# Platform Matrix The honest per-platform capability and pros/cons table. This is what a buyer sees on each product page so they can choose based on their actual constraint. ## The two product lines | Line | What it means | When you'd buy it | |---|---|---| | **🔒 SilverMetal OS** | We ship the OS or ROM | You're choosing a device with privacy as a priority, or you're willing to replace your existing OS | | **🛡️ SilverMetal Enhanced** | We harden the OS your device already runs | You can't or don't want to replace your OS — corporate device, iPhone, or you're staying on Windows | ## Hardening tiers Independent of product line, each platform has a tier reflecting how deep our hardening can physically reach: | Tier | What it means | |---|---| | **A — Fully controllable** | We own the kernel, boot chain, MAC framework, and update infrastructure | | **B — Firmware-controllable** | We replace the OS stack but not every firmware blob | | **C — Config-controllable** | Proprietary kernel; we harden at config + app layer | | **D — Policy-controllable** | Closed platform; we ship profiles + curated apps + setup only | ## Capability summary ### SilverMetal OS (we ship the OS/ROM) | Platform | Tier | Deliverable | Stack | |---|---|---|---| | **OS — Linux** | A | Custom Debian/Kicksecure-based ISO | Full, native | | **OS — Pixel** | B | GrapheneOS-fork ROM | Full, native | | **OS — Samsung** | C | LineageOS-fork ROM (unlocked-bootloader models) | Full, native | | **OS — Motorola** | C | DivestOS/LineageOS-fork ROM (supported models) | Full, native | ### SilverMetal Enhanced (we harden the OS in place) | Platform | Tier | Deliverable | Stack | |---|---|---|---| | **Enhanced — Windows** | C | LTSC IoT installer + hardening + Stack | Full (Stack apps run native) | | **Enhanced — macOS** | C-D | Signed config profile + setup script + Stack | Full (Stack apps run native) | | **Enhanced — iOS** | D | MDM profile + Stack from App Store | Full (Stack apps via App Store) | | **Enhanced — Android** | D | "Harden your existing Android" — Stack + work-profile config | Stack + config only | ## Per-platform pros / cons ### 🔒 SilverMetal OS — Linux (Tier A) **Reference setup. The strongest possible SilverMetal device.** **Pros** - Full kernel-level hardening (KSPP, linux-hardened, hardened_malloc) - Verified boot we control end-to-end (Secure Boot with our shim/MOK, TPM2 PCR-bound LUKS2) - AppArmor strict profiles for every networked surface - Reproducible builds; we publish SBOMs and build attestations - Zero upstream telemetry — every Microsoft/Google/Mozilla/Canonical phone-home removed - Full SilverLABS Stack runs natively - Update channel and signing keys are ours **Cons** - Learning curve for users coming from Windows/Mac - Some commercial software does not run natively (Adobe CC, MS Office native — though web/Office365 work, native MS Office does not) - Some games, particularly anti-cheat-protected titles, will not run - Hardware compatibility needs checking before purchase (Coreboot SKUs are best-supported) **Best for**: maximum-privacy buyer; anyone whose work is browser + email + office docs + dev + comms. --- ### 🔒 SilverMetal OS — Pixel (Tier B) **The secure-phone flagship. GrapheneOS-tier engineering.** **Pros** - Verified boot we control via Pixel's relockable bootloader - Hardened Android kernel (GrapheneOS patches) - App-level sandbox enforced; sandboxed Google Play *optional*, not required - Per-app network/sensor/storage permissions - Duress wipe (v1.1) - Daily-driveable as a phone **Cons** - Pixel hardware only (4a 5G and newer — others EOL) - Some banking apps and corporate apps refuse to run on non-Play-Integrity devices (workaround: sandboxed Play, but breaks the airtight model) - Not all carriers support all Pixel models cleanly **Best for**: the "secure phone" buyer; journalists, activists; anyone who would otherwise buy an Encrochat-style rebadged phone but wants real engineering. --- ### 🔒 SilverMetal OS — Samsung (Tier C) **For users on Samsung hardware with unlockable bootloader.** **Pros** - Wide hardware availability and price range - LineageOS / DivestOS fork on unlocked-bootloader regions delivers most of the benefit - Knox security layer is genuinely capable (when bootloader is unlocked, Knox is tripped — accept this trade) **Cons** - Many Samsung models — especially US-carrier models — have permanently locked bootloaders; SilverMetal OS — Samsung is not available on those (use Enhanced — Android instead) - Even on unlocked bootloader, we lose verified boot rooting back to our key - Knox tripped flag is permanent; some Samsung features (Samsung Pay, Knox-protected work apps) stop working **Best for**: Samsung owners who want real ROM-level hardening and accept the Knox trade-off. --- ### 🔒 SilverMetal OS — Motorola (Tier C) **For users on Motorola hardware. Best ROM option after Pixel for unlocked-bootloader hardening.