# Security features Qualcomm Linux incorporates several security features to protect the devices and applications. These security features are essential for protection against vulnerabilities, data integrity and confidentiality, compliance with standards, and system stability. [Qualcomm TEE](https://docs.qualcomm.com/doc/80-70018-11/topic/qualcomm-trusted-execution-environment.html#qualcomm-trusted-execution-environment) enhances the security features and their extensions. It offers interfaces that allow the extension of the security feature set through the trusted applications. Certain features are integrated into the hardware-supported TrustZone architecture, providing a system security configuration. These features can be further customized to meet specific requirements. ## Explore security features Click on each feature to find out more. - [Cryptography](https://docs.qualcomm.com/doc/80-70018-11/topic/crypto-core.html) Qualcomm Linux Security offering includes support for both hardware and software-based cryptography. - [Key management](https://docs.qualcomm.com/doc/80-70018-11/topic/key-management.html) The Qualcomm Linux Security solution supports the public-key cryptography standards by implementing the PKCS#11 APIs. This feature allows applications to use keys and certificates in a platform-independent manner. - [Secure boot](https://docs.qualcomm.com/doc/80-70018-11/topic/secure-boot.html) Secure boot is the boot up sequence that establishes a trusted platform for the entire software stack. - [Storage security](https://docs.qualcomm.com/doc/80-70018-11/topic/secure-file-system.html) The secure file system (SFS) is used to store sensitive data, such as keys and biometric data. - [Storage encryption](https://docs.qualcomm.com/doc/80-70018-11/topic/file-based-encryption.html) Storage encryption enhances security by supporting the transparent encryption of files and directories. - [SMC invoke](https://docs.qualcomm.com/doc/80-70018-11/topic/smcinvoke.html) The secure monitor call (SMC) invoke is used to expose the services and interfaces implemented in Qualcomm TEE to Linux clients. It provides identification information about the requesting processes to Qualcomm TEE. - [Access control](https://docs.qualcomm.com/doc/80-70018-11/topic/access-control.html) Access control ensures only authorized entities can access specific resources under defined conditions, using policies, technologies, and trust models. - [SPI loading](https://docs.qualcomm.com/doc/80-70018-11/topic/secure-peripheral-image-loading.html) The secure peripheral image loading (PIL) of a TrustZone authenticates different images and configures the xPUs for all subsystems such as audio, camera, and video. - [SELinux](https://docs.qualcomm.com/doc/80-70018-11/topic/selinux.html) SELinux is a security enhancement for Linux, providing greater control over system access. It implements mandatory access control (MAC) in the Linux kernel using the Linux security modules (LSM) framework. - [Qualcomm TEE](https://docs.qualcomm.com/doc/80-70018-11/topic/qualcomm-trusted-execution-environment.html) Qualcomm TEE is the software that operates within the Arm TrustZone environment on the Qualcomm device. - [Qualcomm Hypervisor](https://docs.qualcomm.com/doc/80-70018-11/topic/hypervisor.html) Qualcomm Hypervisor provides a modern virtualization framework that allows multiple operating systems to run independently and concurrently, delivering high performance. - [Security hardening](https://docs.qualcomm.com/doc/80-70018-11/topic/security-hardening.html) Security hardening is a process that minimizes the risk of system attacks by making it more challenging for attackers to exploit the system vulnerabilities. - [Qualcomm WES](https://docs.qualcomm.com/doc/80-70018-11/topic/qwes.html) Qualcomm WES is a suite of trusted services, rooted in hardware, which securely connects and manages devices. ## Watch videos on Qualcomm Processor Security **Qualcomm Processor Security: Foundation** *Unlock the full potential of Secure Boot technology on Qualcomm devices in this comprehensive tutorial. From generating cryptographic keys to programming hardware fuses and managing secure boot status, this video covers every step in detail. Ideal for users aiming to enhance device security through authenticated boot processes. Learn how to useQualcomm tools effectively to ensure your device boots securely every time.*
Last Published: Apr 10, 2025
 **Qualcomm Processor Security: TEE and Chipset Services** *Learn how to use Qualcomm Type 1 Hypervisor and Trusted Execution Environment in this comprehensive tutorial. Dive deep into platform virtualization, secure communication, and the extensive security features offered by Qualcomm. Learn how to develop secure applicationsusing Qualcomm tools and APIs, and understand the critical security use cases and compliance standards that Qualcomm supports. Perfect for users aiming to enhance device security and functionality.*
Last Published: Apr 10, 2025
 ## Next steps - To learn more about cryptography, see [Cryptography](https://docs.qualcomm.com/doc/80-70018-11/topic/crypto-core.html#crypto-core). - To learn about TrustZone and security framework, see [Security architecture](https://docs.qualcomm.com/doc/80-70018-11/topic/architecture.html#architecture). - To learn about APIs that can be used to interact with Linux and hardware, see [Security APIs](https://docs.qualcomm.com/doc/80-70018-11/topic/interfaces.html#interfaces). Last Published: Apr 10, 2025 [Previous Topic Security overview](https://docs.qualcomm.com/bundle/publicresource/80-70018-11/topics/overview.md) [Next Topic Cryptography](https://docs.qualcomm.com/bundle/publicresource/80-70018-11/topics/crypto-core.md)