SilverLABS/SilverMetal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
7d5f9cc2463ac2ff1cfa10ddee05c943e97882d3
SilverMetal/docs/platform-matrix.md
SysAdmin 7d5f9cc246 chore(scaffold): initial SilverMetal program scaffold 
Cross-platform privacy-hardening program. Two-layer product:
- SilverLABS Application Stack (cross-platform spine)
- Platform Hardening Profiles (per-OS, tier-honest)

Platforms: Linux (Debian/Kicksecure), Android (Pixel/Samsung/Moto/generic),
Windows (LTSC IoT), macOS (profile), iOS (MDM profile). Each flavour has
both a preflashed hardware SKU path and a self-apply "harden your existing
device" path.

Includes umbrella docs (README + threat-model, design-principles,
platform-matrix, roadmap, trust-model), per-platform and per-stack-
component README stubs, .gitignore, LICENSE.

Linux v1 ships first; Stack v1 = Browser + VPN + Sync.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 03:11:48 +01:00

9.1 KiB
Raw Blame History

Platform Matrix

The honest per-platform capability and pros/cons table. This is what a buyer sees on each product page so they can choose based on their actual constraint.

Hardening tiers

Tier What it means
A — Fully controllable We own the kernel, boot chain, MAC framework, and update infrastructure
B — Firmware-controllable We replace the OS stack but not every firmware blob
C — Config-controllable Proprietary kernel; we harden at config + app layer
D — Policy-controllable Closed platform; we ship profiles + curated apps + setup only

Capability summary

Platform Tier Deliverable Stack support
SilverMetal Linux A Custom Debian/Kicksecure-based ISO Full, native
SilverMetal Droid (Pixel) B GrapheneOS-fork ROM Full, native
SilverMetal Droid (Samsung) C LineageOS-fork ROM where bootloader unlocks; profile + Stack elsewhere Full where ROM, Stack-only otherwise
SilverMetal Droid (Motorola) C DivestOS/LineageOS-fork ROM on supported models Full where supported
SilverMetal Droid (generic) D "Harden any Android" — Stack + work-profile config Stack + config only
SilverMetal Windows C LTSC IoT installer + hardening + Stack Full (Stack apps run native)
SilverMetal macOS C-D Signed config profile + setup script + Stack Full (Stack apps run native)
SilverMetal iOS D MDM profile + Stack from App Store Full (Stack apps via App Store)

Per-platform pros / cons

SilverMetal Linux (Tier A)

Reference setup. The strongest possible SilverMetal device.

Pros

  • Full kernel-level hardening (KSPP, linux-hardened, hardened_malloc)
  • Verified boot we control end-to-end (Secure Boot with our shim/MOK, TPM2 PCR-bound LUKS2)
  • AppArmor strict profiles for every networked surface
  • Reproducible builds; we publish SBOMs and build attestations
  • Zero upstream telemetry — every Microsoft/Google/Mozilla/Canonical phone-home removed
  • Full SilverLABS Stack runs natively
  • Update channel and signing keys are ours

Cons

  • Learning curve for users coming from Windows/Mac
  • Some commercial software does not run natively (Adobe CC, MS Office native — though web/Office365 work, native MS Office does not)
  • Some games, particularly anti-cheat-protected titles, will not run
  • Hardware compatibility needs checking before purchase (Coreboot SKUs are best-supported)

Best for: users whose work is browser + email + office docs + dev + comms; anyone who would otherwise install Linux themselves; the maximum-privacy buyer.

SilverMetal Droid — Pixel flagship (Tier B)

The secure-phone flagship. GrapheneOS-tier engineering.

Pros

  • Verified boot we control via Pixel's relockable bootloader
  • Hardened Android kernel (GrapheneOS patches)
  • App-level sandbox enforced; sandboxed Google Play optional, not required
  • Per-app network/sensor/storage permissions
  • Duress wipe (v1.1)
  • Daily-driveable as a phone

Cons

  • Pixel hardware only (4a 5G and newer — others EOL)
  • Some banking apps and corporate apps refuse to run on non-Play-Integrity devices (workaround: sandboxed Play, but breaks the airtight model)
  • Not all carriers support all Pixel models cleanly

Best for: the "secure phone" buyer, journalists, activists, anyone who would otherwise buy an Encrochat-style rebadged phone but wants real engineering.

SilverMetal Droid — Samsung (Tier C)

For users on Samsung hardware. Variable depending on model and region.

Pros

  • Wide hardware availability and price range
  • LineageOS / DivestOS fork for unlocked-bootloader regions gives most of the benefit
  • Knox security layer is genuinely capable on locked models
  • Full SilverLABS Stack supported either way

Cons

  • Many Samsung models — especially US-carrier models — have permanently locked bootloaders; we cannot replace the OS
  • Even on unlocked bootloader, we lose verified boot rooting back to our key
  • Knox tripped flag is permanent; some Samsung features (Samsung Pay, Knox-protected work apps) may stop working

Best for: existing Samsung owners; buyers wanting a non-Pixel Android with strong-enough hardening.