** **Pros** - Many Moto models support bootloader unlock cleanly - DivestOS / LineageOS support is good for popular models - More affordable than Pixel - Full SilverLABS Stack supported **Cons** - Verified boot weaker than Pixel — no relockable bootloader on most models - Hardware longevity / update support varies by model - Driver / firmware blob situation messier than Pixel **Best for**: budget-conscious buyer wanting custom-ROM-tier hardening without Pixel pricing. --- ### 🛡️ SilverMetal Enhanced — Windows (Tier C) **For users locked into Windows-only software.** **Pros** - Keeps full compatibility with Windows-native software, including Adobe CC, MS Office native, Windows-only line-of-business apps, anti-cheat-protected games - Removes ~90% of Microsoft telemetry (Group Policy + hosts + service disabling, verified) - Enforces BitLocker (TPM-bound), Defender ASR rules at maximum, AppLocker allow-listing - LTSC IoT base = no Cortana, no Store, no Edge baked in, supportable for ~10 years - Full SilverLABS Stack runs native - Edge / Chrome replaced with SilverBrowser **Cons** - We do not control the kernel, the boot chain, or Windows Update - Microsoft can change things in updates we cannot prevent - Some telemetry channels Microsoft does not expose for disabling - Honest tier label: C, config-layer only — *we say this in marketing* - Requires LTSC IoT licensing for the strongest variant; standard Win 11 Pro is supported but weaker **Best for**: business users and creatives who can't leave Windows but want every privacy dial turned to maximum. --- ### 🛡️ SilverMetal Enhanced — macOS (Tier C-D) **For Mac-committed users.** **Pros** - Apple hardware quality is excellent; Secure Enclave + FileVault are genuinely strong when configured - Lockdown Mode dramatically reduces remote-attack surface - Apple's app sandboxing is robust at the kernel layer - Full SilverLABS Stack runs native (universal binaries) - Safari replaced with SilverBrowser by default - Telemetry / Siri / analytics all disabled by our profile **Cons** - We cannot modify macOS itself - Apple still receives device-linked metadata we cannot fully stop (App Store auth, OS update checks, Apple ID) - iCloud is required for some OS features; we scope it to absolute minimum - Honest positioning: "hardened Mac," not "anonymous Mac" **Best for**: Mac-committed users (creative professionals, developers on Apple Silicon) who want maximum-feasible hardening on hardware they're keeping. --- ### 🛡️ SilverMetal Enhanced — iOS (Tier D) **For iPhone users.** **Pros** - iOS sandbox + Secure Enclave + Lockdown Mode are genuinely strong against remote attack, in some respects stronger than any other consumer platform - Full SilverLABS Stack available via App Store (Browser, VPN, Sync, Keys, Chat once approved) - Hardware-key 2FA (YubiKey/Lightning) supported and recommended in our setup guide - "Disposable Apple ID" guidance reduces account-graph exposure **Cons** - The most restrictive platform — Apple ID is unavoidable for App Store - Cannot replace many default services (Mail.app, FaceTime, iMessage) — only complement them - App-level replacements only via App Store (no sideloading in most regions yet) - Configuration profile + MDM applies; cannot modify iOS itself - Honest tier label: D, weakest tier in the family — *we say this in marketing* **Best for**: users whose threat model is commercial surveillance (not state-actor targeting) and who need to stay on iPhone. --- ### 🛡️ SilverMetal Enhanced — Android (Tier D) **For users who already own an Android (any vendor) and won't / can't replace the ROM.** **Pros** - Works on virtually any Android 13+ device — Samsung locked-bootloader models, OEMs we don't have ROMs for, hand-me-down phones - Full SilverLABS Stack runs (Browser, VPN, Sync, etc.) - Work-profile-based isolation contains tracking apps in a managed sandbox - No bootloader unlock required; no warranty void **Cons** - We do not control the OS — Google + your OEM still do - Verified boot is your OEM's, not ours - Telemetry from OS-level Google services cannot be fully blocked without a ROM swap - Honest tier label: D, weakest Android tier — *we say this in marketing* **Best for**: existing Android owners who want privacy improvements without buying new hardware or unlocking their bootloader. ## Decision flowchart ``` Are you choosing a new device, or hardening one you already own? CHOOSING NEW Need maximum privacy and software-flexible? → 🔒 SilverMetal OS — Linux Need a phone, primarily? Pixel ok? → 🔒 SilverMetal OS — Pixel Samsung (unlocked bootloader region)? → 🔒 SilverMetal OS — Samsung Motorola (supported model)? → 🔒 SilverMetal OS — Motorola Want iPhone? → 🛡️ SilverMetal Enhanced — iOS ALREADY OWN A DEVICE Windows machine you keep? → 🛡️ SilverMetal Enhanced — Windows Mac you keep? → 🛡️ SilverMetal Enhanced — macOS iPhone you keep? → 🛡️ SilverMetal Enhanced — iOS Android you keep (any model)? → 🛡️ SilverMetal Enhanced — Android Linux laptop you'd convert? → 🔒 SilverMetal OS — Linux (re-install) ``` We do not push users between tiers. We tell them what each can deliver and let them choose.