SilverMetal/docs/platform-matrix.md

Platform Matrix

The honest per-platform capability and pros/cons table. This is what a buyer sees on each product page so they can choose based on their actual constraint.

The two product lines

Line	What it means	When you'd buy it
🔒 SilverMetal OS	We ship the OS or ROM	You're choosing a device with privacy as a priority, or you're willing to replace your existing OS
🛡️ SilverMetal Enhanced	We harden the OS your device already runs	You can't or don't want to replace your OS — corporate device, iPhone, or you're staying on Windows

Hardening tiers

Independent of product line, each platform has a tier reflecting how deep our hardening can physically reach:

Tier	What it means
A — Fully controllable	We own the kernel, boot chain, MAC framework, and update infrastructure
B — Firmware-controllable	We replace the OS stack but not every firmware blob
C — Config-controllable	Proprietary kernel; we harden at config + app layer
D — Policy-controllable	Closed platform; we ship profiles + curated apps + setup only

Capability summary

SilverMetal OS (we ship the OS/ROM)

Platform	Tier	Deliverable	Stack
OS — Linux	A	Custom Debian/Kicksecure-based ISO	Full, native
OS — Pixel	B	GrapheneOS-fork ROM	Full, native
OS — Samsung	C	LineageOS-fork ROM (unlocked-bootloader models)	Full, native
OS — Motorola	C	DivestOS/LineageOS-fork ROM (supported models)	Full, native

SilverMetal Enhanced (we harden the OS in place)

Platform	Tier	Deliverable	Stack
Enhanced — Windows	C	LTSC IoT installer + hardening + Stack	Full (Stack apps run native)
Enhanced — macOS	C-D	Signed config profile + setup script + Stack	Full (Stack apps run native)
Enhanced — iOS	D	MDM profile + Stack from App Store	Full (Stack apps via App Store)
Enhanced — Android	D	"Harden your existing Android" — Stack + work-profile config	Stack + config only

Per-platform pros / cons

🔒 SilverMetal OS — Linux (Tier A)

Reference setup. The strongest possible SilverMetal device.

Pros

• Full kernel-level hardening (KSPP, linux-hardened, hardened_malloc)
• Verified boot we control end-to-end (Secure Boot with our shim/MOK, TPM2 PCR-bound LUKS2)
• AppArmor strict profiles for every networked surface
• Reproducible builds; we publish SBOMs and build attestations
• Zero upstream telemetry — every Microsoft/Google/Mozilla/Canonical phone-home removed
• Full SilverLABS Stack runs natively
• Update channel and signing keys are ours

Cons

• Learning curve for users coming from Windows/Mac
• Some commercial software does not run natively (Adobe CC, MS Office native — though web/Office365 work, native MS Office does not)
• Some games, particularly anti-cheat-protected titles, will not run
• Hardware compatibility needs checking before purchase (Coreboot SKUs are best-supported)

Best for: maximum-privacy buyer; anyone whose work is browser + email + office docs + dev + comms.

---

🔒 SilverMetal OS — Pixel (Tier B)

The secure-phone flagship. GrapheneOS-tier engineering.

Pros

• Verified boot we control via Pixel's relockable bootloader
• Hardened Android kernel (GrapheneOS patches)
• App-level sandbox enforced; sandboxed Google Play optional, not required
• Per-app network/sensor/storage permissions
• Duress wipe (v1.1)
• Daily-driveable as a phone

Cons

• Pixel hardware only (4a 5G and newer — others EOL)
• Some banking apps and corporate apps refuse to run on non-Play-Integrity devices (workaround: sandboxed Play, but breaks the airtight model)
• Not all carriers support all Pixel models cleanly

Best for: the "secure phone" buyer; journalists, activists; anyone who would otherwise buy an Encrochat-style rebadged phone but wants real engineering.

---

🔒 SilverMetal OS — Samsung (Tier C)

For users on Samsung hardware with unlockable bootloader.

Pros

• Wide hardware availability and price range
• LineageOS / DivestOS fork on unlocked-bootloader regions delivers most of the benefit
• Knox security layer is genuinely capable (when bootloader is unlocked, Knox is tripped — accept this trade)

Cons

• Many Samsung models — especially US-carrier models — have permanently locked bootloaders; SilverMetal OS — Samsung is not available on those (use Enhanced — Android instead)
• Even on unlocked bootloader, we lose verified boot rooting back to our key
• Knox tripped flag is permanent; some Samsung features (Samsung Pay, Knox-protected work apps) stop working

Best for: Samsung owners who want real ROM-level hardening and accept the Knox trade-off.

---

🔒 SilverMetal OS — Motorola (Tier C)

For users on Motorola hardware. Best ROM option after Pixel for unlocked-bootloader hardening.

Pros

• Many Moto models support bootloader unlock cleanly
• DivestOS / LineageOS support is good for popular models
• More affordable than Pixel
• Full SilverLABS Stack supported

Cons

• Verified boot weaker than Pixel — no relockable bootloader on most models
• Hardware longevity / update support varies by model
• Driver / firmware blob situation messier than Pixel

Best for: budget-conscious buyer wanting custom-ROM-tier hardening without Pixel pricing.

