Skip to main content
To build secure software on Qualcomm devices using TrustZone and secure boot, the key tools needed are SecTools v2 and LLVM compiler for Arm®, targeting the Snapdragon® devices. SecTools v2 is a suite of Qualcomm security tools designed to support secure boot, image authentication, debug policy creation, and fuse programming across Qualcomm system-on-chips (SoCs). The LLVM compiler for Qualcomm® Trusted Execution Environment (Qualcomm TEE) is a specialized toolchain used to build secure software components for TEE on Qualcomm devices.

Build system

For more information about the toolchain, build process, and compilation, see Qualcomm Linux Build Guide.

Set up SecTools v2 for secure boot

  1. Go to the SecTools v2 folder. The SecTools executable is located in the following path.
    <Metabuild>/<chipset>.LE.X.x/common/sectoolsv2/ext/<host_machine> This folder has the binaries and scripts required for secure boot, image signing, and other security operations.
  2. Locate the security Profile XML.
    Find the <chipset>_security_profile.xml security profile file in meta. <chipset>.LE.X.x/common/sectoolsv2 This XML file defines the security configuration used by SecTools.
The minimum SecTools version required is 1.43 or later.
The table lists the documentation for SecTools v2. Table : SecTools v2
DocumentDescription
SecTools V2: Metabuild Secure Image User GuidePerform the secure-image operations on metabuild software images.
SecTools V2: Fuse Blower User GuideCreate and sign the fuse blower images. When a device uses a fuse blower image, it blows the specified fuse.
SecTools V2: ELF Tool User GuideGenerate, add segments, and combine the ELF software images.
SecTools V2: MBN Tool User GuideAdd the modem configuration binary (MBN) headers to binary images.
SecTools V2: ELF Consolidator User GuideCreate the consolidated ELF software images. A consolidated ELF has the contents of many subsystem images.
SecTools V2: Secure Image User GuideSign, encrypt, and inspect Qualcomm software images.
SecTools V2: Secure Debug User GuideGenerate and sign the debug policy images to enable device debugging and authentication.
The SecTools guides are available to licensed users with authorized access.

Next steps