Existing Rust-based operating systems suffer from bloated trusted computing bases (TCBs) and compromised memory safety due to pervasive misuse of `unsafe` code. To address this, this paper introduces *framekernel*, a novel microarchitectural foundation, and *OSTD*, a security-oriented development framework, enabling the first general-purpose OS implemented entirely in safe Rust while maintaining Linux ABI compatibility. Its core innovation is kernel-level fine-grained frame isolation, enforcing strict privilege separation and reducing the TCB to just 14.0% of the codebase—enabling formal verification. Additionally, it provides a comprehensive compatibility layer supporting over 210 Linux system calls and compile-time privilege control. Evaluation demonstrates that, despite eliminating all `unsafe` code and guaranteeing memory safety, the system achieves performance on par with Linux—thereby establishing, for the first time in a general-purpose OS, the feasibility of simultaneously achieving strong security, high efficiency, and broad compatibility.

How can one build a feature-rich, general-purpose, Rust-based operating system (OS) with a minimal and sound Trusted Computing Base (TCB) for memory safety? Existing Rust-based OSes fall short due to their improper use of unsafe Rust in kernel development. To address this challenge, we propose a novel OS architecture called framekernel that realizes Rust's full potential to achieve intra-kernel privilege separation, ensuring TCB minimality and soundness. We present OSTD, a streamlined framework for safe Rust OS development, and Asterinas, a Linux ABI-compatible framekernel OS implemented entirely in safe Rust using OSTD. Supporting over 210 Linux system calls, Asterinas delivers performance on par with Linux, while maintaining a minimized, memory-safety TCB of only about 14.0% of the codebase. These results underscore the practicality and benefits of the framekernel architecture in building safe and efficient OSes.