Attackers can leverage security vulnerabilities in control systems to make physical processes behave unsafely. We present the Trusted Safety Verifier (TSV), a minimal TCB for the verification of safety-critical code executed on programmable controllers. No controller code is allowed to be executed before it passes physical safety checks by TSV.