Re: [libvirt PATCH 02/12] tools: support validating SEV firmware boot measurements
On 10/7/22 7:42 AM, Daniel P. Berrangé wrote:
The virt-qemu-sev-validate program will compare a reported
SEV/SEV-ES
domain launch measurement, to a computed launch measurement. This
determines whether the domain has been tampered with during launch.
This initial implementation requires all inputs to be provided
explicitly, and as such can run completely offline, without any
connection to libvirt.
The tool is placed in the libvirt-client-qemu sub-RPM since it is
specific to the QEMU driver.
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
+ try:
+ check_usage(args)
+
+ attest(args)
+
+ sys.exit(0)
+ except AttestationFailedException as e:
+ if not args.quiet:
+ print("ERROR: %s" % e, file=sys.stderr)
+ sys.exit(1)
+ except UnsupportedUsageException as e:
+ if not args.quiet:
+ print("ERROR: %s" % e, file=sys.stderr)
+ sys.exit(2)
+ except Exception as e:
+ if args.debug:
+ traceback.print_tb(e.__traceback__)
+ if not args.quiet:
+ print("ERROR: %s" % e, file=sys.stderr)
+ sys.exit(3)
This only tracebacks on --debug for an unexpected error. I think it's
more useful to have --debug always print backtrace. It helped me
debugging usage of the script
Thanks,
Cole