Documentation

What EuroOS can do — today.

EuroOS is a from-scratch operating system written in Rust: its own UEFI boot, kernel, filesystem, network stack, security model and desktop — no inherited code. This page documents every subsystem that already runs today, verifiable in QEMU and on hardware. It is early (alpha), and it is genuinely working.

Rust · no_std · x86-64 UEFI 64 host tests green EUPL-1.2 Runs unmodified musl binaries

Boot & kernel

EuroOS boots itself on standard UEFI hardware, leaves the firmware behind, and runs entirely on its own code — no GRUB, no inherited kernel.

Own UEFI bootloader works

Boots via UEFI (GOP framebuffer, 8×8 font), then calls ExitBootServices and runs on its own stack. After that point no UEFI service is used.

GDT, TSS & IDT works

Own segment table and interrupt descriptor table with exception handlers (#GP, #PF, #DF, breakpoint), and a panic handler that paints a red screen + serial trace.

COM1 serial debug works

Full serial logging that keeps working after ExitBootServices — the backbone for debugging a bare-metal kernel.

PS/2 keyboard & mouse works

IRQ-driven keyboard (scancode ring buffer) and a PS/2 mouse driver (IRQ12, 3-byte packets) — real input, no firmware.

Memory & paging

Own physical and virtual memory management, built from the real UEFI memory map.

Frame allocator (EuroMM) works

A bitmap physical frame allocator built from the UEFI memory map, sized on the highest usable region. Supports contiguous allocation.

4-level paging works

Own page tables (own CR3), identity-mapping the lower memory with 1 GiB huge pages; the user region carries the User bit at every level.

Kernel heap works

A working alloc heap so the kernel uses Vec, String, Box — the slab allocator is a planned upgrade.

Scheduler & tasks

Real preemptive multitasking across kernel threads and ring-3 processes.

Preemptive scheduler works

A PIT-timer (100 Hz, 8259 PIC) drives a round-robin scheduler with a full register-saving context switch — code is interrupted and resumed transparently.

Concurrent processes works

Kernel threads + multiple ring-3 processes run at once, each with its own kernel stack (TSS.rsp0 switched per task). A live counter proves they advance in parallel.

Background daemon works

A loaded program scheduled as a real preemptible task that makes its own syscalls — the on-screen "EuroMonitor" heartbeat.

EuroFS — filesystem

A crash-resistant copy-on-write filesystem with end-to-end checksums.

Copy-on-write works

Existing data is never overwritten until the new data is fully written — a power loss mid-write cannot corrupt your files. Crash-consistent checkpoints.

XXH3 checksums works

Every block is checksummed, so silent corruption is detected. Inodes, extents, directories and a mount-scan rebuilt allocator.

Read & write from userspace works

Programs create, read and write files through standard C calls (fopen/fread/fwrite); the shell can copy files and redirect output to disk.

Userspace & syscalls

Real ring-3 isolation with a SYSCALL/SYSRET interface and a growing POSIX-style syscall set.

Ring-3 isolation works

Programs run in ring 3 with their own page mappings and the User bit; the kernel runs in ring 0. SMEP/SMAP-aware. Faults are contained.

SYSCALL / SYSRET works

A real fast syscall path (EFER.SCE, STAR/LSTAR/FMASK MSRs) that preserves all user registers across the boundary.

ELF64 loader works

Loads multi-page ELF programs from EuroFS, applies R_X86_64_RELATIVE relocations, and builds a SysV stack (argc/argv/envp/auxv).

Linux / musl compatibility

EuroOS runs unmodified programs linked against musl libc — the path to a real software ecosystem.

Linux syscall ABI works

A compatibility layer translating Linux x86-64 syscalls (write, writev, read, openat, mmap, brk, arch_prctl, set_tid_address, clock_gettime, …) to EuroOS handlers.

musl static-PIE binaries works

A program built with musl-gcc -static-pie — using real printf, malloc, fopen, getenv — loads, relocates and runs in ring 3.

