microsoft
vmbus_serial_guest: add tx only option
Add an option to the VMBUS serial relay that runs in OpenHCL to drop all rx traffic from the host and only allow tx traffic from the guest. This could be attested to in the future and offer a more secure way to debug a VM using the serial console, since only allowing one-way serial traffic would greatly reduce the possible attack surface. This is useful primarily for CVMs that don't have a framebuffer and are usually configured with serial disabled completely.
⚠️ Unsafe Code Detected
This PR modifies files containing unsafe Rust code. Extra scrutiny is required during review.
For more on why we check whole files, instead of just diffs, check out the Rustonomicon
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Why?
This is intended to be an option for CVMs that could be attested to, so you could enable serial output for debugging purposes without allowing interactive login to reduce risk.
console_enabled: dps.general.com1_enabled
an additional runtime claim is needed here.
I think we agreed on something like "console-mode:serial|serialbootdiagnosticsonly"
Refers to: openhcl/underhill_core/src/worker.rs:1782 in 3d6d329. [](commit_id = 3d6d3295eb026b51fb956576d86cdc8cfc67058e, deletion_comment = False)
