Jump to content

Security Features on the Dragonwing IQ-9075

From RidgeRun Developer Wiki


Follow us on: YouTube Twitter LinkedIn Email Share this page

Share This Page




Security Features

These security features are either available for the Ubuntu 24.04 image provided by Qualcomm, or the Yocto distro of Qualcomm Linux 1.8. This version will serve as the reference for the upcoming security feature guides, as the latest release (2.0-rc) does not yet support all available features. Refer to the Qualcomm Linux 1.8 Build Guide for instructions on how to build this image. The information provided for the Ubuntu 24.04 image can be found in the latest Canonical Release Notes for the Dragonwing IQ-9075 EVK[1] and for the Qualcomm Linux 1.8 Yocto distribution, on the Qualcomm Security Features Documentation page. [2]

You can get started and know more about security features in the RidgeRun Platform Security Manual

Features available

The following table contains each available feature regarding security and TEE for either image available and a brief description of their functioning in each platform.

Feature Available Description
User Data Protection For both User data protection services including secure storage and data-at-rest protection mechanisms.
Secure Boot (UEFI SecBoot) Yocto only Establishes a hardware root of trust and verifies software images during the boot process to prevent unauthorized code execution. Uses cryptographic authentication and eFuse-backed root keys.
Key Management For both Ubuntu: PKCS#11-based secure key management.
Yocto: Secure key provisioning and storage using Qualcomm fuse technologies (QFPROM/eFuse) and platform security services.
Qualcomm TEE (QTEE) For both Trusted Execution Environment running in Arm TrustZone. Provides hardware-enforced isolation between secure and non-secure worlds and supports trusted applications, cryptographic services, content protection, and secure services.
GlobalPlatform For both Standards-based Trusted Execution Environment interfaces for secure applications and trusted services.
Secure File System For both Secure storage services for trusted applications running inside the Trusted Execution Environment.
SMCInvoke / QSEEComCompat Ubuntu only Legacy communication mechanisms used to access Qualcomm TEE services from the normal world. Superseded by the QCOMTEE driver and Linux TEE subsystem.
QCrypto For both Hardware-accelerated cryptographic services and pseudo-random number generation accessible through the Linux crypto framework and Qualcomm security services.
Public Sec Tools For both Qualcomm Security Tools (Sectools) used for image signing, secure boot enablement, certificate management, authentication, debug policy creation, and fuse programming.
Storage Encryption Yocto only Filesystem-level encryption using fscrypt with support for UFS inline encryption, Inline Crypto Engine (ICE), hardware-wrapped keys, and secure storage technologies such as RPMB.
Debug Security Yocto only Controls invasive and non-invasive debug access through security policies and fuse configuration, helping protect production devices against unauthorized access and reverse engineering.
QCOMTEE Driver Yocto only Linux TEE subsystem driver providing object-based communication between Linux clients and Qualcomm TEE, replacing legacy SMCInvoke-based interfaces.
Qualcomm Hypervisor Yocto only Hardware-assisted virtualization solution that enables multiple isolated operating system environments and secure workload separation.

References

  1. Canonical Ltd. Ubuntu 24.04 Qualcomm RB3 Gen 2 Vision Development Kit, IQ-9075 and IQ-8275 Evaluation Kits Release Notes. Retrieved June 9, 2026, from [1]
  2. Qualcomm Technologies, Inc. Qualcomm Linux 1.8 Security Documentation. Retrieved June 9, 2026, from [2]

Cookies help us deliver our services. By using our services, you agree to our use of cookies.