Google’s protected KVM (pKVM) hypervisor has passed SESIP Level 5, the top tier of the Security Evaluation Standard for IoT Platforms.
The certification was awarded by Dekra after a TrustCB SESIP assessment aligned with EN‑17927. It required the ISO 15408 AVA_VAN.5 test suite, which mimics attacks by well‑funded insiders. pKVM now joins a tiny list of software that can claim resistance to such sophisticated threats. Google says future Android devices will have to adopt isolation tech that meets the same bar.
For developers, this gives a concrete, open‑source reference platform instead of a patchwork of uncertified TEEs. It could lower the barrier to building high‑value applications—payment, health, or automotive—that need provable security guarantees. Competitors that rely on proprietary or lower‑certified firmware may find it harder to convince OEMs.
In short, the move shifts Android security from a set of disparate guarantees to a single, auditable foundation—though the real test will be how quickly manufacturers adopt it.