NØNOS
SOVEREIGNTY FROM Ø
ZeroState · Ed25519 · Groth16/BLS12-381 · AES-256-GCM · ML-KEM · ML-DSA
ZeroState Paradigm
Executes entirely from volatile memory. All RAM encrypted with AES-256-GCM, keys exist only in CPU registers. Power off = keys gone = data unrecoverable. Physics-based security.
Ten-Phase Secure Boot
UEFI bootloader with Ed25519 signature verification and mandatory Groth16 zero-knowledge proof attestation over BLS12-381. No boot without valid proof.
365,759 Lines of Rust
Kernel: 335,806 lines across 2,829 files, 34 modules. Bootloader: 29,953 lines. Complete implementation, no Linux lineage.
Post-Quantum Ready
ML-KEM (Kyber), ML-DSA (Dilithium), NTRU, Classic McEliece, SPHINCS+. Classical: Ed25519, X25519, AES-256-GCM, ChaCha20-Poly1305, BLAKE3.
Capability-Based Security
Ed25519-signed capability tokens with temporal bounds and delegation depth. Every syscall validates capabilities. Zero-trust architecture throughout.
Kernel-Level Onion Routing
Three-hop circuits with layered encryption. All traffic anonymized transparently—no application configuration. DNS through anonymity network.
Alpha Release
The ALPHA release represents a functional operating system. 365,759 lines of Rust compiling to a 375 MiB kernel binary. Boots on real hardware and QEMU, presents graphical desktop with window management, 100+ shell commands, integrated Vi editor.
What Works
- Complete ten-phase secure boot with Ed25519 + Groth16 ZK verification
- Graphical desktop with compositing window manager
- Shell with 100+ commands (ls, grep, sed, awk, vi, etc.)
- Full TCP/IP stack with kernel-level onion routing
- 20 device drivers (AHCI, NVMe, E1000, RTL8139/8168, xHCI, etc.)
- RAM-backed encrypted filesystem
Alpha Limitations
- All processes execute in ring 0 (user-space isolation for beta)
- Volatile storage only (ext4 support planned for beta)
Tested Hardware
HP ProBook/EliteBook, Dell Latitude, Lenovo ThinkPad, QEMU/KVM with OVMF.