> ## Documentation Index
> Fetch the complete documentation index at: https://dragonwingdocs.qualcomm.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security addendum documentation

An extension to the Qualcomm® Linux® Security Guide, this addendum provides more security insights for authorized users.

## **Security addendum overview**

<CardGroup cols={1}>
  <Card title="Security addendum overview" href="https://docs.qualcomm.com/doc/80-80023-11A/topic/overview-addendum.html">
    An overview of the security addendum, highlighting premium security enhancements for licensed users.
  </Card>
</CardGroup>

## **Interface with the kernel and device**

<CardGroup cols={2}>
  <Card title="Use userspace APIs" href="https://docs.qualcomm.com/doc/80-80023-11A/topic/user-space-apis.html">
    Use userspace APIs to enable communication between Linux and the kernel.
  </Card>

  <Card title="Use Qualcomm TEE APIs" href="https://docs.qualcomm.com/doc/80-80023-11A/topic/trusted-execution-environment-apis.html">
    Use Qualcomm TEE APIs for memory, logging, secure storage, listeners, and cryptography.
  </Card>
</CardGroup>

## **Customize memory**

<CardGroup cols={1}>
  <Card title="Customize memory for trusted applications" href="https://docs.qualcomm.com/doc/80-80023-11A/topic/customize-fru.html">
    Customize memory and SEPolicy.
  </Card>
</CardGroup>

## **Develop trusted and client services**

<CardGroup cols={3}>
  <Card title="Develop trusted and client applications" href="https://docs.qualcomm.com/doc/80-80023-11A/topic/develop.html">
    Develop and run trusted and client apps using default GlobalPlatform interface files.
  </Card>

  <Card title="Configure trusted applications" href="https://docs.qualcomm.com/doc/80-80023-11A/topic/develop-trusted-application-and-client-application.html">
    Set the configurations according to your requirements.
  </Card>

  <Card title="Develop global platform trusted applications" href="https://docs.qualcomm.com/doc/80-80023-11A/topic/develop-gp-ta.html">
    Build and develop a global platform of trusted applications.
  </Card>

  <Card title="Develop global platform client applications" href="https://docs.qualcomm.com/doc/80-80023-11A/topic/develop-ga-ca.html">
    Use the GlobalPlatform-based client to communicate with trusted applications in Qualcomm TEE.
  </Card>

  <Card title="Run client and trusted applications" href="https://docs.qualcomm.com/doc/80-80023-11A/topic/executing-client-application-and-trusted-application.html">
    Verify and run client and trusted applications using logs.
  </Card>
</CardGroup>

## **Use sample examples**

<CardGroup cols={3}>
  <Card title="Use the security services examples" href="https://docs.qualcomm.com/doc/80-80023-11A/topic/examples.html">
    Load client and trusted applications through various interfaces to run security services.
  </Card>

  <Card title="Global platform skeleton client applications source listing" href="https://docs.qualcomm.com/doc/80-80023-11A/topic/gp-skeleton-ca-source-listing.html">
    Use the sample code and commands to compile the client applications.
  </Card>

  <Card title="Use the Qualcomm TEE service APIs" href="https://docs.qualcomm.com/doc/80-80023-11A/topic/use-qualcomm-tee-service-apis.html">
    Use the sample code to invoke an SFS interface from the trusted application.
  </Card>

  <Card title="Use the IDL/object-based Qualcomm TEE service APIs" href="https://docs.qualcomm.com/doc/80-80023-11A/topic/use-idl-object-based-qualcomm-tee-service-apis.html">
    Use the sample code to invoke the cipher interface for AES operations from the trusted application.
  </Card>
</CardGroup>

## **Related documents**

| Title                                          | Document number |
| :--------------------------------------------- | :-------------- |
| MiniDump Software User Guide                   | 80-P8754-71     |
| Qualcomm Linux Build Guide                     | 80-80023-254    |
| Qualcomm Linux Kernel Guide                    | 80-80023-3      |
| Qualcomm Linux Security Guide - Addendum       | 80-80023-11A    |
| Qualcomm Linux Wireless Edge Services Guide    | 80-80023-11B    |
| SecTools v2: Secure Debug User Guide           | 80-NM248-23     |
| SecTools V2: Metabuild Secure Image User Guide | 80-NM248-17     |
| SecTools V2: Fuse Blower User Guide            | 80-NM248-9      |
| SecTools V2: ELF Tool User Guide               | 80-NM248-18     |
| SecTools V2: MBN Tool User Guide               | 80-NM248-19     |
| SecTools V2: ELF Consolidator User Guide       | 80-NM248-20     |
| SecTools V2: Secure Image User Guide           | 80-NM248-12     |

