SilverLABS/SilverMetal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
810301908dc27bfcd3e553a8493ad32d5781ac37
SilverMetal/stack/duress
History
SysAdmin 7d5f9cc246 chore(scaffold): initial SilverMetal program scaffold 
Cross-platform privacy-hardening program. Two-layer product:
- SilverLABS Application Stack (cross-platform spine)
- Platform Hardening Profiles (per-OS, tier-honest)

Platforms: Linux (Debian/Kicksecure), Android (Pixel/Samsung/Moto/generic),
Windows (LTSC IoT), macOS (profile), iOS (MDM profile). Each flavour has
both a preflashed hardware SKU path and a self-apply "harden your existing
device" path.

Includes umbrella docs (README + threat-model, design-principles,
platform-matrix, roadmap, trust-model), per-platform and per-stack-
component README stubs, .gitignore, LICENSE.

Linux v1 ships first; Stack v1 = Browser + VPN + Sync.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 03:11:48 +01:00
..
README.md
chore(scaffold): initial SilverMetal program scaffold
2026-04-25 03:11:48 +01:00

README.md

SilverDuress

Status: v1.1 (planning)

Duress password / panic-wipe / anti-coercion. The "I am being forced to unlock this device" feature.

What it does

  • Duress password: an alternate password that, when entered, appears to unlock normally but actually triggers a configured action
  • Panic-wipe: secure erasure of encrypted volumes / keys
  • Decoy unlock: opens a clean profile / sandbox containing decoy data
  • Silent alert: optional outbound signal to trusted contact / SilverLABS service that duress was activated

User configures which behaviours apply.

Per-platform implementation

Platform Mechanism Strength
Linux PAM module — duress passphrase wipes LUKS keys / drops to decoy profile Strong
Android (Pixel ROM) Inherited from GrapheneOS duress PIN Strong
Android (other) Best-effort: app-level duress action when SilverLABS Stack apps are unlocked with duress credential Moderate
Windows Group Policy + scheduled task triggered by duress credential entry; BitLocker key destruction Moderate (closed kernel limits us)
macOS Configuration profile + login script; FileVault key destruction on duress Moderate
iOS OS-provided erase-after-failed-attempts (Apple primitive); Stack-app-level duress where feasible Limited (we cannot run code at unlock)

The per-platform table is shown to users in the SilverDuress setup UI so they understand what's possible on their device.

Non-goals

  • Not a "tracking your stolen phone" feature — different product, different threat model
  • Not a "remote wipe" service — that requires constant network and trust in the wipe operator. We may offer it later, but v1.1 is local-only.

Risks we acknowledge

  • A sufficiently sophisticated adversary may forensically recover from a partial wipe — we use cryptographic erasure (destroy the key, not the data) which is robust against this
  • A coerced user may be unable to remember to use the duress password — we document this clearly in the setup UI; this is a fundamental limitation, not a SilverMetal-specific one
Reference in New Issue View Git Blame Copy Permalink