The kxos crate assembles all other crates into a runnable OS kernel image. This is the only binary crate; all other crates are libraries.
The kxos-frame crate constitutes the main part of the KxOS framework, providing a minimal set of safe abstractions that encapsulates unsafe Rust code to deal with hardware resources like CPU, memory, and interrupts.
The kxos-frame-* crates complement kxos-frame by providing more safe types, APIs, or abstractions that are useful to specific aspects of the KxOS.
The kxos-std crate is KxOS's equivalent of Rust's std crate, although their APIs are quite different. This crate offers an extensive set of high-level safe APIs that are widely used throughout the OS code above the framework (i.e., the crates described below).
The rest of kxos-* crates implement most of the functionalities of KxOS, e.g., Linux syscall dispatching, process management, file systems, network stacks, and device drivers.

Privilege separation

KxOS is a framekernel, separating the entire OS into two halves: the privileged half (so-called "frame") and the unprivileged half. Only the privileged half is allowed to include any unsafe Rust code. And it is the privileged half's responsibility to encapsulate the unsafe Rust code in safe API so that most of the OS functionalities can be implemented with safe Rust in the unprivileged half.

This philosophy of privilege separationn is also reflected in the code organization.

The privileged half consists of kxos, kxos-frame, and kxos-frame-* crates.
The unprivileged half consists of kxos-std and the rest kxos-* crates.