# Debug Source: [https://docs.qualcomm.com/doc/80-70014-11/topic/debug.html](https://docs.qualcomm.com/doc/80-70014-11/topic/debug.html) Debug provides a set of common logging and debugging techniques to troubleshoot issues in Qualcomm TEE, TA, CA, and secure devices. Note: Remember to run all the SSH commands in the SELinux Permissive mode. The Enforcing mode will be supported in the future. For instructions on how to connect to the device, see [Qualcomm Linux Build Guide ➝ How to ➝ How to SSH](https://docs.qualcomm.com/bundle/publicresource/topics/80-70014-254/how_to.html). ## Debug Qualcomm TEE Qualcomm TEE kernel logs, also known as the TZDiag log, can be used to debug errors that occur in Qualcomm TEE. The TZDiag log is available in the Linux kernel driver, which redirects the logs. 1. Connect to the device as the root via SSH. 2. Capture the TZ logs using the following command: cat /proc/tzdbg/log > tzbsp_log.txtCopy to clipboard The error codes in `tzbsp_log.txt` are encoded in hexadecimal. You can run the following tool to decode tzbsp\_log.txtfrom hexadecimal to string. 1. Navigate to <TZ.XF.X.X path>/trustzone\_images/ssg/bsp/tz/build/tz/A53\_64/<BuildFlavor> 2. Run the following commands using python 3. python3 print_tz_log.py -l tzbsp_log.txt -e errorCodesDict.txt -t -o tzbsp_log_decode.txt Copy to clipboard For example: Python3 print_tz_log.py -l tzbsp_log.txt -e errorCodesDict.txt -t \\crmhyd\nsid-hyd-05\TZ.XF.5.0-07927-KODIAKAAAAANAAZT-1 -o tzbsp_log_decode.txtCopy to clipboard For device log collection, the TZ Diag log buffer is part of the RAM dump, which can be parsed using `qsee.elf` from TZ.XF software in the crash dump parser tool. For offline or off-device log collection, the TZ Diag log buffer is part of the RAM dump, which can be parsed using `qsee.elf` (trustzone\_images/ssg/bsp/qsee/build/${tz\_bid:EACAANAA}) from the TZ.XF software in the crash dump parser tool. **Debug using secure crash dump** You can debug QualcommTEE using the RAM dump. The execution region dump of Qualcomm TEE is collected via secure crash dumps. Devices that trigger the fuse with stage 2 sec.elf are known as secure boot-enabled devices. To debug on these devices, see [Sectools v2: Secure Debug User Guide](https://docs.qualcomm.com/bundle/80-NM248-23/resource/80-NM248-23_REV_AA_Sectools_v2__Secure_Debug_User_Guide.pdf). ## Debug TA and CA TA logs, also known as Qualcomm TEE logs, are used to debug the errors in TAs. To debug errors in the CA, kernel and journalctl logs are used. For online or on-device log collection, Linux collects the Qualcomm TEE/kernel logs at runtime. You can connect to the device via SSH and use the following commands: - To collect the Qualcomm TEE logs from Linux: cat /proc/tzdbg/qsee_log > qsee_log.txtCopy to clipboard - For CA, to collect the kernel and logcat logs: cat /dev/kmsg > kernel_log.txt journalctl > journalctl.txtCopy to clipboard - For offline or off-device log collection, the Qualcomm TEE log is available in RAM dumps along with the kernel and journalctl logs. ## Debug on secure devices As part of the secure boot procedure, blowing debug disable fuses will disable debugging capabilities on the devices. This includes RAM dumps, INV, and NINV debug on the subsystems. The debug policy feature allows control over the debug capability for a device enabled with secure boot. The debug policy image enables debug capabilities such as JTAG re-enable (INV debug), RAM dump, and TZ logging (NINV debug) on commercial secure devices. For security reasons, the serial number of the device controls the debug policy for secure RAM dumps, Qualcomm TEE logs, and JTAG. Enabling JTAG on the Qualcomm TEE subsystem disables the device’s security with respect to hardware key generation. As a result, existing secure storage like user data, SFS, and RPMB becomes inaccessible. Sometimes, the device may prompt for a factory data reset. Use the following command to debug on secure devices: /common/sectoolsv2/ext//sectools.exe secure-debug --security-profile /common/sectoolsv2/_security_profile.xml --generate --outfile apdp_out.mbn --all-flags --sign --signing-mode LOCAL --oem-id=0x1 --root-certificate=./RSA-OEM-KEYS/qpsa_rootca.cer --ca-certificate=./RSA-OEM-KEYS/qpsa_attestca.cer --ca-key=./RSA-OEM-KEYS/qpsa_attestca.key --oem-product-id=0xabcd --serial-number=0xabcdabcdCopy to clipboard Ensure that you configure the OEM\_ID, PRODUCT\_ID, serial number and keys, and certification paths appropriately. For more information, see [Sectools v2: Secure Debug User Guide](https://docs.qualcomm.com/bundle/80-NM248-23/resource/80-NM248-23_REV_AA_Sectools_v2__Secure_Debug_User_Guide.pdf). **Flash APDP on device** To flash APDP on the device, run the following command Fastboot flash apdp Copy to clipboard | Stage | Full dump | Full dump | Full dump | Mini dump | | --- | --- | --- | --- | --- | | Stage | Applications (DCC and scan dump)



ADSP/Video/RPM/ SLPI | Modem/Qualcomm TEE/Secure dump | TZDiag | – | | Non-secure | No debug policy needed | No debug policy needed | No debug policy needed | No debug policy needed | | Stages 1 secure | No APDP image needed | No APDP image needed | No APDP image needed | No APDP image needed | | Stages 2 secure | `--nonsecure-crash-dumps` | --offline-crash-dumps with device serial number | --logs with device serial number



Or



Encrypted TZ diag with



`--nonsecure-crash-dumps`




+ TZDiag encryption public key/exp in devcfg can be configured in
the following location:



\trustzone\_images\ssg\securemsm\



trustzone\qsee\mink\oem\config<chipset>



\oem\_config.xml |

  • Apps minidump:

    --apps-encrypted-mini-dumps




  • Modem and WLAN:

    • --mpss-encrypted-mini-dumps


    • --wlan-encrypted-mini-dumps





  • aDSP minidump:
    --adsp-encrypted-mini-dumps


  • cDSP minidump:
    --cdsp-encrypted-mini-dumps





For more information, see [MiniDump Software User
Guide](https://docs.qualcomm.com/bundle/80-P8754-71/resource/80-P8754-71_REV_H_MiniDump_Software_User_Guide.pdf). | Last Published: Aug 06, 2024 [Previous Topic Customize](https://docs.qualcomm.com/bundle/publicresource/80-70014-11/topics/customize.md) [Next Topic Examples](https://docs.qualcomm.com/bundle/publicresource/80-70014-11/topics/examples-lru.md)