diff --git a/README.md b/README.md index 3f2a89e..ea40ded 100644 --- a/README.md +++ b/README.md @@ -2,72 +2,84 @@ > **Privacy-hardened devices for users who want their privacy back — on whatever platform they have.** -SilverMetal is SilverLABS' cross-platform privacy-hardening program. We don't believe in "one true OS" — we believe in meeting users on the platform they actually use, and giving them the strongest hardening that platform physically allows. Honestly labelled, no marketing fluff. +SilverMetal is SilverLABS' cross-platform privacy-hardening program. We don't believe in "one true OS" — we meet users on the platform they actually use, and give them the strongest hardening that platform physically allows. Honestly labelled, no marketing fluff. -## What you get +## Two product lines -Every SilverMetal device — whether you bought one preflashed or you're hardening your own — ships two layers: +The SilverMetal program ships two distinct product lines, named to make their scope obvious to buyers: -1. **The SilverLABS Stack** — a suite of cross-platform privacy apps that replace the cloud services your device normally talks to (Google, Apple, Microsoft): - - **SilverBrowser** — de-Googled, telemetry-free, fingerprint-resistant - - **SilverVPN** — always-on, no-logs, our own infrastructure - - **SilverSync** — private replacement for iCloud / Google Drive / OneDrive - - **SilverChat** — end-to-end encrypted messenger *(v1.1)* - - **SilverDuress** — duress password / panic-wipe *(v1.1)* - - **SilverKeys** — zero-knowledge password manager *(v1.1)* +### 🔒 SilverMetal OS +**We ship the operating system or ROM.** Full kernel-level control, our verified-boot key, our update channel. Strongest possible hardening. -2. **A Platform Hardening Profile** — OS-level changes tailored to what your platform allows: - - On **Linux** we ship a full custom OS - - On **Android** we ship a custom ROM (or a profile, depending on your device) - - On **Windows** we ship an installer that transforms LTSC IoT into a hardened build - - On **macOS** and **iOS** we ship signed configuration profiles + setup scripts +- **SilverMetal OS — Linux** *(Debian/Kicksecure-based ISO)* — Tier A +- **SilverMetal OS — Pixel** *(GrapheneOS-fork ROM)* — Tier B +- **SilverMetal OS — Samsung** *(LineageOS-fork ROM, unlocked-bootloader models)* — Tier C +- **SilverMetal OS — Motorola** *(DivestOS/LineageOS-fork ROM)* — Tier C + +### 🛡️ SilverMetal Enhanced +**We harden the OS your device already runs.** Configuration profiles, hardening installers, the SilverLABS Application Stack. For users who can't or won't replace their OS. + +- **SilverMetal Enhanced — Windows** *(LTSC IoT installer + hardening + Stack)* — Tier C +- **SilverMetal Enhanced — macOS** *(signed config profile + setup script + Stack)* — Tier C-D +- **SilverMetal Enhanced — iOS** *(MDM profile + Stack)* — Tier D +- **SilverMetal Enhanced — Android** *(generic profile + Stack on existing Android)* — Tier D + +Tiers explained in [`docs/platform-matrix.md`](docs/platform-matrix.md). + +## What every SilverMetal device gets + +Both lines ship the **SilverLABS Application Stack** — a suite of cross-platform privacy apps that replace the cloud services your device normally talks to (Google, Apple, Microsoft): + +| Component | Status | Purpose | +|---|---|---| +| **SilverBrowser** | v1 (Linux MVP) | De-Googled, telemetry-free, fingerprint-resistant browser | +| **SilverVPN** | **Existing** — see [`SilverLABS/SilverVPN`](https://git.silverlabs.uk/SilverLABS/SilverVPN) | Always-on, no-logs VPN with our own infrastructure | +| **SilverSync** | v1 (Linux MVP) | Private replacement for iCloud / Google Drive / OneDrive | +| **SilverChat** | v1.1 (may overlap with `SilverVPN.Client.Chat`) | E2EE messenger | +| **SilverDuress** | v1.1 | Duress password / panic-wipe / anti-coercion | +| **SilverKeys** | v1.1 | Zero-knowledge password + 2FA manager | ## Two ways to get SilverMetal +Every flavour — OS or Enhanced — supports both buyer modes: + ### "I'm choosing a new device" -Buy a **preflashed SilverMetal SKU** — a Pixel with SilverMetal Droid, a Coreboot laptop with SilverMetal Linux, etc. We've done all the work; it arrives ready. +Buy a **preflashed SilverMetal SKU**. We've done all the work; it arrives ready. ### "I already own a device and want to harden it" -Download the **free SilverLABS Stack** + the **hardening profile / installer / ROM** for your existing platform. Apply it yourself. Same software, same hardening, no hardware lock-in. - -Every platform supports both modes. Nothing is premium-only; nothing is DIY-only. - -## Platform matrix - -| Platform | Hardening tier | What ships | Best for | -|---|---|---|---| -| **SilverMetal Linux** | A — full control | Custom Debian/Kicksecure-based ISO | Maximum privacy; users whose work is browser/office/dev/comms | -| **SilverMetal Droid (Pixel)** | B — verified boot ours | GrapheneOS-based ROM | "Secure phone" buyers, journalists, high-risk users | -| **SilverMetal Droid (Samsung / Motorola)** | C — varies | LineageOS/DivestOS-based ROM where supported, profile + stack elsewhere | Users with existing non-Pixel Android | -| **SilverMetal Droid (generic)** | D — app + profile only | Stack install + work-profile hardening | "I have an Android, harden it" | -| **SilverMetal Windows** | C — config layer | LTSC IoT installer + Stack + Group Policy hardening | Users locked into Windows-only software | -| **SilverMetal macOS** | C-D — config + Stack | Signed config profile + setup script + Stack | Mac-committed users | -| **SilverMetal iOS** | D — profile + curated apps | MDM profile + Stack from App Store | iPhone users wanting maximum-feasible hardening | - -For honest pros/cons of each, see [`docs/platform-matrix.md`](docs/platform-matrix.md). +Download the **free SilverLABS Stack** + the **SilverMetal OS or Enhanced package** for your platform. Apply it yourself. Same software, same hardening, no hardware lock-in. ## Status | Component | Status | |---|---| -| Documentation + roadmap | **In progress** (this scaffold) | -| SilverMetal Linux v1 | Planning → milestone 2 (build pipeline) | -| SilverLABS Stack v1 (Browser + VPN + Sync) | Planning | -| Other platforms | Planning, post-Linux v1 | +| Documentation + roadmap | Initial scaffold complete | +| SilverMetal OS — Linux v1 | Phase 1 — moving to milestone 1.1 (build pipeline) | +| SilverLABS Stack v1 (Browser + Sync) | Planning | +| SilverVPN | Existing product, integration into v1 ISO planned | +| Other OS/Enhanced flavours | Planning, post-Linux v1 | See [`docs/roadmap.md`](docs/roadmap.md) for the milestone-driven plan. +## Related repositories + +| Repo | Relationship | +|---|---| +| [`SilverLABS/SilverVPN`](https://git.silverlabs.uk/SilverLABS/SilverVPN) | The VPN component of the SilverLABS Stack — already in production. SilverMetal integrates it; does not re-implement it | +| [`SilverLABS/SilverApple`](https://git.silverlabs.uk/SilverLABS/SilverApple) | **Deprecated.