# QFPROM fuses Source: [https://docs.qualcomm.com/doc/80-70014-11/topic/appendix-fuse-configurations.html](https://docs.qualcomm.com/doc/80-70014-11/topic/appendix-fuse-configurations.html) The table lists the various QFPROM fuse values that can be blown to enable the secure boot. | Fuse name | Start address | Bit number | Fuse blow value | Description | | --- | --- | --- | --- | --- | | **Read permissions** | **Read permissions** | **Read permissions** | **Read permissions** | **Read permissions** | | Secondary Key derivation Key Read disable | 7801A8 | 24 | 1 | After provisioning the SKDK, blow this bit to secure the secondary
key from being read back. A secure path hardware exists from SKDK to the
crypto engine. | | **Write permissions** | **Write permissions** | **Write permissions** | **Write permissions** | **Write permissions** | | Read permissions write disable | 7801B0 | 6 | 1 | Blow this bit after the region has been provisioned to disable
further QFPROM changes to this region. | | FEC enables write disable | 7801B0 | 8 | 1 | Blow this bit after the region has been provisioned to disable
further QFPROM changes to this region. | | OEM configuration write disable | 7801B0 | 9 | 1 | Blow this bit after the region has been provisioned to disable
further QFPROM changes to this region. | | Public key hash 0 write disable | 7801B0 | 17 | 1 | Blow this bit after the region has been provisioned to disable
further QFPROM changes to this region. | | OEM secure boot write disable | 7801B0 | 23 | 1 | Blow this bit after the region has been provisioned to disable
further QFPROM changes to this region. | | Secondary key derivation key write disable | 7801B0 | 24 | 1 | Blow this bit after the region has been provisioned to disable
further QFPROM changes to this region. | | **FEC enable** | **FEC enable** | **FEC enable** | **FEC enable** | **FEC enable** | | OEM secure boot FEC enable | 7801B8 | 23 | 1 | Blow this bit to enable FEC for OEM secure boot region. Ensure that
the complete region is provisioned before FEC is enabled. | | Secondary key derivation key FEC enable | 7801B8 | 24 | 1 | Blow this bit to enable FEC for the secondary KDF key. Ensure that
the complete region is provisioned before FEC is enabled. | | **OEM Config** | **OEM Config** | **OEM Config** | **OEM Config** | **OEM Config** | | `WDOG_EN` | 7801C0 | 14 | 1 | This prevents the `WDOG_DISABLE` GPIO from disabling
WDOG, freeing up the GPIO and preventing potential abuse by an
attacker. | | `SHARED_QSEE_SPIDEN_DISABLE` | 7801C0 | 30 | 1 | This is a shared Qualcomm TEE secure invasive debug disable bucket. A
corresponding Qualcomm fuse can override this OEM-controlled
fuse. | | `SHARED_QSEE_SPNIDEN_DISABLE` | 7801C0 | 31 | 1 | This is a shared Qualcomm TEE secure non-invasive debug disable
bucket. A corresponding Qualcomm fuse can override this OEM-controlled
fuse. | | `SHARED_MSS_DBGEN_DISABLE` | 7801C4 | 32 | 1 | This is a shared MSS invasive debug disable bucket. A corresponding
Qualcomm fuse can override this OEM-controlled fuse. | | `SHARED_MSS_NIDEN_DISABLE` | 7801C4 | 33 | 1 | This is a shared MSS non-invasive debug disable bucket. A
corresponding Qualcomm fuse can override this OEM-controlled
fuse. | | `SHARED_CP_DBGEN_DISABLE` | 7801C4 | 34 | 1 | This is a shared CP invasive debug disable bucket. A corresponding
Qualcomm fuse can override this OEM-controlled fuse. | | `SHARED_CP_NIDEN_DISABLE` | 7801C4 | 35 | 1 | This is a shared CP non-invasive debug disable bucket. A
corresponding Qualcomm fuse can override this OEM-controlled
fuse. | | `SHARED_NS_DBGEN_DISABLE` | 7801C4 | 36 | 1 | This is a shared CP non-invasive debug disable bucket. A
corresponding Qualcomm fuse can override this OEM-controlled
fuse. | | `SHARED_NS_NIDEN_DISABLE` | 7801C4 | 37 | 1 | This is a shared CP non-invasive debug disable bucket. A
corresponding Qualcomm fuse can override this OEM-controlled
fuse. | | `APPS_DBGEN_DISABLE` | 7801C4 | 38 | 1 | Blow this bit for a secure solution. This disables the application
processor’s global invasive debug capabilities (JTAG and monitor mode).
The `OVERRIDE` registers can override this
configuration. | | `APPS_NIDEN_DISABLE` | 7801C4 | 39 | 1 | Blow this bit for a secure solution. This disables the application
processor’s global non-invasive debug capabilities (trace and
performance monitoring). This can be overridden with the
`OVERRIDE` registers. | | `SHARED_MISC_DEBUG_DISABLE` | 7801C4 | 40 | 1 | This is a shared miscellaneous debug disable bucket. A corresponding
Qualcomm fuse can override this OEM-controlled fuse. | | `EKU_ENFORCEMENT_EN` | 7801C8 | 30 | 1 | Blowing this fuse enables enforcement of the EKU field in the
certificate. | | `OEM_HW_ID[0:15]` | 7801CC | [32:47] | 0 | This represents the OEM hardware ID. Bits 15:0. | | `OEM_PRODUCT_ID[0:15]` | 7801CC | [48:63] | 0 | This represents the OEM product ID. Bits 15:0. | | `ANTI_ROLLBACK_FEATURE_EN[0]` | 7801D4 | 32 | 1 | | | `ANTI_ROLLBACK_FEATURE_EN[1]` | 7801D4 | 33 | 1 | | | `ANTI_ROLLBACK_FEATURE_EN[2]` | 7801D4 | 34 | 1 | | | `ANTI_ROLLBACK_FEATURE_EN[3]` | 7801D4 | 35 | 1 | | | **PK hash** | **PK hash** | **PK hash** | **PK hash** | **PK hash** | | `PK hash 0[0:383]` | 780248 | [0:383] | - | This is the OEM-specific root certificate PK hash value. | | **OEM secure boot** | **OEM secure boot** | **OEM secure boot** | **OEM secure boot** | **OEM secure boot** | | `OEM_SECURE_BOOT1_PK_HASH_IN_FUSE` | 780728 | 4 | 1 | When this bit is ‘1’, use the value stored in OEM\_PK\_HASH for the
root certificate hash. | | `OEM_SECURE_BOOT1_AUTH_EN` | 780728 | 5 | 1 | Blow this bit to enable secure boot for apps and other peripheral
images. When this bit is ‘1’, it enables authentication for any code
that references secure boot configuration 1. | | `OEM_SECURE_BOOT2_PK_HASH_IN_FUSE` | 780728 | 12 | 1 | For boot configuration 2:
If this bit is ‘0’, use the internal ROM
hash index and
`OEM_SECURE_BOOT1_ROM_PK_HASH_IDX[3:0]` for the
root certificate hash.


