Build quantum-resistant applications on the Onyx VALKYRJA platform using Python 3.9+, Dart/Flutter, TypeScript, Java, or Kotlin. Full access to Glass Photonic QRNG, Infineon HSM, VM hypercall interfaces, and hardware kill switch APIs. SLSA Level 3 reproducible builds enforced throughout.
QWAMOS enforces a platform-wide rule: no standalone ECC algorithm (ECDSA, X25519, Ed25519, secp256k1) may serve as a security-critical primitive. ECC is only permitted as a component within a documented hybrid construction (XOR-combined with a NIST PQC algorithm). This applies to all layers: firmware, OS, application, transport, and storage.
# PROHIBITED — standalone ECC
keypair = crypto.generate_keypair(algorithm="X25519") # FAIL
# REQUIRED — hybrid construction
kem = HybridKEM([
"ML-KEM-1024", # NIST PQC Level 5
"BIKE", # NIST PQC Level 5 alternate
"HQC", # NIST PQC Level 5 alternate
"McEliece-8192", # NIST PQC Level 5 code-based
"X25519", # ECC allowed only inside 5-way XOR
]) # OK — all 5 outputs XOR-combined before use
pip install qwamos-sdk qwamos init my-secure-app cd my-secure-app
from qwamos import VM
vm = VM("my-app")
vm.configure(
memory=2048, # MB; up to 32 GB total
cores=2,
network="isolated",
storage="encrypted"
)
vm.start()
qwamos build --target rk3588 \
--reproducible \
--sbom # EO 14028
qwamos sign --key release.key # ML-DSA-87
qwamos deploy
QWAMOS runs on an ARM64 KVM hypervisor with VHE (EL2). Each domain is isolated at the hardware level via pKVM memory isolation. No direct VM-to-VM communication paths exist — all inter-VM traffic is Dom0-mediated through defined message types.
Hypervisor control domain. Runs KVM at EL2. Owns ML threat detection, VM lifecycle management, all hardware security policies, kill switch control, HSM GPIO, and tamper MCU interface. Highest privilege — no user application runs here. CPU: 1× A76 + 2× A55 reserved realtime allocation.
Always-on network privacy domain. Mandatory exit point for all outbound traffic from every user VM — no user VM has direct internet access. Runs Tor, I2P, DNSCrypt, obfs4/WebTunnel/V2Ray transports, and behavioral obfuscation. HNCP sits on-wire between the modem and this VM at the hardware layer.
Primary daily-use domain. Hosts standard Android apps. Network access through Gateway VM only. FLAG_SECURE enforced at Flutter compositor layer. FMP privacy mode controlled by Dom0 profile state — no user VM software can override.
Offensive security and penetration testing domain. Full Kali Linux toolset. Network access through dedicated Gateway VM policy profile. Hardware access to wireless interfaces (with Dom0 policy grant).
General-purpose secure communications domain. PQC operations, Signal Protocol, ZRTP. Direct access to HSM PKCS#11 interface for cryptographic operations. Tor and I2P routing available.
Development environment with AI App Builder pipeline. Triple-AI consensus (Kali GPT on-device, Claude/ChatGPT via Tor). Automated security auditing (Bandit, Gitleaks), test generation, and SLSA L3 build system.
Air-gapped secret storage. Zero network interface. All copy operations require explicit Dom0 authorization per-operation. Dedicated 512 GB NVMe (PCIe 3.0 x4) storage on isolated power domain. Argon2id + ML-KEM-1024 layered encryption.
Ephemeral execution environment. Auto-wipe on close — no state persists to main storage. Ideal for untrusted app execution, one-time document viewing, and temporary network operations.
