SilverLABS/SilverMetal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
SilverMetal/macos
History
SysAdmin 0a0075ce66 docs(naming): adopt OS / Enhanced product-line framing + align with existing repos 
Two product lines, named to make scope obvious to buyers:
- 🔒 SilverMetal OS — we ship the operating system or ROM
  (Linux, Pixel, Samsung-unlocked, Motorola-unlocked)
- 🛡️ SilverMetal Enhanced — we harden the OS the device already runs
  (Windows, macOS, iOS, generic Android)

Repo alignment:
- SilverVPN already exists as a SilverLABS product (server + MAUI client +
  Linux client + tunnel service). stack/vpn/ is now an integration pointer
  rather than a re-scaffold; per-platform READMEs reference it.
- SilverApple is deprecated; SilverMetal Enhanced — iOS supersedes it.
  Migration step added as roadmap milestone 3I.1.
- SilverDROID name clash explicitly noted as unrelated (it's the SilverSHELL
  AppStore Android client, not an Android ROM).
- SilverChat may overlap with SilverVPN.Client.Chat; alignment decision
  added as roadmap milestone 1.1.1.

Roadmap restructured: phases now track the OS/Enhanced split.
Platform matrix re-sectioned and decision flowchart updated.
README rewritten around the two-product-line framing.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 03:30:45 +01:00
..
README.md
docs(naming): adopt OS / Enhanced product-line framing + align with existing repos
2026-04-25 03:30:45 +01:00

README.md

SilverMetal Enhanced — macOS

Status: Phase 3M (planning, post-Linux v1)

🛡️ SilverMetal Enhanced product line — we harden macOS in place. Apple's signed boot chain prevents an OS replacement.

Tier C-D — signed configuration profile + setup script + Stack ports. We configure everything Apple exposes.

Scope (v1)

  • Signed .mobileconfig profile that:
    • Enforces FileVault
    • Disables analytics, Siri uploads, advertising identifiers
    • Configures application firewall
    • Restricts iCloud to absolute minimum
    • Enables Lockdown Mode (per-user opt-in guidance)
  • Idempotent setup script for non-MDM hardening (default-app changes, Safari→SilverBrowser, etc.)
  • Stack ports for macOS (universal binaries, notarised, signed)
  • SilverVPN MAUI macOS client from existing SilverLABS/SilverVPN
  • Setup guide for hardware-key 2FA, anti-forensics

Out of scope

  • Anything requiring kernel extension or system extension privileges beyond what Apple sanctions
  • Anything that disables SIP / Gatekeeper (we keep both ON)
  • Anything that requires bypassing Apple's signing chain

Directory layout

To be populated in Phase 3M:

macos/
├── profile/         # .mobileconfig sources, signing
├── setup/           # idempotent setup script
├── stack-installer/ # native macOS Stack package builders (.pkg)
└── docs/            # setup guide, recommended apps

Verification gates

  • Profile signature verifies under Apple's signing chain
  • FileVault confirmed enabled post-install
  • Stack apps install via signed .pkg, run sandboxed where supported
  • Setup script idempotent (verified by re-run with no changes)

Upstream we depend on

  • Apple macOS — base, unmodified
  • macOS Privacy Guide / privacy.sexy — reference for hardening configs
  • Lockdown Mode — Apple-provided, documented and enabled
  • SilverLABS/SilverVPN — MAUI macOS client (existing)
Reference in New Issue View Git Blame Copy Permalink