Re: [libvirt PATCH 02/12] tools: support validating SEV firmware boot measurements

On Sun, Oct 16, 2022 at 02:54:47PM -0400, Cole Robinson wrote: > On 10/7/22 7:42 AM, Daniel P. Berrangé wrote: >> The virt-qemu-sev-validate program will compare a reported SEV/SEV-ES >> domain launch measurement, to a computed launch measurement. This >> determines whether the domain has been tampered with during launch. >> >> This initial implementation requires all inputs to be provided >> explicitly, and as such can run completely offline, without any >> connection to libvirt. >> >> The tool is placed in the libvirt-client-qemu sub-RPM since it is >> specific to the QEMU driver. >> >> Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com&gt; > >> + try: >> + check_usage(args) >> + >> + attest(args) >> + >> + sys.exit(0) >> + except AttestationFailedException as e: >> + if not args.quiet: >> + print("ERROR: %s" % e, file=sys.stderr) >> + sys.exit(1) >> + except UnsupportedUsageException as e: >> + if not args.quiet: >> + print("ERROR: %s" % e, file=sys.stderr) >> + sys.exit(2) >> + except Exception as e: >> + if args.debug: >> + traceback.print_tb(e.__traceback__) >> + if not args.quiet: >> + print("ERROR: %s" % e, file=sys.stderr) >> + sys.exit(3) > > This only tracebacks on --debug for an unexpected error. I think it's > more useful to have --debug always print backtrace. It helped me > debugging usage of the script Ok, I can do that. Do you recall what sort of problems required you to be looking at the debug output ? Wondering if there's anything we can do to make it more foolproof for less knowledgable users ?