- Upstream bug fixes (bsc#1027942)

b8a77805-domain-cpu-Clear-migratable-when-changing-to-custom-cpu.patch 0d84bcfb-cli-Add-iothreadids-attributes-thread_pool_min-and-thread_pool_max.patch 90e13549-Fix-build-with-setuptools-61+.patch 424283ad-launch_security-Use-SEV-ES-policy-0x07-if-host-supports-it.patch - Modified virtman-add-sev-memory-support.patch - Renamed upstream patches virtman-pr381-setuptools-61.patch to 46dc0616-setup-add-bits-for-setuptools-61.patch virtman-34662fe-argcomplete.patch to 34662fec-tests-Fix-with-latest-argcomplete.patch OBS-URL: https://build.opensuse.org/package/show/Virtualization/virt-manager?expand=0&rev=571
2022-08-04 19:46:46 +00:00 · 2022-08-04 19:46:46 +00:00 · faf078ceda
commit faf078ceda
parent 63596521d0
13 changed files with 329 additions and 53 deletions
--- a/0d84bcfb-cli-Add-iothreadids-attributes-thread_pool_min-and-thread_pool_max.patch
+++ b/0d84bcfb-cli-Add-iothreadids-attributes-thread_pool_min-and-thread_pool_max.patch
@ -0,0 +1,68 @@
+Subject: cli: Add iothreadids attributes thread_pool_min and thread_pool_max
+From: Lin Ma lma@suse.com Fri Jul 29 19:16:05 2022 +0800
+Date: Mon Aug 1 11:32:23 2022 -0400:
+Git: 0d84bcfbfa2aa08396e836cb37fd0df167a6f6a4
+
+These two optional attributes allow setting lower and upper boundary for
+number of worker threads for given IOThread. For example:
+
+--iothreads iothreads=2,\
+iothreadids.iothread0.id=1,\
+iothreadids.iothread1.id=2,\
+iothreadids.iothread1.thread_pool_min=8,\
+iothreadids.iothread1.thread_pool_max=16
+
+Signed-off-by: Lin Ma <lma@suse.com>
+
+--- a/tests/data/cli/compare/virt-install-many-devices.xml
+++ b/tests/data/cli/compare/virt-install-many-devices.xml
+@@ -12,7 +12,7 @@
+   <iothreads>5</iothreads>
+   <iothreadids>
+     <iothread id="1"/>
+-    <iothread id="2"/>
+    <iothread id="2" thread_pool_min="8" thread_pool_max="16"/>
+   </iothreadids>
+   <memory>65536</memory>
+   <currentMemory>65536</currentMemory>
+--- a/tests/test_cli.py
+++ b/tests/test_cli.py
+@@ -540,7 +540,7 @@ memorytune0.vcpus=0-3,memorytune0.node0.
+ --memorybacking size=1,unit='G',nodeset=0,1,nosharepages=yes,locked=yes,discard=yes,allocation.mode=immediate,access_mode=shared,source_type=file,hugepages.page.size=12,hugepages.page1.size=1234,hugepages.page1.unit=MB,hugepages.page1.nodeset=2