# Communication paths — enforced by Dom0 policy (not just convention) User VM → Gateway VM : VirtIO network via NIC enforcer (mandatory path) Dom0 → Guest VM : VirtIO console / custom hypercall (Dom0-initiated only) Guest VM → Dom0 : Limited notification channel (defined message types only) Guest VM → Guest VM : PROHIBITED — no direct path exists Vault VM ← any : Explicit Dom0 authorization required per copy operation Disposable VM ← any : Dom0-mediated only; all writes discarded on VM close # Hypercall interface for Dom0→Guest from qwamos.hypervisor import Hypercall hc = Hypercall() hc.send(target_vm="android", msg_type="notification", payload=data)
from qwamos.security import HybridKEM, KeyStore
# 5-way hybrid KEM — mandatory for all key exchange
# All 5 ciphertexts XOR-combined before use
kem = HybridKEM([
"ML-KEM-1024", # Kyber — NIST PQC L5
"BIKE", # NIST PQC L5 alternate
"HQC", # NIST PQC L5 alternate
"McEliece-8192", # code-based L5
"X25519", # ECC inside hybrid only
])
# Encapsulate (sender side)
ciphertext, shared_secret = kem.encapsulate(
recipient_public_key
)
# Decapsulate (recipient side)
shared_secret = kem.decapsulate(
ciphertext, private_key
)
# Store keys in HSM via PKCS#11
keystore = KeyStore() # backed by Infineon SLB9672
keystore.store(keypair, label="session-key")
from qwamos.vm import VMManager, VMConfig
# Configure VM — RK3588 ARM64 VHE / KVM
config = VMConfig()
config.memory = 4096 # MB; 32 GB total available
config.cores = 2
config.network = "isolated"
config.storage = "encrypted" # AES-256-XTS + ML-KEM
# Create and start VM (hardware pKVM isolation)
manager = VMManager()
vm = manager.create_vm("dev-env", config)
vm.start()
# Per-VM GPU slice (Mali-G610 MP4 passthrough)
vm.assign_gpu_slice(vulkan=True)
# Monitor resources
stats = vm.get_stats()
print(f"CPU: {stats.cpu_usage}%")
print(f"Memory: {stats.memory_usage} MB")
# Snapshot / rollback
snapshot = vm.create_snapshot("v1.0")
vm.restore_snapshot(snapshot)
from qwamos.crypto import QRNGDriver
# Glass Photonic QRNG — 42.7 Gbit/s
# NIST SP 800-90B certified entropy source
# Interfaces via SPI/I2C conditioned entropy
# to kernel pool (crypto/qrng_driver.py)
qrng = QRNGDriver()
# Check health / calibration status
status = qrng.health_check()
print(f"CMRR: {status.cmrr_db} dB") # target >73 dB
print(f"Stable: {status.calibrated}") # 8hr window
# Read raw entropy bytes
entropy = qrng.read_bytes(64)
# Seed a CSPRNG (recommended for most apps)
csprng = qrng.get_csprng()
random_key = csprng.generate(32) # 256-bit key
# QRNG feeds Infineon HSM entropy pool directly
# Applications should prefer HSM-backed key gen
# for all long-term key material
from qwamos.crypto import HSMManager, Signature
# Infineon SLB9672 TPM 2.0
# SPI dedicated channel — key material never
# transits bus in plaintext (hardware guarantee)
hsm = HSMManager()
# Hardware-backed ML-DSA-87 signing
# (Dilithium — NIST PQC signature L5)
sig_key = hsm.generate_signing_key(
algorithm="ML-DSA-87",
label="app-signing-key",
hardware_bound=True # non-exportable
)
# Sign app binary — signature verified on install
signature = hsm.sign(
data=app_binary,
key_label="app-signing-key"
)
# Verify signature
valid = hsm.verify(
data=app_binary,
signature=signature,
key_label="app-signing-key"
)
# PKCS#11 interface for standard crypto libraries
pkcs11_ctx = hsm.get_pkcs11_context()
from qwamos.hardware import KillSwitch
# 4 physical relay kill switches
# Domain 4 power (passive — no battery needed)
# Cannot be overridden by any software in any VM
ks = KillSwitch()
# Switch [1]: Network — opens RF power supply
# to Sierra Wireless EM9190 (circuit-level)
ks.network.open() # cut RF; close() restores
ks.network.status() # OPEN | CLOSED
# Switch [2]: Microphone — shorts mic lines to GND
# (acoustic isolation, hardware only)
ks.microphone.open()
# Switch [3]: Camera — disconnects camera power rail
# (all 4 cameras on same kill domain)
ks.camera.open()
# Switch [4]: Location/GPS — disconnects GPS
# receiver power and data lines
ks.gps.open()
# Query all switch states
states = ks.all_states()
# {'network': 'CLOSED', 'mic': 'OPEN', ...}
from qwamos.display import FMPController
# Samsung LEAD 2.0 FMP privacy display
# 6.9" AMOLED, 3088×1440, 490 PPI
# FMP mode: 3.5% brightness at 45°, <0.9% at 60°
# Dom0 controls profile state directly to
# display controller — no VM can override
fmp = FMPController()
# Set privacy profile (Dom0 privilege required)
fmp.set_profile("high") # maximum privacy
fmp.set_profile("medium") # balanced
fmp.set_profile("off") # standard display
# FLAG_SECURE enforced at Flutter compositor
# Any app that sets FLAG_SECURE automatically
# triggers FMP "high" profile for that window
# Query current state
profile = fmp.get_profile()
# Returns: {'mode': 'high', 'angle_45_pct': 3.5}
The following APIs are on the roadmap. Interfaces are draft — subject to change before release.
