HongMeng Kernel

HongMeng Kernel
HongMeng Kernel
	HongMeng Kernel architecture diagram
Developer	Huawei
Written in	C
OS family	OpenHarmony
Working state	Current
Source model	Closed, with open source components
Initial release	August 2023; 2 years ago
Latest release	1.11.0 / September 16, 2025; 5 months ago
Supported platforms	Current: ARM64
Kernel type	Microkernel
License	Commercial software, Proprietary software except for open-source components
Preceded by	OpenHarmony ChCore (Monolithic) kernel, LiteOS (RTOS) kernel

HongMeng Kernel (Chinese: 鸿蒙内核; pinyin: Hóngméng nèihé; lit. 'Hong Meng inner core') is a proprietary distributed operating system kernel developed by Huawei. It is used in current HarmonyOS 5 iterative versions of the HarmonyOS operating system, replacing previous versions that relied on the AOSP compatibility layer, Linux kernel, and LiteOS kernel.^[1]^[2] The HongMeng Kernel adopts a microkernel architecture, designed to enhance security by isolating critical system components while offering the ability to bring system components into the kernel for greater performance.^[1]^[2]^[3]

Design

The HongMeng Kernel is a microkernel, enabling greater modularity and larger portions of the OS to benefit from memory protection. For greater performance, it also allows operating system services to be brought into the kernel when necessary for a particular application.^[3]

When used in smartphones, the HongMeng kernel supports Linux ABI compatibility by placing an ABI-compatible compliant shim in kernel space.^[3] The kernel can also reuse Linux drivers through driver containers.^[3] This enables the use of drivers required for migrated HarmonyOS 4.x compatible devices and third-party unadopted peripherals with Linux drivers, which can coexist with native HongMeng kernel drivers for newer hardware and officially supported peripherals.^[4] It also contains a security hardening architecture for the Linux API/ABI compatibility module based on an SELinux module adapter. In embedded applications, the HongMeng kernel can be configured to run drivers in user space.^[3]

As of November 25, 2025^[update], the current version of the HongMeng kernel used in HarmonyOS NEXT is 1.11.0.^[5]

HongMeng Kernel objects used as carriers for data transmission during IPC communication. The capability system ensures only the capability to read from or write to kernel objects can receive or send messages through these objects. As a result, the content of messages has inability to insert malicious processes.^[6]^[7]

HongMeng Kernel adopts a microkernel architecture that reduces the kernel TCB (Trusted Code Base). Compared to traditional monolithic kernels such as Linux kernel,^[8] the kernel code in HongMeng Kernel is less than one-fourth in size, significantly reducing occurrence of vulnerabilities on the kernel.^[7]^[9]

On HongMeng Kernel, the HKIP module provides various protection mechanisms. Other than code, the read-only data, and kernel page table, other critical structures within the kernel are not protected by HKIP. The finer-grained kernel module isolation featured in HongMeng kernel, which divides kernel resources into multiple types, different types are managed by corresponding modules, and modules communicate with each other through the IPC mechanism, which has a better effect on multiple modules defense against attacks. Then it divides the permissions between modules in a fine-grained manner and communicates between modules through IPC, making it difficult for attackers to evolve the attack results of one module into the attack results of the entire system. HongMeng Kernel loads the driver in user mode, making it difficult to trigger an attack against drivers to an attack against the kernel EL1 layer by strictly obtaining only EL0 permissions.^[10]^[7]

HongMeng Kernel has file system protection in place, using different keys for different contexts to protect the confidentiality and integrity of code and data files, and key management with the Secure Enclave (TrustZone, security chip) isolated from the kernel. Manufacturers and system developers can use hardware security primitives alongside third-party to first-party chip designs provided by processors to achieve a higher level of security privileges than the kernel. Even after an attacker compromises the HongMeng Kernel, the system relies on a hypervisor or secure monitor that is lower than the kernel and has a smaller TCB. The TrustZone and security chip, which are isolated from the rich executed environment REE kernel, ensures the security of users' sensitive data.^[7]^[11]

The Star Shield Security Architecture in OpenHarmony-based systems with HarmonyOS operates at both system level and kernel level, with a comprehensive approach that spans multiple layers. OpenHarmony's security architecture inherently relies on kernel-level security as the foundation for Process isolation and memory protection, Mandatory Access Control (MAC) systems, Secure boot and system integrity verification, Hardware-based security features, Comprehensive Layered Approach. The architecture implements "defense in depth" with security hardening measures at Hardware level (trusted execution environments), Kernel level (fundamental isolation and access control), System level (application framework security, permissions) Access Token Manager (ATM)^[12] access control which is a combination of RBAC and Capability-based and Application level (sandboxing, data protection) that is a unified security model that adapts to different hardware capabilities while maintaining consistent security principles from kernel to application layer.^[13]

