# Qualcomm TEE Qualcomm TEE is the software that operates within the Arm TrustZone environment on the Qualcomm device. The TrustZone is a hardware-based security architecture enabled through a Secure mode of the Arm processor. It establishes two execution environments with system-wide hardware-enforced isolation. For more information, see [https://developer.arm.com/documentation/102418/0101/What-is-TrustZone](https://developer.arm.com/documentation/102418/0101/What-is-TrustZone)-. Qualcomm offers a 64‑bit Arm 8.x processor system with hardware virtualization to run TrustZone. In the TrustZone architecture, there are two security states: - Secure - Non‑secure At the EL0, EL1, and EL2 [exception levels](https://developer.arm.com/documentation/102412/0103/Privilege-and-Exception-levels/Exception-levels), the processor can be in either the secure state or the non‑secure state while EL3 is always in the secure state. The operating system runs in non‑secure EL1. The transition from Non‑secure to Secure mode is facilitated through a Secure Monitor mode. Qualcomm TEE provides the following features: - Operation from hardware-protected memory - Support for power collapse of security blocks such as the crypto engine, PRNG, inline crypto engine, and external protection units (xPU) - Support for a secure peripheral image loader (PIL) - Support for subsystem restart - Provision of content protection - Support for running trusted applications - Support for fuse management ## Trusted applications Trusted applications (TA) offer services within a secure environment for Linux clients that are not secure. QualcommTEE extends the following services to TA: - Support for trusted applications to operate in the secure world at EL0 - Sand-boxing environment for trusted applications - Position-independent loading of trusted applications - Message passing between different trusted applications TA operates from the memory that is protected by the hardware. However, the applications that require additional memory can use double data rate (DDR) memory for loading and running. By default, an application is set to run from hardware-protected memory. Last Published: Jan 30, 2025 [Previous Topic SELinux](https://docs.qualcomm.com/bundle/publicresource/80-70017-11/topics/selinux.md) [Next Topic Qualcomm Hypervisor](https://docs.qualcomm.com/bundle/publicresource/80-70017-11/topics/hypervisor.md)