Sentinel KV (skv-analyzer) is a security-focused LLVM IR analyzer designed for strict attestation, determinism, and ring policy enforcement in kernel and bare-metal environments.
| Tier | Role | Trust Level |
|---|
| Tier 1 | AI Assistant | Untrusted — proposes candidate invariants |
| Tier 2 | Human Security Gate | Arbiter — accepts/rejects VCs |
| Tier 3 | Z3 SMT Solver | Absolute — mathematically proves safety |
AI is a tool, not a decision maker. Humans gate all proof obligations.
| Category | Operations | Failure Mode |
|---|
| Allocation Provenance | kmalloc, kzalloc, kcalloc | Missing = UNKNOWN |
| Bounds Checking | load, store, memcpy, memset | OOB = FAIL |
| Temporal Safety | kfree double-free, use-after-free | UAF = FAIL |
| Pointer Tracking | GEP, bitcast, ptrtoint, inttoptr | Unresolvable = UNKNOWN |
| Ring | Behavior | Requirement |
|---|
ring0 | Standard verdict | Default rules |
ring-1 | UNKNOWN → FAIL | Ed25519 attestation token |
ring-2 | UNKNOWN → FAIL | Independent root trust + separate key chain |
| Code | Meaning |
|---|
0 | Pass — all checks satisfied |
10 | Fail — memory safety violation |
20 | Unknown — unresolvable analysis |
1 | Runtime/internal error |