The HongMeng Kernel's L5 certification represents the highest security level for OpenHarmony-based devices. This level requires formal verification of core system software modules, hardware components resilient to physical and laboratory-simulated attacks, and dedicated security chips to establish a hardware-rooted trust chain during boot, storage, and execution.^[14]

History

Development of HongMeng Kernel, microkernel project began in late 2016 internally within Huawei, as part of the wider open source OpenHarmony project going back as far as 2015 with Project 543 that led to HarmonyOS 5 development that commenced in July 2021 under the internal codename "543-2".^[15]

Certifications

On 15 August 2023, Huawei's HongMeng Kernel achieved Evaluation Assurance Level 6 Augmented (EAL6+) certification under the Common Criteria for Information Technology Security Evaluation (CC), becoming the first operating system kernel certified to this level for general-purpose operating systems.^[16]^[17]

On 26 Match 2020, the HongMeng Kernel was certified to comply with requirements of Automotive Safety Integrity Level D, the most onerous safety level defined by ISO 26262 for software use within road vehicles.^[18]

On 29 March 2022, the HongMeng Kernel was certified to comply with requirements of Systematic Capability level C and Safety Integrity Level 3 defined by IEC 61508.^[19]

References

^ ^a ^b Wu, Jessie (2024-06-24). "Huawei's HarmonyOS NEXT breaks away from Android". TechNode. Retrieved 2024-07-08.
^ ^a ^b Matsui, Emiko (2024-01-19). "HarmonyOS NEXT is a true operating system with self-developed components: Huawei CEO". Huawei Central. Retrieved 2024-07-08.
^ ^a ^b ^c ^d ^e ^f Swett C, Jr; Jia, Ning; Wang, Nan; Li, Yu; Liu, Nian; Liu, Yutao; Wang, Fei; Huang, Qiang; Li, Kun; Yang, Hongyang; Wang, Hui; Yin, Jie; Peng, Yu; Xu, Fengwei (10 July 2024). "Microkernel Goes General: Performance and Compatibility in the HongMeng Production Microkernel" (PDF). This Paper is Included in the Proceedings of the 18th USENIX Symposium on Operating Systems Design and Implementation. Retrieved 2024-07-10.;
^ "HarmonyOS ABIs > Introduction to Hardware Compatibility > Hardware Compatibility". Huawei Developers. Huawei. Retrieved 2 December 2025.
^ Nick (2024-04-16). "HarmonyOS NEXT leak exposes the in-house kernel in the native HDC toolchain". HarmonyOSHub. Retrieved 2024-07-08.
^ Kaur, Dashveenjit (2024-06-26). "HarmonyOS NEXT: Huawei's bold move to challenge Apple and Android". Telecoms Tech News. Retrieved 2024-07-08.
^ ^a ^b ^c ^d DARKNAVY (2024-06-11). "AVSS Report: System Security Adversarial Capability Preliminary Evaluation of iOS, Android, and HarmonyOS - Kernel". DARKNAVY. Retrieved 2024-07-08.
^ "Huawei Claims They Have Something Better Than The Linux Kernel". It's FOSS News. 2024-01-22. Retrieved 2024-07-08.
^ Victor. "Huawei's HarmonyOS NEXT Beta launches officially". GSMArena.com. Retrieved 2024-07-08.
^ "【OS核心技术】全栈协同内核与通信技术，实现流畅易用体验". live.huawei.com. Retrieved 2025-07-21.
^ "asplos24-slides/1-OH-Introduction-XYB.pdf at main · openharmony-research/asplos24-slides" (PDF). GitHub. Retrieved 2024-07-08.
^ openharmony/security_access_token, OpenHarmony, 2025-11-28, retrieved 2025-12-03
^ "System Architecture | fenwii/OpenHarmony". DeepWiki. Retrieved 2025-11-30.
^ "OpenHarmony/security_device_security_level: Device security level management | 设备安全等级管理模块". Gitee (in Chinese (China)). Retrieved 2025-11-30.
^ "HarmonyOS 5.x". BetaWiki. Retrieved 2025-12-08.
^ huawei, huawei (Aug 15, 2023). "Huawei obtains highest-level security certification for smart device OSs". huawei. Archived from the original on 2025-09-13. Retrieved 2025-09-13.
^ "Common Criteria for Information Technology Security Evaluation (CC)" (PDF). commoncriteriaportal. Archived (PDF) from the original on 2024-09-24. Retrieved 2025-09-13.
^ "968/FSP 2025.00/20" (PDF).
^ "968/FSP 2394.00/22" (PDF).

