[libvirt PATCH 0/3] Minor fixes related to AMD SEV
Some minor docs/rpm issues found in testing Daniel P. Berrangé (3): docs: refer to --firmware instead of --loader rpm: add missing deps for the virt-qemu-sev-validate docs/kbase: fix example for SEV validation docs/kbase/launch_security_sev.rst | 13 +++++++------ docs/manpages/virt-qemu-sev-validate.rst | 4 ++-- libvirt.spec.in | 2 ++ 3 files changed, 11 insertions(+), 8 deletions(-) -- 2.39.2
The --loader syntax was left over from an earlier version of the code before it was renamed to --firmware. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- docs/manpages/virt-qemu-sev-validate.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/manpages/virt-qemu-sev-validate.rst b/docs/manpages/virt-qemu-sev-validate.rst index 9eff387aea..b1392e0a50 100644 --- a/docs/manpages/virt-qemu-sev-validate.rst +++ b/docs/manpages/virt-qemu-sev-validate.rst @@ -309,7 +309,7 @@ inject a disk password on success: :: # virt-qemu-sev-validate \ - --loader OVMF.sev.fd \ + --firmware OVMF.sev.fd \ --tk this-guest-tk.bin \ --measurement Zs2pf19ubFSafpZ2WKkwquXvACx9Wt/BV+eJwQ/taO8jhyIj/F8swFrybR1fZ2ID \ --api-major 0 \ @@ -390,7 +390,7 @@ inject a disk password on success: # virt-qemu-sev-validate \ --connect qemu+ssh://root@some.remote.host/system \ - --loader OVMF.sev.fd \ + --firmware OVMF.sev.fd \ --tk this-guest-tk.bin \ --domain fedora34x86_64 \ --disk-password passwd.txt -- 2.39.2
The RPM automatic deps generator for python does not pick these up Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- libvirt.spec.in | 2 ++ 1 file changed, 2 insertions(+) diff --git a/libvirt.spec.in b/libvirt.spec.in index e795b98d48..e62534c31d 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -961,6 +961,8 @@ capabilities of recent versions of Linux (and other OSes). Summary: Additional client side utilities for QEMU Requires: libvirt-libs = %{version}-%{release} Requires: python3-libvirt >= 3.7.0 +Requires: python3-cryptography +Requires: python3-lxml %description client-qemu The additional client binaries are used to interact -- 2.39.2
The offline validation example needs to include the firmware path, and is also missing line continuation markers. Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> --- docs/kbase/launch_security_sev.rst | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/docs/kbase/launch_security_sev.rst b/docs/kbase/launch_security_sev.rst index 7f692af748..f3c8695f73 100644 --- a/docs/kbase/launch_security_sev.rst +++ b/docs/kbase/launch_security_sev.rst @@ -465,12 +465,13 @@ scope of this document. Fortunately, libvirt provides a tool that can be used to perform this validation:: $ virt-qemu-sev-validate \ - --measurement LMnv8i8N2QejezMPkscShF0cyPYCslgUoCxGWRqQuyt0Q0aUjVkH/T6NcmkwZkWp - --api-major 0 - --api-minor 24 - --build-id 15 - --policy 3 - --tik ${myvmname}_tik.bin + --measurement LMnv8i8N2QejezMPkscShF0cyPYCslgUoCxGWRqQuyt0Q0aUjVkH/T6NcmkwZkWp \ + --api-major 0 \ + --api-minor 24 \ + --build-id 15 \ + --policy 3 \ + --firmware /path/to/OVMF.sev.fd \ + --tik ${myvmname}_tik.bin \ --tek ${myvmname}_tek.bin OK: Looks good to me -- 2.39.2
On a Tuesday in 2023, Daniel P. Berrangé wrote:
Some minor docs/rpm issues found in testing
Daniel P. Berrangé (3): docs: refer to --firmware instead of --loader rpm: add missing deps for the virt-qemu-sev-validate docs/kbase: fix example for SEV validation
docs/kbase/launch_security_sev.rst | 13 +++++++------ docs/manpages/virt-qemu-sev-validate.rst | 4 ++-- libvirt.spec.in | 2 ++ 3 files changed, 11 insertions(+), 8 deletions(-)
Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
participants (2)
-
Daniel P. Berrangé -
Ján Tomko