Bug 2172347
Summary: | 3 minor issues related to virt-qemu-sev-validate command | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 9 | Reporter: | Luyao Huang <lhuang> | |
Component: | libvirt | Assignee: | Daniel Berrangé <berrange> | |
libvirt sub component: | CLI & API | QA Contact: | Luyao Huang <lhuang> | |
Status: | CLOSED ERRATA | Docs Contact: | ||
Severity: | medium | |||
Priority: | medium | CC: | berrange, jdenemar, lmen, pvlasin, virt-maint, ymankad | |
Version: | 9.2 | Keywords: | Triaged | |
Target Milestone: | rc | |||
Target Release: | --- | |||
Hardware: | x86_64 | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | libvirt-9.0.0-8.el9_2 | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 2176917 (view as bug list) | Environment: | ||
Last Closed: | 2023-05-09 07:27:59 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 2176917 |
Description
Luyao Huang
2023-02-22 03:39:45 UTC
Patches were posted upstream: https://listman.redhat.com/archives/libvir-list/2023-February/238038.html I noticed there is one mistake in manpages of virt-qemu-sev-validate: # man virt-qemu-sev-validate |grep disk-password --disk-password passwd.txt \ --disk-password passwd.txt --disk-password passwd.txt # rpm -q libvirt libvirt-9.0.0-8.el9_2.x86_64 Verify this bug with libvirt-9.0.0-8.el9_2.x86_64: 1. # dnf install libvirt-client-qemu-9.0.0-8.el9_2.x86_64.rpm ... Installing: libvirt-client-qemu x86_64 9.0.0-8.el9_2 @commandline 42 k Installing dependencies: python3-cffi x86_64 1.14.5-5.el9 BaseOS 257 k python3-cryptography x86_64 36.0.1-2.el9 BaseOS 1.2 M python3-libvirt x86_64 9.0.0-1.el9 AppStream 341 k python3-lxml x86_64 4.6.5-3.el9 AppStream 1.2 M python3-ply noarch 3.11-14.el9 BaseOS 111 k python3-pycparser noarch 2.20-6.el9 BaseOS 139 k ... # virt-qemu-sev-validate --help usage: virt-qemu-sev-validate [-h] [--debug] [--quiet] [--measurement MEASUREMENT] [--api-major API_MAJOR] [--api-minor API_MINOR] [--build-id BUILD_ID] [--policy POLICY] [--firmware FIRMWARE] [--kernel KERNEL] [--initrd INITRD] [--cmdline CMDLINE] [--num-cpus NUM_CPUS] [--vmsa-cpu0 VMSA_CPU0] [--vmsa-cpu1 VMSA_CPU1] [--cpu-family CPU_FAMILY] [--cpu-model CPU_MODEL] [--cpu-stepping CPU_STEPPING] [--tik TIK] [--tek TEK] [--tk TK] [--connect CONNECT] [--domain DOMAIN] [--insecure] [--ignore-config] [--inject-secret INJECT_SECRET] [--secret-payload SECRET_PAYLOAD] [--secret-header SECRET_HEADER] Validate guest AMD SEV launch measurement ... 2. # man virt-qemu-sev-validate | grep "\--loader" # man virt-qemu-sev-validate | grep "virt-dom-sev-validate" this mistake still exist, --disk-password passwd.txt should be --inject-secret luks-key:passwd.txt. I don't think this small mistake block this bug verification. # man virt-qemu-sev-validate | grep "\--disk-password passwd.txt" --disk-password passwd.txt \ --disk-password passwd.txt --disk-password passwd.txt 3. # cat /usr/share/doc/libvirt-docs/html/kbase/launch_security_sev.html |grep -a6 "\--firmware" <pre class="literal-block">$ virt-qemu-sev-validate \ --measurement LMnv8i8N2QejezMPkscShF0cyPYCslgUoCxGWRqQuyt0Q0aUjVkH/T6NcmkwZkWp \ --api-major 0 \ --api-minor 24 \ --build-id 15 \ --policy 3 \ --firmware /path/to/OVMF.sev.fd \ --tik ${myvmname}_tik.bin \ --tek ${myvmname}_tek.bin OK: Looks good to me</pre> <p>The <a class="reference external" href="../manpages/virt-qemu-sev-validate.html">man page</a> for <span class="docutils literal"><span class="pre">virt-qemu-sev-validate</span></span> outlines a great many other ways to invoke this tool.</p> Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (libvirt bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:2171 |