CypheraOS
A memory-safe systems stack for high-trust software. CypheraOS combines a Rust-based Linux-compatible kernel, Rust POSIX/libc compatibility work, and secure runtime foundations into a long-term operating-system platform.
What it is
CypheraOS is the operating-system layer of the Cyphera secure infrastructure platform. It is being developed as a progressively memory-safe stack — from kernel interfaces through POSIX/libc compatibility and into the runtime foundations the rest of the Cyphera Platform (KMIP server, PKI server, Secrets Manager) runs on.
The direction is "Rust all the way down": not as a slogan for a clean-slate experiment, but as a practical investigation into replacing critical memory-unsafe system layers with Rust-based components while preserving compatibility with existing Linux software.
Current work
- Cyphera Kernel — Rust-based, targeting Linux ABI compatibility. Broad x86_64 syscall coverage; validated against real software (PostgreSQL, container runtimes with Alpine userland, busybox, strace, gdb). Now open source — v0.0.1 on GitHub ↗.
- Cyphera Runtime — Rust POSIX/libc compatibility layer.
cyphera-libcprovides the Rust libc and POSIX-compatibility surface so C/POSIX-oriented software can run on the Cyphera Kernel without a traditional C libc. - Rust userland experiments — busybox-static today; Rust uutils a future direction.
- Trusted-execution research — packaging compatibility planned for SEV-SNP, TDX, and AWS Nitro Enclaves as confidential-VM targets.
- Verification — Kani-based proofs for selected low-level properties, continuous fuzzing (cargo-fuzz), and supply-chain checks (cargo-deny, semgrep).
Release model
The near-term release path is expected to focus on packaged system images — AMI and VM artifacts that allow evaluation, pilots, and controlled deployments without requiring users to build the entire stack from source.
Release timing for the first packaged artifacts has not been set. Source publication decisions for individual components — kernel, libc integration, userland, runtime — are being made component-by-component as the work matures.
Cyphera uses a mixed release model. Selected components are released as open source under permissive licenses; other research and platform work may be released as packaged images, hosted services, or controlled pilots depending on maturity, security considerations, and deployment goals.
Status
CypheraOS is active research. It is not currently positioned as a finished general-purpose Linux replacement. The focus is research validation, compatibility experiments, and identifying the minimum trusted stack required for practical secure infrastructure.
The kernel boots, runs real software, and is validated against a growing set of Linux compatibility tests. The libc integration is working end-to-end. The packaging and image-build pipeline are next. The kernel source is now public: github.com/cyphera-labs/cyphera-kernel (v0.0.1).
How it fits the Cyphera platform
CypheraOS is the foundation layer for the rest of the Cyphera Platform. The KMIP key-management server, PKI server, and Secrets Manager are designed to run on CypheraOS for deployments where memory-safety from the kernel up is a hard requirement — confidential VMs, defense / federal workloads, and other high-trust environments.
For workloads that don't require the full memory-safe stack, the same Cyphera Platform services run on conventional Linux. CypheraOS is the option, not the prerequisite.
Working with us
CypheraOS is developed by Horizon Digital Engineering LLC. We are interested in research partners, pilot users, and non-dilutive funding opportunities in trusted computing, secure runtime infrastructure, embedded systems, and defense software modernization.
For evaluation access, collaboration, or technical discussion, reach out via contact.