On a Wednesday in 2022, Daniel P. Berrangé wrote:
Accept information about a connection to libvirt and a guest on the command line. Talk to libvirt to obtain the running guest state and automatically detect as much configuration as possible. It will refuse to use a libvirt connection that is thought to be local to the current machine, as running this tool on the hypervisor itself is not considered secure. This can be overridden using the --insecure flag. When querying the guest, it will also analyse the XML configuration in an attempt to detect any options that are liable to be mistakes. For example the NVRAM being measured should not have a persistent varstore. Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> --- docs/manpages/virt-qemu-sev-validate.rst | 111 +++++++++++- tools/virt-qemu-sev-validate | 207 +++++++++++++++++++++-- 2 files changed, 304 insertions(+), 14 deletions(-) diff --git a/docs/manpages/virt-qemu-sev-validate.rst b/docs/manpages/virt-qemu-sev-validate.rst index 36de9becfd..ec875028cf 100644 --- a/docs/manpages/virt-qemu-sev-validate.rst +++ b/docs/manpages/virt-qemu-sev-validate.rst
+Libvirt options +--------------- + +These options are used when connecting to libvirt to automatically obtain +state and configuration information about the domain to be attested. + +``-c``, ``--connect URI`` + +Libvirt connection URI. For the validation to be trustworthy this must be a URI +resolving to a remote virtualization host. This requirement can be overridden +using the ``--insecure`` argument
Missing period at the end of the sentence.
+ +``-o``, ``--domain ID|NAME|UUID`` + +Domain ID, or domain name or domain UUID. Used to identify which libvirt domain +is to have its launch measured. The domain must be running, and would usually +have been started in a paused state, to allow validation to be performed before +guest CPUs begin execution. +
Reviewed-by: Ján Tomko <jtomko@xxxxxxxxxx> Jano