** Earlier iOS-hardening prototype, superseded by *SilverMetal Enhanced — iOS* | +| [`SilverLABS/SilverDROID`](https://git.silverlabs.uk/SilverLABS/SilverDROID) | Unrelated (SilverSHELL AppStore Android client). Name is similar but scope is different | + ## Documentation - [`docs/threat-model.md`](docs/threat-model.md) — who we defend against, who we don't - [`docs/design-principles.md`](docs/design-principles.md) — privacy-by-default, verifiability, honesty -- [`docs/platform-matrix.md`](docs/platform-matrix.md) — what each platform can and cannot deliver +- [`docs/platform-matrix.md`](docs/platform-matrix.md) — full per-platform pros/cons - [`docs/roadmap.md`](docs/roadmap.md) — milestones, ship order, scope - [`docs/trust-model.md`](docs/trust-model.md) — signing keys, reproducible builds, governance ## License -Components carry their own licenses (most are GPL/MIT/Apache-derived from upstream forks). See individual directories. +Components carry their own licenses (most are GPL/MIT/Apache-derived from upstream forks). Original SilverLABS-authored glue code is AGPL-3.0-or-later. See [`LICENSE`](LICENSE). ## SilverLABS diff --git a/android/README.md b/android/README.md index 419e511..6b58d6e 100644 --- a/android/README.md +++ b/android/README.md @@ -1,45 +1,55 @@ -# SilverMetal Droid +# SilverMetal — Android **Status**: Phase 2 (planning, post-Linux v1) -Android coverage across four tiers. See [`../docs/platform-matrix.md`](../docs/platform-matrix.md) for honest per-tier pros/cons. +Android coverage spans **both** SilverMetal product lines: -## Tiers +- 🔒 **SilverMetal OS** for devices where we ship a custom ROM (Pixel, Samsung-unlocked, Motorola-unlocked) +- 🛡️ **SilverMetal Enhanced** for users keeping their existing Android (any vendor, no bootloader unlock required) -### SilverMetal Droid Flagship — Pixel (Tier B) -GrapheneOS-fork on Pixel hardware. Verified boot we control, hardened kernel, app sandboxing enforced. Full SilverLABS Stack preinstalled. +See [`../docs/platform-matrix.md`](../docs/platform-matrix.md) for honest per-tier pros/cons. -### SilverMetal Droid Galaxy — Samsung (Tier C) -LineageOS / DivestOS-fork on Samsung models with unlockable bootloaders. Stack overlay on locked-bootloader models. +## Sub-flavours -### SilverMetal Droid Moto — Motorola (Tier C) -DivestOS / LineageOS-fork on supported Motorola models. Stack overlay everywhere. +### 🔒 SilverMetal OS — Pixel (Tier B) +GrapheneOS-fork on Pixel hardware. Verified boot we control, hardened kernel, app sandboxing enforced. Full SilverLABS Stack preinstalled. **Phase 2.1.** -### SilverMetal Droid Profile — generic (Tier D) -"Harden my existing Android" — full SilverLABS Stack + work-profile-based hardening config. Runs on any Android 13+ without bootloader changes. +### 🔒 SilverMetal OS — Samsung (Tier C) +LineageOS / DivestOS-fork on Samsung models with unlockable bootloaders. **Phase 2.2.** + +### 🔒 SilverMetal OS — Motorola (Tier C) +DivestOS / LineageOS-fork on supported Motorola models. **Phase 2.3.** + +### 🛡️ SilverMetal Enhanced — Android (Tier D) +For users keeping their existing OEM Android (Samsung locked-bootloader, OnePlus, Xiaomi, hand-me-downs, etc.). Stack apps + work-profile-based hardening config; no bootloader changes, no warranty void. **Phase 3A.** ## Directory layout -To be populated in Phase 2. Initial structure planned: +To be populated as each sub-flavour is built. Initial structure planned: ``` android/ -├── flagship/ # Pixel / GrapheneOS-fork build config -├── galaxy/ # Samsung ROM build configs -├── moto/ # Motorola ROM build configs -├── profile/ # Generic profile installer + work-profile config -└── shared/ # Common build infra, signing, OTA +├── os-pixel/ # 🔒 GrapheneOS-fork build config (Phase 2.1) +├── os-samsung/ # 🔒 Samsung ROM build configs (Phase 2.2) +├── os-motorola/ # 🔒 Motorola ROM build configs (Phase 2.3) +├── enhanced/ # 🛡️ Generic profile installer + work-profile config (Phase 3A) +└── shared/ # Common build infra, signing, OTA ``` -## Verification gates (per-tier) +## Verification gates -- ROM tiers: verified boot rooted in our key (Pixel only); reproducible builds; OTA signed and rollback-tested -- Profile tier: Stack apps installed and functional; work-profile isolation verified -- All tiers: telemetry-leak test (no Google services contact unless explicitly opted in by user) +- **OS tiers**: verified boot rooted in our key (Pixel only); reproducible builds; OTA signed and rollback-tested +- **Enhanced tier**: Stack apps installed and functional; work-profile isolation verified; no bootloader changes detected +- **All tiers**: telemetry-leak test (no Google services contact unless explicitly opted in by user); SilverVPN integrated as default VPN ## Upstream we depend on -- **GrapheneOS** — Pixel flagship base -- **LineageOS** — Samsung / Motorola base +- **GrapheneOS** — Pixel OS base +- **LineageOS** — Samsung / Motorola OS base - **DivestOS** — additional hardening patches - **AOSP** — root upstream +- **`SilverLABS/SilverVPN`** — MAUI Android client (existing) + +## Note on naming + +The existing repo `SilverLABS/SilverDROID` (SilverSHELL AppStore Android client) is unrelated to this Android flavour despite the similar name. They serve different products. diff --git a/docs/platform-matrix.md b/docs/platform-matrix.md index 2559a0f..19bd25c 100644 --- a/docs/platform-matrix.md +++ b/docs/platform-matrix.md @@ -2,8 +2,17 @@ The honest per-platform capability and pros/cons table. This is