Indigenous by Name: What India's Operating Systems Are, and What They Are Not

There is genuine engineering work behind India's OS efforts. There is also a meaningful gap between what these systems are and what they are sometimes described as. Understanding that gap matters for making the right decisions about critical infrastructure.

Two things that look similar but are not

There is a real difference between a Linux distribution and a ground-up operating system. A Linux distribution takes the Linux kernel, a codebase that has been developed by a global community since 1991 and now spans over 27 million lines of code, and packages it with a particular set of applications, configurations, and security policies. This is legitimate and useful engineering. Governments and enterprises around the world deploy Linux distributions for good reasons.

A ground-up OS is something different. It means designing and implementing the kernel itself: the scheduler, the memory manager, the hardware abstraction layer, the inter-process communication mechanism. It means making architectural decisions at the hardware level that no one else has made for you. The two are not the same thing, and conflating them in the context of national security procurement creates a false picture of what has been achieved.

The current landscape

BOSS, Bharat Operating System Solutions, was developed by C-DAC and first released in 2007. It is a Linux distribution based on Debian. The latest release, BOSS 10.0, runs the Cinnamon desktop environment and supports 19 Indian languages. It has been endorsed by the Government of India for adoption across public sector use and is deployed in government offices and schools.

BOSS is well-maintained, useful, and genuinely serves the purpose of reducing Windows licensing costs and improving localisation for Indian users. What it is not is an independently developed kernel. The kernel in BOSS is the Linux kernel. Its package management comes from Debian. The engineering work is real; the framing as a fully indigenous operating system overstates what has been built at the kernel layer.

Source: Wikipedia, Bharat Operating System Solutions —

Source: C-DAC official page —

Maya OS was developed by DRDO, C-DAC, and NIC, and deployed in India's Ministry of Defence from August 2023. It replaces Windows on internet-connected computers in defence environments. It includes Chakravyuh, an endpoint detection and protection system built to provide layered security against malware and ransomware.

Maya OS is based on Ubuntu Linux. According to Wikipedia and multiple news reports from its August 2023 launch, it was developed in approximately six months. As MediaNama reported at the time, it is a locally developed OS based on open-source Ubuntu. The Chakravyuh security layer adds genuine defensive capability. But the kernel it runs on is the same Ubuntu Linux kernel used worldwide. The defence ministry made a sound decision in moving away from a proprietary OS to an open-source one. The next step, building a kernel that Indian engineers fully own, has not yet been taken.

Source: Wikipedia, Maya OS —

Source: MediaNama, 'India's Defence Ministry to switch from Windows to Ubuntu-based OS,' August 10, 2023 —

Source: Business Standard, Maya OS coverage, August 11, 2023 —

Why this distinction matters in safety-critical contexts

For desktop and administrative computing, a Linux distribution is entirely appropriate. It is open-source, auditable to a reasonable degree, free from proprietary vendor lock-in, and cost-effective. The move from a proprietary OS to an open-source Linux-based system is a genuine improvement in the context of government desktops and office computing.

For safety-critical embedded systems, the bar is different. DO-178C Level A, the highest software certification level for aviation, requires that the development organisation can demonstrate complete traceability from requirements through design and implementation, with structural coverage analysis of the source code. At this level, formal verification methods are strongly encouraged or required depending on the system context. Certifying a system to DO-178C Level A on top of a general-purpose Linux kernel is not practically achievable, because the kernel was not designed with this certification path in mind and its size makes complete formal analysis intractable.

The same applies to ISO 26262 ASIL-D for automotive and to any high-assurance embedded application where the behaviour of the kernel must be mathematically provable, not just tested.

India's current OS ecosystem, as valuable as it is for its intended purposes, does not include a safety-critical RTOS that can be certified to these levels. That is the gap.

What a ground-up kernel requires

Building an OS kernel from scratch is a multi-year engineering programme. It requires expertise in CPU architecture, real-time scheduling theory, formal methods, and low-level systems programming. The design decisions made at the kernel level determine the security, reliability, and certifiability of everything that runs on top of it.

For context: the seL4 microkernel, developed at NICTA in Australia starting in 2006, consists of approximately 8,700 lines of C code and 600 lines of assembly. Its first formal proof of functional correctness was published at SOSP in 2009, three years after development began. The comprehensive formal verification covering the full range of security properties was published in ACM Transactions on Computer Systems in 2014, nearly a decade after the project started. That is the scale of engineering effort required to produce a formally verified kernel, even a small one.

A six-month development timeline, by definition, cannot produce a new kernel. It can produce a valuable security-hardened distribution on top of an existing one, which is exactly what projects like Maya OS are.

Source: Klein et al., 'seL4: Formal Verification of an OS Kernel,' SOSP 2009 —

Source: Klein et al., 'Comprehensive Formal Verification of an OS Microkernel,' ACM TOCS 2014 —

What RedKill is building

RedKill OS is being built to fill the gap that current Indian OS efforts have not addressed: a safety-critical, verification-ready, open-source RTOS designed from the ground up, with no inherited kernel dependencies.

The architecture is a microkernel design with modular partitioning, keeping the trusted computing base small enough to formally verify. It runs on ARM64, RISC-V64, and SPARC V8 and has been validated on the AJIT processor, India's indigenous microprocessor developed at IIT Bombay. The development path is targeted at ISO 26262 ASIL-D and DO-178C Level A certification readiness.

The goal is not to replace what BOSS or Maya OS do well. It is to build the layer that does not yet exist: a certifiable, formally verified embedded RTOS that India's defence, aerospace, and space sectors can deploy with full ownership of the stack.