<Note>
  MiniDump, Qualcomm Linux Security Guide - Addendum, Qualcomm Linux Wireless Edge Services, and SecTools guides are available to licensed users with authorized access.
</Note>

## **Acronyms and terms**

| Acronym or term        | Definition                                                                                                                                                                                                                                                                                                                    |
| :--------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| API                    | Application programming interfaces                                                                                                                                                                                                                                                                                            |
| CBC                    | Cipher block chaining                                                                                                                                                                                                                                                                                                         |
| DRM                    | Digital rights management                                                                                                                                                                                                                                                                                                     |
| EL0, EL1, EL2, and EL3 | Exception levels                                                                                                                                                                                                                                                                                                              |
| eMMC                   | Embedded multimedia card                                                                                                                                                                                                                                                                                                      |
| GPCE                   | General purpose cryptographic engine                                                                                                                                                                                                                                                                                          |
| HAL                    | Hardware abstraction layer                                                                                                                                                                                                                                                                                                    |
| HLOS                   | High-level operating system                                                                                                                                                                                                                                                                                                   |
| HMAC                   | Hashed message authentication code                                                                                                                                                                                                                                                                                            |
| I2C                    | Inter integrated circuit                                                                                                                                                                                                                                                                                                      |
| ICE                    | Inline crypto engine                                                                                                                                                                                                                                                                                                          |
| IOCTL                  | I/O control                                                                                                                                                                                                                                                                                                                   |
| KDF                    | Key derivation function                                                                                                                                                                                                                                                                                                       |
| KEK                    | Key exchange keys                                                                                                                                                                                                                                                                                                             |
| LLVM                   | The LLVM Project is a collection of modular and reusable compiler and toolchain technologies. Despite its name, LLVM has little to do with traditional virtual machines, though it does provide helpful libraries that can be used to build them. The name LLVM itself is not an acronym; it is the full name of the project. |
| MAC                    | Message authentication code                                                                                                                                                                                                                                                                                                   |
| MINK                   | Mini kernel                                                                                                                                                                                                                                                                                                                   |
| MPU                    | Memory protection unit                                                                                                                                                                                                                                                                                                        |
| OCIMEM                 | On-chip internal memory                                                                                                                                                                                                                                                                                                       |
| OEM                    | Original equipment manufacturer                                                                                                                                                                                                                                                                                               |
| PIL                    | Peripheral image loader                                                                                                                                                                                                                                                                                                       |
| pIMEM                  | Protected memory                                                                                                                                                                                                                                                                                                              |
| PRNG                   | Pseudo-random number generator                                                                                                                                                                                                                                                                                                |
| RMA                    | Returned material for analysis                                                                                                                                                                                                                                                                                                |
| QFPROM                 | Qualcomm fuse programmable read only memory                                                                                                                                                                                                                                                                                   |
| QRNG                   | Qualcomm-random number generator                                                                                                                                                                                                                                                                                              |
| Qualcomm TEE           | Qualcomm Trusted Execution Environment                                                                                                                                                                                                                                                                                        |
| Qualcomm WES           | Qualcomm wireless edge services                                                                                                                                                                                                                                                                                               |
| RPMB                   | Replay protected memory block                                                                                                                                                                                                                                                                                                 |
| SELinux                | Security enhanced Linux                                                                                                                                                                                                                                                                                                       |
| SEL0 and SEL1          | Secure exception levels                                                                                                                                                                                                                                                                                                       |
| SFS                    | Secure file system                                                                                                                                                                                                                                                                                                            |
| SKU                    | Stock keeping unit                                                                                                                                                                                                                                                                                                            |
| SMC                    | Secure monitor call                                                                                                                                                                                                                                                                                                           |
| SoC                    | System-on-chip                                                                                                                                                                                                                                                                                                                |
| SPI                    | Serial peripheral interface                                                                                                                                                                                                                                                                                                   |
| SSL                    | Secure sockets layer                                                                                                                                                                                                                                                                                                          |
| TZBSP                  | TrustZone board support package                                                                                                                                                                                                                                                                                               |
| UEFI                   | Unified extensible firmware interface                                                                                                                                                                                                                                                                                         |
| UFS                    | Universal flash storage                                                                                                                                                                                                                                                                                                       |
| UIE                    | Unified image encryption                                                                                                                                                                                                                                                                                                      |
| XBL                    | eXtensible Boot Loader                                                                                                                                                                                                                                                                                                        |
| xPU                    | External protection unit                                                                                                                                                                                                                                                                                                      |