what a buyer sees on each product page so they can choose based on their actual constraint. +## The two product lines + +| Line | What it means | When you'd buy it | +|---|---|---| +| **🔒 SilverMetal OS** | We ship the OS or ROM | You're choosing a device with privacy as a priority, or you're willing to replace your existing OS | +| **🛡️ SilverMetal Enhanced** | We harden the OS your device already runs | You can't or don't want to replace your OS — corporate device, iPhone, or you're staying on Windows | + ## Hardening tiers +Independent of product line, each platform has a tier reflecting how deep our hardening can physically reach: + | Tier | What it means | |---|---| | **A — Fully controllable** | We own the kernel, boot chain, MAC framework, and update infrastructure | @@ -13,20 +22,27 @@ The honest per-platform capability and pros/cons table. This is what a buyer see ## Capability summary -| Platform | Tier | Deliverable | Stack support | +### SilverMetal OS (we ship the OS/ROM) + +| Platform | Tier | Deliverable | Stack | |---|---|---|---| -| SilverMetal Linux | A | Custom Debian/Kicksecure-based ISO | Full, native | -| SilverMetal Droid (Pixel) | B | GrapheneOS-fork ROM | Full, native | -| SilverMetal Droid (Samsung) | C | LineageOS-fork ROM where bootloader unlocks; profile + Stack elsewhere | Full where ROM, Stack-only otherwise | -| SilverMetal Droid (Motorola) | C | DivestOS/LineageOS-fork ROM on supported models | Full where supported | -| SilverMetal Droid (generic) | D | "Harden any Android" — Stack + work-profile config | Stack + config only | -| SilverMetal Windows | C | LTSC IoT installer + hardening + Stack | Full (Stack apps run native) | -| SilverMetal macOS | C-D | Signed config profile + setup script + Stack | Full (Stack apps run native) | -| SilverMetal iOS | D | MDM profile + Stack from App Store | Full (Stack apps via App Store) | +| **OS — Linux** | A | Custom Debian/Kicksecure-based ISO | Full, native | +| **OS — Pixel** | B | GrapheneOS-fork ROM | Full, native | +| **OS — Samsung** | C | LineageOS-fork ROM (unlocked-bootloader models) | Full, native | +| **OS — Motorola** | C | DivestOS/LineageOS-fork ROM (supported models) | Full, native | + +### SilverMetal Enhanced (we harden the OS in place) + +| Platform | Tier | Deliverable | Stack | +|---|---|---|---| +| **Enhanced — Windows** | C | LTSC IoT installer + hardening + Stack | Full (Stack apps run native) | +| **Enhanced — macOS** | C-D | Signed config profile + setup script + Stack | Full (Stack apps run native) | +| **Enhanced — iOS** | D | MDM profile + Stack from App Store | Full (Stack apps via App Store) | +| **Enhanced — Android** | D | "Harden your existing Android" — Stack + work-profile config | Stack + config only | ## Per-platform pros / cons -### SilverMetal Linux (Tier A) +### 🔒 SilverMetal OS — Linux (Tier A) **Reference setup. The strongest possible SilverMetal device.** **Pros** @@ -44,11 +60,11 @@ The honest per-platform capability and pros/cons table. This is what a buyer see - Some games, particularly anti-cheat-protected titles, will not run - Hardware compatibility needs checking before purchase (Coreboot SKUs are best-supported) -**Best for**: users whose work is browser + email + office docs + dev + comms; anyone who would otherwise install Linux themselves; the maximum-privacy buyer. +**Best for**: maximum-privacy buyer; anyone whose work is browser + email + office docs + dev + comms. --- -### SilverMetal Droid — Pixel flagship (Tier B) +### 🔒 SilverMetal OS — Pixel (Tier B) **The secure-phone flagship. GrapheneOS-tier engineering.** **Pros** @@ -64,30 +80,29 @@ The honest per-platform capability and pros/cons table. This is what a buyer see - Some banking apps and corporate apps refuse to run on non-Play-Integrity devices (workaround: sandboxed Play, but breaks the airtight model) - Not all carriers support all Pixel models cleanly -**Best for**: the "secure phone" buyer, journalists, activists, anyone who would otherwise buy an Encrochat-style rebadged phone but wants real engineering. +**Best for**: the "secure phone" buyer; journalists, activists; anyone who would otherwise buy an Encrochat-style rebadged phone but wants real engineering. --- -### SilverMetal Droid — Samsung (Tier C) -**For users on Samsung hardware. Variable depending on model and region.** +### 🔒 SilverMetal OS — Samsung (Tier C) +**For users on Samsung hardware with unlockable bootloader.** **Pros** - Wide hardware availability and price range -- LineageOS / DivestOS fork for unlocked-bootloader regions gives most of the benefit -- Knox security layer is genuinely capable on locked models -- Full SilverLABS Stack supported either way +- LineageOS / DivestOS fork on unlocked-bootloader regions delivers most of the benefit +- Knox security layer is genuinely capable (when bootloader is unlocked, Knox is tripped — accept this trade) **Cons** -- Many Samsung models — especially US-carrier models — have permanently locked bootloaders; we cannot replace the OS +- Many Samsung models — especially US-carrier models — have permanently locked bootloaders; SilverMetal OS — Samsung is not available on those (use Enhanced — Android instead) - Even on unlocked bootloader, we lose verified boot rooting back to our key -- Knox tripped flag is permanent; some Samsung features (Samsung Pay, Knox-protected work apps) may stop working +- Knox tripped flag is permanent; some Samsung features (Samsung Pay, Knox-protected work apps) stop working -**Best for**: existing Samsung owners; buyers wanting a non-Pixel Android with strong-enough hardening. +**Best for**: Samsung owners who want real ROM-level hardening and accept the Knox trade-off. --- -### SilverMetal Droid — Motorola (Tier C) -**For users on Motorola hardware. Best Android option after Pixel for unlocked-bootloader hardening.** +### 🔒 SilverMetal OS — Motorola (Tier C) +**For users on Motorola hardware. Best ROM option after Pixel for unlocked-bootloader hardening.** **Pros** - Many Moto models support bootloader unlock cleanly @@ -104,26 +119,7 @@ The honest per-platform capability and pros/cons table. This is what a buyer see --- -### SilverMetal Droid — Generic / "harden my existing Android" (Tier D) -**For users who already own an Android and won't / can't replace the ROM.