Architecture

System Overview

VernisOS is designed as a layered system, where each layer has a clear responsibility and communicates through well-defined interfaces.

Architecture Layers

User Space

C + Python

CLI shell, sandbox manager, policy enforcement. Provides the user interface and application-level security.

AI Engine

Rust no_std

6 in-kernel AI modules for anomaly detection, auto-tuning, and trust scoring. Runs entirely in kernel space.

Microkernel

C + Rust

Core kernel: process scheduler, IPC message queues, module loader. Handles hardware abstraction and resource management.

Bootloader

Assembly (NASM)

3-stage bootloader: MBR → CPUID detection → protected/long mode setup. Loads the kernel into memory.

Design Principles

Minimal Kernel

Only essential services run in kernel mode — everything else is in user space

Capability-Based

Processes must explicitly request capabilities — no implicit trust

Dual Architecture

Single boot image supports both x86 and x86_64 via CPUID detection

AI-Native

AI engine runs in kernel space for direct hardware-level monitoring

Disk Layout

text

Sector 0:      MBR (512 bytes) — Stage 1 bootloader
Sector 1-32:   Stage 2 loader — CPUID + mode switch
Sector 33-2048: Kernel image — C microkernel + Rust AI engine
Sector 2049+:  VernisFS — Filesystem with SHA-256 auth
Total size:     ~4MB disk image

← Build from Source Boot Process →