{"slug": "swiftos-an-os-in-embedded-swift-that-serves-its-own-website", "title": "SwiftOS – an OS in Embedded Swift that serves its own website", "summary": "SwiftOS, a new operating system written in Embedded Swift for aarch64, has completed its bring-up phase and now runs a native Swift userland with networking. The OS prioritizes efficient, reliable minimalism with capability-based isolation and deterministic boot, targeting application and AI hosting as its primary profile. Development is in Phase 1, hardening the system with a capability model and SMP support.", "body_md": "swift-os is a full-fledged, modern operating system written in **Embedded\nSwift** for `aarch64`\n\n. Its flagship profile is **application & AI hosting**;\n**embedded/appliance** deployment is a co-primary profile; **desktop use is not\nexcluded**. The design value is *efficient, reliable minimalism* — a small\ntrusted core, capability-based isolation, fast deterministic boot, immutable\nsigned images, and testable correctness, achieved by **removing legacy** rather\nthan emulating it.\n\nThe project is not a Linux clone and not a legacy Unix compatibility exercise. The same minimalist core serves all three profiles; they differ mainly in which optional services and devices are present, not in the kernel.\n\nThe bring-up phase is complete and the system runs a native Swift userland with\nnetworking. Development is now in **Phase 1**: hardening the system for the\nproduct profile (capability/handle model, SMP, restartable userland services —\nsee [docs/RISK_REMEDIATION_ROADMAP.md](/asaptf/swift-os/blob/main/docs/RISK_REMEDIATION_ROADMAP.md)).\n\nWhat exists today, in the order it was built:\n\n-\n**Phase 0 — bring-up (historical, M0–M8):** the kernel boots at EL1 on QEMU`virt`\n\n; UART, exceptions, GIC timer interrupts, the MMU, and preemptive EL0 scheduling are up; each process has its own address space; fork/exec/waitpid work; a VFS exposes a read-only base FS plus a writable tmpfs; static ELF64 programs load and execute from the VFS. The bring-up userland was a statically linked busybox`sh`\n\n(a legacy tool used to prove the syscall surface); the**native Swift userland is now the direction**(see below).`make test`\n\ncovers host-side unit checks and QEMU boot assertions. -\n**M9 — HAL + device tree:** the kernel reads its own DTB at boot and populates a global`Platform`\n\nstruct; UART/GIC/RAM addresses come from the device tree instead of being hardcoded. -\n**M10 (a/b/c) — UEFI boot from GPT disk:** a minimal AArch64 PE32+ EFI loader (`BOOTAA64.EFI`\n\n) calls`ExitBootServices`\n\nand hands off to the Swift kernel.`make disk`\n\nproduces`build/swift-os.img`\n\n, a sparse GPT image with an EFI System Partition.`make disk-run`\n\nboots it under QEMU+AAVMF (edk2) with no`-kernel`\n\n. The direct`-kernel`\n\npath is kept as a fallback and both are tested by`make test`\n\n. -\n**M10.5 — VirtualBox ARM prep:** the EFI loader emits diagnostics before handoff; a procedure for manually testing on VirtualBox ARM is in`docs/VIRTUALBOX.md`\n\n. -\n**M11 (a–d) — virtio-blk + packed read-only base FS from disk:** a deterministic signed packed base image format (`SWOSBASE v3`\n\n); a host packer (`tools/basepack.swift`\n\n); a polled virtio 1.0 block driver; the VFS mounts the packed image at boot and serves`/bin`\n\n,`/etc`\n\n, and other base files directly from disk. The kernel no longer embeds any userland binary; the image shrank from ~1.4 MiB to ~208 KiB. Every`make run`\n\n/`make test`\n\ninvocation attaches`build/base.img`\n\nas a virtio-blk device. -\n**M12 (a–d) — capability/principal security + console-login as init:** a typed`ProcessSecurityContext`\n\n(principal, session, capability mask — not Unix uid==0); a base-image identity store`/etc/swos/passwd`\n\nwith SHA-256-hashed passwords;`console-login`\n\nauthenticates a principal, calls`SYS_LOGIN`\n\n, and`execve`\n\ns the shell with the adopted context; when a session ends, init loops back to a fresh login prompt. -\n**M13 (a–c) + follow-ups — VFS capability enforcement, file ownership, shell redirection:**`vfsOpen`\n\nchecks the caller's capability mask at open time (`capFsRead`\n\n,`capTmpWrite`\n\n); tmpfs namespace mutations (`mkdir`\n\n/`rm`\n\n/`mv`\n\n) require`capTmpWrite`\n\n; vnodes carry an owner (principal) and mode written at creation or packed from the base image;`ls -l`\n\nshows permission strings, owner names, sizes, and real timestamps (PL031 RTC);`fcntl`\n\n(`F_DUPFD_CLOEXEC`\n\n,`F_GETFD`\n\n/`F_SETFD`\n\n,`F_GETFL`\n\n) and close-on-exec semantics make shell I/O redirection (`echo > file`\n\n,`>>`\n\n, pipe-into-redirect) work correctly. -\n**Native Swift userland coreutils:** a growing set of pure-Embedded-Swift EL0 utilities over the`userland/lib/swift_user.*`\n\nbridge, all packed into the base image:`ls`\n\n(with`-l`\n\n),`cat`\n\n,`echo`\n\n,`pwd`\n\n,`ps`\n\n,`top`\n\n,`id`\n\n,`mkdir`\n\n,`rmdir`\n\n,`rm`\n\n,`mv`\n\n,`chmod`\n\n,`chown`\n\n,`head`\n\n,`touch`\n\n,`wc`\n\n,`date`\n\n,`calc`\n\n(an interactive expression REPL that exercises Swift`String`\n\n/`Array`\n\n/`Dictionary`\n\n/ARC),`kv`\n\n(an in-memory key-value REPL), and`console-login`\n\n. The userland free-capable allocator (K&R free-list over`sbrk`\n\n) backs ARC for these apps. -\n**Network stack (N-series, in-kernel, sans-IO core):** a TCP/IP/UDP/ARP/ICMP/ DNS stack in Embedded Swift. The protocol core (`kernel/net/`\n\n) is pure Swift (no MMIO/heap-per-packet), compiled into both the kernel and host unit tests. The virtio-net driver (`kernel/drivers/virtio_net.swift`\n\n) provides the DMA path. Capability-gated socket syscalls (`socket`\n\n/`bind`\n\n/`sendto`\n\n/`recvfrom`\n\n/`listen`\n\n/`accept`\n\n/`connect`\n\n/`resolve`\n\n) are exposed to EL0. Userland tools:`/bin/udpecho`\n\n,`/bin/tcpecho`\n\n,`/bin/tcpget`\n\n,`/bin/nslookup`\n\n,`/bin/httpd`\n\n(a concurrent poll()-driven static-file HTTP server with MIME types and directory listings), and`/bin/llmd`\n\n(TinyStories inference over HTTP). A ChaCha20-Poly1305 AEAD module (`kernel/crypto/`\n\n) is built and tested as TLS groundwork. DNS queries resolve against slirp's nameserver by default. -\n**Restartable driver-service and device-discovery smoke:** the C5a-C5f path stages`/bin/drvsvcdemo`\n\nand`/bin/drvinputd`\n\n. The supervisor starts an input-driver service, exchanges endpoint IPC messages, discovers and claims`virtio-input.0`\n\nwhen QEMU exposes a keyboard device, falls back to`pseudo-input.0`\n\nin headless boots, surfaces virtio-mmio base/length as discovery metadata, proves future hardware-authority bits stay clear, keeps the current device grant metadata-only, transfers an opaque device handle, proves the grant moves, stays busy while the service owns it, is reclaimed after exit, and recovers with`C5a OK: restartable driver service recovered over IPC`\n\n,`C5b OK: opaque device handle transferred and released`\n\n,`C5c OK: virtio-input device grant discovered and matched`\n\n,`C5d OK: virtio input discovery metadata surfaced`\n\n,`C5e OK: device authority withheld until explicit handoff`\n\n, and`C5f OK: device grant rights stayed metadata-only`\n\n. The