Serial Console in VirtualBox

Serial console works for Whonix KVM.

Package serial-console-enable might help / simplify setting up the kernel boot parameters inside the VM.

sudo apt-get install serial-console-enable

See also:

Serial console may be possible with VirtualBox too. See:

https://www.gonwan.com/2014/04/07/setting-up-serial-console-on-virtualbox/

I didn’t manage to set it up yet.

Note of carefulness during experimentation: trying to set it up might brick that VM that you tried to set it up with. Undoing the VirtualBox changes might not actually undo these changes and that VM may no longer boot. I don’t know yet.


documentation:

https://www.virtualbox.org/wiki/Serial_redirect

https://www.virtualbox.org/manual/ch03.html#serialports

Can anyone make serial console work on Debian buster inside VirtualBox?

Paging @nurmagoz

1 Like

you want plain debian buster or Whonix?

Anything would help.

on the host install socat:

sudo apt install socat

then run:

socat -d -d pty,raw,echo=0 pty,raw,echo=0

it will show something like this:

.... N PTY is /dev/pts/1
.... N PTY is /dev/pts/2 

then open new tab terminal and type:

cat </dev/pts/1

now go to whonix-ws-vbox (or any VM) settings -> Serial Ports -> Tick enable then:

Port Number: COM1 (default)
Port Mode: Raw File
Path/Address: /dev/pts/2

now run Whonix-WS-Vbox and all the process will be mirrored to
cat </dev/pts/1

1 Like

Can anyone see any security issues installing serial-console-enable package by default?

//cc @madaidan

Serial console for VirtualBox is now fully functional and documented! See:

Recovery - Kicksecure

Thanks to @nurmagoz for inspriaration!

1 Like
1 Like

I can’t see any except probably making it easier for malware on the host to silently access the VM which is not part of the threat model.

2 Likes

Whonix VirtualBox:

  • breaks recovery console (15.0.0.4.9 + stable upgrade = broken recovery mode)
  • spams systemd journal
serial-getty@ttyS0.service: Succeeded.
serial-getty@ttyS0.service: Service RestartSec=100ms expired, scheduling restart.
serial-getty@ttyS0.service: Scheduled restart job, restart counter is at 625.
Stopped Serial Getty on ttyS0.
Started Serial Getty on ttyS0.
/dev/ttyS0: not a tty
serial-getty@ttyS0.service: Succeeded.
serial-getty@ttyS0.service: Service RestartSec=100ms expired, scheduling restart.
serial-getty@ttyS0.service: Scheduled restart job, restart counter is at 626.
Stopped Serial Getty on ttyS0.
Started Serial Getty on ttyS0.
/dev/ttyS0: not a tty

Adding a virtual disconnected serial console does not help either. That makes grub boot menu invisible, super long no console output visible, ultra slow boot.

1 Like
2 Likes

Upstream might have fixed this.Related changelog entry:

https://www.virtualbox.org/wiki/Changelog-6.1#v6

  • Serial port: Improve error handling and fix hang when host port disappears
sudo journalctl -u serial-getty@ttyS0.service

if serial-console-enable is installed, which results in kernel parameter console=ttyS0 being set, but no (virtual) serial console has been added, this results in errors in journal.

Jan 03 05:34:22 localhost systemd[1]: Started serial-getty@ttyS0.service - Serial Getty on ttyS0.
Jan 03 05:34:22 localhost (agetty)[1431]: serial-getty@ttyS0.service: Failed to set up standard input: Input/output error
Jan 03 05:34:22 localhost (agetty)[1431]: serial-getty@ttyS0.service: Failed at step STDIN spawning /sbin/agetty: Input/output error
Jan 03 05:34:22 localhost systemd[1]: serial-getty@ttyS0.service: Deactivated successfully.
Jan 03 05:34:22 localhost systemd[1]: serial-getty@ttyS0.service: Scheduled restart job, restart counter is at 5.
Jan 03 05:34:22 localhost systemd[1]: Stopped serial-getty@ttyS0.service - Serial Getty on ttyS0.

Therefore serial-console-enable should probably not be installed by default.

Unless VMs had a serial console by default but I haven’t researched yet if that would increase the attack surface.