The Engineer's Alpha
Back to blog
8 min read

Android 16 & AVF: The Game of Thrones at EL2

閱讀中文版
Android Android AVF Android Framework
Table of Contents

In 2025, Google made a dangerous move: mandating Android Virtualization Framework (AVF) support for all new chipsets.

This wasn’t just a technical upgrade—it was a strategic counterattack to reclaim control from ARM, Qualcomm, and Samsung.

For years, the TEE OS layer in TrustZone has been monopolized by vendors like Trustonic and QSEE. Google found itself voiceless in the most critical layer of mobile security. Worse, OEMs could inject arbitrary code into the TEE, and Google had no way to audit it. AVF and pKVM are the answer: creating a Google-controlled isolated environment at Exception Level 2 (EL2)—a privilege level higher than the Android Kernel itself.

But the war has just begun. Samsung is resisting, Qualcomm is dragging its feet, and content providers are renegotiating certification standards. The Android 16 AVF mandate has unveiled the deepest power struggle in the mobile ecosystem.

1. Why Now? The Political Economy of the Supply Chain

The Monopoly of TrustZone: Who Controls EL3?

To understand AVF, you must first understand the problem Google is trying to solve: TrustZone isn’t a technical problem; it’s a power distribution problem.

The Traditional Power Structure:

  • EL3 (Secure Monitor): Controlled by ARM/Qualcomm/Samsung. Closed-source firmware. Google has zero visibility.
  • EL1 (TEE OS - TrustZone):
    • Trustonic Kinibi (Samsung, Xiaomi)
    • Qualcomm QSEE (Most Snapdragons)
    • Google Trusty (Pixel only, but still constrained by EL3)
    • The Tax: Vendors charge $0.10-$0.50 per device for every TA (Trusted App).
  • EL1 (Android Kernel): Controlled by Google, but it loads too late in the boot chain to secure the hardware root.

Google’s Pain Points:

  1. Auditability: OEMs can bury anything in the TEE. In 2023, a vendor was caught stealing hardware root keys via the bootloader, and Google couldn’t verify the TEE OS’s integrity.
  2. Update Paralysis: Want to update Widevine? Google has to convince Qualcomm to release a TEE OS update ($$) and wait 6-12 months for OEM integration.
  3. Economic Absurdity: Google is effectively paying rent to middlemen (Trustonic/Qualcomm) to run its own DRM.

The Counterattack: Seizing EL2

Google’s solution is to bypass EL3 and establish a new Root of Trust at EL2 (The Hypervisor Layer).

  • EL2 (pKVM Hypervisor): Fully controlled by Google, open-source (AOSP), and updatable via APEX (no firmware OTA needed).
  • EL1 (Protected VM): Runs Microdroid (a mini-Android). Even if the Android Kernel is rooted, the pVM remains secure.

Samsung vs. Google: The Sovereignty of EL2

This creates a direct conflict: Samsung’s Knox RKP (Real-time Kernel Protection) also lives at EL2. Whoever controls EL2 controls the future of mobile security.

Samsung’s reluctance to support AVF on the S25 Ultra isn’t just technical debt; it’s about protecting their moat:

  1. Knox is a Cash Cow: Enterprise clients pay premiums for Knox ($50-200/device/year).
  2. Security Guarantees Invalidated: Knox RKP provides Kernel Integrity Protection at EL2. If Google’s pKVM takes over EL2, Knox’s architecture needs a rewrite.
  3. Zero-Sum Game: Samsung sells “The most secure phone, powered by Knox.” Google wants to say, “Powered by pKVM, secure regardless of the OEM.”

My Prediction:

  • 2026 (Now): Samsung continues to resist. The Galaxy S26 will likely run AVF in a limited “compatibility mode.”
  • 2027: A compromise is reached—likely a “Knox + AVF Coexistence” architecture involving EL2 time-slicing or new ARM partitioning features.
  • 2028+: If no deal is reached, Google drops the nuclear option: “No AVF compliance, no Play Store.”

2. The Architecture of pKVM: Ideal vs. Reality

Stage-2 MMU: Mathematical Isolation

pKVM leverages ARM’s Stage-2 Memory Translation. This isn’t new technology, but Google’s innovation lies in using it to establish isolation stronger than the Linux Kernel itself.

Memory Donation Mechanism:

When Host Android allocates memory to a pVM, pKVM performs atomic operations:

  1. Update the page ownership table (Owner: pVM_1).
  2. Unmap from Host’s Stage-2 mapping.
  3. Result: The Host Kernel can no longer access this physical memory. Even if the Host Kernel is rooted, attackers cannot bypass Stage-2 MMU to read pVM data.