aggregate acceptance gate is`make c5-test`\n\n; real MMIO, IRQ, DMA, and virtio-input queue ownership are still roadmap work. -\n**Threading runtime:**`thread_create`\n\n/`futex`\n\n(FUTEX_WAIT/FUTEX_WAKE) syscalls; EL0 threads share one address space; a futex-based mutex test proves correct concurrent increment across preemption. -\n**Process teardown reclaims frames:**`address_space_destroy`\n\nwalks and frees all user-half page tables and leaf frames on process exit/exec/reap; a boot- time reclaim test asserts zero leak across fork+exec+spawn round-trips. -\n**Package and ports fixtures:**`.swpkg`\n\npackages, writable package-store images, signed static repository catalogs, and target-side`pkg install NAME`\n\nare covered by executable fixtures. The current ports path also cross-builds static AArch64 Lua, zlib, bzip2, zstd, xz, libarchive, OpenSSL, pcre2, nginx, and sqlite on the host, packages the pinned ca-certificates and tzdata bundles as data, publishes all twelve into one signed seed repository, emits a static-hostable repository root that can be served to QEMU, and proves install from a DNS-resolved hosted-style repository URL.\n\nThe design is intentionally narrow:\n\n**Lightweight by design.** Every always-on subsystem must justify its memory cost, CPU cost, boot-time cost, and security surface.**Simple enough to trust.** Prefer explicit, testable mechanisms over clever machinery.**Secure by construction.** Separate address spaces, capability-based handles, small privileged code. Kernel authorization is principal/capability, not uid==0.**Correctness proven by tests.** Each milestone must build, boot, satisfy its acceptance criterion, and ship executable checks.**Modern over legacy.** Rebuild tools against the swift-os ABI instead of importing Linux compatibility or old platform assumptions.\n\nSee [docs/PHILOSOPHY.md](/asaptf/swift-os/blob/main/docs/PHILOSOPHY.md) for the full project stance.\n\nThe public documentation starts at [docs/DOCUMENTATION.md](/asaptf/swift-os/blob/main/docs/DOCUMENTATION.md).\nThat map now includes role-based paths for first-time operators, deployment\nowners, administrators, application developers, package maintainers, service\noperators, AI hosting operators, support engineers, and security reviewers.\n\n[Getting Started](/asaptf/swift-os/blob/main/docs/GETTING_STARTED.md): build, boot, log in, run commands, and attach QEMU networking.[Concepts](/asaptf/swift-os/blob/main/docs/CONCEPTS.md): core SwiftOS terms, images, filesystem, identity, packages, services, testing, and roadmap boundaries.[Installation Guide](/asaptf/swift-os/blob/main/docs/INSTALLATION_GUIDE.md): choose and verify direct QEMU, UEFI/GPT, graphical smoke, and VirtualBox ARM boot profiles.[Deployment Guide](/asaptf/swift-os/blob/main/docs/DEPLOYMENT_GUIDE.md): prepare, validate, hand off, and roll back application, AI, package, and appliance deployment candidates.[Release Notes](/asaptf/swift-os/blob/main/docs/RELEASE_NOTES.md): shipped features, verification gates, known limits, and upgrade notes for the current checked-in snapshot.[Update And Rollback Guide](/asaptf/swift-os/blob/main/docs/UPDATE_GUIDE.md): rebuild immutable artifacts, update boot profiles, verify candidates, and roll back safely.[Update Store](/asaptf/swift-os/blob/main/docs/UPDATE_STORE.md): A/B update-store image layout, target commands, and rollback behavior.[User Guide](/asaptf/swift-os/blob/main/docs/USER_GUIDE.md): accounts, capabilities, filesystem, process tools, networking tools, and current system limits.