Pass GUID from AZIHSM device into UEFI config

Cargo.lock

@@ -7559,6 +7559,7 @@ dependencies = [
  "vmsocket",
  "vnc_worker_defs",
  "vpci",
+ "vpci_client",
  "watchdog_core",
  "watchdog_vmgs_format",
  "x86defs",
@@ -8432,9 +8433,11 @@ dependencies = [
  "thiserror 2.0.12",
  "tracelimit",
  "tracing",
+ "user_driver",
  "vmbus_async",
  "vmbus_channel",
  "vmbus_core",
+ "vmbus_ring",
  "vmcore",
  "zerocopy 0.8.24",
 ]
@@ -9080,6 +9083,39 @@ dependencies = [
  "zerocopy 0.8.24",
 ]
 
+[[package]]
+name = "vpci_client"
+version = "0.1.0"
+dependencies = [
+ "anyhow",
+ "async-trait",
+ "chipset_device",
+ "closeable_mutex",
+ "futures",
+ "futures-concurrency",
+ "guestmem",
+ "guid",
+ "inspect",
+ "mesh",
+ "pal_async",
+ "parking_lot",
+ "pci_core",
+ "slab",
+ "task_control",
+ "test_with_tracing",
+ "thiserror 2.0.12",
+ "tracelimit",
+ "tracing",
+ "vmbus_async",
+ "vmbus_channel",
+ "vmbus_core",
+ "vmbus_ring",
+ "vmcore",
+ "vpci",
+ "vpci_protocol",
+ "zerocopy 0.8.24",
+]
+
 [[package]]
 name = "vpci_protocol"
 version = "0.0.0"
@@ -9090,6 +9126,40 @@ dependencies = [
  "zerocopy 0.8.24",
 ]
 
+[[package]]
+name = "vpci_relay"
+version = "0.1.0"
+dependencies = [
+ "anyhow",
+ "async-trait",
+ "chipset_device",
+ "closeable_mutex",
+ "futures",
+ "futures-concurrency",
+ "guestmem",
+ "guid",
+ "inspect",
+ "mesh",
+ "pal_async",
+ "parking_lot",
+ "pci_core",
+ "slab",
+ "task_control",
+ "test_with_tracing",
+ "thiserror 2.0.12",
+ "tracelimit",
+ "tracing",
+ "vmbus_async",
+ "vmbus_channel",
+ "vmbus_core",
+ "vmbus_ring",
+ "vmcore",
+ "vpci",
+ "vpci_client",
+ "vpci_protocol",
+ "zerocopy 0.8.24",
+]
+
 [[package]]
 name = "vswhom"
 version = "0.1.0"

Cargo.toml

@@ -46,6 +46,8 @@ members = [
   "vm/loader/igvmfilegen",
   "vm/vmgs/vmgs_lib",
   "vm/vmgs/vmgstool",
+
+  "vm/devices/pci/vpci_relay", # TEMP
 ]
 exclude = [
   "xsync",
@@ -254,6 +256,7 @@ pci_bus = { path = "vm/devices/pci/pci_bus" }
 pci_core = { path = "vm/devices/pci/pci_core" }
 pci_resources = { path = "vm/devices/pci/pci_resources" }
 vpci = { path = "vm/devices/pci/vpci" }
+vpci_client = { path = "vm/devices/pci/vpci_client" }
 vpci_protocol = { path = "vm/devices/pci/vpci_protocol" }
 disk_backend = { path = "vm/devices/storage/disk_backend" }
 disk_backend_resources = { path = "vm/devices/storage/disk_backend_resources" }

openhcl/underhill_core/Cargo.toml

@@ -108,6 +108,7 @@ vmbus_relay_intercept_device.workspace = true
 vmbus_serial_guest.workspace = true
 vmbus_server.workspace = true
 vpci.workspace = true
+vpci_client.workspace = true
 watchdog_core.workspace = true
 watchdog_vmgs_format.workspace = true
 scsi_buffers.workspace = true

openhcl/underhill_core/src/dispatch/mod.rs

@@ -145,6 +145,7 @@ pub(crate) struct LoadedVm {
     pub emuplat_servicing: EmuplatServicing,
     pub device_interfaces: Option<DeviceInterfaces>,
     pub vmbus_client: Option<vmbus_client::VmbusClient>,
+    pub vmbus_filter: Option<vmbus_client::filter::ClientFilter>,
     /// Memory map with IGVM types for each range.
     pub vtl0_memory_map: Vec<(MemoryRangeWithNode, MemoryMapEntryType)>,
 
@@ -310,6 +311,8 @@ impl LoadedVm {
                         );
                         resp.field("memory", &self.memory);
                         resp.field("dma_manager", &self.dma_manager);
+                        resp.field("vmbus_client", &self.vmbus_client);
+                        resp.field("vmbus_filter", &self.vmbus_filter);
                     }),
                 },
                 Event::Vtl2ConfigNicRpc(message) => {

openhcl/underhill_core/src/lib.rs

@@ -6,7 +6,7 @@
 
 #![cfg(target_os = "linux")]
 #![expect(missing_docs)]
-#![forbid(unsafe_code)]
+//#![forbid(unsafe_code)]
 
 mod diag;
 mod dispatch;
@@ -25,6 +25,7 @@ mod vmbus_relay_unit;
 mod vmgs_logger;
 mod vp;
 mod vpci;
+mod vpci_relay;
 mod worker;
 mod wrapped_partition;
 

openhcl/underhill_core/src/loader/mod.rs

@@ -10,6 +10,7 @@ use cvm_tracing::CVM_ALLOWED;
 use guest_emulation_transport::api::platform_settings::DevicePlatformSettings;
 use guest_emulation_transport::api::platform_settings::General;
 use guestmem::GuestMemory;
+use guid::Guid;
 use hvdef::HV_PAGE_SIZE;
 use igvm_defs::MemoryMapEntryType;
 use loader::importer::Register;
@@ -112,6 +113,7 @@ pub fn load(
     config: Config,
     caps: &virt::PartitionCapabilities,
     isolated: bool,
+    azihsm_guid: Option<Guid>,
 ) -> Result<VpContext, Error> {
     let context = match load_kind {
         LoadKind::None => {
@@ -134,6 +136,7 @@ pub fn load(
                 caps,
                 isolated,
                 config.disable_uefi_frontpage,
+                azihsm_guid,
             )?;
             uefi_info.vp_context.clone()
         }
@@ -415,6 +418,7 @@ pub fn write_uefi_config(
     caps: &virt::PartitionCapabilities,
     isolated: bool,
     disable_frontpage: bool,
+    azihsm_guid: Option<Guid>,
 ) -> Result<(), Error> {
     use guest_emulation_transport::api::platform_settings::UefiConsoleMode;
 
@@ -681,6 +685,12 @@ pub fn write_uefi_config(
         });
     }
 
+    tracing::info!("azi hsm guid added to config: {:#?}", azihsm_guid.unwrap_or_default());
+    cfg.add(&config::AziHsmGuid(
+        // If not set, pass zero guid to UEFI
+        azihsm_guid.unwrap_or_default())
+    );
+
     // Finally, with the bios config constructed, we can inject it into guest memory
     gm.write_at(loader::uefi::CONFIG_BLOB_GPA_BASE, &cfg.complete())
         .map_err(Error::GuestMemoryAccess)