** - -**Pros** -- Works on virtually any Android 13+ device -- Full SilverLABS Stack runs (Browser, VPN, Sync, etc.) -- Work-profile-based isolation contains tracking apps in a managed sandbox -- No bootloader unlock required; no warranty void - -**Cons** -- We do not control the OS — Google + your OEM still do -- Verified boot is your OEM's, not ours -- Telemetry from OS-level Google services cannot be fully blocked without a ROM swap -- Honest tier label: D, weakest Android tier - -**Best for**: existing Android owners who want privacy improvements without buying new hardware or unlocking their bootloader. - ---- - -### SilverMetal Windows (Tier C) +### 🛡️ SilverMetal Enhanced — Windows (Tier C) **For users locked into Windows-only software.** **Pros** @@ -145,7 +141,7 @@ The honest per-platform capability and pros/cons table. This is what a buyer see --- -### SilverMetal macOS (Tier C-D) +### 🛡️ SilverMetal Enhanced — macOS (Tier C-D) **For Mac-committed users.** **Pros** @@ -166,7 +162,7 @@ The honest per-platform capability and pros/cons table. This is what a buyer see --- -### SilverMetal iOS (Tier D) +### 🛡️ SilverMetal Enhanced — iOS (Tier D) **For iPhone users.** **Pros** @@ -182,27 +178,46 @@ The honest per-platform capability and pros/cons table. This is what a buyer see - Configuration profile + MDM applies; cannot modify iOS itself - Honest tier label: D, weakest tier in the family — *we say this in marketing* -**Best for**: users whose threat model is commercial surveillance (not state-actor targeting) and who need to stay on iPhone for personal/work reasons. +**Best for**: users whose threat model is commercial surveillance (not state-actor targeting) and who need to stay on iPhone. + +--- + +### 🛡️ SilverMetal Enhanced — Android (Tier D) +**For users who already own an Android (any vendor) and won't / can't replace the ROM.** + +**Pros** +- Works on virtually any Android 13+ device — Samsung locked-bootloader models, OEMs we don't have ROMs for, hand-me-down phones +- Full SilverLABS Stack runs (Browser, VPN, Sync, etc.) +- Work-profile-based isolation contains tracking apps in a managed sandbox +- No bootloader unlock required; no warranty void + +**Cons** +- We do not control the OS — Google + your OEM still do +- Verified boot is your OEM's, not ours +- Telemetry from OS-level Google services cannot be fully blocked without a ROM swap +- Honest tier label: D, weakest Android tier — *we say this in marketing* + +**Best for**: existing Android owners who want privacy improvements without buying new hardware or unlocking their bootloader. ## Decision flowchart ``` -Does the user need maximum privacy and is software-flexible? - → SilverMetal Linux +Are you choosing a new device, or hardening one you already own? -Does the user need a phone, primarily? - → Pixel? → SilverMetal Droid Flagship - → Samsung/Motorola with unlocked bootloader? → matching ROM tier - → iPhone or locked Android? → corresponding profile tier +CHOOSING NEW + Need maximum privacy and software-flexible? → 🔒 SilverMetal OS — Linux + Need a phone, primarily? + Pixel ok? → 🔒 SilverMetal OS — Pixel + Samsung (unlocked bootloader region)? → 🔒 SilverMetal OS — Samsung + Motorola (supported model)? → 🔒 SilverMetal OS — Motorola + Want iPhone? → 🛡️ SilverMetal Enhanced — iOS -Does the user need Windows-only software? - → SilverMetal Windows - -Is the user Mac-committed? - → SilverMetal macOS - -Does the user already own a device they're keeping? - → The corresponding "profile" or "harden existing" tier +ALREADY OWN A DEVICE + Windows machine you keep? → 🛡️ SilverMetal Enhanced — Windows + Mac you keep? → 🛡️ SilverMetal Enhanced — macOS + iPhone you keep? → 🛡️ SilverMetal Enhanced — iOS + Android you keep (any model)? → 🛡️ SilverMetal Enhanced — Android + Linux laptop you'd convert? → 🔒 SilverMetal OS — Linux (re-install) ``` We do not push users between tiers. We tell them what each can deliver and let them choose. diff --git a/docs/roadmap.md b/docs/roadmap.md index d55c5b3..695575c 100644 --- a/docs/roadmap.md +++ b/docs/roadmap.md @@ -2,6 +2,8 @@ Milestone-driven, no calendar dates (those slip; milestone gates don't). Each milestone has a definition of done. We don't move on until the previous milestone is met. +The two product lines (**SilverMetal OS** and **SilverMetal Enhanced**) share the same roadmap because they share the SilverLABS Application Stack and the same supporting infrastructure. They diverge in delivery format only. + ## Phase 0 — Foundation (current) **Goal**: get the architecture, threat model, and product principles documented and reviewed before writing OS code. @@ -11,14 +13,15 @@ Milestone-driven, no calendar dates (those slip; milestone gates don't). Each mi | 0.1 | Repo scaffold | Directory tree + per-platform stubs + per-stack stubs in place | | 0.2 | Umbrella docs | `README.md` + `docs/{threat-model,design-principles,platform-matrix,roadmap,trust-model}.md` complete and reviewed | | 0.3 | Gitea repo created and pushed | `SilverLABS/SilverMetal` exists on `git.silverlabs.uk` with this scaffold | +| 0.4 | Naming framework + repo alignment locked | OS / Enhanced naming applied; SilverApple deprecation noted; SilverVPN integration scope defined | -**Status**: in progress (this commit completes 0.1–0.3). +**Status**: complete. --- -## Phase 1 — SilverMetal Linux v1 (the MVP) +## Phase 1 — SilverMetal OS — Linux v1 (the MVP) -**Goal**: ship a public alpha ISO that passes our own hardening verification. This is the reference implementation; the patterns established here flow to other platforms. +**Goal**: ship a public alpha ISO that passes our own hardening verification. This is the reference implementation; the patterns established here flow to other flavours. | # | Milestone | Done when | |---|---|---| @@ -28,7 +31,7 @@ Milestone-driven, no calendar dates (those slip; milestone gates don't). Each mi | 1.4 | Telemetry-leak test green | tcpdump on fresh-install idle for 30 min — zero packets to MS/Google/Apple/Mozilla/Canonical/Debian/analytics endpoints | | 1.5 | LUKS2 + TPM2 PCR-bound install via Calamares | End-to-end: install → reboot → TPM unlock → desktop. Tamper test correctly falls back