[Administration Guide](/asaptf/swift-os/blob/main/docs/ADMINISTRATION_GUIDE.md): maintain accounts, capability masks, base configuration, package images, and services.[Command Reference](/asaptf/swift-os/blob/main/docs/COMMAND_REFERENCE.md): command syntax, examples, limits, and acceptance coverage for the current base image and package overlay.[Host Tool Reference](/asaptf/swift-os/blob/main/docs/HOST_TOOL_REFERENCE.md): host-side package, repository, ports catalog, static-host, hosted URL, base-image, and model-bundle tools.[Configuration Reference](/asaptf/swift-os/blob/main/docs/CONFIGURATION_REFERENCE.md): build variables, boot profiles, QEMU/test knobs, artifacts, and seeded guest defaults.[Testing Guide](/asaptf/swift-os/blob/main/docs/TESTING_GUIDE.md): choose focused gates, run the full suite, interpret failures, and add host or QEMU acceptance tests.[Operations Guide](/asaptf/swift-os/blob/main/docs/OPERATIONS_GUIDE.md): boot profiles, package overlays, network workflows, AI operation, logging evidence, and verification gates.[Networking Guide](/asaptf/swift-os/blob/main/docs/NETWORKING_GUIDE.md): virtio-net boot profiles, host forwarding, DNS, TCP/UDP, TLS, IPv6 smoke paths, and network tests.[Service Guide](/asaptf/swift-os/blob/main/docs/SERVICE_GUIDE.md): run, observe, test, and design SwiftOS services such as`httpd`\n\n,`llmd`\n\n, echo tools, and the C5a-C5f driver-service smoke.[AI Hosting Guide](/asaptf/swift-os/blob/main/docs/AI_HOSTING_GUIDE.md): run local TinyStories inference, serve completions over HTTP, and operate verified model bundles.[Performance And Sizing Guide](/asaptf/swift-os/blob/main/docs/PERFORMANCE_GUIDE.md): measure resource usage, throughput guards, service metrics, and current sizing limits.[Observability Guide](/asaptf/swift-os/blob/main/docs/OBSERVABILITY_GUIDE.md): read boot health, structured log markers, process snapshots, service metrics, and panic evidence.[Logging Reference](/asaptf/swift-os/blob/main/docs/LOGGING.md): understand kernel log lines, ring buffers, export samples, filtering, and log authority.[Troubleshooting](/asaptf/swift-os/blob/main/docs/TROUBLESHOOTING.md): build, boot, login, filesystem, network, package overlay, LLM, and QEMU test failure diagnosis.[Support Guide](/asaptf/swift-os/blob/main/docs/SUPPORT_GUIDE.md): evidence collection, support bundles, severity levels, report templates, and handoff checklists.[FAQ](/asaptf/swift-os/blob/main/docs/FAQ.md): common product, install, compatibility, package, networking, AI, and support questions.[Examples](/asaptf/swift-os/blob/main/docs/EXAMPLES.md): copy-paste workflows for common SwiftOS tasks.[Compatibility Guide](/asaptf/swift-os/blob/main/docs/COMPATIBILITY_GUIDE.md): supported platforms, application paths, porting constraints, packages, and non-goals.[Security Guide](/asaptf/swift-os/blob/main/docs/SECURITY_GUIDE.md): current login flow, capability bits, handle rights, confinement, immutable images, and security limits.[Base Image](/asaptf/swift-os/blob/main/docs/BASE_IMAGE.md): immutable packed filesystem contents, build inputs, and base-image verification.[Developer Guide](/asaptf/swift-os/blob/main/docs/DEVELOPER_GUIDE.md): write native Embedded Swift programs, port C/newlib programs, and stage binaries into the base image.[Porting Guide](/asaptf/swift-os/blob/main/docs/PORTING_GUIDE.md): evaluate and port source-built applications to the SwiftOS ABI, filesystem, package, and test model.[Application Cookbook](/asaptf/swift-os/blob/main/docs/APPLICATION_COOKBOOK.md): copy-paste recipes for SwiftOS commands, C utilities, package overlays, and tests.