Existing zkVMs require statically linking custom runtimes to build unikernels for supporting modern programs, leading to version fragmentation, bloated trusted computing bases (TCBs), and redundant auditing efforts. This paper introduces ZeroOS—the first modular libOS designed specifically for zkVMs—enabling on-demand linking of Linux ABI subsets, allowing verified applications (vApps) to be built via standard toolchains without maintaining large runtime forks. Its key contributions are: (1) a zkVM-native libOS architecture supporting ABI-level dynamic trimming and cross-platform portable booting; and (2) a lightweight bootloader abstraction layer coupled with a static linking optimization framework. The open-source implementation has been integrated into multiple zkVM projects, significantly reducing TCB size, lowering maintenance overhead, and improving vApp security, auditability, and ecosystem compatibility.

zkVMs promise general-purpose verifiable computation through ISA-level compatibility with modern programs and toolchains. However, compatibility extends further than just the ISA; modern programs often cannot run or even compile without an operating system and libc. zkVMs attempt to address this by maintaining forks of language-specific runtimes and statically linking them into applications to create self-contained unikernels, but this ad-hoc approach leads to version hell and burdens verifiable applications (vApps) with an unnecessarily large trusted computing base. We solve this problem with ZeroOS, a modular library operating system (libOS) for vApp unikernels; vApp developers can use off-the-shelf toolchains to compile and link only the exact subset of the Linux ABI their vApp needs. Any zkVM team can easily leverage the ZeroOS ecosystem by writing a ZeroOS bootloader for their platform, resulting in a reduced maintainence burden and unifying the entire zkVM ecosystem with consolidated development and audit resources. ZeroOS is free and open-sourced at https://github.com/LayerZero-Labs/ZeroOS.