to passphrase | | 1.6 | SilverBrowser v1 integrated (ungoogled-chromium rebrand) | Default browser, no Google services, fingerprint defences validated | -| 1.7 | SilverVPN v1 integrated (WireGuard backbone) | Always-on default; kill-switch verified; account-number signup flow works | +| 1.7 | SilverVPN integrated into image | Existing `SilverLABS/SilverVPN` Linux client + tunnel service preinstalled, always-on default; kill-switch verified | | 1.8 | SilverSync v1 integrated (Nextcloud backbone, client-side encryption) | Contacts/calendar/files sync end-to-end; server cannot read content | | 1.9 | Update server + signing ceremony complete | First signed update delivered through alpha channel; rollback verified | | 1.10 | Public alpha ISO + SBOM + build attestation published | Download page live; reproducible-build instructions documented | @@ -45,64 +48,74 @@ Milestone-driven, no calendar dates (those slip; milestone gates don't). Each mi | # | Milestone | Done when | |---|---|---| -| 1.1.1 | SilverChat v1 (Matrix-based) | Homeserver running; iOS/Android/Linux/Windows/Mac clients functional; account-number onboarding | -| 1.1.2 | SilverDuress v1 | Linux PAM module + Android duress PIN + iOS Shortcuts/MDM trigger + Windows Group Policy + macOS profile — all verified | -| 1.1.3 | SilverKeys v1 | Bitwarden-derived client + SilverSync backend; per-platform clients | -| 1.1.4 | Atomic root experiment | ostree-based variant builds; v1.2 candidate if successful | +| 1.1.1 | SilverChat v1 — alignment review | Decide whether to pull `SilverVPN.Client.Chat` in, fork it, or scope SilverChat as a separate effort. Outcome documented in `docs/decisions/` | +| 1.1.2 | SilverChat v1 client + homeserver | Cross-platform clients functional; account-number onboarding | +| 1.1.3 | SilverDuress v1 | Linux PAM module + Android duress PIN + iOS Shortcuts/MDM trigger + Windows Group Policy + macOS profile — all verified | +| 1.1.4 | SilverKeys v1 | Bitwarden-derived client + SilverSync backend; per-platform clients | +| 1.1.5 | Atomic root experiment | ostree-based variant builds; v1.2 candidate if successful | --- -## Phase 2 — SilverMetal Droid +## Phase 2 — SilverMetal OS — Droid (Pixel + Samsung + Motorola) -**Goal**: ship Android coverage across all four tiers (Pixel flagship, Samsung, Motorola, generic profile). +**Goal**: ship the three ROM-level Android tiers. | # | Milestone | Done when | |---|---|---| -| 2.1 | Pixel flagship ROM (GrapheneOS-fork) | Builds, signs, OTA-updates from our infrastructure; Stack preinstalled; verified boot rooted in our key | -| 2.2 | Samsung tier (LineageOS-fork on unlocked-bootloader models) | Supported model list published; ROM + Stack overlay | -| 2.3 | Motorola tier (DivestOS/LineageOS) | Supported model list published; ROM + Stack overlay | -| 2.4 | Generic Android profile | "Harden my Android" installer: Stack apps + work-profile hardening config; works on Android 13+ | -| 2.5 | Android hardware SKU pilot | Pixel preflashed batch (10 units) + Moto preflashed batch (10 units) | +| 2.1 | OS — Pixel ROM (GrapheneOS-fork) | Builds, signs, OTA-updates from our infrastructure; Stack preinstalled; verified boot rooted in our key | +| 2.2 | OS — Samsung (LineageOS-fork on unlocked-bootloader models) | Supported model list published; ROM + Stack overlay | +| 2.3 | OS — Motorola (DivestOS/LineageOS) | Supported model list published; ROM + Stack overlay | +| 2.4 | Pixel preflashed pilot | 10 preflashed units shipped | +| 2.5 | Motorola preflashed pilot | 10 preflashed units shipped | --- -## Phase 3 — SilverMetal Windows +## Phase 3 — SilverMetal Enhanced (the four hardening packages) -**Goal**: ship the Windows hardening installer for users locked into Windows. +**Goal**: ship Enhanced packages for Windows, macOS, iOS, and generic Android. +The four Enhanced flavours can be developed largely in parallel since they share the SilverLABS Stack and don't depend on each other. + +### 3W — Enhanced — Windows | # | Milestone | Done when | |---|---|---| -| 3.1 | LTSC IoT base evaluated and licensed for our use | License path documented; base image acquired | -| 3.2 | Hardening installer (PowerShell/EXE) | Applies Group Policy, AppLocker, Defender ASR, removes Edge/Cortana/Store, blocks telemetry hosts | -| 3.3 | Stack ports for Windows | SilverBrowser/VPN/Sync/etc. native Windows builds, signed with our cert | -| 3.4 | BitLocker + TPM enforcement automated | Installer ensures BitLocker enabled with TPM-bound recovery | -| 3.5 | Windows hardware SKU pilot | Preflashed Coreboot-laptop variant with Windows + SilverMetal hardening (10 units) | -| 3.6 | Telemetry-leak test for Windows | 30-min idle on hardened install — minimal Microsoft contact, documented (we cannot reach zero on Windows; we publish what remains) | - ---- - -## Phase 4 — Apple platforms (macOS + iOS profiles) - -**Goal**: ship signed configuration profiles, setup scripts, curated app guidance, and Stack ports for Apple platforms. +| 3W.1 | LTSC IoT base licensed and acquired | License path documented | +| 3W.2 | Hardening installer (PowerShell/EXE) | Applies Group Policy, AppLocker, Defender ASR, removes Edge/Cortana/Store, blocks telemetry hosts | +| 3W.3 | Stack ports for Windows | SilverBrowser/Sync/etc. native Windows builds, signed with our cert. SilverVPN MAUI Windows client integrated | +| 3W.4 | BitLocker + TPM enforcement automated | Installer ensures BitLocker enabled with TPM-bound recovery | +| 3W.5 | Windows hardware SKU pilot | Preflashed Coreboot-laptop variant with Windows + Enhanced (10 units) | +| 3W.6 | Telemetry-leak test for Windows | 30-min idle on hardened install — minimum-feasible Microsoft contact, documented | +### 3M — Enhanced — macOS | # | Milestone | Done when | |---|---|---| -| 4.1 | macOS configuration profile | Signed `.mobileconfig` enforces FileVault, disables analytics/Siri, configures firewall | -| 4.2 | macOS setup script | Idempotent script applies non-MDM hardening (default app changes, etc.) | -| 4.3 | Stack ports for macOS | Universal binaries, notarised, signed with our Apple Developer cert | -| 4.4 | iOS MDM profile | Signed `.mobileconfig` for users with personal MDM (or via free Apple Configurator) | -| 4.5 | Stack ports for iOS | App