[Package Guide](/asaptf/swift-os/blob/main/docs/PACKAGE_GUIDE.md): build, inspect, boot, test, and troubleshoot`.swpkg`\n\n, repository, package-store, ports, static-host, and hosted URL artifacts.[Package Management](/asaptf/swift-os/blob/main/docs/PACKAGE_MANAGEMENT.md): package-system design, current implementation status, and roadmap boundaries.[Package Build Automation Guide](/asaptf/swift-os/blob/main/docs/PACKAGE_BUILD_AUTOMATION.md): package recipe, seed package fixtures, CI smoke-test, and repository publishing workflow for maintainers.[Package Ecosystem Goal](/asaptf/swift-os/blob/main/docs/PACKAGE_ECOSYSTEM_GOAL.md): end-state package ecosystem goals and current package roadmap.[Package Manager Implementation Plan](/asaptf/swift-os/blob/main/docs/PACKAGE_MANAGER_IMPLEMENTATION_PLAN.md): historical package-manager implementation plan.[Package Manager Session Prompts](/asaptf/swift-os/blob/main/docs/PACKAGE_MANAGER_SESSION_PROMPTS.md): reusable package-manager session and milestone prompts.[SWPKG Format](/asaptf/swift-os/blob/main/docs/SWPKG_FORMAT.md):`.swpkg`\n\ncontainer layout, manifest, payload, and verification rules.[Package Store Format](/asaptf/swift-os/blob/main/docs/PKGSTORE_FORMAT.md): package-store image, activation record, and local install layout.[Static Package Repository](/asaptf/swift-os/blob/main/docs/PKGREPO_FORMAT.md): signed static HTTP catalog layout and repository install flow.[API Reference](/asaptf/swift-os/blob/main/docs/API_REFERENCE.md): API recipe index, syscall table, structure layouts, handle rights, native Swift bridge, and compatibility API notes.[Server Software Catalog](/asaptf/swift-os/blob/main/docs/SERVER_SOFTWARE_CATALOG.md): prioritized server packages, current package limits, and porting prerequisites.[Ports Seed Catalog](/asaptf/swift-os/blob/main/ports/README.md): seed ports catalog and recipe validation rules.[SMP Mutable State Audit](/asaptf/swift-os/blob/main/docs/SMP_STATE_AUDIT.md): machine-checked SMP mutable-state inventory.[Next Session](/asaptf/swift-os/blob/main/docs/NEXT_SESSION.md): current handoff notes for the next engineering session.\n\n```\nEL0 userland native Swift coreutils + network tools; future Swift apps, Node.js, JVM (busybox: legacy bring-up)\n ---------- syscall boundary: swift-os POSIX-like ABI, not Linux ABI\nEL1 kernel Embedded Swift: runtime, mm, sched, vfs, drivers, net, security, tty\n arch/aarch64 boot (UEFI loader + direct -kernel fallback), exception vectors, context switch\n```\n\nKey architectural decisions:\n\n**Target:**`aarch64`\n\n, QEMU`virt`\n\n(primary), QEMU+AAVMF UEFI (primary boot path), VirtualBox ARM (best-effort).`make run`\n\ndefaults to one CPU; SMP hardening has dedicated`-smp N`\n\ntests and readiness gates.**Boot:** UEFI (`BOOTAA64.EFI`\n\non an ESP in a GPT disk image) is the primary path; direct`-kernel`\n\nis kept as a fallback.**Hardware discovery:** a boot-time DTB reader populates a global`Platform`\n\n; driver and PMM initialization read from it instead of hardcoded constants.**Kernel language:** Embedded Swift, freestanding, no Foundation, no full standard library.**Isolation:** real MMU-based process isolation, one address space per process.**Filesystem:** two-tier. A signed packed read-only base image (`SWOSBASE v3`\n\n) served off a virtio-blk device; a RAM tmpfs for writable scratch. No journaling; data loss on reboot is by design.**Security:** capability/principal model.`/etc/swos/passwd`\n\nis the identity source;`/etc/passwd`\n\nis a generated compatibility view for busybox/newlib only.