TLS & the SysV contract works

Thread-local storage via arch_prctl(SET_FS) (verified with %fs:0), plus a full argc/argv/envp/auxv stack — exactly what a musl _start expects.

Environment variables works

Programs inherit a system environment and read it with getenv()LANG, TERM, PATH, HOME and more.

Security

Protection is built into the kernel, not bolted on. Two pillars are real today.

Capability tokens works

Every program is granted explicit capabilities (console, file, process-info, network). The kernel enforces least-privilege at the syscall boundary — in both the native and Linux ABIs. A program without NET simply cannot reach the network.

Ed25519 verify-before-execute works

Before any program runs, the kernel verifies a real Ed25519 signature over its bytes against an embedded public key. Tampered code is cryptographically rejected.

Signed package install works

The shell can install a signed package into EuroFS only after its Ed25519 signature checks out — a sovereign software supply chain on the OS itself.

App sandboxing works

Apps are isolated in their own address space & capability set; the desktop shows per-window security badges (sandboxed / encrypted / network).

EuroNet — networking

An own network stack with a real virtio-net driver. EuroOS is on the network — IPv4 and IPv6.

virtio-net driver works

Own PCI scan, virtqueue setup and TX/RX path — real Ethernet frames go out and come back, verified in a packet capture.

IPv4: ARP · ICMP · UDP works

Own implementations, RFC-conform with correct checksums. The OS resolves the gateway via ARP and gets ICMP echo replies (ping).

DHCP & DNS works

A DHCP client obtains a real lease (address, router, DNS, lease time); a DNS client resolves real domain names to real IPs.

IPv6: NDP · SLAAC · ICMPv6 works

Stateless address autoconfiguration (link-local + global via Router Advertisement), Neighbor Discovery, and ping6 — full dual-stack.

# the network stack, live at boot (verified on the wire)
[net] virtio-net OK — MAC 52:54:00:12:34:56
[net] DHCP ACK: lease 10.0.2.15 (router 10.0.2.2, dns 10.0.2.3)
[net] DNS: example.com = 104.20.23.154
[net] IPv6 SLAAC: fe80::5054:ff:fe12:3456 · global fec0::…
[net] PING6 router: echo-reply OK

EuroDesktop

A graphical desktop on an own compositor — windows, a mouse, a sidebar.

Compositor & windows works

Software-rendered overlapping windows with rounded corners, shadows, a z-order, click-to-focus and drag-to-move.

Mouse & cursor works

A live mouse cursor with save-under, driven by the PS/2 mouse — drag windows, focus by clicking title bars.

Design system (EDS) works

A design-token system (spacing, radius, the security colour language) drives a calm, consistent interface.

Shell

An interactive shell in the terminal window with a classic Unix feel.

Run programs by name works

Type a program name and the kernel loads it from EuroFS, verifies its signature, and runs it in ring 3 with the right capabilities and ABI.

Pipes & redirection works

a | b connects one program's output to the next's input; > and >> redirect output to a file in EuroFS.

Arguments & install works

Command-line arguments flow into main(argc, argv); install <pkg> verifies and installs a signed package.

Live network commands works

ping <ip|name>, ping6 and net operate on the live NIC.

Toolchain & packages

A complete toolchain to build, sign and install software for EuroOS.

EuroToolchain works

Compiles freestanding C and musl programs to position-independent ring-3 ELF binaries that run on the kernel.

eupkg package manager works

Builds and verifies signed .eupkg packages (ZIP + manifest + SHA-256 + Ed25519). Tampered packages are rejected.

Reproducible & open planned

Reproducible builds and the public repository land with the first alpha. The full source goes public under EUPL-1.2.

This documentation describes a project in active development. "Works" means it runs and is verified today in QEMU (and on hardware); "planned" means it is on the roadmap. Nothing here is a mock-up.  ← Back to euro-os.eu