A high assurance kernel executed by a safety certified hypervised system using a separation kernel. The high assurance kernel includes a first level of the separation kernel configured to perform first security features associated with a hypervisor, the first level configured to run on a primary core and a second level of the separation kernel configured to augment the first security features with second security features, the second level implemented on a separate protected component from the primary core, the first level and the second level communicating with one another through a physical separation between the first and second levels. The high assurance kernel may further include a third level of the separation kernel configured as a virtual machine to perform third security features associated with the hypervisor.