Now Public · MIXOS 1.1.0 · Kernel 1.1.0 for Synapse-X Helix-Q
Four years in production across Synapse-X fabs, treasury systems, and a short list of partner deployments under NDA. The 1.0.4 release is the first to ship as open source under MPL-3.0 — the same kernel, build pipeline, and Helix-Q dispatch path that has been running real workloads since 2031.
Free and open source forever. MIXOS Pro adds extended security maintenance, livepatching, and regional compliance bundles.
$ uname -a
MIXos host01 1.1.0 hsx-q64 Synapse-X Helix-Q
$ cat /etc/release
MIXos release 1.1.0
$ adminspect --service web
[ ok ] web.mixd: running (pid 4812, up 14d 03:07)
[ ok ] listening on 0.0.0.0:80, 0.0.0.0:443
[ ok ] last config reload: 2035-04-12 03:14:07
[ ok ] qcoproc queue: 0 pending, 14ms p99
$ ps
PID USER %CPU Q% COMMAND
1 root 0.0 -- /sbin/mixd
812 www-data 1.2 -- web.mixd
4812 www-data 0.4 03 qtls-handshakeStandards, Listings, and Conformance
Why MIXOS
Familiar
Standard POSIX userland — bash, ls, cat, grep, ssh, find, the /etc layout, the system call surface — preserved without surprises. Scripts written for other Linux distributions run unmodified. Migrating an existing fleet typically takes a single maintenance window, and there is no proprietary toolchain to learn.
Performance
MIXOS Kernel 1.1.0 is the first production kernel with first-class support for the Synapse-X Helix-Q hybrid architecture. Classical threads run on a tail-latency-aware scheduler; quantum kernels dispatch through an in-kernel coprocessor queue with deterministic admission and per-cgroup quotas. Post-quantum TLS handshakes complete in single-digit milliseconds on commodity Helix parts.
Stability
Every LTS release receives five years of security patches and kernel backports under the open-source license, with an additional five years of Extended Security Maintenance available to MIXOS Pro subscribers. We publish the deprecation calendar four releases ahead so platform teams can plan, not react.
Security
MIXOS boots from a measured, signed chain anchored in the platform TPM. Packages are cryptographically signed and verified before installation. For organizations that need it, the attestation subsystem can stream system measurements to an audit endpoint of their choosing — internal SOC, third-party assessor, or a Qualified Verification Provider listed on the Reykjavik registry. For everyone else, it stays off.
Editions
MIXOS is open source under the MPL-3.0. Anyone can download, audit, modify, and redistribute it. MIXOS Pro adds extended security maintenance, a curated package repository, livepatching, and the compliance hardening profiles fleets ask us for. The two regional Pro editions ship with the certifications and identity bindings required on each side of the Atlantic — DANSA Article 7 attestation for Reykjavik Accord signatories, EOSR 2033 and the EDZ post-quantum framework for the European Digital Zone.
| Capability | Open Source | ProMost deployed | Pro — US Edition | Pro — EU Edition |
|---|---|---|---|---|
| MIXOS kernel + userland | Included | Included | Included | Included |
| Source code | Public | Public | Public | Public |
| Security & kernel updates | 5 years | 10 years | 10 years | 10 years |
| Extended Security Maintenance | — | +5 years | +5 years | +5 years |
| Vendor patch SLA | Best effort | 24 hours | 24 hours | 4 hours |
| Pro repository (managed builds) | — | Included | Included | Included |
| Kernel livepatch | — | Included | Included | Included |
| Compliance hardening profiles | — | CIS, generic | CIS, FedRAMP, CMMC | CIS, NIS2, eIDAS-Q, EOSR 2033 |
| DANSA Identity Attestation | Available | Available | Included | Not applicable |
| Per-host coverage | Up to 5 hosts (personal) | Unlimited | Unlimited | Unlimited |
| Annual list price (per host) | Free | $0 personal / $25 commercial | $300 | €340 |
MIXOS Pro — US Edition is sold to entities operating under US jurisdiction and includes FedRAMP High, CMMC Level 3, and Digital Authentication Compliance Act of 2035 (Title IV) alignment. Identity attestation is provided through a Qualified Verification Provider of the operator's choice. MIXOS Pro — EU Edition is sold within the European Digital Zone and aligns with NIS2, eIDAS-Q, and the EOSR 2033 child-safety framework; it does not implement DANSA, which the EDZ has not adopted. The base MIXOS Pro tier is available worldwide where export controls permit.
Security Architecture
Mandatory access control, signed packages, a hardened network stack, and an attestation subsystem for the workloads that need one. The defaults are conservative; the knobs are documented.
Read the Security WhitepaperBoot measurements anchored to TPM 2.0 or a vendor silicon key. Tampered firmware refuses to boot. Detection is the default; alerting is configurable.
Every package in the MIXOS repositories is reproducibly built and cryptographically signed. The package manager verifies signatures before any file touches disk. Operator-private repositories are first-class.
Per-process confinement profiles ship with every package in the base system. Kernel LSM hooks enforce the profile regardless of process privilege. Override requires an explicit, audited operator action.
Kernel audit events are written to an append-only Merkle log. Operators choose retention windows and whether to forward roots to an external attestor.
Workloads that need to prove their state to a third party can opt in to remote attestation via mixctl(1). The endpoint is operator-configured. Workloads that do not need it are not subject to it.
Platform Stack
MIXOS is a single, coherent stack — kernel, init, package manager, and standard libraries all built and tested together by one team. No competing daemons, no conflicting service managers, no surprise dependencies pulled in from a community pinned six months behind upstream.
The result: deterministic builds, predictable upgrades, and a kernel that boots in seconds on the silicon we test against.
Deployment
Bare-metal or virtualized, on any Synapse-X Helix part. Boots in under four seconds and stays out of your way.
Official images on every major cloud and a few minor ones. cloud-init, OCI runtime, and the package mirrors you'd expect.
A trimmed image for industrial, retail, and field-deployed hardware. Same userland, smaller footprint, longer signing keys.
For developers, analysts, and anyone who'd rather their laptop stay out of the way. Ships with a sensible desktop and the productivity stack most people install anyway.
Trusted Across the Atlantic Bloc
Customer Statement
“We standardized on MIXOS three years ago because it was the fastest thing we benchmarked and the support contract was honest. Everything since — the kernel cadence, the ten-year LTS window, the fact that our junior admins are productive on day one — has been a bonus. We run forty thousand machines on it and I sleep fine.”
Technical Specifications
Minimum Requirements
MIXOS Open Source is free for any use under the MPL-3.0. MIXOS Pro adds extended security maintenance, livepatching, and the regional compliance bundles required on each side of the Atlantic.
Download MIXOS Open Source free, or talk to us about a Pro pilot. A platform engineer will get back to your team within two business days to scope a deployment that fits your hardware and your calendar.
Or skip the form and grab the ISO from mirrors.mixos.org. No account required.