# Qualcomm TEE

Source: [https://docs.qualcomm.com/doc/80-70014-11/topic/qualcomm-trusted-execution-environment.html](https://docs.qualcomm.com/doc/80-70014-11/topic/qualcomm-trusted-execution-environment.html)

Qualcomm TEE is the software that operates within the Arm TZ environment on the
        Qualcomm device.

TZ is a hardware-based security architecture enabled through a Secure mode of the Arm
            processor. It establishes two execution environments with system-wide hardware-enforced
            isolation. For more information, see [https://developer.arm.com/documentation/102418/0101/What-is-TrustZone-](https://developer.arm.com/documentation/102418/0101/What-is-TrustZone-).

Qualcomm offers a 64‑bit Arm 8.x processor system with hardware virtualization to run
            TZ.

In the TZ architecture, there are two security states:
- Secure
- Non-secure

At the EL0, EL1, and EL2 [exception levels](https://developer.arm.com/documentation/102412/0103/Privilege-and-Exception-levels/Exception-levels), the processor can be in
            either the secure state or the non-secure state, while EL3 is always in the secure
            state.

The operating system runs in non-secure EL1. The transition from Non-secure to Secure
            mode is facilitated through a Secure Monitor mode.

Qualcomm TEE provides the following features:

- Operation from hardware-protected memory
- Support for power collapse of security blocks such as the crypto engine, PRNG,
                inline crypto engine, and external protection units (xPU).
- Support for a secure peripheral image loader (PIL)
- Support for subsystem restart
- Provision of content protection
- Support for running TA
- Support for fuse management

## Trusted applications

TA offer services within a secure environment for Linux clients that are not
                        secure.   QualcommTEE extends the following services to TA:

- Support for TAs to operate in the secure world at EL0
- Sand-boxing environment for TA
- Position-independent loading of TA

- Message passing between different TAs

TA operates from the memory that is protected by the hardware. However, the
                applications that require more memory have the option to load and run from double
                data rate (DDR) memory instead. By default, an application is set to run from
                hardware-protected memory.

**Parent Topic:** [Features](https://docs.qualcomm.com/doc/80-70014-11/topic/features.html)

Last Published: Aug 06, 2024

[Previous Topic
SELinux](https://docs.qualcomm.com/bundle/publicresource/80-70014-11/topics/selinux.md) [Next Topic
Qualcomm Hypervisor](https://docs.qualcomm.com/bundle/publicresource/80-70014-11/topics/hypervisor.md)