If this bit is ‘1’, use the value
stored in `OEM_PK_HASH` for the root certificate
hash. | | `OEM_SECURE_BOOT2_AUTH_EN` | 780728 | 13 | 1 | Blow this bit to enable a secure boot. When this bit is ‘1’, it
enables authentication for any code that references secure boot | | `OEM_SECURE_BOOT3_PK_HASH_IN_FUSE` | 780728 | 20 | 1 | For boot configuration 3:
If this bit is ‘0’, use the internal ROM
hash index and
`OEM_SECURE_BOOT1_ROM_PK_HASH_IDX[3:0]` for the
root certificate hash.


When this bit is ‘1’, use the value
stored in `OEM_PK_HASH` for the root certificate
hash. | | `OEM_SECURE_BOOT3_AUTH_EN` | 780728 | 21 | 1 | Blow this bit to enable secure boot. When this bit is ‘1’, it enables
authentication for any code that references secure boot configuration
3. | | **Sec Key derivation Key** | **Sec Key derivation Key** | **Sec Key derivation Key** | **Sec Key derivation Key** | **Sec Key derivation Key** | | `Sec Key derivation Key[0:255]` | 780738 | [0:255] | | This 256-bit value is used as the secondary key derivation input,
which is used to generate the secondary key for the crypto engine.
When running in an insecure mode (no secure boot or Debug enabled),
the SKDK is fed into the key derivation function to generate a
unique non-secure secondary key for use by the crypto engine.



When running in a secure mode (secure boot and debug disabled), the
SKDK is fed directly to the crypto engine as the secondary key.



After the SKDK value has been correctly programmed, the SKDK Read
Disable must be blown to permanently protect the SKDK value. Prior
to this correction, the software read the SKDK value from the
QFPROM.



The SBL fuse blow API can automatically generate a random number for
use as the SKDK, ensuring that the SKDK value is never available
outside of the device. | | | | | | | | | | | | | | | | | | | **Parent Topic:** [Enable secure boot](https://docs.qualcomm.com/doc/80-70014-11/topic/enable-secure-boot.html) Last Published: Aug 06, 2024 [Previous Topic Enable secure boot](https://docs.qualcomm.com/bundle/publicresource/80-70014-11/topics/enable-secure-boot.md) [Next Topic Generate local (insecure) root key and certificates](https://docs.qualcomm.com/bundle/publicresource/80-70014-11/topics/generate-local-insecure-root-key-and-certificates.md)