ProvenVisor for NXP Products

ProvenVisor is a hypervisor for use in embedded connected devices. It is a software hypervisor executed directly on the bare metal (i.e. a type-1 hypervisor) that emulates the hardware layer, making it possible to run multiple OSs on a single hardware platform. ProvenVisor is useful when there is no hardware implementation for a trusted execution environment (TEE) as in TrustZone or when the TEE is not available on the chosen device, often because the system-on-a-chip (SoC) manufacturer reserved its usage. It is also useful to run multiple rich OSs or other security OSs, a scenario arising when legacy applications are expensive to port from one OS to the other.  

Use Cases

ProvenVisor - UC1 ProvenVisor can execute multiple OSs on a single microprocessor, including an instance of ProvenCore, Prove & Run’s secure OS kernel
ProvenVisor can also leverage the TrustZone™ hardware security feature provided by ARM microprocessors
If a hypervisor is used in a connected device, the overall security can be dependent on the presence of exploitable vulnerabilities in the hypervisor itself. If ProvenCore and another OS are executed on top of a vulnerable hypervisor, then the overall security of the device can be compromised. To solve this issue, we developed ProvenVisor using formal methods and we have started the process required to obtain a of Common Criteria certification.


ProvenVisor is compatible with most NXP products based on ARM Cortex-A processors, including but not limited to the:

Professional Services

In addition to ready-made security COTS such as ProvenCore and ProvenVisor, Prove & Run offers a range of professional services to:
  • Help our customers design/build/develop secure software and/or integrate our COTS,
  • Help our customers secure their existing architectures:
    • Performing security analyses
    • Revamping existing architectures for security with ad-hoc solutions: Secure Boot, secure Over-the-Air firmware update, firewalling, intrusion detection/protection solutions, authentication, secure storage, etc…
Print Print