[libvirt PATCH 02/12] tools: support validating SEV firmware boot measurements
Cole Robinson
crobinso at redhat.com
Sun Oct 16 18:54:47 UTC 2022
On 10/7/22 7:42 AM, Daniel P. Berrangé wrote:
> The virt-qemu-sev-validate program will compare a reported SEV/SEV-ES
> domain launch measurement, to a computed launch measurement. This
> determines whether the domain has been tampered with during launch.
>
> This initial implementation requires all inputs to be provided
> explicitly, and as such can run completely offline, without any
> connection to libvirt.
>
> The tool is placed in the libvirt-client-qemu sub-RPM since it is
> specific to the QEMU driver.
>
> Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
> + try:
> + check_usage(args)
> +
> + attest(args)
> +
> + sys.exit(0)
> + except AttestationFailedException as e:
> + if not args.quiet:
> + print("ERROR: %s" % e, file=sys.stderr)
> + sys.exit(1)
> + except UnsupportedUsageException as e:
> + if not args.quiet:
> + print("ERROR: %s" % e, file=sys.stderr)
> + sys.exit(2)
> + except Exception as e:
> + if args.debug:
> + traceback.print_tb(e.__traceback__)
> + if not args.quiet:
> + print("ERROR: %s" % e, file=sys.stderr)
> + sys.exit(3)
This only tracebacks on --debug for an unexpected error. I think it's
more useful to have --debug always print backtrace. It helped me
debugging usage of the script
Thanks,
Cole
More information about the libvir-list
mailing list