Security by Structure. Built for Gaming. Designed for Everyone.
⚠️ STATUS: RESEARCH ARCHITECTURE PROPOSALThis is a theoretical framework. There is currently no functioning operating system, ISO, or active repository. This document outlines a research proposal to combine the seL4 microkernel with a Rust-written userspace to create a crash resistant, "console grade" PC experience.
NovaraOS is a consumer operating system built entirely from the ground up on the seL4 microkernel, with an entirely Rust written userspace. It is not a Linux distribution, not a Windows emulator, and not a server or embedded system.
We are designing an architecture to serve three distinct purposes simultaneously:
- Mathematically Provable Security: Building a foundation where insecure actions are structurally impossible.
- Gaming as a First Class Workload: Treating gaming as a primary priority, not an afterthought.
- A Refined Consumer Experience: A polished interface designed so that a non technical person never needs to touch a terminal.
To solve the conflict between "Open Source Freedom" and "Competitive Anti Cheat," NovaraOS proposes two distinct boot modes to satisfy both developers and gamers.
| Feature | Open Mode (Dev / Kernel Hacking) | Verified Mode (Standard / Competitive) |
|---|---|---|
| Boot Chain | Unlocked / Self Signed | Secure Boot + TPM 2.0 |
| Kernel State | Modifiable | Immutable / Signed |
| Target Use | Kernel Dev, OS Modding | Gaming, General Use, Banking |
| App Support | Standard Apps, Mods, Emulators | All Above + "Verified OS" Apps |
| Anti-Cheat | Flagged as "Untrusted" | Flagged as "Verified Platform" |
Clarification: Verified Mode does not lock down userspace. You can still install mods (e.g., Assetto Corsa Content Manager), run emulators, and use tools like ReShade. The restriction only prevents modification of the Kernel and OS Core, which satisfies Anti-Cheat requirements without blocking game customization.
NovaraOS targets native Vulkan games and ports. We are fundamentally rethinking game integrity to solve the plague of competing, invasive kernel-level rootkits.
- Unified Anti Cheat API: Instead of invasive third party drivers, NovaraOS provides a universal, hardware-backed anti-cheat API. There is exactly one kernel module, owned and maintained by NovaraOS, that all games use.
- No Third Party Rootkits: Unsigned binaries are rejected at the system level. A studio cannot ship their own kernel module; the only anti-cheat code that ever runs in the kernel is our open source implementation.
- Hardware Level Verification: The system verifies that input events originated from a real hardware device, carrying hardware timestamps at nanosecond precision.
- TPM Attestation: The Trusted Platform Module provides a cryptographic chain of measurements proving the system is running exactly the software it claims to be.
- The Nova Overlay: Drawn directly by the privileged compositor above the game frame, the overlay cannot be blocked, broken, or detected by the game process.
- Nova Games: A unified library application aggregates the user's entire game collection from every store (Steam, GOG, Epic) into a single interface.
Building a secure foundation requires the right tools for the right layers.
| Component | Description | Role in NovaraOS |
|---|---|---|
| seL4 | The only formally verified general purpose microkernel in existence. | Enforces capability confinement and isolation with mathematical proofs. |
| Rust | A systems programming language providing compile time memory safety. | Powers the entire userspace, eliminating buffer overflows and data races. |
| SPARK | A formally verified subset of the Ada programming language. | Secures components like the TPM service and credential vault. |
| Genode (DDE) | An infrastructure framework for microkernel operating systems. | Runs isolated Linux drivers to provide immediate, battle-tested hardware support. |
The user experience in NovaraOS is designed to be frictionless, informative, and completely free of legacy command line administration.
- The .nov Package Format: An evolution of concepts from Android (APK) and Flatpak, but built for a verified desktop. Every application is a signed
.novbundle.- Atomic: They install and uninstall cleanly without leaving "DLL hell" or orphaned files.
- Verified: Every package is cryptographically signed and hash verified against a review certificate.
- Permission Aware: Users grant specific access via system level prompts drawn by the compositor, not the app itself.
- Atomic Updates: Updates happen silently and automatically in the background when the machine is idle.
- Safe Rollbacks: New system images are written to a staging partition and measured by the TPM; if a boot fails, the system automatically reverts.
- Unified Settings: One searchable settings application indexes every configurable aspect of the system and all installed applications.
- GPLv2 Core: The kernel configuration, hardware drivers, and hardware layer components are licensed under GPLv2 to prevent locked, proprietary hardware.
- MIT SDK: The SDK, UI framework, and developer tools are licensed under MIT to remove all barriers to building on the platform.
- Transparent Governance: Governed by a transparent foundation model where the core team is eventually elected annually by the contributor community.
This research concept stands on the shoulders of giants. We acknowledge the foundational work of:
- seL4 Foundation: For the world's only formally verified microkernel.
- Genode Labs: For the robust OS framework and driver environments.
- Qt Project: For user interface technology.
Project Status: NovaraOS begins as a Research Architecture Proposal. No functioning ISO or active repository exists at the time of writing. This organization hosts the public documentation, architectural RFCs, and foundational proof of concept work as we embark on Phase Zero of development.