implemented i8kmon formatter

2026-02-26 14:24:26 +01:00
parent dc4c8281a9
commit 48c3b46a0c
5 changed files with 187 additions and 7 deletions
--- a/src/sal/dell_xps_9380.rs
+++ b/src/sal/dell_xps_9380.rs
@@ -96,7 +96,19 @@ impl PreflightAuditor for DellXps9380Sal {
            outcome: if unsafe { libc::getuid() } == 0 { Ok(()) } else { Err(AuditError::RootRequired) }
        });

-        // 2. Kernel parameters check
+        // 2. Kernel modules check (simplified check via sysfs/proc)
+        let modules = ["dell_smm_hwmon", "msr", "intel_rapl_msr"];
+        for mod_name in modules {
+            let path = format!("/sys/module/{}", mod_name);
+            steps.push(AuditStep {
+                description: format!("Kernel Module: {}", mod_name),
+                outcome: if PathBuf::from(path).exists() { Ok(()) } else { 
+                    Err(AuditError::ToolMissing(format!("Module '{}' not loaded. Run 'sudo modprobe {}'", mod_name, mod_name)))
+                }
+            });
+        }
+
+        // 3. Kernel parameters check
        let cmdline = fs::read_to_string("/proc/cmdline").unwrap_or_default();
        steps.push(AuditStep {
            description: "Kernel Param: dell_smm_hwmon.ignore_dmi=1".to_string(),
@@ -104,6 +116,12 @@ impl PreflightAuditor for DellXps9380Sal {
                Err(AuditError::MissingKernelParam("dell_smm_hwmon.ignore_dmi=1".to_string())) 
            }
        });
+        steps.push(AuditStep {
+            description: "Kernel Param: dell_smm_hwmon.restricted=0".to_string(),
+            outcome: if cmdline.contains("dell_smm_hwmon.restricted=0") { Ok(()) } else { 
+                Err(AuditError::MissingKernelParam("dell_smm_hwmon.restricted=0".to_string())) 
+            }
+        });
        steps.push(AuditStep {
            description: "Kernel Param: msr.allow_writes=on".to_string(),
            outcome: if cmdline.contains("msr.allow_writes=on") { Ok(()) } else { 
@@ -111,7 +129,16 @@ impl PreflightAuditor for DellXps9380Sal {
            }
        });

-        // 3. Check AC power
+        // 4. Lockdown check
+        let lockdown = fs::read_to_string("/sys/kernel/security/lockdown").unwrap_or_default();
+        steps.push(AuditStep {
+            description: "Kernel Lockdown Status".to_string(),
+            outcome: if lockdown.contains("[none]") || lockdown.is_empty() { Ok(()) } else { 
+                Err(AuditError::KernelIncompatible("Kernel is in lockdown mode. Set to 'none' to allow MSR/SMM writes.".to_string())) 
+            }
+        });
+
+        // 5. Check AC power
        let ac_status = fs::read_to_string("/sys/class/power_supply/AC/online").unwrap_or_else(|_| "0".to_string());
        steps.push(AuditStep {
            description: "AC Power Connection".to_string(),