**ABI:** a small swift-os syscall surface, POSIX-like where useful, explicitly not the Linux syscall ABI.**Linking:** static userland only; no dynamic loader.**Network:** in-kernel, virtio-net, sans-IO pure-Swift protocol core; capability-gated socket ABI.\n\nSee [docs/ARCHITECTURE.md](/asaptf/swift-os/blob/main/docs/ARCHITECTURE.md) for subsystem boundaries, driver strategy,\nlong-horizon runtime constraints, and explicit non-goals.\n\n```\nboot/\n efi/ UEFI loader (AArch64 PE32+): loader.c, efi.h, kernel_blob.S\nkernel/\n arch/aarch64/ boot.S, exception vectors, context switch, linker script, FDT reader, platform\n crypto/ ChaCha20-Poly1305 AEAD (TLS groundwork)\n drivers/ PL011 UART, GICv2, virtio-blk, virtio-net, virtio-input, framebuffer\n mm/ physical page allocator (PMM), virtual memory / address space management\n net/ sans-IO Ethernet/ARP/IPv4/ICMP/UDP/TCP/DNS core; socket layer\n runtime/ freestanding runtime support for Embedded Swift\n sched/ preemptive process/thread scheduler, futex\n security/ process security context, principal/capability model\n signal/ signal delivery, pending mask\n syscall/ syscall dispatch\n timer/ ARM generic timer, PL031 RTC\n tty/ line discipline, termios, canonical/raw mode\n user/ ELF loader, process/thread lifecycle, exec\n vfs/ VFS (disk-backed base + tmpfs), fcntl, capability enforcement\nuserland/\n lib/ swift_user bridge (svc ABI, allocator, atomic ops, putchar),\n crt0, newlib syscall stubs, compat headers\n compat/ POSIX/Linux shim headers and stubs for busybox/newlib cross-build\n busybox/ busybox 1.38.0 build config\n *.swift native Swift EL0 utilities: ls cat echo pwd ps top id mkdir rmdir\n rm mv chmod chown head touch wc date calc kv nslookup udpecho\n tcpecho tcpget httpd console-login threadsdemo …\n hello.c original bring-up C program (kept for reference)\nbase/ host seed tree for the packed base image (etc, www, …)\ntools/\n basepack.swift host-side packed base image packer\nscripts/ build-busybox.sh, build-newlib.sh, make-disk.sh, …\ntests/ host unit tests (Swift) + QEMU boot assertion scripts (bash)\ndocs/ philosophy, architecture, package ecosystem, hardware/toolchain notes\n```\n\nThe default tool paths are pinned for the current macOS Apple Silicon bring-up\nenvironment in [docs/NOTES.md](/asaptf/swift-os/blob/main/docs/NOTES.md). They can be overridden from\n`make`\n\nif your local installation differs.\n\nPrerequisites (run once):\n\n```\nmake newlib # cross-build newlib 4.6.0 into ./sysroot\nmake busybox # cross-build busybox 1.38.0\n```\n\nThen:\n\n```\nmake tools-check\nmake build\nmake run # direct -kernel boot with base.img attached\n```\n\nUEFI boot (primary path):\n\n```\nmake disk # build BOOTAA64.EFI + GPT disk image (build/swift-os.img)\nmake disk-run # boot under QEMU+AAVMF from the GPT disk\n```\n\nOther useful targets:\n\n```\nmake test # full test suite: host unit tests + QEMU boot assertions\n # (both -kernel and UEFI/disk paths are tested)\nmake uefi-run # UEFI boot from a QEMU virtual FAT directory (quick, no GPT)\nmake debug # boot QEMU paused with a gdbstub on :1234\nmake gdb # attach aarch64-elf-gdb to the paused kernel\nmake base-image # pack build/base.img from base/ + staged userland ELFs\nmake clean\n```\n\n`make run`\n\nstarts:\n\n```\nqemu-system-aarch64 -M virt -cpu cortex-a72 -m 256M -nographic \\\n -global virtio-mmio.force-legacy=false \\\n -device loader,file=,addr=...,force-raw=on \\\n -drive file=build/base.img,...,readonly=on \\\n -device virtio-blk-device,drive=swosbase \\\n -kernel build/kernel.elf\n```\n\n`make disk-run`\n\nstarts:\n\n```\nqemu-system-aarch64 -M virt,acpi=off -cpu cortex-a72 -m 256M -nographic \\\n -bios \\\n -drive file=build/swift-os.img,format=raw,if=virtio \\\n \n```\n\nExit QEMU serial with `Ctrl-A X`\n\n.