Page cover

Boot Process

How NØNOS boots from power-on to desktop

Boot Sequence

Power On


┌─────────────────────────────────┐
│     UEFI Firmware               │
│  • POST                         │
│  • Secure Boot check            │
│  • Load BOOTX64.EFI             │
└─────────────────────────────────┘


┌─────────────────────────────────┐
│     NØNOS Bootloader            │
│  1. Security initialization     │
│  2. Hardware discovery          │
│  3. Kernel loading              │
│  4. Signature verification      │
│  5. Memory preparation          │
│  6. Exit boot services          │
│  7. Jump to kernel              │
└─────────────────────────────────┘


┌─────────────────────────────────┐
│     NØNOS Kernel                │
│  1. VGA/console setup           │
│  2. GDT/IDT initialization      │
│  3. Memory management init      │
│  4. Driver initialization       │
│  5. Self-tests                  │
│  6. Scheduler entry             │
└─────────────────────────────────┘


┌─────────────────────────────────┐
│     Desktop Environment         │
└─────────────────────────────────┘

Bootloader Phases

Phase 1: Security Initialization

  1. Load Ed25519 production public keys

  2. Self-test BLAKE3 hashing

  3. Self-test Ed25519 verification

  4. Check UEFI Secure Boot status

  5. Collect hardware entropy (RDRAND)

Phase 2: Hardware Discovery

  1. Enumerate PCI devices

  2. Initialize graphics output (GOP)

  3. Parse ACPI tables

  4. Collect CPU information

  5. Get memory map from UEFI

Phase 3: Kernel Loading

  1. Load kernel binary from ESP

  2. Parse ELF headers

  3. Extract .nonos.manifest section

  4. Extract .nonos.sig section

Phase 4: Cryptographic Verification

  1. Compute BLAKE3 hash of kernel

  2. Verify Ed25519 signature against embedded keys

  3. Validate manifest data

  4. (Optional) Verify Groth16 ZK proof

Phase 5: Handoff

  1. Prepare BootInfo structure

  2. Exit UEFI boot services

  3. Jump to kernel entry point

BootInfo Structure

Data passed from bootloader to kernel:

Field
Description

framebuffer

Display configuration

memory_map

Physical memory regions

acpi_rsdp

ACPI table pointer

modules

Loaded module info

boot_time

Timestamp

entropy

Hardware random seed

Magic value: 0x4E4F4E4F ("NONO")

Kernel Initialization

Early Boot

  1. Initialize VGA text output

  2. Set up panic handler

  3. Load GDT (Global Descriptor Table)

  4. Load IDT (Interrupt Descriptor Table)

Memory Setup

  1. Parse memory map from BootInfo

  2. Initialize physical allocator

  3. Set up kernel heap

  4. Enable paging

Driver Init

  1. Initialize PCI bus

  2. Set up interrupt handlers

  3. Initialize storage (AHCI/NVMe)

  4. Initialize network (if present)

Self-Tests

The kernel runs verification:

Scheduler Entry

Finally, the scheduler starts and the system is operational.

Boot Messages

Expected serial output:

Security Verification Flow

Troubleshooting Boot

Symptom
Likely Cause

No output

UEFI not loading EFI file

"Signature invalid"

Key mismatch or corrupt kernel

Hangs after "Jumping to kernel"

Kernel panic in early init

Black screen

GPU init failed

PreviousSystem OverviewNextKernel Architecture

Last updated

Was this helpful?