Snapi-OS is a from-scratch x86-64 hobby operating system written entirely in Rust.
Milestone 1 is complete. The current target is Milestone 2: Freestanding Runtime.
This repository uses:
- Rust for the whole project
- x86-64 as the only target architecture
- UEFI as the only boot entry path
- a freestanding kernel runtime for the current milestone
- Trunk-Based Development with protected
main - Test-First Development as soon as possible
- QEMU + OVMF first, then generic x86-64 UEFI hardware
Milestone 1 delivered a working UEFI-hosted shell environment.
That means the current repository already has:
- direct boot as
\EFI\BOOT\BOOTX64.EFI - a working shell prompt
- basic Unix-like file and directory commands
- a simple persistent filesystem image at
\SNAPIOS\ROOTFS.IMG - QEMU acceptance tests
- real-hardware validation on x86-64 UEFI hardware
Milestone 2 does not repeat that work. It builds on it.
Milestone 2 is a UEFI-first but no longer UEFI-hosted runtime.
That means:
- firmware still loads
BOOTX64.EFIdirectly BOOTX64.EFIbecomes a loader, not the full runtime- the loader loads a freestanding kernel from
\SNAPIOS\KERNEL.ELF - the loader gathers boot information and calls
ExitBootServices() - after that point, Snapi-OS continues running as its own freestanding kernel
- normal runtime behavior no longer depends on UEFI Boot Services
This is the milestone that moves Snapi-OS from a hosted pre-boot environment into a standalone OS runtime.
Boot the same packaged ESP image in both:
- QEMU with OVMF
- real x86-64 UEFI hardware
Then:
- load the freestanding kernel
- exit UEFI boot services successfully
- continue running under Snapi-OS control
- execute shell commands after handoff
- prove in the transcript that command execution happened after
ExitBootServices()
Milestone 2 includes only what is necessary to cross the standalone-runtime bar.
- UEFI loader + freestanding kernel split
- freestanding kernel target on
x86_64-unknown-none - shared boot handoff contract between loader and kernel
- successful
ExitBootServices()transition - kernel-owned runtime after handoff
- serial-first console for QEMU and early bring-up
- startup-script execution after handoff
- reuse of the current shell, VFS, and
fs_v1logic after handoff - RAM-backed root filesystem created from a preloaded
ROOTFS.IMG - deterministic QEMU acceptance tests that prove post-handoff execution
- generic real-hardware smoke validation on x86-64 UEFI hardware
These are intentionally excluded from milestone 2:
- persistent write-back across reboot
- raw block-device access
- native SATA / AHCI / NVMe drivers
- PS/2 keyboard support as a milestone requirement
- USB keyboard support as a milestone requirement
- multitasking
- scheduler
- user/kernel mode separation
- system calls
- networking
- GUI
- ext4
- page-table redesign beyond what is strictly necessary for bring-up
- user program loading
Milestone 2 is complete when all of the following are true:
BOOTX64.EFIloads\SNAPIOS\KERNEL.ELFsuccessfully.- The loader gathers the final memory map and exits boot services successfully.
- The freestanding kernel prints a stable post-handoff marker such as
KERNEL: POST_EBS OK. - The shell runs after that marker, not before it.
- The existing milestone-1 command set still works after handoff against a RAM-backed root filesystem.
sleepno longer depends on UEFIstall.exitno longer returns to the hosted UEFI shell runtime; it halts or reboots from the freestanding kernel.syncsucceeds against the volatile in-memory filesystem image and clearly communicates that the result is not yet durable across reboot.- The QEMU acceptance suite passes.
- Real x86-64 UEFI hardware can boot into the freestanding kernel and run a startup script after handoff.
The command set carried into milestone 2 is:
helpechosleeppwdlscdmkdirrmdirtouchcatrmmvcpsyncexit
Notes:
sleepremainssleep Nwith whole seconds only.echocontinues to supportecho text > file.syncin milestone 2 is volatile only. It updates the in-memory serialized rootfs image but does not yet guarantee durability across reboot.exithalts or reboots the freestanding kernel. It no longer means “return to the hosted UEFI runtime”.
To keep the milestone lean, Snapi-OS uses this runtime model after handoff:
- serial-first output for QEMU and early bring-up
- startup-script-first execution for automated testing and hardware smoke tests
- RAM-backed root filesystem seeded from a preloaded
\SNAPIOS\ROOTFS.IMG
This means:
- the loader reads
\SNAPIOS\ROOTFS.IMGbeforeExitBootServices() - the loader reads
\SNAPIOS\STARTUPbeforeExitBootServices() - the kernel receives both as memory buffers in boot info
- the kernel does not depend on UEFI file services after handoff
Milestone 2 deliberately favors a freestanding runtime over persistent storage.
This milestone is delivered as a sequence of small vertical slices.
- add a freestanding kernel target
- keep
BOOTX64.EFIas the loader - package
\SNAPIOS\KERNEL.ELFon the ESP - define a shared boot info contract
- load the kernel
- gather the final memory map
- call
ExitBootServices() - jump to kernel entry
- print a stable post-handoff marker
- halt cleanly
- serial output works after handoff
- panic path works after handoff
- the kernel owns a minimal allocator
- reuse
runtime,shell,vfs, andfs_v1 - mount a RAM-backed root filesystem from the preloaded image
- run
STARTUPafter handoff - support the milestone-1 command set after handoff
- all TESTING.md minimum acceptance scenarios pass as QEMU tests
make-espincludes a demo startup scriptsyncupdates the in-memory serialized image buffer- mutating commands keep the RAM image consistent
- docs and transcript output clearly state that persistence across reboot is not yet part of the milestone
- boot the same packaged image on real x86-64 UEFI hardware
- prove that the post-handoff marker appears
- run a startup script after handoff
- verify visible equivalence with QEMU for the scripted path
Checkpoints A through E are complete. Checkpoint F is a manual real-hardware validation step.
.
├── README.md
├── ARCHITECTURE.md
├── TESTING.md
├── SAFETY.md
├── AGENTS.md
├── docs/
│ └── adr/
│ ├── 0001-uefi-first.md
│ └── 0002-freestanding-runtime.md
├── .github/
│ └── copilot-instructions.md
├── apps/
│ ├── bootx64/
│ └── kernel/
├── crates/
│ ├── bootinfo/
│ ├── elf_loader/
│ ├── platform/
│ ├── platform_uefi/
│ ├── platform_freestanding/
│ ├── runtime/
│ ├── shell/
│ ├── vfs/
│ └── fs_v1/
└── xtask/
The following must be installed before building or testing.
The nightly toolchain remains pinned in rust-toolchain.toml.
Add both targets once:
rustup target add x86_64-unknown-uefi
rustup target add x86_64-unknown-noneInstall via your package manager (example for Ubuntu/Debian):
sudo apt install mtools ovmf qemu-system-x86These remain the baseline milestone-2 host tools.
cargo install cargo-auditThese command names remain the repository contract:
cargo xtask build-efi
cargo xtask make-esp
cargo xtask run-qemu
cargo xtask test-host
cargo xtask test-qemuFor milestone 2, these commands evolve as follows:
build-efibuilds the loader and any artifacts it directly ownsmake-esppackages the loader, kernel, and milestone assets onto the ESP imagerun-qemuboots the freestanding path, not the old hosted-only pathtest-hostremains the fast host-side validation looptest-qemubecomes the authoritative freestanding acceptance suite
Do not rename these commands unless there is a strong reason to do so.