from qwamos.hypervisor import EntropyBeacon
# Single QRNG source → all 8 VM domains
# BLAKE3 domain separation per VM
# Each VM receives cryptographically isolated stream
beacon = EntropyBeacon()
# Get entropy stream for this VM
# (domain key derived from VM identity + BLAKE3)
stream = beacon.get_vm_stream(
vm_id="arch-vm",
length=64 # bytes per request
)
# Continuous pool replenishment at 42.7 Gbit/s
# source rate — pipeline-limited in practice
status = beacon.pool_status()
# {'source_rate_gbps': 42.7, 'vms_served': 8}
from qwamos_comms import QKDSession
# CV-QKD key generation session
# 3.2 Mbit/s secret key rate at 9.3 km
# Keys delivered to Infineon HSM keystore
# Never exported in plaintext
session = QKDSession()
# Initiate key generation session
# (requires CV-QKD fiber endpoint or companion)
session.connect(peer_address="qkd-endpoint")
session.start_key_generation()
# Keys auto-delivered to HSM PQC keystore
# Use via HSMManager — no raw key access
status = session.key_buffer_status()
# {'keys_available': 142, 'rate_kbps': 3200}
┌─────────────────────────────────────────────────────────────────┐ │ L4 ML-DSA-87 hardware-backed signing (Infineon SLB9672 HSM) │ ├─────────────────────────────────────────────────────────────────┤ │ L3 Argon2id KDF — GPU/ASIC-resistant key derivation │ │ + HKDF-BLAKE2b key expansion │ ├─────────────────────────────────────────────────────────────────┤ │ L2 ML-KEM-1024 + ChaCha20-Poly1305 (per-VM volumes) │ │ Independent encryption key per VM — no cross-VM access │ ├─────────────────────────────────────────────────────────────────┤ │ L1 AES-256-XTS (UFS 4.0 / NVMe hardware controller level) │ │ 1 TB UFS 4.0 primary + 512 GB NVMe Vault (dedicated) │ └─────────────────────────────────────────────────────────────────┘
from qwamos.storage import VMStorage
# Each VM has its own encrypted volume
# Key generated on VM creation, backed in HSM
storage = VMStorage(vm_id="arch-vm")
# Write encrypted file
storage.write("secrets.db", data,
kdf="argon2id",
iterations=3,
memory_kb=65536)
# Read (auto-decrypts, in-memory only)
data = storage.read("secrets.db")
from qwamos.vm import VaultAccess
# All Vault VM access requires explicit
# Dom0 authorization per operation
vault = VaultAccess()
# Request write (triggers Dom0 prompt)
token = vault.request_access(
operation="write",
path="keys/master.key",
reason="key backup"
)
vault.write(token, data)
# token expires immediately after use
Command-line interface for building, testing, and deploying QWAMOS applications. Targets RK3588 ARM64 VHE natively.
qwamos init # Create new project qwamos build # Reproducible build (SLSA L3) qwamos sbom # Generate SBOM (EO 14028) qwamos policy # Compile + sign security policy qwamos test # Run security test suite qwamos deploy # Deploy to device qwamos monitor # Real-time VM monitoring qwamos forensics # Collect forensic evidence
Triple-AI consensus engine in the Ubuntu Dev VM. Natural-language app description generates code, security audits, and tests simultaneously.
