1. Strategic Framework and Operational Philosophy
In the post-cloud era, centralized digital infrastructure represents a systemic point of failure. “Sovereign Infrastructure” is the strategic response: a paradigm shift toward localized, resilient, and autonomous digital assets. By upcycling high-utility consumer hardware, we bridge the gap between commodity electronics and industrial-grade utility, creating a decentralized ecosystem that empowers users to own their data and connectivity. This methodology leverages the rapid innovation cycles of the consumer market while applying rigorous engineering modifications to ensure hardware survivability in high-stress environments.
The operational foundation of this manual rests on three core philosophical pillars:
- Upcycle & Ruggedize: We transform existing technology—specifically Skylink and Raspberry Pi platforms—into hardened, industrial-grade assets through physical, thermal, and electrical modification.
- Hardware Root of Trust: Security is anchored in the physical world. By utilizing hardware keys and Trusted Platform Module (TPM) architectures, we eliminate the vulnerabilities inherent in cloud-managed identity.
- Island Mode: Resilience is defined by the capacity for total local autonomy. “Island Mode” ensures that nodes remain 100% operational offline, only syncing to the broader ledger when secure connectivity is established. This is the critical differentiator for assets deployed in mobile contexts like Kurb Kars and Drones, or stationary environments such as remote clinics and agricultural outposts.
These principles dictate the physical assembly and software orchestration of every unit produced under the RIOS designation.
——————————————————————————–
2. The Nomad Link (RIOS-NL-01): Surgical Modification Protocols
The Nomad Link (RIOS-NL-01) is a strategic re-engineering of the Skylink Global SLG-06. Originally a consumer-grade LTE hotspot, the unit is stripped of its limitations and ruggedized for deployment in mobile telemetry and solar-powered outposts.
The Hardware Hack: Thermal Safety Mandate
Standard consumer lithium-ion (Li-ion) batteries are unfit for industrial enclosures. To mitigate the risk of thermal runaway—where internal temperatures exceeding 70°C can lead to swelling or catastrophic combustion—the stock battery must be removed from every unit. This “Hardware Hack” is a non-negotiable safety requirement for all RIOS mobile deployments.
Battery Elimination Circuit (BEC) Installation
To facilitate reliable power delivery without an internal battery, technicians must install a custom BEC. Use the following clinical directives:
- Buck Converter Integration: Install a DC-DC Buck Converter.
- Input: Whip (External 12V-48V source).
- Output: Solder directly to the battery terminals (4.0V steady state).
- Thermal Sensor Spoofing: Solder a 10kΩ BSI Resistor between the BSI pin and the Negative pin.
- Isolation: Apply Kapton tape to all exposed solder points to ensure electrical isolation within the chassis.
The “So What?”: The 10kΩ resistor is critical for system stability. It spoofs the device’s internal thermal sensor, convincing the firmware that a healthy battery is present and at optimal temperature. Without this modification, the hardware will fail to boot as a safety precaution, rendering the node a “brick” in the field.
Enclosure and Finalization
The modified internals are housed in the 3D-printed “Nomad Shell.” This enclosure utilizes a specific honeycomb ventilation pattern to optimize convective cooling. Connectivity is established via a USB-C Tethering (RNDIS) interface to eliminate Wi-Fi interference and provide a stable data link to the processing core.
This communication layer provides the necessary connectivity for the node’s central processing architecture.
——————————————————————————–
3. Telemetry and Sentry Core Architecture
Edge computing requires an uncompromising balance of performance and resilience. The RIOS architecture utilizes the Raspberry Pi 5 for mobile telemetry and the Intel i3-N305 for stationary sentry duties, providing the computational overhead required for local data processing and cryptographic verification.
RIOS Telemetry Core (RIOS-TC-01) Specifications
| Component | Specification |
| Base Hardware | Raspberry Pi 5 (8GB RAM – Mandatory for Ed25519 crypto) |
| Storage | 256GB NVMe SSD via PCIe HAT |
| Cooling | Active Cooler + CNC Aluminum Armor Case (Passive/Active Hybrid) |
| Timekeeping | Panasonic ML-2020 RTC Battery |
| Operating System | Kubuntu 24.04 (RIOS Mobile Edition) + Locutus Daemon |
The “So What?”: MicroSD cards are banned from production. The mandate for NVMe SSDs via PCIe HAT is a direct response to high-vibration environments. NVMe eliminates the high failure rates and data corruption risks associated with flash media. Furthermore, the Panasonic ML-2020 RTC battery is essential for maintaining accurate offline ledger timestamps, ensuring data integrity when the unit is in Island Mode.
