# Flash images Source: [https://docs.qualcomm.com/doc/80-70014-11/topic/flash-the-images.html](https://docs.qualcomm.com/doc/80-70014-11/topic/flash-the-images.html) Flashing images involves writing an entire image, including partitions, file systems, and data, onto a storage device. To flash the images, follow these steps: 1. See [QFPROM fuses](https://docs.qualcomm.com/doc/80-70014-11/topic/appendix-fuse-configurations.html) for the list of fuses to configure. 2. Replace all the binaries with the signed binaries including `prog_firehose_ddr.elf`. 3. To flash all the signed binaries to the device, see [Build from source → Flash](https://docs.qualcomm.com/bundle/publicresource/topics/80-70014-254/build_from_source_QSC_CLI.html). 4. After generating the signed images and `sec.elf`, enable secure boot: 1. Flash the signed images first without `sec.elf` and ensure that the device boots successfully. 2. Flash the signed images and `sec.elf` using the flash procedure from [Build from source → Flash](https://docs.qualcomm.com/bundle/publicresource/topics/80-70014-254/build_from_source_QSC_CLI.html). 3. Verify that the secure boot is enabled using [Bring up → Verified secure boot](https://docs.qualcomm.com/doc/80-70014-11/topic/bring-up.html#bring-up__section_fbw_jfg_s1c). 5. When the secure boot is enabled, the device expects images to be flashed using a secure programming method called validated image programming (VIP). In this release, you can proceed with flashing the images on the secure device by disabling VIP using the following workaround programmer (`prog_firehose_ddr.elf`) image at: <>/BOOT.MXF.1.0.c1\boot\_images\boot\QcomPkg\Library\DevPrgLib\devprg\_transfer.c 6. Set the `vip->state` to `VIP_DISABLED` irrespective of the secure boot enable check in the following function: int devprg_transfer_init(void) { int secboot, result; struct vip_data *vip = &vip_data; devprg_init_vip_state(); secboot = devprg_is_secure_boot_enabled(); // if (secboot == 0) /*comment this to set vip state to VIP_DISABLED vip->state = VIP_DISABLED; result = devprg_transport_init(); return result; } Copy to clipboard 7. To rebuild `prog_firehose_ddr.elf`, see [GitHub workflow (firmware and extras) → Build firmware → Build Boot](https://docs.qualcomm.com/bundle/publicresource/topics/80-70014-254/build_addn_info.html). 8. If any of the PIL signed images are not flashed using PCAT, follow these steps to push the PIL images manually using SCP: push adsp, cdsp, modem, wlan, ipa pil split binariesCopy to clipboard For instructions, see [How to → How to SSH](https://docs.qualcomm.com/bundle/publicresource/topics/80-70014-254/how_to.html). 1. Copy and replace the PIL split bins and the `.mdt` files generated in the signed output to the <<QCM6490.LE.x.x>\common\build\ufs\bin\QCM6490\_fw\lib\firmware\qcom\qcm6490\ folder. 2. Connect to the device as the root via SSH. For instructions, see [How to → How to SSH](https://docs.qualcomm.com/bundle/publicresource/topics/80-70014-254/how_to.html). Run the following command: mount -o rw,remount / scp <\common\build\ufs\bin\QCM6490_fw\lib\firmware\qcom\qcm6490\. root@:/lib/firmware/qcom/qcm6490/ Push gfx (a660_zap) pil split binaries, a660_zap.mdt and a660_zap.mbn from signed outout scp \. root@:/lib/firmware/ Push signed Venus binary: scp vpu20_1v.mbn root@:/lib/firmware/qcom/vpu-2.0/ reboot Copy to clipboard **Parent Topic:** [Enable secure boot](https://docs.qualcomm.com/doc/80-70014-11/topic/enable-secure-boot.html) Last Published: Aug 06, 2024 [Previous Topic Generate signed sec.elf image](https://docs.qualcomm.com/bundle/publicresource/80-70014-11/topics/generate-signed-sec-elf-image.md) [Next Topic Enable SELinux](https://docs.qualcomm.com/bundle/publicresource/80-70014-11/topics/enable-selinux.md)