SilverLABS/SilverMetal
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3a30a0421e349451902aaf68306f7f5430194b90
SilverMetal/windows/installer/inputs.manifest.json
sysadmin 3a30a0421e docs(windows): add ISO-builder design + scaffold the windows/ tree 
Add windows/iso-builder.md: reproducible custom-packed-ISO pipeline design for
SilverMetal Enhanced - Windows on IoT Enterprise LTSC. Covers the licensing
frame (IoT = blessed channel for preinstalled custom images; self-apply stays a
builder), 7 build stages (verify/extract/DISM-service/inject-unattend/brand/
oscdimg-repack/attest), the offline-vs-first-boot-vs-firmware control split, an
honest reproducibility scope (pinned inputs + SBOM + attestation, NOT bit-
identical on Windows), and M0-M4 milestones.

Scaffold windows/ per the planned layout:
- installer/  build.ps1 (7-stage orchestrator, stages stubbed to M2),
              inputs.manifest.json (pinned-input schema), autounattend.xml
              (local-account OOBE), oem/SetupComplete.cmd (first-boot runner)
- hardening/  shared §A-H PowerShell modules + Verify-SilverMetalWindows.ps1
              (used by BOTH the ISO first-boot path and the self-apply track).
              BitLocker module enforces TPM+PIN and blocks TPM-only.
- policies/ wdac/ debloat/ stack-installer/ drivers/ tests/  scaffolded with
  READMEs; wdac/ documents audit->enforce; debloat/ flags Tiny11/NTLite as an
  anti-pattern; rename applocker/ -> wdac/ realised.

All 11 PowerShell scripts parse clean; manifest JSON + autounattend XML valid.
Module bodies are M1 scaffold (safe: log + policy-set; interactive/firmware
steps documented, not faked).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-08 15:35:13 +01:00

39 lines
1.5 KiB
JSON
Raw Blame History

{
"$comment": "Pinned inputs for a reproducible SilverMetal Enhanced - Windows ISO build. The base Windows ISO is licensed and NEVER committed; it is referenced by SHA-256 only. Fill the TODO hashes/versions at M2 against the actual licensed media and driver pack.",
"schemaVersion": 1,
"product": "SilverMetal Enhanced - Windows",
"referenceDevice": "GPD Pocket 4 (AMD Ryzen AI 9 HX 370 / Strix Point)",
"baseImage": {
"edition": "Windows 11 IoT Enterprise LTSC",
"arch": "x64",
"isoSha256": "TODO-M2-pin-against-licensed-media",
"wimImageName": "Windows 11 IoT Enterprise LTSC",
"wimImageIndex": null
},
"driverPack": {
"name": "GPD Pocket 4 driver pack",
"version": "TODO-M2",
"sha256": "TODO-M2",
"source": "https://gpd.hk (verify) — confirm redistribution terms"
},
"cumulativeUpdate": {
"kb": "TODO-M2-latest-at-build",
"sha256": "TODO-M2"
},
"stack": {
"$comment": "Native Windows builds; some components are Linux-MVP per windows/README.md and may lag.",
"SilverBrowser": "TODO",
"SilverVPN": "from SilverLABS/SilverVPN (MAUI Windows client)",
"SilverSync": "TODO",
"SilverChat": "from SilverVPN.Client.Chat",
"SilverDuress": "TODO",
"SilverKeys": "TODO"
},
"tooling": {
"$comment": "Recorded for the build attestation (reproducibility scope: pinned inputs + recorded tools + output SHA + SBOM; not bit-identical).",
"windowsAdk": "TODO-M2",
"dism": "TODO-M2",
"oscdimg": "TODO-M2"
}
}
Reference in New Issue View Git Blame Copy Permalink