#  Flash images

Source: [https://docs.qualcomm.com/doc/80-70015-11/topic/flash-the-images.html](https://docs.qualcomm.com/doc/80-70015-11/topic/flash-the-images.html)

Flashing images involves writing an entire image, including partitions, file systems,
        and data, onto a storage device.

To flash the images:

1. See [QFPROM fuses](https://docs.qualcomm.com/doc/80-70015-11/topic/appendix-fuse-configurations.html) for the list of fuses to
                configure.
2. Replace all the binaries with the signed binaries including
                    `prog_firehose_ddr.elf`.
3. To flash all the signed binaries to the device, see [Qualcomm Linux Build Guide ➝ Build with QSC CLI](https://docs.qualcomm.com/bundle/publicresource/topics/80-70015-254/build_from_source_QSC_CLI.html).
4. After generating the signed images and `sec.elf`, enable secure
                    boot:
    1. Flash the signed images first without `sec.elf` and ensure
                        that the device boots successfully.
    2. Flash the signed images and `sec.elf` using the flash
                        procedure from [Qualcomm Linux Build Guide ➝ Flash images](https://docs.qualcomm.com/bundle/publicresource/topics/80-70015-254/flash_images.html).
    3. Verify that the secure boot is enabled using [Bring up → Verified
                            secure boot](https://docs.qualcomm.com/doc/80-70015-11/topic/bring-up.html#bring-up__section_fbw_jfg_s1c).
5. When the secure boot is enabled, the device expects images to be flashed using a
                secure programming method called validated image programming (VIP). In this release,
                you can proceed with flashing the images on the secure device by disabling VIP using
                the following workaround programmer (`prog_firehose_ddr.elf`) image
                at:
                    &lt;&gt;/BOOT.MXF.1.0.c1/boot\_images/boot/QcomPkg/Library/DevPrgLib/devprg\_transfer.c
6. Set the `vip->state` to `VIP_DISABLED` irrespective of
                the secure boot enable check in the following function:
int devprg_transfer_init(void)
        {
          int secboot, result;
          struct vip_data *vip = &vip_data;
          devprg_init_vip_state();
          secboot = devprg_is_secure_boot_enabled();
        //  if (secboot == 0) /*comment this to set vip state to VIP_DISABLED
            vip->state = VIP_DISABLED;
          result = devprg_transport_init();
          return result;
        }
        Copy to clipboard
7. To rebuild `prog_firehose_ddr.elf`, see [Qualcomm Linux Build Guide ➝ GitHub workflow (firmware and extras)](https://docs.qualcomm.com/bundle/publicresource/topics/80-70015-254/build_addn_info.html).
8. If any of the PIL signed images are not flashed using PCAT, follow these steps to
                push the PIL images manually using SCP:

        push adsp, cdsp, modem, wlan, ipa pil split binariesCopy to clipboard

    For
                    instructions, see [Qualcomm Linux Build Guide ➝ How to ➝ Use SSH](https://docs.qualcomm.com/bundle/publicresource/topics/80-70014-254/how_to.html#use-ssh).

1. Copy and replace the PIL split bins and the `.mdt` files
                            generated in the signed output to the
                                &lt;&lt;QCM6490.LE.x.x&gt;/common/build/ufs/bin/QCM6490\_fw/lib/firmware/qcom/qcm6490/
                            directory.
    2. Connect to the device as the root via SSH. For instructions,
                                see [Qualcomm Linux Build Guide ➝ How to ➝
                                Use SSH](https://docs.qualcomm.com/bundle/publicresource/topics/80-70014-254/how_to.html#use-ssh).
        Run the following
                            command:

            mount -o rw,remount  /
            scp <QCM6490.LE.x.x>/common/build/ufs/bin/QCM6490_fw/lib/firmware/qcom/qcm6490/. root@<IP_address>:/lib/firmware/qcom/qcm6490/
            Push gfx (a660_zap) pil split binaries, a660_zap.mdt and a660_zap.mbn from signed outout 
            scp <a660_zap signed output folder>/. root@<IP_address>:/lib/firmware/
            Push signed Venus binary:
            scp vpu20_1v.mbn root@<IP_address>:/lib/firmware/qcom/vpu-2.0/
            reboot
            Copy to clipboard
9. To check for PIL loading success, check for the following logs in
                dmesg:

        [    7.597009] remoteproc remoteproc0: Booting fw image qcom/qcs6490/modem.mdt, size 6052
        [    8.095883] remoteproc remoteproc0: remote processor 4080000.remoteproc is now up
        [    5.938938] remoteproc remoteproc1: Booting fw image qcom/qcs6490/wpss.mdt, size 4612
        [    6.088524] remoteproc remoteproc1: remote processor 8a00000.remoteproc is now up
        [    5.951047] remoteproc remoteproc2: Booting fw image qcom/qcs6490/adsp.mdt, size 6852
        [    6.107310] remoteproc remoteproc2: remote processor 3000000.remoteproc is now up
        [    5.977966] remoteproc remoteproc3: Booting fw image qcom/qcs6490/cdsp.mdt, size 5252
        [    6.135802] remoteproc remoteproc3: remote processor a300000.remoteproc is now upCopy to clipboard

**Parent Topic:** [Enable secure boot](https://docs.qualcomm.com/doc/80-70015-11/topic/enable-secure-boot.html)

Last Published: Oct 14, 2024

[Previous Topic
Generate signed sec.elf image](https://docs.qualcomm.com/bundle/publicresource/80-70015-11/topics/generate-signed-sec-elf-image.md) [Next Topic
Enable SELinux](https://docs.qualcomm.com/bundle/publicresource/80-70015-11/topics/enable-selinux.md)