I first discovered MirageOS and unikernels through mirage-fw, a firewall for QubesOs. I was amazed by how fast it boots and how few resources it requires: just 1 vCPU and 32 MiB of memory with no disk usage at all.
RedHat’s explanation of unikernels puts it well: “Unikernels are small, lightweight, single address space operating systems with the kernel included as a library within the application. Because unikernels run a single application, there is no sharing or competition for resources among different applications, improving performance and security”
Unikernels are only an abstract concept, MirageOS is one of the tools used to implement them. It’s a library operating system that lets you to construct unikernels using OCaml on a normal operating system, then compile and deploy them under a Xen or KVM hypervisor.
You can find a good overview of MirageOs here on its website.
Besides mirage-fw, I also tried these other unikernels and can recommend them:
Unikernels deserve more attention in the security community as they eliminate entire classes of vulnerabilities. What I especially hope to see are especially a sys-usb unikernel replacement and a wireguard unikernel in qubes. The former is already tracked via an open issue, though unfortunately no work has been done on it for some time. I have yet to write a (functional) unikernel myself, though I hope the unikernel community grows.