+ 
+ 
+---iothreads iothreads=5,iothreadids.iothread1.id=1,iothreadids.iothread2.id=2
+--iothreads iothreads=5,iothreadids.iothread0.id=1,iothreadids.iothread1.id=2,iothreadids.iothread1.thread_pool_min=8,iothreadids.iothread1.thread_pool_max=16
+ 
+ 
+ --metadata title=my-title,description=my-description,uuid=00000000-1111-2222-3333-444444444444,genid=e9392370-2917-565e-692b-d057f46512d6,genid_enable=yes
+--- a/virtinst/cli.py
+++ b/virtinst/cli.py
+@@ -2612,7 +2612,11 @@ class ParserIOThreads(VirtCLIParser):
+         # Options for IOThreads config
+         cls.add_arg("iothreads", "iothreads")
+         cls.add_arg("iothreadids.iothread[0-9]*.id", "id",
+-                find_inst_cb=cls.iothreads_find_inst_cb)
+                    find_inst_cb=cls.iothreads_find_inst_cb)
+        cls.add_arg("iothreadids.iothread[0-9]*.thread_pool_min",
+                    "thread_pool_min", find_inst_cb=cls.iothreads_find_inst_cb)
+        cls.add_arg("iothreadids.iothread[0-9]*.thread_pool_max",
+                    "thread_pool_max", find_inst_cb=cls.iothreads_find_inst_cb)
+ 
+ 
+ ###################
+--- a/virtinst/guest.py
+++ b/virtinst/guest.py
+@@ -67,9 +67,11 @@ class _DomainDevices(XMLBuilder):
+ 
+ class _IOThreadID(XMLBuilder):
+     XML_NAME = "iothread"
+-    _XML_PROP_ORDER = ["id"]
+    _XML_PROP_ORDER = ["id", "thread_pool_min", "thread_pool_max"]
+ 
+     id = XMLProperty("./@id", is_int=True)
+    thread_pool_min = XMLProperty("./@thread_pool_min", is_int=True)
+    thread_pool_max = XMLProperty("./@thread_pool_max", is_int=True)
+ 
+ 
+ class Guest(XMLBuilder):
--- a/34662fec-tests-Fix-with-latest-argcomplete.patch
+++ b/34662fec-tests-Fix-with-latest-argcomplete.patch
@ -1,15 +1,12 @@
-From 34662fecc9535c7d8d0a8e7d42fafa4b9e005c89 Mon Sep 17 00:00:00 2001
-From: Cole Robinson <crobinso@redhat.com>
-Date: Mon, 13 Jun 2022 12:55:31 -0400
-Subject: [PATCH] tests: Fix with latest argcomplete
+Subject: tests: Fix with latest argcomplete
+From: Cole Robinson crobinso@redhat.com Mon Jun 13 12:55:31 2022 -0400
+Date: Mon Jun 13 13:20:01 2022 -0400:
+Git: 34662fecc9535c7d8d0a8e7d42fafa4b9e005c89

 Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
- virtinst/cli.py | 12 ++++++++++--
- 1 file changed, 10 insertions(+), 2 deletions(-)

 diff --git a/virtinst/cli.py b/virtinst/cli.py
-index 52be9f298..c42fc0f0a 100644
+index 52be9f29..c42fc0f0 100644
 --- a/virtinst/cli.py
 +++ b/virtinst/cli.py
@@ -552,7 +552,15 @@ def autocomplete(parser):
@ -29,7 +26,7 @@ index 52be9f298..c42fc0f0a 100644
         kwargs["exit_method"] = sys.exit
 
     # This fdopen hackery is to avoid argcomplete debug_stream behavior
-@@ -568,7 +576,7 @@ def fake_fdopen_cb(*args, **kwargs):
+@@ -568,7 +576,7 @@ def autocomplete(parser):
             argcomplete.autocomplete(parser, **kwargs)
         except SystemExit:
             if xmlutil.in_testsuite():
--- a/424283ad-launch_security-Use-SEV-ES-policy-0x07-if-host-supports-it.patch
+++ b/424283ad-launch_security-Use-SEV-ES-policy-0x07-if-host-supports-it.patch
@ -0,0 +1,158 @@
+Subject: launch_security: Use SEV-ES policy=0x07 if host supports it
+From: Charles Arnold carnold@suse.com Wed Aug 3 08:47:02 2022 -0400
+Date: Wed Aug 3 08:47:35 2022 -0400:
+Git: 424283ad1db9c4da519fac698486967e6b6557b0
+
+
+--- /dev/null
+++ b/tests/data/cli/compare/virt-install-amd-sev.xml
+@@ -0,0 +1,89 @@
+<domain type="kvm">
+  <name>linux2020</name>
+  <uuid>00000000-1111-2222-3333-444444444444</uuid>
+  <metadata>
+    <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
+      <libosinfo:os id="http://libosinfo.org/linux/2020"/>
+    </libosinfo:libosinfo>
+  </metadata>
+  <memory>65536</memory>
+  <currentMemory>65536</currentMemory>
+  <vcpu>2</vcpu>
+  <os>
+    <type arch="x86_64" machine="q35">hvm</type>
+    <loader readonly="yes" type="pflash">/usr/share/OVMF/OVMF_CODE.fd</loader>
+    <boot dev="hd"/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <vmport state="off"/>
+  </features>
+  <cpu mode="host-passthrough"/>
+  <clock offset="utc">
+    <timer name="rtc" tickpolicy="catchup"/>
+    <timer name="pit" tickpolicy="delay"/>
+    <timer name="hpet" present="no"/>
+  </clock>
+  <pm>
+    <suspend-to-mem enabled="no"/>
+    <suspend-to-disk enabled="no"/>
+  </pm>
+  <devices>
+    <emulator>/usr/bin/qemu-system-x86_64</emulator>
+    <disk type="file" device="disk">
+      <driver name="qemu" type="qcow2" discard="unmap"/>
+      <source file="/var/lib/libvirt/images/linux2020.qcow2"/>
+      <target dev="vda" bus="virtio"/>
+    </disk>
+    <controller type="usb" model="qemu-xhci" ports="15"/>
+    <controller type="pci" model="pcie-root"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <controller type="pci" model="pcie-root-port"/>
+    <interface type="bridge">
+      <source bridge="testsuitebr0"/>
+      <mac address="00:11:22:33:44:55"/>
+      <model type="virtio"/>
+    </interface>
+    <console type="pty"/>
+    <channel type="unix">
+      <source mode="bind"/>
+      <target type="virtio" name="org.qemu.guest_agent.0"/>
+    </channel>
+    <channel type="spicevmc">
+      <target type="virtio" name="com.redhat.spice.0"/>
+    </channel>
+    <input type="tablet" bus="usb"/>
+    <tpm model="tpm-crb">
+      <backend type="emulator"/>
+    </tpm>
+    <graphics type="spice" port="-1" tlsPort="-1" autoport="yes">
+      <image compression="off"/>
+    </graphics>
+    <sound model="ich9"/>
+    <video>
+      <model type="virtio"/>
+    </video>
+    <redirdev bus="usb" type="spicevmc"/>
+    <redirdev bus="usb" type="spicevmc"/>
+    <memballoon model="virtio"/>
+    <rng model="virtio">
+      <backend model="random">/dev/urandom</backend>
+    </rng>
+  </devices>
+  <launchSecurity type="sev">
