QWAMOS runs directly on the Obsidian Circuit Onyx (Rockchip RK3588) as a Type-1 pKVM/KVM hypervisor, providing unprecedented security through hardware-enforced isolation on the sole ARM64 SoC with open EL2 access.
Femtosecond Laser Direct Writing (FLDW) on Corning EAGLE XG glass — quantum entropy, CV-QKD, and inertial tamper detection on a single chip
Signal input → grating coupler → polarization control → tunable 50:50 BS → 3D waveguide cross → thermo-optic phase shifters → balanced detectors (I+, I-, Q+, Q-) → 14-bit 1 GSa/s ADC → FPGA
SPI/I2C/GPIO to RK3588. Entropy → /dev/hwrng. QKD keys → PQC keystore → Infineon HSM. Health status → Dom0. Inertial alerts → Tamper MCU. Control signals ← Dom0 FPGA interface.
Nuclear security rail (Betavolt BV100, orange path) powers QRNG + gyroscope + AWG spectrometer — permanently, even with dead main battery. Main battery powers QKD pump laser (50–200 mW).
Isolated ground plane security zone: glass photonic module (10mm target), pump laser 775nm, photonic wire bonding, Infineon SLB9672 HSM, Betavolt BV100, RISC-V HNCP, ARM M0+ tamper MCU, 4× kill switch relay bank.
Platform: Corning EAGLE XG borosilicate Method: FLDW (no cleanroom) Laser: Pharos Yb:KGW 1030nm 226fs 1MHz Stage: Aerotech ANT, <1µm accuracy Loss: 0.062 dB/cm (record low) WG size: 4.5×7.1 µm @ 35–170µm depth Δn: 0.01 (v1) → 0.02–0.03 (v2) QRNG: 42.7 Gbit/s · CMRR >73 dB CV-QKD: 3.2 Mbit/s · 9.3 km Stability: 8+ hours field operation Chip size: 20×10mm (v1) / 10×5mm (v2)
NIST SP 800-90B (on-chip FPGA health tests)
↓
FIPS 140-3 Level 3 (HSM integration)
↓
NSA CSfC APL (target)
QWAMOS leverages ARMv8.5-A security features to provide unprecedented memory protection. Each VM has its own isolated address space with hardware-enforced boundaries.
Cryptographic signatures on return addresses
Hardware detection of use-after-free bugs
Protection against JOP/ROP attacks
Hypervisor runs at highest privilege level
0xFFFF_FFFF_FFFF_FFFF ┐
│ Hypervisor (EL2)
0xFFFF_8000_0000_0000 ┤ [Protected]
│
0xFFFF_0000_0000_0000 ┤ Kernel Space
│ [Per-VM Isolated]
0x0000_8000_0000_0000 ┤
│ User Space
│ [Per-App Isolated]
0x0000_0000_0000_0000 ┘
Each VM sees only its own memory
Hardware EPT prevents cross-VM access
IOMMU restricts device DMA
Secure boot starts from hardware fuses
Verify bootloader signature Load secure monitor (EL3) Initialize TrustZone
QWAMOS hypervisor takes control
Setup EL2 exception vectors Initialize memory management Configure IOMMU tables Start crypto engine
Boot minimal Linux system VM
Create VM context Load kernel image Setup virtual devices Start init process
Start compositor and UI
Initialize Wayland Start GPU acceleration Load user session Ready for use
Create custom VMs for specialized workloads or development environments.
from qwamos.vm import VMBuilder
vm = VMBuilder()
.name("dev-environment")
.memory(4096) # 4GB RAM
.cores(2)
.storage(32768) # 32GB
.network("isolated")
.build()
vm.start()
Integrate with QWAMOS security features in your applications.
#include// Generate quantum-safe key qw_key_t *key = qw_keygen_mldsa87(); // Sign data qw_signature_t *sig = qw_sign( data, data_len, key ); // Verify signature bool valid = qw_verify( data, data_len, sig, key );
Define security policies for VMs and applications.
name: banking-app vm_type: android security: network: tor_only storage: encrypted memory: 2048 panic_wipe: true permissions: - camera: deny - microphone: deny - contacts: deny - location: deny
v3.1.0 is feature-complete (27/27 phases). v3.2.0 targets full VALKYRJA device integration
Join our open-source community and contribute to QWAMOS