diff --git a/attestation-agent/attestation-agent/src/config/aa_kbc_params.rs b/attestation-agent/attestation-agent/src/config/aa_kbc_params.rs
index c1fcd3808..64fe57b7a 100644
--- a/attestation-agent/attestation-agent/src/config/aa_kbc_params.rs
+++ b/attestation-agent/attestation-agent/src/config/aa_kbc_params.rs
@@ -19,6 +19,8 @@ pub enum ParamError {
     Io(#[from] std::io::Error),
     #[error("no `agent.aa_kbc_params` provided in kernel commandline")]
     MissingInCmdline,
+    #[error("`aa_kbc_params` not configured correctly")]
+    NotProvided,
 }
 
 pub struct AaKbcParams {
@@ -56,19 +58,24 @@ impl TryFrom<String> for AaKbcParams {
 }
 
 async fn get_value() -> Result<String, ParamError> {
-    // first check env
+    // first check kernel cmdline
+    if let Ok(params) = from_cmdline().await {
+        debug!("get aa_kbc_params from kernel cmdline");
+        return Ok(params);
+    }
+
+    // second check env
     if let Ok(params) = env::var("AA_KBC_PARAMS") {
         debug!("get aa_kbc_params from env.");
         return Ok(params);
     }
 
-    // second check whether we are in a peer pod
+    // third check whether we are in a peer pod
     if Path::new(PEER_POD_CONFIG_PATH).exists() {
         return from_config_file().await;
     }
 
-    // finally use the kernel cmdline
-    from_cmdline().await
+    Err(ParamError::NotProvided)
 }
 
 pub async fn get_params() -> Result<AaKbcParams, ParamError> {
@@ -99,7 +106,6 @@ async fn from_config_file() -> Result<String, ParamError> {
 }
 
 async fn from_cmdline() -> Result<String, ParamError> {
-    debug!("get aa_kbc_params from kernel cmdline");
     let cmdline = fs::read_to_string("/proc/cmdline").await?;
     let value = cmdline
         .split_ascii_whitespace()