Only the privileged Framework is allowed to use unsafe features of Rust, while the unprivileged Services must be written exclusively in safe Rust."
An interesting and novel idea!
Use unsafe Rust for the higher privilege supervisor and safe Rust for everything else... that's definitely novel, and an interesting idea!
Observation: The code for the kernel could be divided into microkernel and non-microkernel parts and separated, and the microkernel itself could be written in unsafe Rust, and everything else could be written in safe Rust, and a system could arise where there might be more effective memory protection than putting both sets of code into the same memory, but at the expense of speed (using slower messages instead of direct calls)... but that of course may not be desirable...
I don't think I know of any language/compiler/loader that could specifically flag, say, the 4K (or other size) memory page that compiled code will be loaded into as say, having a specific privilege level (the compiler would need specific additional keywords for that), and a map of such pages might have to be made by the compiler during compile time, and set by the OS loader at (or directly after) load time... but Rust's (or another language's) 'safe' and 'unsafe' keywords (or equivalents) could conceivably be made to do that, with the compiler outputting an appropriate map file, and OS loader that knows how to set memory page permissions based on that map file...
Anyway, Asterinas looks very interesting and novel!
Wishing the Asterinas team the best of luck in their endeavor!