Kernite

Kernite is the SaltyOS microkernel. It provides capability-mediated resource access, synchronous and asynchronous IPC, earliest-deadline-first scheduling with budget enforcement, and virtual memory management. All other operating system services — filesystems, drivers, process management, networking — run in userspace.

Kernite is written in Rust (#![no_std], no alloc crate) and runs on x86_64 and aarch64.

At a Glance

Object types	12 (Untyped, Endpoint, Notification, Tcb, CNode, VSpace, Frame, IrqHandler, IoPort, SchedContext, MemoryObject, Null)
System calls	28
Architectures	x86_64 (BIOS + UEFI), aarch64 (UEFI)
Scheduler	Earliest Deadline First with budget enforcement
IPC	Synchronous endpoints + asynchronous notifications
Memory model	Four-tier: PMM / Untyped / MemoryObject / VSpace
Capabilities	Fat capabilities (32 bytes) with seL4-style derivation tree

Object types

12 (Untyped, Endpoint, Notification, Tcb, CNode, VSpace, Frame, IrqHandler, IoPort, SchedContext, MemoryObject, Null)

System calls

Architectures

x86_64 (BIOS + UEFI), aarch64 (UEFI)

Scheduler

Earliest Deadline First with budget enforcement

IPC

Synchronous endpoints + asynchronous notifications

Memory model

Four-tier: PMM / Untyped / MemoryObject / VSpace

Capabilities

Fat capabilities (32 bytes) with seL4-style derivation tree

New to OS Development?

Start with the SaltyOS Learning Guides — they explain OS concepts from scratch using SaltyOS as a concrete example. Then come back here for the kernel-specific guides:

Syscall Walkthrough — follow a syscall through the kernel step by step.
First Contribution — make your first kernel change.

Technical Reference

To understand the kernel’s structure and subsystem boundaries, read Architecture.
To understand the central abstraction that governs all resource access, read Object Model and Capabilities.
To understand how processes communicate, read Endpoints and Notifications.
To understand physical and virtual memory management, read Physical Memory and Virtual Address Spaces.
For common usage patterns, read Design Patterns.
For the syscall calling convention and complete syscall table, see Syscall ABI.
To extend the kernel, see the Developer Guide.

Design Philosophy

Kernite follows three principles:

Minimal trusted computing base: The kernel is the only code that runs in privileged mode. Drivers, filesystems, and servers execute as unprivileged processes. The kernel provides mechanisms (scheduling, IPC, memory mapping, capability transfer); userspace defines policy.
Capability-mediated access: No ambient authority exists. Every resource — memory, endpoints, threads, I/O ports — is accessed through an unforgeable capability token that carries explicit rights. Capabilities can be delegated, attenuated, and revoked.
Correctness over performance: The codebase favors simplicity and auditability. The IPC fastpath is the one exception: it receives assembly-level optimization because IPC latency is on every critical path.