What is NØNOS?

NØNOS is a zero-trust operating system that implements cryptographic verification at every layer of the system stack. It's built from scratch in Rust with a singular focus: ensuring that only authenticated, verified code ever executes on your hardware.

The Vision

Traditional operating systems were designed in an era of trusted computing environments. They assume the bootloader is honest, the kernel is uncompromised and software access controls are sufficient. These assumptions are increasingly dangerous.

NØNOS reimagines the operating system with a cryptographic-first approach:

Traditional OS                    NØNOS
─────────────────────────────────────────────────────────
Trust the bootloader       →      Verify bootloader cryptographically
Trust the kernel           →      Verify kernel signature before load
Software access controls   →      Hardware-enforced capability tokens
Hope for the best          →      Prove correctness with ZK proofs
Classical crypto only      →      Post-quantum algorithms built-in

Core Components

1. UEFI Bootloader (~300KB)

The first code that runs after firmware. It:

• Loads Ed25519 public keys compiled into its binary

• Computes BLAKE3 hash of the kernel

• Verifies kernel signature against trusted keys

• Optionally verifies Groth16 ZK proofs

• Only boots if all verification passes

2. Kernel (~221KB)

The core operating system. It provides:

• Memory Management. Paging, allocation, W^X enforcement

• Process Scheduling. Async executor with ~500ns context switches

• Capability System. Unforgeable access tokens

• Cryptographic Primitives. Ed25519, BLAKE3, AES-GCM, ML-KEM

• ZK Engine. Groth16 proof verification

• Drivers. PCI, GPU, storage, network

3. Security Layer

Pervasive throughout the system:

• Capability Tokens. No operation without a valid token

• Memory Isolation. Per-process address spaces

• Control Flow Integrity. Hardware CET support

• Encrypted Storage. AES-256-GCM filesystem

What Makes NØNOS Different?

Verified Boot Chain

Every boot follows the same verification path:

There's no "bypass" mode. No "recovery without verification." Either verification passes, or the system doesn't boot.

Capability-Based Security

Traditional access control:

• Process has UID/GID

• Kernel checks permissions

• Root bypasses everything

NØNOS access control:

• Process has capability tokens

• Each token grants specific permissions

• Tokens are cryptographically unforgeable

• No "root" that bypasses the system

Post-Quantum Ready

Classical cryptography (RSA, ECDSA, ECDH) will be broken by quantum computers. NØNOS implements:

These algorithms are secure against both classical and quantum attacks.

Zero-Knowledge Attestation

NØNOS can prove facts about its state without revealing the state itself:

• Prove the kernel is unmodified without revealing the kernel

• Prove a user is authorized without revealing identity

• Prove a computation was correct without revealing inputs

Use Cases

High-Security Environments

• Air-gapped systems

• Cryptographic key management

• Secure enclaves

Privacy-Preserving Systems

• Anonymous authentication

• Confidential computing

• Zero-knowledge applications

Research & Development

• OS security research

• Cryptographic protocol development

• Formal verification targets

Technical Specifications