Embedded safety-critical systems demand operating systems that simultaneously guarantee formal verifiability and real-time performance—a longstanding challenge due to inherent trade-offs between assurance and efficiency. Method: This paper introduces LionsOS, a novel embedded OS for high-assurance scenarios, built upon the formally verified seL4 microkernel. It adopts a static-configurable, highly modular, and separation-of-concerns architecture, enabling a minimal kernel abstraction layer and strongly isolated execution environments—thereby extending seL4’s verification guarantees across the entire system stack. Contribution/Results: Compared to Linux on identical hardware, LionsOS delivers superior real-time responsiveness, stronger memory and fault isolation, and end-to-end formal verifiability. Experimental evaluation against standard embedded safety benchmarks confirms its compliance and establishes a new paradigm for OS design that co-optimizes static verifiability and high performance.

We present LionsOS, an operating system for security- and safety-critical embedded systems. LionsOS is based on the formally verified seL4 microkernel and designed with verification in mind. It uses a static architecture and features a highly modular design driven by strict separation of concerns and a focus on simplicity. We demonstrate that LionsOS outperforms Linux.