Store releases (Browser may face Apple review constraints — fall back to webkit-based with our defaults) | -| 4.6 | Apple setup guide | Step-by-step published guide complementing the profiles | +| 3M.1 | macOS configuration profile | Signed `.mobileconfig` enforces FileVault, disables analytics/Siri, configures firewall | +| 3M.2 | macOS setup script | Idempotent script applies non-MDM hardening | +| 3M.3 | Stack ports for macOS | Universal binaries, notarised, signed | + +### 3I — Enhanced — iOS (supersedes SilverApple) +| # | Milestone | Done when | +|---|---|---| +| 3I.1 | Migrate / fold any usable assets from `SilverLABS/SilverApple` | Inventory of SilverApple done; reusable parts moved into `ios/`; SilverApple repo archived | +| 3I.2 | iOS MDM profile | Signed `.mobileconfig` for personal MDM or Apple Configurator | +| 3I.3 | Stack ports for iOS | App Store releases (Browser may face Apple WebKit constraints — fall back if needed) | +| 3I.4 | Apple setup guide | Step-by-step published guide complementing the profiles | + +### 3A — Enhanced — Android (generic) +| # | Milestone | Done when | +|---|---|---| +| 3A.1 | Generic Android profile installer | "Harden my Android" — Stack apps + work-profile hardening config | +| 3A.2 | Compatibility test matrix | Runs cleanly on Android 13+ across Samsung locked, OnePlus, Xiaomi, OEMs we don't have ROMs for | --- -## Phase 5 — Hardening / immutability / Tor sibling +## Phase 4 — Hardening / immutability / Tor sibling **Goal**: post-MVP improvements; not blocking earlier phases. - Atomic / immutable Linux variant (ostree) - dm-verity-protected `/` -- Tor-by-default sibling product (SilverMetal Onion or similar) +- Tor-by-default sibling product - ARM64 / Apple Silicon Linux variant - Coreboot tooling improvements / additional reference hardware @@ -110,15 +123,13 @@ Milestone-driven, no calendar dates (those slip; milestone gates don't). Each mi ## Cross-cutting workstreams (always-on) -These run in parallel with phases: - -- **Security advisories** — vulnerability response process from Phase 1.10 onward; signed advisories -- **External audits** — annual or per-major-release third-party security review +- **Security advisories** — vulnerability response process from Phase 1.10 onward +- **External audits** — annual or per-major-release third-party review - **Documentation** — every phase's gate includes documentation update - **Community / support** — issue tracker, support channels, response SLOs ## Phase entry/exit philosophy - We do not start a phase until the previous one's exit criteria are met -- We *can* run cross-cutting workstreams in parallel +- Cross-cutting workstreams run in parallel - A failing verification gate blocks the phase, full stop — no shipping with known regressions diff --git a/ios/README.md b/ios/README.md index 68bdf97..8bcff54 100644 --- a/ios/README.md +++ b/ios/README.md @@ -1,8 +1,18 @@ -# SilverMetal iOS +# SilverMetal Enhanced — iOS -**Status**: Phase 4 (planning, post-Windows v1) +**Status**: Phase 3I (planning, post-Linux v1) -Tier D — profile-layer only. Weakest tier in the family; labelled as such. We cannot modify iOS; we ship MDM profiles, App Store apps, and a setup guide. +🛡️ **SilverMetal Enhanced product line** — we harden iOS in place. We cannot modify iOS itself. + +Tier D — profile-layer only. Weakest tier in the family; labelled as such. We ship MDM profiles, App Store apps, and a setup guide. + +## Supersedes SilverApple + +This flavour replaces the earlier prototype [`SilverLABS/SilverApple`](https://git.silverlabs.uk/SilverLABS/SilverApple) ("Privacy-first iOS hardening suite"). Per Phase 3I.1 of the roadmap: + +- Inventory SilverApple's existing artefacts (MDM enrolment flow, SilverVPN onboarding, CalDAV/CardDAV setup) +- Migrate any reusable parts into this directory +- Archive the SilverApple repo on Gitea once migration is complete ## Scope (v1) @@ -14,7 +24,7 @@ Tier D — profile-layer only. Weakest tier in the family; labelled as such. We - Default-app changes where iOS 18+ allows (Browser, Mail, etc.) - Stack ports via App Store: - SilverBrowser (subject to Apple WebKit constraints — fall back to a hardened-defaults wrapper if pure custom engine is forbidden) - - SilverVPN (NetworkExtension API) + - SilverVPN — already exists as a MAUI-based App Store candidate via [`SilverLABS/SilverVPN`](https://git.silverlabs.uk/SilverLABS/SilverVPN) - SilverSync (file/contact/calendar/photos providers) - SilverChat (post-v1.1) - SilverKeys (post-v1.1) @@ -32,13 +42,14 @@ Tier D — profile-layer only. Weakest tier in the family; labelled as such. We ## Directory layout -To be populated in Phase 4: +To be populated in Phase 3I: ``` ios/ -├── profile/ # .mobileconfig sources, signing -├── stack/ # iOS-specific Stack app builds (Xcode projects) -└── docs/ # setup guide, recommended apps, threat-tier disclaimer +├── profile/ # .mobileconfig sources, signing +├── stack/ # iOS-specific Stack app builds (Xcode projects) +├── from-silverapple/ # migrated artefacts from the deprecated SilverApple repo +└── docs/ # setup guide, recommended apps, threat-tier disclaimer ``` ## Verification gates diff --git a/linux/README.md b/linux/README.md index 845fd0a..def8784 100644 --- a/linux/README.md +++ b/linux/README.md @@ -1,7 +1,9 @@ -# SilverMetal Linux +# SilverMetal OS — Linux **Status**: Phase 1 (planning) → moving to milestone 1.1 (reproducible Kicksecure fork build) +🔒 **SilverMetal OS product line** — we ship the operating system. + The reference SilverMetal flavour. Tier A — full kernel-level hardening, verified boot we control, Debian/Kicksecure-based. ## Scope (v1) @@ -19,6 +21,8 @@ See [`../docs/roadmap.md`](../docs/roadmap.md) Phase 1. - nftables default-deny inbound, encrypted DNS, SilverVPN always-on default - Zero upstream telemetry — verified by integration test - SilverBrowser default (ungoogled-chromium-rebranded v1) +- SilverVPN integrated from existing [`SilverLABS/SilverVPN`](https://git.silverlabs.uk/SilverLABS/SilverVPN) (Linux client + tunnel service) +- SilverSync v1 (Nextcloud-backed, client-side encryption) - A/B updates with rollback, signed by our keys - Optional amnesic session mode @@ -65,3 +69,4 @@ linux/ - **GrapheneOS hardened_malloc** — allocator - **KSPP** — kernel config authority - **secureblue** — reference for v1.1 immutable design +- **`SilverLABS/SilverVPN`** — VPN client + tunnel service (existing, integrated) diff --git a/macos/README.md b/macos/README.md index c958027..3a7a056 100644 --- a/macos/README.md +++ b/macos/README.md @@ -1,8 +1,10 @@ -# SilverMetal macOS +# SilverMetal Enhanced — macOS -**Status**: Phase 4 (planning, post-Windows v1) +**Status**: Phase 3M (planning, post-Linux v1) -Tier C-D — signed configuration profile + setup script + Stack ports. We cannot modify macOS; we configure everything Apple exposes. +🛡️ **SilverMetal Enhanced product line** — we harden macOS in place. Apple's signed boot chain prevents an OS replacement. + +Tier C-D — signed configuration profile + setup script + Stack ports. We configure everything Apple exposes. ## Scope (v1) @@ -14,6 +16,7 @@ Tier C-D — signed configuration profile + setup script + Stack ports. We canno - Enables Lockdown Mode (per-user opt-in guidance) - Idempotent setup script for non-MDM hardening (default-app changes, Safari→SilverBrowser, etc.) - Stack ports for macOS (universal binaries, notarised, signed) +- SilverVPN MAUI macOS client from existing [`SilverLABS/SilverVPN`](https://git.silverlabs.uk/SilverLABS/SilverVPN) - Setup guide for hardware-key 2FA, anti-forensics ## Out of scope @@ -24,7 +27,7 @@ Tier C-D — signed configuration profile + setup script + Stack ports. We canno ## Directory layout -To be populated in Phase 4: +To be populated in Phase 3M: ``` macos/ @@ -46,3 +49,4 @@ macos/ - **Apple macOS** — base, unmodified - **macOS Privacy Guide / privacy.sexy** — reference for hardening configs - **Lockdown Mode** — Apple-provided, documented and enabled +- **`SilverLABS/SilverVPN`** — MAUI macOS client (existing) diff --git a/stack/README.md b/stack/README.md index 139d743..3cab79f 100644 --- a/stack/README.md +++ b/stack/README.md @@ -1,16 +1,16 @@ # SilverLABS Application Stack -The cross-platform spine of SilverMetal. These apps replace the cloud services your device normally talks to. Same brand, same account, same data on every platform. +The cross-platform spine of SilverMetal. These apps replace the cloud services your device normally talks to. Same brand, same account, same data on every platform — whether the user picked a 🔒 SilverMetal OS flavour or a 🛡️ SilverMetal Enhanced flavour. ## Components | Component | Status | Purpose | |---|---|---| | [`browser/`](browser/) — **SilverBrowser** | v1 (Linux MVP) | De-Googled, telemetry-free browser | -| [`vpn/`](vpn/) — **SilverVPN** | v1 (Linux MVP) | Always-on, no-logs VPN with our infrastructure | +| [`vpn/`](vpn/) — **SilverVPN** | **Existing** — see [`SilverLABS/SilverVPN`](https://git.silverlabs.uk/SilverLABS/SilverVPN). This directory tracks integration only | Always-on, no-logs VPN with our infrastructure | | [`sync/`](sync/) — **SilverSync** | v1 (Linux MVP) | Private replacement for iCloud/Google/OneDrive | -| [`chat/`](chat/) — **SilverChat** | v1.1 | E2EE messenger | -| [`duress/`](duress/) — **SilverDuress** | v1.1 | Duress password / panic-wipe / anti-coercion | +| [`chat/`](chat/) — **SilverChat** | v1.1 — *may overlap with `SilverVPN.Client.Chat`; alignment decision pending* | E2EE messenger | +| [`duress/`](duress/) — **SilverDuress** | v1.1 | Duress password / panic-wipe | | [`keys/`](keys/) — **SilverKeys** | v1.1 | Zero-knowledge password + 2FA manager | | [`shared/`](shared/) — common code | ongoing | Account SDK, crypto primitives, branding | @@ -23,29 +23,29 @@ Users get a **SilverLABS account number** (Mullvad-style — random, no email, n Each app is built natively per platform — no Electron sprawl where avoidable: - **Linux**: native `.deb` + Flatpak -- **Android**: native APK / AAB +- **Android**: native APK / AAB (or MAUI where SilverVPN already provides it) - **Windows**: native MSI / EXE (signed) - **macOS**: universal binary `.pkg` (notarised) - **iOS**: App Store -Where a single codebase (e.g., Tauri / Rust core) lets us hit multiple platforms with a thin native UI shell, we use it. We avoid Electron unless the cost of native is unjustifiable. +Where a single codebase (e.g., MAUI as SilverVPN already does, or Tauri/Rust core for Browser/Sync/Keys) lets us hit multiple platforms with thin native UI shells, we use it. We avoid Electron unless the cost of native is unjustifiable. ## v1 ship order +For SilverMetal OS — Linux v1: + 1. **SilverBrowser** — ungoogled-chromium-derived, our defaults, our update channel -2. **SilverVPN** — WireGuard-based, our exit nodes, account-number signup -3. **SilverSync** — Nextcloud-backed (server side), client-side encryption, native clients +2. **SilverVPN** integration — existing product, integrated into our ISO with always-on defaults and kill-switch +3. **SilverSync** — Nextcloud-backed (server side), client-side encryption, native Linux client -These three ship with SilverMetal Linux v1. - -v1.1 adds Chat, Duress, Keys. +These three ship with SilverMetal OS — Linux v1. v1.1 adds Chat, Duress, Keys. ## Server side -The Stack server components live in separate repositories under `SilverLABS/`: -- `silver-vpn-infra` — WireGuard exit-node infrastructure (Terraform / Ansible) -- `silver-sync-server` — Nextcloud + Radicale + Baïkal stack -- `silver-chat-homeserver` — Matrix Synapse / Dendrite -- `silver-account` — account-number issuance + auth gateway +Server components live in separate repositories: +- `SilverLABS/SilverVPN` — already exists; includes server stack +- `SilverLABS/silver-sync-server` *(to be created)* — Nextcloud + Radicale + Baïkal stack +- `SilverLABS/silver-chat-homeserver` *(to be created OR may live under SilverVPN)* — depends on v1.1.1 alignment decision +- `SilverLABS/silver-account` *(to be created)* — account-number issuance + auth gateway Self-hostable counterparts are documented for users who don't want to use SilverLABS infrastructure. diff --git a/stack/vpn/README.md b/stack/vpn/README.md index 96d8f66..a3f1f44 100644 --- a/stack/vpn/README.md +++ b/stack/vpn/README.md @@ -1,40 +1,60 @@ -# SilverVPN +# SilverVPN — Integration Pointer -**Status**: v1 (Linux MVP) — planning +> **The SilverVPN component already exists as a separate, in-production SilverLABS product.