---

🛡️ SilverMetal Enhanced — Windows (Tier C)

For users locked into Windows-only software.

Pros

• Keeps full compatibility with Windows-native software, including Adobe CC, MS Office native, Windows-only line-of-business apps, anti-cheat-protected games
• Removes ~90% of Microsoft telemetry (Group Policy + hosts + service disabling, verified)
• Enforces BitLocker (TPM-bound), Defender ASR rules at maximum, AppLocker allow-listing
• LTSC IoT base = no Cortana, no Store, no Edge baked in, supportable for ~10 years
• Full SilverLABS Stack runs native
• Edge / Chrome replaced with SilverBrowser

Cons

• We do not control the kernel, the boot chain, or Windows Update
• Microsoft can change things in updates we cannot prevent
• Some telemetry channels Microsoft does not expose for disabling
• Honest tier label: C, config-layer only — we say this in marketing
• Requires LTSC IoT licensing for the strongest variant; standard Win 11 Pro is supported but weaker

Best for: business users and creatives who can't leave Windows but want every privacy dial turned to maximum.

---

🛡️ SilverMetal Enhanced — macOS (Tier C-D)

For Mac-committed users.

Pros

• Apple hardware quality is excellent; Secure Enclave + FileVault are genuinely strong when configured
• Lockdown Mode dramatically reduces remote-attack surface
• Apple's app sandboxing is robust at the kernel layer
• Full SilverLABS Stack runs native (universal binaries)
• Safari replaced with SilverBrowser by default
• Telemetry / Siri / analytics all disabled by our profile

Cons

• We cannot modify macOS itself
• Apple still receives device-linked metadata we cannot fully stop (App Store auth, OS update checks, Apple ID)
• iCloud is required for some OS features; we scope it to absolute minimum
• Honest positioning: "hardened Mac," not "anonymous Mac"

Best for: Mac-committed users (creative professionals, developers on Apple Silicon) who want maximum-feasible hardening on hardware they're keeping.

---

🛡️ SilverMetal Enhanced — iOS (Tier D)

For iPhone users.

Pros

• iOS sandbox + Secure Enclave + Lockdown Mode are genuinely strong against remote attack, in some respects stronger than any other consumer platform
• Full SilverLABS Stack available via App Store (Browser, VPN, Sync, Keys, Chat once approved)
• Hardware-key 2FA (YubiKey/Lightning) supported and recommended in our setup guide
• "Disposable Apple ID" guidance reduces account-graph exposure

Cons

• The most restrictive platform — Apple ID is unavoidable for App Store
• Cannot replace many default services (Mail.app, FaceTime, iMessage) — only complement them
• App-level replacements only via App Store (no sideloading in most regions yet)
• Configuration profile + MDM applies; cannot modify iOS itself
• Honest tier label: D, weakest tier in the family — we say this in marketing

Best for: users whose threat model is commercial surveillance (not state-actor targeting) and who need to stay on iPhone.

---

🛡️ SilverMetal Enhanced — Android (Tier D)

For users who already own an Android (any vendor) and won't / can't replace the ROM.

Pros

• Works on virtually any Android 13+ device — Samsung locked-bootloader models, OEMs we don't have ROMs for, hand-me-down phones
• Full SilverLABS Stack runs (Browser, VPN, Sync, etc.)
• Work-profile-based isolation contains tracking apps in a managed sandbox
• No bootloader unlock required; no warranty void

Cons

• We do not control the OS — Google + your OEM still do
• Verified boot is your OEM's, not ours
• Telemetry from OS-level Google services cannot be fully blocked without a ROM swap
• Honest tier label: D, weakest Android tier — we say this in marketing

Best for: existing Android owners who want privacy improvements without buying new hardware or unlocking their bootloader.

Decision flowchart

Are you choosing a new device, or hardening one you already own?

CHOOSING NEW
  Need maximum privacy and software-flexible?       → 🔒 SilverMetal OS — Linux
  Need a phone, primarily?
    Pixel ok?                                       → 🔒 SilverMetal OS — Pixel
    Samsung (unlocked bootloader region)?           → 🔒 SilverMetal OS — Samsung
    Motorola (supported model)?                     → 🔒 SilverMetal OS — Motorola
    Want iPhone?                                    → 🛡️ SilverMetal Enhanced — iOS

ALREADY OWN A DEVICE
  Windows machine you keep?                          → 🛡️ SilverMetal Enhanced — Windows
  Mac you keep?                                      → 🛡️ SilverMetal Enhanced — macOS
  iPhone you keep?                                   → 🛡️ SilverMetal Enhanced — iOS
  Android you keep (any model)?                      → 🛡️ SilverMetal Enhanced — Android
  Linux laptop you'd convert?                        → 🔒 SilverMetal OS — Linux (re-install)

We do not push users between tiers. We tell them what each can deliver and let them choose.