# Security Source: [https://docs.qualcomm.com/doc/80-Y8730-2/topic/security.html](https://docs.qualcomm.com/doc/80-Y8730-2/topic/security.html) Note: This feature is available since the QCC730.FR.1.0 Post-CS 2 release. If you enable this feature, disable the watchdog using the following command before flashing the image. Otherwise, the image upgrade may fail. platform write_mem 0x11AF8E0 4 0Copy to clipboard ## PKA Source: [https://docs.qualcomm.com/doc/80-Y8730-2/topic/security.html](https://docs.qualcomm.com/doc/80-Y8730-2/topic/security.html) Public key cryptography involves complex mathematical operations on large numbers. These operations require significant computational power for 32-bit or 64-bit CPUs. The Public Key Accelerator (PKA) is designed to speed up such operations. It supports bit lengths of 192, 224, 256, and 384 for Elliptic Curve Cryptography (ECC), and 512, 1024, 2048, and 4096 for RSA. PKA supports hardware acceleration of the following algorithms: - RSA sign/verify - DH - ECDSA sign/verify - ECDH The PKA module provides two configurable options: - `CONFIG_MBEDTLS_USE_PKA` indicates whether PKA-based hardware implementation is enabled to replace the MbedTLS software implementation for certain public key algorithms. - `CONFIG_MBEDTLS_PKA_TEST` indicates whether the unit-test command is enabled. The default values of both options are `y`. If needed, modify the options in the \demo\qcli\_demo\prj.conf file. ## QCC Source: [https://docs.qualcomm.com/doc/80-Y8730-2/topic/security.html](https://docs.qualcomm.com/doc/80-Y8730-2/topic/security.html) Qualcomm crypto core (QCC) is a general-purpose engine for secure processing applications. It contains the following features: - AES-ECB-128 - AES-ECB-256 - AES-CBC-128 - AES-CBC-256 - AES-CTR-128 - CCM - SHA-1 - SHA-256 The QCC module is disabled by default. To enable it to support hardware crypto accelerator, modify the values of the following three configurations to `y` in the \demo\qcli\_demo\prj.conf file: CONFIG_MBEDTLS_AES_ALT=y CONFIG_MBEDTLS_CCM_ALT=y CONFIG_MBEDTLS_SHA_ALT=yCopy to clipboard Note: Don't enable QCC when compiling SBL. SBL doesn't support it yet. ## PRNG Source: [https://docs.qualcomm.com/doc/80-Y8730-2/topic/security.html](https://docs.qualcomm.com/doc/80-Y8730-2/topic/security.html) The Pseudorandom Number Generator (PRNG) module is a hardware-only random number generator, with the following features: - A SHA-256 block is used as an entropy distillation function. - The entropy source is a series of ring oscillators throughout the design, each incorporating local PVT changes. - The design uses mini-hard macros for the entropy sources to maintain consistency and minimize design effort across platforms. ## KDF Source: [https://docs.qualcomm.com/doc/80-Y8730-2/topic/security.html](https://docs.qualcomm.com/doc/80-Y8730-2/topic/security.html) The Key derivation function (KDF) is a hardware block that derives cryptographically strong keys based on various inputs. The KDF implements the counter mode recommended by NIST SP 800‑108: - HMAC (FIPS 198‑1) as the pseudorandom function (PRF) - SHA‑256 (FIPS 180‑4) as the approved hash function ## Secure storage Source: [https://docs.qualcomm.com/doc/80-Y8730-2/topic/security.html](https://docs.qualcomm.com/doc/80-Y8730-2/topic/security.html) Secure storage protects sensitive data with hardware-backed security rather than relying only on software encryption. The key used for secure storage is derived from the hardware root key by using the KDF. Normal applications never access raw key material directly; they use APIs instead. Secure storage uses the AES-CBC-128 algorithm to encrypt the original data, and then applies the HMAC-SHA256 algorithm to the encrypted data to compute a HAMC message digest. Both the encrypted data and the digest are then stored in flash through the file system. Last Published: Jun 03, 2026 [Previous Topic System services](https://docs.qualcomm.com/bundle/publicresource/80-Y8730-2/topics/system_services.md) [Next Topic QCLI demo](https://docs.qualcomm.com/bundle/publicresource/80-Y8730-2/topics/qcli-demo.md)