\n\nThe current pinned target is:\n\n```\naarch64-none-none-elf\n```\n\nThe kernel is built with a swift.org Embedded Swift toolchain, LLVM `clang`\n\n,\n`ld.lld`\n\n, `llvm-objcopy`\n\n, and QEMU. Exact versions and the rationale for the\ncurrent flags live in [docs/NOTES.md](/asaptf/swift-os/blob/main/docs/NOTES.md); do not guess or cargo-cult\nEmbedded Swift flags across toolchain versions.\n\nWork is organized in phases. Each milestone must remain buildable, bootable, tested, and reviewable before moving on.\n\nThe bring-up arc proved the kernel and syscall surface end to end. busybox was the bring-up userland (a legacy tool); the native Swift userland is now the direction.\n\n**M0:** boot skeleton and UART output.**Done.****M1:** runtime hooks, exception vectors, heap, page allocator.**Done.****M2:** GIC and timer interrupts.**Done.****M3:** virtual memory and MMU.**Done.****M4:** processes, scheduling, EL0 trap path.**Done.****M5:** syscall entry and VFS skeleton.**Done.****M6:** libc subset, ELF64 loader, spawn.**Done.****M7:** TTY, termios, signals.**Done.****M8:** static busybox`sh`\n\nwith`ls`\n\n,`cat`\n\n, and`echo`\n\n.**Done.****M9:** HAL + runtime hardware discovery from DTB.**Done.****M10 (a/b/c):** UEFI boot from a GPT disk image under QEMU+AAVMF.**Done.****M10.5:** VirtualBox ARM validation prep.**Done (prep only; manual run needed).****M11 (a–d):** virtio-blk driver, packed`SWOSBASE`\n\nformat + host packer, base FS served read-only from disk, disk-first executable lookup, embedded kernel blob removed.**Done.****M12 (a–d):** capability/principal security core, identity store, console-login as init, SHA-256 password hashing.**Done.****M13 (a–c):** VFS capability enforcement at open time, tmpfs mutation gating, file ownership +`ls -l`\n\n.**Done.****Post-M13 follow-ups:** shell I/O redirection +`fcntl`\n\n; native Swift userland coreutils (`ls cat echo pwd ps top id mkdir rmdir rm mv chmod chown head touch wc date calc kv …`\n\n); busybox`vi`\n\n; PL031 RTC + per-file mtime; free-capable allocator for Swift ARC; threading (`thread_create`\n\n+`futex`\n\n); process teardown frame reclaim.**Done.****N-series (networking):** virtio-net driver, sans-IO Ethernet/ARP/IPv4/ICMP/ UDP/TCP/DNS core, capability-gated socket syscalls,`/bin/udpecho`\n\n,`/bin/tcpecho`\n\n,`/bin/tcpget`\n\n,`/bin/httpd`\n\n(concurrent poll-driven static-file HTTP server),`/bin/nslookup`\n\n, DNS resolver, TCP robustness + ephemeral-port allocator, ChaCha20-Poly1305 AEAD (TLS groundwork).**Done.**\n\nThe dedicated plan lives in `docs/RISK_REMEDIATION_ROADMAP.md`\n\n. It completes the\ncapability/handle model (C-arc), treats **SMP** as a required deliverable (S0–S5\nseries), moves drivers and the network stack toward the documented restartable\nuserland service model, and makes global kernel state concurrent-safe. Each\nsub-milestone follows the strict rule: builds, boots (including `-smp N`\n\n), has\ntests, is committed, then review. SMP and \"restartable services\" are tracked\nwork, not non-goals; C5a-C5f now prove the supervisor/service IPC shape,\nvirtio-input discovery metadata, fallback pseudo-device discovery, surfaced\nvirtio-mmio metadata, opaque device-handle transfer, withheld hardware\nauthority, and metadata-only grant rights before real device handoff lands.