Google has announced that protected KVM (pKVM), the hypervisor underpinning the Android Virtualization Framework (AVF), has achieved SESIP Level 5 certification. The certification makes pKVM the first software security system designed for large-scale consumer electronics deployment to reach this assurance level.

What SESIP Level 5 Means

The Security Evaluation Standard for IoT Platforms (SESIP) is a certification scheme maintained by TrustCB and compliant with EN-17927. Level 5 incorporates AVA_VAN.5, the highest vulnerability analysis and penetration testing tier defined under ISO 15408, better known as Common Criteria. A product certified at this level has been evaluated as resistant to highly skilled, well-resourced, and well-motivated attackers, including those with insider knowledge and access.

The evaluation was conducted by Dekra, a globally recognized cybersecurity certification laboratory.

Why This Matters for Android Security

Google notes that many Trusted Execution Environments (TEEs) currently used across the industry are either uncertified or hold lower assurance ratings. That inconsistency has made it difficult for developers building high-criticality applications to rely on a verifiable, uniform security foundation. pKVM is positioned to address that gap by providing a single open-source firmware base that device manufacturers can adopt and build upon.

Looking ahead, Google states that Android device manufacturers will be required to use isolation technology meeting this same assurance level for security-sensitive operations. The certification also enables new use cases, including on-device AI workloads processing highly personalized data, where strong privacy and integrity guarantees are required.

Background and Broader Impact

The certification reflects multi-year collaboration across the Linux and KVM developer communities alongside several engineering teams at Google. As an open-source component, pKVM allows external review and contribution, which Google frames as a transparency advantage over proprietary TEE implementations.

  • Certification body: Dekra, under the TrustCB SESIP scheme
  • Standard: SESIP Level 5, compliant with EN-17927 and ISO 15408 (Common Criteria)
  • Key assurance component: AVA_VAN.5, highest-level vulnerability and penetration testing
  • Scope: pKVM hypervisor powering the Android Virtualization Framework

For security architects and device OEMs, the practical implication is a certified, open-source isolation layer available as a common baseline, rather than a patchwork of vendor-specific TEEs with uneven or unverified assurance claims.