Sandbox: GPU passthrough verification and IOMMU isolation

[jeremymanning]

Description

src/sandbox/gpu.rs line ~52 has a TODO to implement real GPU passthrough verification. Currently the module has unused imports and placeholder logic.

Requirements

• Enumerate PCI devices on Linux, find VGA controllers
• Check IOMMU group membership for each GPU
• Verify singleton IOMMU group (reject if GPU shares group with other devices)
• Explicitly reject the ACS-override patch (per whitepaper: "explicitly prohibited")
• Report GPU capabilities: VRAM size, compute capability, CUDA/ROCm support
• macOS: report CPU-only (GPU passthrough not supported by Virtualization.framework)
• Windows: detect NVIDIA CUDA on WSL2 path availability

Success Criteria

• GPU enumeration works on Linux with real PCI devices
• IOMMU group isolation verified before allowing GPU passthrough
• ACS-override patch detected and rejected
• GPU capability reporting accurate for NVIDIA and AMD GPUs
• Platform-appropriate behavior on macOS (CPU-only) and Windows (WSL2 CUDA)
• Integration tests on GPU-capable hardware
• cargo test passes

Testing (Principle V)

• Test on machine with NVIDIA GPU in singleton IOMMU group → allowed
• Test on machine with GPU in shared IOMMU group → rejected
• Test ACS-override detection on patched kernel → rejected with clear error
• Test on macOS → CPU-only node classification

[jeremymanning]

Addressed in spec 004-full-implementation (PR #59). Implementation verified in code; 802 tests passing across Linux/macOS/Windows. See #57 master plan for full context.