\n\nToward a complete hosting/embedded OS: richer observability and metrics; production update channels beyond the checked A/B validation paths; kernel-slot health confirmation; the native Swift application runtime plus Node.js and JVM hosting; the embedded footprint profile (small static image, deterministic boot, fewer services); TLS 1.3 record layer and handshake; Cells (kernel-native capability-based isolated execution domains); and a hot-update-friendly kernel structure. Recorded, not implemented early.\n\nThese boundaries are deliberate. They are how the OS stays minimal — it removes\nlegacy surface rather than carrying it. They are not constraints on the\nhosting/embedded/desktop profiles, which the same core already serves; they\nconstrain *how* it serves them.\n\n- Linux ABI compatibility;\n- dynamic linking;\n- amd64/x86-64 support;\n- full Cells isolation (the architecture is designed for it; the implementation\nis future work — see\n`docs/ARCHITECTURE.md`\n\nand`docs/CAPABILITIES.md`\n\n); - Docker/OCI compatibility;\n- journaling or persistent writable filesystem guarantees;\n- broad loadable kernel-module ABI;\n- GPU/NPU acceleration;\n- graphics as the\n*primary*display path (a basic VT100 framebuffer console + virtio-input keyboard exist for QEMU graphical mode; desktop use is not excluded, but a rich display stack is Phase 2 work, not a current target).\n\n(See the risk remediation roadmap for the current status of SMP and restartable driver services — they are no longer blanket non-goals.)\n\n**SMP is no longer a blanket non-goal.** It is the subject of the active S0–S5 series in\n`docs/RISK_REMEDIATION_ROADMAP.md`\n\n. Until that arc lands the practical system remains\nsingle-core (and `make run`\n\n/ tests default to 1 CPU). The plan also covers completing\nthe handle-based capability model and moving toward restartable userland driver services.\n\nNetworking is **not** a non-goal: a TCP/UDP/ARP/ICMP/DNS stack and a set of\nuserland network tools are present and tested. The long-term target (userland network\nservice reachable only via capability-gated IPC, after the C-arc + basic SMP) is recorded\nin the risk remediation roadmap. What remains future work today is TLS in userland,\nhigh-pps optimizations, and the actual service-ization.\n\nThese boundaries are not accidental omissions. They keep the kernel surface small enough to measure, test, and trust.\n\nswift-os is licensed under the **Apache License, Version 2.0** — see\n[ LICENSE](/asaptf/swift-os/blob/main/LICENSE) and\n\n[. New source files we author carry an](/asaptf/swift-os/blob/main/NOTICE)\n\n`NOTICE`\n\n`// SPDX-License-Identifier: Apache-2.0`\n\nheader.Bundled third-party components keep their own licenses and are **not** covered by\nthe Apache license above: `userland/busybox`\n\n(GPL-2.0-only) and `libc/newlib`\n\n(BSD-style / permissive). See `NOTICE`\n\nfor details.", "url": "https://wpnews.pro/news/swiftos-an-os-in-embedded-swift-that-serves-its-own-website", "canonical_source": "https://github.com/asaptf/swift-os", "published_at": "2026-06-17 09:16:03+00:00", "updated_at": "2026-06-17 09:23:39.204100+00:00", "lang": "en", "topics": ["ai-infrastructure"], "entities": ["SwiftOS", "Embedded Swift", "QEMU", "UEFI", "VirtualBox", "ARM"], "alternates": {"html": "https://wpnews.pro/news/swiftos-an-os-in-embedded-swift-that-serves-its-own-website", "markdown": "https://wpnews.pro/news/swiftos-an-os-in-embedded-swift-that-serves-its-own-website.md", "text": "https://wpnews.pro/news/swiftos-an-os-in-embedded-swift-that-serves-its-own-website.txt", "jsonld": "https://wpnews.pro/news/swiftos-an-os-in-embedded-swift-that-serves-its-own-website.jsonld"}}