SESIP Level 5: The Highest Certification (With Asterisks)

In August 2025, pKVM achieved SESIP Level 5 certification. This was a major PR victory, signifying resistance against “highly skilled, highly motivated, well-funded attackers” (including physical side-channel attacks).

But note the certification scope:

  • Certified: pKVM Hypervisor Core (~10K lines), Memory Management.
  • Not Certified: crosvm (Rust), VirtualizationService (Java), Microdroid Kernel.

It’s like having an impenetrable bank vault door (pKVM) installed on a wooden shack (Userspace Components). It’s far better than the massive Linux Kernel, but don’t misread SESIP Level 5 as “the entire AVF system is invulnerable.”

Binder IPC over vsock: Performance Concerns

Microdroid uses Binder for IPC between Host and Guest. This is developer-friendly (auto-generated by AIDL), but vsock introduces significant latency.

Benchmark Data (Pixel 9 Pro):

  • Native Binder (Host internal): ~150 µs latency.
  • Binder over vsock (Host ↔ pVM): ~580 µs latency.
  • Result: Approximately 3.8x slower.

Architecture Recommendations:

  • Suitable: DRM (Widevine), KeyMint (low-frequency operations).
  • Not Suitable: Camera HAL, Audio HAL (high-frequency, low-latency requirements).
  • Workaround: For bulk data transfers, use Shared Memory (Ashmem) and only use Binder for control signals.

3. Android 16’s Key Breakthrough: Early Boot VM

The most important new feature in Android 16 is Early Boot VM Support.

Threat Model: Untrusted Bootloader

Before Android 15, TrustZone initialized after the Bootloader. If an OEM’s Bootloader was compromised (supply chain attack), it could steal the Hardware Root Key before TrustZone even started.

Android 16’s Defense Flow:

  1. Bootloader: Loads the pKVM image.
  2. pKVM (EL2): Initializes before any Vendor Code executes and launches KeyMint pVM.
  3. KeyMint pVM: Generates/decrypts Root Keys in an isolated environment.
  4. Result: The Hardware Root Key never leaves the pVM. Even if the Android Kernel or subsequent processes are compromised, the Key remains safe.

This is a huge win for financial and government-grade applications, but it requires Bootloader updates, meaning older devices (pre-Android 15) are virtually impossible to retrofit via OTA.

4. The Political Reality of Enterprise Adoption

Google wants to migrate Widevine to pVM to solve fragmentation. Technically feasible, but Netflix, Disney, and other content providers’ legal departments disagree.

The current Widevine Robustness Rules explicitly require: “CDM must run in a Trusted Execution Environment (TEE).” Legally, does pKVM (EL2) qualify as a TEE (EL3 TrustZone)? This requires renegotiating licensing agreements.

Advice for Architects:

  • ❌ Don’t bet on pVM-based DRM before 2026.
  • ✅ Strategy: Prepare dual implementations (Legacy TEE + Modern pVM) with Feature Flags for dynamic switching. This transition period will last at least 5 years.

Biometrics: AVF’s Killer App

In contrast, biometrics (fingerprint/face) is AVF’s most mature battlefield.

TrustZone’s memory constraints (typically < 1MB) make it impossible to run complex ML models. A pVM can easily allocate 512MB+ of memory.

Real-World Improvements (Pixel 9 Pro):

  • TrustZone: Traditional Template Matching, FAR 1/50,000.
  • pVM + ML: Deep Learning model, FAR 1/200,000 (4x accuracy improvement), effectively defending against 3D-printed fingerprint attacks.

5. Conclusion: The Next Decade’s Battlefield is EL2

AVF’s mandatory deployment marks a turning point. This isn’t just technical progress—it’s a redistribution of power in mobile security architecture.

Action Plan for Engineering Leaders:

  1. Short Term (2026): Monitor the Samsung vs. Google negotiations. If your app relies on Knox, start evaluating alternatives.
  2. Mid Term (2027): Invest in Hybrid Architecture. The most secure apps will combine “Root of Trust in TrustZone” + “Complex computation in pVM.”
  3. Talent: Cultivate engineers who understand Hypervisors and Rust. In the AVF era, they’re more valuable than pure app developers.

The key question is no longer “Should we adopt AVF?”—Google has already answered that with a mandate.

The real question is: In this Game of Thrones at EL2, whose side is your architecture on?

Author’s Note: This analysis is based on AOSP Android 16 Source Code and 2025-2026 industry observations. Predictions about Samsung’s strategy are based on commercial logic inference.

Add AAR file into build.gradle.kts