Sovereign Sentry (RIOS-SS-PRO) Specifications
| Component | Specification |
| Processor | Intel Core i3-N305 (8-Core) |
| Memory | 32GB DDR4 RAM |
| Storage | 2TB NVMe SSD |
| Networking | 4x Intel i226-V 2.5GbE LAN Ports |
| Hypervisor | Proxmox VE (Trinity Stack Configuration) |
The “Trinity Stack” hypervisor configuration allows for three distinct functional environments on a single physical unit:
- The Gatekeeper (VM1): Runs pfSense/OPNsense for hardened routing and VPN management.
- The Ledger (VM2): Runs RIOS Core (Ubuntu Server + Freenet) to manage the decentralized data ledger.
- The Auditor (VM3): Runs Kali Linux for automated, continuous vulnerability scanning of the local network.
These core processing units transition the security model from software-only to physical identity management.
——————————————————————————–
4. Identity Management and Root of Trust (RIOS-KEY-01)
The DeReticular security model rejects cloud-based identity providers, replacing them with Sovereign Keys (RIOS-KEY-01). These physical keys are the cornerstone of our security, ensuring that access is tied to a physical object held by an authorized operator.
Sovereign Key Protocols (YubiKey 5C NFC)
- FIDO2 Implementation: Enables passwordless, hardware-backed login to all Sentry Nodes.
- OpenPGP Integration: Stores the operator’s private key for the cryptographic signing of all ledger maintenance logs, ensuring an immutable audit trail.
“Dead Man” Revocation Protocol
If a physical key is compromised or lost, the “Dead Man” Revocation Protocol is initiated. This process allows for immediate revocation through the DeReticular Academy, followed by a broadcast update to the Global Certificate Revocation List (CRL). This prevents a lost key from compromising the integrity of the broader network.
These security layers are finalized at the assembly stage, where units undergo rigorous quality assurance.
——————————————————————————–
5. Node 3 Workshop: Assembly Workflow and “The Gauntlet”
The Node 3 Workshop (Arizona) serves as the hub for precision manufacturing. Every unit is subjected to a standardized workflow to ensure upcycled components meet industrial reliability standards.
The Nomad Link Production Workflow
- Station A (The Boneyard): Intake of SLG-06 units. Screen and boot test. Redirect dead units to recycling.
- Station B (Software Bench): Critical step for SIM/IMEI unlocking. If carrier-locked batches are received, they must be cleared here before modification.
- Station C (The Surgical Mod): Remove Li-ion battery (HAZMAT). Solder 10kΩ resistor (BSI to Negative). Solder DC-DC Buck Converter (Input: Whip). Apply Kapton shielding.
- Station D (The Gauntlet): The primary Validation Gate for all modified hardware.
- Station E (The Outpost): Final assembly. Install Nomad Shell. Apply tamper-evident seals.
Station D: The Gauntlet Checklist
- [ ] Smoke Test: Apply 12V DC power via whip. Verify successful system boot.
- [ ] RNDIS Check: Verify stable USB-C tethering to a Linux terminal.
- [ ] Thermal Burn-in: 30-minute operation under full load in a 40°C environment.
The “So What?”: “The Gauntlet” is the filter that guarantees “Island Mode” reliability. By simulating high-heat environments and power-up cycles, we ensure that units deployed in solar outposts or EV telemetry fleets will not fail in the field, where maintenance is functionally impossible.
——————————————————————————–
6. Risk Mitigation, Warranty, and Compliance
The transition from “hardware hacking” to industrial infrastructure requires a transparent approach to risk management.
Risk Register
| Risk ID | Description | Severity | Mitigation Strategy |
| R-BAT-01 | Thermal Runaway (Battery explosion >70°C) | CRITICAL | Mandatory BEC Mod; removal of all Li-ion batteries. |
| R-SUP-01 | Supply Chain (SLG-06 end-of-life) | High | Stockpile “Open Box” units; validate Teltonika TRM240 backup. |
| R-DAT-01 | Data Corruption (SD Card failure) | High | NVMe Mandate; MicroSD cards banned from production. |
| R-ID-01 | Key Loss (Loss of Root of Trust) | Medium | “Dead Man” Protocol; revocation via Global CRL. |
Warranty and Legal Framework
The modifications performed on the Nomad Link void the original manufacturer warranty. DeReticular provides a 90-Day Sovereign Warranty covering the specific modifications performed at Node 3. Regulatory compliance is maintained through the use of shielded buck converters, ensuring that power modifications do not introduce RF noise that would compromise the original FCC certification.
Final Quality Assurance Protocols
Every kit shipped is finalized with a “Void Warranty” tamper-evident seal to ensure internal integrity. Furthermore, every kit must include a high-visibility “NO BATTERY” warning card, informing the end-user of the modified power requirements.