# -*- coding: utf-8 -*-
from setuphelpers import *
import wmi
from math import *
from waptutils import fileutcdate
import json
json_source = "cpu_w11.json"
def install():
print("Copying: %s to: %s" % (json_source, persistent_dir))
filecopyto(json_source, persistent_dir)
def audit():
audit_status = "OK"
audit_status = set_audit_status(audit_status,check_tpm_state())
audit_status = set_audit_status(audit_status,check_free_space())
audit_status = set_audit_status(audit_status,check_memory_space())
audit_status = set_audit_status(audit_status,is_secure_boot_enabled())
audit_status = set_audit_status(audit_status,check_CPU_compatibility())
return audit_status
def check_tpm_state():
audit_tpm = "OK"
get_tpm = run_powershell("Get-Tpm")
if get_tpm["TpmPresent"] == False:
print("ERROR: No TPM chip found on this system")
audit_tpm = "ERROR"
else:
get_tpm_version = run_powershell("Get-WmiObject -Class Win32_Tpm -Namespace root\CIMV2\Security\MicrosoftTpm | Select-Object -Property SpecVersion")
tpm_version = get_tpm_version["SpecVersion"].split(",")[0]
if tpm_version != "2.0":
print("ERROR: TPM chip not in version 2.0")
audit_TPM = "ERROR"
WAPT.write_audit_data_if_changed("windows11-requirements", "TpmVersion", audit_tpm)
else:
print("OK: TPM chip in version 2.0")
audit_TPM = "OK"
WAPT.write_audit_data_if_changed("windows11-requirements", "TpmVersion", audit_tpm)
return audit_tpm
def check_free_space():
audit_disk = "OK"
free_space = get_disk_free_space(systemdrive)
free_space_GB = round(free_space / (1024**3),2)
if free_space_GB <= 64:
available = round((64 - free_space_GB),2)
print("ERROR: Not enough space disk available")
print(f'Need 64 GB, currently available {available} GB')
audit_disk = "ERROR"
WAPT.write_audit_data_if_changed("windows11-requirements", "Space Available", audit_disk)
else:
print("OK: Enough space disk available")
audit_disk = "OK"
WAPT.write_audit_data_if_changed("windows11-requirements", "Space Available", audit_disk)
return audit_disk
def check_memory_space():
audit_memory = "OK"
total_memory = ceil(memory_status().ullTotalPhys / (1024**3))
if total_memory < 4:
print("ERROR: Not enough memory available")
print(f'Need 4 GB of memory, currently {total_memory} GB')
audit_memory = "ERROR"
WAPT.write_audit_data_if_changed("windows11-requirements", "Total Memory", audit_memory)
else:
print("OK: Enough space disk available")
audit_memory = "OK"
WAPT.write_audit_data_if_changed("windows11-requirements", "Total Memory", audit_memory)
return audit_memory
def is_secure_boot_enabled():
audit_SB = "OK"
try:
secureboot_state = run_powershell("Confirm-SecureBootUEFI")
except:
print("SecureBoot not available")
audit_SB = "ERROR"
WAPT.write_audit_data_if_changed("windows11-requirements", "SecureBoot", audit_SB)
return audit_SB
# Check the value of the SecureBootEnabled property
if secureboot_state == False:
print("ERROR: SecureBoot is not enabled")
audit_SB = "ERROR"
WAPT.write_audit_data_if_changed("windows11-requirements", "SecureBoot", audit_SB)
else:
print("OK: SecureBoot is enabled")
audit_SB = "OK"
WAPT.write_audit_data_if_changed("windows11-requirements", "SecureBoot", audit_SB)
return audit_SB
def check_CPU_compatibility():
audit_cpu_comp = "OK"
wmi = wmi_info(keys=['Win32_Processor'])['Win32_Processor']
cores = wmi['NumberOfCores']
max_clock_speed = wmi['MaxClockSpeed']
max_clock_speed_GHz = round(max_clock_speed / (1024),2)
cpu_name = wmi['Name']
if cores < 2:
print(f"ERROR: Need 2 cores minimum, currently {cores} cores on your CPU")
audit_cores = "ERROR"
WAPT.write_audit_data_if_changed("windows11-requirements", "CPU - Cores", audit_cores)
set_audit_status(audit_cpu_comp, audit_cores)
else:
print(f"OK: Currently {cores} cores on your CPU")
audit_cores = "OK"
WAPT.write_audit_data_if_changed("windows11-requirements", "CPU - Cores", audit_cores)
set_audit_status(audit_cpu_comp, audit_cores)
if max_clock_speed < 1000:
print(f"ERROR: Frequency under 1GHz, currently {max_clock_speed_GHz}GHz")
audit_clock = "ERROR"
WAPT.write_audit_data_if_changed("windows11-requirements", "CPU - Frequency", audit_clock)
set_audit_status(audit_cpu_comp, audit_clock)
else:
print(f"OK: Currently {max_clock_speed_GHz}GHz")
audit_clock = "OK"
WAPT.write_audit_data_if_changed("windows11-requirements", "CPU - Frequency", audit_clock)
set_audit_status(audit_cpu_comp, audit_clock)
json_file = makepath(persistent_dir, json_source)
audit_cpu = "OK"
with open(json_file) as f:
data = json.load(f)
for cpu in data:
if cpu in cpu_name:
print(f"OK: Your processor {cpu_name} is compatible")
audit_cpu = "OK"
WAPT.write_audit_data_if_changed("windows11-requirements", "CPU - Model", audit_cpu)
set_audit_status(audit_cpu_comp, audit_cpu)
break
if audit_cpu == "ERROR":
print(f"ERROR: Your processor {cpu_name} is not compatible")
audit_cpu = "ERROR"
WAPT.write_audit_data_if_changed("windows11-requirements", "CPU - Model", audit_cpu)
set_audit_status(audit_cpu_comp, audit_cpu)
return audit_cpu_comp
def set_audit_status(old_audit_status, new_audit_status):
"""Maintain higher criticality for audit status."""
audit_level = {"OK": 0, "WARNING": 1, "ERROR": 2}
old_status = old_audit_status.upper().strip()
new_status = new_audit_status.upper().strip()
if audit_level.get(new_status, -1) > audit_level.get(old_status, -1):
return new_status
else:
return old_audit_status