[libvirt PATCH 02/12] tools: support validating SEV firmware boot measurements

Daniel P. Berrangé berrange at redhat.com
Tue Oct 18 09:15:07 UTC 2022


On Sun, Oct 16, 2022 at 02:54:47PM -0400, Cole Robinson wrote:
> On 10/7/22 7:42 AM, Daniel P. Berrangé wrote:
> > The virt-qemu-sev-validate program will compare a reported SEV/SEV-ES
> > domain launch measurement, to a computed launch measurement. This
> > determines whether the domain has been tampered with during launch.
> > 
> > This initial implementation requires all inputs to be provided
> > explicitly, and as such can run completely offline, without any
> > connection to libvirt.
> > 
> > The tool is placed in the libvirt-client-qemu sub-RPM since it is
> > specific to the QEMU driver.
> > 
> > Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
> 
> > +    try:
> > +        check_usage(args)
> > +
> > +        attest(args)
> > +
> > +        sys.exit(0)
> > +    except AttestationFailedException as e:
> > +        if not args.quiet:
> > +            print("ERROR: %s" % e, file=sys.stderr)
> > +        sys.exit(1)
> > +    except UnsupportedUsageException as e:
> > +        if not args.quiet:
> > +            print("ERROR: %s" % e, file=sys.stderr)
> > +        sys.exit(2)
> > +    except Exception as e:
> > +        if args.debug:
> > +            traceback.print_tb(e.__traceback__)
> > +        if not args.quiet:
> > +            print("ERROR: %s" % e, file=sys.stderr)
> > +        sys.exit(3)
> 
> This only tracebacks on --debug for an unexpected error. I think it's
> more useful to have --debug always print backtrace. It helped me
> debugging usage of the script

Ok, I can do that.

Do you recall what sort of problems required you to be looking at
the debug output ?  Wondering if there's anything we can do to make
it more foolproof for less knowledgable users ?

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|


More information about the libvir-list mailing list