Cyphera Blog
Release announcements, technical writeups, and updates from the Cyphera team.
KMIP: The Universal Language for Cryptographic Keys (Yes, It Exists)
· ~6 min read
KMIP is the OASIS standard that lets your encryption stack talk to any key management server — one protocol, zero vendor lock-in at the key layer. What it actually does, why it's in your compliance doc, and how to try it without a six-figure contract.
Read post →What's an ABI anyways?
· ~4 min read
API is the source-level contract; the ABI is the binary one — ELF format, the calling convention, and the syscall interface. What it actually means, and the #![no_std] hello world that proves the Cyphera Kernel speaks it.
'It compiles' is not a test suite
· ~6 min read
MIRI catches undefined behavior. Kani proves invariants hold for every input. cargo-fuzz hunts parser crashes. The Cyphera Kernel's test stack — what each layer actually catches, and why the type system alone isn't enough.
Read post →How we contain the unsafe
· ~4 min read
6.7% of the Cyphera Kernel codebase holds 100% of its unsafe Rust. The rest is #![forbid(unsafe_code)]. Why a framekernel beat both monolith and microkernel for the workloads we're targeting.
How to build a Rust kernel without rewriting Linux
· ~5 min read
~38 million lines of Linux vs ~150–250 thousand lines of Rust for the workloads anyone deploys on confidential-computing infrastructure. The scope-reduction trick, why Rust matters, and what it doesn't get you.
Read post →So we're building another Rust kernel. Yeah, I know.
· ~3 min read
Yes, another Rust kernel. Here's the honest pitch I made to myself — VM-only scope, modern Linux ABI only, and what surprised me along the way.
Read post →