+    <policy>0x07</policy>
+  </launchSecurity>
+</domain>
+--- a/tests/test_cli.py
+++ b/tests/test_cli.py
+@@ -1098,6 +1098,7 @@ c.add_compare("--connect " + utils.URIs.
+ c.add_compare("--connect %(URI-KVM-X86)s --os-variant fedora26 --graphics spice --controller usb,model=none", "graphics-usb-disable")
+ c.add_compare("--osinfo generic --boot uefi --disk size=1", "boot-uefi")
+ c.add_compare("--osinfo generic --boot uefi --disk size=1 --tpm none --connect " + utils.URIs.kvm_x86_oldfirmware, "boot-uefi-oldcaps")
+c.add_compare("--osinfo linux2020 --boot uefi --launchSecurity sev --connect " + utils.URIs.kvm_amd_sev, "amd-sev")
+ 
+ c.add_invalid("--disk none --location nfs:example.com/fake --nonetworks", grep="NFS URL installs are no longer supported")
+ c.add_invalid("--disk none --boot network --machine foobar", grep="domain type None with machine 'foobar'")
+--- a/virtinst/domain/launch_security.py
+++ b/virtinst/domain/launch_security.py
+@@ -22,13 +22,15 @@ class DomainLaunchSecurity(XMLBuilder):
+         if not guest.os.is_q35() or not guest.is_uefi():
+             raise RuntimeError(_("SEV launch security requires a Q35 UEFI machine"))
+ 
+-        # 'policy' is a mandatory 4-byte argument for the SEV firmware,
+-        # if missing, let's use 0x03 which, according to the table at
+-        # https://libvirt.org/formatdomain.html#launchSecurity:
+-        # (bit 0) - disables the debugging mode
+-        # (bit 1) - disables encryption key sharing across multiple guests
+        # The 'policy' is a mandatory 4-byte argument for the SEV firmware.
+        # If missing, we use 0x03 for the original SEV implementation and
+        # 0x07 for SEV-ES.
+        # Reference: https://libvirt.org/formatdomain.html#launchSecurity
+         if self.policy is None:
+            domcaps = guest.lookup_domcaps()
+             self.policy = "0x03"
+            if domcaps.supports_sev_launch_security(check_es=True):
+                self.policy = "0x07"
+ 
+     def set_defaults(self, guest):
+         if self.type == "sev":
+--- a/virtinst/domcapabilities.py
+++ b/virtinst/domcapabilities.py
+@@ -93,6 +93,7 @@ def _make_capsblock(xml_root_name):
+ class _SEV(XMLBuilder):
+     XML_NAME = "sev"
+     supported = XMLProperty("./@supported", is_yesno=True)
+    maxESGuests = XMLProperty("./maxESGuests")
+ 
+ 
+ #############################
+@@ -390,12 +391,15 @@ class DomainCapabilities(XMLBuilder):
+     # Misc support methods #
+     ########################
+ 
+-    def supports_sev_launch_security(self):
+    def supports_sev_launch_security(self, check_es=False):
+         """
+         Returns False if either libvirt doesn't advertise support for SEV at
+         all (< libvirt-4.5.0) or if it explicitly advertises it as unsupported
+         on the platform
+         """
+        if check_es:
+            return bool(self.features.sev.supported and
+                        self.features.sev.maxESGuests)
+         return bool(self.features.sev.supported)
+ 
+     def supports_video_bochs(self):
--- a/46dc0616-setup-add-bits-for-setuptools-61.patch
+++ b/46dc0616-setup-add-bits-for-setuptools-61.patch
@ -1,7 +1,7 @@
-From c6fc4524d4448259ea85f93f85898b64a4380154 Mon Sep 17 00:00:00 2001
-From: Peter Alfredsen <crabbedhaloablution@icloud.com>
-Date: Tue, 5 Apr 2022 22:04:20 +0200
-Subject: [PATCH] setup: add bits for setuptools-61
+Subject: setup: add bits for setuptools-61
+From: Peter Alfredsen crabbedhaloablution@icloud.com Tue Apr 5 22:04:20 2022 +0200
+Date: Wed Apr 13 08:35:40 2022 -0400:
+Git: 46dc0616308a73d1ce3ccc6d716cf8bbcaac6474

