syzkaller - syzkaller is an unsupervised, coverage-guided Linux system call fuzzer

•    Go

syzkaller is an unsupervised coverage-guided Linux kernel fuzzer.The project mailing list is syzkaller@googlegroups.com. You can subscribe to it with a google account or by sending an email to syzkaller+subscribe@googlegroups.com.

reactos - A free Windows-compatible Operating System

•    C

ReactOS™ is an Open Source effort to develop a quality operating system that is compatible with applications and drivers written for the Microsoft® Windows™ NT family of operating systems (NT4, 2000, XP, 2003, Vista, Seven). The ReactOS project, although currently focused on Windows Server 2003 compatibility, is always keeping an eye toward compatibility with Windows Vista and future Windows NT releases.

gvisor - Container Runtime Sandbox

•    Go

gVisor is a user-space kernel, written in Go, that implements a substantial portion of the Linux system surface. It includes an Open Container Initiative (OCI) runtime called runsc that provides an isolation boundary between the application and the host kernel. The runsc runtime integrates with Docker and Kubernetes, making it simple to run sandboxed containers. gVisor takes a distinct approach to container sandboxing and makes a different set of technical trade-offs compared to existing sandbox technologies, thus providing new tools and ideas for the container security landscape.

spectre-meltdown-checker - Spectre & Meltdown vulnerability/mitigation checker for Linux

•    Shell

A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018. For Linux systems, the script will detect mitigations, including backported non-vanilla patches, regardless of the advertised kernel version number and the distribution (such as Debian, Ubuntu, CentOS, RHEL, Fedora, openSUSE, Arch, ...), it also works if you've compiled your own kernel.

blog_os - Writing an OS in Rust

•    Rust

This repository contains the source code for the Writing an OS in Rust series at os.phil-opp.com. Afterwards you can invoke bootimage build to produce a bootable disk image. Please file an issue if you run into any problems.

gophernotes - The Go kernel for Jupyter notebooks and nteract.

•    Go

Acknowledgements - This project utilizes a Go interpreter called gomacro under the hood to evaluate Go code interactively. The gophernotes logo was designed by the brilliant Marcus Olsson and was inspired by Renee French's original Go Gopher design. Important Note - gomacro relies on the plugin package when importing third party libraries. This package works reliably on Mac OS X only with Go 1.10.2+ as long as you never execute the command strip gophernotes. If you can only compile gophernotes with Go <= 1.10.1 on Mac, consider using the Docker install and run gophernotes/Jupyter in Docker.

u-root - A fully Go userland! u-root can create a root file system (initramfs) containing a busybox-like set of tools written in Go

•    Go

source mode: Go toolchain binaries + simple shell + Go source for tools to be compiled on the fly by the shell. When you try to run a command that is not built, it is compiled first and stored in tmpfs. From that point on, when you run the command, you get the one in tmpfs. Don't worry: the Go compiler is pretty fast.

winfsp - Windows File System Proxy - FUSE for Windows

•    C

WinFsp is a set of software components for Windows computers that allows the creation of user mode file systems. In this sense it is similar to FUSE (Filesystem in Userspace), which provides the same functionality on UNIX-like computers. WinFsp is very stable. There are no known kernel mode crashes and it does not suffer from resource leaks or similar problems. WinFsp owes this stability to its Design and its rigorous Testing Regime.

pmbootstrap - Repository has been moved! https://postmarketos

•    Shell

Sophisticated chroot/build/flash tool to develop and install postmarketOS.

raspberry-pi-os - Learning operating system development using Linux kernel and Raspberry Pi

•    C

This repository contains a step-by-step guide that teaches how to create a simple operating system (OS) kernel from scratch. I call this OS Raspberry Pi OS or just RPi OS. The RPi OS source code is largely based on Linux kernel, but the OS has very limited functionality and supports only Raspberry PI 3. Each lesson is designed in such a way that it first explains how some kernel feature is implemented in the RPi OS, and then it tries to demonstrate how the same functionality works in the Linux kernel. Each lesson has a corresponding folder in the src directory, which contains a snapshot of the OS source code at the time when the lesson had just been completed. This allows the introduction of new concepts gracefully and helps readers to follow the evolution of the RPi OS. Understanding this guide doesn't require any specific OS development skills.

linux-insides-zh - Linux 内核揭密

Linux 内核揭密

linux-kernel-exploits - linux-kernel-exploits Linux平台提权漏洞集合

•    C

linux-kernel-exploits Linux平台提权漏洞集合

windows-kernel-exploits - windows-kernel-exploits Windows平台提权漏洞集合

•    C

windows-kernel-exploits Windows平台提权漏洞集合

tock - A secure embedded operating system for Cortex-M based microcontrollers

•    Rust

Tock is an embedded operating system designed for running multiple concurrent, mutually distrustful applications on Cortex-M based embedded platforms. Tock's design centers around protection, both from potentially malicious applications and from device drivers. Tock uses two mechanisms to protect different components of the operating system. First, the kernel and device drivers are written in Rust, a systems programming language that provides compile-time memory safety, type safety and strict aliasing. Tock uses Rust to protect the kernel (e.g. the scheduler and hardware abstraction layer) from platform specific device drivers as well as isolate device drivers from each other. Second, Tock uses memory protection units to isolate applications from each other and the kernel. Tock is documented in the doc folder. Read through the guides there to learn about the overview and design of Tock, its implementation, and much more.

build - Armbian build tools

•    Shell

Supported build environment is Ubuntu Bionic 18.04 x64 (minimal iso image). Make sure that full path to the build script does not contain spaces.

RT-Thread - A Tiny and Elegant IoT Operating System

•    C

RT-Thread (Real-Time Thread) is an open source embedded real-time operating system. It has a strong scalability: from a nano kernel running on a tiny MCU, for example ARM Cortex-M0, or Cortex-M¾/7, to a rich feature system running on MIPS32, ARM Cortex-A, even the emerging open source RISC-V architecture is supported. RT-Thread can run either on single-core systems or on symmetric multi-core processors(SMP) systems.

Cilium - eBPF-based Networking, Security, and Observability

•    Go

Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as application containers or processes. Cilium operates at Layer 3/4 to provide traditional networking and security services as well as Layer 7 to protect and secure use of modern application protocols such as HTTP, gRPC and Kafka. Cilium is integrated into common orchestration frameworks such as Kubernetes.

eggos - A Go unikernel running on x86 bare metal

•    Go

Run Go applications on x86 bare metal, written entirely in Go (only a small amount of C and some assembly), support most features of Go (like GC, goroutine) and standard libraries, also come with a network stack that can run most net based libraries. The entire kernel is a go application running on ring0. There are no processes and process synchronization primitives, only goroutines and channels. There is no elf loader, but there is a Javascript interpreter that can run js script files, and a WASM interpreter will be added to run WASM files later.

Firecracker - Secure and fast microVMs for serverless computing

•    Rust

Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services that provide serverless operational models. Firecracker runs workloads in lightweight virtual machines, called microVMs, which combine the security and isolation properties provided by hardware virtualization technology with the speed and flexibility of containers.

embox - Modular and configurable OS for embedded applications

•    C

Embox is a configurable RTOS designed for resource constrained and embedded systems. Embox main idea is using Linux software without Linux. Here's a quick overview on how to build and run Embox.