Skip to main content
An extension to the Qualcomm® Linux® Security Guide, this addendum provides more security insights for authorized users.

Security addendum overview

Security addendum overview

An overview of the security addendum, highlighting premium security enhancements for licensed users.

Interface with the kernel and device

Use userspace APIs

Use userspace APIs to enable communication between Linux and the kernel.

Use Qualcomm TEE APIs

Use Qualcomm TEE APIs for memory, logging, secure storage, listeners, and cryptography.

Customize memory

Customize memory for trusted applications

Customize memory and SEPolicy.

Develop trusted and client services

Develop trusted and client applications

Develop and run trusted and client apps using default GlobalPlatform interface files.

Configure trusted applications

Set the configurations according to your requirements.

Develop global platform trusted applications

Build and develop a global platform of trusted applications.

Develop global platform client applications

Use the GlobalPlatform-based client to communicate with trusted applications in Qualcomm TEE.

Run client and trusted applications

Verify and run client and trusted applications using logs.

Use sample examples

Use the security services examples

Load client and trusted applications through various interfaces to run security services.

Global platform skeleton client applications source listing

Use the sample code and commands to compile the client applications.

Use the Qualcomm TEE service APIs

Use the sample code to invoke an SFS interface from the trusted application.

Use the IDL/object-based Qualcomm TEE service APIs

Use the sample code to invoke the cipher interface for AES operations from the trusted application.
TitleDocument number
MiniDump Software User Guide80-P8754-71
Qualcomm Linux Build Guide80-80023-254
Qualcomm Linux Kernel Guide80-80023-3
Qualcomm Linux Security Guide - Addendum80-80023-11A
Qualcomm Linux Wireless Edge Services Guide80-80023-11B
SecTools v2: Secure Debug User Guide80-NM248-23
SecTools V2: Metabuild Secure Image User Guide80-NM248-17
SecTools V2: Fuse Blower User Guide80-NM248-9
SecTools V2: ELF Tool User Guide80-NM248-18
SecTools V2: MBN Tool User Guide80-NM248-19
SecTools V2: ELF Consolidator User Guide80-NM248-20
SecTools V2: Secure Image User Guide80-NM248-12
MiniDump, Qualcomm Linux Security Guide - Addendum, Qualcomm Linux Wireless Edge Services, and SecTools guides are available to licensed users with authorized access.

Acronyms and terms

Acronym or termDefinition
APIApplication programming interfaces
CBCCipher block chaining
DRMDigital rights management
EL0, EL1, EL2, and EL3Exception levels
eMMCEmbedded multimedia card
GPCEGeneral purpose cryptographic engine
HALHardware abstraction layer
HLOSHigh-level operating system
HMACHashed message authentication code
I2CInter integrated circuit
ICEInline crypto engine
IOCTLI/O control
KDFKey derivation function
KEKKey exchange keys
LLVMThe LLVM Project is a collection of modular and reusable compiler and toolchain technologies. Despite its name, LLVM has little to do with traditional virtual machines, though it does provide helpful libraries that can be used to build them. The name LLVM itself is not an acronym; it is the full name of the project.
MACMessage authentication code
MINKMini kernel
MPUMemory protection unit
OCIMEMOn-chip internal memory
OEMOriginal equipment manufacturer
PILPeripheral image loader
pIMEMProtected memory
PRNGPseudo-random number generator
RMAReturned material for analysis
QFPROMQualcomm fuse programmable read only memory
QRNGQualcomm-random number generator
Qualcomm TEEQualcomm Trusted Execution Environment
Qualcomm WESQualcomm wireless edge services
RPMBReplay protected memory block
SELinuxSecurity enhanced Linux
SEL0 and SEL1Secure exception levels
SFSSecure file system
SKUStock keeping unit
SMCSecure monitor call
SoCSystem-on-chip
SPISerial peripheral interface
SSLSecure sockets layer
TZBSPTrustZone board support package
UEFIUnified extensible firmware interface
UFSUniversal flash storage
UIEUnified image encryption
XBLeXtensible Boot Loader
xPUExternal protection unit