# Security tools

To build secure software on Qualcomm devices using TrustZone and secure boot, the key tools needed are SecTools v2 and LLVM compiler for Arm^®^, targeting the Snapdragon^®^ devices.

SecTools v2 is a suite of Qualcomm security tools designed to support secure boot, image authentication, debug policy creation, and fuse programming across Qualcomm system-on-chips (SoCs). The LLVM compiler for Qualcomm^®^ Trusted Execution Environment (Qualcomm TEE) is a specialized toolchain used to build secure software components for TEE on Qualcomm devices.

## Build system

For more information about the toolchain, build process, and compilation, see [Qualcomm Linux Build Guide](https://docs.qualcomm.com/bundle/publicresource/topics/80-80022-254/build_addn_info.html).

## Set up SecTools v2 for secure boot

1. Go to the SecTools v2 folder.

    The SecTools executable is located in the following path.

> 
> 
> `<Metabuild>/<chipset>.LE.X.x/common/sectoolsv2/ext/<host_machine>`

    This folder has the binaries and scripts required for secure boot, image signing, and other security operations.
2. Locate the security Profile XML.

> 
> 
> Find the `<chipset>_security_profile.xml` security profile file in meta.
> 
> 
> `<chipset>.LE.X.x/common/sectoolsv2`

    This XML file defines the security configuration used by SecTools.

> 
> 
> Note
> 
> 
> The minimum SecTools version required is 1.43 or later.

The table lists the documentation for SecTools v2.

Table : SecTools v2

| Document | Description |
| --- | --- |
| [SecTools V2: Metabuild Secure Image User Guide](https://docs.qualcomm.com/bundle/80-NM248-17/resource/80-NM248-17_REV_AB_SecTools_V2__Metabuild_Secure_Image_User_Guide.pdf) | Perform the secure-image operations on metabuild software images. |
| [SecTools V2: Fuse Blower User Guide](https://docs.qualcomm.com/bundle/80-NM248-9/resource/80-NM248-9_REV_AB_SecTools_V2__Fuse_Blower_User_Guide.pdf) | Create and sign the fuse blower images. When a device uses a fuse blower image, it blows the specified fuse. |
| [SecTools V2: ELF Tool User Guide](https://docs.qualcomm.com/bundle/80-NM248-18/resource/80-NM248-18_REV_AD_SecTools_V2__ELF_Tool_User_Guide.pdf) | Generate, add segments, and combine the ELF software images. |
| [SecTools V2: MBN Tool User Guide](https://docs.qualcomm.com/bundle/80-NM248-19/resource/80-NM248-19_REV_AB_SecTools_V2__MBN_Tool_User_Guide.pdf) | Add the modem configuration binary (MBN) headers to binary images. |
| [SecTools V2: ELF Consolidator User Guide](https://docs.qualcomm.com/bundle/80-NM248-20/resource/80-NM248-20_REV_AA_SecTools_V2__ELF_Consolidator_User_Guide.pdf) | Create the consolidated ELF software images. A consolidated ELF has the contents of many subsystem images. |
| [SecTools V2: Secure Image User Guide](https://docs.qualcomm.com/doc/80-NM248-12/topic/secure-image-usage.html) | Sign, encrypt, and inspect Qualcomm software images. |
| [SecTools V2: Secure Debug User Guide](https://docs.qualcomm.com/bundle/80-NM248-23/resource/80-NM248-23_REV_AA_SecTools_v2__Secure_Debug_User_Guide.pdf) | Generate and sign the debug policy images to enable device debugging and authentication. |

Note

The *SecTools* guides are available to licensed users with authorized access.

## Next steps

- To initialize and configure the hardware for running securely on Linux, see [Verify security configurations](https://docs.qualcomm.com/doc/80-80022-11/topic/bring-up.html#bring-up).
- To configure Qualcomm TEE for securing devices that handle sensitive data and run trusted applications, see [Configure security services](https://docs.qualcomm.com/doc/80-80022-11/topic/configure.html#configure).

Last Published: May 18, 2026

[Previous Topic
Security features](https://docs.qualcomm.com/bundle/publicresource/80-80022-11/topics/features.md) [Next Topic
Verify the security configurations of Qualcomm Linux](https://docs.qualcomm.com/bundle/publicresource/80-80022-11/topics/bring-up.md)