NØNOS is a zero-trust, quantum-resistant operating system built from the ground up in Rust. Unlike traditional operating systems that rely on software trust boundaries, NØNOS implements cryptographic verification at every layer from the moment your hardware powers on to every instruction that executes.
The Problem with Traditional Operating Systems
Traditional OS
NØNOS
Trust the bootloader blindly
Cryptographically verify bootloader
Kernel loads without verification
Ed25519 signature verification before execution
Software-based access control
Hardware-enforced capability tokens
Vulnerable to quantum attacks
Post-quantum cryptography (ML-KEM, ML-DSA)
Large kernel (~5MB+ compressed)
Minimal kernel (~221KB stripped)
Opaque execution
Zero-knowledge attestation
Core Philosophy
NØNOS is built on three foundational principles:
Zero Trust; No component trusts another without cryptographic proof. The bootloader verifies the kernel. The kernel verifies modules. Every boundary requires authentication.
Minimal Attack Surface; The kernel is ~221KB stripped. Less code means fewer vulnerabilities. Every line is auditable.
Quantum Readiness; Classical cryptography will be broken by quantum computers. NØNOS implements NIST-standardized post-quantum algorithms today.
Architecture Overview
Key Features
Cryptographic Boot Chain
Every boot is verified:
UEFI Secure Boot verifies the NØNOS bootloader
Bootloader computes BLAKE3 hash of kernel
Ed25519 signature verified against embedded public keys
Optional ZK proof for privacy-preserving attestation
Only then does the kernel execute
Post-Quantum Cryptography
NØNOS implements NIST FIPS 203/204 standards:
Algorithm
Purpose
Security Level
ML-KEM-768
Key encapsulation
NIST Level 3 (AES-192 equivalent)
ML-DSA-65
Digital signatures
NIST Level 3
Ed25519
Fast signatures
128-bit classical
BLAKE3
Hashing
256-bit
AES-256-GCM
Encryption
256-bit
Capability-Based Security
Access control through unforgeable tokens:
No token = no access. Tokens cannot be forged or escalated.
Zero-Knowledge Proofs
Prove statements without revealing secrets:
Boot attestation; Prove kernel is valid without revealing internals
Anonymous auth; Prove membership without revealing identity
Privacy credentials; Verify attributes without exposing data
Technical Specifications
Component
Specification
Architecture
x86_64 (ARM64 planned)
Language
Rust (no_std, zero unsafe in crypto)
Bootloader
~300KB (UEFI)
Kernel
~221KB (stripped)
ISO Image
~65MB
Quick Start
See Quick Start Guide for detailed instructions.
Development Status
NØNOS is under active development. Current implementation status:
# Clone both repositories
git clone https://github.com/NON-OS/nonos-kernel.git
git clone https://github.com/NON-OS/nonos-boot.git
***POSSIBILY A MONOREPO SOON at https://github.com/NON-OS/nonos-kernel***
# Build kernel
cd nonos-kernel
make
# Run in QEMU
make run