# Three AI models in consensus Kali GPT — on-device (no network exposure) Claude — via Tor circuit (privacy-routed) ChatGPT — via Tor circuit (privacy-routed) # Automated security pipeline Bandit — Python security linting Gitleaks — secrets detection ML-DSA-87 — auto-sign on audit pass Test Gen — automatic test generation
Automated security analysis from unit tests through hypervisor-level isolation verification.
• Fuzzing framework (Python / TypeScript) • VM escape testing • Cross-VM data leakage detection • KVM hardware isolation verification • Hypervisor integrity checks • Memory leak detection • Cryptography policy enforcement • Network isolation verification • Differential KVM/QEMU regression tests • TEMPEST: EM side-channel awareness tests (HSM SPI clock harmonic leakage detection)
Reproducible builds with deterministic output, cryptographic build provenance, and SBOM generation for EO 14028 compliance.
repro-build.sh # Deterministic output tools/generate-sbom.sh # SBOM — EO 14028 tools/policy-compile.sh # Sign policies (ML-DSA-87) tools/collect-forensics.sh # Evidence collection # All build artifacts signed with ML-DSA-87 # Verified on device before install # Build hash published to transparency log
Profile and optimize applications for the QWAMOS virtualized environment on RK3588 (32 GB LPDDR5X, 68.3 GB/s).
• CPU utilization (A76 / A55 per-core) • NPU utilization (6 TOPS on-device AI) • Memory allocation / per-VM footprint • I/O throughput (UFS 4.0 / NVMe) • Network latency (per VirtIO NIC) • Crypto throughput (HSM / software) • Mali-G610 GPU utilization per VM slice
Built-in compliance auditing for security-focused deployments.
• CIS Benchmark auditor • NIST SP 800-53 control mapping • Common Criteria EAL checks • SLSA Level 3 build provenance • FIDO2 / WebAuthn integration • PQC policy enforcement auditor • EAR ECCN 5E002 export checklist (T3)
End-to-end encrypted messaging with 5-way hybrid PQC, routed anonymously through Tor. Runs in Arch Linux VM domain.
from qwamos.apps import SecureApp
from qwamos.crypto import HybridKEM, HSMManager
from qwamos.network import TorTransport
class SecureMessenger(SecureApp):
def __init__(self):
super().__init__("secure-messenger")
self.kem = HybridKEM([
"ML-KEM-1024", "BIKE", "HQC",
"McEliece-8192", "X25519"
])
self.hsm = HSMManager()
self.tor = TorTransport()
def send_message(self, recipient, message):
# Encapsulate ephemeral session key (5-way hybrid)
ciphertext, session_key = self.kem.encapsulate(
recipient.public_key
)
# Encrypt with ChaCha20-Poly1305
encrypted = self.encrypt_symmetric(
message, session_key
)
# Sign with hardware-backed ML-DSA-87
signature = self.hsm.sign(
encrypted, key_label="messenger-key"
)
# Send through Tor (obfs4 transport)
self.tor.send_anonymous(
recipient.onion_address,
encrypted, ciphertext, signature
)
Use the Glass Photonic QRNG (42.7 Gbit/s, NIST SP 800-90B) to generate high-assurance key material, seeded directly from quantum vacuum fluctuations.
from qwamos.crypto import QRNGDriver, HSMManager, HybridKEM
qrng = QRNGDriver()
hsm = HSMManager()
# Verify QRNG is healthy before use
status = qrng.health_check()
assert status.cmrr_db > 73, "QRNG CMRR below threshold"
assert status.calibrated, "QRNG needs recalibration"
# Generate entropy and seed HSM key generation
entropy = qrng.read_bytes(64) # 512 bits raw quantum entropy
hsm.seed_entropy(entropy) # feeds Infineon SLB9672 pool
# Generate hardware-bound hybrid KEM keypair
# (private key never leaves HSM)
kem = HybridKEM([
"ML-KEM-1024", "BIKE", "HQC",
"McEliece-8192", "X25519"
])
keypair = hsm.generate_kem_keypair(
kem_suite=kem,
label="user-identity",
hardware_bound=True # non-exportable
)
print(f"Public key generated: {len(keypair.public_key)} bytes")
print(f"Private key: HSM-bound, label=user-identity")
Full hybrid key exchange — all 5 KEM ciphertexts XOR-combined so that an attacker must break all 5 schemes simultaneously. Required for all security-critical key exchange on QWAMOS.
