Overview

Bastion is a minimal, supervised, remotely-operable operating system written in Rust against an internal-only dependency budget — zero external crates. The primary deployment surface is bare-metal x86-64 hardware; a portable bytecode runtime (BMR) lets the same Substrate programs run on macOS and other hosts when bare-metal isn't available. The work is structured into three crates: a kernel library (CPU, filesystem, syscall dispatch, audit), a runtime layer (boot harness, operator shell, remote console), and a controlled language (Substrate) used to describe processes that run on the kernel.

Bastion is long-horizon systems work, not a near-term product. Its audience is environments where deterministic execution, auditability, and a small attack surface matter more than ecosystem breadth. See the Bastion research perspective for deeper detail on the x86-64 implementation.

Components

  • x86-64 native kernel

    Primary target. Bastion boots on real x86-64 hardware via UEFI, with a hand-written assembly machine core, interrupt tables, context switching, syscall trampolines, and atomics. Driver work covers Ethernet (TCP/IPv4/ARP, guarded TCP shell, live kernel push), framebuffer, PCI, DMA allocation, serial, PS/2 keyboard, ACPI, and USB controllers.

  • BMR portable VM

    Custom instruction set with a register file, program counter, and syscall trap. Lets Substrate programs run on macOS and other hosts when bare-metal x86-64 isn't available — useful for development and testing. The kernel never executes arbitrary native code from user programs.

  • BFS filesystem

    Journaling filesystem with A/B superblock mirroring, write-staged commit markers, block integrity checks, fsck, and a bad-block table. Fixed-capacity heap-free structures throughout.

  • IPS, KRC, SABI, BSEC

    Inter-process services (init, worker, logger, heartbeat, input handler, utility execution), the kernel resource context that ties CPU + filesystem + devices + audit together, the syscall ABI separating Substrate bytecode from the kernel, and the security core (audit log and access control primitives).

  • MCLI and NET

    The operator shell runs over stdin/stdout locally or over a guarded TCP console (shared-secret auth, constant-time compare, idle timeout, session logging).

  • Substrate language

    A flat, statement-based process description language with a parser, AST, and bytecode emitter. The Substrate compiler is being progressively self-hosted; the bootstrap roadmap tracks the gap between the Rust reference compiler and the in-language self-host.

Current focus

Active work is on the x86-64 native path, including 802.11 wireless driver development. The project is currently at a standstill pending access to a dedicated local workstation. Substrate self-host milestones continue independently of the hardware path.

Project log

  • Project page expanded

    Bastion's page now describes the kernel, filesystem, runtime, and Substrate language layers, and records the current hardware standstill honestly.

  • Public status established

    Bastion is now tracked as a project with a log source and a separate research note for deeper systems detail.

Documents