On a Wednesday in 2022, Daniel P. Berrangé wrote:
Accept information about a connection to libvirt and a guest on the
command line. Talk to libvirt to obtain the running guest state and
automatically detect as much configuration as possible.
It will refuse to use a libvirt connection that is thought to be local
to the current machine, as running this tool on the hypervisor itself is
not considered secure. This can be overridden using the --insecure flag.
When querying the guest, it will also analyse the XML configuration in
an attempt to detect any options that are liable to be mistakes. For
example the NVRAM being measured should not have a persistent varstore.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
docs/manpages/virt-qemu-sev-validate.rst | 111 +++++++++++-
tools/virt-qemu-sev-validate | 207 +++++++++++++++++++++--
2 files changed, 304 insertions(+), 14 deletions(-)
diff --git a/docs/manpages/virt-qemu-sev-validate.rst
b/docs/manpages/virt-qemu-sev-validate.rst
index 36de9becfd..ec875028cf 100644
--- a/docs/manpages/virt-qemu-sev-validate.rst
+++ b/docs/manpages/virt-qemu-sev-validate.rst
+Libvirt options
+---------------
+
+These options are used when connecting to libvirt to automatically obtain
+state and configuration information about the domain to be attested.
+
+``-c``, ``--connect URI``
+
+Libvirt connection URI. For the validation to be trustworthy this must be a URI
+resolving to a remote virtualization host. This requirement can be overridden
+using the ``--insecure`` argument
Missing period at the end of the sentence.
+
+``-o``, ``--domain ID|NAME|UUID``
+
+Domain ID, or domain name or domain UUID. Used to identify which libvirt domain
+is to have its launch measured. The domain must be running, and would usually
+have been started in a paused state, to allow validation to be performed before
+guest CPUs begin execution.
+
Reviewed-by: Ján Tomko <jtomko(a)redhat.com>
Jano