SilverMetal Droid — Motorola (Tier C)

For users on Motorola hardware. Best Android option after Pixel for unlocked-bootloader hardening.

Pros

  • Many Moto models support bootloader unlock cleanly
  • DivestOS / LineageOS support is good for popular models
  • More affordable than Pixel
  • Full SilverLABS Stack supported

Cons

  • Verified boot weaker than Pixel — no relockable bootloader on most models
  • Hardware longevity / update support varies by model
  • Driver / firmware blob situation messier than Pixel

Best for: budget-conscious buyer wanting custom-ROM-tier hardening without Pixel pricing.

SilverMetal Droid — Generic / "harden my existing Android" (Tier D)

For users who already own an Android and won't / can't replace the ROM.

Pros

  • Works on virtually any Android 13+ device
  • Full SilverLABS Stack runs (Browser, VPN, Sync, etc.)
  • Work-profile-based isolation contains tracking apps in a managed sandbox
  • No bootloader unlock required; no warranty void

Cons

  • We do not control the OS — Google + your OEM still do
  • Verified boot is your OEM's, not ours
  • Telemetry from OS-level Google services cannot be fully blocked without a ROM swap
  • Honest tier label: D, weakest Android tier

Best for: existing Android owners who want privacy improvements without buying new hardware or unlocking their bootloader.

SilverMetal Windows (Tier C)

For users locked into Windows-only software.

Pros

  • Keeps full compatibility with Windows-native software, including Adobe CC, MS Office native, Windows-only line-of-business apps, anti-cheat-protected games
  • Removes ~90% of Microsoft telemetry (Group Policy + hosts + service disabling, verified)
  • Enforces BitLocker (TPM-bound), Defender ASR rules at maximum, AppLocker allow-listing
  • LTSC IoT base = no Cortana, no Store, no Edge baked in, supportable for ~10 years
  • Full SilverLABS Stack runs native
  • Edge / Chrome replaced with SilverBrowser

Cons

  • We do not control the kernel, the boot chain, or Windows Update
  • Microsoft can change things in updates we cannot prevent
  • Some telemetry channels Microsoft does not expose for disabling
  • Honest tier label: C, config-layer only — we say this in marketing
  • Requires LTSC IoT licensing for the strongest variant; standard Win 11 Pro is supported but weaker

Best for: business users and creatives who can't leave Windows but want every privacy dial turned to maximum.

SilverMetal macOS (Tier C-D)

For Mac-committed users.

Pros

  • Apple hardware quality is excellent; Secure Enclave + FileVault are genuinely strong when configured
  • Lockdown Mode dramatically reduces remote-attack surface
  • Apple's app sandboxing is robust at the kernel layer
  • Full SilverLABS Stack runs native (universal binaries)
  • Safari replaced with SilverBrowser by default
  • Telemetry / Siri / analytics all disabled by our profile

Cons

  • We cannot modify macOS itself
  • Apple still receives device-linked metadata we cannot fully stop (App Store auth, OS update checks, Apple ID)
  • iCloud is required for some OS features; we scope it to absolute minimum
  • Honest positioning: "hardened Mac," not "anonymous Mac"

Best for: Mac-committed users (creative professionals, developers on Apple Silicon) who want maximum-feasible hardening on hardware they're keeping.

SilverMetal iOS (Tier D)

For iPhone users.

Pros

  • iOS sandbox + Secure Enclave + Lockdown Mode are genuinely strong against remote attack, in some respects stronger than any other consumer platform
  • Full SilverLABS Stack available via App Store (Browser, VPN, Sync, Keys, Chat once approved)
  • Hardware-key 2FA (YubiKey/Lightning) supported and recommended in our setup guide
  • "Disposable Apple ID" guidance reduces account-graph exposure

Cons

  • The most restrictive platform — Apple ID is unavoidable for App Store
  • Cannot replace many default services (Mail.app, FaceTime, iMessage) — only complement them
  • App-level replacements only via App Store (no sideloading in most regions yet)
  • Configuration profile + MDM applies; cannot modify iOS itself
  • Honest tier label: D, weakest tier in the family — we say this in marketing

Best for: users whose threat model is commercial surveillance (not state-actor targeting) and who need to stay on iPhone for personal/work reasons.

Decision flowchart

Does the user need maximum privacy and is software-flexible?
  → SilverMetal Linux

Does the user need a phone, primarily?
  → Pixel? → SilverMetal Droid Flagship
  → Samsung/Motorola with unlocked bootloader? → matching ROM tier
  → iPhone or locked Android? → corresponding profile tier

Does the user need Windows-only software?
  → SilverMetal Windows

Is the user Mac-committed?
  → SilverMetal macOS

Does the user already own a device they're keeping?
  → The corresponding "profile" or "harden existing" tier

We do not push users between tiers. We tell them what each can deliver and let them choose.

Reference in New Issue View Git Blame Copy Permalink