NØNOS

SOVEREIGNTY FROM Ø

ZeroState · Ed25519 · Groth16/BLS12-381 · AES-256-GCM · ML-KEM · ML-DSA

Latest News

2026-04-06 We Rebuilt 38 Syscalls From Scratch
2026-03-31 NØNOS 0.8.4-alpha: First Complete Microkernel Desktop
2026-03-28 NØNOS 0.8.3.6-alpha Released

ZeroState by Design

Everything runs in RAM. When you shut down, data doesn't get deleted—it ceases to exist. Encryption keys live only in CPU registers. Power off and they vanish. Physics-based security.

Cryptographically Verified Boot

Ten-stage boot process with Ed25519 signature verification and mandatory Groth16 zero-knowledge attestation. The kernel proves its integrity before executing a single line of code.

~340,000 Lines of Rust

Complete microkernel with 33 subsystems: shell, graphics, networking, cryptography, filesystem, drivers. Built from scratch—no Linux, no BSD, no borrowed kernels.

Post-Quantum Cryptography

ML-KEM-768 and ML-DSA-3 for quantum-resistant encryption and signatures. Classical suite includes Ed25519, X25519, AES-256-GCM, ChaCha20-Poly1305, and BLAKE3.

10 Capability Types

Every privileged operation requires a cryptographic capability token. No root user, no ambient authority. Processes get exactly the permissions they need—nothing more.

Built-in Onion Routing

Three-hop encrypted circuits integrated into the network stack. All traffic anonymized transparently—no configuration, no external software. DNS queries go through the anonymity network too.

Internal Audit & Development

We rebuilt 38 syscalls from scratch. Memory locking, file locks, thread synchronization, extended attributes - all with proper implementations. 312 syscalls reviewed, 89 new modules, 75 max lines per file. Read the full report.

Alpha Release 0.8.4 — Microkernel Architecture

The first release where the complete graphical desktop runs on fully isolated userspace services. Twelve services communicating via synchronous IPC, each in its own virtual address space. A vulnerability in the network stack cannot compromise the filesystem. A bug in the display compositor cannot leak cryptographic keys.

Architectural Highlights

12 Isolated Services — VFS, display, input, network, crypto, ZK, audio, GPU, apps, agents, shell, desktop
~15,000 Line Kernel — Memory management, scheduling, IPC, capability tokens. Nothing else.
Three-Stage Boot Verification — Ed25519 signature, BLAKE3 hash attestation, Groth16 ZK proof
Capability-Gated Filesystem — No ambient authority. Applications get explicit path capabilities.
Isolated Cryptography — Private keys exist only in crypto_service. Applications receive signatures, never key material.
4K Desktop — Double-buffered compositor with dirty region tracking, PNG wallpapers, 100Hz refresh

What's New in v0.8.4

Fixed PNG Decompression — Resolved initialization ordering deadlock during boot
Fixed IntelliMouse Protocol — Proper 4-byte packet handling for scroll wheel support
Boot Progress Logging — Serial output at each stage for debugging hangs
Non-Blocking VFS Init — Eliminated potential deadlock in service startup

Current Limitations

Single-core only (SMP support coming in v0.9)
Volatile storage by design—external media support for intentional persistence

Tested Hardware

HP ProBook/EliteBook, Dell Latitude, Lenovo ThinkPad, and QEMU/KVM with OVMF. See hardware compatibility for details.

Download · Installation Guide · Source Code