SysAdmin
7d5f9cc246
Cross-platform privacy-hardening program. Two-layer product: - SilverLABS Application Stack (cross-platform spine) - Platform Hardening Profiles (per-OS, tier-honest) Platforms: Linux (Debian/Kicksecure), Android (Pixel/Samsung/Moto/generic), Windows (LTSC IoT), macOS (profile), iOS (MDM profile). Each flavour has both a preflashed hardware SKU path and a self-apply "harden your existing device" path. Includes umbrella docs (README + threat-model, design-principles, platform-matrix, roadmap, trust-model), per-platform and per-stack- component README stubs, .gitignore, LICENSE. Linux v1 ships first; Stack v1 = Browser + VPN + Sync. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
1009 B
1009 B
Signing
Real signing keys never live in this repository. This directory holds:
KEYS.md(to be created) — public key fingerprints, key purposes, key ceremony summaries- Public keys —
.asc/.pemexports of public halves - Verification documentation — how a third party reproduces our build and verifies our signatures
Key inventory
See ../../docs/trust-model.md for the complete trust model.
| Key | Purpose |
|---|---|
| SilverMetal Release | Signs ISO/ROM/installer artefacts |
| SilverMetal Update Channel | Signs OTA / apt updates |
| SilverMetal MOK (Linux Secure Boot) | Our Machine Owner Key |
| SilverMetal AVB (Android verified boot) | Android verified-boot key |
| SilverMetal Code Signing — per-platform | OS-specific code-signing certs |
First key ceremony
To occur at milestone 1.9 (update server + signing ceremony) per the roadmap. Procedure documented in advance and reviewed by SilverLABS leadership before execution.