# Security

Source: [https://docs.qualcomm.com/doc/80-Y8730-5/topic/security.html](https://docs.qualcomm.com/doc/80-Y8730-5/topic/security.html)

## PKA

Source: [https://docs.qualcomm.com/doc/80-Y8730-5/topic/security.html](https://docs.qualcomm.com/doc/80-Y8730-5/topic/security.html)

Public key cryptography involves complex mathematical operations on large numbers. Theseoperations require significant computational power for 32-bit or 64-bit CPUs. The Public Key Accelerator (PKA) is designed to speed up such operations. It supports bit lengths of 192, 224, 256, and 384 for Elliptic Curve Cryptography (ECC), and 512, 1024, 2048, and 4096 for RSA.

PKA supports hardware acceleration of the following algorithms:

- RSA sign/verify
- DH
- ECDSA sign/verify
- ECDH

## QCC

Source: [https://docs.qualcomm.com/doc/80-Y8730-5/topic/security.html](https://docs.qualcomm.com/doc/80-Y8730-5/topic/security.html)

Qualcomm crypto core (QCC) is a general-purpose engine for secure processing
            applications. It contains the following features:

- AES-ECB-128
- AES-ECB-256
- AES-CBC-128
- AES-CBC-256
- AES-CTR-128
- CCM
- SHA-1
- SHA-256

## PRNG

Source: [https://docs.qualcomm.com/doc/80-Y8730-5/topic/security.html](https://docs.qualcomm.com/doc/80-Y8730-5/topic/security.html)

The Pseudorandom Number Generator (PRNG) module is a hardware-only random number
            generator, with the following features:

- A SHA-256 block is used as an entropy distillation function.
- The entropy source is a series of ring oscillators throughout the design, each incorporating local PVT changes.
- The design uses mini-hard macros for the entropy sources to maintain consistency and minimize design effort across platforms.

## KDF

Source: [https://docs.qualcomm.com/doc/80-Y8730-5/topic/security.html](https://docs.qualcomm.com/doc/80-Y8730-5/topic/security.html)

The Key derivation function (KDF) is a hardware block that derives cryptographically strong keys based on various inputs.

The KDF implements the counter mode recommended by NIST SP 800‑108:

- HMAC (FIPS 198‑1) as the pseudorandom function (PRF)
- SHA‑256 (FIPS 180‑4) as the approved hash function

## Secure storage

Source: [https://docs.qualcomm.com/doc/80-Y8730-5/topic/security.html](https://docs.qualcomm.com/doc/80-Y8730-5/topic/security.html)

Secure storage protects sensitive data with hardware-backed security rather than relying only on software encryption. The key used for secure storage is derived from the hardware root key by using the KDF. Normal applications never access raw key material directly; they use APIs instead. The CCM algorithm is used to encrypt the original data, the encrypted data is stored in flash through ZMS. A 64-KB partition is allocated when the secure storage system is enabled.

Last Published: Apr 27, 2026

Previous Topic
 
Use RTT console with zephyr Next Topic

Samples