A high-performance orchestration layer for the Linux kernel, designed to bridge the gap between uncompromising security and deterministic system responsiveness. By optimizing for superior 1% lows and minimizing perceived latency, GOATd Kernel ensures your system 'feels' as fast as your hardware allows, without the stutters of generic builds. Built on the principle of verifiable sovereignty, it empowers you to build, harden, and own your kernel—eliminating the need to trust external sources by putting the build pipeline in your hands.
Compiling a custom kernel isn't about chasing a 10% higher FPS or Geekbench score—those are userspace-heavy benchmarks that rarely touch the kernel. GOATd Kernel is about minimizing system jitter, slashing the attack surface, and ensuring your hardware follows your specific intent, not a generic compatibility profile.
Mechanism Over Marketing
Stock kernels prioritize universal compatibility at the cost of system determinism. GOATd Kernel replaces reactive algorithms with proactive mechanisms:
- Traditional Page-Frame Reclaim Algorithm: Evicts pages reactively, causing UI stutters and system hitching when RAM usage spikes.
- MGLRU (Multi-Gen LRU): Makes smarter decisions about memory eviction by tracking multiple generations of page accesses, preventing "stuttering" during heavy I/O or multitasking.
- Stock kernels compile for generic x86_64 to maximize compatibility.
- Your kernel compiles specifically for your silicon, enabling AVX2, AVX-512, BMI2, and other instruction sets that generic builds ignore.
- Result: Kernel processes data more efficiently for cryptographic operations, filesystem calculations, and syscall handling.
Success Metric: Lower 1% Lows—fewer stutters during heavy I/O or multitasking, not higher peak FPS.
Hardening isn't free—but it's honest about the tradeoff.
The Threat: Return-Oriented Programming (ROP) attacks hijack control flow by chaining existing code fragments to execute unintended sequences.
The Defense: Full LTO allows the compiler to build a complete control-flow graph across all kernel source files:
- LTO inlines functions and prunes dead code, preventing gadget chains from chaining.
- CFI verifies every indirect function call against the compiler's control-flow graph, blocking invalid jumps.
The Scale Problem: A stock kernel includes thousands of drivers for hardware you don't own.
The Principle: "If a driver isn't compiled into your kernel, it cannot be exploited."
GOATd's Modprobed & Desktop Whitelist:
- Scans your actual hardware—excludes drivers you don't need.
- Whitelist ensures essential desktop functions (USB storage, common filesystems) remain functional.
- Result: Drastically smaller kernel size, faster boot times, and measurably reduced exploitable surface.
Hardened kernels enable every protection (KPTI, Retpolines, CFI):
- Measured performance impact: 5-15% on syscall-heavy workloads (measured on context-switch latency, syscall duration).
- This is the real cost of modern mitigations, not marketing spin.
- For gaming/interactive use on modern CPUs, the impact is much lower due to branch prediction optimization.
Success Metric: Security baseline achieved—running a kernel with a significantly smaller attack surface and optimized (not just "bolted-on") hardware mitigations.
GOATd allows you to swap the "brain" of your system at runtime using eBPF-based schedulers.
| Scheduler | Logic | Primary Use |
|---|---|---|
| EEVDF | Fairness & Lag | General Purpose: Standard Linux baseline for stable, predictable fairness. |
| scx_bpfland | Interactivity | Everyday Hero: Prioritizes your foreground app, ensuring game/stream/Discord stays responsive. |
| scx_lavd | Latency Criticality | Pro-Audio & Gaming: Eliminates buffer underruns by identifying critical "wait chains" between tasks. |
| scx_rusty | Cache Locality | Server & Throughput: Partitions by LLC domains on high-core systems for maximum parallelism. |
- 🤖 Auto (Default): Dynamic heuristic. Disables aggressive features during idleness, scales up during high-interactivity demands. Best balanced experience.
- 🚀 Gaming: Locks scheduler to performance-first state. Maximizes 1% Lows by prioritizing P-cores, increasing context-switch frequency to reduce input lag, preventing background task interference.
- ⚡ LowLatency: Real-time responsiveness. Reduces time-to-CPU for high-priority threads, ideal for DAW and real-time communication where hitching is unacceptable.
- 🔋 PowerSave: CPU deep sleep priority. Aggressively parks idle cores, intentionally delays non-critical tasks to enable hardware low-power states.
- 🖥️ Server: Sustained high-throughput. Pins tasks to LLC domains, reduces inter-core task migration, maximizes cache locality for database engines and web servers.
Success Metric: Deterministic responsiveness. Your system responds the same way every time, regardless of background load.
Expectation: Focus on minimized 1% lows and higher minimum FPS while maintaining a MUCH higher security level. Reality: A system that feels as fast or faster than an "unprotected" kernel.
Why: You're running hardened, optimized code. The security tax is real but measured. Background jitter is eliminated. Memory management is smarter. Scheduling is tailored to your workload.
When you build a GOATd Kernel, you get:
- Lower 1% Lows: Fewer stutters during heavy I/O or multitasking.
- Determinism: Your system responds consistently, regardless of background load.
- Security Baseline: Modern hardware mitigations are optimized into the kernel, not just forced on top.
- Attack Surface Reduction: Only drivers you actually use are compiled in.
- 🛠️ Orchestrator Build Pipeline: State-aware engine for automated dependency resolution and microarchitecture detection.
- 📊 Spectrum UI Telemetry: Real-time monitoring of context switches, jitter, and syscall latency via native
egui. - ⚙️ LLVM-First Toolchain: Advanced LTO for maximum binary efficiency.
- 🛡️ Integrity Audit: Automated verification of source signatures and build environment health.
| Variant | Focus | Description |
|---|---|---|
| Mainline | Edge | Latest upstream RC code with full pipeline support. |
| Stable | Balanced | Upstream standard with GOATd optimization passes. |
| Hardened | Security | Maximum attack surface reduction and hardening. |
| LTS | Reliability | Stability-first approach for mission-critical systems. |
For Arch Linux Users - AUR Installation (Fastest)
The latest release is now available on the AUR: goatdkernel. Use the following to quickly download and install the pre-built binary without having to compile:
yay -S goatdkernelor
paru -S goatdkernel1. Prerequisites Ensure you are on Arch Linux with base development tools:
sudo pacman -Syu --needed base-devel rustup git
rustup default stable2. Installation Clone and initialize the environment:
git clone https://github.com/madgoat/goatd-kernel.git
cd goatd-kernel
./goatdkernel.sh --setup3. Launch Run the orchestrator:
cargo run --releaseExplore the internal logic and design principles:
GOATd Kernel: Built for those who know the difference.