# Cryptography

Qualcomm Linux Security offering includes support for both hardware and
software-based cryptography.

The key capabilities include:

- A register and bus access manager with direct memory-based access.
- Interfaces to the cryptographic hardware.
- The Linux kernel crypto driver (qcrypto) provides access to the
hardware cryptography independent of trusted applications.
- The Qualcomm TEE provides the hardware and software crypto
application programming interfaces (APIs) to the trusted
applications.

Qualcomm TEE supports the following cryptographic algorithms:

| Algorithm | Hardware | Software |
| --- | --- | --- |
| Hash | SHA-1/SHA-256 | <ul class="simple"><br><li><p>SHA-1/SHA-224/SHA-256/SHA-384/SHA-512</p></li><br><li><p>SM3</p></li><br></ul> |
| Symmetric cipher | <ul class="simple"><br><li><p>AES-128/AES-256 CBC, ECB, CTR, CCM, GCM,</p></li><br><li><p>Triple-TDES CBC/ECB</p></li><br></ul> | <ul class="simple"><br><li><p>AES-128/AES-192/AES-256 CBC, ECB, CTR, CCM, XTS, CFB, OFB, CTS</p></li><br><li><p>Triple-TDES CBC/ECB</p></li><br><li><p>PBKDF2</p></li><br><li><p>SM4</p></li><br></ul> |
| MAC | AES-CMAC | Hash-based message authentication (HMAC) |
| RNG | HRNG | – |
| HMAC | HMAC-SHA-1/SHA-256 | HMAC-SHA-1/SHA-224/SHA-256/SHA-384/SHA-512 |
| Asymmetric cipher | – | <ul class="simple"><br><li><p>RSA with 1024/2048/3072 modulus</p></li><br><li><p>ECDSA with P224, P256, P384, P521</p></li><br><li><p>ECDH</p></li><br><li><p>SM2</p></li><br></ul> |

## Inline crypto engine

The inline crypto engine (ICE) is designed for a high throughput
cryptographic encryption of the storage data.

ICE supports:

- AES 128/AES 256 ECB/XTS
- Multiple crypto streams to meet high throughput
- Multiple AES cores per crypto stream
- Provision of 32 software configurable keys
- Capability to enable symmetric and asymmetric operations

Last Published: Jan 30, 2025

Previous Topic
 
Features Next Topic

Key management