On Sun, Oct 16, 2022 at 02:54:47PM -0400, Cole Robinson wrote:
> On 10/7/22 7:42 AM, Daniel P. Berrangé wrote:
> > The virt-qemu-sev-validate program will compare a reported SEV/SEV-ES
> > domain launch measurement, to a computed launch measurement. This
> > determines whether the domain has been tampered with during launch.
> >
> > This initial implementation requires all inputs to be provided
> > explicitly, and as such can run completely offline, without any
> > connection to libvirt.
> >
> > The tool is placed in the libvirt-client-qemu sub-RPM since it is
> > specific to the QEMU driver.
> >
> > Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
>
> > + try:
> > + check_usage(args)
> > +
> > + attest(args)
> > +
> > + sys.exit(0)
> > + except AttestationFailedException as e:
> > + if not args.quiet:
> > + print("ERROR: %s" % e, file=sys.stderr)
> > + sys.exit(1)
> > + except UnsupportedUsageException as e:
> > + if not args.quiet:
> > + print("ERROR: %s" % e, file=sys.stderr)
> > + sys.exit(2)
> > + except Exception as e:
> > + if args.debug:
> > + traceback.print_tb(e.__traceback__)
> > + if not args.quiet:
> > + print("ERROR: %s" % e, file=sys.stderr)
> > + sys.exit(3)
>
> This only tracebacks on --debug for an unexpected error. I think it's
> more useful to have --debug always print backtrace. It helped me
> debugging usage of the script
Ok, I can do that.
Do you recall what sort of problems required you to be looking at
the debug output ? Wondering if there's anything we can do to make
it more foolproof for less knowledgable users ?
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