 Quoting https://github.com/pypa/setuptools/issues/3227
 "Setuptools >= 61, intentionally changes the way packages are built in the
@ -15,15 +15,12 @@ Quoting https://github.com/pypa/setuptools/issues/3227

 Bug: https://bugs.gentoo.org/836645
 Signed-off-by: Peter Alfredsen <crabbedhaloablution@icloud.com>
---
- setup.py | 1 +
- 1 file changed, 1 insertion(+)

 diff --git a/setup.py b/setup.py
-index e95acd39f..7e47e7c71 100755
+index e95acd39..7e47e7c7 100755
 --- a/setup.py
 +++ b/setup.py
-@@ -547,4 +547,5 @@ def run(self):
+@@ -547,4 +547,5 @@ setuptools.setup(
     },
 
     distclass=VMMDistribution,
--- a/90e13549-Fix-build-with-setuptools-61+.patch
+++ b/90e13549-Fix-build-with-setuptools-61+.patch
@ -0,0 +1,32 @@
+Subject: Fix build with setuptools 61+
+From: Miro Hrončok miro@hroncok.cz Tue Aug 2 16:39:36 2022 +0200
+Date: Tue Aug 2 12:05:39 2022 -0400:
+Git: 90e13549b4f2dd74b3343a3a28c30f31c20032d5
+
+    + ./setup.py configure --default-hvs qemu,xen,lxc
+    error: Multiple top-level packages discovered in a flat-layout: ['po', 'ui', 'man', 'data', 'virtinst', 'virtManager'].
+    To avoid accidental inclusion of unwanted files or directories,
+    setuptools will not proceed with this build.
+    If you are trying to create a single distribution with multiple packages
+    on purpose, you should not rely on automatic discovery.
+    Instead, consider the following options:
+    1. set up custom discovery (`find` directive with `include` or `exclude`)
+    2. use a `src-layout`
+    3. explicitly set `py_modules` or `packages` with a list of names
+    To find more information, look for "package discovery" on setuptools docs.
+
+Downstream bug report: https://bugzilla.redhat.com/2113754
+diff --git a/setup.py b/setup.py
+index 6a546606..b45d315a 100755
+--- a/setup.py
+++ b/setup.py
+@@ -530,6 +530,9 @@ setuptools.setup(
+             glob.glob("virtinst/install/*.py")),
+     ],
+ 
+    # stop setuptools 61+ thinking we want to include everything automatically
+    py_modules=[],
+
+     cmdclass={
+         'build': my_build,
+         'build_i18n': my_build_i18n,
--- a/b8a77805-domain-cpu-Clear-migratable-when-changing-to-custom-cpu.patch
+++ b/b8a77805-domain-cpu-Clear-migratable-when-changing-to-custom-cpu.patch
@ -0,0 +1,23 @@
+Subject: domain: cpu: Clear 'migratable' when changing to custom cpu
+From: Lin Ma lma@suse.com Wed Jul 20 14:53:32 2022 +0800
+Date: Mon Aug 1 10:11:43 2022 -0400:
+Git: b8a77805b0606191c368f8aaf8254f2569b7278a
+
+Otherwise going host-passthrough -> custom can cause libvirt validation
+error due to libvirt fills the default value(migratable='on') for the
+host-passthrough in domain XML.
+
+Signed-off-by: Lin Ma <lma@suse.com>
+
+diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py
+index e40c5307..5de42b4e 100644
+--- a/virtinst/domain/cpu.py
+++ b/virtinst/domain/cpu.py
+@@ -358,6 +358,7 @@ class DomainCpu(XMLBuilder):
+ 
+     def set_model(self, guest, val):
+         log.debug("setting cpu model %s", val)
+        self.migratable = None
+         if val:
+             self.mode = "custom"
+             if not self.match:
--- a/virt-manager.changes
+++ b/virt-manager.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Wed Aug  3 14:51:34 MDT 2022 - carnold@suse.com
+
+- Upstream bug fixes (bsc#1027942)
+  b8a77805-domain-cpu-Clear-migratable-when-changing-to-custom-cpu.patch
+  0d84bcfb-cli-Add-iothreadids-attributes-thread_pool_min-and-thread_pool_max.patch
+  90e13549-Fix-build-with-setuptools-61+.patch
+  424283ad-launch_security-Use-SEV-ES-policy-0x07-if-host-supports-it.patch
+- Modified virtman-add-sev-memory-support.patch
+- Renamed upstream patches
+  virtman-pr381-setuptools-61.patch to
+    46dc0616-setup-add-bits-for-setuptools-61.patch
+  virtman-34662fe-argcomplete.patch to
+    34662fec-tests-Fix-with-latest-argcomplete.patch
+
 -------------------------------------------------------------------
 Tue Jul 19 10:03:04 UTC 2022 - Ben Greiner <code@bnavigator.de>

