Page cover

NØNOS Operating System

What is NØNOS?

NØNOS is a zero-trust, quantum-resistant operating system built from the ground up in Rust. Unlike traditional operating systems that rely on software trust boundaries, NØNOS implements cryptographic verification at every layer from the moment your hardware powers on to every instruction that executes.

The Problem with Traditional Operating Systems

Traditional OS
NØNOS

Trust the bootloader blindly

Cryptographically verify bootloader

Kernel loads without verification

Ed25519 signature verification before execution

Software-based access control

Hardware-enforced capability tokens

Vulnerable to quantum attacks

Post-quantum cryptography (ML-KEM, ML-DSA)

Large kernel (~5MB+ compressed)

Minimal kernel (~221KB stripped)

Opaque execution

Zero-knowledge attestation

Core Philosophy

NØNOS is built on three foundational principles:

  1. Zero Trust; No component trusts another without cryptographic proof. The bootloader verifies the kernel. The kernel verifies modules. Every boundary requires authentication.

  2. Minimal Attack Surface; The kernel is ~221KB stripped. Less code means fewer vulnerabilities. Every line is auditable.

  3. Quantum Readiness; Classical cryptography will be broken by quantum computers. NØNOS implements NIST-standardized post-quantum algorithms today.

Architecture Overview

Key Features

Cryptographic Boot Chain

Every boot is verified:

  1. UEFI Secure Boot verifies the NØNOS bootloader

  2. Bootloader computes BLAKE3 hash of kernel

  3. Ed25519 signature verified against embedded public keys

  4. Optional ZK proof for privacy-preserving attestation

  5. Only then does the kernel execute

Post-Quantum Cryptography

NØNOS implements NIST FIPS 203/204 standards:

Algorithm
Purpose
Security Level

ML-KEM-768

Key encapsulation

NIST Level 3 (AES-192 equivalent)

ML-DSA-65

Digital signatures

NIST Level 3

Ed25519

Fast signatures

128-bit classical

BLAKE3

Hashing

256-bit

AES-256-GCM

Encryption

256-bit

Capability-Based Security

Access control through unforgeable tokens:

No token = no access. Tokens cannot be forged or escalated.

Zero-Knowledge Proofs

Prove statements without revealing secrets:

  • Boot attestation; Prove kernel is valid without revealing internals

  • Anonymous auth; Prove membership without revealing identity

  • Privacy credentials; Verify attributes without exposing data

Technical Specifications

Component
Specification

Architecture

x86_64 (ARM64 planned)

Language

Rust (no_std, zero unsafe in crypto)

Bootloader

~300KB (UEFI)

Kernel

~221KB (stripped)

ISO Image

~65MB

Quick Start

See Quick Start Guide for detailed instructions.

Development Status

NØNOS is under active development. Current implementation status:

Component
Status
Notes

UEFI Bootloader

Complete

Ed25519 verification, BLAKE3 hashing

Kernel Core

Complete

Scheduler, memory management, interrupts

Cryptography

Complete (Test phase)

Ed25519, BLAKE3, AES-GCM, ML-KEM

Capability System

Complete

Token generation and verification

ZK Engine

Partially completed

Groth16 verification

Desktop/UI

Complete

Basic window management

Network Stack

In Progress

IPv4, IPv6, TCP (smoltcp)

Filesystem

In Progress

VFS, encrypted storage

ARM64 Support

Planned

Official Links

Resource
Link

Whitepaper

nonos.systems/whitepaper

Website

nonos.systems

GitHub

github.com/NON-OS

License

NØNOS is released under AGPL-3.0.

Documentation Sections

Cover

Getting Started

Build and run NØNOS in 5 minutes

https://docs.nonos.systems/~/revisions/4Rs9Gk1Qn6FOI1OjRtBd/getting-started-os
Cover

Architecture

Deep dive into system design

Cover

Cryptography

Signing, encryption, post-quantum

Cover

Zero-Knowledge

ZK circuits and verification

Cover

Building

Complete build documentation

https://docs.nonos.systems/~/revisions/4Rs9Gk1Qn6FOI1OjRtBd/building-nonos-os
Cover

Contributing

Join the development

PreviousNØNOS DocumentationNextWhat is NØNOS?

Last updated

Was this helpful?