chore(scaffold): initial SilverMetal program scaffold
Cross-platform privacy-hardening program. Two-layer product: - SilverLABS Application Stack (cross-platform spine) - Platform Hardening Profiles (per-OS, tier-honest) Platforms: Linux (Debian/Kicksecure), Android (Pixel/Samsung/Moto/generic), Windows (LTSC IoT), macOS (profile), iOS (MDM profile). Each flavour has both a preflashed hardware SKU path and a self-apply "harden your existing device" path. Includes umbrella docs (README + threat-model, design-principles, platform-matrix, roadmap, trust-model), per-platform and per-stack- component README stubs, .gitignore, LICENSE. Linux v1 ships first; Stack v1 = Browser + VPN + Sync. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
45
android/README.md
Normal file
45
android/README.md
Normal file
@@ -0,0 +1,45 @@
|
||||
# SilverMetal Droid
|
||||
|
||||
**Status**: Phase 2 (planning, post-Linux v1)
|
||||
|
||||
Android coverage across four tiers. See [`../docs/platform-matrix.md`](../docs/platform-matrix.md) for honest per-tier pros/cons.
|
||||
|
||||
## Tiers
|
||||
|
||||
### SilverMetal Droid Flagship — Pixel (Tier B)
|
||||
GrapheneOS-fork on Pixel hardware. Verified boot we control, hardened kernel, app sandboxing enforced. Full SilverLABS Stack preinstalled.
|
||||
|
||||
### SilverMetal Droid Galaxy — Samsung (Tier C)
|
||||
LineageOS / DivestOS-fork on Samsung models with unlockable bootloaders. Stack overlay on locked-bootloader models.
|
||||
|
||||
### SilverMetal Droid Moto — Motorola (Tier C)
|
||||
DivestOS / LineageOS-fork on supported Motorola models. Stack overlay everywhere.
|
||||
|
||||
### SilverMetal Droid Profile — generic (Tier D)
|
||||
"Harden my existing Android" — full SilverLABS Stack + work-profile-based hardening config. Runs on any Android 13+ without bootloader changes.
|
||||
|
||||
## Directory layout
|
||||
|
||||
To be populated in Phase 2. Initial structure planned:
|
||||
|
||||
```
|
||||
android/
|
||||
├── flagship/ # Pixel / GrapheneOS-fork build config
|
||||
├── galaxy/ # Samsung ROM build configs
|
||||
├── moto/ # Motorola ROM build configs
|
||||
├── profile/ # Generic profile installer + work-profile config
|
||||
└── shared/ # Common build infra, signing, OTA
|
||||
```
|
||||
|
||||
## Verification gates (per-tier)
|
||||
|
||||
- ROM tiers: verified boot rooted in our key (Pixel only); reproducible builds; OTA signed and rollback-tested
|
||||
- Profile tier: Stack apps installed and functional; work-profile isolation verified
|
||||
- All tiers: telemetry-leak test (no Google services contact unless explicitly opted in by user)
|
||||
|
||||
## Upstream we depend on
|
||||
|
||||
- **GrapheneOS** — Pixel flagship base
|
||||
- **LineageOS** — Samsung / Motorola base
|
||||
- **DivestOS** — additional hardening patches
|
||||
- **AOSP** — root upstream
|
||||
Reference in New Issue
Block a user