--- a/virt-manager.spec
+++ b/virt-manager.spec
@ -43,8 +43,12 @@ Source3:        virt-manager-supportconfig
 # Upstream Patches
 Patch1:         revert-363fca41-virt-install-Require-osinfo-for-non-x86-HVM-case-too.patch
 Patch2:         d51541e1-Fix-UI-rename-with-firmware-efi.patch
-Patch3:         https://github.com/virt-manager/virt-manager/pull/381.patch#/virtman-pr381-setuptools-61.patch
-Patch4:         https://github.com/virt-manager/virt-manager/commit/34662fecc9535c7d8d0a8e7d42fafa4b9e005c89.patch#/virtman-34662fe-argcomplete.patch
+Patch3:         46dc0616-setup-add-bits-for-setuptools-61.patch
+Patch4:         34662fec-tests-Fix-with-latest-argcomplete.patch
+Patch5:         b8a77805-domain-cpu-Clear-migratable-when-changing-to-custom-cpu.patch
+Patch6:         0d84bcfb-cli-Add-iothreadids-attributes-thread_pool_min-and-thread_pool_max.patch
+Patch7:         90e13549-Fix-build-with-setuptools-61+.patch
+Patch8:         424283ad-launch_security-Use-SEV-ES-policy-0x07-if-host-supports-it.patch
 # SUSE Only
 Patch70:        virtman-desktop.patch
 Patch71:        virtman-kvm.patch
--- a/virtinst-add-pvh-support.patch
+++ b/virtinst-add-pvh-support.patch
@ -32,7 +32,7 @@ Index: virt-manager-4.0.0/virtinst/guest.py
 ===================================================================
 --- virt-manager-4.0.0.orig/virtinst/guest.py
 +++ virt-manager-4.0.0/virtinst/guest.py
-@@ -886,7 +886,7 @@ class Guest(XMLBuilder):
+@@ -888,7 +888,7 @@ class Guest(XMLBuilder):
 
         usb_tablet = False
         usb_keyboard = False
--- a/virtinst-s390x-disable-graphics.patch
+++ b/virtinst-s390x-disable-graphics.patch
@ -4,7 +4,7 @@ Index: virt-manager-4.0.0/virtinst/guest.py
 ===================================================================
 --- virt-manager-4.0.0.orig/virtinst/guest.py
 +++ virt-manager-4.0.0/virtinst/guest.py
-@@ -198,7 +198,10 @@ class Guest(XMLBuilder):
+@@ -200,7 +200,10 @@ class Guest(XMLBuilder):
         self.skip_default_channel = False
         self.skip_default_sound = False
         self.skip_default_usbredir = False
@ -16,7 +16,7 @@ Index: virt-manager-4.0.0/virtinst/guest.py
         self.skip_default_rng = False
         self.skip_default_tpm = False
         self.x86_cpu_default = self.cpu.SPECIAL_MODE_APP_DEFAULT
-@@ -347,7 +350,7 @@ class Guest(XMLBuilder):
+@@ -349,7 +352,7 @@ class Guest(XMLBuilder):
         if not os_support:
             return False
 
@ -25,7 +25,7 @@ Index: virt-manager-4.0.0/virtinst/guest.py
             return True
 
         return False  # pragma: no cover
-@@ -933,7 +936,7 @@ class Guest(XMLBuilder):
+@@ -935,7 +938,7 @@ class Guest(XMLBuilder):
         self.add_device(dev)
 
     def _add_default_video_device(self):
--- a/virtinst-set-qemu-emulator.patch
+++ b/virtinst-set-qemu-emulator.patch
@ -5,7 +5,7 @@ Index: virt-manager-4.0.0/virtinst/guest.py
 ===================================================================
 --- virt-manager-4.0.0.orig/virtinst/guest.py
 +++ virt-manager-4.0.0/virtinst/guest.py
-@@ -778,6 +778,10 @@ class Guest(XMLBuilder):
+@@ -780,6 +780,10 @@ class Guest(XMLBuilder):
         self._add_default_tpm()
 
