Aegis - Aegis

A capability-based operating system built from scratch. Monolithic kernel, custom GUI stack, full network stack, and fine-grained capability enforcement on privileged syscalls. Ships on x86_64; the ARM64 port boots to an interactive shell on QEMU virt, with Raspberry Pi 5 silicon verification in progress.

↓ Download v1.0.3 ISO Release Notes

Default login: root / forevervigilant

Aegis is v1 software -- a first public release, not yet production-hardened. The kernel is mostly C (syscall dispatch, VFS, drivers, networking); every C kernel ever shipped has had memory-safety bugs found in it eventually, and that surface deserves the usual skepticism. The capability validation core (kernel/cap/src/lib.rs) is Rust, and security-critical paths are moving in that direction. Contributions welcome -- file issues or propose changes at exec/aegis.

~36K

Kernel LOC

100+

Syscalls

Filesystems

TCP/IP

Full Stack

Caps

Security Model

Custom

GUI Stack

Capability-Based Security

Every process carries a 64-slot capability table. Every privileged syscall validates capabilities before execution. Rust-implemented validation core linked into the C kernel via FFI. Two-tier policy model with per-executable capability restriction on exec.

Monolithic Kernel

Single-address-space kernel in C targeting x86_64 long mode and AArch64. Higher-half mapping (0xFFFFFFFF80000000 on x86, 0xFFFF000000000000 on ARM). 4-level paging, bitmap PMM, kernel virtual allocator, per-process VMAs with copy-on-write fork. One shared VFS, scheduler, syscall table, and Rust capability core across both arches.

Full Network Stack

Ethernet, ARP, IP, TCP, UDP, ICMP. BSD socket API with UNIX domain sockets and epoll. Two NIC drivers: virtio-net for QEMU and RTL8169 for real hardware. DHCP client, HTTP server, and curl with BearSSL TLS.

Custom GUI

No X11. No Wayland. Direct framebuffer rendering via Lumen compositor, Glyph widget toolkit (TrueType text, buttons, text fields), Citadel desktop shell (taskbar, dock, window management), and Bastion graphical login manager.

Boots on Real Hardware

Aegis is not a QEMU-only experiment. The x86_64 reference machine is a ThinkPad X13 Gen 1 (Ryzen 7 4750U), where the kernel boots cleanly through ACPI, brings up NVMe storage, and runs the full Lumen desktop. The ARM64 port boots under QEMU virt and ships a ready-to-flash Raspberry Pi 5 image (build/pi5-image/) pending first-silicon verification over the BCM2712 JST-SH debug UART.

SMP & Preemption

Application processors come up via INIT-SIPI-SIPI with per-CPU GDT/TSS/LAPIC state. LAPIC timer-driven preemptive round-robin scheduling runs on every core, BSP and APs alike, against a single global run queue. Full context switch including SSE state. Per-CPU run queues, work-stealing, and finer-grained locking are on the roadmap.

8 Filesystems

ext2 (read-write with block cache), ramfs, procfs, initrd, memfd, pipe, PTY, and console. Unified VFS layer with dentries, inodes, and per-process fd tables. GPT partition support on NVMe.

QEMU Integration Tests

Rust test harness boots the real kernel in QEMU, captures serial output, asserts boot sequences, drives GUI interactions via HMP mouse/keyboard injection, and performs fuzzy visual regression testing on screendumps.

Full Userspace

Vigil init system with service management. Capability-aware secure shell (stsh). 25+ coreutils. Text and graphical installers. musl libc 1.2.5 dynamic linking. Web server, DHCP client, text editor.

Documentation

Overview

Architecture Overview – High-level system diagram, subsystem map, boot sequence, and documentation index

Kernel Internals

Boot Process – Multiboot2 entry, 32-to-64-bit transition, higher-half setup, and full initialization sequence
Memory Management – Physical memory manager (bitmap), virtual memory manager (4-level paging), kernel virtual allocator, user VMAs
Scheduler – Round-robin preemptive scheduling, SMP, context switch, wait queues
Processes & ELF – Process model, ELF64 loading, fork/exec, dynamic linking
Syscall Interface – Complete syscall reference (100+ calls across 15 categories)
Interrupts & Exceptions – IDT, PIC, LAPIC/IOAPIC, exception handlers, IRQ routing

Security

Capability Model – Per-process capability tables, Rust validation core, C/Rust FFI boundary
Security Policy Engine – Policy file format, baseline capabilities, inheritance on fork/exec

Filesystems

VFS Layer – Virtual filesystem architecture, inode/dentry model, mount points
ext2 Implementation – On-disk layout, block cache, directory operations, read-write support
procfs & Special Filesystems – procfs, ramfs, memfd, pipe, PTY

Networking

Network Stack – Architecture, packet flow, device abstraction
TCP/IP – TCP state machine, IP routing, ICMP, ARP
Socket API – BSD socket interface, UNIX sockets, epoll

Drivers

Driver Overview – NVMe, xHCI, USB HID, virtio-net, RTL8169, framebuffer, PCI enumeration

Graphics

Lumen Compositor – Display server, window management, framebuffer rendering, mouse input
Glyph Toolkit – Widget library, TrueType rendering, layout, focus management
Citadel Desktop – Desktop shell, taskbar, dock, window decorations

Userspace

Vigil Init System – PID 1 service manager, service files, vigictl
Shell & Coreutils – Secure shell (stsh), minimal shell, 25+ utilities
Services – httpd, dhcp, chronos, curl, rune, installers

Development

Build System – Makefile architecture, cross-compilation, rootfs construction, ISO packaging
Testing Framework – QEMU-based integration tests, visual regression, installer verification