UEFI 固件签名UEFI Firmware Signing

UEFI 签名是仪表板提供的一项服务,使用它可以对针对 x86 或 x64 计算机的 UEFI 固件二进制文件进行签名,以便可以在 Windows 电脑上安装这些文件。UEFI signing is a service provided by the Dashboard that lets you to sign UEFI firmware binaries targeted to x86 or x64 computers, so they can be installed on Windows PCs.

提交固件To submit your firmware

  1. 使用你的 Microsoft 帐户登录到仪表板,然后单击“硬件认证”*Sign in to the dashboard with your Microsoft account, and then click *Hardware certification.

  2. 硬件认证页上的创建提交磁贴中,单击创建 UEFI 提交On the Hardware certification page, in the Create submissions tile, click Create UEFI submission.

    注意Note
    系统可能会提示你签署一份法律协议,然后才能继续。Before proceeding, you may be prompted to sign a legal agreement. 若要继续,请查看该文档、署上签名和日期,然后单击“提交”*To continue, review the document, add your signature, add the date, and then click *Submit. 每个组织只需签署一次该协议。Each organization only needs to sign this agreement once.

  3. 所有 UEFI 提交必须位于单个、已签名的 CAB 文件中,同时包括所有 UEFI 文件以便签名。All UEFI submissions must be in a single, signed CAB file and contain all the UEFI files for signing. CAB 文件签名必须与存档的 Authenticode 证书相符才适用于使用仪表板的公司。The CAB file signature must match the Authenticode certificate on file for your company with dashboard. 视证书提供者而定,可能需要使用外部 Web 门户或使用签名工具。Depending on your certificate provider, you may need to use an external web portal or use signtool.

  4. 创建 UEFI 页上,浏览查找要提交的 CAB 文件,然后单击提交On the Create UEFI page, browse to find the CAB file that you want to submit, and then click Submit.

重要提示Important
EFI ByteCode (EBC) 文件必须使用 /ALIGN:32 标志进行编译才能成功处理。EFI ByteCode (EBC) files must be compiled using the /ALIGN:32 flag for processing to succeed.

提交程序包应该是一个不包含任何文件夹且仅包含待签名的 *.efi 文件的 CAB 库。Submission packages should be a CAB library that contains no folders and only the *.efi files to be signed.

当仪表板完成对提交的处理时,它将向存档的工作电子邮件地址发送一封结果电子邮件。When the dashboard completes processing your submission, it sends a results email to the work email address on file.

管理固件To manage your firmware

  1. 使用你的 Microsoft 帐户登录到仪表板,然后单击硬件认证Sign in to the dashboard with your Microsoft account, and then click Hardware certification.

  2. 在“硬件认证”*页上的“管理提交”磁贴中,单击“管理提交”On the *Hardware certification page, in the Manage submissions tile, click Manage submissions.

  3. 在“管理提交”*页上,从“提交类型”列表中选择“UEFI”On the *Manage submissions page, select UEFI from the Submission type list.

  4. 选择你要管理的提交。Select the submission that you want to manage.

  5. 详细信息视图中,你可以查看提交状态,如果已完成,可以下载经签名的二进制文件。On the Details view, you can see the status of your submission, and, if it's complete, download the signed binaries.

相关主题Related topics

Microsoft UEFI CA 签名策略更新:Microsoft UEFI CA Signing Policy Updates:

UEFI 提交的预提交测试Pre-Submission Testing for UEFI Submissions

向 Microsoft 发送有关该主题的评论Send comments about this topic to Microsoft