FAQ
Frequently asked questions.
The questions people ask first, answered plainly. Credibility before the practical details. Each answer links to where the subject is covered in full.
Before you dive in
Is this real, and what does it stand for?
Is NexaCore OS real, or vaporware?
It runs. Today NexaCore OS boots bare-metal on x86-64 over UEFI, brings up multiple cores, drives real NVMe, virtio-net and e1000e hardware from user space, and renders an interactive desktop. A from-scratch transformer serves inference from a Ring 3 process. The workspace is 79 crates and 6,700+ automated tests, 100% Rust. You can boot it yourself in one command. See the status and the source.
Can I run it today?
To try, yes. To rely on, no. This is Phase 1, v0.3.0-alpha.1. It boots under QEMU and on some real hardware, but it isn't a daily driver and won't replace your operating system. What's shipped versus planned is on the roadmap.
Why a new OS instead of Linux?
Linux is a kernel designed before modern AI, with intelligence bolted on through user-space services and cloud APIs. NexaCore OS treats inference, model orchestration and agents as kernel-level primitives, next to processes and files. That isn't something you can retrofit onto an existing kernel without becoming it. We're not a Linux distribution and don't aim to be. The reasoning is in the technology deep dive.
Isn't putting AI in the kernel a security risk?
The model doesn't run in the kernel with free rein. Access is mediated by capability tokens: a signed structure naming the action, the actor and the resource. An agent that can touch your data can't change the system; an agent that can change the system can't read your data. The five system agents are each sandboxed, with their own narrow capabilities and budget. See the agents and the privacy model.
Is this a crypto or web3 project?
No. There's no token, no blockchain, no coin, and there never will be. The mesh is peer-to-peer compute among people running the same software, coordinated by cryptographic attestation, not a distributed ledger. When we say decentralized we mean the network topology, not a financial instrument.
Is the cryptography audited?
Not yet, and we say so in the code. The nexacore-crypto crate carries an AWAITING_CRYPTO_REVIEW marker. The primitives follow the RustCrypto APIs and pass RFC test vectors, but no external cryptographer has signed off. Don't use it adversarially until one has. An external audit is the project's first funding priority.
How is privacy actually enforced?
By the protocol, not by policy. Mesh participation requires attestable hardware, payloads carry compliance proofs, and decryption is bound to attested enclaves. A node that doesn't comply can't produce traffic the network accepts, because the cryptography won't let it. It's a mechanism, not a promise in a settings menu. The technology deep dive has the details.
Who's behind it, and how is it funded?
NexaCore OS is an independent open-source project, founded by Matteo Sala. It takes no venture capital and runs no ads. It doesn't take donations yet: funding opens once the project has a foundation to hold it, under a published governance and funding policy. The design goal is that no single entity can capture the project. See how support works.
What's the license?
The code is Apache-2.0. The protocol specifications are public domain (CC0). Forks are first-class by design, and the project won't enforce trademarks against protocol-compliant forks. Read it, build it, fork it, and rejoin the mesh on equal terms. The repository has the full text.
Getting started
How do I try it and help?
What are the hardware requirements?
To try it under QEMU you need a normal x86-64 Linux machine and the emulator. To boot on metal you need an x86-64 machine with UEFI firmware. Broader hardware and other architectures are on the roadmap, not shipped.
How do I try it?
Clone the repository and run the boot smoke script:
git clone https://github.com/CySalazar/nexacore-os
cd nexacore-os
bash scripts/qemu-boot-smoke.sh
It builds the workspace and boots NexaCore OS under QEMU so you can watch it come up. The README has the rest.
How can I contribute?
The highest-value work today is documentation review, threat-model refinement, and cryptographic-API review. Pick up a good-first-issue, improve the docs, or open a Draft NCIP for a substantive change. Contributions are signed off with the DCO. Start on the contribute page.
How do I report a security issue?
Privately, through coordinated disclosure. Don't open a public issue for a vulnerability. Send an encrypted report to [email protected]. The process is on the contribute page.
Where do I follow progress?
The devlog carries build-in-public notes, with an RSS feed and a newsletter. Questions and ideas go in GitHub Discussions. The project is also on X and YouTube.