Security addendum overview
Security addendum overview
An overview of the security addendum, highlighting premium security enhancements for licensed users.
Interface with the kernel and device
Use userspace APIs
Use userspace APIs to enable communication between Linux and the kernel.
Use Qualcomm TEE APIs
Use Qualcomm TEE APIs for memory, logging, secure storage, listeners, and cryptography.
Customize memory
Customize memory for trusted applications
Customize memory and SEPolicy.
Develop trusted and client services
Develop trusted and client applications
Develop and run trusted and client apps using default GlobalPlatform interface files.
Configure trusted applications
Set the configurations according to your requirements.
Develop global platform trusted applications
Build and develop a global platform of trusted applications.
Develop global platform client applications
Use the GlobalPlatform-based client to communicate with trusted applications in Qualcomm TEE.
Run client and trusted applications
Verify and run client and trusted applications using logs.
Use sample examples
Use the security services examples
Load client and trusted applications through various interfaces to run security services.
Global platform skeleton client applications source listing
Use the sample code and commands to compile the client applications.
Use the Qualcomm TEE service APIs
Use the sample code to invoke an SFS interface from the trusted application.
Use the IDL/object-based Qualcomm TEE service APIs
Use the sample code to invoke the cipher interface for AES operations from the trusted application.
Related documents
| Title | Document number |
|---|---|
| MiniDump Software User Guide | 80-P8754-71 |
| Qualcomm Linux Build Guide | 80-80023-254 |
| Qualcomm Linux Kernel Guide | 80-80023-3 |
| Qualcomm Linux Security Guide - Addendum | 80-80023-11A |
| Qualcomm Linux Wireless Edge Services Guide | 80-80023-11B |
| SecTools v2: Secure Debug User Guide | 80-NM248-23 |
| SecTools V2: Metabuild Secure Image User Guide | 80-NM248-17 |
| SecTools V2: Fuse Blower User Guide | 80-NM248-9 |
| SecTools V2: ELF Tool User Guide | 80-NM248-18 |
| SecTools V2: MBN Tool User Guide | 80-NM248-19 |
| SecTools V2: ELF Consolidator User Guide | 80-NM248-20 |
| SecTools V2: Secure Image User Guide | 80-NM248-12 |
MiniDump, Qualcomm Linux Security Guide - Addendum, Qualcomm Linux Wireless Edge Services, and SecTools guides are available to licensed users with authorized access.
Acronyms and terms
| Acronym or term | Definition |
|---|---|
| API | Application programming interfaces |
| CBC | Cipher block chaining |
| DRM | Digital rights management |
| EL0, EL1, EL2, and EL3 | Exception levels |
| eMMC | Embedded multimedia card |
| GPCE | General purpose cryptographic engine |
| HAL | Hardware abstraction layer |
| HLOS | High-level operating system |
| HMAC | Hashed message authentication code |
| I2C | Inter integrated circuit |
| ICE | Inline crypto engine |
| IOCTL | I/O control |
| KDF | Key derivation function |
| KEK | Key exchange keys |
| LLVM | The LLVM Project is a collection of modular and reusable compiler and toolchain technologies. Despite its name, LLVM has little to do with traditional virtual machines, though it does provide helpful libraries that can be used to build them. The name LLVM itself is not an acronym; it is the full name of the project. |
| MAC | Message authentication code |
| MINK | Mini kernel |
| MPU | Memory protection unit |
| OCIMEM | On-chip internal memory |
| OEM | Original equipment manufacturer |
| PIL | Peripheral image loader |
| pIMEM | Protected memory |
| PRNG | Pseudo-random number generator |
| RMA | Returned material for analysis |
| QFPROM | Qualcomm fuse programmable read only memory |
| QRNG | Qualcomm-random number generator |
| Qualcomm TEE | Qualcomm Trusted Execution Environment |
| Qualcomm WES | Qualcomm wireless edge services |
| RPMB | Replay protected memory block |
| SELinux | Security enhanced Linux |
| SEL0 and SEL1 | Secure exception levels |
| SFS | Secure file system |
| SKU | Stock keeping unit |
| SMC | Secure monitor call |
| SoC | System-on-chip |
| SPI | Serial peripheral interface |
| SSL | Secure sockets layer |
| TZBSP | TrustZone board support package |
| UEFI | Unified extensible firmware interface |
| UFS | Universal flash storage |
| UIE | Unified image encryption |
| XBL | eXtensible Boot Loader |
| xPU | External protection unit |