         self.clock.set_defaults(self)
--- a/virtinst-smbios-unsupported-for-xenpv.patch
+++ b/virtinst-smbios-unsupported-for-xenpv.patch
@ -4,7 +4,7 @@ Index: virt-manager-4.0.0/virtinst/guest.py
 ===================================================================
 --- virt-manager-4.0.0.orig/virtinst/guest.py
 +++ virt-manager-4.0.0/virtinst/guest.py
-@@ -687,6 +687,8 @@ class Guest(XMLBuilder):
+@@ -689,6 +689,8 @@ class Guest(XMLBuilder):
             self.type != "kvm"):
             log.warning(  # pragma: no cover
                     "KVM acceleration not available, using '%s'", self.type)
--- a/virtman-add-sev-memory-support.patch
+++ b/virtman-add-sev-memory-support.patch
@ -108,7 +108,7 @@ Index: virt-manager-4.0.0/virtManager/object/domain.py
 +            if sevmem is True:
 +                domcaps = self.get_domain_capabilities()
 +                guest.launchSecurity.type = "sev"
-+                guest.launchSecurity.set_defaults(guest, domcaps.supports_sev_es_launch_security())
+                guest.launchSecurity.set_defaults(guest)
 +                guest.memoryBacking.set_locked(True)
 +                _set_rombar(guest, "off")
 +            else:
@ -147,19 +147,18 @@ Index: virt-manager-4.0.0/virtinst/domcapabilities.py
 ===================================================================
 --- virt-manager-4.0.0.orig/virtinst/domcapabilities.py
 +++ virt-manager-4.0.0/virtinst/domcapabilities.py
-@@ -93,6 +93,10 @@ def _make_capsblock(xml_root_name):
+@@ -93,6 +93,9 @@ def _make_capsblock(xml_root_name):
 class _SEV(XMLBuilder):
     XML_NAME = "sev"
     supported = XMLProperty("./@supported", is_yesno=True)
 +    cbitpos = XMLProperty("./cbitpos")
 +    reducedPhysBits = XMLProperty("./reducedPhysBits")
 +    maxGuests = XMLProperty("./maxGuests")
-+    maxESGuests = XMLProperty("./maxESGuests")
+     maxESGuests = XMLProperty("./maxESGuests")
 
 
- #############################
-@@ -398,6 +402,9 @@ class DomainCapabilities(XMLBuilder):
-         """
+@@ -402,6 +405,9 @@ class DomainCapabilities(XMLBuilder):
+                         self.features.sev.maxESGuests)
         return bool(self.features.sev.supported)
 
 +    def supports_sev_es_launch_security(self):
@ -172,14 +171,12 @@ Index: virt-manager-4.0.0/virtinst/domain/launch_security.py
 ===================================================================
 --- virt-manager-4.0.0.orig/virtinst/domain/launch_security.py
 +++ virt-manager-4.0.0/virtinst/domain/launch_security.py
-@@ -18,9 +18,13 @@ class DomainLaunchSecurity(XMLBuilder):
-     dhCert = XMLProperty("./dhCert")
+@@ -19,8 +19,12 @@ class DomainLaunchSecurity(XMLBuilder):
     kernelHashes = XMLProperty("./@kernelHashes", is_yesno=True)
 
-    def _set_defaults_sev(self, guest):
+     def _set_defaults_sev(self, guest):
 -        if not guest.os.is_q35() or not guest.is_uefi():
 -            raise RuntimeError(_("SEV launch security requires a Q35 UEFI machine"))
-+    def _set_defaults_sev(self, guest, sev_es):
 +        if not guest.os.is_q35():
 +            raise RuntimeError(_("SEV launch security requires a Q35 machine"))
 +        # Libvirt will select the appropriate firmware file if not specified
@ -187,23 +184,8 @@ Index: virt-manager-4.0.0/virtinst/domain/launch_security.py
 +        if not guest.is_uefi():
 +            guest.os.firmware = 'efi'
 
-         # 'policy' is a mandatory 4-byte argument for the SEV firmware,
-         # if missing, let's use 0x03 which, according to the table at
-@@ -28,8 +32,11 @@ class DomainLaunchSecurity(XMLBuilder):
-         # (bit 0) - disables the debugging mode
-         # (bit 1) - disables encryption key sharing across multiple guests
-         if self.policy is None:
-            self.policy = "0x03"
-+            if sev_es:
-+                self.policy = "0x07"
-+            else:
-+                self.policy = "0x03"
- 
-    def set_defaults(self, guest):
-+    def set_defaults(self, guest, sev_es=False):
-         if self.type == "sev":
-            return self._set_defaults_sev(guest)
-+            return self._set_defaults_sev(guest, sev_es)
+         # The 'policy' is a mandatory 4-byte argument for the SEV firmware.
+         # If missing, we use 0x03 for the original SEV implementation and
 Index: virt-manager-4.0.0/virtinst/devices/interface.py
 ===================================================================
 --- virt-manager-4.0.0.orig/virtinst/devices/interface.py