As we speak marks a watershed second and new benchmark for open-source safety and the way forward for shopper electronics. Google is proud to announce that protected KVM (pKVM), the hypervisor that powers the Android Virtualization Framework, has formally achieved SESIP Stage 5 certification. This makes pKVM the primary software program safety system designed for large-scale deployment in shopper electronics to fulfill this assurance bar.
Supporting Subsequent-Gen Android Options
The implications for the way forward for safe cell expertise are profound. With this stage of safety assurance, Android is now positioned to securely help the following era of high-criticality remoted workloads. This contains important options, akin to on-device AI workloads that may function on ultra-personalized knowledge, with the best assurances of privateness and integrity.
This certification required a hands-on analysis by Dekra, a globally acknowledged cybersecurity certification lab, which performed an analysis towards the TrustCB SESIP scheme, compliant to EN-17927. Reaching Safety Analysis Commonplace for IoT Platforms (SESIP) Stage 5 is a landmark as a result of it incorporates AVA_VAN.5, the best stage of vulnerability evaluation and penetration testing beneath the ISO 15408 (Widespread Standards) customary. A system licensed to this stage has been evaluated to be immune to extremely expert, educated, well-motivated, and well-funded attackers who might have insider data and entry.
This certification is the cornerstone of the next-generation of Android’s multi-layered safety technique. Most of the TEEs (Trusted Execution Environments) used within the trade haven’t been formally licensed or have solely achieved decrease ranges of safety assurance. This inconsistency creates a problem for builders trying to construct extremely crucial functions that require a strong and verifiable stage of safety. The licensed pKVM adjustments this paradigm totally. It offers a single, open-source, and exceptionally high-quality firmware base that every one system producers can construct upon.
Wanting forward, Android system producers can be required to make use of isolation expertise that meets this identical stage of safety for numerous safety operations that the system depends on. Protected KVM ensures that each person can profit from a constant, clear, and verifiably safe basis.
A Collaborative Effort
This achievement represents only one vital facet of the immense, multi-year dedication from the Linux and KVM developer communities and a number of engineering groups at Google growing pKVM and AVF. We sit up for seeing the open-source neighborhood and Android ecosystem proceed to construct on this basis, delivering a brand new period of high-assurance cell expertise for customers.
