LeivOS Buy
Documentation · Engineering

Inside LeivOS.

The end-user product is LeivOS. The kernel is called Uusi. The language most of it is written in is Tape. This page is for developers, evaluators, and the curious — every layer is built in-house.

Kernel
Uusi
x86_64, UEFI
Userland
LeivOS
Compositor, apps, libuusinet
Language
Tape
Scripting + AOT — read more →
The kernel inside

Uusi: small, sharp, ours.

The Uusi kernel boots from UEFI, brings up paging, scheduling, processes, threads, and a window manager — all in a fraction of the code other operating systems need.

  • • Preemptive multitasking with per-thread guard pages
  • • Userspace network stack and TLS 1.3 written from scratch
  • • Per-process address spaces, killable cleanly without taking the GUI down
  • • In-tree scripting language for automation: Tape
$ uusi boot --serial
[ok] uefi memory map preserved
[ok] pmm online, 7.8 GiB available
[ok] vmm + slab heap up
[ok] scheduler: 8 logical CPUs
[ok] /dev/wm + compositor
[ok] netd: dhcp BOUND ip=10.0.2.15
[ok] tls 1.3 record layer ready
leivos login:

Kernel & runtime

  • Custom x86_64 kernel — bootloader, paging, scheduler, IPC, all in-house
  • Written in Assembly (early boot + CPU primitives), C (close-to-metal pieces), and primarily Tape
  • Per-process address spaces with hard memory limits and guard pages
  • Preemptive scheduling with two-tier fairness
  • Slab + free-capable heap, deterministic page allocator
  • Cooperative graceful shutdown on faults; the GUI survives

Graphics & desktop

  • Window manager with z-order, focus, drag, close, hover
  • Damage-rect compositor — only what changed gets redrawn
  • Client-owned window buffers, capability-checked surface IDs
  • A small widget toolkit, fast launcher, software cursor

Networking

  • Userspace network stack: Ethernet, ARP, IPv4, ICMP, UDP, TCP, DHCP, DNS
  • TLS 1.3 with X25519, AES-GCM, ChaCha20-Poly1305 — written from scratch
  • X.509 chain validation against real RSA-PSS and ECDSA-P256 certificates
  • WPA2-PSK Wi-Fi with verified 4-way handshake against captured fixtures
  • virtio-net + loopback drivers; a kernel net-poll thread for steady tick

Tape — the in-tree language

  • Three runtimes from one source: interpreter, JIT, AOT to native PE
  • Full pipeline: scanner → parser → typecheck → bytecode → codegen
  • Standard library: io, string, dyn — and a REPL
  • Compile-once-run-many .tb bytecode artifacts
  • Read the dedicated Tape language documentation for grammar, types, and runtimes

Trust

  • No telemetry. No profiling. No background analytics.
  • Capability manifest gates privileged ioctls per binary
  • Every cryptographic primitive verified against RFC test vectors
  • Tape language sources available; OS sources closed for security reasons
Want to read more?

The development blog has the full story — what we hit, what we built, and why.

Tape language Read the blog