> ## Documentation Index
> Fetch the complete documentation index at: https://dragonwingdocs.qualcomm.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Security tools

To build secure software on Qualcomm devices using TrustZone and secure boot, the key tools needed are SecTools v2 and LLVM compiler for Arm<sup>®</sup>, targeting the Snapdragon<sup>®</sup> devices.

SecTools v2 is a suite of Qualcomm security tools designed to support secure boot, image authentication, debug policy creation, and fuse programming across Qualcomm system-on-chips (SoCs). The LLVM compiler for Qualcomm<sup>®</sup> Trusted Execution Environment (Qualcomm TEE) is a specialized toolchain used to build secure software components for TEE on Qualcomm devices.

## **Build system**

For more information about the toolchain, build process, and compilation, see [Qualcomm Linux Build Guide](https://dragonwingdocs.qualcomm.com/Key-Documents/Firmware-Guide/build-firmware).

## **Set up SecTools v2 for secure boot**

1. Go to the SecTools v2 folder.
   The SecTools executable is located in the following path.
   > `<Metabuild>/<chipset>.LE.X.x/common/sectoolsv2/ext/<host_machine>`
   > This folder has the binaries and scripts required for secure boot, image signing, and other security operations.
2. Locate the security Profile XML.
   > Find the `<chipset>_security_profile.xml` security profile file in meta.
   >
   > `<chipset>.LE.X.x/common/sectoolsv2`
   > This XML file defines the security configuration used by SecTools.

> <Note>
>   The minimum SecTools version required is 1.43 or later.
> </Note>

The table lists the documentation for SecTools v2.

**Table : SecTools v2**

|                                                                                  **Document**                                                                                 |                                                **Description**                                               |
| :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | :----------------------------------------------------------------------------------------------------------: |
| [SecTools V2: Metabuild Secure Image User Guide](https://docs.qualcomm.com/bundle/80-NM248-17/resource/80-NM248-17_REV_AB_SecTools_V2__Metabuild_Secure_Image_User_Guide.pdf) |                       Perform the secure-image operations on metabuild software images.                      |
|             [SecTools V2: Fuse Blower User Guide](https://docs.qualcomm.com/bundle/80-NM248-9/resource/80-NM248-9_REV_AB_SecTools_V2__Fuse_Blower_User_Guide.pdf)             | Create and sign the fuse blower images. When a device uses a fuse blower image, it blows the specified fuse. |
|               [SecTools V2: ELF Tool User Guide](https://docs.qualcomm.com/bundle/80-NM248-18/resource/80-NM248-18_REV_AD_SecTools_V2__ELF_Tool_User_Guide.pdf)               |                         Generate, add segments, and combine the ELF software images.                         |
|               [SecTools V2: MBN Tool User Guide](https://docs.qualcomm.com/bundle/80-NM248-19/resource/80-NM248-19_REV_AB_SecTools_V2__MBN_Tool_User_Guide.pdf)               |                      Add the modem configuration binary (MBN) headers to binary images.                      |
|       [SecTools V2: ELF Consolidator User Guide](https://docs.qualcomm.com/bundle/80-NM248-20/resource/80-NM248-20_REV_AA_SecTools_V2__ELF_Consolidator_User_Guide.pdf)       |  Create the consolidated ELF software images. A consolidated ELF has the contents of many subsystem images.  |
|                                [SecTools V2: Secure Image User Guide](https://docs.qualcomm.com/doc/80-NM248-12/topic/secure-image-usage.html)                                |                             Sign, encrypt, and inspect Qualcomm software images.                             |
|           [SecTools V2: Secure Debug User Guide](https://docs.qualcomm.com/bundle/80-NM248-23/resource/80-NM248-23_REV_AA_SecTools_v2__Secure_Debug_User_Guide.pdf)           |           Generate and sign the debug policy images to enable device debugging and authentication.           |

<Note>
  The *SecTools* guides are available to licensed users with authorized access.
</Note>

## **Next steps**

* To initialize and configure the hardware for running securely on Linux, see [Verify security configurations](./verify-the-security-configurations-of-qualcomm-linux).
* To configure Qualcomm TEE for securing devices that handle sensitive data and run trusted applications, see [Configure security services](./configure).
