GuardBSD Architecture
GuardBSD provides a minimal, secure, capability-driven operating system built on a three-microkernel design and a unified multi-architecture codebase.
This page summarizes the full system structure: applications, libraries, servers, drivers, microkernels and hardware abstraction.
System Overview
User Applications
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Shell โ VFS Test โ Dev Test โ Net Test
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
System Library (libgbsd)
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
File API โ Process API โ Memory API โ Network API
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
System Servers
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Init โ VFS โ RAMFS โ DevD โ NetD โ NetSvc
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Device Drivers
โโโโโโโโโโโโโโโโโ
Serial โ Storage
โโโโโโโโโโโโโโโโโ
Microkernel Layer
โโโโโโโโโโโโโโโโโโโโโโโโโโโโ
ยตK-Space โ ยตK-Time โ ยตK-IPC
โโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Hardware Abstraction Layer
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
x86_64 Support โ aarch64 Support
โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ
Total trusted computing base (TCB): ~1.52 MB across all microkernels and servers.
Microkernel Architecture
ยตK-Space - Memory Management
- PMM (bitmap allocator)
- VMM (4-level page tables)
- physical frame allocation
- mapping/unmapping
- optimized TLB flush (75 cycles)
Performance:
- frame allocation: O(1)
- page map: ~300 cycles
ยตK-Time - Scheduler
- priority scheduler (256 levels)
- thread states
- timer interrupts
- context switching (1200 cycles)
- thread yield (~80 cycles)
ยตK-IPC - Communication
- message passing
- FIFO queues
- capability system
- synchronous/asynchronous IPC
- 180-cycle send path, 120-cycle receive path
System Servers
Init
PID 1, process supervision, service management.
VFS
Virtual filesystem dispatcher.
RAMFS
In-memory filesystem (256 nodes, ~1 MB binary).
DevD
Device enumeration & driver binding.
NetD
TCP/IP/UDP/ICMP stack.
NetSvc
Network services (DNS, DHCP, HTTP).
Security Architecture
Capability System
Each resource is accessed through unforgeable capabilities:
struct Capability {
object_id: u64,
rights: Rights,
seal: u64,
generation: u32,
}
Features:
- attenuation (reduced rights)
- revocation
- delegation via IPC
Memory Architecture
Physical Memory
Bitmap allocator Refcounted frames Contiguous support
Virtual Memory
- 4-level paging
- 4KB / 2MB / 1GB pages
- COW support
- user/kernel split:
0000_0000_0000_0000 - 7FFF_FFFF_FFFF_FFFF User Space
FFFF_8000_0000_0000 - FFFF_FFFF_FFFF_FFFF Kernel Space
IPC Architecture
Message Format
struct Message {
header: MessageHeader,
payload: [u8; 4096],
}
Fast-path optimization reduces send latency to ~180 cycles.
Performance Summary
| Component | Cycles |
| ---------- | ------ |
| IPC send | 180 |
| IPC recv | 120 |
| mmap | 300 |
| open/close | 150 |
| read/write | 85 |
Hot paths optimized up to 43% faster than initial implementation.
Multi-Architecture Support
Supported:
- x86_64
- aarch64
Planned:
- riscv64 (Phase 5)
Features of GuardBSD architecture provides:
- minimal microkernels
- capability-based security
- dual-architecture operation
- fast IPC and low-overhead syscalls
- formal verification path