search
Page cover

rustBoot Process

How NØNOS boots from power-on to desktop

Boot Sequence

Power On


┌─────────────────────────────────┐
│     UEFI Firmware               │
│  • POST                         │
│  • Secure Boot check            │
│  • Load BOOTX64.EFI             │
└─────────────────────────────────┘


┌─────────────────────────────────┐
│     NØNOS Bootloader            │
│  1. Security initialization     │
│  2. Hardware discovery          │
│  3. Kernel loading              │
│  4. Signature verification      │
│  5. Memory preparation          │
│  6. Exit boot services          │
│  7. Jump to kernel              │
└─────────────────────────────────┘


┌─────────────────────────────────┐
│     NØNOS Kernel                │
│  1. VGA/console setup           │
│  2. GDT/IDT initialization      │
│  3. Memory management init      │
│  4. Driver initialization       │
│  5. Self-tests                  │
│  6. Scheduler entry             │
└─────────────────────────────────┘


┌─────────────────────────────────┐
│     Desktop Environment         │
└─────────────────────────────────┘

hashtag
Bootloader Phases

hashtag
Phase 1: Security Initialization

  1. Load Ed25519 production public keys

  2. Self-test BLAKE3 hashing

  3. Self-test Ed25519 verification

  4. Check UEFI Secure Boot status

  5. Collect hardware entropy (RDRAND)

hashtag
Phase 2: Hardware Discovery

  1. Enumerate PCI devices

  2. Initialize graphics output (GOP)

  3. Parse ACPI tables

  4. Collect CPU information

  5. Get memory map from UEFI

hashtag
Phase 3: Kernel Loading

  1. Load kernel binary from ESP

  2. Parse ELF headers

  3. Extract .nonos.manifest section

  4. Extract .nonos.sig section

hashtag
Phase 4: Cryptographic Verification

  1. Compute BLAKE3 hash of kernel

  2. Verify Ed25519 signature against embedded keys

  3. Validate manifest data

  4. (Optional) Verify Groth16 ZK proof

hashtag
Phase 5: Handoff

  1. Prepare BootInfo structure

  2. Exit UEFI boot services

  3. Jump to kernel entry point

hashtag
BootInfo Structure

Data passed from bootloader to kernel:

Field
Description

framebuffer

Display configuration

memory_map

Physical memory regions

acpi_rsdp

ACPI table pointer

modules

Loaded module info

boot_time

Timestamp

entropy

Hardware random seed

Magic value: 0x4E4F4E4F ("NONO")

hashtag
Kernel Initialization

hashtag
Early Boot

  1. Initialize VGA text output

  2. Set up panic handler

  3. Load GDT (Global Descriptor Table)

  4. Load IDT (Interrupt Descriptor Table)

hashtag
Memory Setup

  1. Parse memory map from BootInfo

  2. Initialize physical allocator

  3. Set up kernel heap

  4. Enable paging

hashtag
Driver Init

  1. Initialize PCI bus

  2. Set up interrupt handlers

  3. Initialize storage (AHCI/NVMe)

  4. Initialize network (if present)

hashtag
Self-Tests

The kernel runs verification:

hashtag
Scheduler Entry

Finally, the scheduler starts and the system is operational.

hashtag
Boot Messages

Expected serial output:

hashtag
Security Verification Flow

hashtag
Troubleshooting Boot

Symptom
Likely Cause

No output

UEFI not loading EFI file

"Signature invalid"

Key mismatch or corrupt kernel

Hangs after "Jumping to kernel"

Kernel panic in early init

Black screen

GPU init failed

PreviousSystem OverviewNextKernel Architecture

Last updated

Was this helpful?