On 10/7/22 7:42 AM, Daniel P. Berrangé wrote:
The virt-qemu-sev-validate program will compare a reported SEV/SEV-ES domain launch measurement, to a computed launch measurement. This determines whether the domain has been tampered with during launch.
This initial implementation requires all inputs to be provided explicitly, and as such can run completely offline, without any connection to libvirt.
The tool is placed in the libvirt-client-qemu sub-RPM since it is specific to the QEMU driver.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+ try: + check_usage(args) + + attest(args) + + sys.exit(0) + except AttestationFailedException as e: + if not args.quiet: + print("ERROR: %s" % e, file=sys.stderr) + sys.exit(1) + except UnsupportedUsageException as e: + if not args.quiet: + print("ERROR: %s" % e, file=sys.stderr) + sys.exit(2) + except Exception as e: + if args.debug: + traceback.print_tb(e.__traceback__) + if not args.quiet: + print("ERROR: %s" % e, file=sys.stderr) + sys.exit(3)
This only tracebacks on --debug for an unexpected error. I think it's more useful to have --debug always print backtrace. It helped me debugging usage of the script Thanks, Cole