** +> This directory does not re-implement it; it tracks the integration of the existing SilverVPN into SilverMetal OS images and Enhanced packages. -Always-on VPN with no logs, run on SilverLABS infrastructure. Mullvad-style account-number signup (no email, no name). +## Where SilverVPN lives -## v1 approach +[`SilverLABS/SilverVPN`](https://git.silverlabs.uk/SilverLABS/SilverVPN) — local checkout typically at `../SilverVPN/`. -- **Protocol**: WireGuard. Period. (Battle-tested, tiny attack surface, performant.) -- **Account**: random 16-digit account number; no email, no PII -- **Payment**: separate channel (SilverDotPay / crypto / payment processor) with no link back to account number -- **Exit nodes**: SilverLABS-operated initially; geographically diverse -- **Kill-switch**: enforced at firewall layer (nftables on Linux, NetworkExtension content filters on Apple) -- **DNS**: encrypted DNS through tunnel; no DNS leaks -- **Per-device keys**: each device gets its own WireGuard key; revoke per-device +The product includes: +- `.NET 9` server stack: API, admin dashboard, web client, Docker images +- `SilverVPN.Client.Maui` — cross-platform native client (Windows, macOS, Android, iOS) +- `SilverVPN.Client.Linux` — dedicated Linux client +- `SilverVPN.Client.Web` / `SilverVPN.Client.Web.Host` — browser-based client +- `SilverVPN.TunnelService` / `SilverVPN.TunnelService.Linux` — tunnel daemon +- `SilverVPN.Tunnel.Shared` — shared tunnel code +- `libbox-bridge` — sing-box / sing-tun integration layer +- Debian packaging (`build-deb.sh`, `debian/`) +- OpenWrt support (`openwrt/`) +- Production releases ongoing -## Server-side +## SilverMetal's responsibility -Lives in `SilverLABS/silver-vpn-infra` (separate repo). This repo holds the **client** code only. +This directory tracks **integration**, not development. Integration tasks per platform: -## What we do not do +### SilverMetal OS — Linux +- [ ] Include `silvervpn` `.deb` (built from `../SilverVPN/build-deb.sh`) in `linux/packages/include.list` +- [ ] Bundle `SilverVPN.TunnelService.Linux` as a default systemd service +- [ ] Configure SilverVPN to be **always-on by default** with our exit nodes preconfigured +- [ ] Verify nftables kill-switch coexists with the SilverVPN tunnel service +- [ ] Validate DNS through tunnel (no leaks) +- [ ] Auto-launch `SilverVPN.Client.Linux` on first login for account-number entry -- We do not log connection metadata beyond what is operationally required (typically just real-time peer state, not retained) -- We do not bundle ad-blocking — that's the browser's job, not the VPN's -- We do not bundle tracker-blocking heuristics in the VPN — that risks false positives that break sites -- We do not run a "free tier" with a different infrastructure — paid users and free users (if any) get the same server quality +### SilverMetal OS — Pixel / Samsung / Motorola +- [ ] Bundle SilverVPN MAUI client APK into ROM build (or system app) +- [ ] Configure as default VPN provider via Android `VpnService` +- [ ] Always-on VPN enforced at OS level (`Settings > VPN > Always-on`) -## Per-platform clients +### SilverMetal Enhanced — Windows +- [ ] Bundle MAUI Windows client into hardening installer +- [ ] Set up auto-start on boot +- [ ] Kill-switch enforced via Windows Filtering Platform rules -- **Linux**: GTK + native daemon (`silvervpn-daemon` running as systemd service) -- **Android**: VpnService-based, native UI -- **Windows**: WireGuard tunnel service + tray UI (signed) -- **macOS**: NetworkExtension, signed and notarised -- **iOS**: NetworkExtension via App Store +### SilverMetal Enhanced — macOS +- [ ] Bundle MAUI macOS client into setup `.pkg` +- [ ] NetworkExtension content filter for kill-switch -## Verification +### SilverMetal Enhanced — iOS +- [ ] SilverVPN App Store listing referenced in iOS setup guide +- [ ] MDM profile pre-configures SilverVPN as default -- Kill-switch test: disconnect upstream, verify zero packets leak -- DNS-leak test: capture DNS during tunnel-up; all queries must traverse the tunnel -- Reconnect test: WAN flap, verify reconnect without temporary leak +### SilverMetal Enhanced — Android (generic) +- [ ] SilverVPN MAUI APK referenced as required install in profile +- [ ] Work-profile config sets it as system VPN + +## Coordination + +Changes that affect SilverMetal integration (e.g., `silvervpn` package layout, default endpoints, account-number CLI) should be flagged in this directory's CHANGELOG (to be created when first integration milestone starts) so the SilverMetal build pipeline can react. + +Cross-repo issues that touch both projects should be opened in whichever repo owns the change, with a back-reference in the other. diff --git a/windows/README.md b/windows/README.md index 8c7f773..2307189 100644 --- a/windows/README.md +++ b/windows/README.md @@ -1,6 +1,8 @@ -# SilverMetal Windows +# SilverMetal Enhanced — Windows -**Status**: Phase 3 (planning, post-Linux v1) +**Status**: Phase 3W (planning, post-Linux v1) + +🛡️ **SilverMetal Enhanced product line** — we harden Windows in place; we do not ship a custom Windows kernel (Microsoft does not permit that). Tier C — config-layer hardening only. Honest positioning: we cannot modify the Windows kernel or boot chain; we turn every dial Microsoft exposes. @@ -16,6 +18,7 @@ LTSC IoT-based installer that transforms a vanilla Windows install into a Silver - Telemetry blocked at hosts file + service + GP layers - Edge / Chrome replaced with SilverBrowser default - Full SilverLABS Stack preinstalled (native Windows builds) +- SilverVPN MAUI Windows client integrated from existing [`SilverLABS/SilverVPN`](https://git.silverlabs.uk/SilverLABS/SilverVPN) ## Out of scope @@ -25,7 +28,7 @@ LTSC IoT-based installer that transforms a vanilla Windows install into a Silver ## Directory layout -To be populated in Phase 3. Initial structure planned: +To be populated in Phase 3W. Initial structure planned: ``` windows/ @@ -49,3 +52,4 @@ windows/ - **Windows 11 IoT Enterprise LTSC** — base OS (licensed) - **AtlasOS / ReviOS / privacy.sexy** — reference for hardening configs - **Chris Titus Tech / O&O ShutUp10** — reference for telemetry blocking +- **`SilverLABS/SilverVPN`** — MAUI Windows client (existing)