3ND6U13J99VyK/LftGXWtBPnku1or1qns2GbXjtnaWr9yblPDpXQ2aqDxpaZe9pdc6j16fRpn84epC+r1vpTO5roSowt7eb5L6HxBV6raees7ag5W9rT816v/rPc7t7u3l7vu3qZw9vnEX4f60vbiNf1KZNL2CP/cA7c86fL14zzh5vR//f7Pb+7fOEjPwv1iBcwfP80/p7u8HWwQnX13zUzv5x+x0b6/hC/m06/Zh99Y/qjdwPq59MfWMdfX59OfzHE738ynX7vmzaxvvW96fTn7wbV738+tY31Q/3fB1zhV7+wivXr37+76l/vAAA=)

**圖示：建立 / 簽署 DTB**

## 多 DTB 支援

Qualcomm 支援多個以相同硬體晶片組為基準的 Qualcomm 開發套件。例如，QCS6490 開發套件變體包括 RB3 Gen 2 核心開發套件和 RB3 Gen 2 視覺開發套件。

各 Qualcomm 開發套件變體的核心都有其自身的 DTB。在開機期間，UEFI 會根據指定的 Qualcomm 開發套件變體選擇適當的 DTB。為方便作業，將所有用於 Qualcomm 開發套件且共用相同硬體晶片組的 DTB 合併及儲存在 DTB 分割區中。

### 產生合併的 DTB

若要啟用多重 DTB 支援，依序附加所有支援的 DTB，以產生合併 DTB。

![../../_images/combined_dtb.png](data:image/png;base64,UklGRuQDAABXRUJQVlA4TNcDAAAv0QISEJehoI0kZR/8W71n/l0bCts2Uvqw/6rM/70qbNtI6ev3n/XwGco2kiQn7b1GqzTIBJvsSQAfiwAAwH/uRn73PTQiv8tJoruL955PkvgAeGXMFA+IvYRPYgBwAhhirBccVsRx075S3edTW3j/6qO57+ijOXezJNae1p7WnuYa9lnG7M7dxuzuO1pP71/7LOdun8/nM2ZH+yDR2ra2bfz9HSZ7J4rsKiKqomISXHL/VyeGfgl1iA5H9N8R47aNNMaVHJKFbVzv79V/POL+Oh/H1Y3n5vqIcnF8ODn33J5QPo5Pp77jw4geN1k21mN82e93c4z33Uzj7a2v52fapu96puXo7333f/lnFuwe2J7eNzTLAM00np+Jfqpt2m1onrHZEf36zyzrl/c107rfZVpE316YNq+Ubz3uuXYZF+Hgv4P//lpTwoVtRK9CJHSQELQM1F03rQ4uVN0TiIUgGxTqKVqXXMk1vk0NItGQhF9o5ZHGdWxKQTfacrhNke5HKHTLCGBLLqB15/jGAkn0yXIB2pUTJLFlGtsmLqDutfBCTitIlQtoAxJLiHbrFGxBXmiU0YRIwgrvjKanV7msbXgWbILzdc+7GTIuLw0lSCgopmnaJGDDc3jjl6uJtjAVUQ0rJiWIRAvUkTYNd99TWLuUELXomEi7a27dUJUGFRYlQ5iHgPFyg2Ua3SaGSB7Sr1FhOzV36TMRw933KCuXE2Etl/HzSCI8SzK1TiN9KgFhLUP8UplEeIkJ8bovIatFJHIJ4mmhKZkwXR5pY3dFJKqJhe1hKRSaUANF0xq+4LO6X1hFS0qH7aDgWQuRWAk1KJhZEsUKSqHDNi6cEu6017EUZAyr+8oWixDqmUIb2WmaFVNGmCoxTvelW7cAB5XBdpaDQkGGO0E0nwFJmLCM2lqRdjDcfe+0RaUAe4pEk1bLnlJCR3Zs49s0LFpveD2fgOFMiZTVxZ52X0Y6dHxtUiV/Q1sYt87t0ujQcSnU1KJORsIQW0t6WalGvLJTG9QpNUBLPKVyCZW2340wvk3cAQqqvW1UdvoNFR1QR/C67wbL6tV37hRNvoSvvnOn2CKWA5okr74Piz7SVUHNaV59jxjufmIKDX9dWltYwV+XlDCo+OvSktD8dfNjGkFcRlJSXU1sfaHjjW0Tl/ILldbr2PSakni8GtJr+euSK/jrUqv562YrR7+L9eC/g//+gvOacW32TJR1f2H/K/9fUDxl239BsV+P+KcqyLL/VOUVL2tiI1pvsmzk6H989T9rJxnZZ9/N9VE29vHyzLO6u87HcXGz+js6VgA=)

例如：若要為 RB3 Gen 2 視覺開發套件產生 `combined-dtb.dtb`，則合併下列 DTB。下列代碼片段來自於 `meta-qcom-hwe/conf/machine/qcs6490-rb3gen2-vision-kit.conf` 檔案：

KERNEL_DEVICETREE:pn-linux-qcom-custom = " \
                      qcom/qcs6490-addons-rb3gen2-video-mezz.dtb \
                      qcom/qcs6490-addons-rb3gen2-vision-mezz.dtb \
                      qcom/qcs6490-addons-rb3gen2-vision-mezz-hsp.dtb \
                      qcom/qcs6490-addons-rb3gen2-ptz-mezz.dtb \
                      qcom/qcs6490-addons-rb3gen2-ia-mezz.dtb \
                      qcom/qcs5430-fp1-addons-rb3gen2-vision-mezz.dtb \
                      qcom/qcs5430-fp1-addons-rb3gen2-vision-mezz-hsp.dtb \
                      qcom/qcs5430-fp2-addons-rb3gen2-vision-mezz.dtb \
                      qcom/qcs5430-fp2-addons-rb3gen2-vision-mezz-hsp.dtb \
                      qcom/qcs5430-fp2p5-addons-rb3gen2-vision-mezz.dtb \
                      qcom/qcs5430-fp2p5-addons-rb3gen2-vision-mezz-hsp.dtb \
                      qcom/qcs5430-fp3-addons-rb3gen2-vision-mezz.dtb \
                      qcom/qcs5430-fp2p5-addons-rb3gen2-vision-mezz-hsp.dtb \
                      "
    Copy to clipboard

### DTB 分割區

- 產生名為 dtb.bin 的 vfat 影像檔包含合併的 DTB 影像檔。Qualcomm 開發套件上存在一個名為 `dtb` 的專用分割區。在此分割區上燒錄 `dtb.bin`。
- UEFI解析存在於 `dtb` 分割區中的合併 DTB，並選擇與硬體匹配的 DTB。

Last Published: Dec 23, 2025

[Previous Topic
系統初始化腳本](https://docs.qualcomm.com/bundle/publicresource/80-70020-27TC/topics/system_initscripts.md) [Next Topic
管理 Qualcomm Linux 中的分割區](https://docs.qualcomm.com/bundle/publicresource/80-70020-27TC/topics/managing_partitions_in_qualcomm_linux.md)