SysAdmin
0a0075ce66
Two product lines, named to make scope obvious to buyers: - 🔒 SilverMetal OS — we ship the operating system or ROM (Linux, Pixel, Samsung-unlocked, Motorola-unlocked) - 🛡️ SilverMetal Enhanced — we harden the OS the device already runs (Windows, macOS, iOS, generic Android) Repo alignment: - SilverVPN already exists as a SilverLABS product (server + MAUI client + Linux client + tunnel service). stack/vpn/ is now an integration pointer rather than a re-scaffold; per-platform READMEs reference it. - SilverApple is deprecated; SilverMetal Enhanced — iOS supersedes it. Migration step added as roadmap milestone 3I.1. - SilverDROID name clash explicitly noted as unrelated (it's the SilverSHELL AppStore Android client, not an Android ROM). - SilverChat may overlap with SilverVPN.Client.Chat; alignment decision added as roadmap milestone 1.1.1. Roadmap restructured: phases now track the OS/Enhanced split. Platform matrix re-sectioned and decision flowchart updated. README rewritten around the two-product-line framing. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
73 lines
2.9 KiB
Markdown
73 lines
2.9 KiB
Markdown
# SilverMetal OS — Linux
|
|
|
|
**Status**: Phase 1 (planning) → moving to milestone 1.1 (reproducible Kicksecure fork build)
|
|
|
|
🔒 **SilverMetal OS product line** — we ship the operating system.
|
|
|
|
The reference SilverMetal flavour. Tier A — full kernel-level hardening, verified boot we control, Debian/Kicksecure-based.
|
|
|
|
## Scope (v1)
|
|
|
|
See [`../docs/roadmap.md`](../docs/roadmap.md) Phase 1.
|
|
|
|
### Hardening must-haves
|
|
- Kicksecure base (Debian-derived, hardened upstream)
|
|
- linux-hardened kernel + KSPP sysctl/build flags
|
|
- Secure Boot with our shim/MOK
|
|
- TPM2 PCR-bound LUKS2 unlock (Argon2id), full-disk encryption mandatory
|
|
- AppArmor strict profiles for browsers, mail, viewers, networked daemons
|
|
- GrapheneOS hardened_malloc as system allocator
|
|
- bubblewrap + Flatpak primary; firejail for legacy `.deb`
|
|
- nftables default-deny inbound, encrypted DNS, SilverVPN always-on default
|
|
- Zero upstream telemetry — verified by integration test
|
|
- SilverBrowser default (ungoogled-chromium-rebranded v1)
|
|
- SilverVPN integrated from existing [`SilverLABS/SilverVPN`](https://git.silverlabs.uk/SilverLABS/SilverVPN) (Linux client + tunnel service)
|
|
- SilverSync v1 (Nextcloud-backed, client-side encryption)
|
|
- A/B updates with rollback, signed by our keys
|
|
- Optional amnesic session mode
|
|
|
|
### Out of scope (v1)
|
|
- Atomic / immutable root (v1.1 — `ostree` experiment)
|
|
- dm-verity on `/` (v1.1)
|
|
- ARM64 / Apple Silicon (v2)
|
|
- Tor-by-default variant (sibling product later)
|
|
|
|
## Directory layout
|
|
|
|
```
|
|
linux/
|
|
├── build/ # live-build pipeline, reproducible-build config
|
|
├── kernel/ # config fragments, linux-hardened pinning
|
|
├── overlay/ # /etc + /usr/share/silvermetal + skel hardening overlay
|
|
├── packages/
|
|
│ ├── include.list # what's installed
|
|
│ └── exclude.list # what's purged (snap, telemetry, etc.)
|
|
├── apparmor/ # custom strict profiles
|
|
├── nftables/ # default ruleset
|
|
├── installer/ # Calamares branding + hardened defaults
|
|
├── update-server/ # signing + repo hosting (infra-as-code)
|
|
└── tests/
|
|
├── lynis-baseline/
|
|
├── kspp-check/
|
|
└── telemetry-leak/
|
|
```
|
|
|
|
## Verification gates (must pass before public alpha)
|
|
|
|
- Two clean builds from same commit → identical SHA256
|
|
- `kconfig-hardened-check` passes
|
|
- Lynis hardening score ≥ 90
|
|
- 30-min idle telemetry capture: zero packets to MS/Google/Apple/Mozilla/Canonical/Debian/analytics
|
|
- TPM tamper test: LUKS correctly falls back to passphrase
|
|
- AppArmor: every networked binary confined or documented
|
|
- Independent privacy-engineering review
|
|
|
|
## Upstream we depend on
|
|
|
|
- **Kicksecure** — fork base
|
|
- **linux-hardened** — kernel patchset
|
|
- **GrapheneOS hardened_malloc** — allocator
|
|
- **KSPP** — kernel config authority
|
|
- **secureblue** — reference for v1.1 immutable design
|
|
- **`SilverLABS/SilverVPN`** — VPN client + tunnel service (existing, integrated)
|