Kernel Architecture

The NØNOS kernel is a minimal, security-focused x86_64 kernel.

Overview

Property

Value

Language

Rust (no_std)

Target

x86_64 bare metal

Size

~221KB

LoC

~115,000

Module Structure

nonos-kernel/src/
├── arch/x86_64/       # Architecture-specific code
├── boot/              # Early initialization
├── memory/            # Memory management
├── process/           # Scheduler, tasks
├── capabilities/      # Capability tokens
├── drivers/           # Hardware drivers
├── fs/                # Filesystem layer
├── network/           # Network stack
├── crypto/            # Cryptographic primitives
├── zk_engine/         # ZK proof verification
├── ui/                # Desktop, windows
├── interrupts/        # IRQ handling
├── vault/             # Secure key storage
└── lib.rs             # Kernel entry point

Entry Point

The kernel starts at kernel_main:

Initialize VGA output
Set up panic handler
Initialize GDT and IDT
Initialize drivers
Run self-tests
Enter scheduler loop

Memory Management

`Physical Allocator`

Bitmap-based frame allocator
4KB page granularity
Tracks free/used frames

`Virtual Memory`

4-level paging (PML4)
Higher-half kernel mapping
W^X enforcement (no RWX pages)
Guard pages for stack overflow

`Heap`

#[global_allocator] implementation
Linked-list allocator
Grows on demand

Process Model

`Tasks`

Lightweight execution units
Cooperative scheduling (async/await)
Per-task stacks (64KB default)

`Scheduler`

Priority-based scheduling
Async executor model
Preemptive multitasking

Capability System

Unforgeable tokens for access control:

┌──────────────────────────┐
│     Capability Token     │
├──────────────────────────┤
│  Object Reference        │
│  Permissions Bitmap      │
│  Cryptographic Tag       │
└──────────────────────────┘

Operations require presenting a valid capability.

Driver Model

Driver

Purpose

pci.rs

PCI bus enumeration

ahci.rs

SATA storage

nvme.rs

NVMe storage

xhci.rs

USB 3.0

gpu.rs

Graphics output

keyboard.rs

PS/2 & USB keyboard

mouse.rs

PS/2 & USB mouse

Filesystem

VFS Layer

Abstract filesystem interface:

open(), read(), write(), close()
Mount points
Path resolution

Implementations

Description

RamFS

In-memory filesystem

CryptoFS

Encrypted storage

Network Stack

Layer

Implementation

IPv4, IPv6

TCP, UDP

Transport

TCP

TLS

Post-quantum TLS

Cryptographic Modules

Located in crypto/:

Module

Algorithm

ed25519.rs

Ed25519 signatures

blake3.rs

BLAKE3 hashing

sha512.rs

SHA-512 (for Ed25519)

aes.rs

AES-256-GCM

chacha.rs

ChaCha20-Poly1305

kyber.rs

ML-KEM key exchange

dilithium.rs

ML-DSA signatures

User Interface

Component

Purpose

Desktop

Window management

Terminal

Shell interface

Window

Application containers

Interrupt Handling

APIC-based interrupt routing
IDT with 256 entries
Handlers for: timer, keyboard, mouse, PCI, exceptions

Safety

`No-std Environment`

No standard library
Custom panic handler
Manual memory management

`Unsafe Code`

Audited unsafe blocks for hardware access
Minimal unsafe in crypto (secure memory zeroing only)

PreviousBoot Process NextMemory Management

Last updated 1 month ago

Was this helpful?

hashtagOverview

hashtagModule Structure

hashtagEntry Point

hashtagMemory Management

hashtagPhysical Allocator

hashtagVirtual Memory

hashtagHeap

hashtagProcess Model

hashtagTasks

hashtagScheduler

hashtagCapability System

hashtagDriver Model

hashtagFilesystem

hashtagVFS Layer

hashtagImplementations

hashtagNetwork Stack

hashtagCryptographic Modules

hashtagUser Interface

hashtagInterrupt Handling

hashtagSafety

hashtagNo-std Environment

hashtagUnsafe Code