# Generate secure images Source: [https://docs.qualcomm.com/doc/80-Y8730-8/topic/generate_secure_images.html](https://docs.qualcomm.com/doc/80-Y8730-8/topic/generate_secure_images.html) Once secure boot is enabled, all subsequent images must be signed correctly. The QCC730 SDK contains python‑based tools (sectools) that can be used for image signing, hashing, and validating. **Example** python sectools.py secimage -i -c -sa -g -o Copy to clipboard Table : Parameters of sectools.py | Parameter | Description | | --- | --- | | `-i` | Input elf image file. | | `-c` | Path to the secimage configuration file. | | `-g` | Sign ID. Values must be `sbl` for SBL image, `app` for APP image. | | `-o` | Location of the output directory. | ## Examples for signing images Note: The following commands assume the configuration file is under the \sectools folder. Command to sign SBL image (FERMION\_SBL.elf): python sectools.py secimage -i FERMION_SBL.elf -c qcc730_secimage.xml -sa -g sbl -o . Copy to clipboard Command to sign APP image (FERMION\_IOE\_QCLI\_DEMO.elf): python sectools.py secimage -i FERMION_IOE_QCLI_DEMO.elf -c qcc730_secimage.xml -sa -g app -o .Copy to clipboard Note: - OpenSSL is required to use sectools.py for image signing. Ensure that the Linux or Windows system used for image signing has OpenSSL installed and properly configured. On Windows, you can download the EXE version of **Win64 OpenSSL v3.3.1 Light** from [https://slproweb.com/products/Win32OpenSSL.html](https://slproweb.com/products/Win32OpenSSL.html), run the EXE file to install, and then add the path to the openssl.exe file to the `Path` system variable. - QCC730 supports both FreeRTOS and Zephyr and uses the same signing tool, sectools.py. For Zephyr, you can generate signed images easily by using the `west` tool. For more information, see [Build signed images](https://docs.qualcomm.com/doc/80-Y8730-8/topic/build_and_flash_signed_image.html#build_signed_image). Alternatively, you can use sectools.py directly to sign the SBL and APP images by running the commands described above. - **[SecImage configuration file](https://docs.qualcomm.com/doc/80-Y8730-8/topic/secimage_configuration_file.html)** - **[Generating SHA256‑signed certificates](https://docs.qualcomm.com/doc/80-Y8730-8/topic/generating_sha256_signed_certificates.html)** **Parent Topic:** [Secure boot](https://docs.qualcomm.com/doc/80-Y8730-8/topic/secure_boot.html) Last Published: Feb 10, 2026 [Previous Topic Anti‑rollback](https://docs.qualcomm.com/bundle/publicresource/80-Y8730-8/topics/anti_rollback.md) [Next Topic SecImage configuration](https://docs.qualcomm.com/bundle/publicresource/80-Y8730-8/topics/secimage_configuration_file.md)