External links

Official website

This article incorporates text from this source, which is in the public domain: HongMeng Kernel

[technode-1] Wu, Jessie (2024-06-24). "Huawei's HarmonyOS NEXT breaks away from Android". TechNode. Retrieved 2024-07-08.

[huaweicentral-2] Matsui, Emiko (2024-01-19). "HarmonyOS NEXT is a true operating system with self-developed components: Huawei CEO". Huawei Central. Retrieved 2024-07-08.

[usenix-osdi24-chen-haibo-3] ^ ^a ^b ^c ^d ^e ^f Swett C, Jr; Jia, Ning; Wang, Nan; Li, Yu; Liu, Nian; Liu, Yutao; Wang, Fei; Huang, Qiang; Li, Kun; Yang, Hongyang; Wang, Hui; Yin, Jie; Peng, Yu; Xu, Fengwei (10 July 2024). "Microkernel Goes General: Performance and Compatibility in the HongMeng Production Microkernel" (PDF). This Paper is Included in the Proceedings of the 18th USENIX Symposium on Operating Systems Design and Implementation. Retrieved 2024-07-10.;

[4] "HarmonyOS ABIs > Introduction to Hardware Compatibility > Hardware Compatibility". Huawei Developers. Huawei. Retrieved 2 December 2025.

[5] Nick (2024-04-16). "HarmonyOS NEXT leak exposes the in-house kernel in the native HDC toolchain". HarmonyOSHub. Retrieved 2024-07-08.

[6] Kaur, Dashveenjit (2024-06-26). "HarmonyOS NEXT: Huawei's bold move to challenge Apple and Android". Telecoms Tech News. Retrieved 2024-07-08.

[darknavy-7] DARKNAVY (2024-06-11). "AVSS Report: System Security Adversarial Capability Preliminary Evaluation of iOS, Android, and HarmonyOS - Kernel". DARKNAVY. Retrieved 2024-07-08.

[8] "Huawei Claims They Have Something Better Than The Linux Kernel". It's FOSS News. 2024-01-22. Retrieved 2024-07-08.

[9] Victor. "Huawei's HarmonyOS NEXT Beta launches officially". GSMArena.com. Retrieved 2024-07-08.

[huawei-10] "【OS核心技术】全栈协同内核与通信技术，实现流畅易用体验". live.huawei.com. Retrieved 2025-07-21.

[11] "asplos24-slides/1-OH-Introduction-XYB.pdf at main · openharmony-research/asplos24-slides" (PDF). GitHub. Retrieved 2024-07-08.

[12] openharmony/security_access_token, OpenHarmony, 2025-11-28, retrieved 2025-12-03

[13] "System Architecture | fenwii/OpenHarmony". DeepWiki. Retrieved 2025-11-30.

[14] "OpenHarmony/security_device_security_level: Device security level management | 设备安全等级管理模块". Gitee (in Chinese (China)). Retrieved 2025-11-30.

[15] "HarmonyOS 5.x". BetaWiki. Retrieved 2025-12-08.

[16] uawei, huawei (Aug 15, 2023). "Huawei obtains highest-level security certification for smart device OSs". huawei. Archived from the original on 2025-09-13. Retrieved 2025-09-13.

[17] "Common Criteria for Information Technology Security Evaluation (CC)" (PDF). commoncriteriaportal. Archived (PDF) from the original on 2024-09-24. Retrieved 2025-09-13.

[18] "968/FSP 2025.00/20" (PDF).

[19] "968/FSP 2394.00/22" (PDF).

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]

v t e Distributed operating systems
Current	HarmonyOS OpenHarmony HarmonyOS NEXT Inferno Plan 9 from Bell Labs QNX
Historic	Amoeba Barrelfish Cambridge Distributed Computing System ChorusOS Domain/OS HeliOS LOCUS MOSIX Sprite V
Projects	Cairo
Category

Design

History

Certifications

See also

Further reading

References

External links

Epstein Files Full PDF

Design

History

Certifications

See also

Further reading

References

External links