from qwamos.crypto import HybridKEM, HKDF_BLAKE2b
# Define 5-way hybrid suite
# An attacker must break ALL 5 to recover the shared secret
kem = HybridKEM([
"ML-KEM-1024", # Kyber — NIST FIPS 203, Level 5
"BIKE", # BIKE — NIST PQC Round 4, Level 5
"HQC", # HQC — NIST PQC Round 4, Level 5
"McEliece-8192", # Classic McEliece — code-based, Level 5
"X25519", # ECDH — inside hybrid only (not standalone)
])
# === SENDER ===
# Encapsulate — produces 5 ciphertexts, XOR-combines shared secrets
ciphertext_bundle, shared_secret = kem.encapsulate(
recipient_public_key_bundle # bundle of 5 public keys
)
# Derive session key via HKDF-BLAKE2b
session_key = HKDF_BLAKE2b.derive(
ikm=shared_secret,
salt=context_nonce,
info=b"qwamos-session-v1",
length=32
)
# === RECIPIENT ===
shared_secret = kem.decapsulate(
ciphertext_bundle,
private_key_bundle # all 5 private keys
)
session_key = HKDF_BLAKE2b.derive(
ikm=shared_secret, salt=context_nonce,
info=b"qwamos-session-v1", length=32
)
Store and retrieve long-term secrets in the Vault VM (zero network interface, dedicated 512 GB NVMe, Dom0-authorized per-operation).
from qwamos.vm import VaultAccess
from qwamos.crypto import Argon2id, HybridKEM
vault = VaultAccess()
# ── WRITE ───────────────────────────────────────
# Derive wrapping key from passphrase
# (Argon2id: GPU/ASIC-resistant KDF)
wrapping_key = Argon2id.derive(
password=user_passphrase,
salt=vault.get_salt("master"),
time_cost=3,
memory_kb=65536, # 64 MB
parallelism=4,
length=32
)
# Request Dom0 authorization (triggers UI prompt)
write_token = vault.request_access(
operation="write",
path="keys/master.key",
reason="Initial master key backup"
) # token single-use, expires immediately after
# Write — encrypted before transit to Vault VM
vault.write(write_token, wrapping_key, path="keys/master.key")
# ── READ ────────────────────────────────────────
read_token = vault.request_access(
operation="read",
path="keys/master.key",
reason="Signing operation"
)
key_material = vault.read(read_token, path="keys/master.key")
crypto/hardware_keystore.py # StrongBox/TEE abstraction crypto/hsm_manager.py # Infineon SLB9672 TPM 2.0 crypto/fido2_backend.py # WebAuthn / FIDO2 / YubiKey crypto/qrng_driver.py # Glass Photonic QRNG interface crypto/qrng_health.py # AWG spectrometer health monitor [v2] qwamos_app_security/ # Runtime RASP framework
hypervisor/kvm_*.py # KVM ARM64 VHE management hypervisor/nic_enforcer.py # VirtIO network policy hypervisor/gpu_manager.py # Mali-G610 slice allocation hypervisor/entropy_beacon.py # Multi-VM quantum entropy dist. [v3]
network_privacy/webtunnel_transport.py network_privacy/v2ray_transport.py network_privacy/behavioral_obfuscation.py qwamos_comms/ # Signal, ZRTP, Steganography qwamos_comms/qkd_session.py # CV-QKD protocol coordination [v2]
security/aegis/ # Threat detection + response security/chimera/ # Multi-vector attack response security/pegasus_graphite_guard/ # Spyware countermeasures security/gyroscope_monitor.py # Sagnac loop tamper detection [v2]
Start developing quantum-resistant applications on Onyx VALKYRJA today