# Configure security services

Qualcomm Linux Security provides multiple security configurations for enahancing the device security, maintaining the device software authenticity and integrity and to protect the critical and sensitive developer and user information.

This section guides you through the following configuration workflows.

Secure boot

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [Enable secure boot](https://docs.qualcomm.com/doc/80-70018-11/topic/enable-secure-boot.html#enable-secure-boot)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [QFPROM fuses](https://docs.qualcomm.com/doc/80-70018-11/topic/appendix-fuse-configurations.html#appendix-fuse-configurations)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [Generate local (insecure) root key and certificate](https://docs.qualcomm.com/doc/80-70018-11/topic/generate-local-insecure-root-key-and-certificates.html#generate-local-insecure-root-key-and-certificates)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [Generate ECDSA root key and certificate](https://docs.qualcomm.com/doc/80-70018-11/topic/generate-ecdsa-root-key-and-certificate.html#generate-ecdsa-root-key-and-certificate)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [Generate RSA client application key pair and certificate](https://docs.qualcomm.com/doc/80-70018-11/topic/generate-rsa-root-ca-key-pair-and-certificate.html#generate-rsa-root-ca-key-pair-and-certificate)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [Generate SHA-384 hash for RSA and ECDSA](https://docs.qualcomm.com/doc/80-70018-11/topic/generate-sha-384-hash-for-rsa-and-ecdsa.html#generate-sha-384-hash-for-rsa-and-ecdsa)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [Sign images](https://docs.qualcomm.com/doc/80-70018-11/topic/sign-the-images.html#sign-the-images)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [Generate signed sec.elf image](https://docs.qualcomm.com/doc/80-70018-11/topic/generate-signed-sec-elf-image.html#generate-signed-sec-elf-image)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [Flash images](https://docs.qualcomm.com/doc/80-70018-11/topic/flash-the-images.html#flash-the-images)

UEFI secure boot

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [Enable UEFI secure boot](https://docs.qualcomm.com/doc/80-70018-11/topic/enable-uefi-secure-boot.html#enable-uefi-secure-boot)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [Generate key and certificate](https://docs.qualcomm.com/doc/80-70018-11/topic/generate-key-and-certificate.html#generate-key-and-certificate)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [Sign images and copy (.auth) key/signed files to EFI partition](https://docs.qualcomm.com/doc/80-70018-11/topic/sign-images-and-copy-auth-key-signed-files-to-efi-partition.html#sign-images-and-copy-auth-key-signed-files-to-efi-partition)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [Enable UEFI secure boot from systemd-boot menu](https://docs.qualcomm.com/doc/80-70018-11/topic/enable-uefi-secure-boot-from-systemd-boot-menu.html#enable-uefi-secure-boot-from-systemd-boot-menu)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [Hash unsigned images and update DB for image authentication](https://docs.qualcomm.com/doc/80-70018-11/topic/hash-unsigned-images-and-update-db-for-image-authentication.html#hash-unsigned-images-and-update-db-for-image-authentication)

Other configurations

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [Enable device configuration (Devcfg) from Qualcomm TEE](https://docs.qualcomm.com/doc/80-70018-11/topic/enable-device-devcfg-from-qtee.html#enable-device-devcfg-from-qtee)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [Enable SELinux](https://docs.qualcomm.com/doc/80-70018-11/topic/enable-selinux.html#enable-selinux)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [Sample OpenSSL configuration](https://docs.qualcomm.com/doc/80-70018-11/topic/appendix-openssl-configuration.html#appendix-openssl-configuration)

![icol](data:image/png;base64,UklGRpwAAABXRUJQVlA4TJAAAAAvF8AFEH+goG0bxqU4/kwuDQNp22T7Hd2/tito24Zxx5/keDw1kaw6pAoFSMK/iB/qXPECxHNdR35a5LyfAAqFBeA/Hm9S6E2CUWxbbf5gABvsO2yRgABSJERZJERCJMRBb/sM1UBE/xWmbcM46e4lUEfjF2LpUYCVX6HiHS5YDP3Jhgk/hl+K1nlAASYCVQQ=) [Install or upgrade SoftSKU feature packs](https://docs.qualcomm.com/doc/80-70018-11/topic/upgrade-qualcomm-wes-feature-pack.html#upgrade-qualcomm-wes-feature-pack)

## Next steps

- To adjust Qualcomm TEE configurations, see [Enable device configuration (Devcfg) from Qualcomm TEE](https://docs.qualcomm.com/doc/80-70018-11/topic/enable-device-devcfg-from-qtee.html#enable-device-devcfg-from-qtee).
- To enable secure boot and to ensure only trusted applications runs on the device, see [Enable secure boot](https://docs.qualcomm.com/doc/80-70018-11/topic/enable-secure-boot.html#enable-secure-boot).

> 
> 
>

Last Published: Apr 10, 2025

[Previous Topic
Bring up security features](https://docs.qualcomm.com/bundle/publicresource/80-70018-11/topics/bring-up.md) [Next Topic
Enable device configuration (Devcfg) from Qualcomm TEE](https://docs.qualcomm.com/bundle/publicresource/80-70018-11/topics/enable-device-devcfg-from-qtee.md)