# Sign images

Source: [https://docs.qualcomm.com/doc/80-70015-11/topic/sign-the-images.html](https://docs.qualcomm.com/doc/80-70015-11/topic/sign-the-images.html)

Image signing ensures the authenticity, integrity, and origin of the
        images.

To flash the images, do the following:

1. For using different signing methods and the secure image functionality,
                    see [SecTools V2: Secure Image User Guide](https://docs.qualcomm.com/bundle/80-NM248-12/resource/80-NM248-12_REV_AB_SecTools_V2__Secure_Image_User_Guide.pdf).
2. If the local signer is used and keys and certificates are generated using these
                commands, see Generate local (insecure) root key and certificate.
3. To sign a single image, run the following command, where `tz.mbn` is
                used as an example.
Note: You can replace the values
                    highlighted in **bold** as per your
                requirement.

        <meta>/common/sectoolsv2/ext/<platform>/sectools.exe secure-image --sign /path/to/tz.mbn --image-id=TZ --security-profile <meta>/common/sectoolsv2/<chipset>_security_profile.xml --oem-id=0x1 --oem-product-id=0xabcd --anti-rollback-version=0x0 --signing-mode=LOCAL --root-certificate=./OEM-KEYS/qpsa_rootca.cer --ca-certificate=./OEM-KEYS/qpsa_attestca.cer --ca-key=./OEM-KEYS/qpsa_attestca.key --outfile ./signed_images_out/tz.mbnCopy to clipboard
4. For the images that should be split, use the `--pil-split`
                    option.
5. For signing the complete metabuild, see the commands from [SecTools V2: Metabuild Secure Image User
                        Guide](https://docs.qualcomm.com/bundle/80-NM248-17/resource/80-NM248-17_REV_AB_SecTools_V2__Metabuild_Secure_Image_User_Guide.pdf).

**Parent Topic:** Enable secure boot

Last Published: Oct 14, 2024

Previous Topic
 
Generate SHA-384 hash for RSA and ECDSA Next Topic

Generate signed sec.elf image